- Update to 0.3.29
- replace env ruby path with native ruby path during build phase
- Recognize more formats when parsing .curlrc for proxy credentials (bsc#1155027)
- Add rpmlintrc to filter false-positive warning about patch not applied
- Update to 0.3.27
- SUSEConnect now ensures that it writes its configuration when it
  encounters errors. This helps in the situation where SUSEConnect
  announces itself, but fails during a later step. Without the saved
  configuration, a system could have credentials, but be unsure which
  registration proxy they're valid for.
- Update to 0.3.26
  - Extend the YaST API in order to access to the package search
    functionality (jsc#SLE-9109)
- Don't fail de-activation when '-release' package already got removed
- Update to 0.3.25
- Fix cloud_provider detection on AWS large instances (bsc#1160007)
- Update to 0.3.24
- Forbid de-registration for on-demand Public Cloud instances (bsc#1155911)
- 0.3.23
  fix .spec file to correctly apply switch_server_cert_location_to_etc.patch to SLE15SP2+ (bsc#1130864)
- Update to 0.3.22
  switch_server_cert_location_to_etc.patch: add patch to switch server cert path for SLE15.2+ to /etc (bsc#1130864)
- Update to 0.3.21
  Fix error on first activation of packagehub extension (bsc#1124318)
- Update to 0.3.20
- Fix getting the list of installed products when zypper plugins are
  present (bsc#1143635)
- Update to 0.3.19
  - Fix failing on registered system without arguments (bsc#1144020)
- Update to 0.3.18
- Fix base product service removal during de-registration in public clouds (bsc#1136752)
- Update to 0.3.17
  - Don't try to remove a service during migration if a zypper service
    plugin already exists (bsc#1128969)
- Replace --no-ri --no-rdoc with --no-document - these options
  are obsolete since at least ruby 2.1 - and finally removed in
  ruby 2.6
- Only overwrite --bindir on fedora, it will overwrite --buildroot
  (which needs to be combined on newer fedoras)
- Update to 0.3.16
  - Show non-enabled extensions with a remark about availability
- Update to 0.3.15
  - Output information about registration and de-registration progress
- Output proper message when SUSEConnect is called without parameters (bsc#959561)
- Default to https URI when no protocol prefix is provided for --url
- Support transactional-update systems (fate#326482)
- Changed "/openssl"/ recommendation to "/openssl(cli)"/
  on SLE 12 SP3+ and SLE 15+ (bsc#1101470).
- Update to 0.3.14
  - Fix s390 activation fails due to unavailable 'dmidecode' bsc#1112702
- Update to 0.3.13
  - Fix migration targets sorting (bsc#1104183)
- Update to 0.3.12
  - Detect if system is in cloud provider (AWS/Google/Azure)
  - Don't fail when trying to parse an empty body. Fixes bsc#1098220
  - Don't install release packages if they are already present
- Fix .spec file for running SUSEConnect on Fedora28
- Weaken dependencies of rmt-client-setup script to Recommends:
- Enhance error message generation
- Add not supported operation exception to PackageSearch API
- Update to 0.3.11
- Add dependencies needed by the rmt-client-setup script. bsc#1093658
- Prevent the automatic registration of recommended products that
  are not mirrored by the registration proxy.
- Update to 0.3.10
  - Fix rollback mechanism on SLE15 systems (bsc#1089320)
- Update to 0.3.9
  - Enable access to package search via gem
  - Don't try to delete directory of nonexistent service files
- Update to 0.3.8
  - Fix list-extensions to show the full SLE 15 tree (bsc#1064264)
  - Enable automatic activation of recommended extensions/modules
  - Automatically deregister all installed extensions/modules when
    deregistering a system
- Repackage gem
- Remove unnecessary .gz files
- Update to 0.3.7
  - virt-create-rootfs connects to SMT server without breaking (bsc#914297)
- Update to 0.3.6
  - Make target_base_product parameter mandatory.
- Update to 0.3.5
  - Add YaST.system_offline_migrations
- Update to version 0.3.4:
  - Packaging improvements (bsc#964013)
- Update to version 0.3.3:
  - Fix SLE15 build
- Properly refresh zypper services when deactivating a product on SMT (bsc#1047153)
- Update to 0.3.2:
  - Fix --namespace parameter persistence (bsc#1044493)
- Update to 0.3.1:
  - Fix license auto-agree issue (bsc#1037783)
  - Add missing archs to SLE 12 SP3 build target
- Update to 0.3.0:
  - Single product deactivation feature (fate#320572)
- Update to 0.2.43:
  - RPM spec fix for openSUSE:Factory rpmlint compliance (bsc#1028660)
- Update to 0.2.42:
  - Better error message for network request failure (bsc#982630)
  - Fix error message for --product with malformed identifier (bsc#1018190)
  - Fix some errors and formatting in manpages and help output
- Update to 0.2.41:
  - Better error message for --list-extensions on unregistered systems
- Update to 0.2.40:
  - Update man page to include the --list-extensions option (bsc#998583)
- Update to 0.2.39:
  - Fix for bnc#990475: support for aarch64 hardware info
- Update to 0.2.38:
  - Fix for bnc#975484: better error message if SMT is too old
- Update to 0.2.37:
  - Add method to YaST class to get Installer-Updates repositories (fate#319716).
- Update to 0.2.36:
  - Fix for bnc#973851: More flexible exit codes handling in internal zypper calls
- Update to 0.2.35:
  - Fix for bnc#973315: Direct update from <=0.2.27 does not remove /usr/bin symlink
- Update to 0.2.34:
  - Fix for bnc#963996: Do not crash on --list-extensions when connected to SMT
  - Fix for bnc#968245: Do not let zypper attempt to read products from remote locations
- Update to 0.2.33:
  - Re-add SUSEConnect binary to /usr/sbin (bnc#963080)
  - Use `--match-exact` when searching for a product (bnc#952804)
  - Fix fonts on xterm (bnc#957354)
- Update to version 0.2.32: Remove unneeded link in %post which caused a warning (bnc#946183)
- Update to version 0.2.31 (bnc#946183)
  - Drop url-implies-writeconfig.diff; it is included in upstream since commit 2ef5aa
  - Correct RPM group
  - Include SCCcredentials file as a ghost entry
  - Further packaging improvements
- Update to version 0.2.30
  - New packaging spec. One `SUSEConnect` package to rule them all (bnc#951671)
  - Update manpages to match the latest CLI options
- Update to version 0.2.29
  - bnc#954266 Silently ignore malformed lscpu lines instead of failing
- Update to version 0.2.28
  - Properly handle empty repository lists from zypper (bnc#951566)
- Update to version 0.2.27
  - Do not install recommended dependencies when installing the product release package (bnc#945462)
  - Addd --rollback option (fate#319114)
- Update to version 0.2.26
  - zypper migration extremly slow with lot of modules and extensions registered (bnc#945462)
- Update to version 0.2.25
  - Solves Allow registration without system uid (dmidecode fails on qemu system) (bnc#934582)
- bnc#949424 ensure version of SUSEConnect is bumped in order to be
  able to distinct requests from affected YaST version in SCC API
- Update to version 0.2.24
  - Bug 943451 - [Migration] failure when "/zypper search"/ returns empty list
  - Bug 946488 - Synchronization API call returns "/no implicit conversion of Symbol into Integer"/ error
  - Bug 941565 - zypper migration not using --releasever
  - Bug 945462 - zypper migration extremly slow with lot of modules and extensions registered
- Update to version 0.2.23
  - Improve hwinfo detection on physical s390 systems
  - Bug 939293 - [S390] Error: Registration failed. Undefined method 'strip' for nil:NilClass (bnc#939293)
- Update to version 0.2.22
  - Migration rollback (fate#319114)
  - [Migration rollback] zypper migrate: baseproduct mismatch (bnc#941303)
- Update to version 0.2.21
  - Escape parameters of remove and add_repository methods
- Update to version 0.2.20
  - Add find_products method to migration abstraction layer fate#319140
  - Fix add_service method which also creates the credentials files
- Update to version 0.2.19
  - Introduction of migration abstraction layer for migration script
  - Clean up and re-factoring of yast abstraction layer
- Update to version 0.2.18
  - Improve SUSEConnect error messages
  - New --cleanup option (remove old system credentials and all zypper services installed by SUSEConnect)
  - New --namespace option (forward SMT staging environment to proxy registration server)
- Update to version 0.2.17
  - Added migrations endpoint support for Yast
  - Use C locale for all the syscalls (solves output parsing issues in some locales)
  - Stripping UUID from SCC API calls if it is not settable
  - Moved examples from gist to project
- Update to version 0.2.16
  - In case of wrong regcode provide meaningful message back to
    the user (Wrong regcode in that case).
- Update to version 0.2.15
  - Always write config file when --url parameter used (bnc#900689)
- Add patch git-33-d12420cc66e6d26a9dff6c0e86e00de232151c82.patch
  * Avoid semicolon within (t)csh login script on S/390.
- Add patch git-21-0064ecd132c30a939125acbc5b9a1c7bcd180fa0.patch
  * add screen.xterm-256color to DIR_COLORS
- Add patch git-22-f5e90d70d119b6aa12d019947029f9337aec378d.patch
  * check for Packages.db and use this instead of Packages
- Add patch git-23-8f1fe28287466235ade9c62fa5995eba9e642660.patch
  * Rename path() to _path() to avoid using a general name.
- Add patch git-24-2de52ae391e2963eb1913183a6b0530c7e781b55.patch
  * DIR_COLORS add TERM rxvt-unicode-256color (bug#1006973)
- Add patch git-25-287cf7cb851c0636fa46a610015d2d22ad36acea.patch
  * sort TERM entries in etc/DIR_COLORS
- Add patch git-26-0c2f2340cc6ebb51f20b36e550adc517a6b2ae42.patch
  * DIR_COLORS: merge TERM entries with list from (bug#1006973)
- Add patch git-27-abf7927eebbd4d7f47a362d49ae7856520682c49.patch
  * refresh_initrd call modprobe as /sbin/modprobe (bug#1011548)
- Add patch git-28-3351bcc9613ba022503103e7e4ffd01e7bd8e0fd.patch
  * etc/profile add some missing ;; in case esac statements
- Add patch git-29-5220a5f6ba250503ccda326e65ca069d245a5ebe.patch
  * profile and csh.login: on s390x set TERM to dumb on serial console
    for sclp_line0 and ttyS0 console (bug#1153946)
- Add patch git-30-b9dd70f33a124556f16dbbafc89585a82218ad61.patch
  * backup-rpmdb: exit if is there and running
- Add patch git-31-52dc403d54f2c926ee5cc892d1a8a830a45d7412.patch
  * also add color alias for ip command, jira#sle-9880, bsc#1153943
- Add patch git-32-0ee79834ea9ebf6573a7b903f374c21e53a56c14.patch
  * alias.bash check if ip command knows color=auto (jsc#SLE-7679)
- Add patch git-19-1149066a54a372b30b7cbd79cd222e11d96dc984.patch
  * Not all XTerm based emulators do have an terminfo entry (boo#1087982)
- Add patch git-20-6452441f2054b4b290c089ce6269889993b95fc1.patch
  * Better support of Midnight Commander (bsc#1170527)
- Add patch git-16-ed897a1090cafb678f75dbed8802bd671d3c1921.patch
  get_kernel_version: fix for current kernel on s390x (from azouhr)
  (bsc#1151023) (bsc#1139939)
- Add patch git-17-fe967bddbd74af9aba435900878397c0c7ea0b0b.patch
  added "/-h"//"/--help"/ to "/old"/ command (from Bernhard Lang)
- Add patch git-18-bb11f02d5dd940803c08d25b0cfd3650d9de7d41.patch
  change feedback url from to
- Add patch git-15-27e2c6180a45cca63d71ffa5de7b32dec749d2cd.patch
  change rp_filter to 2 to follow the current default (bsc#1160735)
- Add patch git-14-12023f2e8aae5b2ac3a895301945566b9f5eb9c3.patch
  drop dev.cdrom.autoclose = 0 from sysctl config (bsc#1160970)
- Clear broken ghost entry in patch
  which breaks (lib)readline (bsc#1157278)
- Add patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  Use official key binding functions in inputrc
  that is replace up-history with previous-history, down-history with
  next-history and backward-delete-word with backward-kill-word
  (bsc#1084934).  Add some missed key escape sequences for urxvt-unicode
  terminal as well (boo#1007715).
- Add patch git-12-80d14205f913cc67a98c562f988ea700a56c369b.patch
  * service: check if there is a second argument before using it
- Add patch git-11-b20083a930f766939f47dddc66d089c9fee5d38a.patch
  * check if variables can be set before modifying them
    to avoid warnings on login with a restricted shell
- Add patch git-08-9875dffab3ddda0c3e8399f935f059246c961f2a.patch
  * Add s390x compressed kernel support (bsc#1151023)
- Add git-09-c6cd010dd8b6efddd71c30f00a923d8f2537584c.patch
  * Fix LC_NAME and LC_ADDRESS in sh.ssh
- Add patch git-10-43091e644ff54997468a215b891dcaa75173f133.patch
  * fix string test to arithmetic test in /etc/profile.d/
- Add patch git-07-82a17f1689e8957635c8ccaae7c9b3bff7f94d49.patch
  * add sysctl.d/51-network.conf to tighten network security a bit
    see also (boo#1146866) (jira#SLE-9132)
- Add patch git-06-8640f848c6677f1149b9765a8c86135956604007.patch
  * Make systemd detection cgroup oblivious (bsc#1140647)
    systemd can work in three exclusive cgroup modes: legacy, hybrid and
    unified. The mode affects where and what cgroup hierarchies are mounted.
    detect running systemd as systemd itself does it
    (src/libsystemd/sd-daemon/sd-daemon.c, function sd_booted)
- Add patch git-05-ae2a49183ba0ad9dff6b8c1efd4de076bd34ab0f.patch
  * /etc/profile does not work in AppArmor-confined containers
- Add patch git-04-b66cf03e673e84902ce0330f88f84f4fbdc8c9e9.patch
  * Restore old position of ssh/sudo source of profile
    for bug bsc#1118364 but hopefully do not reintroduce
    bug boo#1088524
- Add patch git-03-00d332a443062395957f422c89eaed9d0979ec00.patch
  * update logic for JRE_HOME env variable (bsc#1128246)
- Add patch git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch
  Let bash.bashrc work even for (m)ksh (boo#1104531)
- Add patch git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch
  No error at login if java system directory is empty (bsc#1102310)
- Update to version 84.87+git20180409.04c9dae:
  * In bash.bashrc move ssh/sudo source of profile to avoid removing
    the `is' variable before last use (boo#1088524).
  * Avoid the shell code checker stumble over `function' keys word
    in ls.bash (git#54).
- Use %license (boo#1082318)
- Update to version 84.87+git20180208.8eeab90:
  * Don't call fillup for removed
  * Adjust path for script converting sysctl config
  * For ksh use builtin keyword 'function' to make sure that the
    keyword 'typeset' really set the variable IFS to be local within
    the function _ls.
- Update to version 84.87+git20180205.2d2832f:
  * Move /lib/aaa_base/convert_sysctl to /usr/lib/base-scripts/convert_sysctl
    to cleanup filesystem.
  * Don't create /etc/init.d/{boot.local,after.local,halt.local} in
    aaa_base.pre section.
  * Remove dead code from pre/post install sections.
- Add /var/adm/backup subdirectories to aaa_base-extras, they are
  only needed by this package.
- Update to version 84.87+git20180204.875cba8:
  * Move sysconfig.backup into extra subpackage, where all the
    scripts using it are, too.
  * Create systemd timer for the cron.daily scripts for backup-rpmdb,
    backup-sysconfig and check-battery. Move scripts to
  * Remove If somebody really still has a
    /root/cron.daily.local file, he can move it to /etc/cron.daily.
  * Don't modify data in root's home directory
  * Don't create userdel.local, this isn't in use since many years
- Update to version 84.87+git20180130.ae1f262:
  * Really remove /usr/sbin/Check, obsolete since 8 years
  * Remove ChangeSymlinks, 90% are obsolete, the rest is dangerous
  * Remove 14 year old outdated documentation and dummy scripts for
- Update to version 84.87+git20180130.36ea161:
  * Remove obsolete/outdated manual pages (route.conf.5,init.d.7,
- Cleanup PreReq and move some parts to Requires(post), so that
  we can deinstall them if we no longer need them
- Update to version 84.87+git20171201.65000be:
  * Revert changes on sysconfig language and make lang.(c)sh
    to use sysconfig language as fallback or better use
    locale.conf as default. See discussion in bsc#1069971
    and FATE#319454 as well
- Update to version 84.87+git20171130.974ac5c:
  * Better parsing of sh variable settings in lang.csh
- Update to version 84.87+git20171129.a45b936:
  * Remove RC_* variables from language sysconf template
    (bsc#1069971 as well as FATE#319454)
- Update to version 84.87+git20171128.945b960:
  * lang.(c)sh: catch if ROOT_USES_LANG becomes not set
- Update to version 84.87+git20171128.aa232d3:
  * Add wsl specific code to profile.d/wsl.csh
  * move wsl specific code from profile into profile.d/
  * Remove obsolete "/make package"/
- Update to version 84.87+git20171128.a6752e8:
  * lang.(c)sh: handle locale.conf if sysconfig does not
- lang.(c)sh: handle locale.conf if sysconfig does not provide
  default locale (bsc#1069971, FATE#319454)
- Update to version 84.87+git20171128.17ae554:
  * Check for /proc/version before using it
  * Remove legacy code for /proc/iSeries
  * Move fillup-templates to /usr/share (boo#1069468)
- Fix installation of fillup-templates.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- use TW versioning, 13.2 is misleading
- Update to version 84.87+git20171120.d36b8b1:
  * Fix double sourcing of /etc/bash_completion.d
  * create in /etc/profile.d to set umask in WSL
  * Add support for /usr/bin/fish (boo#1068840)
  * Get mixed use case of service wrapper script straight (bsc#1040613)
- Update to version 13.2+git20170828.8f12a9e:
  * profile: don't override PATH in WSL
  * Remove passwd, group and shadow files. Remove %ghost entry for
    /run/utmp, /var/log/wtmp and /var/log/btmp, systemd is taking
    care of them
  * Remove run/utmp, too.
- Update to version 13.2+git20170814.cc9e34e:
  * Unset id in csh.cshrc instead of profile.csh (bsc#1049577)
  * Restore the is variable within /etc/profile
- Update to version 13.2+git20170731.c10ca77:
  * Fix csh.cshrc as tcsh does not handle stderr
  * Do not set alias cwdcmd for experts (boo#1045889)
  * unset unused variables on profile files (bsc#1049577)
  * Deprecate DEFAULT_WM in sysconfig.windowmanager
- Fix csh.cshrc as tcsh does not handle stderr messages within {}
  well (boo#1044876)
- Fix copy+paste error in /etc/csh.login boo#1043560
- Support changing PS1 even for mksh and user root (bsc#1036895)
- Be aware that on s390/s390x the ttyS0 is misused
- Reset extended screen TERM variables if no terminfo
- Better status line support even for tcsh
- Modernize /etc/ttytype as tset of ncurses use it
- Off application keypad (keyboard transmit) mode
- Missed a meta prefix in new inputrs.keys
- More 8bit key escape control sequences for XTerm
- Do not set INPUTRC as readline does know personal as well as system
  inputrc also make /etc/inputrc do set know sequences for both vi
  line editing modes as well as for emacs line editing mode.
- Do remove patch aaa_base-13.2+git20170308.c0ecf2e.dif not
  only from package but also from spec file
- Update to version 13.2+git20170425.47e703a:
  * Add Enlightenment to the list of windowmanagers
  * Add a number of audio/video formats to be colorized
  * Revert "/Avoid NAT on Bridges. Bridges are L2 devices, really."/
  * aaa_base.pre: drop some system users from aaa_base and create them in the respective packages: bin,daemon,news,uucp,games,man
  * Remove /var/log/faillog, there no application using this left [bsc#980484]
  * Remove users and groups sys, mail, lp, wwwrun, ftp and nobody
- Make lang.csh work again (bsc#1025673)
- Update to version 13.2+git20170306.3deb627:
  * aaa_base.pre: drop some system users from aaa_base and create
    them in the respective packages: bin,daemon,news,uucp,games,man
- Update to version 13.2+git20160915.106a00d:
  * enhance comment for NO_PROXY variable (bsc#990254)
  * Fix spelling of SUSE (skipped copyright statements - they need more thoughts)
  * fix regression introduced by fix for bnc#971567 (bnc#996442)
- Correct logic error in usage of variable restricted (boo#994111)
- enhance comment for NO_PROXY variable (bsc#990254)
- Update to version 13.2+git20160807.7f4c8c4:
  * switch IPv6 privacy extensions (use_tempaddr) back to 1
  * history see bsc#678066,bsc#752842,bsc#988023,bsc#990838
- Do not use the = sign for setenv in /etc/profile.d/lang.csh
- Follow the bash manual page that is respect --norc and --noprofile
- Update to version 13.2+git20160609.bf76b13:
  * Mark scripts /etc/init.d/{boot.,after-,halt.}local as deprecated
-, lang.csh: if GDM_LANG equals system LANG then use system defaults
- Update to version 13.2+git20160530.bd5210c:
  + Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#958295)
  + Remove spurious assignment to unknown variable term from /etc/inputrc
  + chkconfig: return 1 trying to list unknown service (bnc#971567)
  + chckconfig: add --no-systemctl option
  + fix typo in last patch (no-systemctl support for chkconfig)
  +, lang.csh: allow GDM to override locale
  + There is no kde4 anymore
  + Removed '/usr/bin/X11' from PATH (boo #982185)
- fix typo in last patch (no-systemctl support for chkconfig)
- chckconfig: add --no-systemctl option
- chkconfig: return 1 trying to list unknown service (bnc#971567)
- Merge pull request #26 from andreas-schwab/master
- Remove spurious assignment to unknown variable term from /etc/inputrc
- Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#567324)
- Update to version 13.2+git20151221.244f2a3:
  + drop old dns6 hack migration from 2002
  + remove more dropped variables
  + make chkconfig -a/-d work (bsc#926539)
  + avoid recursion if systemd call chkconfig back for sysv units
  + fix non-working line breaks
- make _service generate .changes
- Replace UNICODE double dash with simple ASCII single dash (boo#954909)
- Use the `+' for find's -exec option as this also respects white
  spaces in files names but is more like xargs.  Respect status
  of screen sessions.
- trigger also if only files changed
  that have spaces in their name (bnc#915259)
- sysconf_addword: do not insert spaces at start of string (bnc#932456)
- Merge pull request #19 from super7ramp/cleaning-references-to-suseconfig
  - drop references to sysconfig/suseconfig
  - drop SCANNER_TYPE variable
- Merge pull request #25 from ptesarik/master
- Enable SysRq dump by default
- Revert "/fix /etc/init.d/foo status return code (bnc#931388)"/
- Merge pull request #23 from bmwiedemann/master
- fix /etc/init.d/foo status return code (bnc#931388)
- xdg-environment: reduce list in /opt/* to gnome,kde4,kde3 (bnc#910904)
- add SOCKS5_SERVER and socks_proxy to proxy settings (bnc#928398)
- Simplify version check
- Handle also command lines starting with the env command
  as this is used by gnome xsessions (bsc#921172)
- Correct the boolean in /etc/profile.d/
- Even if GDM has done language setup the personal ~/.i18n should
  be sourced (boo#567324)
- Remove the official patch for fate#314974 as now part of systemd
- Merge pull request #21 from arvidjaar/bnc/907873
- Avoid sourcing /etc/bash_completion.d twice
- Fix spelling of SUSE
- Add the official patch for Fate#314974 (bnc#903009)
- test: Add helper library to fake passwd/group files
- quote: escape literal backslashes (bsc#953659).
- Added patch:
  * 0001-test-Add-helper-library-to-fake-passwd-group-files.patch
  * 0002-quote-escape-literal-backslashes.patch
- refresh acl-2.2.52-tests.patch to work with perl 5.26
- BuildRequires gettext-tools-mini instead of gettext-tools: as
  acl is part of the bootstrap, we want to try to keep the dep
  chain as small as possible.
- Remove --with-pic that's just for static libraries.
- Replace %__-type macro indirections.
  Replace old $RPM_ by their macro equivalents for consistency.
  Make the macro style consistent across the file again.
- reenable full Larg File Support for i586
- Make it possible to disable tests (for Ring0)
- Add BuildRequires: system-user-daemon for the testsuite
- Add BuildRequires for system user bin needed by test suite
- Update to git snapshot dated 21 Sep 2015.
  - Added:
  * 0001-Install-the-libraries-to-the-appropriate-directory.patch
  * 0002-setfacl.1-fix-typo-inclu-de-include.patch
  * 0003-test-fix-insufficient-quoting-of.patch
  * 0005-Bad-markup-in-acl.5-page.patch
  * 0007-Use-autoreconf-rather-than-autoconf-to-regenerate-th.patch
  * 0008-libacl-Make-sure-that-acl_from_text-always-sets-errn.patch
  * 0009-libacl-fix-SIGSEGV-of-getfacl-e-on-overly-long-group.patch
  * 0010-punt-debian-rpm-packaging-logic.patch
  * 0011-move-gettext-logic-into-misc.h.patch
  * 0012-test-make-running-parallel-out-of-tree-safe.patch
  * 0013-modernize-build-system.patch
  * 0014-po-regenerate-files-after-move.patch
  * 0015-build-drop-aclincludedir-use-pkgincludedir.patch
  * 0016-build-make-use-of-an-aux-dir-to-stow-away-helper-scr.patch
  * 0017-build-ship-a-pkgconfig-file-for-libacl.patch
  * 0018-read_acl_-comments-seq-rename-line-to-lineno.patch
  * 0019-read_acl_-comments-seq-switch-to-next_line.patch
  * 0020-telldir-return-value-and-seekdir-second-parameters-a.patch
  * 0021-mark-libmisc-funcs-as-hidden-so-they-are-not-exporte.patch
  * 0022-add-__acl_-prefixes-to-internal-symbols.patch
  * 0023-cp.test-Check-permissions-of-the-right-file.patch
  * 0024-libacl-acl_set_file-Remove-unnecesary-racy-check.patch
  * 0025-fix-compilation-with-latest-xattr-git.patch
  * 0026-getfacl-Fix-memory-leak.patch
  * 0027-Fix-the-display-block-nesting-in-acl.5.patch
  * 0028-setfacl-man-page-Minor-wording-improvements.patch
  * 0029-getfacl-Fix-minor-resource-leak.patch
  * 0030-Do-not-export-symbols-that-are-not-supposed-to-be-ex.patch
  * 0031-walk_tree-mark-internal-variables-as-static.patch
  * 0032-ignore-configure.lineno.patch
- Signficant spec file restructuring due to 0013-modernize-build-system.patch
- removed
- Reduce size of filelist by using wildcards;
  remove %doc (some locations are always %doc),
  remove %attr (files already have proper permissions)
- add acl-2.2.52-tests.patch and enable tests, check section taken
  from Fedora package
- remove gpg-offline calls from bootstrap package
- Update to new upstream release 2.2.52
  * This release fixes a few build system issues that were found and
  merges in a tree walking bug fix.
- Remove acl-fiximplicit.patch (merged upstream),
  config-guess-sub-update.diff (no longer applies)
- Sync baselibs.conf with in-.spec obsoletes/provides.
- add gpg checking
- use source url
- Add config-guess-sub-update.diff:
  update config.guess/sub to latest state for AArch64
- Use OS byteswapping routines, application already Includes
  "/endian.h"/ but then goes ahead defining ad-hoc equivalent
  functionality (0001-Use-OS-byteswapping-macros.patch)
- remove useless automake deps
- patch license to follow standard
- license update: GPL-2.0+;LGPL-2.1+
  SPDX format
- add automake as buildrequire to avoid implicit dependency
- Fix provides/Obsoletes
- Implement shlib package (libacl1)
- Enable libacl-devel on all baselib arches
- upgrade to 2.2.51
  - Test fixes
- upgrade to 2.2.50
  - OPTIONS in man pages should be a section heading, not a subsection heading
  - Fix a typo in the setfacl man page
  - setfacl: Clarify that removing a non-existent acl entry is not an error
  - Prevent setfacl --restore from SIGSEGV on malformed restore file
  - setfacl: make sure that -R only calls stat(2) on symlinks when it needs to
  - libacl: fix potential null pointer dereference
  - setfacl: fix restore crash on malformed input
  - setfacl: print useful error from read_acl_comments
  - setfacl: changing owner and when S_ISUID should be set --restore fix
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- readded incorrectly removed libattr-devel requires in -devel
- fixed implicit strchr() usage.
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.2.48
  - Document the new flags comments
  - Include the S_ISUID, S_ISGID, S_ISVTX flags in the getfacl output, and restore them with "/setfacl --restore=file"/.
  - Make sure that getfacl -R only calls stat(2) on symlinks when it needs to
  - Stop quoting nonprintable characters in the getfacl output
  - Avoid unnecessary but destructive chown calls
  - Clarify license notice
- update to AppArmor 2.13.6
  - fix utils hotkey conflicts in some languages
  - aa-autodep: load abstractions on start (boo#1178527)
  - add usr.lib.dovecot.script-login profile
  - minor additions in abstractions/X and the dovecot profile
  - see
    for the detailed upstream changelog
- drop upstreamed patch libapparmor-so-number.diff
- update to AppArmor 2.13.5
  - add missing permissions to several profiles and abstractions
  - bugfixes in parser and tools
  - see
    for the detailed upstream changelog
- remove upstream(ed) patches
  - changes-since-2.13.4.diff
  - abstractions-X-xauth-mr582.diff
  - sevdb-caps-mr589.diff
  - libvirt-leaseshelper.patch
  - cap_checkpoint_restore.diff
- add libapparmor-so-number.diff to fix libapparmor so version (!658)
- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
- %service_del_postun_without_restart only works for Tumbleweed,
  keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
- Make use of %service_del_postun_without_restart
  And stop using DISABLE_RESTART_ON_UPDATE as this interface is
- libvirt-leaseshelper.patch: add /usr/libexec as a path to the
  libvirt leaseshelper script (jsc#SLE-14253)
- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON
  to severity.db (lp#1890547)
- add abstractions-X-xauth-mr582.diff to allow reading the xauth file
  from its new sddm location (boo#1174290, boo#1174293)
- add changes-since-2.13.4.diff with upstream changes and fixes
  since 2.13.4 up to 5f61bd4c:
  - add several abstractions related to xdg-open:
    dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
    kde-open5, xdg-open
  - introduce @{run} variable
  - update dnsmasq and winbindd profile
  - update mdns, mesa and nameservice abstraction
  - some bugfixes in the aa-* tools, including a remote bugfix in the
    YaST AppArmor module (boo#1171315)
- drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
  - make-4.3-capabilities.diff
  - make-4.3-capabilities-vim.diff
  - make-4.3-fix-utils-network-test.diff
  - make-4.3-network.diff
  - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- apply usr-etc-abstractions-base-nameservice.diff only for
  Tumbleweed, but not for Leap 15.x where it's not needed
- refresh usr-etc-abstractions-base-nameservice.diff
- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- fix build with make 4.3 by backporting some commits from upstream
  master (boo#1167953):
  - make-4.3-capabilities.diff
  - make-4.3-capabilities-vim.diff
  - make-4.3-network.diff
  - make-4.3-fix-utils-network-test.diff
- update to AppArmor 2.13.4
  - several abstraction updates (including boo#1153162)
  - disallow writing to fontconfig cache in abstractions/fonts
  - some bugfixes in the aa-* tools
  - see
    for the detailed upstream changelog
- drop upstreamed patches:
  - abstractions-ssl-certbot-paths.diff
  - apparmor-krb5-conf-d.diff
  - libapparmor-python3.8.diff
  - usr-etc-abstractions-authentification.diff
- refresh usr-etc-abstractions-base-nameservice.diff
- add usr-etc-abstractions-base-nameservice.diff to adjust
  abstractions/base and nameservice for /usr/etc/ (boo#1161756)
- Properly pull in full python3 interpreter
- add libapparmor-python3.8.diff to fix building the libapparmor python
  bindings (deb#943657)
- add usr-etc-abstractions-authentification.diff to allow reading
  /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)
- add abstractions-ssl-certbot-paths.diff - add certbot paths to
  abstractions/ssl_certs and abstractions/ssl_keys
- add apparmor-krb5-conf-d.diff for kerberos client
- update to 2.13.3
  - profile updates for dnsmasq, dovecot, identd, syslog-ng
  - new "/lsb_release"/ profile (only used when using "/Px -> lsb_release"/)
  - fix buggy syntax in tunables/share
  - several abstraction updates
  - parser: fix "/Px -> foo-bar"/ (the "/-"/ was rejected before)
  - several bugfixes in aa-genprof and aa-logprof
  - see
    for the detailed upstream changelog
- drop upstream(ed) patches:
  - apparmor-nameservice-resolv-conf-link.patch
  - profile_filename_cornercase.diff
  - dnsmasq-libvirtd.diff
  - dnsmasq-revert-alternation.diff
  - usrmerge-fixes.diff
  - libapparmor-swig-4.diff
- re-number remaining patches
- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
  4.0 (boo#1135751)
- Disable LTO (boo#1133091).
- update profile for usrMerge (bash and tar) (boo#1132350)
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
  update-alternatives (boo#1127877)
- add dnsmasq-revert-alternation.diff: revert path alternation in
  dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
  breaking libvirtd (boo#1127073)
- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
  to match the newly added libvirtd profile name (boo#1118952#c3)
- Use %license instead of %doc [bsc#1082318]
- add apparmor-lessopen-nfs-workaround.diff: allow network access in for reading files on NFS (workaround for boo#1119937 /
- add profile_filename_cornercase.diff: drop check that lets aa-logprof
  error out in a corner-case (log event for a non-existing profile while
  a profile file with the default filename for that non-existing profile
  exists) (boo#1120472)
- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
  boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
- update to AppArmor 2.13.2
  - add profile names to most profiles
  - update dnsmasq profile (pid file and logfile path) (boo#1111342)
  - add vulkan abstraction
  - add letsencrypt certificate path to abstractions/ssl_*
  - ignore *.orig and *.rej files when loading profiles
  - fix aa-complain etc. to handle named profiles
  - several bugfixes and small profile improvements
  - see
    for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
- update to 2.13.1
  - add qt5 and qt5-compose-cache-write abstractions
  - add @{uid} and @{uids} kernel var placeholders
  - several profile and abstraction updates
  - ignore "/abi"/ rules in parser and tools (instead of erroring out)
  - utils: fix overwriting of child profile flags if they differ from
    the main profile
  - several bugfixes (including boo#1100779)
  - see
    for the detailed upstream changelog
- remove upstream(ed) patches:
  - aa-teardown-path.diff
  - fix-apparmor-systemd-perms.diff
  - logprof-skip-cache-d.diff
  - fix-samba-profiles.patch
  - make-pyflakes-happy.diff
  - dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch
- update rpmlintrc:
  - whitelist .features file which is part of the pre-compiled cache
  - comment out filters for the disabled tomcat_apparmor subpackage
- Backport dnsmasq fix:
  025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch
- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
- add fix-samba-profiles.patch - smbd loads new shared libraries.
  Allow winbindd to access new kerberos credential cache location
- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
- add fix-apparmor-systemd-perms.diff - fix permissions of
  /lib/apparmor/apparmor.systemd (boo#1090545)
- create and package precompiled cache (/usr/share/apparmor/cache,
  read-only) (boo#1069906, boo#1074429)
- change (writeable) cache directory to /var/cache/apparmor/ - with the
  new btrfs layout, the only reason for using /var/lib/apparmor/cache/
  (which was "/it's part of the / subvolume"/) is gone, and /var/cache
  makes more sense for the cache
- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
  cache locations
- clear cache also in %post of abstractions package
- update to AppArmor 2.13
  - add support for multiple cache directories and cache overlays
    (boo#1069906, boo#1074429)
  - add support for conditional includes in policy
  - remove group restrictions from aa-notify (boo#1058787)
  - aa-complain etc.: set flags for profiles represented by a glob
  - aa-status: split profile from exec name
  - several profile and abstraction updates
  - see
    for the detailed upstream changelog
- drop upstreamed patches and files:
  - aa-teardown
  - apparmor.service
  - apparmor.systemd
  - 32-bit-no-uid.diff
  - disable-cache-on-ro-fs.diff
  - dovecot-stats.diff
  - parser-write-cache-warn-only.diff
  - set-flags-for-profiles-represented-by-glob.patch
  - fix-regression-in-set-flags.patch
- drop spec code that handled installing aa-teardown, apparmor.service
  and apparmor.systemd (now part of upstream Makefile)
- simplify "/make -C profiles parser-check"/ call (upstream Makefile bug
  that required to call "/cd"/ was fixed)
- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
- move 'exec' symlink to parser package (belongs to aa-exec)
- Set flags for profiles represented by glob (bsc#1086154)
- add dovecot-stats.diff:
  - add dovecot/stats profile and allow dovecot to run it (boo#1088161)
  - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)
- update 32-bit-no-uid.diff with upstream fix
- Change of path of rpm in (boo#1082956)
- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is
  read-only and don't bail out (bsc#1069906, bsc#1074429)
- add parser-write-cache-warn-only.diff to make cache write failures a
  warning instead of an error (boo#1069906, boo#1074429)
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "/Suggests"/
  to avoid pulling in several Gnome packages on servers (boo#1067477)
- update to AppArmor 2.12
  - add support for 'owner' rules in aa-logprof and aa-genprof
  - add support for includes with absolute path in aa-logprof etc. (lp#1733700)
  - update aa-decode to also decode PROCTITLE (lp#1736841)
  - several profile and abstraction updates, including boo#1069470
  - see
    for the detailed upstream changelog
- drop upstreamed patches:
  - read_inactive_profile-exactly-once.patch
  - utils-fix-sorted-save_profiles-regression.diff
- lessopen profile: change all 'rix' rules to 'mrix'
- add 32-bit-no-uid.diff to fix handling of log events without ouid on
  32 bit systems
- update to AppArmor 2.11.95 aka 2.12 beta1
  - add JSON interface to aa-logprof and aa-genprof (used by YaST)
  - drop old YaST interface code
  - update audio, base and nameservice abstractions
  - allow @{pid} to match 7-digit pids
  - see
    for the detailed upstream changelog
- drop upstreamed patches
  - apparmor-yast-cleanup.patch
  - apparmor-json-support.patch
  - nameservice-libtirpc.diff
- drop obsolete perl modules (YaST no longer needs them)
- drop patches that were only needed by the obsolete perl modules:
  - apparmor-utils-string-split
  - apparmor-abstractions-no-multiline.diff
- drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
- refresh utils-fix-sorted-save_profiles-regression.diff
- add aa-teardown (new script to unload all profiles)
- make ExecStop in apparmor.service a no-op (workaround for a systemd
  restriction, see boo#996520 and boo#853019 for details)
- lessopen profile: allow capability dac_read_search and dac_override,
  allow groff to execute several helpers (boo#1065388)
- read_inactive_profile-exactly-once.patch (bsc#1069346)
  Perform reading of inactive profiles exactly once.
- update to AppArmor 2.11.1
  - add permissions to several profiles and abstractions (including
    lp#1650827 and boo#1057900)
  - several fixes in the aa-* tools (including lp#1689667, lp#1628286,
    lp#1661766 and boo#1062667)
  - fix downgrading/converting of 'unix' rules (will be supported in
    kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
  - see for
    upstream changelog
- remove upstream(ed) patches
  - upstream-changes-r3616..3628.diff
  - upstream-changes-r3629..3648.diff
  - parser-tests-dbus-duplicated-conditionals.diff
  - apparmor-fix-podsyntax.patch
  - sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
  in displaying the "/changed profiles"/ list in aa-logprof
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
- profiles-sockets-temporary-fix.patch to cater to nameservices with the
  new sockets mediation, until unix rules are upstreamed (boo#1061195)
- add apparmor-fix-podsyntax.patch from mailing list to fix
  compilation with perl 5.26
- do not require exact X.Y version of "/python3"/
- require also matching python(abi) which is arguably more important
- don't rely on implementation details for reload in %post
- add JSON support. Required for FATE#323380.
  (apparmor-yast-cleanup.patch, apparmor-json-support.patch)
- add upstream-changes-r3629..3648.diff:
  - preserve unknown profiles when reloading apparmor.service
    (CVE-2017-6507, lp#1668892, boo#1029696)
  - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
  - update nvidia abstraction for newer nvidia drivers
  - don't enforce ordering of dbus rule attributes in utils (lp#1628286)
  - add --parser, --base and --Include option to aa-easyprof to allow
    non-standard paths (useful for tests) (lp#1521031)
  - move initialization code in apparmor.aa to init_aa(). This allows to
    run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
    don't exist.
  - several improvements in the utils tests
- drop upstreamed python3-drop-re-locale.patch
- no longer delete/skip some of the utils tests (to allow this, add
- add var.mount dependeny to apparmor.service (boo#1016259#c34)
- Cleanup spec file:
  - don't use insserv if we afterwards call systemd, this can
    have bad side effects
  - remove dead code
  - remove now obsolete 'distro' checks
- Replace init.d script with new wrapper working with systemd
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE
  flag in Python UI as it was dropped from Python 3.6 (lp#1661766)
- add upstream-changes-r3616..3628.diff:
  - update abstractions/base, abstractions/apache2-common and dovecot profiles
  - merge ask_the_questions() of aa-logprof and aa-mergeprof
  - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)
- split libapparmor into separate spec to get rid of build loop
  involving mariadb, systemd, apparmor, libapr and mariadb again
  (see the discussion in SR 448871 for details)
- update to AppArmor 2.11.0
  - apparmor_parser now supports parallel compiles and loads
  - add full support for dbus, ptrace and signal rules and events to the
  - full rewrite of the file rule handling in the utils
  - lots of improvements and fixes
  - see for the
    detailed changelog
- patches:
  - add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
  - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
  - refresh apparmor-abstractions-no-multiline.diff
  - refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
  - aa-unconfined switched to using ss (from iproute2), adjust Recommends:
  - move libapparmor to /usr/lib*/
  - drop %if %suse_version checks for 12.x
  - change several Obsoletes from %version to < 2.9. Those package names
    weren't used since years, and 2.9 is still a careful choice
  - include apparmor.service independent of %suse_version
  - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
  - drop latex2html, texlive-* and w3m BuildRequires
  - techdoc.txt and techdoc.html not included, drop them from the package
  - run most of utils/ make check (some tests expect /etc/apparmor.d/ and
    /sbin/apparmor_parser to exist, skip them)
  - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
  - drop sed'ing python3 into aa-* shebang (upstreamed)
  - build binutils
  - aa-exec is now written in C and lives in /usr/bin/, move it to the
    apparmor_parser package and create a compability symlink in /usr/sbin/
  - aa-exec manpage moved to section 1
  - aa-enabled is a small new tool to find out if AppArmor is enabled
  - package new aa_stack_profile(2) manpage
- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
  This is part of the root partition (at least with default partitioning)
  and should be available earlier than /var/cache/apparmor/
  (boo#1015249, boo#980081, bsc#1016259)
- add dependency on var-lib.mount to apparmor.service as safety net
- update to AppArmor 2.10.2 maintenance release
  - lots of bugfixes and profile updates (including boo#1000201,
    boo#1009964, boo#1014463)
  - see for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
  in aa-unconfined
- drop upstream(ed) patches:
  - changes-since-2.10.1--r3326..3346.diff
  - changes-since-2.10.1--r3347..3353.diff
  - libapparmor-fix-import-path.diff (upstream fix is slightly different)
  - nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
  abstractions/nameservice (path changed in latest nscd in Tumbleweed)
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and
  fixes in the 2.10 branch, including
  - allow writing *.qf files (for disk-based buffering) in syslog-ng profile
  - add several permissions to the dovecot profiles (deb#835826)
  - add a missing path in the traceroute profile
- add changes-since-2.10.1--r3326..3346.diff with upstream changes and
  fixes since the 2.10.1 release, including
  - allow dac_override in winbindd profile (boo#990006#c5)
  - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
    Samba 4.4.x, boo#990006)
  - abstractions/nameservice: also support ConnMan-managed resolv.conf
  - let aa-genprof ask about profiles in extra dir (again)
  - fix aa-logprof "/add hat"/ endless loop (lp#1538306)
  - honor 'chown' file events in
  - ignore log file events with a request mask of 'send' or 'receive'
    because they are actually network events (lp#1577051, lp#1582374)
  - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
- fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
- refresh apparmor-abstractions-no-multiline.diff
- drop upstreamed profiles-ping-inet6-r3449.diff
- add %check section - runs libapparmor (including swig bindings),
  parser and profiles tests
- add BuildRequires: perl(Locale::gettext) - needed for parser tests
- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
- update to AppArmor 2.10.1 (2.10 branch r3326):
  - fix incorrect output of child profile names (apparmor_parser -N) which
    caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
  - fix a crash in aa-logprof / for change_hat log events
    (lp#1523297) and log events that look like file events, but aren't
    (lp#1540562, lp#1525119, lp#1466812)
  - write unix rules when saving a profile (lp#1522938, boo#954104#c3)
  - several fixes for variable handling in aa-logprof
  - map c (create) log events to w instead of a
  - add python to the "/no Px rule"/ list in logprof.conf
  - let aa-logprof check for duplicate profiles
  - let aa-status work without the python module (boo#971917,
  - add permissions in several profiles (including boo#948584, boo#948753,
    boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
  - and many more fixes, see the full changelog at
- drop upstream(ed) patches:
  - fix-initscript-aa_log_end_msg.diff
  - syslog-ng-profile-boo948584.diff
  - upstream-profile-updates-r3205-3241.diff
- refresh patches:
  - apparmor-abstractions-no-multiline.diff
  - apparmor-samba-include-permissions-for-shares.diff
- drop libapparmor call (broke the build) and remove libtool BR
- add syslog-ng-profile-boo948584.diff - add several permissions needed
  by latest syslog-ng (boo#948584, boo#948753)
- add upstream-profile-updates-r3205-3241.diff with several profile updates:
  - add /usr/share/locale-bundle/** to abstractions/base
  - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
  - allow dovecot imap to read /run/dovecot/mounts
  - allow avahi-daemon to write to /run/systemd/notify
  - allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
  - update dhclient profile
  - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
  - and some other small updates
- drop upstreamed apparmor-winbindd-r3213.diff (included in the
  upstream-profile-updates patch)
- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
- add apparmor-winbindd-r3213.diff - add missing k permissions for
  /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)
- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
  output (boo#862170)
- update to AppArmor 2.10 (trunk r3205)
  - profile names can now contain variables
  - improved profile compile time in apparmor_parser
  - lots of improvements, refactoring and bugfixes in the aa-* tools
  - new apis for managing and loading profile caches into the kernel in
  - lots of profile updates
  - see for the
    complete changelog with more details
- add new apparmor_private.h and the aa_query_label(2), aa_features(3),
  aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
  to libapparmor-devel
- drop apparmor-2.5.1-edirectory-profile patch - it's most probably
  no longer needed (see boo#621394 for details)
- drop upstreamed samba-4.2-profiles.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
- systemd-rpm-macros and %systemd_requires were at the wrong place,
  move them to the parser package (boo#931792)
- update to AppArmor 2.9.2 (2.9 branch r2911)
  - lots of bugfixes in the parser and the aa-* tools (including
  - update dovecot and dnsmasq profiles and several abstractions
    (including boo#911001)
  - see for the
    full changelog
- remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
- replace GPG key with new AppArmor GPG signing key, see
- make sure %service_del_postun doesn't call systemctl try-restart
  (boo#853019, bare systemd edition)
- add samba-4.2-profiles.diff: update samba (winbindd and nmb)
  profiles for samba 4.2 (boo#921098, boo#923201)
- only install apparmor.service for openSUSE > 13.2
- Add a native systemd unit which *at the moment* only
  wraps/masks the early boot script.
- add apparmor-fix-stl-ostream.diff which fixes odd uses of
  std::ostream which are not valid.  Fixes build with GCC 5
- allow to run /usr/bin/unzip-plain (boo#906858)
- add Requires: python3 to python3-apparmor package - readline isn't
  part of python3-base (boo#917577)
- add apparmor-changes-since-2.9.1.diff with upstream fixes since the
  2.9.1 release
  - update to support changed syslog format (lp#1399027)
  - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles
  - update the mysqld profile
  - fix network rule description in apparmor.d(5) manpage
- drop upstreamed dnsmasq-profile-fixes.patch
- update expired GPG key
- update to AppArmor 2.9.1 (2.9 branch r2831)
  - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
  - several fixes and performance improvements in the aa-* utils
  - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and
    bnc#908856), useradd, sendmail, man and passwd
  - see
    for full release notes
- refresh dnsmasq-profile-fixes.patch
- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
  argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
  leasehealper script to run even on x86_64.
  dnsmasq-profile-fixes.patch. boo#911001
- rename profile file to to match the
  script filename
- add apparmor-lessopen-profile.patch: /usr/bin/ needs
  confinement. bnc#906858
- delete cache in apparmor-profiles %post (workaround for
  bnc#904620#c8 / lp#1392042)
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- fix bashism in post script
- update to AppArmor 2.9.0 (r2759)
  - change aa-mergeprof to the final commandline syntax
  - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
    bugs without a formal bugreport)
  - small additions to gnome,, ubuntu-browsers.d/java
    and user-mail abstractions
  - fix mod_apparmor to not break basic auth
  - update perl modules to support signal, unix and ptrace rules (bnc#900013)
  - don't warn about rules not supported by the kernel
  - fix logging of "/audit capability"/ (lp#1378091)
  - add support for the "/hat"/ keyword in apparmor.vim
  - build html version of apparmor.vim manpage again (lp#1366572)
  - see also
- update apparmor-abstractions-no-multiline.diff
- remove upstreamed apparmor-profiles-ntpd-pid-location.diff
- add baselibs.conf as cryptsetup also has 32bit variants
- Update description.
- Update to version 0.0+git20171227.670229c:
  * Added ABI version number
  * AVX2/AVX-512F optimizations of BLAMKA
  * Set Argon2 version number from the command line
  * New bindings
  * Minor bug and warning fixes (no security issue)
- use _service file
- ship libargon2.pc (bsc#1034441)
- moved argon2-specs.pdf to doc subpackage
- added packaging of man page
- make sure to call cc with -pthread option (implies -lpthread)
- run test suite
- Initial release
- change login shell for at user from /bin/bash to /bin/false as it
  shouldn't need a valid login shell [jsc#SLE-17611] [bsc#1181576]
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Drop patch at-3.1.8-eal3-manpages.patch merged upstream differently
- Version update to at 3.1.20 to match latest upstream:
  * Pam and selinux implemented upstream
  * various tiny fixes
- Rebase patches:
  * at-3.1.13-documentation-dir.patch
  * at-3.1.13-massive_batch.patch
  * at-3.1.14-joblist.patch
  * at-3.1.14-parse-suse-sysconfig.patch
  * at-3.1.14-usePOSIXtimers.patch
  * at-3.1.14.patch
- Drop no longer needed patches:
  * at-3.1.13-formatbugs.patch
  * at-3.1.13-pam-session-as-root.patch
  * at-3.1.13-pam.patch
  * at-3.1.13-queue-nice-level.patch
  * at-3.1.14-selinux.patch
- add at-3.1.16-handle_malformed_jobs.patch to prevent creation of
  the corrupted files and their looping [bnc#945124]
- loadavg on Linux is a sum over all CPUs, so multiply LOADAVG_MX
  by the amount of CPUs when comparing to loadavg (bnc#889174)
  * added at-adjust_load_to_cpu_count.patch
- Version bump to 3.1.16 to match latest upstream:
  * Fix regression for sec-fix in bash we applied in form of patch
    till now - deleting at-3.1.15-sane-envkeys.patch
- Sync/split features to be patch specific, modifying:
  * at-3.1.13-pam.patch
  * at-3.1.14-parse-suse-sysconfig.patch
  * at-3.1.14-selinux.patch
- Cleanup with spec-cleaner
- Remove systemd conditional (we do not work on sle11 anyway)
- atd.service: run not after
- atd.service: run
- Replace at-sane-envkeys.diff by at-3.1.15-sane-envkeys.patch,
  a simpler fix from upstream [bsc#899160]
- Ad at-spi2-core-async-session-register.patch: make bus-launcher
  session registration more robust (boo#1154582).
- Update to version 2.34.0:
  + Fix a use after free when freeing an event.
  + Clean up handling of the X11 property specifying the bus
  + Update doap.
- Update to version 2.33.92:
  + Now requires meson 0.50.0.
  + License is now LGPL-2.1+.
  + Meson: only link to libdl when it is necessary.
  + Update installation instructions.
  + Clarify atspi_editable_text_insert_text documentation.
  + Do not warn on no reply from pending get_items call.
  + Eliminate some superfluous runtime warnings.
- Require meson >= 0.50.0.
- Set license to LGPL-2.1-or-later.
- Update to version 2.33.90:
  + Refactor the API for the screen reader to notify listeners
    of its status.
  + Add a sender to the AtspiEvent struct.
  + Add missing atspi_application_get_type prototype.
  + Support mutter remote desktop interface for synthesizing
    keyboard/mouse events (likely still needs work).
- Update to version 2.33.2:
  + Check WAYLAND_DISPLAY, rather than XDG_SESSION_TYPE, to avoid X
    connections. Fixes breakage if X is started with startx and
    XDG_SESSION_TYPE is unset.
  + X11: also try mod4 and mod5 to generate keysyms.
  + Check for dbus-daemon in /usr/lib (for Solaris).
- Update to version 2.32.1:
  + Fix meson build for meson 0.50.0 and newer.
- Drop at-spi2-core-meson-build-fix.patch: Fixed upstream.
- Add at-spi2-core-meson-build-fix.patch: fix build for meson
  0.50.0 (glgo#GNOME/at-spi2-core!9).
- Update to version 2.32.0:
  + Stable release version bump.
- Update to version 2.31.92:
  + Fix atspi_table_cell_get_(row_column)_headers.
  + Update documentation to indicate that extents are only
    meaningful when an object has both STATE_VISIBLE and
  + Use a consistent style for the meson options.
  + Fix a compiler warning on BSD.
  + Add ScrollSubstringTo and ScrollSubstringToPoint text
- Enable gtk-docs BuildRequires and update options passed to meson.
- Drop unneeded and unused intltool BuildRequires.
- Update to version 2.31.2:
  + Add ScrollSubstringTo and ScrollSubstringToPoint text
- Update to version 2.31.1:
  + Bus launcher: fix an issue where the error wasn't cleared on
  + Add support for locking/unlocking modifiers.
  + Update error log text for consistency.
  + Documentation clean-ups.
- Drop upstream fixed patches:
  + at-spi2-core-bus-launch-use__linux__.patch.
  + at-spi2-core-generate-pc.patch.
- Update to version 2.30.1:
  + Fix atspi_table_cell_get_(row|column)_header_cells
- Add at-spi2-core-bus-launch-use__linux__.patch: bus-launch:
  use __linux__ over __linux.
- Add at-spi2-core-generate-pc.patch: meson: Generate a pkg-config
- Disable gtk-doc BuildRequires and pass enable_docs=false to
  meson. Temp workaround for buildfail when building docs with
  meson 0.48.
- Update to version 2.30.0:
  + No changes, stable bump only.
- Update to version 2.29.1:
  + Add dbus-broker support to bus launcher.
  + Add ScrollTo and ScrollToPoint component interfaces.
  + Do not use deprecated GSettings API.
  + Fix various compiler warnings and documentation annotations.
- Update to version 2.28.0:
  + Support building a static library (bgo#793652).
  + Fix build on FreeBSD (bgo#791608).
- Update to version 2.27.92:
  + Dropped autotools support.
  + Documentation: Remove list association from
  + Fix a potential buffer overflow in at-spi-bus-launcher
  + Make the build reproducible (bgo#791167).
- Drop at-spi2-core-bgo791124-buffer-overflow.patch and
  at-spi2-core-bgo791167-reproducible-build.patch: fixed upstream.
- Modernize spec-file by calling spec-cleaner
- Add at-spi2-core-bgo791124-buffer-overflow.patch: fix possible
  buffer overflow reading dbus address in at-spi-bus-launcher
  (boo#1073027, bgo#791124).
- Add at-spi2-core-bgo791167-reproducible-build.patch: use
  @basename@ in templates, rather than @filename@; fixes build
  reproducibility and multiarch conflict (bgo#791167).
- Switch to using meson buildsystem:
  + Add meson and gtk-doc BuildRequires.
  + Use meson, meson_build and meson_install macros instead of
    autotools macros.
  + Drop update-desktop-files BuildRequires and stop using
    suse_update_desktop_file macro, no longer needed.
  + Modernize spec, use spec-cleaner.
- Update to version 2.26.2:
  + dist po/ (bgo#789666).
  + Generate correct sonname when building with meson.
- Update to version 2.26.1:
  + Remove unused dependency on libxkbcommon.
  + Various meson build fixes.
  + Updated translations.
- Update package summaries and old RPM macros.
- Update to version 2.26.0:
  + m4/gettext.m4, m4/iconv.m4, m4/lib-ld.m4, m4/lib-link.m4,
    m4/lib-prefix.m4, m4/nls.m4, m4/po.m4 and m4/progtest.m4:
    Upgrade to gettext-
  + (AM_GNU_GETTEXT_VERSION): Bump to 0.19.8.
- Update to version 2.25.92:
  + make xkb optional, as intended.
  + Optionally read the bus adddress from the ATSPI_BUS_ADDRESS
    environment variable (bgo#787126).
- Update to version 2.25.91:
  + Meson build files should now be usable, with the exception of
    the dist target.
- Update to version 2.25.90:
  + Fix a couple of introspection issues (bgo#784481).
  + atspi_get_a11_bus: don't leak the DBusConnection.
  + Meson fixes.
- Update to version 2.25.4:
  + Fix gir generation with autotools (bgo#783994).
- Update to version 2.25.3:
  + Fix -Wmisleading-indentation warnings.
  + Fix memory leak of at-spi-bus-launcher.
  + Add error-message, error-for, details, and details-for relation
  + Poll direct dbus connections in the main loop--fixes processes
    being marked hung and the hung flag never being removed.
  + Add Meson build system.
  + Various build fixes.
- Add pkgconfig(xkbcommon-x11) BuildRequires: new dependency.
- Update to version 2.25.2:
  + Attempt to fix an occasional crash when an application
    disappears (bgo#767074).
  + Add some missing roles to correspond with atk (description
    list, description term, description value, and footnote).
- Update to version 2.25.1:
  + No changes.
- Update to version 2.24.1:
  + atspi_table_cell_get_position: Don't crash on error.
- Update to version 2.24.0:
  + No changes.
- Update to version 2.23.92:
  + Table cell API fixes (bgo#779835).
- Update to version 2.23.90:
  + Fix an occasional crash when an application is closed
- Update to version 2.23.4:
  + Don't pull in X headers if x11 is disabled (bgo#773710).
  + at-spi-bus-launcher: session management fixes (bgo#774441).
  + events: add recently added page changed event (bgo#719898).
  + roles: EXTENDED roles are deprecated (bgo#720123).
- Update to version 2.22.0:
  + at-spi-bus-launcher: Fix uninitialized variable.
  + Fix return value error in session_manager_connect (bgo#768881).
  + Updated translations.
- Update to version 2.21.4:
  + Fixed a crash in atspi_accessible_clear_cache.
  + Fixed a crash caused by at-spi2-registryd dying.
  + Fixed some session management issues in at-spi-bus-launcher.
- Drop at-spi2-core-session-management.patch: Fixed upstream.
- Update to version 2.21.2:
  + Allow building without Xtst, Xi with --disable-x11.
  + ref_accessible_desktop: don't unref reply until we're finished
    with it.
  + Updated translations.
- Update to version 2.21.1:
  + Fix parsing of at-spi-bus-launcher command line arguments
  + Build clean-ups.
- Update at-spi2-core-session-management.patch: fix uninitialized
  variable (bsc#984109).
- Add at-spi2-core-session-management.patch: properly register
  at-spi-bus-launcher with gnome-session (bsc#984109).
- Drop at-spi2-core-devel Obsolete: the devel package have not
  existed since 2009. At the same time, drop rpmlintrc, since it's
  not needed anymore.
- Pkgconfig'ify spec file BuildRequires:
  + Replace/Remove: glib2-devel, gobject-introspection-devel,
  + Add: pkgconfig(gio-2.0), pkgconfig(glib-2.0),
    pkgconfig(gobject-2.0), pkgconfig(gobject-introspection-1.0),
    pkgconfig(x11), pkgconfig(xtst), pkgconfig(xi).
- Update to GNOME 3.20.2  Fate#318572
- Update to version 2.20.2:
  + Fixed an invalid memory access when fetching an accessible.
- Update to GNOME 3.20  Fate#318572
- Drop at-spi2-core-null-event-source.patch: fixed upstream.
- Update to version 2.20.1:
  + registryd: avoid crashing with a NULL keystring (bgo#764688).
  + Plug a memory leak in AtspiEventListener (bgo#764688).
- Update to version 2.20.0:
  + No changes.
- Update to version 2.19.92:
  + Support a stateless configuration by default (bgo#763540).
- Update to version 2.19.91:
  + Don't display warnings when connecting to an app that no longer
- Update to version 2.19.90:
  + Don't display warning if unable to connect when logged in via
    ssh (bgo#761600).
  + at-spi-bus-launcher: register with session manager
- Update to version 2.19.2:
  + Disable xevie by default--it probably doesn't do anything
  + get_index_in_parent: Don't crash if parent is defunct.
  + Don't crash when trying to set an invalid state (bgo#757915).
- Update to version 2.19.1:
  + atspi_hyperlink_get_index_range: don't return random values if
    the call fails (bgo#755727).
  + Fixed some atspi_text_ functions (bgo#755731).
- Update to version 2.18.3:
  + get_index_in_parent: Don't crash if the parent is defunct.
- Update to version 2.18.2:
  + Really don't crash if we get a children-changed event with a
    non-existent child (bgo#755951).
  + Fixed crash during removal of last application in registryd
- Disable xevie when configuring (boo#952011).
- Update to version 2.18.1:
  + Don't crash if we get a children-changed event with a
    non-existent child (bgo#755951).
  + atspi_hyperlink_get_index_range: don't return random values if
    the call fails (bgo#755727).
  + Fixed some atspi_text_ functions (bgo#755731).
- Update to version 2.18.0:
  + Updated translations.
- Update to version 2.17.90:
  + Modified the cache API to specify an object's index and child
    count rather than its children. This eliminates the need for
    the application to enumerate its children, improving
    performance in some places with large lists (bgo#650090).
- Update to version 2.17.1:
  + Functions shouldn't try to return values (bgo#749330).
  + Fix atspi_table_cell_get_position.
- Update to version 2.16.0:
  + Fix GTK-Doc comment blocks.
  + Updated translations.
- Update to version 2.15.90:
  + Deprecate atspi_text_get_text_{before,at,after}_offset()
  + Add roles for fractions, roots, subscripts, and superscripts
- Update to version 2.15.4:
  + Add names to every timeout (bgo#710644).
  + Remove accessibility.conf from EXTRA_DIST (bgo#742987).
  + Add ATSPI_STATE_READONLY (bgo#690004).
- Update to version 2.15.3:
  + Replace deprecated "/Rename to"/ gtk-doc tag.
  + Fix atspi_table_cell_get_column_span prototype.
- Update to version 2.15.2:
  + Make the documentation of ATSPI's STATE_ACTIVE consistent with
    that of ATK's (bgo#740274).
  + Add ATSPI_ROLE_STATIC and update documentation for
    ATSPI_ROLE_TEXT (bgo#740340).
  + gi-annotations: get_relation_set returns a array of
- Update to version 2.15.1:
  + Fix some issues with the accessibility bus configuration
  + Documentation for AtspiTableCell is now built.
- Update to version 2.14.1:
  + Docs: add AtspiTableCell.
- Use %license instead of %doc [bsc#1082318]
- remove man5/attr.5, it is now part of man-pages
- Reduce size of filelist by using wildcards;
  remove %doc (some locations are always %doc),
  remove %attr (files already have proper permissions)
- remove gpg-offline from bootstrap packages
- Update to new upstream release 2.4.47
  * This release fixes two functional bugs related to tree walking
  and the return code from getfattr. Also, a number of build system
  problems were fixed.
- Remove config-guess-sub-update.patch (no longer applies),
  attr-syscalls.patch (resolved differently upstream), (replaced by logic in specfile)
- Signature verification
- Added url as source.
  Please see
- Remove unused autoconf and automake build requires
- Add attr-syscalls.patch:
  Define attr syscall numbers for aarch64
- Add config-guess-sub-update.patch:
  Update confg.guess/sub for aarch64
- update license to new format
- add autoconf as buildrequire to avoid implicit dependency
- Add libattr-devel-static package
- Enable libattr-devel for all baselib arches
- Implement shlib package (libattr1)
- make shared library executable
- upgrade to 2.4.46
  - Fix tests
- upgrade to 2.4.45
  - OPTIONS in man pages should be a section heading, not a subsection heading
  - getfattr: encode NULs properly with --encoding=text
  - setfattr.1: document supported encodings of values
  - convert the man pages into html
  - attr_parse_attr_conf: eliminate a double free
  - attr_parse_attr_conf: eliminate a memory leak
  - quote: pull in string.h for strchr prototype
  - libattr: fix memory leak in attr_copy_action()
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- fixed implicit strchr() call
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.4.44
  - Stop quoting nonprintable characters in the getfattr output
  - More license updates
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- Fix specfile to require libauparse0 and libaudit1 after splitting
  audit-libs (bsc#1172295)
- Update to version 2.6.5:
  * Fix segfault on shutdown
  * Fix hang on startup (#1587995)
  * Add sleep to script to dump state so file is ready when needed
  * Add auparse_normalizer support for SOFTWARE_UPDATE event
  * Mark netlabel events as simple events so that get processed quicker
  * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
  * Add 30-ospp-v42.rules to meet new Common Criteria requirements
  * Update lookup tables for the 4.18 kernel
  * In aureport, fix segfault in file report
  * Add auparse_normalizer support for labeled networking events
  * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
  * Event aging is off by a second
  * In ausearch/auparse, correct event ordering to process oldest first
  * auparse_reset was not clearing everything it should
  * In ausearch/report, lightly parse selinux portion of USER_AVC events
  * In ausearch/report, limit record size when malformed
  * In auditd, fix extract_type function for network originating events
  * In auditd, calculate right size and location for network originating events
  * Treat all network originating events as VER2 so dispatcher doesn't format it
  * In audisp-remote do an initial connection attempt (#1625156)
  * In auditd, allow expression of space left as a percentage (#1650670)
  * On PPC64LE systems, only allow 64 bit rules (#1462178)
  * Make some parts of auditd state report optional based on config
  * Fix ausearch when checkpointing a single file (Burn Alting)
  * Fix scripting in 31-privileged.rules wrt filecap (#1662516)
  * In ausearch, do not checkpt if stdin is input source
  * In libev, remove __cold__ attribute for functions to allow proper hardening
  * Add tests to for openldap support
  * Make systemd support files use /run rather than /var/run (Christian Hesse)
  * Fix minor memory leak in auditd kerberos credentials code
  * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
  * In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Remote zos building is now a configurable option.
  It should be disabled in audit (and left enabled in audit-secondary).
- Make use of some %make_install.
- Update to version 2.8.4:
  * Generate checkpoint file even when not results are returned
    (Burn Alting).
  * Fix log file creation when file logging is disabled entirely
    (Vlad Glagolev).
  * Use SIGCONT to dump auditd internal state (rh#1504251).
  * Fix parsing of virtual timestamp fields in ausearch_expression
  * Fix parsing of uid & success for ausearch.
  * Hide lru symbols in auparse.
  * Fix aureport summary time range reporting.
  * Allow unlimited retries on startup for remote logging.
  * Add queue_depth to remote logging stats and increase default
    queue_depth size.
- Update to version 2.8.3:
  * Correct msg function name in lru debug code.
  * Fix a segfault in auditd when dns resolution isn't available.
  * Make a reload legacy service for auditd.
  * In auparse python bindings, expose some new types that were
  * In normalizer, pickup subject kind for user_login events.
  * Fix interpretation of unknown ioctcmds (rh#1540507).
  * In auparse_normalize for USER_LOGIN events, map acct for
  * Fix logging of IPv6 addresses in DAEMON_ACCEPT events
  * Do not rotate auditd logs when num_logs < 2 (brozs).
- Update header in audit-python3.patch
- Update patch guidelines in README-BEFORE-ADDING-PATCHES
- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname
- Update to version 2.8.1 release (includes 2.8 and 2.7.8 changes)
  * many features added to auparse_normalize
  * cli option added to auditd and audispd for setting config dir
  * in auditd, restore the umask after creating a log file
  * option added to auditd for skipping email verification
-  Full changelog:
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7 release
- Create folder for the m4 file from previous commit to avoid install
- Version update to 2.5 release
- Refresh two patches and README to contain SUSE and not SuSE
  * audit-allow-manual-stop.patch
  * audit-plugins-path.patch
- Cleanup with spec-cleaner and do not use subshells but rather use
  - C parameter of make
- Install m4 file to the devel package
- Do not depend on insserv nor fillup; the package provides
  neither sysconfig nor sysvinit files
- Update to version 2.4.4 (bsc#941922, CVE-2015-5186)
- Remove patch 'audit-no_m4_dir.patch'
  (added Fri Apr 26 11:14:39 UTC 2013 by
  No idea what earlier 'automake' build error this was trying to fix but
  it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
  occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- Require pkgconfig for build
  Changelog 2.4.4
  - Fix linked list correctness in ausearch/report
  - Add more cross compile fixups (Clayton Shotwell)
  - Update auparse python bindings
  - Update libev to 4.20
  - Fix CVE-2015-5186 Audit: log terminal emulator escape sequences handling
  Changelog 2.4.3
  - Add python3 support for libaudit
  - Cleanup automake warnings
  - Add AuParser_search_add_timestamp_item_ex to python bindings
  - Add AuParser_get_type_name to python bindings
  - Correct processing of obj_gid in auditctl (Aleksander Zdyb)
  - Make plugin config file parsing more robust for long lines (#1235457)
  - Make auditctl status print lost field as unsigned number
  - Add interpretation mode for auditctl -s
  - Add python3 support to auparse library
  - Make --enable-zos-remote a build time configuration option (Clayton Shotwell)
  - Updates for cross compiling (Clayton Shotwell)
  - Add MAC_CHECK audit event type
  - Add libauparse pkgconfig file (Aleksander Zdyb)
  Changelog 2.4.2
  - Ausearch should parse exe field in SECCOMP events
  - Improve output for short mode interpretations in auparse
  - If auditctl is reading rules from a file, send messages to syslog (#1144252)
  - Correct lookup of ppc64le when determining machine type
  - Increase time buffer for wide character numbers in ausearch/report (#1200314)
  - In aureport, add USER_TTY events to tty report
  - In audispd, limit reporting of queue full messages (#1203810)
  - In auditctl, don't segfault when invalid options passed (#1206516)
  - In autrace, remove some older unimplemented syscalls for aarch64 (#1185892)
  - In auditctl, correct lookup of aarch64 in arch field (#1186313)
  - Update lookup tables for 4.1 kernel
- Update to version 2.4.1
  Changelog 2.4.1
  - Make python3 support easier
  - Add support for ppc64le (Tony Jones)
  - Add some translations for a1 of ioctl system calls
  - Add command & virtualization reports to aureport
  - Update aureport config report for new events
  - Add account modification summary report to aureport
  - Add GRP_MGMT and GRP_CHAUTHTOK event types
  - Correct aureport account change reports
  - Add integrity event report to aureport
  - Add config change summary report to aureport
  - Adjust some syslogging level settings in audispd
  - Improve parsing performance in everything
  - When ausearch outputs a line, use the previously parsed values (Burn Alting)
  - Improve searching and interpreting groups in events
  - Fully interpret the proctitle field in auparse
  - Correct libaudit and auditctl support for kernel features
  - Add support for backlog_time_wait setting via auditctl
  - Update syscall tables for the 3.18 kernel
  - Ignore DNS failure for email validation in auditd (#1138674)
  - Allow rotate as action for space_left and disk_full in auditd.conf
  - Correct login summary report of aureport
  - Auditctl syscalls can be comma separated list now
  - Update rules for new subsystems and capabilities
- Drop patch audit-add-ppc64le-mach-support.patch (already upstream)
- Do not explicitly provide group(audit) in system-users-audit:
  this is automatically handled by rpm/providers.
- Create new "/audit"/ group for read access to logs (bsc#1178154)
  * add change-default-log_group.patch
  * update audit-secondary.spec
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- prepare usrmerge (boo#1029961)
- Update to version 2.6.5:
  * Fix segfault on shutdown
  * Fix hang on startup (#1587995)
  * Add sleep to script to dump state so file is ready when needed
  * Add auparse_normalizer support for SOFTWARE_UPDATE event
  * Mark netlabel events as simple events so that get processed quicker
  * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
  * Add 30-ospp-v42.rules to meet new Common Criteria requirements
  * Update lookup tables for the 4.18 kernel
  * In aureport, fix segfault in file report
  * Add auparse_normalizer support for labeled networking events
  * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
  * Event aging is off by a second
  * In ausearch/auparse, correct event ordering to process oldest first
  * auparse_reset was not clearing everything it should
  * In ausearch/report, lightly parse selinux portion of USER_AVC events
  * In ausearch/report, limit record size when malformed
  * In auditd, fix extract_type function for network originating events
  * In auditd, calculate right size and location for network originating events
  * Treat all network originating events as VER2 so dispatcher doesn't format it
  * In audisp-remote do an initial connection attempt (#1625156)
  * In auditd, allow expression of space left as a percentage (#1650670)
  * On PPC64LE systems, only allow 64 bit rules (#1462178)
  * Make some parts of auditd state report optional based on config
  * Fix ausearch when checkpointing a single file (Burn Alting)
  * Fix scripting in 31-privileged.rules wrt filecap (#1662516)
  * In ausearch, do not checkpt if stdin is input source
  * In libev, remove __cold__ attribute for functions to allow proper hardening
  * Add tests to for openldap support
  * Make systemd support files use /run rather than /var/run (Christian Hesse)
  * Fix minor memory leak in auditd kerberos credentials code
  * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
  * In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Fix build errors when using gcc-10 no-common default (bsc#1160384)
  New patch: audit-fno-common.patch
- Refresh audit-allow-manual-stop.patch
- Reduce scriptlets' hard dependency on systemd.
- Update to version 2.8.4:
  * Generate checkpoint file even when not results are returned
    (Burn Alting).
  * Fix log file creation when file logging is disabled entirely
    (Vlad Glagolev).
  * Use SIGCONT to dump auditd internal state (rh#1504251).
  * Fix parsing of virtual timestamp fields in ausearch_expression
  * Fix parsing of uid & success for ausearch.
  * Hide lru symbols in auparse.
  * Fix aureport summary time range reporting.
  * Allow unlimited retries on startup for remote logging.
  * Add queue_depth to remote logging stats and increase default
    queue_depth size.
- Update to version 2.8.3:
  * Correct msg function name in lru debug code.
  * Fix a segfault in auditd when dns resolution isn't available.
  * Make a reload legacy service for auditd.
  * In auparse python bindings, expose some new types that were
  * In normalizer, pickup subject kind for user_login events.
  * Fix interpretation of unknown ioctcmds (rh#1540507).
  * In auparse_normalize for USER_LOGIN events, map acct for
  * Fix logging of IPv6 addresses in DAEMON_ACCEPT events
  * Do not rotate auditd logs when num_logs < 2 (brozs).
- Use %license instead of %doc [bsc#1082318]
- Change openldap dependency to client only (bsc#1085003)
- Resolve issue with previous change if both Python2 and Python3 are
  present, tests were failing as python2 bindings are preferred in this
- reverted -j1 force ppc specific only
- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname
- force -j1 for PowerPC make check to avoid build failure
  (lookup_test.o: file not recognized: File truncated)
- Add conditions around python plugins to allow us to conditionalize
  them in enviroment without python2
- Rename python binding packages to match current python packaging
- Update python build dependencies to resolve future split of
- Update to version 2.8.1. See audit.spec (libaudit1) for upstream
- Remove audit-implicit-writev.patch (fixed upstream across 2
  * 3b30db20ad983274989ce9a522120c3c225436b3
  * 07132c22314e9abbe64d1031fd8734243285bb3f
- Cleanup with spec-cleaner
- Add audit-implicit-writev.patch: include sys/uio.h to ensure
  readv and writev are declared.
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7. See audit.spec (libaudit1) for upstream
  Since commit 6cf57d27 (2.7.4) audit is now started as an non-forking
  service (bsc#1042781).
  Add config: audit-stop.rules
  Refresh patch: audit-allow-manual-stop.patch
  Refresh patch: audit-no-gss.patch
- Version update to 2.5. See audit.spec (libaudit1) for upstream
- Cleanup with spec-cleaner
- Sort out bit /sbin /usr/sbin/ installation
- Install the rules as documentation
- Remove needless %py_requires from python subpkgs
- Update to version 2.4.4. See audit.spec (libaudit1) for upstream
- Add python3 bindings for libaudit and libauparse
- Remove patch 'audit-no_m4_dir.patch'
  (added Fri Apr 26 11:14:39 UTC 2013 by
  No idea what earlier 'automake' build error this was trying to fix but
  it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
  occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- update to 1.10.1:
  General changes/additions
    New CLI utility 'augmatch' to print the tree for a file and select
    some of its contents
    New command 'count' in augtool
    New function 'not(bool) -> bool' for path expressions
    The path expression 'label[. = "/value"/]' can now be written more
    concisely as 'label["/value"/]'
  API changes
    libfa has now a function fa_json to export an FA as a JSON file, and
    fa_state_* functions that make it possible to iterate over the FA's
    states and transitions. (Pedro Valero Mejia)
    Add functions aug_ns_label, aug_ns_value, aug_ns_count, and
    aug_ns_path to get the label (with index), the value, the number of
    nodes, and the fully qualified path for nodes stored in a nodeset in
    a variable efficiently
  Lens changes/additions
    Grubenv: new lens to process /boot/grub/grubenv (omgold)
    Httpd: also read files from /etc/httpd/conf.modules.d/*.conf
    (Tomas Meszaros) (Issue #537)
    Nsswitch: allow comments at the end of a line (Philip Hahn) (Issue #517)
    Ntp: accept 'ntpsigndsocket' statement (Philip Hahn) (Issue #516)
    Properties: accept empty comments with DOS line endings (Issue #161)
    Rancid: new lens for RANCiD router databases (Matt Dainty)
    Resolv: accept empty comments with DOS line endings (Issue #161)
    Systemd: also process /etc/systemd/logind.conf (Pat Riehecky)
    YAML: process a document that is just a sequence (John Vandenberg)
- drop chrpath dependency, the offending dump binary is no longer shipped
- Use %license (boo#1082318)
- Version update to 1.9.0:
  - General changes/additions
  * Fix error in handling escaped whitespace at the end of path expressions
    (addresses CVE-2017-7555)
  * several improvements to the error messages when transforming a tree
    back to text fails. They now make it clearer what part of the tree
    was problematic, and what the tree should have looked like.
  * Fixed the pkg-config file, which should now be usable
  * Fix handling of backslash-escaping in strings and regular expressions
    in the lens language. We used to handle constructs like "//"/ and
    //// incorrectly. (Issue #495)
  * do not unescape the default value of a del on create; otherwise we are
    double unescaping these strings (Issue #507)
  * remove tempfile when saving files because destination is not writable
    (Issue #479)
  * span information is now updated on save (Issue #467)
  * fix lots of warnings generated by gcc 7.1
  * Various changes to reduce bashisms in tests and make them run on
    FreeBSD (Romain Tartière)
  - API changes
  * add function aug_ns_attr to allow iterating through a nodeset
    quickly. See examples/dump.c for an example of how to use them
    instead of aug_get, aug_label etc. and for a way to measure
    performance gains.
  - Lens changes/additions
  * Ceph: new lens for /etc/ceph/ceph.conf
  * Cgconfig: accept fperm & dperm in admin & task (Pino Toscano)
  * Dovecot: also load files from /usr/local/etc (Roy Hubbard)
  * Exports: relax the rules for the path at the beginning of a line so
    that double-quoted paths are legal, too
  * Getcap: new lens to parse generic termcap-style capability databases
  * Grub: accept toplevel 'boot' entry (Pino Toscano)
  * Httpd: handle empty comments with a continuation line (Issue #423);
    handle '>"/"/' in a directive properly (Issue #429); make space between
    quoted arguments optional (Issue #435); accept quoted strings as part
    of bare arguments (Issue #470)
  * Nginx: load files from sites-available directory (Omer Katz) (Issue #471)
  * Nslcd: new lens for nss-pam-ldapd config (Jose Plana)
  * Oz: New lense for /etc/oz/oz.cnf
  * postfix lenses: also load files from /usr/local/etc (Roy Hubbard)
  * Properties: accept DOS line endings (Issue #468)
  * Rtadvd: new lens to parse the rtadvd configuration file (Matt Dainty)
  * Rsyslog: load files from /etc/rsyslog.d (Doug Wilson) (Issue #475);
    allow spaces before the # starting a comment; allow comments inside
    config statements like 'module'
  * Ssh: accept '=' to separate keyword from arguments
  * Sshd: split HostKeyAlgorithms into list of values; recognize quoted
    group names with spaces in them (Issue #477)
  * Sudoers: recognize "/match_group_by_gid"/ (Luigi Toscano) (Issue #482)
  * Syslog: allow spaces before the # starting a comment
  * Termcap: new lens to parse termcap capability databases (Matt Dainty)
  * Vsftpd: accept seccomp_sandbox (Denys Stroebel)
  * Xymon: accept 'group-sorted' directive (Issue #462)
- Version update to 1.8.0:
  * See the News file for all the details
- Verified it contains fixes for bsc#933210 bsc#975729 bsc#925225
  bsc#1023204 CVE-2014-8119
- Version update to 1.6.0:
  * See the NEWS file for the details
- Update to version 1.5.0:
  - General changes/additions
  * augtool: new --timing option that prints after each operation how long
    it took
  * augtool: print brief help message when incorrect options are given rather
    than dumping all help text
  * Path expressions: optimize performance of evaluating certain
  * lots of safety improvements in libfa to avoid using uninitialized
    values and the like (Daniel Trebbien)
  * tolerate building against OSX' libedit (Issue #256)
  - API changes
  * aug_match: fix a bug where expressions like /foo/*[2] would match a
    hidden node and pretend there was no match at all. We now make sure
    we never match a hidden node. Thanks to Xavier Mol for reporting the
  * aug_get: make sure we set *value to NULL, even if the provided path is
    invalid (Issue #372)
  * aug_rm: fix segfault when deleting a tree and one of its ancestors
    (Issue #319)
  * aug_save: fix segfault when trying to save an invalid subtree. A
    routine that was generating details for the error message overflowed
    a buffer it had created (Issue #349)
  - Lens changes/additions
  * AptConf: support hash comments
  * AptSources: support options (Issue #295),
    support brackets with spaces in URI (GH #296)
    rename test file to test_aptsources.aug
  * Chrony: allow signed numbers and indentation, fix stray EOL entry,
    disallow comment on EOL, add many missing directives and
    options (Miroslav Lichvar, RHBZ#1213281)
    add new directives and options that were added in
    chrony-2.2 and chrony-2.3 and improve parsing of
    access configuration (Miroslav Lichvar, Issue #348)
    add new options for chrony-2.4 (Miroslav Lichvar)
  * Dhclient: avoid put ambiguity for node without value (Issue #294)
  * Group: support NIS map, support an overridden and disabled password,
    i.e. `+:*::` (Matt Dainty) (Issue #258)
  * Host_Conf: support spaces between list items (Cedric Bosdonnat, Issue #358)
  * Httpd: add paths to SLES vhosts
    (Jan Doleschal) (Issue #268)
    parse backslashes in directive arguments (Issue #307)
    parse mismatching case of opening/closing tags
    parse multiple ending section tags on one line
    parse wordlists in braces in SSLRequire directives
    parse directive args starting with double quote (Issue #330)
    parse directive args containing quotes
    support perl directives (Issue #327)
    parse line breaks/continuations in section arguments
    parse escaped spaces in directive/section arguments
    parse backslashes at the start of directive args (Issue #324)
  * Inputrc: support $else (Cedric Bosdonnat, Issue #359)
  * Interfaces: add support for source-directory (Issue #306)
  * Json: add comments support, refactor,
    allow escaped quotes and blackslashes
  * Keepalived: fix space/tag alignments and hanging spaces,
    add vrrp_mcast_group4 and vrrp_mcast_group6,
    add more vrrp_instance flags,
    add mcast/unicast_src_ip and unicast_peer,
    add missing garp options,
    add vrrp_script options,
    expand vrrp_sync_group block,
    allow notify option
    (Joe Topjian) (Issue #266)
  * Known_Hosts: refactoring and description fixed
  * Logrotate: support dateyesterday option (Chris Reeves) (GH #367, #368)
  * MasterPasswd: new lens to parse /etc/master.passwd
    (Matt Dainty) (Issue #258)
  * Multipath: add various missing keywoards (Olivier Mangold) (Issue #289)
  * MySQL: include /etc/my.cnf.d/*.cnf (Issue #353)
  * Nginx: improve typechecking of lens,
    allow masks in IP keys and IPv6 (Issue #260)
    add @server simple nodes (Issue #335)
  * Ntp: add support for basic interface syntax
  * OpenShift_Quickstarts: Use Json.lns
  * OpenVPN: add all options available in OpenVPN 2.3o
    (Justin Akers) (Issue #278)
  * Puppetfile: name separator is not mandatory
    add support for moduledir (Christoph Maser)
  * Rabbitmq: remove space in option name,
    add support for cluster_partitioning_handling,
    add missing simple options (Joe Topjian) (Issue #264)
  * Reprepro_Uploaders: add support for distribution field
    (Mathieu Alorent) (Issue #277),
    add support for groups (Issue #283)
  * Rhsm: new lens to parse subscription-manager's /etc/rhsm/rhsm.conf
  * Rsyslog: improve property filter parsing,
    treat whitespace after commas as optional.
    recognize '~' as a valid syslog action (discard)
    (Gregory Smith) (Issue #282),
    add support for redirecting output to named pipes
    (Gerlof Fokkema) (Issue #366)
  * Shellvars: allow partial quoting, mixing multiple styles
    (Kaarle Ritvanen) (Issue #183);
    allow wrapping builtin argument to multiple lines
    (Kaarle Ritvanen) (Issue #184);
    support ;; on same line with multiple commands
    (Kaarle Ritvanen) (Issue #185);
    allow line wrapping and improve quoting support
    (Kaarle Ritvanen) (Issue #187);
    accept [] and [[]] builtins (Issue #188);
    allow && and || constructs after condition
    (Kaarle Ritvanen) (Issue #265);
    add pattern nodes in case entries
    (BREAKING CHANGE: case entry values are now in a
    @pattern subnode) (Kaarle Ritvanen) (Issue #265)
    add eval builtin support;
    add alias builtin support;
    allow (almost) any command;
    allow && and || after commands (Issue #215);
    allow wrapping command sequences
    (Kaarle Ritvanen) (Issue #333);
    allow command-specific environment variable
    (Kaarle Ritvanen) (Issue #332);
    support subshells (Issue #339)
    newlines in start of functions
    allow newlines after actions
    support comments after function name (Issue #339)
    exclude SuSEfirewall2 (Cedric Bosdonnat, Issue #357)
  * Simplelines: parse OpenBSD's hostname.if(5)
    files (Jasper Lievisse Adriaanse) (Issue #252)
  * Smbusers: add support for ; comments
  * Spacevars: support flags (Issue #279)
  * Ssh: add support for HostKeyAlgorithms, KexAlgorithms
    and PubkeyAcceptedKeyTypes (Oliver Mangold) (Issue #290),
    add support for GlobalKnownHostsFile (Issue #316)
  * Star: New lens to parse /etc/default/star
  * Sudoers: support for negated command alias
    (Geoff Williams) (Issue #262)
  * Syslog: recognize '~' as a valid syslog action (discard)
    (Gregory Smith) (Issue #282)
  * Tmpfiles: new lens to parse systemd's tempfiles.d configuration
    files (Julien Pivotto) (Issue #269)
  * Trapperkeeper: new lens for Puppet server configuration files
  * Util: add comment_c_style_or_hash lens
    add empty_any lens
  * Vsftpd: add isolate and isolate_network options
    (Florian Chazal) (Issue #334)
  * Xml: allow empty document (Issue #255)
  * YAML: new lens (subset) (Dimitar Dimitrov) (Issue #338)
- Drop upstreamed patches:
- Fix errors showing up in guestfs tools.
  Add upstreamed patches:
- Version bump to 1.4.0:
  * Loads of bugfixes all around the package
  * Read up NEWS file for the detailed changes
- Whitespace
- restore keyring and .sig file, as this is checked by the OBS
  source service
- Update  to version 1.3.0
  + General changes/additions
  * Add missing cp entry in manpage (GH issue #78)
  * Add seq to vim syntax highlight (Robert Drake)
  * Update augtool.1 man page with new commands and --span, RHBZ#1100077
  * augtool autocomplete includes command aliases, RHBZ#1100184
  * Remove unused "/filename"/ argument from dump-xml command, RHBZ#1100106
  * aug_save returns non-zero result when unable to delete files,
  + Lens changes/additions
  * Aliases: permit missing whitespace between colon and recipients
  * AptPreferences: Support spaces in origin fields
  * Cgconfig: handle additional valid controllers (Andy Grimm)
  * Chrony: New lens to parse /etc/chrony.conf (Pat Riehecky)
  * CPanel: New lens to parse cpanel.config files
  * Desktop: Allow @ in keys (GH issue #92)
  * Device_map: Parse all files under /boot (Mike Latimer)
  * Dhclient: Add support for option modifiers (Robert Drake,
    GH issue #95)
    Parse hash statements with dhcp-eval strings
  * Dhcpd: stmt_string quoted blocks no longer store quote marks
    (incompatible change),
    many changes to support more record types (Robert Drake)
  * Group: NIS support (KaMichael)
  * Grub: handle "/foreground"/ option, RHBZ#1059383 (Miguel Armas)
  * Gshadow: New lens (Lorenzo Catucci)
  * Httpd: Allow eol comments after section tags
    Allow continued lines inside quoted value (GH issue #104)
    Allow comparison operators in tags (GH issue #154)
  * IPRoute2: handle "//"/ in protocol name, swap ID and name fields
    (incompatible change), RHBZ#1063968,
    handle hex IDs and hyphens, as present in
    rt_dsfield, RHBZ#1063961
  * Iptables: parse /etc/sysconfig/, RHBZ#1144651
  * Kdump: parse new options, permit EOL comments, refactor, RHBZ#1139298
  * Keepalived: Add more virtual/real server settings and checks, RHBZ#1064388
  * Known_Hosts: New lens for SSH known hosts files
  * Krb5: permit braces in values when not in sub-section, RHBZ#1066419
  * Ldso: handle "/hwcap"/ lines (GH issue #100)
  * Lvm: support negative numbers, parse /etc/lvm/lvm.conf (Pino Toscano)
  * Multipath: add support for rr_min_io_rq (Joel Loudermilk)
  * NagiosConfig and NagiosObjects: Fix documentation (Simon Sehier)
  * NetworkManager: Use the Quote module, support # in values (no eol comments)
  * OpenVPN: Add support for fragment, mssfix, and script-security
    (Frank Grötzner)
  * Pagekite: New lens (Michael Pimmer)
  * Pam: Add partial support for arguments enclosed in [] (Vincent Brillault)
  * Passwd: Refactor lens (Lorenzo Catucci)
  * Redis: Allow empty quoted values (GH issue #115)
  * Rmt: New lens to parse /etc/default/rmt, RHBZ#1100549
  * Rsyslog: support complex $template lines, property filters and file
    actions with templates, RHBZ#1083016
  * Services: permit colons in service name, RHBZ#1121263
  * Shadow: New lens (Lorenzo Catucci)
  * Shellvars: Handle case statements with same-line ';;', RHBZ#1033799
    Allow any kind of quoted values in block
    conditions (GH issue #118)
    Support $(( .. )) arithmetic expansion in variable
    assignment, RHBZ#1100550
  * Simplevars: Support flags and empty values
  * Sshd: Allow all types of entries in Match groups (GH issue #75)
  * Sssd: Allow ; for comments
  * Squid: Support configuration files for squid 3 (Mykola Nikishov)
  * Sudoers: Allow wuoted string in default str/bool params (Nick Piacentine)
  * Syslog: Support "/# !"/ style comments (Robert Drake, GH issue #65)
    Permit IPv6 loghost addresses, RHBZ#1129388
  * Systemd: Allow quoted Environment key=value pairs, RHBZ#1100547
    Parse /etc/sysconfig/*.systemd, RHBZ#1083022
    Parse semicolons inside entry values, RHBZ#1139498
  * Tuned: New lens for /etc/tuned/tuned-main.conf (Pat Riehecky)
  * UpdateDB: New lens to parse /etc/updatedb.conf
    (incompatible change as this file used to be processed with
  * Xml: Allow backslash in #attribute values (GH issue #145)
    Parse CDATA elements (GH issue #80)
  * Xymon_Alerting: refactor lens (GH issue #89)
- Remove the sig and the keyring file as there is no gpg verification
- Remove augeas-device_map-grub2.patch, fixed on upstream release
- Change desc to describe the "/tools"/ not just the library
- Enable tests but "/pass"/ them even with 2 failures.
- Add check phase, comment out as 2 test fails now.
- Clean up with spec-cleaner
- Version bump to 1.2.0:
  - API changes
  * Add aug_cp and the cp and copy commands
  * aug_to_xml now includes span information in the XML dump
  - General changes/additions
  * Fix documentation link in c_api NaturalDocs menu
  * Fix NaturalDocs documentation for various lenses
  * src/transform.c (filter_matches): wrap fnmatch to ensure that an incl
    pattern containing "///"/ matches file paths, RHBZ#1031084
  * Correct locations table for transform_save() (Tomas Hoger)
  * Corrections for CVE-2012-0786 tests (Tomas Hoger)
  * Fix umask handling when creating new files, RHBZ#1034261
  - Lens changes/additions
  * Access: support DOMAINuser syntax for users and groups, bug #353
  * Authorized_Keys: Allow 'ssh-ed25519' as a valid authorized_key
    type (Jasper Lievisse Adriaanse)
  * Automounter: Handle hostnames with dashes in them, GH issue #27
  * Build: Add combinatorics group
  * Cyrus_Imapd: Create new entries without space before separator,
    RHBZ#1014974 (Dietmar Kling)
  * Desktop: Support square brackets in keys
  * Dhclient: Add dhclient.conf path for Debian/Ubuntu (Esteve Fernandez)
  * Dhcpd: Support conditionals, GH issue #34
    Support a wider variety of allow/deny statement, including
    booting and bootp (Yanis Guenane)
    Support a wider variety of DHCP allow/deny/ignore statements
    (Yanis Guenane)
  * Dovecot: Various enhancements and bug fixes (Michael Haslgrübler):
    add mailbox to block_names, fix for block_args in quotes,
    fix for block's brackets upon write,
    fixes broken tests for mailbox,
    fixes indention,
    test case for block_args with "/,
    fixes broken indention
    Use Quote module
  * Exports: Permit colons for IPv6 client addresses, bug #366
  * Grub: Support the 'setkey' and 'lock' directives
    NFC fix whitespace errors
    Handle makeactive menu command, bug #340
    Add 'verbose' option, GH issue #73
  * Interfaces: Add in support for the source stanza in
    /etc/network/interfaces files
    Map bond-slaves and bridge-ports to arrays (incompatible
    change) (Kaarle Ritvanen)
    Add /etc/network/interfaces.d/* support
    Allow numeric characters in stanza options (Pascal Lalonde)
  * Koji: New lens to parse Koji configs (Pat Riehecky)
  * MongoDBServer: Accept quoted values (Tomas Klouda)
  * NagiosCfg: Do not try to parse /etc/nagios/nrpe.cfg anymore, GH issue #43
    /etc/nagios/nrpe.cfg is parsed by Nrpe (Yanis Guenane)
  * Nagiosobjects: Add support for optional spaces and indents
    and whole-line comments (Sean Millichamp)
  * OpenVPN: Support daemon, client-config-dir, route, and management
    directives (Freakin
  * PHP: allow php-fpm syntax in keys, GH issue #35
  * Postfix_Main: Handle stray whitespace at end of multiline lines, bug #348
  * Postfix_virtual: allow '+' and '=' in email addresses (Tom Hendrikx)
  * Properties: support multiline starting with an empty string, GH issue #19
  * Samba: Permit asterisk in key name, bug #354
  * Shellvars: Read /etc/firewalld/firewalld.conf, bug #363
    Support all types of quoted strings in arrays, bug #357
    Exclude /etc/sysconfig/ip* files
  * Shellvars, Sysconfig: map "/bare"/ export and unset lines to seq numbered
    nodes to handle multiple variables (incompatible change), RHBZ#1033795
  * Shellvars_list: Handle backtick variable assignments, bug #368
    Allow end-of-line comments, bug #342
  * Simplevars: Add /etc/selinux/semanage.conf
  * Slapd: use smart quotes for database entries; rename by/what to by/access;
    allow access to be absent as per official docs (incompatible change)
  * Sshd: Indent Match entries by 2 spaces by default
    Support Ciphers and KexAlgorithms groups, GH issue #69
    Let all special keys be case-insensitive
  * Sudoers: Permit underscores in group names, bug #370 (Matteo Cerutti)
    Allow uppercase characters in user names, bug #376
  * Sysconfig: Permit empty comments after comment lines, RHBZ#1043636
  * Sysconfig_Route: New lens for RedHat's route configs
  * Syslog: Accept UDP(@) and TCP(@@) protocol, bug #364 (Yanis Guenane)
  * Xymon_Alerting: New lens for Xymon alerting files (François Maillard)
  * Yum: Add yum-cron*.conf files (Pat Riehecky)
    Include only *.repo files from yum.repos.d (Andrew N Golovkov)
    Permit spaces after equals sign in list options, GH issue #45
    Split excludes as lists, bug #275
- device_map lense: Find in any dir beneath /boot (bnc#875086)
- download url changed, also added keyring and .sig ring
- Update to version 1.1.0
  - Handle files with special characters in their name, bug #343
  - Fix type error in composition ('f; g') of functions, bug #328
  - Improve detection of version script; make build work on Illumos with
    GBU ld (Igor Pashev)
  - augparse: add --trace option to print filenames of all modules being
  - Various lens documentation improvements (Jasper Lievisse Adriaanse)
  - Lens changes/additions
  - ActiveMQ_*: new lens for ActiveMQ/JBoss A-MQ (Brian Harrington)
  - AptCacherNGSecurity: new lens for /etc/apt-cacher-ng/security.conf
    (Erik Anderson)
  - Automaster: accept spaces between options
  - BBHosts: support more flags and downtime feature (Mathieu Alorent)
  - Bootconf: new lens for OpenBSD's /etc/boot.conf (Jasper Adriaanse)
  - Desktop: Support dos eol
  - Dhclient: read /etc/dhclient.conf used in OpenBSD (Jasper Adriaanse)
  - Dovecot: New lens for dovecot configurations (Serge Smetana)
  - Fai_Diskconfig: Optimize some regexps
  - Fonts: exclude all README files (Jasper Adriaanse)
  - Inetd: support IPv6 addresses, bug #320
  - IniFile: Add lns_loose and lns_loose_multiline definitions
    Support smart quotes
    Warning: Smart quotes support means users should not add
    escaped double quotes themselves. Tests need to be fixed
    Use standard Util.comment_generic and Util.empty_generic
    Warning: Existing lens tests must be adapted to use standard
    comments and empty lines
    Allow spaces in entry_multiline* values
    Add entry_generic and entry_multiline_generic
    Add empty_generic and empty_noindent
    Let multiline values begin with a single newline
    Support dos eol
    Warning: Support for dos eol means existing lenses usually
    need to be adapted to exclude r as well as n.
  - IPRoute2: Support for iproute2 files (Davide Guerri)
  - JaaS: lens for the Java Authentication and Authorization Service
    (Simon Vocella)
  - JettyRealm: new lens for (Brian Harrington)
  - JMXAccess, JMXPassword: new lenses for ActiveMQ's JMX files
    (Brian Harrington)
  - Krb5: Use standard comments and empty lines
    Support dos eol
    Improve performance
    Accept pkinit_anchors (Andrew Anderson)
  - Lightdm: Use standard comments and empty lines
  - LVM: New lens for LVM metadata (Gabriel)
  - Mdadm_conf: optimize some regexps
  - MongoDBServer: new lens (Brian Harrington)
  - Monit: also load /etc/monitrc (Jasper Adriaanse)
  - MySQL: Use standard comments and empty lines
    Support dos eol
  - NagiosCfg: handle Icinga and resources.cfg (Jasper Adriaanse)
  - Nrpe: accept any config option rather than predefined list (Gonzalo
    Servat); optimize some regexps
  - Ntpd: new lense for OpenNTPD config (Jasper Adriaanse)
  - Odbc: Use standard comments and empty lines
  - Openshift_*: new lenses for Openshift support (Brian Harrington)
  - Quote: allow multiple spaces in quote_spaces; improve docs
  - Passwd: allow period in user names in spec, bug #337; allow overrides
    in nisentry
  - PHP: Support smart quotes
    Use standard comments and empty lines
    Load /etc/php*/fpm/pool.d/*.conf (Enrico Stahn)
  - Postfix_master: allow [] in words, bug #345
  - Resolv: support 'lookup' and 'family' key words, bug #320
    (Jasper Adriaanse))
  - Rsyslog: support :omusrmsg: list of users in actions
  - RX: add CR to RX.space_in
  - Samba: Use standard comments and empty lines
    Support dos eol
  - Schroot: Support smart quotes
  - Services: support port ranges (Branan Purvine-Riley)
  - Shellvars: optimize some regexps; reinstate /etc/sysconfig/network,
    fixes bug #330, RHBZ#904222, RHBZ#920609; parse /etc/rc.conf.local
    from OpenBSD
  - Sip_Conf: New lens for sip.conf configurations (Rob Tucker)
  - Splunk: new lens (Tim Brigham)
  - Subversion: Support smart quotes
    Use standard comments and empty lines
    Use IniFile.entry_multiline_generic
    Use IniFile.empty_noindent
    Support dos eol
  - Sudoers: allow user aliases in specs
  - Sysctl: exclude README file
  - Systemd: Support smart quotes; allow backslashes in values
  - Xinetd: handle missing values in list, bug #307
  - Xorg: allow 'Screen' in Device section, bug #344
  - Yum: Support dos eol, optimize some regexps
- update to 1.0.0
  - drop bnc-729491-recognize-suse-sysconfig-files.patch:
    upstream ShellVars lense now uses /etc/sysconfig/* include filter
  - drop patches, now upstream: augeas-pkgdeps.diff, augeas-stdio.h.patch
- license update: GPL-3.0+ and LGPL-2.1+
  semicolon is ambiguous
- Fix build with missing gets declaration (glibc 2.16)
- Ensure libxml2 is present in .pc file
- update to 0.10.0
  - support relative paths by taking them relative to the value of
    /augeas/context in all API functions where paths are used
  - add aug_to_xml to API: transform tree(s) into XML, exposed as dump-xml in
    aug_srun and augtool. Introduces dependency on libxml2
  - fix regular expression escaping. Previously, /[/]/ match either a backslash
    or a slash. Now it only matches a slash
  - path expressions: add function 'int' to convert a node value (string) to an
  - path expressions: make sure the regexp produced by empty nodesets from
    regexp() and glob() matches nothing, rather than the empty word
  - fix --autosave when running single command from command line, BZ 743023
  - aug_srun: support 'insert' and 'move' as aliases for 'ins' and 'mv'
  - aug_srun: allow escaping of spaces, quotes and brackets with +  - aug_init: accept AUG_NO_ERR_CLOSE flag; return augeas handle even when
    initialization fails so that caller gets some details about why
    initialization failed
  - aug_srun: tolerate trailing white space in commands
  - much improved, expanded documentation of many lenses
  - always interpret lens filter paths as absolute, bug #238
  - fix bug in libfa that would incorrectly calculate the difference of a case
    sensistive and case insensitive regexp (/[a-zA-Z]+/ - /word/i would match
  - new builtin 'regexp_match' for .aug files to make testing regexp matching
    easier during development
  - fix 'span' command, bug #220
  - Lens changes/additions
  * Access: parse user@host and (group) in users field; field separator need
    not be surrounded by spaces
  * Aliases: allow spaces before colons
  * Aptconf: new lens for /etc/apt/apt.conf
  * Aptpreferences: support origin entries
  * Backuppchosts: new lens for /etc/backuppc/hosts, bug 233 (Adam Helms)
  * Bbhosts: various fixes
  * Cgconfig: id allowed too many characters
  * Cron: variables aren't set like shellvars, semicolons are allowed in
    email addresses; fix parsing of numeric fields, previously upper case
    chars were allowed; support ranges in time specs
  * Desktop: new lens for .desktop files
  * Dhcpd: slashes must be double-quoted; add Red Hat's dhcpd.conf locations
  * Exports: allow empty options
  * Fai_diskconfig: new lens for FAI disk_config files
  * Fstab: allow ',' in file names, BZ 751342
  * Host_access: new lens for /etc/hosts.{allow,deny}
  * Host_conf: new lens for /etc/host.conf
  * Hostname: new lens for /etc/hostname
  * Hosts: also load /etc/mailname by default
  * Iptables: allow digits in ipt_match keys, bug #224
  * Json: fix whitespace handling, removing some cf ambiguities
  * Kdump: new lens for /etc/kdump.conf (Roman Rakus)
  * Keepalived: support many more flags, fields and blocks
  * Krb5: support [pam] section, bug #225
  * Logrotate: be more tolerant of whitespace in odd places
  * Mdadm_conf: new lens for /etc/mdadm.conf
  * Modprobe: Parse commands in install/remove stanzas (this introduces a
    backwards incompatibility); Drop support for include as it is not documented
    in manpages and no unit tests are shipped.
  * Modules: new lens for /etc/modules
  * Multipath: add support for seveal options in defaults section, bug #207
  * Mysql: includedir statements are not part of sections; support !include;
    allow indentation of entries and flags
  * Networks: new lens for /etc/networks
  * Nrpe: allow '=' in commands, bug #218 (Marc Fournier)
  * Php: allow indented entries
  * Phpvars: allow double quotes in variable names; accept case insensitive
    PHP tags; accept 'include_once'; allow empty lines at EOF; support define()
    and bash-style and end-of-line comments
  * ostfix_master: allow a lot more chars in words/commands, including commas
  * PuppetFileserver: support same-line comments and trailing whitespace,
    bug #214
  * Reprepo_uploaders: new lens for reprepro's uploaders files
  * Resolv: permit end-of-line comments
  * Schroot: new lens for /etc/schroot/schroot.conf
  * Shellvars: greatly expand shell syntax understood; support
    various syntactic constructs like if/then/elif/else, for, while,
    until, case, and select; load /etc/blkid.conf by default
  * Spacevars: add toplevel lens 'lns' for consistency
  * Ssh: new lens for ssh_config (Jiri Suchomel)
  * Stunnel: new lens for /etc/stunnel/stunnel.conf (Oliver Beattie)
  * Sudoers: support more parameter flags/options, bug #143
  * Xendconfsxp: lens for Xen configuration (Tom Limoncelli)
  * Xinetd: allow spaces after '{'
- update modprobe lens patch to apply on 0.10.0
- update shellvars lens patch to add some missing files on SUSE
  distros mentioned in bnc#729491
- Remove rednudant tags/sections from specfile
- Patch shellvars.aug to recognize SUSE specific files in
  sysconfig (bnc#729491)
- move lenses from /usr/share/libaugeas0/augeas
  to /usr/share/augeas (bnc#719199)
- move vim lenses syntax files from -lenses to -devel package
- Remove redundant tags/sections from specfile
- Add augeas-devel to baselibs
- update to 0.9.0:
  - augtool: keep history in ~/.augeas/history
  - add aug_srun API function; this makes it possible to run a sequence of
    commands through the API
  - aug_mv: report error AUG_EMVDESC on attempts to move a node into one of
    its descendants
  - path expressions: allow whitespace inside names, making '/files/etc/foo
    bar/baz' a legal path, but parse [expr1 or expr2] and [expr1 and expr2]
    as the logical and/or of expr1 and expr2
  - path expressions: interpret escape sequences in regexps; since '.' does
    not match newlines, it has to be possible to write '.|n' to match any
  - path expressions: allow concatenating strings and regexps; add
    comparison operator '!~'; add function 'glob'; allow passing a nodeset
    to function 'regexp'
  - store the names of the functions available in path expressions under
  - fix several smaller memory leaks
  - Lens changes/additions
  * Aliases: allow spaces and commas in aliases (Mathieu Arnold)
  * Grub: allow "/bootfs"/ Solaris/ZFS extension for dataset name, bug #201
    (Dominic Cleal); allow kernel path starting with a BIOS device,
    bug #199
  * Inifile: allow multiline values
  * Php: include files from Zend community edition, bug #210
  * Properties: new lens for Java properties files, bug #194 (Craig Dunn)
  * Spacevars: autoload two ldap files, bug #202 (John Morrissey)
  * Sudoers: support users:groups format in a Runas_Spec line, bug #211;
    add CSW paths (Dominic Cleal)
  * Util: allow comment_or_eol to match whitespace-only comments,
    bug #205 (Dominic Cleal)
  * Xorg: accept InputClass section; autoload from /etc/X11/xorg.conf.d,
    bug #197
- fate#311042: Update augeas packages for latest puppet support
  in SLE-11
- update to 0.8.1
  * augtool: respect autosave flag in oneshot mode, bug #193;
    fix segfault caused by unmatched bracket in path expression,
    bug #186
  * eliminate a global variable in the lexer, fixes BZ 690286
  * replace an erroneous assert(0) with a proper error message when
    none of the alternatives in a union match during saving,
    bug #183
  * improve AIX support
  * Lens changes/additions
  * Access: support the format @netgroup@@nisdomain, bug #190
  * Fstab: fix parsing of SELinux labels in the fscontext option
  * Grub: support 'device' directive for UEFI boot, bug #189; support
    'configfile' and 'background'
  * Httpd: handle continuation lines; autoload httpd.conf on
    Fedora/RHEL, BZ 688149; fix support for single-quoted
  * Iptables: support --tcp-flags, bug #157; allow blank and comment
    lines anywhere
  * Mysql: include /etc/my.cnf used on Fedora/RHEL, BZ 688053
  * NagiosCfg: parse setting multiple values on one line
  * NagiosObjects: process /etc/nagios3/objects/*.cfg
  * Nsswitch: support 'sudoers' as a database, bug #187
  * Shellvars: autoload /etc/rc.conf used in FreeBSD
  * Sudoers: support '#include' and '#includedir', bug #188
  * Yum: exclude /etc/yum/pluginconf.d/versionlock.list
- changes for 0.8.0
  * add new 'square' lens combinator
  * add new aug_span API function
  * augtool: short options for --nostdinc, --noload, and --noautoload
  * augtool: read commands from tty after executing file with --interactive
  * augtool: add --autosave option
  * augtool: add --span option to load nodes' span
  * augtool: add span command to get the node's span according to the input
  * augtool: really be quiet when we shouldn't be echoing
  * fix segfault in get.c with L_MAYBE lens; bug #180
  * fix segfault when a path expression called regexp() with an invalid
    regexp; bug #168
  * improved vim syntax file
  * replace augtest by to obviate the need for Ruby to run
  * use sys_wait module from gnulib; bug #164
  * Lens changes/additions
  * Access: new lens for /etc/security/access.conf
  * Crypttab: new lens for /etc/crypttab
  * Dhcpd: new lens
  * Exports: accept hostnames with dashes; bug #169
  * Grub: add various Solaris extensions; support "/map"/ entries,
    bug #148
  * Httpd: new lens for Apache config
  * Inifile: new lens indented_title_label
  * Interfaces: allow indentation for "/iface"/ entries; bug #182
  * Mysql: change default comment delimiter from ';' to '#'; bug #181
  * Nsswitch: accept various add'l databases; bug #171
  * PuppetFileserver: new lens for Puppet's fileserver.conf
  * REsolv: allow comments starting with ';'; bug #173
  * Shellvars: autoload various snmpd config files; bug #170
  * Solaris_system: new lens for /etc/system on Solaris
  * Util (comment_c_style, empty_generic, empty_c_style): new lenses
  * Xml: generic lens to process XML files
  * Xorg: make "/position"/ in "/screen"/ optional; allow "/Extensions"/
    section; bug #175
- add baselibs.conf
- update to 0.7.4
  * augtool: new clearm command to parallel setm
  * augtool: add --file option
  * Fix SEGV under gcc 4.5, caused by difficulties of the gcc
    optimizer handling bitfields (bug #149; rhbz #651992)
  * Preserve parse errors under /augeas//error: commit 5ee81630,
    released in 0.7.3, introduced a regression that would cause
    the loss of parse errors; bug #138
  * Avoid losing already parsed nodes under certain circumstances;
    bug #144
  * Properly record the new mtime of a saved file; previously the
    mtime in the tree was reset to 0 when a file was saved, causing
    unnecessary file reloads
  * fix a SEGV when using L_MAYBE in recursive lens; bug #136
  * Incompatible lens changes
  * Fstab: parse option values
  * Squid: various improvements, see bug #46;
  * Xinetd: map service names differently
  * Lens changes/additions
  * Aptsources: map comments properly, allow indented lines;
    bug #151
  * Grub: add indomU setting for Debian.
    Allow '=' as separator in title; bug #150
  * Fstab: also process /etc/mtab
  * Inetd: support rpc services
  * Iptables: allow underscore in chain names
  * Keepalived: new lens for /etc/keepalived/keepalived.conf
  * Krb5: allow digits in realm names; bug #139
  * Login_defs: new lens for /etc/login.defs
    (Erinn Looney-Triggs)
  * Mke2fs: new lens for /etc/mke2fs.conf
  * Nrpe: new lens for Nagios nrpe (Marc Fournier)
  * Nsswitch: new lens for /etc/nsswitch.conf
  * Odbc: new lens for /etc/odbc.ini (Marc Fournier)
  * Pg_hba: New lens; bug #140 (Aurelien Bompard).
    Add system path on Debian; bug #154 (Marc Fournier)
  * Postfix_master: parse arguments in double quotes; bug #69
  * Resolv: new lens for /etc/resolv.conf
  * Shells: new lens for /etc/shells
  * Shellvars: parse ulimit builtin
  * Sudoers: load file from /usr/local/etc (Mathieu Arnold)
    Allow 'visiblepw' parameter flag; bug #143. Read files from
  * Syslog: new lens for /etc/syslog.conf (Mathieu Arnold)
  * Util: exclude dpkg backup files; bug #153 (Marc Fournier)
  * Yum: accept continuation lines for gpgkey; bug #132
- added patch for allow_unsupported_modules command in modprobe.d conf files
- added vim files symlinks for lens syntax files
- fixed a few rpmlint warnings (fixed rpm group, no ldconfig run)
* Update to 0.7.3
  * ug_load: only reparse files that have actually changed; greatly
  speeds up reloading
  * record all variables in /augeas/variables, regardless of whether
  they were defined with aug_defvar or aug_defnode; make sure
  /augeas/variables always exists
  * redefine all variables (by reevaluating their corresponding
  expressions) after a aug_load. This makes variables 'sticky'
  across loads
  * fix behavior of aug_defnode to not fail when the expression
  evaluates to a nonempty node set
  * make gnulib a git submodule so that we record the gnulib commit
  off which we are based
  * allow 'let rec' with non-recursive RHS
  * fix memory corruption when reloading a tree into which a
  variable defined by defnode points (BZ 613967)
  * plug a few small memory leaks, and some segfaults
  * Lens changes/additions
  * Device_map: new lens for grub's (Matt Booth)
  * Limits: also look for files in /etc/security/limits.d
  * Mysql: new lens (Tim Stoop)
  * Shellvars: read /etc/sysconfig/suseconfig (Frederik Wagner)
  * Sudoers: allow escaped spaces in user/group names (Raphael Pinson)
  * Sysconfig: lens for the shell subdialect used in /etc/sysconfig;
    lens strips quotes automatically
* 0.7.2 - 2010-06-22
  * new API call aug_setm to set/create multiple nodes simultaneously
  * record expression used in a defvar underneath /augeas/variables
  * Lens changes/additions
  * Group: add test for disabled account (Raphael Pinson)
  * Grub: handle comments within a boot stanza
  * Iptables: also look for /etc/iptables-save (Nicolas Valcarcel)
  * Modules_conf: new lens for /etc/modules.conf (Matt Booth)
  * Securetty: added handling of emtpy lines/comments (Frederik Wagner)
  * Shellvars: added SuSE sysconfig puppet files (Frederik Wagner),
    process /etc/environment (seph)
  * Shellvars_list: Shellvars-like lens that treats strings of
    space-separated words as lists (Frederik Wagner)
* 0.7.1 - 2010-04-21
  * fix crash when recursive lens was used in a nonrecursive lens (bug #100)
  * context free parser/recursive lenses: handle 'l?' properly (bug #119);
  distinguish between successful parse and parse with an error at end of
  input; do caller filtering to avoid spurious ambiguous parses with
  grammars containing epsilon productions
  * aug_get: return -1 when multiple nodes match (bug #121)
  * much better error message when iteration stops prematurely during
  put/create than the dreaded 'Short iteration'
  * src/lens.c (lns_check_rec): fix refcounting mistake on error path (bug #120)
  * Lens changes/additions
  * Approx: lens and test for the approx proxy server (Tim Stoop)
  * Cgconfig: lens and tests for libcgroup config (Ivana Hutarova Varekova)
  * Cgrules: new lens and test (Ivana Hutarova Varekova)
  * Cobblermodules: lens + tests for cobbler's modules.conf (Shannon Hughes)
  * Debctrl: new lens and test (Dominique Dumont)
  * Dput: add 'allow_dcut' parameter (bug #105) (Raphael Pinson)
  * Dhclient: add rfc code parsing (bug #107) (Raphael Pinson)
  * Group: handle disabled passwords
  * Grub: support empty kernel parameters, Suse incl.s (Frederik Wagner)
  * Inittab: allow ':' in the process field (bug #109)
  * Logrotate: tolerate whitespace at the end of a line (bug #101); files
    can be separated by newlines (bug #104) (Raphael Pinson)
  * Modprobe: Suse includes (Frederik Wagner)
  * Nagisocfg: lens and test for /etc/nagios3/nagios.cfg (Tim Stoop)
  * Ntp: add 'tinker' directive (bug #103)
  * Passwd: parse NIS entries on Solaris
  * Securetty: new lens and test for /etc/securetty (Simon Josi)
  * Shellvars: handle a bare 'export VAR'; Suse includes (Frederik
    Wagner); allow spaces after/before opening/closing parens for array
  * Sudoers: allow del_negate even if no negate_node is found (bug #106)
    (Raphael Pinson); accept 'secure_path' (BZ 566134) (Stuart
* 0.7.0 - 2010-01-14
  * Support for context-free lenses via the 'let rec' keyword. The syntax
  is experimental, though the feature is here to stay. See
  lenses/json.aug for an example of what's possible with that.
  * Support for case-insensitive regular expressions. Simply append 'i' to
  a regexp literal to make it case-insensitive, e.g. /hello/i will match
  all variations of hello, regardless of case.
  * Major revamp of augtool. In particular, path expressions don't need to
  be quoted anymore. The online help has been greatly improved.
  * Check during load/save that each file is only matched by one transform
  under /augeas/load. If there are multiple transforms for a file, the
  file is skipped.
  * New error codes AUG_ENOLENS and AUG_EMXFM
  * Do not choke on non-existing lens during save
  * Change the metadata for files under /augeas/files slightly: the node
  /augeas/files/$PATH/lens now has the name of the lens used to load the
  file; the source location of that lens has moved to
  * New public functions fa_nocase, fa_is_nocase, and fa_expand_nocase in
  * Various smaller bug fixes, performance improvements and improved error
  * Lens changes/additions
  * Cobblersettings: new lens and test (Bryan Kearney)
  * Iptables: allow quoted strings as arguments; handle both negation
  * Json: lens and tests for generic Json files
  * Lokkit: allow '-' in arguments
  * Samba: accept entry keys with ':' (Partha Aji)
  * Shellvars: allow arrays that span multiple lines
  * Xinetd (name): fix bad '-' in character class
* 0.6.0 - 2009-11-30
  * Add error reporting API (aug_error and related calls); use to report
  error details in a variety of places
  * Path expressions: add regexp matching; add operator '|' to form union
  of nodesets (ticket #89)
  * Tolerate non-C locales from the environment (ticket #35); it is no
  longer necessary to set the locale to C from the outside
  * use stpcpy/stpncpy from gnulib (needed for building on Solaris)
  * Properly check regexp literals for syntax errors (ticket #93)
  * Distribute and install vim syntax files (ticket #97)
  * many more bugfixes
  * Lens changes/additions
  * Apt_preferences: support version pin; filter out empty lines (Matt
  * Cron: variables can contain '_' etc. (ticket #94)
  * Ethers: new lens for /etc/ethers (Satoru SATOH)
  * Fstab: allow '#' in spec (ticket #95)
  * Group: allow empty password field (ticket #95)
  * Inittab: parse end-of-line comments into a #comment
  * Krb5: support kdc section; add v4_name_convert subsection to
    libdefaults (ticket #95)
  * Lokkit: add mising eol to forward_port; make argument for --trust
    more permissive
  * Pam: allow '-' before type
  * Postfix_access: new lens for /etc/postfix/access (Partha Aji)
  * Rx: allow '!' in device_name
  * Sudoers: allow certain backslash-quoted characters in a command (Matt
  * Wine: new lens to read Windows registry files
* 0.5.3 - 2009-09-14
  * Match trees on label + value, not just label; see
  tests/modules/pass_strip_quotes.aug for how that enables stripping
  * Do not trip over symlinks to files on a different device during save;
  fixes problems with writing to /etc/grub.conf on Fedora/RHEL
  * API (defnode): always add the newly created node into the resulting
  * Add preceding-sibling and following-sibling axes to path expressions
  * augtool, augparse: add --version option (bug #88)
  * Change file info recorded under /augeas/files/FILE/*: remove lens/id
  and move lens/info to lens
  * Properly record new files under /augeas/files (bug #78)
  * aug_load: clean up variables to avoid dangling references (bug #79)
  * Make Augeas work on AIX
  * Ignore anything but regular files when globbing
  * Add 'clear' function to language for use in unit tests
  * typechecker: print example trees in tree format
  * libfa: properly support regexps with embedded NUL's
  * Lens changes/additions
  * Xorg: revamped, fixes various parse failures (Matt Booth)
  * Inetd: new lens and test (Matt Palmer)
  * Multipath: new lens and test
  * Slapd: also read /etc/openldap.slapd.conf (bug #85)
* 0.5.2 - 2009-07-13
  * Make Augeas work on Mac OS/X (bug #66) (Anders Bjoerklund)
  * reduce symbols exported from libfa with linker script
  * add --echo option to augtool
  * require Automake 1.11 (Jim Meyering)
  * avoid spurious save attempts for freshly read files
  * Lens changes/additions
  * Inittab: schema change: use 'id' field as name of subtree for a line,
    instead of a generated number. Map comments as '#comment' (Matt Palmer)
  * Logrotate: make owner/group in create statement optional, allow
    filenames to be indented
  * Ntp: allow additional options for server etc. (bug #72)
  * Shellvars: allow backticks as quote characters (bug #74)
  * Yum: also read files in /etc/yum/pluginconf.d (Marc Fournier)
* 0.5.1 - 2009-06-09
  * augeas.h: flag AUG_NO_MODL_AUTOLOAD suppresses initial loading
    of modules; exposed as --noautoload in augtool
  * augtool: don't prompt when input is not from tty (Raphael Pinson)
  * augparse: add --notypecheck option
  * path expressions: allow things like '/foo and /bar[3]' in predicates
  * Lens changes/additions
  * Aliases: map comments as #comment (Raphael Pinson)
  * Build, Rx, Sep: new utility modules (Raphael Pinson)
  * Cron: new lens (Raphael Pinson)
  * Dnsmasq: process files in /etc/dnsmasq.d/* (ticket #65)
  * Grub: parse kernel and module args into separate nodes; parse
    arguments for 'serial', 'terminal', and 'chainloader'; allow
    optional argument for 'savedefault'
  * Interfaces: make compliant with actual Debian spec (Matt Palmer)
  * Iptables: relax regexp for chain names; allow comment lines mixed
    in with chains and rules (ticket #51)
  * Logrotate: allow '=' as separator (ticket #61); make newline at end
    of scriptlet optional
  * Modprobe: handle comments at end of line
  * Ntp: parse fudge record (Raphael Pinson); parse all directives in
    default Fedora ntp.conf; process 'broadcastdelay', 'leapfile',
    and enable/disable flags (ticket #62)
  * Pbuilder: new lens for Debian's personal builder (Raphael Pinson)
  * Php: add default path on Fedora/RHEL (Marc Fournier)
  * Squid: handle indented entries (Raphael Pinson)
  * Shellvars: map 'export' and 'unset'; map comments as #comment
    (Raphael Pinson)
  * Sudoers: allow backslashes inside values (ticket #60) (Raphael Pinson)
  * Vsftpd: map comments as #comment; handle empty lines; find
    vsftpd.conf on Fedora/RHEL
  * Xinetd: map comments as #comment (Raphael Pinson)
- enable parallel building
* Update to 0.5.0
  * Upstream notes:
  Clean up interface for libfa; the interface is now considered stable
  * New aug_load API call; allows controlling which files to load by
  modifying /augeas/load and then calling aug_load; on startup, the
  transforms marked with autoload are reported under /augeas/load
  * New flag AUG_NO_LOAD for aug_init to keep it from loading files on
  startup; add --noload option to augtool
  * New API calls aug_defvar and aug_defnode to define variables for
  path expressions; exposed as 'defvar' and 'defnode' in augtool
  * New program examples/fadot to draw various finite automata (Francis
  * Report line number and character offset in the tree when parsing a
  file with a lens fails
  * Fix error in propagation of dirty flag, which could lead to only
  parts of a tree being saved when multiple files were modified
  * Flush files to disk before moving them
  * Fix a number of memory corruptions in the XPath evaluator
  * Several performance improvements in libfa
  * Lens changes/additions
  * Grub: process embedded comments for update-grub (Raphael Pinson)
  * Iptables: new lens for /etc/sysconfig/iptables
  * Krb5: new lens for /etc/krb5.conf
  * Limits: map dpmain as value of 'domain' node, not as label
    (Raphael Pinson)
  * Lokkit: new lens for /etc/sysconfig/system-config-firewall
  * Modprobe: new lens for /etc/modprobe.d/*
  * Sudoers: more finegrained parsing (ticket #48) (Raphael Pinson)
* Update to 0.4.2
  * Moved lense tests into separate package 'augeas-lense-tests'
  * Added augeas-lenses-license-fix patch
  * Upstream notes:
  * Do not delete files that had an error upon parsing
  * For Fedora/EPEL RPM's, BuildRequire libselinux-devel (bug #26)
  * In path expressions, the meaning of '<' and '<=' was reversed
  * Always create an entry /files in aug_init
  * New builtin 'Sys' module with functions 'getenv' and 'read_file',
  the latter reads a the contents of a file into a string
  * Lens changes/additions
  * Postfix_main: handle continuation lines
  * Bbhosts, Hosts, Logrotate, Sudoers: label comment nodes as '#comment'
  * Sshd: map comments as '#comment' nodes
  * Squid: add all keywords from squid 2.7 and 3 (Francois Deppierraz)
  * Logrotate: process unit suffixes for 'size' and 'minsize'
* Update to 0.4.1
  * Moved lenses to separate package 'augeas-lenses'.
  * Upstream notes:
  * Remove files when their entire subtree under /files is deleted
  * Various bug fixes and syntax enhancements for path expressions
  (see tests/xpath.tests for details)
  * Evaluate path expressions with multiple predicates correctly
  * Fix incorrect setting of /augeas/events/saved
  * Major cleanup of matching during get; drastically improves
  performance for very large (on the order of 10k lines) config files
  * Small performance improvement in the typechecker
  * Reject invalid character sets like [x-u] during typecheck
  * Build with compile warnings set to 'maximum' instead of 'error', so
  that builds on platforms with broken headers will work out of the box
  * Lens changes/additions
  * Util.stdexcl now excludes .augsave and .augnew files
  * Logrotate: allow 'yearly' schedule, spaces around braces
  * Ntp: fix so that it processes ntp.conf on Fedora 10
  * Services: lens for /etc/services (Raphael Pinson)
  * Xorg: new lens and tests (Raphael Pinson)
- Update pidfile path to /run from /var/run (bsc#1185155)
- 0003-autofs-5.1.4-fix-fd-leak-in-rpc_do_create_client.patch
  Fix filedescriptor leak (bsc#1093436)
- BuildRequire pkgconfig(udisks2) instead of udisks2-devel: let's
  be flexible on possible package name changes.
- Package COPYRIGHT as %license instead of %doc.
- 0001-use_hostname_for_mounts-shouldn-t-prevent-selection-.patch
  Fix handling of replicated NFS server so that
  selection between servers still works sensibly when
  use_hostname_for_mounts is in effect.
- 0002-Fix-monotonic_elapsed.patch
  Fix bug introduced with monotonic-time patches which
  causes nanoseconds to be ignored and effectively
  disables sorting based on response time and/or weight.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Add build require for rpcgen (preparation for removing it from
- fix ordering of seteuid/setegid in do_spawn (bsc#1062482).
- fix unset tsd group name handling (bsc#1062482).
- fix possible map instance memory leak (bsc#1038198).
- check map instances for staleness on map update (bsc#1038198).
- Added patches:
  - autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch
  - autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch
  - autofs-5-1-3-fix-possible-map-instance-memory-leak.patch
  - autofs-5-1-3-fix-unset-tsd-group-name-handling.patch
- Add libnsl-devel as build require in preparation of libnsl
  removal from glibc
- Add gpg signature
- Update URL to use now that ftp is gone.
- update to version 5.1.3:
  * limit getgrgid_r() buffer size
  * increase worker thread per-thread stack size
  * fix offset mount location multiple expansion
  * use malloc for expanded map location
  * fix invalid reference in remount_active_mount()
  * fix work around sss startup delay
  * fix possible NULL derefernce
  * use autofs_point to store expire timeout where possibe
  * add config option to use mount request log id
  * factor out set_thread_mount_request_log_id()
  * log functions to prefix messages with attempt_id if available
  * create thread-local ID for mount attempts
  * add the mount requestor's pid to pending_args
  * delay submount exit for amd submounts
  * fix bogus check in expire_cleanup()
  * handle amd cache option all in amd type auto mounts
  * handle map_option cache for top level mounts
  * capture cache option and its settings during parsing
  * add function conf_amd_get_map_options()
  * check for conflicting amd section mounts
  * include amd mount section mounts in master mounts list
  * add function conf_amd_get_mount_paths()
  * add function conf_amd_get_map_name()
  * add support for amd browsable option
  * add ref counting to struct map_source
  * fix typos in README.amd-maps
  * honor last rw in mount options when doing a bind mount
  * set autofs mounts catatonic at exit
  * make set_direct_mount_catatonic() more general
  * check NFS server availability on local mount fallback
  * make lookup_nss_read_master() return nss status
  * don't return until after master map retry read
  * set sane default master read wait timeout
  * dont exit on master map read fail timeout
  * fix included master map not found return
  * fix quoted key handling in sanitize_path()
  * add sss master map wait config option
  * work around sss startup delay
  * add master read wait option
  * wait for master map available at start
  * update and add README for old autofs schema
  * fix create_client() RPC client handling
  * fix _strncmp() usage
  * fix argc off by one in mount_autofs.c
  * fix cachefs parse message not being logged
  * fix typo in MOUNT_FLAG_GHOST comment
  * Avoid local variable name shadowing another
  * configure: add cache variable for Linux proc filesystem check
  * fix count_mounts() function
  * fix short memory allocation in lookup_amd_instance()
  * Fix fgets(3) size argument (another one)
  * Fix typos in error messages
  * Remove unused local 2KB buffer
  * fix file map changed check
  * Change .requestor to .requester for consistency
  * Fix a typo in CREDITS
  * fix libtirpc detection with -Wl,--as-needed
  * Fix size arg of fgets(3)
  * Drop redundant n in logerr()
  * Fix compiler warning in try_remount()
  * build: check for clock_gettime in librt
  * fix possible memory leak in nfs mount
  * add config option to suppress not found log message
  * properly handle errors in lookup_nss_mount
  * fix yp map age not updated during map lookup
  * fix 'nameing' typo in autofs.conf
  * add systemd dependency
  * add autofs(5) note of IPv6 libtirpc requirement
  * fix autofs(5) description of supported map sources
  * fix modules make clean target
  * fix Makefile linking dependencies
  * fix handle_mounts() termination condition check
  * log pipe read errors
  * fix use-after-free in st_queue_handler()
  * always set direct mounts catatonic at exit
  * improve scalability of direct mount path component
  * fix use after free in match_my_name()
  * fix memory leak in get_network_proximity()
  * fix typo in autofs_sasl_bind()
  * fix use after free in open_lookup()
  * fix use after free in sun parser parse_init()
  * fix memory leak in ldap do_init()
  * fix memory leak in nisplus lookup_reinit()
  * fix sasl connection concurrancy problem
  * fix unbind sasl external mech
  * remove unused function elapsed()
  * change time() to use monotonic_clock()
  * change remaining gettimeofday() to use clock_gettime()
  * use monotonic clock for indirect mount condition
  * use monotonic clock for direct mount condition
  * define pending condition init helper function
  * use monotonic clock for alarm thread condition wait
  * define monotonic clock helper functions
  * Add a mode option for master map entries
  * fix error handling of is_mounted()
  * fix out of order call in program map lookup
  * add configuration option to use fqdn in mounts
  * update map_hash_table_size description
  * change lookup to use reinit instead of reopen
  * implement reinit in multi lookup module
  * fix map format check in nss_open_lookup() multi map module
  * factor out alloc multi map context
  * factor out free multi map context
  * add type to struct lookup_mod
  * implement reinit in yp lookup module
  * implement reinit in sss lookup module
  * implement reinit in program lookup module
  * implement reinit in nisplus lookup module
  * implement reinit in ldap lookup module
  * implement reinit in hosts lookup module
  * implement reinit in hesiod lookup module
  * implement reinit in file lookup module
  * implement reinit in dir lookup module
  * implement reinit in parse modules
  * add reinit entry point to modules
  * fix nsswitch handling when opening multi map
  * make open_lookup() return nss status
  * move check_nss_result() to nsswitchr.c
  * fix update_hosts_mounts() return
  * fix missing source sss in multi map lookup
  * fix direct map expire not set for initial empty map
  * fix direct mount stale instance flag reset
  * fix error handling on ldap bind fail
  * fix config old name lookup
  * fix rwlock unlock crash
  * fix return handling of do_reconnect() in ldap module
  * make find_server() return a status
  * make find_dc_server() return a status
  * make connect_to_server() return a status
  * make do_connect() return a status
  * move query dn calculation from do_bind() to do_connect()
  * fix return handling in sss lookup module
  * fix left mount count return from umount_multi_triggers()
  * revert fix libtirpc name clash
  * update libtirpc workaround for new soname
  * fix fix gcc5 complaints
  * Removed patches:
  * Updated patches for context:
- remove rpmlintrc, review was boo#782691
- Fix spurious ELOOP on certain kinds of failures (bsc#968918):
  * autofs: fix yp map age not updated in s/_/./g case
  * autofs: properly handle errors in lookup_nss_mount
  * Added patches:
- improve scalability of direct mount path component creation (bsc#966573).
  * Added autofs-improve-scalability-of-direct-mount-path-comp.patch
  * Refreshed autofs-5.1.1-dbus-udisks-monitor.patch
- Use libldap_r instead of libldap for thread safety (bsc#955477).
  * Added autofs-use-libldap_r-instead-of-libldap-for-thread-safety.patch
- add patch autofs-5.1.1-leave_auth_destroy.patch (bnc#958410)
  do not redefined auth_destroy, the reason for this has long
  been fixed in libtirpc (version 0.2.1 is already fine)
- autofs.service: Use KillMode=mixed so "/KillSignal"/ (SIGTERM) is
  only sent to the main process and if still does not exit after
  "/TimeoutStopSec"/ then "/SendSIGKILL"/ is sent to all remaining
  processes of the unit's control group.
  This is the desired behaviour for almost all daemons that
  execute foreign programs.
- update to version 5.1.1:
  * fix compile error in defaults.c
  * add serialization to sasl init
  * dont allocate dev_ctl_ops too early
  * fix incorrect round robin host detection
  * fix race accessing qdn in get_query_dn()
  * fix leak in cache_push_mapent()
  * fix config entry read buffer not checked
  * fix FILE pointer check in defaults_read_config()
  * fix memory leak in conf_amd_get_log_options()
  * fix signed comparison in inet_fill_net()
  * fix buffer size checks in get_network_proximity()
  * fix leak in get_network_proximity()
  * fix buffer size checks in merge_options()
  * check amd lex buffer len before copy
  * add return check in ldap check_map_indirect()
  * check host macro is set before use
  * check options length before use in parse_amd.c
  * fix some out of order evaluations in parse_amd.c
  * fix copy and paste error in dup_defaults_entry()
  * fix leak in parse_mount()
  * add mutex call return check in defaults.c
  * force disable browse mode for amd format maps
  * fix hosts map options check in lookup_amd_instance()
  * fix memory leak in create_client()
  * fix memory leak in get_exports()
  * fix memory leak in get_defaults_entry()
  * fix out of order clearing of options buffer
  * fix reset amd lexer scan buffer
  * ignore multiple commas in options strings
  * fix typo in flagdir configure option
  * clarify multiple mounts description
  * gaurd against incorrect umount return
  * update man page autofs(8) for systemd
  * dont pass sloppy option for other than nfs mounts
  * make service want network-online
  * fix fix master map type check
  * init qdn before use in get_query_dn()
  * fix typo in update_hosts_mounts()
  * fix hosts map update on reload
  * make negative cache update consistent for all lookup modules
  * ensure negative cache isn't updated on remount
  * dont add wildcard to negative cache
  * add a prefix to program map stdvars
  * add config option to force use of program map stdvars
  * fix incorrect check in parse_mount()
  * handle duplicates in multi mounts
  * revert special case cifs escapes
  * fix map option parsing for 'strictatime'
  * fix showmount search in
  * remove obsolete comment in
  * fix macro usage in lookup_program.c
  * fix gcc5 complaints
  * remove unused offset handling code
  * fix mount as you go offset selection
  * link daemon with pthread library (Debian patch)
  * manpage corrections (Debian patch)
  * fix manpages hyphenation (Debian patch).
- ported patches:
  * autofs-5.1.0-dbus-udisks-monitor.patch ->
  * autofs-debuginfo-fix.patch -> autofs-5.1.1-debuginfo-fix.patch
  * autofs-5.0.9-suse-auto_master_default.patch ->
  * autofs-5.0.9-task-use-after-free.patch ->
- remove patches that are now upstream:
  * autofs-5.1.0-dont-pass-sloppy-option-for-other-than-nfs-mounts.patch
  * autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch
  * autofs-5.1.0-add-config-option-to-force-use-of-program-map-stdvars.patch
  * autofs-5.1.0-gcc5-fixes.patch
- add autofs-5.1.0-gcc5-fixes.patch: Fix build against gcc 5.x
- prevent potential privilege escalation via interpreter load path
  for program-based automount maps, add the following patches:
  (bnc#917977 CVE-2014-8169)
- add autofs-5.1.0-dont-pass-sloppy-option-for-other-than-nfs-mounts.patch
- Fix autofs.service so that multiple options passed through
  sysconfig AUTOFS_OPTIONS work correctly (bsc#909472)
- Fix configuration handling now that we have /etc/autofs.conf
  and /etc/sysconfig/autofs. Runtime options are now configured in
  the former, while settings that affect the daemon start up are
  still handled in the latter.
- Clean-up sysconfig.autofs, leave only init script options:
- Run %fillup also when systemd is enabled. (bsc#906606)
- Use udisks2, udisks development has ceased in favor of udisks2.
- Copy the files to the right location when a <file_location>
  is given (bsc#1188357).
- 4.3.86
- Add missing elements to rules.xml schema:
  - installed_product and installed_product_version (boo#1176089)
  - dialog section (bsc#1188153)
- Do not export the general/storage section when it is empty
  (related to bsc#1171356 and bsc#1187916).
- 4.3.85
- Properly register the script to reboot after applying online
  updates (bsc#1187962).
- 4.3.84
- Do not crash when the general/storage section is empty
- 4.3.83
- Import proxy settings during the 1st stage of the installation
- 4.3.82
- Recommend icewm if graphical installation (bsc#1185095)
- 4.3.81
- Install packages in the PackagesProposal during autoupgrade
  (see bsc#1184488).
- 4.3.80
- Consider 'static_text' as a valid value for 'ask/type' elements
- 4.3.79
- During autoupgrade do not try to register the system if it is
  explicitly disabled in the profile (bsc#1176965)
- 4.3.78
- Do not crash while sorting the list of modules to be processed
  during the 2nd stage (bsc#1184316).
- Prevent AutoYaST UI from crashing when trying to apply a module
  changes (bsc#1184429).
- 4.3.77
- Use 'module' instead of 'listentry' when exporting pre-modules
  and post-modules lists (bsc#1184342).
- Show the <ask-list> only once during autoinstallation
- Add the 'mkfs_options' element to the schema (bsc#1184268).
- Fix crash during using autoyast UI (bsc#1184216)
- 4.3.76
- fix handling of empty signature-handling element in autoyast
  profile (bsc#1180968)
- 4.3.75
- Export properly "/ask"/ section "/selection"/  (bsc#1183624)
- 4.3.74
- Move default networking section values to the network repository
  in order to reduce the redundancy and to avoid an unexpected
  behavior (bsc#1180535).
- 4.3.73
- Autoyast schema: allow semi-automatic_entry alias for module in
  semi-automatic entry as it was already documented in autoyast
  documentation (bsc#1183512)
- 4.3.72
- Remove the 'haspcmica' element from the schema (related to
- 4.3.71
- Import the security settings after importing the bootloader
  configuration (bsc#1183042).
- 4.3.70
- Select patterns during auto installation even when not using the
  confirm mode (related to jsc#SMO-20 and bsc#1182543).
- 4.3.69
- Adapted unit test to recent changes in Yast::Report (related to
- 4.3.68
- AutoYaST UI: fixed field Mount Options (fstopt) in the
  partitioning section (bsc#1181577).
- 4.3.67
- AutoYaST UI: added drive types CT_NFS and CT_TMPFS to the
  partitioning section (part of jsc#SLE-11308).
- 4.3.66
- Upgrade: Checking if a valid base product has been selected for
  upgrade and if not asking the user to check the product entry
  in the AY configuration file (bsc#1175876).
- 4.3.65
- Add support for Btrfs quotas (jsc#SLE-7742).
- 4.3.64
- Rules download: The result will be stored in the target file when
  the download has failed. This file has to be removed (bsc#1178804)
- 4.3.63
- AutoYaST warnings timeout applies to the XML validation error
  dialog (bsc#1176973).
- 4.3.62
- Allow setting the 't' (or 'config:type') attribute in the
  'backup' and 'upgrade' elements (bsc#1176834 and bsc#1176848).
- 4.3.61
- Do not show a warning the user when a script just did not run
- 4.3.60
- Fix the progress bar length during autoinstallation
  initialization (bsc#1177322).
- Resolve "/zzz_reboot"/ script conflict (bsc#1177036)
- 4.3.59
- Fix 'inst_autosetup' tests (bsc#1177227).
- 4.3.58
- Add validation of 'activate_systemd_default_target' and
  'final_restart_services' elements in the 'general/mode' section
  (related to bsc#1176595).
- 4.3.57
- Improve validation errors presentation (related to bsc#1176973).
- 4.3.56
- Drop the 'general/mouse' element from the schema. It has been
  unsupported since version 3.0.3, FATE#313101 (bsc#1176973).
- 4.3.55
- Fix tests for CWM::ComboBox (related to the CWM changes for
- 4.3.54
- Add the schema for 'backup' and 'upgrade' sections (bsc#1176834).
- 4.3.53
- Set 0o600 permissions to the generated profile when cloning
  a system (bsc#1174202).
- Add new action `yast2 autoyast check-profile` (related to
  bsc#1175735) which features:
-- XML syntax check
-- XML schema validation
-- try to fetch the profile
-- generate dynamic profile erb or classes/rules
-- optional try to import profile and detect any issues with it
-- optional run of scripts including dynamic profiles in pre-script
-- 4.3.52
- Removing package evaluation via AY schema. Using autoyast(...)
  supplements instead (bsc#1146494).
- 4.3.51
- Import general and report sections in case that some pre-script
  modified the profile (bsc#1175725)
- 4.3.50
- Fix 'bcache_options' element using the right type (bsc#1176595)
- 4.3.49
- Fix the returned value form the AutoinstPartPlan's Read method
- 4.3.48
- Formally mark that fixes made for SP2 no longer affect SP3
  (no code changes bsc#1173793 and bsc#1172026). For the first one
  code is not longer in place and for the second new xml parser
  does not need workaround for empty strings.
- 4.3.47
- Fix installation using encrypted profile (bsc#1176336)
- improve usability by entering password just once
- use shared UI::PasswordDialog
- 4.3.46
- Using "/:"/ in the autoyast(...) supplements (bsc#1146494).
- 4.3.45
- When 'NetworkManager' is selected in the profile as the network
  backend to be used, the 'NetworkManager' package is added to the
  list of packages to be installed in case of missing (bsc#1172817)
- 4.3.44
- Recognize installed_product and installed_product_version as
  legal elements of rules.xml files (boo#1176089).
- 4.3.43
- Add to erb templates more helpers (bsc#1175735)
- Use <script> elements instead of <listentry> when exporting the
  <postpartitioning-scripts> section (related to bsc#1175714).
- Saving log files of postpartitioning-scripts (bsc#1145269)
- 4.3.42
- Fix the AutoYaST storage UI (related to bsc#1175680).
- 4.3.41
- Unify profile element paths (bsc#1175680).
- 4.3.40
- bnc#1174133
  - do not crash with internal error when the profile contains
    corrupted signature_handling option
- 4.3.39
- Add ability to use erb template as dynamic autoyast profile
- 4.3.38
- Speed up finding the "/autoyast()"/ supplements by filtering
  packages directly on the lilbzypp level (bsc#1175317, related to
- 4.3.37
- Reporting an error if an corrupted AY configuration file has been
  read (bsc#160975).
- 4.3.36
- bsc#1173624
  - Run firewall configuration in first stage
- 4.3.35
- AutoYaST: Added supplements: autoyast(files,general,report,scripts,
  partitioning,software) into the spec file in order to install
  this packages if the section has been defined in the AY
  configuration file (bsc#1146494).
- 4.3.34
- Improve finding the respective package for a section in the XML
  installation profile. Find a package with the
  "/autoyast(<section_name>)"/ supplements dependency (bsc#1146494).
- 4.3.33
- Do not report profile validation errors multiple times if the
  errors are the same already reported and accepted (bsc#1173091)
- 4.3.32
- Adapted doc: Calling of post-partitioning scripts moved from
  dropped inst_autoimage to inst_kickoff (bsc#1140711).
- Removed "/image"/ section from "/software"/ section (bsc#1140711).
- 4.3.31
- handle properly exceptions from new XML parser/serializer
  (related to bsc#1171412)
- 4.3.30
- Do not crash when the networking section is missing
- 4.3.29
- Fix fallback for autoyast client name (bsc#1174119)
- 4.3.28
- Do not crash when wait section is not initialized (related to
- 4.3.27
- Moving <files> section handling from second installation stage
  to first installation stage. (bsc#1174194)
- 4.3.26
- Export more methods in AutoinstGeneral so it can be queried for
  general autoyast settings (bsc#1174173)
- 4.3.25
- Fix 'partition' elements using the right type (bsc#1174071).
- 4.3.24
- Fix exception when autoyast module does not report any package
  to install (bsc#1174069)
- 4.3.23
- Move pre-scripts to the autoinit client running them just after
  the profile has been processed (bsc#1110413)
- 4.3.22
- Replace old module registry with newer code that is easier to
  maintain and better test covered (bsc#1173699)
- 4.3.21
- Make the report section elements optional as AutoYaST proposes
  default values when missing (bsc#1173312)
- 4.3.20
- The language, timezone and keyboard sections are applied and
  removed during the first stage (bsc#1173624).
- 4.3.19
- Allow the user to ask for a reduced profile using the 'target'
  argument in the command line (bsc#1171356).
- 4.3.18
- Cloning does not depend on the SetModified API call(bsc#1172552)
- 4.3.17
- Do not export general section if not requested (bsc#1172552)
- 4.3.16
- Validate the XML files before using them (bsc#1173091)
- Allow disabling the validation by setting
- 4.3.15
- Do not export sections with no content (related to bsc#1172749).
- 4.3.14
- AutoinstGeneral.SetRebootAfterFirstStage is not private
  anymore (bsc#1172865).
- 4.3.13
- Do not export Report section when cloning system as it is always
  just defaults (bsc#1172749)
- 4.3.12
- Autoyast User Scripts Improvements:
  - ensure all artifacts are copied to system (bsc#1145269)
  - show warning if script returns non zero value
  - show warning if there are two scripts that overwrite each other
  - allow any interpreter to be used
- 4.3.11
- Do not crash when the partitioning section is not specified
- 4.3.10
- Fix 'autoyast' and 'clone_system' command line interfaces
  - autoyast: add a list-modules command to list all known modules.
  - autoyast: display the correct client name in the help text.
  - autoyast: 'file' and 'module' command are now equivalent.
    Both of them support setting 'filename' and 'modname'
  - clone_system: add a 'filename' option instead of always using
  - clone_system: move the logic to find the clonable modules
    to Y2ModuleConfig.
- 4.3.9
- AutoYaST schema fixes:
  - Work around Relax-NG parser error: "/Found anyName attribute
    without oneOrMore ancestor"/ (bsc#1172131)
  - Rename 'option' to 'fs_option' to fix a duplicate definition
- 4.3.8
- AutoYaST: Cleanup/improve issue handling (bsc#1171335).
- 4.3.7
- When running an autoinstallation with the Online medium, the
  network configuration based on the profile can be written before
  the registration takes place (bsc#1171922)
- 4.3.6
- Do not propose insecure signature handling settings when
  cloning (bsc#1171343).
- Assign the correct callback when "/accept_unknown_digest"/ is set.
- Do not export storage settings in the general section
  unless it is needed (related to bsc#1171356).
- 4.3.5
- The network configuration is applied during the first stage by
  default (bsc#1171922)
- 4.3.4
- Revamp the storage client user interface, adapting it to the
  storage-ng features.
- Avoid detecting bcache as a volume group (bsc#1136454).
- 4.3.3
- Fix error reporting for invalid profile to respect new API
- fix profile loading test
- 4.3.2
- fix schema if it include definition multiple times (bsc#1171412)
- 4.3.1
- Do not export storage settings in the general section
  unless it is needed (related to bsc#1171356).
- Improve AutoInstClone module test coverage and clean-up unused
- AutoYaST schema improvements (bsc#1170886)
-- Allow optional types for string and map objects
-- Allow type specification without namespace
-- Add type specification with 't' shortcut
- 4.3.0
- ayast_setup: Do not add a 'networking' section to the profile
  when it is not defined explicitly as it is not needed anymore
  since keeping the configured network is the default option during
  autoconfiguration (bsc#1170821)
- 4.2.35
- Service for init scripts: Try to start "/"/
  before starting the AY init scripts in order to get a working
  network (bsc#1164105).
- 4.2.34
- Restore some missing icons (related to bsc#1168123, boo#1109310
  and boo#1168281).
- 4.2.33
- Fix desktop files updating some icons and groups (related to
- 4.2.32
- Adapted to changes in yast2-storage-ng (related to bsc#1140040).
- 4.2.31
- Security fix: Removed all "/--gpg-auto-import-keys"/ options from
  zypper commands (bsc#1140711) (CVE-2019-18905)
- 4.2.30
- Fixed crash while loading none existing AY file (bsc#1165464).
- 4.2.29
- Service for init scripts: Checking working network with
  "/"/ before starting the AY init scripts
- 4.2.28
- Fixed user-visible messages (bsc#1084015)
- 4.2.27
- Fix cloning patterns (regression from 4.2.22)
  (bsc#1159269, bsc#1159472)
- 4.2.26
- Fixed conflicting items in rule dialogs (bsc#1123091).
- Semi-automatic with partition: Do not use the common AY partition
  workflow (bsc#1134501).
- Do not reset Base-Product while registration. Do not call
  registration in the second installation stage again.
- Fix profile validation for scripts elements (bsc#1156905).
- UI: Report XML parsing errors instead of just crashing
- 4.2.25
- Allow to run autoupgrade on registered system with almost empty
  profile (jsc#SLE-7101)
- 4.2.24
- Improve message when registration missing for autoupgrade with
  online medium (jsc#SLE-7101)
- 4.2.23
- Using Y2Packager::Resolvable.any? and Y2Packager::Resolvable.find
  in order to decrease the required memory (bsc#1132650, bsc#1140037).
- 4.2.22
- Do not override all storage proposal settings when importing
  values from the profile (boo#1156539).
- 4.2.21
- Handle renamed add-ons during auto upgrade (part of jsc#SLE-7101)
- 4.2.20
- report wrong type of param-list instead of crash (bsc#1143260)
- 4.2.19
- Fix autoinstallation on online medium (bsc#1156058)
- 4.2.18
- Update schema to support setting the encryption method through
  the 'crypt_method' (related to jsc#SLE-7376).
- 4.2.17
- AutoYaST support for the Full installation medium
- 4.2.16
- fix auto-adding required packages for autoyast sections (bsc#1153746)
- don't run kdump autoyast config in 2nd stage
- 4.2.15
- bnc#1154855 - During firstboot ayast_setup will not be executed.
- 4.2.14
- Do not crash when using the online medium without the
  registration section in the AY XML profile, display an error
  message with some hints (bsc#1154988)
- 4.2.13
- AutoYaST support for the OnlineOnly installation medium
- 4.2.12
- Do not run the registration step again in the installed system
  (in the 2nd stage after reboot) (bsc#1153293)
- 4.2.11
- Fix dependency for autoyast2-installation (bsc#1131235)
- 4.2.10
- Move kdump import before software import to allow kdump to
  specify packages it needs in first stage (bsc#1149208)
- 4.2.9
- Set X-SuSE-YaST-AutoInstResource in desktop file (bsc#144894).
- 4.2.8
- Add missing 'uuid' element to the partition sections
- 4.2.7
- Fixed downloading of AutoYaST configuration file with "/relurl"/
- 4.2.6
- Use modern tar syntax
- Require fillup because it's executed in %post
- Fixed an Internal Error when AutoYaST is importing users and
  groups configuration (bsc#1140339).
- 4.2.5
- Fixed new desktop file name (bsc#1138144).
- 4.2.4
- Always perform a storage re-probe after executing pre-scripts.
- Related to bsc#1133045
- 4.2.3
- Add multi-device Btrfs related elements to the partitioning
  schema (part of jsc#SLE-3877).
- 4.2.2
- Add metainfo (fate#319035)
- Revamp spec
- Replace GenericName with Comment
- 4.2.1
- Uninstall the "/SUSE-Manager-Proxy"/ product when upgrading from
  SLES12 + SUMA Proxy + SUMA Branch Server (bsc#1133215)
- 4.2.0
- Removed check for available devices. When there are no devices,
  the proposal issues will be shown (needed for bsc#1130256).
- 4.1.5
- Postpone disabling local repositories if the second stage is
  required (bsc#1127818).
- 4.1.4
- Add Bcache related elements to the partitioning schema
- 4.1.3
- Avoid to crash when the profile has a not valid sofware section
- 4.1.2
- Reading IPv6 setting in order to initialize it correctly.
- 4.1.1
- Fixed conflicting items in rule dialogs (bsc#1123091).
- 4.1.0
- Provide icon with module (boo#1109310)
- 4.0.70
- Function SelectProduct removed in order NOT to select All
  available products (bsc#1116332).
- 4.0.69
- Fallback to English when using fbiterm on those languages
  which are not properly supported (fate#325746).
- 4.0.68
- Removed unneeded flag network_needed in script section.
- 4.0.67
- Writing security settings in first AY installation stage.
  So other modules (e.g. users) can rely on these settings now.
- 4.0.66
- Saving y2logs after the installation has been finished.
- 4.0.65
- Adapt schema to support the new way of defining a software
  RAID (fate#326573).
- 4.0.64
- Added license file to spec.
- AutoInstallRules:  Do a cleanup of the profile being merged with
- 4.0.63
- AutoYaST configuration module: Enable edit action for firewall
  module (fate#324662).
- 4.0.62
- AutoInstallRules: Fixed crash while merging profiles.
- 4.0.61
- AutoInstallRules: increased default maxdepth for not crashing
  with a big software package list (bsc#1104655)
- 4.0.60
- Switched license in spec file from SPDX2 to SPDX3 format.
- Installation/Update: Do not call registration if module
  yast2-registraion is not available in inst-sys (bsc#1098794).
- 4.0.59
- AY configuration module: Report XML errors while reading an
  AY configuration file (bsc#1098794)
- 4.0.58
- Added additional searchkeys to desktop file (fate#321043).
- 4.0.57
- Showing AutoYaST configuration file errors onetime only.
  (needed for bnc#1095113)
- 4.0.56
- Partition configuration: Do not ask for saving values if they have
  not been changed at all. (bnc#1082556)
- 4.0.55
- Using new libstorage-ng in order to handle "/label"/ tag in URL.
  E.G.: autoyast=label://my_home//autoinst.xml (bnc#1094533)
- 4.0.54
- Handle DASD or zFCP devices even when the profile is not in a
  remote location (bsc#1089554).
- 4.0.53
- Allow 'subvolumes' and 'subvolumes_prefix' elements to be empty
  (bsc#1076337, bsc#1090095 and bsc#1091669).
- Drop 'btrfs_set_default_subvolume_name' element.
- 4.0.52
- Added general API for reporting errors while parsing the AutoYaST
  configuration file (part of bnc#1089855).
- 4.0.51
- Display an error and abort the installation when no storage
  devices are available for installation (bsc#1091033).
- 4.0.50
- AutoYaST: properly handle empty proposals (bsc#1090390).
- 4.0.49
- Probe storage devices again after initializing DASD or zFCP
  devices (bsc#1089326 and bsc#1089554).
- 4.0.48
- Install the module products also in AutoYaST autoupgrade
  (related to bsc#1086818 and bsc#1087206)
- 4.0.47
- Honor partitioning settings from product (bsc#1085755).
- 4.0.46
- Fix tests to use correct storage instance (part of fate#318196).
- 4.0.45
- Properly abort when probing devices fails (part of bsc#1083672).
- 4.0.44
- Do not export an <id/> element in the partitioning section
- Add-On-Products: Handling error popup for wrong settings.
- 4.0.43
- Permitted the use of 'listentry' element in all the software
  AutoYaST schema list entries (bsc#1013047)
- 4.0.42
- Added more entries to be used instead of the listentry tag when
  cloning the system (bsc#1013047)
- 4.0.41
- Improved error message if the base product cannot be found.
  (follow up of bnc#1084820)
- 4.0.40
- Reuse encrypted devices when required (bsc#1085439).
- 4.0.39
- Fixed cloning of the base product name (bsc#1084259)
- 4.0.38
- Fix in showing/accepting base licenses: Using
  inst_product_license module instead of
  ProductLicense.AskLicenseAgreement (bnc#1073324)
- 4.0.37
- adapted to new activate callbacks in libstorage-ng (see
- 4.0.36
- Add missing textdomains to create proper potfiles (bsc#1083015)
- 4.0.35
- Manage errors during hardware activation in the same way than
  normal installation - asking the user and trying to continue if
  the question times out (related to bsc#1079061).
- 4.0.34
- Upgrade: Speedup PKG call (bnc#1074082)
- 4.0.33
- Remove calls to the old yast2-storage layer (bsc#1071978)
- Fix AutoYaST UI to to show partitions properly
- 4.0.32
- fate#319119
  - yast2-ca-management is dropped
- 4.0.31
- fate#323373
  - Xinetd and yast2-inetd are not supported. Marking respective
    autoyast section as obsolete.
- 4.0.30
- fate#323460
  - support for disabling edit action per module. Currently used
    mainly by the new firewall module
- 4.0.29
- Report packages which cannot be select for installation
  (except those packages not included in the AutoYaST profile)
- 4.0.28
- Speed optimization for the previous fix, the "/clone_system"/
  client spent several minutes processing the packages
  (related to bsc#1077882)
- 4.0.27
- Avoid using Pkg.ResolvableProperties("/"/, :package, "/"/) calls
  which require too much memory (bsc#1077882)
- 4.0.26
- Reporting packages which cannot be selected for installation.
- 4.0.25
- Selecting evaluated/given product for installation.
- 4.0.24
- Display more details when the package solver fails
- Using ProductFeatures.SetSection instead of
  ProductFeatures.SetOverlay in order to set product features.
  This is a follow up of bsc#1070726.
- 4.0.23
- adapt to yast2 changes in overlays (related to bsc#1070726)
- 4.0.22
- Upgrade: Adapting to new product handling.
- 4.0.21
- Fixed merging issues due to bnc#1075182 and bsc#1075334.
- 4.0.20
- Merging products before package evaluation starts.
- 4.0.19
- Fix initialization to copy the profile to /tmp/profile again
- 4.0.18
- always upgrade system via equivalent of 'zypper dup', removing
  respective control from the profile (bsc#1071708)
- 4.0.17
- AutoYaST: fix btrfs_set_default_subvolume_name handling
- 4.0.16
- Warn the user if the infrastructure is not available for running
  the second stage (bnc#1061754)
- 4.0.15
- Reinitialize the storage manager when the profile is modified
  by a pre-script (bsc#1071739)
- 4.0.14
- adapt to new schema of ntp-client (FATE#323432)
- 4.0.13
- Drop using ntpdate and instead use NtpClient module for one time
  sync (FATE#323432)
- 4.0.12
- Do not ignore start_multipath setting (bsc#1070343).
- 4.0.11
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468).
- 4.0.10
- Added subvolumes_prefix to schema definition file.
- Exporting base products in list format. (fate323450)
- 4.0.9
- Bring back handling of device=ask (bsc#1069965)
- Use a 1-based index when showing partitioning issues
- 4.0.8
- Cleanup spec file.
- Code cleanup (removing old libstorage code).
- Adapting rules to storage-ng.
- partition_alignment removed because it is not needed
  anymore by storage-ng.
- 4.0.7
- Add storage data to ayast_probe client (bsc#1065668)
- Handle storage proposal exceptions in a proper way
- 4.0.6
- When reporting issues with the partition plan, add in which
  section of the profile were they found (related to bsc#1060637).
- 4.0.5
- Do not mangle partitioning information coming from
  yast2-storage-ng when cloning a system (related to bsc#1064875).
- 4.0.4
- Add basic support for error handling when creating the
  partition plan (fate#318196).
- 4.0.3
- Add missing require of Y2Package::Product class (bsc#1064396)
- fate#323450
  - implemented product selection
- 4.0.2
- Removed the remains of Kickstart import (bsc#1061620).
- 4.0.1
- AutoinstConfig: added network_before_proposal flag that will be
  enable if the network is configured during the first stage.
- 4.0.0
- ayast_setup: Restarting autoyast-initscripts.service in order
  to run init-scripts too. (bnc#1057597)
- 3.3.9
- Rename "/y2storage_probed"/ to "/probed"/. (bnc#1056656)
- 3.3.8
- fate323450
  - export product name when cloning a profile
- 3.3.7
- Handle packages that are missing a PGP signature although
  digests are valid (bsc#1054969)
- 3.3.6
- AY runs in installed system: Writing init scripts again
  to /var/adm/autoinstall/init.d in order to initilaize init
  scripts correctly. This is needed for AY runs which do not
  have an first installation stage (e.g. AY run in KIWI,
  ayast_setup). (bnc#1052145)
- 3.3.5
- Merged storage-ng branch (fate#318196).
- Note: all changes below with this date belong to the merge.
- 3.3.4
- storage-ng: refac class StorageProposal and create a new guided
  proposal by changing settings if it is necessary.
- Use the new storage-ng layer to export the current system to the
  corresponding <partitioning> section of the AutoYaST profile
- Add basic support for customized partitioning using the new
  storage-ng layer. Currently, only plain partitions are supported
- Allow overriding of product's storage partitioning options
- storage-ng: commented several Yast.import for the old storage
  lib. Affected modules not adapted to storage-ng so far.
- storage-ng: Enable storage-ng proposal for AutoYaST installation.
- storage-ng: fix AutoInstallRules to not use old storage lib.
  Tests are commented. Removed dependency from (old) yast2-storage,
  even if it breaks some functionality.
- Removed yast2-update as build dependency and added before
  version (2.18.3) as install dependency. It is only needed for
- Classes/rules will be ignored: Due to self-update, the evaluation
  of classes/rules will be called twice. So we have to initialize
  the stack for each run again. (bnc#1051483)
- 3.3.3
- Saving ask-scripts and corresponding log files
  to /var/adm/autoinstall. (bnc#1049473)
- 3.3.2
- Crash while writing settings via the menue "/File/Apply Profile
  to this System"/ in AutoYaST configuration module:
  As we are switching to "/autoinstallation"/ mode and accessing to
  the target system we have to set StorageDevices flag disks_valid
  to true.  So InitLibstorage can scan valid target disks.
- 3.3.1
- AutoYaST configuration module; Crash while writing settings to
  the system:
  As we are switching to "/normal"/ mode and accessing to the target
  system we have to set StorageDevices flag disks_valid to true.
  So InitLibstorage can scan valid target disks. (bnc#1046738)
- 3.3.0
- Report shrinked partitions if there is not enough space.
- 3.2.16
- clone system: Checking if snapshots have been enabled.
- 3.2.15
- Moved configuration management before software selection in
  order to select packages which are needed for CM. (FATE#319830)
- 3.2.14
- Fix subvolumes schema definition (bsc#1013047)
- 3.2.13
- bnc#1026027
  - removed dependency on insserv
- 3.2.12
- Added configuration-management to first installation step.
- 3.2.11
- Update: Product selection will be done by Packages.SelectProduct
  now (bnc#1014861).
- 3.2.10
- Moved services-manager to first installation stage (FATE#321738).
- 3.2.9
- Add an option to disable the self-update feature through the
  AutoYaST profile (FATE#319716)
- 3.2.8
- Cloning Software: install_recommended can be set by the
  control.xml file (clone_install_recommended_default)
  Default is true. (Fate#321764)
- 3.2.7
- Fixed tests to pass with the latest yast2-core and
  yast2-ruby-bindings packages (related to the bsc#932331 fix)
- 3.2.6
- Moved post-scripts download from second-stage to first-stage.
- 3.2.5
- If Btrfs subvolumes are not specified, the default set
  is created (bsc#1012328)
- Fix building on s390x (bsc#1011489)
- 3.2.4
- Do not crash when services manager configuration is missing
  (related to bsc#887115)
- 3.2.3
- Hiding a module in its .desktop file (Hidden=true) won't prevent
  it from being cloned anymore (bsc#1008301)
- Add support to specify resource aliases using the key
  X-SuSE-YaST-AutoInstResourceAliases in desktop files (related
  to bsc#887115)
- 3.2.2
- Do not check certificate for images which have been created by
  the user/customer. Found while testing bnc#1009023.
- 3.2.1
- Add support to enable copy-on-write for Btrfs subvolumes
- Add support to omit the Btrfs default subvolume name
- 3.2.0
- Adding missed desktop file for "/clone_system"/ in order to show
  it in the control center and command line calls.
- 3.1.152
- Adding an missing PREP partition for PPC, BUT not for
  Power8 system (powerNV). PowerNV do not have PREP partitions
  and do not need any because they do not call grub2-install
- 3.1.151
- Fix IP detection in AutoYaST installation rules
  in order to find the correct profile when "/ip route"/
  mentions "/metric"/ (bnc#997548).
- 3.1.150
- Profile Location: Use Report instead of Popup to not block
  AutoYast if not configured to. (bnc#988949)
- 3.1.149
- Fixed: Setting timeout for error popups has not been possible.
- 3.1.148
- Improved logging for broken script descriptions.
  Still a part of bnc#986049.
- 3.1.147
- Cloning devices: Devices which are not needed for the
  installation will be ignored explicitly in the "/skip_list"/.
- 3.1.146
- Added "/confirm_base_product_license"/ to rnc file.
- 3.1.145
- Reintroduced autoyast=usb as a valid URL to AutoYaST profile
- 3.1.144
- Added missed flag "/install_recommended"/ in software section.
- 3.1.143
- Added new [Stop] button for <ask> dialogs with timeout. The
  button shows the current time in seconds till the automatic
  timeout (bsc#990114).
- More possible user actions can now stop the execution to prevent
  from timeout (bsc#990114).
- 3.1.142
- Check if AutoYaST "/script"/ elements are hashes.
  Other entries will be ignored. (bnc#986049)
- 3.1.141
- Exporting NFS root partition correctly. (bnc#986124)
- 3.1.140
- Moved ssh_import AutoYaST schema file to yast2-installation
  This is a part of Fate#319624.
- 3.1.139
- Adapt docu to new AutoYaST developer docu.
- 3.1.138
- The entry "/kexec_reboot"/ in the Product description can be set
  by the AutoYaST configuration setting (general/forceboot) and should
  not be reset by any other Product description file.
  Fix: Set it again after reading a new Product description.
- 3.1.137
- While AutoYaST installation the user can change the path of the
  AutoYaST configuration file. Fix: This path will be updated in
  /etc/install.inf too.
- 3.1.136
- System shutdown: Removed "/autoyast"/ service shutdown.
  It does not exist anymore. (bnc#986798)
- 3.1.135
- Speed up installation (bnc#986649)
- 3.1.134
- Consider AutoYaST keep_install_network as set to 'true'
  if it's not specified (bsc#984146)
- Restore the keep_install_network default behavior present
  in SLE 12 SP1 and openSUSE Leap 42.1
- 3.1.133
- Fixing typo while reporting not supported modules.
  (part of bnc#955878)
- 3.1.132
- Rename schema definition regarding SSH keys/configuration
  so yast2-schema can find it correctly (fate#319624)
- 3.1.131
- Fix AutoYaST2 schema regarding SSH keys/configuration import
  feature (fate#319624)
- Stop generating autodocs (fate#320356)
- 3.1.130
- AutoYaST support for ssh_import module.
- 3.1.129
- Unsupported sections will be now reported in first installation
  stage. Reducing log level to warning.
  (Additional patch for bnc#955878)
- 3.1.128
- Resetting package selection of previous runs. This is needed
  because it could be that additional repositories are available
  meanwhile. (bnc#979691)
- 3.1.127
- Media-based AutoUpgrade case for feature: No Recommends in
  * -release RPMs (FATE#320199)
- 3.1.126
- Upgrade: Removed obsolete bootloader stuff.
- 3.1.125
- Removed obsolete bootloader stuff.
  (related to FATE#317701)
- 3.1.124
- Updated schema - added optional URL for the installer
  self update repository ("/general"/ -> "/self_update_url"/ node)
- 3.1.123
- Remove unused import of dropped BootCommon package.
  (related to FATE#317701)
- 3.1.122
- Removed calls of dropped LanUdevAuto module (yast2-network)
  (bnc#955217, bnc#956605)
- 3.1.121
- Moved call "/uptime"/ to yast2 package. Cleanup for bnc#956730.
- 3.1.120
- Evaluate the correct domain, network, product and product version
  when applying rules (bnc#963137).
- 3.1.119
- Check uptime instead of system time while waiting for systemd
  services to be restarted (bsc#956730)
- 3.1.118
- Fixed crash if the general/mode section has not been defined.
- 3.1.117
- As network configuration will be moved to first installation
  stage and wickedd should not be restarted in the second stage,
  all wickedd and network services will not be restarted at all
  by AutoYaST.
  (bnc#944349,  bnc#955260)
- 3.1.116
- Moved the body of AutoinstallIoInclude#Get to yast2-update
- 3.1.115
- Confirming base product license. This can be defined by the flag
  <confirm_base_product_license> in the general/mode section.
  Confirming licenses of add-on products can be defined for each
  product by the flag <confirm_license> in the add-on product
- 3.1.114
- "/haspcmcia"/ method is removed from the AutoInstallRules API
- LVM: taking care about "/auto"/ option --> switching to "/max"/.
- 3.1.113
- Fixed rules.xml : OR operator is interpreted as AND.
- 3.1.112
- Fix wrong warning message about the 'init' section
  not being processed (bsc#962526)
- Installation with "/autoyast=default"/. Fixed nil exception error.
- 3.1.111
- Fixed init scripts which have been defined inside an
  AutoYaST configuration file. (bnc#961320)
- 3.1.110
- Fix validation of AutoYaST profiles (bsc#954412)
- 3.1.109
- Downloading init scripts to /mnt during first installation stage.
- 3.1.108
- Network services can be restarted again, because they do not
  depend on YaST2-Second-Stage.service anymore. (bnc#954908)
- 3.1.107
- Added "/cobbler"/ to the obsolete profile section.
  Defined in SUSE Manager but will not be used anymore. (bnc#955878)
- 3.1.106
- Do not restart NetworkManager* services while restarting all
  services in the second installation stage. (bnc#955260)
- 3.1.105
- Export the already saved software selection when present,
  fixes exporting wrong package selection caused by deployment of
  the installation images (bsc#956325, bsc#910728)
- Evaluating needed YAST packages which are defined in the
  AutoYaST configuration file and selecting these packages for
  installation. (bnc#955657)
- 3.1.104
- Updating AutoYaST documentation
- 3.1.103
- Installation workflow: Using ntpdate instead of sntp for time
  syncing (bnc#953781)
- 3.1.102
- Add dependency on yast2-pkg-bindings 3.1.31 (or newer)
- 3.1.101
- Ingore restarting of all wickedd* services while finishing the
  second installation stage. (bnc#944349)
- 3.1.100
- Cloning system while an installation without AutoYaST: Do not
  blame if packages are not available anymore because the
  medium has already been unmounted (e.g. USB device)
- 3.1.99
- Using "/backup"/ or "/partitioning_advanced"/ sections in the profile
  does not produce an error message anymore (bsc#950294)
- 3.1.98
- Move lib/ directory to autoyast2-installation package
- 3.1.97
- Handle pkgGpgCheck callback introduced in libzypp 14.39.0
- 3.1.96
- Enabled translation of some buttons (bsc#948834)
- 3.1.95
- Writing network settings in first installation stage if the
  second installation stage has been disabled ("/second_stage"/)
  in the general/mode section but a "/networking"/ section has
  also been defined. (bnc#944942)
- 3.1.94
- Fix premature loading of AutoInstall which prevented running
  configuration clients during 2nd stage (bsc#944770)
- 3.1.93
- Move users creation to the first stage, so it is not needed
  to run the 2nd stage to have a minimal system.
- Do no add AutoYaST packages if the second stage won't be
- Fixes bnc#892091
- 3.1.92
- Do not restart dbus service after installation. Otherwise some
  other services will hang. (bnc#937900)
- 3.1.91
- S390: handling cio_ignore
  Entry <general><cio_ignore> in order to set it
  (values: true/false). If it is not set cio_ignore is true.
  So it is backward compatible. (bnc#941406)
- 3.1.90
- Fixed typo in partitioning section
- 3.1.89
- Writing init scipts to installed system in the first installation
  stage now. The init scrpits will be called while starting
  the autoyast-initscripts service. So, these scripts will be called
  while a system upgrade too. (bnc#940823)
- 3.1.88
- <software><post-packages>: Must not reinstall already installed
  packages. (fate#319086)
- 3.1.87
- Fixed a syntax error in the schema definition (bsc#938459)
- 3.1.86
- Syncing hardware time before starting installation via ntp.
  This is configurable via the flag
  <general><mode><ntp_sync_time_before_installation> with which
  the name of the ntp server will be defined. If it is not set
  no synchronisation will be done. So it is backward compatible.
- 3.1.85
- Added "/upgrade"/ section to generic list. (bnc#935915)
- 3.1.84
- implemented activation of snapper for btrfs on LVM (bsc#935858)
- 3.1.83
- Enabled snapshots creation after auto-installation/upgrade
- 3.1.82
- Regarding some corner cases of bsc#925381.
  - - Checking for availability of clients/<module>_auto module before
    reporting an error.
  - - Checking if a module supports more than one autoyast configuration
- 3.1.81
- Don't try to format PReP partitions (bsc#927748)
- fixed size parameter "/auto"/ for PReP partitions (bsc#928768)
- 3.1.80
- Added new section "/restricts"/ for ntp configuration
- 3.1.79
- Added 'bootloader' and 'report' into list of supported profile
  sections (bsc#925381)
- 3.1.78
- Added libxslt into BuildRequires - needed for running test-cases
- 3.1.77
- Reporting unknown and unsupported profile sections (bnc#925381)
- 3.1.76
- Evaluate the correct host IP in order to read the proper
  autoyast.xml file (bnc#928303, bnc#908356, bnc#916628)
- 3.1.75
- New autoinst flag in general/mode section:
  The default target of systemd will be activated in the second
  stage of autoyast installation.
  The default is "/true"/ which is a backward compatible value.
- 3.1.74
- Avoid ayast_probe module crashing when called from an installed
- 3.1.73
- New autoinst flag in general/mode section: final_restart_services.
  Restarting all services after finishing the installation.
  The default is "/true"/ which is a backward compatible value.
- load release notes of extensions also during AutoYaST
- Clone_system in autoyast2-installation should call some modules
  (e.g. storage, software) which are defined in autoyast2 package.
  So if needed the user has to install autoyast2 package at first.
- Checking if the disk is -partitionable- instead of checking if it
  is a real disk. Needed for Multipath disks. (bnc#909349)
- autoyast=file:///<autoinst.xml> : Mount the installation source
  in order to copy AutoYaST configuration file into inst_sys.
- Selecting needed yast packages for the second stage correctly.
- 3.1.72
- Setting normal mode while applying single module settings to
  system. (bnc#909223)
- 3.1.71
- Removed code which will be already done by service_manager.
- remove X-KDE-Library from desktop file (bnc#899104)
- AutoYaST configuration module: Reset menu bar after calling
  single YAST configuration module.
- 3.1.69
- Fixed too small dialog for autoyast profile location.
- 3.1.68
- Fixed UI in partition configuration.
  (bnc#901904; bnc#901739)
- 3.1.67
- Fixed "/No base product found"/ error when evaluating
  rules/rules.xml file (bnc#900750)
- 3.1.66
- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
  HUP event in client_work (boo#1184521 CVE-2021-3468).
- Update from Debian. Our previous
  version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
  when invoking (boo#1180827
- Add sudo to requires: used to drop privileges.
- When changing ownership of /var/lib/autoipd, only change
  ownership of files owned by avahi, to mitigate against
  possible exploits (bsc#1154063).
- Drop avahi-daemon-increase-rlimit.patch: rlimits are no longer
  set by default.
- Replace avahi-0.7-python3.patch with avahi-0.7-dbm.patch: use
  what is upstream (boo#1110668).
- Add avahi-0.7-encode-strings-as-utf8.patch: encode strings as
  UTF-8 (boo#1110668).
- Add avahi-0.7-python3-bookmarks.patch: make bookmarks python 3
  compatible (boo#1110668).
- Add CVE-2018-1000845.patch: drop legacy unicast queries from
  address not on local link (boo#1120281 CVE-2018-1000845).
- Drop avahi-0.6.31-invalid-packet.patch: fixed upstream.
- Add avahi-daemon-increase-rlimit.patch: increase rlimit as a
  conservative way to handle certain crashes referring to upstream
  commit 71ace71 (bsc#1085255).
- Drop the qt3 parts
- Add avahi-0.7-python3.patch: Port to python 3 (bsc#1076402).
- Build python bindings against python 3, rather than python 2;
- Python-avahi is now python3-avahi, and python-avahi-gtk is now
- Obsolete the python 2 packages
- Replace python_sitelib with python3_sitelib in %files, and add
- Rename %*soname to %*sover to better reflect its use.
- Modernize spec file by calling spec-cleaner
- Use SPDX3.0 license tags and package COPYING as %license.
- Update to version 0.7:
  + The Avahi 0.7 release brings two new features, binary TXT
    records in XML service files and the ability to start the
    gobject client in a custom context.
  + New Features:
  - Add support for binary values in TXT records in XML service
    files by specifying
    value-format="/text|binary-hex|binary-base64"/. If not
    specified, defaults to the normal value of "/text"/ (thus
    backwards compatible).
  - avahi-gobject: Allow starting the client in a custom
    GMainContext by passing context to ga_client_start_in_context
    instead of ga_client_start (avahi-gobject minor version has
    been incremented).
  + Notable Changes:
  - avahi-daemon: Remove all default rlimits from
    avahi-daemon.conf, as two main problems happened with firstly
    rlimit-nproc causing avahi to fail when started in a
    container without user namespaces and secondly because memory
    rlimits were causing avahi to crash in some cases. Leave it
    up to the init system to impose any modified limits instead.
    It is recommend to ship this change in distribution default
    config files.
  - avahi-common: Fix watch cleanup issue in watch_free
  - avahi-discover (python): Updated for Python3 & GTK3
  - avahi-autoipd:
    . Clear previously set address before binding a new one.
    . Fix dhclient hooks to check for avahi-autoipd before
  - build: Move default rundir from /var/run to /run as per
    modern system setups.
  + Other Changes:
  - build:
    . Fix the printed value of "/Building libavahi-client"/ in
    . improved to work when called from another
    . Fix warnings when compiling against musl libc.
  - avahi-compat-libdns_sd: Fix incorrect URL in warnings.
  - service-type-database: Add new service Types: _ipps._tcp,
  - avahi-dnsconfd: Update manpage with the correct action script
  - avahi-gobject:
    . Use the correct shared library name in AvahiCore-0.6.gir
    . Fix build failing under some locales.
  - avahi-common/dbus-watch-glue.c: remove Unneeded semicolon.
  - Update gentoo init scripts for newer openrc version.
  + Updated translations.
- Drop avahi-empty-share-dir.patch, avahi-gir-fixup.patch,
  avahi-move-everything-to-run.patch and avahi-outdated-URL.patch:
  Fixed upstream.
- Drop systemd_requires macro: on a machine managed by systemd, we
  don't have to require it. If the machine/container is not managed
  by systemd, we don't want to require it.
- Add pkgconfig(pygobject-3.0) BuildRequires: New dependency.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Do not suppress errors from avahi-autoipd user creation, but do
  suppress getent output.
- Replace $RPM_* shell vars by macros.
- Modify user generation (boo#1010384):
  + Use getent to check for existing users/groups, only creating
    them if not found.
  + Do not hide output of groupadd/useradd.
  + Do not mask failures: if a user can't be added, we have a
- Drop %insserv_cleanup scriptlets: it's been a while that avahi
  did not install any sysV init scripts anymore.
- Simplify OBS is well able to handle macros
  in package names by now.
- Drop conditions to only handle systemd services on openSUSE >
  12.1; it's been long that we did not ship the sysv scripts
  anymore and openSUSE 12.1 is long EOL.
- Replace avahi-0.6.31-systemd-order.patch with
  avahi-0.6.32-suppress-resolv-conf-warning.patch: only warn
  on missing resolv.conf if the options that use it are enabled.
- Update to version 0.6.32:
  + Don't log warnings about invalid packets, commonly triggered by
    Windows 10 systems.
  + Fix issue with bad packet size estimation, causing probes to
    continuously be sent when hosting large numbers of services.
  + Fix build on Solaris/SmartOS (filio.h issue).
  + Fix build on FreeBSD (PCAP_D_IN issue).
  + Fix debug output with libdaemon >= 0.14.
  + avahi_server_set_browse_domains now correctly uses the provided
    list, instead of re-using the list from the configuration file.
  + Set nl_pid to 0, this will automatically assign the value and
    prevent conflicts per netlink(7). (Bug #334).
  + Check for netlink pid=0 (kernel) instead of uid=0, which works
    correctly with network & user namespaces.
  + Fix reversed IFA_LOCAL and IFA_ADDRESS checks (Avahi#355).
  + Don't fail the build on deprecated GTK/GLIB usage.
  + Gracefully fail if SO_REUSEPORT is not available.
  + Minor Python 3 update for the python ServiceTypeDatabase test
    usage of print, should be backwards compatible.
  + avahi-autoipd: Fix incorrect usage of IFLA_RTA instead of
    IFA_RTA which could crash on ARM (Closes: gh#lathiat/avahi#42).
- Drop upstream fixed patches:
  + avahi-unicastdomains.patch
  + avahi-gtk_box_new.patch
  + avahi-fix-mkdir.diff
  + avahi-enable-ipv6.patch
  + avahi-reserve-space-for-record-data-when-size-e.patch
- Rebase avahi-0.6.31-invalid-packet.patch.
- Add avahi-0.6.31-systemd-order.patch: start after NM/wicked, to
  ensure resolv.conf is present (bsc#982317, gh#lathiat/avahi#59).
- Update to GNOME 3.20.2 (Fate#318572)
- Added License field in spec file.
- Update to GNOME 3.20  Fate#318572
- No longer install sysv services: the systemd services have been
  installed for a long time already and are masking the sysv
  scripts; those scripts existance only add confusion (boo#959908).
- Temp disable 2 old Conflicts that are breaking staging. These can
  back in once there is a new release of avahi.
- Add avahi-0.6.31-invalid-packet.patch: do not spam logs for
  invalid packets (boo#947140 bsc#948277).
- Sync up the multiple .spec files.
- Add avahi-outdated-URL.patch: Do not redirect users to
  <>, which no
  longer exists, but bring them to the more generic blog entry (boo#914298).
- Add patch bsc1183064.patch
  * Fix bug bsc#1183064: Segfault from reading a history file not
    starting with # with HISTTIMEFORMAT set and history_multiline_entries
    nonzero and with the history cleared and read on the same input line.
- Move /bin/bash to /usr/bin/bash and provide old location as
  symbolic link of new location (jsc#SLE-15652)
- Remove minimal sh build option as not used
- Rework patch readline-7.0-screen.patch again for bug boo#1143055
  * Map all "/screen(-xxx)?.yyy(-zzz)?"/ to "/screen"/ as well as
    map "/konsole(-xxx)?"/ and "/gnome(-xxx)?"/ to "/xterm"/
- Add patch bash-4.4-bgpoverflow.patch which is a backport from bash
  5.0 to perform better with large numbers of sub processes (bsc#1133773)
- Rework patch readline-7.0-screen.patch
- Add bash-memmove.patch to make bash.html build reproducible (boo#1100488)
- Add patch readline-7.0-screen.patch to be able to parse settings
  in inputrc for all screen TERM variables starting with "/screen."/
  to fix boo#1095661
- In patch bash-4.4.dif avoid setgroups(2) but use initgroups(3) (boo#1095670)
- Add patch 20, 21, 22 and 23 to bash-4.4-patches.tar.bz2
  * 20: In circumstances involving long-running scripts that create
    and reap many processes, it is possible for the hash table bash
    uses to store exit statuses from asynchronous processes to
    develop loops. This patch fixes the loop causes and adds code
    to detect any future loops.
  * 21: A SIGINT received inside a SIGINT trap handler can possibly
    cause the shell to loop.
  * 22: There are cases where a failing readline command (e.g.,
    delete-char at the end of a line) can cause a multi-character
    key sequence to `back up' and attempt to re-read some of the
    characters in the sequence.
  * 23: When sourcing a file from an interactive shell, setting the
    SIGINT handler to the default and typing ^C will cause the
    shell to exit.
- remove bash-4.4-wait-sigint-handler.patch (upstreamed)
- Add patch bash-4.4-wait-sigint-handler.patch to fix bug bsc#1086247
  that is repeating self inserting trap due external command in the
- Create readline-devel-static package to re-enable static libraries
  again (boo#1082913)
- Use %license (boo#1082318)
- Add patch 19 to bash-4.4-patches.tar.bz2
  * With certain values for PS1, especially those that wrap onto
    three or more lines, readline will miscalculate the number of
    invisible characters, leading to crashes and core dumps.
- Add patches 13-18 to bash-4.4-patches.tar.bz2
  * 13: If a here-document contains a command substitution, the
    command substitution can get access to the file descriptor used
    to write the here-document.
  * 14: Under some circumstances, functions that return via the
    `return' builtin do not clean up memory they allocated to keep
    track of FIFOs.
  * 15: Process substitution can leak internal quoting to the
    parser in the invoked subshell.
  * 16: Bash can perform trap processing while reading command
    substitution output instead of waiting until the command
  * 17: There is a memory leak when `read -e' is used to read a
    line using readline.
  * 18: Under certain circumstances (e.g., reading from /dev/zero),
    read(2) will not return -1 even when interrupted by a signal.
    The read builtin needs to check for signals in this case.
- partial cleanup with spec-cleaner
- Modify patch bash-4.3-pathtemp.patch to avoid crash at full
  file system (boo#1076909)
- Enable multibyte characters by default
- Modify patch bash-4.4.dif to let bashline.h install as well as
  this header file is included by general.h due to the same patch
- Make build reproducible in spite of profile based optimizations (boo#1040589)
- Allow to disable do_profiling in builds (related to boo#1040589)
- Simplify patch readline-5.2-conf.patch
- Do not throw info and manual pages away
- Remove bash-4.0-async-bnc523667.dif as this one is fixed (and
  was disabled and nobody had reported trouble)
- Add upstream patch readline70-002 which replace old one
  There is a race condition in add_history() that can be triggered by a fatal
  signal arriving between the time the history length is updated and the time
  the history list update is completed. A later attempt to reference an
  invalid history entry can cause a crash.
- Add upstream patch readline70-003
  Readline-7.0 uses pselect(2) to allow readline to handle signals that do not
  interrupt read(2), such as SIGALRM, before reading another character.  The
  signal mask used in the pselect call did not take into account signals the
  calling application blocked before calling readline().
- Add upstream patch bash44-006
  Out-of-range negative offsets to popd can cause the shell to crash
  attempting to free an invalid memory block.
- Remove patch popd-offset-overflow.patch to use bash44-006
- Add upstream patch bash44-007
  When performing filename completion, bash dequotes the directory
  name being completed, which can result in match failures and
  potential unwanted expansion.
- Duplicate bash44-007 as readline70-002 as it seems to be missed
- Add upstream patch bash44-008
  Under certain circumstances, bash will evaluate arithmetic
  expressions as part of reading an expression token even when
  evaluation is suppressed. This happens while evaluating a
  conditional expression and skipping over the failed branch of the
- Add upstream patch bash44-009
  There is a race condition in add_history() that can be triggered
  by a fatal signal arriving between the time the history length
  is updated and the time the history list update is completed.
  A later attempt to reference an invalid history entry can cause
  a crash.
- Add upstream patch bash44-010
  Depending on compiler optimizations and behavior, the `read'
  builtin may not save partial input when a timeout occurs.
- Add upstream patch bash44-011
  Subshells begun to run command and process substitutions may
  attempt to set the terminal's process group to an incorrect
  value if they receive a fatal signal.  This depends on the
  behavior of the process that starts the shell.
- Add upstream patch bash44-012
  When -N is used, the input is not supposed to be split using
  $IFS, but leading and trailing IFS whitespace was still removed.
- Remove -L option on screen call dues API change, now we depend
  on environment variables only.
- Enable -fprofile-correction to cover misleading profile created due
  to terminating_signal which does not return.
-  Add upstream patch popd-offset-overflow.patch to fix boo#1010845
  CVE-2016-9401: bash: popd controlled free (Segmentation fault)
  Remark: this is a simple Segmentation fault, no security risk
- Add upstream patch bash44-001
  Bash-4.4 changed the way the history list is initially allocated to reduce
  the number of reallocations and copies.  Users who set HISTSIZE to a very
  large number to essentially unlimit the size of the history list will get
  memory allocation errors
- Add upstream patch bash44-002
  Bash-4.4 warns when discarding NUL bytes in command substitution output
  instead of silently dropping them.  This patch changes the warnings from
  one per NUL byte encountered to one warning per command substitution.
- Drop no-null-warning.patch as bash44-002 is official replacement
- Add upstream patch bash44-003
  Specially-crafted input, in this case an incomplete pathname expansion
  bracket expression containing an invalid collating symbol, can cause the
  shell to crash.
- Add upstream patch bash44-004
  There is a race condition that can result in bash referencing freed memory
  when freeing data associated with the last process substitution.
- Add upstream patch bash44-005
  Under certain circumstances, a simple command is optimized to eliminate a
  fork, resulting in an EXIT trap not being executed. (boo#1008459)
- Add upstream patch readline70-001
  Readline-7.0 changed the way the history list is initially allocated to reduce
  the number of reallocations and copies.  Users who set the readline
  history-size variable to a very large number to essentially unlimit the size
  of the history list will get memory allocation errors
- no-null-warning.patch: Don't warn about null bytes in command
- Avoid confusing library path
- Update bash 4.4 final
  * Latest bug fixes since 4.4 rc2
- Update readline 7.0 final
  * Latest bug fixes since 7.0 rc2
  * New application-callable function: rl_pending_signal(): returns the signal
    number of any signal readline has caught but not yet handled.
  * New application-settable variable: rl_persistent_signal_handlers: if set
  to a non-zero value, readline will enable the readline-6.2 signal handler
  behavior in callback mode: handlers are installed when
  rl_callback_handler_install is called and removed removed when a complete
  line has been read.
- Drop patch bash-4.3-async-bnc971410.dif as this one is part of 4.4
- Drop patch bash-3.2-longjmp.dif as now long time be fixed
- Drop patch bash-4.3-headers.dif as loadables now simply work
- Drop readline-6.1-wrap.patch as this seems to be fixed
- Disable patch bash-4.0-async-bnc523667.dif for now as it seems to be fixed
  in an other way
- Update bash 4.4 rc2  -- Bugfixes
- Update readline 7.0 rc2 -- Bugfixes
- Make clear that the files /etc/profile as well as /etc/bash.bashrc
  may source other files as well even if the bash does not.
  Therefore modify patch bash-4.1-bash.bashrc.dif (bsc#959755)
- Update bash 4.4 beta 2
  * Value conversions (arithmetic expansions, case modification, etc.) now
    happen when assigning elements of an array using compound assignment.
  * There is a new option settable in config-top.h that makes multiple
    directory arguments to `cd' a fatal error.
  * Bash now uses mktemp() when creating internal temporary files; it produces
    a warning at build time on many Linux systems.
- Update to readline library 7.0 beta 2 (not enabled as not standalone)
  * The default binding for ^W in vi mode now uses word boundaries specified
    by Posix (vi-unix-word-rubout is bindable command name).
  * rl_clear_visible_line: new application-callable function; clears all
    screen lines occupied by the current visible readline line.
  * rl_tty_set_echoing: application-callable function that controls whether
    or not readline thinks it is echoing terminal output.
  * Handle >| and strings of digits preceding and following redirection
    specifications as single tokens when tokenizing the line for history
  * Fixed a bug with displaying completions when the prefix display length
    is greater than the length of the completions to be displayed.
  * The :p history modifier now applies to the entire line, so any expansion
    specifying :p causes the line to be printed instead of expanded.
- Update bash 4.4 release candidate 1
  * There is now a settable configuration #define that will cause the shell
    to exit if the shell is running setuid without the -p option and setuid
    to the real uid fails.
  * Command and process substitutions now turn off the `-v' option when
    executing, as other shells seem to do.
  * The default value for the `checkhash' shell option may now be set at
    compile time with a #define.
  * The `mapfile' builtin now has a -d option to use an arbitrary character
    as the record delimiter, and a -t option  to strip the delimiter as
    supplied with -d.
  * The maximum number of nested recursive calls to `eval' is now settable in
    config-top.h; the default is no limit.
  * The `-p' option to declare and similar builtins will display attributes for
    named variables even when those variables have not been assigned values
    (which are technically unset).
  * The maximum number of nested recursive calls to `source' is now settable
    in config-top.h; the default is no limit.
  * All builtin commands recognize the `--help' option and print a usage
  * Bash does not allow function names containing `/' and `=' to be exported.
  * The `ulimit' builtin has new -k (kqueues) and -P (pseudoterminals) options.
  * The shell now allows `time ; othercommand' to time null commands.
  * There is a new `--enable-function-import' configuration option to allow
    importing shell functions from the environment; import is enabled by
  * `printf -v var "/"/' will now set `var' to the empty string, as if `var="/"/'
    had been executed.
  * GLOBIGNORE, the pattern substitution word expansion, and programmable
    completion match filtering now honor the value of the `nocasematch' option.
  * There is a new ${parameter@spec} family of operators to transform the
    value of `parameter'.
  * Bash no longer attempts to perform compound assignment if a variable on the
    rhs of an assignment statement argument to `declare' has the form of a
    compound assignment (e.g., w='(word)' ; declare foo=$w); compound
    assignments are accepted if the variable was already declared as an array,
    but with a warning.
  * The declare builtin no longer displays array variables using the compound
    assignment syntax with quotes; that will generate warnings when re-used as
    input, and isn't necessary.
  * Executing the rhs of && and || will no longer cause the shell to fork if
    it's not necessary.
  * The `local' builtin takes a new argument: `-', which will cause it to save
    and the single-letter shell options and restore their previous values at
    function return.
  * `complete' and `compgen' have a new `-o nosort' option, which forces
    readline to not sort the completion matches.
  * Bash now allows waiting for the most recent process substitution, since it
    appears as $!.
  * The `unset' builtin now unsets a scalar variable if it is subscripted with
    a `0', analogous to the ${var[0]} expansion.
  * `set -i' is no longer valid, as in other shells.
  * BASH_SUBSHELL is now updated for process substitution and group commands
    in pipelines, and is available with the same value when running any exit
  * Bash now checks $INSIDE_EMACS as well as $EMACS when deciding whether or
    not bash is being run in a GNU Emacs shell window.
  * Bash now treats SIGINT received when running a non-builtin command in a
    loop the way it has traditionally treated running a builtin command:
    running any trap handler and breaking out of the loop.
  * New variable: EXECIGNORE; a colon-separate list of patterns that will
    cause matching filenames to be ignored when searching for commands.
  * Aliases whose value ends in a shell metacharacter now expand in a way to
    allow them to be `pasted' to the next token, which can potentially change
    the meaning of a command (e.g., turning `&' into `&&').
  * `make install' now installs the example loadable builtins and a set of
    bash headers to use when developing new loadable builtins.
  * `enable -f' now attempts to call functions named BUILTIN_builtin_load when
    loading BUILTIN, and BUILTIN_builtin_unload when deleting it.  This allows
    loadable builtins to run initialization and cleanup code.
  * There is a new BASH_LOADABLES_PATH variable containing a list of directories
    where the `enable -f' command looks for shared objects containing loadable
  * The `complete_fullquote' option to `shopt' changes filename completion to
    quote all shell metacharacters in filenames and directory names.
  * The `kill' builtin now has a `-L' option, equivalent to `-l', for
    compatibility with Linux standalone versions of kill.
  * BASH_COMPAT and FUNCNEST can be inherited and set from the shell's initial
  * inherit_errexit: a new `shopt' option that, when set, causes command
    substitutions to inherit the -e option.  By default, those subshells disable
  - e.  It's enabled as part of turning on posix mode.
  * New prompt string: PS0.  Expanded and displayed by interactive shells after
    reading a complete command but before executing it.
  * Interactive shells now behave as if SIGTSTP/SIGTTIN/SIGTTOU are set to SIG_DFL
    when the shell is started, so they are set to SIG_DFL in child processes.
  * Posix-mode shells now allow double quotes to quote the history expansion
  * OLDPWD can be inherited from the environment if it names a directory.
  * Shells running as root no longer inherit PS4 from the environment, closing a
    security hole involving PS4 expansion performing command substitution.
  * If executing an implicit `cd' when the `autocd' option is set, bash will now
    invoke a function named `cd' if one exists before executing the `cd' builtin.
- Update to readline library 7.0 release candidate 1
  * The history truncation code now uses the same error recovery mechansim as
    the history writing code, and restores the old version of the history file
    on error.  The error recovery mechanism handles symlinked history files.
  * There is a new bindable variable, `enable-bracketed-paste', which enables
    support for a terminal's bracketed paste mode.
  * The editing mode indicators can now be strings and are user-settable
    (new `emacs-mode-string', `vi-cmd-mode-string' and `vi-ins-mode-string'
    variables).  Mode strings can contain invisible character sequences.
    Setting mode strings to null strings restores the defaults.
  * Prompt expansion adds the mode string to the last line of a multi-line
    prompt (one with embedded newlines).
  * There is a new bindable variable, `colored-completion-prefix', which, if
    set, causes the common prefix of a set of possible completions to be
    displayed in color.
  * There is a new bindable command `vi-yank-pop', a vi-mode version of emacs-
    mode yank-pop.
  * The redisplay code underwent several efficiency improvements for multibyte
  * The insert-char function attempts to batch-insert all pending typeahead
    that maps to self-insert, as long as it is coming from the terminal.
  * rl_callback_sigcleanup: a new application function that can clean up and
    unset any state set by readline's callback mode.  Intended to be used
    after a signal.
  * If an incremental search string has its last character removed with DEL, the
    resulting empty search string no longer matches the previous line.
  * If readline reads a history file that begins with `#' (or the value of
    the history comment character) and has enabled history timestamps, the history
    entries are assumed to be delimited by timestamps.  This allows multi-line
    history entries.
  * Readline now throws an error if it parses a key binding without a terminating
    `:' or whitespace.
- Remove patches which are upstream solved
- Rename patches
  bash-4.3.dif become bash-4.4.dif
  readline-6.3.dif become readline-7.0.dif
- Refresh other patches as well
- Define the USE_MKTEMP and USE_MKSTEMP cpp macros as the
  implementation is already there.
- Add patch bash-4.3-pathtemp.patch to allow root to clear the
  file systems.  Otherwise the completion does not work if /tmp
  if full (ENOSPC for here documents)
- Remove --hash-size options as there is no any change in the final
  binary nor library anymore
- Add upstream patch bash43-039
  Using the output of `declare -p' when run in a function can result in variables
  that are invisible to `declare -p'.  This problem occurs when an assignment
  builtin such as `declare' receives a quoted compound array assignment as one of
  its arguments.
- Add upstream patch bash43-040
  There is a memory leak that occurs when bash expands an array reference on
  the rhs of an assignment statement.
- Add upstream patch bash43-041
  There are several out-of-bounds read errors that occur when completing command
  lines where assignment statements appear before the command name.  The first
  two appear only when programmable completion is enabled; the last one only
  happens when listing possible completions.
- Add upstream patch bash43-042
  There is a problem when parsing command substitutions containing `case'
  commands within pipelines that causes the parser to not correctly identify
  the end of the command substitution.
- add bash-4.3-perl522.patch to fix texi2html for perl 5.22
  (defined(@array) has been deprecated since at least 2012)
- Add upstream patch bash43-034
  If neither the -f nor -v options is supplied to unset, and a name argument is
  found to be a function and unset, subsequent name arguments are not treated as
  variables before attempting to unset a function by that name.
- Add upstream patch bash43-035
  A locale with a long name can trigger a buffer overflow and core dump.  This
  applies on systems that do not have locale_charset in libc, are not using
  GNU libiconv, and are not using the libintl that ships with bash in lib/intl.
- Add upstream patch bash43-036
  When evaluating and setting integer variables, and the assignment fails to
  create a variable (for example, when performing an operation on an array
  variable with an invalid subscript), bash attempts to dereference a null
  pointer, causing a segmentation violation.
- Add upstream patch bash43-037
  If an associative array uses `@' or `*' as a subscript, `declare -p' produces
  output that cannot be reused as input.
- Add upstream patch bash43-038
  There are a number of instances where `time' is not recognized as a reserved
  word when the shell grammar says it should be.
- move info deletion to %preun sections
- bash-4.3-loadables.dif: One more warning fixed, in
- bash-4.3-loadables.dif: Reverted one warning fix, which was
  introducing another warning and possibly a bug.
- bash-4.3-loadables.dif: Split changes to shell.h to a separate
  patch "/bash-4.3-include-unistd.dif"/, as the loadables build just
  fine without these changes.
- bash-4.3-loadables.dif: Drop all header file inclusion fixups,
  upstream fixed the problem differently 5 years ago.
- Do not restart all signal handlers for bash 4.3 as this breaks
  trap handler in subshells waotiug for a process
- Remove -DMUST_UNBLOCK_CHLD(=1) as this breaks waitchild(2) on linux
- Add upstream patch bash43-031
  The new nameref assignment functionality introduced in bash-4.3 did not perform
  enough validation on the variable value and would create variables with
  invalid names.
- Add upstream patch bash43-032
  When bash is running in Posix mode, it allows signals -- including SIGCHLD --
  to interrupt the `wait' builtin, as Posix requires.  However, the interrupt
  causes bash to not run a SIGCHLD trap for all exited children.  This patch
  fixes the issue and restores the documented behavior in Posix mode.
- Add upstream patch bash43-033
  Bash does not clean up the terminal state in all cases where bash or
  readline  modifies it and bash is subsequently terminated by a fatal signal.
  This happens when the `read' builtin modifies the terminal settings, both
  when readline is active and when it is not.  It occurs most often when a script
  installs a trap that exits on a signal without re-sending the signal to itself.
- Fix the sed command that fixes up the patch headers. It was
  printing a duplicate header line, which suprisingly did not
  confuse patch, but could in the future.
- Fix all patches that had the duplicate header line issue.
- Use tail command to follow run-tests instead of a simpe cat command
- Really remove obsolete patches
- Skip autoconf on OS 10.2 or older
- Avoid fdupes on SLES-10
- Bump bash version to 4.3
- Allow building on targets from SL 10.1 to current since it's free
- fix [bsc#1177579] -- wrong clamping of hexadecimal digits in dc
- deleted patches
  - bc-1.06-dc_ibase.patch (upstreamed)
- Use %license instead of %doc [bsc#1082318]
- Cleanup %doc section
- added patches
  Correct return value after 'q' [bsc#1129038]
  + bc-dc-correct-return-value.patch
- Update to version 1.07.1:
  * Fixed ibase extension causing problems for read()
  * Fixed parallel make problem.
  * Fixed dc "/Q"/ comanmd bug.
- Changes for version 1.07:
  * Added void functions.
  * fixes bug in load_code introduced by mathlib string storage in 1.06.
  * fix to get long options working.
  * signal code clean-up.
  * fixed a bug in the AVL tree routines.
  * fixed math library to work properly when called with ibase not 10.
  * fixed a symbol table bug when using more than 32 names.
  * removed a double free.
  * Added base 17 to 36 for ibase.
  * Fixed some memory leaks.
  * Various small tweaks and doc bug fixes.
- Drop no longer needed patches:
  * bc-1.06.95-memleak.patch
  * bc-1.06.95-matlib.patch
  * bc-1.06.95-sigintmasking.patch
- Refresh bc-1.06-dc_ibase.patch
- Add gpg signature
- Update url
- Correct info files scriplets and dependencies
- Clean up with spec-cleaner
- Add ncurses-devel as it is inherited from readline
- Explicitely pass without-libedit if we decide to switch for
  it at some point
- Add BuildRequires on makeinfo to fix Factory build
- update to upstream alpha 1.06.95 (2006-09-05), in use in other
  major distros for quite a long time (Debian, Fedora, Ubuntu, ...)
- add patches from Fedora
- automake dependency removed
- add automake as buildrequire to avoid implicit dependency
- Fix last change.
- Fix detection of empty opt_expression in the parser.
- * A broken inbound incremental zone update (IXFR)
    can cause named to terminate unexpectedly
    [CVE-2021-25214, bind-CVE-2021-25214.patch]
  * An assertion check can fail while answering queries
    for DNAME records that require the DNAME to be processed to resolve
    [CVE-2021-25215, bind-CVE-2021-25215.patch]
  * A second vulnerability in BIND's GSSAPI security
    policy negotiation can be targeted by a buffer overflow attack
    This does not affect this package as the affected code is
- pass PIE compiler and linker flags via environment variables to make
  /usr/bin/delv in bind-tools also position independent (bsc#1183453).
- drop pie_compile.diff: no longer needed, this patch is difficult to
  maintain, the environment variable approach is less error prone.
  [bsc#1183453, bind.spec, pie_compile.diff]
- /var/run is deprecated, replaced by /run
  [bsc#1185073, bind-replace-varrun-with-run.patch,
  bind-chrootenv.conf, vendor-files.tar.bz2]
- Removed baselibs.conf as SLE does not distribute 32 bit libraries.
- Added special make instruction for the "/Administrator Reference
  Manual"/ which is built using python3-Sphinx
  [bsc#1177983, bind.spec]
- Removed "/"/ from named.service as that
  leads to a systemd ordering cycle
  [bsc#1177491, bsc#1178626, bsc#1177991, vendor-files.tar.bz2]
- Add /usr/lib64/named to the files and directories in
  bind-chrootenv.conf. This directory contains plugins loaded
  after the chroot().
- Replaced named's dependency on time-sync with a dependency on time-set
  in named.service. The former leads to a dependency-loop.
- Removed "/dnssec-enable"/ from named.conf as it has been obsoleted.
  Added a comment for reference which should be removed
  in the future.
- Added a comment to the "/dnssec-validation"/ in named.conf
  with a reference to forwarders which do not return signed responses.
- Replaced an INSIST macro which calls abort with a test and a
  diagnostic output.
- Removed "/-r /dev/urandom"/ from all invocations of rndc-confgen
  (init/named system/lwresd.init system/named.init in vendor-files)
  as this option is deprecated and causes rndc-confgen to fail.
  [bsc#1173311, bsc#1176674, bsc#1170713, vendor-files.tar.bz2]
- /usr/bin/genDDNSkey: Removing the use of the -r option in the call
  of /usr/sbin/dnssec-keygen as BIND now uses the random number
  functions provided by the crypto library (i.e., OpenSSL or a
  PKCS#11 provider) as a source of randomness rather than /dev/random.
  Therefore the -r command line option no longer has any effect on
  dnssec-keygen. Leaving the option in genDDNSkey as to not break
  compatibility. Patch provided by Stefan Eisenwiener.
  [bsc#1171313, vendor-files.tar.bz2]
- Put libns into a separate subpackage to avoid file conflicts
  in the libisc subpackage due to different sonums (bsc#1176092).
- Require /sbin/start_daemon: both init scripts, the one used in
  systemd context as well as legacy sysv, make use of start_daemon.
- Upgrade to version 9.16.6
  Fixes five vilnerabilities:
  5481.   [security]      "/update-policy"/ rules of type "/subdomain"/ were
    incorrectly treated as "/zonesub"/ rules, which allowed
    keys used in "/subdomain"/ rules to update names outside
    of the specified subdomains. The problem was fixed by
    making sure "/subdomain"/ rules are again processed as
    described in the ARM. (CVE-2020-8624) [GL #2055]
  5480.   [security]      When BIND 9 was compiled with native PKCS#11 support, it
    was possible to trigger an assertion failure in code
    determining the number of bits in the PKCS#11 RSA public
    key with a specially crafted packet. (CVE-2020-8623)
    [GL #2037]
  5479.   [security]      named could crash in certain query resolution scenarios
    where QNAME minimization and forwarding were both
    enabled. (CVE-2020-8621) [GL #1997]
  5478.   [security]      It was possible to trigger an assertion failure by
    sending a specially crafted large TCP DNS message.
    (CVE-2020-8620) [GL #1996]
  5476.   [security]      It was possible to trigger an assertion failure when
    verifying the response to a TSIG-signed request.
    (CVE-2020-8622) [GL #2028]
  For the less severe bugs fixed, see the CHANGES file.
  [bsc#1175443, CVE-2020-8624, CVE-2020-8623, CVE-2020-8621,
  CVE-2020-8620, CVE-2020-8622]
- Added "//etc/bind.keys"/ to NAMED_CONF_INCLUDE_FILES in
  /etc/sysconfig/named to suppress warning message re
  missing file.
  [vendor-files.tar.bz2, bsc#1173983]
- Upgrade to version bind-9.16.5
  * The "/primary"/ and "/secondary"/ keywords, when used
    as parameters for "/check-names"/, were not
    processed correctly and were being ignored.
  * 'rndc dnstap -roll <value>' did not limit the number of
    saved files to <value>.
  * Add 'rndc dnssec -status' command.
  * Addressed a couple of situations where named could crash
  For the full list, see the CHANGES file in the source RPM.
- Changed /var/lib/named to owner root:named and perms rwxrwxr-t
  so that named, being a/the only member of the "/named"/ group
  has full r/w access yet cannot change directories owned by root
  in the case of a compromized named.
  [bsc#1173307, bind-chrootenv.conf]
- Upgrade to version bind-9.16.4
  Fixing two security problems:
  * It was possible to trigger an INSIST when determining
    whether a record would fit into a TCP message buffer.
  * It was possible to trigger an INSIST in
    lib/dns/rbtdb.c:new_reference() with a particular zone
    content and query patterns. (CVE-2020-8619)
  Also the following functional changes:
  * Reject DS records at the zone apex when loading
    master files. Log but otherwise ignore attempts to
    add DS records at the zone apex via UPDATE.
  * The default value of "/max-stale-ttl"/ has been changed
    from 1 week to 12 hours.
  * Zone timers are now exported via statistics channel.
    Thanks to Paul Frieden, Verizon Media.
  Added support for idn2 to spec file (Thanks to Holger Bruenjes
  More internal changes see the CHANGES file in the source RPM
  This update obsoletes
  [bsc#1172958, CVE-2020-8618, CVE-2020-8619,
- Upgrade to version bind-9.16.3
  Fixing two security problems:
  * Further limit the number of queries that can be triggered from
    a request.  Root and TLD servers are no longer exempt
    from max-recursion-queries.  Fetches for missing name server
    address records are limited to 4 for any domain. (CVE-2020-8616)
  * Replaying a TSIG BADTIME response as a request could trigger an
    assertion failure. (CVE-2020-8617)
  * Add engine support to OpenSSL EdDSA implementation.
  * Add engine support to OpenSSL ECDSA implementation.
  * Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
  * Warn about AXFR streams with inconsistent message IDs.
  * Make ISC rwlock implementation the default again.
  For more see CHANGS file in source RPM.
  [CVE-2020-8616, CVE-2020-8617, bsc#1171740, bind-9.16.3.tar.xz]
- bind needs an accurate clock, so wait for the
  to be reached before starting bind.
  [bsc#1170667, bsc#1170713, vendor-files.tar.bz2]
- Use sysusers.d to create named user
- Have only one package creating the user
- coreutils are not used in %post, remove Requires.
- Use systemd_ordering instead of hard requiring systemd
- Upgrade to version 9.16.1
  * UDP network ports used for listening can no longer simultaneously
    be used for sending traffic.
  * The system-provided POSIX Threads read-write lock implementation
    is now used by default instead of the native BIND 9 implementation.
  * Fixed re-signing issues with inline zones which resulted in records
    being re-signed late or not at all.
- Update download urls
- Do not enable geoip on old distros, the geoip db was shut down
  so we need to use geoip2 everywhere
- Upgrade to version 9.16.0
  Major upgrade, see
  CHANGES file in the source tree.
  Major functional change:
  * What was set with --with-tuning=large option in older BIND9
    versions is now a default, and a --with-tuning=small option was
    added for small (e.g. OpenWRT) systems.
  * A new "/dnssec-policy"/ option has been added to named.conf to
    implement a key and signing policy (KASP) for zones.
  * The command (and manpage) bind9-config have been dropped as the
    BIND 9 libraries are now purely internal.
  No patches became obsolete through the upgrade.
- Upgrade to bind-9.14.9
  bug fixes and feature improvements
- Upgrade to version 9.14.8:
  * Set a limit on the number of concurrently served pipelined TCP
  * Some other bug fixing, see CHANGES file.
  [CVE-2019-6477, bsc#1157051]
- Upgrade to version 9.14.7
  * removed dnsperf, idn, nslint, perftcpdns, query-loc-0.4.0,
    queryperf, sdb, zkt from contrib as they are not supported
    any more
  * Added support for the GeoIP2 API from MaxMind
  * See CHANGES file in the source RPM.
  * obsoletes bind-CVE-2018-5745.patch (bsc#1126068)
  * obsoletes bind-CVE-2019-6465.patch (bsc#1126069)
  * obsoletes bind-CVE-2018-5743.patch (bsc#1133185)
  * obsoletes bind-CVE-2019-6471.patch (bsc#1138687)
  [bsc#1111722, bsc#1156205, bsc#1126068, bsc#1126069, bsc#1133185,
  bsc#1138687, CVE-2019-6476, CVE-2019-6475,
  CVE-2019-6471, CVE-2018-5743, CVE-2019-6467, CVE-2019-6465,
  CVE-2018-5745, CVE-2018-5744, CVE-2018-5740, CVE-2018-5738,
  CVE-2018-5737, CVE-2018-5736, CVE-2017-3145, CVE-2017-3136,, bind-99-libidn.patch, perl-path.diff,
  bind-sdb-ldap.patch, bind-CVE-2017-3145.patch,
  bind-fix-fips.patch, bind-CVE-2018-5745.patch,
  bind-CVE-2019-6465.patch, bind-CVE-2018-5743.patch,
  bind-CVE-2019-6471.patch, CVE-2016-6170, bsc#1018700,
  bsc#1018701, bsc#1018702, bsc#1033466, bsc#1033467, bsc#1033468,
  bsc#1040039, bsc#1047184, bsc#1104129, bsc#906079, bsc#918330,
  bsc#936476, bsc#937028, bsc#939567, bsc#977657, bsc#983505,
  bsc#987866, bsc#989528, fate#320694, fate#324357, bnc#1127583,
  bnc#1127583, bnc#1109160]
- removal of SuSEfirewall2 service from Factory, since SuSEfirewall2 has been
  replaced by firewalld, see [1].
- Add FIPS patch back into bind (bsc#1128220)
- File: bind-fix-fips.patch
- Don't rely on /etc/insserv.conf anymore for proper dependencies
  against in named.service and lwresd.service
  (bsc#1118367 bsc#1118368)
- Update named.root. One of the root servers IP has changed.
- Install the LICENSE file.
- Add bind.conf and bind-chrootenv.conf to install the default
  files in /var/lib/named and create chroot environment on systems
  using transactional-updates [bsc#1100369] [FATE#325524].
- Cleanup pre/post install: remove all old code which was needed to
  update to SLES8.
- Fix a patch error in dnszone-schema file (bsc#901577)
- Add SPF records in dnszone-schema file (bsc#901577)
- Fix the hostname in ldapdump to be valid (bsc#965748)
- Patch file - bind-ldapdump-use-valid-host.patch
- Add bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
  Fixes dynamic DNS updates against samba and Microsoft DNS servers
- Move chroot related files from bind to bind-chrootenv
- Remove rndc.key generation from bind.spec file because bind
  should create it on first boot (bsc#1092283)
- Add misisng rndc.key check and generation code is lwresd.init
- build with --enable-filter-aaaa to make it possible to use
  config option "/filter-aaaa-on-v4 yes"/. Useful to workaround
  broken websites like netflix which block traffic from certain
  IPv6 tunnel providers. (bsc#1069633)
- Add /dev/urandom to chroot env
- Implement systemd init scripts for bind and lwresd (fate#323155)
- Apply bind-CVE-2017-3145.patch to fix CVE-2017-3145 (bsc#1076118)
- Use getent when adding user/group
- update changelog to mention removed options
- license changed to MPL-2.0 according to legal.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Add back init scripts, systemd units aren't ready yet
- Add python3-bind subpackage to allow python bind interactions
- Sync configure options with RH package and remove unused ones
  * Enable python3
  * Enable gssapi
  * Enable dnssec scripts
  * Remove no longer recognized --enable-rrl
- Drop idnkit from the build, the bind uses libidn since 2007 to run
  all the resolutions in dig/etc. bsc#1030306
- Add patch to make sure we build against system idn:
  * bind-99-libidn.patch
- Refresh patch:
  * pie_compile.diff
- Remove patches that are unused due to above:
  * idnkit-powerpc-ltconfig.patch
  * runidn.diff
- drop bind-openssl11.patch (merged upstream)
- Remove systemd conditionals as we are not building on sle11 anyway
- Force the systemd to be base for the initscript deployment
- Bump up version of most of the libraries
- Rename the subpackages to match the version updates
- Add macros for easier handling of the library package names
- Drop more unneeded patches
  * dns_dynamic_db.patch (upstream)
- Update to 9.11.2 release:
  * Many changes compared to 9.10 see the README file for in-depth listing
  * For detailed changes with issues see CHANGES file
  * Fixes for CVE-2017-3141 CVE-2017-3140 CVE-2017-3138 CVE-2017-3137
    CVE-3136 CVE-2016-9778
  * OpenSSL 1.1 support
- Remove support for some old distributions and cleanup the spec file
  to require only what is really needed
- Switch to systemd (bsc#1053808)
- Remove german from the postinst messages
- Remove patches merged upstream:
  * bind-CVE-2017-3135.patch
  * bind-CVE-2017-3142-and-3143.patch
- Refresh named.root with another update
- Use python3 by default (fate#323526)
- bind-openssl11.patch: add a patch for enabling
  openssl 1.1 support (builds for 1.0 and 1.1 openssl).
- Enable JSON statistics
- named.root: refreshed from internic to 2017060102 (bsc#1048729)
- Run systemctl daemon-reload even when this is not build with
  systemd support: if installing bind on a systemd service and not
  reloading systemd daemon, then the service 'named' is not known
  right after package installation, causing confusion.
- Added bind-CVE-2017-3142-and-3143.patch to fix a security issue
  where an attacker with the ability to send and receive messages
  to an authoritative DNS server was able to circumvent TSIG
  authentication of AXFR requests. A server that relies solely on
  TSIG keys for protection with no other ACL protection could be
  manipulated into (1) providing an AXFR of a zone to an
  unauthorized recipient and (2) accepting bogus Notify packets.
  [bsc#1046554, CVE-2017-3142, bsc#1046555, CVE-2017-3143]
- Fix named init script to dynamically find the location of the
  openssl engines (boo#1040027).
- Add with_systemd define with default off, since we still use init
  scripts and no systemd units.
- Don't require and call insserv if we use systemd
- Fix assertion failure or a NULL pointer read for configurations using both DNS64 and RPZ
  * CVE-2017-3135, bsc#1024130
  * bind-CVE-2017-3135.patch
- Update to latest release in the 9.10.X series
  * Security fixes in 9.10.4
  * Duplicate EDNS COOKIE options in a response could trigger an assertion failure.
    CVE-2016-2088. [RT #41809]
  * The resolver could abort with an assertion failure due to improper DNAME handling
    when parsing fetch reply messages. CVE-2016-1286. [RT #41753]
  * Malformed control messages can trigger assertions in named and rndc.
    CVE-2016-1285. [RT #41666]
  * Certain errors that could be encountered when printing out or logging an OPT record containing
    a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure. CVE-2015-8705. [RT #41397]
  * Specific APL data could trigger an INSIST. CVE-2015-8704. [RT #41396]
  * Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing
    a lookup. CVE-2015-8461. [RT#40945]
  * Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted,
    triggering a REQUIRE failure when those records were subsequently cached. CVE-2015-8000. [RT #40987]
  * For Features and other fixes in 9.10.4 see
  * Description of patch changes
  * BIND 9.10.4-P5 addresses the security issues described in CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444. [bsc#1018699]
  * BIND 9.10.4-P4 addresses the security issue described in CVE-2016-8864.
  * BIND 9.10.4-P3 addresses the security issue described in CVE-2016-2776 and addresses an interoperability issue with ECS clients.
  * BIND 9.10.4-P2 addresses the security issue described in CVE-2016-2775.
  * BIND 9.10.4-P1 addresses Windows installation issues, the %z modifier is not supported under Windows and
    a race condition in the rbt/rbtdb implementation resulting in named exiting due to assertion failures being detected.
  * Following patches removed, fixed upstream
  * cve-2016-2776.patch
  * cve-2016-8864.patch
- Apply cve-2016-8864.patch to fix CVE-2016-8864 (bsc#1007829).
- Apply cve-2016-2776.patch to fix CVE-2016-2776 (bsc#1000362).
- Remove the start/stop dependency of named and lwresd on remote-fs
  to break a service dependency cycle (bsc#947483, bsc#963971).
- Make /var/lib/named owned by the named user (bsc#908850,
- Call systemd service macros with the full service name.
- remove BuildRequire libcap. That is only a legacy library, not
  actually used for building. libcap-devel pulls in the right one.
- Security update 9.10.3-P4:
  * CVE-2016-1285, bsc#970072: assert failure on input parsing can
    cause premature exit.
  * CVE-2016-1286, bsc#970073: An error when parsing signature
    records for DNAME can lead to named exiting due to an assertion
  * CVE-2016-2088, bsc#970074: a deliberately misconstructed packet
    containing multiple cookie options to cause named to terminate
    with an assertion failure.
- drop a changing timestamp making build reproducible
- Build with --with-randomdev=/dev/urandom otherwise
  libisc will use /dev/random to gather entropy and that might
  block, short read etc..
- Security update 9.10.3-P3:
  * Specific APL data could trigger an INSIST (CVE-2015-8704,
  * Certain errors that could be encountered when printing out or
    logging an OPT record containing a CLIENT-SUBNET option could
    be mishandled, resulting in an assertion failure
    (CVE-2015-8705, bsc#962190).
  * Authoritative servers that were marked as bogus (e.g.
    blackholed in configuration or with invalid addresses) were
    being queried anyway.
- Update to version 9.10.3-P2 to fix a remote denial of service by
  misparsing incoming responses (CVE-2015-8000, bsc#958861).
- Avoid double %setup, it confuses some versions of quilt.
- Summary/description update
- Update to version 9.10.2-P4
  * An incorrect boundary boundary check in the OPENPGPKEY
    rdatatype could trigger an assertion failure.
    (CVE-2015-5986) [RT #40286] (bsc#944107)
  * A buffer accounting error could trigger an
    assertion failure when parsing certain malformed
    DNSSEC keys. (CVE-2015-5722) [RT #40212] (bsc#944066)
- Update to version 9.10.2-P3
  Security Fixes
  * A specially crafted query could trigger an assertion failure in message.c.
    This flaw was discovered by Jonathan Foote, and is disclosed in
    CVE-2015-5477. [RT #39795]
  * On servers configured to perform DNSSEC validation, an assertion failure
    could be triggered on answers from a specially configured server.
    This flaw was discovered by Breno Silveira Soares, and is disclosed
    in CVE-2015-4620. [RT #39795]
  Bug Fixes
  * Asynchronous zone loads were not handled correctly when the zone load was
    already in progress; this could trigger a crash in zt.c. [RT #37573]
  * Several bugs have been fixed in the RPZ implementation:
    + Policy zones that did not specifically require recursion could be treated
    as if they did; consequently, setting qname-wait-recurse no; was
    sometimes ineffective. This has been corrected. In most configurations,
    behavioral changes due to this fix will not be noticeable. [RT #39229]
    + The server could crash if policy zones were updated (e.g. via
    rndc reload or an incoming zone transfer) while RPZ processing
    was still ongoing for an active query. [RT #39415]
    + On servers with one or more policy zones configured as slaves, if a
    policy zone updated during regular operation (rather than at startup)
    using a full zone reload, such as via AXFR, a bug could allow the RPZ
    summary data to fall out of sync, potentially leading to an assertion
    failure in rpz.c when further incremental updates were made to the zone,
    such as via IXFR. [RT #39567]
    + The server could match a shorter prefix than what was
    available in CLIENT-IP policy triggers, and so, an unexpected
    action could be taken. This has been corrected. [RT #39481]
    + The server could crash if a reload of an RPZ zone was initiated while
    another reload of the same zone was already in progress. [RT #39649]
- Update to version 9.10.2-P2
  - An uninitialized value in validator.c could result in an assertion failure.
    (CVE-2015-4620) [RT #39795]
- Update to version 9.10.2-P1
  - Include client-ip rules when logging the number of RPZ rules of each type.
    [RT #39670]
  - Addressed further problems with reloading RPZ zones. [RT #39649]
  - Addressed a regression introduced in change #4121. [RT #39611]
  - The server could match a shorter prefix than what was available in
    CLIENT-IP policy triggers, and so, an unexpected action could be taken.
    This has been corrected. [RT #39481]
  - On servers with one or more policy zones configured as slaves, if a policy
    zone updated during regular operation (rather than at startup) using a full
    zone reload, such as via AXFR, a bug could allow the RPZ summary data to
    fall out of sync, potentially leading to an assertion failure in rpz.c when
    further incremental updates were made to the zone, such as via IXFR.
    [RT #39567]
  - A bug in RPZ could cause the server to crash if policy zones were updated
    while recursion was pending for RPZ processing of an active query.
    [RT #39415]
  - Fix a bug in RPZ that could cause some policy zones that did not
    specifically require recursion to be treated as if they did; consequently,
    setting qname-wait-recurse no; was sometimes ineffective. [RT #39229]
  - Asynchronous zone loads were not handled correctly when the zone load was
    already in progress; this could trigger a crash in zt.c. [RT #37573]
  - Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't
    result in a bug during operation. If the read failed, named could segfault.
    [RT #38559]
- Fix inappropriate use of /var/lib/named for locating dynamic-DB plugins.
  Dynamic-DB plugins are now loaded from %{_libexecdir}/bind, consistent with
  openSUSE packaging guideline.
- Install additional header files which are helpful to the development of
  dynamic-DB plugins.
- Depend on systemd macros and sysvinit on post-12.3 only.
- Create empty lwresd.conf at build time.
- Reduce file list pre-13.1.
- Update to version 9.10.2
  - Handle timeout in legacy system test. [RT #38573]
  - dns_rdata_freestruct could be called on a uninitialised structure when
    handling a error. [RT #38568]
  - Addressed valgrind warnings. [RT #38549]
  - UDP dispatches could use the wrong pseudorandom
    number generator context. [RT #38578]
  - Fixed several small bugs in automatic trust anchor management, including a
    memory leak and a possible loss of key state information. [RT #38458]
  - 'dnssec-dsfromkey -T 0' failed to add ttl field. [RT #38565]
  - Revoking a managed trust anchor and supplying an untrusted replacement
    could cause named to crash with an assertion failure.
    (CVE-2015-1349) [RT #38344]
  - Fix a leak of query fetchlock. [RT #38454]
  - Fix a leak of pthread_mutexattr_t. [RT #38454]
  - RPZ could send spurious SERVFAILs in response
    to duplicate queries. [RT #38510]
  - CDS and CDNSKEY had the wrong attributes. [RT #38491]
  - adb hash table was not being grown. [RT #38470]
- Update bind.keyring
- Update baselibs.conf due to updates to libdns160 and libisc148
- Enable export libraries to support plugin development.
  Install DNSSEC root key.
  Expose new interface for developing dynamic zone database.
  + dns_dynamic_db.patch
- PowerPC can build shared libraries for sure.
- Explicitly BuildRequire systemd-rpm-macros since it is used
  for lwresd %post etc. Then drop pre-12.x material.
- Corrections to baselibs.conf
- Update to version 9.10.1-P1
  - A flaw in delegation handling could be exploited to put named into an
    infinite loop.  This has been addressed by placing limits on the number of
    levels of recursion named will allow (default 7), and the number of
    iterative queries that it will send (default 50) before terminating a
    recursive query (CVE-2014-8500); (bnc#908994).
    The recursion depth limit is configured via the "/max-recursion-depth"/
    option, and the query limit via the "/max-recursion-queries"/ option.
    [RT #37580]
  - When geoip-directory was reconfigured during named run-time, the
    previously loaded GeoIP data could remain, potentially causing wrong ACLs
    to be used or wrong results to be served based on geolocation
    (CVE-2014-8680). [RT #37720]; (bnc#908995).
  - Lookups in GeoIP databases that were not loaded could cause an assertion
    failure (CVE-2014-8680). [RT #37679]; (bnc#908995).
  - The caching of GeoIP lookups did not always handle address families
    correctly, potentially resulting in an assertion failure (CVE-2014-8680).
    [RT #37672]; (bnc#908995).
- Convert some hard PreReq to leaner Requires(pre).
- Typographical and orthographic fixes to description texts.
- Fix bashisms in the createNamedConfInclude script.
- Post scripts: remove '-e' option of 'echo' that may be unsupported
  in some POSIX-compliant shells.
- Add openssl engines to the lwresd chroot.
- Add /etc/lwresd.conf with attribute ghost to the list of files.
- Add /run/lwresd to the list of files of the lwresd package.
- Shift /run/named from the chroot sub to the main bind package.
- Drop /proc from the chroot as multi CPU systems work fine even without it.
- Add a versioned dependency when obsoleting packages.
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
- Fix gssapi_krb configure time header detection.
- Update root zone (dated Nov 5, 2014).
- Update to version 9.10.1
  - This release addresses the security flaws described in CVE-2014-3214 and
- Update to version 9.10.0
  - DNS Response-rate limiting (DNS RRL), which blunts the impact of
    reflection and amplification attacks, is always compiled in and no longer
    requires a compile-time option to enable it.
  - An experimental "/Source Identity Token"/ (SIT) EDNS option is now available.
  - A new zone file format, "/map"/, stores zone data in a
    format that can be mapped directly into memory, allowing
    significantly faster zone loading.
  - "/delv"/ (domain entity lookup and validation) is a new tool with dig-like
    semantics for looking up DNS data and performing internal DNSSEC
  - Improved EDNS(0) processing for better resolver performance
    and reliability over slow or lossy connections.
  - Substantial improvement in response-policy zone (RPZ) performance.  Up to
    32 response-policy zones can be configured with minimal performance loss.
  - To improve recursive resolver performance, cache records which are still
    being requested by clients can now be automatically refreshed from the
    authoritative server before they expire, reducing or eliminating the time
    window in which no answer is available in the cache.
  - New "/rpz-client-ip"/ triggers and drop policies allowing
    response policies based on the IP address of the client.
  - ACLs can now be specified based on geographic location using the MaxMind
    GeoIP databases.  Use "/configure --with-geoip"/ to enable.
  - Zone data can now be shared between views, allowing multiple views to serve
    the same zones authoritatively without storing multiple copies in memory.
  - New XML schema (version 3) for the statistics channel includes many new
    statistics and uses a flattened XML tree for faster parsing. The older
    schema is now deprecated.
  - A new stylesheet, based on the Google Charts API, displays XML statistics
    in charts and graphs on javascript-enabled browsers.
  - The statistics channel can now provide data in JSON format as well as XML.
  - New stats counters track TCP and UDP queries received
    per zone, and EDNS options received in total.
  - The internal and export versions of the BIND libraries (libisc, libdns,
    etc) have been unified so that external library clients can use the same
    libraries as BIND itself.
  - A new compile-time option, "/configure --enable-native-pkcs11"/, allows BIND
    9 cryptography functions to use the PKCS#11 API natively, so that BIND can
    drive a cryptographic hardware service module (HSM) directly instead of
    using a modified OpenSSL as an intermediary.
  - The new "/max-zone-ttl"/ option enforces maximum TTLs for zones. This can
    simplify the process of rolling DNSSEC keys by guaranteeing that cached
    signatures will have expired within the specified amount of time.
  - "/dig +subnet"/ sends an EDNS CLIENT-SUBNET option when querying.
  - "/dig +expire"/ sends an EDNS EXPIRE option when querying.
  - New "/dnssec-coverage"/ tool to check DNSSEC key coverage for a zone and
    report if a lapse in signing coverage has been inadvertently scheduled.
  - Signing algorithm flexibility and other improvements
    for the "/rndc"/ control channel.
  - "/named-checkzone"/ and "/named-compilezone"/ can now read
    journal files, allowing them to process dynamic zones.
  - Multiple DLZ databases can now be configured.  Individual zones can be
    configured to be served from a specific DLZ database.  DLZ databases now
    serve zones of type "/master"/ and "/redirect"/.
  - "/rndc zonestatus"/ reports information about a specified zone.
  - "/named"/ now listens on IPv6 as well as IPv4 interfaces by default.
  - "/named"/ now preserves the capitalization of names
    when responding to queries.
  - new "/dnssec-importkey"/ command allows the use of offline
    DNSSEC keys with automatic DNSKEY management.
  - New "/named-rrchecker"/ tool to verify the syntactic
    correctness of individual resource records.
  - When re-signing a zone, the new "/dnssec-signzone -Q"/ option drops
    signatures from keys that are still published but are no longer active.
  - "/named-checkconf -px"/ will print the contents of configuration files with
    the shared secrets obscured, making it easier to share configuration (e.g.
    when submitting a bug report) without revealing private information.
  - "/rndc scan"/ causes named to re-scan network interfaces for
    changes in local addresses.
  - On operating systems with support for routing sockets, network interfaces
    are re-scanned automatically whenever they change.
  - "/tsig-keygen"/ is now available as an alternate command
    name to use for "/ddns-confgen"/.
- Update to version 9.9.6
  New Features
  - Support for CAA record types, as described in RFC 6844 "/DNS
    Certification Authority Authorization (CAA) Resource Record"/,
    was added. [RT#36625] [RT #36737]
  - Disallow "/request-ixfr"/ from being specified in zone statements where it
    is not valid (it is only valid for slave and redirect zones) [RT #36608]
  - Support for CDS and CDNSKEY resource record types was added. For
    details see the proposed Informational Internet-Draft "/Automating
    DNSSEC Delegation Trust Maintenance"/ at
    [RT #36333]
  - Added version printing options to various BIND utilities. [RT #26057]
    [RT #10686]
  - Added a "/no-case-compress"/ ACL, which causes named to use case-insensitive
    compression (disabling change #3645) for specified clients. (This is useful
    when dealing with broken client implementations that use case-sensitive
    name comparisons, rejecting responses that fail to match the capitalization
    of the query that was sent.) [RT #35300]
  Feature Changes
  - Adds RPZ SOA to the additional section of responses to clearly
    indicate the use of RPZ in a manner that is intended to avoid
    causing issues for downstream resolvers and forwarders [RT #36507]
  - rndc now gives distinct error messages when an unqualified zone
    name matches multiple views vs. matching no views [RT #36691]
  - Improves the accuracy of dig's reported round trip times.  [RT #36611]
  - When an SPF record exists in a zone but no equivalent TXT record
    does, a warning will be issued.  The warning for the reverse
    condition is no longer issued. See the check-spf option in the
    documentation for details. [RT #36210]
  - "/named"/ will now log explicitly when using rndc.key to configure
    command channel. [RT #35316]
  - The default setting for the -U option (setting the number of UDP
    listeners per interface) has been adjusted to improve performance.
    [RT #35417]
  - Aging of smoothed round-trip time measurements is now limited
    to no more than once per second, to improve accuracy in selecting
    the best name server. [RT #32909]
  - DNSSEC keys that have been marked active but have no publication
    date are no longer presumed to be publishable. [RT #35063]
  Bug Fixes
  - The Makefile in bin/python was changed to work around a bmake
    bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)
  - Corrected bugs in the handling of wildcard records by the DNSSEC
    validator: invalid wildcard expansions could be treated as valid
    if signed, and valid wildcard expansions in NSEC3 opt-out ranges
    had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]
  - When resigning, dnssec-signzone was removing all signatures from
    delegation nodes. It now retains DS and (if applicable) NSEC
    signatures.  [RT #36946]
  - The AD flag was being set inappopriately on RPZ responses. [RT #36833]
  - Updates the URI record type to current draft standard,
    draft-faltstrom-uri-08, and allows the value field to be zero
    length [RT #36642] [RT #36737]
  - RRSIG sets that were not loaded in a single transaction at start
    up were not being correctly added to re-signing heaps.  [RT #36302]
  - Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]
  - A race condition could cause a crash in isc_event_free during
    shutdown.  [RT #36720]
  - Addresses a race condition issue in dispatch. [RT #36731]
  - acl elements could be miscounted, causing a crash while loading
    a config [RT #36675]
  - Corrects a deadlock between view.c and adb.c. [RT #36341]
  - liblwres wasn't properly handling link-local addresses in
    nameserver clauses in resolv.conf. [RT #36039]
  - Buffers in isc_print_vsnprintf were not properly initialized
    leading to potential overflows when printing out quad values.
    [RT #36505]
  - Don't call qsort() with a null pointer, and disable the GCC 4.9
    "/delete null pointer check"/ optimizer option. This fixes problems
    when using GNU GCC 4.9.0 where its compiler code optimizations
    may cause crashes in BIND. For more information, see the operational
    advisory at [RT #35968]
  - Fixed a bug that could cause repeated resigning of records in
    dynamically signed zones. [RT #35273]
  - Fixed a bug that could cause an assertion failure after forwarding
    was disabled. [RT #35979]
  - Fixed a bug that caused SERVFAILs when using RPZ on a system
    configured as a forwarder. [RT #36060]
  - Worked around a limitation in Solaris's /dev/poll implementation
    that could cause named to fail to start when configured to use
    more sockets than the system could accomodate. [RT #35878]
- Remove merged rpz2+rl-9.9.5.patch and obsoleted rpz2+rl-9.9.5.patch
- Removed pid-path.diff patch as /run/{named,lwresd}/ are used by default.
- Update baselibs.conf (added libirs and library interface version updates).
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- Add binutils-fix-relax.diff to fix linking relaxation problems
  with old object files hitting some enterprise software. [bsc#1179341]
- Update binutils-2.35-branch.diff.gz to commit 1c5243df:
  * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with
    certain DWARF variable descriptions.
  * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878,
    PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869,
  * The above includes fixes for dwo files produced by modern dwp,
    fixing several problems in the DWARF reader.
- Reapply spec file cleanup from format_spec_file
- Remove a SLE10 version check
- Update to 2.35.1 and rebased branch diff:
  * This is a point release over the previous 2.35 version, containing bug
  fixes, and as an exception to the usual rule, one new feature.  The
  new feature is the support for a new directive in the assembler:
  "/.nop"/.  This directive creates a single no-op instruction in whatever
  encoding is correct for the target architecture.  Unlike the .space or
  .fill this is a real instruction, and it does affect the generation of
  DWARF line number tables, should they be enabled.
- Update binutils-2.35-branch.diff.gz to commit 23f268a0:
  * Add xBPF target
  * Fix various problems with DWARF 5 support in gas
- Toolchain module update for SLE15 [jsc#ECO-2373]
- Includes changes that were SLE-only in binutils-add-z15-name.diff
  for [bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464]
- Amend binutils-revert-plt32-in-branches.diff to adjust also new
- Add binutils-2.35-branch.diff.gz: it includes fix for
  nm -B for objects compiled with -flto and -fcommon.
- Add binutils-revert-nm-symversion.diff to be compatible with old
  output of nm relied on in scripts.
- Add binutils-fix-abierrormsg.diff to work around an eager (new)
  error message occuring without inputs and as-needed (affects
  nvme-cli build).
- Update to binutils 2.35:
  * The asseembler can now produce DWARF-5 format line number tables.
  * Readelf now has a "/lint"/ mode to enable extra checks of the files it is processing.
  * Readelf will now display "/[...]"/ when it has to truncate a symbol name.
    The old behaviour - of displaying as many characters as possible, up to
    the 80 column limit - can be restored by the use of the --silent-truncation
  * The linker can now produce a dependency file listing the inputs that it
    has processed, much like the -M -MP option supported by the compiler.
- Regenerate add-ulp-section.diff with -p1 due to a fuzzing issue.
- Remove binutils-2.34-branch.diff.gz.
- Regenerate binutils-build-as-needed.diff due to a fuzzing issue.
- Regenerate binutils-fix-invalid-op-errata.diff as one hunk was upstreamed.
- Remove upstreamed patch binutils-pr25593.diff.
- Regenerate unit-at-a-time.patch due to a fuzzing issue.
- Regenerate binutils-revert-plt32-in-branches.diff.
- Update binutils-2.34-branch.diff.gz.
- Remove fix-try_load_plugin.patch as it is part
  of the updated binutils-2.34-branch.diff.gz patch.
- Add binutils-pr25593.diff to fix DT_NEEDED order with -flto
- Update fix-try_load_plugin.patch to latest version.
- Add fix-try_load_plugin.patch in order to fix fallback caused
  by backport for PR25355.
- Update to binutils 2.34:
  * The disassembler (objdump --disassemble) now has an option to
    generate ascii art thats show the arcs between that start and end
    points of control flow instructions.
  * The binutils tools now have support for debuginfod.  Debuginfod is a
    HTTP service for distributing ELF/DWARF debugging information as
    well as source code.  The tools can now connect to debuginfod
    servers in order to download debug information about the files that
    they are processing.
  * The assembler and linker now support the generation of ELF format
    files for the Z80 architecture.
- Rename and get binutils-2.34-branch.diff.gz (boo#1160254).
- Rebase add-ulp-section.diff, binutils-revert-plt32-in-branches.diff,
  cross-avr-size.patch and binutils-skip-rpaths.patch.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to boo#1163333.
- Includes fixes for these CVEs:
  bnc#1153768 aka CVE-2019-17451 aka PR25070
  bnc#1153770 aka CVE-2019-17450 aka PR25078
- Disable LTO during testsuite run
- Add binutils-fix-invalid-op-errata.diff to fix various
  build fails on aarch64 (PR25210, bsc#1157755).
- Add add-ulp-section.diff for user space live patching.
- Update to binutils 2.33.1:
  * Adds support for the Arm Scalable Vector Extension version 2
    (SVE2) instructions, the Arm Transactional Memory Extension (TME)
    instructions and the Armv8.1-M Mainline and M-profile Vector
    Extension (MVE) instructions.
  * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
    processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
    Cortex-A76AE, and Cortex-A77 processors.
  * Adds a .float16 directive for both Arm and AArch64 to allow
    encoding of 16-bit floating point literals.
  * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
    Loongson3 LLSC Errata.  Add a --enable-mips-fix-loongson3-llsc=[yes|no]
    configure time option to set the default behavior. Set the default
    if the configure option is not used to "/no"/.
  * The Cortex-A53 Erratum 843419 workaround now supports a choice of
    which workaround to use.  The option --fix-cortex-a53-843419 now
    takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
    which can be used to force a particular workaround to be used.
    See --help for AArch64 for more details.
  * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
    GNU_PROPERTY_AARCH64_FEATURE_1_PAC  in ELF GNU program properties
    in the AArch64 ELF linker.
  * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on inputs and use PLTs protected with BTI.
  * Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
  * Add --source-comment[=<txt>] option to objdump which if present,
    provides a prefix to source code lines displayed in a disassembly.
  * Add --set-section-alignment <section-name>=<power-of-2-align>
    option to objcopy to allow the changing of section alignments.
  * Add --verilog-data-width option to objcopy for verilog targets to
    control width of data elements in verilog hex format.
  * The separate debug info file options of readelf (--debug-dump=links
    and --debug-dump=follow) and objdump (--dwarf=links and
  - -dwarf=follow-links) will now display and/or follow multiple
    links if more than one are present in a file.  (This usually
    happens when gcc's -gsplit-dwarf option is used).
    In addition objdump's --dwarf=follow-links now also affects its
    other display options, so that for example, when combined with
  - -syms it will cause the symbol tables in any linked debug info
    files to also be displayed.  In addition when combined with
  - -disassemble the --dwarf= follow-links option will ensure that
    any symbol tables in the linked files are read and used when
    disassembling code in the main file.
  * Add support for dumping types encoded in the Compact Type Format
    to objdump and readelf.
- Includes fixes for these CVEs:
  bnc#1126826 aka CVE-2019-9077 aka PR1126826
  bnc#1126829 aka CVE-2019-9075 aka PR1126829
  bnc#1126831 aka CVE-2019-9074 aka PR24235
  bnc#1140126 aka CVE-2019-12972 aka PR23405
  bnc#1143609 aka CVE-2019-14444 aka PR24829
  bnc#1142649 aka CVE-2019-14250 aka PR90924
- Remove patches that are now included in the release:
  binutils-2.32-branch.diff.gz, binutils-fix-ld-segv.diff,
  binutils-pr24486.patch, riscv-abi-check.patch,
- Add binutils-2.33-branch.diff.gz patch.
- Rebase binutils-revert-plt32-in-branches.diff and
  cross-avr-size.patch patch.
- Add binutils-fix-ld-segv.diff to fix a segfault in ld
  when building some versions of pacemaker.  [bsc#1154025,
- Add avr, epiphany and rx to target_list so that the common
  binutils can handle all objects we can create with crosses.
- Update to current 2.32 branch @7b468db3 adding
  binutils-2.32-branch.diff.gz [jsc#ECO-368].
- Includes fixes for these CVEs:
  bsc#1109412 aka CVE-2018-17358 aka PR23686
  bsc#1109413 aka CVE-2018-17359 aka PR23686
  bsc#1109414 aka CVE-2018-17360 aka PR23685
  bsc#1111996 aka CVE-2018-18309 aka PR23770
  bsc#1112534 aka CVE-2018-18484 aka GCC PR87636
  bsc#1112535 aka CVE-2018-18483 aka PR23767
  bsc#1113247 aka CVE-2018-18607 aka PR23805
  bsc#1113252 aka CVE-2018-18606 aka PR23806
  bsc#1113255 aka CVE-2018-18605 aka PR23804
  bsc#1116827 aka CVE-2018-17985 aka GCC PR87335
  bsc#1118830 aka CVE-2018-19932 aka PR23932
  bsc#1118831 aka CVE-2018-19931 aka PR23942
  bsc#1120640 aka CVE-2018-1000876 aka PR23994
  bsc#1121034 aka CVE-2018-20651 aka PR24041
  bsc#1121035 aka CVE-2018-20623 aka PR24049
  bsc#1121056 aka CVE-2018-20671 aka PR24005
  bsc#1142772 aka CVE-2019-1010180 aka PR23657
- Refresh s390-biarch.diff and
  binutils-revert-plt32-in-branches.diff .
- For the SLE12 package this also removes patches
  binutils-z13-1.diff, binutils-z13-2.diff,
  binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff .
- enable xtensa architecture (Tensilica lc6 and related)
- Fix SUSE typo in README package name
- Use -ffat-lto-objects in order to provide assembly for static libs
Fake entry for SLE12 package variant only:
- Add support for new z13 instructions. [fate#327074, jsc#SLE-6206,
  Adds patches binutils-z13-1.diff, binutils-z13-2.diff,
  binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff .
- Add binutils-pr24486.patch: fix for PR24486 (boo#1133131 boo#1133232).
- Add rx-gas-padding-pr24464.patch: fix for PR24464.
- riscv-abi-check.patch: Don't check ABI flags if no code section
- Add binutils.keyring and verify signature.
- Add disk and RAM (for ppc, ppc64 and ppc64le) constraint with _constraints.
- Update to binutils 2.32:
  * The binutils now support for the C-SKY processor series.
  * The x86 assembler now supports a -mvexwig=[0|1] option to control
    encoding of VEX.W-ignored (WIG) VEX instructions.
    It also has a new -mx86-used-note=[yes|no] option to generate (or
    not) x86 GNU property notes.
  * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2),
    the Loongson EXTensions (EXT) instructions, the Loongson Content
    Address Memory (CAM) ASE and the Loongson MultiMedia extensions
    Instructions (MMI) ASE.
  * The addr2line, c++filt, nm and objdump tools now have a default
    limit on the maximum amount of recursion that is allowed whilst
    demangling strings.  This limit can be disabled if necessary.
  * Objdump's --disassemble option can now take a parameter,
    specifying the starting symbol for disassembly.  Disassembly will
    continue from this symbol up to the next symbol or the end of the
  * The BFD linker will now report property change in linker map file
    when merging GNU properties.
  * The BFD linker's -t option now doesn't report members within
    archives, unless -t is given twice.  This makes it more useful
    when generating a list of files that should be packaged for a
    linker bug report.
  * The GOLD linker has improved warning messages for relocations that
    refer to discarded sections.
- Remove binutils-2.31-branch.diff.gz, fix-pr23919-1.diff,
  fix-pr23919-2.diff, fix-pr23919-3.diff,
  gold-depend-on-opcodes.diff and s390-relro.diff.
- Refresh binutils-skip-rpaths.patch, s390-biarch.diff, cross-avr-size.patch
  and binutils-revert-plt32-in-branches.diff.
- Add s390-relro.diff to improve relro support on s390
- Fix the fix for PR23919 [bsc#1118644]:
  rename handle-ELF-compressed-header-alignment-correctly-by-.patch
  to fix-pr23919-1.diff and add fix-pr23919-2.diff
  and fix-pr23919-3.diff .
- Add handle-ELF-compressed-header-alignment-correctly-by-.patch:
- Update to binutils-2_31-branch @e51abf7e3, minor bugfixes in
  the support for the X86_ISA_1_* notes.  Adds
  patch binutils-2.31-branch.diff.gz .
- Add binutils-revert-plt32-in-branches.diff on anything older
  than Tumbleweed to not break old tools not expecting
  PLT32 instead of PC32 relocs on x86_64.
- Includes fixes for these CVEs:
  * from 2.30:
    bnc#1065643 aka CVE-2017-15996 aka PR22361
    bnc#1065689 aka CVE-2017-15939 aka PR22205
    bnc#1065693 aka CVE-2017-15938 aka PR22209
    bnc#1068640 aka CVE-2017-16826 aka PR22376
    bnc#1068643 aka CVE-2017-16832 aka PR22373
    bnc#1068887 aka CVE-2017-16831 aka PR22385
    bnc#1068888 aka CVE-2017-16830 aka PR22384
    bnc#1068950 aka CVE-2017-16829 aka PR22307
    bnc#1069176 aka CVE-2017-16828 aka PR22386
    bnc#1069202 aka CVE-2017-16827 aka PR22306
  * from 2.31:
    bnc#1077745 aka CVE-2018-6323  aka PR22746
    bnc#1079103 aka CVE-2018-6543  aka PR22769
    bnc#1079741 aka CVE-2018-6759  aka PR22794
    bnc#1080556 aka CVE-2018-6872  aka PR22788
    bnc#1081527 aka CVE-2018-7208  aka PR22741
    bnc#1083528 aka CVE-2018-7570  aka PR22881
    bnc#1083532 aka CVE-2018-7569  aka PR22895
    bnc#1086608 aka CVE-2018-8945  aka PR22809
    bnc#1086784 aka CVE-2018-7643  aka PR22905
    bnc#1086786 aka CVE-2018-7642  aka PR22887
    bnc#1086788 aka CVE-2018-7568  aka PR22894
    bnc#1090997 aka CVE-2018-10373 aka PR23065
    bnc#1091015 aka CVE-2018-10372 aka PR23064
    bnc#1091365 aka CVE-2018-10535 aka PR23113
    bnc#1091368 aka CVE-2018-10534 aka PR23110
- Removes binutils-fix-pr21964.diff as it's included in 2.31.
  Rebase testsuite.diff and aarch64-common-pagesize.patch .
- Disable -z separate-code everywhere but in Tumbleweed.
- Update to binutils 2.31
  * The AArch64 port now supports showing disassembly notes which are emitted
    when inconsistencies are found with the instruction that may result in the
    instruction being invalid.  These can be turned on with the option -M notes
    to objdump.
  * The AArch64 port now emits warnings when a combination of an instruction and
    a named register could be invalid.
  * Added O modifier to ar to display member offsets inside an archive
  * The ADR and ADRL pseudo-instructions supported by the ARM assembler
    now only set the bottom bit of the address of thumb function symbols
    if the -mthumb-interwork command line option is active.
  * Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU
    Build Attribute notes if none are present in the input sources.  Add a
  - -enable-generate-build-notes=[yes|no] configure time option to set the
    default behaviour.  Set the default if the configure option is not used
    to "/no"/.
  * Remove -mold-gcc command-line option for x86 targets.
  * Add -O[2|s] command-line options to x86 assembler to enable alternate
    shorter instruction encoding.
  * Add support for .nops directive.  It is currently supported only for
    x86 targets.
  * Speed up direct linking with DLLs for Cygwin and Mingw targets.
  * Add a configure option --enable-separate-code to decide whether
  - z separate-code should be enabled in ELF linker by default.  Default
    to yes for Linux/x86 targets.  Note that -z separate-code can increase
    disk and memory size.
  * Includes riscv-relax-size.patch, riscv-relax-relocatable.patch,
    riscv-relax-versioned-hidden.patch and riscv-wrap-relax.patch
- Refresh enable-targets-gold.diff.
- Adjust cross-avr-omit_section_dynsym.patch.
- Remove binutils-2.30-branch.diff.
- riscv-relax-versioned-hidden.patch: RISC-V: Fix symbol address problem
  with versioned symbols (PR ld/22756)
- Restore riscv64-elf cross prefix via symlinks
- Fix pacemaker libqb problem with section start/stop
  symbols, aka PR21964.  [bnc#1075418]
  Adds binutils-fix-pr21964.diff .
  (this is a change from SLE12, that was already included in 2.31
  binutils tree, mentioned for completeness to not loose tracking)
- riscv-relax-relocatable.patch: RISC-V: Don't enable relaxation in
  relocatable link
- Update binutils-2.30-branch.diff: 2.30 branch @7c78c26eefbb8
  * Includes more complete fix for PR20882.
  * Includes fix for PR22836.  [boo#1085784]
  * Includes fix for PR22983.
- riscv-relax-size.patch: Fix symbol size bug when relaxation deletes bytes
- Add binutils-pr22868.diff to fix testsuite fails in LLVM.
- Update to binutils 2.30
  * Add --debug-dump=links option to readelf and --dwarf=links option to objdump
    which displays the contents of any .gnu_debuglink or .gnu_debugaltlink
    Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links
    option to objdump which causes indirect links into separate debug info files
    to be followed when dumping other DWARF sections.
  * Add support for loaction views in DWARF debug line information.
  * Add -z separate-code to generate separate code PT_LOAD segment.
  * Add "/-z undefs"/ command line option as the inverse of the "/-z defs"/ option.
  * Add -z globalaudit command line option to force audit libraries to be run
    for every dynamic object loaded by an executable - provided that the loader
    supports this functionality.
  * Tighten linker script grammar around file name specifiers to prevent the use
    of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames.  These would
    previously be accepted but had no effect.
  * The EXCLUDE_FILE directive can now be placed within any SORT_* directive
    within input section lists.
- binutils-2.30-branch.diff: 2.30 branch @4cd0043413
- riscv-wrap-relax.patch: Fix linker relaxation with --wrap
- Remove use-hashtype-both-by-default.diff, use
  - -enable-default-hash-style=both instead
- Remove binutils-2.29-branch.diff, s390x-8fe09d7.diff
- Use riscv64-suse-linux as target for cross-riscv64-binutils
- Drop bc BuildRequires: no longer needed.
- Add riscv64 to %target_list
- Add arm-none-eabi symlinks (bsc#1074741)
- Add s390x-8fe09d7.diff to fix typo in ELF notes.
- Update binutils-2.29-branch.diff to @a45d8fd5ffbf888 fixing PR 22220.
- Update to 2.29.1 release, accumulating bugfixes.
- Update binutils-2.29-branch.diff to @a38a1d80 and to be
  relative to the 2.29.1 release fixing following PRs/bnc/CVE:
  22058 [bnc#1057149, CVE-2017-14130]
  21813 [bnc#1052503, CVE-2017-12456, bnc#1052507, CVE-2017-12454,
    bnc#1052509, CVE-2017-12453, bnc#1052511, CVE-2017-12452,
    bnc#1052514, CVE-2017-12450, bnc#1052503, CVE-2017-12456,
    bnc#1052507, CVE-2017-12454, bnc#1052509, CVE-2017-12453,
    bnc#1052511, CVE-2017-12452, bnc#1052514, CVE-2017-12450]
  22148 [bnc#1060599, CVE-2017-14745]
  22163 [bnc#1061241, CVE-2017-14974]
  21933 [bnc#1053347, CVE-2017-12799]
  21787 [bnc#1052518, CVE-2017-12448]
  22018 [bnc#1056312, CVE-2017-13757]
  22170 [bnc#1060621, CVE-2017-14729]
  22047 [bnc#1057144, CVE-2017-14129]
  22059 [bnc#1057139, CVE-2017-14128]
  21990 [bnc#1058480, CVE-2017-14333]
  22113 [bnc#1059050, CVE-2017-14529]
  as well as these PRs:
  22061, 21786, 21916, 21994, 22064, 21995, 21909, 21441, 22060,
  22067, 22032, 21820, 22048, 22199, 21781, 21824, 21861, 22150.
- Update to 2.29 (@5d25156), upstream fix for PR21884, as
  well as PRs 18808 18841 21840 21988 21910 21962 21964.
- Last fixes for PR21884 weren't complete, adjust
  binutils-2.29-branch.diff some more for this.
- Update to 2.29 branch (@de44148c), fixing PR21884, a segfault
  in ld while building memtest86+ .
  Changes binutils-2.29-branch.diff.
- Update to 2.29 branch, fixing PR21847, affecting the ppc64le
  ABI in corner cases since 2.29 release.
  Adds binutils-2.29-branch.diff.
- Remove binutils-2.29-gold-mips.patch, obsolete by the update.
- Add binutils-2.29-gold-mips.patch to fix build on SLE-11.
- Update to binutils 2.29. [fate#321454, fate#321494, fate#323293]
- Fixes these security-related PRs/bnc/CVEs:
  18750 [bsc#1030296, CVE-2014-9939]
  20891 [bsc#1030585, CVE-2017-7225]
  20892 [bsc#1030588, CVE-2017-7224]
  20898 [bsc#1030589, CVE-2017-7223]
  20905 [bsc#1030584, CVE-2017-7226]
  20908 [bsc#1031644, CVE-2017-7299]
  20909 [bsc#1031656, CVE-2017-7300]
  20921 [bsc#1031595, CVE-2017-7302]
  20922 [bsc#1031593, CVE-2017-7303]
  20924 [bsc#1031638, CVE-2017-7301]
  20931 [bsc#1031590, CVE-2017-7304]
  21409 [bsc#1037052, CVE-2017-8392]
  21412 [bsc#1037057, CVE-2017-8393]
  21414 [bsc#1037061, CVE-2017-8394]
  21432 [bsc#1037066, CVE-2017-8396]
  21440 [bsc#1037273, CVE-2017-8421]
  21580 [bsc#1044891, CVE-2017-9746]
  21581 [bsc#1044897, CVE-2017-9747]
  21582 [bsc#1044901, CVE-2017-9748]
  21587 [bsc#1044909, CVE-2017-9750]
  21594 [bsc#1044925, CVE-2017-9755]
  21595 [bsc#1044927, CVE-2017-9756]
- Feature changes:
  * The MIPS port now supports microMIPS eXtended Physical Addressing (XPA)
    instructions for assembly and disassembly.
  * The MIPS port now supports the microMIPS Release 5 ISA for assembly and
  * The MIPS port now supports the Imagination interAptiv MR2 processor,
    which implements the MIPS32r3 ISA, the MIPS16e2 ASE as well as a couple
    of implementation-specific regular MIPS and MIPS16e2 ASE instructions.
  * The SPARC port now supports the SPARC M8 processor, which implements the
    Oracle SPARC Architecture 2017.
  * The MIPS port now supports the MIPS16e2 ASE for assembly and disassembly.
  * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.
  * Add support for the wasm32 ELF conversion of the WebAssembly file format.
  * Add --inlines option to objdump, which extends the --line-numbers option
    so that inlined functions will display their nesting information.
  * Add --merge-notes options to objcopy to reduce the size of notes in
    a binary file by merging and deleting redundant notes.
  * Add support for locating separate debug info files using the build-id
    method, where the separate file has a name based upon the build-id of
    the original file.
  * Add support for ELF SHF_GNU_MBIND.
  * Add support for the WebAssembly file format and wasm32 ELF conversion.
  * PowerPC gas now checks that the correct register class is used in
    instructions.  For instance, "/addi %f4,%cr3,%r31"/ warns three times
    that the registers are invalid.
  * Add support for the Texas Instruments PRU processor.
  * Support for the ARMv8-R architecture and Cortex-R52 processor has been
    added to the ARM port.
  GNU ld
  * Support for -z shstk in the x86 ELF linker to generate
    GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties.
  * Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program
    properties in the x86 ELF linker.
  * Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program
    properties in the x86 ELF linker.
  * Support for -z ibtplt in the x86 ELF linker to generate IBT-enabled
  * Support for -z ibt in the x86 ELF linker to generate IBT-enabled
    PLT as well as GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program
  * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.
  * Add support for ELF GNU program properties.
  * Add support for the Texas Instruments PRU processor.
  * When configuring for arc*-*-linux* targets the default linker emulation will
    change if --with-cpu=nps400 is used at configure time.
  * Improve assignment of LMAs to orphan sections in some edge cases where a
    mixture of both AT>LMA_REGION and AT(LMA) are used.
  * Orphan sections placed after an empty section that has an AT(LMA) will now
    take an load memory address starting from LMA.
  * Section groups can now be resolved (the group deleted and the group members
    placed like normal sections) at partial link time either using the new
    linker option --force-group-allocation or by placing FORCE_GROUP_ALLOCATION
    into the linker script.
- Includes binutils-bso21193.diff, binutils-bso21333.diff and
- Remove ld-dtags.diff, instead configure with --enable-new-dtags.
- Refresh binutils-build-as-needed.diff.
- Remove binutils-2.28-branch.diff.
- Add riscv64 target, tested with gcc7 and downstream newlib 2.4.0
  * Prepare riscv32 target (gh#riscv/riscv-newlib#8)
- Update binutils-2.28-branch.diff.
- Make compressed debug section handling explicit, disable for
  old products and enable for gas on all architectures otherwise.
- Add binutils-bso21333.diff.  [boo#1029995]
- Remove empty rpath component removal optimization from
  binutils-skip-rpaths.patch to workaround CMake rpath handling.
- Add fix-security-bugs.diff to fix bnc#1029907, bnc#1029908,
  bnc#1029909 and more.  Upstream bugs fixed:
  PR 21135 [bsc#1030298, CVE-2017-7209],
  PR 21137 [bsc#1029909, CVE-2017-6965],
  PR 21139 [bsc#1029908, CVE-2017-6966],
  PR 21156 [bsc#1029907, CVE-2017-6969],
  PR 21157 [bsc#1030297, CVE-2017-7210],
  PR 21147, PR 21148, PR 21149, PR 21150, PR 21151, PR 21155,
  PR 21158, PR 21159
- Update to binutils 2.28.
  * Add support for locating separate debug info files using the build-id
    method, where the separate file has a name based upon the build-id of
    the original file.
  * This version of binutils fixes a problem with PowerPC VLE 16A and 16D
    relocations which were functionally swapped, for example,
    R_PPC_VLE_HA16A performed like R_PPC_VLE_HA16D while R_PPC_VLE_HA16D
    performed like R_PPC_VLE_HA16A.  This could have been fixed by
    renumbering relocations, which would keep object files created by an
    older version of gas compatible with a newer ld.  However, that would
    require an ABI update, affecting other assemblers and linkers that
    create and process the relocations correctly.  It is recommended that
    all VLE object files be recompiled, but ld can modify the relocations
    if --vle-reloc-fixup is passed to ld.  If the new ld command line
    option is not used, ld will ld warn on finding relocations inconsistent
    with the instructions being relocated.
  * The nm program has a new command line option (--with-version-strings)
    which will display a symbol's version information, if any, after the
    symbol's name.
  * The ARC port of objdump now accepts a -M option to specify the extra
    instruction class(es) that should be disassembled.
  * The --remove-section option for objcopy and strip now accepts section
    patterns starting with an exclamation point to indicate a non-matching
    section.  A non-matching section is removed from the set of sections
    matched by an earlier --remove-section pattern.
  * The --only-section option for objcopy now accepts section patterns
    starting with an exclamation point to indicate a non-matching section.
    A non-matching section is removed from the set of sections matched by
    an earlier --only-section pattern.
  * New --remove-relocations=SECTIONPATTERN option for objcopy and strip.
    This option can be used to remove sections containing relocations.
    The SECTIONPATTERN is the section to which the relocations apply, not
    the relocation section itself.
  * Add support for the RISC-V architecture.
  * Add support for the ARM Cortex-M23 and Cortex-M33 processors.
  GNU ld
  * The EXCLUDE_FILE linker script construct can now be applied outside of the
    section list in order for the exclusions to apply over all input sections
    in the list.
  * Add support for the RISC-V architecture.
  * The command line option --no-eh-frame-hdr can now be used in ELF based
    linkers to disable the automatic generation of .eh_frame_hdr sections.
  * Add --in-implib=<infile> to the ARM linker to enable specifying a set of
    Secure Gateway veneers that must exist in the output import library
    specified by --out-implib=<outfile> and the address they must have.
    As such, --in-implib is only supported in combination with --cmse-implib.
  * Extended the --out-implib=<file> option, previously restricted to x86 PE
    targets, to any ELF based target.  This allows the generation of an import
    library for an ELF executable, which can then be used by another application
    to link against the executable.
  * Add -z bndplt option (x86-64 only) to support Intel MPX.
  * Add --orphan-handling option.
  * Add --stub-group-multi option (PowerPC only).
  * Add --target1-rel, --target1-abs, --target2 options (Arm only).
  * Add -z stack-size option.
  * Add --be8 option (Arm only).
  * Add HIDDEN support in linker scripts.
  * Add SORT_BY_INIT_PRIORITY support in linker scripts.
- Add binutils-2.28-branch.diff.
- Remove binutils-2.27-branch.diff
- Remove binutils-2.27-fix-section-order.diff,
  and aarch64-alignment-frags.patch now upstream.
- Configure with --with-system-zlib
- Add binutils-bso21193.diff to fix section alignment on
  .gnu_debuglink.  [bso#21193]
- Add s390x to gold_archs.
- Fix alignment frags for aarch64 (boo#1003846)
- Call ldconfig for libbfd
- Add refine_.cfi_sections_check_to_only_consider_compact_eh_frame.patch
  from upstream to fix an assembler problem with clang on ARM.
- Update binutils-2.27-branch.diff to include recent fixes from the branch.
- Add binutils-2.27-fix-section-order.diff to restore monotonically
  increasing section offsets.
- Remove qemu workaround from spec file, since qemu 2.5.0rc0 the
  length of the argument list is no longer limited to 128 kByte.
- Update to binutils 2.27.
  * Add a configure option, --enable-64-bit-archive, to force use of a
    64-bit format when creating an archive symbol index.
  * Add --elf-stt-common= option to objcopy for ELF targets to control
    whether to convert common symbols to the STT_COMMON type.
  * Default to --enable-compressed-debug-sections=gas for Linux/x86 targets.
  * Add --no-pad-sections to stop the assembler from padding the end of output
    sections up to their alignment boundary.
  * Support for the ARMv8-M architecture has been added to the ARM port.
    Support for the ARMv8-M Security and DSP Extensions has also been added
    to the ARM port.
  * ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and
    .extCoreRegister pseudo-ops that allow an user to define custom
    instructions, conditional codes, auxiliary and core registers.
  * Add a configure option --enable-elf-stt-common to decide whether ELF
    assembler should generate common symbols with the STT_COMMON type by
    default.  Default to no.
  * New command line option --elf-stt-common= for ELF targets to control
    whether to generate common symbols with the STT_COMMON type.
  * Add ability to set section flags and types via numeric values for ELF
    based targets.
  * Add a configure option --enable-x86-relax-relocations to decide whether
    x86 assembler should generate relax relocations by default.  Default to
    yes, except for x86 Solaris targets older than Solaris 12.
  * New command line option -mrelax-relocations= for x86 target to control
    whether to generate relax relocations.
  * New command line option -mfence-as-lock-add=yes for x86 target to encode
    lfence, mfence and sfence as "/lock addl $0x0, (%[re]sp)"/.
  * Add assembly-time relaxation option for ARC cpus.
  * Add --with-cpu=TYPE configure option for ARC gas.  This allows the default
    cpu type to be adjusted at configure time.
  * Add a configure option --enable-relro to decide whether -z relro should
    be enabled by default.  Default to yes.
  * Add support for s390, MIPS, AArch64, and TILE-Gx architectures.
  * Add support for STT_GNU_IFUNC symbols.
  * Add support for incremental linking (--incremental).
  GNU ld:
  * Add a configure option --enable-relro to decide whether -z relro should
    be enabled in ELF linker by default.  Default to yes for all Linux
    targets except FRV, HPPA, IA64 and MIPS.
  * Support for -z noreloc-overflow in the x86-64 ELF linker to disable
    relocation overflow check.
  * Add -z common/-z nocommon options for ELF targets to control whether to
    convert common symbols to the STT_COMMON type during a relocatable link.
  * Support for -z nodynamic-undefined-weak in the x86 ELF linker, which
    avoids dynamic relocations against undefined weak symbols in executable.
  * The NOCROSSREFSTO command was added to the linker script language.
  * Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply
    link-time values for dynamic relocations.
- Add binutils-2.27-branch.diff with fixes on the branch sofar.
- Remove gold-relocate-tls.patch, included in binutils 2.27.
- Update to binutils 2.26.1.
- Remove binutils-2.26-branch.diff.
- Update binutils-2.26-branch.diff, updates to branch head.
  (swo#19807) (bnc#970239)
- Disable -mrelax-relocations by default on old products.
- Update binutils-2.26-branch.diff, updates to branch head.
  (swo#19739) (swo#19775)
- Add binutils-2.26-branch.diff, updates to branch head.
  * Adds -mrelax-relocations on x86
  * Fixes bso#19698
- Refresh cross-avr-nesc-as.patch
- Update to binutils 2.26
  * Add --fix-stm32l4xx-629360 to the ARM linker to enable a link-time
    workaround for a bug in the bus matrix / memory controller for some of
    the STM32 Cortex-M4 based products (STM32L4xx)
  * Add a configure option --enable-compressed-debug-sections={all,ld} to
    decide whether DWARF debug sections should be compressed by default.
  * Add support for the ARC EM/HS, and ARC600/700 architectures.
  * Experimental support for linker garbage collection (--gc-sections)
    has been enabled for COFF and PE based targets.
  * New command line option for ELF targets to compress DWARF debug
    sections, --compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi].
  * New command line option, --orphan-handling=[place|warn|error|discard], to
    adjust how orphan sections are handled.  The default is 'place' which gives
    the current behaviour, 'warn' and 'error' issue a warning or error
    respectively when orphan sections are found, and 'discard' will discard all
    orphan sections.
  * Add support for LLVM plugin.
  * Add --print-memory-usage option to report memory blocks usage.
  * Add --require-defined option, it's like --undefined except the new symbol
    must be defined by the end of the link.
  * Add a configure option --enable-compressed-debug-sections={all,gas} to
    decide whether DWARF debug sections should be compressed by default.
  * Add support for the ARC EM/HS, and ARC600/700 architectures.  Remove
    assembler support for Argonaut RISC architectures.
  * Add option to objcopy to insert new symbols into a file:
  - -add-symbol <name>=[<section>:]<value>[,<flags>]
  * Add support for the ARC EM/HS, and ARC600/700 architectures.
  * Extend objcopy --compress-debug-sections option to support
  - -compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi] for ELF
  * Add --update-section option to objcopy.
  * Add --output-separator option to strings.
- Includes z13 support, remove 0001-S-390-Add-support-for-IBM-z13.patch,
  0004-S-390-Fixes-for-z13-instructions.patch and
- Includes fixes in binutils-fix--dynamic-list.patch,
  binutils-fix-gold-aarch64.diff, gold-arm64-abi-pagesize.patch
  and s390-troo-insn-type.patch
- Refresh s390-pic-dso.diff and binutils-build-as-needed.diff
- gold-relocate-tls.patch: Fix internal error when applying TLSDESC
  relocations with no TLS segment
- s390-troo-insn-type.patch: fix wrong insn type for troo insn
- aarch64-common-pagesize.patch: change default common-page-size to 64K on
- gold-arm64-abi-pagesize.patch: fix ABI pagesize for aarch64 in gold
- Disable use-hashtype-both-by-default.diff for
  the mips target, it's incompatible with it.  [bnc #938658]
- Add cross-rx-binutils package for Renesas RX
- Work around qemu bug
- Update to 2.25 branch at 2f5b97b4f (changes
  binutils-2.25-branch.diff.gz) fixes PR 18481, gas/18541.
- Add patches for s390 z13 support (backports from
  to-be 2.26):
  0005-S-390-z13-use-GNU-attribute-to-indicate-vector-ABI.patch .
- Fix %TARGET vs. $TARGET_OS inconsistencies by turning $TARGET_OS
  into %TARGET_OS for reuse in install and file sections.
  This fixes the assumption that $TARGET_OS will match %{TARGET}*.
- enable gold for aarch64
- Move sed call from %prep to %build to not disturb quilt.
- Add binutils-2.25-branch.diff.gz:
  Update to 2.25 branch at 8fe8994c, fixing many bugs:
  PR ld/15228, binutils/17512, 17165, binutils/17531, ld/17615, 17666,
  ld/17709, gas/17753, 17755, 17817, ld/17827, 17842, binutils/17926,
  17954, 18010, ld/18167, ld/18222, ld/18270.
- Remove eh-frame-hdr-on-shared-lib-bfd.patch: Included already.
- Remove gold-opd-visibility.patch: Included already.
- move info deinstall to preun section
- Added binutils-fix--dynamic-list.patch:
  Fixes and
- gold-opd-visibility.patch: Set default visibility on discarded .opd
- eh-frame-hdr-on-shared-lib-bfd.patch: Don't create .eh_frame_hdr on
  shared lib bfd, fixes building libgcj on ppc64
- Update to binutils 2.25 release.
  * Add --data option to strings to only print strings in loadable, initialized
    data sections.  Change the default behaviour to be --all, but add a new
    configure time option of --disable-default-strings-all to restore the old
    default behaviour.
  * Add --include-all-whitespace to strings.
  * Add --dump-section option to objcopy.
  * Add support for the Andes NDS32.
  * PE binaries now once again contain real timestamps by default.  To disable
    the inclusion of a timestamp in a PE binary, use the --no-insert-timestamp
    command line option.
  * Replace support for openrisc and or32 with support for or1k.
  * Add support for the --build-id command line option to COFF based targets.
  * x86/x86_64 pe-coff now supports the --build-id option.
  * Add support for the AVR Tiny microcontrollers.
  * Enhanced the ARM port to accept the assembler output from the CodeComposer
    Studio tool.  Support is enabled via the new command line option -mccs.
- Update to 2.25 branch head.
  * Pulls PIE fixes.
- Minor fix on the usage of update-alternatives
- Update to current 2.25 pre-release branch, at 127a4644.
- binutils-fix-gold-aarch64.diff: fixing build temporarily broken
  on brach.
- Remove obsolete patches: binutils-2.24-branch.diff.gz,
  pie-m68k.patch, binutils-2.24-auto-plugin.diff, ld-testsuite.patch,
  binutils-2.24-bso16746.diff .
- Enable Adapteva Epiphany target
- btt: make device/devno use PATH_MAX to avoid overflow
  (CVE-2018-10689 bsc#1091942).
  - Added btt-make-device-devno-use-path_max-to-avoid-overflow.patch
- Update to version 1.1.0+git.20170126:
  * blktrace: Add support for sparse CPU numbers
  * blktrace: Reorganize creation of output file name
  * blktrace: Create empty output files for non-existent cpus
- Update to version 1.1.0+git.20160823:
  * Use maximum over all traces for queue depth
  * Process notify events outside of given interval
  * iowatcher: Use queue events if issue not available
  * btt: Replace overlapping IO
  * Zero sectors are strange
  * Don't prepend blktrace destination dir if we didn't run blktrace
  * Separate prefix in legend with space
  * Fixup graph name in help text
  * blktrace: remove -k from manpage synopsis
  * iowatcher: link with -lrt
- Update to version 1.1.0+git.20160425:
  * Refer to sda instead of hda in man pages
  * btreplay: Fix typo in scaling up the dynamic cpu set size.
  * include sys/types.h for dev_t definition
  * Fix warnings on newer gcc
  * Add the "/-a discard"/ filter option to the blktrace.8 man page
  * blktrace: Use number of online CPUs
  * btreplay: fix memory corruption caused by CPU_ZERO_S
  * btreplay: fix sched_{set|get}affinity
  * btreplay: make Ctrl-C work
  * btreplay: remove timestamps
- Add _service for automatic git syncing
  + exclude .git when generating tarball
  + enable automatic changelog updating
- Update to 1.1.0:
  - merge iowatcher
- Update to 1.0.5 version:
  * Fix compiler warnings
  * avoid string overflows
- Some improvements like using macro instead of RPM variables
- Add some missed fonts
- Make it build with latest TeXLive 2012 with new package layout
- Update to v1.0.3 (bnc#720300 and others).
  - Updated documentation
  - Fixed multiple output errors
  - Added FLUSH/FUA support
  - Misc bug fixes
- disable parallel build again
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
- Fix build with no-add-needed (missing -pthread)
- Fix memory leak (bnc #546035)
- Fix memory leak in btrecord (bnc #523444).
- Fix typo in btt (bnc #511264).
- Update to version 1.0.1:
  * blkrawverify: warn and return error if no traces are found
  * blkiomon manpage and usage reference invalid "/msg-queue-name"/ option
  * fix up btrace options & manpage
  * more manpage fixups
  * fix max-pkts option inconsistencies
  * Converted to using the correct remap entries
  * blkiomon: fix unaligned accesses on ia64
  * fix off-by-one issues in blkiomon.h
  * fix include statement in stats.h
  * handle race to mkdir at startup
  * Fixed plug/unplug logic in btt
  * Working on fixing % time q plugged
  * fix trivial typo in manpage
  * Add NOTIFY to activity mask
  * Blktrace failed to lock reader threads on the cpu used by the
    corresponding writer. This resulted in stale data being consumed when
    blktrace accidently read at a position that was being written to at the
    same time. This issue surfaced as "/bad trace magic"/ warnings emitted by
    blktrace tools.
  * Generate matplotlib plots for btt generated data
  * Update Jenkins hash to lookup3() variant
  * Fixed EAGAIN handling in blktrace.c
  * O_NOATIME isn't always present
  * btt: Added no remap option
  * btt general cleanup plus valgrind clean
  * btt: Missed fopen conversion to my_fopen
  * Code review updates
  * Reworked blktrace master/thread interface
  * Cleaned up devs that have no data
  * Moved starting of tracing after tracers are going
  * btt: fixed open in setup_ifile
  * Synchronized trace gathering
  * Invoke gethostbyname once, handle errors better
  * Added accept as a system call needing resource increases
  * Rewrote blktrace to have a single thread per CPU
  * Fix btt to handle large numbers of output files
  * Increased limits to allow for large system runs
  * A couple of min-counters weren't initialised correctly (thrput_r,
    thrput_w). We have got a perfectly working init function for this
    purpose. Removing partially duplicated code.
  * The git commit 11914a53d2ec2974a565311af327b8983d8c820d added
    __BLK_TA_ABORT to blktrace_api.h. A corresponding addition to the blktrace
    tools repository has been missing, breaking the API. Blkparse complained:
    "/Bad fs action 40010011"/
  * Added no messages option to blkparse.c
  * gcc 4.3.2 has started to warn about:
  * Added -P to create a data file w/ Q, D and C per line
  * Fixed 'M' displays on per-io output and added in I/O separator
  * Fixed segfault in aqd.c : need to check for NULL (not requested)
  * Added in -z to provide running waiting-for-issue latencies
  * Moved btrecord/btreplay to version 1.0.0
- Build with docs by default.
- Fix package split done for shared library packaging guideline (bsc#1184479).
- Update to version 2.20
  * Silent some gcc warnings, also avoid common variable (boo#1160385)
  * Include <sys/sysmacros.h> for makedev
  * sort input files (boo#1041090)
  * libconsole: never return empty list from getconsoles()
  * libconsole: Really allow to use /dev/console as a fallback in showconsole
  * libconsole: Add console into the list only when successfully allocated
  * libconsole: Correctly ignore early consoles
- Remove obsolate patch blog-Remove-unused-header.patch
- Add blog-Remove-unused-header.patch: Fix build with new glibc
- Implement shared library packaging guideline.
- Update to version 2.19 which integrates the patches now removed:
  * sysmacros.patch
  * libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
  * libconsole-never-return-empty-list-from-getconsoles.patch
  * showconsole-2.18.tar.gz
  * libconsole-Add-console-into-the-list-only-when-succe.patch
  * libconsole-Correctly-ignore-early-consoles.patch
  as well as the changes
  * Correct wants directory for systemd-ask-password-blog.service
  * Sort input files for reproducible builds
- sysmacros.patch: Include <sys/sysmacros.h> for makedev
- Use %license instead of %doc [bsc#1082318]
- hardening of the console list generation (bsc#1071568):
  * libconsole-never-return-empty-list-from-getconsoles.patch
  * libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
  * libconsole-Add-console-into-the-list-only-when-succe.patch
  * libconsole-Correctly-ignore-early-consoles.patch
- Change description of blog-plymouth in same manner as used by
  the release notes
- Add coreutils as required by post scriptlet (boo#1036436)
- Use github source from tagged version
- Use as URL
- Install binaries with read permissions (bnc#990837)
- Do not use privata glibc API (boo#967437) but implement
  missing shared memory mkstemp()
- Remove patch remove-bad-symbol-use.patch
- remove-bad-symbol-use.patch: Remove bad use of internal glibc interface
- Make clear that blog is split off from sysvinit-tools
- Avoid to be tagged with GLIBC_PRIVATE
- Use with version, that is major and minor
- Bug fix version: Handle chached password request gracefully
- add blog-rpmlintrc. The all-manual handling of systemd services
  is required according to Werner.
- Let libblogger become a shared library
- Clean up service uits for close and umount
- First initial package after splitting apart from sysvinit
  * Now blogd can replace plymouth(9) even from initrd
  * Also blogd is able to handle password requests from
    from systemd API
  * The blogd daemon writes out console messages even on reboot
    or halt up to the file systems become unavailable.
  * No locking of the console devices, no frame buffer switching.
- libreoffice_compat_backports.patch: add a backport of
  Boost.Optional::has_value() for LibreOffice
- Use %license instead of %doc [bsc#1082318]
- Multibuild requires versioned Name: tag and doesn't seem to do
  this automatically. (bnc#1076640)
- Update to version 1.66.0
  + Beast: new portable HTTP, WebSocket and network operations
    using Boost.Asio. Header-only library.
  + Callable Traits: new library and successor to
    Boost.FunctionTypes. Header-only library.
  + Mp11: new metaprogramming library
  + Asio:
  * implemented interface changes to reflect the Networking TS
  * functions and classes that have been superseded by
    Networking TS functionality have been deprecated.
  * added support for customized handler tracking
  * removed previously deprecated functions
  + Atomic: improved compatibility with GCC 7. 128-bit operations
    on x86_64 no longer require linking with compiled library.
  + DateTime: Fixed an integral overflow that could cause incorrect
    results when adding or subtracting many years from a date.
  + Format: New format specifiers added and volatile arguments
    can not be safely used with operator%
  + Fusion:
  * fix compile error with std::array
  * remove circular preprocessor include
  + PolyCollection: backported to GCC 4.8 and 4.9 with some
  + Uuid: added RTF-4122 namespaces in boost::uuids::ns
  + for complete changelog, see
- refreshed patches: boost-rpmoptflags-only.patch
- re-enable Python 2 by default. It's still conditional, but
  remains enabled by default. This can be disabled in project
- build Python 2 conditionally
- Use multibuild setup - build no-dependency libraries in the
  base package and build the rest of the compiled libraries in
  the main variant. This should speed up bootstrapping.
- boost-devel not built by default anymore.
- libboost_headers-devel now provides boost-devel for legacy
  dependencies. If you need compiled boost libraries depend on
  the current compiled devel subpackage.
- run %fdupes only on the header files and documentation
- drop build dependencies on gcc-fortran, chrpath.
- Setup MPI environment prior to building boost.
- Switch to OpenMPI2 as OpenMPI1 is becoming deprecated.
- New upstream version 1.65.1
  + config, fiber - Return a continuation from functions executed
    by resume_with.
  + stacktrace - Change preprocessor file extensions to work with
    the installation system.
- Changes in version 1.65.0
  + stacktrace - new library providing call sequence in human
    readable format.
  + polycollection - new library providing fast containers of
    polymorphic objects, from Joaquín M López Muñoz.
  + For full list of changes, see
- 1d862615.patch: upstreamed and removed
- gcc_path.patch: obsolete, tr1 module is removed
- mpi_upstream.patch: upstreamed and removed
- boost-1.57.0-python-abi_letters.patch: refreshed
- python_library_name.patch: refreshed and reverted upstream
  changes to mpi/build/Jamfile as we are building python2 and
  python3 versions of MPI separately.
- baselibs.conf
  + add libboost_stracktrace
  + update to version 1.65.1
- 1d862615.patch: Fix regression caused by refactoring of
  serialization code (bnc#1038083)
- make python-numpy optional build dependency
- fix building of mpi python3 plugin
- New upstream version 1.64.0
  + process - new library providing cross platform methods to
  - create child processes
  - setup stream for child processes
  - sync and async communication streams with children
  - sync and async wait
  - process termination
  + geometry library had some breaking changes,
  - ublas_transformer is renamed to matrix_transformer
  - explicit modifier is added to constructors of rtree
    index::dynamic_* parameters
  - strategy::area::huiller replaced by strategy::area::spherical
  + context library updates
  - deprecated API:execution-context
  - fixed bad assembly for fcontext on ppc64/sysv/elf
  + Updated libraries: any, atomic, config, container, context,
    conversion, core, coroutine2, fiber, hash, interprocess,
    intrusive, lexicalcast, math, multi-index containers,
    multiprecision, predef, program options, regex, smart pointers,
    test ,typeindex, typetraits, unordered, variant
  + for details, see
- Build PyNumpy module
  + add build requires on python-numpy
- test_lowcase.patch: upstreamed
- refreshed patches: boost-strict_aliasing.patch, gcc_path.patch,
- mpi_upstream.patch: pending upstream fixes to OpenMPI build
- python_library_name.patch: we are building python versions in
  different stagings so drop library renames.
- python_numpy_retfunc.patch: rpmlint fixes
- update python macros
- baselibs.conf: (re)add python 2.7 and 3.x libraries
- Fix dependency typos.
- test_lowcase.patch: downcase Boost::Test usage of uppercase
  variables. VERSION was clashing with GNU Autotools define
  resulting in compilation errors of various packages.
- recombine headers from various devel subpackages under the
  libboost_headers-devel package. Not all usage of headers that
  have compiled parts pull in their associated compiled symbols.
- general cleanup of the spec file from old, commented stuffs
- remove non-existent dependency in the boost mpi python package
- update to version 1.63.0
  * updated libraries: atomic, container, context, fiber,
    fusion, geometry, hash, interprocess, intrusive, lexical cast,
    log, metaparse, move, optional, phoenix, python, test,
    typeindex, units, unordered
  * see
    for complete list of changes
- refresh patches
  * boost-1.55.0-python-test-PyImport_AppendInittab.patch
  * boost-strict_aliasing.patch, and enable -fno-strict-aliasing
    for python module
- baselibs.conf:
  * add libboost_locale
  * rename python to include new soname
- remove python-2059618.patch, not needed
- make build condition --without buil_mpi work
- allow building without python3 bindings, for SLE11SP4
- remove versioned build dependency on libicu-devel, apparently
  not needed.
- split out the boost-devel package into individudal compiled
  libraries and their -devel subpackages and libboost_headers-devel
  package for header-only libraries.
- remove all the symlinks, probably not needed anymore.
- ship MPI python bindings for both Python 2.7 and 3.x
  * add python_mpi.patch to allow proper compiled library loading
- dynamic_linking.patch: first attempt to remove static library
  generation during build process.
- Revert upstream change that set default python version and
  ignored user configuration.
  python-2059618.patch (boo#1006584)
- Rectify groups and description
- package boost-jam
- add missing ldconfig for libboost_type_erasure
- fix EOL encoding for documentation files
- update to version 1.62.0
  * new library: fiber: framework for userland-threads/fibers
  * new library: QVM: library for working with quaternions,
    vectors and matrices of static size
  * see
    for complete changelog
- remove boost-fix_include_config.patch - upstreamed
- gcc_path.patch - fix GCC search paths (bnc#996917)
  Boost assumes /usr/include/c++/x.y.z/ existence for GCC 4.x
  onward while our version of GCC only has /usr/include/c++/x.y
  for 4.x GCC and /usr/include/c++/x/ for 5.x onward.
- migrate to using %bcond_ instead of hardcoding macros
  for different Boost features
- better way to limit max number of compilation units than
  by reading /proc/meminfo and guesstimating.
- Fix boo#994378, boo#994381, boo#994382 boo#994383:
  Fix build issues when optional_fwd.hpp is used before
  including boost/config.hpp
- Add boost-fix_include_config.patch from
- build it from "/boost.spec"/, but create versioned "/boost-1_61-devel"/
- build quickbook also in versioned package
- update to version 1.61.0
  Details on
  Obsolete patches:
  * boost-1.59-test-fenv.patch
  * boost-deprecated-type_traits.patch
- rename package to boost-1_60 to allow multiple versions
- Fix build on systems with GCC4
- Added libboost_python3 to the dependency macro.
  * boost-devel will now correctly requires libboost_python3.
- Add boost-deprecated-type_traits.patch to fix deprecated
  type_traits usage in boost/graph/adjacency_matrix.hpp header.
- Add the following patches from Fedora to fix underlinking in
  boost::python code
  * boost-1.57.0-python-abi_letters.patch
  * boost-1.57.0-python-libpython_dep.patch
  * boost-1.55.0-python-test-PyImport_AppendInittab.patch
- Updated to version 1.60.0
  * New library: VMD.
  * Updated libraries: Atomic, Chrono, Container, Context, Core,
    Filesystem, Flyweight, Fusion, Interprocess, Intrusive, Lexical
    Cast, Locale, log, Move, Multi-index Containers, odeint,
    Optional, Predef, Test, Thread, UUID
  * See for
    complete changelog.
- Modified patch:
  * boost-disable-pch-on-aarch64.patch
  - rediff to a new context
- Removed patch:
  * boost-1.59-python-make_setter.patch
  - integrated upstream
- Add libboost_type_erasure subpackage
- Add support to Boost:Python3 (boo#951902)
  * New library: python3
- Add boost-visibility.patch to make members of basic_xml_grammar<char>
  visible (boo#958150).
- Fix redefinition of _docdir.
- coroutine2 depends on context, disable it if context is not built
- Updated to version 1.59.0:
  * New libraries: Convert, Coroutine2
  * Updated Libraries: Container, Context, Coroutine, Fusion,
    Geometry, Interprocess, Intrusive, Lexical Cast, Log, Move,
    Multi-index Containers, Predef, Program Options, Property Tree,
    Boost.Test v3, TypeIndex, Variant
  * See for
    complete changelog.
- context now builds on aarch64
- Import two patches from Fedora: boost-1.59-python-make_setter.patch,
- Drop 0001-Fix-exec_file-for-Python-3-3.4.patch,
  boost-uuid-comparison.patch, boost-unrecognized-option.patch.
  Fixed upstream.
- Remove unneeded dependency on xorg-x11-devel
- boost-unrecognized-option.patch: remove unrecognized option -m32
- update to 1.58.0:
  boost docs remain at 1.56 since upstream hasn't updated yet
  * New Libraries: Endian, Sort.
  * Updated Libraries: Asio, Chrono, Container, Context, Conversion,
  DateTime, Flyweight, Function, Functional/Factory, Fusion, Geometry,
  Hash, Interprocess, Intrusive, Lexical Cast, Log, Math, Move,
  Multi-index Containers, Multiprecision, Optional, Phoenix,
  Predef, Random, Thread, TypeErasure, TypeIndex, Units,
  Unordered, Variant.
- add 0001-Fix-exec_file-for-Python-3-3.4.patch ,
  0002-Fix-a-regression-with-non-constexpr-types.patch: Fixes regressions
  in 1.58
- drop bjam-alignment.patch, boost-gcc5.patch: Already fixed upstream
- add boost-rpmoptflags-only.patch: Build only with optflags
- add boost-aarch64-flags.patch: Avoid using -m64
- add boost-uuid-comparison.patch: Fix regression in UUID operator<
- add boost-disable-pch-on-aarch64.patch: Disable pch on math library
  to avoid compiler segfault
- Add quickbook subpackage
- Use $RPM_OPT_FLAGS for building, force use of the GCC toolset.
  Be more verbose and fail building with the first error.
- Add boost-gcc5.patch to use -std=c++11 when building the coroutines
  module which fixes build with GCC 5.
- Revert the python3 building: it resulted in BOTH libboost_python
  libraries to be using python 3 instructions, resulting in
  failures of all Py2 related packages.
- update bzip2-1.0.6-CVE-2019-12900.patch to accept as many
  selectors as the file format allows. This relaxes the previous
  fix for CVE-2019-12900 so that bzip2 allows decompression of bz2
  files that use (too) many selectors again. It fixes a bzip2 and
  lbzip2 incompatibility caused by previous patch [bsc#1139083]
- add bzip2-1.0.6-CVE-2019-12900.patch to fix an out-of-bounds
  write in decompress.c when there are many nSelectors used in a
  loop to access selectorMtf [bsc#1139083] [CVE-2019-12900]
- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
  free vulnerability that was reported in bzip2recover [bsc#985657]
- Update autotools patchset:
  D bzip2-1.0.6-autoconfiscated.patch
  A bzip2-
- Use %license (boo#1082318)
- Fix build on Fedora and Mageia
- Update bzip2-1.0.6-autoconfiscated.patch:
  * Bump version to 1.0.6.
  * Fix script symlinks on platforms with EXEEXT.
- Drop implicit pie building
- Try profiled build
- Move autoreconf to build section
- cleanup with spec-cleaner
- add bzip2-1.0.6-bzgrep_return_value.patch to fix bzgrep wrapper
  that always returns 0 as an exit code when grepping multiple
  archives [bsc#970260]
- Remove bzip2-faster.patch, it causes a crash with libarchive and
  valgrind points out uninitialized memory. See
- Avoid noarch sub package in SLE_11
- Cleanup a bit.
- Remove the profiling stuff as it should not be used nowdays.
  At least even factory builds without it.
- Provide as other distros do, so we can run tiny
  things like steam.
- Respect cflags again, borked by previous commit.
- build with PIE
- fix basisms in bzgrep and bznew
- add patches:
  * bzip2-1.0.6-fix-bashisms.patch
- add BR for pkg-config to get the provides in the devel package
- ares_dns.h, missing_header.patch: re-add missing header in last release
- Version update to 1.17.0
  * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
  * Avoid theoretical buffer overflow in RC4 loop comparison
  * Empty hquery->name could lead to invalid memory access
  * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
    passed in (bsc#1178882, CVE-2020-8277)
  * Update help information for adig, acountry, and ahost
  * Test Suite now uses dynamic system-assigned ports rather than hardcoded
    ports to prevent failures in containers
  * Detect remote DNS server does not support EDNS using rules from RFC 6891
  * Source tree has been reorganized to use a more modern layout
  * Allow parsing of CAA Resource Record
  Bug fixes:
  * readaddrinfo bad sizeof()
  * Test cases should honor HAVE_WRITEV flag, not depend on WIN32
  * FQDN with trailing period should be queried first
  * ares_getaddrinfo() was returning members of the struct as garbage values if
    unset, and was not honoring ai_socktype and ai_protocol hints.
  * ares_gethostbyname() with AF_UNSPEC and an ip address would fail
  * Properly document ares_set_local_ip4() uses host byte order
  For details, see
- add missing upstream sources, to be removed for next release
- remove unnecessary BuildRequires
- fix building on SLE12 systems
- simplify conditions bit to make it tad more readable
- Implement multibuild specfile to split out tests into its own
  flavor; this way we can build and run tests, which require
  static lib, as well as avoid packaging the latter without issues
  with the installed cmake file..
- Version update to 1.16.1
  * Prevent possible use-after-free and double-free in ares_getaddrinfo() if
    ares_destroy() is called prior to ares_getaddrinfo() completing.
  Reported by Jann Horn at Google Project Zero.
  * Allow TXT records on CHAOS qclass. Used for retriving things like
    version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3]
  Bug fixes:
  * Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1]
  * Silence false cast-align compiler warnings due to valid casts of struct
    sockaddr to struct sockaddr_in and struct sockaddr_in6.
  * MacOS should use libresolv for retrieving DNS servers, like iOS
  * CMake build system should populate the INCLUDE_DIRECTORIES property of
    installed targets [2]
  * Correct macros in use for the ares_getaddrinfo.3 man page
- Changes in version 1.16.0
  * Introduction of ares_getaddrinfo() API which provides similar output
    (including proper sorting as per RFC 6724) to the system native API, but
  utilizes different data structures in order to provide additional
  information such as TTLs and all aliases. Please reference the respective
  man pages for usage details.
  * Parse SOA records from ns_t_any response
  * CMake: Provide c-ares version in package export file
  * CMake: Add CPACK functionality for DEB and RPM
  * CMake: Generate PDB files during build
  * CMake: Support manpage installation
  Bug fixes:
  * Fix bad expectation in IPv6 localhost test.
  * AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to
    prevent complaints about CPPFLAGS in CFLAGS.
  * Fix .onion handling
  * Command line usage was out of date for adig and ahost.
  * Typos in manpages
  * If ares_getenv is defined, it must return a value on all platforms
  * If /etc/resolv.conf has invalid lookup values, use the defaults.
  * Tests: Separate live tests from SetServers* tests as only live tests
    should require internet access.
  * ares_gethostbyname() should return ENODATA if no valid A or AAAA record
    is found, but a CNAME was found.
  * CMake: Rework library function checking to prevent unintended linking
    with system libraries that aren't needed.
  * Due to use of inet_addr() it was not possible to return
    from ares_gethostbyname().
  * CMake: Fix building of tests on Windows
- Drop regression.patch which have been fixed upstream
- Refresh disable-live-tests.patch
- Remove static lib since its required when doing tests and we dont want it
  included in package
- Run spec-cleaner
- Upgrade to latest snapshot from 2020-01-17
- disable-live-tests.patch: refreshed
- regression.patch: fix a regression in DNS results that contain
  both A and AAAA answers.
- Add netcfg as the build requirement and runtime requirement.
  ares_getaddrinfo function uses the getservbyport_r function which
  requires the /etc/services file to function properly. That config
  file is provided by the netcfg package. Unit tests rely on it
  too, hence it has to be a build dependency as well.
- Switch to cmake-based build.
  Some packages need the cmake build files.
- Fix version number of the snapshot to not be downgrade:
- Update to upstream snapshot 20191108
  * getaddrinfo - avoid infinite loop in case of NXDOMAIN
  * ares_getenv - return NULL in all cases
  * implement ares_getaddrinfo
- onion-crash.patch: removed, upstreamed.
- removed upstream patches that are part of the snapshot:
- disable-live-tests.patch - updated
- Add upstream patches with the ares_getaddrinfo function:
  * 0001-Add-initial-implementation-for-ares_getaddrinfo-112.patch
  * 0002-Remaining-queries-counter-fix-additional-unit-tests-.patch
  * 0003-Bugfix-for-ares_getaddrinfo-and-additional-unit-test.patch
  * 0004-Add-ares__sortaddrinfo-to-support-getaddrinfo-sorted.patch
  * 0005-getaddrinfo-avoid-infinite-loop-in-case-of-NXDOMAIN-.patch
  * 0006-getaddrinfo-callback-must-be-called-on-bad-domain-24.patch
  * 0007-getaddrinfo-enhancements-257.patch
  * 0008-Add-missing-limits.h-include-from-ares_getaddrinfo.c.patch
- Add a patch which disables test failing on OBS (but passing in
  local environment):
  * 0010-Disable-failing-test.patch
- Version update to 1.15.0:
  * Add ares_init_options() configurability for path to resolv.conf file
  * Ability to exclude building of tools (adig, ahost, acountry) in CMake
  * Report ARES_ENOTFOUND for .onion domain names as per RFC7686
  * Apply the IPv6 server blacklist to all nameserver sources
  * Prevent changing name servers while queries are outstanding
  * ares_set_servers_csv() on failure should not leave channel in a
    bad state
- enable unit tests
- disable-live-tests.patch: disable tests to live servers
- onion-crash.patch: backport fix for a crash affecting .onion TLD
- Remove ineffective --with-pic.
- Version update to 1.14.0:
  * Fix patch for CVE-2017-1000381 to not be overly aggressive
  * gethostbyaddr should fail with ECANCELLED not ENOTFOUND when ares_cancel is called
  * ares_gethostbyname.3: fix callback status values
  * docs: Document WSAStartup requirement
  * Fix a typo in init_by_resolv_conf
- Rename everything to c-ares
- Version update to 1.13.0:
  * Fixes bsc#1044946 CVE-2017-1000381
  * Bunch of bugfixes
- Drop cares-1.9.1-ocloexec.patch as it broke again and it is
  not really worth all the fwdporting
- Drop check phase there is only return 0
- Version update to 1.12.0:
  * Fixes bsc#1007728 CVE-2016-5180
  * api: add ARES_OPT_NOROTATE optmask value
  * Collection of bugfixes
- update to 1.11.0:
  * Allow multiple -s options to the ahost command
  * api: Expose the ares_library_initialized() function
  * api: Add ares_set_sortlist(3) entrypoint
  * api: Add entrypoints to allow use of per-server ports
  * api: introduce `ares_parse_txt_reply_ext`
  * api: Add ares_set_socket_configure_callback()
  * Add -t u option to ahost
  * collection of bug fixes
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- openssl is no longer required but coreutils and findutils are
  (boo#1183680). Keep openssl(cli) at runtime for now nevertheless as this
  package might be the only one pulling it in.
- backport bash rewrite from Factory to make sure to trigger in
  transactional mode (boo#1179884)
- Changed "/openssl"/ requirement to "/openssl(cli)"/
  * (bsc#1101470)
- Use %license instead of %doc [bsc#1082318]
- Revert last change since we fixed systemd-preset-branding and
  this requires is no longer needed.
- Re-add systemd requires, else package will be installed to early
  and services never enabled [bsc#1071776].
- Don't require systemd, since we could be used in environments
  like container images, where we don't have systemd. If systemd
  is installed the systemd units will be used, else they are not
- Update to version 2+git20170807.10b2785:
  * Check TRANSACTIONAL_UPDATE is set (boo#1045942)
  * Add systemd units
- Run update-ca-certificate by systemd unit when the content of
  one of the paths changes. Needed for read-only root and/or
  transactional updates.
- Update to version 2+git20151110.c15593c:
  + set proper umask (boo#948724)
- require p11-kit-tools >= 0.23.1
- Update to version 2+git20150324.e3ee392:
  + p11-kit 0.23.1 supports pem-directory-hash now
- use service file to generate tarball
- fix bashism in postun script
- Updated to 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
- Removed CAs:
  - EE Certification Centre Root CA
  - Taiwan GRCA
- Added CAs:
  - Trustwave Global Certification Authority
  - Trustwave Global ECC P256 Certification Authority
  - Trustwave Global ECC P384 Certification Authority
- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
  Removed CAs:
  - AddTrust External CA Root
  - AddTrust Class 1 CA Root
  - LuxTrust Global Root 2
  - Staat der Nederlanden Root CA - G2
  - Symantec Class 1 Public Primary Certification Authority - G4
  - Symantec Class 2 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G3
  Added CAs:
  - certSIGN Root CA G2
  - e-Szigno Root CA 2017
  - Microsoft ECC Root Certificate Authority 2017
  - Microsoft RSA Root Certificate Authority 2017
- also run update-ca-certificates in %posttrans
- update to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160)
- removed:
  - Certplus Class 2 Primary CA
  - Deutsche Telekom Root CA 2
  - CN=Swisscom Root CA 2
  - UTN-USERFirst-Client Authentication and Email
- added:
  - Entrust Root Certification Authority - G4
- make sure p11-kit with patches is installed on SLE (boo#1154871)
- export correct p11kit trust attributes so Firefox detects built in
  certificates (boo#1154871). Courtesy of Fedora.
- update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)
- Removed CAs:
  - Certinomis - Root CA
- includes added root CAs from the 2.32 version:
  - emSign ECC Root CA - C3 (email and server auth)
  - emSign ECC Root CA - G3 (email and server auth)
  - emSign Root CA - C1 (email and server auth)
  - emSign Root CA - G1 (email and server auth)
  - Hongkong Post Root CA 3 (server auth)
- updated to 2.30 state of the Mozilla NSS Certificate store. (bsc#1121446)
- Removed CAs:
  - AC Raiz Certicamara S.A.
  - Certplus Root CA G1
  - Certplus Root CA G2
  - OpenTrust Root CA G1
  - OpenTrust Root CA G2
  - OpenTrust Root CA G3
  - Visa eCommerce Root
- Added Root CAs:
  - Certigna Root CA (email and server auth)
  - GTS Root R1 (server auth)
  - GTS Root R2 (server auth)
  - GTS Root R3 (server auth)
  - GTS Root R4 (server auth)
  - OISTE WISeKey Global Root GC CA (email and server auth)
  - UCA Extended Validation Root (server auth)
  - UCA Global G2 Root (email and server auth)
- updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780)
  - removed server auth
  - Certplus Root CA G1
  - Certplus Root CA G2
  - OpenTrust Root CA G1
  - OpenTrust Root CA G2
  - OpenTrust Root CA G3
  - remove CA
  - ComSign CA
  - added new CA
  - GlobalSign
- Updated to 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415)
- Removed CAs:
  * S-TRUST_Universal_Root_CA:
  * TC_TrustCenter_Class_3_CA_II:
  * TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5:
-  Use %license instead of %doc [bsc#1082318]
- Updated to 2.22 state of the Mozilla NSS Certificate store (bsc#1071152,
  bsc#1071390, bsc#1010996)
- Removed CAs:
  * AddTrust Public CA Root
  * AddTrust Qualified CA Root
  * ApplicationCA - Japanese Government
  * CA Disig Root R1
  * CA WoSign ECC Root
  * Certification Authority of WoSign G2
  * Certinomis - Autorité Racine
  * China Internet Network Information Center EV Certificates Root
  * Comodo Secure Certificate Services
  * Comodo Trusted Certificate Services
  * ComSign Secured CA
  * GeoTrust Global CA 2
  * StartCom Certification Authority
  * StartCom Certification Authority
  * StartCom Certification Authority G2
  * Swisscom Root CA 1
  * TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
  * UTN USERFirst Hardware Root CA
  * UTN USERFirst Object Root CA
  * VeriSign Class 3 Secure Server CA - G2
  * WellsSecure Public Root Certificate Authority
  * Certification Authority of WoSign
  * WoSign China
- Added CAs:
  * D-TRUST Root CA 3 2013
  * EV Root Certification Authority ECC
  * EV Root Certification Authority RSA R2
  * Root Certification Authority ECC
  * Root Certification Authority RSA
  * TrustCor RootCert CA-1
  * TrustCor RootCert CA-2
  * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
- convert processing script to Python 3
- ensure a stable conversion of UTF8 hex-encoded certificate names
- ensure a stable ordering of trust/distrust bits in headers
- updated to 2.11 state of the Mozilla NSS Certificate store.
- removed CAs:
  - Buypass_Class_2_CA_1:2.1.1.crt
  - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:
    codeSigning emailProtection serverAuth
  - Equifax_Secure_CA:
  - Equifax_Secure_eBusiness_CA_1:2.1.4.crt
  - Equifax_Secure_Global_eBusiness_CA:2.1.1.crt
  - IGC_A:
    codeSigning emailProtection serverAuth
  - Juur-SK:
    codeSigning serverAuth
  - Root_CA_Generalitat_Valenciana:
    codeSigning emailProtection serverAuth
  - RSA_Security_2048_v3:
    codeSigning emailProtection serverAuth
  - Sonera_Class_1_Root_CA:2.1.36.crt
  - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:
  - Verisign_Class_1_Public_Primary_Certification_Authority:
  - Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:
  - Verisign_Class_3_Public_Primary_Certification_Authority:
- added CAs:
  + Amazon_Root_CA_1:
    emailProtection serverAuth
  + Amazon_Root_CA_2:
    emailProtection serverAuth
  + Amazon_Root_CA_3:
    emailProtection serverAuth
  + Amazon_Root_CA_4:
    emailProtection serverAuth
  + Certplus_Root_CA_G1:
    emailProtection serverAuth
  + Certplus_Root_CA_G2:
    emailProtection serverAuth
  + Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt
    emailProtection serverAuth
  + Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt
    emailProtection serverAuth
  + ISRG_Root_X1: (bsc#1010996)
  + LuxTrust_Global_Root_2:
  + OpenTrust_Root_CA_G1:
    emailProtection serverAuth
  + OpenTrust_Root_CA_G2:
    emailProtection serverAuth
  + OpenTrust_Root_CA_G3:
    emailProtection serverAuth
  + Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:
  + Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:
  + Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:
  + Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:
- diff-from-upstream-2.7.patch: removed as we should be able to do
  intermediate root chains now with openssl 1.0.2 and also gnutls 3.5
  is able to do so.
- diff-from-upstream-2.7.patch: restore some important legacy
  CAs, otherwise Pidgin fails to talk to Google Talk for instance.
- Updated to 2.7 (bsc#973042).
- diff-from-upstream-2.2.patch: removed as openssl 1.0.2 can do
  immediate root CAs.
- Removed server trust from:
  AC Raíz Certicámara S.A.
  ComSign Secured CA
  NetLock Uzleti (Class B) Tanusitvanykiado
  NetLock Business (Class B) Root
  NetLock Expressz (Class C) Tanusitvanykiado
  TC TrustCenter Class 3 CA II
  TURKTRUST Certificate Services Provider Root 1
  TURKTRUST Certificate Services Provider Root 2
  Equifax Secure Global eBusiness CA-1
  Verisign Class 4 Public Primary Certification Authority G3
- enable server trust
  Actalis Authentication Root CA
- Deleted CAs:
  A Trust nQual 03
  Buypass Class 3 CA 1
  CA Disig
  Digital Signature Trust Co Global CA 1
  Digital Signature Trust Co Global CA 3
  E Guven Kok Elektronik Sertifika Hizmet Saglayicisi
  NetLock Expressz (Class C) Tanusitvanykiado
  NetLock Kozjegyzoi (Class A) Tanusitvanykiado
  NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
  NetLock Uzleti (Class B) Tanusitvanykiado
  Staat der Nederlanden Root CA
  TC TrustCenter Class 2 CA II
  TC TrustCenter Universal CA I
  TDC Internet Root CA
  Verisign Class 1 Public Primary Certification Authority - G2
  Verisign Class 3 Public Primary Certification Authority
  Verisign Class 3 Public Primary Certification Authority - G2
- New added CAs:
  CA WoSign ECC Root
  Certification Authority of WoSign
  Certification Authority of WoSign G2
  Certinomis - Root CA
  Certum Trusted Network CA 2
  COMODO RSA Certification Authority
  DigiCert Assured ID Root G2
  DigiCert Assured ID Root G3
  DigiCert Global Root G2
  DigiCert Global Root G3
  DigiCert Trusted Root G4
  Entrust Root Certification Authority - EC1
  Entrust Root Certification Authority - G2
  IdenTrust Commercial Root CA 1
  IdenTrust Public Sector Root CA 1
  OISTE WISeKey Global Root GB CA
  QuoVadis Root CA 1 G3
  QuoVadis Root CA 2 G3
  QuoVadis Root CA 3 G3
  Staat der Nederlanden EV Root CA
  Staat der Nederlanden Root CA - G3
  S-TRUST Universal Root CA
  TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
  TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
  USERTrust ECC Certification Authority
  USERTrust RSA Certification Authority
- diff-from-upstream-2.2.patch:
  Temporary reenable some root ca trusts, as openssl/gnutls
  have trouble using intermediates as root CA.
  - GTE CyberTrust Global Root
  - Thawte Server CA
  - Thawte Premium Server CA
  - ValiCert Class 1 VA
  - ValiCert Class 2 VA
  - RSA Root Certificate 1
  - Secure Server CA
  - America Online Root Certification Authority 1
  - America Online Root Certification Authority 2
- Updated to 2.2 (bnc#888534)
  - The following CAs were removed:
    + America_Online_Root_Certification_Authority_1
    + America_Online_Root_Certification_Authority_2
    + GTE_CyberTrust_Global_Root
    + Thawte_Premium_Server_CA
    + Thawte_Server_CA
  - The following CAs were added:
    + COMODO_RSA_Certification_Authority
    codeSigning emailProtection serverAuth
    + GlobalSign_ECC_Root_CA_-_R4
    codeSigning emailProtection serverAuth
    + GlobalSign_ECC_Root_CA_-_R5
    codeSigning emailProtection serverAuth
    + USERTrust_ECC_Certification_Authority
    codeSigning emailProtection serverAuth
    + USERTrust_RSA_Certification_Authority
    codeSigning emailProtection serverAuth
    + VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal
  - The following CAs were changed:
    + Equifax_Secure_eBusiness_CA_1
    remote code signing and https trust, leave email trust
    + Verisign_Class_3_Public_Primary_Certification_Authority_-_G2
    only trust emailProtection
- Update to catatonit v0.1.5, which fixes two bugs where catatonit would hang
  endlessly when pid1 died in very specific ways. bsc#1176155
- Update to catatonit v0.1.4, which includes support for "/-g"/.
- Update to catatonit v0.1.3, which includes a fix for docker compatiblity so
  that dockerd doesn't give spurrious warnings.
- Fix build to correctly build a static binary (which will allow it to work in
  all containers). This was caused by forgetting to include
  'glibc-devel-static'. I've added a check to ensure it doesn't happen by
  accident again.
- Add catatonit-rpmlintrc to include filters for "/static binary"/ warnings,
  since this is intentional.
- Update package descriptions.
- Update to catatonit v0.1.2 and update links to point to openSUSE repo.
- Update to catatonit v0.1.1, which includes a fix for the libtool requirement.
  This lets us build on much older distributions.
- Initial import of catatonit v0.1.0.
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
  but needed for calculating refids from IPv6 addresses as part of
  the NTP protocol (rfc5905). As this is a non-cryptographic use of
  MD5 we can use our own implementation without violating FIPS
  rules: chrony-refid-internal-md5.patch .
- boo#1162964, bsc#1183783, clknetsim-glibc-2.31.patch:
  Fix build with glibc-2.31
- bsc#1184400, chrony-pidfile.patch:
  Use /run instead of /var/run for PIDFile in chronyd.service.
- Integrate three upstream patches to fix an infinite loop in
  chronyc (bsc#1171806).
  * chrony-select-timeout.patch
  * chrony-gettimeofday.patch
  * chrony-urandom.patch
- Use iburst in the default pool statements to speed up initial
  synchronisation (bsc#1172113).
- Read runtime servers from /var/run/netconfig/chrony.servers to
  fix bsc#1099272 and bsc#1161119.
- Move chrony-helper to /usr/lib/chrony/helper, because there
  should be no executables in /usr/share.
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
  preconfigure chrony to use NTP servers from the  respective
  pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
  preconfigured servers.
- bsc#1159840: Add chrony-ntp-era-split.patch from upstream to fix
  "/make check"/ builds made after 2019-12-20. Existing installations
  do not need to be updated as the bug only affects the test, but
  not chrony itself.
- Fix ordering and dependencies of chronyd.service, so that it is
  started after name resolution is up (bsc#1129914).
- Add chrony-service-ordering.patch
- Make sure to generate correct sysconfig file (boo#1117147)
- Added /etc/chrony.d/ directory to the package (bsc#1083597)
  Modifed default chrony.conf to add "/include /etc/chrony.d/*"/
- Use %license instead of %doc [bsc#1082318]
- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.
- Enable pps support
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Cleanup spec file:
  * Drop pre systemd support
  * Run spec-cleaner
- Modified the spec file to comment out the pool statement
  in chrony.conf if _not_ building for openSUSE. (bsc#1063704).
- refresh patches to apply cleanly again
  - chrony-config.patch
  - chrony-fix-open.patch
- Upgraded to version 3.2:
  * Improve stability with NTP sources and reference clocks
  * Improve stability with hardware timestamping
  * Improve support for NTP interleaved modes
  * Control frequency of system clock on macOS 10.13 and later
  * Set TAI-UTC offset of system clock with leapsectz directive
  * Minimise data in client requests to improve privacy
  * Allow transmit-only hardware timestamping
  * Add support for new timestamping options introduced in Linux 4.13
  * Add root delay, root dispersion and maximum error to tracking log
  * Add mindelay and asymmetry options to server/peer/pool directive
  * Add extpps option to PHC refclock to timestamp external PPS signal
  * Add pps option to refclock directive to treat any refclock as PPS
  * Add width option to refclock directive to filter wrong pulse edges
  * Add rxfilter option to hwtimestamp directive
  * Add -x option to disable control of system clock
  * Add -l option to log to specified file instead of syslog
  * Allow multiple command-line options to be specified together
  * Allow starting without root privileges with -Q option
  * Update seccomp filter for new glibc versions
  * Dump history on exit by default with dumpdir directive
  * Use hardening compiler options by default
  Bug fixes
  * Don't drop PHC samples with low-resolution system clock
  * Ignore outliers in PHC tracking, RTC tracking, manual input
  * Increase polling interval when peer is not responding
  * Exit with error message when include directive fails
  * Don't allow slash after hostname in allow/deny directive/command
  * Try to connect to all addresses in chronyc before giving up
- Upgraded clknetsim to version 71dbbc5.
- Reworked chrony-fix-open.patch to fit the new version
- Upgraded to version 3.1:
  - Enhancements
  - Add support for precise cross timestamping of PHC on Linux
  - Add minpoll, precision, nocrossts options to hwtimestamp directive
  - Add rawmeasurements option to log directive and modify measurements
    option to log only valid measurements from synchronised sources
  - Allow sub-second polling interval with NTP sources
  - Bug fixes
  - Fix time smoothing in interleaved mode
- Upgraded clknetsim to version ce89a1b.
- Reworked the following patches to fit the new versions
  - chrony-config.patch
  - chrony-service-helper.patch
  - chrony-fix-open.patch
- Upgraded to version 3.0:
  - Enhancements
  - Add support for software and hardware timestamping on Linux
  - Add support for client/server and symmetric interleaved modes
  - Add support for MS-SNTP authentication in Samba
  - Add support for truncated MACs in NTPv4 packets
  - Estimate and correct for asymmetric network jitter
  - Increase default minsamples and polltarget to improve stability with very low jitter
  - Add maxjitter directive to limit source selection by jitter
  - Add offset option to server/pool/peer directive
  - Add maxlockage option to refclock directive
  - Add -t option to chronyd to exit after specified time
  - Add partial protection against replay attacks on symmetric mode
  - Don't reset polling interval when switching sources to online state
  - Allow rate limiting with very short intervals
  - Improve maximum server throughput on Linux and NetBSD
  - Remove dump files after start
  - Add tab-completion to chronyc with libedit/readline
  - Add ntpdata command to print details about NTP measurements
  - Allow all source options to be set in add server/peer command
  - Indicate truncated addresses/hostnames in chronyc output
  - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
  - Bug fixes
  - Fix crash with disabled asynchronous name resolving
- Upgraded clknetsim to version 6bb6519.
- Upgraded to version 2.4.1:
  - Bug fixes
  - Fix processing of kernel timestamps on non-Linux systems
  - Fix crash with smoothtime directive
  - Fix validation of refclock sample times
  - Fix parsing of refclock directive
- update to 2.4:
  - Enhancements
  - Add orphan option to local directive for orphan mode
    compatible with ntpd
  - Add distance option to local directive to set activation
    threshold (1 second by default)
  - Add maxdrift directive to set maximum allowed drift of system
  - Try to replace NTP sources exceeding maximum distance
  - Randomise source replacement to avoid getting stuck with bad
  - Randomise selection of sources from pools on start
  - Ignore reference timestamp as ntpd doesn't always set it
  - Modify tracking report to use same values as seen by NTP
  - Add -c option to chronyc to write reports in CSV format
  - Provide detailed manual pages
  - Bug fixes
  - Fix SOCK refclock to work correctly when not specified as
    last refclock
  - Fix initstepslew and -q/-Q options to accept time from own
    NTP clients
  - Fix authentication with keys using 512-bit hash functions
  - Fix crash on exit when multiple signals are received
  - Fix conversion of very small floating-point numbers in
    command packets
  - Removed features
  - Drop documentation in Texinfo format
- update clknetsim to a5949fe for fixing a testsuite failure:
  - add IP_PKTINFO socket option
  - accept environment variables in make
  - fix building with FORTIFY_SOURCE
  - fix compiler warning
  - support multiple SHM refclocks
  - fix recv functions with new glibc headers
- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim
- drop patches:
  - chrony-include-termios.patch
  - make-105-ntpauth-more-reliable.patch
- drop buildrequires for texinfo and pre requires on the install
  info packages
- no longer use make install-docs: it only installed 0 byte html
- Provide ntp-daemon (bsc#973981)
- chrony-fix-open.patch: make sure _open and _close are initialized
  in open()/close() override, as libfreebl3 also calls from the
  the ELF constructor. FATE#319508
- enable mozilla-nss
- Use correct license
- Drop hardcoded dependency on libseccomp, it is detected during
- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun as it would lead to error.
- Change conditions for libseccom, we can use any version on SLE-12
- Removed %if for distributions that aren't building chrony.
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
  the patch is not particularly version-dependent.
- Added clknetsim for "/make check"/ processing.
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
  and running "/make check"/.
- Changed Buildrequires and Requires to specify the minimum level of
  libseccomp needed to build on s390x and ppc64le.
- Removed "/-Recommends: timedatex"/ since I couldn't find any instance
  of it anywhere in the build service.
- Modified the description to use some of the information from the
  chrony web site.
- Added chrony-include-termios.patch so that it will build on ppc64le.
- Added make-105-ntpauth-more-reliable.patch so that "/make check"/
  will not report a non-failure as a failure.
- Added --without-nss to ./configure to avoid "/interruption code
  0x2003B in chronyd"/ errors.
- Changed the symbolic links for rcchronyd and rcchronyd-wait to
  point to the actual location of the service command, not the symlink
  in /sbin.
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun.
- Cleanup spec file with spec-cleaner
- Prepare for submission to Factory (see fate#319508)
- update to 2.3
  - Enhancements
  - Add support for NTP and command response rate limiting
  - Add support for dropping root privileges on Mac OS X,
    FreeBSD, Solaris
  - Add require and trust options for source selection
  - Enable logchange by default (1 second threshold)
  - Set RTC on Mac OS X with rtcsync directive
  - Allow binding to NTP port after dropping root privileges on
  - Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
    is disabled
  - Resolve names in separate process when seccomp filter is
  - Replace old records in client log when memory limit is
  - Don't reveal local time and synchronisation state in client
  - Don't keep client sockets open for longer than necessary
  - Ignore poll in KoD RATE packets as ntpd doesn't always set it
  - Warn when using keys shorter than 80 bits
  - Add keygen command to generate random keys easily
  - Add serverstats command to report NTP and command packet
  - Bug fixes
  - Fix clock correction after making step on Mac OS X
  - Fix building on Solaris
- refreshed patches to apply cleanly again:
- update to 2.2.1
  Restrict authentication of NTP server/peer to specified key
- silence groupadd/useradd call and drop the shell from the user.
- update to 2.2
  see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
  longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
  changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir
- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
  * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
  container; (bsc#1183239); CVE-2021-20208.
- CVE-2020-14342: Shell command injection vulnerability in mount.cifs;
  (bsc#1174477); (bso#14442); CVE-2020-14342.
  * add 0013-CVE-2020-14342-mount.cifs-fix-shell-command-injectio.patch
- Fix invalid free in mount.cifs; (bsc#1152930).
  * add 0012-mount.cifs-Fix-invalid-free.patch
- Fix double-free in mount.cifs; (bsc#1149164).
  * add 0011-fix-doublefree.patch
- Update to cifs-utils 6.9; (bsc#1132087); (bsc#1136031).
  * adds fixes for Azure
  * new smbinfo utility
  * remove cifs-utils-6.8.tar.bz2
  * remove cifs-utils-6.8.tar.bz2.asc
  * add cifs-utils-6.9.tar.bz2
  * add cifs-utils-6.9.tar.bz2.asc
  * add 0001-smbinfo-Improve-help-usage-and-add-h-option.patch
  * add 0002-smbinfo-Add-bash-completion-support-for-smbinfo.patch
  * add 0003-getcifsacl-Add-support-to-accept-more-paths.patch
  * add 0004-getcifsacl-Fix-usage-message-to-include-multiple-fil.patch
  * add 0005-smbinfo-add-GETCOMPRESSION-support.patch
  * add 0006-getcifsacl-Add-support-for-R-recursive-option.patch
  * add 0007-smbinfo-add-bash-completion-support-for-getcompressi.patch
  * add 0008-mount.cifs.c-fix-memory-leaks-in-main-func.patch
  * add 0009-Zero-fill-the-allocated-memory-for-new-struct-cifs_n.patch
  * add 0010-Zero-fill-the-allocated-memory-for-a-new-ACE.patch
- Remove backports that are already in 6.9; (fate#325270); (bsc#1130528);
  * remove 0001-docs-cleanup-rst-formating.patch
  * remove 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
  * remove 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
  * remove 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
  * remove 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
  * remove 0006-cifs-utils-support-rst2man-3.patch
  * remove 0007-checkopts-report-duplicated-options-in-man-page.patch
  * remove 0008-mount.cifs.rst-more-cleanups.patch
  * remove 0009-mount.cifs.rst-document-vers-3-mount-option.patch
  * remove 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
  * remove allow-dns-resolver-key-to-expire.patch
  * remove suse-document-new-vers-default-SMB2.1.patch
- Remove dependency workaround regarding python2/python3
- Fix dependency failure on SLE15 regarding python2/python3.
- Allow cached DNS entry to expire; (fate#325270).
  * add allow-dns-resolver-key-to-expire.patch
- Document new SMB2.1+ defaults; (bsc#1130528).
  * be more verbose on mount errors, especially with EHOSTDOWN which
    is often returned on SMB version issues.
  * add suse-document-new-vers-default-SMB2.1.patch
- Fix python dependency stalemate by requiring python3 version of
- Update to cifs-utils 6.8.
  + document more mount options
  + man pages now generated from RST files
  + add python-docutils build dependency
  + update keyring to check tarball signature
  + remove 0001-manpage-correct-typos-and-spelling-mistakes.patch
  + remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Add typo corrections, better doc and configure fixes from upstream
  + add 0001-docs-cleanup-rst-formating.patch
  + add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
  + add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
  + add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
  + add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
  + add 0006-cifs-utils-support-rst2man-3.patch
  + add 0007-checkopts-report-duplicated-options-in-man-page.patch
  + add 0008-mount.cifs.rst-more-cleanups.patch
  + add 0009-mount.cifs.rst-document-vers-3-mount-option.patch
  + add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
- Cleanup spec file
  * assume SUSE vendor and SLE >= 11
- Update BuildIgnore to break build cycle samba-client <-> cifs-utils
- update to 6.7:
  * mount.cifs cleanups
- includes 6.6:
  * cleanup/overhaul of cifs.upcall krb5 credcache handling
- partial cleanup with spec-cleaner
- Document SMB3+ and new seal option; (fate#322075).
  + add patch 0001-manpage-correct-typos-and-spelling-mistakes.patch
  + add patch 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Get rid of init script on everything based off SLE12+ (bsc#1025471).
- Use https urls.
- Don't ignore libldb, libtalloc, libtevent, and samba-client-libs at build
  time; (bsc#966174).
- Update to cifs-utils 6.5.
  + mount.cifs: ignore x- mount options
  + minor build fixes; obsoletes include_paths.h_for__PATH_MOUNTED.patch
  + minor manpage fix
- Ignore samba-client-libs at build-time on post-22 Fedora systems.
- Add include_paths.h_for__PATH_MOUNTED.patch
- Use rccifs -> service symlink for proper status (bnc#908023).
- Remove dependency on gpg-offline as signature checking is implemented in the
  source validator.
- Add README.cifstab.migration to document the cifstab removal; (bnc#902947).
- Fix broken rccifs symbolic link.
- Remove dead code associated with cifstab file which is no longer used.
- Update to version 1.5:
  + Add support for GCE (bsc#1159460, bsc#1178486)
  + Improve default gateway determination
- Update to version 1.4:
  + copy routes from default routing table (bsc#1162705, bsc#1162707)
  + make CLOUD_NETCONFIG_MANAGE default configurable
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
  shortcut through the -mini flavors.
- Removed obsolete Group tag from spec file
- Update to version 1.3:
  + Fix IPv4 address handling on secondary NICs in Azure
- Update to version 1.2:
  + support AWS IMDSv2 token
- Update to version 1.1
  + fix use of GATEWAY variable (bsc#1157117, bsc#1157190)
  + remove secondary IPv4 address only when added by cloud-netconfig
  + simplify routing setup for single NIC systems (partly fixes
- Update to version 1.0:
  + pause and retry if API call throttling is detected in Azure
    (bsc#1135257 bsc#1135263)
- Update to version 0.9:
  + run cloud-netconfig periodically (bsc#1118783 bsc#1122013)
  + do not treat eth0 special wrt routing policies (bsc#1123008)
  + reduce timeout on metadata read (bsc#1112822)
- Update to version 0.7:
  + no persistent interface names in Azure (bsc#1095485)
- Added dependency on curl
- Use otherproviders() only on SLES 11 builds
- Remove dependency on udev-persistent-ifnames (bsc#1075484)
- Add missing Provides/Conflicts statements to spec file
- Prepare for SLE11 submission (bsc#1063292)
- Update to version 0.6:
  + Use tested and supported metadata API versions
- Update to version 0.5
  + New API version for Azure metadata server
  + Wait for the metadata server in EC2
- Update to version 0.4:
  Do not touch VF interfaces in Azure (bsc#1055553)
- Prepare for SLE submission (FATE#323820, bsc#1027212)
- Added conflict tags
- Fix requires for non-Leap platforms
- Initial version 0.3
- Add patch for CVE-2021-32760. bsc#1188282
  + bsc1188282-use-chmod-path-for-checking-symlink.patch
- Drop long-since upstreamed patch, originally needed to fix i386 builds on
  - 0001-makefile-remove-emoji.patch
- Update to containerd v1.4.4, to fix CVE-2021-21334.
- Update to handle the docker-runc removal, and drop the -kubic flavour.
  bsc#1181677 bsc#1181749
- Update to containerd v1.4.3, which is needed for Docker v20.10.2-ce.
- Install the containerd-shim* binaries and stop creating
  docker-containerd-shim because that isn't used by Docker anymore.
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and
  fixes CVE-2020-15257. bsc#1178969 bsc#1180243
- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce.
  boo#1176708 bsc#1177598 CVE-2020-15157
- Refresh patches:
  * 0001-makefile-remove-emoji.patch
- Use Go 1.13 for build.
- Update to containerd v1.2.13, which is required for Docker 19.03.11-ce.
- Update to containerd v1.2.10, which is required for Docker 19.03.3-ce.
  bsc#1153367 bsc#1157330
- Update to containerd v1.2.6, which is required for Docker v18.09.7-ce.
- Remove containerd-test (it's not useful for actual testing).
- Update to containerd v1.2.5, which is required for v18.09.5-ce.
  bsc#1128376 boo#1134068
- Update containerd to v1.2.4
  * cri: Set /etc/hostname
  * cri: Fix env performance issue
  * runc updated to 6635b4f0c6af3810594d2770f662f34ddc15b40d to solve
    bsc#1121967 CVE-2019-5736
  * cri updated to da0c016c830b2ea97fd1d737c49a568a816bf964
  * Windows: NewDirectIOFromFIFOSet
  * Changelogs from previous versions also included in this update:
- Update to containerd v1.2.2, which is required for Docker v18.09.1-ce.
  * Fix rare deadlock on FIFO creation with timeout
  * Fix a bug that a container can't be stopped or inspected when its
    corresponding image is deleted
  * Fix a bug that the cri plugin handles containerd events outside of namespace
  more changes at:
  Changelogs from previous versions also included in this update:
- Remove required_dockerrunc commit pinning, as it just lead to issues.
- Remove upstreamed patches.
  - 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Disable leap based builds for kubic flavor. bsc#1121412
- Update go requirements to >= go1.10 to fix
  * bsc#1118897 CVE-2018-16873
    go#29230 cmd/go: remote command execution during "/go get -u"/
  * bsc#1118898 CVE-2018-16874
    go#29231 cmd/go: directory traversal in "/go get"/ via curly braces in import paths
  * bsc#1118899 CVE-2018-16875
    go#29233 crypto/x509: CPU denial of service
- Add backport of, which is
  required for us to build containerd on i586 SLE-12 (where /bin/sh doesn't
  like emoji in shell scripts). bsc#1102522 bsc#1113313
  + 0001-makefile-remove-emoji.patch
- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
- Merge -kubic packages back into the main Virtualization:containers packages.
  This is done using _multibuild to add a "/kubic"/ flavour, which is then used
  to conditionally compile patches and other kubic-specific features.
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
  to work with Docker and containerd. fate#325877
- Update to containerd v1.1.1, which is the required version for the Docker
  v18.06.0-ce upgrade. bsc#1102522
- Add backport of to make
  the man page no longer pollute the global namespace.
  + 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Remove the following patch since it has already been merged upstream.
  - bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Remove systemd-related files and add docker-containerd-* symlinks; this
  aligns with the upstream defaults where dockerd will execute
  docker-containerd. Version upgrades of docker are expected to work more
  smoothly as much of the upgrade logic is implemented in dockerd.
- Add containerd-rpmlintrc (or containerd-kubic-rpmlintrc) to deal with
  /usr/src/containerd/* rpmlint errors (which don't affect normal users of this
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
  and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
  testing has been far more useful. boo#1095817
- Review obsoletes tag to fix bsc#1080978
- Put containerd under the podruntime slice. This the recommended
  deployment to allow fine resource control on Kubernetes.
- Add ${version} to equivalent non-kubic package provides
- Add Provides for equivalent non-kubic packages
- do not build on s390, only on s390x (no go on s390)
- Fix build with RPM 4.14: exclude is not meant for files to NOT be
  packaged, but should only be used if the files are to be excluded
  from a glob when they end up in a different package. Rather
  remove the unwanted files in the install section.
- Update to containerd@06b9cb35161009dcb7123345749fef02f7cea8e0, which is
  requried by Docker 17.09.1_ce.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Set --start-timeout=2m by default to match upstream. bsc#1064926
- Use the upstream makefile so that Docker can get the commit ID in `docker
  info`. This also will avoid possible future warnings being spit out like
  bsc#1065109 and boo#1053532.
- Backport, which is
  required for the above fix. bsc#1065109 boo#1053532
  + bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Update to containerd@3addd840653146c90a254301d6c3a663c7fd6429, which is
  required by Docker 17.07.0_ce (this commit is effectively v0.2.9 with a few
  bugfixes missing).
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
- change dependency to docker-runc
- fix golang requirement to 1.7 for the subpackages
- fix golang requirement to 1.7
- Replace %__-type macro indirections
- update containerd to the commit version needed for
  docker-v17.04.0-ce (bsc#1034053)
  fix bsc#1032769: containerd spurious messages filling journal
- make sure this package is being built with go 1.7
- remove the go_arches macro because we are using go1.7 which
  is available in all archs
- Set TasksMax=infinity to make sure runC doesn't start failing randomly.
- update to docker 1.13.0 requirement
- Update docker to the version used in Docker 1.12.6. This is necessary to fix
  CVE-2016-9962 (bsc#1012568).
- update containerd to the version used in docker 1.12.5 (bsc#1016307).
  This fixes bsc#1015661
- fix runc version
  fix bsc#1009961
- fix version so that it contains a sequence number and zypper does
  not think is a downgrade
- fix bsc#1006368: docker/containerd is broken when installed by
  SuSE Studio in an appliance: We were missing the
    Requires(post): %fillup_prereq
- update runc requirement to 02f8fa7863dd3f82909a73e2061897828460d52f
  (see RUNC_COMMIT in Dockerfile)
- update to commit 0366d7e which is the one required for docker-1.12.2
- fix go_arches definition: use global instead of define, otherwise
  it fails to build
- Remove GOPATH at the end of the GOPATH assignment
  cause GOPATH is empty and if we do that, we get the path "/"/
  appended, which causes gcc6-go to complain
- add go_arches in project configuration: this way, we can use the
  same spec file but decide in the project configuration if to
  use gc-go or gcc-go for some archs.
- update to v2.3.0 (bsc#995058)
- Remove patches which were already merged upstream:
  * socket-activation-01-vendor.patch
  * socket-activation-02-daemon.patch
  * socket-activation-03-ctr.patch
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
- bump git commit id to the one required by docker v1.12.0
- run test during build
- only run tests on architectures that provide the go list and got test tools
- add aarch64 to go arches
- Add containerd-test package which contains the source code and the test. This
  package will be used to run the integration tests.
- Simplify package build and check sections: Instead of symlinking we default to
  cp -avr. go list gets confused by symlinks hence, we need to copy the source
  code anyway if we want to run unit tests during package build at some point.
* Explicitly state the version dependency for runC, to avoid potential
  issues with incompatible component versions. These must be updated
  * each time we do a release*. Unfortunately we cannot create a hard
  dependency because that would conflict with Docker, and was a mistake
  on upstream's part. bsc#993847
* Set --runtime option specifically to runC. bsc#978260
* Update to containerd v0.2.2. (bsc#989566 FATE#320763)
  * Includes updates to the out-of-tree patches.
* Remove MountFlags=slave from containerd.service. This causes many issues with
  interactions with Docker.
* Added /usr/sbin/rccontainerd symlink as per suse-missing-rclink.
  * Updated socket activation patches to use the same patchset that was merged
  upstream (
  * socket-activation-01-vendor.patch
  * socket-activation-02-daemon.patch
  * socket-activation-03-ctr.patch
  * Removed aarch64 that was patched upstream:
  - fix-aarch64-epoll.patch
  * Update containerd to 0.2.1. Upstream changelog:
  * Fixes for cgroup memory updates and process labeling.
  * Truncate the event log on disk and in memory so that it does not
    grow forever.  This is mainly used for higher levels to receive past
    events if they miss any.
* Use the gc compiler for aarch64 builds.
  * Add a patch to fix the new aarch64 build support, which has not yet been
  merged upstream (
  + fix-aarch64-epoll.patch
  * Rebase the socket activation patchset which has yet to be merged
  * socket-activation-01-vendor.patch
  * socket-activation-02-daemon.patch
  * socket-activation-03-ctr.patch
  * Update to containerd 0.2.0. Changelog:
  + Add Limit to PidsStats
  + Add timeout flag for container start times.
  + Add timeout option for GRPC connection.
  + Add no_pivot_root support.
  + Add runtimeArgs to pass to shim
  * Move epoll syscall to a separate package so we can build on aarch64.
  * Fix ctr termios restoration isssues.
  * Several bug fixes.
  - Remove dependencies on larger packages.
* Use socket activation with the containerd-daemon. This requires a
  not-yet-upstream patchset (
  + socket-activation-01-vendor.patch
  + socket-activation-02-daemon.patch
  + socket-activation-03-ctr.patch
  * Remove MountFlags=slave since it's not relevant to containerd and might cause
  issues in the future.
  * Update to containerd 0.1.0. This required quite a few fixes.
* Add initial packaging of containerd 0.0.5.
  * Add service and sysconfig files.
  * Separately package the client from the server.
  * Install to /usr/sbin.
- prepare usrmerge (boo#1029961)
- gnulib-test-avoid-FP-perror-strerror.patch: Add patch to
  avoid false-positive error in gnulib tests 'test-perror2' and
  'test-strerror_r', visible on armv7l.
- coreutils.spec: Reference the patch.
- Drop suse-module-tools BuildRequires: this was used for the macro
  regenerate_initrd_post/posttrans, which have been moved to
  rpm-config-SUSE in Jan 2019.
- coreutils-gnulib-disable-test-float.patch: Add patch to temporarily
  disable the gnulib test 'test-float' failing on ppc and ppc64le.
- coreutils.spec: Reference the patch.  While at it, avoid conditional
  Patch and Source entries as that break cross-platform builds from
  source RPMs.
- add coreutils-use-python3.patch to minimally port away from
  python 2.x use of pyinotify in the testsuite
- Update to 8.32:
  * Noteworthy changes in release 8.32 (2020-03-05) [stable]
  * * Bug fixes
  cp now copies /dev/fd/N correctly on platforms like Solaris where
  it is a character-special file whose minor device number is N.
  [bug introduced in fileutils-4.1.6]
  dd conv=fdatasync no longer reports a "/Bad file descriptor"/ error
  when fdatasync is interrupted, and dd now retries interrupted calls
  to close, fdatasync, fstat and fsync instead of incorrectly
  reporting an "/Interrupted system call"/ error.
  [bugs introduced in coreutils-6.0]
  df now correctly parses the /proc/self/mountinfo file for unusual entries
  like ones with 'r' in a field value ("/mount -t tmpfs tmpfs /foo$'r'bar"/),
  when the source field is empty ('mount -t tmpfs "/"/ /mnt'), and when the
  filesystem type contains characters like a blank which need escaping.
  [bugs introduced in coreutils-8.24 with the introduction of reading
  the /proc/self/mountinfo file]
  factor again outputs immediately when stdout is a tty but stdin is not.
  [bug introduced in coreutils-8.24]
  ln works again on old systems without O_DIRECTORY support (like Solaris 10),
  and on systems where symlink ("/x"/, "/."/) fails with errno == EINVAL
  (like Solaris 10 and Solaris 11).
  [bug introduced in coreutils-8.31]
  rmdir --ignore-fail-on-non-empty now works correctly for directories
  that fail to be removed due to permission issues.  Previously the exit status
  was reversed, failing for non empty and succeeding for empty directories.
  [bug introduced in coreutils-6.11]
  'shuf -r -n 0 file' no longer mistakenly reads from standard input.
  [bug introduced with the --repeat feature in coreutils-8.22]
  split no longer reports a "/output file suffixes exhausted"/ error
  when the specified number of files is evenly divisible by 10, 16, 26,
  for --numeric, --hex, or default alphabetic suffixes respectively.
  [bug introduced in coreutils-8.24]
  seq no longer prints an extra line under certain circumstances (such as
  'seq -f "/%g "/ 1000000 1000000').
  [bug introduced in coreutils-6.10]
  * * Changes in behavior
  Several programs now check that numbers end properly.  For example,
  'du -d 1x' now reports an error instead of silently ignoring the 'x'.
  Affected programs and options include du -d, expr's numeric operands
  on non-GMP builds, install -g and -o, ls's TABSIZE environment
  variable, mknod b and c, ptx -g and -w, shuf -n, and sort --batch-size
  and --parallel.
  date now parses military time zones in accordance with common usage:
    "/A"/ to "/M"/  are equivalent to UTC+1 to UTC+12
    "/N"/ to "/Y"/  are equivalent to UTC-1 to UTC-12
    "/Z"/ is "/zulu"/ time (UTC).
  For example, 'date -d "/09:00B"/ is now equivalent to 9am in UTC+2 time zone.
  Previously, military time zones were parsed according to the obsolete
  rfc822, with their value negated (e.g., "/B"/ was equivalent to UTC-2).
  [The old behavior was introduced in sh-utils 2.0.15 ca. 1999, predating
  coreutils package.]
  ls issues an error message on a removed directory, on GNU/Linux systems.
  Previously no error and no entries were output, and so indistinguishable
  from an empty directory, with default ls options.
  uniq no longer uses strcoll() to determine string equivalence,
  and so will operate more efficiently and consistently.
  * * New Features
  ls now supports the --time=birth option to display and sort by
  file creation time, where available.
  od --skip-bytes now can use lseek even if the input is not a regular
  file, greatly improving performance in some cases.
  stat(1) supports a new --cached= option, used on systems with statx(2)
  to control cache coherency of file system attributes,
  useful on network file systems.
  * * Improvements
  stat and ls now use the statx() system call where available, which can
  operate more efficiently by only retrieving requested attributes.
  stat and tail now know about the "/binderfs"/, "/dma-buf-fs"/, "/erofs"/,
  "/ppc-cmm-fs"/, and "/z3fold"/ file systems.
  stat -f -c%T now reports the file system type, and tail -f uses inotify.
  * * Build-related
  gzip-compressed tarballs are distributed once again
- Refresh patches:
  * coreutils-disable_tests.patch
  * coreutils-getaddrinfo.patch
  * coreutils-i18n.patch
  * coreutils-invalid-ids.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch:
  * uniq: remove collation handling as required by newer POSIX; see
- coreutils-ls-restore-8.31-behavior-on-removed-dirs.patch:
  * Add patch for 'ls' to restore 8.31 behavior on removed directories.
- coreutils.spec:
  * Version: bump version.
  * %check: re-enable regular 'make check' for non-multibuild package.
  * reference the above new patch.
- coreutils.keyring:
  * Update from upstream (Savannah).
- disable single and testsuite builds in rings/staging
- remove duplicate "/coreutils"/ in flavor to make it look nicer in OBS
- minor: remove obsolete comment in spec file.
- switch to multibuild
- add coreutils-single subpackage that contains a single binary coreutils tool
  similar to busybox
- package LC_CTIME directories also in lang package
- split off doc package
- remove info macros, handled by file trigger nowadays
- Do not recommend lang package. The lang package already has a
- Update to 8.31:
  * Noteworthy changes in release 8.31 (2019-03-10) [stable]
  * * Bug fixes
  'base64 a b' now correctly diagnoses 'b' as the extra operand, not 'a'.
  [bug introduced in coreutils-5.3.0]
  When B already exists, 'cp -il A B' no longer immediately fails
  after asking the user whether to proceed.
  [This bug was present in "/the beginning"/.]
  df no longer corrupts displayed multibyte characters on macOS.
  [bug introduced with coreutils-8.18]
  seq no longer outputs inconsistent decimal point characters
  for the last number, when locales are misconfigured.
  [bug introduced in coreutils-7.0]
  shred, sort, and split no longer falsely report ftruncate errors
  when outputting to less-common file types.  For example, the shell
  command 'sort /dev/null -o /dev/stdout | cat' no longer fails with
  an "/error truncating"/ diagnostic.
  [bug was introduced with coreutils-8.18 for sort and split, and
  (for shared memory objects only) with fileutils-4.1 for shred]
  sync no longer fails for write-only file arguments.
  [bug introduced with argument support to sync in coreutils-8.24]
  'tail -f file | filter' no longer exits immediately on AIX.
  [bug introduced in coreutils-8.28]
  'tail -f file | filter' no longer goes into an infinite loop
  if filter exits and SIGPIPE is ignored.
  [bug introduced in coreutils-8.28]
  * * Changes in behavior
  cksum, dd, hostid, hostname, link, logname, sleep, tsort, unlink,
  uptime, users, whoami, yes: now always process --help and --version options,
  regardless of any other arguments present before any optional '--'
  end-of-options marker.
  nohup now processes --help and --version as first options even if other
  parameters follow.
  'yes a -- b' now outputs 'a b' instead of including the end-of-options
  marker as before: 'a -- b'.
  echo now always processes backslash escapes when the POSIXLY_CORRECT
  environment variable is set.
  When possible 'ln A B' now merely links A to B and reports an error
  if this fails, instead of statting A and B before linking.  This
  uses fewer system calls and avoids some races.  The old statting
  approach is still used in situations where hard links to directories
  are allowed (e.g., NetBSD when superuser).
  ls --group-directories-first will also group symlinks to directories.
  'test -a FILE' is not supported anymore.  Long ago, there were concerns about
  the high probability of humans confusing the -a primary with the -a binary
  operator, so POSIX changed this to 'test -e FILE'.  Scripts using it were
  already broken and non-portable; the -a unary operator was never documented.
  wc now treats non breaking space characters as word delimiters
  unless the POSIXLY_CORRECT environment variable is set.
  * * New features
  id now supports specifying multiple users.
  'date' now supports the '+' conversion specification flag,
  introduced in POSIX.1-2017.
  printf, seq, sleep, tail, and timeout now accept floating point
  numbers in either the current or the C locale.  For example, if the
  current locale's decimal point is ',', 'sleep 0,1' and 'sleep 0.1'
  now mean the same thing.  Previously, these commands accepted only
  C-locale syntax with '.' as the decimal point.  The new behavior is
  more compatible with other implementations in non-C locales.
  test now supports the '-N FILE' unary operator (like e.g. bash) to check
  whether FILE exists and has been modified since it was last read.
  env now supports '--default-signal[=SIG]', '--ignore-signal[=SIG]', and
  '--block-signal[=SIG], to setup signal handling before executing a program.
  env now supports '--list-signal-handling' to indicate non-default
  signal handling before executing a program.
  * * New commands
  basenc is added to complement existing base64,base32 commands,
  and encodes and decodes printable text using various common encodings:
  * * Improvements
  ls -l now better aligns abbreviated months containing digits,
  which is common in Asian locales.
  stat and tail now know about the "/sdcardfs"/ file system on Android.
  stat -f -c%T now reports the file system type, and tail -f uses inotify.
  stat now prints file creation time when supported by the file system,
  on GNU Linux systems with glibc >= 2.28 and kernel >= 4.11.
- Refresh patches (line number changes only):
  * coreutils-disable_tests.patch
  * coreutils-i18n.patch
  * coreutils-misc.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
  * Version: bump version.
  * URL: Use https scheme.
  * %description: Add 'basenc' tool.
  * Change gitweb to cgit URL with https in a comment.
- coreutils.keyring:
  * Update for added section headers ('GPG keys of <MAINTAINER>').
- Update to 8.30:
  * Noteworthy changes in release 8.30 (2018-07-01) [stable]
  * * Bug fixes
  'cp --symlink SRC DST' will again correctly validate DST.
  If DST is a regular file and SRC is a symlink to DST,
  then cp will no longer allow that operation to clobber DST.
  Also with -d, if DST is a symlink, then it can always be replaced,
  even if it points to SRC on a separate device.
  [bugs introduced with coreutils-8.27]
  'cp -n -u' and 'mv -n -u' now consistently ignore the -u option.
  Previously, this option combination suffered from race conditions
  that caused -u to sometimes override -n.
  [bug introduced with coreutils-7.1]
  'cp -a --no-preserve=mode' now sets appropriate default permissions
  for non regular files like fifos and character device nodes etc.,
  and leaves mode bits of existing files unchanged.
  Previously it would have set executable bits on created special files,
  and set mode bits for existing files as if they had been created.
  [bug introduced with coreutils-8.20]
  'cp --remove-destination file symlink' now removes the symlink
  even if it can't be traversed.
  [bug introduced with --remove-destination in fileutils-4.1.1]
  ls no longer truncates the abbreviated month names that have a
  display width between 6 and 12 inclusive.  Previously this would have
  output ambiguous months for Arabic or Catalan locales.
  'ls -aA' is now equivalent to 'ls -A', since -A now overrides -a.
  [bug introduced in coreutils-5.3.0]
  'mv -n A B' no longer suffers from a race condition that can
  overwrite a simultaneously-created B.  This bug fix requires
  platform support for the renameat2 or renameatx_np syscalls, found
  in recent Linux and macOS kernels.  As a side effect, ‘mv -n A A’
  now silently does nothing if A exists.
  [bug introduced with coreutils-7.1]
  * * Changes in behavior
  'cp --force file symlink' now removes the symlink even if
  it is self referential.
  ls --color now matches file extensions case insensitively.
  * * New features
  cp --reflink now supports --reflink=never to enforce a standard copy.
  env supports a new -v/--debug option to show verbose information about
  each processing step.
  env supports a new -S/--split-string=S option to split a single argument
  string into multiple arguments. Used to pass multiple arguments in scripts
  (shebang lines).
  md5sum accepts a new option: --zero (-z) to delimit the output lines with a
  NUL instead of a newline character.  This also disables file name escaping.
  This also applies to sha*sum and b2sum.
  rm --preserve-root now supports the --preserve-root=all option to
  reject any command line argument that is mounted to a separate file system.
  * * Improvements
  cut supports line lengths up to the max file size on 32 bit systems.
  Previously only offsets up to SIZE_MAX-1 were supported.
  stat and tail now know about the "/exfs"/ file system, which is a
  version of XFS.  stat -f --format=%T now reports the file system type,
  and tail -f uses inotify.
  wc avoids redundant processing of ASCII text in multibyte locales,
  which is especially significant on macOS.
  * * Build-related
  Adjust to glibc >= 2.28  (bsc#1182550, jsc#SLE-13520, jsc#SLE-13756)
- Refresh patches (line number changes only):
  * coreutils-build-timeout-as-pie.patch
  * coreutils-disable_tests.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
  * (License): osc changed the value from "/GPL-3.0+"/ to "/GPL-3.0-or-later"/.
  * (build): Make sure that parse-datetime.{c,y} ends up in debuginfo (rh#1555079).
- coreutils-i18n.patch:
  * src/exand.c,src/unexpand.c: Avoid -Wcomment warning.
  * src/cut.c (cut_characters_or_cut_bytes_no_split): Change idx from size_t
    to uintmax_t type to avoid a regression on i586, armv7l and ppc.
    Compare upstream, non-MB commit:
    (cut_fields_mb): Likewise for field_idx.
  * tests/misc/ Remove downstream tweaks as upstream MB tests are
    working since a while.
- coreutils.keyring: Update Assaf Gordon's GPG public key.
- Use %license (boo#1082318)
- Update to 8.29:
  * Noteworthy changes in release 8.29 (2017-12-27) [stable]
  * * Bug fixes
  b2sum no longer crashes when processing certain truncated check files.
  [bug introduced with b2sum coreutils-8.26]
  dd now ensures the correct cache ranges are specified for the "/nocache"/
  and "/direct"/ flags.  Previously some pages in the page cache were not
  invalidated.  [bug introduced for "/direct"/ in coreutils-7.5,
  and with the "/nocache"/ implementation in coreutils-8.11]
  df no longer hangs when given a fifo argument.
  [bug introduced in coreutils-7.3]
  ptx -S no longer infloops for a pattern which returns zero-length matches.
  [the bug dates back to the initial implementation]
  shred --remove will again repeatedly rename files with shortening names
  to attempt to hide the original length of the file name.
  [bug introduced in coreutils-8.28]
  stty no longer crashes when processing settings with -F also specified.
  [bug introduced in fileutils-4.0]
  tail --bytes again supports non seekable inputs on all systems.
  On systems like android it always tried to process as seekable inputs.
  [bug introduced in coreutils-8.24]
  timeout will again notice its managed command exiting, even when
  invoked with blocked CHLD signal, or in a narrow window where
  this CHLD signal from the exiting child was missed.  In each case
  timeout would have then waited for the time limit to expire.
  [bug introduced in coreutils-8.27]
  * * New features
  timeout now supports the --verbose option to diagnose forced termination.
  * * Improvements
  dd now supports iflag=direct with arbitrary sized files on all file systems.
  tail --bytes=NUM will efficiently seek to the end of block devices,
  rather than reading from the start.
  Utilities which do not support long options (other than the default --help
  and --version), e.g. cksum and sleep, now use more consistent error diagnostic
  for unknown long options.
  * * Build-related
  Default man pages are now distributed which are used if perl is
  not available on the build system, or when cross compiling.
- Refresh patches (line number changes only):
  * coreutils-i18n.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- Update to 8.28
  (for details see included NEWS file)
- Refresh patches:
  * coreutils-disable_tests.patch
  * coreutils-i18n.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.keyring: Update from upstream (Savannah).
- Remove now-upstream patches:
  * coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch
  * coreutils-tests-port-to-timezone-2017a.patch
- coreutils.spec: Add "/BuildRequires: user(bin)"/ for the tests.
- Drop coreutils-ocfs2_reflinks.patch
  OCFS2 file system has supported file clone ioctls like btrfs,
  then, coreutils doesn't need this patch from the kernel v4.10-rc1
- coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch:
  Add upstream patch to fix an heap overflow security issue
  in date(1) and touch(1) with a large TZ variable
  (CVE-2017-7476, rh#1444774, boo#1037124).
- Update to 8.27
  (for details see included NEWS file)
- Refresh patches:
  * coreutils-build-timeout-as-pie.patch
  * coreutils-disable_tests.patch
  * coreutils-getaddrinfo.patch
  * coreutils-i18n.patch
  * coreutils-ocfs2_reflinks.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
  * coreutils-testsuite.spec
- coreutils.keyring: Update (now ascii-armored) by
    'osc service localrun download_files'.
- coreutils-tests-port-to-timezone-2017a.patch: Add patch to
  workaround a FP test failure with newer timezone-2017a.
- Update to 8.26
  (for details see included NEWS file)
- coreutils.spec (%description): Add b2sum, a new utility.
  (BuildRequires): Add timezone to enable new '' test.
- coreutils-i18n.patch: Sync I18N patch from Fedora, as the diff
  for the old i18n implementation of expand/unexpand has become
- Remove now-upstream patches:
  * coreutils-df-hash-in-filter.patch
  * coreutils-diagnose-fts-readdir-failure.patch
  * coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch
  * coreutils-maint-fix-dependency-of-man-arch.1.patch
- Refresh/merge all other patches:
  * coreutils-invalid-ids.patch
  * coreutils-ocfs2_reflinks.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-sysinfo.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch:
  Add upstream patch to fix "/md5sum --check --ignore-missing"/ which
  treated files with checksums starting with "/00"/ as missing.
- coreutils-maint-fix-dependency-of-man-arch.1.patch: Add Upstream
  patch to fix the build dependency between src/arch -> man/arch.1
  which lead to spurious build failures.
- coreutils-df-hash-in-filter.patch: Refresh with -p0.
- Add coreutils-df-hash-in-filter.patch that speeds up df.
- coreutils-diagnose-fts-readdir-failure.patch: Add upstream patch
  to diagnose readdir() failures in fts-based utilities: rm, chmod,
  du, etc. (boo#984910)
- Update to 8.25
  (for details see included NEWS file)
- coreutils.spec (%description): Add base32, a new utility.
- Remove now-upstream patch:
  * coreutils-tests-avoid-FP-of-ls-stat-free-color.patch
- Refresh/merge all other patches:
  * coreutils-build-timeout-as-pie.patch
  * coreutils-disable_tests.patch
  * coreutils-i18n.patch
  * coreutils-invalid-ids.patch
  * coreutils-misc.patch
  * coreutils-ocfs2_reflinks.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-test_without_valgrind.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch: Sync I18N patch from semi-official repository
  (shared among distributions, maintained by Padraig Brady):
  This fixes the following issues in multi-byte locales:
  * sort: fix large mem leak with --month-sort (boo#945361, rh#1259942):
  * sort: fix assertion with some inputs to --month-sort
- coreutils-tests-avoid-FP-of-ls-stat-free-color.patch: Add upstream
  patch on top of v8.24 to avoid a FP test failure with glibc>=2.22.
- Sync I18N patch from semi-official repository (shared among
  distributions, maintained by Padraig Brady):
  * coreutils-i18n.patch: Improve cut(1) performance in field-mode
    in UTF8 locales.  Squash in sort-keycompare-mb.patch.
  * sort-keycompare-mb.patch: Remove.
- coreutils-build-timeout-as-pie.patch: Refresh.
- Update to 8.24:
  * * Bug fixes
  * dd supports more robust SIGINFO/SIGUSR1 handling for outputting statistics.
    Previously those signals may have inadvertently terminated the process.
  * df --local no longer hangs with inaccessible remote mounts.
    [bug introduced in coreutils-8.21]
  * du now silently ignores all directory cycles due to bind mounts.
    Previously it would issue a warning and exit with a failure status.
    [bug introduced in coreutils-8.1 and partially fixed in coreutils-8.23]
  * chroot again calls chroot(DIR) and chdir("//"/), even if DIR is "//"/.
    This handles separate bind mounted "//"/ trees, and environments
    depending on the implicit chdir("//"/).
    [bugs introduced in coreutils-8.23]
  * cp no longer issues an incorrect warning about directory hardlinks when a
    source directory is specified multiple times.  Now, consistent with other
    file types, a warning is issued for source directories with duplicate names,
    or with -H the directory is copied again using the symlink name.
  * factor avoids writing partial lines, thus supporting parallel operation.
    [the bug dates back to the initial implementation]
  * head, od, split, tac, tail, and wc no longer mishandle input from files in
    /proc and /sys file systems that report somewhat-incorrect file sizes.
  * mkdir --parents -Z now correctly sets the context for the last component,
    even if the parent directory exists and has a different default context.
    [bug introduced with the -Z restorecon functionality in coreutils-8.22]
  * numfmt no longer outputs incorrect overflowed values seen with certain
    large numbers, or with numbers with increased precision.
    [bug introduced when numfmt was added in coreutils-8.21]
  * numfmt now handles leading zeros correctly, not counting them when
    settings processing limits, and making them optional with floating point.
    [bug introduced when numfmt was added in coreutils-8.21]
  * paste no longer truncates output for large input files.  This would happen
    for example with files larger than 4GiB on 32 bit systems with a 'n'
    character at the 4GiB position.
    [the bug dates back to the initial implementation]
  * rm indicates the correct number of arguments in its confirmation prompt,
    on all platforms.  [bug introduced in coreutils-8.22]
  * shuf -i with a single redundant operand, would crash instead of issuing
    a diagnostic.  [bug introduced in coreutils-8.22]
  * tail releases inotify resources when unused.  Previously it could exhaust
    resources with many files, or with -F if files were replaced many times.
    [bug introduced in coreutils-7.5]
  * tail -f again follows changes to a file after it's renamed.
    [bug introduced in coreutils-7.5]
  * tail --follow no longer misses changes to files if those files were
    replaced before inotify watches were created.
    [bug introduced in coreutils-7.5]
  * tail --follow consistently outputs all data for a truncated file.
    [bug introduced in the beginning]
  * tail --follow=name correctly outputs headers for multiple files
    when those files are being created or renamed.
    [bug introduced in coreutils-7.5]
  * * New features
  * chroot accepts the new --skip-chdir option to not change the working directory
    to "//"/ after changing into the chroot(2) jail, thus retaining the current wor-
    king directory.  The new option is only permitted if the new root directory is
    the old "//"/, and therefore is useful with the --group and --userspec options.
  * dd accepts a new status=progress level to print data transfer statistics
    on stderr approximately every second.
  * numfmt can now process multiple fields with field range specifications similar
    to cut, and supports setting the output precision with the --format option.
  * split accepts a new --separator option to select a record separator character
    other than the default newline character.
  * stty allows setting the "/extproc"/ option where supported, which is
    a useful setting with high latency links.
  * sync no longer ignores arguments, and syncs each specified file, or with the
  - -file-system option, the file systems associated with each specified file.
  * tee accepts a new --output-error option to control operation with pipes
    and output errors in general.
  * * Changes in behavior
  * df no longer suppresses separate exports of the same remote device, as
    these are generally explicitly mounted.  The --total option does still
    suppress duplicate remote file systems.
    [suppression was introduced in coreutils-8.21]
  * mv no longer supports moving a file to a hardlink, instead issuing an error.
    The implementation was susceptible to races in the presence of multiple mv
    instances, which could result in both hardlinks being deleted.  Also on case
    insensitive file systems like HFS, mv would just remove a hardlinked 'file'
    if called like `mv file File`.  The feature was added in coreutils-5.0.1.
  * numfmt --from-unit and --to-unit options now interpret suffixes as SI units,
    and IEC (power of 2) units are now specified by appending 'i'.
  * tee will exit early if there are no more writable outputs.
  * tee does not treat the file operand '-' as meaning standard output any longer,
    for better conformance to POSIX.  This feature was added in coreutils-5.3.0.
  * timeout --foreground no longer sends SIGCONT to the monitored process,
    which was seen to cause intermittent issues with GDB for example.
  * * Improvements
  * cp,install,mv will convert smaller runs of NULs in the input to holes,
    and cp --sparse=always avoids speculative preallocation on XFS for example.
  * cp will read sparse files more efficiently when the destination is a
    non regular file.  For example when copying a disk image to a device node.
  * mv will try a reflink before falling back to a standard copy, which is
    more efficient when moving files across BTRFS subvolume boundaries.
  * stat and tail now know about IBRIX.  stat -f --format=%T now reports the file
    system type, and tail -f uses polling for files on IBRIX file systems.
  * wc -l processes short lines much more efficiently.
  * References from --help and the man pages of utilities have been corrected
    in various cases, and more direct links to the corresponding online
    documentation are provided.
- Patches adapted because of changed sources:
- Patches removed because they're included in 8.24:
- coreutils-doc-adjust-reference-to-info-nodes-in-man-pages.patch:
  add upstream patch:
  doc: adjust reference to info nodes in man pages (boo#933396)
- coreutils-i18n.patch: Use a later version of the previous patch
  to fix the sort I18N issue (boo#928749, CVE-2015-4041) to also
  avoid CVE-2015-4042.
- Download keyring file from Savannah; prefer HTTPS over FTP
  for remote sources.
- Fix memory handling error with case insensitive sort using UTF-8
  (boo#928749): coreutils-i18n.patch
  src/sort.c (keycompare_mb): Ensure the buffer is big enough
  to handle anything output from wctomb().  Theoretically any
  input char could be converted to multiple output chars,
  and so we need to multiply the storage by MB_CUR_MAX.
- If coreutils changes, for consistency, we must regenerate
  the initrd.
- Add gpg signature
- For openSUSE > 13.2 drop coreutils-build-timeout-as-pie.patch and
  instead add a BuildRequire for gcc-PIE.
- coreutils-tests-aarch64-env.patch: Add patch to avoid false
  positive failures of the coreutils-testsuite on OBS/aarch64:
  work around execve() reversing the order of "/env"/ output.
- Add upstream patches for df(1) from upstream, thus aligning with SLES12:
  * df: improve mount point selection with inaccurate mount list:
  - coreutils-df-improve-mount-point-selection.patch
  * doc: mention that df -a includes duplicate file systems (deb#737399)
  - coreutils-df-doc-df-a-includes-duplicate-file-systems.patch
  * df: ensure -a shows all remote file system entries (deb#737399)
  - coreutils-df-show-all-remote-file-systems.patch
  * df: only suppress remote mounts of separate exports with --total
    (deb#737399, rh#920806, boo#866010, boo#901905)
  - coreutils-df-total-suppress-separate-remotes.patch
- Refresh patches:
  * coreutils-chroot-perform-chdir-unless-skip-chdir.patch
  * coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch
Avoid spurious false positive failures of the testsuite on OBS due
  to high load.
- coreutils-tests-rm-ext3-perf-increase-timeout.patch:
  Add patch to increase timeout.
- coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch:
  Add upstream patch.
- add cpio-2.12-CVE-2019-14866.patch to fix a security issue where
  cpio does not properly validate the values written in the header
  of a TAR file through the to_oct() function [bsc#1155199]
- modify cpio-2.12-out_of_bounds_write.patch to fix a regression
  causing cpio to crash for tar and ustar archive types
- Use macro for configure and make install
- Use update-alternatives according to current documentation
- Enable testsuite
- Enable mt building
- Separated cpio-mt subpackge
- Change recommend to own mt subpackge
- Remove cpio-mt.patch - those features available in original mt-st package
- Switch to use alternatives system for mt
- Disable rmt building: this binary fully identical to rmt from tar
- Change default rmt dir to /usr/bin
- cleanup with spec-cleaner
- Recommend mt_st as it is not hard dependency
- fix typos in the description
- add 'Require: mt_st' in order not to surprise users by the missing
  'mt' binary
- Disable mt building: this binary from mt_st package offers
  advanced capabilities with the same functionality.
- Enable rmt building: 'dump' package no longer include it, besides
  cpio code base for rmt is more fresh.
- Reflect those changes in the package description.
- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds
  write in a way cpio parses certain cpio files [bsc#963448],
- update to 2.12
  * Improved documentation
  * Manpages are installed by make install
  * New options for copy-out mode: --ignore-devno,
  - -renumber-inodes, --device-independent, --reproducible
  * update
  * cpio-use_new_ascii_format.patch
  * cpio-mt.patch
  * cpio-eof_tape_handling.patch
  * cpio-pattern-file-sigsegv.patch
  * cpio-check_for_symlinks.patch
  * remove (no longer needed)
  * 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
  * add
  * cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch to add missing
    return to the nonvoid get_inode_and_dev() function
- use spec-cleaner
- Add gpg signature
- Correct info scriplet dependencies
- Cleanup spec file with spec-cleaner
- build with PIE
- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)
  * added 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
- Update to version 2.9.7:
  + fix a buffer overflow processing long words.
- Drop 0003-overflow-processing-gecos.patch and
  0004-overflow-processing-long-words.patch: fixed upstream.
- Update source URI.
- Remove use of translation-update-upstream. It cannot be added to
  ring 0 on leap, and 2.9.7 has some translation fixes
- Enable translation-update-upstream on leap, to remove the use of
  is_opensuse (jsc#SLE-12096).
- use /usr/lib instead of %{_libexecdir}, %{_libexecdir} should
  contain internal binaries, not data
- Use %license (boo#1082318)
- Update to 2.9.6
  * fix issue with sort and locale
  * some particularly bad cases to the cracklib small dictionary
  * updates to cracklib-words (adds a bunch of other dictionary lists)
  * migration to github
- run spec-cleaner
- Only buildrequire and call translation-update-upstream on SLE:
  the package in openSUSE is a dummy and is empty.
- Add patch 0004-overflow-processing-long-words.patch
  to fix a new buffer overflow identified together with bsc#992966.
- Relabel patches:
  cracklib-magic.diff -> 0001-cracklib-magic.diff
  cracklib-2.9.2-visibility.patch -> 0002-cracklib-2.9.2-visibility.patch
- Add patch 0003-overflow-processing-gecos.patch
  to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)
- Update to 2.9.5
  * fix matching against first password in dictionary (Anton Dobkin)
- Changes for 2.9.4
  * remove doubled prototype
- Changes for 2.9.3
  * expose additional functions externally
- Cleanup spec file with spec-cleaner
- Remove old ppc provides/obsoletes
- Update to version 2.9.2
  + support build of python support outside of source tree
  + fix bug in Python string distance calculation
  + fix bug #16 / debian bug 724570 - broken optimization with packlib
- Adapt patch to upstream changes
  + cracklib-visibility.patch > cracklib-2.9.2-visibility.patch
- Kernel commit 5c83511bdb9832c86be20fb86b783356e2f58062 removed
  pv_init_ops, and commit 054ac8ad5ebe4a69e1f0e842483821ddbe560121
  removed the Xen-specific paravirt patch function. As a result,
  pvops Xen dumps are no longer recognized as Xen dumps, and
  virtual-to-physical translation fails.
  Use the value of xen_start_info to determine whether the kernel
  is running in Xen PV mode. As suggested by Juergen Gross.
  + crash-xen-pvops.patch
- Fix bt command with SEV-ES (bsc#1185209)
  + crash-x86_64-VC-exception-stack-support.patch
- Add back some more missing KMP conditionals
- Refresh crash-sles9-time.patch
  * fix warning: format '%ld' expects argument of type 'long int', but argument 3 has type 'int'
- Crash KMPs cannot be always built.
- Upgrade to version 7.2.9:
  * x86_64: Add support for new divide_error name
  * calc_kaslr_offset: 5-level paging support
  * Append time zone to output of date and time
  * s390dbf: support s390 debug feature version 3
  * x86_64: Add support for 1GB huge pages to "/vtop"/ command
  * Implement support for user-space zram reads on x86_64
  * Prepare for the introduction of ARM64 8.3 Pointer Authentication
  * New "/log -T"/ option
  * New ARM64 "/--machdep vabits_actual=<value>"/ command line option
  * Enhancement of the "/struct -r"/ option
  * Enhancement of the "/bpf -p|-P"/ options
  * New "/extend -s"/ option
- Dropped the following patches obsoleted by the version upgrade:
  * crash-Fix-for-reading-compressed-kdump-dumpfiles-from-syst.patch
  * crash-Fix-kmem-i-option-on-Linux-5.9-rc1-and-later-kernels.patch
  * crash-Fix-to-allow-the-translation-of-ARM64-FIXMAP-address.patch
  * crash-Introduce-a-new-ARM64-machdep-vabits_actual-value-co.patch
  * crash-Prepare-for-the-introduction-of-ARM64-8.3-Pointer-Au.patch
  * crash-Several-fixes-for-ARM64-kernels.patch
  * crash-arm64-Change-tcr_el1_t1sz-variable-name-to-TCR_EL1_T.patch
  * crash-fix-kmem-sS-for-caches-created-during-SLUB-bootstrap.patch
  * crash-fix-memory_driver-build-kernel-5.8.patch
  * crash-gdb-fix-aarch64.patch
  * crash-task.c-avoid-unnecessary-cpu-cycles-in-stkptr_to_tas.patch
  * crash-update-whitepaper-URL.patch
  * crash-verify-exception-frame-accessible-for-all-verify-requests.patch
  * crash-xendump-fix-failure-to-match-arm-aarch64-elf-format-.patch
- Support the lockless printk ringbuffer added into kernel-5.10 (bsc#1183965)
  * crash-printk-add-support-for-lockless-ringbuffer.patch
  * crash-printk-use-committed-finalized-state-values.patch
- Install and ship the small built-in extensions,,
  and "/"/ is particularly useful.
  Ship them in the main "/crash"/ package, as they are small.
- Added crash-xen-increase-__physical_mask_shift_xen-to-52.patch
- Update arm64 support (boo#1169099).
- Fix "/kmem -i"/ option on Linux 5.9-rc1 and later kernels (bsc#1179970 ltc#188981).
- Fix crash utility is taking forever to initialize a vmcore from large config
  system (bsc#1178827 ltc#189279).
- Corrected project URL in spec file to match the changed upstream
  location as-of May 30th 2020.
  Noted the project URL change in README.SUSE without removing the old URL
  because it represents the location the project source was obtained from.
  The next project source update is available from the new project URL. When
  the package is updated with that source all URL project references will be
  modified to only show the new URL.
  Add crash-update-whitepaper-URL.patch
  Note change of no longer valid old project whitepaper URL to current valid
  project whitepaper URL in help output. Leave the old one reported because it
  represents the location the project source was obtained from for this
  package version.
- Fix build on aarch64:
- Add crash-verify-exception-frame-accessible-for-all-verify-requests.patch
  In calls to search a stack for x86_64 exceptions a flag is used
  to request the stack be verified for room to contain saved
  registers. The verify is not performed if other flags are used
  in the same call. Fixing this exposes another bug where only a
  kernel stack is verified anyway, even if the exception is being
  searched for on a userspace stack. Patch fixes both problems.
- Add eppic-remove-duplicate-symbols.patch
  Fix eppic extension build.
- Add crash-fix-memory_driver-build-kernel-5.8.patch
  Fix memory driver build failure with kernels 5.8+.
- Always build crash KMPs.
- remove bypass lto and add -mfull-toc for ppc64le to check boo#1146646
- Add crash-Define-fallback-PN_XNUM.patch
  Add a fallback PN_XNUM definition.
- Make Factory ppc64 crash usable on both SLE 15 SP1 and releases before
  SLE15 SP1 (bsc#1148197).  This is only a workaround that requires to build
  crash for each codestream separately.
- Drop crash-s390-autodetect-kaslr.patch which has been merged in 7.2.7.
- Add crash-fix-kmem-sS-for-caches-created-during-SLUB-bootstrap.patch
  Fix "/kmem -[sS]"/ for caches created during SLUB bootstrap (bsc#1164815 ltc#182973).
- Add crash-Fix-for-reading-compressed-kdump-dumpfiles-from-syst.patch
  Fix integer overflow with large memory configuration (bsc#1168233 ltc#184660).
- Upgraded the source to version 7.2.8. The previous version was
  modified to support newer kernels used in SLE-15-SP2 but was not
  * Includes a fix for kernels that contain:
    which introduces symbol namespaces. Without the change then
    depending on architecture:
    (1) the kernel module symbol list will contain garbage
    (2) the session fails during initialization with a dump of
    the internal buffer allocation stats followed by the
    message "/crash: cannot allocate any more memory"/
    (3) the session fails during initialization with a
    segmentation violation (bsc#1162064)
  * Includes the merge of the S390x patches since crash 7.2.7
  * Source already includes XZ compressed module support, removed:
  * Refreshed patches that were no longer aligned with source:
- Upgraded the source tarball to version 7.2.7. This is required
  to support coredumps from currently used kernel versions in the
  product (bsc#1159686).
- droped the patch obsoleted due to already being present in the
  new source:
  * crash-allow-kmem-section-is-early.patch
- Added commit c0371f6ee2cae31ec9f506bbd231ab8fbe334c13 - Fix to
  allow live analysis of s390x kernels that have been configured
  with CONFIG_RANDOMIZE_BASE=y (KASLR). This allows crash to load
  the coredump without the need for "/--kaslr=<offset> on the
  Implements jsc#SLE-9797
- add crash-symbols-add-support-for-XZ.patch (bnc#1155921)
- Disable LTO for PowerPC as bypass boo#1146646
- Added patch for commit 326e1b8f83a4318b09033ef754f40c785aed5e68
  in linux 5.3:
Upgraded the source tarball to version 7.2.6 to bring better
  support of version 5 kernels such as 5.3 in SLE-15-SP2
  Dropped the following patches obsoleted by the version upgrade:
  * crash-xen-invalid-pcpu-vaddr-use-hardware-domain-symbol.patch
  * crash-fix-for-4.20-without-CONFIG_RANDOMIZE_BASE.patch
  * crash-fix-for-virsh-dump-dumps-with-KASLR.patch
  * crash-fix-kmem-z-on-kernel-5.0.patch
  * crash-fix-kmem-i-on-kernel-5.0.patch
  * crash-fix-sym-for-module-symbols-on-kernel-5.0.patch
  * crash-fix-dis-function-for-module-symbols-on-kernel-5.0.patch
  * crash-handle-radix_tree_root-changes-in-post-5.1-kernels.patch
  * crash-find-kernel-configuration-data-with-kernel-5.1.patch
  * crash-fix-dev-dD-on-kernel-5.1.patch
  Re-aligned the following patches with the new version source:
  Modified the following patches to integrate with version upgrade:
- Upgrade the source tarball to version 7.2.5
- drop patches obsoleted by version upgrade:
  * crash-fix-snprintf-overflow.patch
  * crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
- post-7.2.5 upstream patches for kernel 5.0/5.1 compatibility:
  * crash-fix-for-4.20-without-CONFIG_RANDOMIZE_BASE.patch
  * crash-fix-for-virsh-dump-dumps-with-KASLR.patch
  * crash-fix-kmem-z-on-kernel-5.0.patch
  * crash-fix-kmem-i-on-kernel-5.0.patch
  * crash-fix-sym-for-module-symbols-on-kernel-5.0.patch
  * crash-fix-dis-function-for-module-symbols-on-kernel-5.0.patch
  * crash-handle-radix_tree_root-changes-in-post-5.1-kernels.patch
  * crash-find-kernel-configuration-data-with-kernel-5.1.patch
  * crash-fix-dev-dD-on-kernel-5.1.patch
- Update for XEN dom0 changes in v4.11 that cause coredumps made
  of a domU using virch on the dom0 to fail to load in the dom0
  version of crash reporting "/crash: invalid kernel virtual address:
  <address> type:fill_pcpu_struct"/, followed by "/WARNING: cannot
  fill pcpu_struct"/ and "/crash: cannot read cpu_info"/
  (bsc#1124690 and bsc#1122594)
- Update the recognition of x86_64 CPU_ENTRY_AREA (bsc#1104743, bsc#1090127)
- Fix SLE15 SP1 Incorrect vmcore generated (bsc#1119791).
  This is not compatible with SLE15 and SLE12 SP4.
- Sync with SLE15 SP1 (SR#173916) to enable the kmp-rt for SLERT15 SP1 only
  set %if 0%{?sle_version} >= 150100
- Added:
  The update is required for Linux 4.11 and greater kernels, which
  reimplemented the IDR facility to use radix trees in kernel commit
  0a835c4f090af2c76fc2932c539c3b32fd21fbbb, titled "/Reimplement IDR and IDA
  using the radix tree"/.  Without the patch, if any IPCS entry exists, the
  command would fail with the message "/ipcs: invalid structure member offset:
  idr_top"/ (bsc#1092101)
- Added crash-fix-snprintf-overflow.patch
  Fix to address a "/__builtin___snprintf_chk"/ compiler warning.
- Added crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
  Update the recognition of x86_64 CPU_ENTRY_AREA.
- Upgrade the source tarball to version to 7.2.3
  A complete changelog is available via the crash source page at:
- Refreshed:
- Upgraded to 7.2.1 because it includes the fixes to support
  several core cases that recently were caused tofail to open.
  As a result, removed patches that were already superceded by
  7.2.1 source (bsc#1103371).
- Added:
  Fixes Xen dump files that cannot be opened in hypervisor mode.
- Added crash-ppc64-ensure-chosen-stack-symbol-relates-to-an-actual-backtrace.patch
  With latest NMI IPI changes, crash_ipi_callback is found multiple
  times on the stack. Ensure the chosen symbol relates to an actual
  backtrace. bsc#1072718
- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
- Added crash-x86_64_kvtop-usable-symtab_init.patch to change
  x86_64_kvtop() so that it can be called during symtab_init()
  Added crash-allow-use-of-sadump-captured-KASLR-kernel.patch to
  allow use of dumps of KASLR enabled kernels that were captured
  by sadump.
  Both are bsc#1070278/FATE#323473
- Upgrade the source tarball to version to 7.2.0 which requires the
  removal of patches that are then already applied:
  A complete changelog is available via the crash source page at:
  Added crash-ppc64-book3s-update-hash-page-table-geometry.patch
  from via bsc#1067702 to correct
  errors with virtual-to-physical address translation in the larger
  virtual address range of newer kernels.
  Added a BuildRequires of libelf that will populate the build
  workspace with libelf (from elfutils) even though it is not
  directly required by crash but is required by gdb (which crash
  nests). It no longer got picked up automatically for build and
  gdb and kernel module features had build errors before it.
- crash-xen_add_support_for_domU_with_linux_kernel_from_3.19.patch:
  Since linux kernel 3.19 crash readmem() can't be used to read
  xen_p2m_addr associate memory directly during m2p translation.
  PV domU p2m mapping is also stored at xd->xfd + xch_index_offset
  and organized as struct xen_dumpcore_p2m. This patch implements
  a special reading function read_xc_p2m() to extract the mfns
  from xd->xfd + xch_index_offset and makes and crash support Xen
  PV domU dumpfiles for kernel 3.19 and later (bsc#1043501).
  - add crash-xen_add_support_for_domU_with_linux_kernel_from_3.19.patch
- Merge SLE changes into Factory (bsc#1041638)
- crash-stop_read_error_when_intent_is_retry.patch: When reading a
  memory image fails it may not be an error if it is still possible
  to switch image and retry the read. Fix the error message output
  to only occur if no retries are intended (bsc#1038839).
  - add crash-stop_read_error_when_intent_is_retry.patch
- Exclude openSUSE from RT KMP build (bsc#1013843)
- crash source nests gdb source but gdb has a new build error on
  Factory due to the bug and build environment modifications. The
  fix is upstream gdb but not upstream crash's gdb.
  Created crash patch:
  to create the gdb patch in expanded crash and added to the gdb
  Makefile patch it's application. Resolves the build error.
- Upgrade of source tarball to 7.1.8 from upstream and refresh of
  patches to align with the version. For a detailed changelog of
  the source tarball see:
  Adds a feature to permit the use of the command-line options
  "/--kaslr=<offset>"/ and/or "/--kaslr=auto"/ with the x86 32-bit
- refresh crash-sles9-time.patch crash-compressed-booted-kernel.patch
- drop crash-Fix-for-the-PPC64-bt-command-for-non-panicking-activ.patch
  merged upstram in 7.1.8
- Fix analyzing fadump dumps on PPC64 (bsc#1022962).
  + crash-Fix-for-the-PPC64-bt-command-for-non-panicking-activ.patch
- Upgrade of source tarball to 7.1.7 from upstream, removal of
  crash-kernel-4.7.patch (source includes it) and refresh of other
  patches to align with the version. For a detailed changelog of
  the source tarball see:
  Feature enhancements included from 7.1.6:
  - Introduction of support for "/live"/ ramdump files, such as those
    that are specified by the latest QEMU version's mem-path
    argument of a memory-backend-file  object, e.g.:
    $ qemu-kvm ...other-options... +  - object memory-backend-file,id=MEM,size=128m,mem-path=/tmp/MEM,share=on +  - numa node,memdev=MEM -m 128
    and a live session run can be run against the guest kernel like so:
    $ crash <path-to-guest-vmlinux> live:/tmp/MEM@0
  - Implemented support for the redesigned ARM64 kernel virtual
    memory layout that was introduced in Linux 4.6. Plus ARM64
    support for 4k pages with 4-level page tables and 48 VA bits.
    NB: On live systems automatic operation with Linux 4.6 ARM64
    kernels requires that CONFIG_RANDOMIZE_BASE is not configured.
    If it is configured then use with a live system requires two
  - -machdep arguments, e.g.:
  - -machdep phys_offset=<base physical address>
  - -machdep kimage_voffset=<kernel kimage_voffset value>
  - Improvement of the ARM64 bt -f display so that, for most cases,
    the stack frame delimiter will be the location of the old FP
    and LR pair.
  - New bt -v option that checks all tasks for evidence of stack
  - Incorporation of an alternative stack backtrace mathod
    accessed directly using bt -o and the default method can be
    toggled between the two using bt -O.
  - Fix for the case where the sym/dis commands fail for a symbol
    name that is composed entirely of hexadecimal characters and
    was previously interpreted as an address.
  - Determine structure member data if the member is contained in
    an anonymous structure or union (no longer necessary to use a]
    discrete gdb "/printf"/ command to find the offset of it).
  - Session initialization speed up.
  - Addition of "/list -S"/ and "/tree -S"/ options (similar to the -s
    option of each command) where member values are read from
    memory instead of being interpreting gdb output (much faster
    behavior for 1-, 2-, 4- and 8-byte members).
  - Fix to recognize x86_64 Linux 4.8-rc1 and later kernels that
    are configured with CONFIG_RANDOMIZE_MEMORY.
  - Support for PPC64 virtual address translation of radix MMU.
  - Improvement of "/dev -d"/ output to display I/O statistics for
    devices that use the blk-mq interface.
  Feature enhancements included from 7.1.7:
  - Restore x86_64 "/dis"/ command's symbol translation for call or
    jump target addresses for kernels configured with
  - Re-factor of the trace extension module to locate all of the
    ftrace buffers and extracts data from each of them rather than
    only the primary one.
  - Support for s390x CONFIG_THREAD_INFO_IN_TASK configuration so
    that "/bt"/ command no longer shows incomplete output.
  - Support for live ARM64 kernels from Linux 4.6 that have the
    kernel image loaded anywhere in physical memory.
  - Update of /dev/crash/kernel driver to v1.3 which adds support
    Linux 4.6 and later ARM64 kernels configured with
    CONFIG_HARDENED_USERCOPY and S390x kernels that use
    xlate_dev_mem_ptr() and unxlate_dev_mem_ptr() rather than
    kmap() and kunmap().
  - refresh eppic-support-arm64.patch crash-debuginfo-compressed.patch
  - drop crash-linux-4.6-printk-flags.patch merged upstream in 7.1.6
- Enabled RT KMP build (bsc#1005578)
- crash-linux-4.6-printk-flags.patch: Fix warning "/failed to read
  pageflag_names entry"/ on Linux 4.6 (bsc#978601).
- crash-kernel-4.7.patch:
  support 4.7 kernel (page._count renamed to page._refcount)
- eppic-support-arm64.patch: Support for ARM64 (FATE#320844).
- Upgrade of source tarball to 7.1.5 from upstream and fix of
  crash-sles9-time.patch for the version and refresh of other
  patches to align with the version. For a detailed changelog of
  the source tarball see:
  includes a fix for bsc#977306.
  Feature enhancements include:
  - "/whatis -r"/ and "/whatis -m"/ commands that allow search for
    data structure of a specified size and that contains a member
    of a given type respectively.
- Upgrade to 7.1.4 from upstream. For a detailed changelog see
- Disable RT KMP build (bsc#962719)
- Enable RT KMP build (bsc#948840)
- For 7.1.3 ppc64le the following patches are obsoleted by mainline
- Update to 7.1.3 (bsc#946458)
  o Introduction of "/dis -f <address>"/ which disassembles from the
    address to the end of the function
  o Introduction of "/dis -s <address>"/ which displays the filename
    and line number associated with the specified text location,
    followed by a source code listing if available.
  o Addition of a new "/--src <directory>"/ command line option for
    use by the "/dis -s"/ option if the kernel source is not located
    in the standard location.
  o Do not search for a panic task in s390x dumpfiles that are
    marked as a "/live dump"/
  o Fix unnecessary error messages when a directory is used as a
    command line argument
  o See for
    the complete changelog
- Removed these patches obsoleted by mainline:
- Refreshed patches
- crash-move-xen-dom0-handling-into-own-file.patch: Move Xen Dom0
  handling into xen_dom0.c (FATE#316467).
- crash-move-xen-p2m-map.patch: Move xen p2m map initialization to
  xen_kdump_p2m (FATE#316467).
- crash-use-xen_machine_addr-command.patch: Use XEN_MACHINE_ADDR
  command flag instead of overriding readmem (FATE#316467).
- crash-move-xen-elf-note-processing.patch: Move Xen ELF note
  processing to xen_dom0.c (FATE#316467).
- crash-add-xen-dom0-support-for-kdump.patch: Add Xen Dom0 support
  for kdump compressed files (FATE#316467).
- crash-s390x-add-vector-support.patch: SIMD support for dump
  tools (z13) (FATE#318058).
- Upgrade to 7.1.2 from upstream. For a detailed changelog see
- Refreshed patch series with some changes required to
  adjust for git host changes in eppic-switch-to-system-lib.patch
- Upgrade to 7.1.1 from upstream. At the time of writing the only
  published changelog was supplied by e-mail list and is as follows
  - Fix for two minor issues with the "/net"/ command.  Without the patch,
  the "/net -a"/ option appends its correct output with the command's
  "/Usage:"/ message; and if either the "/net -x"/ or "/net -d"/ options are
  used without also specifying "/-s"/ or "/-S"/, the error message would
  indicate "/net: illegal flag: 800000"/ or "/net: illegal flag: 1000000"/
  instead of showing the command's "/Usage:"/ message.
  - If the kernel (live or dumpfile) has the TAINT_LIVEPATCH bit set, or
  if the Red Hat "/kpatch"/ module is installed, the tag "/[LIVEPATCH]"/
  will be displayed next to the kernel name in the initial system
  banner and by the "/sys"/ command.  This new tag replaces the
  "/[KPATCH]"/ tag that was introduced in crash-7.0.7.
  - Addressed three Coverity Scan complaints in vmware_vmss.c:
    50:leaked_storage: Variable "/fp"/ going out of scope leaks the
    storage it points to.
    53:leaked_storage: Variable "/fp"/ going out of scope leaks the
    storage it points to.
    256:warning: Use of memory after it is freed
  - Remove the LKCD-only "/propeller spinner"/ seen when a dumpfile read
  requires more than 2048 page header accesses.  This was put in place
  because of the non-random-access design of LKCD dumpfiles.  Without
  the patch, the spinner display is intermingled with command output,
  which complicates the parsing of the output.
  - Fix to support the Linux version increment from 3 to 4.  Without the
  patch, both dumpfile and live sessions fail during initialization,
  issuing the message "/WARNING: kernel version inconsistency between
  vmlinux and dumpfile"/ or "/WARNING: kernel version inconsistency
  between vmlinux and live memory"/, followed by the nonsensical fatal
  error message "/crash: incompatible arguments:  vmlinux is not SMP --
  vmcore is SMP"/ or "/crash: incompatible arguments:  vmlinux is not
  SMP -- live system is SMP"/.  To prevent unexpected kernel version
  bumps in the future, support has been added for version 5.
  - Add support for more than 16TB of physical memory space in the SADUMP
  dumpfile format.  Without the patch, there is a limitation caused
  by several 32-bit members of dump_header structure, in particular
  the max_mapnr member, which overflows if the dumpfile contains more
  than 16TB of physical memory space.  The header_version member of
  the dump_header structure has been increased from 0 to 1 in this
  extended new format, and the new 64-bit members will be used.
  - Fix for command lines that are redirected to a pipe.  Without the
  patch, if an external piped-to command contains a quoted string that
  includes a "/|"/ character, the command fails with the message "/crash:
  pipe operation failed"/.
  - Fix for insecure temporary file usage in _rl_tropen() as reported by
  readline library CVE-2014-2524.
  - When the gdb-<version>.patch file has changed and a rebuild is
  done from within a previously-existing build tree, the "/patch -N"/
  option is used to ignore patches that have been previously applied;
  this patch also applies the "/patch -r-"/ option to prevent unnecessary
  .rej files from being created.
  - Fix to account for Xen hypervisor's "/domain"/ structure member name
  change from "/is_paused_by_controller"/ to "/controller_pause_count"/.
  Without the patch, in Xen 4.2.5 and later, the crash session fails
  during initialization with the error message 'crash: invalid
  structure member offset: domain_is_paused_by_controller"/.
  - During initialization, reject useless ARM64 "/(A)"/ and "/(a)"/ absolute
  symbols that are below the text region.  Without the patch, several
  recently-introduced absolute symbols have been introduced into the
  kernel, which will be displayed by "/sym -l"/ prior to the first kernel
  virtual address symbol, and will show up in command output where
  memory values are translated into kernel symbol references.
  - Fix for ARM64 kernels to account for changes in the virtual memory
  layout introduced in Linux 3.17.  The vmalloc region end address, and
  the vmemmap start and end addresses are now calculated at kernel
  build time, because they depend upon the size of a struct page.
  Accordingly, the crash utility needs to calculate those three address
  values dynamically, after the embedded gdb module has initialized.
  Without the patch, reads of page structures return invalid data due
  to incorrect virtual-to-physical translations of memory in the
  vmemmap range.  This in turn causes commands that require page
  structure contents to fail or show invalid data, such as "/kmem -p"/,
  "/kmem -[sS]"/, and the "/kmem -[fF]"/ options.
  - Fix to support ELF vmcore dumpfiles whose PT_LOAD file offset values
  of their respective memory segments are not laid out sequentially
  from low to high in the dumpfile.  This has only been seen in ELF
  dumpfiles created by VMware's "/vmss2core -M"/ facility.  Without the
  patch, the crash session may fail during initialization, either with
  the message "/cannot malloc ELF header buffer"/, or "/crash: <dumpfile>:
  not a supported file format"/.
  - Enhancement to the support of VMware .vmss suspended state dumpfiles.
  There may be holes in the memory address saved for PCI, etc.  In such
  cases, the memory dump is divided into regions.  With this patch, up
  to 3 memory regions are supported.
  - Fortified the error handling of task gathering from the pid_hash[]
  chains during session initialization.  If a chain has been corrupted,
  the patch prevents the sequence from entering an infinite loop, and
  the error messages associated with corrupt/invalid chains have been
  updated to report the pid_hash[] index number.
  - Implemented a new STRDUPBUF() utility that will duplicate an existing
  string into a buffer allocated with GETBUF().  As is the case with
  any buffer allocated with GETBUF(), it is only meant to exist during
  the life-span of the current command.  If it is not explicitly freed
  via FREEBUF(), then it will be freed automatically prior to the next
  - Implemented a new fill_struct_member_data() function that gathers
  a bundle of data that describes a structure member.  The function
  receives a pointer to a struct_member_data structure, in which the
  caller has initialized the "/structure"/ and "/member"/ name pointers:
    struct struct_member_data {
    char *structure;
    char *member;
    long type;
    long unsigned_type;
    long length;
    long offset;
    long bitpos;
    long bitsize;
  A gdb "/printm"/ command is crafted using those two fields, and the
  output of the command is used to initialize the remaining six fields.
  Adapted from Qiao Nuohan's "/pstruct"/ extension module.
  - Implemented a new "/runq -c cpu(s)"/ option to display the run queue
  data of specified cpus.  It can be used in conjunction with all runq
  command options.  The cpus must be specified in a comma- and/or
  dash-separated list; for examples, "/3"/, "/1,8,9"/, "/1-23"/, or "/1,8-15"/.
  - Build extension modules that utilize the generic extensions/Makefile
  with -g.  In addition, build the snap.c extension module with -g.
  - Several fixes, updates, and enhancements for 32-bit MIPS support:
    (1) The MIPS general purpose registers in the elf_gregset_t
    don't start at index 0 but at index 6.
    (2) Adjust for the kernel's pt_regs structure changes between
    kernel versions.  For example, fields are inserted into the
    middle based on build time options, and the amount of padding
    at the head of the structure was changed relatively recently.
    To handle this, split the structure definition into two parts
    and get the offsets of these two parts dynamically.
    (3) Do not display each parsed kernel symbol during initialization
    when invoked with "/crash -d8"/.
    (4) Add support for loading raw MIPS ramdump dumpfiles.
    (5) Add support for compressed kdump dumpfiles.
  - Fix for a typo in "/help foreach"/, and a fix for a spelling error in
  "/help input"/.
  - Fix for "/and and"/ and "/the the"/ typos in the README file.
  - Fix to address the Xen 4.5.0 hypervisor symbol name change from
  "/dom0"/ to "/hardware_domain"/.  Without the patch, the crash session
  fails with the error message "/crash: cannot resolve: dom0"/.
  - Fix for a regression in crash-7.1.0 that causes failures when the
  "/crash -t"/ option is run on a live system, and when analyzing remote
  Linux kernels.  Without the patch, "/crash -t"/ on a live system fails
  with the message "/crash: cannot open remote memory source: /dev/mem"/,
  and attempts to analyze a Linux kernel remotely just shows the kernel
  timestamp and exits immediately.
  - Speed up the session invocation time of "/flattened"/ format dumpfiles
  created by the makedumpfile(8) facility.  When sorting the blocks of
  memory by their intended ELF or compressed kdump file offsets, the
  patch replaces the bubble-sort method that is currently used with an
  insertion sort method.
  - Remove the non-existent "/-L"/ option from the "/ps"/ command's mutually-
  exclusive options error message.
  - Fix for the "/irq"/, "/mount"/, "/kmem -p"/ and "/kmem -v"/ commands when
  they are used in an input file.  If more than one of any of those
  four commands are used in an input file, the output of the second
  and subsequent command instances will not display their respective
  command headers.
  - Implemented a new "/kmem -m"/ option that is similar to "/kmem -p"/,
  but it allows the user to specify the page struct members to be
  displayed.  The option takes a comma-separated list of one or
  more page struct members, which will be displayed following the
  page structure address.  The "/flags"/ member will always be expressed
  in hexadecimal format, and the "/_count"/ and "/_mapcount"/ members will
  always be expressed in decimal format.  Otherwise, all other members
  will be displayed in hexadecimal format unless the current output
  radix is 10 and the member is a signed/unsigned integer.  Members
  that are data structures may be specified by the data structure's
  member name, or expanded to specify a member of that data structure.
  For example, "/-m lru"/ refers to a list_head data structure, in which
  case both the and list_head.prev pointer values will
  be displayed; if "/-m"/ is specified, just the
  value will be displayed.
  - Support enhancement for the 32-bit MIPS architecture that retrieves
  the per-cpu registers from the NT_PRSTATUS notes stored in the header
  of compressed kdump dumpfiles.
  - Fix to remove an invalid warning message on ARM64 if a crash session
  is invoked with the "/-d<number>"/ debug flag.  Without the patch,
  the invalid message is "/WARNING: SPARSEMEM_EX: questionable section
  - Remove the leftover "/.constructor"/ build file in the extensions
  subdirectory when "/make extensions"/ is complete, and update the
  top-level .gitignore file to ignore post-build extensions
  subdirectory files.
  - Fix for a segmentation violation generated by the "/help -[n|D]"/
  options on ARM64 compressed kdumps.
  - Additional output for the "/help [-D|-n]"/ options on ARM64.  For ELF
  kdump vmcores and compressed kdumps, the elf_prstatus structure in
  each NT_PRSTATUS note will be translated.
  - The "/help -r"/ option has been extended to dump the ARM64 registers
  stored in each per-cpu NT_PRSTATUS note in compressed kdump and
  ELF kdump dumpfiles.
  - Fix for the ARM64 page size determination on Linux 4.1 and later
  kernels.  Without the patch, the crash session fails during
  initialization with the message "/crash: invalid/unsupported page
  size: 98304"/ on kernels with 64K pages.  On kernels with 4K pages,
  the message is "/crash: invalid/unsupported page size: 6144"/.  In
  addition, the "/-p <page-size>"/ command line override option
  had no effect on ARM64; that has been fixed as well.
  - Fix for the DATE display in the initial system banner and by the
  "/sys"/ command to account for the Linux 3.17 change that moved
  the "/timekeeper"/ symbol and structure into a containing tk_core
  structure; the "/shadow_timekeeper"/ timekeeper will be used as an
  alternative.  Without the patch, the DATE shows something within
  a few hours of the Linux epoch, such as "/Wed Dec 31 18:00:00 1969"/.
  - Fixes for the translation of ARM64 PTEs, as displayed by the "/vm -p"/
  and "/vtop"/ commands.  Without the patch, if "/vm -p"/ references a
  swapped-out page on Linux 4.0 and later kernels, the SWAP location
  may indicate "/(unknown swap location)"/, and will show an invalid
  OFFSET value; on Linux 3.13 and later kernels, running "/vtop"/ on a
  user virtual address incorrectly translates the PTE contents of
  swapped out pages by showing a PHYSICAL address and FLAGS translation
  instead of the SWAP device and OFFSET.  It is possible that there may
  be PTE bit translation errors on other kernel versions; the patch
  addresses the changes in ARM64 PTE bit definitions made in Linux
  3.11, 3.13, and 4.0 kernels.
  - Enhanced the "/struct.member"/ display capability of the "/struct"/,
  "/union"/, "/task"/, "/list"/ and "/tree"/ commands.  If a specified
  structure member contains an embedded structure, the output may
  be restricted to just the embedded structure by expressing the
  .member argument as "/member.member"/.  If a specified structure
  member is an array, the output may be restricted to a single array
  element by expressing the .member argument as "/member[index]"/.
  Furthermore, these embedded member specifications may extend beyond
  one level deep, for example, by expressing the member argument as
  "/member.member.member"/, or "/member[index].member"/.
  - Fix for any command that passes strings to gdb for evaluation,
  where the string contains a parentheses-within-parentheses
  expression along with a "/>"/ or "/>>"/ operator inside the outermost
  set of parentheses.  Without the patch, a command such as the
  following fails like so:
    crash> p ((1+1) >> 1)
    p: gdb request failed: p ((1+1)
  - Fix for the handling of ARM64 kernel module per-cpu symbols.  Without
  the patch, if the debuginfo data of an ARM64 kernel module that
  contains a per-cpu section is loaded by "/mod -s <module>"/ or
  "/mod -S"/, commands such as "/bt"/ or "/sym"/ may incorrectly translate
  the module's virtual addresses to symbol names.
- 0001-Prepare-for-the-future-increment-of-Linux-3.x-to-4.x.patch:
  Dropped. Handling kernel 4.0 is now part of the upstream source.
- add patch from upstream to handle kernel 4.0
- Upgrade to 7.1.0 from upstream. For a detailed changelog see
- Refreshed patch series with only re-alignment required.
- Upgrade to 7.0.9 from upstream, For a detailed changelog see
- Refreshed patch series but no modifications required.
- drop 'checkproc' line from the run-crons as the usage is bogus
- update cronie-nheader_lines.diff so it doesn't print the first 3
  crontab lines (static comments) with the 'crontab -l' command
- remove cronie-nofork-nopid.patch that allowed running of multiple
  "/cron -n"/ instances at once which is an unwanted behaviour
- update cronie-1.5.1-huge_crontab_DoS.patch to fix a regression
  that caused that only the first job from a crontab was being run
- add cronie-1.5.1-huge_crontab_DoS.patch to fix two security issues
  where users can cause DoS of the crond by loading huge crontab
  files. We now allow maximum 1000 environment variables and 1000
  crontab entries. Also the comments and whitespace between the
  entries and variables are now limited to 32768 characters.
  [bnc#1128937] [CVE-2019-9704] and [bnc#1128935] [CVE-2019-9705]
- Requires mail as it's really needed by cron-crons script, not
  smtp_daemon [bsc#1070565] [bsc#1064834]
- Ensure that /etc/cron.{hourly,daily,weekly,monthly} have proper
  permissions and owner. This is racy but prevents some LPE vectors
- Requires smtp_daemon (not just Recommends) as it's needed by
  run-crons script [bsc#1064834]
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Require group trusted if we use them
- update to 1.5.1
  * crontab: Use temporary file name that is ignored by crond.
  * crond: Inherit PATH from the crond environment if -P option
    is used.
  * crond: Remove hardcoded "/system_u"/ SELinux user, use the
    SELinux user
    of the running crond.
  * anacron: Small cleanups and fixes.
  * crond: Fix longstanding race condition on repeated crontab
- refresh cronie-pam_config.diff
- get rid of %{name} macros in the patch names
- use %{ext_man} macro for anacron man pages
- was retired on March 1st, 2017
  * update Url and Source address
- cleanup with spec-cleaner
- remove the omc xml config that is useless nowdays
- Add fix for bnc#983925 to run crons even when not on AC_POWER
  * Nowdays it does not make much sense to not run crons when on
    battery and actually it can even confuse people
- cron.service: Use KillMode=process like upstream does.
- revert last change, it is a bug in sssd.service, fixed in
- add support for MAILFROM, MAIL_CONFIG and different mailer binaries
  in run-crons (bnc#812367, bnc#366762)
- Start cron after sssd.service bnc#926961
- Redo the post/pre update approach to fix migration from SLE11.
  Should fix bnc#919028
- update to 1.5.0
  * crond: Job environment variables are set also when executing
  * crond: Adding duplicate orphans on reload is now prevented.
  * crond: The regular crond shutdown is now logged.
  * crontab: PAM is not called in crontab command if the caller's
    uid is 0.
  * crond: PAM is not called from crond for system cron jobs
    (/etc/crontab, /etc/cron.d) which are run for uid 0.
  * crond: The existence of an user is checked at time when job is
    run and not when the crontab is parsed on database reload.
- use spec-cleaner
- cron.service: Start not
  after ypbind.service nscd.service
-cron.service: Crons run at wall-time, order after
- fix bashisms in pre scripts
- SLE marker: implements jsc#SLE-5911, bsc#1165580, jsc#SLE-145149
- prepare usrmerge (boo#1029961)
- Update to 2.3.4:
  * Fix a possible out-of-bounds memory write while validating LUKS2 data
    segments metadata (CVE-2020-14382, boo#1176128).
  * Ignore reported optimal IO size if not aligned to minimal page size.
  * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
  * Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
  * Support --master-key-file option for online LUKS2 reencryption
  * Always return EEXIST error code if a device already exists.
  * Fix a problem in integritysetup if a hash algorithm has dash in the name.
  * Fix crypto backend to properly handle ECB mode.
  * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
    with a larger sector.
  * LUKS2: Do not create excessively large headers.
  * Fix unspecified sector size for BitLocker compatible mode.
  * Fix reading key data size in metadata for BitLocker compatible mode.
- Update to 2.3.3:
  * Fix BitLocker compatible device access that uses native 4kB
  * Support large IV count (--iv-large-sectors) cryptsetup option
    for plain device mapping
  * Fix a memory leak in BitLocker compatible handling
  * Allow EBOIV (Initialization Vector algorithm) use
  * LUKS2: Require both keyslot cipher and key size option, do
    not fail silently
- includes changes from 2.3.2:
  * Add option to dump content of LUKS2 unbound keyslot
  * Add support for discards (TRIM) for standalone dm-integrity
    devices (Kernel 5.7) via --allow-discards, not for LUKS2
  * Fix cryptsetup-reencrypt to work on devices that do not allow
    direct-io device access.
  * Fix a crash in the BitLocker-compatible code error path
  * Fix Veracrypt compatible support for longer (>64 bytes)
- Split translations to -lang package
- New version to 2.3.1
  * Support VeraCrypt 128 bytes passwords.
    VeraCrypt now allows passwords of maximal length 128 bytes
    (compared to legacy TrueCrypt where it was limited by 64 bytes).
  * Strip extra newline from BitLocker recovery keys
    There might be a trailing newline added by the text editor when
    the recovery passphrase was passed using the --key-file option.
  * Detect separate libiconv library.
    It should fix compilation issues on distributions with iconv
    implemented in a separate library.
  * Various fixes and workarounds to build on old Linux distributions.
  * Split lines with hexadecimal digest printing for large key-sizes.
  * Do not wipe the device with no integrity profile.
    With --integrity none we performed useless full device wipe.
  * Workaround for dm-integrity kernel table bug.
    Some kernels show an invalid dm-integrity mapping table
    if superblock contains the "/recalculate"/ bit. This causes
    integritysetup to not recognize the dm-integrity device.
    Integritysetup now specifies kernel options such a way that
    even on unpatched kernels mapping table is correct.
  * Print error message if LUKS1 keyslot cannot be processed.
    If the crypto backend is missing support for hash algorithms
    used in PBKDF2, the error message was not visible.
  * Properly align LUKS2 keyslots area on conversion.
    If the LUKS1 payload offset (data offset) is not aligned
    to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
  * Validate LUKS2 earlier on conversion to not corrupt the device
    if binary keyslots areas metadata are not correct.
- Update to 2.3.0 (include release notes for 2.2.0)
  * BITLK (Windows BitLocker compatible) device access
  * Veritysetup now supports activation with additional PKCS7 signature
    of root hash through --root-hash-signature option.
  * Integritysetup now calculates hash integrity size according to algorithm
    instead of requiring an explicit tag size.
  * Integritysetup now supports fixed padding for dm-integrity devices.
  * A lot of fixes to online LUKS2 reecryption.
  * Add crypt_resume_by_volume_key() function to libcryptsetup.
    If a user has a volume key available, the LUKS device can be resumed
    directly using the provided volume key.
    No keyslot derivation is needed, only the key digest is checked.
  * Implement active device suspend info.
    Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags
    that informs the caller that device is suspended (luksSuspend).
  * Allow --test-passphrase for a detached header.
    Before this fix, we required a data device specified on the command
    line even though it was not necessary for the passphrase check.
  * Allow --key-file option in legacy offline encryption.
    The option was ignored for LUKS1 encryption initialization.
  * Export memory safe functions.
    To make developing of some extensions simpler, we now export
    functions to handle memory with proper wipe on deallocation.
  * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot.
  * Add optional global serialization lock for memory hard PBKDF.
  * Abort conversion to LUKS1 with incompatible sector size that is
    not supported in LUKS1.
  * Report error (-ENOENT) if no LUKS keyslots are available. User can now
    distinguish between a wrong passphrase and no keyslot available.
  * Fix a possible segfault in detached header handling (double free).
  * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2.
  * The libcryptsetup now keeps all file descriptors to underlying device
    open during the whole lifetime of crypt device context to avoid excessive
    scanning in udev (udev run scan on every descriptor close).
  * The luksDump command now prints more info for reencryption keyslot
    (when a device is in-reencryption).
  * New --device-size parameter is supported for LUKS2 reencryption.
  * New --resume-only parameter is supported for LUKS2 reencryption.
  * The repair command now tries LUKS2 reencryption recovery if needed.
  * If reencryption device is a file image, an interactive dialog now
    asks if reencryption should be run safely in offline mode
    (if autodetection of active devices failed).
  * Fix activation through a token where dm-crypt volume key was not
    set through keyring (but using old device-mapper table parameter mode).
  * Online reencryption can now retain all keyslots (if all passphrases
    are provided). Note that keyslot numbers will change in this case.
  * Allow volume key file to be used if no LUKS2 keyslots are present.
  * Print a warning if online reencrypt is called over LUKS1 (not supported).
  * Fix TCRYPT KDF failure in FIPS mode.
  * Remove FIPS mode restriction for crypt_volume_key_get.
  * Reduce keyslots area size in luksFormat when the header device is too small.
  * Make resize action accept --device-size parameter (supports units suffix).
- Create a weak dependency cycle between libcryptsetup and
  libcryptsetup-hmac to make sure they are installed together
- Use noun phrase in summary.
- New version 2.1.0
  * The default size of the LUKS2 header is increased to 16 MB.
    It includes metadata and the area used for binary keyslots;
    it means that LUKS header backup is now 16MB in size.
  * Cryptsetup now doubles LUKS default key size if XTS mode is used
    (XTS mode uses two internal keys). This does not apply if key size
    is explicitly specified on the command line and it does not apply
    for the plain mode.
    This fixes a confusion with AES and 256bit key in XTS mode where
    code used AES128 and not AES256 as often expected.
  * Default cryptographic backend used for LUKS header processing is now
    OpenSSL. For years, OpenSSL provided better performance for PBKDF.
  * The Python bindings are no longer supported and the code was removed
    from cryptsetup distribution. Please use the libblockdev project
    that already covers most of the libcryptsetup functionality
    including LUKS2.
  * Cryptsetup now allows using --offset option also for luksFormat.
  * Cryptsetup now supports new refresh action (that is the alias for
    "/open --refresh"/).
  * Integritysetup now supports mode with detached data device through
    new --data-device option.
- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
  someone has time to evaluate the fallout from switching to LUKS2.
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
  Changes since version 2.0.4
  * Wipe full header areas (including unused) during LUKS format.
    Since this version, the whole area up to the data offset is zeroed,
    and subsequently, all keyslots areas are wiped with random data.
    This ensures that no remaining old data remains in the LUKS header
    areas, but it could slow down format operation on some devices.
    Previously only first 4k (or 32k for LUKS2) and the used keyslot
    was overwritten in the format operation.
  * Several fixes to error messages that were unintentionally replaced
    in previous versions with a silent exit code.
    More descriptive error messages were added, including error
    messages if
  - a device is unusable (not a block device, no access, etc.),
  - a LUKS device is not detected,
  - LUKS header load code detects unsupported version,
  - a keyslot decryption fails (also happens in the cipher check),
  - converting an inactive keyslot.
  * Device activation fails if data area overlaps with LUKS header.
  * Code now uses explicit_bzero to wipe memory if available
    (instead of own implementation).
  * Additional VeraCrypt modes are now supported, including Camellia
    and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
    hash function. These were introduced in a recent VeraCrypt upstream.
    Note that Kuznyechik requires out-of-tree kernel module and
    Streebog hash function is available only with the gcrypt cryptographic
    backend for now.
  * Fixes static build for integritysetup if the pwquality library is used.
  * Allows passphrase change for unbound keyslots.
  * Fixes removed keyslot number in verbose message for luksKillSlot,
    luksRemoveKey and erase command.
  * Adds blkid scan when attempting to open a plain device and warn the user
    about existing device signatures in a ciphertext device.
  * Remove LUKS header signature if luksFormat fails to add the first keyslot.
  * Remove O_SYNC from device open and use fsync() to speed up
    wipe operation considerably.
  * Create --master-key-file in luksDump and fail if the file already exists.
  * Fixes a bug when LUKS2 authenticated encryption with a detached header
    wiped the header device instead of dm-integrity data device area (causing
    unnecessary LUKS2 header auto recovery).
- make parallell installable version for SLE12
- New version 2.0.4
  Changes since version 2.0.3
  * Use the libblkid (blockid) library to detect foreign signatures
    on a device before LUKS format and LUKS2 auto-recovery.
    This change fixes an unexpected recovery using the secondary
    LUKS2 header after a device was already overwritten with
    another format (filesystem or LVM physical volume).
    LUKS2 will not recreate a primary header if it detects a valid
    foreign signature. In this situation, a user must always
    use cryptsetup repair command for the recovery.
    Note that libcryptsetup and utilities are now linked to libblkid
    as a new dependence.
    To compile code without blockid support (strongly discouraged),
    use --disable-blkid configure switch.
  * Add prompt for format and repair actions in cryptsetup and
    integritysetup if foreign signatures are detected on the device
    through the blockid library.
    After the confirmation, all known signatures are then wiped as
    part of the format or repair procedure.
  * Print consistent verbose message about keyslot and token numbers.
    For keyslot actions: Key slot <number> unlocked/created/removed.
    For token actions: Token <number> created/removed.
  * Print error, if a non-existent token is tried to be removed.
  * Add support for LUKS2 token definition export and import.
    The token command now can export/import customized token JSON file
    directly from command line. See the man page for more details.
  * Add support for new dm-integrity superblock version 2.
  * Add an error message when nothing was read from a key file.
  * Update cryptsetup man pages, including --type option usage.
  * Add a snapshot of LUKS2 format specification to documentation
    and accordingly fix supported secondary header offsets.
  * Add bundled optimized Argon2 SSE (X86_64 platform) code.
    If the bundled Argon2 code is used and the new configure switch
  - -enable-internal-sse-argon2 option is present, and compiler flags
    support required optimization, the code will try to use optimized
    and faster variant.
    Always use the shared library (--enable-libargon2) if possible.
    This option was added because an enterprise distribution
    rejected to support the shared Argon2 library and native support
    in generic cryptographic libraries is not ready yet.
  * Fix compilation with crypto backend for LibreSSL >= 2.7.0.
    LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility
    wrapper must be commented out.
  * Fix on-disk header size calculation for LUKS2 format if a specific
    data alignment is requested. Until now, the code used default size
    that could be wrong for converted devices.
  Changes since version 2.0.2
  * Expose interface to unbound LUKS2 keyslots.
    Unbound LUKS2 keyslot allows storing a key material that is independent
    of master volume key (it is not bound to encrypted data segment).
  * New API extensions for unbound keyslots (LUKS2 only)
    crypt_keyslot_get_key_size() and crypt_volume_key_get()
    These functions allow to get key and key size for unbound keyslots.
  * New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
  * Add --unbound keyslot option to the cryptsetup luksAddKey command.
  * Add crypt_get_active_integrity_failures() call to get integrity
    failure count for dm-integrity devices.
  * Add crypt_get_pbkdf_default() function to get per-type PBKDF default
  * Add new flag to crypt_keyslot_add_by_key() to force update device
    volume key. This call is mainly intended for a wrapped key change.
  * Allow volume key store in a file with cryptsetup.
    The --dump-master-key together with --master-key-file allows cryptsetup
    to store the binary volume key to a file instead of standard output.
  * Add support detached header for cryptsetup-reencrypt command.
  * Fix VeraCrypt PIM handling - use proper iterations count formula
    for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes.
  * Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim).
  * Add --with-default-luks-format configure time option.
    (Option to override default LUKS format version.)
  * Fix LUKS version conversion for detached (and trimmed) LUKS headers.
  * Add luksConvertKey cryptsetup command that converts specific keyslot
    from one PBKDF to another.
  * Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata)
    header is detected.
  * More cleanup and hardening of LUKS2 keyslot specific validation options.
    Add more checks for cipher validity before writing metadata on-disk.
  * Do not allow LUKS1 version downconversion if the header contains tokens.
  * Add "/paes"/ family ciphers (AES wrapped key scheme for mainframes)
    to allowed ciphers.
    Specific wrapped ley configuration logic must be done by 3rd party tool,
    LUKS2 stores only keyslot material and allow activation of the device.
  * Add support for --check-at-most-once option (kernel 4.17) to veritysetup.
    This flag can be dangerous; if you can control underlying device
    (you can change its content after it was verified) it will no longer
    prevent reading tampered data and also it does not prevent silent
    data corruptions that appear after the block was once read.
  * Fix return code (EPERM instead of EINVAL) and retry count for bad
    passphrase on non-tty input.
  * Enable support for FEC decoding in veritysetup to check dm-verity devices
    with additional Reed-Solomon code in userspace (verify command).
  Changes since version 2.0.1
  * Fix a regression in early detection of inactive keyslot for luksKillSlot.
    It tried to ask for passphrase even for already erased keyslot.
  * Fix a regression in loopaesOpen processing for keyfile on standard input.
    Use of "/-"/ argument was not working properly.
  * Add LUKS2 specific options for cryptsetup-reencrypt.
    Tokens and persistent flags are now transferred during reencryption;
    change of PBKDF keyslot parameters is now supported and allows
    to set precalculated values (no benchmarks).
  * Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
    combination. Persistent flags are now stored only if the device was
    successfully activated with the specified flags.
  * Fix integritysetup format after recent Linux kernel changes that
    requires to setup key for HMAC in all cases.
    Previously integritysetup allowed HMAC with zero key that behaves
    like a plain hash.
  * Fix VeraCrypt PIM handling that modified internal iteration counts
    even for subsequent activations. The PIM count is no longer printed
    in debug log as it is sensitive information.
    Also, the code now skips legacy TrueCrypt algorithms if a PIM
    is specified (they cannot be used with PIM anyway).
  * PBKDF values cannot be set (even with force parameters) below
    hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2
    it is 4 iterations and 32 KiB of memory cost.
  * Introduce new crypt_token_is_assigned() API function for reporting
    the binding between token and keyslots.
  * Allow crypt_token_json_set() API function to create internal token types.
    Do not allow unknown fields in internal token objects.
  * Print message in cryptsetup that about was aborted if a user did not
    answer YES in a query.
- update to 2.0.1:
  * To store volume key into kernel keyring, kernel 4.15 with
    dm-crypt 1.18.1 is required
  * Increase maximum allowed PBKDF memory-cost limit to 4 GiB
  * Use /run/cryptsetup as default for cryptsetup locking dir
  * Introduce new 64-bit byte-offset *keyfile_device_offset functions.
  * New set of fucntions that allows 64-bit offsets even on 32bit systems
    are now availeble:
  - crypt_resume_by_keyfile_device_offset
  - crypt_keyslot_add_by_keyfile_device_offset
  - crypt_activate_by_keyfile_device_offset
  - crypt_keyfile_device_read
    The new functions have added the _device_ in name.
    Old functions are just internal wrappers around these.
  * Also cryptsetup --keyfile-offset and --new-keyfile-offset now
    allows 64-bit offsets as parameters.
  * Add error hint for wrongly formatted cipher strings in LUKS1 and
    properly fail in luksFormat if cipher format is missing required IV.
- Update to version 2.0.0:
  * Add support for new on-disk LUKS2 format
  * Enable to use system libargon2 instead of bundled version
  * Install tmpfiles.d configuration for LUKS2 locking directory
  * New command integritysetup: support for the new dm-integrity kernel target
  * Support for larger sector sizes for crypt devices
  * Miscellaneous fixes and improvements
- Update to version 1.7.5:
  * Fixes to luksFormat to properly support recent kernel running
    in FIPS mode (bsc#1031998).
  * Fixes accesses to unaligned hidden legacy TrueCrypt header.
  * Fixes to optional dracut ramdisk scripts for offline
    re-encryption on initial boot.
- Update to version 1.7.4:
  * Allow to specify LUKS1 hash algorithm in Python luksFormat
  * Use LUKS1 compiled-in defaults also in Python wrapper.
  * OpenSSL backend: Fix OpenSSL 1.1.0 support without backward
    compatible API.
  * OpenSSL backend: Fix LibreSSL compatibility.
  * Check for data device and hash device area overlap in
  * Fix a possible race while allocating a free loop device.
  * Fix possible file descriptor leaks if libcryptsetup is run from
    a forked process.
  * Fix missing same_cpu_crypt flag in status command.
  * Various updates to FAQ and man pages.
- Changes for version 1.7.3:
  * Fix device access to hash offsets located beyond the 2GB device
    boundary in veritysetup.
  * Set configured (compile-time) default iteration time for
    devices created directly through libcryptsetup
  * Fix PBKDF2 benchmark to not double iteration count for specific
    corner case.
  * Verify passphrase in cryptsetup-reencrypt when encrypting a new
  * OpenSSL backend: fix memory leak if hash context was repeatedly
  * OpenSSL backend: add support for OpenSSL 1.1.0.
  * Fix several minor spelling errors.
  * Properly check maximal buffer size when parsing UUID from
- Update to version 1.7.2:
  * Update LUKS documentation format.
    Clarify fixed sector size and keyslots alignment.
  * Support activation options for error handling modes in
    Linux kernel dm-verity module:
  - -ignore-corruption - dm-verity just logs detected corruption
  - -restart-on-corruption - dm-verity restarts the kernel if
    corruption is detected
    If the options above are not specified, default behavior for
    dm-verity remains. Default is that I/O operation fails with
    I/O error if corrupted block is detected.
  - -ignore-zero-blocks - Instructs dm-verity to not verify
    blocks that are expected to contain zeroes and always
    return zeroes directly instead.
    NOTE that these options could have security or functional
    impacts, do not use them without assessing the risks!
  * Fix help text for cipher benchmark specification
    (mention --cipher option).
  * Fix off-by-one error in maximum keyfile size.
    Allow keyfiles up to compiled-in default and not that value
    minus one.
  * Support resume of interrupted decryption in cryptsetup-reencrypt
    utility. To resume decryption, LUKS device UUID (--uuid option)
    option must be used.
  * Do not use direct-io for LUKS header with unaligned keyslots.
    Such headers were used only by the first cryptsetup-luks-1.0.0
    release (2005).
  * Fix device block size detection to properly work on particular
    file-based containers over underlying devices with 4k sectors.
- Update to version 1.7.1:
  * Code now uses kernel crypto API backend according to new
    changes introduced in mainline kernel
    While mainline kernel should contain backward compatible
    changes, some stable series kernels do not contain fully
    backported compatibility patches.
    Without these patches  most of cryptsetup operations
    (like unlocking device) fail.
    This change in cryptsetup ensures that all operations using
    kernel crypto API works even on these kernels.
  * The cryptsetup-reencrypt utility now properly detects removal
    of underlying link to block device and does not remove
    ongoing re-encryption log.
    This allows proper recovery (resume) of reencrypt operation later.
    NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
    this link disappears once the device metadata is temporarily
    removed from device.
  * Cryptsetup now allows special "/-"/ (standard input) keyfile handling
    even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
  * Cryptsetup now fails if there are more keyfiles specified
    for non-TCRYPT device.
  * The luksKillSlot command now does not suppress provided password
    in batch mode (if password is wrong slot is not destroyed).
    Note that not providing password in batch mode means that keyslot
    is destroyed unconditionally.
- update to 1.7.0:
  * The cryptsetup 1.7 release changes defaults for LUKS,
    there are no API changes.
  * Default hash function is now SHA256 (used in key derivation
    function and anti-forensic splitter).
  * Default iteration time for PBKDF2 is now 2 seconds.
  * Fix PBKDF2 iteration benchmark for longer key sizes.
  * Remove experimental warning for reencrypt tool.
  * Add optional libpasswdqc support for new LUKS passwords.
  * Update FAQ document.
- Fix missing dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at postun (boo#958562)
- Update to 1.6.8
  * If the null cipher (no encryption) is used, allow only empty
    password for LUKS. (Previously cryptsetup accepted any password
    in this case.)
    The null cipher can be used only for testing and it is used
    temporarily during offline encrypting not yet encrypted device
    (cryptsetup-reencrypt tool).
    Accepting only empty password prevents situation when someone
    adds another LUKS device using the same UUID (UUID of existing
    LUKS device) with faked header containing null cipher.
    This could force user to use different LUKS device (with no
    encryption) without noticing.
    (IOW it prevents situation when attacker intentionally forces
    user to boot into different system just by LUKS header
    Properly configured systems should have an additional integrity
    protection in place here (LUKS here provides only
    confidentiality) but it is better to not allow this situation
    in the first place.
    (For more info see QubesOS Security Bulletin QSB-019-2015.)
  * Properly support stdin "/-"/ handling for luksAddKey for both new
    and old keyfile parameters.
  * If encrypted device is file-backed (it uses underlying loop
    device), cryptsetup resize will try to resize underlying loop
    device as well. (It can be used to grow up file-backed device
    in one step.)
  * Cryptsetup now allows to use empty password through stdin pipe.
    (Intended only for testing in scripts.)
- Enable verbose build log.
- regenerate the initrd if cryptsetup tool changes
  (wanted by 90crypt dracut module)
- Update to 1.6.7
  * Cryptsetup TCRYPT mode now supports VeraCrypt devices
    (TrueCrypt extension)
  * Support keyfile-offset and keyfile-size options even for plain
  * Support keyfile option for luksAddKey if the master key is
  * For historic reasons, hashing in the plain mode is not used if
    keyfile is specified (with exception of --key-file=-). Print
    a warning if these parameters are ignored.
  * Support permanent device decryption for cryptsetup-reencrypt.
    To remove LUKS encryption from a device, you can now use
  - -decrypt option.
  * Allow to use --header option in all LUKS commands. The
  - -header always takes precedence over positional device argument.
  * Allow luksSuspend without need to specify a detached header.
  * Detect if O_DIRECT is usable on a device allocation. There are
    some strange storage stack configurations which wrongly allows
    to open devices with direct-io but fails on all IO operations later.
  * Add low-level performance options tuning for dmcrypt (for
    Linux 4.0 and later).
  * Get rid of libfipscheck library.
    (Note that this option was used only for Red Hat and derived
    distributions.) With recent FIPS changes we do not need to
    link to this FIPS monster anymore. Also drop some no longer
    needed FIPS mode checks.
  * Many fixes and clarifications to man pages.
  * Prevent compiler to optimize-out zeroing of buffers for on-stack
  * Fix a crash if non-GNU strerror_r is used.
- When cupsd creates directories with specific owner group
  and permissions (usually owner is 'root' and group matches
  "/configure --with-cups-group=lp"/) specify same owner group and
  permissions in the RPM spec file to ensure those directories
  are installed by RPM with the right settings because if those
  directories were installed by RPM with different settings then
  cupsd would use them as is and not adjust its specific owner
  group and permissions which could lead to privilege escalation
  from 'lp' user to 'root' via symlink attacks e.g. if owner is
  falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
- cups-2.2.7-web-ui-kerberos-authentication.patch (bsc#1175960)
  Fix web UI kerberos authentication
- cups-2.2.7-CVE-2020-10001.patch fixes CVE-2020-10001
  access to uninitialized buffer in ipp.c (bsc#1180520)
- cups-2.2.7-CVE-2019-8842.patch fixes CVE-2019-8842 (bsc#1170671)
  the ippReadIO function may under-read an extension field
- cups-2.2.7-CVE-2020-3898.patch fixes CVE-2020-3898 (bsc#1168422)
  heap-buffer-overflow in libcups ppdFindOption() function
- cups-2.2.7-CVE-2019-8675.CVE-2019-8696.patch fixes
  CVE-2019-8675 and CVE-2019-8696 (bsc#1146358 and bsc#1146359)
  and some other security/disclosure issues
  (Apple's internal issues rdar://51685251, rdar://50035411,
  rdar://51373853, rdar://51373929)
- Add issue5509-fix-utf-8-validation-issue.patch (bsc#1118118)
- cups-2.2.7-CVE-2018-4700.patch fixes CVE-2018-4700: session
  cookie is extremely predictable, effectively breaking the
  CSRF protection of the CUPS web interface (bsc#1115750)
- cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954.diff
  is 'git show 97cb566568a8c3a9c07c7ccec09f28f5c5015954' for
  (except the not needed hunk for patching which fails)
  that fixes local privilege escalation to root and sandbox
  bypasses in scheduler (Apple's internal issues rdar://37836779,
  rdar://37836995, rdar://37837252, rdar://37837581)
  in the CUPS 2.2 branch
  bsc#1096405 CVE-2018-4180:
  Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
  bsc#1096406 CVE-2018-4181:
  Limited Local File Reads as Root via cupsd.conf Include Directive
  bsc#1096407 CVE-2018-4182:
  cups-exec Sandbox Bypass Due to Insecure Error Handling
  bsc#1096408 CVE-2018-4183:
  cups-exec Sandbox Bypass Due to Profile Misconfiguration
- Version upgrade to 2.2.7:
  CUPS 2.2.7 is a general bug fix release.
  For details see
  or the file.
  Changes include:
  * Additional security fixes for:
    bsc#1061066 DBUS library aborts caller process
    in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
    bsc#1087018 CVE-2017-18248: cups: The add_job function in
    scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is
    enabled, can be crashed by remote attackers by sending print
    jobs with an invalid username, related to a D-Bus notification
    which are the CUPS upstream issues
    Remote DoS attack against cupsd via invalid username
    and malicious D-Bus library
    squash non-UTF-8 strings into ASCII on plain IPP level
    persistently substitute invalid job attributes
    with default values - not only in add_job
    see also
    bsc#1087072 dbus-1:
    Disable assertions to prevent un-expected DDoS attacks
  * NOTICE: Raw print queues are now deprecated (Issue #5269)
    so that now there is a warning message when you
    add or modify a queue to use the "/raw driver"/ but
    raw printing will continue to work through CUPS 2.3.x, cf.
  * Fixed an Avahi crash bug in the scheduler (Issue #5268)
  * Systemd did not restart cupsd when configuration changes
    were made that required a restart (Issue #5263)
  * The scheduler could crash while adding an IPP Everywhere
    printer (Issue #5258)
  * The scheduler now supports using temporary print queues
    for older IPP/1.1 print queues like those shared by CUPS 1.3
    and earlier (Issue #5241)
  * Kerberized printing to another CUPS server did not work
    correctly (Issue #5233)
  * More fixes for printing to old CUPS servers (Issue #5211)
  * The scheduler now substitutes default values for invalid
    job attributes when running in "/relaxed conformance"/
    mode (Issue #5186)
  * The cups-driverd program incorrectly stopped scanning PPDs
    as soon as a loop was seen (Issue #5170)
  * The `SSLOptions` directive now supports `MinTLS` and `MaxTLS`
    options to control the minimum and maximum TLS versions
    that will be allowed, respectively (Issue #5119)
  * The scheduler did not write out dirty configuration and
    state files if there were open client connections (Issue #5118)
  * The `lpadmin` command now provides a better error message when
    an unsupported System V interface script is used (Issue #5111)
  * No longer support backslash, question mark, or quotes
    in printer names (Issue #4966)
  * The CUPS library now supports the latest HTTP Digest
    authentication specification including support
    for SHA-256 (Issue #4862)
  * TLS connections now properly timeout (rdar://34938533)
- Make sure cups-libs-<targettype> is removed
- Version upgrade to 2.2.6:
  CUPS 2.2.6 is a general bug fix release.
  For details see
  Changes include:
  * DBUS notifications could crash the scheduler (Issue #5143)
    (see also bsc#1061066 "/DBUS library aborts caller process"/)
- Use again the baselibs.conf from Fri Oct 13 11:11:10 UTC 2017
  that got broken by the change on Wed Oct 18 06:11:10 UTC 2017.
- Version upgrade to 2.2.5:
  CUPS 2.2.5 is a general bug fix release.
  For details see
- Version upgrade to 2.2.4:
  CUPS 2.2.4 is a general bug fix release.
  For details see
- Removed
  because since CUPS 2.2.4 it is fixed in the upstream code
  via more precisely via
- Fix typo in requires
- Implement shared library packaging guideline [boo#862112]
- Update package descriptions.
- Remove redundant Requires(pre) line — the use of %post -p
  already implies it.
- Pre-require user(lp) in cups-libs
- In /usr/lib/tmpfiles.d/cups.conf use
  group 'root' for /run/cups/certs (boo#1042916).
- Major backward incompatible change since CUPS 2.2.0:
  There is no longer the directory /etc/cups/interfaces because
  since CUPS 2.2.0 so called "/System V style Interface Scripts"/
  are no longer supported for security reasons (see below the
  entry about the changes included in CUPS 2.2.0).
- Disabled cups-2.1.0-cups-systemd-socket.patch
  because it does no longer apply which needs to be examined
  and decided by someone who knows about systemd internals.
- Disabled
  because they do no longer apply which needs to be examined
  and decided by someone who knows about Avahi internals.
- Version upgrade to 2.2.3:
  CUPS 2.2.3 is a general bug fix release.
  Changes include:
  * The IPP backend could get into an infinite loop for certain
    errors, causing a hung queue (rdar://problem/28008717)
  * The scheduler could pause responding to client requests in
    order to save state changes to disk (rdar://problem/28690656)
  * Added support for PPD finishing keywords
    (Issue #4960, Issue #4961, Issue #4962)
  * The IPP backend did not send a media-col attribute for just
    the source or type (Issue #4963)
  * IPP Everywhere print queues did not always support all print
    qualities supported by the printer (Issue #4953)
  * IPP Everywhere print queues did not always support all media
    types supported by the printer (Issue #4953)
  * The IPP Everywhere PPD generator did not return useful error
    messages (Issue #4954)
  * The IPP Everywhere finishings support did not work correctly
    with common UI or command-line options (Issue #4976)
  * Fixed an error handling issue for the network backends
    (Issue #4979)
  * The "/reprint job"/ option was not available for some canceled
    jobs (Issue #4915)
  * Updated the job listing in the web interface (Issue #4978)
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.2:
  CUPS 2.2.2 is a general bug fix release.
  Changes include:
  * Fixed some issues with IPP Everywhere printer support
    (Issue #4893, Issue #4909, Issue #4916, Issue #4921,
    Issue #4923, Issue #4932, Issue #4933, Issue #4938)
  * The rastertopwg filter could crash with certain input
    (Issue #4942)
  * The scheduler did not detect when an encrypted connection
    was closed by the client on Linux (Issue #4901)
  * The cups-lpd program did not catch all legacy usage
    of ISO-8859-1 (Issue #4899)
  * The scheduler no longer creates log files on startup
  * The ippContainsString function now uses case-insensitive
    comparisons for mimeMediaType, name, and text values in
    conformance with RFC 2911.
  * The network backends now log the addresses that were found
    for a printer (<rdar://problem/29268474>)
  * Let's Encrypt certificates did not work when the hostname
    contained uppercase letters (Issue #4919)
  * Fixed reporting of printed pages in the web interface
    (Issue #4924)
  * Updated systemd config files (Issue #4935)
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.1:
  CUPS 2.2.1 is a general bug fix release.
  Changes include:
  * Added "/CreateSelfSignedCerts"/ directive for cups-files.conf
    to control whether the scheduler automatically creates
    its own self-signed X.509 certificates for TLS connections
    (Issue #4876)
  * http*Connect did not handle partial failures (Issue #4870)
  * cupsHashData did not use the correct hashing algorithm
  * Updated man pages (PR #4885)
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.0:
  CUPS 2.2.0 adds support for local IPP Everywhere print queues
  and includes several performance and security improvements.
  Changes include:
  * Normalized the TLS certificate validation code and added
    additional error messages to aid troubleshooting.
  * http*Connect did not work on Linux when cupsd was not running
    (Issue #4870)
  * The --no-remote-any option of cupsctl had no effect
    (Issue #4866)
  * http*Connect did not return early when all addresses failed
    (Issue #4870)
  * The IPP backend did not validate TLS credentials properly.
  * The printer-state-message attribute was not cleared after a
    print job with no errors (Issue #4851)
  * The CUPS-Add-Modify-Class and CUPS-Add-Modify-Printer
    operations did not always return an error for failed
    adds (Issue #4854)
  * PPD files with names longer than 127 bytes did not work
    (Issue #4860)
  * CUPS now supports Let's Encrypt certificates on Linux.
  * All CUPS commands now support POSIX options (Issue #4813)
  * The scheduler now restarts faster (Issue #4760)
  * Improved performance of web interface with large numbers
    of jobs (Issue #3819)
  * Encrypted printing can now be limited to only trusted
    printers and servers (<rdar://problem/25711658>)
  * The scheduler now advertises PWG Raster attributes for
    IPP Everywhere clients (Issue #4428)
  * The scheduler now logs informational messages for jobs
    at LogLevel "/info"/ (Issue #4815)
  * The scheduler now uses the getgrouplist function
    when available (Issue #4611)
  * The IPP backend no longer enables compression by default
    except for certain raster formats that generally benefit
    from it (<rdar://problem/25166952>)
  * The scheduler did not handle out-of-disk situations
    gracefully (Issue #4742)
  * The LPD mini-daemon now detects invalid UTF-8 sequences
    in job, document, and user names (Issue #4748)
  * The IPP backend now continues on to the next job
    when the remote server/printer puts the job on hold
  * The scheduler did not cancel multi-document jobs immediately
  * The scheduler did not return non-shared printers to local
    clients unless they connected to the domain socket
  * The scheduler now reads the spool directory if one or more
    job cache entries point to deleted jobs
  * Added support for disc media sizes (<rdar://problem/20219536>)
  * The httpAddrConnect and httpConnect* APIs now try connecting
    to multiple addresses in parallel (<rdar://problem/20643153>)
  * Interface scripts are no longer supported for security reasons
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.1.4:
  CUPS 2.1.4 is a general bug fix release.
  Changes include:
  * Fixed reporting of 1284 Device IDs (Issue #3835, PR #3836)
  * Fixed printing of multiple files to raw queues (Issue #4782)
  * The scheduler did not implement the Hold-New-Jobs opertion
    correctly (Issue #4767)
  * The cups-lpd mini-daemon incorrectly included the document-name
    attribute when creating a job.  It should only be included when
    sending a job (Issue #4790)
  A detailed list of changes can be found in the CHANGES.txt file.
- Replace krb5-devel BuildRequires with pkgconfig(krb5) on
  suse_version >= 1315: give OBS a better chance to break up build
- Drop cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff and add
  0002-Save-work-on-Avahi-code.patch and
  0003-Avahi-fixes-for-cupsEnumDests.patch which is what upstream
  finally commited to cups 2.2 sources in response to in order to fix cupsEnumDests
  to react to the ALL_FOR_NOW avahi event (and also include a similar
  fix for the dnssd case). Related to bsc#955432.
- Add cups-2.1.3-cupsEnumDests-react-to-all-for-now.diff .
  Avahi sends an ALL_FOR_NOW event when it finishes sending
  its cache contents. This patch makes cupsEnumDests finish
  when the signal is received so it doesn't block the caller
  doing nothing until the timeout finishes (related to bsc#955432,
  submitted upstream at
- Add /etc/cups to cups-libs package [bsc#1025689]
- Replace pkgconfig(libsystemd-daemon) BuildRequires with
  pkgconfig(libsystemd) on openSUSE 13.2 and newer: the various
  sub-libraries have been merged into libsystemd since version 209.
  openSUSE 13.1 was the last product to ship systemd 208.
- Remove CUPS.desktop and pixmap
  * Obsoletes patch cups-1.3.9-desktop_file.patch
- Version upgrade to 2.1.3:
  CUPS 2.1.3 fixes some issues in the scheduler, sample drivers,
  and user commands.
  A detailed list of changes can be found in the CHANGES.txt file.
  Changes include (excerpt):
  * The scheduler should not exit under memory pressure
  * Fixed some issues in ipptool for skipped tests
  * The "/lp -H resume"/ command did not reset the
    "/job-state-reasons"/ attribute value (STR #4752)
  * The scheduler did not allow access to resource files
    (icons, etc.) when the web interface was disabled (STR #4755)
- Version upgrade to 2.1.2:
  CUPS 2.1.2 fixes an issue in the 2.1.1 source archives which
  actually contained a current 2.2 snapshot.
  There are no other changes.
- Version upgrade to 2.1.1:
  CUPS 2.1.1 fixes a number of USB and IPP printing issues,
  addresses some error reporting and hardening issues in
  the scheduler, and updates some localizations.
  A detailed list of changes can be found in the CHANGES.txt file.
  Changes include (excerpt):
  * Security hardening fixes (<rdar://problem/23131948>,
    <rdar://problem/23132108>, <rdar://problem/23132353>,
    <rdar://problem/23132803>, <rdar://problem/23133230>,
    <rdar://problem/23133393>, <rdar://problem/23133466>,
    <rdar://problem/23133833>, <rdar://problem/23133998>,
    <rdar://problem/23134228>, <rdar://problem/23134299>,
    <rdar://problem/23134356>, <rdar://problem/23134415>,
    <rdar://problem/23134506>, <rdar://problem/23135066>,
    <rdar://problem/23135122>, <rdar://problem/23135207>,
    <rdar://problem/23144290>, <rdar://problem/23144358>,
  * The cupsGetPPD* functions did not work with IPP printers
    (STR #4725)
  * Some older HP LaserJet printers need a delayed close when
    printing using the libusb-based USB backend (STR #4549)
  * The libusb-based USB backend did not unload the kernel usblp
    module if it was preventing the backend from accessing the
    printer (STR #4707)
  * Current Primera printers were incorrectly reported as Fargo
    printers (STR #4708)
  * The IPP backend did not always handle jobs getting canceled
    at the printer (<rdar://problem/22716820>)
  * Added USB quirk for Canon MP530 (STR #4730)
  * The scheduler did not deliver job notifications for jobs
    submitted to classes (STR #4733)
  * Changing the printer-is-shared value for a remote queue
    did not produce an error (STR #4738)
  * The IPP backend incorrectly included the job-password
    attribute in Validate-Job requests (<rdar://problem/23531939>)
- add -devel to build a 32bit wine on 64bit only Leap systems.
- Version upgrade to 2.1.0:
  CUPS 2.1.0 offers improved support for IPP Everywhere,
  adds support for advanced logging using journald on Linux, and
  includes new security features for encrypted printing and
  reduced network visibility in the default configuration.
  A detailed list of changes can be found in the CHANGES.txt file.
  Changes include (excerpt):
  * Added support for 3D printers (basic types only,
    no built-in filters) based on PWG white paper.
  * The IPP backend now stops sending print data
    if the printer indicates the job has been aborted
    or canceled (<rdar://problem/17837631>)
  * The IPP backend now sends the job-pages-per-set
    attribute when printing multiple copy jobs with
    finishings (<rdar://problem/16792757>)
  * The IPP backend now updates the cupsMandatory values when the
    printer configuration changes (<rdar://problem/18126570>)
  * No longer install banner files since third-party banner
    filters now supply their own (STR #4518)
  * The scheduler no longer listens on the loopback
    interface unless the web interface or printer sharing
    are enabled (<rdar://problem/9136448>)
  * Added a PPD generator for IPP Everywhere printers (STR #4258)
  * Now install "/default"/ versions of more configuration
    files (<rdar://problem/19024491>) in particular
    cups-files.conf.default and snmp.conf.default
  * Added SSLOptions values to allow Diffie-Hellman key exchange
    and disable TLS/1.0 support.
  * Updated the scheduler to support more IPP Everywhere
    attributes (STR #4630)
  * The scheduler now supports advanced ASL and journald logging
    when "/syslog"/ output is configured (STR #4474)
  * The scheduler now supports logging to stderr when running
    in the foreground (STR #4505)
- Adapted patches so that they apply to CUPS 2.1.0 sources:
  * cups-2.1.0-choose-uri-template.patch replaces
  * cups-2.1.0-default-webcontent-path.patch replaces
  * cups-2.1.0-cups-systemd-socket.patch replaces
- Fix bnc#943950, escape the macro call %systemd-tmpfiles
  in comment.
- Add gpg verification for the tarball
- Version update to 2.0.4:
  * Fixed a bug in cupsRasterWritePixels (STR #4650)
  * Fixed redirection in the web interface (STR #4538)
  * The IPP backend did not respond to side-channel
    requests (STR #4645)
  * The scheduler did not start all pending jobs
    at once (STR #4646)
  * The web search incorrectly searched time-at-xxx
    values (STR #4652)
  * Fixed an RPM spec file issue (STR #4657)
  * The scheduler incorrectly started jobs while canceling
    multiple jobs (STR #4648)
  * Fixed processing of server overrides without
    port numbers (STR #4675)
  * Documentation changes (STR #4651, STR #4674)
- cups-2.0.3-additional_policies.patch replaces
  cups-1.7-additional_policies.patch that still adds the same
  "/allowallforanybody"/ policy but now with separated "/Limit All"/
  to avoid (boo#936309).
- Added "/-p /bin/bash"/ to RPM shell commands scriptlets that
  enforces bash to be safe against any possible "/bashisms"/, cf
- Fix the previous commit by using direct systemd call and
  ensuring we work even on older distros
- Fix postin-without-tmpfile-creation and run %tmpfiles_create
  macro on our cups.conf
- Version upgrade to 2.0.3:
  The new release addresses two security vulnerabilities,
  add localizations for German and Russian, and includes several
  general bug fixes. Changes include (excerpt):
  * Security: Fixed CERT VU #810572 CVE-2015-1158 CVE-2015-1159
    exploiting the dynamic linker (STR #4609) (bsc#924208)
  * Security: The scheduler could hang with malformed gzip data
    (STR #4602)
  * Restored missing generic printer icon file (STR #4587)
  * Fixed logging of configuration errors to show up as errors
    (STR #4582)
  * Fixed potential buffer overflows in raster code and filters
    (STR #4598, STR #4599, STR #4600, STR #4601)
  * Fixed <Limit> inside <Location> (STR #4575)
  * Fixed lpadmin when both -m and -o are used (STR #4578)
  * The web interface always showed support for 2-sided printing
    (STR #4595)
  * cupsRasterReadHeader did not fully validate the raster header
    (STR #4596)
  * The rastertopwg filter did not check for truncated input
    (STR #4597)
  * The cups-lpd mini-daemon did not check for request parameters
    (STR #4603)
  * The scheduler could get caught in a busy loop (STR #4605)
  * The sample Epson driver could crash (STR #4616)
  * The IPP backend now correctly monitors jobs
  * The ppdhtml and ppdpo utilities crashed when the -D option
    was used before a driver information file (STR #4627)
  * ippfind incorrectly substituted "/=port"/ for service_port.
  * The IPP/1.1 test file did not handle the initial print job
    completing early (STR #4576)
  * Fixed a memory leak in cupsConnectDest (STR #4634)
  * PWG Raster Format output contained invalid ImageBox values
  * Added Russian translation (STR #4577)
  * Added German translation (STR #4635)
- cups-busy-loop.patch fixed STR #4605 is obsolete because
  it is fixed upstream (see above).
- cleaned up this whole RPM changlog (wrapped too long lines if
  possible and removed trailing whitespaces).
- Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605
- Add back the posttrans cleanup script as it is needed
- Add patch cups-systemd-socket.patch to fix socket activation
  and to match socket approach Fedora has.
- Version bump to 2.0.2:
  * Security: cupsRasterReadPixels buffer overflow with invalid
    page header and compressed raster data (STR #4551)
  * Mapping of PPD keywords to IPP keywords did not work if the PPD
    keyword was already an IPP keyword (<rdar://problem/19121005>)
  * cupsGetPPD* sent bad requests (STR #4567)
  * For detailed list see CHANGES.txt file
- Enable PIE for build
- Remove legacy paralel-port support as it is not really needed
  as most do not want it
- Update descriptions to just state what changed and let user
  find it out.
- Add back comment about %fdupes
- Remove exit 0 on scriptlets as it is provided by
  the %service bla ones already
- Fix the comment about openSUSE version on tmpfilesdir declaration
- cups-2.0.1 update:
  * lengthy list of changes see the upstream CHANGES.txt that is
    distributed with the package
  * Disabling of sslv3 to mitigate poodle
- Use gnutls to provide SSLOPtions configuration directive
  * openssl is no longer supported upstream
  * Remove the with-openssl-exception from license
- Remove cups.sysconfig as it is not used with systemd based distros
- Purposely lose support for SLE11 as it doubles size of some of the
  sections and keep suppor for openSUSE+SLE12
  * even with the conditions we would have to go unencrypted only
    as needs newer gnutls, so don't bother with keeping the compat
- Use upstream service and socket files to allow more working tools
- Removed patches:
  * cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch
  * cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch
  * cups-0003-systemd-secure-cups.service-unit-file.patch
  * cups-1.3.6-access_conf.patch
  * cups-1.5-additional_policies.patch
  * cups-1.5.4-CVE-2012-5519.patch
  * cups-1.5.4-strftime.patch
  * cups-move-everything-to-run.patch
  * cups-polld_avoid_busy_loop.patch
  * cups-provides-cupsd-service.patch
  * str4190.patch
  * str4351.patch
  * str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch
- Refreshed patches:
  * cups-1.3.9-desktop_file.patch
  * cups-config-libs.patch
- Added patches:
  * cups-1.7-additional_policies.patch
  * cups-systemd-socket.patch
- Security fix: [bsc#1188220, CVE-2021-22925]
  * TELNET stack contents disclosure again
  * Add curl-CVE-2021-22925.patch
- Security fix: [bsc#1188219, CVE-2021-22924]
  * Bad connection reuse due to flawed path name checks
  * Add curl-CVE-2021-22924.patch
- Security fix: Disable the metalink feature:
  * Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923]
  * Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922]
- Security fix: [bsc#1186114, CVE-2021-22898]
  * TELNET stack contents disclosure
- Add curl-CVE-2021-22898.patch
- Allow partial chain verification [jsc#SLE-17956]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.
- Add curl-X509_V_FLAG_PARTIAL_CHAIN.patch
- Security fix: [bsc#1183934, CVE-2021-22890]
  * When using a HTTPS proxy and TLS 1.3, libcurl can confuse
    session tickets arriving from the HTTPS proxy but work as
    if they arrived from the remote server and then wrongly
    "/short-cut"/ the host handshake.
- Add curl-CVE-2021-22890.patch
- Security fix: [bsc#1183933, CVE-2021-22876]
  * The automatic referer leaks credentials
- Add curl-CVE-2021-22876.patch
- Security fix: [bsc#1179593, CVE-2020-8286]
  * Inferior OCSP verification: libcurl offers "/OCSP stapling"/ via
    the 'CURLOPT_SSL_VERIFYSTATUS' option that, when set, verifies
    the OCSP response that a server responds with as part of the TLS
    handshake. It then aborts the TLS negotiation if something is
    wrong with the response. The same feature can be enabled with
    '--cert-status' using the curl tool.
  * As part of the OCSP response verification, a client should verify
    that the response is indeed set out for the correct certificate.
    This step was not performed by libcurl when built or told to use
    OpenSSL as TLS backend.
- Add curl-CVE-2020-8286.patch
- Security fix: [bsc#1179399, CVE-2020-8285]
  * FTP wildcard stack overflow: The wc_statemach() internal
    function has been rewritten to use an ordinary loop instead of
    the recursive approach.
- Add curl-CVE-2020-8285.patch
- Security fix: [bsc#1179398, CVE-2020-8284]
  * Trusting FTP PASV responses: When curl performs a passive FTP
    transfer, it first tries the 'EPSV' command and if that is not
    supported, it falls back to using 'PASV'. A malicious server
    can use the 'PASV' response to trick curl into connecting
    back to a given IP address and port, and this way potentially
    make curl extract information about services that are otherwise
    private and not disclosed.
  * The IP address part of the response is now ignored by default,
    by making 'CURLOPT_FTP_SKIP_PASV_IP' default to '1L'. The same
    goes for the command line tool, which then might need
    '--no-ftp-skip-pasv-ip' set to prevent curl from ignoring the
    address in the server response.
- Add curl-CVE-2020-8284.patch
- Security fix: [bsc#1175109, CVE-2020-8231]
  * An application that performs multiple requests with libcurl's
    multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
    rare circumstances experience that when subsequently using the
    setup connect-only transfer, libcurl will pick and use the wrong
    connection and instead pick another one the application has
    created since then.
- Add curl-CVE-2020-8231.patch
- Security fix: [bsc#1173027, CVE-2020-8177]
  * curl can be tricked my a malicious server to overwrite a local
    file when using '-J' ('--remote-header-name') and '-i' ('--head')
    in the same command line.
- Add curl-CVE-2020-8177.patch
- Security fix: [bsc#1173026, CVE-2020-8169]
  * Partial password leak over DNS on HTTP redirect
- Add curl-CVE-2020-8169.patch
- Fix segfault in zypper ref: [bsc#1156481]
  * remove_handle: clear expire timers after multi_done()
  * Add patch curl-expire-clear.patch
- Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481]
  [bsc#1149604, bsc#1149572, jsc#SLE-9295]
  * Changes:
  - CURLINFO_RETRY_AFTER: parse the Retry-After header value
  - HTTP3: initial (experimental still not working) support
  - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
  - curl: support parallel transfers with -Z
  - curl_multi_poll: a sister to curl_multi_wait() that waits more
  - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
  * Bugfixes:
  - CVE-2019-5481: FTP-KRB double-free
  - CVE-2019-5482: TFTP small blocksize heap buffer overflow
  - CMake: remove needless newlines at end of gss variables
  - CMake: use platform dependent name for dlopen() library
  - CURLINFO docs: mention that in redirects times are added
  - CURLOPT_ALTSVC.3: use a "/"/ file name to not load from a file
  - CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
  - CURLOPT_READFUNCTION.3: provide inline example
  - CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
  - Curl_addr2string: take an addrlen argument too
  - Curl_fillreadbuffer: avoid double-free trailer buf on error
  - HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
  - alt-svc: add protocol version selection masking
  - alt-svc: fix removal of expired cache entry
  - alt-svc: make it use h3-22 with ngtcp2 as well
  - alt-svc: more liberal ALPN name parsing
  - alt-svc: send Alt-Used: in redirected requests
  - alt-svc: with quiche, use the quiche h3 alpn string
  - asyn-thread: create a socketpair to wait on
  - cleanup: move functions out of url.c and make them static
  - cleanup: remove the 'numsocks' argument used in many places
  - configure: avoid undefined check_for_ca_bundle
  - curl.h: add CURL_HTTP_VERSION_3 to the version enum
  - curl: cap the maximum allowed values for retry time arguments
  - curl: handle a libcurl build without netrc support
  - curl: make use of CURLINFO_RETRY_AFTER when retrying
  - curl: use CURLINFO_PROTOCOL to check for HTTP(s)
  - curl_global_init_mem.3: mention it was added in 7.12.0
  - curl_version: bump string buffer size to 250
  - curl_version_info.3: mentioned ALTSVC and HTTP3
  - curl_version_info: offer quic (and h3) library info
  - curl_version_info: provide nghttp2 details
  - defines: avoid underscore-prefixed defines
  - docs/ALTSVC: remove what works and the experimental explanation
  - docs/EXPERIMENTAL: explain what it means and what's experimental now
  - docs/ converted to markdown from plain text
  - docs/examples/curlx: fix errors
  - docs: s/curl_debug/curl_dbg_debug in comments and docs
  - easy: resize receive buffer on easy handle reset
  - examples: Avoid reserved names in hiperfifo examples
  - examples: add http3.c, altsvc.c and http3-present.c
  - http09: disable HTTP/0.9 by default in both tool and library
  - http2: when marked for closure and wanted to close == OK
  - http2_recv: trigger another read when the last data is returned
  - http: fix use of credentials from URL when using HTTP proxy
  - http_negotiate: improve handling of gss_init_sec_context() failures
  - md4: Use our own MD4 when no crypto libraries are available
  - multi: call detach_connection before Curl_disconnect
  - nss: use TLSv1.3 as default if supported
  - openssl: build warning free with boringssl
  - openssl: use SSL_CTX_set__proto_version() when available
  - plan9: add support for running on Plan 9
  - progress: reset download/uploaded counter between transfers
  - readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
  - scp: fix directory name length used in memcpy
  - smb: init *msg to NULL in smb_send_and_recv()
  - smtp: check for and bail out on too short EHLO response
  - source: remove names from source comments
  - spnego_sspi: add typecast to fix build warning
  - src/makefile: fix uncompressed hugehelp.c generation
  - ssh-libssh: do not specify O_APPEND when not in append mode
  - ssh: move code into vssh for SSH backends
  - sspi: fix memory leaks
  - tests: Replace outdated test case numbering documentation
  - tftp: return error when packet is too small for options
  - timediff: make it 64 bit (if possible) even with 32 bit time_t
  - travis: reduce number of torture tests in 'coverage'
  - url: make use of new HTTP version if alt-svc has one
  - urlapi: verify the IPv6 numerical address
  - urldata: avoid 'generic', use dedicated pointers
  - vauth: Use CURLE_AUTH_ERROR for auth function errors
  * Removed patches:
  - curl-CVE-2018-0500.patch
  - curl-CVE-2018-14618.patch
  - curl-CVE-2018-16839.patch
  - curl-CVE-2018-16840.patch
  - curl-CVE-2018-16842.patch
  - curl-CVE-2018-16890.patch
  - curl-CVE-2019-3822.patch
  - curl-CVE-2019-3823.patch
  - curl-CVE-2019-5436.patch
  - curl-CVE-2019-5481.patch
  - curl-CVE-2019-5482.patch
- Security fix: [bsc#1149496,CVE-2019-5482]
  * TFTP small blocksize heap buffer overflow
  * Added curl-CVE-2019-5482.patch
- Security fix: [bsc#1149495,CVE-2019-5481]
  * FTP-KRB: double-free during kerberos FTP data transfer
  * Added curl-CVE-2019-5481.patch
- Update to 7.65.3
  * progress: make the progress meter appear again
- Update to 7.65.2
  * Bugfixes:
  - Explain Schannel error SEC_E_ALGORITHM_MISMATCH
  - CMake: Fix finding Brotli on case-sensitive file systems
  - CURLOPT_RANGE.3: Caution against using it for HTTP PUT
  - CURLOPT_SEEKDATA.3: fix variable name
  - bindlocal: detect and avoid IP version mismatches in bind()
  - build: fix Codacy warnings
  - c-ares: honor port numbers in CURLOPT_DNS_SERVERS
  - config-os400: add getpeername and getsockname defines
  - configure: --disable-progress-meter
  - configure: fix --disable-code-coverage
  - configure: more --disable switches to toggle off individual features
  - configure: remove CURL_DISABLE_TLS_SRP
  - conn_maxage: move the check to prune_dead_connections()
  - curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
  - docs: Explain behavior change in --tlsv1. options since 7.54
  - docs: Fix links to OpenSSL docs
  - docs: fix string suggesting HTTP/2 is not the default
  - headers: Remove no longer exported functions
  - http2: call done_sending on end of upload
  - http2: don't call stream-close on already closed streams
  - http2: remove CURL_DISABLE_TYPECHECK define
  - http: allow overriding timecond with custom header
  - http: clarify header buffer size calculation
  - krb5: fix compiler warning
  - lib: Use UTF-8 encoding in comments
  - libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
  - multi: enable multiplexing by default (again)
  - multi: fix the transfer hashes in the socket hash entries
  - multi: make sure 'data' can present in several sockhash entries
  - netrc: Return the correct error code when out of memory
  - nss: don't set unused parameter
  - nss: inspect returnvalue of token check
  - nss: only cache valid CRL entries
  - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
  - openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
  - openssl: fix pubkey/signature algorithm detection in certinfo
  - os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
  - quote.d: asterisk prefix works for SFTP as well
  - runtests: keep logfiles around by default
  - runtests: report single test time + total duration
  - test1165: verify that CURL_DISABLE_ symbols are in sync
  - test1521: adapt to SLISTPOINT
  - test1523: test CURLOPT_LOW_SPEED_LIMIT
  - test153: fix content-length to avoid occasional hang
  - test188/189: fix Content-Length
  - tests: have runtests figure out disabled features
  - tests: support non-localhost HOSTIP for dict/smb servers
  - tests: update fixed IP for hostip/clientip split
  - tool_cb_prg: Fix integer overflow in progress bar
  - typecheck: CURLOPT_CONNECT_TO takes an slist too
  - typecheck: add 3 missing strings and a callback data pointer
  - unit1654: cleanup on memory failure
  - unpause: trigger a timeout for event-based transfers
  - url: Fix CURLOPT_MAXAGE_CONN time comparison
- Rebased patch curl-use_OPENSSL_config.patch
- Disable new added failing test1165
- Update to 7.65.1
  * Bugfixes:
  - CURLOPT_LOW_SPEED_* repaired
  - NTLM: reset proxy "/multipass"/ state when CONNECT request is done
  - PolarSSL: deprecate support step 1. Removed from configure
  - cmake: check for if_nametoindex()
  - cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
  - conncache: Remove the DEBUGASSERT on length check
  - conncache: make "/bundles"/ per host name when doing proxy tunnels
  - curl_share_setopt.3: improve wording
  - dump-header.d: spell out that no headers == empty file
  - example/http2-download: fix format specifier
  - examples: cleanups and compiler warning fixes
  - http2: Stop drain from being permanently set
  - http: don't parse body-related headers in bodyless responses
  - md4: build correctly with openssl without MD4
  - md4: include the mbedtls config.h to get the MD4 info
  - multi: track users of a socket better
  - nss: allow to specify TLS 1.3 ciphers if supported by NSS
  - parse_proxy: make sure portptr is initialized
  - parse_proxy: use the IPv6 zone id if given
  - sectransp: handle errSSLPeerAuthCompleted from SSLRead()
  - singlesocket: use separate variable for inner loop
  - ssl: Update outdated "/openssl-only"/ comments for supported backends
  - tests: add HAProxy keywords
  - tests: make test 1420 and 1406 work with rtsp-disabled libcurl
  - tls13-docs: mention it is only for OpenSSL >= 1.1.1
  - tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
  - url: fix bad feature-disable #ifdef
  - url: use correct port in ConnectionExists()
- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436]
  * Changes:
  - CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
  - pipelining: removed
  * Bugfixes:
  - CVE-2019-5435: Integer overflows in curl_url_set
  - CVE-2019-5436: tftp: use the current blksize for recvfrom()
  - --config: clarify that initial : and = might need quoting
  - CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
  - CURLOPT_ADDRESS_SCOPE: fix range check and more
  - CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
  - CURL_MAX_INPUT_LENGTH: largest acceptable string input size
  - Curl_disconnect: treat all CONNECT_ONLY connections as "/dead"/
  - OS400/ccsidcurl: replace use of Curl_vsetopt
  - OpenSSL: Report -fips in version if OpenSSL is built with FIPS
  - WRITEFUNCTION: add missing set_in_callback around callback
  - altsvc: Fix building with cookies disabled
  - auth: Rename the various authentication clean up functions
  - base64: build conditionally if there are users
  - cmake: avoid linking executable for some tests with cmake 3.6+
  - cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
  - cmake: set SSL_BACKENDS
  - configure: avoid unportable '==' test(1) operator
  - configure: error out if OpenSSL wasn't detected when asked for
  - configure: fix default location for fish completions
  - cookie: Guard against possible NULL ptr deref
  - curl: make code work with protocol-disabled libcurl
  - curl: report error for "/--no-"/ on non-boolean options
  - curlver.h: use parenthesis in CURL_VERSION_BITS macro
  - docs/INSTALL: fix broken link
  - doh: acknowledge CURL_DISABLE_DOH
  - doh: disable DOH for the cases it doesn't work
  - examples: remove unused variables
  - ftplistparser: fix LGTM alert "/Empty block without comment"/
  - hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
  - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
  - http: acknowledge CURL_DISABLE_HTTP_AUTH
  - http: mark bundle as not for multiuse on < HTTP/2 response
  - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
  - http_negotiate: do not treat failure of gss_init_sec_context() as fatal
  - http_ntlm: Corrected the name of the include guard
  - http_ntlm_wb: Handle auth for only a single request
  - http_ntlm_wb: Return the correct error on receiving an empty auth message
  - lib509: add missing include for strdup
  - lib557: initialize variables
  - mbedtls: enable use of EC keys
  - mime: acknowledge CURL_DISABLE_MIME
  - multi: improved HTTP_1_1_REQUIRED handling
  - netrc: acknowledge CURL_DISABLE_NETRC
  - nss: allow fifos and character devices for certificates
  - nss: provide more specific error messages on failed init
  - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
  - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
  - openssl: mark connection for close on TLS close_notify
  - openvms: Remove pre-processor for SecureTransport
  - parse_proxy: use the URL parser API
  - parsedate: disabled on CURL_DISABLE_PARSEDATE
  - pingpong: disable more when no pingpong protocols are enabled
  - polarssl_threadlock: remove conditionally unused code
  - progress: acknowledge CURL_DISABLE_PROGRESS_METER
  - proxy: acknowledge DISABLE_PROXY more
  - resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
  - revert "/multi: support verbose conncache closure handle"/
  - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
  - sasl: only enable if there's a protocol enabled using it
  - singleipconnect: show port in the verbose "/Trying ..."/ message
  - socks5: user name and passwords must be shorter than 256
  - socks: fix error message
  - socksd: new SOCKS 4+5 server for tests
  - spnego_gssapi: fix return code on gss_init_sec_context() failure
  - ssh-libssh: remove unused variable
  - ssh: define USE_SSH if SSH is enabled (any backend)
  - ssh: move variable declaration to where it's used
  - test1002: correct the name
  - test2100: Fix typos in test description
  - tests: Run global cleanup at end of tests
  - tests: make Impacket (SMB server) Python 3 compatible
  - tool_cb_wrt: fix bad-function-cast warning
  - tool_formparse: remove redundant assignment
  - tool_help: Warn if curl and libcurl versions do not match
  - tool_help: include for strcasecmp
  - url: always clone the CUROPT_CURLU handle
  - url: convert the zone id from a IPv6 URL to correct scope id
  - urlapi: add CURLUPART_ZONEID to set and get
  - urlapi: increase supported scheme length to 40 bytes
  - urlapi: require a non-zero host name length when parsing URL
  - urlapi: stricter CURLUPART_PORT parsing
  - urlapi: strip off zone id from numerical IPv6 addresses
  - urlapi: urlencode characters above 0x7f correctly
  - vauth/cleartext: update the PLAIN login to match RFC 4616
  - vauth/oauth2: Fix OAUTHBEARER token generation
  - vauth: Fix incorrect function description for Curl_auth_user_contains_domain
  - vtls: fix potential ssl_buffer stack overflow
  - wildcard: disable from build when FTP isn't present
  - xattr: skip unittest on unsupported platforms
- Security fix [bsc#1135170, CVE-2019-5436]
  * A heap buffer overflow exists in tftp_receive_packet that
    receives data from a TFTP server
  * Added curl-CVE-2019-5436.patch
- Install completions file from curl rather than from the fish package
- update to version 7.64.1
  * Changes:
  - alt-svc: experiemental support added
  - configure: add --with-amissl
  * Bugfixes:
  - AppVeyor: switch VS 2015 builds to VS 2017 image
  - CURLU: fix NULL dereference when used over proxy
  - Curl_easy: remove req.maxfd - never used!
  - Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
  - DoH: inherit some SSL options from user's easy handle
  - Secure Transport: no more "/darwinssl"/
  - Secure Transport: tvOS 11 is required for ALPN support
  - cirrus: Added FreeBSD builds using Cirrus CI
  - cleanup: make local functions static
  - cli tool: do not use mime.h private structures
  - cmdline-opts/proxytunnel.d: the option tunnnels all protocols
  - configure: add additional libraries to check for LDAP support
  - configure: remove the unused fdopen macro
  - configure: show features as well in the final summary
  - conncache: use conn->data to know if a transfer owns it
  - connection: never reuse CONNECT_ONLY connections
  - connection_check: restore original conn->data after the check
  - connection_check: set ->data to the transfer doing the check
  - cookie: Add support for cookie prefixes
  - cookies: dotless names can set cookies again
  - cookies: fix NULL dereference if flushing cookies with no CookieInfo set
  - curl.1: --user and --proxy-user are hidden from ps output
  - curl.1: mark the argument to --cookie as
  - curl.h: use __has_declspec_attribute for shared builds
  - curl: display --version features sorted alphabetically
  - curl: fix FreeBSD compiler warning in the --xattr code
  - curl: remove MANUAL from -M output
  - curl_easy_duphandle.3: clarify that a duped handle has no shares
  - curl_multi_remove_handle.3: use at any time, just not from within callbacks
  - curl_url.3: this API is not experimental anymore
  - dns: release sharelock as soon as possible
  - docs: update max-redirs.d phrasing
  - examples/10-at-a-time.c: improve readability and simplify
  - examples/cacertinmem.c: use multiple certificates for loading CA-chain
  - examples/crawler: Fix the Accept-Encoding setting
  - examples/ephiperfifo.c: various fixes
  - examples/externalsocket: add missing close socket calls
  - examples/http2-download: cleaned up
  - examples/http2-serverpush: add some sensible error checks
  - examples/http2-upload: cleaned up
  - examples/httpcustomheader: Value stored to 'res' is never read
  - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
  - examples/sftpuploadresume: Value stored to 'result' is never read
  - examples: only include
  - examples: remove recursive calls to curl_multi_socket_action
  - examples: remove superfluous null-pointer checks
  - file: fix "/Checking if unsigned variable 'readcount' is less than zero."/
  - fnmatch: disable if FTP is disabled
  - gnutls: remove call to deprecated gnutls_compression_get_name
  - gopher: remove check for path == NULL
  - gssapi: fix deprecated header warnings
  - hostip: make create_hostcache_id avoid alloc + free
  - http2: multi_connchanged() moved from multi.c, only used for h2
  - http2: verify :athority in push promise requests
  - http: make adding a blank header thread-safe
  - http: send payload when (proxy) authentication is done
  - http: set state.infilesize when sending multipart formposts
  - makefile: make checksrc and hugefile commands "/silent"/
  - mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
  - mbedtls: release sessionid resources on error
  - memdebug: log pointer before freeing its data
  - memdebug: make debug-specific functions use curl_dbg_ prefix
  - mime: put the boundary buffer into the curl_mime struct
  - multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
  - multi: remove verbose "/Expire in"/ ... messages
  - multi: removed unused code for request retries
  - multi: support verbose conncache closure handle
  - negotiate: fix for HTTP POST with Negotiate
  - openssl: add support for TLS ASYNC state
  - openssl: if cert type is ENG and no key specified, key is ENG too
  - pretransfer: don't strlen() POSTFIELDS set for GET requests
  - rand: Fix a mismatch between comments in source and header
  - runtests: detect "/schannel"/ as an alias for "/winssl"/
  - schannel: be quiet - remove verbose output
  - schannel: close TLS before removing conn from cache
  - schannel: support CALG_ECDH_EPHEM algorithm
  - scripts/ also generate fish completion file
  - singlesocket: fix the 'sincebefore' placement
  - source: fix two 'nread' may be used uninitialized warnings
  - ssh: fix Condition '!status' is always true
  - ssh: loop the state machine if not done and not blocking
  - strerror: make the strerror function use local buffers
  - test578: make it read data from the correct test
  - tests: Fixed XML validation errors in some test files
  - tests: add stderr comparison to the test suite
  - tests: fix multiple may be used uninitialized warnings
  - threaded-resolver: shutdown the resolver thread without error message
  - tool_cb_wrt: fix writing to Windows null device NUL
  - tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
  - tool_operate: build on AmigaOS
  - tool_operate: fix typecheck warning
  - transfer.c: do not compute length of undefined hex buffer
  - travis: add build using gnutls
  - travis: add scan-build
  - travis: bump the used wolfSSL version to 4.0.0
  - travis: enable valgrind for the iconv tests
  - travis: use updated compiler versions: clang 7 and gcc 8
  - unit1307: require FTP support
  - unit1651: survive curl_easy_init() fails
  - url/idnconvert: remove scan for <= 32 ascii values
  - url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
  - urlapi: reduce variable scope, remove unreachable 'break'
  - urldata: convert bools to bitfields and move to end
  - urldata: simplify bytecounters
  - urlglob: Argument with 'nonnull' attribute passed null
  - version.c: silent scan-build even when librtmp is not enabled
  - vtls: rename some of the SSL functions
  - wolfssl: stop custom-adding curves
  - x509asn1: "/Dereference of null pointer"/
  - x509asn1: cleanup and unify code layout
  - escape ':' character
  - update regex to better match curl -h output
- Dropped patches fixed upstream:
  * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
  * 0002-connection_check-restore-original-conn-data-after-th.patch
  * curl-singlesocket-sincebefore-placement.patch
- Fix variable placement that wasn't properly reset within a loop
  missing to notify sockets. [bsc#1129083, bsc#1129470]
  * Added curl-singlesocket-sincebefore-placement.patch
- Add patches to fix use-after-free (boo#1127849):
  * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
  * 0002-connection_check-restore-original-conn-data-after-th.patch
- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles
  due to cmake pulling libcurl4
- update to version 7.64.0
  [bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
  [bcs#1123378, CVE-2019-3823]
  * Changes:
  - cookies: leave secure cookies alone
  - hostip: support wildcard hosts
  - http: Implement trailing headers for chunked transfers
  - http: added options for allowing HTTP/0.9 responses
  - timeval: Use high resolution timestamps on Windows
  * Bugfixes:
  - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
  - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
  - CVE-2019-3823: SMTP end-of-response out-of-bounds read
  - FAQ: remove mention of sourceforge for github
  - OS400: handle memory error in list conversion
  - OS400: upgrade ILE/RPG binding.
  - README: add codacy code quality badge
  - Revert http_negotiate: do not close connection
  - THANKS: added several missing names from year <= 2000
  - build: make 'tidy' target work for metalink builds
  - cmake: added checks for variadic macros
  - cmake: updated check for HAVE_POLL_FINE to match autotools
  - cmake: use lowercase for function name like the rest of the code
  - configure: detect xlclang separately from clang
  - configure: fix recv/send/select detection on Android
  - configure: rewrite --enable-code-coverage
  - conncache_unlock: avoid indirection by changing input argument type
  - cookie: fix comment typo
  - cookies: allow secure override when done over HTTPS
  - cookies: extend domain checks to non psl builds
  - cookies: skip custom cookies when redirecting cross-site
  - curl --xattr: strip credentials from any URL that is stored
  - curl -J: refuse to append to the destination file
  - curl/urlapi.h: include "/curl.h"/ first
  - curl_multi_remove_handle() don't block terminating c-ares requests
  - darwinssl: accept setting max-tls with default min-tls
  - disconnect: separate connections and easy handles better
  - disconnect: set conn->data for protocol disconnect
  - docs/version.d: mention MultiSSL
  - docs: fix the --tls-max description
  - docs: use $(INSTALL_DATA) to install man page
  - docs: use meaningless port number in CURLOPT_LOCALPORT example
  - gopher: always include the entire gopher-path in request
  - http2: clear pause stream id if it gets closed
  - if2ip: remove unused function Curl_if_is_interface_name
  - libssh: do not let libssh create socket
  - libssh: free sftp_canonicalize_path() data correctly
  - libtest/stub_gssapi: use "/real"/ snprintf
  - mbedtls: use VERIFYHOST
  - multi: multiplexing improvements
  - multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
  - ntlm: fix NTMLv2 compliance
  - ntlm_sspi: add support for channel binding
  - openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
  - openssl: fix the SSL_get_tlsext_status_ocsp_resp call
  - openvms: fix OpenSSL discovery on VAX
  - openvms: fix typos in documentation
  - os400: add a missing closing bracket
  - os400: fix extra parameter syntax error
  - pingpong: change default response timeout to 120 seconds
  - pingpong: ignore regular timeout in disconnect phase
  - printf: fix format specifiers
  - Fix perl call to include srcdir
  - schannel: fix compiler warning
  - schannel: preserve original certificate path parameter
  - schannel: stop calling it "/winssl"/
  - sigpipe: if mbedTLS is used, ignore SIGPIPE
  - smb: fix incorrect path in request if connection reused
  - ssh: log the libssh2 error message when ssh session startup fails
  - test1558: verify CURLINFO_PROTOCOL on file:// transfer
  - test1561: improve test name
  - test1653: make it survive torture tests
  - tests: allow tests to pass by 2037-02-12
  - tests: move objnames-* from lib into tests
  - timediff: fix math for unsigned time_t
  - timeval: Disable MSVC Analyzer GetTickCount warning
  - tool_cb_prg: avoid integer overflow
  - travis: added cmake build for osx
  - urlapi: Fix port parsing of eol colon
  - urlapi: distinguish possibly empty query
  - urlapi: fix parsing ipv6 with zone index
  - urldata: rename easy_conn to just conn
  - winbuild: conditionally use /DZLIB_WINAPI
  - wolfssl: fix memory-leak in threaded use
  - spnego_sspi: add support for channel binding
- Security fix [bsc#1123378, CVE-2019-3823]
  * SMTP end-of-response out-of-bounds read
  * Added patch curl-CVE-2019-3823.patch
- Security fix [bsc#1123377, CVE-2019-3822]
  * NTLMv2 type-3 header stack buffer overflow
  * Added patch curl-CVE-2019-3822.patch
- Fix wrong summary, curl is at version 7, not 4.
- Security fix [bsc#1123371, CVE-2018-16890]
  * NTLM type-2 out-of-bounds buffer read
  * Added patch curl-CVE-2018-16890.patch
- Provide libcurl4 = %version in the mini library package
- Update to version 7.63.0
  * curl: add %{stderr} and %{stdout} for --write-out
  * curl: add undocumented option --dump-module-paths for w32
  * setopt: add CURLOPT_CURLU
  * (lib)curl.rc: fixup for minor bugs
  * CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
  * CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis/desc
  * CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
  * Curl_follow: accept non-supported schemes for "/fake"/ redirects
  * KNOWN_BUGS: add --proxy-any connection issue
  * NTLM: Remove redundant ifdef USE_OPENSS
  * NTLM: force the connection to HTTP/1.1
  * OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
  * SECURITY-PROCESS: bountygraph shuts down again
  * TODO: Have the URL API offer IDN decoding
  * ares: remove fd from multi fd set when ares is about to close the fd
  * axtls: removed
  * checksrc: add COPYRIGHTYEAR check
  * cmake: fix MIT/Heimdal Kerberos detection
  * configure: include all libraries in ssl-libs fetch
  * configure: show CFLAGS, LDFLAGS etc in summary
  * connect: fix building for recent versions of Minix
  * cookies: create the cookiejar even if no cookies to save
  * cookies: expire "/Max-Age=0"/ immediately
  * curl: --local-port range was not "/including"/
  * curl: fix --local-port integer overflow
  * curl: fix memory leak reading --writeout from file
  * curl: fixed UTF-8 in current console code page (Win)
  * curl_easy_perform: fix timeout handling
  * curl_global_sslset(): id == -1 is not necessarily an error
  * curl_multibyte: fix a malloc overcalculation
  * curle: move deprecated error code to ifndef block
  * docs: curl_formadd field and file names are now escaped
  * docs: escape "/n"/ codes
  * doh: fix memory leak in OOM situation
  * doh: make it work for h2-disabled builds too
  * examples/ephiperfifo: report error when epoll_ctl fails
  * ftp: avoid unsigned int overflows in FTP listing parser
  * host names: allow trailing dot in name resolve, then strip it
  * http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
  * http: don't set CURLINFO_CONDIITON_UNMET for http status code 204
  * http: fix HTTP DIgest auth to include query in URI
  * http_negotiate: do not close connection until negotiation is completed
  * impacket: add LICENSE
  * infof: clearly indicate truncation
  * ldap: fix LDAP URL parsing regressions
  * libcurl: stop reading from paused transfers
  * mprintf: avoid unsigned integer overflow warning
  * netrc: don't ignore the login name specified with "/--user"/
  * nss: Fall back to latest supported SSL version
  * nss: Fix compatibility with nss versions 3.14 to 3.15
  * nss: fix fallthrough comment to fix picky compiler warning
  * nss: remove version selecting dead code
  * nss: set default max-tls to 1.3/1.2
  * openssl: Remove SSLEAY leftovers
  * openssl: do not log excess "/TLS app data"/ lines for TLS 1.3
  * openssl: do not use file BIOs if not requested
  * openssl: fix unused variable compiler warning with old openssl
  * openssl: support session resume with TLS 1.3
  * openvms: fix example name
  * os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
  * os400: add CURLOPT_CURLU to ILE/RPG binding
  * os400: fix return type of curl_easy_pause() in ILE/RPG binding
  * packages: remove old leftover files and dirs
  * pop3: only do APOP with a valid timestamp
  * runtests: use the local curl for verifying
  * schannel: be consistent in Schannel capitalization
  * schannel: better CURLOPT_CERTINFO support
  * schannel: use Curl_prefix for global private symbols
  * snprintf: renamed and now we only use msnprintf()
  * ssl: fix compilation with OpenSSL 0.9.7
  * ssl: replace all internal uses of CURLE_SSL_CACERT
  * symbols-in-versions: add missing CURLU_symbols
  * test328: verify Content-Encoding: none
  * tests: disable SO_EXCLUSIVEADDRUSE for stunnel/Win
  * tests: drop script no longer used
  * tests: drop script no longer used
  * tool_cb_wrt: Silence function cast compiler warning
  * tool_doswin: Fix uninitialized field warning
  * travis: build with clang sanitizers
  * travis: remove curl before a normal build
  * url: a short host name + port is not a scheme
  * url: fix IPv6 numeral address parser
  * urlapi: only skip encoding the first '=' with APPENDQUERY set
- refreshed curl-disabled-redirect-protocol-message.patch
- Update to version 7.62.0
  * multiplex: enable by default
  * url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
  * setopt: add CURLOPT_DOH_URL
  * curl: --doh-url added
  * setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
  * imap: change from "/FETCH"/ to "/UID FETCH"/
  * configure: add option to disable automatic OpenSSL config loading
  * upkeep: add a connection upkeep API: curl_easy_upkeep()
  * URL-API: added five new functions
  * vtls: MesaLink is a new TLS backend
  * CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
  * CVE-2018-16840: use-after-free in handle close [bsc#1113029]
  * CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
  * Curl_dedotdotify(): always nul terminate returned string
  * Curl_follow: Always free the passed new URL
  * Curl_http2_done: fix memleak in error path
  * Curl_retry_request: fix memory leak
  * Curl_saferealloc: Fixed typo in docblock
  * GnutTLS: TLS 1.3 support
  * SECURITY-PROCESS: mention the bountygraph program
  * VS projects: add USE_IPV6:
  * certs: generate tests certs with sha256 digest algorithm
  * checksrc: enable strict mode and warnings
  * checksrc: handle zero scoped ignore commands
  * cmake: Backport to work with CMake 3.0 again
  * cmake: Improve config installation
  * cmake: add support for transitive ZLIB target
  * cmake: disable -Wpedantic-ms-format
  * cmake: don't require OpenSSL if USE_OPENSSL=OFF
  * cmake: fixed path used in generation of docs/tests
  * cmake: remove unused *SOCKLEN_T variables
  * cmake: suppress MSVC warning C4127 for libtest
  * cmake: test and set missed defines during configuration
  * config: Remove unused SIZEOF_VOIDP
  * configure: force-use -lpthreads on HPUX
  * configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
  * cookies: Remove redundant expired check
  * cookies: fix leak when writing cookies to file
  * remove dependency on bc
  * curl.1: --ipv6 mutexes ipv4 (fixed typo)
  * curl: update the documentation of --tlsv1.0
  * curl_multi_wait: call getsock before figuring out timeout
  * curl_ntlm_wb: check aprintf() return codes
  * data-binary.d: clarify default content-type is x-www-form-urlencoded
  * docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
  * docs/CIPHERS: fix the TLS 1.3 cipher names
  * docs/CIPHERS: mention the colon separation for OpenSSL
  * docs/examples: URL updates
  * docs: add "/see also"/ links for SSL options
  * example/asiohiper: insert warning comment about its status
  * example/htmltidy: fix include paths of tidy libraries
  * examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
  * examples/parseurl.c: show off the URL API
  * examples: Fix memory leaks from realloc errors
  * examples: do not wait when no transfers are running
  * ftp: include command in Curl_ftpsend sendbuffer
  * gskit: make sure to terminate version string
  * gtls: Values stored to but never read
  * hostip: fix check on Curl_shuffle_addr return value
  * http2: fix memory leaks on error-path
  * http: fix memleak in rewind error path
  * krb5: fix memory leak in krb_auth
  * memory: add missing curl_printf header
  * memory: ensure to check allocation results
  * multi: Fix error handling in the SENDPROTOCONNECT state
  * multi: fix memory leak in content encoding related error path
  * multi: make the closure handle "/inherit"/ CURLOPT_NOSIGNAL
  * netrc: free temporary strings if memory allocation fails
  * nss: try to connect even if fails to load
  * ntlm_wb: Fix memory leaks in ntlm_wb_response
  * ntlm_wb: bail out if the response gets overly large
  * openssl: assume engine support in 0.9.8 or later
  * openssl: enable TLS 1.3 post-handshake auth
  * openssl: fix gcc8 warning
  * openssl: load built-in engines too
  * openssl: make 'done' a proper boolean
  * openssl: output the correct cipher list on TLS 1.3 error
  * openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
  * openssl: show "/proper"/ version number for libressl builds
  * pipelining: deprecated
  * rand: add comment to skip a clang-tidy false positive
  * rtmp: fix for compiling with lwIP
  * runtests: ignore disabled even when ranges are given
  * schannel: unified error code handling
  * sendf: Fix whitespace in infof/failf concatenation
  * ssh: free the session on init failures
  * ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
  * system.h: use proper setting with Sun C++ as well
  * test1299: use single quotes around asterisk
  * test1452: mark as flaky
  * test1651: unit test Curl_extract_certinfo()
  * test320: strip out more HTML when comparing
  * tests/ fix Python2-ism in neg TELNET server
  * tests: add unit tests for url.c
  * tool_cb_hdr: handle failure of rename()
  * travis: add a "/make tidy"/ build that runs clang-tidy
  * travis: add build for "/configure --disable-verbose"/
  * travis: bump the Secure Transport build to use xcode
  * travis: make distcheck scan for BOM markers
  * unit1300: fix stack-use-after-scope AddressSanitizer warning
  * urldata: Fix "/connecting"/ comment
  * urlglob: improve error message on bad globs
  * vtls: fix ssl version "/or later"/ behavior change for many backends
  * x509asn1: Fix SAN IP address verification
  * x509asn1: always check return code from getASN1Element()
  * x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
  * x509asn1: suppress left shift on signed value
- Rebased patches after update:
  * curl-disabled-redirect-protocol-message.patch
  * curl-use_OPENSSL_config.patch
- Security fix [bsc#1113660, CVE-2018-16842]
  * Fixed Out-of-bounds Read in tool_msgs.c
  * Added curl-CVE-2018-16842.patch
- Security fix [bsc#1113029, CVE-2018-16840]
  * use-after-free in handle close
  * Added curl-CVE-2018-16840.patch
- Security fix [bsc#1112758, CVE-2018-16839]
  * SASL password overflow via integer overflow
  * Added curl-CVE-2018-16839.patch
- Security fix [CVE-2018-14618, bsc#1106019]
  * NTLM password overflow via integer overflow
  * Added patch curl-CVE-2018-14618.patch
- Update to version 7.61.1
  * CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
  * CURLINFO_SIZE_UPLOAD: fix missing counter update
  * CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
  * CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
  * Curl_getoff_all_pipelines: improved for multiplexed
  * DEPRECATE: remove release date from 7.62.0
  * HTTP: Don't attempt to needlessly decompress redirect body
  * INTERNALS: require GnuTLS >= 2.11.3
  * add code quality grade for C/C++
  * SSLCERTS: improve the openssl command line
  * Silence GCC 8 cast-function-type warnings
  * ares: check for NULL in completed-callback
  * asyn-thread: Remove unused macro
  * auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
  * auth: pick Bearer authentication whenever a token is available
  * cmake: CMake config files are defining CURL_STATICLIB for static builds
  * cmake: Respect BUILD_SHARED_LIBS
  * cmake: Update scripts to use consistent style
  * cmake: bumped minimum version to 3.4
  * cmake: link curl to the OpenSSL targets instead of lib absolute paths
  * configure: conditionally enable pedantic-errors
  * configure: fix for -lpthread detection with OpenSSL and pkg-config
  * conn: remove the boolean 'inuse' field
  * content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
  * cookie tests: treat files as text
  * cookies: support creation-time attribute for cookies
  * curl: Fix segfault when -H @headerfile is empty
  * curl: add http code 408 to transient list for --retry
  * curl: fix time-of-check, time-of-use race in dir creation
  * curl: use Content-Disposition before the "/URL end"/ for -OJ
  * curl: warn the user if a given file name looks like an option
  * curl_threads: silence bad-function-cast warning
  * darwinssl: add support for ALPN negotiation
  * docs/CURLOPT_URL: fix indentation
  * docs/CURLOPT_WRITEFUNCTION: size is always 1
  * docs/SECURITY-PROCESS: mention bounty, drop pre-notify
  * docs/examples: add hiperfifo example using linux epoll/timerfd
  * docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
  * docs: clarify NO_PROXY env variable functionality
  * docs: improved the manual pages of some callbacks
  * docs: mention NULL is fine input to several functions
  * formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
  * gopher: Do not translate `?' to `%09'
  * header output: switch off all styles, not just unbold
  * hostip: fix unused variable warning
  * http2: Use correct format identifier for stream_id
  * http2: abort the send_callback if not setup yet
  * http2: avoid set_stream_user_data() before stream is assigned
  * http2: check nghttp2_session_set_stream_user_data return code
  * http2: clear the drain counter in Curl_http2_done
  * http2: make sure to send after RST_STREAM
  * http2: separate easy handle from connections better
  * http: fix for tiny "/HTTP/0.9"/ response
  * http_proxy: Remove unused macro SELECT_TIMEOUT
  * lib/Makefile: only do symbol hiding if told to
  * lib1502: fix memory leak in torture test
  * lib1522: fix curl_easy_setopt argument type
  * libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
  * mime: check Curl_rand_hex's return code
  * multi: always do the COMPLETED procedure/state
  * openssl: assume engine support in 1.0.0 or later
  * openssl: fix debug messages
  * projects: Improve Windows perl detection in batch scripts
  * retry: return error if rewind was necessary but didn't happen
  * reuse_conn(): memory leak - free old_conn->options
  * schannel: client certificate store opening fix
  * schannel: enable CALG_TLS1PRF for w32api >= 5.1
  * schannel: fix MinGW compile break
  * sftp: don't send post-qoute sequence when retrying a connection
  * smb: fix memory leak on early failure
  * smb: fix memory-leak in URL parse error path
  * smb_getsock: always wait for write socket too
  * ssh-libssh: fix infinite connect loop on invalid private key
  * ssh-libssh: reduce excessive verbose output about pubkey auth
  * ssh-libssh: use FALLTHROUGH to silence gcc8
  * ssl: set engine implicitly when a PKCS#11 URI is provided
  * sws: handle EINTR when calling select()
  * system_win32: fix version checking
  * telnet: Remove unused macros TELOPTS and TELCMDS
  * test1143: disable MSYS2's POSIX path conversion
  * test1148: disable if decimal separator is not point
  * test1307: (fnmatch testing) disabled
  * test1422: add required file feature
  * test1531: Add timeout
  * test1540: Remove unused macro TEST_HANG_TIMEOUT
  * test214: disable MSYS2's POSIX path conversion for URL
  * test320: treat curl320.out file as binary
  * tests/ Use /usr/bin/env to find python
  * tests: Don't use Windows path %PWD for SSH tests
  * tests: fixes for Windows line endlings
  * tool_operate: Fix setting proxy TLS 1.3 ciphers
  * travis: build darwinssl on macos 10.12 to fix linker errors
  * travis: execute "/set -eo pipefail"/ for coverage build
  * travis: run a 'make checksrc' too
  * travis: update to GCC-8
  * travis: verify that man pages can be regenerated
  * upload: allocate upload buffer on-demand
  * upload: change default UPLOAD_BUFSIZE to 64KB
  * urldata: remove unused pipe_broke struct field
  * vtls: reinstantiate engine on duplicated handles
  * windows: implement send buffer tuning
  * wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
- Remove patch included upstream:
  * curl-switch-off-all-styles.patch
- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences,
  which might mess up the terminal (bsc#1105624)
- security update
  * CVE-2018-0500 [bsc#1099793]
    + curl-CVE-2018-0500.patch
- Update to version 7.61.0
  [bsc#1099793, CVE-2018-0500]
  * getinfo: add microsecond precise timers for seven intervals
  * curl: show headers in bold, switch off with --no-styled-output
  * httpauth: add support for Bearer tokens
  * curl: --tls13-ciphers and --proxy-tls13-ciphers
  * curl: --disallow-username-in-url
  * CVE-2018-0500: smtp: fix SMTP send buffer overflow
  * schannel: disable client cert option if APIs not available
  * schannel: disable manual verify if APIs not available
  * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
  * openssl: acknowledge --tls-max for default version too
  * stub_gssapi: fix 'unused parameter' warnings
  * examples/progressfunc: make it build on both new and old libcurls
  * docs: mention it is HA Proxy protocol "/version 1"/
  * curl_fnmatch: only allow two asterisks for matching
  * docs: clarify CURLOPT_HTTPGET
  * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
  * configure: do compile-time SIZEOF checks instead of run-time
  * checksrc: make sure sizeof() is used *with* parentheses
  * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
  * schannel: make CAinfo parsing resilient to CR/LF
  * tftp: make sure error is zero terminated before printfing it
  * http resume: skip body if http code 416 (range error) is ignored
  * configure: add basic test of --with-ssl prefix
  * cmake: set -d postfix for debug builds
  * multi: provide a socket to wait for in Curl_protocol_getsock
  * content_encoding: handle zlib versions too old for Z_BLOCK
  * winbuild: only delete OUTFILE if it exists
  * winbuild: In fix typo DISTDIR->DIRDIST
  * schannel: add failf calls for client certificate failures
  * cmake: Fix the test for fsetxattr and strerror_r
  * curl.1: Fix cmdline-opts reference errors
  * cmdline-opts/ warn if mutexes: or see-also: list non-existing options
  * cmake: check for getpwuid_r
  * configure: fix ssh2 linking when built with a static mbedtls
  * psl: use latest psl and refresh it periodically
  * fnmatch: insist on escaped bracket to match
  * KNOWN_BUGS: restore text regarding #2101
  * INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
  * configure: override AR_FLAGS to silence warning
  * os400: implement mime api EBCDIC wrappers
  * curl.rc: embed manifest for correct Windows version detection
  * strictness: correct {infof, failf} format specifiers
  * tests: update .gitignore for libtests
  * configure: check for declaration of getpwuid_r
  * fnmatch: use the system one if available
  * CURLOPT_RESOLVE: always purge old entry first
  * multi: remove a potentially bad DEBUGF()
  * curl_addrinfo: use same #ifdef conditions in source as header
  * build: remove the Borland specific makefiles
  * axTLS: not considered fit for use
  * cmdline-opts/cert-type.d: mention "/p12"/ as a recognized type
  * system.h: add support for IBM xlc C compiler
  * tests/libtest: Add lib1521 to nodist_SOURCES
  * leave certificate name untouched
  * boringssl + schannel: undef X509_NAME in lib/schannel.h
  * openssl: assume engine support in 1.0.1 or later
  * cppcheck: fix warnings
  * test 46: make test pass after year 2025
  * schannel: support selecting ciphers
  * Curl_debug: remove dead printhost code
  * test 1455: unflakified
  * Curl_init_do: handle NULL connection pointer passed in
  * progress: remove a set of unused defines
  * make -u delete certdata.txt if found not changed
  * explains how this project is run
  * configure: use pkg-config for c-ares detection
  * configure: enhance ability to build with static openssl
  * maketgz: fix sed issues on OSX
  * multi: fix memory leak when stopped during name resolve
  * CURLOPT_INTERFACE.3: interface names not supported on Windows
  * url: fix dangling conn->data pointer
  * cmake: allow multiple SSL backends
  * system.h: fix for gcc on 32 bit OpenServer
  * ConnectionExists: make sure conn->data is set when "/taking"/ a connection
  * multi: fix crash due to dangling entry in connect-pending list
  * CURLOPT_SSL_VERIFYPEER.3: Add performance note
  * netrc: use a larger buffer to support longer passwords
  * url: check Curl_conncache_add_conn return code
  * configure: Add dependent libraries after crypto
  * easy_perform: faster local name resolves by using *multi_timeout()
  * getnameinfo: not used, removed all configure checks
  * travis: add a build using the synchronous name resolver
  * CURLINFO_TLS_SSL_PTR.3: improve the example
  * openssl: allow TLS 1.3 by default
  * openssl: make the requested TLS version the *minimum* wanted
  * openssl: Remove some dead code
  * telnet: fix clang warnings
  * DEPRECATE: new doc describing planned item removals
  * example/crawler.c: simple crawler based on libxml2
  * libssh: goto DISCONNECT state on error, not SESSION_FREE
  * CMake: Remove unused functions
  * darwinssl: allow High Sierra users to build the code using GCC
  * scripts: include _curl as part of CLEANFILES
  * examples: fix -Wformat warnings
  * curl_setup: include <winerror.h> before <windows.h>
  * schannel: make more cipher options conditional
  * CMake: remove redundant and old end-of-block syntax
  * post303.d: clarify that this is an RFC violation
- refreshed libcurl-ocloexec.patch
- Use OPENSSL_config instead of CONF_modules_load_file() to avoid
  crashes due to openssl engines conflicts (bsc#1086367)
  * add curl-use_OPENSSL_config.patch
- Update to version 7.60.0
  [bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301]
  * Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
  * Add --haproxy-protocol for the command line tool
  * Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
  * FTP: shutdown response buffer overflow CVE-2018-1000300
  * RTSP: bad headers buffer over-read CVE-2018-1000301
  * FTP: fix typo in recursive callback detection for seeking
  * test1208: marked flaky
  * HTTP: make header-less responses still count correct body size
  * user-agent.d:: mention --proxy-header as well
  * http2: fixes typo
  * cleanup: misc typos in strings and comments
  * rate-limit: use three second window to better handle high speeds
  * examples/hiperfifo.c: improved
  * pause: when changing pause state, update socket state
  * multi: improved pending transfers handling => improved performance
  * curl_version_info.3: fix ssl_version description
  * add_handle/easy_perform: clear errorbuffer on start if set
  * cmake: add support for brotli
  * parsedate: support UT timezone
  * vauth/ntlm.h: fix the #ifdef header guard
  * lib/curl_path.h: added #ifdef header guard
  * vauth/cleartext: fix integer overflow check
  * CURLINFO_COOKIELIST.3: made the example not leak memory
  * cookie.d: mention that "/-"/ as filename means stdin
  * CURLINFO_SSL_VERIFYRESULT.3: fixed the example
  * http2: read pending frames (including GOAWAY) in connection-check
  * timeval: remove compilation warning by casting
  * cmake: avoid warn-as-error during config checks
  * travis-ci: enable -Werror for CMake builds
  * openldap: fix for NULL return from ldap_get_attribute_ber()
  * threaded resolver: track resolver time and set suitable timeout values
  * cmake: Add advapi32 as explicit link library for win32
  * docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
  * test1148: set a fixed locale for the test
  * cookies: when reading from a file, only remove_expired once
  * cookie: store cookies per top-level-domain-specific hash table
  * openssl: fix build with LibreSSL 2.7
  * tls: fix mbedTLS 2.7.0 build + handle sha256 failures
  * openssl: RESTORED verify locations when verifypeer==0
  * file: restore old behavior for file:////foo/bar URLs
  * FTP: allow PASV on IPv6 connections when a proxy is being used
  * build-openssl.bat: allow custom paths for VS and perl
  * winbuild: make the clean target work without build-type
  * build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
  * curl: retry on FTP 4xx, ignore other protocols
  * configure: detect (and use) sa_family_t
  * examples/sftpuploadresume: Fix Windows large file seek
  * build: cleanup to fix clang warnings/errors
  * winbuild: updated the documentation
  * lib: silence null-dereference warnings
  * travis: bump to clang 6 and gcc 7
  * travis: build libpsl and make builds use it
  * proxy: show getenv proxy use in verbose output
  * duphandle: make sure CURLOPT_RESOLVE is duplicated
  * all: Refactor malloc+memset to use calloc
  * checksrc: Fix typo
  * system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
  * vauth: Fix typo
  * ssh: show libSSH2 error code when closing fails
  * test1148: tolerate progress updates better
  * urldata: make service names unconditional
  * configure: keep LD_LIBRARY_PATH changes local
  * ntlm_sspi: fix authentication using Credential Manager
  * schannel: add client certificate authentication
  * winbuild: Support custom devel paths for each dependency
  * schannel: add support for CURLOPT_CAINFO
  * http2: handle on_begin_headers() called more than once
  * openssl: support OpenSSL 1.1.1 verbose-mode trace messages
  * openssl: fix subjectAltName check on non-ASCII platforms
  * http2: avoid strstr() on data not zero terminated
  * http2: clear the "/drain counter"/ when a stream is closed
  * http2: handle GOAWAY properly
  * tool_help: clarify --max-time unit of time is seconds
  * curl.1: clarify that options and URLs can be mixed
  * http2: convert an assert to run-time check
  * curl_global_sslset: always provide available backends
  * ftplistparser: keep state between invokes
  * Curl_memchr: zero length input can't match
  * examples/sftpuploadresume: typecast fseek argument to long
  * examples/http2-upload: expand buffer to avoid silly warning
  * ctype: restore character classification for non-ASCII platforms
  * mime: avoid NULL pointer dereference risk
  * cookies: ensure that we have cookies before writing jar
  * os400.c: fix checksrc warnings
  * configure: provide --with-wolfssl as an alias for --with-cyassl
  * cyassl: adapt to libraries without TLS 1.0 support built-in
  * http2: get rid of another strstr
  * checksrc: force indentation of lines after an else
  * cookies: remove unused macro
  * CURLINFO_PROTOCOL.3: mention the existing defined names
  * tests: provide 'manual' as a feature to optionally require
  * travis: enable libssh2 on both macos and Linux
  * CURLOPT_URL.3: added ENCODING section
  * wolfssl: Fix non-blocking connect
  * vtls: don't define MD5_DIGEST_LENGTH for wolfssl
  * docs: remove extraneous commas in man pages
  * URL: fix ASCII dependency in strcpy_url and strlen_url
  * ssh-libssh.c: fix left shift compiler warning
  * configure: only check for CA bundle for file-using SSL backends
  * travis: add an mbedtls build
  * http: don't set the "/rewind"/ flag when not uploading anything
  * configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
  * transfer: don't unset writesockfd on setup of multiplexed conns
  * vtls: use unified "/supports"/ bitfield member in backends
  * URLs: fix one more http url
  * travis: add a build using WolfSSL
  * openssl: change FILE ops to BIO ops
  * travis: add build using NSS
  * smb: reject negative file sizes
  * cookies: accept parameter names as cookie name
  * http2: getsock fix for uploads
  * all over: fixed format specifiers
  * http2: use the correct function pointer typedef
- Added message about protocol redirection not supported or
  disabled to the function findprotocol() [bsc#1076446]
  * Added curl-disabled-redirect-protocol-message.patch
- Update to version 7.59.0
  [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
  [bsc#1084532, CVE-2018-1000122]
  * curl: add --proxy-pinnedpubkey
  * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
  * Add new tool option --happy-eyeballs-timeout-ms
  * openldap: check ldap_get_attribute_ber() results for NULL before using
  * FTP: reject path components with control codes
  * readwrite: make sure excess reads don't go beyond buffer end
  * lib555: drop text conversion and encode data as ascii codes
  * lib517: make variable static to avoid compiler warning
  * lib544: sync ascii code data with textual data
  * GSKit: restore pinnedpubkey functionality
  * darwinssl: Don't import client certificates into Keychain on macOS
  * parsedate: fix date parsing for systems with 32 bit long
  * openssl: fix pinned public key build error in FIPS mode
  * SChannel/WinSSL: Implement public key pinning
  * cookies: remove verbose "/cookie size:"/ output
  * progress-bar: don't use stderr explicitly, use bar->out
  * build: open VC15 projects with VS 2017
  * curl_ctype: private is*() type macros and functions
  * configure: set PATH_SEPARATOR to colon for PATH w/o separator
  * curl_easy_reset: clear digest auth state
  * curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
  * range: commonize FTP and FILE range handling
  * progress-bar docs: update to match implementation
  * fnmatch: do not match the empty string with a character set
  * fnmatch: accept an alphanum to be followed by a non-alphanum in char set
  * build: fix termios issue on android cross-compile
  * getdate: return -1 for out of range
  * formdata: use the mime-content type function
  * openssl: Don't add verify locations when verifypeer==0
  * fnmatch: optimize processing of consecutive *s and ?s pattern characters
  * schannel: fix compiler warnings
  * content_encoding: Add "/none"/ alias to "/identity"/
  * get_posix_time: only check for overflows if they can happen
  * http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
  * README: language fix
  * sha256: build with OpenSSL < 0.9.8
  * smtp: fix processing of initial dot in data
  * --tlsauthtype: works only if libcurl is built with TLS-SRP support
  * tests: new tests for http raw mode
  * libcurl-security.3: man page discussion security concerns when using libcurl
  * curl_gssapi: make sure this file too uses our *printf()
  * BINDINGS: fix curb link (and remove ruby-curl-multi)
  * nss: use PK11_CreateManagedGenericObject() if available
  * travis: add build with iconv enabled
  * ssh: add two missing state names
  * CURLOPT_HEADERFUNCTION.3: mention folded headers
  * http: fix the max header length detection logic
  * header callback: don't chop headers into smaller pieces
  * CURLOPT_HEADER.3: clarify problems with different data sizes
  * curl --version: show PSL if the run-time lib has it enabled
  * examples/sftpuploadresume: resume upload via CURLOPT_APPEND
  * Return error if called recursively from within callbacks
  * sasl: prefer PLAIN mechanism over LOGIN
  * winbuild: Use CALL to run batch scripts
  * curl_share_setopt.3: connection cache is shared within multi handles
  * projects/README: remove reference to dead IDN link/package
  * lib655: silence compiler warning
  * configure: Fix version check for OpenSSL 1.1.1
  * docs/MANUAL: is not accessible on the site anymore
  * unit1307: proper cleanup on OOM to fix torture tests
  * curl_ctype: fix macro redefinition warnings
  * build: get CFLAGS (including -werror) used for examples and tests
  * NO_PROXY: fix for IPv6 numericals in the URL
  * krb5: use nondeprecated functions
  * http2: mark the connection for close on GOAWAY
  * limit-rate: kick in even before "/limit"/ data has been received
  * HTTP: allow "/header;"/ to replace an internal header with a blank one
  * http2: verbose output new MAX_CONCURRENT_STREAMS values
  * SECURITY: distros' max embargo time is 14 days
  * curl tool: accept --compressed also if Brotli is enabled and zlib is not
  * WolfSSL: adding TLSv1.3
  * add -i and -m options
  * CURLOPT_COOKIEFILE.3: "/-"/ as file name means stdin
- Refreshed patch libcurl-ocloexec.patch
- Sort a bit with spec-cleaner
- Install license with the library
- ignore all test failures for PowerPC as bypass boo#1075219
  (not only the 1501 previously skipped)
  * Added patch ignore_runtests_failure.patch
- Build curl with
  libssh offers a lot more features than libssh2, for example:
  * Key Exchange Methods:
  * Hostkey Types: ssh-ed25519
  * Authentication: gssapi-with-mic
- Update to version 7.58.0
  * new libssh-powered SSH SCP/SFTP back-end
  * curl-config: add --ssl-backends
  * http2: fix incorrect trailer buffer size
  * http: prevent custom Authorization headers in redirects
  * travis: add boringssl build
  * examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
  * SSL: Avoid magic allocation of SSL backend specific data
  * lib: don't export all symbols, just everything curl_*
  * libssh2: send the correct CURLE error code on scp file not found
  * libssh2: return CURLE_UPLOAD_FAILED on failure to upload
  * openssl: enable pkcs12 in boringssl builds
  * libssh2: remove dead code from SSH_SFTP_QUOTE
  * sasl_getmesssage: make sure we have a long enough string to pass
  * conncache: fix several lock issues
  * threaded-shared-conn.c: new example
  * conncache: only allow multiplexing within same multi handle
  * configure: check for netinet/in6.h
  * URL: tolerate backslash after drive letter for FILE:
  * openldap: add commented out debug possibilities
  * include: get netinet/in.h before linux/tcp.h
  * CONNECT: keep close connection flag in http_connect_state struct
  * BINDINGS: another PostgreSQL client
  * curl: limit -# update frequency for unknown total size
  * configure: add AX_CODE_COVERAGE only if using gcc
  * curl.h: remove incorrect comment about ERRORBUFFER
  * openssl: improve data-pending check for https proxy
  * curl: remove __EMX__ #ifdefs
  * CURLOPT_PRIVATE.3: fix grammar
  * sftp: allow quoted commands to use relative paths
  * RESOLVE: output verbose text when trying to set a duplicate name
  * multi_done: prune DNS cache
  * tests: update .gitignore for libtests
  * tests: mark data files as non-executable in git
  * CURLOPT_DNS_LOCAL_IP4.3: fixed the "/SEE ALSO"/ to not self-reference
  * curl.1: documented two missing valid exit codes
  * curl.1: mention http:// and https:// as valid proxy prefixes
  * vtls: replaced getenv() with curl_getenv()
  * setopt: less *or equal* than INT_MAX/1000 should be fine
  * examples/smtp-mail.c: use separate defines for options and mail
  * curl: support >256 bytes warning messsages
  * conncache: fix a return code
  * krb5: fix a potential access of uninitialized memory
  * rand: add a clang-analyzer work-around
  * CURLOPT_READFUNCTION.3: refer to argument with correct name
  * brotli: allow compiling with version 0.6.0
  * content_encoding: rework zlib_inflate
  * curl_easy_reset: release mime-related data
  * examples/rtsp: fix error handling macros
  * curl: Support size modifiers for --max-filesize
  * examples/cacertinmem: ignore cert-already-exists error
  * brotli: data at the end of content can be lost
  * curl_version_info.3: call the argument 'age'
  * openssl: fix memory leak of SSLKEYLOGFILE filename
  * build: remove HAVE_LIMITS_H check
  * --mail-rcpt: fix short-text description
  * scripts: allow all perl scripts to be run directly
  * progress: calculate transfer speed on milliseconds if possible
  * system.h: check __LONG_MAX__ for defining curl_off_t
  * easy: fix connection ownership in curl_easy_pause
  * setopt: reintroduce non-static Curl_vsetopt() for OS400 support
  * setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
  * append extra linker flags instead of prepending them
  * HTTP: bail out on negative Content-Length: values
  * docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
  * mime: clone mime tree upon easy handle duplication
  * openssl: enable SSLKEYLOGFILE support by default
  * smtp/pop3/imap_get_message: decrease the data length too...
  * CURLOPT_TCP_NODELAY.3: fix typo
  * SMB: fix numeric constant suffix and variable types
  * ftp-wildcard: fix matching an empty string with "/*[^a]"/
  * curl_fnmatch: only allow 5 '*' sections in a single pattern
  * openssl: fix potential memory leak in SSLKEYLOGFILE logic
  * SSH: Fix state machine for ssh-agent authentication
  * examples/url2file.c: add missing curl_global_cleanup() call
  * http2: don't close connection when single transfer is stopped
  * libcurl-env.3: first version
  * curl: progress bar refresh, get width using ioctl()
  * CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
- disable 1501 test for PowerPC as byass boo#1075219
- Update to version 7.57.0  [bsc#1069226, CVE-2017-8816]
  [bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818]
  * auth: add support for RFC7616 - HTTP Digest access authentication
  * share: add support for sharing the connection cache
  * HTTP: implement Brotli content encoding
  * CVE-2017-8816: NTLM buffer overflow via integer overflow
  * CVE-2017-8817: FTP wildcard out of bounds read
  * CVE-2017-8818: SSL out of buffer access
  * curl_mime_filedata.3: fix typos
  * libtest: Add required test libraries for lib1552 and lib1553
  * fix time diffs for systems using unsigned time_t
  * ftplistparser: memory leak fix: free temporary memory always
  * multi: allow table handle sizes to be overridden
  * wildcards: don't use with non-supported protocols
  * curl_fnmatch: return error on illegal wildcard pattern
  * transfer: Fix chunked-encoding upload too early exit
  * resolvers: only include anything if needed
  * setopt: fix CURLOPT_SSH_AUTH_TYPES option read
  * Curl_timeleft: change return type to timediff_t
  * cmake: Export libcurl and curl targets to use by other cmake projects
  * curl: in -F option arg, comma is a delimiter for files only
  * curl: improved "/;type="/ handling in -F option arguments
  * timeval: use mach_absolute_time() on MacOS
  * curlx: the timeval functions are no longer provided as curlx_*
  * do not generate comment with current date
  * memdebug: use send/recv signature for curl_dosend/curl_dorecv
  * cookie: avoid NULL dereference
  * url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
  * include: remove conncache.h inclusion from where its not needed
  * CURLOPT_MAXREDIRS: allow -1 as a value
  * tests: Fixed torture tests on tests 556 and 650
  * http2: Fixed OOM handling in upgrade request
  * url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
  * curl: pass through [] in URLs instead of calling globbing error
  * curl: speed up handling of many URLs
  * ntlm: avoid malloc(0) for zero length passwords
  * url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
  * HTTP: support multiple Content-Encodings
  * travis: add a job with brotli enabled
  * url: remove unncessary NULL-check
  * fnmatch: remove dead code
  * connect: store IPv6 connection status after valid connection
  * imap: deal with commands case insensitively
  * --interface: add support for Linux VRF
  * content_encoding: fix inflate_stream for no bytes available
  * cmake: Add missing setmode check
  * connect.c: remove executable bit on file
  * SMB: fix uninitialized local variable
  * zlib/brotli: only include header files in modules needing them
  * URL: return error on malformed URLs with junk after IPv6 bracket
  * openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
  * macOS: Fix missing connectx function with Xcode version older than 9.0
  * --resolve: allow IP address within [] brackets
  * examples/curlx: Fix code style
  * ntlm: remove unnecessary NULL-check to please scan-build
  * Curl_llist_remove: fix potential NULL pointer deref
  * mime: fix "/Value stored to 'sz' is never read"/ scan-build error
  * openssl: fix "/Value stored to 'rc' is never read"/ scan-build error
  * http2: fix "/Value stored to 'hdbuf' is never read"/ scan-build error
  * http2: fix "/Value stored to 'end' is never read"/ scan-build error
  * Curl_open: fix OOM return error correctly
  * url: reject ASCII control characters and space in host names
  * examples/rtsp: clear RANGE again after use
  * connect: improve the bind error message
  * make: fix "/make distclean"/
  * connect: add support for new TCP Fast Open API on Linux
  * metalink: fix memory-leak and NULL pointer dereference
  * URL: update "/file:"/ URL handling
  * ssh: remove check for a NULL pointer
  * global_init: ignore CURL_GLOBAL_SSL's absense
- Update to version 7.56.1 [bsc#1063824]
  * imap: if a FETCH response has no size, don't call write
    callback [CVE-2017-1000257]
  * ftp: UBsan fixup 'pointer index expression overflowed
  * failf: skip the sprintf() if there are no consumers
  * fuzzer: move to using external curl-fuzzer
  * lib/Makefile.m32: allow customizing dll suffixes
  * docs: fix typo in curl_mime_data_cb man page
  * darwinssl: add support for TLSv1.3
  * build: fix --disable-crypto-auth
  * openssl: fix build without HAVE_OPAQUE_EVP_PKEY
  * strtoofft: Remove extraneous null check
  * multi_cleanup: call DONE on handles that never got that
  * tests: added flaky keyword to tests 587 and 644
  * pingpong: return error when trying to send without connection
  * remove_handle: call multi_done() first, then clear dns cache pointer
  * mime: be tolerant about setting the same header list twice in a part
  * mime: improve unbinding top multipart from easy handle
  * mime: avoid resetting a part's encoder when part's contents change
  * mime: refuse to add subparts to one of their own descendants
  * RTSP: avoid integer overflow on funny RTSP responses
  * curl: don't pass semicolons when parsing Content-Disposition
  * openssl: enable PKCS12 support for !BoringSSL
  * CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
  * CURLOPT_XFERINFODATA.3: fix duplicate see also
  * test298: verify --ftp-method nowcwd with URL encoded path
  * FTP: URL decode path for dir listing in nocwd mode
  * smtp_done: fix memory leak on send failure
  * ftpserver: support case insensitive commands
  * test950; verify SMTP with custom request
  * openssl: don't use old BORINGSSL_YYYYMM macros
  * setopt: update current connection SSL verify params
  * curl: reimplement stdin buffering in -F option
  * mime: keep "/text/plain"/ content type if user-specified
  * mime: fix the content reader to handle >16K data properly
  * configure: remove the C++ compiler check
  * memdebug: trace send, recv and socket
  * runtests: use valgrind for torture as well
  * ldap: silence clang warning
  * makefile.m32: allow to override gcc, ar and ranlib
  * setopt: avoid integer overflows when setting millsecond values
  * setopt: range check most long options
  * ftp: reject illegal IP/port in PASV 227 response
  * mime: do not reuse previously computed multipart size
  * vtls: change struct Curl_ssl `close' field name to `close_one'
  * os400: add missing symbols in config file
  * mime: limit bas64-encoded lines length to 76 characters
  * mk-ca-bundle: Remove URL for aurora
  * mk-ca-bundle: Fix URL for NSS
- Update to 7.56.0 [bsc#1061876, CVE-2017-1000254]
  * curl: enable compression for SCP/SFTP with --compressed-ssh
  * libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION
  * vtls: added dynamic changing SSL backend with curl_global_sslset()
  * new MIME API, curl_mime_init() and friends
  * openssl: initial SSLKEYLOGFILE implementation
  Security fixes:
  * CVE-2017-1000254 FTP PWD response parser out of bounds read
  * FTP: zero terminate the entry path even on bad input
  * examples/ftpuploadresume.c: use portable code
  * runtests: match keywords case insensitively
  * strtoofft: reduce integer overflow risks globally
  * produce a working completion script again
  * cmake: remove dead code for CURL_DISABLE_RTMP
  * progress: Track total times following redirects
  * configure: fix --disable-threaded-resolver
  * configure: fix clang version detection
  * darwinssi: fix error: variable length array used
  * configure: check for __builtin_available() availability
  * http_proxy: fix build error for CURL_DOES_CONVERSIONS
  * examples/ftpuploadresume: checksrc compliance
  * ftp: fix CWD when doing multicwd then nocwd on same connection
  * system.h: remove all CURL_SIZEOF_* defines
  * http: Don't wait on CONNECT when there is no proxy
  * system.h: check for __ppc__ as well
  * http2_recv: return error better on fatal h2 errors
  * tftp: fix memory leak on too long filename
  * system.h: fix build for hppa
  * cmake: enable picky compiler options with clang and gcc
  * makefile.m32: add support for libidn2
  * curl: shorten and clean up CA cert verification error message
  * imap: support PREAUTH
  * examples/threaded-ssl: mention that this is for openssl before 1.1
  * tests: Make sure libtests & unittests call curl_global_cleanup()
  * system.h: include sys/poll.h for AIX
  * darwinssl: handle long strings in TLS certs
  * strtooff: fix build for systems with long long but no strtoll
  * asyn-thread: Improved cleanup after OOM situations
  * curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
  * unit1301: fix error message on first test
  * ossfuzz: moving towards the ideal integration
  * http: fix a memory leakage in checkrtspprefix()
  * examples/post-callback: stop returning one byte at a time
  * schannel: return CURLE_SSL_CACERT on failed verification
  * http-proxy: treat all 2xx as CONNECT success
  * openssl: use OpenSSL's default ciphers by default
  * support attribute "/nonewline"/ in part verify/upload
  * configure: remove --enable-soname-bump and SONAME_BUMP
  * vtls: fix WolfSSL 3.12 build problems
  * http-proxy: when not doing CONNECT, that phase is done immediately
  * configure: fix curl_off_t check's include order
  * configure: use -Wno-varargs on clang 3.9[.X] debug builds
  * rtsp: do not call fwrite() with NULL pointer FILE *
  * mbedtls: enable CA path processing
  * checksrc: verify more code style rules
  * HTTP proxy: on connection re-use, still use the new remote port
  * tests: add initial gssapi test using stub implementation
  * rtsp: Segfault when using WRITEDATA
  * docs: clarify the CURLOPT_INTERLEAVE* options behavior
  * non-ascii: use iconv() with 'char **' argument
  * server/getpart: provide dummy function to build conversion enabled
  * conversions: fix several compiler warnings
  * openssl: add missing includes
  * schannel: Support partial send for when data is too large
  * socks: fix incorrect port number in SOCKS4 error message
  * curl: fix integer overflow in timeout options
  * cookies: reject oversized cookies instead of truncating
  * cookies: use lock when using CURLINFO_COOKIELIST
  * curl: check fseek() return code and bail on error
  * examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
  * openssl: only verify RSA private key if supported
  * tests: make the imap server not verify user+password
  * imap: quote atoms properly when escaping characters
  * tests: fix a compiler warning in test 643
  * file_range: avoid integer overflow when figuring out byte range
  * reuse_conn: don't copy flags that are known to be equal
  * http: fix adding custom empty headers to repeated requests
  * connect: fix race condition with happy eyeballs timeout
  * cookie: fix memory leak if path was set twice in header
  * vtls: compare and clone ssl configs properly
  * proxy: read the "/no_proxy"/ variable only if necessary
- Refreshed patches:
  * libcurl-ocloexec.patch
- Removed patches fixed upstream:
  * curl-man3.patch
  * ppc-build.patch
  * curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch
  * curl-disable-test1427-i586.patch
- Add curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch:
  Fix NetworkManagers connectivity test.
- ppc-build.patch: Fix build for powerpc
- Upstream fix to build libcurl man3 pages
  * Added patch curl-man3.patch
- Disabled test1425 that fails in i586 architecture
  * Added patch curl-disable-test1427-i586.patch
- Update to 7.55.0
  * curl: allow --header and --proxy-header read from file
  * getinfo: provide sizes as curl_off_t
  * curl: prevent binary output spewed to terminal
  * curl: added --request-target
  * curl: added --socks5-{basic,gssapi}: control socks5 auth
  * libcurl: added CURLOPT_REQUEST_TARGET
  * libcurl: added CURLOPT_SOCKS5_AUTH
  * Security Fixes:
  - glob: do not parse after a strtoul() overflow range
    (CVE-2017-1000101, bsc#1051643)
  - tftp: reject file name lengths that don't fit
    (CVE-2017-1000100, bsc#1051644)
  - file: output the correct buffer to the user
    (CVE-2017-1000099, bsc#1051645)
  * includes: remove curl/curlbuild.h and curl/curlrules.h
  * dist: make the hugehelp.c not get regenerated unnecessarily
  * timers: store internal time stamps as time_t instead of doubles
  * progress: let "/current speed"/ be UL + DL speeds combined
  * http-proxy: do the HTTP CONNECT process entirely non-blocking
  * lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
  * fuzz: bring oss-fuzz initial code converted to C89
  * configure: disable nghttp2 too if HTTP has been disabled
  * Check curl's exit code after certdata download
  * test1148: verify the -# progressbar
  * tests: stabilize test 2032 and 2033
  * HTTPS-Proxy: don't offer h2 for https proxy connections
  * http-proxy: only attempt FTP over HTTP proxy
  * curl-compilers.m4: enable vla warning for clang
  * curl-compilers.m4: enable double-promotion warning
  * curl-compilers.m4: enable missing-variable-declarations clang
  * curl-compilers.m4: enable comma clang warning
  * CURLOPT_PREQUOTE: not supported for SFTP
  * http2: fix OOM crash
  * PIPELINING_SERVER_BL: cleanup the internal list use
  * fix script name in usage text
  * lib1521: add curl_easy_getinfo calls to the test set
  * travis: do the distcheck test build out-of-tree as well
  * if2ip: fix compiler warning in ISO C90 mode
  * lib: fix the djgpp build
  * typecheck-gcc: add support for CURLINFO_OFF_T
  * travis: enable typecheck-gcc warnings
  * maketgz: switch to xz instead of lzma
  * curl/system.h: add check for XTENSA for 32bit gcc
  * test1537: fixed memory leak on OOM
  * test1521: fix compiler warnings
  * curl: fix memory leak on test 1147 OOM
  * libtest/make: generate lib1521.c dynamically at build-time
  * curl_strequal.3: fix typo in SYNOPSIS
  * progress: prevent resetting t_starttransfer
  * openssl: improve fallback seed of PRNG with a time based hash
  * http2: improved PING frame handling
  * test1450: add simple testing for DICT
  * make: build the docs subdir only from within src
  * gtls: fix build when sizeof(long) < sizeof(void *)
  * url: make the original string get used on subsequent transfers
  * timeval.c: Use long long constant type for timeval assignment
  * tool_sleep: typecast to avoid macos compiler warning
  * travis.yml: use --enable-werror on debug builds
  * test1451: add SMB support to the testbed
  * configure: remove checks for 5 functions never used
  * configure: try ldap/lber in reversed order first
  * smb: fix build for djgpp/MSDOS
  * travis: install nghttp2 on linux builds
  * smb: add support for CURLOPT_FILETIME
  * select.h: avoid macro redefinition harder
  * runtests: support "/threaded-resolver"/ as a feature
  * test506: skip if threaded-resolver
  * cmake: remove spurious "/-l"/ from linker flags
  * cmake: add CURL_WERROR for enabling "/warning as errors"/
  * memdebug: don't setbuf() if the file open failed
  * curl_easy_escape.3: mention the (lack of) encoding
  * test1452: add telnet negotiation
  * CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
  * cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
  * tests/valgrind.supp: supress OpenSSL false positive seen on
  * curl_setup_once: Remove ERRNO/SET_ERRNO macros
  * rtspd: fix MSVC level 4 warning
  * sockfilt: suppress conversion warning with explicit cast
  * libtest: fix MSVC warning C4706
  * tests/server/resolve.c: fix deprecation warning
  * nss: fix a possible use-after-free in SelectClientCert()
  * checksrc: escape open brace in regex
  * multi: mention integer overflow risk if using > 500 million
  * timeval: struct curltime is a struct timeval replacement
  * curl_rtmp: fix a compiler warning
  * include.d: clarify that it concerns the response headers
  * cmake: support make uninstall
  * include.d: clarify --include is only for response headers
  * libcurl: Stop using error codes defined under CURL_NO_OLDIES
  * http: fix response code parser to avoid integer overflow
  * configure: fix the check for IdnToUnicode
  * multi: fix request timer management
  * curl_threads: fix MSVC compiler warning
  * cmake: set MSVC warning level to 4
  * netrc: skip lines starting with '#'
  * FTP: skip unnecessary CWD when in nocwd mode
  * gssapi: fix memory leak of output token in multi round context
  * getparameter: avoid returning uninitialized 'usedarg'
  * curl (debug build) easy_events: make event data static
  * curl: detect and bail out early on parameter integer overflows
- Removed patch curl-invalid-free.patch
- Update License to 'curl' as per review on OBS sr#505976.
- Have the -mini packages conflict the real ones.
- Add curl-invalid-free.patch to fix an invalid free in
  curl_multi_setopt function.
- Update to 7.54.1
  * curl now shows release date in --version output
  * Fixes CVE-2017-9502: default protocol drive letter
    buffer overflow bsc#1044243
  * openssl: fix memory leak in servercert
  * curl: set a 100K buffer size by default
  * nss: do not leak PKCS #11 slot while loading a key
  * nss: load if no other trust is specified
  * curl: use utimes instead of obsolescent utime when available
  * url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
  * CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
  * curl: non-boolean command line args reject --no- prefixes
  * telnet: Write full buffer instead of byte-by-byte
  * curl: remove --environment and tool_writeenv.c
  * curl: generate the --help output
  * curl.1: clarify --config
  * curl.1: mention --oauth2-bearer's argument
  * ssh: fix memory leak in disconnect due to timeout
  * redirect: store the "/would redirect to"/ URL when max redirs is reached
  * file: make speedcheck use current time for checks
  * urlglob: fix division by zero
- Create curl-mini for bootstrapping (boo#1042919)
- Update to 7.54.0
  * Add --max-tls
  * Add --suppress-connect-headers
  * CVE-2017-7468: switch off SSL session id when client cert is used
  * bsc#1033413
  * tests: use consistent environment variables for setting charset
  * proxy: fixed a memory leak on OOM
  * ftp: removed an erroneous free in an OOM path
  * ftp: fixed a NULL pointer dereference on OOM
  * gopher: fixed detection of an error condition from Curl_urldecode
  * url: fix unix-socket support for proxy-disabled builds
  * fix potential use of uninitialized variables
  * ares: return error at once if timed out before name resolve starts
  * URL: return error on malformed URLs with junk after port number
  * http2: Fix assertion error on redirect with CL=0
  * --insecure: clarify that this option is for server connections
  * authneg: clear auth.multi flag at http_done
  * curl_easy_reset: Also reset the authentication state
  * proxy: skip SSL initialization for closed connections
  * http_proxy: ignore TE and CL in CONNECT 2xx responses
  * multi: fix streamclose() crash in debug mode
  * openssl: fall back on SSL_ERROR_* string when no error detail
  * asiohiper: make sure socket is open in event_cb
  * curl: check for end of input in writeout backslash handling
  * openssl: exclude DSA code when OPENSSL_NO_DSA is defined
  * http: Fix proxy connection reuse with basic-auth
  * pause: handle mixed types of data when paused
  * http: do not treat FTPS over CONNECT as HTTPS
  * conncache: make hashkey avoid malloc
  * multi: fix queueing of pending easy handles
  * low_speed_limit: improved function for longer time periods
  * nss: load CA certificates even with --insecure
  * Curl_expire_latest: ignore already expired timers
  * http2: fix handle leak in error path
  * openssl: make SSL_ERROR_to_str more future-proof
  * openssl: fix thread-safety bugs in error-handling
  * openssl: don't try to print nonexistant peer private keys
- Update to 7.53.1
  * url: Improve CURLOPT_PROXY_CAPATH error handling
  * urldata: include curl_sspi.h when Windows SSPI is enabled
  * formdata: check for EOF when reading from stdin
  * tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
  * url: Default the proxy CA bundle location to CURL_CA_BUNDLE
  * rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
- Update to 7.53.0
  * unix_socket: added --abstract-unix-socket and
  * CURLOPT_BUFFERSIZE: support enlarging receive buffer
  * CVE-2017-2629: make SSL_VERIFYSTATUS work again
  * gnutls-random: check return code for failed random
  * openssl-random: check return code when asking for random
  * http: remove "/Curl_http_done: called premature"/ message
  * cyassl: use time_t instead of long for timeout
  * build-wolfssl: Sync config with wolfSSL 3.10
  * ftp-gss: check for init before use
  * configure: accept --with-libidn2 instead
  * ftp: failure to resolve proxy should return that error code
  * curl.1: add three more exit codes
  * docs/ciphers: link to our own new page about ciphers
  * vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl
  * darwinssl: fix iOS build
  * darwinssl: fix CFArrayRef leak
  * cmake: use crypt32.lib when building with OpenSSL on windows
  * curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked
  * digest_sspi: copy terminating NUL as well
  * curl: fix --remote-time incorrect times on Windows
  * curl.1: several updates and corrections
  * content_encoding: change return code on a failure
  * curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
  * docs: TCP_KEEPALIVE start and interval default to 60
  * darwinssl: --insecure overrides --cacert if both settings are in use
  * TheArtOfHttpScripting: grammar
  * document GSKit ciphers
  * wolfssl: support setting cipher list
  * wolfssl: display negotiated SSL version and cipher
  * lib506: fix build for Open Watcom
  * asiohiper: improved socket handling
  * examples: make the C++ examples follow our code style too
  * tests/sws: retry send() on EWOULDBLOCK
  * cmake: Fix passing _WINSOCKAPI_ macro to compiler
  * smtp: Fix STARTTLS denied error message
  * imap/pop3: don't print response character in STARTTLS denied messages
  * rand: make it work without TLS backing
  * url: fix parsing for when 'file' is the default protocol
  * url: allow file://X:/path URLs on windows again
  * gnutls: check for alpn and ocsp in configure
  * IDN: Use TR46 'non-transitional' for toASCII translations
  * url: Fix NO_PROXY env var to work properly with --proxy option
  * CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*
  * docs: Add note about libcurl copying strings to CURLOPT_* manpages
  * curl: reset the easy handle at --next
  * --next docs: --trace and --trace-ascii are also global
  * --write-out docs: 'time_total' is not always shown with ms precision
  * http: print correct HTTP string in verbose output when using HTTP/2
  * docs: improved language in
  * http2: disable server push if not requested
  * nss: use the correct lock in nss_find_slot_by_name()
  * usercertinmem.c: improve the short description
  * CURLOPT_CONNECT_TO: Fix compile warnings
  * docs: non-blocking SSL handshake is now supported with NSS
  * *.rc: escape non-ASCII/non-UTF-8 character for clarity
  * mbedTLS: fix multi interface non-blocking handshake
  * PolarSSL: fix multi interface non-blocking handshake
  * VC: remove the makefile.vc6 build infra
  * telnet: fix windows compiler warnings
  * cookies: do not assume a valid domain has a dot
  * polarssl: fix hangs
  * gnutls: disable TLS session tickets
  * mbedtls: disable TLS session tickets
  * mbedtls: implement CTR-DRBG and HAVEGE random generators
  * openssl: Don't use certificate after transferring ownership
  * cmake: Support curl --xattr when built with cmake
  * OS400: Fix symbols
  * docs: Add more HTTPS proxy documentation
  * docs: use more HTTPS links
  * cmdline-opts: Fixed build and test in out of source tree builds
  * CHANGES.0: removed
  * schannel: Remove incorrect SNI disabled message
  * darwinssl: Avoid parsing certificates when not in verbose mode
  * test552: Fix typos
  * telnet: Fix typos
  * transfer: only retry nobody-requests for HTTP
  * http2: reset push header counter fixes crash
  * nss: make FTPS work with --proxytunnel
  * test1139: Added the --manual keyword since the manual is required
  * polarssl, mbedtls: Fix detection of pending data
  * http_proxy: Fix tiny memory leak upon edge case connecting to proxy
  * URL: only accept "/;options"/ in SMTP/POP3/IMAP URL schemes
  * curl.1: is no longer an FTP mirror
  * tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT
  * http2: fix memory-leak when denying push streams
  * configure: Allow disabling pthreads, fall back on Win32 threads
  * curl: fix typo in time condition warning message
  * axtls: adapt to API changes
  * tool_urlglob: Allow a glob range with the same start and stop
  * winbuild: add note on auto-detection of MACHINE in
  * http: fix missing 'Content-Length: 0' while negotiating auth
  * proxy: fix hostname resolution and IDN conversion
  * docs: fix timeout handling in multi-uv example
  * digest_sspi: Fix nonce-count generation in HTTP digest
  * sftp: improved checks for create dir failures
  * smb: use getpid replacement for windows UWP builds
  * digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
- Remove curl-7.52.1-idn-fixes.patch, fixed upstream.
- build with libidn2 for IDNA2008 support
  FATE#321897 CVE-2016-8625 bsc#1005649
  add curl-7.52.1-idn-fixes.patch to fix test, among other things
- re-enable tests that are no longer failing,
  remove curl-disable_failing_tests.patch
- Update to 7.52.1
  * CVE-2016-9594: unititialized random bsc#1016738
- Update to 7.52.0
  * nss: map CURL_SSLVERSION_DEFAULT to NSS default
  * vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
  * curl: introduce the --tlsv1.3 option to force TLS 1.3
  * curl: Add --retry-connrefused
  * proxy: Support HTTPS proxy and SOCKS+HTTP(s)
  * curl: add --fail-early
  * CVE-2016-9586: printf floating point buffer overflow
  * curl -w: added more decimal digits to timing counters
  * easy: Initialize info variables on easy init and duphandle
  * http2: Don't send header fields prohibited by HTTP/2 spec
  * ssh: check md5 fingerprints case insensitively (regression)
  * openssl: initial TLS 1.3 adaptions
  * SPNEGO: Fix memory leak when authentication fails
  * realloc: use Curl_saferealloc to avoid common mistakes
  * openssl: make sure to fail in the unlikely event that PRNG
    seeding fails
  * URL-parser: for file://[host]/ URLs, the [host] must be localhost
  * timeval: prefer time_t to hold seconds instead of long
  * glob: fix [a-c] globbing regression
  * curl.1: Clarify --dump-header only writes received headers
  * http2: Fix address sanitizer memcpy warning
  * http2: Use huge HTTP/2 windows
  * connects: Don't mix unix domain sockets with regular ones
  * url: Fix conn reuse for local ports and interfaces
  * x509: Limit ASN.1 structure sizes to 256K
  * http2: check nghttp2_session_set_local_window_size exists
  * http2: Fix crashes when parent stream gets aborted
  * CURLOPT_CONNECT_TO: Skip non-matching "/connect-to"/ entries
  * URL parser: reject non-numerical port numbers
  * CONNECT: reject TE or CL in 2xx responses
  * CONNECT: read responses one byte at a time
  * curl: support zero-length argument strings in config files
  * openssl: don't use OpenSSL's ERR_PACK
  * curl.1: generated with the new man page system
  * curl_easy_recv: Improve documentation and example program
  * Curl_getconnectinfo: avoid checking if the connection is closed
  * attempt to document TLS cipher names
- Update to 7.51.0
  * nss: additional cipher suites are now accepted by
  * CVE-2016-8615: cookie injection for other servers
  * CVE-2016-8616: case insensitive password comparison
  * CVE-2016-8617: OOB write via unchecked multiplication
  * CVE-2016-8618: double-free in curl_maprintf
  * CVE-2016-8619: double-free in krb5 code
  * CVE-2016-8620: glob parser write/read out of bounds
  * CVE-2016-8621: curl_getdate read out of bounds
  * CVE-2016-8622: URL unescape heap overflow via integer truncation
  * CVE-2016-8623: Use-after-free via shared cookies
  * CVE-2016-8624: invalid URL parsing with '#'
  * CVE-2016-8625: IDNA 2003 makes curl use wrong host
  * openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
  * http: accept "/Transfer-Encoding: chunked"/ for HTTP/2 as well
  * update with mbedTLS dual licensing
  * examples/imap-append: Set size of data to be uploaded
  * test2048: fix url
  * darwinssl: disable RC4 cipher-suite support
  * openssl: don’t call CRYTPO_cleanup_all_ex_data
  * libressl: fix version output
  * easy: Reset all statistical session info in curl_easy_reset
  * curl_global_cleanup.3: don't unload the lib with sub threads running
  * dist: add CurlSymbolHiding.cmake to the tarball
  * docs: Remove that --proto is just used for initial retrieval
  * configure: Fixed builds with libssh2 in a custom location
  * curl.1: --trace supports % for sending to stderr!
  * cookies: same domain handling changed to match browser behavior
  * formpost: trying to attach a directory no longer crashes
  * CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning
  * formpost: avoid silent snprintf() truncation
  * ftp: fix Curl_ftpsendf
  * mprintf: return error on too many arguments
  * smb: properly check incoming packet boundaries
  * GIT-INFO: remove the Mac 10.1-specific details
  * resolve: add error message when resolving using SIGALRM
  * cmake: add nghttp2 support
  * dist: remove PDF and HTML converted docs from the releases
  * configure: disable poll() in macOS builds
  * vtls: only re-use session-ids using the same scheme
  * pipelining: skip to-be-closed connections when pipelining
  * win: fix Universal Windows Platform build
  * curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically
  * maketgz: make it support "/only"/ generating version info
  * Curl_socket_check: add extra check to avoid integer overflow
  * gopher: properly return error for poll failures
  * curl: set INTERLEAVEDATA too
  * polarssl: clear thread array at init
  * polarssl: fix unaligned SSL session-id lock
  * polarssl: reduce #ifdef madness with a macro
  * curl_multi_add_handle: set timeouts in closure handles
  * configure: set min version flags for builds on mac
  * INSTALL: converted to markdown =>
  * curl_multi_remove_handle: fix a double-free
  * multi: fix inifinte loop in curl_multi_cleanup()
  * nss: fix tight loop in non-blocking TLS handhsake over proxy
  * mk-ca-bundle: Change URL retrieval to HTTPS-only by default
  * mbedtls: stop using deprecated include file
  * docs: fix req->data in multi-uv example
  * configure: Fix test syntax for monotonic clock_gettime
  * CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
- Refresh libcurl-ocloexec.patch
- update to 7.50.3
  * CVE-2016-7167: escape and unescape integer overflows
  * use SHA256 instead of SHA1
  * checksrc: detect strtok() use
  * errors: new alias CURLE_WEIRD_SERVER_REPLY
  * http2: support > 64bit sized uploads
  * openssl: fix bad memory free (regression)
  * CMake: hide private library symbols
  * http: refuse to pass on response body when NO_NODY is set
  * cmake: fix curl-config --static-libs
  * mbedtls: switch off NTLM in build if md4 isn't available
  * curl: --create-dirs on windows groks both forward and
    backward slashes
- update to 7.50.2
  * mbedtls: Added support for NTLM
  * SSH: fixed SFTP/SCP transfer problems
  * multi: make Curl_expire() work with 0 ms timeouts
  * -m keeps ca cert meta data in output
  * TFTP: Fix upload problem with piped input
  * CURLOPT_TCP_NODELAY: now enabled by default
  * mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
  * http2: always wait for readable socket
  * cmake: Enable win32 large file support by default
  * cmake: Enable win32 threaded resolver by default
  * winbuild: Avoid setting redundant CFLAGS to compile commands
  * curl.h: make CURL_NO_OLDIES define CURL_STRICTER
  * docs: make more markdown files use .md extension
  * docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
  * winbuild: Allow changing C compiler via environment variable CC
  * rtsp: accept any RTSP session id
  * HTTP: retry failed HEAD requests on reused connections too
  * configure: add zlib search with pkg-config
  * openssl: accept subjectAltName iPAddress if no dNSName match
  * MANUAL: Remove invalid link to LDAP documentation
  * socks: improved connection procedure
  * proxy: reject attempts to use unsupported proxy schemes
  * proxy: bring back use of "/Proxy-Connection:"/
  * curl: allow "/pkcs11:"/ prefix for client certificates
  * spnego_sspi: fix memory leak in case *outlen is zero
  * SOCKS: improve verbose output of SOCKS5 connection sequence
  * SOCKS: display the hostname returned by the SOCKS5 proxy server
  * http/sasl: Query authentication mechanism supported by SSPI before using
  * sasl: Don't use GSSAPI authentication when domain name not specified
  * win: Basic support for Universal Windows Platform apps
  * nss: fix incorrect use of a previously loaded certificate from file,
  * nss: work around race condition in PK11_FindSlotByName()
  * ftp: fix wrong poll on the secondary socket
  * openssl: build warning-free with 1.1.0 (again)
  * HTTP: stop parsing headers when switching to unknown protocols
  * test219: Add http as a required feature
  * TLS: random file/egd doesn't have to match for conn reuse
  * schannel: Disable ALPN for Wine since it is causing problems
  * http2: make sure stream errors don't needlessly close the connection
  * http2: return CURLE_HTTP2_STREAM for unexpected stream close
  * darwinssl: --cainfo is intended for backward compatibility only
  * speed caps: not based on average speeds anymore
  * configure: make the cpp -P detection not clobber CPPFLAGS
  * http2: use named define instead of magic constant in read callback
  * http2: skip the content-length parsing, detect unknown size
  * http2: return EOF when done uploading without known size
  * darwinssl: test for errSecSuccess in PKCS12 import rather than noErr
- update to 7.50.1
  * TLS: switch off SSL session id when client cert is used
  * TLS: only reuse connections with the same client cert
  * curl_multi_cleanup: clear connection pointer for easy handles
  * include the CURLINFO_HTTP_VERSION man page into the release tarball
  * include the script in the release tarball
  * test558: fix test by stripping file paths from FD lines
  * spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
  * tests: Fix for http/2 feature
  * cmake: Fix for schannel support
  * curl.h: make public types void * again
  * win32: fix a potential memory leak in Curl_load_library
  * travis: fix OSX build by re-installing libtool
  * mbedtls: Fix debug function name
- removed
- update to 7.50.0
  * http: add CURLINFO_HTTP_VERSION and %{http_version}
  * openssl: fix build with OPENSSL_NO_COMP
  * cmake: Added missing mbedTLS support
  * URL parser: allow URLs to use one, two or three slashes
  * curl: fix -q [regression]
  * openssl: Use correct buffer sizes for error messages
  * curl: fix SIGSEGV while parsing URL with too many globs
  * vtls: fix ssl session cache race condition
  * http: Fix HTTP/2 connection reuse [regression]
  * checksrc: Add LoadLibrary to the banned functions list
  * configure: occasional ignorance of --enable-symbol-hiding with GCC
  * http2: test17xx are the first real HTTP/2 tests
  * resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
  * curl_multi_socket_action.3: rewording
  * CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
  * cmake: Fix build with winldap
  * openssl: fix cert check with non-DNS name fields present
  * curl.1: mention the units for the progress meter
  * openssl: use more 'const' to fix build warnings with 1.1.0 branch
  * cmake: now using BUILD_TESTING=ON/OFF
  * vtls: Only call add/getsession if session id is enabled
  * headers: forward declare CURL, CURLM and CURLSH as structs
  * configure: improve detection of CA bundle path on FreeBSD
  * SFTP: set a generic error when no SFTP one exists
  * curl_global_init.3: expand on the SSL and WIN32 bits purpose
  * conn: don't free easy handle data in handler->disconnect
  * cookie.c: Fix misleading indentation
  * library: Fix memory leaks found during static analysis
  * curl_global_init: moved the "/IPv6 works"/ check here
  * connect: disable TFO on Linux when using SSL
  * vauth: Fixed memory leak due to function returning without free
- refresh libcurl-ocloexec.patch
- disable tests 1139 and 1140 which fail due to missing manpage
  * add curl-disable_failing_tests.patch
- ship for testing
  * add
- curl 7.49.1:
  * http2: use HTTP/2 in the HTTP/1.1-alike response
  * ssh: fix build for libssh2 before 1.2.6
  * a number of bug and build fixes
- curl 7.49.0:
  * schannel: Add ALPN support
  * SSH: new CURLOPT_QUOTE command "/statvfs"/
  * wolfssl: Add ALPN support
  * http2: added --http2-prior-knowledge
  * libcurl: added CURLOPT_CONNECT_TO
  * curl: added --connect-to
  * libcurl: added CURLOPT_TCP_FASTOPEN
  * curl: added --tcp-fastopen
  * curl: remove support for --ftpport, -http-request and --socks
  * a number of bug and build fixes
- update upstream signing key and download URLs
- 0001-Fix-invalid-Network-is-unreachable-errors.patch is upstream
- Depend on libssh2 >= 1.6.0 since curl depends on the
  libssh2_scp_recv2 symbol now. Fixes boo#983170
- Add 0001-Fix-invalid-Network-is-unreachable-errors.patch.
  Fixes "/Network is unreachable"/ errors in valid situations when ipv6
  is not available but ipv4 is working fine. This also fixes the same
  error from happening in applications using libcurl4 (like zypper).
- Update to 7.48.0
  * configure: --with-ca-fallback: use built-in TLS CA fallback
  * TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS
  * Lots of bugfixes, see
- Drop curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff,
  superseded by --with-ca-fallback configure option.
- curl 7.47.1:
  * getredirect.c: fix variable name
  * tool_doswin: silence unused function warning
  * curl.1: Explain remote-name behavior if file already exists
  * sasl_sspi: Fix memory leak in domain populate
  * openssl: Fix signed/unsigned mismatch warning in X509V3_ext
- Enable PSL (Publix Suffix List)
- Make building more verbose
- update to 7.47.0
  * fixes CVE-2016-0755 (bsc#962983)
    (NTLM credentials not-checked for proxy connection re-use)
  * drop curl-fix-zsh-completion.patch (upstream)
  * version: Add flag CURL_VERSION_PSL for libpsl
  * http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only
  * curl: use 2TLS by default
  * curl --expect100-timeout: added
  * Add .dir-locals and set c-basic-offset to 2 (for emacs)
- Fix path to curl in to unbreak _curl completion
  * curl-fix-zsh-completion.patch
- Update to 7.46.0
  * oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP,
    POP3 and SNMP
  * Many bugfixes, see for the
  complete list.
- revert the curl-config change for bsc#900419 until we have a better
  fix, because it was breaking builds of other packages
- Enable HTTP/2 support, buildrequires pkgconfig(libnghttp2)
- Update to 7.45.0
  * added new tool option --proto-default
  * getinfo: added CURLINFO_ACTIVESOCKET
  * turned CURLINFO_* option docs as stand-alone man pages
  * curl: point out unnecessary uses of -X in verbose mode
- Drop curl-disable_failing_tests.patch as it is now part of
- drop a hack that made curl-config print only -lcurl (bsc#900419)
  * --as-needed is used by default now
- update to 7.44.0
    examples: added http2-serverpush.c
    http2: added curl_pushheader_byname() and curl_pushheader_bynum()
    docs: added
    curl: Add --ssl-no-revoke to disable certificate revocation checks
    makefile: Added support for VC14
- dropped unexpire-test46.patch (upstream)
- unexpire-test46.patch: Unexpire test 46
- do not run flaky tests for any architecture (bnc#940009)
  at least test 1510 do fail for i586 and ppc64le
- fix a typo in curl-secure-getenv.patch (bsc#936676)
- Update to 7.43.0
  * New curl option: --proxy-service-name
  * Mew curl option: --service-name
  * New curl option: --data-raw
  * Added support for multiplexing transfers using HTTP/2, enable
    this with the new CURLPIPE_MULTIPLEX bit for
  * HTTP/2: requires nghttp2 1.0.0 or later
  * scripts: add for generating zsh completion
  * curl.h: add CURL_HTTP_VERSION_2
  * CVE-2015-3236: lingering HTTP credentials in connection re-use
  * CVE-2015-3237: SMB send off unrelated memory contents
- Disable HTTP/2 as it would create build cycle
- enable HTTP/2 support
- make the testsuite failure fatal
  * added curl-disable_failing_tests.patch
  * added groff to BuildRequires to enable builtin manual (test 1026)
- update to 7.42.1
  * fixes CVE-2015-3153 (bnc#928533)
  - sensitive HTTP server headers also sent to proxies
- rename curl-devel to libcurl-devel in baselibs.conf
- update to 7.42.0
  * refresh libcurl-ocloexec.patch
- fixes security vulnerabilities:
  * CVE-2015-3143 (bnc#927556)
  - Re-using authenticated connection when unauthenticated
  * CVE-2015-3144 (bnc#927608)
  - host name out of boundary memory access
  * CVE-2015-3145 (bnc#927607)
  - cookie parser out of boundary memory access
  * CVE-2015-3148 (bnc#927746)
  - Negotiate not treated as connection-oriented
- don't hardcode /etc/ssl/certs. Use openssl's default instead
- update to 7.41.0:
  * Changes:
    NetWare build: added TLS-SRP enabled build
    winbuild: Added option to build with c-ares
    Added --cert-status
    sasl: implement EXTERNAL authentication mechanism
- Re-enable metalink supoort
- Use pkgconfig() style dependencies
- update to 7.40.0:
  * fixes CVE-2014-8150 (bnc#911363)
  * Changes:
    http_digest: Added support for Windows SSPI based authentication
    version info: Added Kerberos V5 to the supported features
    Makefile: Added VC targets for WinIDN
    config-win32: Introduce build targets for VS2012+
    SSL: Add PEM format support for public key pinning
    smtp: Added support for the conversion of Unix newlines during mail send
    smb: Added initial support for the SMB/CIFS protocol
    Added support for HTTP over unix domain sockets,
    via CURLOPT_UNIX_SOCKET_PATH and --unix-socket
    sasl: Added support for GSS-API based Kerberos V5 authentication
- build with PIE
- update to 7.39.0:
- changes:
    SSLv3 is disabled by default
    CURLOPT_COOKIELIST: Added "/RELOAD"/ command
    build: Added WinIDN build configuration options to Visual Studio projects
    ssh: improve key file search
    SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
    vtls: remove QsoSSL support, use gskit!
    mk-ca-bundle: added SHA-384 signature algorithm
    docs: added many examples for libcurl opts and other doc improvements
    build: Added VC ssh2 target to main Makefile
    MinGW: Added support to build with nghttp2
    NetWare: Added support to build with nghttp2
    build: added Watcom support to build with WinSSL
    build: Added optional specific version generation of VC project files
    ... and a bunch of bugfixes
- refreshed libcurl-ocloexec.patch
- removed gpg-offline verification
- spec-cleaned curl.spec
- Ensure the curl command line tool always require
  the same libcurl it was used for build, even expert users
  got confused.
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
  due to insecure tmp file usage. (bsc#1180669)
  Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
- Remove Berkeley DB dependency (JIRA#SLE-12190)
  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
  without Berkely DB support. gdbm will be used instead of BDB.
  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
  with Berkely DB support.
- Update to 2.1.27
  * Added support for OpenSSL 1.1
  * Added support for lmdb
  * Lots of build fixes
  * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
  * DIGEST-MD5 plugin:
    Fixed memory leaks
    Fixed a segfault when looking for non-existent reauth cache
    Prevent client from going from step 3 back to step 2
    Allow cmusaslsecretDIGEST-MD5 property to be disabled
  * GSSAPI plugin:
    Added support for retrieving negotiated SSF
    Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
    Properly compute maxbufsize AFTER security layers have been set
  * SCRAM plugin:
    Added support for SCRAM-SHA-256
  * LOGIN plugin:
    Don’t prompt client for password until requested by server
  * NTLM plugin:
    Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- bsc#983938 `` left-overs in several unit files
- added patches:
  fix_libpq-fe_include.diff  for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
  * shared_link_on_ppc.patch
  * cyrus-sasl-2.1.27-openssl-1.1.0.patch
  * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * 0004-Add-support-for-retrieving-the-mech_ssf.patch
  * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
  * cyrus-sasl-fix-logging-in-gssapi.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
  * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
  * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- added backport-patch cyrus-sasl-bug587.patch which fixes
  off-by-one error in _sasl_add_string function
  (see CVE-2019-19906 bsc#1159635)
- bnc#1044840 syslog is polluted with messages "/GSSAPI client step 1"/
  By server context the connection will be sent to the log function.
  Client content does not have log level information. I.e. there is no
  way to stop DEBUG level logs nece I've removed it.
  * add cyrus-sasl-fix-logging-in-gssapi.patch
- OpenSSL 1.1 support (bsc#1055463)
  * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
- added cyrus-sasl-issue-402.patch to fix
  SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
- really use SASLAUTHD_PARAMS variable (bnc#938657)
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
- Make sure /usr/sbin/rcsaslauthd exists
- Remove Berkeley DB dependency (JIRA#SLE-12190)
  The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build
  without Berkely DB support. gdbm will be used instead of BDB.
  The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build
  with Berkely DB support.
- Update to 2.1.27
  * Added support for OpenSSL 1.1
  * Added support for lmdb
  * Lots of build fixes
  * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
  * DIGEST-MD5 plugin:
    Fixed memory leaks
    Fixed a segfault when looking for non-existent reauth cache
    Prevent client from going from step 3 back to step 2
    Allow cmusaslsecretDIGEST-MD5 property to be disabled
  * GSSAPI plugin:
    Added support for retrieving negotiated SSF
    Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
    Properly compute maxbufsize AFTER security layers have been set
  * SCRAM plugin:
    Added support for SCRAM-SHA-256
  * LOGIN plugin:
    Don’t prompt client for password until requested by server
  * NTLM plugin:
    Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- bsc#983938 `` left-overs in several unit files
- added patches:
  fix_libpq-fe_include.diff  for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
  * shared_link_on_ppc.patch
  * cyrus-sasl-2.1.27-openssl-1.1.0.patch
  * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * 0004-Add-support-for-retrieving-the-mech_ssf.patch
  * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
  * cyrus-sasl-fix-logging-in-gssapi.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
  * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
  * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- added backport-patch cyrus-sasl-bug587.patch which fixes
  off-by-one error in _sasl_add_string function
  (see CVE-2019-19906 bsc#1159635)
- bnc#1044840 syslog is polluted with messages "/GSSAPI client step 1"/
  By server context the connection will be sent to the log function.
  Client content does not have log level information. I.e. there is no
  way to stop DEBUG level logs nece I've removed it.
  * add cyrus-sasl-fix-logging-in-gssapi.patch
- OpenSSL 1.1 support (bsc#1055463)
  * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
- added cyrus-sasl-issue-402.patch to fix
  SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
- really use SASLAUTHD_PARAMS variable (bnc#938657)
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
- Make sure /usr/sbin/rcsaslauthd exists
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
  * fix-upstream-userdb-constpointer.patch
  * fix-upstream-CVE-2020-35512.patch
- Fix CVE-2019-12749 Authentication bypass (CVE-2019-12749 bsc#1137832)
  * added fix-CVE-2019-12749.patch
- Make libdbus-1-3 own the %{_datadir}/dbus-1/system.d directory
- Use %license instead of %doc [bsc#1082318]
- Avoid bashisms in scriptlets.
- Avoid ugly error message from %pre(install) script when installing
  for the first time.
- Don't spit out a warning if /usr/bin/dbus-daemon does not exist
  when we run the pre-script.
- Swap a missed libdir to libexecdir
- Do not hide errors during useradd.
- Fix dbus-daemon-launch-helper to use proper ref to libexecdir
- use %{_libexecdir}/dbus-1 as libexecdir
- Update to 1.12.2
  • Eavesdropping is officially deprecated in favour of BecomeMonitor.
  See the release notes for spec version 0.31 (in dbus 1.11.14).
  • [Unix] Flag files in /var/run/console/${username} are deprecated.
  See the release notes for 1.11.18.
  New APIs:
  • <allow> and <deny> rules in dbus-daemon configuration can now
  include send_broadcast="/true"/, send_broadcast="/false"/,
  max_unix_fds="/N"/, min_unix_fds="/N"/ (for some integer N).
  See the release notes for 1.11.18.
  • dbus_try_get_local_machine_id() is like
  dbus_get_local_machine_id(), but returns a DBusError.
  • New APIs around DBusMessageIter to simplify cleanup.
  See the release notes for 1.11.16.
  • The message bus daemon now implements the standard Introspectable,
  Peer and Properties interfaces. See the release notes for
  dbus 1.11.14 and spec version 0.31.
  • DTDs for introspection XML and bus configuration are installed.
  • [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but
  never uses Linux abstract sockets, which is advantageous for
  containers. On non-Linux it is equivalent to unix:tmpdir=….
  See the release notes for dbus 1.11.14 and spec version 0.31.
  • [Unix] New option "/dbus-launch --exit-with-x11"/.
  • [Unix] Session managers can create transient .service files in
  $XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12.
  • [Unix] A sysusers.d snippet can create the messagebus user on-demand.
  Miscellaneous behaviour changes:
  • [Unix] The session bus now logs to syslog if it was started by
  • [Unix] Internal warnings are logged to syslog if configured.
  • [Unix] Exceeding an anti-DoS limit is logged to syslog if configured,
  or to stderr.
- Enabled "/make check test suite"/
- Patches removed, fixed upstream
  * fix-upstream-drop-install-sections-from-user-services.patch
  * fix-upstream-increase-backlog.patch
  * fix-upstream-timeout-reset-1.patch
  * fix-upstream-timeout-reset-2.patch
- boo#1027201 dbus-daemon not found
- boo#978477 systemd reseting under heavy load
  * fix-upstream-timeout-reset-1.patch
  * fix-upstream-timeout-reset-2.patch
- boo#1027200 don't generate machine-id in %post systemd will do it
  on first boot.
- swap usage of /bin/false to /usr/bin/false
- Use libexecdir=%{_libdir}/dbus-1 rather then /lib/dbus-1
- No need to set --libdir anymore now that prefix is /usr/bin,
  * fixes boo#1047532
- No need to set --bindir, bindir in dbus-1-x11 was incorrect
- Other fixes required to properly change prefix
- Don't pass --with-initscripts we don't use them anymore.
- Update to 1.10.20
  * Fixes:
    + Fix a reference leak when blocking on a pending call on a
    connection that has been disconnected (fdo#101481, Shin-ichi
    + Don't put timestamps in the Doxygen-generated documentation,
    for closer-to-reproducible builds (fdo#100692, Simon
    + Avoid an assertion failure when connecting to a
    semicolon-separated series of addresses, one of which fails
    (fdo#101257, Simon McVittie)
  * Documentation:
    + Update git URIs in HACKING document to sync up with (fdo#100715, Simon McVittie)
- swap to /usr/bin bsc#1029968
- Add the following fixes from SLE12
  * bsc#980928 increase listen() backlog of AF_UNIX sockets to
    SOMAXCONN fix-upstream-increase-backlog.patch
- The following bugs were already fixed but are missing changelog
  * bsc#867256 (No longer applicable)
  * bsc#916785 (No longer applicable)
  * bsc#1012564 (Not applicable)
  * fdo#90004 (Fixed Upstream)
- Rename the following patches as a tidy up
  * dbus-log-deny.patch to feature-suse-log-deny.patch
  * dbus-do-autolaunch.patch feature-suse-do-autolaunch.patch
  * 0001-Add-RefuseManualStartStop.patch to
  * 0001-Drop-Install-sections-from-user-services.patch to
- Update to 1.10.18
  * Fixes
    + Re-order dbus-daemon startup so that on SELinux systems, the
    thread that reads AVC notifications retains the ability to
    write to the audit log (fdo#92832, Debian #857660; Laurent
    + Fix a harmless read overflow and some memory leaks in a unit
    test (fdo#100568, Philip Withnall)
- Update to 1.10.16
  * Prevent symlink attacks in the nonce-tcp transport on Unix that could
  allow an attacker to overwrite a file named "/nonce"/, in a directory
  that the user running dbus-daemon can write, with a random value
  known only to the user running dbus-daemon. This is unlikely to be
  exploitable in practice, particularly since the nonce-tcp transport
  is really only useful on Windows.
  (fd.o #99828, Simon McVittie) (bsc#1025950)
  * Avoid symlink attacks in the "/embedded tests"/, which are not enabled
  by default and should never be enabled in production builds of dbus.
  (fd.o #99828, Simon McVittie) (bsc#1025951)
  * Work around an undesired effect of the fix for CVE-2014-3637
  (fd.o #80559), in which processes that frequently send fds, such as
  logind during a flood of new PAM sessions, can get disconnected for
  continuously having at least one fd "/in flight"/ for too long;
  dbus-daemon interprets that as a potential denial of service attack.
  The workaround is to disable that check for uid 0 process such as
  logind, with a message in the system log. The bug remains open while
  we look for a more general solution.
  (fd.o #95263, LP#1591411; Simon McVittie)
  * Don't run the test if X11 autolaunching
  was disabled at compile time. That test is not expected to work
  in that configuration. (fd.o #98665, Simon McVittie)
  * Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
  stable and Debian testing in addition to the older Ubuntu that is
  the default (fd.o #98889, Simon McVittie)
- A note for scripts bsc#974092 (remove sysvinit script) is already
  fixed here.
- Don't restart dbus on upgrade - Includes temporary work around
  for last version boo#1020301
- Add 0001-Add-RefuseManualStartStop.patch don't allow users to Manually
  start or stop dbus.
- Add systemd unit files to start session bus via systemd
- Added patch:
  * 0001-Drop-Install-sections-from-user-services.patch
    + remove install section from socket unit because it does not
    need to be enabled explicitly (see fdo#92402)
- Requires systemd >= 209 and drop the compatibility pkg-config
  names that don't exist in newer systemd
- Drop useless --with-pic which is only for static libs
- Abort installation when user/group creation fails
- Avoid calling %service_* more than once
- Build the dbus-1 package without X in the dbus-1.spec
- Move the dbus-launch.nox11 to the dbus-1 package and install
  it by default
- Build devel-doc package in dbus-1.spec and don't build any
  documentation in dbus-1-x11
- Make dbus-1-x11 package contains only the X11-enabled dbus-launch
- Fix some rpmlint warnings
- Delete the file, since maintaining it is
  more complicated then keeping in sync a dbus-1-x11.spec file of
  less then 120 lines
- Create new subpackage: dbus-1-nox11
  - contains dbus-launch without x11 support
- Rename dbus-launch to dbus-launch.x11
- use update-alternatives to switch between dbus-launch with and
  without X11
- Solves [bnc#934214]
- Update to 1.10.12
  * Security fixes:
    + Do not treat ActivationFailure message received from
    root-owned systemd name as a format string. In principle this
    is a security vulnerability, but we do not believe it is
    exploitable in practice, because only privileged processes can
    own the org.freedesktop.systemd1 bus name, and systemd does
    not appear to send activation failures that contain "/%"/.
    Please note that this probably *was* exploitable in dbus
    versions older than 1.6.30, 1.8.16 and 1.9.10 due to a missing
    check which at the time was only thought to be a denial of
    service vulnerability (CVE-2015-0245). If you are still
    running one of those versions, patch or upgrade immediately.
    (fdo#98157, bsc#1003898, Simon McVittie)
  * Other fixes:
    + Harden dbus-daemon against malicious or incorrect
    ActivationFailure messages by rejecting them if they do not
    come from a privileged process, or if systemd activation is
    not enabled (fdo#98157, Simon McVittie)
    + Avoid undefined behaviour when setting reply serial number
    without going via union DBusBasicValue (fdo#98035, Marc Mutz)
    + fail cleanly if autoconf fails (Simon McVittie)
- Moved dbus-run-session from dbus-1-x11 to dbus-1 (bdo#836296)
- Update to 1.10.10
  * Fixes:
    + On Linux, when dbus-daemon is run with reduced susceptibility
    to the OOM killer (typically via systemd), do not let child
    processes inherit that setting (fdo#32851;
    Kimmo Hämäläinen, WaLyong Cho)
    + Output valid shell syntax in ~/.dbus/session-bus/ if the bus
    address contains a semicolon (fdo#94746, Thiago Macieira)
    + Fix memory leaks and thread safety in subprocess starting on
    Windows (fdo#95191, Ralf Habacker)
    + Do not require systemd to have a service file if using it for
    activation (fdo#93194; Simon McVittie; backport from 1.11.0)
    + Stop test-dbus-daemon incorrectly failing on platforms that
    cannot discover the process ID of clients (fdo#96653,
    Руслан Ижбулатов)
    + In tests that exercise correct handling of crashing D-Bus
    services, suppress Windows crash handler (fdo#95155;
    Yiyang Fei, Ralf Habacker)
    + Explicitly check for stdint.h (Ioan-Adrian Ratiu)
    + update-activation-environment: produce better diagnostics on
    error (fdo#96653, Simon McVittie)
    + Don't fail the build with an unused const variable warning
    under gcc 6 (fdo#97282; Thomas Zimmermann, Simon McVittie)
    + Merge dbus-1.10-ci branch, containing backports from 1.11.0
    in build/test code to support continuous integration
    (fdo#93194, Simon McVittie)
  - Avoid -Wunused-label when compiling with libselinux but no
  - In development builds, allow OOM tests to be disabled as
  - Accept and ignore the --tap argument in all "/embedded
    tests"/, and run all automated tests with that argument for
    better diagnostics
  - Fix the systemd activation test under CMake by installing
    the required files
  - In Automake, fix shell syntax for installcheck-local with
    no DESTDIR
  - In Automake, don't try to run manual tests in installcheck
  - In CMake, don't run manual-tcp test as an automated test
  - Add build machinery
- Update to 1.10.8
  * Fixes:
    + Enable "/large file support"/ on systems where it exists:
    dbus-daemon is not expected to open large files, but it might
    need to stat files that happen to have large inode numbers
    (fdo#93545, Hongxu Jia)
    + Eliminate padding inside DBusMessageIter on 64-bit platforms,
    which might result in a pedantic C compiler not copying the
    entire contents of a DBusMessageIter; statically assert that
    this is not an ABI change in practice (fdo#94136, Simon
    + Document dbus-test-tool echo --sleep-ms=N instead of
    incorrect --sleep=N (fdo#94244, Dmitri Iouchtchenko)
    + Correctly report test failures in C tests from
    (fdo#93379; amit tewari, Simon McVittie)
    + When tests are enabled, run all the marshal-validate tests,
    not just the even-numbered ones (fdo#93908, Nick Lewycky)
    + Correct the expected error from one marshal-validate test,
    which was previously not run due to the above bug(fdo#93908,
    Simon McVittie)
- Update to 1.10.6
  * Fixes:
  - On Unix when running tests as root, don't assert that root
    and the dbus-daemon user can still call
    UpdateActivationEnvironment; assert that those privileged
    users can call BecomeMonitor instead (fdo#93036, Simon
  - On Windows, fix a memory leak in the autolaunch transport
    (fdo#92899, Simon McVittie)
  - On Windows Autotools builds, don't run tests that rely on
    dbus-run-session and other Unix-specifics (fdo#92899, Simon
- Update to 1.10.4
  * Changes between 1.10.2 and 1.10.4
  - Enhancements:
    + GetConnectionCredentials, GetConnectionUnixUser and
    GetConnectionUnixProcessID with argument
    "/org.freedesktop.DBus"/ will now return details of the
    dbus-daemon itself. This is required to be able to call
    SetEnvironment on systemd. (fdo#92857, Jan Alexander
  - Fixes:
    + Make UpdateActivationEnvironment always fail with
    AccessDenied  on the system bus. Previously, it was
    possible to configure it so root could call it, but the
    environment variables were not actually used, because the
    launch helper would discard them. (fdo#92857, Jan Alexander
    + On Unix with --systemd-activation on a user bus, make
    UpdateActivationEnvironment pass on its arguments to
    systemd's SetEnvironment method, solving inconsistency
    between the environments used for traditional activation
    and systemd user-service activation. (fdo#92857, Jan
    Alexander Steffens)
    + On Windows, don't crash if <syslog/> or --syslog is used
    (fdo#92538, Ralf Habacker)
    + On Windows, fix a memory leak when setting a DBusError from
    a Windows error (fdo#92721, Ralf Habacker)
    + On Windows, don't go into infinite recursion if we abort the
    process with backtraces enabled (fdo#92721, Ralf Habacker)
    + Fix various failing tests, variously on Windows and
    . don't test system.conf features (users, groups) that only
    make sense on the system bus, which is not supported on
    . don't call _dbus_warn() when we skip a test, since it is
    . fix computation of expected <standard_session_servicedirs/>
    . when running TAP tests, translate newlines to Unix format,
    fixing cross-compiled tests under Wine on Linux
    . don't stress-test refcounting under Wine, where it's
    really slow
    . stop assuming that a message looped-back to the test will
    be received immediately
    . skip some system bus tests on Windows since they make no
    sense there (fdo#92538, fdo#92721; Ralf Habacker, Simon
  * Changes between 1.10.0 and 1.10.2
  - Fixes:
    + Correct error handling for activation: if there are multiple
    attempts to activate the same service and it fails
    immediately, the first attempt would get the correct reply,
    but the rest would time out. We now send the same error
    reply to each attempt. (fdo#92200, Simon McVittie)
    + If BecomeMonitor is called with a syntactically invalid
    match rule, don't crash with an assertion failure, fixing a
    regression in 1.9.10. This was not exploitable as a denial
    of service, because the check for a privileged user is done
    first. (fdo#92298, Simon McVittie)
    + On Linux with --enable-user-session, add the bus address to
    the environment of systemd services for better backwards
    compatibility (fdo#92612, Jan Alexander Steffens)
    + On Windows, fix the logic for replacing the installation
    prefix in service files' Exec lines (fdo#83539; Milan Crha,
    Simon McVittie)
    + On Windows, if installed in the conventional layout with
    ${prefix}/etc and ${prefix}/share, use relative paths
    between bus configuration files to allow the tree to be
    relocated (fdo#92028, Simon McVittie)
    + Make more of the regression tests pass in Windows builds
    (fdo#92538, Simon McVittie)
  * Summary of major changes since 1.8.0:
  - The basic setup for the well-known system and session buses is
    now done in read-only files in ${datadir} (normally /usr/share).
  - AppArmor integration has been merged, with features similar to
    the pre-existing SELinux integration. It is mostly compatible
    with the patches previously shipped by Ubuntu, with one
    significant change: Ubuntu's GetConnectionAppArmorSecurityContext
    method has been superseded by GetConnectionCredentials and was
    not included.
  - The --enable-user-session configure option can be enabled
    by OS integrators intending to use systemd to provide a
    session bus per user (in effect, treating all concurrent
    graphical and non-graphical login sessions as one large session).
  - The new listenable address mode "/unix:runtime=yes"/ listens on
    $XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the
    systemd user session. libdbus and "/dbus-launch --autolaunch"/
    will connect to this address by default. GLib >= 2.45.3 and
    sd-bus >= 209 have a matching default.
  - All executables are now dynamically linked to libdbus-1.
    Previously, some executables, most notably dbus-daemon, were
    statically linked to a specially-compiled variant of libdbus.
    This results in various private functions in the _dbus
    namespace being exposed by the shared library. These are not
    API, and must not be used outside the dbus source tree.
  - On platforms with ELF symbol versioning, all public symbols
    are versioned LIBDBUS_1_3.
  * New bus APIs:
  - org.freedesktop.DBus.GetConnectionCredentials returns
    LinuxSecurityLabel where supported
  - org.freedesktop.DBus.Monitoring interface (privileged)
    . BecomeMonitor method supersedes match rules with eavesdrop=true,
    which are now deprecated
  - org.freedesktop.DBus.Stats interface (semi-privileged)
    . now enabled by default
    . new GetAllMatchRules method
  - org.freedesktop.DBus.Verbose interface (not normally compiled)
    . toggles the effect of DBUS_VERBOSE
  * New executables:
  - dbus-test-tool
  - dbus-update-activation-environment
  * New optional dependencies:
  - The systemd: pseudo-transport requires libsystemd or libsd-daemon
  - Complete documentation requires Ducktype and yelp-tools
  - Full test coverage requires GLib 2.36 and PyGI
  - AppArmor integration requires libapparmor and optionally libaudit
  * Dependencies removed:
  - dbus-glib
- Update to 1.8.20:
  * Fixes:
  - Fix a memory leak when GetConnectionCredentials() succeeds
    (fdo#91008, Jacek Bukarewicz)
  - Ensure that dbus-monitor does not reply to messages intended
    for others (fdo#90952, Simon McVittie)
- Account for openSUSE:Leap in the conditional for chosing right
  local state directories (boo#941352)
- Move common-begin sections around to make pre_checkin work again
- Unconditionally build with systemd features, there are no cycles
  now, systemd no longer buildrequires dbus-1-devel
- Update to 1.8.18:
  * Security hardening:
  - On Unix platforms, change the default configuration for the
    session bus to only allow EXTERNAL authentication (secure
    kernel-mediated credentials-passing), as was already done for
    the system bus.
    This avoids falling back to DBUS_COOKIE_SHA1, which relies on
    strongly unpredictable pseudo-random numbers; under certain
    circumstances (/dev/urandom unreadable or malloc() returns
    NULL), dbus could fall back to using rand(), which does not
    have the desired unpredictability. The fallback to rand() has
    not been changed in this stable-branch since the necessary
    code changes for correct error-handling are rather intrusive.
    If you are using D-Bus over the (unencrypted!) tcp: or
    nonce-tcp: transport, in conjunction with DBUS_COOKIE_SHA1
    and a shared home directory using NFS or similar, you will
    need to reconfigure the session bus to accept DBUS_COOKIE_SHA1
    by commenting out the <auth> element. This configuration is
    not recommended. (bsc#931066, fdo#90414, Simon McVittie)
  * Other fixes:
  - Add locking to DBusCounter's reference count and notify
    function (fdo#89297, Adrian Szyndela)
  - Ensure that DBusTransport's reference count is protected by
    the corresponding DBusConnection's lock (fdo#90312,
    Adrian Szyndela)
  - On Windows, listen on the same port for IPv4 and IPv6
    (previously broken by an endianness mistake), and fix a
    failure to bind TCP sockets on approximately 1 attempt in 256
    (fdo#87999, Ralf Habacker)
  - Correctly release DBusServer mutex before early-return if we
    run out of memory while copying authentication mechanisms
    (fdo#90021, Ralf Habacker)
  - Correctly initialize all fields of DBusTypeReader (fdo#90021,
    Ralf Habacker, Simon McVittie)
  - Fix some missing n in verbose (debug log) messages
    (fdo#90021, Ralf Habacker)
  - Clean up some memory leaks in test code (fdo#90021,
    Ralf Habacker)
- Sync changes from SLE12 conditionalized for suse_version <= 1315
- Update to 1.8.16:
  * Security fixes:
  - Do not allow non-uid-0 processes to send forged
    ActivationFailure messages. On Linux systems with systemd
    activation, this would allow a local denial of service:
    unprivileged processes could flood the bus with these forged
    messages, winning the race with the actual service activation
    and causing an error reply to be sent back when service
    auto-activation was requested. This does not prevent the real
    service from being started, so it only works while the real
    service is not running. (CVE-2015-0245, fdo#88811, bnc#916343;
    Simon McVittie)
  * Other fixes:
  - fix a Windows build failure (fdo#88009, Ralf Habacker)
  - on Windows, allow up to 8K connections to the dbus-daemon
    instead of the previous 64, completing a previous fix which
    only worked under Autotools (fdo#71297, Ralf Habacker)
- Update to 1.8.14
  * Security hardening:
  - Do not allow calls to UpdateActivationEnvironment from uids
    other than the uid of the dbus-daemon. If a system service
    installs unsafe security policy rules that allow arbitrary
    method calls (such as CVE-2014-8148) then this prevents
    memory consumption and possible privilege escalation via
    We believe that in practice, privilege escalation here is
    avoided by dbus-daemon-launch-helper sanitizing its
    environment; but it seems better to be safe.
  - Do not allow calls to UpdateActivationEnvironment or the
    Stats interface on object paths other than
    /org/freedesktop/DBus. Some system services install unsafe
    security policy rules that allow arbitrary method calls to
    any destination, method and interface with a specified object
    path; while less bad than allowing arbitrary method calls,
    these security policies are still harmful, since dbus-daemon
    normally offers the same API on all object paths and other
    system services might behave similarly.
  * Other fixes:
  - Add missing initialization so GetExtendedTcpTable doesn't
    crash on Windows Vista SP0 (fdo#77008, Ilya A. Tkachenko)
- Update to 1.8.12:
  * Fixes:
  - Partially revert the CVE-2014-3639 patch by increasing the
    default authentication timeout on the system bus from 5
    seconds back to 30 seconds, since this has been reported to
    cause boot regressions for some users, mostly with parallel
    boot (systemd) on slower hardware.
    On fast systems where local users are considered particularly
    hostile, administrators can return to the 5 second timeout
    (or any other value in milliseconds) by saving this as
    <limit name="/auth_timeout"/>5000</limit>
    (fdo#86431, Simon McVittie)
  - Add a message in syslog/the Journal when the auth_timeout is
    exceeded (fdo#86431, Simon McVittie)
  - Send back an AccessDenied error if the addressed recipient is
    not allowed to receive a message (and in builds with
    assertions enabled, don't assert under the same conditions).
    (fdo#86194, Jacek Bukarewicz)
- Update to 1.8.10:
  * Security fixes:
  - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
    so that CVE-2014-3636 part A cannot exhaust the system bus'
    file descriptors, completing the incomplete fix in 1.8.8.
    (CVE-2014-7824, fdo#85105; Simon McVittie, Alban Crequy)
- remove CFLAGS setting, -fstack-protector is default and -fPIC
  will be auto-selected.
- Split out dbus-binding-tool in own sub-package.
- Update to version 0.108:
  + Use dbus-run-session instead of dbus-launch for tests.
- Changes from version 0.106:
  + Stop testing G_HAVE_INLINE, which ceased to work in GLib 2.47.2
    and wasn't meant to be API anyway. Instead, rely on "/static
    inline"/ doing the right thing. On pre-C99 compilers, this
    relies on <glib.h> defining inline to __inline, __inline__ or
    the empty string if the compiler requires it, which it has done
    since 2000. (fdo#93513).
  + Stop calling g_mem_profile() in the tests, which no longer does
    anything and caused the tests to fail by issuing a warning.
  + Slightly modernize build system, and remove a weird
    cross-directory dependency which was breaking distcheck.
  + Stop distributing generated marshallers in the tarball.
- Run spec-clean, modernize spec-file macros and also drop a no
  longer conditional dbus-1-glib-64bit Obsoletes.
- Update to version 0.104:
  + Deprecations: Document the entire library as deprecated.
  + Dependencies:
  - libdbus 1.8 is required.
  - GLib 2.32 is required.
  + Enhancements:
  - The libdbus 1.8 dependency means we can now document that
    dbus_g_thread_init() is idempotent and thread-safe
  - Use g_cclosure_marshal_generic for all marshalling
  + Fixes:
  - Allow timeouts to be migrated from one main context to
    another without an assertion failure (fdo#30574).
  - Don't trip a libdbus fatal warning if a Unix fd or other
    unsupported type is encountered in a message (fdo#80557).
  - Make the tests pass with newer GLib by not removing removed
    sources (fdo#83530).
  - Fix some typos in the documentation (fdo#45686).
  - Make the Autotools setup less awful (fdo#58698).
- Update to version 0.102:
  + Enhancements:
  - Add dbus_g_method_invocation_get_connection (fdo#55729).
  - Add dbus_g_connection_open_private (fdo#55730).
  - Better regression tests (fdo#23633, fdo#40711, fdo#41129,
    fdo#51511, fdo#68603).
  - Get rid of more dead code (fdo#40711).
  - dbus-binding-tool: check validity of names (fdo#7909).
  + Bugs fixed:
  - dbus_g_value_build_g_variant: treat GValues containing
    (G_TYPE_STRING, NULL) or (G_TYPE_STRV, NULL) as empty string
    or empty array instead of asserting (fdo#71811).
  - Upload documentation correctly.
  - Fix under-linking (fdo#68601).
- Remove the exacutable bit from
- Update to version 0.100.2:
  + Respin tarball.
- Update to version 0.100.1:
  + dbus-gproxy: Verify sender of NameOwnerChanged signals to be
    o.f.DBus (CVE-2013-0292, bnc#804392).
  + Some cleanups.
  + Other bugs fixed: fdo#23633, fdo#40711, fdo#55729, fdo#55730.
- Update to version 0.100:
  + Enhancements:
  - Support building on Android with androgenizer
  - Respect NOCONFIGURE=1 in
  + Fixes:
  - Fix several GVariant reference leaks in
    dbus_g_value_parse_variant (fdo#41125)
  - Don't crash if an error code is out of range for its domain
    or has a negative code (fdo#40151)
  - Fix compilation with -Werror=format-security
  - Don't crash if dbus_g_proxy_new_for_peer() is used to talk to
    the dbus-daemon (fdo#41126)
- Further dependency changes: Let dbus-1-glib-devel require
  dbus-1-devel (implicitly pulls dbus-1).
- Fix and loosen dependency towards dbus-1. Reported by Andreas
  Jaeger <>.
- license update: AFL-2.1 or GPL-2.0+
  License is a dual license choice of either Academic Free License 2.1 or
  GNU GPL 2+. This is the SPDX format for that license
- Update to version 0.98:
  + Fix the documentation, a lot. We have nearly 100% coverage now.
  + In specialized collection iterators, check that the type is
    correct; g_critical and return harmlessly, rather than
    crashing, if not
  + If library users register specialized GTypes, warn if their
    vtables have missing callbacks which would cause accessors to
  + Fix production of documentation out-of-tree with newer gtk-doc
  + Simplify invoke_object_method() and OOM handling in
    dbus-gobject (fdo#35767)
- Changes from version 0.96:
  + Fix a regression in marshalling GObject instances as object
    paths, which broke NetworkManager (fdo#37852, deb#628890)
  + Fix crashes when sending a message when disconnected from D-Bus
    but still working through our backlog of incoming messages,
    similar to fdo#12675 (fdo#38406)
  + Cope more gracefully, with a critical warning instead of a
    memory leak, if programmer error causes G_VALUE_COLLECT to fail
    (fdo#38406, nokia#86280, nokia#180486)
  + Avoid an assertion failure when unregistering a proxy if
    GetNameOwner failed (fdo#38408, nokia#116862)
  + Don't report various programmer errors as "/out of memory"/;
    raise suitable critical warnings instead, and don't leak memory
    (fdo#35767, fdo#35766)
  + If a remote process sends a wrong method call on the Properties
    interface, send back an error reply, instead of warning on
    stderr and not replying (fdo#35766)
  + Show a warning if dbus_g_method_return fails to marshal
    something (fdo#29884, nokia#180486)
  + Remove remnants of i18n (fdo#36428)
  + Remove dead code (nokia#180486)
- Drop dbus-1-glib-fix-marshalling-regression.patch: fixed
- cross-build fix: use host's dbus-binding-tool
- Remove redundant tags/sections from specfile
  (cf. packaging guidelines)
- Add dbus-1-glib-devel to baselibs
- Add dbus-1-glib-fix-marshalling-regression.patch: this fixes a
  regression causing issues in NetworkManager; taken from git.
- Update to version 0.94:
  + Check validity of more arguments, don't report "/out of memory"/
    or "/should not have been reached"/ if an invalid string or
    boolean is given, and abandon broken containers more gracefully
  + Allow underscores in error names (fdo#30274)
  + If an object is on more than one connection, emit signals on
    all of them; if it's unregistered, only unregister it from the
    requested connection (fdo#32087)
  + Fix ability to switch a DBusConnection from one GMainContext to
    another (fdo#35115)
  + Forbid a ReturnVal annotation after the first OUT <arg>, which
    had never worked correctly anyway (fdo#35952)
  + Remove false claim that we use Introspect() at runtime, and
    document more error cases (fdo#36216)
  + Remove unused support for translated messages (fdo#36428)
  + Don't corrupt internal data if a GObject is registered twice on
    the same (connection, path) tuple, and fix out-of-bounds
    reading (fdo#36793)
  + Fix multiple signal emissions if an object is removed from all
    of its locations then re-exported, and a memory leak if an
    exported object is disposed (fdo#36811)
  + Log the error message if object registration fails (fdo#37795)
  + Several small fixes.
  + Remove Doxygen support (as gtk-doc is used) (fdo#10890)
  + Build fixes.
  + Bugs fixed: fdo#22667, fdo#22854, fdo#23616, fdo#26952,
    fdo#27193, fdo#27598, fdo#29884, fdo#32351, fdo#33145,
    fdo#33646, fdo#34282, fdo#37060, fdo#37062, fdo#37789,
    fdo#37790, fdo#37812.
- Update to version 0.92:
  + Require glib 2.26: this dependency bump was missed in 0.90.
- Update to version 0.90:
  + Add DBusGObjectPath, DBusGSignature typedefs
  + Give specialized GArrays iteration/appending support
  + fdo#30428: add dbus_g_value_parse_g_variant
  + Fix switching a connection's GMainContext
  + Various small fixes
- Update to version 0.88:
  + Allow duplicate object path registrations for different
  + Don't use the identifier "/interface"/ in public headers
  + Don't pass malformed error interface to dbus (rh#581794)
  + Fix a crash in dbus_pending_call_cancel() (fdo#14579)
  + Fix lookup of regular properties when shadow properties are
  + fdo#28715: Add dbus_g_value_build_g_variant()
  + Respect property access flags for writing, allow disabling for
  + Documentation improvements
  + Build fixes, especially for windows
- Drop bug-628607-access-flags-CVE-2010-1172.diff: fixed upstream.
- honor access properties from xml file (CVE-2010-1172, bnc#628607)
- use %_smp_mflags
- Update to version 0.86:
  + core: allow duplicate property names on GInterfaces
  + core: performance optimization for object info lookup
  + Fix hyphenated error codes correctly
  + Free errors returned by method implementations
  + Trivial compiler warning fixes
  + Use AM_SILENT_RULES if available
  + Turn the gtk-doc documentation into buildable shape
- Update to version 0.84:
  + Support duplicate object registrations
  + Only re-set registration list if it's non-empty
  + Copy object registration list when unregistering.
  + fdo#19623 - Add dbus_g_bus_get_private
  + fdo#25119 - Don't leak DBusGMethodInvocation for no-reply calls
  + Import dbus-bus-introspect.xml upstream
  + dbus-gvalue: set an error when demarshal_basic doesn't
    recognize type
  + Man page fixes.
- add baselibs.conf as a source
- package documentation as noarch
- Update to version 0.82:
  + Fix format-security warning
  + Use -fno-strict-aliasing by default
  + fdo#14183 - Listen to NameOwnerChanged using arg0 matching
  + Use g_strdup instead of strdup in dbus_g_method_get_sender
  + fdo#13908: make dbus_g_type_specialized_init() safe for library
    users to call
  + fdo#16776: teach dbus_g_method_return_error about DBUS_GERROR
  + fdo#20884: dbus_g_proxy_manager_replace_name_owner: don't leave
    freed memory in the hash table if the name was the owner's
  + dbus_g_type_specialized_init: make some effort at being
  + add --with-dbus-binding-tool configure option to use an
    external dbus-binding-tool
  + fdo#5688: don't assert when exported object is destroyed
  * after* D-Bus connection closes
  + fdo#21219: implement unregistration of objects
  + dbus-gobject: save the ObjectRegistration on each object, not
    just the path
  + fdo#20879 - Use --skip-source argument for glib-genmarshal
  + fdo#19927 - Use const for GError * param we're not modifying
  + fdo#13908: silently initialize specialized types whenever
  + fdo#21362 - Remove use of deprecated symbols
  + fdo#21753 - Correctly initialize GValues in dbus-binding-tool
    generated code
  + fdo#22244 - Only include <glib.h>, not individual headers
  + fdo#20343 - Add a man page for dbus-binding-tool
  + fdo#18294 - Be defensive about a possibly NULL property string
  + Various build fixes.
- Remove AutoReqProv: it's default now.
- Remove -fno-strict-aliasing from our custom CFLAGS since it's by
  default now.
- Drop dbus-1-glib-selinux.patch: unneeded now.
- Drop marshall-skip-source.patch: fixed upstream.
- Use libexecdir whenever possible.
- Remove Requires from doc package since it's purely html files.
- Do not add source file name as comment for glib-genmarshall Aufruf.
  This creates otherwise files with temporary filenames that make
  comparison of builds impossible (marshall-skip-source.patch)
- Update to 2.37
  * Changes from 2.36 to 2.37
  * Fix issue with empty glyphs in condensed typefaces in the released source files.
  * Changes from 2.35 to 2.36
  * Math: added DejaVu Math Tex Gyre by B. Jackowski, P. Strzelczyk and P. Pianowski (on behalf of TeX users groups)
  * Sans: removed dot of U+06BA in all forms
  * Sans: fixed position of three dots of U+06BD in init and medi forms (by Denis Jacquerye)
  * Sans: corrected direction of contours in U+05E7 (by Lior Halphon]])
  * Sans: added U+1F643 (by Olleg Samoylov)
  * Serif: moved up U+0360-0361 (by Gee Fung Sit 薛至峰]])
  * Serif: increased spacing of Roman numerals U+2161-2163, U+2165-2168, U+216A-216B (by Gee Fung Sit 薛至峰)
  * Serif: fixed anchor position of U+00E6 (by Gee Fung Sit 薛至峰)
  * Sans: fixed vertical position of U+20BA (by Gee Fung Sit 薛至峰)
  * Sans, Serif: fixed glyph height of Block Elements (by Gee Fung Sit 薛至峰)
  * Sans, Serif: added U+A698-A699 (by Gee Fung Sit 薛至峰)
  * Sans, Mono, Serif: added U+037F (by Gee Fung Sit 薛至峰)
  * Mono: added U+0376-0377, U+037B-037D (by Gee Fung Sit 薛至峰)
  * Serif: removed duplicate point from U+1D05 (by Gee Fung Sit 薛至峰)
  * Mono: added U+20BA, U+20BD (by Gee Fung Sit 薛至峰)
  * Sans: Added moon symbols U+1F311-1F318 (by Ben Laenen)
- Update to 2.35:
  * For details see:
- Update to 2.34:
  * This release includes the addition of Lisu, an update of Georgian,
    the addition of some symbols and the addition and modification
    of several Latin characters.
  * Sans, SansMono, Serif: unlinked references of U+2596 for bug 50848
  * Sans, SansMono, Serif: added U+A7AA
  * Sans, SansMono, Serif: added U+2A6A, U+2A6B, U+2E1F based on U+223B
  * Sans, Serif: removed superfluous ligature definitions for
    ffl und ffi (bug 55363)
  * Sans, Serif: swapped glyphs for U+25D2 and U+25D3 (bug 55197)
  * Sans, Serif: added U+A740, U+A741
  * Sans: added U+20BA Turkish Lira sign
  * Sans: replaced Georgian Asomtavruli U+10A0-U+10C5 and Mkhedruli
    U+10D0-U+10FC with new version
  * Sans: added Georgian Nuskhuri U+2D00-U+U+2D25
  * Sans: added Private Use Area glyphs for Georgian U+F400-U+F441
  * Sans: tweaked U+0250, U+0254
  * Sans: adjusted hinting of U+032C-U+032D, avoiding problem on
    some platforms
  * Sans: added U+A7A0-U+A7A9, pre-1921 Latvian letters with
    oblique stroke
  * Sans: added anchors to U+2C6D
  * Sans: added cedilla anchor to some Latin characters
  * Sans: added ogonek anchor to A, E, O, U, Y
  * Sans: adjusted ogonek reference in U+0172, U+01EA, U+01EB
  * Sans: added anchors to U+0104, U+0105
  * Sans: added U+1F600, U+1F611, U+1F615, U+1F617, U+1F619,
    U+1F61B, U+1F61F, U+1F626-U+1F627, U+1F62E-U+1F62F, U+1F634
  * Sans: replaced U+27A1 with mirror image of U+2B05 for consistency
  * Sans: copied hints from U+14A3, U+14A7 to U+2142-U+2143
  * Sans: added Lisu block
  * Sans: typographical improvements to U+0166-U+0167, U+02A6, U+02AA
  * Sans: slightly change hinting of "/2"/ to fix bug 37395
  * Sans: fixed U+1444 which had wrong top dot that shouldn't be there
  * Sans: added anchors for diacritics to U+01B7, U+01B8, U+01B9, U+0292
  * Sans: added U+01B7, U+01B8 to context for case diacritics above
  * SansMono: fixed U+0574
  * SansMono: added U+2016, U+27C2
  * SansMono: added U+02CE, U+02CF
  * SansMono: added U+2148, U+27E6-U+27E7, U+2B05-U+2B0D, U+1D55A
  * Serif: added U+02BA, U+02C2-U+02C5, U+02CA-U+02CB, U+02D7, U+02F3,
    U+02F7, U+046C-U+046D, U+0476-U+0477, U+1D7C-U+1D7F, U+20B8, U+2132,
    U+214E, U+2C7B to Serif
  * Serif: typographic improvements to U+0194, U+01B1, U+0263, U+028A,
    U+02A6, U+02A8, U+02AA, U+02E0, U+03DC, U+1D3B, U+1D7B
  * Serif: added small cap versions of q, x (in italic styles), delta,
    theta, xi, sigma, phi, omega, not wired in yet
  * Serif: added anchors to U+0234-U+0236
  * Serif: added U+02EC, U+02EF, U+02F0, U+0360
- Added url as source.
  Please see
- amend spec file to reflect new font packaging scheme
  (see openFATE#313536);
- call spec-cleaner
- license update: SUSE-Permissive
  Use this SPDX proprietary extension tag until upstream SPDX adopts a
  permissive category
- Renamed dejavu -> dejavu-fonts according to
  openSUSE packaging guidelines and FATE#313035
  Adjusted Obsoletes and Provides accordingly
- Remove redundant tags/sections from specfile
  (cf. packaging guidelines)
- update to version 2.33
  * added Old Italic block to Sans
  * added U+051E, U+051F to Sans
  * added U+01BA, U+0372-U+0373, U+0376-U+0377, U+03CF, U+1D00-U+1D01,
    U+1D03-U+1D07, U+1D0A-U+1D13, U+1D15, U+1D18-U+1D1C, U+1D20-U+1D2B,
    U+1D2F, U+1D3D, U+1D5C-U+1D61, U+1D66-U+1D6B, U+1DB8, U+1E9C-U+1E9D,
    U+1EFA-U+1EFB, U+2C60-U+2C61, U+2C63, U+A726-U+A73C, U+A73E-U+A73F,
    U+A746-U+A747, U+A74A-U+A74B, U+A74E+U+A74F, U+A768-U+A769,
    U+A77B-U+A77C, U+A780-U+A787, U+A790-U+A791, U+A7FA-U+A7FF to Serif
  * added alternate forms to U+014A and U+01B7 in Serif
  * typographical improvements to U+0166-U+0167, U+0197, U+01B5-U+01B6,
    U+01BB, U+0222-U+0223, U+023D, U+0250-U+0252, U+026E, U+0274, U+028F,
    U+029F, U+02A3-U+02A5, U+02AB, U+03FE-U+03FF, U+1D02, U+1D14,
    U+1D1D-U+1D1F, U+1D3B, U+1D43-U+1D46, U+1D59, U+1D9B, U+2C71, U+2C73 in Serif
  * fixed bugs #31762 and #34700 plus other small fixes
    (wrong direction, duplicate points, etc.) for Sans and Serif
  * added U+204B to Mono
  * added U+26E2 to Sans
  * added Playing Cards block (U+1F0A0-U+1F0DF) to Sans
  * emoticons in Sans: replace U+2639-U+263B with better versions,
    add U+1F601-U+1F610, U+1F612-U+1F614, U+1F616, U+1F618,
    U+1F61A, U+1F61C-U+1F61E, U+1F620-U+1F624, U+1F625,
    U+1F628-U+1F62B, U+1F62D, U+1F630-U+1F633, U+1F635-U+1F640
  * added U+A78E, U+A790-U+A791 to Sans and Mono
  * added U+A7FA to Sans
  * subscripts: added U+2095-U+209C to Sans, Serif and Mono,
    adjusted U+1D49-U+1D4A in Sans and Mono
  * added U+0243 to Mono
  * adjusted U+0307 to match dot of i, replaced dotaccent U+02D9 with
    U+0307 in most dependencies in Sans
  * adjusted anchors of f and added them to long s in Sans
  * added anchors to precomposed dependencies of D and d
  * added debug glyphs U+F002 and U+F003 which will show current point size
  * use correct version for Serbian italic be
  * added pictograms U+1F42D-U+1F42E, U+1F431, U+1F435
  * improved Hebrew in Sans
  * improved Armenian in Sans, and added Armenian in Serif and Mono
  * remove "/locl"/ feature for Romanian for S/T/s/t with cedilla/comma accent
  * replace wrong "/dflt"/ script tag in Mono with "/DFLT"/
- updated to version 2.32:
  * added to Sans: Latin small letter p with stroke (U+1D7D),
  Latin capital letter p with stroke through descender (U+A750),
  Latin small letter p with stroke through descender (U+A751),
  Latin capital letter thorn with stroke (U+A764),
  Latin small letter thorn with stroke (U+A765),
  Latin capital letter thorn with stroke through descender (U+A766),
  Latin small letter thorn with stroke through descender (U+A767),
  Latin capital letter q with stroke through descender (U+A756),
  Latin small letter q with stroke through descender (U+A757),
  Latin capital letter p with flourish (U+A752),
  Latin small letter p with flourish (U+A753)
  * add new Indian rupee symbol (U+20B9) to Sans, Serif and Mono
  * Sans: adjusted U+0E3F, U+20AB, U+20AD-U+20AE, U+20B1, U+20B5, U+20B8
  to have them take up the same width as digits
  * added U+23E8 to Sans
  * fixed numerous bugs (#22579, #28189, #28977, N'Ko in Windows, fixed U+FB4F,
  anchors for U+0332-U+0333, made extensions in Misc. Technical connect,
  and other small fixes)
  * added looptail g as stylistic variant to Serif
  * added the remaining precomposed characters in Latin Extended Additional
  in Serif
  * added Georgian Mkhedruli (U+10D0-U+10FC) to Sans ExtraLight
  * fix spacing in hinting of U+042E in Mono
  * replaced U+2650 and minor changes to U+2640-U+2642, U+2699,
  U+26A2-U+26A5, U+26B2-U+26B5, U+26B8 in Sans
  * added U+1E9C-U+1E9D, U+1EFA-U+1EFB, U+2028-U+2029, U+20B8, U+2150-U+2152,
  U+2189, U+26C0-U+26C3, U+A722-U+A725, U+1F030-U+1F093 to Sans
  * added U+1E9C-U+1E9E, U+1EFA-U+1EFB, U+2028-U+2029, U+20B8, U+2181-U+2182,
  U+2185 U+A722-U+A725, to Sans ExtraLight
  * added U+20B8, U+22A2-U+22A5, U+A722-U+A725 to Mono
  * added U+02CD, U+01BF, U+01F7, U+0222-U+0223, U+0243-U+0244, U+0246-U+024F,
  U+2150-U+2152, U+2189, U+239B-U+23AD and U+A73D to Serif
- updated to version 2.31:
  * Fixed bug where Serif Condensed Italic wouldn't get proper subfamily tags
  * Added math operators U+2234-U+2237 to Mono
  * Removed buggy instructions of U+032D
  * added U+2C70, U+2C7E, U+2C7F to Sans and Sans Mono
  * added U+2C7D to Sans Mono
  * added U+2C6D, U+2C70-2C73, U+2C7E-2C7F to Serif
  * added extremas to alpha U+03B1 in Serif-Italic
  * added U+4A4, U+4A5 to Mono
  * added Arabic letters U+0657, U+0670, U+0688-U+0690, U+0693-U+0694,
  U+0696-U+0697, U+0699-U+06A0, U+06A2-U+06A3, U+06A5, U+06A7-U+06A8,
  U+06AA-U+06AE, U+06B0-U+06B4, U+06B6-U+06B9, U+06BB-U+06BE and their
  contextual forms to Sans
  * added U+A78D LATIN CAPITAL LETTER TURNED H for coming Unicode 6.0
- removed unnecessary buildrequires for too old distros
- updated to version 2.30:
  * added U+0462-U+0463 to Mono
  * corrected U+1E53 in Serif
  * added U+1E4C-U+1E4D to Mono and Serif
  * added U+1E78-U+1E79 to Mono
  * fixed missing diacritics in Latin Extended Additional in Sans ExtraLight
  * fixed anchors on U+1E78 in Serif
  * added U+1DC4-U+1DC9 to Serif
  * renamed above-mark to above-mark in Serif-Italic
  * added U+1DC4-U+1DC9 to context class for dotless substitution
  * changed Doubleacute to Doublegrave in Sans ExtraLight
  * removed redundant reference in U+01FB in Sans Oblique
  * added U+A726-U+A727 to Mono
  * changed U+04BE and U+04BF according to recommedations of Sasha Ankwab in Sans
  * remove "/Symbol Charset"/ from set of codepages in Sans
- updated to version 2.29:
  * modified U+10FB in Sans to be a mirror image of U+2056
  * added U+2B1F, U+2B24, U+2B53, U+2B54 in Sans
  * fixed TUR opentype language tag to TRK in Serif (bug 19825)
  * early implementation of Abkhaz letter U+0524-U+0525 in Sans
  * flipped U+1D538 in Sans
  * added U+26B3-U+26B8, U+1D7D8-U+1D7E1 in Sans
  * corrected U+1D7A9 in Sans Bold Oblique
  * Fixed U+0649 to be dual-joining in Sans Mono
  * Remove unnecessary 'isol' feature from Sans Mono
  * Remove 'cmap' mappings for U+066E, U+066F, U+067C, U+067D, U+0681,
  U+0682, U+0685, U+0692, U+06A1, U+06B5, U+06BA, U+06C6, U+06CE,
  and U+06D5 in Sans Mono (bug 20323)
  * add half brackets (U+2E22 - U+2E25, by Steve Tinney)
- Make python2 and python3 conditional to ensure we can build with
  python3 only
- Correct provides/obsoletes for python2 subpackage
- Build python3 bindings as well
- Rename python2 subpackage to name consistent with current python
- Drop patch.sles8 - there does not seem to be any reason for it
- update to version 3.6.1
  - remove upstreamed patch deltarpm-zlibcppflags.diff
  - fix off-by-one error in delta generation code (bnc#948504)
    This could lead to a segfault in rare circumstances.
  - Return error rather than crashing if we can't allocate memory
  - add newline in missing prelink error
  - do not finish applydeltarpm jobs when in the middle of a request
  - fix zlibcppflags typo
- update to deltarpm-3.6
  * fixes failing applydeltarpm with gzip -9 compression
  * adds a couple of manpages
- Package binary Python module, python-deltarpm isn't noarch any more
- Run spec-cleaner
- Add python-deltarpm subpackage
- cross-build fix: use %__cc macro
- Remove redundant tags/sections from specfile
  (cf. packaging guidelines)
- Use %_smp_mflags for parallel build
- update to current git to get support for the '-m' option,
  which limits memory consumption
- adapt to rpm-4.7 lzma level change
- update to version 3.5
- no changes, just patch integration
- Oops, when upgrading to 4.3.6-P1 in 2018 only isc_version was
  bumped, but not the RPM package version.
- CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A buffer
  overrun in lease file parsing code can be used to exploit a
  common vulnerability shared by dhcpd and dhclient.
- bsc#1185157:
  Use /run instead of /var/run for PIDFile in dhcrelay.service.
- bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch:
  DHCPv6 server crashes regularly.
- Add compile option --enable-secs-byteorder to avoid duplicate
  lease warnings [bsc#1089524].
- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and
  dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
- Update to dhcp-4.3.6-P1:
  * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
  * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
  * Plugged a socket descriptor leak in OMAPI
  * The server now allows the client identifier (option 61) to own
    leases in more than one subnet concurrently [ISC-Bugs #41358].
  * When replying to a DHCPINFORM, the server will now include
    options specified at the pool scope, provided the ciaddr field
    of the DHCPINFORM is populated.
    [ISC-Bugs #43219] [ISC-Bugs #45051].
  * When memory allocation fails in a repeated way the process
    writes "/Run out of memory."/ on the standard error and exists
    with status 1  [ISC-Bugs #32744].
  * The new lmdb (Lightning Memory DataBase) bind9 configure
    option is now disabled by default to avoid the presence of
    this library to be detected which can lead to a link failure.
    [ISC-Bugs #45069]
  * The linux interface discovery code has been modified to use
    getifaddrs() as is done for BSD and OS-X.
    [ISC-Bugs #28761] and others.
  * Fixed a bug in OMAPI that causes omshell to crash when a
    name-value pair with a zero length value is shipped in an
    object [ISC-Bugs #29108].
  * On 64-bit platforms, dhclient now generates the correct value
    for the script environment variable, "/expiry"/, the lease
    expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
  * Common timer logic was modified to cap the maximum timeout
    values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
  * DHCP6 FQDN option unpacking code now correctly handles values
    that contain spaces, special, or non-printable characters.
    [ISC-Bugs #43592]
  * When running in -6 mode, dhclient can enforce the require
    option statement and will discard offered leases that do not
    contain all the required options specified in the client
    configuration [ISC-Bugs #41473].
  * Altered DHCPv4 lease time calculation to avoid roll over
    errors on 64-bit OS systems when using -1 or large values
    for default-lease-time [ISC-Bugs #41976],
  * Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169].
  * The server nows checks both the address and length of a
    prefix delegation when attempting to match it to a prefix
    pool [ISC-Bugs #35378].
  * Modified DDNS support initialization such that DNS related
    ports will only be opened by the server (dhcpd) at startup
    if ddns-update-style is not "/none"/; by dhclient only if and
    when the it first attempts an update; and never by dhcrelay.
    [ISC-Bugs #45290] [ISC-Bugs #33377]
  * Added error logging to two memory allocation failure checks.
    [ISC-Bugs #41185]
  * Corrected a dhclient -6 issue that caused the client to crash
    with an "/Impossible condition"/ error after de-preferencing its
    only IA binding [ISC-Bugs #44373].
  * By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h,
    dhclient will now call the script with reason set to FAIL when
    run with -1 (one try) and there are no server responses.
    [ISC-bugs #18183]
  * The server now detects failover peers that are not referenced
    in at least one pool when run with the command line option for
    test mode, -T [ISC-Bugs #29892].
  * Linux script updated [ISC-bugs #19430] [ISC-bugs #18111].
  * Changed severity of the log message indicating UDP checksum
    errors in the received packets from 'info' to 'debug'.
    [ISC-bugs #41757]
  * Corrected a bug which could cause the server to sporadically
    crash while loading lease files with the lease-id-format is
    set to "/hex"/ [ISC-Bugs #43185].
- Obsoleted patches:
  * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
  * 0019-dhcp-4.2.4-P1-interval.patch
  * 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
  * 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
- Optimized if and when DNS client context and ports
  are initted (bsc#1073935)
- Plugs a socket descriptor leak in OMAPI(bsc#1076119, CVE-2017-3144)
  [ +0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch]
- add PIDFile= setting to dhcrelay.service, without this systemd
  stops the service immediately after starting
- Drop old sysvinit support from the spec file. All the supported
  openSUSE distributions are systemd based so there isn't much point
  in keeping sysvinit support and files around.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Replace net-tools Requires in dhcp-client with hostname on
  suse_version >= 1330 (CODE15): net-tools does no longer provide
  any tool referenced by dhclient-script, but we require hostname
  (which is also a dependency to net-tools, thus hiding the issue).
- use .gz year instead of current one to make build reproducible
- fixed a typo in nis-servers option name breaking the config file introduced
  in previous change to workaround issues in NetworkManager parser.
- Update to dhcp-4.3.5
  - Corrected a bug which could cause the server to sporadically crash while
    loading lease files with the lease-id-format is set to "/hex"/.  Our thanks
    to Jay Ford, University of Iowa for reporting the issue.
    [ISC-Bugs #43185]
  - Eliminated a noisy, but otherwise harmless debug log statment that may
    appear during server startup when building with --enable-binary-leases
    and configuring multiple pools in a shared network.  Thanks to Fernando
    Soto from BlueCat Networks for reporting the issue and supplying a patch.
    [ISC-Bugs #43262]
  - Fixed util/ error handling.
    [ISC-Bugs #41973]
  - Correct error message in relay to use remote id length instead
    of circuit id length.
    [ISC-Bugs #42556]
  - Add logic to test directory Makefiles to avoid copying Attfile(s)
    when building within the source tree.  This eliminates a noisy but
    otherwise harmless error message when running "/make check"/.
    [ISC-Bugs #41883]
  - Leases are now scrubbed of certain prior use information when pool
    re-balancing reassigns them from one FO peer to the other.  This
    corrects an issue where leases that were offered but not used
    by the client retained the client hostname from the original
    client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
    for reporting the issue.
    [ISC-Bugs #42008]
  - In the LDAP code and schema add some missing '6' characters to use
    the v6 instead of the v4 versions.  Thanks to Denis Taranushin for
    reporting this issue and supplying its patch.
    [ISC-Bugs #42666]
  - Correct how the pick-first-value expression is written to a lease
    file.  Previously it was written as a concat expression due to
    a cut and paste error.
    [ISC-Bugs #42253]
  - Modify the DDNS code to clean up the PTR record even if there
    are issues while cleaning up the A or AAAA records.
    [ISC-Bugs #23954]
  - Added global configuration parameter, abandon-lease-time, which determines
    the amount of time a lease remains abandoned.  The default is 84600 seconds.
    Additionaly, the server now conducts a ping check (if ping checks are
    enabled) prior to offering an abandoned lease to client.  Our thanks to
    David Zych at University of Illinois for reporting the issue and working
    with us to produce a viable solution.
    [ISC-Bugs #41815]
  - Correct handling of interface names during interface discovery. This
    addresses an issue where interface names of 15 characters in length
    could lead to crashes or interface recognition errors during startup
    of dhcpd, dhclient, and dhcrelay.
    [ISC-Bugs #42226]
  - Updates to contrib/ to make it more friendly.
    The updates are: looking for the lease file in more places and skipping
    the "/processing complete"/ output when creating machine readable
    output.  Thanks to Cameron Paine (cbp at null dot net) for the
    [ISC-Bugs #42113]
  - When reusing a lease for dhcp-cache-threshold return the hostname
    to the original lease.  Also if the host pointer, UID or hardware address
    change don't allow reuse of the lease.
    Thanks to Michael Vincent for reporting this and helping us
    verify the problem and fix.
    [ISC-Bugs #42849]
  - Change dmalloc to use a size_t as the length argument to bring it
    in line with the call it will make to malloc().
    [ISC-Bugs #40843]
  - If the failover socket can't be bound, close it.  Otherwise if the
    user configures an incorrect address in the failover stanza the
    server will continue to open new sockets every 90 seconds until
    it runs out.
    [ISC-Bugs #42452]
  - Add DHCPv4-mode, dhcrelay command line options, "/-iu"/ and "/-id"/, that
    allow interfaces to be upstream or downstream respectively.  Upstream
    interfaces will accept and forward only BOOTP replies, while downstream
    interfaces will accept and forward only BOOTP requests.
    [ISC-Bugs #41547]
  - Clean up some memory references in the vendor-class construct.
    [ISC-Bugs #42984]
  * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
  * 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
  * 0016-infiniband-support.patch,
  * 0017-server-no-success-report-before-send.919959.patch]
- Set all requested dhcp options on a single line, so they are
  actually requested (boo#1046969, boo#1047004).
- Relax permission of dhclient-script for libguestfs(bsc#987170)
- Require insserv only if needed
- Fix requires of client subpackage
- Add config file for registering dhcp server in slp (bsc#992072)
- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts.
  /sbin/arping is a symlink to /usr/sbin/arping in order to ease the
  transition for the /usr merge. Newest releases of iputils may only
  install utilities in /usr/* so this dependency will no longer be valid.
  Moreover, we replace the '/sbin/arping' dependency with 'iputils'.
- Update to dhcp-4.3.3-P1 correcting bounds checking when
  receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).
- adjusted interval check.
- Fixed improper lease duration checking. Also added fixes for integer
  overflows in the date and time handling code(bsc#936923, bsc#880984).
- fixed service files to start dhcpd after slapd (bsc#956159)
- dhclient-script: complain in the log about conflicts, added
  a see log messages to the dhclient log message (bsc#960506)
  [* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
- Applied a patch by Jiri Popelka catching dhcp server aborts with
  "/Unable to set up timer: out of range"/ on very long or infinite
  timer intervals / lease lifetimes (bsc#947780)
  [+ 0019-dhcp-4.2.4-P1-interval.patch]
- Corrected patch references in and a missed (bsc#919959) patch
  description in previous changelog entry.
- Update to dhcp-4.3.3 (fate#319067) provinding many bug fixes,
  features and obsoletes several patches we were using before.
  For complete changelog, please read the RELNOTES file shipped
  along with this package or online at:
- Replaced hostname patch with a dhcpv6 and fqdn aware variant:
  [- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch,
  + 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]
- Removed obsolete patches included upstream now:
  [- 0007-dhcp-4.2.6-ldap-mt01.patch,
  - 0009-dhcp-4.2.6-xen-checksum.patch,
  - 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch,
  - 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch,
  - 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch,
  - 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch,
  - 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch,
  - 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch,
  - 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch,
  - 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch,
  - 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Adjusted patch numbers in the spec file:
  [- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
  - 0010-dhcp-4.2.2-dhclient-option-checks.patch,
  - 0011-dhcp-4.2.6-close-on-exec.patch,
  - 0012-dhcp-4.2.2-quiet-dhclient.patch,
  - 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch,
  - 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
  - 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
  + 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
  + 0008-dhcp-4.2.2-dhclient-option-checks.patch,
  + 0009-dhcp-4.2.6-close-on-exec.patch,
  + 0010-dhcp-4.2.2-quiet-dhclient.patch,
  + 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
  + 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
  + 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch]
- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned
  32bit) integers to scripts and properly format timestamps as long
  to not break them on 64bit architectures (bsc#926159).
  [+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch]
- dhclient: expose next-server DHCPv4 option to script (bsc#928390)
  [+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch]
- Replaced infiniband support patch with fixed variant (bsc#910984):
  [- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch,
  - 0018-dhcp-4.2.6-improved-xid.patch,
  - 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch,
  + 0016-infiniband-support.patch]
- Moved dhcp-devel package include files and static libraries
  to /usr/include/dhcp and /usr/lib/dhcp subdirectories.
  DHCP requires a specific bind library version and conflicts
  with the files shipped by bind-devel package, which is not
  source and binary compatible (bsc#910686).
- Corrected changes to provide complete patch file references.
- Fixed server to not report success before send (bsc#919959)
  [+ 0017-server-no-success-report-before-send.919959.patch]
- Fixed dhclient to check pre-init results reported by dhclient-script
  and fail if pre-init fails for a requested interface (bsc#912098).
  [+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
- do not check scripts not in the src.rpm
- Applied fix by Jiri Slaby to not crash in interface discovery
  when the interface address is NULL, which has been introduced
  by the infiniband support patch (bsc#909189,bsc#870535).
  [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch]
- fix bashisms in dhcprelay script
- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to
  reorder config to add all global options or option declarations
  to the dhcpService object instead to create new service object
  [+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
- Applied an upstream patch by Thomas Markwalder adding missed
  mapping of SHA TSIG algorithm names to their constants to enable
  hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
  authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
  [+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
- Decline IPv6 addresses on Duplicate Address Detection failure
  and stop client message exchanges on reached MRD rather than
  at some point after it. Applied fedora patches by Jiri Popelka
  and added DAD reporting via exit 3 to the dhclient-script and
  a fix to use correct address variables in the DEPREF6 action
  [+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
  + 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
- Applied backport patch by William Preston avoiding to bind ddns
  socket in the server when ddns-update-style is none (bsc#891655).
  [+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
  fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
  [+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]
- Updated licence statement and FSF address in our scripts.
- Added missed service_add_pre macro calls for dhcrelay services
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- Add ppc64_disable_failing_test to  disable a sporadically failing
  test for ppc64 and ppc64le builds (boo#1156913)
- Use %license (boo#1082318)
- Update to version 3.6:
  * When one file is a prefix of the other, cmp now appends the
    shorter file's size to the EOF diagnostic.
  * diff's default algorithm has been tweaked to deal better with
    larger files, reversing some of the changes made in
- Define packager and bug reporting url
- Update to a pre-release version (3.5.15):
  * remove big-file-performance.patch and gnulib-diffseq.patch
  * comment signature source as the release is not officially signed yet
- gnulib-diffseq.patch, big-file-performance.patch: Avoid performance
  regression on big files (bsc#1004991)
- Diffutils 3.5:
  * diff3 no longer malfunctions due to use-after-free
    [bug introduced in 3.4]
  * diff --color no longer colorizes when TERM=dumb
- Update to version 3.4
  * diff accepts two new options --color and --palette to generate
    and configure colored output.  --color takes an optional
    argument specifying when to colorize a line: --color=always,
  - -color=auto, --color=never.  --palette is used to configure
    which colors are used.
  * many bugfixes
- New -lang subpackage
- Drop no longer needed gnulib-perl522.patch
- Make building more verbose
- Move info page removal to preun
- Cleanup spec file with spec-cleaner
- Update provides/obsoletes
- add gnulib-perl522.patch from gnulib upstream
- build with PIE
1 recommended fix from upstream:
- dmidecode-missing-commas.patch: Two missing commas in data arrays
  cause off-by-one or mangling during index resolution
Partial support for SMBIOS 3.4.0:
- dmidecode-add-memory-device-types-from-smbios-3.4.0.patch,
  dmidecode-add-system-slot-types-from-smbios-3.4.0.patch: Add
  enumerated values from SMBIOS 3.4.0 (bsc#1174257).
  1 presentation fix from upstream:
- dmidecode-skip-details-of-uninstalled-memory-modules.patch:
  Skip details of uninstalled memory modules (bsc#1174257).
Partial support for SMBIOS 3.3.0:
- dmidecode-add-enumerated-values-from-smbios-3.3.0.patch: Add
  enumerated values from SMBIOS 3.3.0 (bsc#1153533 bsc#1158833
  3 recommended fixes from upstream:
- dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Only
  scan /dev/mem for entry point on x86 (fixes reboot on ARM64).
- dmidecode-fix-formatting-of-tpm-table-output.patch: Fix
  formatting of TPM table output (missing newlines).
- dmidecode-fix-system-slot-information-for-pcie-ssd.patch: Fix
  System Slot Information for PCIe SSD.
- dmidecode-add-logical-non-volatile-device.patch: Add "/Logical
  non-volatile device"/ to the memory device types (bsc#1120149).
- Use %doc directly on files instead of installing them explicitly.
- Don't overwrite the path of license (boo#1121851).
- dmidecode-fix-redfish-hostname-print-length.patch: Fix Redfish
  Hostname print length (bsc#1112755).
- Update to upstream version 3.2 (FATE#326044):
  * [COMPATIBILITY] The UUID is now displayed using lowercase
    letters, per RFC 4122 (#53569). You must ensure that any code
    parsing it is case-insensitive.
  * Support for SMBIOS 3.2.0. This includes new processor names,
    new socket and port connector types, new system slot state and
    property, and support for non-volatile memory (NVDIMM).
  * Support for Redfish management controllers.
  * A new command line option to query a specific structure by its
  * A new command line option to query the system family string.
  * Support for 3 ThinkPad-specific structures (patch #9642).
  * Support for HPE's new company name.
  * Support UEFI on FreeBSD.
  * Important bug fixes:
    Fix firmware version of TPM device
    Fix the HPE UEFI feature flag check
  * (biosdecode) A new command line option to fully decode PIR
    information (support request #109339).
  * Obsoletes dmioem-reflect-hpe-new-company-name.patch,
    dmidecode-fix-tpm-device-firmware-version.patch, and
  * CHANGELOG is gone, package more compact NEWS file instead.
- Reenable signature checking.
- Use %license for LICENSE file.
- dmioem-reflect-hpe-new-company-name.patch: Reflect HPE's new
  company name.
- dmidecode-fix-tpm-device-firmware-version.patch: Fix firmware
  version of TPM device.
- dmioem-fix-hpe-type-219-uefi-flag.patch: Fix the reporting of
  HP/HPE UEFI feature.
- Add missing bug numbers and FATE references in changes file
- Update to upstream version 3.1:
  * Support for SMBIOS 3.1.0 and 3.1.1. This includes new chassis
    types, new processor family names, new processor family upgrade
    names, and new slot types, as well as support of larger BIOS
    ROM sizes and cache sizes, and a new structure type (43, TPM
  * A new command line option to query OEM strings.
  * All error messages are now printed on stderr (#47274, #48158.)
  * Fixes a crash with SIGBUS (#46066.)
  * Various minor fixes, improvements and cleanups.
  * Obsoletes dmidecode-01-add-no-sysfs-option-description-to-h-output.patch,
    dmidecode-06-hide-irrelevant-fixup-message.patch, and
- dmidecode-07-only-decode-one-dmi-table.patch: Only decode one
  DMI table.
- dmidecode-01-add-no-sysfs-option-description-to-h-output.patch:
  Add "/--no-sysfs"/ option description to -h output.
- dmidecode-02-fix-no-smbios-nor-dmi-entry-point-found-on-smbios3.patch:
  Fix 'No SMBIOS nor DMI entry point found' on SMBIOS3.
- dmidecode-03-let-read_file-return-the-actual-data-size.patch:
  Let read_file return the actual data size.
- dmidecode-04-use-read_file-to-read-the-dmi-table-from-sysfs.patch:
  Use read_file() to read the DMI table from sysfs.
- dmidecode-05-use-dword-for-structure-table-maximum-size-in-smbios3.patch:
  Use DWORD for Structure table maximum size in SMBIOS3.
- dmidecode-06-hide-irrelevant-fixup-message.patch:
  Hide irrelevant fixup message.
- Update to upstream version 3.0 (FATE#320746, FATE#320773):
  * Adds support for SMBIOS 3.0. This includes a new (64-bit) entry
    point format and new enumerated values for recent hardware.
  * Adds support for the new kernel interface (as of Linux v4.2) as
    an alternative to relying on /dev/mem to access the entry point
    and DMI table.
  * Adds decoding of Acer-specific DMI type 170 and HP-specific DMI
    types 212, 219 and 233.
  * Obsoletes dmidecode-1.173-drop-cast.patch,
    dmidecode-1.181-decode-CPUID-recent-AMD.patch, and
  * Various minor fixes and clean-ups.
  * Skip the SMBIOS version comparison in quiet mode (bsc#974862).
- dmidecode.keyring was empty, reference the savannah keyring.
  but the tarball is signed by someone unknown without gpg signatures,
  so no keyring for now.
- Cleanup spec file with spec-cleaner
- Add gpg signature
- dmidecode-1.181-decode-CPUID-recent-AMD.patch: Decode the CPUID
  of recent AMD processors (DMI type 4).
- dmidecode-1.182-decode-ddr4-memory-type.patch: Add support for
  DDR4 memory type (DMI type 17) (bsc#955705).
- Update to Docker 20.10.6-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1184768
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Backport upstream fix <> for btrfs
  quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
  + 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Update to Docker 20.10.5-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1182947
- Update runc dependency to 1.0.0~rc93.
- Remove upstreamed patches:
  - cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Switch version to use -ce suffix rather than _ce to avoid confusing other
  tools. boo#1182476
[NOTE: This update was only ever released in SLES and Leap.]
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
  the patch entirely. bsc#1180401 bsc#1182168
  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Fix incorrect cast in SUSE secrets patches causing warnings on SLES.
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update Docker to 19.03.15-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ This update includes fixes for
  bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches:
  * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
  It appears that SLES doesn't like the patch. bsc#1180401
- Update to Docker 20.10.3-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ Fixes bsc#1181732
  (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches on top of 20.10.3-ce.
  - 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  + 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  - 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  + 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  - 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  + 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  - 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
  the upstream runc package (it's stable enough and Docker no longer pins git
  versions). docker-libnetwork is so unstable that it doesn't have any
  versioning scheme and so it really doesn't make sense to maintain the project
  as a separate package. bsc#1181641 bsc#1181677
- Remove no-longer-needed patch for packaging now that we've dropped
  docker-runc and docker-libnetwork.
  - 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1181594
- Remove upstreamed patches:
  - bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Add patches to fix build:
  + cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Since upstream has changed their source repo (again) we have to rebase all of
  our patches. While doing this, I've collapsed all patches into one branch
  per-release and thus all the patches are now just one series:
  - packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
  + 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
  - secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  + 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  - secrets-0002-SUSE-implement-SUSE-container-secrets.patch
  + 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  - private-registry-0001-Add-private-registry-mirror-support.patch
  + 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  - bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
  + 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
  was fixed.
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Add Conflicts and Provides for kubic flavour of docker-fish-completion.
- Update to Docker 19.03.14-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ CVE-2020-15257 bsc#1180243
- Enable fish-completion
- Add a patch which makes Docker compatible with firewalld with
  nftables backend. Backport of
  (boo#1178801, SLE-16460)
  * boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Update to Docker 19.03.13-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1176708
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Emergency fix: %requires_eq does not work with provide symbols,
  only effective package names. Convert back to regular Requires.
- Update to Docker 19.03.12-ce. See upstream changelog in the packaged
- Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of
  spurrious errors due to Go returning -EINTR from I/O syscalls much more often
  (due to Go 1.14's pre-emptive goroutine support).
  - bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
- Add BuildRequires for all -git dependencies so that we catch missing
  dependencies much more quickly.
- Update to Docker 19.03.11-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1172377 CVE-2020-13401
- Backport so that we
  can build Docker with Go 1.14 (upstream uses Go 1.13).
  + bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
  Allow OBS to shortcut through the -mini flavors.
- Add backport of bsc#1122469
  + bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
- Support older SLE systems which don't have "/usermod -w -v"/.
- Update to Docker 19.03.5-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1158590 bsc#1157330
- Update to Docker 19.03.4-ce. See upstream changelog in the packaged
- Drop containerd.service workaround (we've released enough versions without
  containerd.service -- there's no need to support package upgrades that old).
- Update to Docker 19.03.3-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1153367
- Update to Docker 19.03.2-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1150397
- Fix zsh-completion (docker -> _docker)
- Fix default installation such that --userns-remap=default works properly
  (this appears to be an upstream regression, where --userns-remap=default
  doesn't auto-create the group and results in an error on-start). boo#1143349
- Update to Docker 19.03.1-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ CVE-2019-14271
- Update to Docker 19.03.0-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1142413
- Remove upstreamed patches:
  - bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
  - bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
  - bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
  - bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Rebase pacthes:
  * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
  * packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
  * private-registry-0001-Add-private-registry-mirror-support.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Move bash-completion to correct location.
- Update to Docker 18.09.8-ce. See upstream changelog in the packaged
  * Includes fixes for CVE-2019-13509 bsc#1142160.
- Update to Docker 18.09.7-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1139649
- Remove upstreamed patches:
  - CVE-2018-15664.patch
- Use %config(noreplace) for /etc/docker/daemon.json. bsc#1138920
- Add patch for CVE-2018-15664. bsc#1096726
  + CVE-2018-15664.patch
- Update to Docker 18.09.6-ce see upstream changelog in the packaged
- Rebase patches:
  * bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Update to Docker 18.09.5-ce see upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1128376 boo#1134068
- Rebase patches:
  * bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
  * bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
  * bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
  * bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
  * packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
  * private-registry-0001-Add-private-registry-mirror-support.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Updated patch name:
  + bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
  - bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
- Update to Docker 18.09.3-ce. See upstream changelog in the packaged
- docker-test: improvements to test packaging (we don't need to ship around the
  entire source tree, and we also need to build the born-again integration/
  tests which contain a suite-per-directory). We also need a new patch which
  fixes the handling of *-test images. bsc#1128746
  + bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Move daemon.json file to /etc/docker directory, bsc#1114832
- Update shell completion to use Group: System/Shells.
-  Add daemon.json file with rotation logs cofiguration, bsc#1114832
- Update to Docker 18.09.1-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1124308
  * Includes fix for CVE-2018-10892 bsc#1100331.
  * Includes fix for CVE-2018-20699 bsc#1121768.
- Remove upstreamed patches.
  - bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
- Disable leap based builds for kubic flavor. bsc#1121412
- Update go requirements to >= go1.10.6 to fix
  * bsc#1118897 CVE-2018-16873
    go#29230 cmd/go: remote command execution during "/go get -u"/
  * bsc#1118898 CVE-2018-16874
    go#29231 cmd/go: directory traversal in "/go get"/ via curly braces in import paths
  * bsc#1118899 CVE-2018-16875
    go#29233 crypto/x509: CPU denial of service
- Handle build breakage due to missing 'export GOPATH' (caused by resolution of
  boo#1119634). I believe Docker is one of the only packages with this problem.
- Add backports of and, which allow for users to explicitly
  specify the NIS domainname of a container. bsc#1001161
  + bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
  + bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
- Update docker.service to match upstream and avoid rlimit problems.
- Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ boo#1115464 bsc#1118990
- Add revert of an upstream patch to fix docker-* handling.
  + packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
- Rebase patches:
  * bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
  * bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
  * private-registry-0001-Add-private-registry-mirror-support.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove upstreamed patches:
  - bsc1100727-0001-build-add-buildmode-pie.patch
- Reduce the disk footprint by recommending git-core instead of
  hard requiring it.
- ExcludeArch i586 for entire docker-kubic flavour
- ExcludeArch i586 for docker-kubic-kubeadm-criconfig subpackage
- Add patch to make package reproducible, which is a backport of boo#1047218
  + bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
- Upgrade to docker-ce v18.06.1-ce. bsc#1102522 bsc#1113313
  Upstream changelog:
- Remove patches that were merged upstream:
  - bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
- Add a backport of for the 18.06.0-ce
  upgrade. This is a potential security issue (the CRI plugin was enabled by
  default, which listens on a TCP port bound to that will be fixed
  upstream in the 18.06.1-ce upgrade. bsc#1102522
  + bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
- Kubic: Make crio default, docker as alternative runtime
- Provide kubernetes CRI config with docker-kubic-kubeadm-criconfig
- Merge -kubic packages back into the main Virtualization:containers packages.
  This is done using _multibuild to add a "/kubic"/ flavour, which is then used
  to conditionally compile patches and other kubic-specific features.
- Rework docker-rpmlintrc with the new _multibuild setup.
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
  to work with Docker and containerd. fate#325877
- Upgrade to docker-ce v18.06.0-ce. bsc#1102522
- Remove systemd-service dependency on containerd, which is now being started
  by dockerd to align with upstream defaults.
- Removed the following patches as they are merged upstream:
  - bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
  - bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
- Rebased the following patches:
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
  * bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
  * bsc1100727-0001-build-add-buildmode-pie.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Build the client binary with -buildmode=pie to fix issues on POWER.
  + bsc1100727-0001-build-add-buildmode-pie.patch
- Update the AppArmor patchset again to fix a separate issue where changed
  AppArmor profiles don't actually get applied on Docker daemon reboot.
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
  + bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
- Update to AppArmor patch so that signal mediation also works for signals
  between in-container processes. bsc#1073877
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
  and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
  testing has been far more useful. boo#1095817
- Update secrets patch to not log incorrect warnings when attempting to inject
  non-existent host files. bsc#1065609
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Review Obsoletes to fix bsc#1080978
- Put docker under the podruntime slice. This the recommended
  deployment to allow fine resource control on Kubernetes.
- Add patch to handle AppArmor changes that make 'docker kill' stop working.
  bsc#1073877 boo#1089732
  + bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
- Fix manpage generation breaking ppc64le builds due to a missing
  - buildemode=pie.
- Compile and install all manpages.
- Add requirement for catatonit, which provides a docker-init implementation.
  fate#324652 bsc#1085380
- Fix private-registry-0001-Add-private-registry-mirror-support.patch to
  deal corretly with TLS configs of 3rd party registries.
  fix bsc#1084533
- Update patches to be sourced from (which
  are based on the upstream docker/docker-ce repo). The reason for this change
  (though it is functionally identical to the old patches) is so that public
  patch maintenance is much simpler.
  * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
  * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
  * private-registry-0001-Add-private-registry-mirror-support.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Add ${version} to equivalent non-kubic package provides
- Add Provides for equivalent non-kubic packages
- Disable all tests for docker/client and docker/pkg/discovery.  The unit tests
  of those packages broke reproducibly the builds in IBS.
- Disable flaky tests
- Add patch to support mirroring of private/non-upstream registries. As soon as
  the upstream PR ( is merged, this
  patch will be replaced by the backported one from upstream.
  + private-registry-0001-Add-private-registry-mirror-support.patch
  fix bsc#1074971
- Add Obsoletes: docker-image-migrator, as the tool is no longer needed and
  we've pretty much removed it from everywhere except the containers module.
- Remove requirement on bridge-utils, which has been replaced by libnetwork in
  Docker. bsc#1072798
- Update to Docker v17.09.1_ce (bsc#1069758). Upstream changelog:
- Removed patches (merged upstream):
  - bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
  - bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Update to Docker v17.09.0_ce. Upstream changelog:
- Rebased patches:
  * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
  * bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
  * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Removed patches (merged upstream):
  - bsc1064781-0001-Allow-to-override-build-date.patch
- Add a patch to dynamically probe whether libdevmapper supports
  dm_task_deferred_remove. This is necessary because we build the containers
  module on a SLE12 base, but later SLE versions have libdevmapper support.
  This should not affect openSUSE, as all openSUSE versions have a new enough
  libdevmapper. Backport of
  bsc#1021227 bsc#1029320 bsc#1058173
  + bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
- Fix up the ordering of tests in docker.spec. This is to keep things easier to
  backport into the SLE package.
- Include secrets fix to handle "/old"/ containers that have orphaned secret
  data. It's not clear why Docker caches these secrets, but fix the problem by
  trashing the references manually. bsc#1057743
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Remove migration code for the v1.9.x -> v1.10.x migration. This has been
  around for a while, and we no longer support migrating from such an old
  version "/nicely"/. Docker still has migration code that will run on
  first-boot, we are merely removing all of the "/nice"/ warnings which tell
  users how to avoid issues during an upgrade that ocurred more than a year
- Drop un-needed files:
  - docker-plugin-message.txt
  - docker-update-message.txt
- Add a backport of, which fixes a
  security issue where a maliciously crafted image could be used to crash a
  Docker daemon. bsc#1066210 CVE-2017-14992
- Add a backport of, which fixes a
  security issue where a Docker container (with a disabled AppArmor profile)
  could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
  + bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Correctly set `docker version` information, including the version, git
  commit, and SOURCE_DATE_EPOCH (requires a backport). This should
  * effectively* make Docker builds reproducible, with minimal cost. boo#1064781
  + bsc1064781-0001-Allow-to-override-build-date.patch
- Add backport of This used to be
  fixed in docker-runc, but we're moving it here after upstream discussion.
  + bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
- Update to Docker v17.07.0_ce. Upstream changelog:
- Removed no-longer needed patches.
  - bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
  - bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
  - integration-cli-fix-TestInfoEnsureSucceeds.patch
- Added backport of bsc#1045628
  + bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- Rewrite secrets patches to correctly handle directories in a way that doesn't
  cause errors when starting new containers.
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Fix bsc#1059011
  The systemd service helper script used a timeout of 60 seconds to
  start the daemon, which is insufficient in cases where the daemon
  takes longer to start. Instead, set the service type from 'simple' to
  'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
  newer version of docker-libnetwork. This is necessary because of a versioning
  bug we found in bsc#1057743.
- fix /var/adm/update-message/docker file name to be
- devicemapper: add patch to make the dm storage driver remove a container's
  rootfs mountpoint before attempting to do libdm operations on it. This helps
  avoid complications when live mounts will leak into containers. Backport of bsc#1045628
  + bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- Fix a regression in our SUSE secrets patches, which caused the copied files
  to not carry the correct {uid,gid} mapping when using user namespaces. This
  would not cause any bugs (SUSEConnect does the right thing anyway) but it's
  possible some programs would not treat the files correctly. This is
  tangentially related to bsc#1055676.
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
- enable deferred removal for sle12sp2 and newer (and openSUSE
  equivalent. fix bsc#1021227
- enable libseccomp on sle12sp2 and newer, 42.2 and newer
  fix bsc#1028638 - docker: conditional filtering not supported on
  libseccomp for sle12
- add SuSEfirewall2.service to the After clause in docker.service
  in order to fix bsc#1046024
- fix path to docker-runc in systemd service file
- change dependency to docker-runc
- Fix bsc#1029630: docker does not wait for lvm on system startup
  I added "/lvm2-monitor.service"/ as an "/After dependency"/ of the docker systemd
- Fix bsc#1032287: missing docker systemd configuration
- Update SUSE secrets patch to correctly handle restarting of containers.
  + secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  + secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Fix bsc#1037607 which was causing read-only issues on Kubic, this is a
  backport of
  + bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
- Fix bsc#1038476 warning about non-executable docker
  * Simply verify we have binary prior using it, might happen if
    someone had docker installed and then did remove it and install
    from scratch again
- Add a partial fix for boo#1038493.
- Fixed bsc#1037436 where execids were being leaked due to bad error handling.
  This is a backport of
  + bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
- Fix golang requirements in the subpackages
- Update golang build requirements to use golang(API) symbol: this is
  needed to solve a conflict between multiple versions of Go being available
- Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch:
  substitute docker/distribution/digest by opencontainers/digest
- Update to version 17.04.0-ce (fix bsc#1034053 )
- Patches removed because have been merged into this version:
  * pr31549-cmd-docker-fix-TestDaemonCommand.patch
  * pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
- Patches rebased:
  * integration-cli-fix-TestInfoEnsureSucceeds.patch
- Build man pages for all archs (bsc#953182)
- Containers cannot resolve DNS if docker host uses as resolver (bsc#1034063)
  see /usr/share/doc/packages/docker/
- Make sure this is being built with go 1.7
- remove the go_arches macro because we are using go1.7 which
  is available in all archs
- remove gcc specific patches
  * gcc-go-patches.patch
  * netlink_netns_powerpc.patch
  * boltdb_bolt_add_brokenUnaligned.patch
- Enable Delegate=yes, since systemd will safely ignore lvalues it doesn't
- Update SUSE secrets patch to handle boo#1030702.
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Fix (bsc#1032644)
  Change lvm2 from Requires to Recommends
  Docker usually uses a default storage driver, when it's not configured
  explicitly. This default driver then depends on the underlying
  system and gets chosen during installation.
- Disable libseccomp for leap 42.1, sle12sp1 and sle12, because
  docker needs a higher version. Otherwise, we get the error
    "/conditional filtering requires libseccomp version >= 2.2.1
  (bsc#1028639 and bsc#1028638)
- Add a backport of fix to AppArmor lazy loading docker-exec case.
  + pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
- Clean up docker-mount-secrets.patch to use the new swarm secrets internals of
  Docker 1.13.0, which removes the need to implement any secret handling
  ourselves. This resulted in a split up of the patch.
  - docker-mount-secrets.patch
  + secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  + secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove old plugins.json to prevent docker-1.13 to fail to start
- Fix bsc#1026827: systemd TasksMax default throttles docker
- Fix post section by adding shadow as a package requirement
  Otherwise the groupadd instruction fails
- Add patch to fix TestDaemonCommand failure in %check. This is an upstream
  bug, and has an upstream PR to fix it
  + pr31549-cmd-docker-fix-TestDaemonCommand.patch
- update docker to 1.13.0
  see details in
- use the same buildflags for building docker and for building the
- enable pkcs11:
- enable architecture s390x for openSUSE
- provide the oci runtime so that containers which were using an old
  runtime option, when started on the new docker version, the runtime
  is changed to the new one. fix bsc#1020806 bsc#1016992
- fix CVE-2016-9962 bsc#1012568 . Fix it by updating to 1.12.6
  plus an extra commit to fix liverestore:
- add "/a wait"/ when starting docker service to fix
- remove netlink_gcc_go.patch after integration of PR
- new boltdb_bolt_add_brokenUnaligned.patch for ppc64
  waiting for
- Remove old flags from dockerd's command-line, to be more inline with
  upstream (now that docker-runc is provided by the runc package). -H is
  dropped because upstream dropped it due to concerns with socket
- Remove socket activation entirely.
- update docker to 1.12.5 (bsc#1016307).
  This fixes bsc#1015661
- fix bash-completion
- Add packageand(docker:bash) to bash-completion to match zsh-completion.
- fix runc and containerd revisions
  fix bsc#1009961
- update docker to 1.12.3
  - fix bsc#1007249 - CVE-2016-8867: Fix ambient capability usage in containers
  - other fixes:
- update docker to 1.12.2 (bsc#1004490). See changelog
- update docker-mount-secrets.patch to 1.12.2 code
- docker-mount-secrets.patch: change the internal mountpoint name to not use
  "/:"/ as that character can be considered a special character by other tools.
- fix go_arches definition: use global instead of define, otherwise
  it fails to build
- Add dockerd(8) man page.
- add missing patch to changelog
- fix integration test case
- add integration-cli-fix-TestInfoEnsureSucceeds.patch
- update rpmlintrc
- make test timeout configurable
- Remove noarch from docker-test, which was causing lots of fun issues when
  trying to run them.
- Fix build for ppc64le: use static libgo for dockerd and docker-proxy
  as in docker build.
- Update docker to 1.12.1 (bsc#996015)
  see changelog in
- Add's test script.
- Add integration test binary in docker.spec file. This is work done by
- Package docker-proxy (which was split out of the docker binary in 1.12).
- fix bsc#995102 - Docker "/migrator"/ prevents installing "/docker"/,
  if docker 1.9 was installed before but there were no images
- Update docker.service file with several changes.
  * Reapply fix for bsc#983015 (Limit*=infinity).
  * Specify an "/OCI"/ runtime for our runc package explicitly. bsc#978260
- remove disable-pprof-trace.patch: We can remove this patch because
  we use go 1.6, either gcc6-go or gc-go. This patch was for gcc5-go
- add go_arches in project configuration: this way, we can use the
  same spec file but decide in the project configuration if to
  use gc-go or gcc-go for some archs.
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
- remove bnc964673-boltdb-metadata-recovery.patch because it has already
  been merged
- update to v1.12.0 (bsc#995058)
  see detailed changelog at
- disable test that fail in obs build context
- only run unit tests on architectures that provide the go list and go test
- disable dockerd, parser, integration test, and devicemapper related tests
  on versions below SLE12 and openSUSE_13.2
- bump test timeout to 10m (for aarch64)
- run unit tests during the build
- Adapt docker.service file.
- adapt install sections for gccgo builds: gccgo build are not built in separate
  folders for client and daemon. They both reside in dyngccgo.
- gcc-go-patch: link against systemd when compiling the daemon.
- Add disable-pprof-trace.patch
  pprof.Trace() is not available in go version <= 1.4 which we use to build SLES
  packages. This patch comments out the pprof.Trace() section.
- update gcc-go-patch and docker-mount-secrets.patch
- Fixed binary split, install both required binaries correctly
* Explicitly state the version dependencies for runC and containerd, to
  avoid potential issues with incompatible component versions. These
  must be updated *each time we do a release*. bsc#993847
- Don't exit mid install, add the ability to not restart the docker
  service during certain updates with long migration phases
- remove kernel dependency (bsc#987198)
- remove sysconfig.docker.ppc64le patch
  setting iptables option on ppc64le works now (bsc#988707)
- fix bsc#984942: audit.rules in docker-1.9.1-58.1.x86_64.rpm has a
  syntax error
* Update docker.service to include changes from upstream, including the
  soon-to-be-merged patch,
  which fixes bnc#983015.
- readd dropped declaration for patch200
* Removed patches:
  - cve-2016-3697-numeric-uid.patch (merged upstream in gh@docker/docker#22998).
  * Update Docker to 1.11.2. (bsc#989566) Changelog from upstream:
  * Networking
  * Fix a stale endpoint issue on overlay networks during ungraceful restart
  * Fix an issue where the wrong port could be reported by docker
    inspect/ps/port (#22997)
  * Runtime
  * Fix a potential panic when running docker build (#23032)
  * Fix interpretation of --user parameter (#22998)
  * Fix a bug preventing container statistics to be correctly reported (#22955)
  * Fix an issue preventing container to be restarted after daemon restart
  * Fix issues when running 32 bit binaries on Ubuntu 16.04 (#22922)
  * Fix a possible deadlock on image deletion and container attach (#22918)
  * Fix an issue where containers fail to start after a daemon restart if they
    depend on a containerized cluster store (#22561)
  * Fix an issue causing docker ps to hang on CentOS when using devicemapper
    (#22168, #23067)
  * Fix a bug preventing to docker exec into a container when using
    devicemapper (#22168, #23067)
- Fix udev files ownership
- Pass over with spec-cleaner, no factual changes
* Make sure we *always* build unstripped Go binaries.
* Add a patch to fix database soft corruption issues if the Docker dameon dies
  in a bad state. There is a PR upstream to vendor Docker to have this fix as
  well, but it probably won't get in until 1.11.2. bnc#964673
  + bnc964673-boltdb-metadata-recovery.patch
* Remove conditional Patch directive for SUSE secrets, since conditionally
  including patches results in incompatible .src.rpms. The patch is still
  applied conditionally.
* Update to Docker 1.11.1. Changelog from upstream:
  * Distribution
  - Fix schema2 manifest media type to be of type `application/vnd.docker.container.image.v1+json` ([#21949](
  * Documentation
    + Add missing API documentation for changes introduced with 1.11.0 ([#22048](
  * Builder
  * Append label passed to `docker build` as arguments as an implicit `LABEL` command at the end of the processed `Dockerfile` ([#22184](
  * Networking
  - Fix a panic that would occur when forwarding DNS query ([#22261](
  - Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](
  * Runtime
  - Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](
  - Fix a regression where container mounting `/var/run` would prevent other containers from being removed ([#22256](
  - Fix an issue where it would be impossible to update both `memory-swap` and `memory` value together ([#22255](
  - Fix a regression from 1.11.0 where the `/auth` endpoint would not initialize `serveraddress` if it is not provided ([#22254](
  - Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](
  - Removed scary error message when no restart policy is specified ([#21993](
  - Fix a panic that would occur when the plugins were activated via the json spec ([#22191](
  - Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](
  - Remove error message when a container restart get cancelled ([#22123](
  - Fix an issue where `docker` would not correcly clean up after `docker exec` ([#22121](
  - Fix a panic that could occur when servicing concurrent `docker stats` commands ([#22120](`
  - Revert deprecation of non-existing host directories auto-creation ([#22065](
  - Hide misleading rpc error on daemon shutdown ([#22058](
- Fix go version to 1.5 (bsc#977394)
- Add patch to fix vulnerability in Docker <= 1.11.0. This patch is upstream,
  but was merged after the 1.11.0 merge window. CVE-2016-3697. bsc#976777.
    + cve-2016-3697-numeric-uid.patch
  The upstream PR is here[1] and was vendored into Docker here[2].
- Supplemnent zsh from zsh-completion
  * zsh-completion will be automatically installed if zsh and
    docker are installed
- Remove gcc5_socker_workaround.patch: This patch is not needed anymore
  since gcc5 has been updated in all platforms
* Removed patches that have been fixed upstream and in gcc-go:
  - boltdb_bolt_powerpc.patch
  - fix-apparmor.patch
  - fix-btrfs-ioctl-structure.patch
  - fix-docker-init.patch
  - libnetwork_drivers_bridge_powerpc.patch
  - ignore-dockerinit-checksum.patch
  * Require containerd, as it is the only currently supported Docker execdriver.
  * Update docker.socket to require containerd.socket and use --containerd in
  docker.service so that the services are self-contained.
  * Update to Docker 1.11.0. Changelog from upstream:
  * Builder
  - Fix a bug where Docker would not used the correct uid/gid when processing the `WORKDIR` command ([#21033](
  - Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](, [#21162](
  * Client
  * Usage of the `:` separator for security option has been deprecated. `=` should be used instead ([#21232](
  + The client user agent is now passed to the registry on `pull`, `build`, `push`, `login` and `search` operations ([#21306](, [#21373](
  * Allow setting the Domainname and Hostname separately through the API ([#20200](
  * Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](
  - Fix an issue where `docker stats --no-stream` output could be all 0s ([#20803](
  - Fix a bug where some newly started container would not appear in a running `docker stats` command ([#20792](
  * Post processing is no longer enabled for linux-cgo terminals ([#20587](
  - Values to `--hostname` are now refused if they do not comply with [RFC1123]( ([#20566](
  + Docker learned how to use a SOCKS proxy ([#20366](, [#18373](
  + Docker now supports external credential stores ([#20107](
  * `docker ps` now supports displaying the list of volumes mounted inside a container ([#20017](
  * `docker info` now also report Docker's root directory location ([#19986](
  - Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](
  * Docker events attributes are now sorted by key ([#19761](
  * `docker ps` no longer show exported port for stopped containers ([#19483](
  - Docker now cleans after itself if a save/export command fails ([#17849](
  * Docker load learned how to display a progress bar ([#17329](, [#120078](
  * Distribution
  - Fix a panic that occurred when pulling an images with 0 layers ([#21222](
  - Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](
  + All first-level delegation roles are now signed when doing a trusted push ([#21046](
  + OAuth support for registries was added ([#20970](
  * `docker login` now handles token using the implementation found in [docker/distribution]( ([#20832](
  * `docker login` will no longer prompt for an email ([#20565](
  * Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](
  * Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](
  - Fix generated manifest mediaType when pushing cross-repository ([#19509](
  - Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](
  * Logging
  - Fix a race in the journald log driver ([#21311](
  * Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](
  * Docker GELF log driver now allows to specify the compression algorithm and level via the `gelf-compression-type` and `gelf-compression-level` options ([#19831](
  * Docker daemon learned to output uncolorized logs via the `--raw-logs` options ([#19794](
  + Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named `etwlogs` ([#19689](
  * Journald log driver learned how to handle tags ([#19564](
  + The fluentd log driver learned the following options: `fluentd-address`, `fluentd-buffer-limit`, `fluentd-retry-wait`, `fluentd-max-retries` and `fluentd-async-connect` ([#19439](
  + Docker learned to send log to Google Cloud via the new `gcplogs` logging driver. ([#18766](
  * Misc
  + When saving linked images together with `docker save` a subsequent `docker load` will correctly restore their parent/child relationship ([#21385](
  + Support for building the Docker cli for OpenBSD was added ([#21325](
  + Labels can now be applied at network, volume and image creation ([#21270](
  * The `dockremap` is now created as a system user ([#21266](
  - Fix a few response body leaks ([#21258](
  - Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](
  * Docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](
  * Docker info now also reports the cgroup driver in use ([#20388](
  * Docker completion is now available on PowerShell ([#19894](
  * `dockerinit` is no more ([#19490](,[#19851](
  + Support for building Docker on arm64 was added ([#19013](
  + Experimental support for building docker.exe in a native Windows Docker installation ([#18348](
  * Networking
  - Fix panic if a node is forcibly removed from the cluster ([#21671](
  - Fix "/error creating vxlan interface"/ when starting a container in a Swarm cluster ([#21671](
  * `docker network inspect` will now report all endpoints whether they have an active container or not ([#21160](
  + Experimental support for the MacVlan and IPVlan network drivers have been added ([#21122](
  * Output of `docker network ls` is now sorted by network name ([#20383](
  - Fix a bug where Docker would allow a network to be created with the reserved `default` name ([#19431](
  * `docker network inspect` returns whether a network is internal or not ([#19357](
  + Control IPv6 via explicit option when creating a network (`docker network create --ipv6`). This shows up as a new `EnableIPv6` field in `docker network inspect` ([#17513](
  * Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](
  - Fix to not forward docker domain IPv6 queries to external servers ([#21396](
  * Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](
  - Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](
  - Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](
  - Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](
  - Added inbuilt nil IPAM driver ([#21019](
  - Fixed bug in iptables.Exists() logic [#21019](
  - Fixed a Veth interface leak when using overlay network ([#21019](
  - Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](
  - Make sure iptables chains are recreated on firewalld reload ([#20419](
  - Allow to pass global datastore during config reload ([#20419](
  - For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](
  - Fix a panic when deleting an entry from /etc/hosts file  ([#21019](
  - Source the forwarded DNS queries from the container net namespace  ([#21019](
  - Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (
  - Fix to retain IPAM driver option configs on daemon reload ([#21914] (
  * Plugins
  - Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](
  - Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](
  * Runtime
  - Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](
  - Fix a race with event timers stopping early ([#21692](
  - Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](
  - Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](
  Docker 1.9, but was decided to be too much of an backward-incompatible change, so it was decided to keep the feature.
  + It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](
  + `docker inspect <image-id>` will now expose the rootfs layers ([#21370](
  + Docker Windows gained a minimal `top` implementation ([#21354](
  * Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](
  * Docker with device mapper will now refuse to run if `udev sync` is not available ([#21097](
  - Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](
  - Fix a hang that would happen on attach if initial start was to fail ([#21048](
  - Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](
  - Fix a race between the exec and resize operations ([#21022](
  - Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](
  - Fix the handling of Docker command when passed a 64 bytes id ([#21002](
  * Docker will now return a `204` (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](
  - Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](
  * The devmapper driver learned the `dm.min_free_space` option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](
  + Docker can now prevent processes in container to gain new privileges via the `--security-opt=no-new-privileges` flag ([#20727](
  - Starting a container with the `--device` option will now correctly resolves symlinks ([#20684](
  + Docker now relies on [`containerd`]( and [`runc`]( to spawn containers. ([#20662](
  - Fix docker configuration reloading to only alter value present in the given config file ([#20604](
  + Docker now allows setting a container hostname via the `--hostname` flag when `--net=host` ([#20177](
  + Docker now allows executing privileged container while running with `--userns-remap` if both `--privileged` and the new `--userns=host` flag are specified ([#20111](
  - Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](
  * Docker will now error out if it doesn't recognize a configuration key within the config file ([#19517](
  - Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](
  * `docker update` learned how to change a container restart policy ([#19116](
  * `docker inspect` now also returns a new `State` field containing the container state in a human readable way (i.e. one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`)([#18966](
  + Docker learned to limit the number of active pids (i.e. processes) within the container via the `pids-limit` flags. NOTE: This requires `CGROUP_PIDS=y` to be in the kernel configuration. ([#18697](
  - `docker load` now has a `--quiet` option to suppress the load output ([#20078](
  - Fix a bug in neighbor discovery for IPv6 peers ([#20842](
  - Fix a panic during cleanup if a container was started with invalid options ([#21802](
  - Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](
  * Security
  * Object with the `pcp_pmcd_t` selinux type were given management access to `/var/lib/docker(/.*)?` ([#21370](
  * `restart_syscall`, `copy_file_range`, `mlock2` joined the list of allowed calls in the default seccomp profile ([#21117](, [#21262](
  * `send`, `recv` and `x32` were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](
  * Docker Content Trust now requests the server to perform snapshot signing ([#21046](
  * Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](
  * Volumes
  * Output of `docker volume ls` is now sorted by volume name ([#20389](
  * Local volumes can now accepts options similar to the unix `mount` tool ([#20262](
  - Fix an issue where one letter directory name could not be used as source for volumes ([#21106](
  + `docker run -v` now accepts a new flag `nocopy`. This tell the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](
- docker.spec: apply gcc5 socket patch also for sle12 and leap
  because gcc5 has been updated there as well.
- docker.spec: add a "/is_opensuse"/ check for the mount-secrets patch.
  This way we can use this same package for opensuse.
- use go-lang for aarch64:
  - drop fix_platform_type_arm.patch (works around a gcc-go bug, so
- Add patch from upstream ( to fix
  compilation on Factory and Tumbleweed (which have btrfsprogs >= 4.5).
    + fix-btrfs-ioctl-structure.patch  bnc#974208
- Changed systemd unit file and default sysconfig file to include network options,
  this is needed to get SDN like flannel to work
- docker.spec: update warning to mention that /etc/sysconfig/docker is sourced
  by the migration script.
- docker.spec: only Reccomends: the docker-image-migrator package as it is no
  longer required for our ugly systemctl hacks.
- docker.spec: fix up documentation to refer to the script you need to run in
  the migrator package.
- docker.spec: print a warning if you force the DOCKER_FORCE_INSTALL option.
- spec: switch to new done file name from docker-image-migrator
- update to docker 1.10.3 (bnc#970637)
    Fix Docker client exiting with an "/Unrecognized input header"/ error #20706
    Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647
    Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831
    Fix a panic when pushing images to a registry which uses a misconfigured token service #21030
  Plugin system
    Fix issue preventing volume plugins to start when SELinux is enabled #20834
    Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682
    Fix plugin system leaking file descriptors if a plugin has an error #20680
    Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile.
    Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile.
    Fix user namespaces not working on Linux From Scratch #20685
    Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725
  More at
- spec: improve file-based migration checks to make sure that it doesn't cause
  errors if running on a /var/lib/docker without /var/lib/docker/graph.
- spec: implement file-based migration checks. The migrator will be updated to
  match the warning message's instructions. This looks like it works with my
- more patches to build on ppc64 architecture
  update netlink_gcc_go.patch
  new netlink_netns_powerpc.patch
  new boltdb_bolt_powerpc.patch
  new libnetwork_drivers_bridge_powerpc.patch to replace
    deleted fix-ppc64le.patch
- fix bsc#968972 - let docker manage the cgroups of the processes
  that it launches without systemd
- Require docker-image-migrator (bnc#968933)
Update to version 1.10.2 (bnc#968933)
  - Runtime
    Prevent systemd from deleting containers' cgroups when its configuration is reloaded #20518
    Fix SELinux issues by disregarding --read-only when mounting /dev/mqueue #20333
    Fix chown permissions used during docker cp when userns is used #20446
    Fix configuration loading issue with all booleans defaulting to true #20471
    Fix occasional panic with docker logs -f #20522
  - Distribution
    Keep layer reference if deletion failed to avoid a badly inconsistent state #20513
    Handle gracefully a corner case when canceling migration #20372
    Fix docker import on compressed data #20367
    Fix tar-split files corruption during migration that later cause docker push and docker save to fail #20458
  - Networking
    Fix daemon crash if embedded DNS is sent garbage #20510
  - Volumes
    Fix issue with multiple volume references with same name #20381
  - Security
    Fix potential cache corruption and delegation conflict issues #20523
  link to changelog:
- fix-apparmor.patch: switch to a backported version of docker/docker#20305,
  which also fixes several potential issues if the major version of apparmor
- Remove 1.10.0 tarball.
- Update to docker 1.10.1
  It includes some fixes to 1.10.0, see detailed changelog in
- Update docker to 1.10.0 (bnc#965918)
  Add usernamespace support
  Add support for custom seccomp profiles
  Improvements in network and volume management
  detailed changelog in
- removed patches, because code has been merged in 1.10.0 release:
    libcontainer-apparmor-fixes.patch: see:
    fix_bnc_958255.patch: see
- remove gcc-go-build-static-libgo.patch: This has been replace by gcc-go-patches.patch
- removed patches, because arm and ppc are not build using the dynbinary target, but the dyngccgo one:
- added patches:
    fix_platform_type_arm.patch: fix build for arm64 and aarch64: set utsname as uint8 for arm64 and aarch64
    gcc5_socket_workaround.patch: gcc5-go in Tumbleweed includes this commit
    Which "/fixes"/ the data type for RawSockaddr.Data
    However, docker now expects the "/wrong"/ data type, since docker had a workaround
    for that issue.
    Thus, we need to workaround the workaround in tumbleweed
    netlink_gcc_go.patch: add constants for syscalls TUNSETIFF and TUNSETPERSIST to fix a gcc issue.
    This is a workaround for bnc#964468: gcc-go can no longer compile Docker.
    fix-apparmor.patch: fix . It affects SLE12 which has apparmor
    version 2.8 and not openSUSE which has version 2.9.
    fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure
- reviewed patches:
    ignore-dockerinit-checksum.patch: review context in patch
    fix-docker-init.patch: review patch because build method has been changed in spec file for gcc-go
    gcc-go-patches.patch: review context in patch
- Build requires go >= 1.5: For version 1.9, we could use Go 1.4.3
    see GO_VERSION
  However, for version 1.10, we need go 1.5.3
    see GO_VERSION
- fix bnc#965600 - SLES12 SP1 - Static shared memory limit in container
- docker-mount-secrets.patch: fix up this patch to work on Docker 1.10
- docker-mount-secrets.patch: properly register /run/secrets as a
  mountpoint, so that it is unmounted properly when the container
  is removed and thus container removal works. (bnc#963142)
- docker-mount-secrets.patch: in addition, add some extra debugging
  information to the secrets patch.
- fix_json_econnreset_bug.patch: fix JSON bug that causes containers to not start
  in weird circumstances.
- fix_bnc_958255.patch: fix Docker creates strange apparmor profile
- use_fs_cgroups_by_default.patch: Use fs cgroups by default:
- fix_cgroup.parent_path_sanitisation.patch: fix cgroup.Parent path
- Add rules for auditd. This is required to fix bnc#959405
- Remove 7 patches, add 6 and modify 1, after 1.9.1 upgrade
  * Removed:
  - docker_missing_ppc64le_netlink_linux_files.patch: the code that this
    bug refers to has benn removed upstream
  - docker_rename_jump_amd64_as_jump_linux.patch: the code that this bug
    refers to has been removed upstream
  - Remove fix_15279.patch: code has been merged upstream
  - Remove add_missing_syscall_for_s390x.patch: code has been merged upstream
  - Remove fix_incompatible_assignment_error_bnc_950931.patch: code has been
    merged upstream
  - Remove fix_libsecomp_error_bnc_950931.patch: the code that this bug refers to
    has been removed upstream
  - Remove gcc5_socket_workaround.patch: Code has been fixed. Building with
    this patch is giving the error we were trying to fix, implying that the
    code has been fixed somewhere else.
  * Added:
  - add_bolt_ppc64.patch
  - add_bolt_arm64.patch
  - docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
  - docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
  - docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
  - gcc-go-build-static-libgo.patch: enable static linking of libgo in ggc-go
    In order to do this, we had to work-around an issue from gcc-go:
  * Modify:
- Upgrade to 1.9.1(bnc#956434)
  * Runtime:
  - Do not prevent daemon from booting if images could not be restored
  - Force IPC mount to unmount on daemon shutdown/init (#17539)
  - Turn IPC unmount errors into warnings (#17554)
  - Fix `docker stats` performance regression (#17638)
  - Clarify cryptic error message upon `docker logs` if `--log-driver=none`
  - Fix seldom panics (#17639, #17634, #17703)
  - Fix opq whiteouts problems for files with dot prefix (#17819)
  - devicemapper: try defaulting to xfs instead of ext4 for performance
    reasons (#17903, #17918)
  - devicemapper: fix displayed fs in docker info (#17974)
  - selinux: only relabel if user requested so with the `z` option
    (#17450, #17834)
  - Do not make network calls when normalizing names (#18014)
  * Client:
  - Fix `docker login` on windows (#17738)
  - Fix bug with `docker inspect` output when not connected to daemon
  - Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680)
  * Builder:
  - Fix regression with symlink behavior in ADD/COPY (#17710)
  * Networking:
  - Allow passing a network ID as an argument for `--net` (#17558)
  - Fix connect to host and prevent disconnect from host for `host` network
  - Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range
    is not the first block in the network (#17853)
  - Restore deterministic `IPv6` generation from `MAC` address on default
    `bridge` network (#17890)
  - Allow port-mapping only for endpoints created on docker run (#17858)
  - Fixed an endpoint delete issue with a possible stale sbox (#18102)
  * Distribution:
  - Correct parent chain in v2 push when v1Compatibility files on the disk
    are inconsistent (#18047)
- Update to version 1.9.0 (bnc#954812):
  * Runtime:
  - `docker stats` now returns block IO metrics (#15005)
  - `docker stats` now details network stats per interface (#15786)
  - Add `ancestor=<image>` filter to `docker ps --filter` flag to filter
    containers based on their ancestor images (#14570)
  - Add `label=<somelabel>` filter to `docker ps --filter` to filter
    containers based on label (#16530)
  - Add `--kernel-memory` flag to `docker run` (#14006)
  - Add `--message` flag to `docker import` allowing to specify an optional
    message (#15711)
  - Add `--privileged` flag to `docker exec` (#14113)
  - Add `--stop-signal` flag to `docker run` allowing to replace the
    container process stopping signal (#15307)
  - Add a new `unless-stopped` restart policy (#15348)
  - Inspecting an image now returns tags (#13185)
  - Add container size information to `docker inspect` (#15796)
  - Add `RepoTags` and `RepoDigests` field to `/images/{name:.*}/json`
  - Remove the deprecated `/container/ps` endpoint from the API (#15972)
  - Send and document correct HTTP codes for `/exec/<name>/start` (#16250)
  - Share shm and mqueue between containers sharing IPC namespace (#15862)
  - Event stream now shows OOM status when `--oom-kill-disable` is
    set (#16235)
  - Ensure special network files (/etc/hosts etc.) are read-only if
    with `ro` option (#14965)
  - Improve `rmi` performance (#16890)
  - Do not update /etc/hosts for the default bridge network, except for links
  - Fix conflict with duplicate container names (#17389)
  - Fix an issue with incorrect template execution in `docker inspect`
  - DEPRECATE `-c` short flag variant for `--cpu-shares` in docker run
  * Client:
  - Allow `docker import` to import from local files (#11907)
  * Builder:
  - Add a `STOPSIGNAL` Dockerfile instruction allowing to set a different
    stop-signal for the container process (#15307)
  - Add an `ARG` Dockerfile instruction and a `--build-arg` flag to
    `docker build`
    that allows to add build-time environment variables (#15182)
  - Improve cache miss performance (#16890)
  * Storage:
  - devicemapper: Implement deferred deletion capability (#16381)
  * Networking:
  - `docker network` exits experimental and is part of standard release
  - New network top-level concept, with associated subcommands and API
    WARNING: the API is different from the experimental API
  - Support for multiple isolated/micro-segmented networks (#16645)
  - Built-in multihost networking using VXLAN based overlay driver (#14071)
  - Support for third-party network plugins (#13424)
  - Ability to dynamically connect containers to multiple networks (#16645)
  - Support for user-defined IP address management via pluggable IPAM drivers
  - Add daemon flags `--cluster-store` and `--cluster-advertise` for built-in
    nodes discovery (#16229)
  - Add `--cluster-store-opt` for setting up TLS settings (#16644)
  - Add `--dns-opt` to the daemon (#16031)
  - DEPRECATE following container `NetworkSettings` fields in API v1.21:
    `EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`,
    `IPAddress`, `IPPrefixLen`, `IPv6Gateway` and `MacAddress`.
    Those are now specific to the `bridge` network. Use
    `NetworkSettings.Networks` to inspect
    the networking settings of a container per network.
  * Volumes:
  - New top-level `volume` subcommand and API (#14242)
  - Move API volume driver settings to host-specific config (#15798)
  - Print an error message if volume name is not unique (#16009)
  - Ensure volumes created from Dockerfiles always use the local volume driver
  - DEPRECATE auto-creating missing host paths for bind mounts (#16349)
  * Logging:
  - Add `awslogs` logging driver for Amazon CloudWatch (#15495)
  - Add generic `tag` log option to allow customizing container/image
    information passed to driver (e.g. show container names) (#15384)
  - Implement the `docker logs` endpoint for the journald driver (#13707)
  - DEPRECATE driver-specific log tags (e.g. `syslog-tag`, etc.) (#15384)
  * Distribution:
  - `docker search` now works with partial names (#16509)
  - Push optimization: avoid buffering to file (#15493)
  - The daemon will display progress for images that were already being
    pulled by another client (#15489)
  - Only permissions required for the current action being performed are
    requested (#)
  - Renaming trust keys (and respective environment variables) from `offline`
    to `root` and `tagging` to `repository` (#16894)
  - DEPRECATE trust key environment variables
  * Security:
  - Add SELinux profiles to the rpm package (#15832)
  - Fix various issues with AppArmor profiles provided in the deb package
  - Add AppArmor policy that prevents writing to /proc (#15571)
- Change systemd unit file to no longer use the deprecated "/-d"/ option
- Changed docker-mount-secrets.patch: allow removal of containers
  even when the entry point failed. bnc#954797
- Fixed the format of the fix_libsecomp_error_bnc_950931 patch.
- Merged the fix_libsecomp_error_bnc_950931.patch and the
  fix_x86_build_removing_empty_file_jump_amd_64.patch patches.
- Fix build for x86_64. Patch fix_libsecomp_error_bnc_950931.patch
  had created and empty file jump_amd64.go instead of removing it.
  This broke the build for x86_64.
  This commit fixes it by removing that empty file.
  fix_x86_build_removing_empty_file_jump_amd_64.patch: patch that
  removes empty file jump_amd64.go
- Added patch that fixes a known gcc-go for ppc64xe in the syscall.RawSockAddr
- Add patches for fixing ppc64le build (bnc#950931)
- Remove docker_rename_jump_amd64_as_jump_linux.patch because it clashes
  with the previous patches.
- Exclude libgo as a requirement. The auto requires script was adding
  libgo as a requirement when building with gcc-go which was wrong.
- Add patch for missing systemcall for s390x. See
  add_missing_syscall_for_s390x.patch: contains the patch
- Exclude s390x for sle12 because it hangs when running go. It works for sle12sp1
  thus we don't want to exclude sle12sp1 but only sle12.
- Update docker to 1.8.3 version:
  * Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660)
  * Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
  * Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
- Update docker to 1.8.2 version
  see detailed changelog in
  fix bsc#946653 update do docker 1.8.2
- devicemapper: fix zero-sized field access
  Fix issue #15279: does not build with Go 1.5 tip
  Due to golang/go@7904946
  the devices field is dropped.
  This solution works on go1.4 and go1.5
  See more in
  This fix was not included in v1.8.2. See previous link
  on why.
  fix_15279.patch: contains the patch for issue#15279
- new patch as per upstream issue
- ignore-dockerinit-checksum.patch need -p1 in spec
- Update to docker 1.8.1(bsc#942369 and bsc#942370):
  - Fix a bug where pushing multiple tags would result in invalid images
- Update to docker 1.8.0:
  see detailed changelog in
- remove docker-netns-aarch64.patch: This patch was adding
  which is now included upstream, so we don't need this patch anymore
- Remove 0002-Stripped-dockerinit-binary.patch because we do not
  use it anymore (we got rid of that when updating to 1.7.1)
- Exclude archs where docker does not build. Otherwise it gets into
  and infinite loop when building.
  We'll fix that later if we want to release for those archs.
- Update to 1.7.1 (2015-07-14) (bnc#938156)
  * Runtime
  - Fix default user spawning exec process with docker exec
  - Make --bridge=none not to configure the network bridge
  - Publish networking stats properly
  - Fix implicit devicemapper selection with static binaries
  - Fix socket connections that hung intermittently
  - Fix bridge interface creation on CentOS/RHEL 6.6
  - Fix local dns lookups added to resolv.conf
  - Fix copy command mounting volumes
  - Fix read/write privileges in volumes mounted with --volumes-from
  * Remote API
  - Fix unmarshalling of Command and Entrypoint
  - Set limit for minimum client version supported
  - Validate port specification
  - Return proper errors when attach/reattach fail
  * Distribution
  - Fix pulling private images
  - Fix fallback between registry V2 and V1
- Exclude init scripts other than systemd from the test-package
- Exclude intel 32 bits arch. Docker does not built on that. Let's
  make it explicit.
- rediff ignore-dockerinit-checksum.patch, gcc-go-build-static-libgo.patch
  to make them apply again.
- introduce go_arches for architectures that use the go compiler
  instead of gcc-go
- add docker-netns-aarch64.patch: Add support for AArch64
- enable build for aarch64
- Build man pages only on platforms where gc compiler is available.
- Updated to 1.7.0 (2015-06-16) - bnc#935570
  * Runtime
  - Experimental feature: support for out-of-process volume plugins
  - The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag
  - The `exec` command supports the `-u|--user` flag to specify the new process owner
  - Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
  - The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
  - Container block IO can be controlled in `docker run` using`--blkio-weight`
  - ZFS support
  - The `docker logs` command supports a `--since` argument
  - UTS namespace can be shared with the host with `docker run --uts=host`
  * Quality
  - Networking stack was entirely rewritten as part of the libnetwork effort
  - Engine internals refactoring
  - Volumes code was entirely rewritten to support the plugins effort
  - Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
  * Build
  - Support ${variable:-value} and ${variable:+value} syntax for environment variables
  - Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
  - git context changes with branches and directories
  - The .dockerignore file support exclusion rules
  * Distribution
  - Client support for v2 mirroring support for the official registry
  * Bugfixes
  - Firewalld is now supported and will automatically be used when available
  - mounting --device recursively
- Patch 0002-Stripped-dockerinit-binary.patch renamed to fix-docker-init.patch
  and fixed to build with latest version of docker
- Add test subpackage and fix line numbers in patches
- Fixed ppc64le name inside of spec file
- Build docker on PPC and S390x using gcc-go provided by gcc5
  * added sysconfig.docker.ppc64le: make docker daemon start on ppc64le
    despite some iptables issues. To be removed soon
  * ignore-dockerinit-checksum.patch: applied only when building with
    gcc-go. Required to workaround a limitation of gcc-go
  * gcc-go-build-static-libgo.patch: used only when building with gcc-go,
    link libgo statically into docker itself.
- Remove set-SCC_URL-env-variable.patch, the SCC_URL is now read
  from SUSEConnect by the container service
- Automatically set SCC_URL environment variable inside of the
  containers by parsing the /etc/SUSEConnect.example file
  * Add set-SCC_URL-env-variable.patch
- Place SCC machine credentials inside of /run/secrets/credentials.d
  * Edit docker-mount-scc-credentials.patch¬
- pass the SCC machine credentials to the container
  * Add docker-mount-scc-credentials.patch
- build and install man pages
- Update to version 1.6.2 (2015-05-13) [bnc#931301]
  * Revert change prohibiting mounting into /sys
Updated to version 1.6.1 (2015-05-07) [bnc#930235]
  * Security
  - Fix read/write /proc paths (CVE-2015-3630)
  - Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
  - Fix opening of file-descriptor 1 (CVE-2015-3627)
  - Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)
  - Prohibit mount of /sys
  * Runtime
  - Update Apparmor policy to not allow mounts
- Updated libcontainer-apparmor-fixes.patch: adapt patch to reflect
  changes introduced by docker 1.6.1
- Get rid of SocketUser and SocketGroup workarounds for docker.socket
- Updated to version 1.6.0 (2015-04-07) [bnc#908033]
  * Builder:
    + Building images from an image ID
    + build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...`
    + `commit --change` to apply specified Dockerfile instructions while committing the image
    + `import --change` to apply specified Dockerfile instructions while importing the image
    + basic build cancellation
  * Client:
    + Windows Support
  * Runtime:
    + Container and image Labels
    + `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
    + Logging drivers, `json-file`, `syslog`, or `none`
    + Pulling images by ID
    + `--ulimit` to set the ulimit on a container
    + `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
- Updated '0002-Stripped-dockerinit-binary.patch' to reflect changes inside of
  the latest version of Docker.
- bnc#908033: support of Docker Registry API v2.
- enable build for armv7l
- Updated docker.spec to fixed building with the latest version of our
  Go pacakge.
- Updated 0002-Stripped-dockerinit-binary.patch to fix check made by
  the docker daemon against the dockerinit binary.
- Updated systemd service and socket units to fix socket activation
  and to align with best practices recommended by upstram. Moreover
  socket activation fixes bnc#920645.
- Updated to 1.5.0 (2015-02-10):
  * Builder:
  - Dockerfile to use for a given `docker build` can be specified with
    the `-f` flag
  - Dockerfile and .dockerignore files can be themselves excluded as part
    of the .dockerignore file, thus preventing modifications to these files
    invalidating ADD or COPY instructions cache
  - ADD and COPY instructions accept relative paths
  - Dockerfile `FROM scratch` instruction is now interpreted as a no-base
  - Improve performance when exposing a large number of ports
  * Hack:
  - Allow client-side only integration tests for Windows
  - Include docker-py integration tests against Docker daemon as part of our
    test suites
  * Packaging:
  - Support for the new version of the registry HTTP API
  - Speed up `docker push` for images with a majority of already existing
  - Fixed contacting a private registry through a proxy
  * Remote API:
  - A new endpoint will stream live container resource metrics and can be
    accessed with the `docker stats` command
  - Containers can be renamed using the new `rename` endpoint and the
    associated `docker rename` command
  - Container `inspect` endpoint show the ID of `exec` commands running in
    this container
  - Container `inspect` endpoint show the number of times Docker
    auto-restarted the container
  - New types of event can be streamed by the `events` endpoint: ‘OOM’
    (container died with out of memory), ‘exec_create’, and ‘exec_start'
  - Fixed returned string fields which hold numeric characters incorrectly
    omitting surrounding double quotes
  * Runtime:
  - Docker daemon has full IPv6 support
  - The `docker run` command can take the `--pid=host` flag to use the host
    PID namespace, which makes it possible for example to debug host processes
    using containerized debugging tools
  - The `docker run` command can take the `--read-only` flag to make the
    container’s root filesystem mounted as readonly, which can be used in
    combination with volumes to force a container’s processes to only write to
    locations that will be persisted
  - Container total memory usage can be limited for `docker run` using the
    `—memory-swap` flag
  - Major stability improvements for devicemapper storage driver
  - Better integration with host system: containers will reflect changes
    to the host's `/etc/resolv.conf` file when restarted
  - Better integration with host system: per-container iptable rules are moved
    to the DOCKER chain
  - Fixed container exiting on out of memory to return an invalid exit code
  * Other:
  - The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are
    properly taken into account by the client when connecting to the
    Docker daemon
- Updated to 1.4.1 (2014-12-15):
  * Runtime:
  - Fix issue with volumes-from and bind mounts not being honored after
    create (fixes bnc#913213)
- Added e2fsprogs as runtime dependency, this is required when the
  devicemapper driver is used. (bnc#913211).
- Fixed owner & group for docker.socket (thanks to Andrei Dziahel and
- Updated to 1.4.0 (2014-12-11):
  * Notable Features since 1.3.0:
  - Set key=value labels to the daemon (displayed in `docker info`), applied with
    new `-label` daemon flag
  - Add support for `ENV` in Dockerfile of the form:
    `ENV name=value name2=value2...`
  - New Overlayfs Storage Driver
  - `docker info` now returns an `ID` and `Name` field
  - Filter events by event name, container, or image
  - `docker cp` now supports copying from container volumes
  - Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
- Changes introduced by 1.3.3 (2014-12-11):
  * Security:
  - Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
  - Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
  - Validate image IDs (CVE-2014-9358) - (bnc#909712)
  * Runtime:
  - Fix an issue when image archives are being read slowly
  * Client:
  - Fix a regression related to stdin redirection
  - Fix a regression with `docker cp` when destination is the current directory
- Updated to 1.3.2 (2014-11-20) - fixes bnc#907012 (CVE-2014-6407) and
  bnc#907014 (CVE-2014-6408)
  * Security:
  - Fix tar breakout vulnerability
  - Extractions are now sandboxed chroot
  - Security options are no longer committed to images
  * Runtime:
  - Fix deadlock in `docker ps -f exited=1`
  - Fix a bug when `--volumes-from` references a container that failed to start
  * Registry:
  - `--insecure-registry` now accepts CIDR notation such as
  - Private registries whose IPs fall in the range do no need
    the `--insecure-registry` flag
  - Skip the experimental registry v2 API when mirroring is enabled
- Fixed minor packaging issues.
- Updated to version 1.3.1 2014-10-28)
  * Security:
  - Prevent fallback to SSL protocols < TLS 1.0 for client, daemon and
    registry [CVE-2014-5277]
  - Secure HTTPS connection to registries with certificate verification and
    without HTTP fallback unless `--insecure-registry` is specified
  * Runtime:
  - Fix issue where volumes would not be shared
  * Client:
  - Fix issue with `--iptables=false` not automatically
    setting `--ip-masq=false`
  - Fix docker run output to non-TTY stdout
  * Builder:
  - Fix escaping `$` for environment variables
  - Fix issue with lowercase `onbuild` Dockerfile instruction
  - Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`,
- Upgraded to version 1.3.0 (2014-10-14)
  * docker `exec` allows you to run additional processes inside existing containers
  * docker `create` gives you the ability to create a container via the cli without executing a process
  * `--security-opts` options to allow user to customize container labels and apparmor profiles
  * docker `ps` filters
  * wildcard support to copy/add
  * move production urls to from
  * allocate ip address on the bridge inside a valid cidr
  * use for pr and ci testing
  * ability to setup an official registry mirror
  * Ability to save multiple images with docker `save`
- Update to 7.3.5
  * New option --allow-chown to allow file ownership change
    in old file mode.
- Replace suboptimal find ;
- Use find -exec instead of find | xargs: helps handle cases for
  files with spaces and quotes in their filenames.
- Update to 7.3.5
- Update to 7.3.4
- Update to 7.3.3
- Update to 7.3.2
  * New: Swedish translation of messages and manual.
  * Updated: Danish and Brazilian Portuguese translations.
  * Fix: The -iso option was misinterpreted as a corrupted -i option.
  * Fix: Compilation for MSYS 1.
- Update to 7.3.1
  * New: Simplified Chinese translation of messages and manual.
  * Fix: Compilation error "/'wchar_t' undeclared"/ when Unicode support is disabled.
  * Fix: Compilation errors when MinGW compiler was used (MinGW-w64 was OK).
- Update to 7.3
  * New: Unicode file name support on Windows.
  * Fix: Options -ul and -ub caused option -i to report wrong BOM for no_bom.
- Update to 7.2.3
  * Fix: Check for file I/O errors while reading input files, and added
    a few missing checks while writing output files.
  * Fix: Compilation for msys.
- Update to 7.2.2
  * Fix: Fixed symlink support on FreeBSD.
  * Fix: Skip GB18030 test on FreeBSD.
  * Fix: When conversion of an UTF-16 file with binary symbols was forced,
    null characters were not written in the output.
  * Fix: Check UTF-16 input for invalid surrogate pairs.
- Update to 7.2.1
  * Fix: Skip the GB18030 tests when the system does not support the
    Chinese locale with GB18030 character encoding.
  * Fix: Small corrections in the manual in section GB18030 and OPTIONS -m.
- Update to 7.2
  * New: Japanese translation of the UI messages.
  * New: Support Chinese GB18030 locale.
  * Change: On Unix/Linux convert UTF-16 to the locale encoding. It is
    no longer required that the locale encoding is UTF-8.
- Fixed license type: BSD-2-Clause
- Added missing manual translations: da, fr, pt_BR.
- Update to 7.1:
  * New: Option -i, --info to print file information.
    This new option prints number of DOS, Unix, and Mac line breaks, the byte
    order mark, and if the file is text or binary. And it can print the names
    of files that would be converted.
  Version 7.0
  * New: automated self-tests.
  * New: option -u to keep UTF-16 encoding.
  * New: option -v to print information about BOMs and converted line breaks.
  * Change: stdio mode does not automatically set quiet mode.
  * Change: stdio mode does not automatically force conversion of binaries.
    An error is returned when the stdin stream contains a binary symbol.
  * Bugfix: dos2unix -l created DOS line breaks from Mac line breaks.
  * Bugfix: system error number was not always returned.
  * Bugfix: an Unicode input file disabled 7bit and iso mode for next input files.
  * Bugfix: mac2unix help text, options -b and -r.
  * The code has been cleaned up.
- Update to 6.0.6:
  * Bugfix: mac2unix conversion produced corrupted output from
    UTF-16 input file.
  * New options -b (keep BOM) and -r (remove BOM).
  * New translation of the UI messages: Norwegian Bokmaal.
- Update to 6.0.5
  * Dos2unix is part of the Translation Project (TP).
    All translations go via the Translation Project.
  * New translations of UI messages: Brazilian Portuguese, Chinese (traditional),
    Danish, French, Hungarian, Polish, Serbian, Ukrainian, Vietnamese.
  * New translations of the manual: Brazilian Portuguese, French, German,
    Polish, Ukrainian.
  * Generated man pages are included in the source package to prevent
    compilation problems with very old or very new perl/pod2man versions.
  * Manuals are now generated from gettext PO files with po4a for easier
  * All manuals are now in UTF-8 encoding.
  * Skip symbolic links on Windows by default (same as on Unix).
- Update to 6.0.4.
  * New options -ul and -ub to conver UTF-16 files without BOM
  * New Russian translation of the messages
  * Build 32 bit Windows binaries with Large File Support (LFS) by
    using mingw-w64 for 32 bit Windows
  * When a binary symbol is encountered the value is printed
- Update to 6.0.3. Changes since 6.0:
  - Version 6.0.3
  * Source code compiles with Microsoft Visual C.
  * Print system error when writing output fails.
  - Version 6.0.2
  * The locale encoding detection when NLS was disabled has been fixed.
  * Print line number when a binary symbol is found.
  * Updated makefiles for Watcom C, and added a new one for OS/2.
  - Version 6.0.1
  * Update Spanish translations.
  * Update manual.
- fix build against openSUSE:Factory / standard: man page paths
- update to 6.0:
  * Conversion of Windows UTF-16 files to Unix UTF-8 files
  * Conversion of Unix UTF-8 files to Windows UTF-8 files with byte
    order mark
- Update to 5.3.3:
  - enabled wildcard expansion
  - small update in RETURN VALUE section of man page
- removed dos2unix-correct_ending.patch (instead pass HTMLEXT="/html"/
  to make)
- Update to 5.3.2:
  - Change of hmoepage URL.
  - All other changes are for non Unix platforms.
  - Don't recompress the package anymore.
- cross-build fix: use %__cc macro
- Remove redundant tags/sections from specfile
  (cf. packaging guidelines)
- Update to 5.3.1:
  * Spanish tranlation of messages and manual.
  * File ownership is maintained in old file mode (Unix only).
  * Dos2unix and Unix2dos share the same language files.
  * Code cleanup.
- Add buildrequire on xz.
- Repackage with xz.
- Open all fds with O_CLOEXEC.
- Version update to 5.3
  - removed patch dos2unix-no_pdf.patch, this version doesn't
    generate pdf/ps documents.
  - updated dos2unix-correct_ending.patch
  - fixed Url: in the spec file
- Don't generate ps/pdf documents, thus no need for ghostscript.
- Update to 5.2:
    ISO conversion mode supports same DOS code pages as SunOS dos2unix does:
    CP437 (US), CP850 (Western European), CP860 (Portuguese),
    CP863 (French Canadian), and CP865 (Nordic).
    ISO conversion mode supports Windows code page CP1252 (Western).
    SunOS compatible options -ascii, -iso, -7, -437, -850, -860, -863, and -865.
    Active code page detection for ISO mode.
    Fixed ISO conversion of non-breaking space (NBSP).
    Treat ASCII Form Feed control characters as valid text.
    Update manual pages.
    Don't include generated documentation files in Unix source package.
- Suffix for HTML pages is .html not .htm
- remove unsupported locales
- fix file list
- Use %_smp_mflags
- Update 5.1.1:
  * Added Dutch translation of the manual
  * Updated German translation
- Add eo-x directories to fix build.
- Update to 5.1:
  * Esperanto translations have been added.
  * Command-line options can be set in stdio mode.
  * Localization information has been added to the manual.
  * Man pages have been merged.
  * Man page generation from Perl POD file.
- Update to 5.0:
  * Dos2unix and Unix2dos have been bundled in a single package.
  * German translations have been added.
  * Dos2unix -l --newline also works in MAC mode.
  * Unix2dos also got option -l, --newline.
  * Added MAC mode to Unix2dos: Convert Unix line endings to Mac line endings.
  * Cleanup of messages and manual.
- Update to 4.1.2:
  * dos2unix.c: Preserve file mode in 'new file mode'.
  * Makefile: Allow CFLAGS to be set externally.
- Adapt Makefile patch and German message catalog.
- fix translation
- Update to 4.0:
  * version 4.0
  * Added internationalisation using gettext.
  * Added Dutch translation.
  * New option -L/--license that prints software license.
  * Code cleanup
  * Update manual
  * version 3.2
  * New file.
  * README: New file.
  * INSTALL: Updated.
  * Makefile: Makefile according GNU standards.
  * ChangeLog : New file.
  * Applied all patches from RedHat:
- Use DESTDIR only in install makefile targets.
- Add a German translation.
- enable parallel building
- Don't destroy original file if the output is on a different file
  system (bnc#488261).
- Add fix-calculation.patch (gh#dosfstools/dosfstools#153, bsc#1172863)
  to work with different size of clusters.
- Update to version 4.1:
  * Now the default for mkfs for filesystems smaller than 512 MB is
    64 / 32 sectors
  * The parsing of octal character specifications for filenames in
    the -u and -d 25 options of fsck now works.
  * Fixed a possible fatlabel crash when writing a label to an
    unlabelled filesystem
  * Testsuite is now available
- Update to 4.0
  * Switch build system to autotools.
  * Fixed data corruption errors in fsck.fat Writing to the third
    to last cluster on FAT12 with an odd number of clusters would
    corrupt the following cluster.
  * The automatic alignment of data clusters that was added in
    3.0.8 and broken for FAT32 starting with 3.0.20 has been
- Small spec file cleanup
- Drop no longer needed dosfstools-suse-dirs.patch
- Update to 3.0.28
  * mkfs.fat now allows choosing 0xF0 as the media byte which was
    previously rejected.
  * mkfs.fat now supports the --invariant option to facilitate
    testing mkfs.fat itself.
  * Bugs fixed in fsck.fat are a read one byte beyond the end of
    an allocated array when checking some FAT12 filesystems, and
    checking that the first cluster of a file as specified in the
    directory entry is not 1.
- Cleanup spec file with spec-cleaner
- fix url
- updated to 3.0.27:
  * fsck.fat: Don't print version string every time -v is
  * Fix attempt to rename root dir in fsck due to uninitialized
  * Support long file names in volume labeling code
- upstream changed
- Drop gpg-offline build-time requirement; this is now handled by
  the local source validator
- added fsck.{v,}fat and mkfs.{v,}fat compat symlinks in /sbin
- call spec-cleaner
- updated to 3.0.26:
  * Fix "/odd"/ files created by frequent power-loss.
- updated to 3.0.25:
  * Prevent corruption of FAT during fsck on 64 bit platforms.
    unsigned long is 64 bit on x86-64, which means set_fat was writing two
    entries, which corrupts the next entry. This can cause loss of data in
    another file.
  * Fixed remaining 64 bit build warnings.
- Update to version 049.1+suse.188.gbf445638:
  * 90kernel-modules-extra: don't resolve symlinks before instmod (bsc#1185277)
- Update to version 049.1+suse.187.g63c1504f:
  * fix(shutdown): add timeout to umount calls (bsc#1178219)
- Update to version 049.1+suse.186.g320cc3d1:
  * network-legacy: fix route parsing issues in ifup (bsc#1182688)
  * 90kernel-modules: arm/arm64: Add reset controllers
  * Prevent creating unexpected files on the host when running dracut
  * As of v246 of systemd "/syslog"/ and "/syslog-console"/ switches have been deprecated
- Update to version 049.1+suse.185.g9324648a:
  * 90kernel-modules: arm/arm64: Add reset controllers (bsc#1180336)
  * Prevent creating unexpected files on the host when running dracut (bsc#1176171)
- Update to version 049.1+suse.183.g7282fe92:
  * As of v246 of systemd "/syslog"/ and "/syslog-console"/ switches have been deprecated
    (multiple backported commits, bsc#1180119)
- Update to version 049.1+suse.174.g150b9981:
  * make collect optional (bsc#1177870)
  * Inclusion of dracut modifications to enable nvme-fc boot support (bsc#1142248)
  * suse.spec: add nvmf module
  * 95nvmf: Implement 'fc,auto' commandline syntax
  * 95nvmf: add nvmf-autoconnect script
  * 95nvmf: Fixup FC connections
  * 95nvmf: rework parameter handling
  * 95nvmf: fix typo in the example documentation
  * 95nvmf: add NVMe over TCP support
  * 95nvmf: add module for NVMe-oF
  Adds new module 95nvmf, see jsc#ECO-3063.
- Update to version 049.1+suse.171.g65b2addf:
  * FIPS workaround for openssl-libs (bsc#1178217)
  * 01fips: turn info calls into fips_info calls (bsc#1164076)
  * 00systemd: add missing cryptsetup-related targets (bsc#1177811)
- Update to version 049.1+suse.156.g7d852636:
  * support infiniband network mac addresses (bsc#996146)
  * 95nfs: use ip_params_for_remote_addr() (bsc#1167494)
  * 95iscsi: use ip_params_for_remote_addr() (bsc#1167494)
  * dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494)
- Update to version 049.1+suse.152.g8506e86f:
  * 01fips: modprobe failures during manual module loading is not fatal (bsc#bsc#1169997)
  * 91zipl: honor SYSTEMD_READY (bsc#1165828)
  * 95iscsi: fix ipv6 target discovery (bsc#1172807)
  * 35network-legacy: correct conditional for creating did-setup file (bsc#1172807)
- Update to version 049.1+suse.148.gc4a6c2dd:
  * 95fcoe: load 'libfcoe' module as a fallback (bsc#1173560)
  * 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases.
- Update to version 049.1+suse.146.g6f5195cf:
  * 35network-legacy: Fix dual stack setups (bsc#1172807)
- Update to version 049.1+suse.145.g8ae82192:
  * 95iscsi: fix missing space when compiling cmdline args (bsc#1172816)
- Update to version 049.1+suse.144.ge0eaf296:
  * Add wicked specific config files (bsc#1089333)
- Update to version 049.1+suse.143.g368f585a:
  * modules.d: fix udev rules detection of multipath devices (bsc#1171370)
- Update to version 049.1+suse.142.gf8776da4:
  * Run format_spec_file
- Update to version 049.1+suse.141.g7563c620:
  * network-legacy/ use $name instead of $env{INTERFACE} (bsc#1161438)
  * 35network-legacy: call initqueue/online for DHCP, too (boo#1161438)
  * 90nvdimm: include nvdimm keys in initrd (bsc#1161343)
- Update to version 049.1+git138.9068a629:
  * systemd: install systemd-tty-ask-password-agent systemd-ask-password
  * Mark interface setup after dhcp (bsc#1167161)
  * Store nameserver received from wicked dhcp lease (bsc#1167161)
- Changed scheme to 049.1+suse.139.g8a7d3d9e to match systemd package
  * Scheme pattern> <PARENT_TAG>+suse.<TAG_OFFSET>.g<SHA1>
  * No functional change
- Update to version 049.1+git135.46dceb02:
  * 40network: Do not require hostname binary
  * suse.spec: add new modules 90nvdimm and 99suse-initrd
  * 95fcoe: default rd.nofcoe to false (bsc#1163343)
  * Add module "/99suse-initrd"/ for parsing "/SUSE INITRD"/ lines (bsc#1161343)
    Dependent commits:
  * Add module "/90nvdimm"/ for NVDIMM support
  * 90kernel-modules: remove nfit from static module list
- Update to version 049.1+git129.0f19bbfd:
  * 35network-legacy: dhclient is optional (bsc#1166188)
  * suse.spec: Create -extra package (bsc#1166188)
  * suse.spec: Remove obsolete permission fixups
  * 00warpclock: Fix permissions in
- Update to version 049.1+git125.e2b2c9ef:
  * 01fips: handle SHA1 on machines without AVX (bsc#1160318)
  * Update: 90kernel-modules: Add PCI host controller modules (boo#1162669)
- Update to version 049.1+git124.70941b30:
  * 90kernel-modules: Add PCI host controller modules (boo#1162669)
- Update to version 049.1+git123.c2a6645e:
  * dracut: add warning when including unsupported modules (bsc#1163055)
  * 01fips: Boot without BOOT_IMAGE being set (bsc#1161292)
  * 01fips: Use correct kernel image name for more platforms (bsc#1164076)
- Update to version 049.1+git120.dbfbfcb8:
  * 95zfcp_rules/ remove rule existence check (bsc#1008352)
- Update to version 049.1+git119.abf1a408:
  * 30convertfs: adopt for SUSE (boo#1158777)
- Update to version 049+git118.a6090e2f:
  * Implement support for verifying the boot with fipscheck (bsc#1158530)
- Update to version 049+git117.d3206e79:
  * Remove purge-kernels scripts and service (jsc#SLE-10162)
- Update to version 049+git116.e9995c78:
  * dracut.spec: add convertfs module correctly (boo#1158777)
- Update to version 049+git115.c2d8d6fb:
  * suse: Remove incorrect usage of %_libexecdir (boo#1155785)
- Update to version 049+git114.058e566c:
  * 35network-legacy: only skip waiting for interfaces if netroot is set (bsc#1152006)
  * fixup "/Dracut: only login to one target at a time"/ (bsc#1152650)
- Update to version 049+git112.fe41ccd9:
  * dracut: move /var/run and /var/lock from directory to symlink (bsc#1149103, ECO#323)
  * 35network-legacy: signalize the setup in ifup when dhcp (bsc#1146661)
  * 35network-legacy: fix typo
  * 35network-legacy: install hostname required by (bsc#1146661)
- Update to version 049+git108.6c9d1156:
  * Nuke unused install_kmod_with_fw function
  * dracut-install: Support the compressed firmware files correctly (boo#1146769)
  * dracut: let module handling function accept optional path option
  * Fix udevdir detection
- Update to version 049+git104.1244eed7:
  * remove trailing "/|"/
- Update to version 049+git103.c8d99b62:
  * Add support for compressed kernel modules (boo#1135854)
- Update to version 049+git102.9ee0c387:
  * dracut-install: Add support for compressed firmware files (boo#1136677)
- Update to version 049+git101.17c579a0:
  * call netroot on wicked dhcp setup
  * nfsroot follow ifcfg settings for boot protocol
- Update to version 049+git99.76df40e7:
  * 95fcoe: Fix startup when fcoe module is included (boo#1136977)
  * tests: Ignore .testdir
  * Add support for riscv64
  * simplify get_kernel_version (bsc#1139939)
  * 95dasd-rules & 95zfcp_rules: Look for correct rule name (bsc#1137784)
- Update to version 049+git94.aef7a52b:
  * ucode: properly include early only ucode (bsc#1098915, bsc#1125393)
  * keep network device naming scheme on upgrade (bsc#1136927)
- Bump to 049
- Contains fixes for bsc#1134472, bsc#1134347 and bsc#1133819
- Patches are now maintained in git
  * Removed 0012-40network-Fix-race-condition-when-wait-for-networks.patch
  * Removed
  * Removed 0015-40network-replace-dhclient-with-wickedd-dhcp-supplic.patch
  * Removed 0016-Add-new-s390x-specific-rule-files.patch
  * Removed 0017-45ifcfg-use-distro-specific-scripts.patch
  * Removed 0020-00warpclock-Set-correct-timezone.patch
  * Removed 0021-95dcssblk-Add-new-module-for-DCSS-block-devices.patch
  * Removed 0048-40network-Only-enable-network-interfaces-if-explicit.patch
  * Removed 0053-01fips-fixup-loading-issues.patch
  * Removed 0056-81cio_ignore-handle-cio_ignore-commandline.patch
  * Removed 0057-01fips-Include-some-more-hmacs.patch
  * Removed 0058-dracut-add-warning-when-including-unsupported-module.patch
  * Removed 0059-99suse-Add-SUSE-specific-initrd-parsing.patch
  * Removed 0060-45ifcfg-Add-SUSE-specific-write-ifcfg-file.patch
  * Removed 0061-45ifcfg-Fixup-error-message-in-write-ifcfg-suse.patch
  * Removed 0075-95dasd_rules-enable-parsing-of-rd.dasd-commandline-p.patch
  * Removed 0076-Correctly-set-cio_ignore-for-dynamic-s390-rules.patch
  * Removed 0079-95dasd_rules-fixup-rd.dasd-parsing.patch
  * Removed 0080-95dasd_rules-print-out-rd.dasd-commandline.patch
  * Removed 0081-95dasd_mod-do-not-set-module-parameters-if-dasd_cio_.patch
  * Removed 0083-95zfcp_rules-Fixup-rd.zfcp-parsing.patch
  * Removed 0085-95zfcp_rules-print-out-rd.zfcp-commandline-parameter.patch
  * Removed 0086-95zfcp_rules-Auto-generate-udev-rule-for-ipl-device.patch
  * Removed 0087-95dasd_rules-Auto-generate-udev-rule-for-ipl-device.patch
  * Removed 0088-91zipl-Add-new-module-to-update-s390x-configuration.patch
  * Removed
  * Removed 0090-dracut-caps-Remove-whole-caps-module.patch
  * Removed 0091-dracut-biosdevname-In-SUSE-biosdevname-package-is-in.patch
  * Removed 0094-Implement-shortcut-ip-ifname-static-for-static-confi.patch
  * Removed 0107-Fixup-typo-firmare-instead-of-firmware.patch
  * Removed 0108-91zipl-Store-commandline-correctly.patch
  * Removed 0109-95dasd_rules-Store-all-devices-in-commandline.patch
  * Removed 0110-95zfcp_rules-Store-all-devices-in-commandline.patch
  * Removed 0113-91zipl-Install-script-as-executable.patch
  * Removed 0114-91zipl-Translate-ext2-3-into-ext4.patch
  * Removed 0116-Mark-scripts-as-executable.patch
  * Removed 0117-95dasd_rules-Enable-the-device-before-checking-devic.patch
  * Removed 0118-95zfcp_rules-Enable-the-device-before-checking-devic.patch
  * Removed 0121-Adjust-initramfs-kernel.img-to-SUSE-default-initrd-k.patch
  * Removed 0123-95zfcp_rules-fix-typo-in-module_setup.patch
  * Removed 0124-40network-Update-iBFT-scanning-code-to-handle-IPv6.patch
  * Removed 0125-40network-separate-mask-and-prefix.patch
  * Removed 0126-01fips-Add-drbg-module-to-force-loaded-modules.patch
  * Removed 0128-90lvm-Install-dm-snapshot-module.patch
  * Removed 0130-nfs-Always-add-all-kernel-modules-for-kdump.patch
  * Removed 0131-40network-handle-prefixed-IP-addresses-correctly.patch
  * Removed 0132-40network-fixup-static-network-configuration.patch
  * Removed 0133-Allow-multiple-configurations-per-network-interface-.patch
  * Removed 0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
  * Removed 0138-fips_add_aesni-intel.patch
  * Removed 0139-fips-kernel-4.4-fixes.patch
  * Removed 0142-40network-Don-t-report-error-for-etc-sysconfig-netwo.patch
  * Removed 0144-90crypt-Fixed-crypttab_contains-to-also-work-with-de.patch
  * Removed 0145-40network-handle-ip-ifname-static-correctly.patch
  * Removed 0150-Find-kernel-modules-in-extra-and-weak-updates-path-a.patch
  * Removed 0157-Add-boot-zipl-to-host-devs-if-it-is-a-mount-point.patch
  * Removed 0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe.patch
  * Removed 0159-network-Try-to-load-xennet.patch
  * Removed 0160-s390-update_active_devices_initrd.patch
  * Removed 0161-95zfcp_rules-simplified-rd.zfcp-commandline-for-NPIV.patch
  * Removed 0162-network-Request-DHCP-lease-instead-of-getting-applyi.patch
  * Removed 0163-Install-etc-sysconfig-console-to-see-specific-fonts.patch
  * Removed 0164-Fix-initramfs-ver.img-vs-initrd-ver-in-dracut-initra.patch
  * Removed 0168-remove_plymouth_logo_file.patch
  * Removed 0169-network_set_mtu_macaddr_for_dhcp.patch
  * Removed 0170-iscsi-skip-ibft-invalid-dhcp.patch
  * Removed 0180-i18n_add_correct_fontmaps.patch
  * Removed 0182-fix-include-parsing.patch
  * Removed 0183-fix_add_drivers_hang.patch
  * Removed 0188-95dasd_rules-Install-collect-udev-helper-binary.patch
  * Removed 0190-replace-iscsistart-with-systemd-service-files.patch
  * Removed 0191-static_network_setup_return_zero.patch
  * Removed 0192-iscsi_set_boot_protocol_from_ifcfg.patch
  * Removed 0193-95iscsi-Set-number-of-login-retries.patch
  * Removed 0196-ibft-wait-for-session-on-all-paths.patch
  * Removed 0197-95iscsi-Do-not-require-network-for-qla4xxx-flash-ses.patch
  * Removed 0198-95iscsi-set-rd.iscsi.firmware-for-qla4xxx-sessions.patch
  * Removed 0199-rd-iscsi-waitnet-default-false.patch
  * Removed 0200-dracut_fix_multipath_without_config.patch
  * Removed 0201-fix_nfs_with_ip_instead_of_hostname.patch
  * Removed 0202-dracut_dmraid_use_udev.patch
  * Removed 0203-no-fail-builtin-module.patch
  * Removed 0204-mkinitrd-fix-monster.patch
  * Removed 0205-mdraid_ignore_hostonly.patch
  * Removed 0206-nfs_dns_alias.patch
  * Removed 0207-handle_module_aliases.patch
  * Removed 0208-no_forced_virtnet.patch
  * Removed 0209-fix_modules_load_d_hostonly.patch
  * Removed 0210-add_fcoe_uefi_check.patch
  * Removed 0212-fcoe_reorder_init_path.patch
  * Removed 0213-Fix-wrong-keymap-inclusion.patch
  * Removed 0214-95fcoe-Do-not-overwrite-FCoE-configuration.patch
  * Removed 0215-95fcoe-Do-not-complain-about-missing-etc-hba.conf.patch
  * Removed 0216-95fcoe-silence-lldpad-warnings.patch
  * Removed 0217-95fcoe-Allow-to-specify-the-FCoE-mode-via-the-fcoe-p.patch
  * Removed 0218-40network-allow-persistent-interface-names.patch
  * Removed 0219-95fcoe-use-interface-names-instead-of-MAC-addresses.patch
  * Removed 0220-95fcoe-always-set-AUTO_VLAN-for-fcoemon.patch
  * Removed 0221-95fcoe-Add-shutdown-script.patch
  * Removed 0222-90dm-Fixup-shutdown-script.patch
  * Removed 0223-90dm-fixup-dependency-cycle-between-MD-and-DM-shutdo.patch
  * Removed 0224-95iscsi-setup-bnx2i-offload-connections-properly.patch
  * Removed 0225-95fcoe-do-not-start-fcoemon-twice.patch
  * Removed 0300-dracut_dont_use_dpkg_defaults_on_SUSE.patch
  * Removed 0301-include_sysconfig_language.patch
  * Removed 0302-Revert-90multipath-add-hostonly-multipath.conf-in-ca.patch
  * Removed 0303-fix_multipath_check_hostonly.patch
  * Removed 0304-90multipath-Start-daemon-after-udev-settle.patch
  * Removed 0305-90multipath-load-dm_multipath-module-during-startup.patch
  * Removed 0306-90multipath-add-shutdown-script.patch
  * Removed 0307-90multipath-parse-kernel-commandline-option-multipat.patch
  * Removed 0308-mdraid_add_IMSM_NO_PLATFORM_env.patch
  * Removed 0309-90dmraid-do-not-delete-partitions.patch
  * Removed 0310-95resume-Do-not-resume-on-iSCSI.patch
  * Removed 0311-95iscsi-ip-ibft-is-deprecated.patch
  * Removed 0312-40network-Do-not-print-message-about-tmp-net.ibft0.c.patch
  * Removed 0313-90mdraid-Use-stock-MD-rules-to-assemble-RAID-arrays.patch
  * Removed 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch
  * Removed 0402-driver-fail-summary.patch
  * Removed 0403-95lunmask-Add-module-to-handle-LUN-masking.patch
  * Removed 0404-dracut-emergency-optionally-print-fs-help.patch
  * Removed 0450-Strip-NUL-bytes-in-stream-before-push-in-string.patch
  * Removed
  * Removed 0452-Always-try-to-add-pinctrl-cherryview.patch
  * Removed 0453-Resolve-symbolic-links-for-i-and-k-parameters-bsc-90.patch
  * Removed 0454-Add-md4-and-arc4-modules-for-ntlm.patch
  * Removed 0500-Reset-IFS-variable.patch
  * Removed 0501-dasd_fix_ssid_bigger_zero.patch
  * Removed 0502-persistent_device_policy_param_enhance.patch
  * Removed
  * Removed 0504-ibft-fix-boot-flag-check.patch
  * Removed 0505-Allow-booting-from-degraded-MD-RAID-arrays.patch
  * Removed 0506-Boot-on-s390x-with-fips-1-on-the-kernel-commnad-line.patch
  * Removed 0507-Set-TaskMax-inifinite-for-the-emergency-shell.patch
  * Removed
  * Removed 0509-01fips-Remove-zlib-module-as-requirement.patch
  * Removed 0510-01fips-Some-modules-use-separators-other-than.patch
  * Removed 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch
  * Removed 0512-Make-binutils-optional-when-elfutils-are-available.patch
  * Removed 0513-Fix-regression-caused-by-6f9bf2b8ac436259bdccb110545.patch
  * Removed 0514-man-make-the-k-option-clear-using-mkinitrd.patch
  * Removed 0515-90kernel-modules-also-add-block-device-driver-revers.patch
  * Removed
  * Removed
  * Removed 0518-90kernel-modules-Fix-backlight-on-Cherrytrail-device.patch
  * Removed 0519-90kernel-modules-Ensure-phy-drivers-are-loaded-in-in.patch
  * Removed 0520-Ignore-module-resolution-errors.patch
  * Removed 0521-Ensure-udev-persistent-storage-compat-rules-get-crea.patch
  * Removed 0522-Fix-typo-from-commit-3f1cdb520.patch
  * Removed 0523-98dracut-systemd-Fix-module-force-loading-with-syste.patch
  * Removed 0524-Suppress-nonsensical-error-message-bsc-1032029.patch
  * Removed 0525-backport-bail-out-if-module-directory-does-not-exist.patch
  * Removed 0526-iscsiroot-call-handle_firmware-only-for-non-iface-in.patch
  * Removed 0527-switch-fips-checking-to-use-the-libkcapi-based-fipsc.patch
  * Removed
  * Removed 0529-systemd-add-missing-.slice-unit.patch
  * Removed 0530-dracut-systemd-dracut-cmdline-ask-fix-dracut-kernel-.patch
  * Removed 0531-dracut-systemd-.service-conflict-with-shutdown-targe.patch
  * Removed 0532-List-drivers-rather-than-looking-for-reverse-depende.patch
  * Removed 0533-instmods-check-modules.builtin-in-srcmods.patch
  * Removed 0534-ssh-client-Include-nss_-libraries.patch
  * Removed 0535-Sync-initramfs-after-creation.patch
  * Removed 0536-90multipath-drop-67-kpartx-compat.rules.patch
  * Removed
  * Removed 0538-Enable-core-dumps-with-systemd-from-initrd.patch
  * Removed 0539-Add-IMA-functionality-fate-323289.patch
  * Removed 0540-Check-the-proper-variable-for-a-custom-IMA-keys-dire.patch
  * Removed 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch
  * Removed 0542-Include-crc32c-intel-module-when-using-btrfs.patch
  * Removed 0543-Remove-00systemd-bootchart.patch
  * Removed 0544-40network-Make-ip-dhcp-work.patch
  * Removed 0545-Add-early-microcode-support-for-AMD-family-16h.patch
  * Removed 0546-Support-Microcode-Updates-for-AMD-CPU-Family-0x17.patch
  * Removed 0547-Fix-task-limit-in-emergency.service-the-same-change-.patch
  * Removed 0548-95fcoe-Switch-back-to-using-fipvlan-for-bnx2fc.patch
  * Removed 0549-fcoe-up-Increase-sleeptime-to-13s.patch
  * Removed 0550-95fcoe-add-timeout-initqueue-entries.patch
  * Removed 0551-fips-use-lib-modules-uname-r-modules.fips.patch
  * Removed 0552-98integrity-support-validating-the-IMA-policy-file-s.patch
  * Removed 0553-98integrity-support-loading-x509-into-the-trusted-bu.patch
  * Removed 0554-98integrity-support-X.509-only-EVM-configuration.patch
  * Removed 0555-Avoid-executing-emergency-hooks-twice.patch
  * Removed 0556-95qeth_rules-Add-new-module-to-copy-qeth-rules.patch
  * Removed 0557-40network-make-arping-optional.patch
  * Removed 0558-40network-remove-brctl-dependency.patch
  * Removed 0559-Add-wickedd-duid.xml-and-iaid.xml-if-available.patch
  * Removed 0560-90kernel-modules-Ensure-PCI-host-modules-are-include.patch
  * Removed 0561-Add-the-qedi-driver-to-driver-list-for-iscsi-boot.patch
  * Removed 0562-Adjust-driver-list-to-modern-kernels.patch
  * Removed 0563-40network-collapse-arping-and-dhcp-calls-into-wicked.patch
  * Removed 0564-40network-Always-set-the-gw-variable.patch
  * Removed 0565-90kernel-modules-Include-Intel-Volume-Management-Dev.patch
  * Removed 0566-95nfs-If-no-server-is-configured-read-BOOTSERVERADDR.patch
  * Removed 0567-Fix-booting-with-fips-1-on-SLES-15.patch
  * Removed 0568-95multipath-Pickup-files-in-etc-multipath-conf.d.patch
  * Removed 0569-10i18n-Load-all-keymaps-for-a-given-locale.patch
  * Removed 0570-10i18n-Fix-possible-infinite-recursion.patch
  * Removed 0571-40network-Fix-static-network-setup.patch
  * Removed 0572-lsinitrd-no-more-cat-write-error-Broken-pipe.patch
  * Removed
  * Removed 0574-s-find_btrfs_devs-btrfs_devs.patch
  * Removed 0580-check_for_CONFIG_ACPI_TABLE_UPGRADE.patch
  * Removed 0581-kernel-modules-add-nfit.patch
  * Removed 0582-98dracut-systemd-Start-systemd-vconsole-setup-before.patch
  * Removed 0583-99base-Allow-files-with-backslashes-in-hostonly-file.patch
  * Removed 0584-95dasd_rules-mark-dasd-rules-host_only.patch
  * Removed 0585-emergency-mode-use-sulogin.patch
  * Removed
  * Removed 0587-Fix-a-missing-space-in-example-configs.patch
  * Removed 0588-Ensure-mmc-host-modules-get-included-properly.patch
  * Removed
  * Removed 0590-00systemd-check-if-systemd-version-is-a-number.patch
  * Removed 0591-91zipl-Don-t-use-contents-of-commented-lines.patch
  * Removed 0592-95iscsi-handle-qedi-like-bnx2i.patch
  * Removed 0593-dracut-only-copy-xattr-if-root.patch
  * Removed 0594-Check-SUSE-kernel-module-dependencies-recursively.patch
  * Removed 0595-iscsi-don-t-continue-waiting-if-the-root-device-is-p.patch
  * Removed 0596-network-stop-waiting-for-interfaces-if-root-device-i.patch
  * Removed 0597-iscsiroot-parse_iscsi_root-overwrites-command-line-a.patch
  * Removed 0598-iscsiroot-there-s-never-more-than-one-target-per-cal.patch
  * Removed 0599-iscsiroot-try-targets-only-once.patch
  * Removed 0600-iscsiroot-remove-bashisms.patch
  * Removed
- guard against $dev beginning with "/-"/ (bsc#1132448)
  * adds
- 95iscsi: avoid error messages when building initrd, multipath timeouts
  (bsc#1130114, bsc#1130107, bsc#1121238)
  * adds 0595-iscsi-don-t-continue-waiting-if-the-root-device-is-p.patch
  * adds 0596-network-stop-waiting-for-interfaces-if-root-device-i.patch
  * adds 0597-iscsiroot-parse_iscsi_root-overwrites-command-line-a.patch
  * adds 0598-iscsiroot-there-s-never-more-than-one-target-per-cal.patch
  * adds 0599-iscsiroot-try-targets-only-once.patch
  * adds 0600-iscsiroot-remove-bashisms.patch
- Bump version to 044.2 to provide a version to lock on to (bsc#1127891)
- Check SUSE kernel module dependencies recursively (bsc#1127891)
  * adds 0594-Check-SUSE-kernel-module-dependencies-recursively.patch
- Handle non-versioned dependency in purge-kernels.
- purge-kernels: Avoid endless loop when uninstalling kernels that depend on
  KMPs which in themselves depend on other packages (bsc#1125327)
- Avoid "/Failed to chown ... Operation not permitted"/ when run from non-root,
  by not copying xattrs. (osc#1092178)
  * adds 0593-dracut-only-copy-xattr-if-root.patch
- Correct fix for displaying text on emergency consoles (boo#1124088)
  * removes 0589-Fix-displaying-text-on-emergency-consoles.patch
  * adds
- 95iscsi: handle qedi like bnx2i (bsc#1113712)
  * adds 0592-95iscsi-handle-qedi-like-bnx2i.patch
- 91zipl: Don't use contents of commented lines (osc#1119499)
  * adds 0591-91zipl-Don-t-use-contents-of-commented-lines.patch
- Fix displaying text on emergency consoles (boo#1124088)
  - adds 0589-Fix-displaying-text-on-emergency-consoles.patch
- Fix systemd version check, will be required for systemd v241
  - 0590-00systemd-check-if-systemd-version-is-a-number.patch
- Remove invalid "/FONT_MAP=none"/ from vconsole.conf (osc#1013573)
- Ensure mmc host modules get included properly (bsc#1119037)
  * adds 0588-Ensure-mmc-host-modules-get-included-properly.patch
- Fix a missing space in example configs (boo#1121251)
  * adds 0587-Fix-a-missing-space-in-example-configs.patch
- 95zfcp_rules/ remove rule existence check (bsc#1008352).
  * adds
- dracut-installkernel: Stop keeping old kernel files as .old
  The .old kernel files are confusing grub2 which can't find a
  matching directory under /lib/modules. Furthermore, there is no
  guarantee that the new modules are fully compatible with the old
  If anything goes wrong with a new self-compiled kernel, the user
  can always boot back to the distribution kernel, so the .old
  backup files are not needed in the first place. Get rid of them
  to simplify and speed up the whole process.
-  emergency mode: bring shell and all vital information to
  all ttys specified as console devices
  (FATE#325386, bsc#1053248, bsc#937555)
  * Adds 0585-emergency-mode-use-sulogin.patch
- 98dracut-systemd: Start systemd-vconsole-setup before dracut-cmdline-ask
  * adds 0582-98dracut-systemd-Start-systemd-vconsole-setup-before.patch
- Fixed Patch 581 to apply cleanly
  * Updates 0581-kernel-modules-add-nfit.patch
- Mark the DASD udev rules host-only and handle backslashes in paths for
  hostonly files (bsc#1090884)
  * adds 0583-99base-Allow-files-with-backslashes-in-hostonly-file.patch
  * adds 0584-95dasd_rules-mark-dasd-rules-host_only.patch
- Add nfit module (bsc#1110519)
  * adds 0581-kernel-modules-add-nfit.patch
- Add kernel-syms to list of packages to remove with purge-kernels (bsc#1104090).
- Skip kernels that cannot be removed by purge-kernels due to dependencies and
  continue removing other kernels (bsc#1104090).
- Fix finding btrfs devices (bsc#1104178).
  * add 0574-s-find_btrfs_devs-btrfs_devs.patch
- Add fix to override ACPI tables via initrd, a kernel config variable
  changed name (bsc#1098448)
  This is mainline git commit 940169e8d8e500498a3f350b2b3f341ae6548492
  A 0580-check_for_CONFIG_ACPI_TABLE_UPGRADE.patch
- 40network: Fix static network setup (bsc#1091099)
  * adds 0571-40network-Fix-static-network-setup.patch
- lsinitrd: Fix cat: write error: Broken pipe error (bsc#1094603)
  * adds 0572-lsinitrd-no-more-cat-write-error-Broken-pipe.patch
  * adds
- 95multipath: Pickup multipath files in /etc/multipath/conf.d (boo#1048551)
  * adds 0568-95multipath-Pickup-files-in-etc-multipath-conf.d.patch
- 10i18n: Load all keymaps for a given locale (boo#1065058)
  * adds 0569-10i18n-Load-all-keymaps-for-a-given-locale.patch
  * adds 0570-10i18n-Fix-possible-infinite-recursion.patch
- 01fips: fix FIPS mode on SLES 15 (bsc#1074984)
  * adds 0567-Fix-booting-with-fips-1-on-SLES-15.patch
- Do not attempt to run purge-kernels.service on ro rootfs (bsc#1087880)
- 95nfs: If no server is configured, read BOOTSERVERADDR from wicked's leaseinf
  * adds 0566-95nfs-If-no-server-is-configured-read-BOOTSERVERADDR.patch
- Remove RH-specific s390 modules (bsc#1086216)
- Use %license instead of %doc [bsc#1082318]
- Instead of using arping, use wicked's own implementation (bsc#1078245)
  Follow-up patch to "/disable arping"/, requires wicked 0.6.46.
  * adds 0563-40network-collapse-arping-and-dhcp-calls-into-wicked.patch
- Wicked: Properly add set gateway variable when using dhcp (bsc#1085614)
  * adds 0564-40network-Always-set-the-gw-variable.patch
- Allow booting from block devices using intel vmd (bsc#1079924)
  * adds 0565-90kernel-modules-Include-Intel-Volume-Management-Dev.patch
- Enable aarch64 and adds critical drivers of ARM platform (bsc#1084272)
  * adds 0562-Adjust-driver-list-to-modern-kernels.patch
- 95iscsi: Add the qedi driver to driver list for iscsi boot
  * adds 0561-Add-the-qedi-driver-to-driver-list-for-iscsi-boot.patch
- purge-kernels: Handle SLE 15 kernel live patches (bsc#108437)
- 90kernel-modules: Ensure PCI host modules are included (boo#1079924)
  * adds 0560-90kernel-modules-Ensure-PCI-host-modules-are-include.patch
- 40network: Add wickedd duid.xml and iaid.xml if available
  (bsc#1022872, bsc#1082832)
  * adds 0559-Add-wickedd-duid.xml-and-iaid.xml-if-available.patch
- 95qeth_rules: Fix file permissions (FATE#323440)
- 40network: disable arping, it is no longer part of default installation (bsc#1078245)
  * Adds 0557-40network-make-arping-optional.patch
- 40network: replace brctl, it is longer part of default installation (bsc#1078245)
  * Adds 0558-40network-remove-brctl-dependency.patch
- 95qeth_rules: Add new module to copy qeth rules (FATE#323440)
  * Adds 0556-95qeth_rules-Add-new-module-to-copy-qeth-rules.patch
- Avoid executing emergency hook twice
  * Adds 0555-Avoid-executing-emergency-hooks-twice.patch
- support validating the IMA policy file signature, needed since Kernel 4.7
  * Adds 0552-98integrity-support-validating-the-IMA-policy-file-s.patch
- IMA: improve support for evm key loading (bsc#1077359, fate#323906)
  * Adds 0553-98integrity-support-loading-x509-into-the-trusted-bu.patch
  * Adds 0554-98integrity-support-X.509-only-EVM-configuration.patch
- FIPS: Adjust dependencies to work for cryptsetup 2.0 (bsc#1077070)
- Added a few more patch annotations
- Fix typo for ima dependency (evmtcl vs evmctl) (bsc#1073466)
- Updated Patch annotation regarding their upstream state
- FIPS: Try to fetch list of fips modules from the kernel's modules dir (bsc#1074984)
  * Adds 0551-fips-use-lib-modules-uname-r-modules.fips.patch
- Annotated patches regarding their upstream state
- dracut-ima requires evmctl and keyutils (bsc#1073466)
- Switch back to fipvlan for bnx2fc (bsc#1052840)
  * adds 0548-95fcoe-Switch-back-to-using-fipvlan-for-bnx2fc.patch
- 95fcoe: Allow bnc2x driver more time to complete DCB negotiation (bsc#1052840)
  * adds 0549-fcoe-up-Increase-sleeptime-to-13s.patch
- 95fcoe: add timeout initqueue entries (bsc#1052840)
  * adds 0550-95fcoe-add-timeout-initqueue-entries.patch
- Fix task limit in emergency.service (same as in dracut-emergency.service) (bsc#1019938)
  * adds 0547-Fix-task-limit-in-emergency.service-the-same-change-.patch
- Fix logic for applying 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch
- Support AMD CPU families 0x16 and 0x17 (bsc#1072424)
  * Adds 0545-Add-early-microcode-support-for-AMD-family-16h.patch
  * Adds 0546-Support-Microcode-Updates-for-AMD-CPU-Family-0x17.patch
- Make ip=dhcp work. Previously, a network interface specifier was required.
  The new behaviour matches documented behaviour.
  Adds 0544-40network-Make-ip-dhcp-work.patch
- Remove 00systemd-bootchart, which is gone from systemd for some time (bsc#1067279)
  Adds 0543-Remove-00systemd-bootchart.patch
- Ensure 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch is
  not applied on Leap either
- Ensure 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch
  is not applied on SLE.
- This is to support predictable interface names (boo#960669)
  * adds 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch
- Include crc32c Intel module when using btrfs (bsc#1011554)
  * adds 0542-Include-crc32c-intel-module-when-using-btrfs.patch
- Check the proper variable for a custom IMA keys directory (cherry-picked)
  Part of fate#323289.
  * adds 0540-Check-the-proper-variable-for-a-custom-IMA-keys-dire.patch
- Reword dracut-ima description to avoid misunderstandings.
- Replace old RPM constructs.
- Add IMA functionality (fate#323289)
  This is implemented as a sub module analogous to FIPS
  * adds 0539-Add-IMA-functionality-fate-323289.patch
- 90multipath: Remove compat rule that is no longer needed (bsc#1054539)
  * adds 0536-90multipath-drop-67-kpartx-compat.rules.patch
- Don't detect crc32.ko as built-in (bsc#1054538)
  * adds
- Enable systemd-based core dumps for initrd (bsc#1054809)
  * adds 0538-Enable-core-dumps-with-systemd-from-initrd.patch
- Add missing coreutils dependency for initrd macros (bsc#1055492).
- Ensure that targets such as halt can be reached (bsc#1048698)
  * adds 0529-systemd-add-missing-.slice-unit.patch
  * adds 0530-dracut-systemd-dracut-cmdline-ask-fix-dracut-kernel-.patch
  * adds 0531-dracut-systemd-.service-conflict-with-shutdown-targe.patch
- Do not add too many drivers all at once (bsc#1037344)
  * adds 0532-List-drivers-rather-than-looking-for-reverse-depende.patch
- instmods: check modules.builtin in $srcmods (bsc#1048606)
  * adds 0533-instmods-check-modules.builtin-in-srcmods.patch
- ssh-client: ensure is usable in all cases (bsc#1021846)
  * adds 0534-ssh-client-Include-nss_-libraries.patch
- Sync initramfs after creation to ensure entigrity (bsc#1049113)
  * adds 0535-Sync-initramfs-after-creation.patch
- Ensure responds properly to hostonly cmdline (bsc#1048748)
  * adds
- switch fips checking to use the libkcapi based fipscheck toolset (bsc#1048565)
  * adds 0527-switch-fips-checking-to-use-the-libkcapi-based-fipsc.patch
- iscsiroot: call handle_firmware only for non-iface invocations (bsc#1032284)
  * adds 0526-iscsiroot-call-handle_firmware-only-for-non-iface-in.patch
- bail out if module directory does not exist (bsc#1043900)
  * adds 0525-backport-bail-out-if-module-directory-does-not-exist.patch
- Suppress nonsensical error message (bsc#1032029)
  * adds 0524-Suppress-nonsensical-error-message-bsc-1032029.patch
- 01fips: Fix typo (bsc#1033238)
  * adds 0522-Fix-typo-from-commit-3f1cdb520.patch
- 98dracut-systemd: Fix module force loading with systemd (bsc#986216)
  * adds 0523-98dracut-systemd-Fix-module-force-loading-with-syste.patch
- Ship udev files required by systemd (bsc#1040153)
  * adds 0521-Ensure-udev-persistent-storage-compat-rules-get-crea.patch
- Bump package version to 044.1 to allow systemd to depend on this change
- Revert: "/Require version >= 3.18 btrfsprogs, rather than conflicting with
  an older one"/. Dracut should never depend on optional components
- Ignore module resolution errors (e.g. with kgraft) (bsc#1037120)
  * adds 0520-Ignore-module-resolution-errors.patch
- 90kernel-modules: Ensure phy drivers are loaded in initrd (bsc#1034893)
  * adds 0519-90kernel-modules-Ensure-phy-drivers-are-loaded-in-in.patch
- 90kernel-modules: Fix backlight on Cherrytrail devices (boo#1034785)
  * adds 0518-90kernel-modules-Fix-backlight-on-Cherrytrail-device.patch
- 95fcoe: fix rules generation (osc#1036323)
  * adds
- More correct patch description for 0512, no functional changes
  * updates 0512-Make-binutils-optional-when-elfutils-are-available.patch
- Require version >= 3.18 btrfsprogs, rather than conflicting with
  an older one
- Fix subnet calculation in mkinitrd (bsc#1035743)
  * adds
- Conflict with older btrfsprogs < 3.18  bsc#1035518
  * otherwise when zypper duping we are not able to generate intrd
    until the btrfsprogs are updated, this way we force the app
    to be update beforehand (13.1 and SLE11 migrations)
- Ensure hisi_sas_v2_hw gets included (bsc#1034597)
  * adds 0515-90kernel-modules-also-add-block-device-driver-revers.patch
- Fix mdraid regression (bsc#1028542)
  * adds 0513-Fix-regression-caused-by-6f9bf2b8ac436259bdccb110545.patch
- man: make the -k option clear using mkinitrd (bsc#1012656)
  * adds 0514-man-make-the-k-option-clear-using-mkinitrd.patch
- Fix typo in installkernel script (bsc#1032576)
- Drop binutils dependency in favor of elfutils
  * add 0512-Make-binutils-optional-when-elfutils-are-available.patch
- 01fips: Make init on non-x86_64, specifically s390x, pass (bsc#1021687)
  * add 0510-01fips-Some-modules-use-separators-other-than.patch
  * add 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch
- installkernel: handle make bin-rpmpkg (bsc#1008648)
- Do not pass ifname for bonding devices (bsc#995812)
  * add 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch
- Find devices by path for S390x (bsc#915218)
  * add s390x_persistent_device.conf
- 01fips: Remove zlib module as requirement (bsc#1020063)
  * add 0509-01fips-Remove-zlib-module-as-requirement.patch
- 90multipath: 90multipath: start before
  (bsc#1005410, bsc#1006118, bsc#1007925)
  * add
- unlimit TaskMax for xfs_repair in emergency shell (bsc#1019938)
  * add 0507-Set-TaskMax-inifinite-for-the-emergency-shell.patch
- Boot on s390x with fips=1 on the kernel commnad line (bnc#1021687)
  * add 0506-Boot-on-s390x-with-fips-1-on-the-kernel-commnad-line.patch
- Allow booting from degrated MD arrays with systemd (bsc#1017695)
  * add 0505-Allow-booting-from-degraded-MD-RAID-arrays.patch
- Add md4 and arc4 modules for ntlm authentication
  * add 0454-Add-md4-and-arc4-modules-for-ntlm.patch
- Resolve symbolic links for -i and -k parameters (bsc#902375)
  * add 0453-Resolve-symbolic-links-for-i-and-k-parameters-bsc-90.patch
- purge-kernels: Handle kgraft patches (bsc#1017141)
  Cleanup unused code.
- deal with incomplete ibft bootflag settings (bsc#1007648)
  * add 0504-ibft-fix-boot-flag-check.patch
- Remove 0314-run-rpcbind.patch again, was solved by another
  change in rpcbind
- Try to always add pinctrl-cherryview (bsc#998440)
  * add 0452-Always-try-to-add-pinctrl-cherryview.patch
- nfs/rpcbind: rpcbind uses now /run/rpcbind for temporary data.
  Create the needed directory.
  * add 0314-run-rpcbind.patch
- systemd-initrd: Add Cherry-pick to get
  systemd v230 into factory (bsc1009089)
  * add
- Bash cannot handle binary strigns with embedded NULs. This used
  to work by accident, it no longer does starting from bash 4.4.
  Strip NULs during all comparison operations as a workaround.
  Addresses bsc989218.
  * add 0450-Strip-NUL-bytes-in-stream-before-push-in-string.patch
- Do not create initramfs with world-readable permissions if
  early microcode update is used bsc#1008340 CVE-2016-8637
- Add missing rules file for previous patch
  * modify 0313-90mdraid-Use-stock-MD-rules-to-assemble-RAID-arrays.patch
- 90mdraid: Use stock MD rules to assemble RAID arrays (bsc#998860)
  * add 0313-90mdraid-Use-stock-MD-rules-to-assemble-RAID-arrays.patch
- 95resume: Do not resume on iSCSI devices (bsc#999663)
  * add 0310-95resume-Do-not-resume-on-iSCSI.patch
- 95iscsi: ip=ibft is deprecated (bsc#1004437)
  * add 0311-95iscsi-ip-ibft-is-deprecated.patch
- 40network: do not print warning about non-existing file
  * add 0312-40network-Do-not-print-message-about-tmp-net.ibft0.c.patch
- 90dmraid: do not delete partitions (bsc#998860)
  * add 0309-90dmraid-do-not-delete-partitions.patch
- Give-persistent_policy-precedence-over-dev-mapper-names (bsc#908143)
  * add: 0502-persistent_device_policy_param_enhance.patch
- mdadm IMSM_NO_PLATFORM workaround for kdump (bsc#975404)
  * add: 0308-mdraid_add_IMSM_NO_PLATFORM_env.patch
- 90multipath: parse commandline option 'multipath=off' (bsc#1001691)
  * add 0307-90multipath-parse-kernel-commandline-option-multipat.patch
- 95fcoe: do not start fcoemon twice (bsc#1001512)
  * add 0225-95fcoe-do-not-start-fcoemon-twice.patch
- Reformat patch headers:
  * modify 0199-rd-iscsi-waitnet-default-false.patch
  * modify 0200-dracut_fix_multipath_without_config.patch
  * modify 0210-add_fcoe_uefi_check.patch
  * modify 0212-fcoe_reorder_init_path.patch
- Rediff patches to apply cleanly:
  * modify 0124-40network-Update-iBFT-scanning-code-to-handle-IPv6.patch
  * modify 0133-Allow-multiple-configurations-per-network-interface-.patch
  * modify 0170-iscsi-skip-ibft-invalid-dhcp.patch
  * modify 0218-40network-allow-persistent-interface-names.patch
- Remove spurious whitespaces:
  * modify 0169-network_set_mtu_macaddr_for_dhcp.patch
- 40network: print out correct prefix (bsc#996141)
  * modify 0125-40network-separate-mask-and-prefix.patch
- 95iscsi: setup bnx2i offload connection correctly (bsc#997598)
  * add 0224-95iscsi-setup-bnx2i-offload-connections-properly.patch
- Rename patches to match sequence number:
  * old: 0019-40network-Fix-race-condition-when-wait-for-networks.patch
  * new: 0012-40network-Fix-race-condition-when-wait-for-networks.patch
  * old:
  * new:
- rd.iscsi.waitnet should default to false in order for dracut to
  wait for the network devices (bsc#997598)
  * add 0199-rd-iscsi-waitnet-default-false.patch
- 95multipath: Replace 'grep' with 'sed' for shutdown scripts
  * modify 0306-90multipath-add-shutdown-script.patch
- fix boot issues using RAID, bnc#970215
- Add missing whitespace for md raid suse kernel param parsing (bsc#970215)
  * modify: 0059-99suse-Add-SUSE-specific-initrd-parsing.patch
- Fix IFS separater in (bsc#996141)
  * modify: 0125-40network-separate-mask-and-prefix.patch
- Rename patch:
  * From 0211-fix_multipath_check_hostonly.patch
    to 0303-fix_multipath_check_hostonly.patch
- Rename patch:
  * From 0213-10i18n-keymap-find.patch
    to 0213-Fix-wrong-keymap-inclusion.patch
- 95fcoe: Do not complain about missing /etc/hba.conf (bsc#980539)
  * Add 0215-95fcoe-Do-not-complain-about-missing-etc-hba.conf.patch
- 95fcoe: silence lldpad warnings
  * Add 0216-95fcoe-silence-lldpad-warnings.patch
- 95fcoe: Allow to specify the FCoE mode via the fcoe= parameter
  * Add 0217-95fcoe-Allow-to-specify-the-FCoE-mode-via-the-fcoe-p.patch
- 40network: allow persistent interface names (bsc#995284)
  * Add 0218-40network-allow-persistent-interface-names.patch
- 95fcoe: use interface names instead of MAC addresses
  * Add 0219-95fcoe-use-interface-names-instead-of-MAC-addresses.patch
- 95fcoe: always set AUTO_VLAN for fcoemon (bsc#995019)
  * Add 0220-95fcoe-always-set-AUTO_VLAN-for-fcoemon.patch
- 95fcoe: Add shutdown script (bsc#994860)
  * Add 0221-95fcoe-Add-shutdown-script.patch
- 90dm: Fixup shutdown script (bsc#994860)
  * Add 0222-90dm-Fixup-shutdown-script.patch
- 90dm: fixup dependency cycle between MD and DM shutdown (bsc#994860)
  * Add 0223-90dm-fixup-dependency-cycle-between-MD-and-DM-shutdo.patch
- 90multipath: Start daemon after udev settle (bsc#986734)
  * Add 0304-90multipath-Start-daemon-after-udev-settle.patch
- 90multipath: load dm_multipath module during startup
  * Add 0305-90multipath-load-dm_multipath-module-during-startup.patch
- 90multipath: add shutdown script (bsc#994860)
  * Add 0306-90multipath-add-shutdown-script.patch
- Reformat patches and add patch header:
  * 0053-01fips-fixup-loading-issues.patch
  * 0126-01fips-Add-drbg-module-to-force-loaded-modules.patch
  * 0128-90lvm-Install-dm-snapshot-module.patch
  * 0133-Allow-multiple-configurations-per-network-interface-.patch
  * 0138-fips_add_aesni-intel.patch
  * 0168-remove_plymouth_logo_file.patch
  * 0169-network_set_mtu_macaddr_for_dhcp.patch
  * 0170-iscsi-skip-ibft-invalid-dhcp.patch
  * 0180-i18n_add_correct_fontmaps.patch
  * 0196-ibft-wait-for-session-on-all-paths.patch
  * 0201-fix_nfs_with_ip_instead_of_hostname.patch
  * 0300-dracut_dont_use_dpkg_defaults_on_SUSE.patch
  * fips-kernel-4.4-fixes.patch
- Rename patch:
  * from fips-kernel-4.4-fixes.patch
  * to 0139-fips-kernel-4.4-fixes.patch
- Do not overwrite existing FCoE configuration (bsc#993861)
  * Add 0213-95fcoe-Do-not-overwrite-FCoE-configuration.patch
- Fix DASD SSID handling (bsc#989313)
  * Add 0501-dasd_fix_ssid_bigger_zero.patch
- Advise user of fs recovery options when we fail to mount (fate#320443)
  * Add 0404-dracut-emergency-optionally-print-fs-help.patch
- Add 32bit arm support to installkernel
- Add 0213-10i18n-keymap-find.patch:
  - Fix choice of keymap for inclusion (bsc#942896)
  - Refresh 0301-include_sysconfig_language.patch
- FCOE fix bsc#982588
  * Add 0212-fcoe_reorder_init_path.patch
- fips-kernel-4.4-fixes.patch: adjust the kernel module list to
  match the SLES 12 SP2 kernel. (bsc#976577)
- Port missing SLES patches
  * Add 0197-95iscsi-Do-not-require-network-for-qla4xxx-flash-ses.patch
  * Add 0198-95iscsi-set-rd.iscsi.firmware-for-qla4xxx-sessions.patch
  * Remove 0194-95iscsi-Do-not-require-network-for-qla4xxx-flash-ses.patch
  * Remove 0195-95iscsi-set-rd.iscsi.firmware-for-qla4xxx-sessions.patch
- Rewrite patch:
  * Add 0302-Revert-90multipath-add-hostonly-multipath.conf-in-ca.patch
  * Remove 0001-multipath_revert_mpathconf_binary_use.patch
- Update 0403-95lunmask-Add-module-to-handle-LUN-masking.patch
  to match upstream kernel submission (FATE#319786)
- Add IFS restoring where it has been lost due to mainline merging
  * Add 0500-Reset-IFS-variable.patch
- Make sure to install collect binary (bsc#976466)
  * Add: 0188-95dasd_rules-Install-collect-udev-helper-binary.patch
- Remove version from requires on subpackage
- Add a split provide because of the package split for SLE12 SP1 to SP2 upgrade
- Forward port of latest SLES patches (fate#320499)
  * 0001-multipath_revert_mpathconf_binary_use.patch (fate#320499)
  * 0170-iscsi-skip-ibft-invalid-dhcp.patch (bsc#953361)
  * 0160-s390-update_active_devices_initrd.patch (bsc#939101)
  * 0161-95zfcp_rules-simplified-rd.zfcp-commandline-for-NPIV.patch (bsc#964456)
  * 0190-replace-iscsistart-with-systemd-service-files.patch (fate#319024)
  * 0191-static_network_setup_return_zero.patch (bsc#919179)
  * 0192-iscsi_set_boot_protocol_from_ifcfg.patch (bsc#919179)
  * 0193-95iscsi-Set-number-of-login-retries.patch (bsc#951003)
  * 0196-ibft-wait-for-session-on-all-paths.patch (bsc#951003)
  * 0403-95lunmask-Add-module-to-handle-LUN-masking.patch (FATE#319786)
  Added, but still commented in spec file (still needs adjusting):
- Fixup booting from qla4xxx (bsc#951003)
  * 0194-95iscsi-Do-not-require-network-for-qla4xxx-flash-ses.patch
  * 0195-95iscsi-set-rd.iscsi.firmware-for-qla4xxx-sessions.patch
- dracut-installkernel: Fix for aarch64 (bsc#947670)
- Move dist config file to /usr/lib/dracut/dracut.conf.d (bsc#972143)
- Remove stale, unused patch file:
- Still create a debug config example in /etc/dracut.conf.d
- Add 0211-fix_multipath_check_hostonly.patch:
  - Fix warning about multipath
- Modify 0300-dracut_dont_use_dpkg_defaults_on_SUSE.patch:
  - Don't try to include plymouth if plymouth-dracut pkg. not installed
- Add 0210-add_fcoe_uefi_check.patch:
  - Only install fcoe-uefi module if needed (boo#965477)
- Fix 0208-no_forced_virtnet.patch:
  - On non-QEMU systems it returned non-zero, causing dracut to fail
  - Fixed boo#965477
  - dracut.spec: Remove 90qemu-net entirely instead of disabling
  - running_in_qemu was broken (reading output of >/dev/null)
- Fix 0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe.patch:
  - Patch did not have any effect whatsoever
  - Fixes bsc#869496
  - Rename from 0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe..patch
- Add 0169-network_set_mtu_macaddr_for_dhcp.patch:
  - Set MTU and LLADDR for DHCP if specified (boo#959803)
- Modify 0017-45ifcfg-use-distro-specific-scripts.patch:
  - Also revert upstream commit f34e1d6b to not forcibly
    include network and ifcfg modules (bsc#960669)
- Refresh:
  - 0094-Implement-shortcut-ip-ifname-static-for-static-confi.patch
  - 0132-40network-fixup-static-network-configuration.patch
  - 0142-40network-Don-t-report-error-for-etc-sysconfig-netwo.patch
  - 0402-driver-fail-summary.patch
- Add 0209-fix_modules_load_d_hostonly.patch:
  - Fix modules-load.d with hostonly (boo#962224)
- Add 0208-no_forced_virtnet.patch:
    Don't include qemu-net modules without reason.
    Fix for bsc#960669
- Refresh and merge:
- Delete 0134-Remove-bootdev-warning-bnc-881112.patch:
  - ip=ibft got deprecated, so workaround not necessary
- Add 0207-handle_module_aliases.patch:
    Handle module aliases correctly to not generate unbootable
    initrds with different kernel versions. Fix for boo#962694
- Don't require bind-utils, it conflicts with
- Add warning about pkgconfig file to rpmlintrc's ignore list
- Fix spec file:
  - Add dracut-catimages manpage to dracut-tools
  - Fix summary of dracut-tools subpackage
- Remove 0400-use_fstab_systemd.patch
- Move dracut-catimages, /boot/dracut and /var/lib/dracut into
    dracut-tools subpackage
- Cleanup spec file
- Refresh patches with line offsets:
- Update to dracut-044
- Patches upstream, removed here:
- Updated/Refreshed patches:
- Fix 0202-dracut_dmraid_use_udev.patch:
  - Statement was missing a program to execute
- Add 0206-nfs_dns_alias.patch to fix boo#955592:
  - Fix dracut run on nfs root where NFS host is a DNS ALIAS
- Require bind-utils. host is used in some lines
- Fix the wrong kernel config check for microcode with 4.4 kernel
- Disable 0400-use_fstab_systemd.patch
  - Fully implementing this would take ages
  - Fix boo#948771
- Add numbers to the filename of all patches:
  fips_add_aesni-intel.patch -> 0138-fips_add_aesni-intel.patch
  dracut_fix_multipath_without_config.patch -> 0200-dracut_fix_multipath_without_config.patch
  fix_nfs_with_ip_instead_of_hostname.patch -> 0201-fix_nfs_with_ip_instead_of_hostname.patch
  dracut_dmraid_use_udev.patch -> 0202-dracut_dmraid_use_udev.patch
  dracut_dont_use_dpkg_defaults_on_SUSE.patch -> 0300-dracut_dont_use_dpkg_defaults_on_SUSE.patch
- Update description in dracut.spec
- Add 0301-include_sysconfig_language.patch:
  - Include /etc/sysconfig/language instead of forcibly generating
  - Workaround and partial fix for boo#927250
- Add 0205-mdraid_ignore_hostonly.patch:
  - Always install mdraid modules (boo#935993)
- Modify 0402-driver-fail-summary.patch
  - Add notice (bsc#952491)
  - Use mktemp instead of hardcoded filenames (bnc#935338)
- Modify 0144-90crypt-Fixed-crypttab_contains-to-also-work-with-de.patch
  - Use mktemp instead of hardcoded filenames (bnc#935338)
- Add dracut-rpmlintrc
- Fix permissions of various scripts, as patch does not
    create executable files
- Fix format of patch disablement
- Add 0204-mkinitrd-fix-monster.patch:
  - Implement functionality of -A option
  - Without this patch, -A sets host_only=0,
    but host_only wasn't used
  - Translates into --no-host-only now
- References boo#935993
- Add 0402-driver-fail-summary.patch:
  - Port 0169-Enabled-Warning-for-failed-kernel-modules-per-defaul.patch:
    Subject: Enable warning for failed kernel moduiles
    Enabled Warning for failed kernel modules per default
    and added summary of those to the end of dracut output
    References: bnc#886839
  - Disable inline warnings in favour of summary
- Add 0203-no-fail-builtin-module.patch:
    Don't let inst1mod fail if module is built-in
  - Fixes bsc#935563
- Always install dm-snaphost module if lvm dracut module is needed,
  even if dm-snampshot is not loaded on the host yet (bsc#947518)
  A 0128-90lvm-Install-dm-snapshot-module.patch
- Add patch 0184-fix_lvm_wc_warning.patch:
  - Upstream commit 08eca6 to get rid of missing wc warning
- Fix 0181-no_systemd_cryptsetup.patch:
  - Password input without plymouth didn't work
- Disable 0181-no_systemd_cryptsetup.patch: it breaks existing
  installations of encrypted / on LVM.
- Fix 0182-fix-include-parsing.patch
- Didn't parse arguments with spaces correctly
- Add patch 0183-fix_add_drivers_hang.patch:
  - Fix possible hang in dracut
    caused by add_drivers+="/ "/ in dracut.conf (bsc#923116)
- Add patch 0182-fix-include-parsing.patch:
  - Fix parsing of "/-i"/ and "/--include"/
- Fixes boo#908452
- Add patch 0181-no_systemd_cryptsetup.patch:
  - rd.luks.key is not implemented (properly) if systemd is enabled,
    so ignore systemd in 90crypt
- Fixes boo#915849
- Fix systemd-vconsole-error properly (bsc#943312 and bsc#932981)
  Rewrite 0180-dracut-add-trivial-vconsole-fontmap.patch
  as 0180-i18n_add_correct_fontmaps.patch
- fix systemd-vconsole-error in initrd (bsc#943312)
  Add 0180-dracut-add-trivial-vconsole-fontmap.patch
- Add 0401-mount_option_mountpoint.patch:
    Make it possible to use a mountpoint as --mount parameter
- Add experimental 0400-use_fstab_systemd.patch:
    Add entry for /sysroot in /etc/fstab instead of relying
    on root= and rootflags=
- fix plymouth installation if dpkg package is installed
  - add dracut_dont_use_dpkg_defaults_on_SUSE.patch
- Do not recommend, but require binutils package. bsc#941928
- get_kernel_version is required for /sbin/mkinitrd
- Update to version 043
  Minor change: add missing dmsquash-generator
- Fix dmraid issue bnc#905746
  A    dracut_dmraid_use_udev.patch
- Taken over from SLE12
  A    fips_add_aesni-intel.patch
- Do not touch /run vs /var/run bnc#922676
  D    0106-dracut-Enable-converting-of-directory-var-run-var-lo.patch
- Update dracut to version 042
  Remove these already included or unneeded patches:
  D    dracut_v041_to_HEAD.patch
  D    0011-Correct-paths-for-openSUSE.patch
  D    0068-95fcoe-uefi-Test-for-EFI-firmware.patch
  D    0170-enable-logitech-hidpp.patch
- Fix nfs mount if IPv4 is used in fstab instead of hostname
  A fix_nfs_with_ip_instead_of_hostname.patch
  M    0015-40network-replace-dhclient-with-wickedd-dhcp-supplic.patch
  M    0016-Add-new-s390x-specific-rule-files.patch
  M    0017-45ifcfg-use-distro-specific-scripts.patch
  M    0019-40network-Fix-race-condition-when-wait-for-networks.patch
  M    0020-00warpclock-Set-correct-timezone.patch
  M    0021-95dcssblk-Add-new-module-for-DCSS-block-devices.patch
  M    0048-40network-Only-enable-network-interfaces-if-explicit.patch
  M    0053-01fips-fixup-loading-issues.patch
  M    0056-81cio_ignore-handle-cio_ignore-commandline.patch
  M    0057-01fips-Include-some-more-hmacs.patch
  M    0058-dracut-add-warning-when-including-unsupported-module.patch
  M    0059-99suse-Add-SUSE-specific-initrd-parsing.patch
  M    0060-45ifcfg-Add-SUSE-specific-write-ifcfg-file.patch
  M    0061-45ifcfg-Fixup-error-message-in-write-ifcfg-suse.patch
  M    0075-95dasd_rules-enable-parsing-of-rd.dasd-commandline-p.patch
  M    0076-Correctly-set-cio_ignore-for-dynamic-s390-rules.patch
  M    0079-95dasd_rules-fixup-rd.dasd-parsing.patch
  M    0080-95dasd_rules-print-out-rd.dasd-commandline.patch
  M    0081-95dasd_mod-do-not-set-module-parameters-if-dasd_cio_.patch
  M    0083-95zfcp_rules-Fixup-rd.zfcp-parsing.patch
  M    0085-95zfcp_rules-print-out-rd.zfcp-commandline-parameter.patch
  M    0086-95zfcp_rules-Auto-generate-udev-rule-for-ipl-device.patch
  M    0087-95dasd_rules-Auto-generate-udev-rule-for-ipl-device.patch
  M    0088-91zipl-Add-new-module-to-update-s390x-configuration.patch
  M    0090-dracut-caps-Remove-whole-caps-module.patch
  M    0091-dracut-biosdevname-In-SUSE-biosdevname-package-is-in.patch
  M    0094-Implement-shortcut-ip-ifname-static-for-static-confi.patch
  M    0106-dracut-Enable-converting-of-directory-var-run-var-lo.patch
  M    0107-Fixup-typo-firmare-instead-of-firmware.patch
  M    0108-91zipl-Store-commandline-correctly.patch
  M    0109-95dasd_rules-Store-all-devices-in-commandline.patch
  M    0110-95zfcp_rules-Store-all-devices-in-commandline.patch
  M    0113-91zipl-Install-script-as-executable.patch
  M    0114-91zipl-Translate-ext2-3-into-ext4.patch
  M    0116-Mark-scripts-as-executable.patch
  M    0117-95dasd_rules-Enable-the-device-before-checking-devic.patch
  M    0118-95zfcp_rules-Enable-the-device-before-checking-devic.patch
  M    0119-Reset-IFS-variable.patch
  M    0121-Adjust-initramfs-kernel.img-to-SUSE-default-initrd-k.patch
  M    0122-Get_kernel_version_from_gz_file_for_arm.patch
  M    0123-95zfcp_rules-fix-typo-in-module_setup.patch
  M    0124-40network-Update-iBFT-scanning-code-to-handle-IPv6.patch
  M    0125-40network-separate-mask-and-prefix.patch
  M    0126-01fips-Add-drbg-module-to-force-loaded-modules.patch
  M    0130-nfs-Always-add-all-kernel-modules-for-kdump.patch
  M    0131-40network-handle-prefixed-IP-addresses-correctly.patch
  M    0132-40network-fixup-static-network-configuration.patch
  M    0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
  M    0142-40network-Don-t-report-error-for-etc-sysconfig-netwo.patch
  M    0144-90crypt-Fixed-crypttab_contains-to-also-work-with-de.patch
  M    0150-Find-kernel-modules-in-extra-and-weak-updates-path-a.patch
  M    0157-Add-boot-zipl-to-host-devs-if-it-is-a-mount-point.patch
  M    0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe..patch
  M    0159-network-Try-to-load-xennet.patch
  M    0163-Install-etc-sysconfig-console-to-see-specific-fonts.patch
  M    0164-Fix-initramfs-ver.img-vs-initrd-ver-in-dracut-initra.patch
  M    0165-Order-root-fsck-after-pre-mount.patch
  M    0168-remove_plymouth_logo_file.patch
  M    dracut_fix_multipath_without_config.patch
- Fix mkinitrd (get_kernel_version) for arm* arch by getting kernel version
  from vmlinux.*.gz file instead of [uz]Image file.
  Taken over from mkinitrd bnc#908454
  * Add patch 0122-Get_kernel_version_from_gz_file_for_arm.patch
- Fix nfs ip= setup in case of IP instead of host in root= name (bsc#931307)
- Honor allow_unsupported_modules setting
  From: Borislav Petkov <>
  $ make install
  of a locally built kernel, you don't want dracut to do --check-supported
  for supported modules when you have "/allow_unsupported_modules 1"/ in
  Teach /sbin/installkernel to pay attention to that setting.
  Use modprobe --showconfig too, which is going to be the proper way to do
  it starting with 12SP1.
- Add fix for multipath systems without multipathd.conf
  bsc#927719: Tumbleweed Snapshot blocked: no multipath support in 20150416+    (likely dracut issue)
  bsc#930019: multipath is broken in dracut due to missing /etc/multipath.conf
  file (systemd multpath.service condition)
  * Added patch: dracut_fix_multipath_without_config.patch
- Update to dracut mainline version 041.
  Half of the patches got integrated mainline.
  Some others have been merged together when it made sense some have
  been left out, but are still in the repository as they need some special
  treating and mainline discussion whether/how they get added. These are
  also not urgently needed, but are debugging patches.
  I broke the rule here to mention every added/deleted/modified patch as
  every patch is touched and every 2nd  got removed (mainline integrated).
  I also re-ordered the patches in the PatchXY: area for easier merging them
  and get them discussed and posted mainline easier, topic by topic.
- Patches merged in the git tracking repository:
  A patch (dracut_v041_to_HEAD.patch) is being added without being properly referenced from the changelog.
- Added dracut_v041_to_HEAD.patch: new patch from v041 against our git
- Add patch to load logitech-hidpp module in default initrd, fixes
  issues with not being able to enter LUKS password with logitech
  wireless keyboards (boo#918938)
  + Added: 0170-enable-logitech-hidpp.patch
- dracut-fix-systemd-vconsole.patch: patch from upstream to start
  the vconsole for new systemd.
  + Added 0169-fix-systemd-vconsole.patch
- Add patch to remove PLYMOUTH_LOGO_FILE from
  modules.d/50plymouth/ (bnc#910952)
  + 0168-remove_plymouth_logo_file.patch
- Do no longer package 02caps: patch 90 takes care of removing it.
- regenerate the initrds on updating this package (or the -fips
- Apply patch for systemd-journald SIGTERMing on boot bnc#915575
  * 0167-do-not-symlink-var-log-to-run-log.patch
- add 0166-load-xhci-pci.patch
  load xhci-pci on Linux-3.18+ to allow USB-keyboard to give LUKS PW
- 0001-kernel-modules-Fix-storage-module-selection-for-sdhc.patch: fix
  storage module selection for sdhci/mmc/ahci
- add 0165-Order-root-fsck-after-pre-mount.patch
  ensure root fsck runs after dracut-pre-mount.service which calls
  resume (bnc#906592)
- dracut-initrd-restore.patch: dracut-shutdown.service invokes
  dracut-initramfs-restore script which will never work in
  openSUSE because initrd images are named initrd not initramfs.
  Patch is from: Cristian Rodríguez <>
  * Add 0164-Fix-initramfs-ver.img-vs-initrd-ver-in-dracut-initra.patch
- Remove autoreconf call from e2fsprogs.spec (bsc#1183791)
- po-remove-unnecessary-buggy-positional-parameter-spe.patch: po: remove
  unnecessary/buggy positional parameter specifiers (bsc#1170964)
- e2fsck-clarify-overflow-link-count-error-message.patch: e2fsck: clarify
  overflow link count error message (bsc#1160979)
- ext2fs-update-allocation-info-earlier-in-ext2fs_mkdi.patch: ext2fs: update
  allocation info earlier in ext2fs_mkdir() (bsc#1160979)
- ext2fs-implement-dir-entry-creation-in-htree-directo.patch: ext2fs: implement
  dir entry creation in htree directories (bsc#1160979)
- tests-add-test-to-excercise-indexed-directories-with.patch: tests: add test
  to excercise indexed directories with metadata_csum (bsc#1160979)
- tune2fs-update-dir-checksums-when-clearing-dir_index.patch: tune2fs: update
  dir checksums when clearing dir_index feature (bsc#1160979)
- e2fsck-abort-if-there-is-a-corrupted-directory-block.patch: e2fsck: abort if
  there is a corrupted directory block when rehashing (bsc#1160571
- e2fsck-don-t-try-to-rehash-a-deleted-directory.patch: 2fsck: don't try to
  rehash a deleted directory (bsc#1160571 CVE-2019-5188)
- resize2fs-Make-minimum-size-estimates-more-reliable.patch: resize2fs: Make
  minimum size estimates more reliable for mounted fs (bsc#1154295)
- libsupport-add-checks-to-prevent-buffer-overrun-bugs.patch: add checks to
  prevent buffer overrun bugs in quota code (bsc#1152101, CVE-2019-5094)
- libext2fs-call-fsync-2-to-clear-stale-errors-for-a-n.patch: libext2fs: call
  fsync(2) to clear stale errors for a new a unix I/O channel (bsc#1145716)
- e2fsck-check-and-fix-tails-of-all-bitmaps.patch: e2fsck: check and fix tails
  of all bitmap blocks (bsc#1128383)
- libext2fs-Fix-fsync-2-detection.patch: libext2fs: Fix fsync(2) detection
- Add references from old package:
  Fix resize2fs-Fix-32-64-bit-overflow-when-multiplying-by-blocks-cl.patch
  in 1.42.12 (bsc#1009532)
  Fix libext2fs-fix-potential-buffer-overflow-in-closefs.patch
  in 1.42.13 (bsc#918346 CVE-2015-1572)
  Fix libext2fs-avoid-buffer-overflow-if-s_first_meta_bg-i.patch
  in 1.42.12 (bsc#915402 CVE-2015-0247)
  Got specfile fix through Factory (bsc#960273)
  Fix libext2fs-don-t-ignore-fsync-errors.patch in 1.43.4 (bsc#1038194)
- libext2fs-fix-build-failure-in-swapfs.c-on-big-endia.patch:
  libext2fs: fix build failure in swapfs.c on big-endian systems (bsc#1077420)
- Update to 1.43.8
  * add forgotten byteswap of some new superblock fields
  * fix use-after-free in e2fsck for corrupted root inode
  * fix floating point exception due to corrupted superblock in e2fsck
  * fix resize2fs's free block sanity checks
  * updated translations
- Added %license tag to specfile
- Update to 1.43.7
  * debugfs, tune2fs, fuse2fs fixes of error handling in journal replay
  * e2fsck and debugfs fixes so that malicious filesystems do not cause
  buffer overflows
  * fix corner cases in offline resizing in resize2fs
  * updated translations
- ignore errors for install-info calls in post scripts,
  otherwise installing with "/--excludedocs"/ fails
- Update to 1.43.6
  * fix printing of quota inconsistency messages
  * fix out of bounds checks in e2fsck
  * optimize e2fsck CPU usage for large sparse files
  * increase inode size to 256 bytes if features require it
  * various UI fixes
  * updated translations
- Add missing coreutils dependency for initrd macros (bsc#1055492).
- Update to 1.43.5
  * fix e2fsck infinite loop when rebuilding encrypted directories
  * fix tune2fs support for enabling /disabling project quota
  * fixes in debugfs, dumpe2fs, e2fsck, tune2fs, and resize2fs for maliciously
  corrupted filesystems
  * fix e2fsck to verify invalid quota inode numbers
  * fix byte-swapping of backup superblocks
  * fix e2fsck -E bmap2extent to work for sparse files
  * fix e2fsck to correctly handle quota accounting for multiply claimed blocks
  * lots of other fixes
- Update to 1.43.4
  * fix e2fsck handling of extended attributes for small files
  * fixes in mke2fs -d
  * make mke2fs refuse absurdly large devices
  * make mke2fs properly report IO errors
  * clarify default in mke2fs questions
  * re-add uninit_bg to mke2fs.conf
  * add support for project quota to debugfs
  * improve xattr support in debugfs
  * remove mkfs.ext4dev and fsck.ext4dev
- Remove suse-module-tools dependency as it creates cycle in dependency list
- Update download URL to poing to which is more reliable
- Update to 1.43.3
  * mke2fs will use larger journal for large filesystems by default
  * e2fsck journal replay bugfixes
  * debugfs improvements and fixes
  * fix resize2fs migration of attribute blocks
- fuse2fs manpage is no longer installed when fuse2fs is not built
- fix last change
- Rebuild the initrd if this package changes (and we are not
  building the -mini version)
- Update to 1.43.1
  * Add support for the ext4 metadata checksum, checksum seed, inline data,
    encryption, project quota, and read-only features
  * Support for the very old, experimental, and never-added-to-mainline
    compression feature has been removed
  * Mke2fs will now create file systems with the metadata_csum and 64bit
    features enabled by default
  * The tune2fs program will ask the user for confirmation before starting
    dangerous operations if the terminal is available, and it will replay
    the journal if necessary
  * Add an ext2/3/4 FUSE server
  * The resize2fs command can now convert file systems between 64-bit and
    32-bit mode
  * We now use a new e2undo file format which is much more efficient and
    faster than the old tdb-based scheme. Since it so much faster, e2fsck,
    tune2fs, debugfs, and resize2fs now also can support using creating an
    undo file.
  * Multiple e2fsck fixes
  * Multiple mke2fs improvements
  * Multiple debugfs improvements
- spec: add static library dependencies
- enable static build and package static libraries
- e2fsprogs-1.41.1-splash_support.patch: Drop it, this patch
  depends on the old in kernel "/bootsplash"/ patches that were
  removed after the introduction of plymouth.
- Update to 1.42.13
  * fix potential buffer overflow while closing a filesystem
  * fix deadlock which occurs when using systemd and e2fsck.conf's logging
  * make tune2fs clear journal superblock backup when removing journal
  * fix use after free bugs in resize2fs and e2fsck
  * fix endianity bugs in libext2fs
- Remove e2fsck-fix-free-pointer-dereferences.patch: Merged upstream
- e2fsck-fix-free-pointer-dereferences.patch: Fix use after free (bnc#912229)
- Use %license instead of %doc [bsc#1082318]
- forcefully enable PIE
- Update to 14 plus upstream fixes.  (fate#322108)
- Forward port and refresh SLE patches
  (efibootmgr-derhat.diff, MARM-sanitize-set_mirror.diff
- Drop upstreamed patches
- Build on all archs. There is no reason not to. (boo#1025520)
- Depend on new enough efivar. Build fails otherwise.
- add efibootmgr-fix-usage-of-efi_loadopt_path-again.patch - fix
  efibootmgr -v with new efivar (boo#993458)
- Add support for Memory Address Range Mirroring.
  [fate#320999, bsc#987599]
  (add MARM-add-m-and-M-options.diff,
- Add efibootmgr-fix-efivar-0.24.patch fix the compilation errors
  caused by the efivar update
- Properly latch long to short option for delete.  [bsc#945705]
- Refresh for SLE12.  [bsc#929677]
  (efibootmgr-gcc-Wall.diff, efibootmgr-delete-multiple.diff)
- Update to 0.12
  * This release is mostly a maintenance release that uses
    libefivar's new library API for creating device paths and load
  * Also DHCPv4 network boot entries are now something you can
    create without knowing an awful lot about ACPI.
- Refresh patches
  efibootmgr-0.11.0-derhat.diff as efibootmgr-derhat.diff
  efibootmgr-0.11.0-check-boot-order.diff as
- Update project and download url
- Allow disk/partition as selector for delete as well.  [bsc#870211]
- Remove version number from patches.
  (add efibootmgr-derhat.diff, efibootmgr-fail-visibly.diff,
  efibootmgr-gcc-Wall.diff, efibootmgr-set_boot_order.diff,
  drop efibootmgr-0.6.0-check-boot-order.diff,
  efibootmgr-0.6.0-delete-by-uuid.diff, efibootmgr-0.6.0-derhat.diff,
  efibootmgr-0.6.0-fail-visibly.diff, efibootmgr-0.6.0-gcc-Wall.diff,
  Note: this entry reflects obsoleted, SLE-only changes!
- Introduce partition UUID as selector for delete.  [bsc#870211]
- Enable i586 build
- efibootmgr-0.6.0-check-boot-order.diff, efibootmgr-0.6.0-derhat.diff:
  pass source validator check
- switch homepage to
- Update version number to 0.11.0
- Rebase patches
- Drop efibootmgr-0.6.0-set_boot_order.diff since the data size of
  the variable is handled properly now
- Drop efibootmgr-0.6.0-fail-visibly.diff since err() and warn()
  are introduced to show more meaningful messages
- Drop upstreamed patch
- Enable for aarch64 (fate#318444)
- Add efibootmgr-0.6.0-check-boot-order.diff to delete BootOrder
  if there is no more boot option. [bnc#883545]
- Update version number to 0.6.0,
- Integrate SLE11 patches.  [bnc#830784]
- Fix gcc warnings.
- Make default '--loader' build-time configurable.
- Don't let '--write-signature' overwrite unique signatures.
- Drop obsolete patches
- Print EFI status for failed '--create' as well.  [bnc#811767]
- Fix '--bootorder' handling.  [bnc#810899]
- Print EFI status in case of failure.  [bnc#811767]
- Apply critical upstream fixes
  o for memory leaking variable creation.  [bnc#746324]
  o to improve spec conformance by removing device path padding.
  o to work around broken Apple firmware.
- Allow hard disk sector sizes not equal to 512.  [bnc#711830]
- Add zlib-devel to BuildRequires
- Remove redundant/obsolete tags/sections from specfile
  (cf. packaging guidelines)
- Add efivar-bsc1187386-fix-emmc-parsing.patch to fix the eMMC
  sysfs parsing (bsc#1187386)
- Add efivar-bsc1181967-fix-nvme-parsing.patch to fix the NVME
  path parsing (bsc#1181967)
- Add efivar-bsc1175989-handle-NULL-set-variable.patch to fix
  segfault on non-EFI systems (bsc#1175989)
- Delete unused file: reproducible.patch
- Add efivar-bsc1127544-fix-ucs2len.patch to fix logic that checks
  for UCS-2 string termination (boo#1127544)
- Add efivar-fix-efidp_ipv4_addr-fields-assignment.patch to fix the
  casting of IPv4 address.
- Update to 37
  + Improve ACPI device path formatting
  + Add support for SOC devices that use FDT as their PCI root node
  + Make devices we can't parse the "/device"/ sysfs link for use
  + Handle SCSI port numbers better
  + Don't require an EUI for NVMe (boo#1100077)
  + Fix the accidental requirement on ACPI UID nodes existing
  + Add support for EMMC devices
  + Add support for PCI root nodes without a device link in sysfs
  + Add support for partitioned MD devices
  + Fix partition number detection when the number isn't provided
  + Add support for ACPI Generic Container and Embedded Controller
    root nodes (boo#1101023)
  + Add limited support for SAS/SATA port expanders
- Add upstream patches to fix boo#1120862
  + efivar-make-format_guid-handle-misaligned-guid-pointer.patch
  + efivar-Fix-all-the-places-Werror-address-of-packed-member-c.patch
- Drop upstreamed reproducible.patch
- Refresh libefiboot-export-disk_get_partition_info.patch
- Use %license for COPYING
- Add reproducible.patch to initialize memory (boo#1061219)
- Downgrade to 35 (fate#326702)
  + 36 rewrote the linux interface parsers and caused several
    problems in efibootmgr. Downgrade the version before the change
    to avoid the failure of boot variable creation
    (boo#1100077, boo#1101023)
- Refresh libefiboot-export-disk_get_partition_info.patch
- Update to version 36
- adjust libefiboot-export-disk_get_partition_info.patch to fit
  new version
- RPM group fix
- libefiboot-export-disk_get_partition_info.patch:
  (bsc#870211, bsc#945705)
- Update to 31  (fate#322108)
- Drop upstreamed patches
  + efivar-no-static.patch
  + deprecated-readdir_r.patch
  + efivar-use-sysmacros.patch
- Add efivar-use-sysmacros.patch to fix the Factory/Tumbleweed
  build correctly.
- Amend the spec file to specify the gcc version for SLE11SP4
- Fix building for SLE11SP4, SLE12SP2, and Tumbleweed
  (fate#322108, bnc#1012765)
- Drop obsolete patch
- Update to 0.24
- Drop upstreamed patches
  + efivar-0.21-gcc6.diff
  + efivar-nvme-rename.patch
  + efivar-nvme-no-kernel-header.patch
  + efivar-relicensing.patch
  + efivar-bsc988000-fix-mode-efi_set_variable.patch
- deprecated-readdir_r.patch: Remove use of deprecated readdir_r
- Add efivar-bsc988000-fix-mode-efi_set_variable.patch and
  efivar-bsc988000-remove-versioning-efi_set_variable.patch to set
  the default file mode rather than fetching a value randomly
- Add efivar-relicensing.patch to update the license in some files
- Add the missing COPYING
- Update to 0.23 for fwupdate (FATE#319345)
- Add efivar-nvme-rename.patch and efivar-nvme-no-kernel-header.patch
  to work around the missing kernel header.
- Add efivar-no-static.patch to remove efivar-static since it
  causes build failure and we don't really need it.
- Remove efivar-fix-initializer.patch since it's already in 0.23.
- Remove _smp_mflags since the Makefile doesn't work well with
  the flag.
- Add efivar-0.21-gcc6.diff to fix strict-aliasing issue.
- Build with -Wno-nonnull as efivar tests nonnull args for zero
  and that breaks with its use of -Werror.
- Update the source link
- Update to 0.21
- Add efivar-fix-initializer.patch to initialize ifreq properly
- Drop patches
  + efivar-fix-vars_del_variable.patch: upstreamed
  + efivar-revert-linker-order.patch: not necessary
- Add efivar-fix-vars_del_variable.patch to fix the deletion of
  the variable with the old efivar kernel modules
- Add efivar-revert-linker-order.patch to adjust the linker order
  which caused the compilation error in pesign
- Use default CFLAGS
- Update to 0.20
  * Make sure tester is build with the right link order for
  * Adjust linker order for pkg-config
  * Work around LocateDevicePath() not grokking PcieRoot() devices
  * Rectify some missing changelog entries
- Changes for 0.19
  * Lots of debugging in this release, as well as some of the
    documentation that's planned. There's more of that to come.
- Changes for 0.18
  * This release is mostly about adding the efidp and libefiboot
    APIs available.Next release will feature documentation for
    them, verification that various different device path types
    work, etc. Right now efi device path generation is basically
    limited to:
    + full file paths on sata devices
    + full file paths on sas devices
    + HD() paths for SATA and SAS devices
    + ipv4 dhcp device paths that don't specify their own
- Drop upstreamed patche
  * efivar-correct-license-header.patch
- Drop as Makefiles have been restructured, CFLAGS no longer
  defined in them
  * efivar-suse-build.patch
- Use fdupes to reduce amount of duplicate files
- Add efivar-correct-license-header.patch to correct the license of
- Amend the spec file with spec-cleaner
- Update to 0.15
  + Make FSF addresses in COPYING be URLS
  + Fix variables' DataSize field on 32-bit machines.
  + Add some vendor specific guids to our guid list
  + Add efi_id_guid_to_name() and efi_name_to_id_guid(), which
    support {ID GUID} as a concept a la
  + Call "/empty"/ "/zero"/ now, as many other places do. (empty
    references still exist for ABI compatibility)
  + add "/efivar -L"/ to the man page
  + efi_symbol_to_guid()
  + efi_name_to_guid() will fall back on efi_symbol_to_guid()
  + "/efivar -L"/ to list all the guids we know about
  + better namespacing on
    (rename well_known_* -> efi_well_known_*)
- Refresh efivar-suse-build.patch
- CVE-2018-16402: libelf: denial of service/double free on an
  attempt to decompress the same section twice (bnc#1107066)
  Add patch:
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the
  function arlib_add_symbols() used by eu-ranlib (bnc#1112723)
  Add patch:
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
  application crash) via a crafted ELF file (bnc#1033088)
  Add patch:
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group
  Add patch:
- CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067)
  Add patch:
- CVE-2018-16062: heap-buffer-overflow in
  /elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390)
  Add patch:
- CVE-2018-18310: Invalid Address Read problem in
  dwfl_segment_report_module.c (bnc#1111973)
  Add patch:
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether
  the dyn data read from core file is truncated (bnc#1123685)
  Add patch:
- CVE-2019-7665: NT_PLATFORM core file note should be a zero
  terminated string (CVE is a bit misleading, as this is not a bug
  in libelf as described) (bnc#1125007)
  Add patch:
- CVE-2017-7609: memory allocation failure in __libelf_decompress
  Add patch:
- CVE-2018-16402: Double-free crash in nm and readelf (bnc#1107066)
  Add patch:
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
  (readelf.c) (bnc#1033084)
  Add patch:
- CVE-2018-18520: eu-size: Bad handling of ar files inside are
  files (bnc#1112726)
  Add patch:
- CVE-2017-7608: heap-based buffer overflow in
  ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085)
  Add patch:
- CVE-2017-7613: elfutils: denial of service (memory consumption)
  via a crafted ELF file (bnc#1033090)
  Add patch:
- CVE-2017-7612: elfutils: denial of service (heap-based buffer
  over-read and application crash) via a crafted ELF file
  Add patch: elfutils-dont-trust-sh_entsize.patch
- Restore obsolete on libebl.
- Update package descriptions.
- Rename libebl1 to libebl-plugins as these are not linked,
  but dlopened using their unversioned libebl_$ name.
- Have libelf1 require libebl-plugins (libebl.a, which does the
  dlopen call, is staticly built into libelf1). This is necessary
  for pahole to display its results. [boo#1049871]
- ppc-machine-flags.patch: support EM_PPC machine flags
- disable-tests-with-ptrace.patch: disable more tests
- Update Git-Clone URL
- Add 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch
  unconditionally in the spec file. As we can't support binary diff,
  a newly added test-case is removed from the patch.
- Add 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch:
  fix .gnu.attributes checking on ppc64{,le}.
- Add missing ldconfig calls for libasm1
- make tests pass when user does not want debuginfo (boo#1031556)
- Update to version 0.168:
  libelf: gelf_newehdr and gelf_newehdr now return void *.
  libdw: dwarf.h corrected the DW_LANG_PLI constant name (was DW_LANG_PL1).
  readelf: Add optional --symbols[=SECTION] argument to select section name.
- Includes changes from 0001-Add-GCC7-Wimplicit-fallthrough-support-fixes.patch
  and 0001-ar-Fix-GCC7-Wformat-length-issues.patch.
- Remove elfutils-0.137-dwarf-header-check-fix.diff which is no longer
  required after a debugedit fix.
- Add 0001-Add-GCC7-Wimplicit-fallthrough-support-fixes.patch: fix
  new warning introduced in GCC 7.
- Add 0001-ar-Fix-GCC7-Wformat-length-issues.patch: fix -Wformat-length
  warning introduced in GCC 7.
- Update to version 0.167:
  libasm: Add eBPF disassembler for EM_BPF files.
  backends: Add m68k and BPF backends.
  ld: Removed.
  dwelf: Add ELF/DWARF string table creation functions. dwelf_strtab_init,
    dwelf_strtab_add, dwelf_strtab_add_len, dwelf_strtab_finalize,
    dwelf_strent_off, dwelf_strent_str and dwelf_strtab_free.
  Support compressed sections from binutils 2.27.
- Remove patch elfutils-0.166-elfcmp-comp-gcc6.patch: included upstream.
- disable-tests-with-ptrace.patch: disable tests that use ptrace when
  running under qemu-linux-user
- Update to version 0.166:
  + config: The default program prefix for the installed tools is now
  eu-. Use configure --program-prefix="/"/ to not use a program
  + Various bugfixes.
- Drop elfutils-0.164-dt-ppc-opt.patch and
  elfutils-0.164-gcc6.patch (merged upstream)
- Add patch elfutils-0.166-elfcmp-comp-gcc6.patch: fix
  self-comparison error with GCC 6.
- Changes from 0.165:
  + Add eu-elfcompress
  + Add pkg-config files for libelf and libdw.
-  add elfutils-0.164-gcc6.patch
- rename dt-ppc-opt.patch as elfutils-0.164-dt-ppc-opt.patch
  and add reference to upstream commit id
- dt-ppc-opt.patch: add support for DT_PPC_OPT
- Update to version 0.164
  Drop the following patches, fixed upstream:
  * elfutils-portability-0.163.patch
  * elfutils-revert-portability-scanf.patch
  * elfutils-uninitialized.diff
  * libebl-prototype-fix.diff
  - strip, unstrip:
  * Handle ELF files with merged strtab/shstrtab tables.
  * Handle missing SHF_INFO_LINK section flags.
  - libelf:
  * Use int64_t for offsets in libelf.h instead of loff_t.
  - libdw:
  * dwarf.h Add preliminary DWARF5 DW_LANG_Haskell.
  - libdwfl:
  * dwfl_standard_find_debuginfo now searches any subdir of the binary
    path under the debuginfo root when the separate debug file couldn't
    be found by build-id.
  * dwfl_linux_proc_attach can now be called before any Dwfl_Modules
    have been reported.
- Implement %check
- Update to version 0.163
  Drop patch elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
  Drop patch elfutils-0.148-dont-crash.diff (fixed by 9ceebe69)
  Drop patch elfutils-portability-0.161.patch
  Add patch elfutils-portability-0.163.patch
  - Bug fixes only, no new features.
  - libdw: Install new header elfutils/known-dwarf.h.
    dwarf.h Add preliminary DWARF5 constants DW_TAG_atomic_type,
    DW_LANG_Fortran03, DW_LANG_Fortran08. dwarf_peel_type now also
    handles DW_TAG_atomic_type.
  - addr2line: Input addresses are now always interpreted as hexadecimal
    numbers, never as octal or decimal numbers.
    New option -a, --addresses to print address before each entry.
    New option -C, --demangle to show demangled symbols.
    New option --pretty-print to print all information on one line.
  - ar: CVE-2014-9447 Directory traversal vulnerability in ar extraction.
  - backends: x32 support.
- Make ebl modversion predictable to allow build-compare (bnc#916043)
- CVE-2014-9447: elfutils: Directory traversal vulnerability (bnc#911662)
  Add patch: elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
- Update to version 0.161
  + libdw: New function dwarf_peel_type. dwarf_aggregate_size now uses
    dwarf_peel_type to also provide the sizes of qualified types.
    dwarf_getmacros will now serve either of .debug_macro and
    .debug_macinfo transparently.  New interfaces
    dwarf_getmacros_off, dwarf_macro_getsrcfiles,
    dwarf_macro_getparamcnt, and dwarf_macro_param are available
    for more generalized inspection of macros and their parameters.
    dwarf.h: Add DW_AT_GNU_deleted, DW_AT_noreturn, DW_LANG_C11,
    DW_LANG_C_plus_plus_11 and DW_LANG_C_plus_plus_14.
- Remove merged patches
  + elfutils-robustify.patch
  + elfutils-no-po-test-build.diff
  + elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
- Refreshed patch (from Fedora sources)
  + elfutils-portability.patch > elfutils-portability-0.161.patch
- Add a lang subpackage
- Update homepage URL and improve RPM group classification
- backport post-5.9 fixes (bsc#1178633)
  * netlink-fix-use-after-free-in-netlink_run_handler.patch
  * netlink-fix-leaked-instances-of-struct-nl_socket.patch
  * netlink-do-not-send-messages-and-process-replies-in-.patch
  * ethtool-Improve-compatibility-between-netlink-and-io.patch
- upgrade to upstream version 5.9 (jsc#SLE-15156, bsc#1178633)
- ethtool.spec:
  * minor cleanups from Factory package
  * drop compiler warnings suppression which is no longer needed
  * replace "/-W"/ compiler option with preferred form "/-Wextra"/
- ethtool.keyring: add new upstream maintainer's key
- upgrade to upstream version 5.3 (jsc#SLE-7328)
  * drop mainline backports contained in v5.3
  * provide bash completion
- minor specfile cleanup
- add support for FEC parameters (fate#326122 bsc#1105557):
- add support for RSS contexts (fate#326122 bsc#1105557):
- fix stack clash for PHY tunables (bsc#1092037):
- sync UAPI header copies with SLE15 kernel:
- add warning that changes should be submitted via git (i.e. not
  directly to IBS) to the specfile
- drop BuildRoot (no longer needed in SLE15)
- drop BuildRequire for xz (no longer needed in SLE15)
- use %license rather than %doc for license file (bsc#1082318)
- add backported post-4.13 upstream fixes (bsc#1088294):
- Update to new upstream release 4.13
  * Feature: add support for HWTSTAMP_FILTER_NTP_ALL
  * Feature: Add DMA Coalescing support
  * Feature: Remove UDP Fragmentation Offload error prints
  * Feature: stmmac: Add DMA HW Feature Register
  * Fix: Do not return error code if no changes were attempted.
  * Fix: Fix formatting of advertise bitmask
  * Fix: fix the rx vs tx mixup in set channel message
- Update to new upstream release 4.11
  * Feature: Support for configurable RSS hash function
  * Feature: support queue and VF fields for rxclass filters
  * Feature: Add support for 2500baseT/5000baseT link modes
  * Fix: Fix SFF 8079 cable technology bit parsing
  * Fix: sync help output for -x/-X with man page
- Update to new upstream release 4.10
  * Fix: Fix the "/advertise"/ parameter logic.
  * Feature: Implement ETHTOOL_PHY_GTUNABLE/ETHTOOL_PHY_STUNABLE and PHY downshift
  * Feature: add register dump support for fjes driver (-d option)
- add keyring with John Linville's key for tarball verification
- Update to new upstream release 4.8
  * Feature: QSFP Plus/QSFP28 Diagnostics Information Support
  * Feature: Enhancing link mode bits to support 25G/50G/100G
  * Feature: add support for 1000BaseX and missing 10G link mode
  * Fixes: address Coverity issues 1363118 - 1363125
- Update to new upstream release 4.6
  * Feature: Support register dump on Intel X550 NICs (-d option)
  * Fix: Correct some reported register offsets on Intel 10GbE NICs
    (-d option)
  * Feature: Add IPv6 support to NFC (-n, -N, -u and -U options)
  * Feature: Add support for ETHTOOL_xLINKSETTINGS ioctls (no
    option and -s option)
  * Feature: Use netlink socket when AF_INET not available
- Update to new upstream release 4.5
  * Fix: Heap corruption when dumping registers from a file
    (-d option)
  * Fix: Stricter input validation for EEPROM setting (-E option)
  * Feature: Add PHY statistics support (--phy-statistics option)
  * Feature: Support setting default Rx flow indirection table
    (-X option)
  * Doc: Properly indent sub-options in man page
  * address build issues (mostly compiler warnings)
- Update to new upstream release 4.2
  * Feature: Support soldered-on modules in module EEPROM dump
    (-m option)
  * Feature: Add register dump support for VMware vmxnet3
    (-d option)
  * Feature: Update register dump support for IBM EMAC (-d option)
    (requires Linux 4.3 or a future stable update to 4.1 or 4.2)
  * Doc: Fix typo in man page
- Update to new upstream release 4.0
  * Fix: Formatting of RX flow hash indirection table when size not
    divisible by 8 (-x option)
  * Fix: Add missing Advertised speeds (no option and -s option)
  * Feature: Add support to get expansion ROM version (-i option)
  * Feature: Include SFP serial number and date in EEPROM dump
    (-m option)
- Update to new upstream release 3.18
  * Fix: Lookup of SFP Tx bias in SFF-8472 module diagnostics
  (-m option)
- Drop usrmerge compat symlinks
- Update to new upstream release 3.16
  * Support for configurable RSS hash key (-x/-X options)
  * Add register dump support for Altera Triple Speed Ethernet
  (-d option)
  * Report Backplane as a supported port
- Remove unused call to %gpg_verify (the macro expands to nothing);
  source validation handled by osc.
- Security fix (CVE-2019-15903, bsc#1149429)
  * Crafted XML input results in heap-based buffer over-read by fooling
    the parser into changing from DTD parsing to document parsing
  * Added patches:
  - expat-CVE-2019-15903.patch
  - expat-CVE-2019-15903-tests.patch
- Security fix (CVE-2018-20843, bsc#1139937)
  * Large number of colons in input makes parser consume high
    amount of resources
  * Added expat-CVE-2018-20843.patch
- Expand description of expat-devel.
- Do not generate manpages from docbook
- Temporarily disable profiling due to bug in build system
- Version update to 2.2.5 Tue October 31 2017
  * Bug fixes:
  - If the parser runs out of memory, make sure its internal
    state reflects the memory it actually has, not the memory
    it wanted to have.
  - The default handler wasn't being called when it should for
    a SYSTEM or PUBLIC doctype if an entity declaration handler
    was registered.
  - Fix a case of mistakenly reported parsing success where
    XML_StopParser was called from an element handler
  - Function XML_ErrorString was returning NULL rather than
    a message for code XML_ERROR_INVALID_ARGUMENT
    introduced with release 2.2.1
  * Other changes:
  - Add argument -N adding notation declarations
  - various compiler-specific fixes
  - Improve docbook2x-man detection
- drop expat-docbook.patch
  * fixed in 0f5186c7b8e503c669e332d944712de010b265f3
- switch to github for release tarballs and website
- Version update to 2.2.4 Sat August 19 2017
  * Bug fixes:
    [#115]  Fix copying of partial characters for UTF-8 input
  * Other changes:
    [#109]  Fix "/make check"/ for non-x86 architectures that default
    to unsigned type char (-128..127 rather than 0..255)
    [#109] Cover -funsigned-char
    Autotools: Introduce --without-xmlwf argument
    [#65]  Autotools: Replace handwritten Makefile with GNU Automake
    [#43]  CMake: Auto-detect high quality entropy extractors, add new
    option USE_libbsd=ON to use arc4random_buf of libbsd
    [#74]  CMake: Add -fno-strict-aliasing only where supported
    [#114]  CMake: Always honor manually set BUILD_* options
    [#114]  CMake: Compile man page if docbook2x-man is available, only
    [#117]  Include file tests/xmltest.log.expected in source tarball
    (required for "/make run-xmltest"/)
    [#111]  Fix some typos in documentation
    Version info bumped from 7:5:6 to 7:6:6
- Release 2.2.3 Wed August 2 2017
  * Bug fixes:
    [#85]  Fix a dangling pointer issue related to realloc
  * Other changes:
    [#91]  Linux: Allow getrandom to fail if nonblocking pool has not
    yet been initialized and read /dev/urandom then, instead.
    This is in line with what recent Python does.
    [#86]  Check that a UTF-16 encoding in an XML declaration has the
    right endianness
  [#4] #5 #7  Recover correctly when some reallocations fail
    Repair "/./configure && make"/ for systems without any
    provider of high quality entropy
    and try reading /dev/urandom on those
    Ensure that user-defined character encodings have converter
    functions when they are needed
    Fix mis-leading description of argument -c in xmlwf.1
    Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
    for CloudABI
    [#100]  Fix use of SIPHASH_MAIN in siphash.h
    [#23]  Test suite: Fix memory leaks
    Version info bumped from 7:4:6 to 7:5:6
- Release 2.2.2 Wed July 12 2017
  * Security fixes:
    [#43]  Protect against compilation without any source of high
    quality entropy enabled, e.g. with CMake build system;
  * [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
    resulted in NULL dereference, previously;
  * Bug fixes:
    [#69]  Fix improper use of unsigned long long integer literals
  * Other changes:
    [#73]  Start requiring a C99 compiler
    [#49]  Fix "/=="/ Bashism in configure script
    [#58]  Address compile warnings
    [#68]  Fix "/./ && ./configure"/ for some versions
    of Dash for /bin/sh
    [#72]  CMake: Ease use of Expat in context of a parent project
    with multiple CMakeLists.txt files
    [#72]  CMake: Resolve mistaken executable permissions
    [#76]  Address compile warning with -DNDEBUG (not recommended!)
    [#77]  Address compile warning about macro redefinition
  * Added patch expat-docbook.patch to compile the man pages with
  * Cleaned spec file with spec-cleaner
- Allow building when do_profiling is undefined
- Build with profiling when possible
- Version update to 2.2.1 Sat June 17 2017
  - Security fixes:
    CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
    Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
  - [MOX-002]      CVE-2016-9063 / bsc#1047240 -- Detect integer overflow;
    (Fixed version of existing downstream patches!)
  - ( #539  Fix regression from fix to CVE-2016-0718 cutting off
    longer tag names;
    [#25]  More integer overflow detection (function poolGrow);
  - [MOX-002]      Detect overflow from len=INT_MAX call to XML_Parse;
  - [MOX-005] #30  Use high quality entropy for hash initialization:
  * arc4random_buf on BSD, systems with libbsd
    (when configured with --with-libbsd), CloudABI
  * RtlGenRandom on Windows XP / Server 2003 and later
  * getrandom on Linux 3.17+
    In a way, that's still part of CVE-2016-5300.
  - [MOX-005] For the low quality entropy extraction fallback code,
    the parser instance address can no longer leak,
  - [MOX-003] Prevent use of uninitialised variable; commit
  - [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
    Add missing parameter validation to public API functions
    and dedicated error code XML_ERROR_INVALID_ARGUMENT:
  - [MOX-006] * NULL checks; commits
  * Negative length (XML_Parse); commit
  - [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
  - [MOX-001] #35  Change hash algorithm to William Ahern's version of SipHash
    to go further with fixing CVE-2012-0876.
  - Bug fixes:
    [#32] Fix sharing of hash salt across parsers;
    relevant where XML_ExternalEntityParserCreate is called
    prior to XML_Parse, in particular (e.g. FBReader)
    [#28] xmlwf: Auto-disable use of memory-mapping (and parsing
    as a single chunk) for files larger than ~1 GB (2^30 bytes)
    rather than failing with error "/out of memory"/
    [#3]  Fix double free after malloc failure in DTD code; commit
    [#17] Fix memory leak on parser error for unbound XML attribute
    prefix with new namespaces defined in the same tag;
    found by Google's OSS-Fuzz; commits
    xmlwf on Windows: Add missing calls to CloseHandle
  - New features:
    [#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1
    for runtime debugging of entropy extraction
    Bump version info from 7:2:6 to 7:3:6
- Remove pointless --with-pic (for static only)
- Version update to 2.2.0:
  * Fixes bnc#983215 CVE-2012-6702
  * Fixes bnc#983216 CVE-2016-5300
  * Various cmake and autotools script updates
  * Fix detection of utf8 character boundaries
- Remove all patches merged upstream:
  * expat-2.1.1-avoid_relying_on_undef_behaviour.patch
  * expat-2.1.1-parser_crashes_on_malformed_input.patch
  * expat-alloc-size.patch
  * expat-visibility.patch
- add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid
  relying on undefined behavior in the original CVE-2015-1283 fix
  [bnc#980391], [bnc#983985], [CVE-2016-4472]
- add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix
  Expat XML parser that mishandles certain kinds of malformed input
  documents [bnc#979441], [CVE-2016-0718]
- use spec-cleaner to clean specfile
- After simplification of expat-visibility.patch, it became
  uneffective as no symbols are getting hidden. add
  - fvisibility=hidden to CFLAGS again.
- expat-alloc-size.patch: fix braino, realloc()-like functions
  should not take __attribute__(malloc)
- Update to version 2.1.1
  * Fixes CVE-2015-1283 — Multiple integer overflows in the
    XML_GetBuffer function
  * Fix potential null pointer dereference
  * Symbol XML_SetHashSalt was not exported
  * Output of xmlwf -h was incomplete
  * Document behavior of calling XML_SetHashSalt with salt 0
  * Minor improvements to man page xmlwf(1)
- Simplify expat-visibility.patch, refresh expat-alloc-size.patch
- Drop config-guess-sub-update.patch, fixed upstream.
- Cleanup spec file with spec-cleaner
- Remove old ppc obsoletes/provides
- bsc#1183904, expect-errorfd.patch:
  errorfd file descriptors should be closed when forking
- fix previous change regarding PIE linking. Passing SHLIB_CFLAGS="/-shared"/
  causes /usr/bin/expect to become a shared library that SEGFAULTs upon
  execution. Instead use SHLIB_LD to pass -shared only to shared library
- pass explicit -pie flag to CFLAGS and hack `make` invocation so that
  /usr/bin/expect actually becomes a PIE binary. This is especially awkard
  since the expect build system implicitly passes -fPIC which breaks our
  gcc-PIE package, but does not pass -pie while linking the executable.
  Shared libraries are also not linked with -shared so we need to explicitly
  pass this, too, to avoid build breakage (bsc#1184122).
- Add an unversioned symlink to make linking easier for
  applications that use libexpect without Tcl (boo#1172681).
- New version 5.45.4:
  * Fix two bugs in EOF handling.
- New version 5.45.3:
  * expect.c: On finding a full buffer during matching the sliding
    window mechanism slides too far, truncating the whole buffer and
    preventing matches across the boundary. Fix is shortening the
    slide distance (slide only one 1/3).
  * expect.c: Replaced a cc==0 check with proper Tcl_Eof() check.
- Includes changes from 5.45.2:
  * configure: Extended Tcl header detection for OS X Mountain Lion.
  * expect.c: Replaced memcpy with memmove to properly handle
    overlapping memory.
- Includes changes from 5.45.1:
  * exp_chan.c: Fix a problem when talking a tty where the writer
    dies. Some operating systems report the condition as EIO with
    nothing read, while this actually an EOF. Previously, returned
    data was incomplete due to the error causing data in buffers to
    be dropped.
  * exp_chan.c: Fix a problem with the iteration over the expect
    channel list where the loop code may modify the list, breaking
    the iterator.
  * Fixes for exp_chan.c and exp_command.h
  * expect.c: Convert #bytes information to #chars to prevent later
    code to fail when copying strings around and miscalculating how
    much to copy, for strings containing non-ASCII utf chars.
  * exp_inter.c: Hack access to TCL_REG_BOSONLY when not present,
    became private with Tcl 8.5 and higher.
  * expect.h: Remove the local fiddling with the memory allocation
    and panic macros.
  * example/unbuffer: Prevent unbuffer from swallowing exit code of
    the command it ran (regular mode only, not -p)
  * Various deduplications and cleanups
- cleanup with spec-cleaner
- use %make_install macro
- Don't ship the 'weather' example anymore (fate#318342).
- Added url as source.
  Please see
- Update config.guess/sub for aarch64
- Remove execute permission from logfiles
- We cannot update from fdupes 1.51 to 1.6.1. That "/downgrade"/
  works okay'ish for Tumbleweed because we can replace the old
  package with the new one, but in SLE this is not possible. We
  asked upstream to please release a "/2.0"/ version to remedy these
  issues (,
  but he does not respond. Therefore, we'll call this version 1.61,
  ignoring upstreams change in the versioning scheme.
- Upstream has changed their versioning scheme after version 1.51.
  Unfortunately, the new version 1.6.x won't be recognized as
  "/newer"/ by zypper. This commit adds appropriate "/provides"/ and
  "/obsoletes"/ attributes to the spec file to remedy that issue.
- Drop 50_bts284274_hardlinkreplace.dpatch. The --linkhard option
  added by this patch has an implementation bug that can cause data
  has more details.
- Update to version 1.6.1. The following patches have been applied
  upstream and were dropped:
  * 0001-restore-pristine-code.patch
  * 0002-Added-to-escape-minus-signs-in-manpage-lintian-warni.patch
  * 0003-Fix-a-typo-in-a-manpage-bts353789.patch
  * 0005-add-summarize-to-manpage-bts481809.patch
  * 0006-add-nohidden-support-bts511702.patch
  * 0007-Disambiguate-the-options-recurse-and-recurse-bts5371.patch
  * 0008-speedup-the-file-compare.patch
  * 0009-glibc-endianness-check-in-md5.patch
  * 0010-add-permissions-mode.patch
  * 0011-add-an-option-to-sort-duplicate-files-by-name.patch
- 50_bts284274_hardlinkreplace.dpatch had to be refreshed.
- By default relink hardlinks too, should fix bnc#940296
- Update to upstream git repo on github
- Refresh patches:
  * fdupes-makefile.patch
  * 0008-speedup-the-file-compare.patch
  * 0010-add-permissions-mode.patch
  * 0011-add-an-option-to-sort-duplicate-files-by-name.patch
  * 50_bts284274_hardlinkreplace.dpatch
- Upstreamed patch:
  * 0004-Large-file-support-for-2GB-files-bts447601.patch
- Remove whitespace from fdupes.macros file
- Cleanup with spec-cleaner
  - Obey rpm-opt-flags
  - run test phase
- add -L (--linkhard) option
  add 50_bts284274_hardlinkreplace.dpatch
- sort the output of fdupes by filename to make it deterministic
  for parallel builds
  * 0011-add-an-option-to-sort-duplicate-files-by-name.patch
- update to 1.5.0-PR2
  * new "/--summarize"/ option
  * new  "/--recurse:"/ selective recursion option
  * new "/--noprompt"/ option for totally automated deletion of
  duplicate files.
  * sorts duplicates (old to new) for consistent order when
  listing or deleteing duplicate files.
  * tests for early matching of files, which should help speed up
  the matching process when large files are involved.
  * warns whenever a file cannot be deleted.
  * bugfixes (proper file closing, zero-length files, ...)
- drop the fdupes-sort-output.diff (upstream uses mtime based)
- rename and rebase fdupes-speedup.patch to 0008-speedup-the-compare.patch
- rename and rebase fdupes-endianness.patch to
- add -p/--permissions switch so files with different permissions or uid/gid
  are not considered as duplicates (bnc#784670)
  * this mode is a default one for fdupes macro
- imported several fixes from Debian
  * 0001-restore-pristine-code.patch - some common code fixes, partly obsoletes
    speedup patch
  * manual page fixes
  * 0004-Large-file-support-for-2GB-files-bts447601.patch - large file support
- added "/which"/ requirement for red hat distros
- patch license to follow standard
- cross-build workaround: fake gcc script to work around build
  system not honoring CC
- Apply packaging guidelines (remove redundant/obsolete
  tags/sections from specfile, etc.)
- fix bnc#406825: speedup fdupes
  * fdupes-speedup.patch fixes some performance gaps in code
  * fdupes-endianness.patch speedups the built in md5 on little endian machines
- make patch0 usage consistent
- Add patchfix_of_backport_PR-62.patch as previous backport caused
  a shorten output of the elf interprter (bsc#1176123)
- file-5.24-nitpick.dif: remove obsolete patch (bsc#1169512)
- file-secure_getenv.patch: refresh
- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream
  to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c
- Add patch 0002-PR-62-spinpx-limit-size-of-file_printable.patch to
  fix bsc#1126117, bsc#1126118, and bsc#1126119 for CVE-2019-8905,
  CVE-2019-8906, and CVE-2019-8907
- Add patch file-a642587a9c.patch for bsc#1096974, bsc#1096984, and
  CVE-2018-10360 -- Avoid reading past the end of buffer
- Use %license (boo#1082318)
- Add patch file-5.32-ncurses-6.1.patch to support extend magic
  format for new ncurses 6.1
- Update package summaries. Replace old RPM constructs.
- Remove --with-pic which is useless with --disable-static.
- Edit to remove dead python3 file.
- remove python build instructions from master spec file, move completely
  into python-magic.spec
- Update to file version 5.32
  * Always reset state in {file,buffer}_apprentice (Krzysztof Wilczynski)
  * Fix always true condition (Thomas Jarosch)
  * pickier parsing of numeric values in magic files.
  * PR/615 add magic_getflags()
- This release fix the bug bsc#1056838 for CVE-2017-1000249
- Remove patch file-5.31-fix-tga.dif as now upstream
- Rename patch file-5.31.dif which now becomes file-5.32.dif
- Modify the patches
  * file-5.16-ocloexec.patch
  * file-5.19-biorad.dif
  * file-5.19-printf.dif
  * file-5.23-endian.patch
  * file-5.28-btrfs-image.dif
- add file-5.31-fix-tga.dif upstream commited after I reported
  a failure in File::Unpack's test suite
- Update to file version 5.31
  * remove trailing spaces from magic files
  * refactor is_tar
  * better bounds checks for cdf
- Remove patches now upstream
  * file-5.30-150735.patch
  * file-5.30-3c60e5.patch
- Rename patch file-5.30.dif which becomes file-5.31.dif
- Modify the patches
  * file-4.24-autoconf.dif
  * file-5.14-tex.dif
  * file-5.16-ocloexec.patch
  * file-5.19-printf.dif
  * file-5.23-endian.patch
- Update to file version 5.30
  * If we exceeded the offset in a search return no match
    (Christoph Biedl)
  * Be more lenient on corrupt CDF files (Christoph Biedl)
  * pacify ubsan sign extension (oss-fuzz/524)
  * off by one in cdf parsing (PR/593)
  * report debugging sections in elf (PR/591)
  * Allow @@@ in extensions
  * Add missing overflow check in der magic (Jonas Wagner)
- Mofify the patches
- Rename patch file-5.29.dif to file-5.30.dif
- Add upstream patches
- Modify patch file-5.29.dif that is
  replace colon with dot in offset (boo#1012779)
- Update to file version 5.29
  * der getlength overflow (Jonas Wagner)
  * multiple magic file load failure (Christoph Biedl)
  * CDF parsing improvements (Guy Helmer)
  * Add support for signed indirect offsets
  * cat /dev/null | file - should print empty (Christoph Biedl)
  * Bump string size from 64 to 96.
  * PR/556: Fix separators on annotations.
- Remove patch file-5.28-compress.patch now upstream
- Rename patch file-5.28.dif which becomes now file-5.29.dif
- Add patch file-5.28-btrfs-image.dif
  to add support for files output by btrfs-image.
- Fix boo#995089:
  * Do not attempt to produce a file-magic-32bit package: there is
    nothing arch-dependant in this package (for completeness, this
    was already fixed just before by Marcus)
  * Fix baselibs.conf for libmagic1-32bit to require file-magic
    instead of file-magic-32bit.
  * Build file-magic as noarch on openSUSE >= 1200 (where rpm is
    new enough to support this).
- file-magic is architecture independend, no need for a baselibs
- Add patch file-5.28-compress.patch
  to fix crash as found in build system
- Update to file version 5.28
  * fix leak on allocation failure
  * PR/555: Avoid overflow for offset > nbytes
  * PR/550: Segv on DER parsing:
  - use the correct variable for length
  - set offset to 0 on failure.
- Port patches to 5.28
- Remove patches now upstream
- Rename patches
  file-5.26.dif becomes file-5.28.dif
- Update to file version 5.27
  * Errors comparing DER entries or computing offsets
    are just indications of malformed non-DER files.
    Don't print them.
  * Offset comparison was off-by-one.
  * Fix compression code (Werner Fink)
  * Put new bytes constant in the right file (not the generated one)
- Remove patches
  as now upstream
- Disable patch file-5.26-revert-close.patch for test
- Modify patches
- Add and revert upstream patch file-5.26-revert-close.patch
  (commit 0177f6dd30e1f8c5639c058dcdf1d9edd9f8528c) to help
  rpmbuild not to loose stdin
- Add patch file-5.26-zmagic.patch
  to fix detection chain if for compresses files are expanded
- Add upstream patch file-5.26-console.diff
  to fix wrong detection of UNIF edb files
- Add upstream patch file-5.26-downgrade_DER.patch
  to fix DER error messages as well oas offset handling
- Update to file version 5.26
  * make the number of bytes read from files configurable.
  * Add bounds checks for DER code (discovered by Thomas Jarosch)
  * Change indirect recursion limit to indirect use count and
    bump from 15 to 50 to prevent abuse.
  * Add -00 which prints filename0description0
  * Fix ID3 indirect parsing
  * add DER parsing capability
  * provide dprintf(3) for the OS's that don't have it.
  * redo the compression code report decompression errors
  * REG_STARTEND code is not working as expected, delete it.
  * Add zlib support if we have it.
  * PR/492: compression forking was broken with magic_buffer.
- Removed patches as upstream now
- Modified patches
- Renamed patches
  file-5.23.dif becomes file-5.26.dif
- Added patch from upstream to fix version handling of PHP files
- Make the python command a macro.
- add file-5.25-avoid-double-evaluation-in-python-bindings.dif (bsc#949905)
- file 5.25:
  * add a limit to the length of regex searches
  * fix problems with --parameter
- Update to file version 5.24
  * redo long option encoding to fix off-by-one in 5.23
- Adapt and rename patch
  file-5.12-nitpick.dif becomes file-5.24-nitpick.dif
- Update to file version 5.23
  * Fix issue with regex range for magic with offset
  * Always return true from mget with USE (success to mget not match
    indication). Fixes mime evaluation after USE magic
  * PR/459: Don't insert magic entries to the list if there are parsing
    errors for them.
  * PR/455: Add utf-7 encoding
  * PR/455: Implement -Z, look inside, but don't report on compression
  * PR/454: Fix allocation error on bad magic.
  * handle MAGIC_CONTINUE everywhere, not just in softmagic
  * don't print descriptions for NAME types when mime.
  * Add --extension to list the known extensions for this file type
    Idea by Andrew J Roazen
  * Bump file search buffer size to 1M.
  * Fix multiple issues with date formats reported by Christoph Biedl:
  - T_LOCAL meaning was reversed
  - Arithmetic did not work
    Also stop adjusting daylight savings for gmt printing.
  * PR/411: Fix memory corruption from corrupt cdf file.
- Refresh and rename patches
  file-5.20-endian.patch becomes file-5.23-endian.patch
  file-5.22.dif becomes file-5.23.dif
  Refresh patch file-secure_getenv.patch
- Update to file version 5.22 (also related to bsc#913650 and bsc#913651)
  * add indirect relative for TIFF/Exif
  * restructure elf note printing to avoid repeated messages
  * add note limit, suggested by Alexander Cherepanov
  * Bail out on partial pread()'s (Alexander Cherepanov)
  * Fix incorrect bounds check in file_printable (Alexander Cherepanov)
  * PR/405: ignore SIGPIPE from uncompress programs
  * change printable -> file_printable and use it in
    more places for safety
  * in ELF, instead of "/(uses dynamic libraries)"/ when PT_INTERP
    is present print the interpreter name.
- Patch file-5.18-elf.dif is modified and renamed to file-5.22-elf.dif
- Patch file-5.20.dif s modified and renamed to file-5.22.dif
- build with PIE
- Drop patch file-5.20-CVE-2014-3710.patch as now part of upstream
- Update to file version 5.21
  * Fix CVE-2014-8116 and CVE-2014-8117 (bsc#910252 and bsc#910253)
  * there was an incorrect free in magic_load_buffers()
  * there was an out of bounds read for some pascal strings
  * there was a memory leak in magic lists
  * don't interpret strings printed from files using the current
    locale, convert them to ascii format first.
  * there was an out of bounds read in elf note reads
  * fix MacOS/X locale.h vs. xlocale.h issues
- Add patch file-5.20-CVE-2014-3710.patch to fic bsc#902367
  CVE-2014-3710: file: out-of-bounds read in elf note headers
- Update to file version 5.20
  * recognize encrypted CDF documents
  * add magic_load_buffers from Brooks Davis
  * add thumbs.db support
- Remove file-5.07-iso9660.dif as now upstream
- Remove file-5.19-gdbm.patch as now upstream
- Adapt and rename file-5.18-endian.patch to file-5.20-endian.patch
- Adapt and rename file-5.19.dif file-5.20.dif
- Remove duplicate line due to merge error
- add /etc/skel/.cache with perm 0700 (bsc#1181011)
- Set correct permissions when creating /proc and /sys
- Ignore postfix user (pulled in from buildsystem)
- /proc and /sys should be %ghost to allow filesystem package updates in
  rootless container environments (rh#1548403) (bsc#1146705)
- Split /var/tmp out of fs-var.conf, new file is fs-var-tmp.conf.
  Allows to override config to add cleanup options of /var/tmp
- Create fs-tmp.conf to cleanup /tmp regular (required with tmpfs)
- Fix bug about missing group in tmpfiles.d files
- Generic cleanup:
  - Remove /usr/local/games
- pretrans lua script: try to move away /var/run and /var/lock
  unless they are already symlinks (bsc#1084119)
- Add /etc/modprobe.d and /usr/lib/modprobe.d (bsc#1082050).
- drop /etc/xinetd.d (bsc#1084457)
- Handle aaa_base moving the license files to /usr/share/licenses.
- Use lib64 filelist on riscv64
- Exclude some directories from fs-var.conf which are already part
  of systemd [bsc#1078466].
- Remove obsolete, outdated or duplicate directories:
  /lib/YaST, /lib/lsb, /srv/ftp, /usr/lib/lsb, /usr/share/nls and
- Adjust aaa_base test for latest aaa_base changes
- Remove /var/adm/fillup-templates, already prohibited by rpmlint
- Remove /var/adm/backup/{rpmdb,sysconfig}, they belong to
  aaa_base-extras only.
- Fix incomplete /usr/X11R6 drop from 2013
- Create fs-var.conf for systemd-tmpfiles, which contains all
  directories and links below /var. This is needed for systems,
  which use transactional update, read-only root filesystem, or
  other things, where either /var is not available during upgrade
  or does not survive a reboot. So that systemd-tmpfiles could
  create them at next boot.
- Drop deprecated /usr/tmp compat link
- Add /usr/share/fillup-templates: this is the new location for
- Add /usr/share/metainfo: this is the new location defined by
  AppStream to replace /usr/share/appdata.
- Remove /etc/ppp and subdirectories, the current, full list of
  directories is part of the sysconfig package
- Require user root and group root
- Remove /etc/susehelp.d and subdirectories, susehelp is gone
- Remove /etc/tmpdirs.d, support was removed 2011 and migrated
  to tmpfiles.d
- Remove /var/adm/perl-modules (support was removed with 11.4)
- Get ride of the last non-root group. /run/lock is created by
  systemd, not filesystem, so remove it from here.
- Change ownership of /etc/ppp, group dialout has meanwhile another
  meaning and there are no setgid dialout binaries who could need
- Remove home directories for wwwrun, lp, mail and nobody.
  They are now part of the corresponding system-user-* RPMs.
- Move /etc/init.d hiearchy to insserv-compat
- Move /etc/cups to cups-libs [bsc#1025689]
- Remove /usr/games (finally everything is moved to /usr/bin)
- Remove /*/news, now part of system-user-news
- Remove /var/cache/man, now part of system-user-man
- Remove /var/games, now part of system-user-games
- Add /usr/lib/sysusers.d
- Remove uucp directories, moved to system-user-uucp
- change /etc/cups to mode 0755 by cherry-picking SLE change
- own /usr/share/licenses to support %license tags in rpm, see
- Add /usr/lib/udev/rules.d: packages installing rules don't really
  have to build depend on udev, it only increases their build time.
- Add some systemd directories so that uuidd does not have to own
  them and still succeeds building in a systemd-less root.
- Add /usr/lib/tmpfiles.d, which can well be considered a base
  system directory by now.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Also return back the /bin/fillup provides line
- Keep /bin/fillup as a symlink in the package: there are hundreds
  of RPMs out there referencing it in the %post scriptlets, when
  any of the %*fillup* macros was used. Even updating the macro
  will not make the existing RPMs magically be fixed.
- Cleanup the mess in spec with spec-cleaner
- place binary into /usr tree (UsrMerge project)
- cross-build workarounds: disable %build section testing, use fake
  gcc script to work around build system deficiencies
- Apply packaging guidelines (remove redundant/obsolete
  tags/sections from specfile, etc.)
- Open all file descriptors with O_CLOEXEC
- handle out-of-disk-space situations somewhat better.
- use %_smp_mflags
- Do not compile in date into binary to create reproduceable binaries.
- enable parallel building
- make patch0 usage consistent
- Use new Group Release Keyring
- update upstream signing key
- remove deprecated texinfo packaging macros
- run spec-cleaner
- Update to 4.8.0.
- findutils.spec:
  - Source0: Fix download URL: remove "/pub/"/.
  - %check: Output the content of all test-suite files in case of errors.
- Remove now-upstream patches:
  - disable-null-ptr-test.patch
  - findutils-gnulib-disable-test-float.patch
  - findutils-gnulib-test-avoid-FP-perror-strerror.patch
- prepare usrmerge (boo#1029961)
- findutils-gnulib-test-avoid-FP-perror-strerror.patch: Add patch to
  avoid false-positive error in gnulib tests 'test-perror2' and
  'test-strerror_r', visible on armv7l.
- findutils.spec: Reference the patch.
- disable-null-ptr-test.patch: Refresh with -p0.
- findutils.keyring: Update GPG keys of Bob Proulx.
  Prompted by an error of 'osc service localrun download_files'.
- findutils.spec: Avoid conditional Patch definition as this breaks
  cross-platform building from source RPMs.
- findutils-gnulib-disable-test-float.patch: Add patch to temporarily
  disable the gnulib test 'test-float' failing on ppc and ppc64le.
- findutils.spec: Reference the patch.
- Add disable-null-ptr-test.patch in order to fix boo#1157342.
- Upgrade to 4.7.0.
- findutils.spec:
  - Change source compression from gzip to xz.
  - Align comments about how to bump the version.
  - Activate the signature checking via *.sig and keyring files.
  - Remove downstream hack in %check section to make a test executable.
- Delete obsolete patches:
  - disable-broken-tests.patch
  - gnulib-libio.patch
  - sv-bug-48030-find-exec-plus-does-not-pass-all-arguments.patch
  - sysmacros.patch
- findutils-4.4.2-xautofs.patch: Refresh, and rename ...
- findutils-xautofs.patch: ... to this.
- Add disable-broken-tests.patch in order to remove broken
  tests (boo#1138800).
- gnulib-libio.patch: Update gnulib for libio.h removal
- sysmacros.patch: Include <sys/sysmacros.h> for makedev
- Use %license (boo#1082318)
- sv-bug-48030-find-exec-plus-does-not-pass-all-arguments.patch:
  Add upstream patch to fix
- Upgrade to 4.6.0
    stable release, removing 'oldfind'.
- Delete now-upstream patches: findutils-gnulib-ppc64le.patch,
- Refresh patch: findutils-4.4.2-xautofs.patch
- Upgrade to 4.5.15
- Delete now-upstream patch:
- Refresh patches:
- add gnulib-perl522.patch from gnulib upstream
- findutils-oldfind-fix-dotdot-skipping.patch: Add upstream patch
    to fix 'oldfind' which skipped all files starting with "/.."/
    (e.g. "/..file"/).
- findutils.spec: Add BuildRequires:dejagnu - otherwise only a
    very limited set of the tests was run by 'make check'.
- Fix RPM categories.
- use-extensions.patch: add AC_USE_SYSTEM_EXTENSIONS to get missing
- Explicitly require m4 and library devel package
- Do not ship static library
- flex 2.6.4:
  * Some minor performance enhancements
  * honor user defined yy_* macros again
- includes changes from 2.6.3:
  * several bug fixes resolved problems introduced in recent flex
    versions regarding processing of comments, literals and various
    quoting scenarios.
  * fix buffer overflow through long path (bsc#1026047)
- includes changes from 2.6.2:
  * a segfalt involving yyrestart(NULL) has been fixed
  * flex should now handle quoting when mixed with m4 processing
  * flex handles `[[' and `]]' correctly
  * flex no longer generates non-ANSI code
  * more compilation warnings were squashed in generated scanners
  * prevented a buffer overflow that could occur when input buffers
  were the exact wrong size
- drop flex-2.6.1-fPIC.patch
- build the shared library and split libfl
- Fix de-registration of the info files.
- Small spec file cleanup
- Update to version 2.6.1
  * A number of compiler warnings have been remedied.
  * Line directives should now work as expected and be absent when
    that is expected.
  * Resolved github issues #53, #54, #55, #61.
  * Resolved sf bugs #128, #129, #155, #160, #184, #187, #195.
- Refresh flex-2.5.34-fPIC.patch -> flex-2.6.1-fPIC.patch
- Drop upstream patches: config-guess-sub-update.patch,
  flex-2.5.37-bison-2.6.1-1.patch, flex-compatible-with-bison3.patch,
- Drop unneeded patch flex-2.5.37-notex.patch
- flex-yyleng.patch: fix type of yyleng to be int as mandated by POSIX.
  Fixes perl-SystemPerl, for example.
- Add flex-compatible-with-bison3.patch
  * fix tests with bison3, see
- config-guess-sub-update.patch:
  Update config.guess/sub for aarch64
- update to 2.5.37
  * * Import flex into git. See
  * * Fix make install target to not fail when the flex++ program is
    already installed
  * * New translations from the translation project: de, fi, pl, vi
  * * various portability fixes that quiet compiler warnings on 64-bit
  * * various manual fixes, including correcting the name of a %option and
    updating some simple examples to use ANSI C syntax
  * * various bug fixes that prevent certain error conditions from
    persisting when they should not persist
  * * improvements to the test suite so it behaves better when linking
    compiled files
  * * new translations from the translation project: ca, da, es, fi, fr,
    ga, ko, pt_br, ro, ru, sv, tr, zh_cn
  * * the flex distribution is now built with automake 1.10.1 and automake
- add patch flex-2.5.37-notex.patch to compile without texlive
- remove patches no longer required:
- add automake as buildrequire to avoid implicit dependency
- fix compile failure outside ARM
- Skip the test suite when building in qemu userspace emulation
  to fix and speedup build on ARM.
- Apply packaging guidelines (remove redundant/obsolete
  tags/sections from specfile, etc.)
- add baselibs.conf as a source
- fix link line
- fontconfig-devel-32bit needs to require fontconfig-32bit,
  needed for Wine development (bsc#1172301)
- fc-query: remove redundant debug output
  + fontconfig-remove-debug-output.patch
- Update to 2.12.6:
  * conf.d: Drop aliases for (URW)++ fonts (upstreamed)
  * other minor fixes
- Includes changes from 2.12.5:
  * update docs
  * Accept 4 digit script tag in FcLangNormalize().
  * fc-blanks: fall back to the static data available in repo if
    downloaded data is corrupted
  * emoji related fixes
  * various cleanups
  * support listing named instances
- Version update to 2.12.4:
  * Various distcheck errors
  * FcCharSetHash(): use the 'numbers' values to compute the hash
  * fc-lang: gracefully handle the case where the last language initial is < 'z'
  * Fix an off-by-one error in FcLangSetIndex()
  * Fix erroneous test on language id in FcLangSetPromote()
  * FcLangSetCompare(): fix bug when two charsets come from different "/buckets"/
  * Treat C.UTF-8 and C.utf8 locales as built in the C library
- Remove merged upstream fontconfig-locale_c.utf8.patch
- Remove fontconfig-doc archive, the generated output is already
  present in the upstream released tarball
- Remove unused configure options
- Remove --with-pic which is only useful for static libs.
- Update to 2.12.3:
    Don't call perror() if no changes happens in errno
    Fix FcCacheOffsetsValid()
    Fix the build issue with gperf 3.1
    Fix the build issue on GNU/Hurd
    Update a bit for the changes in FreeType 2.7.1
    Add the description of FC_LANG envvar to the doc
    Bug 101202 - fontconfig FTBFS if docbook-utils is installed
    Correct cache version info in doc/fontconfig-user.sgml
    Avoid conflicts with integer width macros from TS 18661-1:2014
    Fix PostScript font alias name
    Update aliases for URW June 2016
- removed unneeded:
  - fontconfig-glibc-2.25.patch
  - make-check.patch
- Add patch fontconfig-glibc-2.25.patch
  * Fixes build with glibc 2.25.
- Update to 2.12.1:
    Update CaseFolding.txt to Unicode 9.0
    Fix some errors related to python3
    Bug 96676 - Check range of FcWeightFromOpenType argument
    Update libtool revision
    Properly validate offsets in cache files.
- Update to version 2.12.0:
  + Support the size specific design selection in OS/2 table
    version 5.
  + Allow the modification on 'lang' and 'charset' objects.
  + Increase the refcount in FcConfigSetCurrent().
  + some updates in orth files.
  + Add --error-on-no-fonts option to fc-cache.
  + Use lang=und instead of lang=xx for "/undetermined"/.
  + Add FC_WEIGHT_DEMILIGHT and change from 65 to 55.
  + Add FC_COLOR.
  + Treat color fonts as scalable.
  + no FC_LANG added with FcConfigSubstitute() when it has "/und"/.
  + Hardcode blanks in library.
  + Support symbol fonts.
  + Unicode 8.0 support.
  + Add hintstyle templates and default hintslight.
  + GX font support.
  + Improve the footprint issue on updating caches.
  + Bump the cache version to 6.
  + more bug fixes.
- Add fontconfig-locale_c.utf8.patch to recognize C.UTF-8 locale,
  patch from Debian.
- Clean the spec file with spec-cleaner
- fix wrong path to documentation (bnc#907685)
- removed patch: usr-share-doc-packages.patch
- Add a _service file
- Add code in %post to check the value of
  set to yes, empty or it doesn't exist, then update the values
  /etc/sysconfig/fonts-config to use the default settings
  established in the 20181211 release (boo#1172022)
- Update to 20200609+git0.42e2b1b:
  * Add variable to allow fonts-config to update default settings
  * Fix en-US, en-GB font matching
- Update to 20190119
  * Allow non-ASCII letters in font names (boo#1049056, bnc#1101985).
- Update to 20181211
  * Update subpixel rendering config
  * Fix missspelling issue (boo#1111791). so
    Drop fonts-config-fix-misspelling.patch
  * Fix (boo#1092737).
  * other minor tidyups
- Use noun phrasing and user-independent wording.
- Add fonts-config-fix-misspelling.patch: fix misspelling in
  configuration file(boo#1111791).
- new upstream:
  development will continue there.
- drop patch: fontconfig-infinality-generate-tt-groups.patch
  * infinality project is dead, we use a static result in upstream
    instead of generating it every time.
- update 20180430
  * support color emoji
  * modern fonts for symbol
  * add configurations for Noto Sans/Serif CJK
- Do not create fonts.{dir,scale} in encodings directory
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- version 20160921
  * add 59-family-prefer-lang-specific.conf to specify prefered
    family for each language
  * fix Noto Sans CJK is used for serif alias (boo#998301)
  * assign monospace to default of Oxygen Mono
- version 20160914:
  * comma and the rest of family string is ignored while translating
    preference lists from sysconfig to fontconfig snippets
- Roboto prefered for sans and serif and Source Sans Pro for
  monospace [bsc#951898]
- change to
  * To full fit FATE#316521 Get rid of files using the old SUSE spelling.(bnc#942314)
- fonts-config: fix use of $ENV vars
- updated to 20150424:
  * introduce --remove-user-setting option
- updated to 20150423:
  * hide local system family preference list when user's one is
    in action
- updated to 20150421:
  * use mkpath instead of make_path [bnc#927968]
  * behave better when
    not found
- updated to 20150417:
  * added --user option
- added Command: metadata to relevant sysconfig variables
- updated to 20141207
  added --info option (will be required by yast fonts)
- add fping-4.0-fix_ipv6-disabled.patch to fix fping on servers
  with disabled IPv6 [bsc#1133988]
- fping now has cap_net_raw, fix build in Factory (bsc#1047921)
- Cleanup a bit with spec-cleaner basically just to use new make_install
- Do away with %__ macro indirections.
- Update to version 4.0
  * feature: Auto-adjust timeout for -c/-C/-l mode to value of -p
  * feature: Enforce -t timeout on reply packets, by discarding late
    packets (#32)
  * feature: Option -d/--rdns now always does a rdns-lookup, even for
    names, as '-n' was doing until now
  * feature: Keep original name if a hostname is given with -n/--name
  * feature: New option -6 to force IPv6
  * feature: New option -4 to force IPv4
  * feature: IPv6 enabled by default
  * feature: Long option names for all options
  * feature: Unified 'fping' and 'fping6' into one binary (#80)
  * feature: fping and fping6 are now unified into one binary.
  * bugfix: -i/-p restrictions disabled by default
    (enable with --enable-safe-limits)
  * bugfix: Default interval -i changed from 25ms to 10ms
  * bugfix: Fix compatibility issue with GNU Hurd
  * bugfix: A C99 compiler is now required
  * bugfix: Option parsing with optparse
  * bugfix: New changelog file format
- Update to version 3.16:
  * (feature) Support kernel-timestamping of received packets (#46)
  * (feature) Simplify restrictions: only -i >= 1 and -p >= 10 are
    enforced now
  * (bugfix) Fix option -m to return all IPs of a hostname
  * (bugfix) Fix option -H (ttl) for IPv6
  * (bugfix) Fix option -M (don't fragment) for IPv6
  * (bugfix) Fix option -O (ToS) for IPv6
  * (bugfix) Fix compatibility issue with AIX (#69, @blentzgh)
  * (bugfix) Fix option -q not suppressing some ICMP error messages (#83)
  * (bugfix) Fix option -M expecting an argument, when it shouldn't
  * (bugfix) Fix minor issues found by Coverity Scan
- Update to version 3.15:
  * (bugfix) Fix compiler errors on platforms other than Linux (related
    to the new -M option, #109)
  * Test suite fixes for macOS
- Update to version 3.14:
  * (feature) Ignore network and broadcast for cidrs /31 and /32
    (#102, Martin Topholm)
  * (feature) New option '-M' to set the "/Don't Fragment"/ flag
    (#91, Don Bowman)
  * (feature) New option '-N' to output statistics for netdata
    (see:, #105, Costa Tsaousis)
  * (feature) New option '-o' to calculate total outage time (#90, @jgerbeck)
  * (bugfix) Exit code should be 2 when the hostname can't be resolved
    (fixes #98, reported by @green-fox)
  * (bugfix)  Fix issue compliling on RHEL/Centos 7 (#95, @jbackman)
  * (bugfix) Lower -i limit to 1 instead of 10
  * (bugfix) Improve interval preciseness of -Q reporting
  * (bugfix) Fix occasional false positive in -Q reporting (#97)
  * (bugfix) Solaris 10 portability fix (#107, Peter Bray)
- Update to version 3.13:
  + Bugfix: Fix ICMP errors sometimes causing crashes with
    fping >= 3.11.
- Update to version 3.12:
  + Bugfix: Fix fping6 -R (#84).
- Changes from version 3.11:
  + Feature:
  - New option -R to use random bytes instead of NULLs (#72).
  - Small documentation and performance improvements.
  + Bugfix: Fix double entries with fping -u and unreachable hosts.
  + Internal: Use sockaddr_storage and simplify code, so that we
    can one day support both IPv4 and IPv6 with the same binary.
- Update to version 3.10:
  + Fix confusing error message with -g and IPv6 addresses (#58).
  + Allow option '-f' also for non-root (since setuid privileges
    are dropped).
  + Do not retry twice DNS lookup on DNS lookup problem.
  + Remove support for NIS groups.
  + Better document -B backoff-factor and when it can be used (#33)
  + More tests added.
- Update to version 3.9:
  + Fix random output on socket error (#56).
  + Support ppc64le architecture by including alpha libtool
  + Fix compilation problem on FreeBSD (#57).
  + Initial test suite and continous intergration (with /
  + Don't output usage information on error.
- Changes from version 3.8:
  + Fix segmentation fault introduced in version 3.7 with loop mode
- Changes from version 3.7:
  + Allow running as non-root on Mac OS X by using non-privileged
    ICMP (#7).
  + Remove unnecessary IPv6 socket options.
  + Fix again compatibility issue with FreeBSD.
  + Fix fping hanging forever on permanent sendto failure.
  + Fix duplicate echo reply packets causing early stop in count
    mode (#53).
- Changes from version 3.6:
  + Fix loop issue after 65536 pings (#12).
  + Minimum ping data size is now 0.
  + Removed setsockopt IPV6_CHECKSUM, which shouldn't be set and
    breaks compiling on Solaris.
  + Fix wrong min RTT value with -Q option (#51).
- Drop export CFLAGS="/%optflags -D_GNU_SOURCE -fwhole-program"/, it
  breaks the build.
- Add CVE-2020-15999.patch to fix a heap buffer overflow has been
  found  in the handling of embedded PNG bitmaps
  CVE-2020-15999 bsc#1177914
- Use the compiler default C std, since 2012 gcc defaults
  have changed, we now only need to get rid of ANSIFLAGS, override
  that variable instead.
- Update to version 2.10.1
  * The bytecode hinting of OpenType variation fonts was flawed, since
    the data in the `CVAR' table wasn't correctly applied.
  * Auto-hinter support for Mongolian.
  * The handling of  the default character in PCF fonts as  introduced
    in version 2.10.0 was partially broken, causing premature abortion
    of charmap iteration for many fonts.
  * If  `FT_Set_Named_Instance' was  called  with  the same  arguments
    twice in a row, the function  returned an incorrect error code the
    second time.
  * Direct   rendering   using  FT_RASTER_FLAG_DIRECT   crashed   (bug
    introduced in version 2.10.0).
  * Increased  precision  while  computing  OpenType  font   variation
  * The  flattening  algorithm of  cubic  Bezier  curves was  slightly
    changed to make  it faster.  This can cause  very subtle rendering
    changes, which aren't noticeable by the eye, however.
  * The  auto-hinter  now  disables hinting  if there  are blue  zones
    defined for a `style' (i.e., a certain combination of a script and
    its related typographic features) but the font doesn't contain any
    characters needed to set up at least one blue zone.
- Add tarball signatures and freetype2.keyring
- Update to version 2.10.0
  * A bunch of new functions has been added to access and process
    COLR/CPAL data of OpenType fonts with color-layered glyphs.
  * As a GSoC 2018 project, Nikhil Ramakrishnan completely
    overhauled and modernized the API reference.
  * The logic for computing the global ascender, descender, and
    height of OpenType fonts has been slightly adjusted for
  * `TT_Set_MM_Blend' could fail if called repeatedly with the same
  * The precision of handling deltas in Variation Fonts has been
    increased.The problem did only show up with multidimensional
  * New function `FT_Library_SetLcdGeometry' to set up the geometry
    of LCD subpixels.
  * FreeType now uses the `defaultChar' property of PCF fonts to set
    the  glyph for  the undefined  character  at glyph  index 0  (as
    FreeType already does for all other supported font formats).  As
    a consequence, the order of glyphs of a PCF font if accessed
    with  FreeType can be different now compared to previous
    This change doesn't affect PCF font access with cmaps.
  * `FT_Select_Charmap' has been changed to allow  parameter value
    `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT
    formats to access built-in cmaps that don't have a predefined
    `FT_Encoding' value.
  * A previously reserved field in the `FT_GlyphSlotRec' structure
    now holds the glyph index.
  * The usual round of fuzzer bug fixes to better reject malformed
  * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have
    been removed.These two functions were public by oversight only
    and were never documented.
  * A new function `FT_Error_String' returns descriptions of error
    codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is
  * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new
    functions limited to Adobe MultiMaster fonts to directly set and
    get the weight vector.
- Remove old ppc64 parts in spec file
- Refresh patches:
  + bugzilla-308961-cmex-workaround.patch
  + don-t-mark-libpng-as-required-library.patch
  + enable-long-family-names-by-default.patch
- Enable subpixel rendering with infinality config:
  + enable-subpixel-rendering.patch
  + enable-infinality-subpixel-hinting.patch
- Re-enable freetype-config, there is just too many fallouts.
- Update to version 2.9.1
  * Type 1 fonts containing flex features were not rendered
    correctly (bug introduced in version 2.9).
  * CVE-2018-6942: Older FreeType versions can crash with certain
    malformed variation fonts.
  * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.
  * Emboldening of bitmaps didn't work correctly sometimes, showing
    various artifacts (bug introduced in version 2.8.1).
  * The auto-hinter script ranges have  been updated for Unicode 11.
    No support for new scripts have been added, however,  with the
    exception of Georgian Mtavruli.
- freetype-config is now deprecated by upstream and not enabled
  by default.
- Drop upstreamed patches:
  * bnc1079600.patch
  * psaux-flex.patch
  * 0001-src-truetype-ttinterp.c-Ins_GETVARIATION-Avoid-NULL-.patch
  * 0001-truetype-Better-protection-against-invalid-VF-data.patch
- Add bnc1079600.patch: Fix several integer overflow issues in
  truetype/ttinterp.c (bsc#1079600)
- Refresh spec-file via spec-cleaner.
- Add shell script in separate package
  freetype2-profile-tti35 in order to be able to set TrueType
  interpreter version 35 (boo#1084085).
- Added patch:
  * enable-long-family-names-by-default.patch
    + Define PCF_CONFIG_OPTION_LONG_FAMILY_NAMES to obtain 2.7.1
- Added patches:
  * 0001-src-truetype-ttinterp.c-Ins_GETVARIATION-Avoid-NULL-.patch
    + Upstream fix for bsc#1079603: Avoid NULL reference in
  * 0001-truetype-Better-protection-against-invalid-VF-data.patch
    + Upstream fix for bsc#1079601: Protection against invalid VF
- Add psaux-flex.patch to fix a regression in Type1 rendering
- Update to version 2.9
  * Advance width values of variation fonts were often wrong.
  * More fixes for variation font support; you should update to
    this version if you want to support them.
  * As a GSoC project, Ewald Hew extended the new (Adobe) CFF
    engine to handle Type 1 fonts also, thus greatly improving
    the rendering of this format. This is the new default.
  * A new function, `FT_Set_Named_Instance', can be used to set
    or change the current named instance.
  * Starting with this FreeType version, resetting variation
    coordinates will return to the currently selected named
    instance. Previously, FreeType returned to the base font
    (i.e., no instance set).
  * Some fuzzer fixes to better reject malformed fonts.
- Update to version 2.8.1
  * B/W  hinting   of  TrueType   fonts  didn't  work   properly  if
    interpreter version 38 or 40 was selected.
  * Some severe  problems within the handling  of TrueType Variation
    Fonts were found and fixed.
  * Function `FT_Set_Var_Design_Coordinates' didn't correctly handle
    the case with less input coordinates than axes.
  * By default,  FreeType  now offers  high  quality  LCD-optimized
    output  without resorting to ClearType techniques of resolution
    tripling and filtering.  In this method,  called Harmony,  each
    color channel is generated separately  after shifting the glyph
    outline,  capitalizing on the fact  that the color grids on LCD
    panels  are  shifted  by  a third  of  a pixel.  This output is
    indistinguishable from ClearType with a light 3-tap filter.
  * Using the  new function `FT_Get_Var_Axis_Flags',  an application
    can access the `flags' field  of a variation axis (introduced in
    OpenType version 1.8.2)
  * FreeType  now synthesizes  a  missing Unicode  cmap for  (older)
    TrueType fonts also if glyph names are available.
  * The warping option  has moved  from `light'  to `normal' hinting
    where  it replaces  the original hinting algorithm.  The `light'
    mode is now always void of any hinting in x-direction.
- Update to version 2.8
  * Support for OpenType Variation Fonts is now complete. The last
    missing part was handling the `VVAR' and `MVAR' tables, which is
    available with this release.
  * A new  function `FT_Face_Properties' allows the  control of some
    module  and   library  properties  per  font.    Currently,  the
    following properties can be  handled: stem darkening, LCD filter
    weights, and the random seed for the `random' CFF operator.
  * The PCF change to show more `colourful' family names (introduced
    in version 2.7.1) was too radical; it can now be configured with
    PCF_CONFIG_OPTION_LONG_FAMILY_NAMES   at   compile   time.    If
    activated, it can  be switched off at run time  with the new pcf
    property  `no-long-family-names'.  If  the `FREETYPE_PROPERTIES'
    environment variable is available, you can say
  * Support  for  the  following  scripts  has  been  added  to  the
    Adlam, Avestan, Bamum, Buhid, Carian, Chakma, Coptic, Cypriot,
    Deseret, Glagolitic, Gothic, Kayah, Lisu, N'Ko, Ol Chiki, Old
    Turkic, Osage, Osmanya, Saurashtra, Shavian, Sundanese, Tai
    Viet, Tifinagh, Unified Canadian Syllabics, Vai
  * `Light' auto-hinting  mode no  longer uses TrueType  metrics for
    TrueType  fonts.   This bug  was  introduced  in version  2.4.6,
    causing   horizontal  scaling   also.    Almost  all   GNU/Linux
    distributions (with Fedora as  a notable exception) disabled the
    corresponding patch for good reasons; chances are thus high that
    you won't notice a difference.
  * If a TrueType font gets loaded with FT_LOAD_NO_HINTING, FreeType
    now scales  the font linearly  again (bug introduced  in version
  * Fixed CVE-2017-8105,  CVE-2017-8287:  Older   FreeType  versions
    have out-of-bounds  writes  caused  by  heap-based  buffer  overflows
    related to Type 1 fonts. (boo#1035807, boo#1036457)
- See for
  the complete changelog.
- Update to version 2.7.1:
    + Support for the new CFF2 font format as introduced with
    OpenType 1.8 has been contributed by Dave Arnolds from Adobe.
    + Preliminary support for variation fonts as specified in
    OpenType 1.8 (in addition to the already existing support for
    Adobe's MM and Apple's GX formats). Dave Arnolds contributed
    handling of advance width change variation; more will come in
    the next version.
    + Handling of raw CID fonts was partially broken (bug introduced
    in 2.6.4).
    + Some limits for TrueType bytecode execution have been tightened
    to speed up FreeType's handling of malformed fonts, in
    particular to quickly abort endless loops.
    + The number of twilight points can no longer be set to an
    arbitrarily large value.
    + The total number of jump opcode instructions (like JMPR) with
    negative arguments is dynamically restricted; the same holds
    for the total number of iterations in LOOPCALL opcodes.
    + The dynamic limits are based on the number of points in a glyph
    and the number of CVT entries. Please report if you encounter a
    font where the selected values are not adequate.
    + PCF family names are made more `colourful'; they now include the
    foundry and information whether they contain wide characters.
    For example, you no longer get `Fixed' but rather `Sony Fixed'
    or `Misc Fixed Wide'.
    + A new function `FT_Get_Var_Blend_Coordinates' (with its alias
    name `FT_Get_MM_Blend_Coordinates') to retrieve the normalized
    blend coordinates of the currently selected variation instance
    has been added to the Multiple Masters interface.
    + A new function `FT_Get_Var_Design_Coordinates' to retrieve the
    design coordinates of the currently selected variation instance
    has been added to the Multiple Masters interface.
    + A new load flag `FT_LOAD_BITMAP_METRICS_ONLY' to retrieve bitmap
    information without loading the (embedded) bitmap itself.
    + Retrieving advance widths from bitmap strikes (using
    `FT_Get_Advance' and `FT_Get_Advances') have been sped up.
    + The usual round of fuzzer fixes to better reject malformed
- Drop freetype2-bitmap-foundry.patch, merged upstream.
- update to version 2.7:
    + As announced earlier, the 2.7.x series now uses the new subpixel
    hinting  mode as  the  default, emulating  a  modern version  of
    This change inevitably leads to different rendering results, and
    you   might   change   the   `TT_CONFIG_OPTION_SUBPIXEL_HINTING'
    configuration option to  adapt it to your taste (or  use the new
    `FREETYPE_PROPERTIES'    environment    variable).    See    the
    corresponding entry  below for  version 2.6.4, which  gives more
    introduced.   If  set (which  is  the  default), an  environment
    variable  `FREETYPE_PROPERTIES' can  be used  to control  driver
    properties.  Example:
    FREETYPE_PROPERTIES=truetype:interpreter-version=35 +    cff:no-stem-darkening=1 +    autofitter:warping=1
    This allows to select, say, the subpixel hinting mode at runtime
    for a given application.  See file `ftoption.h' for more.
    + After  loading a  named instance  of  a GX  variation font,  the
    `face_index'  value  in  the returned  `FT_Face'  structure  now
    correctly holds the named instance  index in the upper 16bits as
    + A new macro `FT_IS_NAMED_INSTANCE' to  test whether a given face
    is a named instance.
    + More fixes to GX font handling.
    + Apple's   `GETVARIATION'  bytecode   operator  (needed   for  GX
    variation font support) has been implemented.
    + Another round  of fuzzer fixes,  mainly to reject  invalid fonts
    + Handling of raw CID fonts  was broken (bug introduced in version
    + The smooth rasterizer has been streamlined  to make it faster by
    approx. 20%.
    + The `ftgrid'  demo program now  understands command  line option
    `-d' to give start-up design coordinates.
    + The `ftdump' demo program has  a new command line option `-p' to
    dump TrueType bytecode instructions.
- removed freetype2-subpixel.patch in favor of above
  FREETYPE_PROPERTIES environment variable
- Update to version 2.6.5:
  + Compilation works again  on Mac OS X (bug introduced in version
  + The new  subpixel hinting  mode is now  disabled by  default; it
    will  be enabled  by default  in the  forthcoming 2.7.x  series.
    Main reason for reverting this feature is the principle of least
    surprise: a  sudden change in  appearance of all fonts  (even if
    the rendering improves  for almost all recent  fonts) should not
    be expected in a new micro version of a series.
- Rebase freetype2-subpixel.patch.
- Upadte to version 2.6.4:
  * A new subpixel hinting mode, which is now the default rendering
    mode for TrueType fonts. It implements (almost everything of)
    version 40 of the bytecode engine. The existing code base in
    FreeType (the `Infinality code') was stripped to the bare
    minimum and all configurability removed in the name of speed
    and simplicity. The configurability was mainly aimed at legacy
    fonts like Arial, Times New Roman, or Courier. [Legacy fonts
    are fonts that modify vertical stems to achieve clean
    black-and-white bitmaps.] The new mode focuses on applying a
    minimal set of rules to all fonts indiscriminately so that
    modern and web fonts render well while legacy fonts render
    okay. Activation of the subpixel hinting support can be
    controlled with the `TT_CONFIG_OPTION_SUBPIXEL_HINTING'
    configuration option at compile time: If set to value 1, you
    get the old Infinality mode (which was never the default due to
    its slowness). Value 2 activates the new subpixel hinting mode,
    and value 3 activates both. The default is value 2. At run
    time, you can select the subpixel hinting mode with the
    `interpreter-version' property (provided you have compiled in
    the corresponding hinting mode); see `ftttdrv.h' for more.
  * Support for the following scripts has been added to the
    auto-hinter: Armenian, Cherokee, Ethiopic, Georgian, Gujarati,
    Gurmukhi, Malayalam, Sinhala, Tamil.
- Rebase freetype2-subpixel.patch.
- Update to version 2.6.3
  - Khmer,  Myanmar, Bengali,  and Kannada  script support  has been
    added to the auto-hinter.
  - Better  support of  Indic  scripts like  Devanagari  by using  a
    top-to-bottom hinting flow.
  - All  FreeType macros  starting  with two  underscores have  been
    renamed to  avoid a violation of  both the C and  C++ standards.
    Example: Header  macros of the  form `__FOO_H__' are  now called
    `FOO_H_'.  In most cases,  this should be completely transparent
    to the user.   The exception to this  is `__FTERRORS_H__', which
    must be  sometimes undefined by  the user to get  FreeType error
    strings:  Both this  form and  the new  `FTERRORS_H_' macro  are
    accepted for backwards compatibility.
  - Minor improvements mainly to the Type 1 driver.
  - The  new CFF  engine now  supports all  Type 2  operators except
  - The macro `_STANDALONE_', used for  compiling the B/W and smooth
    rasterizers  as   stand-alone  modules,  has  been   renamed  to
    `STANDALONE_', since macro names starting with an underscore and
    followed by an uppercase letter are reserved in both C and C++.
  - Function  `FT_Library_SetLcdFilterWeights'  now  also  activates
    custom LCD filter weights (instead of just adjusting them).
  - Support for  `unpatented hinting'  has been  completely removed:
    Consequently,  the two  functions `FT_Face_CheckTrueTypePatents'
    and  `FT_Face_SetUnpatentedHinting'  now  return  always  false,
    doing nothing.
- Update to version 2.6.2
  - The auto-hinter now supports stem darkening, to be controlled by
    the    new   `no-stem-darkening'    and   `darkening-parameters'
    properties.   This is  an  experimental  feature contributed  by
    Nikolaus Waxweiler, and  the interface might change  in a future
  - By default, stem darkening is now switched off (for both the CFF
    engine and the  auto-hinter).  The main reason is  that you need
    linear  alpha  blending  and  gamma correction  to  get  correct
    rendering results, and  the latter is not yet  available in most
    freely  available  rendering  stacks like  X11.   Applying  stem
    darkening without proper gamma correction  leads to far too dark
    rendering results.
  - The   meaning  of   `FT_RENDER_MODE_LIGHT'  has   been  slightly
    modified.   It  now  essentially  means `no  hinting  along  the
    horizontal  axis'; in  particular,  no change  of glyph  advance
    widths.  Consequently, the auto-hinter  is used for all scalable
    font  formats  except  for  CFF.    It  is  planned  that  other
    font-specific rendering engines (TrueType, Type 1) will follow.
  - The default  LCD filter  has been changed  to be  normalized and
  - For    better    compatibility   with    FontConfig,    function
    `FT_Library_SetLcdFilter'  accepts   a  new   enumeration  value
    `FT_LCD_FILTER_LEGACY1'   (which  has   the   same  meaning   as
  - A large number of bugs have been detected by using the libFuzzer
    framework,  which should  further  improve  handling of  invalid
    fonts.  Thanks again to Kostya Serebryany and Bungeman!
  - `TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES',  a   new  configuration
    option, controls the maximum number of executed opcodes within a
    bytecode program.  You don't want to change this except for very
    special  situations (e.g.,  making a  library fuzzer  spend less
    time to handle broken fonts).
  - The smooth renderer has been made faster.
- Update to version 2.6.1
  - It turned  out that for CFFs  only the advance widths  should be
    taken from the  `htmx' table, not the side  bearings.  This bug,
    introduced in  version 2.6.0, makes  it necessary to  upgrade if
    you are using  CFFs; otherwise, you get cropped  glyphs with GUI
    interfaces like GTK or Qt.
  - Accessing Type 42 fonts returned  incorrect results if the glyph
    order of the embedded TrueType font differs from the glyph order
    of the Type 42 charstrings table.
  - The header  file layout  has been  changed (again),  moving  all
    header files except `ft2build.h' into a subdirectory tree.
    Doing so  reduces the  possibility of  header file  name clashes
    (e.g., FTGL's  `FTGlyph.h' with FreeType's `ftglyph.h')  on case
    insensitive file systems like Mac OS X or Windows.
    Applications  that  use  (a)  the  `freetype-config'  script  or
    FreeType's `freetype2.pc' file for pkg-config to get the include
    directory  for the  compiler,  and (b)  the  documented way  for
    header inclusion like
    [#]include <ft2build.h>
    [#]include FT_FREETYPE_H
    don't need any change to the source code.
  - Simple access  to named instances  in GX variation fonts  is now
    available (in addition to the  previous method via FreeType's MM
    interface).   In  the `FT_Face'  structure,  bits  16-30 of  the
    `face_index' field hold the current named instance index for the
    given face  index, and bits  16-30 of `style_flags'  contain the
    number of  instances for  the given face  index.  `FT_Open_Face'
    and friends also understand the  extended bits of the face index
    You need to enable  TT_CONFIG_OPTION_GX_VAR_SUPPORT for this new
    feature.  Otherwise, bits  16-30 of the two fields  are zero (or
    are ignored).
  - Lao script support has been added to the auto-hinter.
  - The auto-hinter's Arabic script support has been enhanced.
  - Superscript-like and  subscript-like glyphs  as used  by various
    phonetic alphabets like the IPA  are now better supported by the
  - The TrueType bytecode interpreter now runs slightly faster.
  - Improved support for builds with cmake.
  - The  function  `FT_CeilFix'  now   always  rounds  towards  plus
  - The  function  `FT_FloorFix'  now always  rounds  towards  minus
  - A  new load  flag `FT_LOAD_COMPUTE_METRICS'  has been  added; it
    makes FreeType  ignore pre-computed  metrics, as needed  by font
    validating  or  font  editing  programs.  Right  now,  only  the
    TrueType  module supports  it  to ignore  data  from the  `hdmx'
  - Another round of bug fixes  to better handle broken fonts, found
    by Kostya Serebryany <>.
- Dropping upstreamed patch Dont-use-hmtx-table-for-LSB.patch.
- Add Dont-use-hmtx-table-for-LSB.patch: Fixes gnu#45520, cut off
  fonts in gtk and qt. Taken from upstream git.
- Update to version 2.6
  * Thread safety improvements
  * Thai script support has been added to the auto-hinter.
  * Arabic script support has been added to the auto-hinter.
  * Following OpenType version 1.7,  advance widths and side bearing
    values in  CFFs (wrapped  in an SFNT  structure) are  now always
    taken from the `hmtx' table.
  * Following OpenType  version 1.7, the  PostScript font name  of a
    CFF font (wrapped in an SFNT structure) is now always taken from
    the `name'  table.  This is  also true for  OpenType Collections
    (i.e., TTCs using  CFFs subfonts instead of TTFs),  where it may
    have a significant difference.
  * Fonts natively hinted for  ClearType are now supported, properly
    handling selector index 3 of the INSTCTRL bytecode instruction.
  * Major improvements to the GX TrueType variation font handling.
- Merge with the version 2.5.5 from openSUSE:Factory
- Removed patches:
  * CVE-2014-9656.patch
  * CVE-2014-9657.patch
  * CVE-2014-9658.patch
  * CVE-2014-9659.patch
  * CVE-2014-9660.patch
  * CVE-2014-9661.patch
  * CVE-2014-9662.patch
  * CVE-2014-9663.patch
  * CVE-2014-9664.patch
  * CVE-2014-9665.patch
  * CVE-2014-9666.patch
  * CVE-2014-9667.patch
  * CVE-2014-9668.patch
  * CVE-2014-9669.patch
  * CVE-2014-9670.patch
  * CVE-2014-9671.patch
  * CVE-2014-9672.patch
  * CVE-2014-9673.patch
  * CVE-2014-9674.patch
  * CVE-2014-9675.patch
  - Integrated in the 2.5.5 release
- Modified patches:
  * don-t-mark-libpng-as-required-library.patch
  * bugzilla-308961-cmex-workaround.patch
  * freetype2-subpixel.patch
  * freetype2-bitmap-foundry.patch
  * overflow.patch
  - Adapt to the new version of sources
- Modified patch:
  * CVE-2014-9671.patch
  - Adapt the code to correspond to the current git master of
    freetype2 (fixes bsc#933247)
- Enable the bz2 compression in freetype2
- Remove patch overflow.patch from freetype2.spec where it is not
- Run spec-cleaner on the spec file.
- fixed vulnerabilities (bnc#916847, bnc#916856, bnc#916857,
  bnc#916858, bnc#916859, bnc#916860, bnc#916861, bnc#916862,
  bnc#916863, bnc#916864, bnc#916865, bnc#916867, bnc#916868,
  bnc#916870, bnc#916871, bnc#916872, bnc#916873, bnc#916874,
  bnc#916879, bnc#916881)
  - CVE-2014-9656.patch
  - CVE-2014-9657.patch
  - CVE-2014-9658.patch
  - CVE-2014-9659.patch
  - CVE-2014-9660.patch
  - CVE-2014-9661.patch
  - CVE-2014-9662.patch
  - CVE-2014-9663.patch
  - CVE-2014-9664.patch
  - CVE-2014-9665.patch
  - CVE-2014-9666.patch
  - CVE-2014-9667.patch
  - CVE-2014-9668.patch
  - CVE-2014-9669.patch
  - CVE-2014-9670.patch
  - CVE-2014-9671.patch
  - CVE-2014-9672.patch
  - CVE-2014-9673.patch
  - CVE-2014-9674.patch
  - CVE-2014-9675.patch
- Update to version 2.5.5
  - Handling of  uncompressed PCF files works again (bug
    introduced in version 2.5.4).
- Drop freetype2-2.5.3-fix-pcf.patch, merged upstream
- Update to version 2.5.4
  - A variant of vulnerability CVE-2014-2240 was identified
    (cf. and fixed
    in  the new CFF driver.  All users should upgrade.
  - The new auto-hinter code using HarfBuzz crashed for some
    invalid fonts.
  - Many fixes to better protect against malformed input.
  - Full auto-hinter support of the Devanagari script.
  - Experimental auto-hinter support of the Telugu script.
  - CFF stem darkening behaviour can now be controlled at
    build time using the eight macros
  - Some fields in the `FT_Bitmap'  structure have been changed
    from signed to unsigned type, which better reflects
    the actual usage. It is also an additional means to
    protect against malformed input. This change doesn't break
    the ABI; however, it might cause compiler warnings.
  - Improvements to  the auto-hinter's algorithm to recognize
    stems and local extrema.
  - Function `FT_Get_SubGlyph_Info' always returned an error
    even in case of success.
  - Version  2.5.1 introduced major bugs in the cjk part of
    the auto-hinter, which are now fixed.
  - The `FT_Sfnt_Tag' enumeration values have been changed to
    uppercase,  e.g.  `FT_SFNT_HEAD'. The lowercase variants
    are deprecated. This is for orthogonality with all other
    enumeration (and enumeration-like) values in FreeType.
  - `cmake' now supports builds of FreeType as an OS X framework
    and for iOS.
  - Improved project files for vc2010,
    introducing a property file
  - The documentation generator for the API reference has been
    updated to produce  better HTML code (with proper  CSS).
    At the same time, the documentation got a better structure.
  - The FT_LOAD_BITMAP_CROP flag is obsolete; it is not used
    by any driver.
  - The TrueType DELTAP[123] bytecode instructions now work in
    subpixel hinting mode as described in the ClearType
    whitepaper (i.e., for touched points in the
    non-subpixel direction).
  - Many small improvements to the internal arithmetic routines.
- Rebase don-t-mark-libpng-as-required-library.patch,
  bugzilla-308961-cmex-workaround.patch, freetype2-subpixel.patch,
  freetype2-bitmap-foundry.patch and overflow.patch
- Add freetype2-2.5.3-fix-pcf.patch from upstream to resolve, "/Freetype 2.5.4 does not
  load ungzipped PCF fonts"/
- user_allow_other restriction may be bypassed (bsc#1101797, CVE-2018-10906)
  - fusermount-prevent-silent-truncation-of-mount-options.patch
  - fusermount-dont-feed-escaped-commans-into-mount-options.patch
  - fusermount-bail-out-on-transient-config-read-failure.patch
  - fusermount-refuse-unknown-options.patch
  - fusermount-whitelist-known-good-filesystems-for-mountpoints.patch
- Fix download link in fuse.spec
- fuse 2.9.7
  * Shared-object version has now been bumped correctly.
  * Added SELinux support.
  * Fixed race-condition when session is terminated right after
    starting a FUSE file system.
- Ensure trusted group is available on Tumbleweed.
- fuse 2.9.5:
  * fix warning in mount.c:receive_fd().
  * fix possible memory leak.
  * new upstream project and source URL
  * add new maintainer keyring and verify source signature
- Update to version 2.9.4
  - fix exec environment for mount and umount (bsc#931452,
  - properly restore the default signal handler
  - fix directory file handle passed to	ioctl() method.
  - fix for uids/gids larger than 2147483647
  - initialize stat buffer passed to ->getattr() and ->fgetattr()
- include commented default fuse.conf (bnc#908292)
- Update to version 2.9.3
  - Bug fixes
- Remove fuse-gnu_source.patch (fixed upstream)
- add aarch64-build-fix.patch
- Added url as source.
  Please see
- fix build for SLE_11
- Use autoreconf directly instead of
- Update to version 2.9.2
  - Add support for fallocate() (kernel >= 3.5)
  - Bug fixes
- Remove fix-pthread-in-fuse.pc.patch; now included in upstream
- Don't patch generated files such as configure and;
  instead, regenerate them using from SVN repository
- update license to new format
- avoid autoreconf to avoid breaking on updates of auto* tools
- Remove redundant tags/sections from specfile
- Parallel build with %_smp_mflags
- Trim list of FUSE fses from description (it's literally endless)
  and text inappropraite for subpackages
- Fix -pthread in fuse.pc [bnc#761117]
- place binaries in /usr tree (UsrMerge project)
- update to 2.9.0
  - Add "/zero copy"/ support for kernel 2.6.35 or newer
  - Make maximum background requests tunable on kernel 2.6.32 or
  - Require --no-canonicalize in (u)mount (util-linux version 2.18
    or newer) to fix security problems with fusermount
  - Use dynamically sized hash tables in high level library
  - Memory use of filesystem daemon can shrink more easily
  - Add "/auto_unmount"/ option
  - Add "/remember"/ option
  - Add man pages for fusermount, mount.fuse and ulockmgr_server
  - API changes:
  - Introduce "/store"/ and "/retrieve"/ for accessing kernel
    buffers on kernel 2.6.36 or newer
  - Introduce abstract buffer for zero copy operations
  - Allow path calculation to be omitted on certain operations
  - Allow batching forget requests
  - Add "/flock"/ method
  - Add support for ioctl on directories
  - Add delete notification
- drop fuse-pc-remove-libdir-from-Libs.diff (upstream)
- use %set_permissions instead of %run_permissions in specfile
- compile /bin/fusermount as a position independent executable
- update to 2.8.7
  * fix ambiguous symbol version for fuse_chan_new
  * prevent calling ulockmgr_server with illegal arguments
  * fix hang in wait_on_path()
- handle case of failure to allocate request [bnc#723616]
- add libtool as buildrequire to make the spec file more reliable
- enabling libulockmgr
- Must define _GNU_SOURCE to get clone()  system call.
- licenses package is about to die
- In case of failure to add to /etc/mtab don't umount. [bnc#668820]
- Fix symlink attack for mount and umount [bnc#651598]
- Remove /etc/init.d/boot.fuse [bnc#648843]
- update to 2.8.5
  * fix option escaping for fusermount [bnc#641480]
- keep examples and internal docs in devel package (from jnweiger)
- update to 2.8.4
  * fix checking for symlinks in umount from /tmp
  * fix umounting if /tmp is a symlink
- update to 2.8.3
  * fix unmounting with util-linux version >= 2.17
- update to 2.8.2
  * fix unmount race (CVE-2009-3297)
  * fix deadlock with "/audit"/ subsystem on mount (also requires
    util-linux-ng version >=2.17)
- package baselibs.conf
- update to 2.8.1:
  * fix missing versioned symbol fuse_get_context@FUSE_2.2
- update to 2.8.0:
  * more scalable directory tree locking
  * atomic open(O_TRUNC) support
  * support big write requests on kernels 2.6.26 and newer
  * out-of-tree fuse module removed
  * better NFS exporting support
  * new ioctl and poll requests
  * new CUSE (Character Device in Userspace) interface
  * allow umask processing in userspace
  * added cache invalidation notifications
  * bugfixes and small improvements
- Fix exclude usage.
- remove static libraries and "/la"/ files
- spec file cleanup
- update to version 2.7.4
  * Fix missing pthread_mutex_destroy in error path of
  fuse_lib_opendir().  Patch by Szabolcs Szakacsits
- adding baselibs.conf to build -xxbit
- split lib* packages into own spec file to avoid a build cycle
- found a testsuite, run it, but ignore result since it show
  breakages. Should be revisited.
- Added 0001-Poll-files-on-nfs4.patch (bgo#693006) and
  gamin-0.1.11-double-lock.patch (bgo#669292)
- add conflict with libfam0-32bit
- Spec file cleanups
- Provide and obsolete libgamin in case of sonum changes
- Have the -devel package provide -devel-static as well since it has .a files
- Changed the baselibs.conf to use the libs per openSUSE policy
- Added duplicate files check
- Use exact EVR for Provide: symbols
- Added version for fam-server provides
- Added obsoletes for fam-server
- Added obsoletes for gamin-python
- Switched to original gzipped tar
- Changed source to include upstream source URL to comply with new
  packaging guidelines
- Added patch to fix building in factory
- Cleaned up spec file formatting with spec-cleaner
- Added proper license header to spec file
- Split documentation package (fix for RPMLINT warning)
- Add fam-server provides to gamin-server (other gaming packages provide their fam counterpart)
- Implement shlib package (libfam0-gamin)
- Resolve build error due to source disabling deprecated contructs
  that it used
- add gamin-32bit package through baselibs.conf to fix KDE 32bit compatibility libs (thanks to Martin Vogt for reporting), which requires splitting %{_libexecdir}/gam_server into its own subpackage (gamin-server) to avoid file conflicts when both gamin and gamin-32bit are installed -- note that gamin and gamin-32bit both require the package gamin-server, so nothing needs to be done on the user end
- add patch to be completely ABI compatible with fam, in order to avoid warnings and crashes caused by "/Symbol `FamErrlist' has different size in shared object, consider re-linking"/; references:
- add return.patch
- Both library packages must require gamin-server sub-package.
- split lib* packages into own spec file to avoid a build cycle
  (avoiding glib2)
- GNU awk 4.2.1:
  * documentation updates
  * In MPFR mode, When ROUNDMODE changes, string values for
    numerically type values will be redone
  * various bug fixes
  * drop fold-string.patch, upstream
- Use %license (boo#1082318)
- fold-string.patch: Don't fold constant strings if either is translatable
- Update to gawk 4.2.0
  * If not in POSIX mode, changes to ENVIRON are reflected into
    gawk's environment
  * The series of numbers returned by rand() should now be "/more
    random"/ than previously
  * Multiple changes related to the pretty printer
  * The igawk script and igawk.1 man page are no longer installed
  * Gawk now processes a maximum of two hexadecimal digits in x
    escape sequences inside strings
  * Setting PROCINFO["/redirection"/, "/NONFATAL"/] to true makes I/O
    errors for "/redirection"/ not fatal
  * Gawk now supports retryable I/O via PROCINFO[input-file, "/RETRY"/]
  * Revisions in the POSIX standard remove the special case for POSIX
    mode when FS = "/ "/ where newline was not a field separator
  * Gawk now supports strongly typed regexp constants
  * The new typeof() function can be used to indicate if a variable or
    array element is an array, regexp, string or number
  * Optimizations are now enabled by default
  * Passing negative operands to any of the bitwise functions now
    produces a fatal error
  * The mktime function now accepts an optional second argument
  * The FIELDWIDTHS parsing syntax has been enhanced to allow specifying
    how many characters to skip before a field starts
  * The PROCINFO["/argv"/] array records all of gawk's command line arguments
    as gawk received them
- gawk_ppc64le_ignore_transient_test_time_failure.patch: removed
- also ignore transient test time failure on ppc64
- Added an explicit rpmlint rule to keep one file (gawkapi.h)
  from requiring a separate package.
* GNU awk 4.1.4:
  * z/OS support updated
  * debugger improvements
  * return value of system() enhanced to convey more information
  * two-way pipe handling improved
  * The -d option now allows -d- to print to standard output.
  * The DJGPP port is now officially deprecated.
- new gawk_ppc64le_ignore_transient_test_time_failure.patch
- GNU awk 4.1.3:
  * Regexp parsing with extra brackets should now be working again.
  * Updated to latest config.guess and config.sub.
  * bug fixes
- skip frequently failing and timing dependent test strftime
- Correct info files scriplet handling section
- Update info and update-alternatives requirements
- GNU awk 4.1.2:
  * manual improved
  * The debugger's "/restart"/ command now works again.
  * Redirected getline is now allowed inside BEGINFILE/ENDFILE.
  * A number of bugs have been fixed in the MPFR code.
  * Indirect function calls now work for both built-in and extension
  * Built-in functions are now included in FUNCTAB.
  * In non-English locales, it was accidentally possible to use
    non-english letters for identifiers
  * The "/where"/ command has been added to the debugger as an alias
    for "/backtrace"/.
  * Gawk no longer explicitly checks the current directory after
    doing a path search of AWKPATH.
  * Infrastructure upgrades: Automake 1.15, Gettext 0.19.4,
    Libtool 2.4.6, Bison 3.0.4.
  * If a user-defined function has a parameter with the same name
    as another user-defined function, it is no longer possible to
    call the second function from inside the first.
  * POSIX requires that the names of function parameters not be the
    same as any of the special built-in variables and also not
    conflict with the names of any functions. Gawk has checked for
    the former since 3.1.7. With --posix, it now also checks for
    the latter.
  * The test suite should check for necessary locales and skip the
    tests where it matters if support isn't what it should be.
  * Gawk now expects to be compiled on a system with multibyte
    character support.
- drop gawk-4.1.1-build-baddest.patch, upstream
- remove optional libsigsegv dependency
- GNU awk 4.1.1:
  * The "/stat"/ extension now includes a "/devbsize"/ element which
    indicates the units for the "/nblocks"/ element.
  * A number of bugs in the pretty-printing / profiling code have
    been fixed.
  * The -O option now works again.
  * The --include option, documented since 4.0, now actually works.
  * Infrastructure updated to automake 1.13.4, bison 3.0.2, and
  * The configure script now accepts a --disable-extensions option,
    which disables checking for and building the extensions.
  * The API now provides functions pointers for malloc(), calloc(),
    realloc() and free(), to insure that the same memory allocation
    functions are always used. This bumps the minor version by one.
  * The printf quote flag now works correctly in locales with
    a different decimal point character but without a thousands
    separator character. If the thousands separator is a string,
    it will be correctly added to decimal numbers.
  * The readfile extension now has an input parser that will read
    whole files as a single record.
- packaging changes:
  * remove added German po file and scanning of translations
  * remove profiling, fixing warning make-check-outside-check-section
  * remove autoreconf call
  * drop gawk-3.1.8.diff
  * drop older-automake.diff, not required for factory
  * build with libsigsegv
  * no not regenerate info pages
  * add gawk-4.1.1-build-baddest.patch required for install
  * switch to xz tarball
  * verify source signature
- adjust update-alternative usage to packaging policy
- Update to version 4.1.0
  * The three executables gawk, pgawk, and dgawk, have been merged into
    one, named just gawk.
  * The new -i option (from xgawk) is used for loading awk library files.
  * The new -l option (from xgawk) is used for loading dynamic extensions.
  * The dynamic extension interface has been completely redone.  There is
    now a defined API for C extensions to use.  A C extension acts like
    a function written in awk, except that it cannot do everything that awk
    code can. However, this allows interfacing to any facility that is
    available from C.
  * The "/inplace"/ extension, built using the new facility, can be used to
    simulate the GNU "/sed -i"/ feature.
  * The and(), or() and xor() functions now take any number of arguments,
    with a minimum of two.
  * New arrays: SYMTAB, FUNCTAB, and PROCINFO["/identifiers"/]. SYMTAB allows
    indirect access to any defined variable or array; it is possible to
    "/walk"/ the symbol table, if that should be necessary.
- Refreshed gawk-3.1.8.diff
- Add older-automake.diff to support automake 1.12
- Added url as source.
  Please see
- Remove unneded %clean section
- add explicit buildrequire makeinfo
- Update to version 4.0.1
  * completed the implementation of Rational Range Interpretation
  * failure to get the group set is no longer a fatal error
  * lots of minor bugs fixed and portability clean-ups
- refreshed gawk-3.1.8.diff
- removed gawk-revert-gsub-gawk3.patch deprecated by this release
- keep binaries in /usr tree {UsrMerge project)
- Compress message catalog.
- Use latest german message catalog.
- Call update-po as part of package build.
- license update: GPL-3.0+
  gawk is GPL-3.0+ in 4.0.0
- add automake as buildrequire to avoid implicit dependency
- Revert sub/gsub behavior to that of gawk 3.x. Upstream commit
- Update to version 4.0.0 , important changes
  * The special files /dev/pid, /dev/ppid, /dev/pgrpid and /dev/user are
    now completely gone. Use PROCINFO instead.
  * The POSIX 2008 behavior for `sub' and `gsub' are now the default.
  * In POSIX mode, string comparisons use strcoll/wcscoll.
  * Gawk now treats ranges of the form [d-h] as if they were in the C
- update to 3.1.8:
  * The zero flag no longer applies to %c and %s; apparently the standards
  changed at some point.
  * Failure to open a socket is no longer a fatal error.
  * dfa.h and dfa.c are now more-or-less in sync with GNU grep, for the first
  time in many years.
  * Gawk no longer includes its own copy of libsigsegv but it will use it if
  installed on the build system. The --disable-libsigsegv configure option
  is now gone.
  * The ' flag (%'d) is now just ignored on systems that can't support it.
  * Gawk now has support for z/OS (IBM S/390 architecture).
  * Gawk now handles multibyte strings better in [s]printf with field
  widths and such.
  * A getline from a directory is no longer fatal; instead it returns -1.
  * Per POSIX, special variable names (like FS) cannot be used as function
  parameter names.
  * The new -O / --optimize option enables simple constant folding on
  the parse tree during parsing.  We hope that with time the number
  of optimizations will increase.
  * Lots of bug fixes, see the ChangeLog.
- use %_smp_mflags
- use update-alternatives
- updated patches to apply with fuzz=0
- Update to GCC 10.3.0 release (63fa67847628e5f358e7e2e7e), git1587
- Disable nvptx offloading for aarch64 again since it doesn't work
- Update to gcc-10 branch head (892024d4af83b258801ff7484), git1574
  * Includes GCC 10.3 RC1
- Update to gcc-10 branch head (592388d4f6e8a6adb470428fe), git1450
- Update to gcc-10 branch head (85977f624a34eac309f9d77a5), git1331
  * Includes fix for [bsc#1182016]
- The 32bit nvptx libgomp plugin is no longer built, do not attempt
  to package it.
- Remove include-fixed/pthread.h
- Change GCC exception licenses to SPDX format
- Update to gcc-10 branch head (e563687cf9d3d1278f45aaebd), git1030
  * Includes fix for firefox build [gcc#97918]
- Do not specify alternate offload compiler location at
  configure time.
- Update README.First-for.SuSE.packagers
- Install offload compilers for gcc10-testresults build
- Enable fortran for offload compilers.
- Add gcc10-amdgcn-llvm-as.patch to fix build of amdgcn offload
  compiler with llvm11.
- Update to gcc-10 branch head (98ba03ffe0b9f37b4916ce6238), git958.
  * Includes fix for memcpy miscompilation on aarch64.
    [bsc#1178624, bsc#1178577]
- Fix 32bit link.  [bsc#1178675]
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it
  stays /%lib. (boo#1029961)
- Update to gcc-10 branch head (a78cd759754c92cecbf235ac9b), git872.
- Build complete set of multilibs for arm-none target [bsc#1106014]
  * Fixes inadvertant mixture of ARM and Thumb instructions in linker output
- Update to gcc-10 branch head (c0746a1beb1ba073c7981eb09f), git583.
  * Fixes ABI breakage for as-base CDTORs of final classes.  [gcc#95428]
- Update to gcc-10 branch head (d523b5201cce1796717a8ca669), git580.
  * Includes gcc10-streamer-backports1.patch and
  * Includes fixes for LTO ICE [bsc#1175168] and aarc64 128bit
    CAS miscompilation [bsc#1174753].
- Update to gcc-10 branch head (dda1e9d08434def88ed86557d0), git501.
  * Includes fix for AARCH64 kernel build failure.  [bsc#1174817]
  * Includes aarch64 SLS mitigation changes.  [bsc#1172798, CVE-2020-13844]
- Add gcc10-streamer-backports1.patch and gcc10-streamer-backports2.patch.
- Enable x86 CET runtime for SLES15 and Leap15 also.
- Do not enable the now deprecated HSA offloading capability.
- Update to gcc-10 branch head (c0438ced53bcf57e4ebb1c38c), git465.
  * Includes GCC 10.2 release.  [bsc#1173972] [jsc#ECO-2373]
  * Picks up fixes for C++20 coroutines support.  [jsc#SLE-12297]
  * Picks up fix for a recent chromium build fail.
- Build x86 CET enabled runtime for Factory.
- Disable GCN offloading for SLE12 and SLE15 GA.
- Update to gcc-10 branch head (12e1a54b06777db74ce375496), git355.
  * Includes fix for non-reproducible builds with LTO [bsc#1172846].
- Enable nvptx support for aarch64
- Update to gcc-10 branch head (c91e43e9363bd119a695d6450), git290.
  * Includes fix for PR95719, fixing LibreOffice.
- Enable c++ for arm-none-eabi
- Update to gcc-10 branch head (b0461f44076c26ced5526e4fd6), git68.
- Add gcc10-foffload-default.patch to make offloading ignore
  offload targets that have not been installed both at compile
  and runtime (for the libgomp plugin part).
- Update to gcc-10 branch head (dd38686d9c810cecbaa80bb82e), git40.
  * Includes GCC 10.1 release.
- Update to gcc-10 branch head (2aaa1dc3c87372fd55c1c33aa7a), git5.
  * Includes first release candidate for GCC 10.1.
  * Includes gcc10-pr94734.patch
- Update to master head (3685c5adf5c0b30268cb8f95c89e4), git176017.
- Add gcc10-pr94734.patch
- Update to master head (b835645c7a51b7e99092abe61d677), git175845.
- Drop to 4 jobs as constraint for s390x.
- Update to master head (effcb4181e143bc390286a489ff84), git175831.
- Package arm_cde.h and arm_mve_types.h for arm.
- Alter _constraints to also constrain jobs.
- Add libzstd-devel BuildRequires to cross compiler specs.
- Switch to release checking builds.
- Update to master head (2dc9294c3c7c81a6d5e1d4dedf58f), git175805.
- Update to master head (13e41d8b9d3d7598c72c38acc86a3), git175688.
- Update to master head (c72a1b6f8b26de37d1a922a8af143), git175641.
- Update to master head (038769535a8cbdd3dd3e100bde314), git175499.
- Update to master head (75c24a08d697d6442fe6c26142f05), git175422.
- Update to master head (7d4549b2cd209eb621453ce13be7f), git175366.
- Update to master head (c7e9019681857b329bbe4c1e7ec8d), git175348.
- Package arm_mve.h for arm.
- Update to master head (4e3d3e40726e1b68bf52fa205c68495124ea60b8).
- libgphobos and libgdruntime SONAME versions were reset to 1.
- Update to master head (3604480a6fe493c51d6ebd53d9b1abeebbbb828f).
- Update embedded newlib to newlib-3.3.0.tar.xz, drop old
- Enable support for amdgcn-amdhsa OpenMP/OpenACC offloading.
- Update to master head (655e5c29ae4080666154b3e10ac81116a1b7a638).
- Re-add gcc9-reproducible-builds.patch and
- Update to master head (778a77357cad11e8dd4c810544330af0fbe843b1).
  * Includes fix for binutils version parsing [gcc#93965]
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
  with same minor version of libstdc++6-pp from gcc9.
- Disable zstd use for SLES15 and older.
- Bump to rfa1160f6e50500aa38162fefb43bfb10c25e0363.
- Bump to r33351ff9faa21c4c1af377d661a52ac0ce366db3.
- Adjust installed headers for arm and aarch64, enable link-mutex
  for riscv64.
- Don't remove go tool buildid, needed for bootstrapping go
- Increase disk constraint
- Bump to rc940105cc17111be98d8d42ba48a413b0e63aebe.
- Bump libtool version of libgo.
- Bump to r269e8130b77065452698ab97e5da77d132d00276.
- Bump to r507de5ee23efdc8a16d6b0b6488e118055c711cd.
- Add lto-dump to cross packages.
- New package, inherits from gcc9
  * gcc-add-defaultsspec.diff, add the ability to provide a specs
    file that is read by default
  * tls-no-direct.diff, avoid direct %fs references on x86 to not
    slow down Xen
  * gcc43-no-unwind-tables.diff, do not produce unwind tables for
    CRT files
  * gcc41-ppc32-retaddr.patch, fix expansion of __builtin_return_addr
    for ppc, just a testcase
  * gcc44-textdomain.patch, make translation files version specific
    and adjust textdomain to find them
  * gcc44-rename-info-files.patch, fix cross-references in info files
    when renaming them to be version specific
  * gcc48-libstdc++-api-reference.patch, fix link in the installed
    libstdc++ html documentation
  * gcc48-remove-mpfr-2.4.0-requirement.patch, make GCC work with
    earlier mpfr versions on old products
  * gcc5-no-return-gcc43-workaround.patch, make build work with
    host gcc 4.3
  * gcc7-remove-Wexpansion-to-defined-from-Wextra.patch, removes
    new warning from -Wextra
  * gcc7-avoid-fixinc-error.diff
- Update to version 1.12
  * New configuration variable COMPATINCLUDEDIR
- Small spec file cleanups
- Clenup spec file with spec-cleaner
- Update project and download url
- Add gpg signature
- Enable checks
- Add obsoletes to baselibs.conf.
- update to 1.11:
  * Improved dump format.
  * New function: gdbm_count.
  * New utilities: gdbm_dump and gdbm_load.
  * gdbmtool
- Specify exact version requirements for build
- buildrequire makeinfo
- license update: GPL-3.0+
  See the COPYING file
- update license to new format
- update baselibs.conf
- update to 1.10
  * fully internationalized. available in Finnish
    ,German, Japanese, Polish and Ukrainian
  * Support for close-on-exec flag in gdbm_open (see GDBM_CLOEXEC in the docs)
  * Improved testgdbm command system
  * Fixed Bug #150, should handle read(2) returning less data
  * Fixed Bug #151, uses uninitialized memory content
  * Fixed handling of NDBM databases in read-only mode
- add zh_CN translation
  * manually add. will submit to upstream.
- drop gdbm-1.8.3.diff (Patch0)
  * seems this one is useless.
- regenerate and change gdbm-1.8.3-no-build-date.patch (Patch4) to
  * its an universal solution no matter the version.
- drop gdbm-protoize_dbm_headers.patch (Patch1)
  * upstream fixed.
- drop gdbm-prototype_static_functions.patch (Patch2)
  * upstream fixed.
- drop gdbm-fix_testprogs.patch (Patch3)
  * upstream code change. now useless.
- Fixed typos in gdbm.spec descriptions
- fix baselibs.conf
- Name library package according to shlib policy
- Update description, source text from GNU homepage
- Remove redundant tags/sections
- Replace /usr/%_lib by simpler %_libdir
- add libtool as buildrequire to make the spec file more reliable
- fixed wrong header of dbmclose() in our
  protoize_dbm_headers.patch [bnc#640700]
- DO not include a compile date in the resulting binaries
- use %_smp_mflags
- add baselibs.conf as a source
- Enable parallel building for gdbm package
- Fix boo941629-unnessary-rpath-on-standard-path.patch (boo#941629)
- update to 0.20.2:
  * The programs 'gettext', 'ngettext', when invoked with option -e,
    now expand '/' and octal escape sequences, instead of
    swallowing them
  * xgettext now recognizes 'gettext' program invocations with the
    '-e' option, such as gettext -e 'somenstringn'
  * xgettext now assumes a Python source file is in UTF-8 encoding
    by default, as stated in PEP 3120
  * The value of the 'Icon' property is no longer extracted into
    the POT file by xgettext
- Don't disable openmp with qemu, the emulation works now
- Add libtextstyle0 to baselibs.conf: gettext-runtime-32bit has a
  dependency on it, so we also need the library built as -32bit.
- Add missing Requires: libtextstyle0 in corresponding devel package,
  drop gettext-runtime Requires.
- Skip creation of shared libtextstyle in -mini flavor.
- Statically link to libtextstyle in -mini flavor, fixes
  broken bootstrap of gettext.
- Add -lm to LDFLAGS (boo#1138806)
- Added xz to requires (boo#1141380)
- The previous update to 0.20.1 also fixes (boo#1113719)
- Remove autoreconf call (not required), and drop the no longer
  required libtool build dependency.
- Heed SLPP by placing in the right package.
- Drop documentation from libtextstyle0, no one will read it there.
- Drop static library.
- Remove pointless ldconfig calls for libtextstyle-devel.
- Avoid pointless sh invocation of libtextstyle0 scriptlets.
- Avoid unnecessary |xargs rm.
- Remove redundant %clean section.
- Disable LTO (boo#1138806).
- Updatetd to 0.20.1
  + msgfmt now eliminates the POT-Creation-Date header field from .mo files.
  + update-po target in now uses msgmerge --previous.
  + msgmerge now has an option --for-msgfmt, that produces a PO file meant
    for use by msgfmt only.  This option saves processing time, in particular
    by omitting fuzzy matching that is not useful in this situation.
  + The .pot file in a 'po' directory is now erased by "/make maintainer-clean"/.
  + It is now possible to override xgettext options from the po/
    through options in XGETTEXT_OPTIONS (declared in po/Makevars).
  + The --intl option of the gettextize program (deprecated since 2010) is
    no longer available. Instead of including the intl sources in your package,
    we suggest making the libintl library an optional prerequisite of your
    package. This will simplify the build system of your package.
  + Accordingly, the Autoconf macro AM_GNU_GETTEXT_INTL_SUBDIR is gone as well.
  + C, C++:
  * xgettext now supports strings in u8"/..."/ syntax, as specified in C11
    and C++11.
  * xgettext now supports 'p'/'P' exponent markers in number tokens, as
    specified in C99 and C++17.
  + C++:
  * xgettext now supports single-quotes in number tokens, as specified in
  + Shell:
  * The programs 'gettext', 'ngettext' now support a --context argument.
  * contains new function eval_pgettext and eval_npgettext
    for producing translations of messages with context.
  + Perl:
  * Native support for context functions (pgettext, dpgettext, dcpgettext,
    npgettext, dnpgettext, dcnpgettext).
  * better detection of question mark and slash as operators (as opposed
    to regular expression delimiters).
  + Scheme:
  * xgettext now parses the syntax for specialized byte vectors (#u8(...),
    [#]vu8(...), etc.) correctly.
  + Pascal:
  * xgettext can now extract strings from .rsj files, produced by the
    Free Pascal compiler version 3.0.0 or newer.
  + Vala:
  * xgettext now parses escape sequences in strings more accurately.
  + JavaScript:
  * xgettext now parses template literals correctly.
- Rebased gettext-dont-test-gnulib.patch
- Removed gettext-needlessly_init_vars.patch (now in upstream)
- Rebased gettext-po-mode.diff
- Removed msgfmt-remove-pot-creation-date.patch (now in upstream)
- Removed msgfmt-reset-msg-length-after-remove.patch (now in upstream)
- Removed parts of reproducible.patch (now in upstream)
- reproducible.patch: generate timestamp in .pot files from SOURCE_DATE_EPOCH
  for reproducible builds
- Only Require(Pre/Post) info in the non-mini variant: as the -mini
  version is only used inside OBS, it is irrelevant if the info
  files are present and registered or not.
- Add reproducible.patch to override build date (boo#1047218)
- Add patch msgfmt-reset-msg-length-after-remove.patch
  which does reset the length of message string after a line
  has been removed (boo#1106843)
- Use %license instead of %doc [bsc#1082318]
- Fix %install_info_delete usage:
  * It has to be performed in %preun, not %postun.
  * This fixes warning messages upon package removal.
- Ignore Recommends: on non-SUSE distributions
- Explicitly remove %{_infodir}/dir before creating package to
  allow builds on RHEL and derived Linux distributions
- Ignore rpm-build's dependency on gettext-tools while building
  the -mini variant: before gettext-runtime-mini is built, there is
  no provider of this symbol in a bootstrap cycle.
- Explicitly call autoreconf, as we have patches touching the build
  system. Implicit calling automake/autoconf works only as long as
  the version on the system is the same as was used to bootstrap
- Add msgfmt-remove-pot-creation-date.patch
  to enable reproducible builds of packages using gettext-runtime
  such as dfc, e2fsprogs and acl
- GNU gettext
  * Fix unintentional soname bump
- GNU gettext 0.19.8:
  * msgfmt now produces little-endian .mo files by default.
  * xml: xgettext and msgfmt now look for .its files in directories
    supplied through the GETTEXTDATADIRS or XDG_DATA_DIRS
    environment variable.
  * JavaScript: xgettext and msgfmt now recognize numbered
    arguments in format strings.
- drop gettext-runtime-grep-2.24.patch, no longer required for 2.25
- GNU gettext 0.19.7:
  * can now load custom string extraction rules in XML
    Internationalization Tag Set (ITS) standard
  * the existing XML-based language scanners (Glade, GSettings, and
    AppData) rewritten using ITS
  * Add msgfmt --xml option to merge translations back to the
    original XML document.
- Add gettext-runtime-grep-2.24.patch: Fix test suite with
  grep 2.24 (
- Recommend  bison-lang by gettext-tools, as it is used by them.
- GNU gettext 0.19.6:
  * Support AppData file format
  * po/ can now insert the file $(DOMAIN).pot-header
    to $(DOMAIN).pot, instead of the standard header comments.
  * Fix mishandling of gettext version numbers for minor releases, in
    po-mode.el and gettextize.
  * Fix build with --enable-relocatable.
- remove no longer required gettext-
- add patch: boo941629-unnessary-rpath-on-standard-path.patch
  * config.rpath from gettext-tools will set rpath for ELF binaries
    not in /usr/lib, even if it's the standard path the linker
    would search anyway.
- Add gettext-
  * workaround gettextize in gettext, see
- GNU gettext
  * fix build on old platforms where stpcpy and stpncpy is missing
- GNU gettext 0.19.5:
  * xgettext: feature to perform syntax checks on msgid, via
  - -check option or "/xgettext: "/ commentgs
  * msgfilter, msgexec: new option --newline
  * The base Unicode standard is now updated to 8.0.0.
  * msginit is now capable of generating "/Plural-Forms:"/ from
    Unicode CLDR. Via  GETTEXTCLDRDIR environment variable.
  * Improved Programming languages support
  * drop gettext-check-allocated-size-for-static-segment.patch,
    is upstream
- Add gettext-check-allocated-size-for-static-segment.patch from upstream
  * Check if the embedded segment size is valid, before adding it to
    the string length. Please see
- GNU gettext 0.19.4:
  * The --keyword option of xgettext now accepts same argument
    number for both singular and plural forms.
  * Programming languages support:
  - C#: xgettext now properly handles Unicode characters encoded
    with surrogate pairs.
  - C/C++: xgettext now recognizes ISO/IEC 9899:2011 string
    literals prefixed by R, u8, u8R, u, uR, U, UR, L, or LR.
  - Shell: xgettext now properly recognizes Bash ANSI-C quoting
  * Bug fixes:
  - Fix integer overflow when reading certain MO files with
  - Avoid invalid memory access in various cases.  In particular,
    when the same argument number is specified for singular/
    plural arguments, and when checking Lisp and Scheme format
- fix 'echo -e' in script that may be unsupported in some
  POSIX-complete shells
- add patches:
  * gettext-0.19.3-fix-bashisms.patch
- GNU gettext 0.19.3:
  * Fix xgettext mishandling of octal character escapes in C.
  * Fix autopoint infinite recursion with certain
  * The po/Makevars file has a new field MSGINIT_OPTIONS, that can
    be used to adjust msginit's operation.  This is particularly
    useful for controlling line wrapping behavior together with
- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a
  gsize as length but stores in a guint, this patch will refuse if
  the length is larger than guint. (bsc#1182328,
- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a
  guint as parameter and sometimes leads into an integer overflow,
  so add a g_memdup2 function which uses gsize to replace it.
  (bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933,
- Add patches to support for slim format of timezone (bsc#1178346):
  + glib2-add-support-for-slim-timezone-format.patch: basic support
    for slim format (glgo#GNOME/glib!1533).
  + glib2-fix-6-days-until-the-end-of-the-month.patch: fix DST
    incorrect end day when using slim format
- Update to version 2.62.6:
  + This is expected to be the final release in the 2.62.x stable
    series; maintenance effort will shift to the newer 2.64.x
    stable series now.
  + Fix SOCKS5 username/password authentication.
  + Exception handling fixes on Windows.
  + Bugs fixed: glgo#GNOME/GLib#1986, glgo#GNOME/GLib#1988,
    glgo#GNOME/GLib#2049, glgo#GNOME/GLib!1378,
    glgo#GNOME/GLib!1380, glgo#GNOME/GLib!1393,
    glgo#GNOME/GLib!1394, glgo#GNOME/GLib!1411.
  + Updated translations.
- Update to version 2.62.5:
  + Fix potential relative read when calling g_printerr(), which
    could lead to a denial of service from a setuid-root process
    being used to block access to the TTY for another user.
  + Fix SOCKS proxy resolver sometimes not being used when
    resolving addresses via Happy Eyeballs (CVE-2020-6750).
  + Several other Happy Eyeballs fixes for address resolution.
  + Fix parsing of full Julian day range from `$TZ` environment
  + Several race condition/crash fixes.
  + Bugs fixed: glgo#GNOME/GLib#1919, glgo#GNOME/GLib#1995,
    glgo#GNOME/GLib#1999, glgo#GNOME/GLib!1323,
    glgo#GNOME/GLib!1331, glgo#GNOME/GLib!1352,
    glgo#GNOME/GLib!1361, glgo#GNOME/GLib!1365,
    glgo#GNOME/GLib!1370, glgo#GNOME/GLib!1371.
  + Updated translations.
- No longer recommend -lang: supplements are in use
- Update to version 2.62.4:
  + Apply recursion depth limits to variants in D-Bus messages.
  + Bugs fixed: glgo#GNOME/GLib#1938, glgo#GNOME/GLib!1240,
    glgo#GNOME/GLib!1257, glgo#GNOME/GLib!1266,
    glgo#GNOME/GLib!1276, glgo#GNOME/GLib!1290.
- Update to version 2.62.3:
  + Use `poll()` in `g_spawn_sync()` rather than `select()`, which
    is subject to FD limits.
  + Fix undefined behaviour with `g_utf8_find_prev_char()`.
  + Bugs fixed: glgo#GNOME/GLib#954, glgo#GNOME/GLib#1318,
    glgo#GNOME/GLib#1897, glgo#GNOME/GLib#1903,
    glgo#GNOME/GLib#1916, glgo#GNOME/GLib#1917,
    glgo#GNOME/GLib!1174, glgo#GNOME/GLib!1184,
    glgo#GNOME/GLib!1194, glgo#GNOME/GLib!1203,
    glgo#GNOME/GLib!1207, glgo#GNOME/GLib!1215,
    glgo#GNOME/GLib!1219, glgo#GNOME/GLib!1222,
- Re-enable systemtap, and require systemtap-headers and
  systemtap-dtrace, rather than systemtap-sdt-devel, to avoid build
  cycle (boo#1145438).
- Own /usr/share/systemtap{|tapset} directories, since we no
  longer have systemtap-sdt-devel in BuildRequires.
- Disable lto if systemtap is enabled: build fails otherwise.
- Update to version 2.62.2:
  + Bugs fixed:
  - glgo#GNOME/GLib#1896: Use after free when calling
    g_dbus_connection_flush_sync() in a dedicated thread.
  - glgo#GNOME/GLib!1154: Backport glgo#GNOME/GLib!1152
    “gwinhttpvfs: Handle g_get_prgname() returning NULL” to
  - glgo#GNOME/GLib!1156: Backport glgo#GNOME/GLib!1146 Solaris
    fixes to glib-2-62.
- Update to version 2.62.1:
  + Fix regression in g_file_copy() when passing
    `G_FILE_COPY_TARGET_DEFAULT_PERMS` flag; the destination
    permissions would be private rather than following the process’
  + Several `GDateTime` parsing fixes.
  + Always build the tests if installed-tests are enabled, so that
    the tests can actually be installed.
  + Bugs fixed: glgo#GNOME/GLib#174, glgo#GNOME/GLib#1865,
    glgo#GNOME/GLib#1875, glgo#GNOME/GLib#1887,
    glgo#GNOME/GLib#1888, glgo#GNOME/GLib!1021,
    glgo#GNOME/GLib!1094, glgo#GNOME/GLib!1101,
    glgo#GNOME/GLib!1102, glgo#GNOME/GLib!1103,
    glgo#GNOME/GLib!1127, glgo#GNOME/GLib!1128,
    glgo#GNOME/GLib!1140, glgo#GNOME/GLib!1141,
  + Updated translations.
- Update to version 2.62.0:
  + Fix new `GFileInfo` APIs to work when
  + Bugs fixed: glgo#GNOME/GLib#487, glgo#GNOME/GLib!1084,
- Update to version 2.61.3:
  + Support setting thread name on BSD systems.
  + Install previously-uninstalled headers for public
    `GNativeSocketAddress` object.
  + Very initial support for Windows apps (UWP).
  + Add various new valgrind suppressions to `glib.supp`.
  + Bugs fixed: glgo#GNOME/GLib!83, glgo#GNOME/GLib!512,
    glgo#GNOME/GLib!873, glgo#GNOME/GLib!905, glgo#GNOME/GLib!1057,
    glgo#GNOME/GLib!1309, glgo#GNOME/GLib!1620,
    glgo#GNOME/GLib!1761, glgo#GNOME/GLib!1803,
    glgo#GNOME/GLib!1819, glgo#GNOME/GLib!1852,
    glgo#GNOME/GLib!1854, glgo#GNOME/GLib!1860,
    glgo#GNOME/GLib!1863, glgo#GNOME/GLib!1867,
    glgo#GNOME/GLib!1870, glgo#GNOME/GLib!1879,
    glgo#GNOME/GLib!1880, glgo#GNOME/GLib!1881,
    glgo#GNOME/GLib!1002, glgo#GNOME/GLib!1011,
    glgo#GNOME/GLib!1015, glgo#GNOME/GLib!1016,
    glgo#GNOME/GLib!1017, glgo#GNOME/GLib!1023,
    glgo#GNOME/GLib!1026, glgo#GNOME/GLib!1027,
    glgo#GNOME/GLib!1031, glgo#GNOME/GLib!1032,
    glgo#GNOME/GLib!1033, glgo#GNOME/GLib!1034,
    glgo#GNOME/GLib!1036, glgo#GNOME/GLib!1037,
    glgo#GNOME/GLib!1044, glgo#GNOME/GLib!1049,
    glgo#GNOME/GLib!1050, glgo#GNOME/GLib!1054,
    glgo#GNOME/GLib!1057, glgo#GNOME/GLib!1059,
    glgo#GNOME/GLib!1066, glgo#GNOME/GLib!1068,
    glgo#GNOME/GLib!1071, glgo#GNOME/GLib!1074,
- Update to version 2.61.2:
  + Add various new array functions (#236, #269, #373).
  + Rework how D-Bus connections are closed/unreffed when
    `g_test_dbus_down()` is called. Tests which leak a
    `GDBusConnection` may now time out and abort, rather than
    silently leaking. (#787)
  + Add a deprecation macro for GLib macros, and use it;
    third-party uses of long-deprecated GLib macros may now start
    causing warnings. (#1060).
  + Deprecate `GTime` and `GTimeVal`, and various functions which
    use them. Use `GDateTime` and `guint64` UNIX timestamps
  + Stop using `G_DISABLE_DEPRECATED` to allow disabling
    deprecation warnings; third-party code should now be using
    `GLIB_VERSION_{MIN_REQUIRED, MAX_ALLOWED}` to control symbol
  + Improve `GNetworkMonitor` detection of offline states (#1788).
  + Fix CVE-2019-12450, wide permissions of files when copying
    using GIO.
- Changes from version 2.61.1:
  + Upgrade to Unicode Character Database v12.1.
  + Improve network availability detection with NetworkManager to
    treat lower levels of connectivity as having reduced
- Changes from version 2.61.0:
  + Add coloured output support to `gdbus introspect.
  + Updated translations.
- Update to version 2.60.7:
  + Bugs fixed: glgo#GNOME/GLib#1819, glgo#GNOME/GLib#1847,
    glgo#GNOME/GLib!1012, glgo#GNOME/GLib!1013,
    glgo#GNOME/GLib!1061, glgo#GNOME/GLib!1065,
- Update to version 2.60.6:
  + Fix various bugs with use of the `GKeyfileSettingsBackend`
    within flatpaks (glgo#GNOME/GLib!984, glgo#GNOME/GLib!985,
  + Bugs fixed: glgo#GNOME/GLib!993, glgo#GNOME/GLib!984,
- Drop glib2-keyfile-handle-filename-being-null.patch: Fixed
- Add glib2-keyfile-handle-filename-being-null.patch: key file:
  Handle filename being NULL (glgo#GNOME/GLib!1825,
- Update to version 2.60.5:
  + Fix implicit use of the `GKeyfileSettingsBackend`.
  + Fix opening a URI using the ‘Open URI’ portal.
  + Bugs fixed: glgo#GNOME/GLib!910, glgo#GNOME/GLib!949,
    glgo#GNOME/GLib!956, glgo#GNOME/GLib!958, glgo#GNOME/GLib!969,
- Update to version 2.60.4:
  + Fixes to improved network status detection with NetworkManager.
  + Leak fixes to some `glib-genmarshal` generated code.
  + Further fixes to the Happy Eyeballs (RFC 8305) implementation.
  + File system permissions fix to clamp down permissions in a
    small time window when copying files (CVE-2019-12450).
  + Bugs fixed: glgo#GNOME/GLib#1755, glgo#GNOME/GLib#1788,
    glgo#GNOME/GLib#1792, glgo#GNOME/GLib#1793,
    glgo#GNOME/GLib#1795, glgo#GNOME/GLib!865, glgo#GNOME/GLib!878.
- Set umask to 022 before running glib-compile-schemas
- Update to version 2.60.3:
  + * Various fixes to small key/value support in `GHashTable`.
  * Bugs fixed:
  - Critical in g_socket_client_async_connect_complete.
  - New GHashTable implementation confuses valgrind.
  - test_month_names: assertion failed.
  - GNetworkAddressAddressEnumerator unsafely modifies cache in
  - Leaks in gsocketclient.c connection code.
  - glib/date test fails.
  - GDB pretty-printer for GHashTable no longer works
  + Updated translations.
- Move glib2.macros to %_rpmmacrodir. /etc is for the system admin.
- Update to version 2.60.2:
  + Fix crash when displaying notifications on macOS.
  + Improve network status detection with NetworkManager.
  + Bugs fixed: glgo#GNOME/GLib!790, glgo#GNOME/GLib!793,
  + Updated translations.
- Use FAT LTO objects in order to provide proper static library (boo#1133129).
- Update to version 2.60.1:
  + Fix documentation for `gdbus-tool wait` to use correct units.
  + Bugs fixed: glgo#GNOME/GLib#1709, glgo#GNOME/GLib#1725,
    glgo#GNOME/GLib#1737, glgo#GNOME/GLib!711, glgo#GNOME/GLib!722,
    glgo#GNOME/GLib!727, glgo#GNOME/GLib!729, glgo#GNOME/GLib!758,
  + Updated translations.
- Drop upstream fixed patch:
- Add patch submitted upstream to handle an UNKNOWN NM connectivity
  the same as a NONE value. This partly fixes boo#1103678
  (packagekit reports the network as available on a computer
  without network connectivity which makes plasma-pk-update start
  an update check which obviously fails).
  * 0001-Handle-an-UNKNOWN-NetworkManager-connectivity-as-NONE.patch
- Update to version 2.60.0:
  + Further fixes to the Happy Eyeballs (RFC 8305) implementation.
  + Add support for the XDG trash portal.
  + Bugs fixed: glgo#GNOME/GLib#1653, glgo#GNOME/GLib#1658,
    glgo#GNOME/GLib#1668, glgo#GNOME/GLib#1675,
    glgo#GNOME/GLib#1676, glgo#GNOME/GLib#1679,
    glgo#GNOME/GLib#1693, glgo#GNOME/GLib#1697,
    glgo#GNOME/GLib#1698, glgo#GNOME/GLib!276, glgo#GNOME/GLib!639,
    glgo#GNOME/GLib!666, glgo#GNOME/GLib!674, glgo#GNOME/GLib!676,
    glgo#GNOME/GLib!677, glgo#GNOME/GLib!686, glgo#GNOME/GLib!688,
    glgo#GNOME/GLib!689, glgo#GNOME/GLib!691, glgo#GNOME/GLib!692,
    glgo#GNOME/GLib!696, glgo#GNOME/GLib!698, glgo#GNOME/GLib!699,
    glgo#GNOME/GLib!702, glgo#GNOME/GLib!703.
  + Updated translations.
- Update to version 2.59.2:
  + Fix check on GDBusMessage size when reading it.
  + Add async GIO API: g_file_query_default_handler_async(),
  + Fix some bugs in the Happy Eyeballs implementation.
  + Install a new generated header with enum types for Unicode
  + Support the XDG trash portal.
  + Bugs fixed: glgo#GNOME/GLib#1224, glgo#GNOME/GLib#1249,
    glgo#GNOME/GLib#1347, glgo#GNOME/GLib#1376,
    glgo#GNOME/GLib#1642, glgo#GNOME/GLib#1646,
    glgo#GNOME/GLib#1649, glgo#GNOME/GLib#1673,
    glgo#GNOME/GLib!276, glgo#GNOME/GLib!481, glgo#GNOME/GLib!585,
    glgo#GNOME/GLib!593, glgo#GNOME/GLib!609, glgo#GNOME/GLib!619,
    glgo#GNOME/GLib!622, glgo#GNOME/GLib!626, glgo#GNOME/GLib!627,
    glgo#GNOME/GLib!629, glgo#GNOME/GLib!630.
  + Updated translations.
- BuildIgnore glib2-devel: since we have to require gtk-doc in
  order to produce the doc, we gained an implicit dependency on
  ourselves. The gtk-doc dependency is correct, but glib happens
  to be buildable without this dependency too.
- Rework the check section to be in an own if/endif block so that
  spec-cleaner is not getting confused by it.
- Conditionalize enabling of systemtap, default disabled: it
  creates a build loop.
- Update to version 2.59.1:
  + Autotools support is gone.
  + g_format_size() now uses a no-break space to separate digits
    and units; translations will need to be updated accordingly.
  + New g_queue_clear_full() API.
  + Fix argument quoting on win32 when spawning subprocesses.
  + Allow polling more than 64 handles on win32 using g_poll().
  + Tag various tests as ‘flaky’. These are no longer run routinely
    on our upstream CI machines, and downstream packagers may want
    to not run them (or not treat those test failures as package
    build failures) on their test machines either. They are in the
    `flaky` test suite.
  + Add overlay support to g_resources_get_info().
  + Support defaults and locks in the keyfile GSettings backend.
    This will be used for flatpaks.
  + Accept unquoted strings in the keyfile GSettings backend to
    simplify things for sysadmins.
  + Update our contribution guidelines (``).
  + Add writev() and writev_all() APIs to GOutputStream and
    GPollableOutputStream, and provide implementations of them for
    many subclasses.
  + Many more bugs fixed, see package NEWS file for full list.
  + Updated translations.
- Remove conditionals for meson build, use meson unconditionally
  following upstreams removal of autotools.
- Add new glib2-tests subpackage.
- Update to version 2.59.0:
  + This will be the last development release with autotools
    support. As our Meson support has been around since 2.56.x, and
    was used to release tarballs in 2.58.x, the next development
    release (2.59.1) will drop autotools as used to build GLib. The
    macros installed for other packages to use will remain.
  + Add `G_TEST_OPTION_ISOLATE_DIRS` to redirect `XDG_*_HOME` to a
    temporary directory for each unit test.
  + Support `Property.EmitsChangedSignal` annotations in
  + Add `g_assert_cmpvariant()` API for unit tests.
  + Hide bind mounts from GIO mount listings.
  + Automatically realign data passed to
    `g_variant_new_from_bytes()` or `g_variant_new_from_data()` if
    it is not correctly aligned. This prevents misaligned accesses
    on architectures which don’t support them. Callers should still
    aim to correctly align data to get higher performance.
  + Support `ld -b binary` (on platforms which support it; i.e.
    Linux) to provide large pre-compiled `GResource` resources with
    a fast compilation time.
  + Unconditionally install GLib m4 macros, so that projects which
    depend on GLib and which still build using autotools can
    continue to build even once GLib has ported entirely to Meson.
  + Various fixes to the Meson build.
  + Drop Python 2 support and require Python 3.4+. See discussion
  + `GHashTable` performance and memory improvements for common
    cases. See
  + Add flags that allow a `GApplication` to signal and replace a
    currently running other instance of the same `GApplication`.
    This will be used for app upgrades with flatpak.
  + Autostart xdg-desktop-portal when using the network monitor and
    proxy monitor portal backends.
  + Add a g_task_set_name() API to allow `GTask`s to be described;
    useful for debugging.
  + Enable FreeBSD CI on every commit for upstream GLib.
  + Various GVariant, GMarkup and GDBus fuzzing fixes, including
    buffer overflow fixes.
  + Various fixes to eliminate thread races, found by thread
    sanitizer (tsan).
  + Deprecate TLS/DTLS rehandshaking, as it has been removed from
    the protocol in TLS 1.3.
  + Support reading arguments from a file with `glib-mkenums`,
    which is useful for long argument lists due to having deeply
    nested build directories, on systems with a low limit on the
    command line length.
  + Make `g_environ_*()` case-insensitive on Windows, as the
    environment itself is case-insensitive on Windows.
  + Add Application Layer Protocol Negotiation (ALPN) support to
    `GTlsConnection` and `GDtlsConnection`, so that higher layer
    protocols can be negotiated when setting up a TLS connection,
    without additional round trips and latency. This is needed for
    eventual HTTP/2 support.
  + Add support for TPM keys in PEM files when loading TLS
  + Add a `GRecMutexLocker` auto-pointer wrapper for `GRecMutex`.
  + Many more bugs fixed, see package NEWS file for full list.
  + Updated translations.
- Update to version 2.58.3:
  + Fix GVariant tests on i686.
  + Fix crashes caused by filtering of mounts.
  + Bugs fixed: glgo#gnome/GLib#1626, glgo#gnome/GLib#1637,
    glgo#gnome/GLib#1645, glgo#gnome/GLib!558, glgo#gnome/GLib!577,
- Update to version 2.58.2:
  + Fix calling gdbus-codegen with --interface-info-{header,body}.
  + Fix parsing month names in certain locales with
  + Fix ^*ay handling in g_variant_iter_loop().
  + Various buffer overflow fixes in GMarkup/GVariant/GDBus.
  + A huge number of fixes to the Meson build.
  + Prevent bind mounts being advertised as mounts.
  + Fix cross-compilation of 2.58.x releases with autotools.
  + Bugs fixed: glgo#gnome/GLib!527, glgo#gnome/GLib#1605,
    glgo#gnome/GLib#1271, glgo#gnome/GLib#1546,
    glgo#gnome/GLib#1527, glgo#gnome/GLib!406, glgo#gnome/GLib!334,
    glgo#gnome/GLib#1528, glgo#gnome/GLib#1539,
    glgo#gnome/GLib#1536, glgo#gnome/GLib#1544,
    glgo#gnome/GLib#1562, glgo#gnome/GLib!367, glgo#gnome/GLib!416,
    glgo#gnome/GLib#1572, glgo#gnome/GLib#1522,
    glgo#gnome/GLib#1576, glgo#gnome/GLib!407,
    glgo#gnome/GLib#1582, glgo#gnome/GLib!428,
    glgo#gnome/GLib#1588, glgo#gnome/GLib!462,
    glgo#gnome/GLib!238, glgo#gnome/GLib!312, glgo#gnome/GLib#1520,
    glgo#gnome/GLib!403, glgo#gnome/GLib#1543,
    glgo#gnome/GLib!414, glgo#gnome/GLib!409, glgo#gnome/GLib!400,
    glgo#gnome/GLib!430, glgo#gnome/GLib!437, glgo#gnome/GLib#1337,
    glgo#gnome/GLib!542, glgo#gnome/GLib#1343, glgo#gnome/GLib!471,
    glgo#gnome/GLib!544, glgo#gnome/GLib#945, glgo#gnome/GLib#1014,
    glgo#gnome/GLib#656, glgo#gnome/GLib#1313, glgo#gnome/GLib!346.
  + Updated translations.
- Drop upstream fixed patches:
  + 0001-gvariant-Fix-checking-arithmetic-for-tuple-element-e.patch
  + 0002-gvarianttype-Impose-a-recursion-limit-of-64-on-varia.patch
  + 0003-gvariant-Check-array-offsets-against-serialised-data.patch
  + 0004-gvariant-Check-tuple-offsets-against-serialised-data.patch
  + 0005-gvariant-Limit-GVariant-strings-to-G_MAXSSIZE.patch
  + 0006-gdbusmessage-Validate-type-of-message-header-signatu.patch
  + 0007-gdbusmessage-Improve-documentation-for-g_dbus_messag.patch
  + 0008-gdbusmessage-Clarify-error-returns-for-g_dbus_messag.patch
  + 0009-gdbusmessage-Fix-a-typo-in-a-documentation-comment.patch
  + 0008-gdbusmessage-Clarify-error-returns-for-g_dbus_messag.patch
  + 0009-gdbusmessage-Fix-a-typo-in-a-documentation-comment.patch
  + 0010-gdbusmessage-Check-for-valid-GVariantType-when-parsi.patch
  + 0011-gvariant-Clarify-internal-documentation-about-GVaria.patch
  + 0012-tests-Tidy-up-GError-handling-in-gdbus-serialization.patch
  + 0013-tests-Use-g_assert_null-in-gdbus-serialization-test.patch
  + 0014-gutf8-Add-a-g_utf8_validate_len-function.patch
  + 0015-glib-Port-various-callers-to-use-g_utf8_validate_len.patch
- Add patchset to fix gvariant parsing issues. (bsc#1111499).
- Update to version 2.58.1:
  + Fix to a regression in listing GIcon fallbacks.
  + Changes to pkg-config paths to helper programs when building
    with autotools: paths are now absolute with reference to the
    .pc file’s ${prefix}.
  + Fix installation path of glib-gettextize helper on Meson.
  + Fix autostarting xdg-desktop-portal.
  + Various fixes to the network monitor.
  + Various compilation fixes on macOS (generally older versions
    and ol