- Upgrade to upstream version 2.0.1 to improve visibility of HANA
  related firewall services in firewalld configuration tool.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Upgrade to upstream version 2.0 to work with firewalld in SLES 15.
- Merge HANA firewall rules into an existing "/customrules"/ script
  if it is present.
- Bump version to 1.1.4 (bsc#1002744);
- Add several more TCP ports that are vital to HA operation into
  firewall service definition file.
  Bump version to 1.1.3 (bsc#992376)
- Fix typo and incorrectly assigned default value in sysconfig file.
  Bump version to 1.1.2. (bsc#991919)
- Improve prompts in create_new_service.
- Relax file permissions in hana-firewall.d directory.
- Fix result file location for create_new_service.
- fate#320564 fate#320376
- Add missing changelog macro in spec file.
- Fully integrate with SUSE firewall.
- Remove unnecesary defaults from sysconfig.
- Fix names in sysconfig file
- Bring HANA-Firewall out of technical preview with feature
  enhancements and major code clean-up.
- Initial Version of HANA-Firewall
- update to 20.2.4
  * fourth (second to last) bugfix release for the 20.2 branch
- require llvm-devel *without* any explicit version number for
  factory/TW to imply 'distro default llvm version', which we
  usually bump up when a new stable llvm comes out
- use llvm11 on factory/TW and sle15-sp3/Leap 15.3
- enabled build of radeonsi DRI and VDPAU driver on aarch64
- update to 20.2.3
  * third bugfix release for the 20.2 branch
- update to 20.2.2
  * second bugfix release for the 20.2 branch
- reenabled U_fix-mpeg1_2-decode-mesa-20.2.patch due to regression
  reported in boo#1173185
- update to 20.2.1
  * first bugfix release for the 20.2 branch
- supersedes U_fix-mpeg1_2-decode.patch
- disabled U_fix-mpeg1_2-decode-mesa-20.2.patch; likely no longer
  needed (boo#1173185)
- U_fix-mpeg1_2-decode-mesa-20.2.patch
  * additional patch currently needed for Mesa 20.2 (boo#1173185)
- update to 20.2.0
  * includes Intel Rocket Lake Platform Support
    (jsc#SLE/SLE-12880, jsc#SLE/SLE-12882)
- adjusted/refreshed patches:
  * n_add-Mesa-headers-again.patch
  * n_drirc-disable-rgb10-for-chromium-on-amd.patch
  * u_dep_xcb.patch
- docs now available in .rst format (html before)
- Add U_fix-mpeg1_2-decode.patch (boo#1173185)
  * fixes colors in kaffeine on Radeon (r600 VAAPI driver)
- buildfix-ppc64le.patch
  * buildfix for ppc64le (boo#1176562)
- update to 20.1.8:
  * mainly bugfixes, highlights:
  - Crash in ruvd_end_frame when calling vaBeginPicture/vaEndPicture without rendering anything
  - khr_debug-push-pop-group_gl: ../src/util/simple_mtx.h:86: simple_mtx_lock: Assertion `c != _SIMPLE_MTX_INVALID_VALUE' failed.
  - Amber test opt_peel_loop_initial_if: Assertion failed
  - Dirt Rally: Flickering glitches on certain foliage since Mesa 20.1.0 caused by MSAA
  - [BRW] WRC 5 asserts with gallium nine and iris.
- update to 20.1.7
  * seventh bugfix release for the 20.1 branch
- switched to llvm9 usage for Leap/SLE15 since llvm10 is not (yet)
  in Leap/SLE15
- version 20.1.6 needed for jira#SLE/SLE-12880, jira#SLE/SLE-12882
- use again /etc/OpenCL/vendors for openSUSE Leap, i.e. use
  /usr/etc/OpenCL/vendors only for Tumbleweed
- Add vulkan device selection layer and vulkan overlay layer to
  baselibs for 32bit versions on 64bit architectures.
- Add vulkan device selection layer and vulkan overlay layer
- specfile/baselibs.conf cleanup
  * no longer support Mesa build without libglvnd
  * removed empty packages Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2
- update to 20.1.6
  * sixth bugfix release for the 20.1 branch
- baselibs.conf:
  + Require Mesa-KHR-devel instead of Mesa-KHR-devel-<targettype>:
    KHR-devel consists only of header files there is thus no
  - <targettype> flavor being generated.
  + Do not require Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 from
    their respective -32bit devel packages: with libglvnd defined
    to 0, the native packages are being generated, but are empty.
    For baselibs, this trick does not work and empty packages are
    being skipped. So we drop the dependency (with a note in the
    .spec to enable the deps when changing the defines).
- update to 20.1.4
  * fourth bugfix release for the 20.1 branch
  * just a few fixes here and there, nothing major
- update to 20.1.3
  * third bugfix release for the 20.1 branch
  * lots of updates to our testing infrastructure
- force valgrind support only on officially supported platforms
- update to 20.1.2
  * second bugfix release for the 20.1 branch
  * most of the fixes here are to the AMD drivers, and the rest
    is scattered over the tree.
- enable valgrind support (boo#1173355)
- move mesa.icd from /usr/etc/OpenCL/vendors to
  /usr/share/OpenCL/vendors (boo#1173005)
- switch to /usr/etc/OpenCL/vendors for mesa.icd OpenCL file
  location (boo#1173005)
- update to 20.1.1
  * first bugfix release for the 20.1 branch
  * fixes issue affecting Unreal Engine 4 games on i965
- update to 20.1.0
  * first release for the 20.1 branch
  * One already known issue is that Unreal Engine 4 has a bug in
    its usage of glDrawRangeElements() causing it to be called
    with a number of vertices in place of the `end` parameter,
    that was recently revealed. This is an annoying bug that we
    haven't worked around yet. For more details:
- supersedes U_add-lifetime-dse-fix.patch
- Add U_add-lifetime-dse-fix.patch as a proper fix for boo#1171855.
- Disable LTO for now as there's a known upstream bug
  that hasn't been resolved with GCC 10:
- update to Mesa 20.0.7
  * most fixes in Radv, but there are fixes all over the tree
- avoid build error PowerPC, using gnu++14 (not gnu++11)
- update to Mesa 20.0.6
  * fairly small release (a little bit of everything in here)
- require llvm/clang 10
- update to Mesa 20.0.5
  * pretty big release with AMD and Intel drivers receiving the
    majority of the work.
- supersedes U_EGL-Add-eglSetDamageRegionKHR-to-GLVND-dispatch-list.patch
- supersedes n_opencl_dep_libclang.patch
- Disable LTO on armv6 to fix build
- U_EGL-Add-eglSetDamageRegionKHR-to-GLVND-dispatch-list.patch
  * Fix Weston launch on tumbleweed by backporting commit bfb9c08e
- update to Mesa 20.0.4
  * emergency release, which reverts a serious SPIR-V regression
    in the 20.0.3 release.
- supersedes U_Revert-spirv-Implement-OpCopyObject-and-OpCopyLogica.patch
- U_Revert-spirv-Implement-OpCopyObject-and-OpCopyLogica.patch
  * revert severe spirv regression; emergency release will be
    available soon ...
- update to Mesa 20.0.3
  * bugfix release:  fixes all over the tree; mostly AMD (radv,
    aco), NIR and Intel (isl, anv)
- update to Mesa 20.0.2
  * bugfix release: fixes all over the code base
- update to Mesa 20.0.1
  * bugfix release
- cleanup in specfile: get rid of is_opensuse macro, which is no
  longer needed at all (jira#PM-1623)
- Loosen dependencies to allow building with newer versions of
  clang-devel, similar to llvm-devel.
- update to mesa 20.0.0
  * changelog https://mesa3d.org/relnotes/20.0.0.html
- supersedes U_0001-gallium-Fix-a-couple-of-multiple-definition-warnings.patch
- supersedes U_0002-r600-Move-get_pic_param-to-radeon_vce.c.patch
- supersedes U_0003-radeon-Move-si_get_pic_param-to-radeon_vce.c.patch
- supersedes U_0004-radeon-Fix-multiple-definition-error-with-radeon_deb.patch
- supersedes U_0006-nouveau-nvc0-add-extern-keyword-to-nvc0_miptree_vtbl.patch
- update to patch n_add-Mesa-headers-again.patch to fit v20.0.0 sources
- update to patch n_drirc-disable-rgb10-for-chromium-on-amd.patch to fit v20.0.0 sources
- use 7G disk constraints also for x86_64 and i586 (bsc#1164488)
- only use 'BuildRequires:llvm-devel >= 9.0.0' for TW/factory; for
  older products still use 'BuildRequires: llvm9-devel'; fixed
  build on openSUSE Leap 15.2
- Update to version 19.3.4
  * changes all over the tree, but aco and anv are leading the
    way in changes
- supersedes u_Revert_gallium_Fix_big-endian_addressing_of_non-bitmask_array_formats.patch
- u_Revert_gallium_Fix_big-endian_addressing_of_non-bitmask_array_formats.patch
  * replaces U_gallium-Fix-big-endian-addressing-of-non-bitmask-arr.patch
    by an official merge request (bsc#1162252, gitlab issue#2472)
- U_gallium-Fix-big-endian-addressing-of-non-bitmask-arr.patch
  * reverse apply since it caused a regression in rendering on
    s390x (bsc#1162252)
- require and check for llvm-devel >= 9 instead of llvm9-devel on
- enabled build of gallium based llvmpipe driver for s390x
  (related to jsc#IBM-369, jsc#SLE-7452)
- Update to version 19.3.3
  * There's plenty of changes here, but intel, docs, radeonsi,
    and aco are the biggest sets of changes.
- supersedes U_0005-radv-Remove-syncobj_handle-variable-in-header.patch
- set optflags also for g++ compiler
- require llvm9 (jsc#IBM-369, jsc#SLE-7452)
- U_0001-gallium-Fix-a-couple-of-multiple-definition-warnings.patch
  * fixes build with gcc10 using -fno-common as default now (boo#1160578)
- Enable LLVM support on riscv64
- Update to version 19.3.2
  * Intel and AMD drivers make up the bulk of the changes, with
    a bit of nir and glsl, plus a sprinkling of other stuff in
- n_drirc-disable-rgb10-for-chromium-on-amd.patch
  * fixes patch (boo#1145188)
- Update to version 19.3.1
  * Bugfixes for i965/iris, anv and radv
- Update to version 19.3.0
  * Mainly changes to the build system, i965, aco, radv and anv
  * New features, check Phoronix:
- Update to version 19.2.6
  * fixes build on PPC
  * couple of additional stable patches
- Update to version 19.2.5
  * There's a little bit over everything in here, with anv and
    radeonsi standing out as the two biggest components getting
    changes, but core mesa, core gallium, llvmpipe, nir, egl,
    i965, tgsi, st/mesa, spirv, and the Intel compiler also
    fixes in this release.
- supersedes u_call-shmget-with-permission-0600-instead-of-0777.patch
- u_call-shmget-with-permission-0600-instead-of-0777.patch
  * CVE-2019-5068 (bsc#1156015)
- Update to version 19.2.4
  * This is an emergency release, to fix a critical bug found in
    the 19.2.3 release which causes incomplete rendering on all
    mesa drivers. This release contains a single patch to fix
    that bug.
- Update _contraints, Mesa-drivers needs 7GB of disk to build
- Update to version 19.2.3
  In this release: iris, meson, radv, anv, turnip, 965, svga,
  utils, core mesa, glsl, etanviv, and gallium/rbug
- This Mesa release includes support for latest GPUs including Intel
  (jsc#SLE-7962, jsc#SLE-8024, jsc#SLE-8022, jsc#SLE-10182, jsc#SLE-4983,
  bsc#1137515) and fixes for boo#1127672, bsc#1117365
- Dont conflict with vulkan-devel anymore as there is no file
- Use %pkg_vcmp macro instead of llvm-config to detect LLVM 9.
- Update to version 19.2.2
  * assortment of fixes in this release, notably a bunch of work
    to get Solaris and illumos working with mesa, as well as more
    work fixing issues in the migration of package-config and
    headers being handled by libglvnd instead of mesa when mesa
    is built with support for glvnd.
    There's  bunch of other changes here, with radv and intel
    leading the pack, otherwise just a few things here and there.
- n_add-Mesa-headers-again.patch
  * add Mesa headers again despite of building it against libglvnd;
    those headers turned out not to be usable; in addition packaging
    headers with libglvnd make dependancies problematic ...
- let Mesa-libEGL-devel require libX11 devel via "/pkgconfig(x11)"/
  since EGL/eglplatform.h includes X11/Xlib.h
- Update to version 19.2.1
  * fixes all over the tree: intel, amd, nine, nir, egl, gallium,
    scons, meson, glsl, haiku, android, and nouveau all got fixes.
- pickup gl, egl, glesv1_cm and glesv2 pkgconfig files from
  libglvnd build and add them to the appropriate devel subpackages
- reintroduce GL, EGL, GLES* devel subpackages since corresponding
  header and pkgconfig files from libglvnd didn't work out ...
- Rebase n_opencl_dep_libclang.patch after update.
- Update to version 19.2.0 including changes to
  * release-infastructure
  * the build
  * drivers: turnip, radv, android, intel and amd common code
  * new features: check Phoronix
- supersedes U_llvmpipe-Don-t-use-u_ringbuffer-for-lp_scene_queue.patch
- adjusted n_drirc-disable-rgb10-for-chromium-on-amd.patch
- supersedes n_glesv1_cm-glesv2.patch
- no longer build
  * Mesa-libGL-devel
  * Mesa-libEGL-devel
  * Mesa-libGLESv1_CM-devel
  * Mesa-libGLESv2-devel
  * Mesa-libGLESv3-devel
  Instead of requiring these let Mesa-devel package require
  libglvnd-devel >= 1.2.0, which provides the contents of these
  packages now (header files for OpenGL, GLES, EGL, and GLX).
  Adjusted baselibs.conf accordingly.
- modified check for llvm version in a way so it works also with
  older llvm packages (by making use of "/llvm-config -version"/),
  where there is %{_llvm_sonum} macro defined yet
- moved manual pages to Mesa-devel package
- n_opencl_dep_libclang.patch
  * Link OpenCL library with libclang-cpp.so instead of the
    component libraries for LLVM >= 9.
- Update to version 19.1.7
  * another bugfix release ....
- Add ppc64 for radeonsi to avoid build error
- Update to version 19.1.6
  * bugfix release
- Update to version 19.1.5
  * bugfix release
- Build radeonsi and libvdpau_radeonsi on ppc64le
- Update to version 19.1.4:
  * Mostly, as usual, in fixes for different drivers (anv, radv,
    radeon, nv50, nvc0) as well as in backend parts (egl, spirv,
    nir, ...).
  * Of those fixes, we could highlight several ones:
  - Vulkan 24/48 bit formats are now not supported on Ivybridge.
  - R8G8B8_UNORM_SRGB is not supported on Haswell.
  - A fix for hair artifacts in Max Payne 3 on AMD/RADV.
  - Vulkan transform feedback extension is disabled on Intel
- Update to version 19.1.3:
  * Mostly fixes for ANV and RADV drivers, as well as NIR backend
  * Several of those patches fix crashes with the drivers, and a
    couple of them fix memory leaks.
- n_drirc-disable-rgb10-for-chromium-on-amd.patch
  * added totem as another affected application (boo#1142270)
- Add v3d support (VC5/V6 driver) for %arm and aarch64
- Add kmsro for %arm and aarch64
- U_llvmpipe-Don-t-use-u_ringbuffer-for-lp_scene_queue.patch
  * may fix crashes in llvmpipe on SMP systems with LTO enabled
    builds (boo#1133265)
- Update to version 19.1.2:
  * Different fixes for the Intel and AMD Vulkan drivers,
    Freedreno, the Meson build system, and some other fixes for
    other parts and/or drivers.
  * Worth to mention a fix for a crash in Wolfenstein II with the
    RADV driver, and another fix relevant for DXVK on Intel gen7
- Update Source urls from ftp to https.
- Update to version 19.1.1:
  * Mostly in fixes for different drivers (RADV, ANV, Nouveau,
    Virgl, V3D, R300g, ...).
  * Also different fixes for different parts (Meson build, GLX,
- reverted latest change in specfile; it's not needed; llvm8 is
  already been chosen on factory/TW by default ...
- use llvm8 on factory/TW
- n_glesv1_cm-glesv2.patch
  * reenables build of GLESv1_CM and GLESv2 ...
- readded pkgconfig files for GLESv1_CM and GLESv2 to filelists
- removed again virtual provides for
  * pkgconfig(glesv1_cm)
  * pkgconfig(glesv2)
- reenable LTO with Mesa 19.1 (boo#1133265, comment#5)
- enabled new gallium drivers
  * iris (newer Intel GPUs)
  * lima, panfrost on ARM64
- virtually provide
  * pkgconfig(glesv1_cm)
  * pkgconfig(glesv2)
  in libGLESv1_CM-devel/libGLESv2-devel packages, since these files
  have been removed from Mesa via git commit #1587586
- Update to 19.1.0:
  * Mesa 19.1.0 implements the OpenGL 4.5 API, but the version
    reported by glGetString(GL_VERSION) or
    glGetIntegerv(GL_MAJOR_VERSION) /
    glGetIntegerv(GL_MINOR_VERSION) depends on the particular
    driver being used. Some drivers don't support all the features
    required in OpenGL 4.5. OpenGL 4.5 is only available if
    requested at context creation. Compatibility contexts may
    report a lower version depending on each driver.
  * The top highlights include:
  - GL_ARB_parallel_shader_compile for all drivers.
  - GL_EXT_gpu_shader4 on all GL 3.1 drivers.
  - GL_EXT_shader_image_load_formatted on radeonsi.
  - GL_EXT_texture_buffer_object on all GL 3.1 drivers.
  - GL_EXT_texture_compression_s3tc_srgb on Gallium and i965
    drivers (ES extension).
  - GL_NV_compute_shader_derivatives on Iris and i965 drivers.
  - GL_KHR_parallel_shader_compile on all drivers.
  - GL_INTEL_conservative_rasterization on Iris.
- Refresh patches with quilt.
- Clean-up spec files for .pc and other files no longer built.
- Update to 19.0.5
  * Things have slowed back down from the last release, which is
    good for this late in the series. No one area has received too
    much work, with a little bit sprinkled in here and there in
    both core code and drivers.
- Update to 19.0.4
  * It's been a pretty active release, especially for how late in
    the cyle we are. Radv was the busiest component, but there
    were also a few changes for intel, radeonsi, some core vulkan
    work, and a little bit of other stuff here and there.
- Update to 19.0.3
  * quiet release with just 19 patches (excluding release churn)
    since 19.0.2
  * no sub component was touched too much
  * virgl, glsl, nir, intel, radeonsi, radv, ac, and gallivm
    received a few patches
- Disable LTO (boo#1133265).
- Drop patches n_VDPAU-XVMC-libs-Replace-hardlinks-with-copies.patch
  and archlinux_0001-Fix-linkage-against-shared-glapi.patch:
  These patches only work when building mesa with autotools. As we use meson
  instead now, these patches do nothing.
- Drop version 19.0.1 tarballs
- Update to 19.0.2
  * Just a few fixes for radeon, a few for nir, a couple for radv,
    a couple for v3d, and a few other patches here and there.
- Update to 19.0.1
  * "/This is the first bug fix release of the 19.0 branch. It's
    been a pretty calm cycle, and there's not too much here. I
    think things are looking pretty good overall."/
- baselibs.conf: Mesa-libEGL-devel needs Mesa-KHR-devel (bsc#1117365)
- Mesa-libEGL-devel needs Mesa-KHR-devel (bsc#1117365)
- Remove imx from ARM drivers (dropped upstream)
- Update to 19.0.0
  * bug fixes and performance improvements
- adjusted n_drirc-disable-rgb10-for-chromium-on-amd.patch
- supersedes u_wayland_egl-Ensure-EGL-surface.patch
- Don't enable gallium_loader on ppc and s390x
- Fix configuration on non-gallium archs
- u_dep_xcb.patch: fix missing xcb dependencies
- avoid Mesa-drivers build failure for ppc64le reported by
- remove n_Disable-Xshm-for-now-since-it-results-in-render-erro.patch;
  keeping that one reintroduced render errors and missing screen
  refreshes on GNOME3 in a qemu VM (cirrus emulation); the issue has
  been fixed in a different and better way since 18.3.3; this is
  related to bsc#1118149
- Update to 18.3.4
  * A fix in the XvMC state-tracker, which was causing some video attributes to
    not take affect. On the video front the VAAPI state tracker has seen
    improvements with VP9 streams while the amdgpu driver advertises all available
  * On Intel side we have compiler fixes and extra PCI IDs for Coffee Lake and
    Ice Lake parts. In the Broadcom drivers a couple of memory leaks were
    addressed and the NEON assembly should compile properly on armhf.
  * Other drivers such as radeonsi, nouveau and freedreno have also seen some
    love. The RADV driver has seen addressed to compile correctly with GCC9
    amongst other changes.
  * The Xlib based libGL have been addressed to work with X servers, which lacks
    the MIT-SHM extension such as XMing.
  * To top it up we have a few fixes to the meson build system.
- Update to 18.3.3
  * In this release we have:
    A memory leak fix in the etnaviv driver, better NEON assembly code in vc4 and
    couple of stability improvements to the radeonsi driver. Another memory leak
    affecting all gallium drivers have also been addressed.
  * The time required to compile GLSL shaders with large amount of uniforms, such
    as Godot, has been improved.
  * GLX and swrast have also seen some improvements.
  * On the Vulkan side, the ANV driver adjusted the number of images supported
    for gen8 and earlier to 8, while for newer hardware it remains the same 64.
    The RADV driver has seens a collection of stability improvements and fix for
    the Vulkan version advertised in some corner cases.
  * To top it all up, the meson build system has seen a steady amount of fixes:
    the DSO version for the VDPAU drivers is now included, ICC compatibility
    patches, opencl handling and relaxed handling when building osmesa.
- adjusted n_Disable-Xshm-for-now-since-it-results-in-render-erro.patch
- Build Mesa with meson instead of automake
  + Build classic swrast with Mesa, as its a dependency for osmesa - delete it
    while installing
  + Build egl with Mesa-drivers as it demands one windowing-system -
    delete it while installing
- Update to 18.3.2
  * In this release candidate we have added more PCI IDs for AMD
    Vega devices and a number of fixes for the RADV Vulkan drivers.
  * On the Intel side we have a selection ranging from quad swizzles
    support for ICL to compiler fixes.
  * The nine state tracker has also seen some love as do the
    Broadcom drivers.
  * To top it all up, we have a healthy mount of build system fixes.
- redisabled support for tegra, since it just got disabled upstream
  in git master ...
- Enable the surfaceless platform, which is needed by KDE CI
  environment for testing (https://phabricator.kde.org/T10245)
- Add etnaviv, imx and tegra supports for %arm and arch64
- Only BuildRequire pkgconfig(vdpau) and pass --enable-vdpau to
  configure when building the drivers. Helps us break a build
- Update to 18.3.1
  * This version disables the VK_EXT_pci_bus_info extension due to
    last minute issues spotted in the specification.
- n_Disable-Xshm-for-now-since-it-results-in-render-erro.patch
  * Xshm results in render errors and missing screen refreshes on GNOME3
    in a qemu VM (cirrus emulation) [bsc#1118149]
- Fix baselibs.conf entry for Mesa-KHR-devel (missing "/-"/)
- Update to 18.3.0 final release
  * The top highlights include:
    + GL_AMD_depth_clamp_separate on r600, radeonsi.
    + GL_AMD_framebuffer_multisample_advanced on radeonsi.
    + GL_AMD_gpu_shader_int64 on i965, nvc0, radeonsi.
    + GL_AMD_multi_draw_indirect on all GL 4.x drivers.
    + GL_AMD_query_buffer_object on i965, nvc0, r600, radeonsi.
    + GL_EXT_disjoint_timer_query on radeonsi and most other Gallium drivers
    (ES extension)
    + GL_EXT_texture_compression_s3tc on all drivers (ES extension)
    + GL_EXT_vertex_attrib_64bit on i965, nvc0, radeonsi.
    + GL_EXT_window_rectangles on radeonsi.
    + GL_KHR_texture_compression_astc_sliced_3d on radeonsi.
    + GL_NV_fragment_shader_interlock on i965.
    + EGL_EXT_device_base for all drivers.
    + EGL_EXT_device_drm for all drivers.
    + EGL_MESA_device_software for all drivers.
  * Additional features:
    + VK_EXT_calibrated_timestamps
    + VK_EXT_pci_bus_info
    + VK_EXT_sampler_filter_minmax
    + VK_EXT_vertex_attribute_divisor v3
    + VK_GOOGLE_decorate_string
    + VK_GOOGLE_hlsl_functionality1
    + VK_KHR_driver_properties
    + VK_EXT_calibrated_timestamps
    + VK_EXT_conservative_rasterization
    + VK_EXT_pci_bus_info
    + VK_EXT_transform_feedback
    + VK_EXT_vertex_attribute_divisor v3
    + VK_GOOGLE_decorate_string
    + VK_GOOGLE_hlsl_functionality1
    + VK_KHR_driver_properties
- supersedes u_constify-struct-drisw_loader_funcs.patch,
- Add u_wayland_egl-Ensure-EGL-surface.patch: wayland/egl: Ensure
  EGL surface is resized on DRI update_buffers(). Patch is sent
  upstream already.
- Update to 18.3.0-rc5
  * fifth release candidate for Mesa 18.3.0
- added libGL-Mesa-devel split-off provides to Mesa-KHR-devel
  package, since /usr/include/KHR/khrplatform.h moved between
  these two packages (related to bsc#1117365)
- Place khrplatform.h into new package Mesa-KHR-devel. It is now
  required by all devel packages that need it. (bsc#1117365)
- Remove n_drisw-Do-not-use-drisw_put_image_shm.patch,
  add u_constify-struct-drisw_loader_funcs.patch
  and u_drisw-use-separate-drisw_loader_funcs-for-shm.patch.
  * Replace workaround with proper fix for crash in VLC and
    possibly other applications. (boo#1113533)
- Use rpm variables for the drirc.d path
- Update to 18.3.0-rc4
  * fourth release candidate for Mesa 18.3.0
- Update to 18.3.0-rc3
  * third release candidate for Mesa 18.3.0
- moved /usr/include/KHR from libEGL-devel to libGL-devel since it's
  now being referenced by glext.h
- Update to 18.3.0-rc2
  * second release candidate for Mesa 18.3.0
- supersedes the following patches:
  * U_intel-aubinator-mark-ftruncate_res-as-MAYBE_UNUSED-i.patch
  * U_intel-decoder-mark-total_length-as-MAYBE_UNUSED-in-g.patch
  * U_python-Fix-rich-comparisons.patch
  * U_python-Use-key-functions-when-sorting-containers.patch
  * mako_4_radv.patch
- adjusted n_drirc-disable-rgb10-for-chromium-on-amd.patch
- /etc/drirc moved to /usr/share/drirc.d/00-mesa-defaults.conf
- n_drisw-Do-not-use-drisw_put_image_shm.patch
  * Workaround for applications that create GL context twice with
    different loaders. (boo#1113533)
- Update to 18.2.4
  * Different fixes for different drivers: freedreno, radeonsi,
    swr, anv and radv. Also there are fixes for ac, gallium,
    spirv and blorp.
- n_drirc-disable-rgb10-for-chromium-on-amd.patch
  * Disallow rgb10 configs for chromium with radeonsi to prevent
    broken colors in video. (boo#1113211)
- Update to 18.2.3
  * Different patches for the DirectX9 and DRI state trackers.
  * Several fixes and workarounds for different games, inlcuding
    RAGE, Yakuza and The Evil Within, Wolfenstein The Old Blood
    ARMA 3, or No Mans Sky.
  * A bunch of fixes for different drivers, including r600,
    nouveau, radeonsi, anv, radv, virgl, i965, nvc0 or nv50.
    Worth to mention a fix for GPU hangs in Radeonsi.
  * State Trackers also get different fixes and corrections.
  * Finally, fixes for GLSL and NIR are also in this queue.
- Update to 18.2.2
  * Different patches for the DirectX9 and DRI state trackers.
  * A patch to implement vkAcquireNextImage2 in the Intel and AMD
    vulkan drivers, as well as a patch for adding support for
    protected memory properties in GetPhysicalDeviceProperties2()
    for the former driver.
  * RADV also gets a patch to fix some issues with reflections in
    GTA V, and a patch to fix a GPU hang in SteamVR with Vega.
  * Finally, there are more fixes for Radeonsi, nvc0, vc4, and
    vulkan code.
- Drop usage of sha1sum, use sig and keyring verification instead.
  Following this, add key from Juan A. Suarez to keyring.
- Drop u_st-dri-don-t-set-queryDmaBufFormats-queryDmaBufModif.patch
  Fixed upstream.
- update to 18.2.1
  * Lot of fixes for Vulkan drivers.
- get rid of libwayland-egl1/libwayland-egl-devel completely; also
  for older Leap versions
- update to 18.2.0
  * This release consists of nearly 2200 commits from approximately
    130 developers.
  * The top highlights include:
  - OpenGL 4.3 on virgl.
  - OpenGL 4.4 Compatibility profile on radeonsi.
  - OpenGL ES 3.2 on radeonsi and virgl.
  - GL_ARB_ES3_2_compatibility on radeonsi.
  - GL_ARB_fragment_shader_interlock on i965.
  - GL_ARB_sample_locations and GL_NV_sample_locations on nvc0 (GM200+).
  - GL_ANDROID_extension_pack_es31a on radeonsi.
  - GL_KHR_texture_compression_astc_ldr on radeonsi.
  - GL_NV_conservative_raster and GL_NV_conservative_raster_dilate on
    nvc0 (GM200+).
  - GL_NV_conservative_raster_pre_snap_triangles on nvc0 (GP102+).
  - multisampled images on nvc0 (GM107+) (now supported on GF100+).
  * Additional features:
  - ANV Extensions:
  - VK_KHR_bind_memory2.
  - VK_KHR_external_fence.
  - VK_KHR_external_fence_capabilities.
  - VK_KHR_external_semaphore.
  - VK_KHR_external_semaphore_capabilities.
  - VK_KHR_maintenance2.
  - VK_KHR_maintenance3.
  - VK_KHR_multiview.
  - VK_KHR_relaxed_block_layout.
  - VK_KHR_sampler_ycbcr_conversion.
  - VK_KHR_8bit_storage.
  - VK_KHR_create_renderpass2.
  - VK_KHR_display.
  - VK_KHR_display_swapchain.
  - VK_KHR_external_fence_fd.
  - VK_KHR_external_semaphore_fd.
  - VK_KHR_get_display_properties2.
  - VK_KHR_image_format_list.
  - RADV Extensions:
  - VK_KHR_bind_memory2.
  - VK_KHR_external_fence.
  - VK_KHR_external_fence_capabilities.
  - VK_KHR_maintenance2.
  - VK_KHR_maintenance3.
  - VK_KHR_multiview.
  - VK_KHR_relaxed_block_layout.
  - VK_KHR_create_renderpass2.
  - VK_KHR_display.
  - VK_KHR_display_swapchain.
  - VK_KHR_draw_indirect_count.
  - VK_KHR_external_fence_fd.
  - VK_KHR_get_display_properties2.
  - VK_KHR_get_surface_capabilities2.
  - VK_KHR_image_format_list.
  - New GL extensions supported by all drivers:
  - GL_OES_EGL_image_external.
  - GL_OES_EGL_image_external_essl3.
  - freedreno:
  - GL 3.0's multisample anti-aliasing support on a5xx.
  - GL_ARB_texture_multisample support on a5xx.
  - GLES3.1's GS5 Packing/bitfield/conversion functions support on a5xx.
  - Dynamically uniform UBO array indices.
  - Packing/bitfield/conversion functions.
  - Enhanced textureGather.
  - GL_OES_texture_buffer.
  - GL_ARB_seamless_cubemap_per_texture.
  - i965:
  - GL_OES_texture_view on gen8+.
  - GL_EXT_texture_norm16.
  - nouveau:
  - GL_ARB_post_depth_coverage.
  - GL_ARB_sample_locations.
  - GL_EXT_texture_norm16.
  - r600:
  - GL_EXT_texture_norm16.
  - radeonsi:
  - GL_EXT_texture_norm16.
  - virgl:
  - GL_ARB_seamless_cubemap_per_texture.
  - GL_ARB_shader_stencil_export.
- supersedes u_r600-egd_tables.py-make-the-script-python-2-3-compat.patch,
- U_intel-decoder-mark-total_length-as-MAYBE_UNUSED-in-g.patch,
  * buildfixes ...
- update to 18.1.7
  * Mesa 18.1.7 is now available for general consumption. This
    release has been rather small compared to the last few
    release, There's just a handful of fixes in total. Meson,
    radv, anv, gallium winsys, intel, i965, and r600 were the
    only recipients of fixs this go around.
- Add wayland to egl_platforms for Leap 15.0+ and TW again (boo#1105798)
- update to 18.1.6
  * autotools fixes for libglvnd, libgl naming, and pkgconfig
  * meson fixed its handling of stale symlinks wrt megadrivers
  * windows relaged fixes
  * some bug fixes for clover
  * plenty of egl, wayland, glx, and dri3 fixes
  * a couple of nir fixes
  * and on the driver side, radv, intel, vc4, etnaviv, swr, r600, amd, and
    nouveau all had a few fixes
- supersedes archlinux_glvnd-fix-gl-dot-pc.patch
- disabled build of libwayland-egl for factory/sle16/Leap 16 now
  being provided by Wayland itself and probably be removed from
  Mesa soon; see also https://build.opensuse.org/request/show/613048
- update to 18.1.5
  * several fixes for radv
  * A few fixes for virgil, spirv, radeonsi, nir, disk cache and build
- Enable virgl on ARM
- update to 18.1.4
  * Several fixes for i965
  * Several fixes for anv
  * A few fixes each for radeonsi, glx, the glsl compiler, the
    autotools build, nir, st/dri, and r600
- Make build verbose as outlined in openSUSE:Specfile guidelines
- update to 18.1.3
  * numerous fixes for radv
  * some fixes for common radeon code
  * fixes for both the nir and glsl compilers
  * An i965 fix for some gpu hangs on SNB
- add mako_4_radv.patch - fixes Mako detection for RADV/intel
- update to 18.1.2
  * Fixes for libatomic checks on non-arm and non-x86 platforms
  * porting of additional libatomic checks to meson from autotools
  * numerous radv fixes
  * numerous intel fixes
  * A few fixes each for radeonsi, r300, ac, glx, and vulkan
- Update to 18.1.1
- drop U_dri3-Stricter-SBC-wraparound-handling.patch
  * Radv fixed one extension and several features on a per-generation basis.
  * Vulkan got fixes for a potential free of uninitialized memory
  * Tegra got modifier fixes.
  * nv30 fixed displayable formats.
  * i965 now works correctly for GLK 2x6 systems.
- Add patch U_dri3-Stricter-SBC-wraparound-handling.patch
  This fixes an error with timestamps, avoiding near infinite client
  hangs with the new X server 1.20 release and some clients, the most
  prominent being plasmashell & steam
  Bugentry: FDO#106351
- Fix python3-Mako dependency on <= Leap 42.3.
- Temporarily replace mesa-18.1.0.tar.xz.sig with
  mesa-18.1.0.tar.xz.sha1sum. The sig file uses EDDSA which is not
  supported by gpg in OBS at the moment.
- Update to 18.1.0
- refreshed archlinux_0001-Fix-linkage-against-shared-glapi.patch
- add u_intel_anv-make-scripts-python-2-3-compat.patch for build ANV
    with python
  * Vulkan 1.1 support for the ANV and RADV drivers.
  * RadeonSI and RADV have "/Vega M"/ GPU support for Kabylake G processors
  * A simple Gallium3D HUD option as an alternative to the advanced
    heads-up display
  * There is also now Vega 12 support too.
  * For new hardware support on the Intel side are the initial
    bits for Intel Icelake.
  * The Intel driver stack has meanwhile landed more SPIR-V
    bits towards OpenGL 4.6.
  * The Intel ANV driver has received new extensions too as well as
    enabling features like MSAA fast clears.
  * VP9 VA-API support for VCN and HEVC Main for VCN - Raven Ridge CPUs.
  * DRI3 1.1/1.2 support for going with the soon-to-be-out X.Org Server 1.20.
  * Etnaviv performance counter support when paired with the latest Etnaviv
    DRM in the mainline kernel.
  * The last-year-GSoC'ed OpenMAX Tizonia H.264 encoder/decoder.
  * UVD-based HEVC video encoding.
  * OpenGL 3.1 ARB_compatibility support for the major Gallium3D drivers.
  * RadeonSI 32-bit pointers support.
  * The Intel GLSL shader cache is enabled by default.
  * Nouveau NVC0 meanwhile finally has ARB_bindless_texture support.
  * On the old hardware front, R600g is now effectively at OpenGL 4.4
    for the Radeon HD 5800/6900 series.
- Update to 18.0.4
  * r600 driver gets a fix for constant buffer boounds, which
    fixes rendering bugs in Trine and Witcher 1.
  * Several fixes for RADV driver: fixes around alpha channel
    in Pre-Vega, fix in multisample image copies, and fixes
    around multilayer images in compute path.
  * For the case of ANV/i965 drivers, also a couple of fixes,
    all of them around ISP. On top, there are a couple of fixes
    relative to code emission around 16-bit integers, and a a
    fix for a leak in blorp for Gen4 and Gen5.
  * Speaking of leaks, there are also fixes for
    winsys/radeon/amdgpu and pipe-loader.gets a couple of patches
    to fix a couple of leaks.
  * SPIR-V part gets a patch to apply OriginUpperLeft to FragCoord.
  * Mesa core gets a couple of patches to fix error handling in
    get_framebuffer_parameteriv, and to add missing support for
- Update to 18.0.3
  * The is a fairly small release consisting of patches to fix leaks
    in RADV and Winsys, fix deadlock in internal queue, fix issues
    with ANV allocator, fix blit setup for YUV LoadImage, and some
    other patches.
- Update to 18.0.2
  * A couple of fixes for Meson that solves some problems regarding
    building tests and installation.
  * A couple of fixes in state tracker / DRI that was causing crashes
    in QtCreator and Firefox, among other problems.
  * A couple of fixes for GFX9, that solves a hang in the driver, and
    a problem with buffer views.
  * SVGA gets also a patch to fix incorrect advertizing of
    EGL_KHR_gl_colorspace extension.
  * Etnaviv gets a fix for swizzled texture formats.
  * Intel drivers get also several patches.
  * RADV gets a patch to solve a problem of lot of games complaining
    about not having enough memory.
- Update to 18.0.1
  * In this release we have:
  * On the build system to highlight Meson is get improved thorugh several patches
    that fix issues around it.
  * On the drivers part, RADV get several fixes: one for multisample regressions on
  Vega, another around GFX9 buffer views, and a couple of them more to related
  with avoiding emitting unneeded vertex state.
  * St/Nine get fixes around face register, lighting constants, math check for
    inversible matrix, implicit conversions and bad tracking of vertex textures.
  * Freedreno/a5xx get fixes around missaligned heigh for PIPE_BUFFER, and around
    page faults.
  * Several fixes are also enqueued for Intel driver: set right channel_sizes for
  MOV_INDIRECT sources, set right config registration for uploading to kernel,
  return the fourcc stored in __DRIimage when possible, fix negative sign in
  64-bit return values, fix null destination register in assembly instructions
  with 3 source operands, a fix for failed TCS/TES shader compilation
  * Queue also contains a couple of fixes around Gallium drivers, one to fix a typo
    in code that was causing wrong return value, and another one to fix an
    unitialized modifier for DRI2.
  * Mesa core gets a couple of patches to fix issues around overriding OpenGL/ES
    supported version through environment variables, and a patch to fix an issue
    with texture samples found in "/The Witness"/ through Wine.
  * A couple of bugs around unrolling loops have also been fixed, these patches were
    applied for NIR and GLSL.
  * On top of above, NIR gets more fixes in a couple of lowering functions used:
    coalesce in lower_vec_to_movs if vec had a SSA destination, and interp_var_at
    intrinsic support in lower_indirect_derefs. It also gets a fix around
    vars_to_ssa function.
  * Finally, there are other fixes affecting Radeonsi, AC, EGL/Wayland and SPIR-V
- enabled opencl and that way also Mesa-gallium on 42.3 since we
  now build against llvm 6; this also fixes the requirements from
  Mesa-32bit to Mesa-gallium-32bit in baselibs.conf (reported by
- Remove n_Disable-AMDGPU-GFX9-Vega-on-LLVM-lessthan-6.0.0.patch.
  * Not needed since we build Mesa against LLVM 6. (bnc#1082298)
- Remove u_Fix-crash-in-swrast-when-setting-a-texture-for-a-pix.patch.
  * It was disabled for long time and does not seem to be needed.
- Enable nine on arm/aarch64
- Update to 18.0.0 final
  * one-and-only change since 18.0.0-rc5: updated release notes
- Changes since 17.3
  * The top highlights include:
    + Cannonlake support on i965 and anv
    + GL 4.3/GLES 3.1 support  on r600/evergreen with hw fp64 support
    + Meson build system
  * ANV Extensions:
    + VK_EXT_external_memory_dma_buf
  * RADV Extensions:
    + VK_ANDROID_native_buffer
    + VK_KHR_external_fence
    + VK_KHR_external_fence_capabilities
    + VK_KHR_external_fence_fd
    + VK_KHR_get_surface_capabilities2
    + VK_EXT_discard_rectangles
    + VK_EXT_external_memory_dma_buf
    + VK_AMD_shader_info
  * EGL:
    + Support for RGBA/RGBX 1010102 formats
    + EGL_EXT_pixel_format_float
    + Final planned release to ship wayland-egl. Now provided by wayland.
  * GLX:
    + Darwin/Apple fixes
  * Mesa core
    + Support 1 binary format for GL_ARB_get_program_binary on i965
    + drirc workarounds:
    (*) Unreal 4 Editor
    (*) Observer
    (*) Steamroll
    (*) Refunct
  * drirc mesa_glthread whitelists:
    + Mount and Blade Warband
- i965:
  * Disk shader cache when MESA_GLSL_CACHE_DISABLE is set to "/false"/
  * GL_EXT_disjoint_timer_query on gen6+
- Update to 18.0.0-rc5
  * The fifth and final release candidate for Mesa 18.0.0. Modulo
    serious regressions, it is anticipated that it will become
    Mesa 18.0.0 this Friday (2018-03-23) around 16:00 GMT
- supersedes u_glsl-linker-error.patch
- no longer try to use non-existing python3-mako as BuildRequires
  on Leap 42.3
- u_st-dri-don-t-set-queryDmaBufFormats-queryDmaBufModif.patch
  * Fixes laggy mouse in Wayland. (fdo#104926)
- replaced u_r600-egd_tables.py-added-support-for-python-3.patch
  with fixed u_r600-egd_tables.py-make-the-script-python-2-3-compat.patch
  and enabled it again; removed again n_egd_tables_h.patch (boo#1082303)
- added n_egd_tables_h.patch and disabled u_mesa-python3-only.patch
  * use pregenerated egd_tables.h (via python2) instead of trying
    to generate it during buildtime with python3 using an apparently
    broken patch (boo#1082303)
- removed more unneeded buildrequires: libudev, openssl, bison,
  flex (boo#1082312)
- removed u_configure.ac-Link-to-libLLVMCodegen-to-fix-cyclic-li.patch
  which is no longer needed due to changed LLVM build (boo#1082307)
- merge content of new rpmlintrc into existing Mesa-rpmlintrc file
- no longer run ldconfig for the follwing backend (ICD) drivers,
  since it's considered wrong: xvmc, vdpau, va, opencl, and vulkan;
  required adding a rpmlintrc file with appropriate rules
- removed no longer needed ncurses-devel BuildRequires (boo#1082315)
- redone u_add_llvm_codegen_dependencies.patch and renamed to
- removed u_mesa-8.0.1-fix-16bpp.patch and
  u_mesa-8.0-llvmpipe-shmget.patch, which we no longer apply since
  about 5 years (boo#1082305)
- recreated u_mesa-python3-only.patch and renamed to
  u_r600-egd_tables.py-added-support-for-python-3.patch; also
  removed first hunk (boo#1082303)
- removed n_Define-GLAPIVAR-separate-from-GLAPI.patch
  * bits moved to libGLw's n_Use-newly-introduced-GLAPIVAR-for-variables.patch
- Mesa-gallium only exists if %{with_opencl}
- Add support for riscv64
- Split Nouveau and VC4 from the main driver package on all systems
  Fixes (boo#1081210).
- remove %{release} based dependecies
  Unfortuanetly Mesa and Mesa-drivers can have different release number
  Release is Commit_Count.Build_Count and build count can be different
  because both packages have different dependencies
- add u_glsl-linker-error.patch
  * Fix attaching multiple shader objects for the same stage to a
    GLSL program triggers a linker error (fdo#104777, bnc#1080492)
  * Fixes issue with wine applications.
- Added %{release} so the correct package release is used
  when a package has been patched
- Update to 18.0.0-rc4
- supersedes u_mesa-st-shader_cache-restore-num_tgsi_tokens-when-loading.patch
- u_mesa-st-shader_cache-restore-num_tgsi_tokens-when-loading.patch
  * Fix crash when loading shader. (bnc#1079465)
- Update to 18.0.0-rc3
  * includes significant improvements for OpenGL and Vulkan support
    and performance.
- supersedes U_intel-Add-more-Coffee-Lake-PCI-IDs.patch
- Remove dependency on clang-devel-static. (bnc#1065464)
  * It was removed, clang-devel now again provides everything
    necessary as shared libraries.
- Require Mesa-dri-32bit and Mesa-gallium-32bit by Mesa-32bit. It
  mirrors the requirement of the normal packages. (bnc#1078261)
- Disable AMDGPU GFX9/Vega with LLVM < 6.0.0.
  * n_Disable-AMDGPU-GFX9-Vega-on-LLVM-lessthan-6.0.0.patch
  * While it is supported since LLVM 5.0.0, it was not working
    correctly (bnc#1075901). Since we do not have the resources to
    determine which fixes should be backported and LLVM 6 will be
    released relatively soon, disable the support until then. Users
    with the card will have working desktop using software
    rendering just like they did with LLVM 4.
- in spec file move %dir %{_libdir}/dri to avoid ppc build failure
- Update to 17.3.3
  * Fixes to radv, anv, etnaviv, swrast and radeonsi drivers.
  * Fixes for DRI3.
- Make Mesa require Mesa-dri and Mesa-gallium. This makes Mesa
  usable again for users who do not install recommended packages.
  It breaks the Mesa and Mesa-drivers split, which has to be fixed
  by ignoring it in obs.
- Add _constraints to select 6G disk for PowerPC
  to avoid cpio: write error on obs-power8-05 workers boo#1076325
- U_intel-Add-more-Coffee-Lake-PCI-IDs.patch
  * Add more Coffeelake PCI IDs (request by Intel)
- Update to 17.3.2
  * Multiple fixes in the RADV Vulkan driver, workaround when using
    slibtool and a GLSL workaround for various titles using Unreal
    Engine 4.
- Drop upstreamed u_r600-Add-support-for-B5G5R5A1.patch
- Modify u_mesa-python3-only.patch to not break python 2.
- Update to 17.3.1
  * Multiple fixes and improvements of the GLSL shader cache. The
    RADV driver no longer advertises VK_EXT_debug_report - there is
    no support for it.
  * The i965, radeonsi, nvc0 and freedreno drivers have received a
    few small fixes each.
  * A number of big endian fixes have been merged.
- Switch to python3 during build instead of python2
  * Add patch u_mesa-python3-only.patch
- Add Mesa-dri and Mesa-gallium to baselibs.conf.
- Require llvm >= 3.9.0
  * The build fails otherwise because it is required for multiple
    Mesa components.
- Drop some redundant wording from descriptions.
  Drop redundant %if guard around a %post section.
- Use different form of split for faster build (bnc#1071297)
  * Mesa.spec does not use llvm and builds most of the *-devel
  * Mesa-drivers.spec uses llvm and builds extra things installable
    in addition to packages from Mesa.spec. These packages are
    required for actual rendering.
- update to 17.3.0
- drop U_configure.ac-rework-llvm-libs-handling-for-3.9.patch
  * new major release comitng with changes in RADV, intel ANV,
    S3TC support, RadeonSI driver with RX Vega. On-disk shader cache
- Split Mesa into Mesa and Mesa-mini. Mesa-mini does not depend on
  llvm and its purpose is to build fast and allow other packages
  that BuildRequire Mesa to be build independently on llvm.
  Packages built against Mesa-mini should work correctly when
  installed with full Mesa package. (bsc#1071297)
- update to 17.2.6
  * Core: fix to keep a program alive when re-linking and prevent
    an use-after-free.
  * GLSL compiler: several fixes, including one to prevent a
    SIGSEV when calling an undeclared subroutine in certain
    conditions and another to mark the xfb buffers as active only
    if a variable uses them.
  * SPIR-V compiler: fixed seveal problems involving the usage of
    separate images and texture/samplers.
  * Intel drivers: many new fixes, specially for i965. Several are
    focused on improving SIMD32 and little-core. It also includes a
    fix for a GPU hang which was detected while playing HW
    accelerated video with mpv.
  * AMD drivers: radv has seen plugged 2 memory leaks while r600
    has gotten a fix through reversing the tess factor components
    for isolines.
  * swr driver: fixes for two performance regressions (one for
    avx512 platforms and the other for the avx/avx2 platforms).
  * ddebug gallium driver: fix for an use-after-free.
  * EGL: Wayland platform of the the DRI2 drivers got a fix to
    prevent crashing in ancient systems.
  * GLX has also received corrections to prevent a couple of errors
    when creating and binding a context in DRI3 and DRISW,
  * Build and integration: allow building libglvnd when EGL is present
    but not GLX. Enable building targets which don't need X11, such
    as omx and va, when XCB is not present. You can now specify
    the prefix installation for the OpenCL icd file.
- update to 17.2.5
  * In Core, a GL error related to the ARB_ES3_1_compatibility spec
    noticed with the GFXBench 5 Aztec Ruins has been corrected.
  * The GLSL compiler is not giving a linker error for mismatching
    uniform precision with GLSL ES 1.00 any more. This enables,
    specially, several Android applications which violate this rule,
    e.g., Forge of Empires.
  * The SPIR-V compiler has corrected an assert triggered when
    support for the simple memory model was claimed.
  * NIR has also received a correction related with
  * Intel drivers, specially i965, got several fixes, including a
    plug for a memory leak and another one in the compiler to avoid
    GPU hangs on Broxton.
  * The gallium i915g driver for Intel has seen an important fix.
  * AMD drivers (mostly radv) have received several fixes, including a
    correction for a DCC corruption that was visible with Rust,
    breaking an endless loop in r600, avoiding a GPU hang with vulkan
    dota2 in VR mode and a plug for a memory leak.
  * Broadcom's vc4 gotten a fix to exclude some code that shouldn't
    be there in release builds.
- update to 17.2.4
  * Mesa Core includes a change to prevent KOTOR from breaking when
  in combination with the ATI fragment shader extension.
  * Additionally, NIR has also received a correction.
  * Mesa's state tracker has gotten a patch to avoid leaks in
  certain situations such as resizing a window.
  * Intel drivers have received fixes. The compiler has
  gotten a couple, while anv also received one.
  * i965 got a patch to avoid VA-API, Beignet and other contexts
  in the system to break when in combination with previous versions of Mesa 17.2.x.
  * AMD's compiler received fixes. `radv` has also
  received another couple, including one to avoid a hang due to
  overflow on huge textures.
  * Broadcom's vc4 has corrected a problem when compiling with
  Android's clang.
  * Clover compilation issue fixed (affecting a specific clang revision)
  * Fixed Vulkan's WSI memory leak in X11.
- update to 17.2.3
  * The Vulkan drivers ANV and RADV have multiple small fixes.
  * The EGL code has improved handling of the new wl_dmabuf codepath.
  * SWR no longer crashes when checking environment variables.
  * Other gallium drivers have also seen updates - freedreno, nouveau and
    radeonsi. The gallivm module, used by llvmpipe et al. has gained little
    endian PPC64 fixes.
  * The VA and VDPAU state-trackers have seems improvements handling
    interlaced videos.
  * We're using python3 compatible constructs which gives us SCons 3.0
- U_configure.ac-rework-llvm-libs-handling-for-3.9.patch
  * llvm-config 3.9 and higher works properly, use its values
    instead of guessing. Fixes build against llvm built as single
    shared library.
- svga is x86-only
- u_svga-Fix-build-on-ppc64le.patch: Remove
- Add build dependency on clang-devel-static.
  * Required with new llvm4 build mode (bnc#1049703).
  * Also rename dependency llvm-clang-devel to clang-devel. The
    llvm-clang-devel is old name kept around for compatibility.
- update to 17.2.2
  * several Vulkan ANV/RADV driver fixes including Wayland WSI
    improvements, RadeonSI / i965 / VC4 OpenGL fixes among other
    work, some fixes to common Gallium3D code, support for LLVM 5.0
    in Gallium3D when using the SCons build system, and a range of
    other fixes/improvements.
- Drop gallium svga driver for arm/aarch64. The svga driver is a vmware
  guest driver, thus only usable on x86(_64) platforms
- Also enable OpenCL on arm (32bit), llvm4 has reached Factory
- update to 17.2.1
  * drop upstreamed patches
  * fdo#100613 - Regression in Mesa 17 on s390x (zSystems)
  * fdo#101709 - [llvmpipe] piglit gl-1.0-scissor-offscreen regression
  * fdo#102454 - glibc 2.26 doesn't provide anymore xlocale.h
  * fdo#102467 - [src/mesa/state_tracker/st_cb_readpixels.c:178]: (warning)
    Redundant assignment
  * fdo#102502 - [bisected] Kodi crashes since commit 707d2e8b - gallium:
    fold u_trim_pipe_prim call from st/mesa to drivers
  * many fixes for RADV a glsl
- u_svga-Fix-build-on-ppc64le.patch
  * This let us compile the code on ppc64le, but it no-ops the log
- update to 17.2.0
  * many RADV/ANV Vulkan driver improvements
  * Vulkan and OpenGL performance improvements
  * more work towards OpenGL 4.6 compliance
  * a wealth of other open-source driver improvements
  * initial Raven Ridge support (used on Vega-class graphics)
  * Intel Cannonlake Support
- adjusted archlinux_0001-Fix-linkage-against-shared-glapi.patch
- update to 17.1.8
  * fdo#101334 - AMD SI cards: Some vulkan apps freeze the system
  * fdo#101766 - Assertion `!&quot;invalid type&quot;' failed when constant
    expression involves literal of different type<
  * fdo#102024 - FORMAT_FEATURE_SAMPLED_IMAGE_BIT not supported for D16_UNORM
    and D32_SFLOAT
  * fdo#102148 - Crash when running qopenglwidget example on mesa llvmpipe win32
  * fdo#102241 - gallium/wgl: SwapBuffers freezing regularly with swap
    interval enabled
  * fdo#101910 - [BYT]
  * fdo#102308 - segfault in glCompressedTextureSubImage3D
- Add patch to fix strtod on non-EN locale (boo#1055929):
  * n_force-xlocale-funcs.patch
- u_llvmpipe-lp_build_gather_elem_vec-BE-fix-for-3x16-lo.patch
  updated; fixes three of the four regressions observed (PPC64, S390)
  [fdo#100613, comment#42]
- Replace uses of arch directive with targettype within a package
  declaration to resolve incorrect dependencies placed on -32bit
- Removed n_glesv2.pc-Add-lGL-for-libglvnd-builds-boo-1052776.patch
  * The issue was in libglvnd which is fixed now. (boo#1052776)
- n_glesv2.pc-Add-lGL-for-libglvnd-builds-boo-1052776.patch
  glesv2.pc: Add "/-lGL"/ for libglvnd builds (boo#1052776)
- update to 17.1.6
  * fdo#97957 - Awful screen tearing in a separate X server with DRI3
  * fdo#101683 - Some games hang while loading when compositing is shut
    off or absent
  * fdo#101867 - Launch options window renders black in Feral Games
    in current Mesa trunk
  * and some other fixes as usualy
- u_r600-Add-support-for-B5G5R5A1.patch
  * Fixes rendercheck tests when X server accelerates using glamor.
- update to 17.1.5
  * fdo#100242 - radeon buffer allocation failure during startup of Factorio
  * fdo#101657 - strtod.c:32:10: fatal error: xlocale.h: No such file or directory
  * fdo#101666 - bitfieldExtract is marked as a built-in function
    on OpenGL ES 3.0, but was added in OpenGL ES 3.1
  * fdo#101703 - No stencil buffer allocated when requested by GLUT
  * and other bugfixes
- update to 17.1.4
  * fdo#77240 - khrplatform.h not installed if EGL is disabled
  * fdo#95530 - Stellaris - colored overlay of sectors doesn't render on i965
  * fdo#96958 - [SKL] Improper rendering in Europa Universalis IV
  * fdo#99467 - [radv] DOOM 2016 + wine. Green screen everywhere
  * fdo#101071 - compiling glsl fails with undefined reference to `pthread_create'
  * fdo#101252 - eglGetDisplay() is not thread safe
  * fdo#101294 - radeonsi minecraft forge splash freeze since 17.1
  * fdo#101451 - [G33] ES2-CTS.functional.clipping.polygon regression
  * and some other fixes as usualy
- update to 17.1.3
  * fdo#100988 - glXGetCurrentDisplay() no longer works for FakeGLX contexts?
  * fixes for radv, radeonsi, i965
- Fix baselibs.conf -> boo#1044813
- added "/Requires: libclc"/ to Mesa-libOpenCL packages (boo#1044646)
- specfile: Remove requires to vulkan libs from baselibs.conf on
  platforms where vulkan build is disabled; ugly ... (bsc#1042900)
- update to 17.1.2
  * fdo#98833 - [REGRESSION, bisected] Wayland revert commit breaks
    non-Vsync fullscreen frame updates
  * fdo#100741 - Chromium - Memory leak
  * fdo#100877 - vulkan/tests/block_pool_no_free regression
  * fdo#101110 - Build failure in GNOME Continuous
  * many ANV, RADV, vulkan, i965 and egl fixes
- u_llvmpipe-lp_build_gather_elem_vec-BE-fix-for-3x16-lo.patch
  * Fix loading of a 3x16 vector as a single 48-bit load on
    big-endian systems (PPC64, S390). [fdo#100613]
- update to 17.1.1
- dropped patch:
  * fdo#100854 - YUV to RGB Color Space Conversion result is not precise
  * fdo#100925 - [HSW/BSW/BDW/SKL] Google Earth is not resolving
    all the details in the map correctly
  * radeonsi: add new vega10 pci ids
  * gbm/dri: Fix sign-extension in modifier query
  * radeon: automake: remove unneeded elf Cflags/Libs
  * egl: add g_egldispatchstubs.h to the release tarball
  * renderonly: Initialize fields of struct winsys_handle
  * vc4: Don't allocate new BOs to avoid synchronization when they're shared
  * anv: fix possible stack corruption
  * anv: don't leak DRM devices
  * glxglvnddispatch: Add missing dispatch for GetDriverConfig
  * nvc0/ir: SHLADD's middle source must be an immediate
  * nir/lower_tex: Fix minor error in YUV color conversion matrix
  * amd/addrlib: import Raven support
  * radeonsi/gfx9: add support for Raven
  * anv/formats: Update the three-channel BC1 mappings
  * 965/formats: Update the three-channel DXT1 mapping
  * radeonsi: mark fast-cleared textures as compressed when dirtying
  * radeonsi: fix primitive ID in fragment shader when using tessellation
  * radeonsi: fix gl_PrimitiveID in tessellation with instanced draws on SI
  * radeonsi: fix gl_PrimitiveIDIn in geometry shader when using tessellation
  * intel/isl/gen7: Use stencil vertical alignment of 8 instead of 4
  * mesa/st: fix yuv EGLImage's
  * virgl: fix virgl_bo_transfer_{put, get} box struct cop
  * 965/vec4/gs: restore the uniform values which was overwritten by failed
    vec4_gs_visitor execution
  * i965/vec4: fix swizzle and writemask when loading an uniform with constant offset
  * i965/vec4: load dvec3/4 uniforms first in the push constant buffer
  * gallivm: Make sure module has the correct data layout when pass manager runs
- specfile: libglvnd0 -> libglvnd; missed the package name
  change in libglvnd package (boo#1038619, comment#5)
- baselibs.conf: libglvnd0 -> libglvnd; missed the package name
  change in libglvnd package (boo#1038619)
- update to 17.1.0
- drop upstreamed patches:
  + New major release with:
  + OpenGL 4.2 support for Intel Ivy Bridge chips.
  + The RADV driver passes the Khronos CTS
  + Shader on-disk cache. Improving the startup and shader compilation
    times in some games.
  + This release includes significant performance improvements for games by
    Feral Interactive.
  * for full list of changes please check docs/relnotes/17.1.0.html
- update to 17.0.5
  * fdo#97524 - Samplers referring to the same texture unit with different
    types should raise GL_INVALID_OPERATION
  * nvc0/ir: Properly handle a "/split form"/ of predicate destination
  * nir: Destination component count of shader_clock intrinsic is 2
  * winsys/sw/dri: don't use GNU void pointer arithmetic
  * st/clover: add space between &lt; and ::
  * configure.ac: check require_basic_egl only if egl enabled
  * st/mesa: automake: honour the vdpau header install location
  * intel/fs: Use regs_written() in spilling cost heuristic for improved accuracy
  * intel/fs: Take into account amount of data read in spilling cost heuristic.
  * radv: report timestampPeriod correctly
  * anv/blorp: Flush the texture cache in UpdateBuffer
  * anv/cmd_buffer: Flush the VF cache at the top of all primaries
  * anv/cmd_buffer: Always set up a null surface state
  * anv/cmd_buffer: Use the null surface state for ATTACHMENT_UNUSED
  * anv/blorp: Properly handle VK_ATTACHMENT_UNUSED
  * i965/vec4: Avoid reswizzling MACH instructions in opt_register_coalesce()
  * st/mesa: invalidate the readpix cache in st_indirect_draw_vbo
  * anv/cmd_buffer: Disable CCS on BDW input attachments
  * mesa: fix remaining xfb prims check for GLES with multiple instances
  * mesa: validate sampler type across the whole program
  * vbo: fix gl_DrawID handling in glMultiDrawArrays
  * util/queue: don't hang at exit
  * mesa: fix remaining xfb prims check for GLES with multiple instances
  * mesa: extract need_xfb_remaining_prims_check
  * mesa: move glMultiDrawArrays to vbo and fix error handling
  + update Mesa.keyring to both upstream release managers
- u_gallivm-correct-channel-shift-logic-on-big-endian.patch:
  * instead of reverse applying a change on s390x
    ("/U_draw-use-SoA-fetch-not-AoS-one.patch"/) address the
    issue by a real fix (bsc#1032272, fdo#100613)
- baselibs.conf: added libvulkan_intel-32bit as a requirement for
  Mesa-libd3d (boo#1036282)
- No OpenCL on ppc
- let Mesa require Mesa-libEGL1 for a libglvnd build;
  xf86-video-amdgpu driver needs it for 2D support via glamor
- Add u_add_llvm_codegen_dependencies.patch to link to
  libLLVMCodegen to fix cyclic linking problems. bsc#981975
- Enable OpenCL for aarch64, ppc64 and ppc64le now, too.
  %arm is still left out, waiting for llvm4 to build.
- update to 17.0.4
  * fdo#100391 - SachaWillems deferredmultisampling asserts
  * fdo#100452 - push_constants host memory leak when resetting command buffer
  * fdo#100582 - piglit.spec.arb_stencil_texturing.glblitframebuffer corrupts
    state.gl_texture* assertions
  * radeonsi: add new polaris10 pci ids
  * fixes for anv, radv, i965 and nouveau drivers
- only reverse-apply 'U_draw-use-SoA-fetch-not-AoS-one.patch' on
  s390x (bsc#1032272)
- build wayland on Leap >= 42.3
- separate package 'Mesa-dri-nouveau' on Leap
- removed broken locking patches for nouveau DRI driver
  * N_01-WIP-nouveau-add-locking.patch
  * N_02-nouveau-more-locking-make-sure-that-fence-work-is-always-done-with-the-push-mutex-acquired.patch
  * N_03-nv30-locking-fixes.patch
  * N_04-nv50-Fix-double-lock-in-nv50_hw_sm_get_query_result.patch
  * N_05-Use-nv50_render_condition-in-nv50_blitctx_post_blit.patch
- let Mesa require Mesa-libGL1 for a libglvnd build (bsc#1033708)
- U_draw-use-SoA-fetch-not-AoS-one.patch
  * reverse-apply this patch to fix OpenGL support on s390x
- Prepare building OpenCL for non-x86 architectures, too
  * s390x can build it right away (swrast)
  * %arm aarch64 ppc64 ppc64le depend on LLVM amdgpu target for r600
- Fix typo in specfile comment
- update to 17.0.3
- change Mesa.keyring to new release manager key
  * fdo#96743 [BYT, HSW, SKL, BXT, KBL] GPU hangs with GfxBench 4.0 CarChase
  * fdo#99246 [d3dadapter+radeonsi] EVE-Online : hang on wormhole sight
  * fdo#100061 LODQ instruction generated with invalid dst mask
  * fdo#100182 Flickering in The Talos Principle on Sky Lake GT4
  * radeonsi: add new polaris12 pci id
  * many fixes for RADV, ANV, i915, radeonsi and freedreno drivers
- specfile: Remove requires to libglvnd0/libglvnd-devel from
  baselibs.conf when libglvnd build has been disabled; ugly ...
- specfile: only require libglvnd0/libglvnd-devel, if libglvnd build
  is enabled
- baselibs.conf: added requires to libglvnd0/libglvnd-devel where
- disable libglvnd for openSUSE Leap 42.x and sle12
- update to 17.0.2
  * fdo#97988 [radeonsi] playing back videos with VDPAU exhibits
    deinterlacing/anti-aliasing issues not visible with VA-API
  * fdo#99484 Crusader Kings 2 - Loading bars, siege bars, morale bars, etc.
    do not render correctly
  * fdo#100049 ralloc: Make sure ralloc() allocations match malloc()'s
    alignment. causes seg fault in 32bit build
  * many fixes for ANV, RADV, Vulkan and i965 + radeonsi drivers
- fedora_0001-glxglvnddispatch-Add-missing-dispatch-for-GetDriverC.patch
  * Fix glXGetDriverConfig not working with glvnd
- Fix indirect rendering, add libGLX_indirect.so.0 symlink
- added Requires to libglvnd0/libglvnd-devel where still needed
- patches picked from fedora:
- re-enabled GLES build with libglvnd build, just not package GLES
  libs and require libglvnd0/libglvnd-devel instead
- archlinux_0001-Fix-linkage-against-shared-glapi.patch
  * fixes libglvnd support for osmesa
- archlinux_glvnd-fix-gl-dot-pc.patch
  * fixes libglvnd support in pkgconfig file
- archlinux_0001-EGL-Implement-the-libglvnd-interface-for-EGL-v2.patch/
  * adds libglvnd support for EGL
- patches picked from archlinux:
- archlinux_glapi-Link-with-glapi-when-built-shared.patch
  * currently needed for libglvnd support; picked from archlinux
- fixed typo in Requires to libglvnd
- build with libglvnd support enabled (can be easily disabled via
  specfile define); requires libglvnd runtime and development
  packages; disabled build of GLESv1/v2 libs/packages provided now
  via libglvnd
- update to 17.0.1
  * radv: Never try to create more than max_sets descriptor sets.
  * radv: Reset emitted compute pipeline when calling secondary cmd buffer.
  * radv: Only use PKT3_OCCLUSION_QUERY when it doesn't hang.
  * radv: Use correct size for availability flag.
  * gallivm: Reenable PPC VSX (v3)
  * gallivm: Improve debug output (V2)
  * gallivm: Override getHostCPUName() "/generic"/ w/ "/pwr8"/ (v4)
  * egl/dri3: implement query surface hook
  * etnaviv: move pctx initialisation to avoid a null dereference
  * etnaviv: remove number of pixel pipes validation
  * anv: fix Get*MemoryRequirements for !LLC
  * egl/wayland: Don't use DRM format codes for SHM
  * tgsi: fix memory leak in tgsi sanity check
  * radv: change base aligmment for allocated memory.
  * radv: fix cik macroModeIndex.
  * radv: adopt some init config workarounds from radeonsi.
  * radv: fix depth format in blit2d.
  * radv: fix txs for sampler buffers
  * bin/get-extra-pick-list: use git merge-base to get the branchpoint
  * bin/get-extra-pick-list: rework to use already_picked list
  * bin/get-typod-pick-list.sh: limit `git grep ...' to only as needed
  * bin/get-pick-list.sh: limit `git grep ...' only as needed
  * bin/get-pick-list.sh: remove ancient way of nominating patches
  * bin/get-fixes-pick-list.sh: add new script
  * vc4: Avoid emitting small immediates for UBO indirect load address guards.
  * r300g: only allow byteswapped formats on big endian
  * gallium/u_queue: fix a crash with atexit handlers
  * gallium/u_queue: set num_threads correctly if not all threads start
  * glx/glvnd: Fix GLXdispatchIndex sorting
  * gm107/ir: fix address offset bitfield for ATOMS
  * nvc0: set the render condition in the compute object
  * st/mesa: don't pass compare mode for stencil-sampled textures
  * nvc0: disable linked tsc mode in compute launch descriptor
  * i965/sampler_state: Clamp min/max LOD to 14 on gen7+
  * i965/sampler_state: Pass texObj into update_sampler_state
  * i965/sampler_state: Set the "/Base Mip Level"/ field on Sandy Bridge
  * intel/blorp: Swizzle clear colors on the CPU
  * i965/fs: Fix the inline nir_op_pack_double optimization
  * anv: Add an invalidate_range helper
  * anv/query: clflush the bo map on non-LLC platforms
  * genxml: Make MI_STORE_DATA_IMM more consistent
  * anv/query: Perform CmdResetQueryPool on the GPU
  * intel/blorp: Explicitly flush all allocated state
  * glsl: non-last member unsized array on SSBO must fail
  * mesa: Do (TCS && !TES) draw time validation in ES as well.
  * configure.ac: check require_basic_egl only if egl enabled
  * anv: wsi: report presentation error per image request
  * i965/fs: fix uninitialized memory access
  * radeonsi: fix UNSIGNED_BYTE index buffer fallback with non-zero start (v2)
  * gallium/util: remove unused u_index_modify helpers
  * gallium/u_index_modify: don't add PIPE_TRANSFER_UNSYNCHRONIZED
  * unconditionally
  * gallium/u_queue: fix random crashes when the app calls exit()
  * radeonsi: fix broken tessellation on Carrizo and Stoney
  * amd/common: fix ASICREV_IS_POLARIS11_M for Polaris12
  * android: radeonsi: fix sid_table.h generated header include path
  * android: glsl: build shader cache sources
  * configure.ac: Drop LLVM compiler flags more radically
  * winsys/amdgpu: reduce max_alloc_size based on GTT limits
  * radeonsi: handle MultiDrawIndirect in si_get_draw_start_count
  * radeonsi: fix UINT/SINT clamping for 10-bit formats on <= CIK
  * glsl: fix heap-use-after-free in ast_declarator_list::hir()
  * android: fix droid_create_image_from_prime_fd_yuv for YV12
- Use --enable-gallium-llvm only if llvm is available
- Provide libwayland-egl1 as -32bit compat library, required by
- Some %if around %post do not match with %if around %package;
  drop them altogether since they are not needed except around
- Rename wrongly-named libOSMesa9 to libOSMesa8
- update to 17.0.0
- removed n_Fixed-build-against-wayland-1.2.1.patch , version requirement
  bumped up by upstream.
  * Vulkan drivers:
  + Correctly return (and implement) VK_INCOMPLETE on multiple WSI queries
  + Support for the VK_KHR_sampler_mirror_clamp_to_edge extension
  + We now use the Khoronos vk.xml file to generate the entrypoints
  * ANV:
  + HiZ and performance improvements
  + Float64 support and tessellation shader support.
  * RADV:
  + Support multiple devices
  + Support for the VK_AMD_draw_indirect_count extension
  + Support for the VK_AMD_negative_viewport_height extension
  * Mesa core:
  + Noticeable refactoring en route to GLSL Shader Cache
  + Groundwork for int64
  * i965:
  + OpenGL 4.5 support on Haswell hardware
  + Reuse the same BLORP and ISL code as the ANV driver
  * Gallium:
  + HUD: A number of race issues and memory leaks were resolved.
  * freedreno
  + Support for a5xx
  * nouveau:
  + OpenGL 4.3 support on Maxwell hardware
  + Improved performance due to instruction pipelining (Maxwell)
  * r600/radeonsi
  + VCE: Handle H.264 level 5.2
  + Polaris12 support
  + Dozens of performance improvements
  * Clover:
  + Implement clGetExtensionFunctionAddressForPlatform.
  + Add missing clGetDeviceInfo CL1.2 queries
  * VDPAU:
  + Use dri3 to directly send the buffer to X
  * Build:
  + Building RADV requires --enable-gallium-llvm
  + Compatibility fixes for building mesa as part of ARC
  + The vulkan headers vk_platform.h and vulkan.h are no longer installed
  + A couple of configure options (--with-sha1 and --disable-shader-cache) are
    removed alongside their respective library requirements.
- specfile: fix build configuration for arm, ppc and s390 platforms
- update to 13.0.4
  * Multiple fixes for the i965 and radeonsi drivers. An odd glitch
    in glxgears when using the freedreno driver was also addressed.
  * The ANV driver being the prime source of patches - from
    compatibility improvements with newer Vulkan loaders,
    smoketesting and various rendering and compliance fixes.
  * A couple of longstanding issues in the VA state tracker have
    also been resolved.
- baselibs.conf: replaced definition of packages, which default is
  not set to be built in specfile to
    arch aarch64 ppc64 ppc64le s390x x86_64 package <package>
  in order to make "/osc service localrun source_validator"/ happy :-(
- Update baselibs.conf to ship i386 vulkan json files on x86_64
- Updated baselibs.conf to reflect libvulkan_radeon
- Enabled RADV vulkan driver for AMD GPU cards
- update to 13.0.3
  + dropped U_cso-don-t-release-sampler-states-that-are-bound.patch
  * fdo#77662 Fail to render to different faces of depth-stencil cube map
  * fdo#92234 [BDW] GPU hang in Shogun2
  * fdo#98329 dEQP-EGL.functional.image.render_multiple_contexts.gles2_renderbuffer_depth16_depth_buffer
  * fdo#99038 dEQP-EGL.functional.negative_api.create_pixmap_surface crashes
  * many radeonsi and i965 bugfixes
- clean up configuration settings to be uniform accross all
  architectures except for list of dri and gallium drivers
- U_cso-don-t-release-sampler-states-that-are-bound.patch:
  This avoids Radeon hangs due to a use-after-free bug in Gallium.
  Fixes (boo#1015012), (fdo#93649)
- update to 13.0.2
  * fdo#97321 Query INFO_LOG_LENGTH for empty info log should return 0
  * fdo#97420  &quot;#version 0&quot; crashes glsl_compiler
  * i965: Add some APL and KBL SKU strings
  * i965: Reorder PCI ID list to match release order
  * i965/glk: Add basic Geminilake support
  * wsi: fix VK_INCOMPLETE for vkGetSwapchainImagesKHR
  * ac/nir/llvm: fix channel in texture gather lowering code.
  * vulkan/wsi/x11: handle timeouts properly in next image acquire (v1.1)
  * vulkan/wsi: store present mode in swapchain base class
  * vulkan/wsi/x11: add support for IMMEDIATE present mode
  * vulkan/wsi/x11: Fix behavior of vkGetPhysicalDeviceSurfaceFormatsKHR
  * vulkan/wsi/x11: Fix behavior of vkGetPhysicalDeviceSurfacePresentModesKHR
  * cherry-ignore: add reverted LLVM_LIBDIR patch
  * anv: fix enumeration of properties
  * vc4: Don't abort when a shader compile fails.
  * vc4: Clamp the shadow comparison value.
  * vc4: Fix register class handling of DDX/DDY arguments.
  * util/disk_cache: close a previously opened handle in disk_cache_put (v2)
  * anv: Fix unintentional integer overflow in anv_CreateDmaBufImageINTEL
  * anv/format: handle unsupported formats properly
  * glcpp: Handle '#version 0' and other invalid values
  * glsl: Parse 0 as a preprocessor INTCONSTANT
  * anv/gen8: Stall when needed in Cmd(Set|Reset)Event
  * anv/wsi: Set the fence to signaled in AcquireNextImageKHR
  * anv: Rework fences
  * vulkan/wsi/wayland: Include pthread.h
  * vulkan/wsi/wayland: Clean up some error handling paths
  * vulkan/wsi: Report the correct min/maxImageCount
  * i965/gs: Allow primitive id to be a system value
  * anv: Handle null in all destructors
  * nir/spirv: Fix handling of gl_PrimitiveId
  * anv/blorp: Ignore clears for attachments first used as resolve destinations
  * anv: Implement a depth stall restriction on gen7
  * anv/cmd_buffer: Handle running out of binding tables in compute shaders
  * anv/cmd_buffer: Emit a CS stall before setting a CS pipeline
  * vulkan/wsi/x11: Implement FIFO mode.
  * isl: Fix height calculation in isl_msaa_interleaved_scale_px_to_sa
  * i965/hsw: Set integer mode in sampling state for stencil texturing
  * intel: Set min_ds_entries on Broxton.
  * i965: Fix compute shader crash.
  * mesa: Drop PATH_MAX usage.
  * i965: Fix GS push inputs with enhanced layouts.
  * vulkan/wsi: Add a thread-safe queue implementation
  * anv: fix multi level clears with VK_REMAINING_MIP_LEVELS
  * gbm: request correct version of the DRI2_FENCE extension
  * radeonsi: store group_size_variable in struct si_compute
  * glsl/lower_output_reads: fix geometry shader output handling with conditional emit
  * Fix races during _mesa_HashWalk().
  * mesa: fix empty program log length
- baselibs.conf: enabled build of 32bit Mesa-dri-nouveau package,
  e.g. required for Steam (bnc#1011156)
- update to 13.0.1
  * fdo#97715 [ILK,G45,G965] piglit.spec.arb_separate_shader_objects.misc
    api error checks
  * fdo#98012 [IVB] Segfault when running Dolphin twice with Vulkan
  * fdo#98512 radeon r600 vdpau: Invalid command stream: texture bo too small
  * i965: Fix GPU hang related to multiple render targets and alpha testing
  * Revert "/st/vdpau: use linear layout for output surfaces"/
  * ac/nir: add support for discard_if intrinsic (v2)
  * nir: add conditional discard optimisation (v4)
  * amd/addrlib: limit fastcall/regparm to GCC i386
  * anv: use correct .specVersion for extensions
  * vc4: Use Newton-Raphson on the 1/W write to fix glmark2 terrain.
  * ir: Flip gl_SamplePosition in nir_lower_wpos_ytransform().
  * anv/device: Return DEVICE_LOST if execbuf2 fails
  * vulkan/wsi/x11: Better handle wsi_x11_connection_create failure
  * vulkan/wsi/x11: Clean up connections in finish_wsi
  * anv: Better handle return codes from anv_physical_device_init
  * intel/blorp: Use wm_prog_data instead of hand-rolling our own
  * intel/blorp: Pass a brw_stage_prog_data to upload_shader
  * anv/pipeline: Put actual pointers in anv_shader_bin
  * anv/pipeline: Properly cache prog_data::param
  * intel/blorp: Emit all the binding tables
  * anv/device: Add an execbuf wrapper
  * anv: Add a cmd_buffer_execbuf helper
  * anv: Don't presume to know what address is in a surface relocation
  * anv: Add a new bo_pool_init helper
  * anv/allocator: Simplify anv_scratch_pool
  * anv: Initialize anv_bo::offset to -1
  * anv/batch_chain: Improve write_reloc
  * anv: Add an anv_execbuf helper struct
  * anv/batch: Move last_ss_pool_bo_offset to the command buffer
  * anv: Move relocation handling from EndCommandBuffer to QueueSubmit
  * anv/cmd_buffer: Take a command buffer instead of a batch in two helpers
  * anv/cmd_buffer: Enable a CS stall workaround for Sky Lake gt4
  * glsl: Update deref types when resizing implicitly sized arrays.
  * mesa: Fix pixel shader scratch space allocation on Gen9+ platforms.
  * anv: Do relocations in userspace before execbuf ioctl
  * egl: use util/macros.h
  * egl: make interop ABI visible again
  * glx: make interop ABI visible again
  * radeonsi: fix an assertion failure in si_decompress_sampler_color_textures
  * radeonsi: fix BFE/BFI lowering for GLSL semantics
  * glsl: fix lowering of UBO references of named blocks
  * st/glsl_to_tgsi: fix dvec[34] loads from SSBO
  * st/mesa: fix the layer of VDPAU surface samplers
  * gallium/hud: fix a problem where objects are free'd while in use.
  * gallium/hud: close a previously opened handle
  * gallium/hud: protect against and initialization race
  * mesa/glsl: delete previously linked shaders earlier when linking
- Build Mesa-dri-nouveau only where available
- Drop u_Mesa_i965-import-prime-buffers.patch: Upstream fixed the
  bug in a different way, and we should not keep the now obsolete
  patch (boo#991638, fdo#71759).
- update to 13.0.0
- openGL 4.5 with i965 driver on intel bbroadwell and newer hw
- openGL ES for haswell supports 3.1, skylake 3.2
- fixes for intel vulkan driver
- early support fot GP100
- better radeonSI performace
- dropped U_r300g-Set-R300_VAP_CNTL-on-RSxxx-to-avoid-triangle-flickering.patch
- refreshed u_Mesa_i965-import-prime-buffers.patch
- let Mesa-dri-nouveau supplement xf86-video-nouveau, so it  gets
  preselected as well once hardware supplements for Mesa-dri-nouveau
  match (bnc#1005323)
- Mesa.spec: %ifdef'd out patches by mistake
- Split off nouveau*_dri.so into Mesa-dri-nouveau.
  Nouveau's 3D support is too unstable to enable by default.
- Mesa.spec: Disable Nouveau locking patches by default
- U_r300g-Set-R300_VAP_CNTL-on-RSxxx-to-avoid-triangle-flickering.patch:
  Initialize RSxxx chipsets correctly (bsc#985650)
- N_01-WIP-nouveau-add-locking.patch
  Backport nouveau locking workaround to enable multithreading.
  Source: https://github.com/imirkin/mesa/commits/locking
  According to the author, crashes may still happen, but much more rarely.
  Tested on GK107.
  N_04-* and N_05-* include untested fixes for nv50.
  Fixes (boo#997171) as suggested in (fdo#91632).
- Add u_Mesa_i965-import-prime-buffers.patch: i965: import prime
  buffers in the current context, not screen (fdo#71759,
- update to 12.0.3
  * fdo#97781 - [HSW, BYT, IVB] es2-cts.gtf.gl2extensiontests.depth_texture_cube_map.depth_texture_cube_map
  * Revert "/i965/miptree: Stop multiplying cube depth by 6 in HiZ calculations"/
- update to 12.0.2
  * fdo#69622 - eglTerminate then eglMakeCurrent crahes
  * fdo#89599 - symbol 'x86_64_entry_start' is already defined when building
    with LLVM/clang
  * fdo#91342 - Very dark textures on some objects in indoors environments in
    Postal 2
  * fdo#92306 - GL Excess demo renders incorrectly on nv43
  * fdo#94148 - Framebuffer considered invalid when a draw call is done
    before glCheckFramebufferStatus
  * fdo#96274 - [NVC0] Failure when compiling compute shader: Assertion
    `bb-<getFirst()-<serial >= bb-<getExit()-<serial' failed
  * fdo#96358 - SSO: wrong interface validation between GS and VS (regresion
    due to latest gles 3.1)
  * fdo#96381 - Texture artifacts with immutable texture storage and mipmaps
  * fdo#96762 - [radeonsi,apitrace] Firewatch: nothing rendered
    in scrollable (text) areas
  * fdo#96835 - "/gallium: Force blend color to 16-byte alignment"/ crash with
    "/-march=native -O3"/ causes some 32bit games to crash
  * fdo#96850 - Crucible tests fail for 32bit mesa
  * fdo#96908 - [radeonsi] MSAA causes graphical artifacts
  * fdo#96911 - webgl2 conformance2/textures/misc/tex-mipmap-levels.html
    crashes 12.1 Intel driver
  * fdo#96971 - invariant qualifier is not valid for shader inputs
  * fdo#97039 - The Talos Principle and Serious Sam 3 GPU faults
  * fdo#97207 - [IVY BRIDGE] Fragment shader discard writing to depth
  * fdo#97214 - X not running with error &quot;Failed to make EGL context current
  * fdo#97225 - [i965 on HD4600 Haswell] xcom switch to ingame cinematics cause
    segmentation fault
  * fdo#97231 - GL_DEPTH_CLAMP doesn't clamp to the far plane
  * fdo#97307 - glsl/glcpp/tests/glcpp-test regression
  * fdo#97331 - glDrawElementsBaseVertex doesn't work in display list on i915
  * fdo#97351 - DrawElementsBaseVertex with VBO ignores base vertex on
    Intel GMA 9xx in some cases
  * fdo#97426 - glScissor gives vertically inverted result
  * fdo#97476 - Shader binaries should not be stored in the PipelineCache
  * fdo#97567 - [SNB, ILK] ctl, piglit regressions in mesa 12.0.2rc1
  + many other fixes from 12.0.1
- update to 12.0.1
  * Vulkan driver for Intel hardware from Ivy Bridge onward.
  * OpenGL 4.3 for nvc0, radeonsi and i965 (Gen8+)
  * OpenGL ES 3.1 on nvc0 and radeonsi
  * DRI3 enablement for VDPAU, OMX and VAAPI
- Fix Group tag.
- update to 12.0.0-rc4 final RC
- moved libxatracker package definition to the end to get rid of
  issues related to the special version of this package
- let Mesa-libVulkan-devel conflict with vulkan-devel due to file
  conflics in both packages
- Update to version 12.0.0-rc2
  * Bug fixes and performance improvements
- supersedes patches:
- removed option for build in verbose log mode
- improved Group tag for libVulkan-devel
- fixed 'osc service localrun download_files' run by removing
  rc release from version define
- fix vulkan naming scheme, add supplement for xf86-video-intel
- Fix Requirement for Mesa-libVulkan-devel, not Mesa-libvulkan, but
- x86: enable virgl gallium driver
- Update to version 12.0.0-rc2:
- New features:
  + OpenGL 4.3 on nvc0, radeonsi, i965 (Gen8+)
  + OpenGL ES 3.1 on nvc0, radeonsi
  + GL_ARB_ES3_1_compatibility on nvc0, radeonsi
  + GL_ARB_compute_shader on nvc0, radeonsi, softpipe
  + GL_ARB_cull_distance on i965/gen6+, nv50, nvc0, llvmpipe, softpipe
  + GL_ARB_framebuffer_no_attachments on nvc0, r600, radeonsi, softpipe
  + GL_ARB_internalformat_query2 on all drivers
  + GL_ARB_query_buffer_object on i965/hsw+
  + GL_ARB_robust_buffer_access_behavior on i965, nvc0, radeonsi
  + GL_ARB_shader_atomic_counters on radeonsi, softpipe
  + GL_ARB_shader_atomic_counter_ops on nvc0, radeonsi, softpipe
  + GL_ARB_shader_image_load_store on nvc0, radeonsi, softpipe
  + GL_ARB_shader_image_size on nvc0, radeonsi, softpipe
  + GL_ARB_shader_storage_buffer_objects on radeonsi, softpipe
  + GL_ATI_fragment_shader on all Gallium drivers
  + GL_EXT_base_instance on all drivers that support GL_ARB_base_instance
  + GL_EXT_clip_cull_distance on all drivers that support GL_ARB_cull_distance
  + GL_KHR_robustness on i965
  + GL_OES_copy_image on i965 (Baytrail and Gen8+)
  + GL_OES_draw_buffers_indexed and GL_EXT_draw_buffers_indexed on all drivers
    that support GL_ARB_draw_buffers_blend
  +GL_OES_gpu_shader5 and GL_EXT_gpu_shader5 on all drivers that support
  +GL_OES_sample_shading on i965, nvc0, r600, radeonsi
  +GL_OES_sample_variables on i965, nvc0, r600, radeonsi
  +GL_OES_shader_image_atomic on all drivers that support
  +GL_OES_shader_io_blocks on i965, nvc0, radeonsi
  +GL_OES_shader_multisample_interpolation on i965, nvc0, r600, radeonsi
  + GL_OES_texture_border_clamp and GL_EXT_texture_border_clamp on all drivers
    that support +GL_ARB_texture_border_clamp
  + GL_OES_texture_buffer and GL_EXT_texture_buffer on i965, nvc0, radeonsi
  + EGL_KHR_reusable_sync on all drivers
  + GL_ARB_stencil_texture8 and GL_OES_stencil_texture8 on i965/gen8+
- Enable build of the Intel Vulkan driver (anv):
  + Introduce new packages: libVulkan and libVulkan-devel
- Remove upstreamed patches:
  + u_glxcmds-glXGetFBConfigs-fix-screen-bounds.patch
  + U_gallivm-disable-avx512-features.patch
- Upstream Patches:
  + U_anv-add-the-X-related-and-Wayland-CFLAGS-to-VULKAN.patch
  * Otherwise we might fail to find the headers in some scenarios.
- drop docs/COPYING: No GPL licensed code in Mesa resident (upstream change)
- U_gallivm-disable-avx512-features.patch:
  Fix crashes on some Skykake CPUs by disabling avx512 features
  (bsc#980557, bsc#981532).
- enable vc4 and freedreno on aarch64 as well
- u_glxcmds-glXGetFBConfigs-fix-screen-bounds.patch:
  Fix crash due to oud of founds screen (boo#980382).
- update to 11.2.2
- removed upstreamed patches:
    + u_dri2-Check-for-dummyContext-to-see-if-the-glx_context-is-valid.patch
    + u_dri3-Check-for-dummyContext-to-see-if-the-glx_contex.patch
  * fdo#92850 - Segfault loading War Thunder
  * fdo#93767 - Glitches with soft shadows and MSAA in Knights of the Old Republic 2
  * fdo#94955 - Uninitialized variables leads to random segfaults (valgrind log,
  apitrace attached)
  * fdo#94994 -  OSMesaGetProcAdress always fails on mangled OSMesa
  * fdo#95026 - Alien Isolation segfault after initial loading screen/video
  * fdo#95133 - X-COM Enemy Within crashes when entering tactical mission with Bonaire
  * fdo#95164 - GLSL compiler (linker I think) emits assertion upon call to
  * fdo#95251 - vdpau decoder capabilities: not supported
  * radeon/uvd: alignment fix for decode message buffer
  * st/mesa: fix sampler view leak in st_DrawAtlasBitmaps()
  * gallium/util: initialize pipe_framebuffer_state to zeros
  * dri: Fix robust context creation via EGL attribute
  * dri2: Check for dummyContext to see if the glx_context is valid
  * cherry-ignore: remove duplicate commit
  * cherry-ignore: ignore the GetSamplerParameterIuiv{EXT,OES} fixups
  * vc4: Fix subimage accesses to LT textures.
  * vc4: Add support for rendering to cube map surfaces.
  * vc4: Fix tests for format supported with nr_samples == 1.
  * vc4: Make sure we recompile when sample_mask changes.
  * glapi: fix _glapi_get_proc_address() for mangled function names
  * nvc0: fix retrieving query results into buffer for timestamps
  * nouveau/video: properly detect the decoder class for availability checks
  * i965/fs: Properly report regs_written from SAMPLEINFO
  * egl/x11: authenticate before doing chipset id ioctls
  * winsys/sw/xlib: use correct free function for xlib_dt-&gt;data
  * i965: Fix clear code for ignoring colormask for XRGB formats on Gen9+.
  * glsl: Convert lower_vec_index_to_swizzle to a rvalue visitor.
  * glsl: Lower vector_extracts to swizzles after lower_vector_derefs.
  * radeon/uvd: fix tonga feedback buffer size
  * st/mesa: fix blit-based GetTexImage for non-finalized textures
  * gallium/radeon: handle failure when mapping staging buffer
  * st/glsl_to_tgsi: reduce stack explosion in recursive expression visitor
  * gallium/radeon: fix crash in r600_set_streamout_targets
  * radeonsi: correct NULL-pointer check in si_upload_const_buffer
  * radeonsi: work around an MSAA fast stencil clear problem
  * r600g/radeonsi: send endian info to format translation functions
  * r600g: set endianess of 16/32-bit buffers according to do_endian_swap
  * r600g: use do_endian_swap in color swapping functions
  * r600g: use do_endian_swap in texture swapping function
  * r600g: fix and optimize tgsi_cmp when using ABS and NEG modifier
  * llvmpipe: (trivial) initialize src1_alpha var to NULL
  * gallivm: fix bogus argument order to lp_build_sample_mipmap function
  * gallivm: make sampling more robust against bogus coordinates
  * gk110/ir: do not overwrite def value with zero for EXCH ops
  * gk110/ir: make use of IMUL32I for all immediates
  * nvc0/ir: fix wrong emission of (a OP b) OP c
  * gk110/ir: add emission for (a OP b) OP c
  * nvc0: reduce GL_MAX_3D_TEXTURE_SIZE to 2048 on Kepler+
  * st/glsl_to_tgsi: fix potential crash when allocating temporaries
  * dri3: Check for dummyContext to see if the glx_context is valid
  * i965/blorp/gen7: Prepare re-using for gen8
  * i965/blorp: Use 8k chunk size for urb allocation
  * tgsi: initialize stack allocated struct
  * winsys/sw/dri: use correct free function for dri_sw_dt-&gt;data
  * android: enable dlopen() on all architectures
- u_dri3-Check-for-dummyContext-to-see-if-the-glx_contex.patch
  * dri3: Check for dummyContext to see if the glx_context is valid
    According to the comments in src/glx/glxcurrent.c
    __glXGetCurrentContext() always returns a valid pointer. If no
    context is made current, it will contain dummyContext. Thus a
    test for NULL will always fail.
- update to 11.2.1
  * It fixes crashes in VAAPI, some build problems in Nine has been addressed,
    adds a drirc workaround for Warsow and resolves issues in the nouveau,
    radeonsi and i965 drivers.
  * fdo#93962 ES2-CTS.gtf.GL2FixedTests.scissor.scissor - segfault/asserts
- update to 11.2.0
- dropped U_clover-Fix-build-against-LLVM-3.8.patch
- dropped U_llvmpipe-Do-not-use-barriers-if-not-using-threads.patch
- New Features:
  * GL_ARB_arrays_of_arrays on all gallium drivers that provide GLSL 1.30
  * GL_ARB_base_instance on freedreno/a4xx
  * GL_ARB_compute_shader on i965
  * GL_ARB_copy_image on r600
  * GL_ARB_indirect_parameters on nvc0
  * GL_ARB_query_buffer_object on nvc0
  * GL_ARB_shader_atomic_counters on nvc0
  * GL_ARB_shader_draw_parameters on i965, nvc0
  * GL_ARB_shader_storage_buffer_object on nvc0
  * GL_ARB_tessellation_shader on i965 and r600 (evergreen/cayman only)
  * GL_ARB_texture_buffer_object_rgb32 on freedreno/a4xx
  * GL_ARB_texture_buffer_range on freedreno/a4xx
  * GL_ARB_texture_query_lod on freedreno/a4xx
  * GL_ARB_texture_rgb10_a2ui on freedreno/a4xx
  * GL_ARB_texture_view on freedreno/a4xx
  * GL_ARB_vertex_type_10f_11f_11f_rev on freedreno/a4xx
  * GL_KHR_texture_compression_astc_ldr on freedreno/a4xx
  * GL_AMD_performance_monitor on radeonsi (CIK+ only)
  * GL_ATI_meminfo on r600, radeonsi
  * GL_NVX_gpu_memory_info on r600, radeonsi
  * New OSMesaCreateContextAttribs() function (for creating core profile contexts)
  + Many bugfixes, for more info see relnotes/11.2.0.html
- n_Define-GLAPIVAR-separate-from-GLAPI.patch:
  Add separate definition GLAPIVAR as GLAPI
  doesn't have the an 'extern' for some compiler
  versions. This is needed for GLw (bsc#970725).
- U_llvmpipe-Do-not-use-barriers-if-not-using-threads.patch
  * llvmpipe: Do not use barriers if not using threads; triggers
    on single cpu machines (like KVM in openQA) with gcc6 and
    latest glibc(bnc#971350)
- enable llvmpipe for aarch64 (fate#320649)
-  update to 11.1.2
  * Bugfix release:
  + fdo#93648 - Random lines being rendered when playing Dolphin (geometry shaders
    elated, w/ apitrace)
  + fdo#93650 - GL_ARB_separate_shader_objects is buggy (PCSX2)
  + fdo#93717 - Meta mipmap generation can corrupt texture state
  + fdo#93722 - Segfault when compiling shader with a subroutine that takes a parameter
  + fdo#93731 - glUniformSubroutinesuiv segfaults when subroutine uniform is bound
    to a specific location
  + fdo#93761 - A conditional discard in a fragment shader causes no depth
    writing at all
  + Some bugfixes in i965,nv50,radeonsi,r600g,vc4 drivers
- Add U_clover-Fix-build-against-LLVM-3.8.patch to fix build
  against llvm 3.8
- u_dri2-Check-for-dummyContext-to-see-if-the-glx_context-is-valid.patch
  Check for dummyContext to see if the glx_context is valid (boo#962609).
- n_VDPAU-XVMC-libs-Replace-hardlinks-with-copies.patch
  * Since these are packaged separately in (open)SUSE anyway, one
    can use copies as well. This makes debug packages possible
    again. (bnc #962609)
- update to 11.1.1
  * Bugfix release and adding KB Lake PCI id's
  + fdo#91806 - configure does not test whether assembler supports sse4.1
  + fdo#92229 - [APITRACE] SOMA have serious graphical errors
  + fdo#92233 - Unigine Heaven 4.0 silhuette run
  + fdo#93004 - Guild Wars 2 crash on nouveau DX11 cards
  + fdo#93215 - [Regression bisected] Ogles1conform Automatic mipmap
    generation test is fail
  + fdo#93257 - [SKL, bisected] ASTC dEQP tests segfault
  + fixes for r600,nv*,glx,glsl,radeonsi and i965
- Enable swrast gallium driver on s390/aarch64
- Exclude Mesa-libva on s390/s390x/aarch64
- Apply patch: st/va: hardlink driver instances to
  + u_st-va-hardlink-driver-instances-to-gallium_drv_video.patch
- Add Mesa-libva.
- update to 11.1.0, new stable release
  * New features:
  + Note: some of the new features are only available with certain drivers.
  + OpenGL 3.1 support on freedreno (a3xx, a4xx)
  + OpenGL 3.3 support for VMware guest VM driver (supported by Workstation 12
    and Fusion 8).
  + GL_AMD_performance_monitor on nv50
  + GL_ARB_arrays_of_arrays on i965
  + GL_ARB_blend_func_extended on freedreno (a3xx)
  + GL_ARB_clear_texture on nv50, nvc0
  + GL_ARB_clip_control on freedreno/a4xx
  + GL_ARB_copy_image on nv50, nvc0, radeonsi
  + GL_ARB_depth_clamp on freedreno/a4xx
  + GL_ARB_fragment_layer_viewport on i965 (gen6+)
  + GL_ARB_gpu_shader_fp64 on r600 for Cypress/Cayman/Aruba chips
  + GL_ARB_gpu_shader5 on r600 for Evergreen and later chips
  + GL_ARB_seamless_cubemap_per_texture on freedreno/a4xx
  + GL_ARB_shader_clock on i965 (gen7+)
  + GL_ARB_shader_stencil_export on i965 (gen9+)
  + GL_ARB_shader_storage_buffer_object on i965
  + GL_ARB_shader_texture_image_samples on i965, nv50, nvc0, r600, radeonsi
  + GL_ARB_texture_barrier / GL_NV_texture_barrier on i965
  + GL_ARB_texture_buffer_range on freedreno/a3xx
  + GL_ARB_texture_compression_bptc on freedreno/a4xx
  + GL_ARB_texture_query_lod on softpipe
  + GL_ARB_texture_view on radeonsi and r600 (for evergeen and newer)
  + GL_ARB_vertex_type_2_10_10_10_rev on freedreno (a3xx, a4xx)
  + GL_EXT_blend_func_extended on all drivers that support the ARB version
  + GL_EXT_buffer_storage implemented for when ES 3.1 support is gained
  + GL_EXT_draw_elements_base_vertex on all drivers
  + GL_EXT_texture_compression_rgtc / latc on freedreno (a3xx & a4xx)
  + GL_KHR_debug (GLES)
  + GL_NV_conditional_render on freedreno
  + GL_OES_draw_elements_base_vertex on all drivers
  + EGL_KHR_create_context on softpipe, llvmpipe
  + EGL_KHR_gl_colorspace on softpipe, llvmpipe
  + new virgl gallium driver for qemu virtio-gpu
  + 16x multisampling on i965 (gen9+)
  + GL_EXT_shader_samples_identical on i965.
  * +many bugfixes, please see relnotes
- Update to version 11.0.7
    + bugfixes release for bugs found since 11.0.6
    fdo#90348 - Spilling failure of b96 merged value
    fdo#92363 - [BSW/BDW] ogles1conform Gets test fails
    fdo#92438 - Segfault in pushbuf_kref when running the android
    emulator (qemu) on nv50
    fdo#93110 - [NVE4] textureSize() and textureQueryLevels() uses a texture
    bound during the previous draw call
    fdo#93126> - wrongly claim supporting GL_EXT_texture_rg
    + plus fixes for r600g,llvmpipe,i955,egl,gles2
- Add Mesa-libOpenCL.
- Update to version 11.0.6:
  + This release brings driver fixes for i965, r600, radeonsi,
    nouveau, vc4, and llvmpipe including a serious regression for
    r100/r200 era hardware.
  + Additional patches cover glsl, nir, mesa/meta and VC-1
- update to 11.0.5
  * With this release we have some driver patches for i965 and nouveau, a couple
    of llvm 3.7 related fixes and a some bugfixes in the VA state-tracker.
  * Additionally we have a few new PCI ids for i965 and radeonsi.
- update to 11.0.4
  * bug fix release which fixes bugs found since the 11.0.3 release
  * droped patches - merged by upstream:
  * This avoids a serious r600g bug leading to a GPU hang (bnc#951298)
- Update to 11.0.3
  * bug fix release which fixes bugs found since the 11.0.2 release
- Update to 11.0.2
  * This is a emergency release which covers the final dEQP
    regressions introduced in the 11.0 development cycle.
- update upstream status:
  * remove n_i965-Remove-early-release-of-DRI2-miptree.patch
  * add U_i965-Remove-early-release-of-DRI2-miptree.patch
- Update to 11.0.1
  * i965/vec4: Fix saturation errors when coalescing registers
  * i965/vec4_nir: Load constants as integers
  * meta: Abort meta pbo path if TexSubImage need signed unsigned
  * docs: add sha256 checksums for 11.0.0
  * Update version to 11.0.1
  * docs: add release notes for 11.0.1
  * t_dd_dmatmp: Make "/count"/ actually be the count
  * t_dd_dmatmp: Clean up improper code formatting from previous
  * t_dd_dmatmp: Use '& 3' instead of '% 4' everywhere
  * t_dd_dmatmp: Pull out common 'count -= count & 3' code
  * t_dd_dmatmp: Use addition instead of subtraction in loop
  * st/mesa: avoid integer overflows with buffers >= 512MB
  * nv50, nvc0: fix max texture buffer size to 128M elements
  * freedreno/a3xx: fix blending of L8 format
  * nv50,nvc0: detect underlying resource changes and update tic
  * nv50,nvc0: flush texture cache in presence of coherent bufs
  * radeonsi: load fmask ptr relative to the resources array
  * nir: Fix a bunch of ralloc parenting errors
  * i965/vec4: Don't reswizzle hardware registers
  * configure.ac: Add support to enable read-only text segment on
  * gbm: convert gbm bo format to fourcc format on dma-buf import
  * mesa: fix errors when reading depth with glReadPixels
  * i965: fix textureGrad for cubemaps
  * mesa: Fix texture compression on big-endian systems
- add n_i965-Remove-early-release-of-DRI2-miptree.patch (bnc#945444)
- marked Mesa.keyring and mesa-11.0.0.tar.xz.sig as source in
  specfile in order to make factory checkin policy happy
- Update to version 11.0.0
  * Mesa 11.0 brings core Mesa support for OpenGL 4.2, RadeonSI and Nouveau NVC0
  OpenGL 4.1 support (the other hardware drivers remain at OpenGL 3.3), AMDGPU
  kernel driver support along with initial R9 Fury/Fiji support, EGL 1.5 support,
  ongoing OpenGL ES 3.1 work, OpenCL compute image support, HEVC video decode
  support for RadeonSI via VDPAU, OpenGL ES 3.0 for Freedreno, and many fixes.
  + drop U_mesa-llvm37-rename-r600-to-amdgpu.patch and U_mesa-llvm37.patch
- Update to version 10.6.7
  + add gpg verification of source package
  * fdo#90751 Revert "/i965: Momentarily pretend to support
  ARB_texture_stencil8 for blits."/
  * mesa/teximage: use correct extension for accept stencil texture.
- Update to version 10.6.6:
  * This release includes patches for mesa core, i965 (regression
    fixes), r600 (assertions and crash fixes in the sb backend),
    radeonsi (workaround for GPU hang in Unigine Heaven) and
    nouveau (piglit tests).
- Replace libXvMC-devel and libexpat-devel for pkgconfig(xvmc) and
  pkgconfig(expat) BuildRequires.
- Add U_mesa-llvm37-rename-r600-to-amdgpu.patch to fix build with llvm 3.7
  due to rename of llvm target R600 to AMDGPU
- Add U_mesa-llvm37.patch to fix build with llvm 3.7
- Update to version 10.6.5:
  * Apart from the usual nouveau, i965 and radeon driver fixes,
    this time around we have a nouveau_vieux fix for a regression
    introduced with mesa 10.6.0 and a few even older big endian
    related bug-fixes.
- Replace libvdpau-devel for pkgconfig(vdpau) BuildRequires.
- update to 10.6.4
  * In this release we have a few GL specific fixes (in both dri
    drivers and the EGL loader), an updated mesa.icd file and a
    crashfix for the standalone glcpp tool.
- update to 10.6.3
  * fdo#90728 - dvd playback with vlc and vdpau causes segmentation fault
  * fdo#91337 - OSMesaGetProcAdress(&quot;OSMesaPixelStore&quot;) returns nil
  * osmesa: fix OSMesaPixelsStore typo
  * vl: cleanup video buffer private when the decoder is destroyed
  * st/vdpau: fix mixer size checks
  * auxiliary/vl: use the correct screen index
  * i965/gen9: Use custom MOCS entries set up by the kernel.
  * nv50, nvc0: enable at least one color RT if alphatest is enabled
  * nvc0/ir: fix txq on indirect samplers
  * nvc0/ir: don't worry about sampler in txq handling
  * gm107/ir: fix indirect txq emission
  * nv50: fix max level clamping on G80
  * program: Allow redundant OPTION ARB_fog_* directives.
  * xa: don't leak fences
- update to 10.6.2
  * fdo#73528 - Deferred lighting in Second Life causes system hiccups and screen flickering
  * fdo#80500 - Flickering shadows in unreleased title trace
  * fdo#82186 - [r600g] BARTS GPU lockup with minecraft shaders
  * fdo#84225 - Allow constant-index-expression sampler array indexing with GLSL-ES < 300
  * fdo#90537 - radeonsi bo/va conflict on RADEON_GEM_VA (rscreen->ws->buffer_from_handle returns NULL)
  * fdo#90873 - Kernel hang, TearFree On, Mate desktop environment
  * fdo#91022 - [g45 g965 bisected] assertions generated from textureGrad cube samplers fix
  * fdo#91047 - [SNB Bisected] Messed up Fog in Super Smash Bros. Melee in Dolphin
  * fdo#91056 - The Bard's Tale (2005, native) has rendering issues
  * fdo#91117 - Nimbus (running in wine) has rendering issues, objects are semi-transparent
  * fdo#91124 - Civilization V (in Wine) has rendering issues: text missing, menu bar corrupted
  * fdo#91173 - Oddworld: Stranger's Wrath HD: disfigured models in wrong colors
  * fdo#91226 - Crash in glLinkProgram (NEW)
  * fdo#91231 - [NV92] Psychonauts (native) segfaults on start when DRI3 enabled
  * loader: Look for any version of currently linked libudev.so
  * nv50/ir: propagate modifier to right arg when const-folding mad
  * nv50/ir: fix emission of address reg in 3rd source
  * nv50/ir: copy joinAt when splitting both before and after
  * mesa: reset the source packing when creating temp transfer image
  * nv50/ir: don't emit src2 in immediate form
  * mesa/prog: relative offsets into constbufs are not constant
  * nv50/ir: UCMP arguments are float, so make sure modifiers are applied
  * nvc0: turn sample counts off during blit
  * i965/fs: Fix ir_txs in emit_texture_gen4_simd16().
  * i965: Reserve more batch space to accomodate Gen6 perfmonitors.
  * i965/vs: Fix matNxM vertex attributes where M != 4.
  * Revert "/glsl: clone inputs and outputs during linking"/
  * Revert "/i965: Delete linked GLSL IR when using NIR."/
  * r600g: disable single-sample fast color clear due to hangs
  * radeonsi: fix a hang with DrawTransformFeedback on 4 SE chips
  * st/dri: don't set PIPE_BIND_SCANOUT for MSAA surfaces
  * nouveau: Use dup fd as key in drm-winsys hash table to fix ZaphodHeads.
  * winsys/radeon: Use dup fd as key in drm-winsys hash table to fix ZaphodHeads.
  * i965/fs: Don't mess up stride for uniform integer multiplication.
  * winsys/radeon: Unmap GPU VM address range when destroying BO
  * meta: Only change and restore viewport 0 in mesa meta mode
  * i965: allocate at least 1 BLEND_STATE element
  * i965/skl: Set the pulls bary bit in 3DSTATE_PS_EXTRA
  * glsl: Add missing check for whether an expression is an add operation
  * glsl: Make sure not to dereference NULL
  * i965: Don't try to print the GLSL IR if it has been freed
  * glsl: clone inputs and outputs during linking
  * i965: Delete linked GLSL IR when using NIR.
  * glsl: Allow dynamic sampler array indexing with GLSL ES < 3.00
  * mesa/glsl: new compiler option EmitNoIndirectSampler
  * i965: use EmitNoIndirectSampler for gen < 7
  * i915: use EmitNoIndirectSampler
  * mesa/st: use EmitNoIndirectSampler if !ARB_gpu_shader5
  * glsl: validate sampler array indexing for 'constant-index-expression'
- adjust libdrm dependencies
- Update to version 10.6.1
  * This release includes core mesa and glsl patches (amonst which
    a Dota2 Reborn bugfix) affecting all dri drivers, nouveau specific
    fixes and a selection of shared-glapi commits - from build fixes, to
    ones ensuring that the dri modules can be loaded.
- n_Fixed-build-against-wayland-1.2.1.patch
  * required to fix build with wayland on openSUSE 13.1
- Update to version 10.6.0:
- New GL/EGL Features:
  + GL_AMD_pinned_memory on r600, radeonsi
  + GL_ARB_clip_control on i965
  + GL_ARB_depth_buffer_float on freedreno
  + GL_ARB_depth_clamp on freedreno
  + GL_ARB_direct_state_access on all drivers for Core GL contexts.
  + GL_ARB_draw_indirect, GL_ARB_multi_draw_indirect on r600
  + GL_ARB_draw_instanced on freedreno
  + GL_ARB_gpu_shader_fp64 on nvc0, softpipe
  + GL_ARB_gpu_shader5 on i965/gen8+
  + GL_ARB_instanced_arrays on freedreno
  + GL_ARB_pipeline_statistics_query on i965, nv50, nvc0, r600, radeonsi, softpipe
  + GL_ARB_program_interface_query (all drivers)
  + GL_ARB_texture_stencil8 on nv50, nvc0, r600, radeonsi, softpipe
  + GL_ARB_texture_view on llvmpipe, softpipe
  + GL_ARB_uniform_buffer_object on freedreno
  + GL_ARB_vertex_attrib_64bit on nvc0, softpipe
  + GL_ARB_viewport_array, GL_AMD_vertex_shader_viewport_index on i965/gen6
  + GL_EXT_draw_buffers2 on freedreno
  + GL_OES_EGL_sync on all drivers
  + EGL_KHR_fence_sync on i965, freedreno, nv50, nvc0, r600, radeonsi
  + EGL_KHR_wait_sync on i965, freedreno, nv50, nvc0, r600, radeonsi
  + EGL_KHR_cl_event2 on freedreno, nv50, nvc0, r600, radeonsi
  + GL_AMD_performance_monitor on nvc0
- Changes to package:
  + add --enable-shader-cache to configure options
  + remove Patch100: U_0001_gallium_include_util_macros.patch
  + remove Patch101: U_0002_st_nine_mark_end_of_non_void_function_unreachable.patch
  + remove Patch102: U_0003_fix_build_after_macro_include.patch
- Update to version 10.5.7:
  + i965: Emit 3DSTATE_MULTISAMPLE before WM_HZ_OP (gen8+)
  + docs: Add sha256sums for the 10.5.6 release
  + get-pick-list.sh: Require explicit "/10.5"/ for nominating stable patches
  + cherry-ignore: add clover build fix not applicable for 10.5
  + Add release notes for the 10.5.7 release
  + nvc0/ir: set ftz when sources are floats, not just destinations
  + nv50/ir: guess that the constant offset is the starting slot of array
  + nvc0/ir: LOAD's can't be used for shader inputs
  + nvc0: a geometry shader can have up to 1024 vertices output
  + nv50/ir: avoid messing up arg1 of PFETCH
  + nv30: don't leak fragprog consts
  + nv30: avoid leaking render state and draw shaders
  + nv30: fix clip plane uploads and enable changes
  + nv30/draw: avoid leaving stale pointers in draw state
  + nv30/draw: draw expects constbuf size in bytes, not vec4 units
  + st/mesa: don't leak glsl_to_tgsi object on link failure
  + glsl: avoid leaking linked gl_shader when there's a late linker error
  + nv30/draw: fix indexed draws with swtnl path and a resource index buffer
  + nv30/draw: only use the DMA1 object (GART) if the bo is not in VRAM
  + nv30/draw: allocate vertex buffers in gart
  + nv30/draw: switch varying hookup logic to know about texcoords
  + nv30: falling back to draw path for edgeflag does no good
  + nv30: avoid doing extra work on clear and hitting unexpected states
  + i965/fs: Fix implied_mrf_writes for scratch writes
  + st/dri: fix postprocessing crash when there's no depth buffer
- update to 10.5.6
  * fdo#86792 - [NVC0] Portal 2 Crashes in Wi* ne
  * fdo#90350 - [G96] Portal's portal are incorrectly rendered
  * fdo#90363 - [nv50] HW state is not reset correctly when using a new GL context
  * radeonsi: add new bonaire pci id
  * egl/wayland: properly destroy wayland objects
  * glx/dri3: Add additional check for gpu offloading case
  * egl/main: fix EGL_KHR_get_all_proc_addresses
  * targets/osmesa: drop the -module tag from LDFLAGS
  * clover: Refactor event::trigger and ::abort to prevent deadlock and reentrancy issues.
  * clover: Wrap event::_status in a method to prevent unlocked access.<
  * clover: Implement locking of the wait_count, _chain and _status members of event.
  * i965: Fix PBO cache coherency issue after _mesa_meta_pbo_GetTexSubImage().
  * main: Require that the texture exists in framebuffer_texture
  * mesa: Generate GL_INVALID_VALUE in framebuffer_texture when layer <0
  * nv50/ir: only propagate saturate up if some actual folding took place
  * nv50: keep track of PGRAPH state in nv50_screen
  * nvc0: keep track of PGRAPH state in nvc0_screen
  * nvc0: reset the instanced elements state when doing blit using 3d engine
  * nv50/ir: only enable mul saturate on G200+
  * st/mesa: make sure to create a "/clean"/ bool when doing i2b
  * nvc0: switch mechanism for shader eviction to be a while loop
  * swrast: Build fix for darwin
  * main: Fix an error generated by FramebufferTexture</li>
  * main: Complete error conditions for glInvalidate*Framebuffer.
  * main: glGetIntegeri_v fails for GL_VERTEX_BINDING_STRIDE
  * freedreno: enable a306
  * freedreno: fix bug in tile/slot calculation
  * draw: (trivial) fix out-of-bounds vector initialization
  * mesa: fix shininess check for ffvertex_prog v2
  * clover: Add a mutex to guard queue::queued_events
  * clover: Fix a bug with multi-threaded events v2
- Update to 10.5.5
  * fdo#88521 - GLBenchmark 2.7 TRex renders with artifacts on Gen8 with !UXA
  * fdo#89455 - [NVC0/Gallium] Unigine Heaven black and white boxes
  * fdo#89689 - [Regression] Weston on DRM backend won't start with new version of mesa
  * fdo#90130 - gl_PrimitiveId seems to reset at 340
  * i965: Add XRGB8888 format to intel_screen_make_configs
  * r300: do not link against libdrm_intel
  * nvc0/ir: flush denorms to zero in non-compute shaders
  * gk110/ir: fix set with a register dest to not auto-set the abs flag
  * nvc0/ir: fix predicated PFETCH emission
  * nv50/ir: fix asFlow() const helper for OP_JOIN
  * i965: Make intel_emit_linear_blit handle Gen8+ alignment restrictions.
  * i965: Disallow linear blits that are not cacheline aligned.
  * draw: fix prim ids when there's no gs
- BuildIgnore python so that it is not sucked in by coincidence
  * The python-base provides enough python functionalities
    necessary for build.
- Update to 10.5.4
  * This release includes fixes for the mesa state-tracker used by
    all the gallium drivers, a drirc workaround for Second Life,
    plus i965 fixes. For the Android users out there, this release
    includes many compilation fixes with more to come shortly.
- Update to 10.5.3
  + fdo#83962 - [HSW/BYT]Piglit spec_ARB_gpu_shader5_arb_gpu_shader5-emitstreamvertex_nodraw fails
  + fdo#89679 - [NV50] Portal/Half-Life 2 will not start (native Steam)
  + fdo#89746 - Mesa and LLVM 3.6+ break opengl for genymotion
  + fdo#89754 - vertexAttrib fails WebGL Conformance test with mesa drivers
  + fdo#89758 - pow WebGL Conformance test with mesa drivers
  + fdo#89759 - WebGL OGL ES GLSL conformance test with mesa drivers fails
  + fdo#89905 - scons build broken on 10.5.2 due to activated vega st
  + st_glsl_to_tgsi: only do mov copy propagation on temps (v2)
  + xmlpool: don't forget to ship the MOS
  + configure.ac: error out if python/mako is not found when required
  + dist: add the VG depedencies into the tarball
  + i965: Do not render primitives in non-zero streams then TF is disabled
  + st/mesa: update arrays when the current attrib has been updated
  + nv50/ir: take postFactor into account when doing peephole optimizations
  + nv50/ir/gk110: fix offset flag position for TXD opcode
  + freedreno/a3xx: fix 3d texture layout
  + freedreno/a3xx: point size should not be divided by 2
  + nv50: allocate more offset space for occlusion queries
  + nv50,nvc0: limit the y-tiling of 3d textures to the first level's tiling
  + i965: Fix instanced geometry shaders on Gen8+.
  + i965: Add forgotten multi-stream code to Gen8 SOL state.
  + nouveau: synchronize "/scratch runout"/ destruction with the command stream
  + radeonsi: Cache LLVMTargetMachineRef in context instead of in screen
  + clover: Return CL_BUILD_ERROR for CL_PROGRAM_BUILD_STATUS when compilation fails v2
  + i965: Fix URB size for CHV
- Update to  10.5.2
  + fdo#88534 - include/c11/threads_posix.h PTHREAD_MUTEX_RECURSIVE_NP not defined
  + fdo#89328 - python required to build Mesa release tarballs
  + fdo#89530 - FTBFS in loader: missing fstat
  + fdo#89590 - Crash in glLinkProgram with shaders with multiple constant arrays
  + fdo#89680 - Hard link exist in Mesa 10.5.1 sources
  + glsl: Generate link error for non-matching gl_FragCoord redeclarations
  + docs: Add sha256 sums for the 10.5.1 release
  + automake: add missing egl files to the tarball
  + st/egl: don't ship the dri2.c link at the tarball
  + loader: include <sys/stat.h> for non-sysfs builds
  + auxiliary/os: fix the android build - s/drm_munmap/os_munmap/
  + cherry-ignore: add commit non applicable for 10.5
  + c11/threads: Use PTHREAD_MUTEX_RECURSIVE by default
  + i965: Set nr_params to the number of uniform components in the VS/GS path.
  + freedreno/a3xx: use the same layer size for all slices
  + freedreno: fix slice pitch calculations
  + radeonsi: increase coords array size for radeon_llvm_emit_prepare_cube_coords
  + glx: Handle out-of-sequence swap completion events correctly. (v2)
  + mapi: Make private copies of name strings provided by client.
  + freedreno: update generated headers
  + glsl: optimize (0 cmp x + y) into (-x cmp y).
  + glsl: fix names in lower_constant_arrays_to_uniforms
  + clover: Return 0 as storage size for local kernel args that are not set v2
- Update  to 10.5.1
  + fdo#79202 - valgrind errors in glsl-fs-uniform-array-loop-unroll.shader_test; random code generation
  + fdo#84613 - [G965, bisected] piglit regressions : glslparsertest.glsl2
  + fdo#86747 - Noise in Football Manager 2014 textures
  + fdo#86974 - INTEL_DEBUG=shader_time always asserts in fs_generator::generate_code() when Mesa is built with --enable-debug (= with asserts)
  + fdo#88246 - Commit 2881b12 causes 43 DrawElements test regressions
  + fdo#88793 - [BDW/BSW Bisected]Piglit/shaders_glsl-max-varyings fails
  + fdo#88883 - ir-a2xx.c: variable changed in assert statement
  + fdo#88885 - Transform feedback uses incorrect interleaving if a previous draw did not write gl_Position
  + fdo#89095 - [SNB/IVB/BYT Bisected]Webglc conformance/glsl/functions/glsl-function-mix-float.html fails
  + fdo#89156 - r300g: GL_COMPRESSED_RED_RGTC1 / ATI1N support broken
  + fdo#89224 - Incorrect rendering of Unigine Valley running in VM on VMware Workstation
  + fdo#89292 - [regression,bisected] incomplete screenshots in some cases
  + fdo#89311 - [regression, bisected] dEQP: Added entry points for glCompressedTextureSubImage*D.
  + fdo#89312 - [regression, bisected] main: Added entry points for CopyTextureSubImage*D. (d6b7c40cecfe01)
  + fdo#89315 - [HSW, regression, bisected] i965/fs: Emit MAD instructions when possible.
  + fdo#89317 - [HSW, regression, bisected] i965: Add LINTERP/CINTERP to can_do_cmod() (d91390634)
  + fdo#89416 - UE4Editor crash after load project
  + fdo#89430 - [g965][bisected] arb_copy_image-targets gl_texture* tests fail
  + i965/vec4: Don't lose the saturate modifier in copy propagation.
  + i965/gs: Check newly-generated GS-out VUE map against correct stage
  + egl: Take alpha bits into account when selecting GBM formats
  + docs: Add sha256 sums for the 10.5.0 release
  + egl/main: no longer export internal function
  + cherry-ignore: ignore a few more commits picked without -x
  + mapi: fix commit 90411b56f6bc817e229d8801ac0adad6d4e3fb7a
  + intel: fix EGLImage renderbuffer _BaseFormat
  + i965: Fix out-of-bounds accesses into pull_constant_loc array
  + i965/fs/nir: Use emit_math for nir_op_fpow
  + freedreno: move fb state copy after checking for size change
  + freedreno/ir3: fix array count returned by TXQ
  + freedreno/ir3: get the # of miplevels from getinfo
  + meta/TexSubImage: Stash everything other than PIXEL_TRANSFER/store in meta_begin
  + main/base_tex_format: Properly handle STENCIL_INDEX1/4/16
  + i965: Split Gen4-5 BlitFramebuffer code; prefer BLT over Meta.
  + glsl: Mark array access when copying to a temporary for the ?: operator.
  + i965/fs: Set force_writemask_all on shader_time instructions.
  + i965/fs: Set smear on shader_time diff register.
  + i965/fs: Make emit_shader_time_write return rather than emit.
  + i965/fs: Make get_timestamp() pass back the MOV rather than emitting it.
  + i965/fs: Make emit_shader_time_end() insert before EOT.
  + i965/fs: Don't issue FB writes for bound but unwritten color targets.
  + main: Fix target checking for CompressedTexSubImage*D.
  + main: Fix target checking for CopyTexSubImage*D.
  + gallium/auxiliary/indices: fix start param
  + r300g: fix RGTC1 and LATC1 SNORM formats
  + r300g: fix a crash when resolving into an sRGB texture
  + r300g: fix sRGB->sRGB blits
  + i965/vec4: Fix implementation of i2b.
  + mesa: Indent break statements and add a missing one.
  + mesa: Free memory allocated for luminance in readpixels.
  + mesa: Correct backwards NULL check.
  + i965: Consider scratch writes to have side effects.
  + i965/fs: Don't use backend_visitor::instructions after creating the CFG.
  + r300g: Use PATH_MAX instead of limiting ourselves to 100 chars.
  + r300g: Check return value of snprintf().
  + i965/fs: Don't propagate cmod to inst with different type.
  + i965: Tell intel_get_memcpy() which direction the memcpy() is going.
  + Revert SHA1 additions.
  + i965: Avoid applying negate to wrong MAD source.
  + meta: In pbo_{Get,}TexSubImage don't repeatedly rebind the source tex
  + Revert "/common: Fix PBOs for 1D_ARRAY."/
  + meta: Allow GL_UN/PACK_IMAGE_HEIGHT in _mesa_meta_pbo_Get/TexSubImage
  + meta: Fix the y offset for 1D_ARRAY in _mesa_meta_pbo_TexSubImage
  + freedreno/ir3: fix silly typo for binning pass shaders
  + freedreno/a2xx: fix increment in assert
  + freedreno/a4xx: bit of cleanup
  + freedreno: update generated headers
  + freedreno/a4xx: set PC_PRIM_VTX_CNTL.VAROUT properly
  + freedreno: update generated headers
  + freedreno/a4xx: aniso filtering
  + freedreno/ir3: fix up cat6 instruction encodings
  + freedreno/ir3: add support for memory (cat6) instructions
  + freedreno/ir3: handle flat bypass for a4xx
  + freedreno/ir3: fix failed assert in grouping
  + r300g: Fix the ATI1N swizzle (RGTC1 and LATC1)
- Update to version 10.5.0:
  + Initial support for the new Intel Skylake GPUs and Adreno 4xx
  + Experimental EGL support for Haiku.
  + The new IR - NIR. A flat, typeless IR, supporting SSA.
  + GLX/DRI3 fixes and improvements.
  + A lot of preparation work for GL_ARB_direct_state_access.
  + The usual amount of piglit and drawElements Quality Program
    (dEQP) fixes.
  + Building mesa with GCC 4.1 or earlier is no longer supported.
  + The distribution tarball has been renamed and now contains all
    the generated sources.
- New GL features:
  + GL_ARB_framebuffer_sRGB on freedreno
  + GL_ARB_texture_rg on freedreno
  + GL_EXT_packed_float on freedreno
  + GL_EXT_polygon_offset_clamp on i965, nv50, nvc0, r600, radeonsi,
  + GL_EXT_texture_shared_exponent on freedreno
  + GL_EXT_texture_snorm on freedreno
- Changes to Package:
  + switch to xz compressed sources
  + remove Patch16: u_gallivm_Update_for_RTDyldMemoryManager_unique_ptr.patch
  + add Patch100: U_0001_gallium_include_util_macros.patch
  + add Patch101: U_0002_st_nine_mark_end_of_non_void_function_unreachable.patch
  + add Patch102: U_0003_fix_build_after_macro_include.patch
- Add u_gallivm_Update_for_RTDyldMemoryManager_unique_ptr.patch to
  fix build with llvm 3.6 (fdo#86958)
- Fix file permissions for the Gallium Nine files
- specfile/baselibs.conf: Manually provide d3d library (bnc#918294)
- Drop pkgconfig(libva) BuildRequires for now, as it introduces a
- Update to version 10.4.4:
  + mesa: fix display list 8-byte alignment issue.
  + docs: Add sha256 sums for the 10.4.3 release.
  + egl: Pass the correct X visual depth to xcb_put_image().
  + glx/dri3: Request non-vsynced Present for swapinterval zero.
  + gallium/util: Don't use __builtin_clrsb in util_last_bit().
  + configure: Link against all LLVM targets when building clover.
  + st/osmesa: Fix osbuffer->textures indexing.
  + i965: Fix max_wm_threads for CHV.
  + Bugs fixed: fdo#88662, fdo#88930.
- Add pkgconfig(libva) BuildRequires: Build VA API support.
- baselibs.conf: enabled build of 32bit Mesa-libd3d package
- moved definition of Mesa-libd3d package above definition of
  libxatracker packages in order to fix version requires
- fixed Requires for libd3d-devel
- enabled build of Direct3D 9 (Gallium3D Nine) state tracker (bnc#910109)
- removed obsolete patch u_be_assert_include.patch, addressed by
  upstream commit 2a13ff9 "/gallium/util: add missing u_debug include"/
- Set xvmc_support also on ppc
- Version bump to 10.4.3 (bugfix release):
  * Bug 80568 - [gen4] GPU Crash During Google Chrome Operation
  * Bug 85367 - [gen4] GPU hang in glmark-es2
  * Bug 85696 - r600g+nine: Bioshock shader failure after 7b1c0cbc90d456384b0950ad21faa3c61a6b43ff
  * Bug 88219 - include/c11/threads_posix.h:197: undefined reference to `pthread_mutex_lock'
  * mesa: Fix clamping to -1.0 in snorm_to_float
  * glsl: Link glsl_test with pthreads library.
  * i965: Respect the no_8 flag on Gen6, not just Gen7+.
  * i965: Work around mysterious Gen4 GPU hangs with minimal state changes.
- Clean up with the spec-cleaner
- Drop obsolete obsoletes comming from fix for sle10
- Reduce llvm_r600 conditional as it is equal to ifarch x86 x86_64
- Put vdpau_radeon and vdpau_nouveau under same case as they have
  same requisites
- Fix empty post/postun warning
- Various other rpmlint issues silenced.
- Version bump to 10.4.2 (bugfix release):
  * Bug 85529 - Surfaces not drawn in Unvanquished
  * Bug 87619 - Changes to state such as render targets change fragment shader without marking it dirty.
  * Bug 87658 - [llvmpipe] SEGV in sse2_has_daz on ancient Pentium4-M
  * Bug 87913 - CPU cacheline size of 0 can be returned by CPUID leaf 0x80000006 in some virtual machines
  * i965: Use safer pointer arithmetic in intel_texsubimage_tiled_memcpy()
  * i965: Use safer pointer arithmetic in gather_oa_results()
  * Revert "/r600g/sb: fix issues cause by GLSL switching to loops for switch"/
  * r600g: fix regression since UCMP change
  * r600g/sb: implement r600 gpr index workaround. (v3.1)
  * docs: Add sha256 sums for the 10.4.1 release
  * Update version to 10.4.2
  * nv50,nvc0: set vertex id base to index_bias
  * nv50/ir: fix texture offsets in release builds
  * i965: Add missing BRW_NEW_*_PROG_DATA to texture/renderbuffer atoms.
  * i965: Fix start/base_vertex_location for >1 prims but !BRW_NEW_VERTICES.
  * gallium/util: make sure cache line size is not zero
  * glsl_to_tgsi: fix a bug in copy propagation
  * vbo: ignore primitive restart if FixedIndex is enabled in DrawArrays
  * radeonsi: fix VertexID for OpenGL
  * radeonsi: Don't modify PA_SC_RASTER_CONFIG register value if rb_mask == 0
  * gallium/util: fix crash with daz detection on x86
  * nv50,nvc0: implement half_pixel_center
  * r600g/sb: fix issues with loops created for switch
- Use download url fully in Source line
- Update to version 10.4.0 (10.4 Final):
- New features:
  + GL_ARB_conditional_render_inverted on nv50
  + GL_ARB_sample_shading on r600
  + GL_ARB_texture_view on nv50, nvc0
  + GL_ARB_clip_control on nv50, nvc0, r300, r600, radeonsi, llvmpipe, softpipe
  + GL_KHR_context_flush_control on all drivers
- Changes:
  + Removed patch17: u_Suppress-any-libGL-.-warnings-when-LIBGL_DEBUG-is-se.patch
    This patch was upstreamed
  + Build without "/--enable-gallium-egl"/
    This buildoption was removed upstream
  + Add subpackage libvdpau_r300
- Enable VideoCore IV (vc4) support for ARM
- Cleanup Spec:
  + smaller cleanups
  + Remove all traces of talloc, Mesa uses ralloc
- Update to 10.3.3
  + fdo#82921 layout(location=0) emits error
  >= MAX_UNIFORM_LOCATIONS due to integer underflow
  + fdo#83574 [llvmpipe] [softpipe] piglit
  arb_explicit_uniform_location-use-of-unused-loc regression
  + fdo#85454 Unigine Sanctuary with Wine crashes on Mesa Git
  + fdo#70410 egl-static/Makefile: linking fails with llvm >= 3.4
- Update to 10.3.2
  + (fdo#54372) GLX_INTEL_swap_event crashes driver when swapping
  window buffers
  + (fdo#81680) [r600g] Firefox crashes with hardware acceleration
  turned on
  + (fdo#84140) mplayer crashes playing some files using vdpau
  + (fdo#84662) Long pauses with Unreal demo Elemental on R9270X
  since : Always flush the HDP cache before submitting a
    CS to the GPU
  + (fdo#85267) vlc crashes with vdpau (Radeon 3850HD) [r600]
- Update descriptions and Requires for GLES3
- add Mesa-devel-dri package:
  This way dri.pc will no longer pull in all of Mesa, just as
  packages requiring dri do not have to require Mesa-devel anymore
- Update to 10.3.1
  + [NVC0/Codegen] Shader compilation falis in spill logic
  + [SNB+ Bisected]Ogles3conform ES3-CTS.shaders.
    direct_read_vertex fails
  + [UBO] row_major layout ignored inside structures
  + [UBO] nested structures don't get appropriate padding
  + Glyphy demo throws unhandled Integer division by zero exception
  + [UBO] row_major layout partially ignored for arrays of structures
  + Big glamor regression in Xorg server GIT: x11perf 1.5
    Test: PutImage XY 500x500 Square
- Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's
  timeout so that a recorded lease can be used when dhcp server
  is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
- Modified NetworkManager.conf: Use dhclient as the default dhcp
  client(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
- Add NM-restore-MAC-on-release-only-when-cloned.patch: bond:
  restore MAC on release only when there is a cloned MAC address
  (glfo#NetworkManager/NetworkManager!775, bsc#1183967).
- Rebase nm-add-CAP_SYS_ADMIN-permission.patch.
- Update to version 1.22.10:
  + core: periodically cleanup stale device state files from /run.
  + dhcp: fix crash in nettools client.
  + bond: fixed the validation of the miimon option.
  + Various minor bug fixes and improvements.
- Modify nfs script (boo#1164642)
  * Also mount nfs4 shares
  * Ignore nfs or nfs4 shares in case if the noauto option is set
- Update to version 1.22.8:
  + Added configuration option to customize IPv6 RA timeout.
  + Internal DHCP client will now request a lease renewal using the
    previously obtained IP address when expired.
  + Removed length limitation for OVS Bridge, Patches and
    Interfaces (only Patch types) names.
  + Fixed initialization of 'secs' DHCP header field, this caused
    some DHCP relays to drop packets.
  + Fixed failure when creating team interfaces using 'nmstate'.
  + Various bug fixes and improvements.
- Add -fcommon to CFLAGS. This is currently being done upstream
- Update to version 1.22.6:
  + Various fixes for the internal DHCP client.
  + Slave devices now do not get created/activated if master is
  + Fixed 'startup-complete' bug where NetworkManager would reach
    the network-online.target even when not all the connections had
    been tried.
  + Updated translations.
- No longer recommend -lang: supplements are in use
- Update to version 1.22.4:
  + Fix behavior of internal DHCP client when the server sends a
  + Support 31-bit prefixes on IPv4 point-to-point links according
    to RFC 3021.
  + Fix memory leak parsing RequestScan D-Bus method arguments.
- Fix 'nfs' dispatcher script
  It was checking for an enabled unit 'nfs.service' - which does not
  exist (anymore?). Switched to a check for an enabled unit
- Update to version 1.22.2:
  + Fix multiple issues in the internal DHCP client, including
    wrong parsing of search domains and classless routes options,
    and failures in obtaining and renewing the lease with certain
    server configurations.
  + Export NM_CAPABILITY_OVS capability on D-Bus and in libnm to
    indicate that the OVS plugin is loaded.
  + Fix libnm annotations for nm_sriov_vf_get_vlan_ids() to allow
    the usage of the function through GObject introspection.
- Update to version 1.22.0:
  + Drop support for BlueZ 4. BlueZ 5 was released in 2012 and
    should nowadays be available everywhere.
  + DHCP: switch "/internal"/ DHCPv4 plugin from code based on
    systemd to use nettools' n-dhcp4 library.
  + Add support for "/scope"/ attribute for IPv4 routes.
  + Add support for specifying IAID and FQDN flags for DHCP
  + Add a '802-1x.optional' property to consider the wired 802.1X
    authentication as optional.
  + Use the Network Cost Wi-Fi information element to determine
    metered device state.
  + Support main.auth-polkit=root-only setting to disable PolicyKit
    use and restrict authorization to root user.
  + core: declare "/startup complete"/ when device reaches
    "/connected"/ state, even if IP addressing methods did not yet
    fully complete. This changes behavior for unblocking
    "/NetworkManager-wait-online.service"/, and
    "/network-online.target"/ earlier. If this causes issues in your
    setup, you may need to configure "/ipv4.may-fail=no"/ or
    "/ipv6.may-fail=no"/, which delays reaching "/connected"/ state for
    the address family accordingly.
  + libnm: hide NMObject and NMClient typedefs from header files.
    This prevents the user from subclassing these types and is an
    ABI change (in the unlikely case that a user was subclassing
    the types, which is no longer supported).
  + libnm: retire deprecated WiMAX API NMDeviceWimax and
    NMWimaxNsp. WiMAX support was removed from NetworkManager in
    version 1.2 (2016) and no such type instances would have been
    created by NMClient for a while now.
  + Deprecate synchronous API for D-Bus calls in libnm. We don't
    remove libnm API so you are free to continue using it. But
    tells you that using it might be a bad idea.
  + libnm: heavily internal rework NMClient. This slims down libnm
    and makes the implementation more efficient. NMClient should
    work now well with a separate GMainContext.
  + Add `nmcli general reload` subcommand to reload NetworkManager
    configuration and DNS settings.
  + nm-cloud-setup: add new tool for automatically configuring
    NetworkManager in cloud. This is still experimental and
    currently only EC2 and IPv4 is supported.
  + Add new NetworkManager logo to "/contrib/art/logo"/.
  + Various bug fixes and improvements.
- Disable networkmanager-checks-po.patch: Needs rebase.
- Add new nm-cloud-setup.service to pre/post/preun/postun calls.
- Update to version 1.20.8:
  + Fix handling of system CA certificates in the ifcfg parser.
  + Handle ReachableTime and RetransTimer from IPv6 Router
  + Fixed setting of MTU according to its parent device for some
    device types.
  + Various fixes for the initramfs configuration genertor.
- Update to version 1.20.6:
  + Fix updating agent-owned VPN secrets.
  + Adjust IWD support to new D-Bus path of IWD 1.0.
  + Introduce an 'optional' property in the 802-1x setting to
    allow the activation to proceed in case of missing
  + Fix ARP announcements for IP addresses configured on
  + Use proper interface when adding s390 specific details in
    initrd generator.
  + Don't disable PMF on Wi-Fi connections using SAE.
  + Properly handle uint16 property types in libnm.
- Drop NetworkNanager-client recommends: this is no longer needed,
  as NM itself ships a frontend by now (nmtui). If a DE has a
  better way to manage NM (by means of applets or other way of
  integration) it is up to the DE to depend on the applets.
- Update to version 1.20.4:
  + Fix crash related to Wi-Fi-P2P.
  + Support rd.znet option in initrd generator to support s390.
  + Fix not creating default-wired-connection when a suitable
    profile exists which is not tied to the device by
  + tui: support WPA3-Personal (SAE).
  + Fixes for OLPC Mesh Wi-Fi.
  + Various bug fixes. Notably, fix unit test and build issues.
- Drop nm-fix-gtk-doc.patch: Fixed upstream.
- Add nm-fix-gtk-doc.patch: Fix build with gtk-doc 1.32 and newer.
- Update to version 1.20.2:
  + Don't ask wpa_supplicant to attempt to enable FT if the
    interface doesn't support it.
  + Various bug fixes and improvements.
  + Updated translations.
- Update to version 1.20.0:
  + The libnm-glib library, deprecated in favor of libnm since
    NetworkManager 1.0, and disabled by default since
    NetworkManager 1.12, has now been removed.
  + The DHCP client now defaults to "/internal"/. The default can be
    overriden at build time by using the --with-config-dhcp-default
    option of the configure script or at run time by setting the
    main.dhcp option in the configuration file.
  + Added support for configuring fq_codel line discipline and
    mirred action.
  + Added a possibility for distributions to ship dispatcher
    scripts in /usr/lib.
  + Drop deprecated setting "/main.monitor-connection-files"/ in
    NetworkManager.conf. This setting now has no more effect and
    was disabled by default for a long time. Instead, after
    changes, load files explicitly with `nmcli connection load` or
    `nmcli connection reload`.
  + Rework parsing team JSON config in libnm and stricter validate
    settings. With this, NetworkManager rejects settings that it
    considers invalid while still allowing setting arbitrary JSON
    config directly.
  + Drop ibft settings plugin. This functionality is now covered by
    using nm-initrd-generator from initrd to pre-generate in-memory
  + Support "/suppress_prefixlength"/ attribute for policy routing
  + This is what wg-quick uses for the "/Improved Rule-based
    Routing"/ solution, and the user can now manually configure such
    policy routing rules.
  + Support "/wireguard.ip4-auto-default-route"/ and
    "/wireguard.ip6-auto-default-route"/. This automatically
    implements the "/Improved Rule-based Routing"/ of wg-quick to
    help avoiding routing loops when setting the default-route on
    the WireGuard interface. Note that this is now enabled by
    default, so there is a change in behavior if your WireGuard
    connection profiles from before had a default-route (/0) in
  + Rework implementation of settings plugins and how profiles are
    presisted to disk. This is a large internal refactoring of the
    settings plugins that allows to migrate a connection profile
    between plugins.
  + In-memory profiles are now only handled by keyfile plugin and
    will also be persisted to /run directory. This allows to
    restart NetworkManager without loosing these profiles and it
    provides a file-system based API for creating in-memory
  + Keyfile plugin now supports a read-only directory of profiles
    under directory "//usr/lib/NetworkManager/system-connections"/.
    Such profiles still can be modified and deleted via D-Bus,
    which results in writing profiles to /etc or /run that shadow
    the read-only files.
  + Add new D-Bus method AddConnection2() that allows to block
    autoconnect of the profile at the moment when creating the
    profile. Also add support for this API to libnm.
  + Add flag "/no-reapply"/ to Update2() D-Bus method. Normally, when
    a connection profile gets modified, this only changes the
    profile itself. When the profile is currently activated on a
    device, then the device's configuration does not update before
    the profile is fully re-activated or Reapply on the device is
    called. There is an exception to this: the "/connection.zone"/
    and the "/connection.metered"/ properties take effect
    immediately. The "/no-reapply"/ flag allows suppressing to
    reapply any properties, so that no changes take effect
    automatically. The purpose is to really only modify the profile
    itself without changes to the runtime configuration of the
  + Add "/ipv6.method=disabled"/ to disable IPv6 on a device, like
    also possible for IPv4. Until now, the users could only set
    "/ipv6.method=ignore"/ which means the users are free to set IPv6
    related sysctl values themselves.
  + Added support for Wi-Fi Mesh network.
- Stop passing --with-libnm-glib to configure, feature was dropped.
- Drop sub-packages libnm-util2, libnm-glib4 and libnm-glib-vpn1
  and obsolete them from the main package (also in baselibs.conf).
- Drop typelib-1_0-NetworkManager-1_0 and typelib-1_0-NMClient-1_0.
- Rebase some patches with quilt.
- Disable nm-add-CAP_SYS_ADMIN-permission.patch: Needs rework or
  possibly dropping as the ibft plugin is dropped.
- Pass --with-iwd=yes to configure, build experimental IWD backend
  support. Not recommended for endusers, only for testers willing
  to take the risk of broken wifi with no support from distro.
- Update to version 1.18.4:
  + Improve handling of externally added policy routing rules and
    for rules that are taken over after a restart of NetworkManager
  + Fix taking over OVS devices after restart of NetworkManager.
  + Bugfix reapplying IP configuration while activating.
  + Allow reapplying Wi-Fi profile when seen-bssids changes.
  + Various other bugfixes for minor issues and memory leaks.
  + Various build and test fixes.
- Update to version 1.18.2(bsc#1138213):
  + Add support for policy routing rules.
  + Add support for VLAN filtering for Linux bridge.
  + Support ieee-802-1 and ieee-802-3 LLDP TLVs.
  + Allow large MTU sizes for infiniband/IPoIB connection profiles.
  + Improve nmcli's handling of list options for connection properties.
  + Add compatibility with out-of-tree WireGuard module on 5.2 kernels
  + Fix parsing of BOOTIF= variables in initrd.
  + Accept numeric IPv4 prefix in place of a mask when parsing a command line
    in initrd.
  + Don't check connectivity of unconfigured devices.
  + Fix PKCS#12 handling in the ifcfg-rh plugin.
  + Avoid waiting for udev to see software devices created by NetworkManager.
  + Don't attempt to stop management daemon for Team devices created
    externally to NetworkManager.
  + Use FQDN for persistent hostname on Slackware.
  + Restore IPv6 configuration of a device when its link goes back up.
  + Fix management status of software devices on system suspend.
  + Make nmcli not print certificate blobs if --show-secrets is not used.
  + Fix MTU reapply.
- Drop 0001-Update-connectivity-value-on-device-removal.patch:
  Fixed upstream.
- Add nm-add-CAP_SYS_ADMIN-permission.patch: Add CAP_SYS_ADMIN
  which netconfig needs to call setdomainname (bsc#1129587).
- Update to version 1.16.2:
  + Use FQDN for persistent hostname on Slackware.
  + Fix wrong permissions of the /var/lib/NetworkManager/secret_key
  + Don't terminate teamd when assuming existing team connections.
  + Fix incorrect persistence of connections with EAP-TLS and a
    PKCS#12 certificate when using the ifcfg-rh plugin.
  + Fix reapply of the MTU property on devices.
  + Restore IPv6 configuration when the link goes up.
  + Fix build with sanitizers.
  + Other various bug fixes and improvements.
- Avoid using "/systemctl enable"/ in spec file (bsc#1038403).
- Remove legacy checks which fixes bnc#803058 during distribution
  upgrade from 12.2 to 12.3 in .spec file.
- Fix systemd-network-config.patch which added lines starting with "/+"/
  to NetworkManager-wait-online.service
- Fix the connectivity value of devices which was set to LIMITED when
  the connectivity check fails. Now if the connectivity is being set
  to LIMITED but the device state is DISCONNECTED, then the value is
  coerced to NONE. Add patch submitted to
  upstream (boo#1103678, glfdo#NetworkManager/NetworkManager#138):
  * 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch
- Fix the global connectivity value which wasn't updated when a
  device was removed. Which is a problem if the device being removed
  is the one providing the connectivity. Add patch submitted to
  upstream (boo#1103678, glfdo#NetworkManager/NetworkManager#141):
  * 0001-Update-connectivity-value-on-device-removal.patch
- Update to version 1.16.0:
  + Check connectivity per address family.
  + Support "/main.systemd-resolved"/ to let NetworkManager configure
    DNS settings in systemd-resolved without making it the main DNS
    plugin of NetworkManager.
  + Write "//var/run/NetworkManager/no-stub-resolv.conf"/ with
    original nameservers. That is useful with caching DNS plugins
    like "/systemd-resolved"/ or "/dnsmasq"/ where
    "//var/run/NetworkManager/resolv.conf"/ refers to localhost.
  + Change default "/ipv4.dhcp-client-id"/ setting for the internal
    DHCP plugin from "/duid"/ to "/mac"/. This is a change in behavior
    on upgrade when using the internal DHCP plugin (unless the
    default is overwritten in "/NetworkManager.conf"/ or specified
    per connection profile).
  + Improve handling of DHCP router options with internal DHCP
    plugin. For one, accept multiple routers and add a
    default-route to each. On D-Bus expose the original DNS and
    NTP servers without cleaning up local nameservers.
  + Allow binding a connections lifetime to the DBus client that
    activated it.
  + Add support for establishing Wi-Fi Direct connections (Wi-Fi
  + Add support for WireGuard VPN tunnels to NetworkManager. D-Bus
    API and libnm support all options. nmcli supports creating and
    managing WireGuard profiles, with the exception of configuring
    and showing peers.
  + Add initrd generator to be used by dracut and use it as new way
    of handling iBFT.
  + Deprecated "/plugins.monitor-connection-files"/ setting in
    NetworkManager.conf. This option will have no effect in future
  + Add AP and Ad-hoc support for iwd Wi-Fi backend.
  + Warn about invalid settings in "/NetworkManager.conf"/.
  + Support announcing "/ANDROID_METERED"/ DHCP option for shared
  + Support SAE authentication as used for 802.11s Meshing and
  + NetworkManager is no longer installed as D-Bus activatable
  + Mark docker bridges as unmanaged via udev rule.
  + Add new PolicyKit permission
    "/org.freedesktop.NetworkManager.wifi.scan"/ for controlling
    Wi-Fi scanning.
- Rebase systemd-network-config.patch and
- Drop NetworkManager-1.12.2-docker-unmanaged.patch and
  NM-add-wifi-scan-polkit-rule.patch: Fixed upstream (bsc#1128560).
- Do away with em dashes in summaries.
- Combine %service_* calls to reduce generated boilerplate.
- Update to version 1.14.6:
  + Fix memory corruption in internal DHCPv6 client
  + No longer limit number of search entires in resolv.conf to 6.
  + Support restricting NetworkManager.conf device configuration
    based on used DHCP plugin.
  + Add "/${MAC}"/ specifier for connection.stable-id. This uses the
    current MAC address for seeding the stable generation of MAC
    address, DHCP client-id or IPv6 stable-privacy interface
  + Support special value "/duid"/ for "/ipv4.dhcp-client-id"/. This
    generates an RFC4361-compliant client-id like the internal DHCP
    client used to do by default. Previously, there was no explicit
    name for such a client-id and it was not usable with dhclient
    DHCP plugin. This also generates the same client-id as
    systemd-networkd does by default.
  + Support and use a new kind of secret-key in
    "//var/lib/NetworkManager/secret_key"/. The secret-key represents
    the identity of the machine that is used for various purposes
    like generating IPv6 stable privacy addesses. It is now
    combined with "//etc/machine-id"/ so that changing only the
    machine-id results in new identifiers. That matters for example
    when cloning a virtual machine. Previously, the user hard to
    prune NetworkManager's secret-key to get a new identity, now
    regenerating machine-id suffices. Secret-keys generated by
    earlier versions of NetworkManager are not affected and keep
    their previous behavior.
  + Fix the DHCP client-ids based on the MAC address of
    IPoIB/infiniband devices.
  + Fix restoring IP configuration after interface went down.
  + No longer let NetworkManager touch rp_filter setting. The
    rp_filter sysctl must now be set outside of NetworkManager
    according to the admin's preference. Note that a strict
    rp_filter may break valid use-cases and interacts badly with
    connectivity checking.
  + Various bug fixes and improvements.
- Add NM-add-wifi-scan-polkit-rule.patch: Adding a new polkit
  action "/org.freedesktop.NetworkManager.wifi-scan"/ so that
  distributions can add specific rule to allow Wi-Fi scans
  (bsc#1122262, glfo#NetworkManager/NetworkManager!68).
- Modify nfs script: Only mount/unmount when the file type is nfs
  (bsc#1074074, bsc#1146935).
- Update to version 1.14.4:
  + Fix a crash in nmcli when a device is removed while being
  + Fix a crash in ifupdown (Debian) configuration plugin.
  + Fix a daemon crash when a generated connection doesn't
  + Fix a memory leak in dhclient DHCP plugin.
  + Fix line editing in nmcli password prompts.
  + Fix a RPATH in bluetooth and wwan plugin when built with Meson
    (otherwise they wouldn't find libnm-wwan.so).
- Update to version 1.14.2:
  + Fix a bug that could cause NetworkManager to crash after
    checking connectivity status.
  + Correctly apply a default (-1) metric from DHCP.
  + Multiple fixes for IWD Wi-Fi backend.
  + Multiple fixes for builds with Meson build system.
  + Fix a crash with OLPC XO-1 mesh Wi-Fi.
  + Fix handling "/serial.parity"/ and "/serial.send-delay"/ properties
    in nmcli.
  + Improve auto-selecting device when activating a connection
    profile and don't auto-select unmanaged devices when activating
    multi-connect profile.
  + Avoid expiring the lifetime of IPv6 addresses from router
- Update to version 1.14.0:
  + Added support for IEEE 802.15.4 and 6LowPAN devices.
  + Support activating profile multiple times via
    connection.multi-connect setting.
  + Add match setting to restrict a profile to devices based on a
    list of interface names with globbing supported.
  + Fix PrimaryConnection for VPN with default-route.
  + Add support for ethtool offload features.
  + Add support for configuring llmnr.
  + Deprecate endian-dependent D-Bus API and add new API that can
    be used instead (rh#1153559).
  + Add support for ip6gre/ip6gretap IP tunnels.
  + Add support for detecting WireGuard interfaces (WireGuard VPN
    cannot be controlled via NetworkManager).
  + Add support for configuring SR-IOV devices.
  + Improve error reporting of activation when no device is
  + Support reapplying changes of the route metric.
  + Support EAP profiles with iwd Wi-Fi backend and support iwd API
  + Expose slaves of OVS bridges and ports.
- Add NetworkManager-1.12.2-docker-unmanaged.patch: Do not manage
  Docker bridge interfaces (glfdo#NetworkManager/NetworkManager!15)
- Update to version 1.12.4:
  + Fix crash in connectivity check.
  + Fix accepted input format for vpn.secrets in nmcli's password file.
  + libnm: support private keys encrypted with AES-{192,256}-CBC.
  + Fix stopping pppd on modem hangup
  + Various minor bugfixes and translation updates.
- Drop NetworkManager-fix-compile-error.patch and
  NetworkManager-remove-assertion.patch: Fixed upstream.
- Add NetworkManager-fix-compile-error.patch: Fix compile error due
  to NM_AVAILABLE_IN_1_12_2 macro.
- Add NetworkManager-remove-assertion.patch: cli: remove assertion
  in nmc_device_state_to_color() (bgo#796834).
- Update to version 1.12.2:
  + Fix missing symbols in libnm ABI for settings.
  + Fix a regression that disallowed activations of VPN connections
    with a device specified.
  + Robustness fixes to connectivity checking.
- Changes from version 1.12.0:
  + Improved support for configuration checkpoint, including
    support in libnm.
  + Added capability to set IP Tunnel configuration flags.
  + The systemd-resolved DNS plugins now supports MDNS.
  + Systemd-resolved and dnsmasq DNS plugins now honor the DNS
    priority setting (CVE-2018-1000135).
  + Wi-Fi devices now support FILS for speedier roaming support.
  + Drop dependency on libnl3 library.
  + Add support for "/onlink"/ routes.
  + More robust connectivity checking.
  + Dropped the obsolete "/ifnet"/ settings plugin,
  + Try harder to generate reasonable human-readable names for
    devices even if the hwdb contains garbage.
  + Add an "/overview"/ option to hide default values in nmcli,
    resulting in more concise output.
  + Reworked the inner workings of D-Bus interface for better
    resource efficiency.
  + Add support for configuring nmcli coloring via
  + Added experimental support for Meson build system.
  + Added initial IWD Wi-Fi daemon support.
  + A non-hexadecimal DHCPv4 client-id is now properly passed to
    dhclient with the first byte (type) set to zero, as stated in
    the documentation. This represents a change in behavior since
    previous versions where the first character of the string was
    used as type. The internal client is not affected by the
  + DNS setting rc-manager=file now always follows dangling
    symlinks instead of replacing /etc/resolv.conf with a plain
  + Added wake_on_wlan connection setting to configure
    wake-on-wireless-lan (WoWLAN).
  + The libnm-glib library, deprecated in favor of libnm since
    NetworkManager 1.0, is now not built by default. While it can
    still be enabled, the distributions should have a good plan for
    removing it if they need to keep shipping it at this point.
  + Nmcli now scans for Wi-Fi networks before displaying them, if
    the last scan was too long ago.
  + Added the ipv6.dhcp-duid property to allow configuring the
    DHCPv6 DUID.
  + Extended ipv6.dhcp-client-id property to support DHCP client
    identifers depending on the MAC address and the stable ID.
  + Set NM_DISPATCHER_ACTION environment variable in dispatcher
- Rebase NetworkManager-1.10.6-netconfig.patch and
  systemd-network-config.patch with quilt.
- Disable networkmanager-obs-net.patch and make check, needs
- Pass with-libnm-glib to configure, deprecated libnm-glib support
  is no long built by default, and since we can not remove this yet
  due to Steam, we pass this option for now.
- Update to version 1.10.10:
  + Fix crash during reapply of connection settings.
  + Minor bugfixes.
- Don't fall back to writing /etc/resolv.conf if launching
  netconfig fails for some reason (boo#1092352,
- Update to version 1.10.8:
  + Fix connectivity timeout handling (bgo#794464).
  + Retry activating devices when the parent becomes managed
  + Correctly set the rp_filter value (rh#1565529).
  + A fix to ensure teamd is respawned after daemon restart
  + Better handle DHCP expiry (bgo#783391).
  + Fix configuration of IPv6 over master interfaces (rh#1575944).
  + Other various bug fixes including possible crashes.
  + Updated translations.
- Drop NM-look-at-all-rp-filter-value.patch: Fixed upstream.
- Add NM-look-at-all-rp-filter-value.patch: look at 'all' rp_filter
  value too to determine actual value (bsc#1084336, bgo#794689).
- Unconditionally enable translation-update-upstream: on
  Tumbleweed, this results in a NOP and for Leap in SLE paid
  translations being used (boo#1086036).
- Update to version 1.10.6:
  + ovs: fix compilation issue of OVS plugin and various fixes.
  + team: add support for team runner "/random"/.
  + core: cleanup activation of device (rh#1537160).
  + dhcp: retry indefinitely to renew the lease (rh#1503587).
  + core: fix blocking autoconnect for no-secrets (bgo#794014).
  + libnm: mark async results as cancelled (bgo#794088).
  + Various bug fixes including possible crashes.
  + Updated translations.
- Drop nm-preserve-agent-owned-secrets-on-connection-update.patch,
  NetworkManager-1.10.4-buildfixes.patch and
  nm-fix-autoconnect.patch: fixed upstream.
- Add nm-fix-autoconnect.patch: Fix autoconnect with agent-owned
  secrets (bgo#794014, boo#1079672).
- fix nfs dispatcher script (boo#1083831)
- Modernize spec-file by calling spec-cleaner
- Add nm-preserve-agent-owned-secrets-on-connection-update.patch:
  Backport upstream commit to preserve agent-owned secrets on
  connection update (bgo#793324, bsc#1082762).
- Update to version 1.10.4:
  + Load jansson at runtime. This solves a clash with json-glib
    that caused a gnome-control-center crash, but also gets rid of
    a hard dependency.
  + Correct nmcli exit values after receiving a signal.
  + Fix libnm secret agent asynchronous initialization.
  + Add a default route for a modem even if it didn't sent a
  + Improve communication of DAD failures.
  + Remember device default metrics across daemon restarts.
  + Various bug fixes including possible crashes.
  + Updated translations.
  + Add NetworkManager-1.10.4-buildfixes.patch: Fix OVS compile
  errors (bgo#793183).
- Replace sysconfig with sysconfig-netconfig BuildRequires and
  Requires, this is what we in reality need.
- Update to version 1.10.2:
  + Added support for 'onlink' IPv4 routes attribute.
  + Wait longer for the carrier to come up after a MTU change.
  + Implemented abstraction for team connections that exposes team
    configuration items as distinct properties.
  + Added basic support for tc queueing disciplines and filters.
  + Introduced an Update2() D-Bus method to update connection
    settings with more flexibility.
  + Many bug fixes and improvements.
- Changes from version 1.10.0:
  + NetworkManager includes now basic OpenVSwitch support, good
    enough to be capable of setting up simple OpenVSwitch
  + Added support for activating PPP connections on non-Ethernet
  + It is now possible to authenticate to a Wi-Fi network using WPS
    (Wi-Fi Protected Setup).
  + Implemented support for Wi-Fi PMF (Protected Management Frames,
    802.11w), which can be configured via the wifi-sec.pmf
  + Now the maximum rate of wireless access points supporting
    802.11 is properly calculated and exposed on D-Bus.
  + Background scanning is now disabled for non-WPA-Enterprise
    Wi-Fi networks.
  + Added support for the Bluetooth NAP (Network Access Point)
  + Added support for disabling connectivity checking via the D-Bus
  + The internal DHCP client now understands the domain-search
  + Bridge connections support the group-forward-mask property.
  + NetworkManager can now configure multiple IPv6 default routes
    received through RA and each gets configured with the announced
  + It is possible to specify the routing table for each static
  + Support specifying a explicit routing table for any
    non-static-route, including routes from DHCP, device-routes,
    IPv6 autoconf.
  + Device are left configured when a user sets them as unmanaged
    by NetworkManager.
  + New connection.auth-retry property to configure how often
    authentication is prompted before failing the configuration.
  + The platform code that handles synchronization with kernel
    status via netlink has been reworked and is more efficient.
  + Allowed the update of connections that have an associated
    ifcfg-rh routing rules file.
  + Non-UTF8 properties are now escaped when they are exported on
  + NetworkManager-wait-online.service now starts
    NetworkManager.service if needed.
  + The MAC address for bond connections can be changed in nmtui.
  + Fixed dependency problems when setting the MTU of VLAN and
    master devices.
  + The systemd-resolved DNS plugin properly handles the DNS
    priority setting.
  + Fixed setting a DHCP timeout greater than 60 seconds
  + Fixed some memory leaks.
  + Many other bug fixes and improvements.
- Rebase networkmanager-obs-net.patch and
- Drop nm-disconnect-proxy-signals.patch and
  nm-vpn-remote-connection-disconnect-signals.patch: Fixed
- Update to version 1.8.6:
  + Fix a daemon crash on permission check (bgo#787897).
  + Fix a daemon crash on VPN state change (bgo#787893).
  + Fix a nmcli crash in interactive mode's describe command
  + Fix termination of the nmcli interactive mode (rh#1517401).
  + Properly handle route metric of zero in keyfiles.
  + Add support for DSA switch devices (rh#1371289).
  + Fix a memory leak of connection D-Bus objects (rh#1461643).
  + A double close that could potentially race with the D-Bus
    thread reusing the same file descriptor (rh#1451236).
  + Connectivity check fixes (bgo#785281) (bgo#784629).
  + Fix the metered properties handling in libnm.
  + Avoid dropping agent secrets unnecessarily (bgo#789383).
  + Fix the asynchronous initialization of a secret agent in libnm.
- Drop nm-disconnect-proxy-signals.patch and
  nm-vpn-remote-connection-disconnect-signals.patch: Fixed
- Minor spec cleaning, tweak spec to silence a few rpm lint
- Replace addFilter("/dbus-policy-missing-allow"/) with
  addFilter("/dbus-policy-allow-without-destination"/), filter out
  the current rpmlint warning.
- Add addFilter("/suse-branding-unversioned-requires*"/) to
  rpmlintrc, we have this unversioned on purpose.
- Add
  addFilter("/systemd-service-without-service_add_post NetworkManager-wait-online.service"/)
  addFilter("/systemd-service-without-service_add_pre NetworkManager-wait-online.service"/)
  addFilter("/systemd-service-without-service_del_postun NetworkManager-wait-online.service"/)
  addFilter("/systemd-service-without-service_del_preun NetworkManager-wait-online.service"/)
  to rpmlintrc, filter out warnings we do not care about nor want
  as we do not want to enable this service by default.
- "/Mark"/ %%{_sysconfdir}/dbus-1/system.d/org.freedesktop.NetworkManager.conf
  and %%config %{_sysconfdir}/dbus-1/system.d/nm-dispatcher.conf as
  config files in spec, silence rpmlint.
- Add nm-disconnect-proxy-signals.patch: disconnect proxy signals
  when closing; fixes possible crash when opening the user panel
- Add nm-vpn-remote-connection-disconnect-signals.patch:
  disconnect signal handlers when remote/vpn connections are
  disposed; fixes a gnome-control-center crash (bsc#1073472
- Remove reference to deprecated and dropped ifcfg-suse plugin from
- Switch to python3:
  + Replace BuildRequires python-gobject, python2-dbus-python with
    python3-gobject, python3-dbus-python.
  + Explictly set environment variable PYTHON as python3 in
    build time.
- Modify nm-dont-overwrite-resolv-conf.patch: make netconfig call
  an atomic action, don't kill it after 2000ms (bsc#960153).
- Update to version 1.8.4:
  + No longer install NetworkManager-wait-online.service in
    network-online.target.wants directory (rh#1455704).
  + Fix nmcli device connect wifi for APs that support both
    WPA-PSK and WPA-EAP (rh#1492064).
  + Fix crash unregistering object manager in libnm on restart of
  + Improve handling externally managed slaves devices.
  + Don't reset MAC address of software devices to fake permanent
  + For dhclient use "/timeout"/ option in configuration file,
    instead of the command line option which is only supported by
  + Perform the public-suffix check only for the hostname-derived
  + Fix memory leak in connectivity check.
  + Better restore device managed state on rollback of checkpoint.
  + Skip addition of default-route if it already exists.
  + Bug fix detecting error condition when deleting route in
- Drop NM-dhcp-improve-parsing-interface-statement.patch: Fixed
- Add NM-dhcp-improve-parsing-interface-statement.patch: Fix NM
  not writing DNS servers to /etc/resolv.conf (boo#1047004).
- Update to version 1.8.2:
  + Fix bug blocking startup wrongly waiting for carrier.
  + Fix handling of non UTF-8 strings in libnm and fix non NUL
    terminated string.
  + Handle DNS priority for systemd-resolved DNS plugin.
  + Fix assuming master devices as they wait for slaves to
  + Fix reading managed state from device state file.
  + Fix crash activating bluetooth or WWAN connection.
  + No longer add a direct route to the DHCP server.
  + Several bug fixes and improvements.
- Call autogen.sh networkmanager-obs-net.patch touches the build
- Add nm-dont-overwrite-resolv-conf.patch: Fix NetworkManager
  overwriting /etc/resolv.conf (bsc#960153, bsc#1021665).
- Disable 6 of the tests that are failing on OBS runs
  * networkmanager-obs-net.patch
- Version update to 1.8.0:
  * Default routes set by devices that failed connectivity checks are now
    penalized with a higher metric
  * nmcli is now able to produce output more friendly for machine parsing
  * The slaves available at the time a master connection is activated are
    enslaved in a stable order, making the automatic MAC address for Bonding
    devices more predictable.
  * Hostname management is now more flexibly configured
  * Support for additional route options (pref-src, src, tos, window, cwnd,
    initcwnd, initrwnd, mtu, lock-window, lock-cwnd, lock-initcwnd,
    lock-initrwnd, and lock-mtu).
  * Fixed detection of EAP-FAST support in wpa_supplicant
  * Support for handling PINs for PKCS#11 tokens as secrets
  * GSM and CDMA connections now have a MTU property
  * An option to disable selected TLS versions during EAP phase 1
  * The 802.1x authentication timeout is now configurable to allow a faster
    fallback to other connections
  * Persist managed state of device until reboot. This improves seamless take
    over of a previously managed device after restart of NetworkManager.
  * Better handle devices that are externally managed by somebody else by
    consistently generating an in-memory connection to reflect the external
  * Expose SRIOV capability of a device on D-Bus and support configuring the
    number of virtual functions via NetworkManager.conf.
  * Support matching networking devices via new "/driver:"/ device spec in
  * Introduced support for creating and managing dummy links
  * The teaming devices now support setting a hardcoded MAC address
  * Settings of bonding devices can now be modified on-the-fly, without the
    need to reactivate a connection
  * The failures to activate a connection now communicate better error
    responses to nmcli
  * Reverse Path filtering is now disabled in multihoming configurations where
    it would interfere with legitimate network traffic
  * libcurl is used instead of libsoup for connectivity checking, resulting in
    a smaller dependency footprint
  * With DNS mode "/rc-manager=symlink"/, don't write /etc/resolv.conf as
    a symlink if it already exists as a regular file.
  * Support attaching user-data in form of key-value pairs to connection
  * Fix accpeting fully qualified name for ipv4.dhcp-hostname setting.
  * Make NetworkManager more forgiving to failure to change the MAC address
    during scanning.
- Wimax switches are completely removed
- Added dependencies on packages with versions to ensure
  all features are properly detected, configure reports yes for
  most items now
  * add libcurl
  * add libpsl
  * add python-dbus test dep
- Remove gudev and soup deps as per upstream changes
- Enable testsuite
- Add patch networkmanager-checks-po.patch:
  * Our patch added new .in file that needs to be excluded from
- Replace nfs NetworkManager dispatcher script. Issues of the old
  nfs dispatcher script, fixed by this commit:
  + It only mounts NFS shares with auto-mount. In SUSE's default
    configuration, those are tried to be mounted at boot.
    Unfortunately, this would not work, when NetworkManager
    handles the connection later. The boot process stops at this
  + It unmounts everything on each "/down"/ for any network
    interface, even if the NFS share is still connected to the
    computer via another network interface.
- Update to version 1.6.2:
  + Fixed build warnings with GCC 7.
  + Multiple bug fixes in NetworkManager, nmcli and nm-online
    including several crashes.
- Update to version 1.6.0:
  + No further changes since rc2 (1.5.91).
- Update to version 1.5.91:
  + Bugs fixed: bgo#777402, rh#1406454, rh#1414186.
- Update to version 1.5.90:
  + Avoid reading the permanent MAC address before the device is
    initialized by UDEV. This avoids a race where NetworkManager
    might detect the MAC address of the wrong interface.
  + Fixed race conditions when renaming interfaces, for example as
    done by UDEV for persistent interface naming. This could cause
    detecting devices as the wrong hardware type.
  + Added initial support for PKCS#11 tokens with 802.1x
  + The stable-addressing for MAC address randomization and RFC7217
    IPv6 stable privacy addressing can now be more flexibly
    configured using dynamic randomization seeds in
  + Added support for managing the MACsec links. Requires support
    in wpa_supplicant (version newer than 2.6).
  + When the master of Team, Bridge and Bond devices is specified
    as a connection UUID, the ifcfg-rh plugin now writes the master
    connection's interface name into the ifcfg file for improved
    compatibility with the legacy network service.
  + Improve handling of MTU by resetting the previous MTU when the
    device deactivates and reset the MTU to a defined value on
  + Improve tracking of parent devices for dependend devices like
    ip-tunnels, MACVLAN, VETH, VLAN, and VXLAN.
  + Many bug fixes and improvements.
- Update to version 1.5.3:
  + The cloned.mac-address property can now be used with Bond and
    Bridge devices.
  + The ifcfg parsing code has been reworked for better
    compatibility with actual shell variable files.
  + The ipv6.method=shared is now supported, utilizing DHCPv6
    Prefix Delegation option to obtain prefixes for the interface.
  + nmtui now supports creating and editing IP tunnel connections.
  + The libnm client library now uses the D-Bus ObjectManager API
    that allows for quicker initialization of the clients.
  + nmtui now utilizes the asynchronous libnm client API to
    paralellize communication with the daemon, reducing the client
    startup time.
  + Ethernet devices now use "/802-3.speed"/ and "/802-3.duplex"/
    properties to allow controlling overriding the negotiated link
  + Order in which IP addresses are configured is now preserved so
    that primary address is selected correctly.
  + The PPP manager can now be split into a separate package.
  + Details of the DNS information obtained from the connections is
    now exposed on the D-Bus and can be inspected with nmcli.
  + Added the support for DHCPV6_HOSTNAME and DHCPV6_SEND_HOSTNAME
    keys in ifcfg files that control "/dhcp-hostname"/ and
    "/dhcp-send-hostname"/ properties of the "/ipv6"/ setting.
- Add python-gobject BuildRequires: needed in order to build the
  settings documentation.
- Update to version 1.5.2:
  + Introduced Vala bindings for libnm.
  + NetworkManager would now keep most connections up on shutdown
    (except Wi-Fi connections, VPN connections and other kinds that
    can't be assumed on startup)
  + The checkpoint/restore connection can now also remove new
    connections and disconnect devices that were activated since
    the checkpoint was taken.
  + The configuration is now read from /run/NetworkManager/conf.d
    as well. This is useful for handing over configuration
    discovered on system startup to NetworkManager.
  + New connection.autoconnect_retries property that allows
    fine-tuning the autoconnect behavior.
  + Support for configuration and discovery of Web Proxy settings
    with PacRunner service.
  + Support for systemd-resolved local DNS forwarder backend.
  + Fix emission of NM-style PropertiesChanged signals and
    deprecate them for PropertiesChanged on
    "/org.freedesktop.DBus.Properties"/ interface.
  + Change the meaning of unset "/cloned-mac-address"/ settings from
    "/permanent"/ to "/preserve"/. This changes the default value and
    affects existing connections during upgrade that did not
    explicitly configure cloned-mac-address. This has the effect
    that externally configured MAC addresses are preserved by
    default instead of setting the permanent address (bgo#770611).
- Update to version 1.4.4:
  + Order in which IP addresses are configured is now preserved so
    that primary address is selected correctly.
  + Don't deconfigure devices we can take over on shutdown. Makes
    it possible to restart without connection disruption for most
    device types.
  + Avoid reading the permanent MAC address before the device is
    initialized by UDEV. This avoids a race where NetworkManager
    might detect the MAC address of the wrong interface.
  + Fixed race condition when renaming interfaces, for example as
    done by UDEV for persistent interface naming. This could cause
    detecting a Wi-Fi interface as ethernet.
  + Fixed a race condition in libnm that could cause a client hang
    if a last value from a property of object array type
  + Fixed a possible nmcli hang on D-Bus object fetch failure.
  + Other fixes and improvements.
- Update to version 1.4.2:
  + Fixed emission of NM-style PropertiesChanged signals and
    deprecated them for PropertiesChanged on
    "/org.freedesktop.DBus.Properties"/ interface.
  + Fixed race condition in the communication between
    NetworkManager and the DHCP helper which caused loss of events.
  + Added workaround for failures in changing MAC address with some
    wireless drivers.
  + Improved bash autocompletion.
  + Restored check on JSON syntax when built with Jansson support.
  + Fixed a regression in the serialization of empty
    "/cloned-mac-address"/ property in libnm.
  + Other fixes and improvements.
- Drop NetworkManager-fix-broadcom-wifi.patch: Fixed upstream.
- Add even more commits to really fix bgo#770456 to
- Add NetworkManager-fix-broadcom-wifi.patch: Broadcom driver does
  not support the random mac addr introduced. This patch works
  around the problem (bgo#770456).
- Conditionally apply translations-update-upstream BuildRequires
  and macro for non-openSUSE only.
- Update to version 1.4.0:
  + The MAC address assigned to a device can now be set according
    to different policies: preserve, permanent, random, stable.
  + NetworkManager now waits for IPv6 DAD to terminate before
    completing the activation.
  + Added support for setting IPv6 tokenized interface identifiers
    through the 'ipv6.token' connection property.
  + Added a 'Reload' D-Bus method to reload configuration and
    reapply DNS configuration.
  + Added ability to create a configuration checkpoints and rolling
    back changes after a timeout.
  + NetworkManager now follows symlinks when accessing resolv.conf
    and rc-manager is set to 'file'.
  + Added support for oFono as modem manager.
  + The devices now exposes counters of transferred data.
  + The 'may-fail' property of ipv4 and ipv6 settings is now
    respected more accurately.
  + The timeout for requests of secrets to agents has been
    increased from 25 to 120 seconds.
  + Name servers passed to dnsmasq now specify an egress interface
    to avoid problems with multiple active connections.
  + Reverse DNS entries for IPv6 are now added to dnsmasq, and IPv4
    reverse entries now honor the network prefix.
  + A new 'dns-priority' property of ipv4 and ipv6 settings can be
    used to tweak the order of servers in resolv.conf when multiple
    connections are active.
  + configure script accepts --enable-{address,undefined}-sanitizer
    options to build NetworkManager with GCC sanitizers.
  + The default resolv.conf manager can now be specified at build
    time using the --with-config-dns-rc-manager-default configure
  + NetworkManager is now compiled with --gc-sections to reduce
    executable size.
  + Added a new 'VPN_PLUGIN' logging domain.
  + It is now possible to change the configuration currently
    applied on a device with 'nmcli device modify' and 'nmcli
    device reapply'.
  + nmcli invoked without parameters shows an overview of the
    current network configuration.
  + The 'nmcli connection add' syntax has been extended and is now
    possible to pass properties (e.g. 'ipv4.dns') along with
  + nmtui now returns to initial menu after a sub-form exits.
  + Improved bash autocompletion for nmcli.
  + Now devices are disconnected before the system suspends,
    executing dispatcher scripts. This allows external applications
    to be notified of the change in connectivity.
  + Dispatcher scripts are now called also when connectivity status
  + Many other fixes and improvements.
- Pass --with-config-dns-rc-manager-default=netconfig to configure:
  ensure to use netconfig, which is SUSE's default.
- Replace pgkconfig(systemd) BuildRequires with
  pkgconfig(libsystemd), following upstream.
- Rebase systemd-network-config.patch.
- Update to version 1.2.2:
  + The dnsmasq DNS management mode now uses D-Bus API of dnsmasq
    to make signal nameserver changes.
  + Hostname is now correctly read on Slackware.
  + IPv6 addresses for default wired connections now stay stable.
  + Reading portname on s390 systems on 4.4 kernels and newer has
    been corrected.
  + nmcli no longer warns about version mismatches.
  + Improved developer documentations.
  + Multiple minor bugfixes.
  + Updated translations.
- Update to version 1.2.0:
  + Bugs fixed: bgo#764750, bgo#764955, bgo#764956, bgo#765225,
- Changes from version 1.1.94 (1.2-rc2):
  + Bugs fixed: bgo#764839, bgo#764690, rh#1324895.
- Add post/postun scritlets for libnm0.
- Update to version 1.1.93 (1.2-rc1):
  + Bugs fixed: bgo#761389, bgo#763236, bgo#764317, bgo#764332,
    bgo#764398, bgo#764402, bgo#764483, bgo#764606, rh#1299103.
  + Updated translations.
- Changes from version 1.1.92:
  + Added an option to enable the old-fashioned /etc/resolv.conf
    handling (using a symlink).
  + NetworkManager now checks the connection data from client for
    validity and gracefully handles unknown properties in client.
    This improves interoperability between the server and clients
    of different versions.
  + The activation of a VLAN device with a virtual parent that is
    inactive now results in a parent being activated first.
  + The server name used with 802.1x authentication can now be
    constrained to a particular domain suffix (CVE-2006-7246).
- Drop (presumably) no longer needed patches:
  + nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff
  + nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff
- Update to version 1.1.91:
  + Added support for detecting duplicate IPv4 addresses, with a
    timeout configurable through the ipv4.dad-timeout connection
  + Fixed a race condition that could potentially lead to
    unauthorized access to connection secrets (CVE-2016-0764).
  + dnsmasq configuration for shared connections can now be
    extended by placing custom files in
  + Generic devices are no longer assumed unless explicitly
    requested by user.
  + The reorder-header VLAN flag setting is now honored; to keep
    backwards compatibility in behavior, an existing REORDER_HDR=0
    ifcfg-rh key is ignored; the flag must be disabled with
  + Fair amount of bugs was fixed and robustness was generally
- Rebase systemd-network-config.patch.
- Update to version 1.1.90:
  + Added an option to enable use of random MAC addresses for Wi-Fi
    access point scanning (defaults to disabled).  Controlled with
    'wifi.mac-address-randomization' property
    (MAC_ADDRESS_RANDOMIZATION key in ifcfg files).
  + Wi-Fi scanning now utilizes wpa_supplicant's AP list.
  + Added support for Wi-Fi powersave, configured with POWERSAVE
    key in ifcfg files.
  + Added support for creation of more types of software devices:
    tun & tap, maxvlan, vxlan and ip tunnels (ipip, gre, sit,
    isatap, vti, ip6ip6, ipip6, ip6gre and vti6).
  + The software devices (bond, bridge, vlan, team, ...) can now be
    stacked arbitrarily. The nmcli interface for creating
    master-slave relationships has been significantly improved by
    the use of 'master' argument to all link types.
  + RFC7217 stable privacy addressing is now used by default to
    protect from address-based host tracking. The IPv6 addressing
    mode is configured with IPV6_ADDR_GEN_MODE key in ifcfg files.
  + Improved route management code to avoid clashes between
    conflicting routes in multiple connections.
  + Refactored platform code resulting in more robust interface to
    platform, less overhead and reduced memory footprint.
  + Improved interoperability with other network management tools.
    The externally created software devices are not managed until
    they're activated.
  + The Device instances now exist for all software connections and
    the platform devices are now only created when the device is
    activated. This makes it possible for connections with device
    of same name not to clash unless they're activated
    concurrently. The links are now not unnecessarily present
    unless the connection is active, avoiding pollution of the link
    name space.
  + NetworkManager now correctly manages connectivity in
    namespace-based containers such as LXC and Docker.
  + Support for configuring ethernet Wake-On-Lan has been added.
  + Added LLDP listener functionality and related CLI client
    commands. Enabled via LLDP option in ifcfg files.
  + CLI secret agent has been extended with support for VPN
  + The command line client now utilizes colors for its output.
  + The command line client now sorts the devices and properties
    for better clarity.
  + Numerous impovement to Bash command completion for nmcli.
  + NetworkManager relies on less external libraries. The use of
    dbus-glib has been replaced with gio's native D-Bus support and
    libnl-route is no longer used.
  + Dependency on avahi-autoipd has been dropped. Native IPv4
    link-local addressing configuration based on systemd network
    library is now used instead.
  + Hostname is now managed via systemd-hostnamed on systemd-based
  + Management of resolv.conf management can be changed at runtime,
    private resolv.conf is always written in /run.
  + DNS options in resolv.conf are now honored.
  + Updated version of systemd network library used for internal
    DHCP and IPv4 link-local support.
  + Support for event logging via audit subsystem has been added.
  + Support for native logging via systemd-journald has been added
    taking advantage of its structured logging.
  + Live reconfiguration in IP configuration after changing the
    settings without reactivation of the device with "/nmcli device
    reapply"/ command and via D-Bus API.
  + The API for VPN plugins now supports multiple simultaneous
    connections. Most popular VPN plugins have been updated to
    support this functionality.
  + The libnm library now provides API to access VPN service
  + Fair amount of bugs was fixed and robustness was generally
  + New DHCP_FQDN key in ifcfg files to configure the full FQDN to
    be sent to the DHCP servers.
  + Added multicast_snooping option to BRIDGING_OPTS ifcfg key.
- Pass --enable-gtk-doc to configure: needed to have the man pages
- Remove --enable-ifcfg-suse configure parameter: the ifcfg-suse
  plugin has been deprecated.
- Add perl(YAML) BuildRequires: dependency to build the
- Rebased systemd-network-config.patch.
- Drop NetworkManager-geoclue-interaction.patch: the patch has side
  effects when geoclue itself is not installed.
- Drop NetworkManager-openvpn-route-configuration.patch: no longer
- Drop nm-ppp-manager-clear-ppp_watch_id.patch and
  nm-update-ip_iface-only-if-IP-interface-exists.patch: fixed
- No longer recommend avahi-autoipd: the functionality is no longer
- Flip with_cacert_patch off (set to 0): patch needs rebase.
- Modify nm-probe-radius-server-cert.patch: Make sure the "/Apply"/
  button in Wifi configuration page of gnome-control-center is
  clickable (bsc#985332).
- Move provides NetworkManager(cacert-patch) to libnm-util2, to
  ensure gnome-control-center doesn't hard requires NetworkManager.
- Update to version 1.0.12 (FATE#318572)
- drop nm-core-fix-crash-during-Wi-Fi-rescan-by-emitting-NM_DE.patch
  contained in version
- Rebase NetworkManager-geoclue-interaction.patch
- Rebase nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff
- Rebase nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff
- Rebase systemd-network-config.patch
- Rebase nm-probe-radius-server-cert.patch
- nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff
_ Update to version 1.0.12:
  + DHCP leases on software devices are now renewed when the
    computer is awoken from suspend.
  + Improved ifupdown plugin robustness and interoperability on
    Yocto and OpenEmbedded.
  + Fixed failed VPN activations when plugin supports interactive
    mode, but the VPN daemon does not.
  + Wi-Fi monitor interfaces are now ignored, not turned into
    managed mode.
  + AP and AdHoc mode connections with manual IP configuration are
    now able to autoconnect.
  + Broken device drivers (AWS ENI) that initially have invalid
    MAC addresses are now properly managed as soon as correct MAC
    address is set.
  + WWAN devices are unlocked a bit earlier so that supported IP
    versions can be queried.
  + The NetworkManager.service was ordered after
    network-pre.target and dbus.service. This ensures
    NetworkManager doesn't set up connectivity before firewall
    rules are in place and wouldn't exit before remote filesystems
    can be umounted ensuring orderly operation of systemd managed
  + The netfilter rules used with shared IPv4 method are now
    removed on exit.
  + Ability to manage USB gadget drivers (UDC side) has beed
  + Infiniband transport mode change now takes place with the link
    set down because some drivers need that.
  + Race conditions that could disclose connection secrets to
    authenticated local users when changing ifcfg and keyfile
    connections have been fixed.  This has security impact of low
    severity (CVE-2016-0764).
  + A handful of memory leak and crasher bugs of minor importance
    have been fixed.
- Drop patches incorporated upstream:
  - NetworkManager-openvpn-route-configuration.patch.
  - nm-ppp-manager-clear-ppp_watch_id.patch.
  - nm-update-ip_iface-only-if-IP-interface-exists.patch.
- Rebase systemd-network-config.patch for updated version.
- nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff
- Split out a NetworkManager-branding-upstream subpackage that
  installs the default upstream version of the
  /etc/NetworkManager/NetworkManager.conf file.
- Add Requires: NetworkManager-branding to main package.
- Add nm-ppp-manager-clear-ppp_watch_id.patch and
  nm-update-ip_iface-only-if-IP-interface-exists.patch: Patches
  from upstream git cherrypicked to stable branch from master.
- Add NetworkManager-openvpn-route-configuration.patch: Fix routes
  not being applied when connecting to openVPN.
- Add explicit pkgconfig(libteam) BuildRequires: force team
  connection support.
- Update to version 1.0.10:
  + Added support for handling VPN secrets to nmtui and nmcli agent.
  + Fixed a regression that caused NetworkManager to ignore
    external deletion of a device with master.
  + Fixed glitches with older versions of glib (prior to 2.36.0).
  + Fixed build with most recent versions of libsoup.
  + Fixed busy retry loop on non-transient errors from
  + Improvements to testing infrastructure.
  + Updated translations.
- Update to version 1.0.8:
  + MTU indicated by a VPN gateway is now properly applied.
  + Fixed MSS setting when MTU changes.
  + The default route is properly restored on device disconnect.
  + Build with older toolchains has been fixed.
  + The team devices can now properly be enslaved to bridges.
  + Failed DHCP attempts for assumed connections are now retried
    after a timeout.
  + Default wired connection is now created after udev registers
    the device.
  + Support for Bluetooth DUN devices with Bluez 5 has been fixed.
  + The ipv6.ignore-auto-dns property is now properly honored
    making it possible to override automatically obtained name
  + Invalid permanent MAC adddresses as reported by some devices
    are now ignored.
  + Device links reported by more recent versions of Linux kernel
    that reside in different network namespaces are no longer
    confused with links in the namespace NetworkManager runs in.
  + MAC address changes of VLANs enslaved to a bond are now
    properly propagated to the master device.
  + Fixed error handling for teaming devices with invalid
  + Wi-Fi AP list is now updated correctly after AP mode has been
  + Management of a device is not attempted until the device has
    been registered with udev.
  + The error handling for VPN secret agents is now significantly
    more robust.
  + Detection of s390 CTC devices now works properly.
  + A GATEWAY property in /etc/sysconfig/network now no longer
    affects non-static connections.
  + Added support for IPv6-only VPN connections.
  + The systemd service now uses HUP signal to reload
  + Change VLAN default flags to set REORDER_HDR for new
  + nmtui is now able to ignore automatically configured routes.
  + Numerous bash shell autocompletion fixes for nmcli.
  + Allow setting IPv6 and PPP settings for GSM and CDMA
    connections via nmcli.
  + Added support for adding ADSL connections in nmcli.
  + Numerous crash fixes.
  + Updated translations.
- Rebase NetworkManager-geoclue-interaction.patch.
- Update to version 1.0.6:
  + Improved capture portal detection.
  + Default route through WiFi connection is now preferred to
    Mobile Broadband if both are available.
  + Expose a flag to determine whether a particular connection is
    metered via API and client tools.
  + Add support for locking connections to a channel within a
    particular band.
  + Add support for configuring Wake-on-LAN capabilitites.
  + Allow overriding the MTU for team device.
  + Usual pile of bug fixes and robustness improvements.
- Rebase NetworkManager-geoclue-interaction.patch .
- Toggle with_cacert_patch to 1: the patch has been rebased.
- Change nfs dispatcher-script to be more reliable in mixed ip v4
  v6 environments.
- Rebase nm-probe-radius-server-cert.patch for 1.0.4 (bsc#938198).
- Add explicit pkgconfig(udev) BuildRequires: we need it to define
- Update to version 1.0.4:
  + The MTU setting from an IPv6 neighbor discovery Router
    Advertisements is now ignored if applying it would result in
    invalid configuration.
  + Some configuration options can now be changed without
    restarting the daemon. Notably, this applies to 'dns',
    'connectivity' and 'ignore-carrier' settings.
  + The connection activation was made more robust. If an active
    connection is reactivated, the device it's active on takes
    precedence. If an attempt is made to activate a connection on a
    different device than it is active on, the activation proceeds
    removing the connection from the active device.
  + The device specifiers in configuration files now support
    negation via 'except:' match.
  + Devices that only have IPv6 link-local address are no longer
    assumed to be connected.
  + nmcli now provides hints and tab-completion for enumeration
  + If the IPv6 interface tokens are set they are honored when
    creating an interface identifier for IPv6 addressing.
  + NetworkManager now maintains correct routing configuration when
    multiple interfaces are connected to the same network.
  + The management of devices can now be controlled with udev
    rules. The veth devices as well as the virtual Ethernet devices
    of various virtualization tools (VMWare, VirtualBox, Parallels
    Workstation) are now ignored by default.
  + The IPv6 privacy extensions are now enabled by default and
    handling of the ip6-privacy sysctl has been improved.
  + Activating a Bond, Bridge or Team device can now optionally
    activate the slave connections as well. The behavior is
    controlled with 'connection.autoconnect-slaves' property.
  + The platform support code has been refactored, resulting in
    better scalability in large configurations.
  + Changes to network interfaces configuration done outside
    NetworkManager are now picked up and exposed to the user via
    NetworkManager API and tools.
  + A connection can now optionally leave externally configured
    default route in place instead of overriding it. The behavior
    is controlled with 'ipv4.never-default' and
    'ipv6.never-default' properties.
  + Multiple crasher and memory leak bugs in the daemon were fixed.
  + Multiple bugs that could cause the client tools to hang or
    crash were fixed.
  + nmcli allows multiple devices for 'nmcli device
  + Firewall zone is added to firewalld for device-based VPN
    connections too.
- Toggle with_cacert_patch to 0: the Radius CA patch neeeds to be
  reworked. Wrap applying the patch into a with_cacert_patch
  condition, to make enabling/disabling a one-stop change.
- Update to version 1.0.2:
  + Wi-Fi devices now indicate support for 2GHz and 5GHz
  + "/nmcli device"/ output now indicates physical port ID
  + New config items added to the 'ifcfg-rh' plugin:
  - IPADDR and PREFIX are now supported for specifying address
    ranges of shared IPv4 connections.
  + Dispatcher scripts now get a CONNECTION_FILENAME variable with
    the path to the configuration file for the connection.
  + An example dispatcher script that is able to apply complex
    routing rules (such as setting up policy-based routing) for
    'ifcfg-rh' connections was added to examples/dispatcher/.
  + 'mode' key of Bond device options property now accepts numeric
  + Connection attempts for devices without carrier on startup now
    wait for carrier to appear within a short timeout instead of
    failing immediately. This makes system startup more robust.
  + Bridge connectivity is now properly restored on resume from
  + The D-Bus name is acquired earlier during the daemon startup.
    This makes it possible for the systemd service manager to
    optimize the service startup so that services that require
    networking are activated sooner contributing to faster system
    start up time.
  + A lot of memory leak problems were fixed, resulting in reduced
    memory usage. Many of them were discovered as a result of
    improvements in use of Valgrind in the testing infrastructure.
  + Management of 'teamd' daemon instances for Team devices is now
    more robust.
  + The 'dnsmasq' daemon respawns when it terminates and it is
    configured for management of DNS resolver configuration.
  + Hostnames that are not fully qualified are no longer sent to a
    DHCPv6 server for a dynamic DNS update.
  + Connection UUIDs are now checked for uniqueness when connection
    configurations are read.
  + Receipt of a NDP Router Advertisement can no longer lower the
    IPv6 hop limit (CVE-2015-2924).
  + Many other bugs were fixed.
  + Updated translations.
- Add NetworkManager(cacert-patch) provides: to be toggled to 0
  whenever we disable nm-probe-radius-server-cert.patch. Other
  packages that consume the ABI introduced by this patch can
  specify this as a requirement.
- Reabse nm-probe-radius-server-cert.patch
- Add rp-pppoe BuildRequires, so configure can autodetect the path
  to the pppoe binary.
- Recommend rp-pppoe: the program is needed for NetworkManager to
  be able to initiate PPPoE connections (commonly used by ADSL
  providers). It is not strictly required to operate NM in most
  setups, thus only recommended (boo#903553).
- Update to version 1.0:
  + A new 'libnm' GObject-based client library to replace
  - IP address, IP route, hardware address, and other properties
    are now represented as strings.
  - Based on GIO's GDBus bindings instead of dbus-glib.
  - Uses modern GObject APIs including GAsyncResult and GVariant.
  - See https://wiki.gnome.org/Projects/NetworkManager/libnm.
  + Devices and VPN connections now have individual default routes.
    Priorities are handled through configurable route metrics.
  + nmcli now supports password requests and PolicyKit
  + A faster, lighter-weight (though less capable) internal DHCP
    client has been added and may be selected with the
    "/dhcp=internal"/ option. It supports fewer DHCP options and
    does not yet support DHCPv6.
  + A new 'configure-and-quit=yes' option has been added for
    environments with less dynamic network configuration.
  + When running on 3.17 and later kernels, NetworkManager handles
    IPv6LL address assignment to ensure that IPv6 connectivity is
    not enabled until intentionally configured by the user.
  + NetworkManager no longer causes the nl80211 kernel module to be
    loaded on systems with no Wi-Fi devices.
  + Bluetooth DUN support now works with Bluez 5.x.
  + VPN connections can now persist across link changes and
    suspend/resume if their VPN plugin supports this feature.
  + A new 'ibft' settings plugin has been added to support
    firmware-based iBFT/iSCSI configurations. This functionality
    has been moved to 'ibft' from the 'ifcfg-rh' plugin.
  + IPv6 router advertisement MTUs are now respected.
  + NetworkManager no longer requires polkit libraries at runtime
    when Polkit support is enabled, and Polkit can be disabled at
    build time too.
  + Automatically created connections are now deleted when their
    device goes away.
  + 'nmcli dev connect' now attemts to create a connection if none
  + Manually configured static IPv6 configuration is kept even if
    SLAAC fails.
  + Manpages for the 'keyfile' and 'ifcfg-rh' plugins now describe
    their configuration syntax and available options.
  + WWAN connections now support IPv6 if the modem and provider
    support IPv6.
  + Software devices (bridge, bond, team, etc) can now be deleted
    from the D-Bus API or with nmcli.
  + The manpages, documentation, and API annotations have received
    many cleanups.
  + Externally created virtual interfaces are no longer managed by
    NetworkManager until they are set "/up"/ or activated via nmcli.
- Disable nm-probe-radius-server-cert.patch for now: needs rebase.
- Drop 0001-core-don-t-auto-launch-logind-bgo-741572.patch and
  NetworkManager-dhcpv6.patch: fixed upstream.
- Split out new subpackage typelib-1_0-NM-1_0 and libnm0.
- Require typelib-1_0-NM-1_0 and libnm0 by the -devel package.
- Add pkgconfig(bluez) BuildRequires.
- Replace pkgconfig(libsystemd-login) BuildRequires with
  pkgconfig(libsystemd) and pkgconfig(polkit-gobject-1) with
  pkgconfig(polkit-agent-1), following upstream.
- Update to version
  + Kernel 'cache' routes (such as those added by IPv6 operations)
    are ignored, preventing unwanted CPU usage.
  + Vala bindings for libnm-glib async methods have been added.
  + Some interactions with external OpenVPN daemon default routes
    have been fixed.
  + Fixed usage of libnm-glib connectivity checking from
    garbage-collected languages.
  + An unusual delay acquiring a DHCP lease with dhcpcd has been
  + A libnm-glib crash has been fixed when multiple NMClients are
  + A failure to pass certificate blobs to wpa_supplicant has been
  + A failure to send the inner private key password to
    wpa_supplicant has been fixed.
  + nmcli now returns earlier when activating master interfaces.
  + nmtui password fields now correctly display the password.
  + The IPv6 hop limit is no longer mistakenly set to 0 in some
  + Some DHCPv6 failures are no longer fatal.
  + Handling of DHCP 'nak' and 'expire' states has been fixed in
    some cases.
  + WiFi band locking has been fixed.
  + Support for Bluetooth DUN with Bluez5 has returned.
  + Non-local users can now control networking after
    authenticating with PolicyKit.
  + Externally added routes no longer have their metrics
  + Some child interfaces (eg VPN or WWAN) are no longer
    deconfigured when recognized.
  + Support for the PrimaryConnection D-Bus property has been
  + IPv6 RDNSS/DNSSL forced expiration is now handled properly.
  + An invalid route to the DHCP server is no longer added in some
  + A crash when external master/slave changes were made has been
  + Various nmtui bugs for slaves, WiFi, and IP address buttons
    have been fixed.
  + DHCP no longer fails due to SIGPIPE when the systemd journal
    is restarted.
  + Unmanaged slaves are now updated correctly when they
  + Cooperation with external team interfaces has been fixed.
  + Bridge STP property ranges are now properly checked.
  + Manager state is now properly updated on resume.
  + Slave interfaces are no longer released on exit.
  + Static IPv6 configuration is now added before SLAAC is
  + Allow shared connections to be started without a carrier.
  + A crash when disconnecting older Nokia phones has been fixed.
- Drop patches incorporated upstream:
  + 0001-core-don-t-auto-launch-logind-bgo-741572.patch.
  + NetworkManager-dhcpv6.patch.
- Add NetworkManager-dhcpv6.patch: dhcp: let dhclient handle
  requesting the 'server-id' option (boo#912315).
- Add 0001-core-don-t-auto-launch-logind-bgo-741572.patch: do not
  trigger logind start on system startup to avoid deadlock
- Handle NetworkManager-dispatcher.service using the systemd
- Enable NetworkManager-dispatcher.service in %post: as this is a
  dbus service, the 'systemd unit' must be enabled in order to be
  fired up.
- Version bump to 0.154.1
- log empty site names, but do not generate bad formatted cluster
  attribute name
- fix documentation of some parameter defaults
- adjust start/stop/promote/monitor action timeouts to match
  official recommendations
- restart sapstartsrv service on master nameserver node during
  monitor action, if needed. But NOT during probes.
- Version bump to 0.154.0
- restart sapstartsrv service on master nameserver node
- Version bump to 0.153.3
- The SAPHana resource agent must not down-score a SAP HANA
  Database site, if the landscape status is still 2, which means
  Keep high scoring during recovery of the master name server.
  Use a fall-back scoring for the master nameserver nodes, if the
  current roles of the node(s) got lost.
- change the shebang line of the HAWK2 templates to python3
- fix typo in a condition statement (bnc#1149829)
- Version bump to 0.153.2
- rescore the master and fix some log string literals
- Fix bsc#1133866:
  Return $OCF_RUNNING_MASTER (8) instead of $OCF_SUCCESS (0) when
  probing a promoted node.
- If the SAP HANA CALL to 'landscapeHostConfiguration.py' is
  running into a timeout, do a retry of the command. If it still
  fails with a timeout, raise an error but do not set attributes
  to prevent unlogged failovers because of empty or unknown
  (bsc#1134106, bsc#1133024, bsc#1101373)
- Fix bsc#1082974:
  set attribute for remoteNode
- Fix bsc#1139715:
  Using crm-attributes written by a SAP HANA SR provider hook does
  improve the data integrity in special error conditions with
  multiple errors coming in a short time frame.
  Stabilized remote-site detection; SAPHana could now use a site
  specific SR cluster attribute which could be set by a SAP HA/DR
  provider call.
  Add a HA/DR provider hook script, config implementation and man
  Add parameter "/HANA_CALL_TIMEOUT"/ to the RA configuration
  (SAPHanaTopology and SAPHanaSR) to set a timeout for HANA calls
  like landscapeHostConfiguration.py.
  Implemented "/reload"/ method to allow changing parameters like
  Set SWAIT during startup, but only if the attribute is already set
  Set PRIM after promote, but only if the attribute is already set
  The promote function has to set the return code according to the
  checks of the takeover result
  New tool SAPHanaSR-replay-archive, SAPHanaSR-filter and
  SAPHanaSR-showAttr to support SITE attributes
- Version bump to 0.152.22
- Fix bsc#1091074:
    + Adjust Perl scripts to Perl 5.26.0
    + Remove show_SAPHanaSR_attributes
    + The user is advised to use SAPHanaSR-showAttr instead
- SAPHanaTopology: stricter match for system replication 'mode' in awk
- remove duplicate BuildArch line from specfile
- FATE#323526: adjust HAWK2 Wizards to run on both Python 2 and 3
- Fix bsc#1062267: SAPHanaSR wizard sets IPAddr2 agent's NIC to eth0
- Fix bsc#1045606: update man pages
- Fix bsc#1042154: Scoring race condition between SAPHanaTopology and SAPHana
- Version bump to 0.152.21
- Fix bsc#1034685: SAPHanaTopology fails once after updating to 0.152.20
- Version bump to 0.152.20
- Fix bsc#1019117: Fix master scoring of secondary during a takeover
- Version bump to 0.152.19
- Fix bsc#1014397: SAPHanaSR not failing over consistently
- Fix bsc#1008469: SAPHanaSR-monitor reports wrong status colors and error messages
- Add a cluster attribute hana_<SID>_version upon a probe of SAPHanaTopology
- Update man pages
- Change the Setup Guide to contain just the URL to the best practices
- Fix bsc#994753: Tool SAPHanaSR-showAttr fails to read offline cib file correctly
- Fix bsc#1016691: Status file of SAPHanaTopology is not multi instance aware (MCOS)
- Fix bsc#1016936: SAPHanaSR-TestDriver fails to detect the correct status
- Fix bsc#985822: HAWK Wizards are listed as legacy
- Version bump to 0.152.18
- Fix bsc#985474: SAPHanaSR-showAttr shows node ID instead of uname
- Fix bsc#1007825: SAPHanaSR-showAttr fails to show node status
- Fix bsc#1005872: SAPHana Resource Agent handling virtual hostnames
- Fix bsc#1007605: SAPHanaSR no longer ignores DR SR status
- bsc#982355 - SAPHanaSR: SAP changed the interface of landscapeHostConfiguration.py beginning with SPS12 rev 120
- bsc#981446 - SAPHanaSR: SAP revokes interface hdbnsutil -sr_state beginning from rev 112.03
- log_attributes are not longer logged to /var/log/fhATTRIBUTES by default
- bsc#977644 -  SAPHanaSR: SAP Hana resource with Virtual IP not migrating from master to secondary node correctly
- Fix for bsc#954653; SAPHanaSR: Resources SAPHana and SAPHanaTopology not managed correctly by Hawk in SLES12 for SAP
- Use new parameters for hdbnsutil -sr_regsiter for SAP HANA >= SPS110
- Fix for bsc#949544; SAPHanaSR needs to handle hanging SAP HANA calls
- Fix for bsc#947303; SAPHanaSR: SAPHana resource agent still requires secure store users
- Avoid to set local lpt, if accidently the remote host name is empty
- Fix for bsc#939039; SAPHanaSR fails to detect remote site name if site names are substring of an other remote site name like SLE and SLEDR
- Updated the package version to 0.151 to relfect matching the upstream version
- Fix for bsc#935755; SAPHanaSR together with DAA-SAP-Instance does not work as expected
- Fix for bsc#936387; SAPHanaSR fails to work with multi tenant databases
- Fix for bsc#919925; SAPHanaSR: Leaving Node Maintenance stops HANA Resource Agent
- Fix for bsc#908861; SAPHanaSR should be tolerant to an additional secondary
  Still only ONE SAPHANA SID in SR per cluster, still two nodes only but
  an additional secondary in a chain (like A=>B->C) could now be ignored
- Package version 0.149;
- Fix for bnc#902244; SAPHanaSR fails when hdbnsutil does not return correctly or does report incomplete output
- Fix for bnc#902241; SAPHanaSR fails in cold bootstrap
- Updated Setup-Guide 11/04/2014
- Update to 0.3.29
- replace env ruby path with native ruby path during build phase
- Recognize more formats when parsing .curlrc for proxy credentials (bsc#1155027)
- Add rpmlintrc to filter false-positive warning about patch not applied
- Update to 0.3.27
- SUSEConnect now ensures that it writes its configuration when it
  encounters errors. This helps in the situation where SUSEConnect
  announces itself, but fails during a later step. Without the saved
  configuration, a system could have credentials, but be unsure which
  registration proxy they're valid for.
- Update to 0.3.26
  - Extend the YaST API in order to access to the package search
    functionality (jsc#SLE-9109)
- Don't fail de-activation when '-release' package already got removed
- Update to 0.3.25
- Fix cloud_provider detection on AWS large instances (bsc#1160007)
- Update to 0.3.24
- Forbid de-registration for on-demand Public Cloud instances (bsc#1155911)
- 0.3.23
  fix .spec file to correctly apply switch_server_cert_location_to_etc.patch to SLE15SP2+ (bsc#1130864)
- Update to 0.3.22
  switch_server_cert_location_to_etc.patch: add patch to switch server cert path for SLE15.2+ to /etc (bsc#1130864)
- Update to 0.3.21
  Fix error on first activation of packagehub extension (bsc#1124318)
- Update to 0.3.20
- Fix getting the list of installed products when zypper plugins are
  present (bsc#1143635)
- Update to 0.3.19
  - Fix failing on registered system without arguments (bsc#1144020)
- Update to 0.3.18
- Fix base product service removal during de-registration in public clouds (bsc#1136752)
- Update to 0.3.17
  - Don't try to remove a service during migration if a zypper service
    plugin already exists (bsc#1128969)
- Replace --no-ri --no-rdoc with --no-document - these options
  are obsolete since at least ruby 2.1 - and finally removed in
  ruby 2.6
- Only overwrite --bindir on fedora, it will overwrite --buildroot
  (which needs to be combined on newer fedoras)
- Update to 0.3.16
  - Show non-enabled extensions with a remark about availability
- Update to 0.3.15
  - Output information about registration and de-registration progress
- Output proper message when SUSEConnect is called without parameters (bsc#959561)
- Default to https URI when no protocol prefix is provided for --url
- Support transactional-update systems (fate#326482)
- Changed "/openssl"/ recommendation to "/openssl(cli)"/
  on SLE 12 SP3+ and SLE 15+ (bsc#1101470).
- Update to 0.3.14
  - Fix s390 activation fails due to unavailable 'dmidecode' bsc#1112702
- Update to 0.3.13
  - Fix migration targets sorting (bsc#1104183)
- Update to 0.3.12
  - Detect if system is in cloud provider (AWS/Google/Azure)
  - Don't fail when trying to parse an empty body. Fixes bsc#1098220
  - Don't install release packages if they are already present
- Fix .spec file for running SUSEConnect on Fedora28
- Weaken dependencies of rmt-client-setup script to Recommends:
- Enhance error message generation
- Add not supported operation exception to PackageSearch API
- Update to 0.3.11
- Add dependencies needed by the rmt-client-setup script. bsc#1093658
- Prevent the automatic registration of recommended products that
  are not mirrored by the registration proxy.
- Update to 0.3.10
  - Fix rollback mechanism on SLE15 systems (bsc#1089320)
- Update to 0.3.9
  - Enable access to package search via gem
  - Don't try to delete directory of nonexistent service files
- Update to 0.3.8
  - Fix list-extensions to show the full SLE 15 tree (bsc#1064264)
  - Enable automatic activation of recommended extensions/modules
  - Automatically deregister all installed extensions/modules when
    deregistering a system
- Repackage gem
- Remove unnecessary .gz files
- Update to 0.3.7
  - virt-create-rootfs connects to SMT server without breaking (bsc#914297)
- Update to 0.3.6
  - Make target_base_product parameter mandatory.
- Update to 0.3.5
  - Add YaST.system_offline_migrations
- Update to version 0.3.4:
  - Packaging improvements (bsc#964013)
- Update to version 0.3.3:
  - Fix SLE15 build
- Properly refresh zypper services when deactivating a product on SMT (bsc#1047153)
- Update to 0.3.2:
  - Fix --namespace parameter persistence (bsc#1044493)
- Update to 0.3.1:
  - Fix license auto-agree issue (bsc#1037783)
  - Add missing archs to SLE 12 SP3 build target
- Update to 0.3.0:
  - Single product deactivation feature (fate#320572)
- Update to 0.2.43:
  - RPM spec fix for openSUSE:Factory rpmlint compliance (bsc#1028660)
- Update to 0.2.42:
  - Better error message for network request failure (bsc#982630)
  - Fix error message for --product with malformed identifier (bsc#1018190)
  - Fix some errors and formatting in manpages and help output
- Update to 0.2.41:
  - Better error message for --list-extensions on unregistered systems
- Update to 0.2.40:
  - Update man page to include the --list-extensions option (bsc#998583)
- Update to 0.2.39:
  - Fix for bnc#990475: support for aarch64 hardware info
- Update to 0.2.38:
  - Fix for bnc#975484: better error message if SMT is too old
- Update to 0.2.37:
  - Add method to YaST class to get Installer-Updates repositories (fate#319716).
- Update to 0.2.36:
  - Fix for bnc#973851: More flexible exit codes handling in internal zypper calls
- Update to 0.2.35:
  - Fix for bnc#973315: Direct update from <=0.2.27 does not remove /usr/bin symlink
- Update to 0.2.34:
  - Fix for bnc#963996: Do not crash on --list-extensions when connected to SMT
  - Fix for bnc#968245: Do not let zypper attempt to read products from remote locations
- Update to 0.2.33:
  - Re-add SUSEConnect binary to /usr/sbin (bnc#963080)
  - Use `--match-exact` when searching for a product (bnc#952804)
  - Fix fonts on xterm (bnc#957354)
- Update to version 0.2.32: Remove unneeded link in %post which caused a warning (bnc#946183)
- Update to version 0.2.31 (bnc#946183)
  - Drop url-implies-writeconfig.diff; it is included in upstream since commit 2ef5aa
  - Correct RPM group
  - Include SCCcredentials file as a ghost entry
  - Further packaging improvements
- Update to version 0.2.30
  - New packaging spec. One `SUSEConnect` package to rule them all (bnc#951671)
  - Update manpages to match the latest CLI options
- Update to version 0.2.29
  - bnc#954266 Silently ignore malformed lscpu lines instead of failing
- Update to version 0.2.28
  - Properly handle empty repository lists from zypper (bnc#951566)
- Update to version 0.2.27
  - Do not install recommended dependencies when installing the product release package (bnc#945462)
  - Addd --rollback option (fate#319114)
- Update to version 0.2.26
  - zypper migration extremly slow with lot of modules and extensions registered (bnc#945462)
- Update to version 0.2.25
  - Solves Allow registration without system uid (dmidecode fails on qemu system) (bnc#934582)
- bnc#949424 ensure version of SUSEConnect is bumped in order to be
  able to distinct requests from affected YaST version in SCC API
- Update to version 0.2.24
  - Bug 943451 - [Migration] failure when "/zypper search"/ returns empty list
  - Bug 946488 - Synchronization API call returns "/no implicit conversion of Symbol into Integer"/ error
  - Bug 941565 - zypper migration not using --releasever
  - Bug 945462 - zypper migration extremly slow with lot of modules and extensions registered
- Update to version 0.2.23
  - Improve hwinfo detection on physical s390 systems
  - Bug 939293 - [S390] Error: Registration failed. Undefined method 'strip' for nil:NilClass (bnc#939293)
- Update to version 0.2.22
  - Migration rollback (fate#319114)
  - [Migration rollback] zypper migrate: baseproduct mismatch (bnc#941303)
- Update to version 0.2.21
  - Escape parameters of remove and add_repository methods
- Update to version 0.2.20
  - Add find_products method to migration abstraction layer fate#319140
  - Fix add_service method which also creates the credentials files
- Update to version 0.2.19
  - Introduction of migration abstraction layer for migration script
  - Clean up and re-factoring of yast abstraction layer
- Update to version 0.2.18
  - Improve SUSEConnect error messages
  - New --cleanup option (remove old system credentials and all zypper services installed by SUSEConnect)
  - New --namespace option (forward SMT staging environment to proxy registration server)
- Update to version 0.2.17
  - Added migrations endpoint support for Yast
  - Use C locale for all the syscalls (solves output parsing issues in some locales)
  - Stripping UUID from SCC API calls if it is not settable
  - Moved examples from gist to project
- Update to version 0.2.16
  - In case of wrong regcode provide meaningful message back to
    the user (Wrong regcode in that case).
- Update to version 0.2.15
  - Always write config file when --url parameter used (bnc#900689)
- Add patch git-33-d12420cc66e6d26a9dff6c0e86e00de232151c82.patch
  * Avoid semicolon within (t)csh login script on S/390.
- Add patch git-21-0064ecd132c30a939125acbc5b9a1c7bcd180fa0.patch
  * add screen.xterm-256color to DIR_COLORS
- Add patch git-22-f5e90d70d119b6aa12d019947029f9337aec378d.patch
  * check for Packages.db and use this instead of Packages
- Add patch git-23-8f1fe28287466235ade9c62fa5995eba9e642660.patch
  * Rename path() to _path() to avoid using a general name.
- Add patch git-24-2de52ae391e2963eb1913183a6b0530c7e781b55.patch
  * DIR_COLORS add TERM rxvt-unicode-256color (bug#1006973)
- Add patch git-25-287cf7cb851c0636fa46a610015d2d22ad36acea.patch
  * sort TERM entries in etc/DIR_COLORS
- Add patch git-26-0c2f2340cc6ebb51f20b36e550adc517a6b2ae42.patch
  * DIR_COLORS: merge TERM entries with list from (bug#1006973)
- Add patch git-27-abf7927eebbd4d7f47a362d49ae7856520682c49.patch
  * refresh_initrd call modprobe as /sbin/modprobe (bug#1011548)
- Add patch git-28-3351bcc9613ba022503103e7e4ffd01e7bd8e0fd.patch
  * etc/profile add some missing ;; in case esac statements
- Add patch git-29-5220a5f6ba250503ccda326e65ca069d245a5ebe.patch
  * profile and csh.login: on s390x set TERM to dumb on serial console
    for sclp_line0 and ttyS0 console (bug#1153946)
- Add patch git-30-b9dd70f33a124556f16dbbafc89585a82218ad61.patch
  * backup-rpmdb: exit if zypp.pid is there and running
- Add patch git-31-52dc403d54f2c926ee5cc892d1a8a830a45d7412.patch
  * also add color alias for ip command, jira#sle-9880, bsc#1153943
- Add patch git-32-0ee79834ea9ebf6573a7b903f374c21e53a56c14.patch
  * alias.bash check if ip command knows color=auto (jsc#SLE-7679)
- Add patch git-19-1149066a54a372b30b7cbd79cd222e11d96dc984.patch
  * Not all XTerm based emulators do have an terminfo entry (boo#1087982)
- Add patch git-20-6452441f2054b4b290c089ce6269889993b95fc1.patch
  * Better support of Midnight Commander (bsc#1170527)
- Add patch git-16-ed897a1090cafb678f75dbed8802bd671d3c1921.patch
  get_kernel_version: fix for current kernel on s390x (from azouhr)
  (bsc#1151023) (bsc#1139939)
- Add patch git-17-fe967bddbd74af9aba435900878397c0c7ea0b0b.patch
  added "/-h"//"/--help"/ to "/old"/ command (from Bernhard Lang)
- Add patch git-18-bb11f02d5dd940803c08d25b0cfd3650d9de7d41.patch
  change feedback url from http://www.suse.de/feedback to
- Add patch git-15-27e2c6180a45cca63d71ffa5de7b32dec749d2cd.patch
  change rp_filter to 2 to follow the current default (bsc#1160735)
- Add patch git-14-12023f2e8aae5b2ac3a895301945566b9f5eb9c3.patch
  drop dev.cdrom.autoclose = 0 from sysctl config (bsc#1160970)
- Clear broken ghost entry in patch
  which breaks (lib)readline (bsc#1157278)
- Add patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  Use official key binding functions in inputrc
  that is replace up-history with previous-history, down-history with
  next-history and backward-delete-word with backward-kill-word
  (bsc#1084934).  Add some missed key escape sequences for urxvt-unicode
  terminal as well (boo#1007715).
- Add patch git-12-80d14205f913cc67a98c562f988ea700a56c369b.patch
  * service: check if there is a second argument before using it
- Add patch git-11-b20083a930f766939f47dddc66d089c9fee5d38a.patch
  * check if variables can be set before modifying them
    to avoid warnings on login with a restricted shell
- Add patch git-08-9875dffab3ddda0c3e8399f935f059246c961f2a.patch
  * Add s390x compressed kernel support (bsc#1151023)
- Add git-09-c6cd010dd8b6efddd71c30f00a923d8f2537584c.patch
  * Fix LC_NAME and LC_ADDRESS in sh.ssh
- Add patch git-10-43091e644ff54997468a215b891dcaa75173f133.patch
  * fix string test to arithmetic test in /etc/profile.d/wsl.sh
- Add patch git-07-82a17f1689e8957635c8ccaae7c9b3bff7f94d49.patch
  * add sysctl.d/51-network.conf to tighten network security a bit
    see also (boo#1146866) (jira#SLE-9132)
- Add patch git-06-8640f848c6677f1149b9765a8c86135956604007.patch
  * Make systemd detection cgroup oblivious (bsc#1140647)
    systemd can work in three exclusive cgroup modes: legacy, hybrid and
    unified. The mode affects where and what cgroup hierarchies are mounted.
    detect running systemd as systemd itself does it
    (src/libsystemd/sd-daemon/sd-daemon.c, function sd_booted)
- Add patch git-05-ae2a49183ba0ad9dff6b8c1efd4de076bd34ab0f.patch
  * /etc/profile does not work in AppArmor-confined containers
- Add patch git-04-b66cf03e673e84902ce0330f88f84f4fbdc8c9e9.patch
  * Restore old position of ssh/sudo source of profile
    for bug bsc#1118364 but hopefully do not reintroduce
    bug boo#1088524
- Add patch git-03-00d332a443062395957f422c89eaed9d0979ec00.patch
  * update logic for JRE_HOME env variable (bsc#1128246)
- Add patch git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch
  Let bash.bashrc work even for (m)ksh (boo#1104531)
- Add patch git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch
  No error at login if java system directory is empty (bsc#1102310)
- Update to version 84.87+git20180409.04c9dae:
  * In bash.bashrc move ssh/sudo source of profile to avoid removing
    the `is' variable before last use (boo#1088524).
  * Avoid the shell code checker stumble over `function' keys word
    in ls.bash (git#54).
- Use %license (boo#1082318)
- Update to version 84.87+git20180208.8eeab90:
  * Don't call fillup for removed sysconfig.news
  * Adjust path for script converting sysctl config
  * For ksh use builtin keyword 'function' to make sure that the
    keyword 'typeset' really set the variable IFS to be local within
    the function _ls.
- Update to version 84.87+git20180205.2d2832f:
  * Move /lib/aaa_base/convert_sysctl to /usr/lib/base-scripts/convert_sysctl
    to cleanup filesystem.
  * Don't create /etc/init.d/{boot.local,after.local,halt.local} in
    aaa_base.pre section.
  * Remove dead code from pre/post install sections.
- Add /var/adm/backup subdirectories to aaa_base-extras, they are
  only needed by this package.
- Update to version 84.87+git20180204.875cba8:
  * Move sysconfig.backup into extra subpackage, where all the
    scripts using it are, too.
  * Create systemd timer for the cron.daily scripts for backup-rpmdb,
    backup-sysconfig and check-battery. Move scripts to
  * Remove suse.de-cron-local. If somebody really still has a
    /root/cron.daily.local file, he can move it to /etc/cron.daily.
  * Don't modify data in root's home directory
  * Don't create userdel.local, this isn't in use since many years
- Update to version 84.87+git20180130.ae1f262:
  * Really remove /usr/sbin/Check, obsolete since 8 years
  * Remove ChangeSymlinks, 90% are obsolete, the rest is dangerous
  * Remove 14 year old outdated documentation and dummy scripts for
- Update to version 84.87+git20180130.36ea161:
  * Remove obsolete/outdated manual pages (route.conf.5,init.d.7,
- Cleanup PreReq and move some parts to Requires(post), so that
  we can deinstall them if we no longer need them
- Update to version 84.87+git20171201.65000be:
  * Revert changes on sysconfig language and make lang.(c)sh
    to use sysconfig language as fallback or better use
    locale.conf as default. See discussion in bsc#1069971
    and FATE#319454 as well
- Update to version 84.87+git20171130.974ac5c:
  * Better parsing of sh variable settings in lang.csh
- Update to version 84.87+git20171129.a45b936:
  * Remove RC_* variables from language sysconf template
    (bsc#1069971 as well as FATE#319454)
- Update to version 84.87+git20171128.945b960:
  * lang.(c)sh: catch if ROOT_USES_LANG becomes not set
- Update to version 84.87+git20171128.aa232d3:
  * Add wsl specific code to profile.d/wsl.csh
  * move wsl specific code from profile into profile.d/wsl.sh
  * Remove obsolete "/make package"/
- Update to version 84.87+git20171128.a6752e8:
  * lang.(c)sh: handle locale.conf if sysconfig does not
- lang.(c)sh: handle locale.conf if sysconfig does not provide
  default locale (bsc#1069971, FATE#319454)
- Update to version 84.87+git20171128.17ae554:
  * Check for /proc/version before using it
  * Remove legacy code for /proc/iSeries
  * Move fillup-templates to /usr/share (boo#1069468)
- Fix installation of fillup-templates.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- use TW versioning, 13.2 is misleading
- Update to version 84.87+git20171120.d36b8b1:
  * Fix double sourcing of /etc/bash_completion.d
  * create wsl.sh in /etc/profile.d to set umask in WSL
  * Add support for /usr/bin/fish (boo#1068840)
  * Get mixed use case of service wrapper script straight (bsc#1040613)
- Update to version 13.2+git20170828.8f12a9e:
  * profile: don't override PATH in WSL
  * Remove passwd, group and shadow files. Remove %ghost entry for
    /run/utmp, /var/log/wtmp and /var/log/btmp, systemd is taking
    care of them
  * Remove run/utmp, too.
- Update to version 13.2+git20170814.cc9e34e:
  * Unset id in csh.cshrc instead of profile.csh (bsc#1049577)
  * Restore the is variable within /etc/profile
- Update to version 13.2+git20170731.c10ca77:
  * Fix csh.cshrc as tcsh does not handle stderr
  * Do not set alias cwdcmd for experts (boo#1045889)
  * unset unused variables on profile files (bsc#1049577)
  * Deprecate DEFAULT_WM in sysconfig.windowmanager
- Fix csh.cshrc as tcsh does not handle stderr messages within {}
  well (boo#1044876)
- Fix copy+paste error in /etc/csh.login boo#1043560
- Support changing PS1 even for mksh and user root (bsc#1036895)
- Be aware that on s390/s390x the ttyS0 is misused
- Reset extended screen TERM variables if no terminfo
- Better status line support even for tcsh
- Modernize /etc/ttytype as tset of ncurses use it
- Off application keypad (keyboard transmit) mode
- Missed a meta prefix in new inputrs.keys
- More 8bit key escape control sequences for XTerm
- Do not set INPUTRC as readline does know personal as well as system
  inputrc also make /etc/inputrc do set know sequences for both vi
  line editing modes as well as for emacs line editing mode.
- Do remove patch aaa_base-13.2+git20170308.c0ecf2e.dif not
  only from package but also from spec file
- Update to version 13.2+git20170425.47e703a:
  * Add Enlightenment to the list of windowmanagers
  * Add a number of audio/video formats to be colorized
  * Revert "/Avoid NAT on Bridges. Bridges are L2 devices, really."/
  * aaa_base.pre: drop some system users from aaa_base and create them in the respective packages: bin,daemon,news,uucp,games,man
  * Remove /var/log/faillog, there no application using this left [bsc#980484]
  * Remove users and groups sys, mail, lp, wwwrun, ftp and nobody
- Make lang.csh work again (bsc#1025673)
- Update to version 13.2+git20170306.3deb627:
  * aaa_base.pre: drop some system users from aaa_base and create
    them in the respective packages: bin,daemon,news,uucp,games,man
- Update to version 13.2+git20160915.106a00d:
  * enhance comment for NO_PROXY variable (bsc#990254)
  * Fix spelling of SUSE (skipped copyright statements - they need more thoughts)
  * fix regression introduced by fix for bnc#971567 (bnc#996442)
- Correct logic error in usage of variable restricted (boo#994111)
- enhance comment for NO_PROXY variable (bsc#990254)
- Update to version 13.2+git20160807.7f4c8c4:
  * switch IPv6 privacy extensions (use_tempaddr) back to 1
  * history see bsc#678066,bsc#752842,bsc#988023,bsc#990838
- Do not use the = sign for setenv in /etc/profile.d/lang.csh
- Follow the bash manual page that is respect --norc and --noprofile
- Update to version 13.2+git20160609.bf76b13:
  * Mark scripts /etc/init.d/{boot.,after-,halt.}local as deprecated
- lang.sh, lang.csh: if GDM_LANG equals system LANG then use system defaults
- Update to version 13.2+git20160530.bd5210c:
  + Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#958295)
  + Remove spurious assignment to unknown variable term from /etc/inputrc
  + chkconfig: return 1 trying to list unknown service (bnc#971567)
  + chckconfig: add --no-systemctl option
  + fix typo in last patch (no-systemctl support for chkconfig)
  + lang.sh, lang.csh: allow GDM to override locale
  + There is no kde4 anymore
  + Removed '/usr/bin/X11' from PATH (boo #982185)
- fix typo in last patch (no-systemctl support for chkconfig)
- chckconfig: add --no-systemctl option
- chkconfig: return 1 trying to list unknown service (bnc#971567)
- Merge pull request #26 from andreas-schwab/master
- Remove spurious assignment to unknown variable term from /etc/inputrc
- Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#567324)
- Update to version 13.2+git20151221.244f2a3:
  + drop old dns6 hack migration from 2002
  + remove more dropped variables
  + make chkconfig -a/-d work (bsc#926539)
  + avoid recursion if systemd call chkconfig back for sysv units
  + fix non-working line breaks
- make _service generate .changes
- Replace UNICODE double dash with simple ASCII single dash (boo#954909)
- Use the `+' for find's -exec option as this also respects white
  spaces in files names but is more like xargs.  Respect status
  of screen sessions.
- suse.de-backup-rc.config: trigger also if only files changed
  that have spaces in their name (bnc#915259)
- sysconf_addword: do not insert spaces at start of string (bnc#932456)
- Merge pull request #19 from super7ramp/cleaning-references-to-suseconfig
  - drop references to sysconfig/suseconfig
  - drop SCANNER_TYPE variable
- Merge pull request #25 from ptesarik/master
- Enable SysRq dump by default
- Revert "/fix /etc/init.d/foo status return code (bnc#931388)"/
- Merge pull request #23 from bmwiedemann/master
- fix /etc/init.d/foo status return code (bnc#931388)
- xdg-environment: reduce list in /opt/* to gnome,kde4,kde3 (bnc#910904)
- add SOCKS5_SERVER and socks_proxy to proxy settings (bnc#928398)
- Simplify version check
- Handle also command lines starting with the env command
  as this is used by gnome xsessions (bsc#921172)
- Correct the boolean in /etc/profile.d/lang.sh
- Even if GDM has done language setup the personal ~/.i18n should
  be sourced (boo#567324)
- Remove the official patch for fate#314974 as now part of systemd
- Merge pull request #21 from arvidjaar/bnc/907873
- Avoid sourcing /etc/bash_completion.d twice
- Fix spelling of SUSE
- Add the official patch for Fate#314974 (bnc#903009)
- test: Add helper library to fake passwd/group files
- quote: escape literal backslashes (bsc#953659).
- Added patch:
  * 0001-test-Add-helper-library-to-fake-passwd-group-files.patch
  * 0002-quote-escape-literal-backslashes.patch
- refresh acl-2.2.52-tests.patch to work with perl 5.26
- BuildRequires gettext-tools-mini instead of gettext-tools: as
  acl is part of the bootstrap, we want to try to keep the dep
  chain as small as possible.
- Remove --with-pic that's just for static libraries.
- Replace %__-type macro indirections.
  Replace old $RPM_ by their macro equivalents for consistency.
  Make the macro style consistent across the file again.
- reenable full Larg File Support for i586
- Make it possible to disable tests (for Ring0)
- Add BuildRequires: system-user-daemon for the testsuite
- Add BuildRequires for system user bin needed by test suite
- Update to git snapshot dated 21 Sep 2015.
  - Added:
  * 0001-Install-the-libraries-to-the-appropriate-directory.patch
  * 0002-setfacl.1-fix-typo-inclu-de-include.patch
  * 0003-test-fix-insufficient-quoting-of.patch
  * 0004-Makefile-rename-configure.in-to-configure.ac.patch
  * 0005-Bad-markup-in-acl.5-page.patch
  * 0006-.gitignore-ignore-and-config.h.in.patch
  * 0007-Use-autoreconf-rather-than-autoconf-to-regenerate-th.patch
  * 0008-libacl-Make-sure-that-acl_from_text-always-sets-errn.patch
  * 0009-libacl-fix-SIGSEGV-of-getfacl-e-on-overly-long-group.patch
  * 0010-punt-debian-rpm-packaging-logic.patch
  * 0011-move-gettext-logic-into-misc.h.patch
  * 0012-test-make-running-parallel-out-of-tree-safe.patch
  * 0013-modernize-build-system.patch
  * 0014-po-regenerate-files-after-move.patch
  * 0015-build-drop-aclincludedir-use-pkgincludedir.patch
  * 0016-build-make-use-of-an-aux-dir-to-stow-away-helper-scr.patch
  * 0017-build-ship-a-pkgconfig-file-for-libacl.patch
  * 0018-read_acl_-comments-seq-rename-line-to-lineno.patch
  * 0019-read_acl_-comments-seq-switch-to-next_line.patch
  * 0020-telldir-return-value-and-seekdir-second-parameters-a.patch
  * 0021-mark-libmisc-funcs-as-hidden-so-they-are-not-exporte.patch
  * 0022-add-__acl_-prefixes-to-internal-symbols.patch
  * 0023-cp.test-Check-permissions-of-the-right-file.patch
  * 0024-libacl-acl_set_file-Remove-unnecesary-racy-check.patch
  * 0025-fix-compilation-with-latest-xattr-git.patch
  * 0026-getfacl-Fix-memory-leak.patch
  * 0027-Fix-the-display-block-nesting-in-acl.5.patch
  * 0028-setfacl-man-page-Minor-wording-improvements.patch
  * 0029-getfacl-Fix-minor-resource-leak.patch
  * 0030-Do-not-export-symbols-that-are-not-supposed-to-be-ex.patch
  * 0031-walk_tree-mark-internal-variables-as-static.patch
  * 0032-ignore-configure.lineno.patch
- Signficant spec file restructuring due to 0013-modernize-build-system.patch
- removed builddefs.in.diff
- Reduce size of filelist by using wildcards;
  remove %doc (some locations are always %doc),
  remove %attr (files already have proper permissions)
- add acl-2.2.52-tests.patch and enable tests, check section taken
  from Fedora package
- remove gpg-offline calls from bootstrap package
- Update to new upstream release 2.2.52
  * This release fixes a few build system issues that were found and
  merges in a tree walking bug fix.
- Remove acl-fiximplicit.patch (merged upstream),
  config-guess-sub-update.diff (no longer applies)
- Sync baselibs.conf with in-.spec obsoletes/provides.
- add gpg checking
- use source url
- Add config-guess-sub-update.diff:
  update config.guess/sub to latest state for AArch64
- Use OS byteswapping routines, application already Includes
  "/endian.h"/ but then goes ahead defining ad-hoc equivalent
  functionality (0001-Use-OS-byteswapping-macros.patch)
- remove useless automake deps
- patch license to follow spdx.org standard
- license update: GPL-2.0+;LGPL-2.1+
  SPDX format
- add automake as buildrequire to avoid implicit dependency
- Fix provides/Obsoletes
- Implement shlib package (libacl1)
- Enable libacl-devel on all baselib arches
- upgrade to 2.2.51
  - Test fixes
- upgrade to 2.2.50
  - OPTIONS in man pages should be a section heading, not a subsection heading
  - Fix a typo in the setfacl man page
  - setfacl: Clarify that removing a non-existent acl entry is not an error
  - Prevent setfacl --restore from SIGSEGV on malformed restore file
  - setfacl: make sure that -R only calls stat(2) on symlinks when it needs to
  - libacl: fix potential null pointer dereference
  - setfacl: fix restore crash on malformed input
  - setfacl: print useful error from read_acl_comments
  - setfacl: changing owner and when S_ISUID should be set --restore fix
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- readded incorrectly removed libattr-devel requires in -devel
- fixed implicit strchr() usage.
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.2.48
  - Document the new flags comments
  - Include the S_ISUID, S_ISGID, S_ISVTX flags in the getfacl output, and restore them with "/setfacl --restore=file"/.
  - Make sure that getfacl -R only calls stat(2) on symlinks when it needs to
  - Stop quoting nonprintable characters in the getfacl output
  - Avoid unnecessary but destructive chown calls
  - Clarify license notice
- Yet more fixes for the crash with dmix plugin (bsc#1181194):
- Backport upstream fixes:
  yet more PCM plugin fixes, topology fixes/cleanups, UAF fix in
  UCM (bsc#1181194):
- Backport upstream fixes:
  a PCM plugin regression fix about snd_pcm_status() call, plugin
  directory handling fixes, missing audio timestamp types,
  use-after-free fix for conf parser, PCM plugin delay account fixes,
- Update to alsa-lib 1.2.4:
  Major updates, including previous patches.
  Documentation updates, PCM optional lockless, meter and iec958
  plugin updates, UCM updates, topology API updates, LTO fixes, etc.
  See the details in
- Drop the superfluous udev rules for HD-audio;
  it's already handled in the kernel properly
- Drop obsoleted patches:
- Placeholder for SLE15-SP3 sync (bsc#1171246):
  the actual fix is found in alsa-ucm-conf updates
- Enable topology support for riscv64
- Enable topology support for aarch64
- Backport upstream fixes:
- Build topology library conditionally;
  currently it's supported only for little-endian
- Update to alsa-lib
  another bug fix release: control namehint fixes, PCM dnsoop fixes,
  UCM regression fixes, etc.  See the details in
- Update to alsa-lib
  a bug fix release, see the detailed changes at:
- Update to alsa-lib 1.2.3:
  including previous fixes, see the detailed changes at:
- Drop obsoleted patches:
- Revert a problematic namehint change (boo#1171044)
- Backport upstream fixes:
  fixes for PCM rate plugin, draining fix, topology parameter parser
  fix, USB device name for UCM:
- Backport recent upstream fixes:
  topology API fix, UCM fixes/improvements, config fixes, chmap
  support in route plugin, timestamp type fix for dmix:
- Update to alsa-lib 1.2.2:
  including previous fixes
- Backport recent upstream fixes:
  conf updates, PCM ordering fix, configure fix;
- Drop obsoleted patches:
- Backport upstream fixes:
  ucm-parser fixes and enhancements, configure script cleanup,
  fixes of 5.6 kernel ABI, O_CLOEXEC flag fix:
- Backport upstream fixes:
  more topology fixes, a memory leak fix in mixer API, alsactl
  string handling fix, UCM config fixes:
- Remove INSTALL document, add NOTES instead
- Upstream fixes, including the alsa-tools build breakage:
- Update to alsa-lib
  More UCM and UCMv2 fixes / enhancements, details are found in
- Obsoleted patch:
- Fix the detection of topology library in alsa.m4:
- Update to alsa-lib
  * Minor fixes spotted by coverity
  * Fixes for UCM parser regressions
- Update to alsa-lib 1.2.1: including previous fixes
  for the detailed changes, see the following:
  The topology-related code is split into subpackages,
  libatopology2 and alsa-topology-devel.  The topology config is
  also moved into another package, alsa-topology-conf, which is
  required by alsa-topology-devel package.
  Also, the UCM profiles are moved into an individual package,
  alsa-ucm-conf, too, which is now required by alsa package.
- Drop obsoleted upstream patches:
- Disable LTO completely (boo#1149612);
  the versioned symbols in alsa-lib doesn't seem work properly on
  some apps
- Remove hackish modprobe install scripts for auto-loading OSS and
  sequencer modules (bsc#1136562);
  it's invoked from systemd unit file included in alsa-utils now
- Backport upstream fixes:
- Drop the downstream CX2072X UCM profile, which is replaced with
  upstream patches above
- Re-enable LTO (bsc#1133086);
  we need to pass -flto-partition=none as a workaround
- Update to version 1.1.9: including previous fixes
  See https://www.alsa-project.org/wiki/Changes_v1.1.8_v1.1.9
  for detailed changes
- Dropped obsoleted patches:
- Move definition of _lto_cflags into %build.
- Disable LTO (boo#1133086).
- Backport upstream fixes: PCM sw_params behavior fix, UCM additions and
  corrections, dshare position overflow fix, build fixes for Android:
- Drop -Iinclude/alsa from alsa.pc (bsc#1130333)
- Replace unspecific historic boilerplate summaries,
  and replace $RPM_* shell vars.
- Update to alsa-lib 1.1.8
  * Core:
    conf: rename snd_conf_load1() to _snd_config_load_with_include()
    conf/ucm: bytcht-es8316: Add long-name UCM profiles
    conf/ucm: Add UCM profile for bytcht-es8316 boards
    Create shared {En,Dis}ableSeq.conf components for rt5645 variants
    conf/ucm: bytcr-rt5651: Add bytcr-rt5651-stereo-spk-dmic-mic config
    conf/ucm: kblrt5660: Add ucm setting for Dell Edge IoT platform
    conf/ucm: chtrt5650: Add UCM config for chtrt5650
    ucm: Set default include path
    conf: Move UCM profile snippets into components subdirectory
    initial version of .travis.yml file
  * Control API:
    control: fix the assert() in snd_ctl_elem_set_bytes
  * PCM API:
    pcm: ioplug: Fix the regression of pulse plugin drain
    pcm: extplug: Keep format and channels the same if requested
    pcm: dshare: Fix segfault when not binding channel 0
    pcm: dmix: Add option to allow alignment of slave pointers
    pcm: interval: Interpret (x x+1] correctly and return x+1
  * Use Case Manager API:
    conf: rename snd_conf_load1() to _snd_config_load_with_include()
    ucm: Set default include path
    conf: Move UCM profile snippets into components subdirectory
  * Configuration:
    conf: rename snd_conf_load1() to _snd_config_load_with_include()
    conf/ucm: bytcht-es8316: Add long-name UCM profiles
    conf/ucm: Add UCM profile for bytcht-es8316 boards
    Create device component for rt5645 Internal Analog Mic UCM
    Factor out rt5645 variants Headset+Digital Mic UCM shared {en,dis}able sequences
    Factor out rt5645 variants Speaker+Headphones shared UCM enable sequences
    Create shared {En,Dis}ableSeq.conf components for rt5645 variants
    Update chtrt5645 ucm variants to use bytcr/PlatformEnableSeq.conf component
    conf/ucm: bytcr-rt5651: Document mono speaker wiring
    conf/ucm: bytcr-rt5651: Add bytcr-rt5651-stereo-spk-dmic-mic config
    conf/ucm: bytcr-rt5651: Add digital mic support
    conf/ucm: bytcr-rt5651: Add support for a headset-mic on IN2
    conf/ucm: bytcr-rt5651: Enable Stereo? ADC MIXL ADC? switches when enabling inputs
    conf/ucm: kblrt5660: Add ucm setting for Dell Edge IoT platform
    conf/ucm: chtrt5650: Add UCM config for chtrt5650
    ucm: Set default include path
    conf: Move UCM profile snippets into components subdirectory
    conf: USB-Audio: Add Dell WD19 Dock in the IEC958 blacklist
    conf/ucm/Dell-WD15-Dock: Fix incorrect device names
  * Documentation:
    README.md: add link to www.alsa-project.org
    initial version of README.md for github
  * External PCM Filter Plugin SDK:
    pcm: extplug: Keep format and channels the same if requested
  * Test/Example code:
    test/audio_time: remove unused variables
    test: rename code to more approriate mixtest
    test/code: make it work again
    test/latecy: fix typo in tstamp compare
  * Utils:
    utils/alsa.m4: conditionally enable libdl in AM_PATH_ALSA m4 macro
- Drop obsoleted patches:
- Remove obsoleted UCM profile for rt5640
- Don't treat the non-existing $ALSA_CONFIG_PATH too severely
- Backport upstream fix for a PCM regression for audacity
- Fix the incorrect UCM profile for Dell WD15 dock (bsc#1112292):
- Updated to alsa-lib 1.1.7:
  * change the location for add-on configs to /etc/alsa/conf.d
  * topology: Fix bclk and fsync inversion in set_link_hw_format()
  * topology: Add missing clock gating parameter when parsing hw_configs
  * topology: Add definitions for mclk_direction values
  * topology: Add alias conf parameter names for hw_configs
  * softvol: Allow up to 90 dB of gain
  * ucm: adding the folder of card_long_name when finding verb conf file
  * TLV macro cleanup and fixes
  * conf: USB-audio: Fix for Xonar U7 SPDIF device
  * pcm: add missing flags initialization for the fallback control data
  * pcm ioplug: fix some coverity issues
  * pcm: dmix: Fix hwptr updates at status call
  * New UCM files: bytcr-rt5640, chtnau8824, Dell WD-dock
  * UCM fixes: VEYRON-I2S, bytcr-rt5645, bytcr-rt5651, bytcr-rt5640,
  * Comment fixes
  * pcm: Define refine mask bits for DSD
  * pcm: snd_interval_refine_first/last fix
  * pcm: ioplug: Provide avail helper function for plugins
  * pcm: rate: Add error check for snd_pcm_avail_update()
  * pcm: Fix header guard in pcm_plugin.h
  * pcm: ioplug: Transfer all available data
  * control_hw: Fix issue when applying seccomp policy
  * seq: Fix signedness in MIDI encoder/decoder
- Remove obsoleted patches:
- Backport UCM fix and new profiles from upstream (bsc#1091678):
- Avoid the use of license tag for old distros for fixing build
- Updated to alsa-lib 1.1.6:
  * Change FSF address (Franklin Street)
  * pcm: route: Fix use_getput flag computation for 3 byte formats
  * test: correct emulation for channel-map TLV
  * Change snd_dlopen() function to return the error string
  * configure.ac: build extra mixer modules conditionally
  * configure.ac: do not enable alisp code by default
  * conf/ucm: Rearrange Makefile.am
  * conf/ucm: Add dual HD-audio codecs config for Lenovo
  * conf/ucm: Add Gigabyte mobo UCM profile with dual HD-audio codecs
  * asound.h: add SNDRV_PCM_FORMAT_{S, U}20
  * pcm: add and describe SND_PCM_FORMAT_{S, U}20
  * pcm: linear, route: handle linear formats with 20-bit sample on 4 bytes
  * pcm: plug: add SND_PCM_FORMAT_{S, U}20 to linear_preferred_formats
  * pcm: remove unused macros of COPY_LABELS/COPY_END
  * pcm: remove unused macros of GETU_LABELS/GETU_END
  * pcm: remove unused macros of NORMS_LABELS/NORMS_END
  * pcm: fix wrong comments for some cases of linear interpolation of PCM samples
  * topology: Fix to skip writing of header for compound elements
  * control: Proper reference of internal versioned functions
  * timer: Proper reference of internal versioned symbols
  * core: Proper reference of internal snd_dlopen()
  * conf/ucm: Add chtrt5645-mono-speaker-analog-mic configuration
  * pcm: Return the consistent error code for unexpected PCM states
  * pcm: Fix two bugs in snd_pcm_area_silence()
  * pcm: fix a bug to copy silent samples aligned to 64
  * pcm: another fix for the snd_pcm_area_silence() fast path
  * pcm: ioplug: Use boundary for wrap around
  * pcm: Do not access lock_enabled if thread safe API
  * pcm: ioplug: Provide hw_avail helper function for plugins
  * pcm: Provide areas_copy function which handles buffer wrap around
  * pcm: ioplug: update prepare and draining state correctly
  * topology: Fix parsing config with multiple hw_configs
  * pcm: hw: Keep control data from kernel when SND_PCM_APPEND
  * control ext: fix the default .rawmidi_next_device callback
  * modules: smixer_python - add support for python3
  * a set of fixes to reduce gcc warnings
  * pcm: Skip avail_min check during draining
  * pcm: ioplug: Implement proper drain behavior
  * conf: USB-Audio: Add second S/PDIF device on Phiree U2SX
- Remove obsoleted patches:
- Use %license file tag
- Add UCM profile for Baytrail CR with RT5460 (bsc#1083195)
- Upstream fixes:
  * Add the new ucm for Cherrytrail devices (bsc#1068546):
  * Fix for error code from PCM API functions at unexpected states:
- Recover udev 42-hd-audio-pm.rules for TW that was dropped
  mistakenly at the previous change
- Backport fix patches from upstream:
- Add missing UCM profile for chtcx2072x (bsc#1068546)
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Update to alsa-lib 1.1.5:
  * snd_user_file: avoid use wordexp
  * cleanup: fix poll.h includes
  * ctl: deprecate APIs of dimensional information
  * ctl: ext: error at undefined read_event() callback
  * pcm: softvol: add support for S24_LE
  * cleanup: Use uint*_t instead of u_int*_t everythwere
  * cleanup: fix poll.h includes
  * pcm: hw: Call USER_PVERSION ioctl at open
  * pcm: hw: proper mmap and set_appl_ptr handling
  * pcm: code cleanup and refactoring
  * pcm: obsolete 'mmap_emulation' parameter of snd_pcm_hw_open_fd()
  * pcm: dmix: Fix the inconsistent PCM state
  * pcm: dshare: Call snd_pcm_dshare_state() directly
  * pcm: dmix: Workaround for binary incompatibility
  * conf: Check the availability of PTHREAD_MUTEX_RECURSIVE
  * build: Define __USE_UNIX98 for old glibc
  * rawmidi: symbols: use rawmidi_virt only when available
  * seq: fix snd_seq_set_queue_tempo() usage example in the documentation
  * topology: a few fixes
  * conf/ucm: rt565 support
  * conf: HdmiLpeAudio: add support for 3 devices
  * conf: HdmiLpeAudio: remove the "/front"/ pcm definition
  * conf/ucm: DB410c-HiFi: add CIC selection
  * conf: USB-Audio: allow custom definitions for "/default"/ devices
  * conf: USB-Audio: fix dsnoop args for Audiophile USB card
- Update to alsa-lib it's a bug-fix release, including
  all previous patches:
  * pcm: dmix: Fix the inconsistent PCM state
  * pcm: dshare: Call snd_pcm_dshare_state() directly
  * pcm: dmix: Workaround for binary incompatibility
  * test: add a test for list operation to user-defined element sets
  * conf: Check the availability of PTHREAD_MUTEX_RECURSIVE
  * build: Define __USE_UNIX98 for old glibc
- Obsoleted patches:
- Update to alsa-lib 1.1.4: including most of previous fixes,
  in addition to topology API updates
- Upstream fix for building with old glibc:
- Obsoleted patches:
- Remove direct_memory_access flag from dmix definition again for
  fixing a regression used with old alsa-lib binary (boo#1037021):
- Disable dmix var_periodsize as default (boo#1033179)
- Workaround for binary incompatibility of dmix shm (boo#1033080):
- Backport upstream fix patches, including the deadlock fix for
  aplay/arecord (boo#1031525):
- Drop alsa-lib-doxygen-avoid-crash-for-11.3.diff as it was applied
  only in case of 11.3 and never else
- Use Requires(phase) instead of prereq string
- Use official %udevrulesdir macro instead of handbrew udevdir
- Version provides/obsoletes in devel pkg to avoid warning
- Remove hack that allowed build on SLE10
- Don't require insserv if we don't need it.
- Really bump the version number to 1.1.3 (sorry, forgot to change
  in Version tag).
- Update to alsa-lib 1.1.3 release;
  just including all previous fixes
- Drop obsoleted patches:
- Backport upstream fixes (bsc#1012594):
  - A few PCM bugs have been fixed:
  * Stall of dmix and others in a wrong PCM state
  * Refactoring of PCM locking scheme
  * SHM initialization race fix
  * plug PCM memory leaks
  * Improvement of dshare/dmix delay calculation
  * Fix endless dshare draining
  * Fix semaphore discard race fix of direct plugins
  - UCM fixes and updates for DB410c and skylake-r5286
  - Mixer code cleanup not to install bogus plugin codes
  - Documentation fixes / updates
- smixer module files got removed from the file list as well
- Update to alsa-lib v1.1.2:
  * topology API updates
  * support of stacked async handlers
  * new UCM configs: rockchip-i2s, skylake-i2s, chtrt5645,
  * add cset-tlv ucm support
  * fix conversion of TLVs min_db and max_dB value in softvol
  * fix appl pointer in the error path of PCM plugin
  * PCM code cleanup
  * fix suspend/resume of PCM dmix, dsnoop and dshare plugins
  * fix doubly enumerated items via namehint
  * make PCM codes thread-safe
  * API documentation enhancements
  * element-set ctl API
  * Optimization by replacing alloca() usages
- Drop obsoleted patches:
- Backport upstream fixes: fixing PCM dmix & co suspend/resume,
  namehint parser fixes, stackable async handler:
- Backport various upstream fixes for PCM (bnc#979702):
- Update to alsa-lib 1.1.1:
  * including previous fixes
  * a few more fixes/cleanup of control API
  * BSD compatibility changes
  * sync with 4.6 kernel ABI
  * provide API for sequencer sound card number / pid
  * fix races at dmix/dsnoop plugin
  * a few topology API updates
- Drop the obsoleted patches:
- Backports from upstream: minor PCM fixes, topology API updates,
  and a few build cleanup:
- Update to alsa-lib 1.1.0:
  including all previous fixes, with more updates for topology API,
  a fix for dmix/dsnoop slave PCM xrun, some build fixes /
- Fix the build with old gcc on SLE11:
- Dropped patches:
- Backport upsteram fixes: more topology API updates/fixes, misc
  documentation fixes, some logical error fixes in PCM plugins,
  LADSPA plugin segfault fix:
- Backport upstream fixes: surround41/50 chmap fix, UCM documents,
  config string fix, PCM timestamp query API, replacement of list.h
  with LGPL:
- Backport topology API addition patches:
- Enable autoreconf call to regenerate after patching
- Change libudev-devel BuildRequires to pkgconfig(udev): makes us
  less prone to packaging changes, and in the end udev.pc is
  exactly what we need to define _udevdir.
- Backport upstream fixes: fix bogus assert() in hw_params, a few
  PCM dmix/dshare/dsnoop fixes, enhacement of amixer, etc:
- Backport upstream fixes: UCM updates, Broadwell UCM support,
  namehint fixes, fix faulty assert in PCM plugins, etc:
- Updated to alsa-lib 1.0.29:
  Just a version bump including previous fixes
- Drop the obsoleted patches:
- Backport upstream fixes: new OXFW hwdep definition, chmap print
  overflow fix, improvement of UCM parser, GoogleNyan UCM config,
  removal of gethostbyname() usages:
- Suppress timestamps in the generated documents for make the
  package comparison easier:
- Backport upstream fixes:
  A couple of USB-audio config addition/fix, dmix PCM stop fix,
  a memory leak fix, DSD format endianess fix, PCM timestamp fixes, etc.
- fix bashism in alsa-init.sh scripts
- Backport upstream fixes / enhancements: mostly small fixes
  spotted by coccinelle and oethers, the fixes for proper rewind
  support, a new DSD format support, hwdep definitions sync, and
  addition of PAZ00 UCM configs.
- Backport upstream fixes:
  more Baytrail/Cherrytrail profiles, TRX40 / ALC1220-VLC profiles:
- Run fdupes to reduce the duplicated files
- Backport upstream fixes: HD-audio dual codec fixes and the builtin
  mic fix for rt5645-based devices:
- Backport upstream fixes: AMD MCP mute issue, chtnau8824 fixes,
  rt715 fix, and soundwire initialization fix:
- Backport upstream fixes for HD-audio and soundwire HDMI:
- Revert the workaround for the missing HD-audio init
- Update to alsa-ucm-conf 1.2.4:
  Major version up, most of changes have been already applied via
  backport patches.  See details in
- Drop obsoleted patches:
- Disable HDA-Intel UCM conf due to a regression on openQA (the
  muted state as default)
- Update from alsa-ucm-conf git (commit 3048ff7b15a9):
  mainly for adding the support for sof-soundwire (bsc#1176200):
- Update to alsa-ucm-conf 1.2.3:
  including previous fixes, see the detailed changes at:
- Dropped obsoleted patches:
- More catch up of upstream fixes: mostly cosmetic style fixes:
- Add UCM profile for Chromebook Asus C300 (bsc#1171492):
- Backport upstream fixes:
  HDA SOF DSP support, Intel Atom profiles, etc
- Update to alsa-ucm-conf 1.2.2:
  including previous fixes
- Backport recent upstream fixes: SOF, BDW-rt5677 and jack fixes;
- Drop obsoleted patches:
- Backport upstream fixes: cleanup and correctsion for ucm2:
- Backport upstream fixes:
  fixes / corrections for sof-hda-dsp, es8316, chtrt5645 and
- Update to alsa-ucm-conf
  More UCM2 adaptions, SOF fixes / improvements, details found at
- New package, split from alsa-lib since v1.2.1
- Fix superfluous asound.state migration (bsc#1183672)
- Fix alsactl restore behavior during locking (boo#1179904):
- Remove unnecessary condition for alsa-restore.service
- Fix dependency in sound-extra.service
- Update to alsa-utils 1.2.3:
  alsactl extension for disabling UCM, alsa-info.sh enhancements,
  various fixes and documentation updates.
  See details in
- Use /run/lock for alsactl lock directory (bsc#1177826)
- Migrate the old asound.state file if the new path isn't present
  yet (bsc#1177826)
- Conditionally add buildreq alsa-topology-devel to fix build
- Fix the directory to save asound.state again to /var/lib/alsa,
  which was mistakenly changed to /etc
- Update to alsa-utils 1.2.3:
  including previous fixes, see the detailed changes at:
- Dropped obsoleted patches:
- Backport upstream fixes: some improvements in alsa-info.sh:
- Backport upstream fixes for alsactl:
- Update to alsa-utils 1.2.2; including previous fixes
- Backport upstream fix: alsaloop improvement;
- Drop obsoleted patches:
- Backport upstream fixes:
  alsatplg fixes, misc cleanups:
- Fix build on SLE12-* target
- Backport upstream patches:
  A few portability fixes, alsaucm fixes and extensions, alsatplg
  minor fixes, alsa-info.sh extensions:
- Remove empty man8 dirs (used for removed alsaconf.8)
- Drop obsolete TODO and Changelog files, also irrelevant INSTALL.
- Provide alsaucm and alsatplg man pages by formatting via rst2man;
  a new dependency on python3-docutils is added
- Replace incorrect usage of %_libexecdir with %_prefix/lib
- Update to alsa-utils 1.2.1:
  * axfer: handle -ETIMEDOUT before non-block I/O operation
  * axfer: code refactoring for a helper function to wait for avail buffer space
  * axfer: handle -ETIMEDOUT before handle mmap I/O operation
  * axfer: return ETIMEDOUT when no event occurs after waiter expiration
  * axfer: fix to return error code when a call of select(2) fails
  * axfer: return the number of file descriptors for I/O events from select(2) waiter
  * axfer: test: fix invalid comparison of 64 bit storage in ILP32 data type
  * axfer: mapper: fix parameter check for demuxer
  * axfer: remove unused variable warnings
  * alsamixer: Remove exp10 usage
  * alsaucm, topology: LDADD cleanups and add support for libatopology
  * alsaucm: fix the implicit card open
  * alsaucm, topology: LDADD cleanups and add support for libatopology
  * alsaucm: do the implicit ucm open only when the command requires it
  * alsaucm: call snd_config_update_free_global() to make valgrind more happy
  * amixer: do not double LF for container type
  * aplay: fix memory leak when setup_chmap() fail
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
  shortcut the build queues by allowing usage of systemd-mini
- Add systemd service to load OSS and sequencer modules
- Update to alsa-utils 1.1.9:
  alasctl, axfer, alsaloop, alsamixer and amixer fixes, see
  for details
- Remove the ugly conditionals to build for (too) old distros
- Drop alsaconf script that rather brings the inconsistent setup
  on modern systems
- Move alsabat-test.sh into alsabat package, too
- Run spec-cleaner
- Update to alsa-utils 1.1.8:
  * Core:
    Makefile.am: add README.md to EXTRA_DIST
    axfer: add support for libffado transmission backend
    axfer: add unit test for container interface
    axfer: add an entry point for this command
    initial version of .travis.yml
    rename and update README.md
  * Audio Transfer utility:
    axfer: add an explanation about advantages/issues of Timer-based scheduling model
    axfer: add an explanation about Timer-based scheduling model
    axfer: add an explanation about IRQ-based scheduling model
    axfer: add text for compatibility loss of sw parameter in libasound backend
    axfer: fulfill manual section for libasound backend
    axfer: print help for libasound backend
    axfer: fulfill manual section for libffado backend
    axfer: print help for libffado backend
    axfer: correct description about signal handling
    axfer: fix typo in axfer(1) manual
    axfer: fix no return statement in print_help() function
    axfer: enable each backend to print own help
    axfer: print help text of transfer subcommand just for common options
    axfer: print help text of list subcommand
    axfer: print help text of command entry
    axfer: add a section about design of transfer subcommand
    axfer: add a section to describe compatibility to aplay(1)
    axfer: add a manual for transfer subcommand
    axfer: add a manual for list subcommand
    axfer: add a manual for entry point
    axfer: check whether a terminal is referred for stdio
    axfer: truncate parsed arguments before operating subcommand
    axfer: use transfer subcommand as a default for compatibility mode to aplay(1)
    axfer: use second argument in command line for transmission direction
    axfer: apply refactoring in list subcommand for new command system
    axfer: apply refactoring to list subcommand for backward compatibility to aplay(1)
    axfer: add support for libffado transmission backend
    axfer: obsolete some unimplemented options
    axfer: add support for timer-based scheduling model with MMAP operation
    axfer: add an implementation of waiter for epoll(7)
    axfer: add an implementation of waiter for select(2)
    axfer: add an implementation of waiter for poll(2)
    axfer: add an option for waiter type
    axfer: add a common interface of waiter for I/O event notification
    axfer: add options for plugins in alsa-lib
    axfer: add options for software parameters of PCM substream
    axfer: add options for buffer arrangement
    axfer: add an option to suppress event waiting
    axfer: add support for MMAP PCM operation
    axfer: add support for non-blocking operation
    axfer: add an option to finish transmission at XRUN
    axfer: add options related to duration and obsolete '--max-file-size' option
    axfer: add an option to dump available hardware parameters
    axfer: add informative output and an option to suppress it
    axfer: add a sub-command to transfer data frames
    axfer: add support for blocking data transmission operation of alsa-lib PCM API
    axfer: add support to transfer data frames by alsa-lib PCM APIs
    axfer: add a parser for command-line options
    axfer: add a common interface to transfer data frames
    axfer: add a unit test for mapper interface
    axfer: add support for a mapper for multiple target
    axfer: add support for a mapper for single target
    axfer: add a common interface to align data frames on different layout
    axfer: add unit test for container interface
    axfer: add support for a container of raw data
    axfer: add support for a container of Creative Tech. voice format
    axfer: add support for a container of Sparc AU format
    axfer: add support for a container of Microsoft/IBM RIFF/Wave format
    axfer: add a common interface to handle a file with audio-specific data format
    axfer: add a sub-command to print list of PCMs/devices
    axfer: add an entry point for this command
  * alsaloop:
    alsaloop: more avail_min cleanups
  * alsatplg (topology):
    topology/topology.c: drop unneeded <dlfcn.h> include
  * aplay/arecord:
    aplay: improve available conditions for '--samples' and '--duration' options
    aplay: add a paragraph for '--samples' ('-s') option to aplay manual
    aplay: delete paragraph for obsoleted '--sleep-min' ('-s') option from aplay manual
- remove "/Obsoletes: bat <= 0.1.0"/ - it triggers uninstall of the unrelated
  "/bat"/ (cat clone) package
- Updated to alsa-utils 1.1.7:
  * aplay: Fix invalid file size check for non-regular files
  * speaker-test: Support S24_3LE sample format
  * speaker-test: Allow sampling rates up to 768000
  * alsabat: Allow custom sample format for round trip latency test
  * alsaucm: add alsa-ucm udev rules for PAZ00 (Toshiba AC100/Dynabook AZ)
  * alsatplg: add man file
  * alsactl: improved disconnection handling
  * compile warning fixes
  * aplay: add missing block brackets
- Prepare a patch to allow build with old automake for old distros
  (not applied yet, though):
- Avoid %license tag for old distros to fix builds
- Updated to alsa-utils 1.1.6:
  * Change FSF address (Franklin Street)
  * aplay: Adjust sample rate limits to support newer hardware
  * alsactl: Only start restore service when asoundrc file exists
  * alsaloop: fix a typo in the comparison
  * speaker-test: Refactor the tone-generator codes
  * aplay: Fix wav file not being split on 32 bit platforms
  * bat: alsa.c - move the thread cleanup pop before goto exit3
- Remove obsoleted patches:
- Use %license file tag
- Get rid of superfluous patch for ancient distros:
- Remove superfluous file override, which is already included in
  the 1.1.5 tarball:
- Backport upstream fixes:
- Cleanup specfile to rip off the too old kludges
- Update to alsa-utils 1.1.5:
  * alsactl: Move systemd unit start-up from basic.target to
  * alsatplg: fix topology compiler long option parsing
  * topology: delete output file if parsing fails.
  * aplay: Fix playback for small raw files
  * aplay: Refactor playback code
  * aplay: Add samples argument for playing/recording a given
    number of samples
  * aplay: interrupt streaming via signal in voc_pcm_write
  * aplay: Fix --max-file-time option 32 bits overflow
  * alsabat: fix one uninitialized warning issue
- Fix filelist for the 1.1.5 update
- drop unused requirement for python-docutils
- Update to alsa-utils 1.1.4:
  * alsactl: Remove standard output definition in systemd unit
  * alsa-info: provide more DMI information
  * alsa-info: add ACPI device status
  * amidi: optarg might be NULL, fix 't' argument parsing
  * aplay: Introduce and use xwrite helper
- Really bump the version number to 1.1.3 (sorry, forgot to change
  in Version tag).
- Update to alsa-utils 1.1.3:
  * a couple of amidi fixes
  * a few alsabat extensions
  * alsaloop cpu hog fix,
  * a fix for suspend/resume with aplay
  * fix chmap selection in speaker-test WAV mode
  * alsaucm man pages,
  * fix potential NULL dereferences in alsactl daemon mode
- Add python-docutils to build dependency (for rst2man)
- Fix missing alsaucm man page file in the 1.1.3 tarball
- Update to alsa-utils 1.1.2:
  * aplay: fix lurking capture file overwrite bug
  * alsabat: a few bug fixes, add noise detection, etc
- Update to alsa-utils 1.1.1:
  including previous fixes, more enhancements / fixes of alsabat,
  fix in aplay for parsing parameter values
- Delete obsoleted patches:
- Backport upstream fixes: add alsa-info manpage, fix TLV output of
  amixer for ASoC ext ctls, and rename from bat to alsabat
- Rename subpackage from bat to alsabat due to the name conflicts
  with other projects
- Update to alsa-utils 1.1.0:
  including all previous fixes, update of topology tool, addition
  of BAT (Basic Audio Tool)
- Split bat subpackage containing BAT
- Fix build of bat with old gcc & glibc on SLE11
- Dropped patches:
- Backport upstream fixes: particularly fixing the inconsistent
  mixer state after service reload (bnc#929619):
- Suppress alsactl invocation on systems without sound cards
- Upstream patch to add -S option to speaker-test
- Upstream patch to add alsatplg parser program
- Reenable autoreconf call to regenerate after patching
- Change libudev-devel BuildRequires to pkgconfig(udev): makes us
  less prone to packaging changes, and in the end udev.pc is
  exactly what we need to define _udevdir.
- Backport upstream fixes for aplay signal handling and alsactl
  possible buffer overflow of readlink():
- Backport upstream fixes, including the fix for alsa-info
- Update to alsa-utils 1.0.29:
  just a version bump including previous fixes
- Drop obsoleted patches:
- Backport upstream fixes: fix missing unlock for the error path
  in alsactl, more alsactl init entries, alsaucm build fix
- Backport upstream fixes: rubustify dB value handling in amixer
- Backport upstream fixes: a few speaker-test fixes, minor alsactl
  fixes and a revert of a wrong fix for aplay.
- update to AppArmor 2.13.6
  - fix utils hotkey conflicts in some languages
  - aa-autodep: load abstractions on start (boo#1178527)
  - add usr.lib.dovecot.script-login profile
  - minor additions in abstractions/X and the dovecot profile
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.6
    for the detailed upstream changelog
- drop upstreamed patch libapparmor-so-number.diff
- update to AppArmor 2.13.5
  - add missing permissions to several profiles and abstractions
  - bugfixes in parser and tools
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5
    for the detailed upstream changelog
- remove upstream(ed) patches
  - changes-since-2.13.4.diff
  - abstractions-X-xauth-mr582.diff
  - sevdb-caps-mr589.diff
  - libvirt-leaseshelper.patch
  - cap_checkpoint_restore.diff
- add libapparmor-so-number.diff to fix libapparmor so version (!658)
- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
- %service_del_postun_without_restart only works for Tumbleweed,
  keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
- Make use of %service_del_postun_without_restart
  And stop using DISABLE_RESTART_ON_UPDATE as this interface is
- libvirt-leaseshelper.patch: add /usr/libexec as a path to the
  libvirt leaseshelper script (jsc#SLE-14253)
- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON
  to severity.db (lp#1890547)
- add abstractions-X-xauth-mr582.diff to allow reading the xauth file
  from its new sddm location (boo#1174290, boo#1174293)
- add changes-since-2.13.4.diff with upstream changes and fixes
  since 2.13.4 up to 5f61bd4c:
  - add several abstractions related to xdg-open:
    dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
    kde-open5, xdg-open
  - introduce @{run} variable
  - update dnsmasq and winbindd profile
  - update mdns, mesa and nameservice abstraction
  - some bugfixes in the aa-* tools, including a remote bugfix in the
    YaST AppArmor module (boo#1171315)
- drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
  - make-4.3-capabilities.diff
  - make-4.3-capabilities-vim.diff
  - make-4.3-fix-utils-network-test.diff
  - make-4.3-network.diff
  - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- apply usr-etc-abstractions-base-nameservice.diff only for
  Tumbleweed, but not for Leap 15.x where it's not needed
- refresh usr-etc-abstractions-base-nameservice.diff
- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- fix build with make 4.3 by backporting some commits from upstream
  master (boo#1167953):
  - make-4.3-capabilities.diff
  - make-4.3-capabilities-vim.diff
  - make-4.3-network.diff
  - make-4.3-fix-utils-network-test.diff
- update to AppArmor 2.13.4
  - several abstraction updates (including boo#1153162)
  - disallow writing to fontconfig cache in abstractions/fonts
  - some bugfixes in the aa-* tools
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
    for the detailed upstream changelog
- drop upstreamed patches:
  - abstractions-ssl-certbot-paths.diff
  - apparmor-krb5-conf-d.diff
  - libapparmor-python3.8.diff
  - usr-etc-abstractions-authentification.diff
- refresh usr-etc-abstractions-base-nameservice.diff
- add usr-etc-abstractions-base-nameservice.diff to adjust
  abstractions/base and nameservice for /usr/etc/ (boo#1161756)
- Properly pull in full python3 interpreter
- add libapparmor-python3.8.diff to fix building the libapparmor python
  bindings (deb#943657)
- add usr-etc-abstractions-authentification.diff to allow reading
  /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)
- add abstractions-ssl-certbot-paths.diff - add certbot paths to
  abstractions/ssl_certs and abstractions/ssl_keys
- add apparmor-krb5-conf-d.diff for kerberos client
- update to 2.13.3
  - profile updates for dnsmasq, dovecot, identd, syslog-ng
  - new "/lsb_release"/ profile (only used when using "/Px -> lsb_release"/)
  - fix buggy syntax in tunables/share
  - several abstraction updates
  - parser: fix "/Px -> foo-bar"/ (the "/-"/ was rejected before)
  - several bugfixes in aa-genprof and aa-logprof
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3
    for the detailed upstream changelog
- drop upstream(ed) patches:
  - apparmor-nameservice-resolv-conf-link.patch
  - profile_filename_cornercase.diff
  - dnsmasq-libvirtd.diff
  - dnsmasq-revert-alternation.diff
  - usrmerge-fixes.diff
  - libapparmor-swig-4.diff
- re-number remaining patches
- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
  4.0 (boo#1135751)
- Disable LTO (boo#1133091).
- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
  update-alternatives (boo#1127877)
- add dnsmasq-revert-alternation.diff: revert path alternation in
  dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
  breaking libvirtd (boo#1127073)
- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
  to match the newly added libvirtd profile name (boo#1118952#c3)
- Use %license instead of %doc [bsc#1082318]
- add apparmor-lessopen-nfs-workaround.diff: allow network access in
  lessopen.sh for reading files on NFS (workaround for boo#1119937 /
- add profile_filename_cornercase.diff: drop check that lets aa-logprof
  error out in a corner-case (log event for a non-existing profile while
  a profile file with the default filename for that non-existing profile
  exists) (boo#1120472)
- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
  boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
- update to AppArmor 2.13.2
  - add profile names to most profiles
  - update dnsmasq profile (pid file and logfile path) (boo#1111342)
  - add vulkan abstraction
  - add letsencrypt certificate path to abstractions/ssl_*
  - ignore *.orig and *.rej files when loading profiles
  - fix aa-complain etc. to handle named profiles
  - several bugfixes and small profile improvements
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
    for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
- update to 2.13.1
  - add qt5 and qt5-compose-cache-write abstractions
  - add @{uid} and @{uids} kernel var placeholders
  - several profile and abstraction updates
  - ignore "/abi"/ rules in parser and tools (instead of erroring out)
  - utils: fix overwriting of child profile flags if they differ from
    the main profile
  - several bugfixes (including boo#1100779)
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
    for the detailed upstream changelog
- remove upstream(ed) patches:
  - aa-teardown-path.diff
  - fix-apparmor-systemd-perms.diff
  - logprof-skip-cache-d.diff
  - fix-samba-profiles.patch
  - make-pyflakes-happy.diff
  - dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch
- update rpmlintrc:
  - whitelist .features file which is part of the pre-compiled cache
  - comment out filters for the disabled tomcat_apparmor subpackage
- Backport dnsmasq fix:
  025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch
- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
- add fix-samba-profiles.patch - smbd loads new shared libraries.
  Allow winbindd to access new kerberos credential cache location
- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
- add fix-apparmor-systemd-perms.diff - fix permissions of
  /lib/apparmor/apparmor.systemd (boo#1090545)
- create and package precompiled cache (/usr/share/apparmor/cache,
  read-only) (boo#1069906, boo#1074429)
- change (writeable) cache directory to /var/cache/apparmor/ - with the
  new btrfs layout, the only reason for using /var/lib/apparmor/cache/
  (which was "/it's part of the / subvolume"/) is gone, and /var/cache
  makes more sense for the cache
- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
  cache locations
- clear cache also in %post of abstractions package
- update to AppArmor 2.13
  - add support for multiple cache directories and cache overlays
    (boo#1069906, boo#1074429)
  - add support for conditional includes in policy
  - remove group restrictions from aa-notify (boo#1058787)
  - aa-complain etc.: set flags for profiles represented by a glob
  - aa-status: split profile from exec name
  - several profile and abstraction updates
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
    for the detailed upstream changelog
- drop upstreamed patches and files:
  - aa-teardown
  - apparmor.service
  - apparmor.systemd
  - 32-bit-no-uid.diff
  - disable-cache-on-ro-fs.diff
  - dovecot-stats.diff
  - parser-write-cache-warn-only.diff
  - set-flags-for-profiles-represented-by-glob.patch
  - fix-regression-in-set-flags.patch
- drop spec code that handled installing aa-teardown, apparmor.service
  and apparmor.systemd (now part of upstream Makefile)
- simplify "/make -C profiles parser-check"/ call (upstream Makefile bug
  that required to call "/cd"/ was fixed)
- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
- move 'exec' symlink to parser package (belongs to aa-exec)
- Set flags for profiles represented by glob (bsc#1086154)
- add dovecot-stats.diff:
  - add dovecot/stats profile and allow dovecot to run it (boo#1088161)
  - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)
- update 32-bit-no-uid.diff with upstream fix
- Change of path of rpm in lessopen.sh (boo#1082956)
- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is
  read-only and don't bail out (bsc#1069906, bsc#1074429)
- add parser-write-cache-warn-only.diff to make cache write failures a
  warning instead of an error (boo#1069906, boo#1074429)
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "/Suggests"/
  to avoid pulling in several Gnome packages on servers (boo#1067477)
- update to AppArmor 2.12
  - add support for 'owner' rules in aa-logprof and aa-genprof
  - add support for includes with absolute path in aa-logprof etc. (lp#1733700)
  - update aa-decode to also decode PROCTITLE (lp#1736841)
  - several profile and abstraction updates, including boo#1069470
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12
    for the detailed upstream changelog
- drop upstreamed patches:
  - read_inactive_profile-exactly-once.patch
  - utils-fix-sorted-save_profiles-regression.diff
- lessopen profile: change all 'rix' rules to 'mrix'
- add 32-bit-no-uid.diff to fix handling of log events without ouid on
  32 bit systems
- update to AppArmor 2.11.95 aka 2.12 beta1
  - add JSON interface to aa-logprof and aa-genprof (used by YaST)
  - drop old YaST interface code
  - update audio, base and nameservice abstractions
  - allow @{pid} to match 7-digit pids
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95
    for the detailed upstream changelog
- drop upstreamed patches
  - apparmor-yast-cleanup.patch
  - apparmor-json-support.patch
  - nameservice-libtirpc.diff
- drop obsolete perl modules (YaST no longer needs them)
- drop patches that were only needed by the obsolete perl modules:
  - apparmor-utils-string-split
  - apparmor-abstractions-no-multiline.diff
- drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
- refresh utils-fix-sorted-save_profiles-regression.diff
- add aa-teardown (new script to unload all profiles)
- make ExecStop in apparmor.service a no-op (workaround for a systemd
  restriction, see boo#996520 and boo#853019 for details)
- lessopen profile: allow capability dac_read_search and dac_override,
  allow groff to execute several helpers (boo#1065388)
- read_inactive_profile-exactly-once.patch (bsc#1069346)
  Perform reading of inactive profiles exactly once.
- update to AppArmor 2.11.1
  - add permissions to several profiles and abstractions (including
    lp#1650827 and boo#1057900)
  - several fixes in the aa-* tools (including lp#1689667, lp#1628286,
    lp#1661766 and boo#1062667)
  - fix downgrading/converting of 'unix' rules (will be supported in
    kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
    upstream changelog
- remove upstream(ed) patches
  - upstream-changes-r3616..3628.diff
  - upstream-changes-r3629..3648.diff
  - parser-tests-dbus-duplicated-conditionals.diff
  - apparmor-fix-podsyntax.patch
  - sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
  in displaying the "/changed profiles"/ list in aa-logprof
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
- profiles-sockets-temporary-fix.patch to cater to nameservices with the
  new sockets mediation, until unix rules are upstreamed (boo#1061195)
- add apparmor-fix-podsyntax.patch from mailing list to fix
  compilation with perl 5.26
- do not require exact X.Y version of "/python3"/
- require also matching python(abi) which is arguably more important
- don't rely on implementation details for reload in %post
- add JSON support. Required for FATE#323380.
  (apparmor-yast-cleanup.patch, apparmor-json-support.patch)
- add upstream-changes-r3629..3648.diff:
  - preserve unknown profiles when reloading apparmor.service
    (CVE-2017-6507, lp#1668892, boo#1029696)
  - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
  - update nvidia abstraction for newer nvidia drivers
  - don't enforce ordering of dbus rule attributes in utils (lp#1628286)
  - add --parser, --base and --Include option to aa-easyprof to allow
    non-standard paths (useful for tests) (lp#1521031)
  - move initialization code in apparmor.aa to init_aa(). This allows to
    run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
    don't exist.
  - several improvements in the utils tests
- drop upstreamed python3-drop-re-locale.patch
- no longer delete/skip some of the utils tests (to allow this, add
- add var.mount dependeny to apparmor.service (boo#1016259#c34)
- Cleanup spec file:
  - don't use insserv if we afterwards call systemd, this can
    have bad side effects
  - remove dead code
  - remove now obsolete 'distro' checks
- Replace init.d script with new wrapper working with systemd
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE
  flag in Python UI as it was dropped from Python 3.6 (lp#1661766)
- add upstream-changes-r3616..3628.diff:
  - update abstractions/base, abstractions/apache2-common and dovecot profiles
  - merge ask_the_questions() of aa-logprof and aa-mergeprof
  - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)
- split libapparmor into separate spec to get rid of build loop
  involving mariadb, systemd, apparmor, libapr and mariadb again
  (see the discussion in SR 448871 for details)
- update to AppArmor 2.11.0
  - apparmor_parser now supports parallel compiles and loads
  - add full support for dbus, ptrace and signal rules and events to the
  - full rewrite of the file rule handling in the utils
  - lots of improvements and fixes
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the
    detailed changelog
- patches:
  - add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
  - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
  - refresh apparmor-abstractions-no-multiline.diff
  - refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
  - aa-unconfined switched to using ss (from iproute2), adjust Recommends:
  - move libapparmor to /usr/lib*/
  - drop %if %suse_version checks for 12.x
  - change several Obsoletes from %version to < 2.9. Those package names
    weren't used since years, and 2.9 is still a careful choice
  - include apparmor.service independent of %suse_version
  - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
  - drop latex2html, texlive-* and w3m BuildRequires
  - techdoc.txt and techdoc.html not included, drop them from the package
  - run most of utils/ make check (some tests expect /etc/apparmor.d/ and
    /sbin/apparmor_parser to exist, skip them)
  - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
  - drop sed'ing python3 into aa-* shebang (upstreamed)
  - build binutils
  - aa-exec is now written in C and lives in /usr/bin/, move it to the
    apparmor_parser package and create a compability symlink in /usr/sbin/
  - aa-exec manpage moved to section 1
  - aa-enabled is a small new tool to find out if AppArmor is enabled
  - package new aa_stack_profile(2) manpage
- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
  This is part of the root partition (at least with default partitioning)
  and should be available earlier than /var/cache/apparmor/
  (boo#1015249, boo#980081, bsc#1016259)
- add dependency on var-lib.mount to apparmor.service as safety net
- update to AppArmor 2.10.2 maintenance release
  - lots of bugfixes and profile updates (including boo#1000201,
    boo#1009964, boo#1014463)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
  in aa-unconfined
- drop upstream(ed) patches:
  - changes-since-2.10.1--r3326..3346.diff
  - changes-since-2.10.1--r3347..3353.diff
  - libapparmor-fix-import-path.diff (upstream fix is slightly different)
  - nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
  abstractions/nameservice (path changed in latest nscd in Tumbleweed)
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and
  fixes in the 2.10 branch, including
  - allow writing *.qf files (for disk-based buffering) in syslog-ng profile
  - add several permissions to the dovecot profiles (deb#835826)
  - add a missing path in the traceroute profile
- add changes-since-2.10.1--r3326..3346.diff with upstream changes and
  fixes since the 2.10.1 release, including
  - allow dac_override in winbindd profile (boo#990006#c5)
  - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
    Samba 4.4.x, boo#990006)
  - abstractions/nameservice: also support ConnMan-managed resolv.conf
  - let aa-genprof ask about profiles in extra dir (again)
  - fix aa-logprof "/add hat"/ endless loop (lp#1538306)
  - honor 'chown' file events in logparser.py
  - ignore log file events with a request mask of 'send' or 'receive'
    because they are actually network events (lp#1577051, lp#1582374)
  - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
- fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
- refresh apparmor-abstractions-no-multiline.diff
- drop upstreamed profiles-ping-inet6-r3449.diff
- add %check section - runs libapparmor (including swig bindings),
  parser and profiles tests
- add BuildRequires: perl(Locale::gettext) - needed for parser tests
- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
- update to AppArmor 2.10.1 (2.10 branch r3326):
  - fix incorrect output of child profile names (apparmor_parser -N) which
    caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
  - fix a crash in aa-logprof / logparser.py for change_hat log events
    (lp#1523297) and log events that look like file events, but aren't
    (lp#1540562, lp#1525119, lp#1466812)
  - write unix rules when saving a profile (lp#1522938, boo#954104#c3)
  - several fixes for variable handling in aa-logprof
  - map c (create) log events to w instead of a
  - add python to the "/no Px rule"/ list in logprof.conf
  - let aa-logprof check for duplicate profiles
  - let aa-status work without the apparmor.fail python module (boo#971917,
  - add permissions in several profiles (including boo#948584, boo#948753,
    boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
  - and many more fixes, see the full changelog at
- drop upstream(ed) patches:
  - fix-initscript-aa_log_end_msg.diff
  - syslog-ng-profile-boo948584.diff
  - upstream-profile-updates-r3205-3241.diff
- refresh patches:
  - apparmor-abstractions-no-multiline.diff
  - apparmor-samba-include-permissions-for-shares.diff
- drop libapparmor autogen.sh call (broke the build) and remove libtool BR
- add syslog-ng-profile-boo948584.diff - add several permissions needed
  by latest syslog-ng (boo#948584, boo#948753)
- add upstream-profile-updates-r3205-3241.diff with several profile updates:
  - add /usr/share/locale-bundle/** to abstractions/base
  - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
  - allow dovecot imap to read /run/dovecot/mounts
  - allow avahi-daemon to write to /run/systemd/notify
  - allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
  - update dhclient profile
  - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
  - and some other small updates
- drop upstreamed apparmor-winbindd-r3213.diff (included in the
  upstream-profile-updates patch)
- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
- add apparmor-winbindd-r3213.diff - add missing k permissions for
  /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)
- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
  output (boo#862170)
- update to AppArmor 2.10 (trunk r3205)
  - profile names can now contain variables
  - improved profile compile time in apparmor_parser
  - lots of improvements, refactoring and bugfixes in the aa-* tools
  - new apis for managing and loading profile caches into the kernel in
  - lots of profile updates
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the
    complete changelog with more details
- add new apparmor_private.h and the aa_query_label(2), aa_features(3),
  aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
  to libapparmor-devel
- drop apparmor-2.5.1-edirectory-profile patch - it's most probably
  no longer needed (see boo#621394 for details)
- drop upstreamed samba-4.2-profiles.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
- systemd-rpm-macros and %systemd_requires were at the wrong place,
  move them to the parser package (boo#931792)
- update to AppArmor 2.9.2 (2.9 branch r2911)
  - lots of bugfixes in the parser and the aa-* tools (including
  - update dovecot and dnsmasq profiles and several abstractions
    (including boo#911001)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the
    full changelog
- remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
- replace GPG key with new AppArmor GPG signing key, see
- make sure %service_del_postun doesn't call systemctl try-restart
  (boo#853019, bare systemd edition)
- add samba-4.2-profiles.diff: update samba (winbindd and nmb)
  profiles for samba 4.2 (boo#921098, boo#923201)
- only install apparmor.service for openSUSE > 13.2
- Add a native systemd unit which *at the moment* only
  wraps/masks the early boot script.
- add apparmor-fix-stl-ostream.diff which fixes odd uses of
  std::ostream which are not valid.  Fixes build with GCC 5
- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)
- add Requires: python3 to python3-apparmor package - readline isn't
  part of python3-base (boo#917577)
- add apparmor-changes-since-2.9.1.diff with upstream fixes since the
  2.9.1 release
  - update logparser.py to support changed syslog format (lp#1399027)
  - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles
  - update the mysqld profile
  - fix network rule description in apparmor.d(5) manpage
- drop upstreamed dnsmasq-profile-fixes.patch
- update expired GPG key
- update to AppArmor 2.9.1 (2.9 branch r2831)
  - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
  - several fixes and performance improvements in the aa-* utils
  - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and
    bnc#908856), useradd, sendmail, man and passwd
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1
    for full release notes
- refresh dnsmasq-profile-fixes.patch
- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
  argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
  leasehealper script to run even on x86_64.
  dnsmasq-profile-fixes.patch. boo#911001
- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the
  script filename
- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs
  confinement. bnc#906858
- delete cache in apparmor-profiles %post (workaround for
  bnc#904620#c8 / lp#1392042)
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- fix bashism in post script
- update to AppArmor 2.9.0 (r2759)
  - change aa-mergeprof to the final commandline syntax
  - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
    bugs without a formal bugreport)
  - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java
    and user-mail abstractions
  - fix mod_apparmor to not break basic auth
  - update perl modules to support signal, unix and ptrace rules (bnc#900013)
  - don't warn about rules not supported by the kernel
  - fix logging of "/audit capability"/ (lp#1378091)
  - add support for the "/hat"/ keyword in apparmor.vim
  - build html version of apparmor.vim manpage again (lp#1366572)
  - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0
- update apparmor-abstractions-no-multiline.diff
- remove upstreamed apparmor-profiles-ntpd-pid-location.diff
- add baselibs.conf as cryptsetup also has 32bit variants
- Update description.
- Update to version 0.0+git20171227.670229c:
  * Added ABI version number
  * AVX2/AVX-512F optimizations of BLAMKA
  * Set Argon2 version number from the command line
  * New bindings
  * Minor bug and warning fixes (no security issue)
- use _service file
- ship libargon2.pc (bsc#1034441)
- moved argon2-specs.pdf to doc subpackage
- added packaging of man page
- make sure to call cc with -pthread option (implies -lpthread)
- run test suite
- Initial release
- change login shell for at user from /bin/bash to /bin/false as it
  shouldn't need a valid login shell [jsc#SLE-17611] [bsc#1181576]
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Drop patch at-3.1.8-eal3-manpages.patch merged upstream differently
- Version update to at 3.1.20 to match latest upstream:
  * Pam and selinux implemented upstream
  * various tiny fixes
- Rebase patches:
  * at-3.1.13-documentation-dir.patch
  * at-3.1.13-massive_batch.patch
  * at-3.1.14-joblist.patch
  * at-3.1.14-parse-suse-sysconfig.patch
  * at-3.1.14-usePOSIXtimers.patch
  * at-3.1.14.patch
- Drop no longer needed patches:
  * at-3.1.13-formatbugs.patch
  * at-3.1.13-pam-session-as-root.patch
  * at-3.1.13-pam.patch
  * at-3.1.13-queue-nice-level.patch
  * at-3.1.14-selinux.patch
- add at-3.1.16-handle_malformed_jobs.patch to prevent creation of
  the corrupted files and their looping [bnc#945124]
- loadavg on Linux is a sum over all CPUs, so multiply LOADAVG_MX
  by the amount of CPUs when comparing to loadavg (bnc#889174)
  * added at-adjust_load_to_cpu_count.patch
- Version bump to 3.1.16 to match latest upstream:
  * Fix regression for sec-fix in bash we applied in form of patch
    till now - deleting at-3.1.15-sane-envkeys.patch
- Sync/split features to be patch specific, modifying:
  * at-3.1.13-pam.patch
  * at-3.1.14-parse-suse-sysconfig.patch
  * at-3.1.14-selinux.patch
- Cleanup with spec-cleaner
- Remove systemd conditional (we do not work on sle11 anyway)
- atd.service: run After=nss-user-lookup.target not after
- atd.service: run After=time-sync.target
- Replace at-sane-envkeys.diff by at-3.1.15-sane-envkeys.patch,
  a simpler fix from upstream [bsc#899160]
- Ad at-spi2-core-async-session-register.patch: make bus-launcher
  session registration more robust (boo#1154582).
- Update to version 2.34.0:
  + Fix a use after free when freeing an event.
  + Clean up handling of the X11 property specifying the bus
  + Update doap.
- Update to version 2.33.92:
  + Now requires meson 0.50.0.
  + License is now LGPL-2.1+.
  + Meson: only link to libdl when it is necessary.
  + Update installation instructions.
  + Clarify atspi_editable_text_insert_text documentation.
  + Do not warn on no reply from pending get_items call.
  + Eliminate some superfluous runtime warnings.
- Require meson >= 0.50.0.
- Set license to LGPL-2.1-or-later.
- Update to version 2.33.90:
  + Refactor the API for the screen reader to notify listeners
    of its status.
  + Add a sender to the AtspiEvent struct.
  + Add missing atspi_application_get_type prototype.
  + Support mutter remote desktop interface for synthesizing
    keyboard/mouse events (likely still needs work).
- Update to version 2.33.2:
  + Check WAYLAND_DISPLAY, rather than XDG_SESSION_TYPE, to avoid X
    connections. Fixes breakage if X is started with startx and
    XDG_SESSION_TYPE is unset.
  + X11: also try mod4 and mod5 to generate keysyms.
  + Check for dbus-daemon in /usr/lib (for Solaris).
- Update to version 2.32.1:
  + Fix meson build for meson 0.50.0 and newer.
- Drop at-spi2-core-meson-build-fix.patch: Fixed upstream.
- Add at-spi2-core-meson-build-fix.patch: fix build for meson
  0.50.0 (glgo#GNOME/at-spi2-core!9).
- Update to version 2.32.0:
  + Stable release version bump.
- Update to version 2.31.92:
  + Fix atspi_table_cell_get_(row_column)_headers.
  + Update documentation to indicate that extents are only
    meaningful when an object has both STATE_VISIBLE and
  + Use a consistent style for the meson options.
  + Fix a compiler warning on BSD.
  + Add ScrollSubstringTo and ScrollSubstringToPoint text
- Enable gtk-docs BuildRequires and update options passed to meson.
- Drop unneeded and unused intltool BuildRequires.
- Update to version 2.31.2:
  + Add ScrollSubstringTo and ScrollSubstringToPoint text
- Update to version 2.31.1:
  + Bus launcher: fix an issue where the error wasn't cleared on
  + Add support for locking/unlocking modifiers.
  + Update error log text for consistency.
  + Documentation clean-ups.
- Drop upstream fixed patches:
  + at-spi2-core-bus-launch-use__linux__.patch.
  + at-spi2-core-generate-pc.patch.
- Update to version 2.30.1:
  + Fix atspi_table_cell_get_(row|column)_header_cells
- Add at-spi2-core-bus-launch-use__linux__.patch: bus-launch:
  use __linux__ over __linux.
- Add at-spi2-core-generate-pc.patch: meson: Generate a pkg-config
- Disable gtk-doc BuildRequires and pass enable_docs=false to
  meson. Temp workaround for buildfail when building docs with
  meson 0.48.
- Update to version 2.30.0:
  + No changes, stable bump only.
- Update to version 2.29.1:
  + Add dbus-broker support to bus launcher.
  + Add ScrollTo and ScrollToPoint component interfaces.
  + Do not use deprecated GSettings API.
  + Fix various compiler warnings and documentation annotations.
- Update to version 2.28.0:
  + Support building a static library (bgo#793652).
  + Fix build on FreeBSD (bgo#791608).
- Update to version 2.27.92:
  + Dropped autotools support.
  + Documentation: Remove list association from
  + Fix a potential buffer overflow in at-spi-bus-launcher
  + Make the build reproducible (bgo#791167).
- Drop at-spi2-core-bgo791124-buffer-overflow.patch and
  at-spi2-core-bgo791167-reproducible-build.patch: fixed upstream.
- Modernize spec-file by calling spec-cleaner
- Add at-spi2-core-bgo791124-buffer-overflow.patch: fix possible
  buffer overflow reading dbus address in at-spi-bus-launcher
  (boo#1073027, bgo#791124).
- Add at-spi2-core-bgo791167-reproducible-build.patch: use
  @basename@ in templates, rather than @filename@; fixes build
  reproducibility and multiarch conflict (bgo#791167).
- Switch to using meson buildsystem:
  + Add meson and gtk-doc BuildRequires.
  + Use meson, meson_build and meson_install macros instead of
    autotools macros.
  + Drop update-desktop-files BuildRequires and stop using
    suse_update_desktop_file macro, no longer needed.
  + Modernize spec, use spec-cleaner.
- Update to version 2.26.2:
  + dist po/meson.build (bgo#789666).
  + Generate correct sonname when building with meson.
- Update to version 2.26.1:
  + Remove unused dependency on libxkbcommon.
  + Various meson build fixes.
  + Updated translations.
- Update package summaries and old RPM macros.
- Update to version 2.26.0:
  + m4/gettext.m4, m4/iconv.m4, m4/lib-ld.m4, m4/lib-link.m4,
    m4/lib-prefix.m4, m4/nls.m4, m4/po.m4 and m4/progtest.m4:
    Upgrade to gettext-
  + configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.19.8.
- Update to version 2.25.92:
  + configure.ac: make xkb optional, as intended.
  + Optionally read the bus adddress from the ATSPI_BUS_ADDRESS
    environment variable (bgo#787126).
- Update to version 2.25.91:
  + Meson build files should now be usable, with the exception of
    the dist target.
- Update to version 2.25.90:
  + Fix a couple of introspection issues (bgo#784481).
  + atspi_get_a11_bus: don't leak the DBusConnection.
  + Meson fixes.
- Update to version 2.25.4:
  + Fix gir generation with autotools (bgo#783994).
- Update to version 2.25.3:
  + Fix -Wmisleading-indentation warnings.
  + Fix memory leak of at-spi-bus-launcher.
  + Add error-message, error-for, details, and details-for relation
  + Poll direct dbus connections in the main loop--fixes processes
    being marked hung and the hung flag never being removed.
  + Add Meson build system.
  + Various build fixes.
- Add pkgconfig(xkbcommon-x11) BuildRequires: new dependency.
- Update to version 2.25.2:
  + Attempt to fix an occasional crash when an application
    disappears (bgo#767074).
  + Add some missing roles to correspond with atk (description
    list, description term, description value, and footnote).
- Update to version 2.25.1:
  + No changes.
- Update to version 2.24.1:
  + atspi_table_cell_get_position: Don't crash on error.
- Update to version 2.24.0:
  + No changes.
- Update to version 2.23.92:
  + Table cell API fixes (bgo#779835).
- Update to version 2.23.90:
  + Fix an occasional crash when an application is closed
- Update to version 2.23.4:
  + Don't pull in X headers if x11 is disabled (bgo#773710).
  + at-spi-bus-launcher: session management fixes (bgo#774441).
  + events: add recently added page changed event (bgo#719898).
  + roles: EXTENDED roles are deprecated (bgo#720123).
- Update to version 2.22.0:
  + at-spi-bus-launcher: Fix uninitialized variable.
  + Fix return value error in session_manager_connect (bgo#768881).
  + Updated translations.
- Update to version 2.21.4:
  + Fixed a crash in atspi_accessible_clear_cache.
  + Fixed a crash caused by at-spi2-registryd dying.
  + Fixed some session management issues in at-spi-bus-launcher.
- Drop at-spi2-core-session-management.patch: Fixed upstream.
- Update to version 2.21.2:
  + Allow building without Xtst, Xi with --disable-x11.
  + ref_accessible_desktop: don't unref reply until we're finished
    with it.
  + Updated translations.
- Update to version 2.21.1:
  + Fix parsing of at-spi-bus-launcher command line arguments
  + Build clean-ups.
- Update at-spi2-core-session-management.patch: fix uninitialized
  variable (bsc#984109).
- Add at-spi2-core-session-management.patch: properly register
  at-spi-bus-launcher with gnome-session (bsc#984109).
- Drop at-spi2-core-devel Obsolete: the devel package have not
  existed since 2009. At the same time, drop rpmlintrc, since it's
  not needed anymore.
- Pkgconfig'ify spec file BuildRequires:
  + Replace/Remove: glib2-devel, gobject-introspection-devel,
  + Add: pkgconfig(gio-2.0), pkgconfig(glib-2.0),
    pkgconfig(gobject-2.0), pkgconfig(gobject-introspection-1.0),
    pkgconfig(x11), pkgconfig(xtst), pkgconfig(xi).
- Update to GNOME 3.20.2  Fate#318572
- Update to version 2.20.2:
  + Fixed an invalid memory access when fetching an accessible.
- Update to GNOME 3.20  Fate#318572
- Drop at-spi2-core-null-event-source.patch: fixed upstream.
- Update to version 2.20.1:
  + registryd: avoid crashing with a NULL keystring (bgo#764688).
  + Plug a memory leak in AtspiEventListener (bgo#764688).
- Update to version 2.20.0:
  + No changes.
- Update to version 2.19.92:
  + Support a stateless configuration by default (bgo#763540).
- Update to version 2.19.91:
  + Don't display warnings when connecting to an app that no longer
- Update to version 2.19.90:
  + Don't display warning if unable to connect when logged in via
    ssh (bgo#761600).
  + at-spi-bus-launcher: register with session manager
- Update to version 2.19.2:
  + Disable xevie by default--it probably doesn't do anything
  + get_index_in_parent: Don't crash if parent is defunct.
  + Don't crash when trying to set an invalid state (bgo#757915).
- Update to version 2.19.1:
  + atspi_hyperlink_get_index_range: don't return random values if
    the call fails (bgo#755727).
  + Fixed some atspi_text_ functions (bgo#755731).
- Update to version 2.18.3:
  + get_index_in_parent: Don't crash if the parent is defunct.
- Update to version 2.18.2:
  + Really don't crash if we get a children-changed event with a
    non-existent child (bgo#755951).
  + Fixed crash during removal of last application in registryd
- Disable xevie when configuring (boo#952011).
- Update to version 2.18.1:
  + Don't crash if we get a children-changed event with a
    non-existent child (bgo#755951).
  + atspi_hyperlink_get_index_range: don't return random values if
    the call fails (bgo#755727).
  + Fixed some atspi_text_ functions (bgo#755731).
- Update to version 2.18.0:
  + Updated translations.
- Update to version 2.17.90:
  + Modified the cache API to specify an object's index and child
    count rather than its children. This eliminates the need for
    the application to enumerate its children, improving
    performance in some places with large lists (bgo#650090).
- Update to version 2.17.1:
  + Functions shouldn't try to return values (bgo#749330).
  + Fix atspi_table_cell_get_position.
- Update to version 2.16.0:
  + Fix GTK-Doc comment blocks.
  + Updated translations.
- Update to version 2.15.90:
  + Deprecate atspi_text_get_text_{before,at,after}_offset()
  + Add roles for fractions, roots, subscripts, and superscripts
- Update to version 2.15.4:
  + Add names to every timeout (bgo#710644).
  + Remove accessibility.conf from EXTRA_DIST (bgo#742987).
  + Add ATSPI_STATE_READONLY (bgo#690004).
- Update to version 2.15.3:
  + Replace deprecated "/Rename to"/ gtk-doc tag.
  + Fix atspi_table_cell_get_column_span prototype.
- Update to version 2.15.2:
  + Make the documentation of ATSPI's STATE_ACTIVE consistent with
    that of ATK's (bgo#740274).
  + Add ATSPI_ROLE_STATIC and update documentation for
    ATSPI_ROLE_TEXT (bgo#740340).
  + gi-annotations: get_relation_set returns a array of
- Update to version 2.15.1:
  + Fix some issues with the accessibility bus configuration
  + Documentation for AtspiTableCell is now built.
- Update to version 2.14.1:
  + Docs: add AtspiTableCell.
- Update to version 2.34.1:
  + Meson: fixed version.
- Update URL.
- Update to version 2.34.0:
  + No changes provided by upstream.
- Update to version 2.33.3:
  + Documentation: general documentation cleanup:
  - Move Deprecated section down on AtkUtil.
  - Update the list of symbols.
  - Annotate the version for AtkTableCellIface.
  - Use Markdown syntax for notes.
  - Use the appropriate syntax for enumerations.
  - Add missing documentation for AtkObject functions.
  - Write description for AtkImage method.
  - Add proper gtk-doc blurbs for AtkDocument, AtkComponentIface
    and AtkActionIface.
  - Remove atk.types (as we can autogenerate it).
  + AtkSocket/AtkPlug:  Implement proper constructor for AtkPlug
    and AtkSocket.
  + AtkText: Doc: minor doc fix for
  + Build:
  - Meson: do not guard gir behind a cross_build check.
  - Meson: refresh the build.
  - Meson: use Meson to generate the pkgconfig file.
  + Updated translations.
- Changes from version 2.33.2:
  + AtkObject: added accessible_id property.
  + AtkText
  - Edit documentation for last methods added in order to fix
  - Fix failure value for atk_text_get_caret_offset.
  + Build: Bumping ATK version without a release as at-spi2-atk
    master started to depend on last API changes.
- Update to version 2.32.0:
  + Updated translations.
- Update to version 2.31.92:
  + By mistake, 2.31.90 re-introduced a bug, as master didn't have
    the revert for "/atkimplementor: use the G_DEFINE_INTERFACE
    macro to declare it as interface in the introspection"/.
- Update to version 2.31.90:
  + AtkText: Add ScrollSubstringTo and ScrollSubstringToPoint
    methods to AtkText.
  + Build - meson:
  - Make atk work as a subproject.
  - Use an autotools compatible
    compatibility_version/current_version on macOS.
  - Fix usage of glib as a subproject dependency.
  - Replace shared_library by library.
  + Build - Visual Studio: Add build instructions for Visual
    Studio, as now is done via Meson.
  + Documentation:
  - Move atk_relation_set_contains_target to correct doc section.
  - Improve documentation for AtkText method return values.
  + Misc: atkplug, atksocket: Fix -Wredundant-decls.
  + Updated translations.
- Add meson_test macro, run tests during build.
- Update to version 2.30.0:
  + Fix "/atk 2.29.2 is reported not to work any more"/
- Update to version 2.29.92:
  + Improve the documentation slightly.
- Use autosetup macro.
- Update to version 2.29.2:
  + Add ScrollTo and ScrollToPoint methods to AtkComponent.
  + Build: Require a more recent version fo Meson, 0.46.0.
  + Misc: Documentation, introspection, and versioning fixes.
- Update to version 2.29.1:
  + Important note: this is the first release without autotools
    support. From now on only meson would be supported.
  + Bugfixing: Setting accessible-role does not work (bgo#794513).
  + Build, autotools: Remove autotools support (bgo#795315).
  + Build, meson:
  - Fix linker options on Darwin (bgo#795065).
  - Follow meson_options convention (bgo#795301).
  + Updated translations.
- Following upstream changes, pass docs=true and introspection=true
  to meson.
- Unconditionally enable translation-update-upstream: on
  Tumbleweed, this results in a NOP and for Leap in SLE paid
  translations being used (boo#1086036).
- Update to version 2.28.1:
  + meson: fix version numbering. Roll new release to include it.
- Drop atk-2.28.0.patch: fixed upstream.
- Update to version 2.28.0:
  + bgo#791020: Remove list association from
  + Updated translations.
- Add atk-2.28.0.patch: Call it 2.28.0 in meson.build, same as the
  tarball is called and what configure.ac defines.
- Modernize spec-file by calling spec-cleaner
- Update to version 2.27.1:
  + Build: meson, tracked by bug 785802:
  - Add option to disable introspection.
  - Fix .rc generation in Meson builds.
  + Build (Visual Studio): Enhance security of x64 binaries.
  + Updated translations.
- Update to version 2.26.1:
  + Build: meson, tracked by bgo#785802
  - Add option to disable introspection.
  - Fix .rc generation in Meson builds.
  + Build: (Visual Studio)
  - Enhance security of x64 binaries.
  + Updated translations.
- Update to version 2.26.0:
  + Build: meson on Windows, tracked by bgo#785802 (not fully fixed
  - Force-include msvc_recommended_pragmas.h on MSVC.
  - tests: Fix build on pre-C99.
  - meson: Build .rc file on Windows.
  + Updated translations.
- Conditionally apply translations-update-upstream BuildRequires
  and macro for non-openSUSE only.
- Add meson BuildRequires and switch autotools macros configure,
  make and makeinstall to meson, meson_build and meson_install
  following upstream switch to Meson build system.
- Drop conditional gnome-common BuildRequires and autogen call,
  drop other conditional tweaks for obsolete versions of openSUSE.
- Run spec-cleaner, modernize spec.
- Update package summaries and RPM category.
  Replace old RPM macros by new constructs.
  Avoid running fdupes across hardlink boundaries.
- Update to version 2.25.90:
  + Bugfixing: bgo#689810: Move include guards out to enable GCC
  + Build (meson):
  - Keep the version in sync with Autotools.
  - Add atkversion.h to introspection build.
  + Build (visual studio):
  - Adapt to the Python-field glib-genmarshal.
  - Adapt to new glib-genmarshal command line.
  - Use PythonDir instead of PythonPath.
  - Integrate introspection builds.
  - Don't build introspection by default.
  - Make marshal generation more robust.
  + Misc: Update AUTHORS file.
- Update to version 2.25.2:
  + bgo#781715: Crash under atk_gobject_accessible_dispose().
  + Build (general/autotools):
  - Add ATK_UNAVAILABLE macro.
  - Use template files for the ATK enumerations.
  - Convert atkversion.h.in to UTF-8 encoding.
  - Include the marshallers header, not the source.
  - Add buildir to the docs directories.
  - Update deprecation warnings symbols.
  - Simplify GObject dependency discovery.
  + Build (meson):
  - Bug 782871: Add meson build system.
  - Dist the Meson files.
  - Use the appropriate soversion.
  - Use the appropriate GETTEXT_PACKAGE.
  - Install atk.h.
  - Only depend on generated header.
  + Cleaning:
  - Remove atk.spec.in.
  - Remove uninstalled pkg-config file.
  - Remove unused script for bundling ATK on Windows.
  - Remove ChangeLog.
  - Remove local introspection.m4.
  + Docs:
  - Modernise the API reference:
    . Use XInclude.
    . Stop using SGML mode with XML files.
    . Drop version.xml and use the gtk-doc package entities.
  - Update the README mentioning Meson, Ninja, and cleaning a
  - Remove empty overrides file.
  + Gobject introspection: Mark unbindable functions as 'skip.
  + Misc: Update git ignore file.
  + New Relations and Roles:
  - bgo#748384: Add ATK_ROLE_FOOTNOTE
  - bgo#781587: Add error-message, error-for, details and
  + Updated translations.
- Update to version 2.24.0:
  + Build, MSVC: Support Visual Studio 2017.
  + Updated translations.
- Update to version 2.23.4:
  + Build, MSVC:
  - Remove atk-install.props's on re-generation.
  - Makefile.msvcproj, Makefile-newvs.am: Update from GLib.
  - Move files to win32.
  + Docs:
  - Fix typo.
  - bgo#772236: change id of the atkobject chapter needed
    case-insensitive filesystems.
  + Misc: Use Unicode apostrophe in a translatable string.
  + Updated translations.
- Update to version 2.22.0:
  + Add more options to XGETTEXT_OPTIONS in po/Makevars.
  + Updated translations.
- Update to version 2.21.90:
  + Add some missing argument (out) annotations (bgo#764883).
  + Add Language headers to po files.
  + MSVC/win32 fixes.
- Move AUTHORS ChangeLog NEWS README to doc subpackage.
- Update to GNOME 3.20  Fate#318572
- Update to version 2.20.0:
  + Updated translations.
- Update to version 2.19.92:
  + Build improvements:
  - bgo763212: Fix gettext domain after recent changes.
  - Fix builddir ≠ srcdir in autogen.sh.
  - MSVC builds: Re-arrange include paths.
  + Cleaning: atkregistry: remove code not being compiled.
  + Updated translations.
- Re-enable translation-update-upstream BuildRequires and
  executionion: upstream fixed the gettext domain to be atk10
- Update to version 2.19.90:
  + bgo#755548: atktablecell: use content of the pointer instead of
    pointer itself.
  + bgo#760323: Use upstream gettext intead glib-gettext.
  + Build/MSVC/win32 improvements.
  + Updated translations.
- Disable translation-update-upstream BuildRequires and execution:
  Upstream changed from atk10 to atk, for which we have no updated
  translations. This in turn breaks the build.
- Update to version 2.18.0:
  + Build: Improvements on MSVC Build infrastructure.
  + Updated translations.
- Update to version 2.17.90:
  + Documentation:
  - Replace mentions of 'state-changed' with 'state-change'.
  - Fixed some tiny typos.
  + Build/win32 improvements:
  - Use Pattern Rules on build/Makefile-newvs.am.
  - Tidying and cleaning .vcxproj.filters generation. Fixes
    bgo#748176: out-of-tree distcheck fails in build/win32.
  - Removed GCC requirement.
  + "/install"/ Projects renamed to "/atk-install"/.
  + Misc: set proper file permission to source files.
- Fix baselibs.conf: the package keyword is redundant.
- Update to version 2.16.0:
  + Bug fixed: Fix a couple of GTK-Doc comment blocks
  + Visual Studio support:
  - Speed Up Release Builds.
  - Fix and improve .pdb Generation.
  - "/Install"/ .pdb Files.
  + Updated translations.
- Update to version 2.15.91:
  + autogen.sh: stop using deprecated gnome-autogen.sh.
  + configure.ac: Stop using deprecated GNOME-specific autoconf
  + Updated translations.
- Update to version 2.15.4:
  + AtkRole: bgo#742806: Add new roles for fractions, roots,
    subscripts, and superscripts.
- Update to version 2.15.3:
  + AtkState: Add ATK_STATE_READ_ONLY (bgo#665598).
  + Bugs fixed:
  - Unref STATE_TYPE class ref after using it at
  - AtkTable: Added missing "/:"/ on one gi annotation.
  + Updated translations.
- Update to version 2.15.2:
  + AtkState:
  - bgo#739981: Add ATK_ROLE_STATIC and clarify ATK_ROLE_TEXT.
  - bgo#740152: Document the deprecation of ATK_STATE_ARMED.
  + Documentation:
  - bgo#740044: Fix some unclear language regarding
  - bgo#740066: Improve documentation related to AtkState and
  - Extend atk_focus_tracker_notify deprecation documentation.
  - Remove some in-code documentation, that is already part of
    the docs.
  + Updated translations.
- Update to version 2.15.1:
  + Add ATK_STATE_HAS_TOOLTIP (bgo#407539).
  + Documentation:
  - Update README file.
  - Update documentation to reflect an additional use case for
    STATE_INDETERMINATE (bgo#737602).
- Use %license instead of %doc [bsc#1082318]
- remove man5/attr.5, it is now part of man-pages
- Reduce size of filelist by using wildcards;
  remove %doc (some locations are always %doc),
  remove %attr (files already have proper permissions)
- remove gpg-offline from bootstrap packages
- Update to new upstream release 2.4.47
  * This release fixes two functional bugs related to tree walking
  and the return code from getfattr. Also, a number of build system
  problems were fixed.
- Remove config-guess-sub-update.patch (no longer applies),
  attr-syscalls.patch (resolved differently upstream),
  builddefs.in.diff (replaced by logic in specfile)
- Signature verification
- Added url as source.
  Please see http://en.opensuse.org/SourceUrls
- Remove unused autoconf and automake build requires
- Add attr-syscalls.patch:
  Define attr syscall numbers for aarch64
- Add config-guess-sub-update.patch:
  Update confg.guess/sub for aarch64
- update license to new format
- add autoconf as buildrequire to avoid implicit dependency
- Add libattr-devel-static package
- Enable libattr-devel for all baselib arches
- Implement shlib package (libattr1)
- make shared library executable
- upgrade to 2.4.46
  - Fix tests
- upgrade to 2.4.45
  - OPTIONS in man pages should be a section heading, not a subsection heading
  - getfattr: encode NULs properly with --encoding=text
  - setfattr.1: document supported encodings of values
  - convert the man pages into html
  - attr_parse_attr_conf: eliminate a double free
  - attr_parse_attr_conf: eliminate a memory leak
  - quote: pull in string.h for strchr prototype
  - libattr: fix memory leak in attr_copy_action()
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- fixed implicit strchr() call
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.4.44
  - Stop quoting nonprintable characters in the getfattr output
  - More license updates
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- Fix specfile to require libauparse0 and libaudit1 after splitting
  audit-libs (bsc#1172295)
- Update to version 2.6.5:
  * Fix segfault on shutdown
  * Fix hang on startup (#1587995)
  * Add sleep to script to dump state so file is ready when needed
  * Add auparse_normalizer support for SOFTWARE_UPDATE event
  * Mark netlabel events as simple events so that get processed quicker
  * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
  * Add 30-ospp-v42.rules to meet new Common Criteria requirements
  * Update lookup tables for the 4.18 kernel
  * In aureport, fix segfault in file report
  * Add auparse_normalizer support for labeled networking events
  * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
  * Event aging is off by a second
  * In ausearch/auparse, correct event ordering to process oldest first
  * auparse_reset was not clearing everything it should
  * In ausearch/report, lightly parse selinux portion of USER_AVC events
  * In ausearch/report, limit record size when malformed
  * In auditd, fix extract_type function for network originating events
  * In auditd, calculate right size and location for network originating events
  * Treat all network originating events as VER2 so dispatcher doesn't format it
  * In audisp-remote do an initial connection attempt (#1625156)
  * In auditd, allow expression of space left as a percentage (#1650670)
  * On PPC64LE systems, only allow 64 bit rules (#1462178)
  * Make some parts of auditd state report optional based on config
  * Fix ausearch when checkpointing a single file (Burn Alting)
  * Fix scripting in 31-privileged.rules wrt filecap (#1662516)
  * In ausearch, do not checkpt if stdin is input source
  * In libev, remove __cold__ attribute for functions to allow proper hardening
  * Add tests to configure.ac for openldap support
  * Make systemd support files use /run rather than /var/run (Christian Hesse)
  * Fix minor memory leak in auditd kerberos credentials code
  * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
  * In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Remote zos building is now a configurable option.
  It should be disabled in audit (and left enabled in audit-secondary).
- Make use of some %make_install.
- Update to version 2.8.4:
  * Generate checkpoint file even when not results are returned
    (Burn Alting).
  * Fix log file creation when file logging is disabled entirely
    (Vlad Glagolev).
  * Use SIGCONT to dump auditd internal state (rh#1504251).
  * Fix parsing of virtual timestamp fields in ausearch_expression
  * Fix parsing of uid & success for ausearch.
  * Hide lru symbols in auparse.
  * Fix aureport summary time range reporting.
  * Allow unlimited retries on startup for remote logging.
  * Add queue_depth to remote logging stats and increase default
    queue_depth size.
- Update to version 2.8.3:
  * Correct msg function name in lru debug code.
  * Fix a segfault in auditd when dns resolution isn't available.
  * Make a reload legacy service for auditd.
  * In auparse python bindings, expose some new types that were
  * In normalizer, pickup subject kind for user_login events.
  * Fix interpretation of unknown ioctcmds (rh#1540507).
  * In auparse_normalize for USER_LOGIN events, map acct for
  * Fix logging of IPv6 addresses in DAEMON_ACCEPT events
  * Do not rotate auditd logs when num_logs < 2 (brozs).
- Update header in audit-python3.patch
- Update patch guidelines in README-BEFORE-ADDING-PATCHES
- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname
- Update to version 2.8.1 release (includes 2.8 and 2.7.8 changes)
  * many features added to auparse_normalize
  * cli option added to auditd and audispd for setting config dir
  * in auditd, restore the umask after creating a log file
  * option added to auditd for skipping email verification
-  Full changelog: http://people.redhat.com/sgrubb/audit/ChangeLog
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7 release
  Changelog: https://people.redhat.com/sgrubb/audit/ChangeLog
- Create folder for the m4 file from previous commit to avoid install
- Version update to 2.5 release
- Refresh two patches and README to contain SUSE and not SuSE
  * audit-allow-manual-stop.patch
  * audit-plugins-path.patch
- Cleanup with spec-cleaner and do not use subshells but rather use
  - C parameter of make
- Install m4 file to the devel package
- Do not depend on insserv nor fillup; the package provides
  neither sysconfig nor sysvinit files
- Update to version 2.4.4 (bsc#941922, CVE-2015-5186)
- Remove patch 'audit-no_m4_dir.patch'
  (added Fri Apr 26 11:14:39 UTC 2013 by mmeister@suse.com)
  No idea what earlier 'automake' build error this was trying to fix but
  it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
  occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- Require pkgconfig for build
  Changelog 2.4.4
  - Fix linked list correctness in ausearch/report
  - Add more cross compile fixups (Clayton Shotwell)
  - Update auparse python bindings
  - Update libev to 4.20
  - Fix CVE-2015-5186 Audit: log terminal emulator escape sequences handling
  Changelog 2.4.3
  - Add python3 support for libaudit
  - Cleanup automake warnings
  - Add AuParser_search_add_timestamp_item_ex to python bindings
  - Add AuParser_get_type_name to python bindings
  - Correct processing of obj_gid in auditctl (Aleksander Zdyb)
  - Make plugin config file parsing more robust for long lines (#1235457)
  - Make auditctl status print lost field as unsigned number
  - Add interpretation mode for auditctl -s
  - Add python3 support to auparse library
  - Make --enable-zos-remote a build time configuration option (Clayton Shotwell)
  - Updates for cross compiling (Clayton Shotwell)
  - Add MAC_CHECK audit event type
  - Add libauparse pkgconfig file (Aleksander Zdyb)
  Changelog 2.4.2
  - Ausearch should parse exe field in SECCOMP events
  - Improve output for short mode interpretations in auparse
  - If auditctl is reading rules from a file, send messages to syslog (#1144252)
  - Correct lookup of ppc64le when determining machine type
  - Increase time buffer for wide character numbers in ausearch/report (#1200314)
  - In aureport, add USER_TTY events to tty report
  - In audispd, limit reporting of queue full messages (#1203810)
  - In auditctl, don't segfault when invalid options passed (#1206516)
  - In autrace, remove some older unimplemented syscalls for aarch64 (#1185892)
  - In auditctl, correct lookup of aarch64 in arch field (#1186313)
  - Update lookup tables for 4.1 kernel
- Update to version 2.4.1
  Changelog 2.4.1
  - Make python3 support easier
  - Add support for ppc64le (Tony Jones)
  - Add some translations for a1 of ioctl system calls
  - Add command & virtualization reports to aureport
  - Update aureport config report for new events
  - Add account modification summary report to aureport
  - Add GRP_MGMT and GRP_CHAUTHTOK event types
  - Correct aureport account change reports
  - Add integrity event report to aureport
  - Add config change summary report to aureport
  - Adjust some syslogging level settings in audispd
  - Improve parsing performance in everything
  - When ausearch outputs a line, use the previously parsed values (Burn Alting)
  - Improve searching and interpreting groups in events
  - Fully interpret the proctitle field in auparse
  - Correct libaudit and auditctl support for kernel features
  - Add support for backlog_time_wait setting via auditctl
  - Update syscall tables for the 3.18 kernel
  - Ignore DNS failure for email validation in auditd (#1138674)
  - Allow rotate as action for space_left and disk_full in auditd.conf
  - Correct login summary report of aureport
  - Auditctl syscalls can be comma separated list now
  - Update rules for new subsystems and capabilities
- Drop patch audit-add-ppc64le-mach-support.patch (already upstream)
- Do not explicitly provide group(audit) in system-users-audit:
  this is automatically handled by rpm/providers.
- Create new "/audit"/ group for read access to logs (bsc#1178154)
  * add change-default-log_group.patch
  * update audit-secondary.spec
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- prepare usrmerge (boo#1029961)
- Update to version 2.6.5:
  * Fix segfault on shutdown
  * Fix hang on startup (#1587995)
  * Add sleep to script to dump state so file is ready when needed
  * Add auparse_normalizer support for SOFTWARE_UPDATE event
  * Mark netlabel events as simple events so that get processed quicker
  * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
  * Add 30-ospp-v42.rules to meet new Common Criteria requirements
  * Update lookup tables for the 4.18 kernel
  * In aureport, fix segfault in file report
  * Add auparse_normalizer support for labeled networking events
  * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
  * Event aging is off by a second
  * In ausearch/auparse, correct event ordering to process oldest first
  * auparse_reset was not clearing everything it should
  * In ausearch/report, lightly parse selinux portion of USER_AVC events
  * In ausearch/report, limit record size when malformed
  * In auditd, fix extract_type function for network originating events
  * In auditd, calculate right size and location for network originating events
  * Treat all network originating events as VER2 so dispatcher doesn't format it
  * In audisp-remote do an initial connection attempt (#1625156)
  * In auditd, allow expression of space left as a percentage (#1650670)
  * On PPC64LE systems, only allow 64 bit rules (#1462178)
  * Make some parts of auditd state report optional based on config
  * Fix ausearch when checkpointing a single file (Burn Alting)
  * Fix scripting in 31-privileged.rules wrt filecap (#1662516)
  * In ausearch, do not checkpt if stdin is input source
  * In libev, remove __cold__ attribute for functions to allow proper hardening
  * Add tests to configure.ac for openldap support
  * Make systemd support files use /run rather than /var/run (Christian Hesse)
  * Fix minor memory leak in auditd kerberos credentials code
  * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
  * In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Fix build errors when using gcc-10 no-common default (bsc#1160384)
  New patch: audit-fno-common.patch
- Refresh audit-allow-manual-stop.patch
- Reduce scriptlets' hard dependency on systemd.
- Update to version 2.8.4:
  * Generate checkpoint file even when not results are returned
    (Burn Alting).
  * Fix log file creation when file logging is disabled entirely
    (Vlad Glagolev).
  * Use SIGCONT to dump auditd internal state (rh#1504251).
  * Fix parsing of virtual timestamp fields in ausearch_expression
  * Fix parsing of uid & success for ausearch.
  * Hide lru symbols in auparse.
  * Fix aureport summary time range reporting.
  * Allow unlimited retries on startup for remote logging.
  * Add queue_depth to remote logging stats and increase default
    queue_depth size.
- Update to version 2.8.3:
  * Correct msg function name in lru debug code.
  * Fix a segfault in auditd when dns resolution isn't available.
  * Make a reload legacy service for auditd.
  * In auparse python bindings, expose some new types that were
  * In normalizer, pickup subject kind for user_login events.
  * Fix interpretation of unknown ioctcmds (rh#1540507).
  * In auparse_normalize for USER_LOGIN events, map acct for
  * Fix logging of IPv6 addresses in DAEMON_ACCEPT events
  * Do not rotate auditd logs when num_logs < 2 (brozs).
- Use %license instead of %doc [bsc#1082318]
- Change openldap dependency to client only (bsc#1085003)
- Resolve issue with previous change if both Python2 and Python3 are
  present, tests were failing as python2 bindings are preferred in this
- reverted -j1 force ppc specific only
- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname
- force -j1 for PowerPC make check to avoid build failure
  (lookup_test.o: file not recognized: File truncated)
- Add conditions around python plugins to allow us to conditionalize
  them in enviroment without python2
- Rename python binding packages to match current python packaging
- Update python build dependencies to resolve future split of
- Update to version 2.8.1. See audit.spec (libaudit1) for upstream
- Remove audit-implicit-writev.patch (fixed upstream across 2
  * 3b30db20ad983274989ce9a522120c3c225436b3
  * 07132c22314e9abbe64d1031fd8734243285bb3f
- Cleanup with spec-cleaner
- Add audit-implicit-writev.patch: include sys/uio.h to ensure
  readv and writev are declared.
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7. See audit.spec (libaudit1) for upstream
  Since commit 6cf57d27 (2.7.4) audit is now started as an non-forking
  service (bsc#1042781).
  Add config: audit-stop.rules
  Refresh patch: audit-allow-manual-stop.patch
  Refresh patch: audit-no-gss.patch
- Version update to 2.5. See audit.spec (libaudit1) for upstream
- Cleanup with spec-cleaner
- Sort out bit /sbin /usr/sbin/ installation
- Install the rules as documentation
- Remove needless %py_requires from python subpkgs
- Update to version 2.4.4. See audit.spec (libaudit1) for upstream
- Add python3 bindings for libaudit and libauparse
- Remove patch 'audit-no_m4_dir.patch'
  (added Fri Apr 26 11:14:39 UTC 2013 by mmeister@suse.com)
  No idea what earlier 'automake' build error this was trying to fix but
  it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
  occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- update to 1.10.1:
  General changes/additions
    New CLI utility 'augmatch' to print the tree for a file and select
    some of its contents
    New command 'count' in augtool
    New function 'not(bool) -> bool' for path expressions
    The path expression 'label[. = "/value"/]' can now be written more
    concisely as 'label["/value"/]'
  API changes
    libfa has now a function fa_json to export an FA as a JSON file, and
    fa_state_* functions that make it possible to iterate over the FA's
    states and transitions. (Pedro Valero Mejia)
    Add functions aug_ns_label, aug_ns_value, aug_ns_count, and
    aug_ns_path to get the label (with index), the value, the number of
    nodes, and the fully qualified path for nodes stored in a nodeset in
    a variable efficiently
  Lens changes/additions
    Grubenv: new lens to process /boot/grub/grubenv (omgold)
    Httpd: also read files from /etc/httpd/conf.modules.d/*.conf
    (Tomas Meszaros) (Issue #537)
    Nsswitch: allow comments at the end of a line (Philip Hahn) (Issue #517)
    Ntp: accept 'ntpsigndsocket' statement (Philip Hahn) (Issue #516)
    Properties: accept empty comments with DOS line endings (Issue #161)
    Rancid: new lens for RANCiD router databases (Matt Dainty)
    Resolv: accept empty comments with DOS line endings (Issue #161)
    Systemd: also process /etc/systemd/logind.conf (Pat Riehecky)
    YAML: process a document that is just a sequence (John Vandenberg)
- drop chrpath dependency, the offending dump binary is no longer shipped
- Use %license (boo#1082318)
- Version update to 1.9.0:
  - General changes/additions
  * Fix error in handling escaped whitespace at the end of path expressions
    (addresses CVE-2017-7555)
  * several improvements to the error messages when transforming a tree
    back to text fails. They now make it clearer what part of the tree
    was problematic, and what the tree should have looked like.
  * Fixed the pkg-config file, which should now be usable
  * Fix handling of backslash-escaping in strings and regular expressions
    in the lens language. We used to handle constructs like "//"/ and
    //// incorrectly. (Issue #495)
  * do not unescape the default value of a del on create; otherwise we are
    double unescaping these strings (Issue #507)
  * remove tempfile when saving files because destination is not writable
    (Issue #479)
  * span information is now updated on save (Issue #467)
  * fix lots of warnings generated by gcc 7.1
  * Various changes to reduce bashisms in tests and make them run on
    FreeBSD (Romain Tartière)
  - API changes
  * add function aug_ns_attr to allow iterating through a nodeset
    quickly. See examples/dump.c for an example of how to use them
    instead of aug_get, aug_label etc. and for a way to measure
    performance gains.
  - Lens changes/additions
  * Ceph: new lens for /etc/ceph/ceph.conf
  * Cgconfig: accept fperm & dperm in admin & task (Pino Toscano)
  * Dovecot: also load files from /usr/local/etc (Roy Hubbard)
  * Exports: relax the rules for the path at the beginning of a line so
    that double-quoted paths are legal, too
  * Getcap: new lens to parse generic termcap-style capability databases
  * Grub: accept toplevel 'boot' entry (Pino Toscano)
  * Httpd: handle empty comments with a continuation line (Issue #423);
    handle '>"/"/' in a directive properly (Issue #429); make space between
    quoted arguments optional (Issue #435); accept quoted strings as part
    of bare arguments (Issue #470)
  * Nginx: load files from sites-available directory (Omer Katz) (Issue #471)
  * Nslcd: new lens for nss-pam-ldapd config (Jose Plana)
  * Oz: New lense for /etc/oz/oz.cnf
  * postfix lenses: also load files from /usr/local/etc (Roy Hubbard)
  * Properties: accept DOS line endings (Issue #468)
  * Rtadvd: new lens to parse the rtadvd configuration file (Matt Dainty)
  * Rsyslog: load files from /etc/rsyslog.d (Doug Wilson) (Issue #475);
    allow spaces before the # starting a comment; allow comments inside
    config statements like 'module'
  * Ssh: accept '=' to separate keyword from arguments
  * Sshd: split HostKeyAlgorithms into list of values; recognize quoted
    group names with spaces in them (Issue #477)
  * Sudoers: recognize "/match_group_by_gid"/ (Luigi Toscano) (Issue #482)
  * Syslog: allow spaces before the # starting a comment
  * Termcap: new lens to parse termcap capability databases (Matt Dainty)
  * Vsftpd: accept seccomp_sandbox (Denys Stroebel)
  * Xymon: accept 'group-sorted' directive (Issue #462)
- Version update to 1.8.0:
  * See the News file for all the details
- Verified it contains fixes for bsc#933210 bsc#975729 bsc#925225
  bsc#1023204 CVE-2014-8119
- Version update to 1.6.0:
  * See the NEWS file for the details
- Update to version 1.5.0:
  - General changes/additions
  * augtool: new --timing option that prints after each operation how long
    it took
  * augtool: print brief help message when incorrect options are given rather
    than dumping all help text
  * Path expressions: optimize performance of evaluating certain
  * lots of safety improvements in libfa to avoid using uninitialized
    values and the like (Daniel Trebbien)
  * tolerate building against OSX' libedit (Issue #256)
  - API changes
  * aug_match: fix a bug where expressions like /foo/*[2] would match a
    hidden node and pretend there was no match at all. We now make sure
    we never match a hidden node. Thanks to Xavier Mol for reporting the
  * aug_get: make sure we set *value to NULL, even if the provided path is
    invalid (Issue #372)
  * aug_rm: fix segfault when deleting a tree and one of its ancestors
    (Issue #319)
  * aug_save: fix segfault when trying to save an invalid subtree. A
    routine that was generating details for the error message overflowed
    a buffer it had created (Issue #349)
  - Lens changes/additions
  * AptConf: support hash comments
  * AptSources: support options (Issue #295),
    support brackets with spaces in URI (GH #296)
    rename test file to test_aptsources.aug
  * Chrony: allow signed numbers and indentation, fix stray EOL entry,
    disallow comment on EOL, add many missing directives and
    options (Miroslav Lichvar, RHBZ#1213281)
    add new directives and options that were added in
    chrony-2.2 and chrony-2.3 and improve parsing of
    access configuration (Miroslav Lichvar, Issue #348)
    add new options for chrony-2.4 (Miroslav Lichvar)
  * Dhclient: avoid put ambiguity for node without value (Issue #294)
  * Group: support NIS map, support an overridden and disabled password,
    i.e. `+:*::` (Matt Dainty) (Issue #258)
  * Host_Conf: support spaces between list items (Cedric Bosdonnat, Issue #358)
  * Httpd: add paths to SLES vhosts
    (Jan Doleschal) (Issue #268)
    parse backslashes in directive arguments (Issue #307)
    parse mismatching case of opening/closing tags
    parse multiple ending section tags on one line
    parse wordlists in braces in SSLRequire directives
    parse directive args starting with double quote (Issue #330)
    parse directive args containing quotes
    support perl directives (Issue #327)
    parse line breaks/continuations in section arguments
    parse escaped spaces in directive/section arguments
    parse backslashes at the start of directive args (Issue #324)
  * Inputrc: support $else (Cedric Bosdonnat, Issue #359)
  * Interfaces: add support for source-directory (Issue #306)
  * Json: add comments support, refactor,
    allow escaped quotes and blackslashes
  * Keepalived: fix space/tag alignments and hanging spaces,
    add vrrp_mcast_group4 and vrrp_mcast_group6,
    add more vrrp_instance flags,
    add mcast/unicast_src_ip and unicast_peer,
    add missing garp options,
    add vrrp_script options,
    expand vrrp_sync_group block,
    allow notify option
    (Joe Topjian) (Issue #266)
  * Known_Hosts: refactoring and description fixed
  * Logrotate: support dateyesterday option (Chris Reeves) (GH #367, #368)
  * MasterPasswd: new lens to parse /etc/master.passwd
    (Matt Dainty) (Issue #258)
  * Multipath: add various missing keywoards (Olivier Mangold) (Issue #289)
  * MySQL: include /etc/my.cnf.d/*.cnf (Issue #353)
  * Nginx: improve typechecking of lens,
    allow masks in IP keys and IPv6 (Issue #260)
    add @server simple nodes (Issue #335)
  * Ntp: add support for basic interface syntax
  * OpenShift_Quickstarts: Use Json.lns
  * OpenVPN: add all options available in OpenVPN 2.3o
    (Justin Akers) (Issue #278)
  * Puppetfile: name separator is not mandatory
    add support for moduledir (Christoph Maser)
  * Rabbitmq: remove space in option name,
    add support for cluster_partitioning_handling,
    add missing simple options (Joe Topjian) (Issue #264)
  * Reprepro_Uploaders: add support for distribution field
    (Mathieu Alorent) (Issue #277),
    add support for groups (Issue #283)
  * Rhsm: new lens to parse subscription-manager's /etc/rhsm/rhsm.conf
  * Rsyslog: improve property filter parsing,
    treat whitespace after commas as optional.
    recognize '~' as a valid syslog action (discard)
    (Gregory Smith) (Issue #282),
    add support for redirecting output to named pipes
    (Gerlof Fokkema) (Issue #366)
  * Shellvars: allow partial quoting, mixing multiple styles
    (Kaarle Ritvanen) (Issue #183);
    allow wrapping builtin argument to multiple lines
    (Kaarle Ritvanen) (Issue #184);
    support ;; on same line with multiple commands
    (Kaarle Ritvanen) (Issue #185);
    allow line wrapping and improve quoting support
    (Kaarle Ritvanen) (Issue #187);
    accept [] and [[]] builtins (Issue #188);
    allow && and || constructs after condition
    (Kaarle Ritvanen) (Issue #265);
    add pattern nodes in case entries
    (BREAKING CHANGE: case entry values are now in a
    @pattern subnode) (Kaarle Ritvanen) (Issue #265)
    add eval builtin support;
    add alias builtin support;
    allow (almost) any command;
    allow && and || after commands (Issue #215);
    allow wrapping command sequences
    (Kaarle Ritvanen) (Issue #333);
    allow command-specific environment variable
    (Kaarle Ritvanen) (Issue #332);
    support subshells (Issue #339)
    newlines in start of functions
    allow newlines after actions
    support comments after function name (Issue #339)
    exclude SuSEfirewall2 (Cedric Bosdonnat, Issue #357)
  * Simplelines: parse OpenBSD's hostname.if(5)
    files (Jasper Lievisse Adriaanse) (Issue #252)
  * Smbusers: add support for ; comments
  * Spacevars: support flags (Issue #279)
  * Ssh: add support for HostKeyAlgorithms, KexAlgorithms
    and PubkeyAcceptedKeyTypes (Oliver Mangold) (Issue #290),
    add support for GlobalKnownHostsFile (Issue #316)
  * Star: New lens to parse /etc/default/star
  * Sudoers: support for negated command alias
    (Geoff Williams) (Issue #262)
  * Syslog: recognize '~' as a valid syslog action (discard)
    (Gregory Smith) (Issue #282)
  * Tmpfiles: new lens to parse systemd's tempfiles.d configuration
    files (Julien Pivotto) (Issue #269)
  * Trapperkeeper: new lens for Puppet server configuration files
  * Util: add comment_c_style_or_hash lens
    add empty_any lens
  * Vsftpd: add isolate and isolate_network options
    (Florian Chazal) (Issue #334)
  * Xml: allow empty document (Issue #255)
  * YAML: new lens (subset) (Dimitar Dimitrov) (Issue #338)
- Drop upstreamed patches:
- Fix errors showing up in guestfs tools.
  Add upstreamed patches:
- Version bump to 1.4.0:
  * Loads of bugfixes all around the package
  * Read up NEWS file for the detailed changes
- Whitespace
- restore keyring and .sig file, as this is checked by the OBS
  source service
- Update  to version 1.3.0
  + General changes/additions
  * Add missing cp entry in manpage (GH issue #78)
  * Add seq to vim syntax highlight (Robert Drake)
  * Update augtool.1 man page with new commands and --span, RHBZ#1100077
  * augtool autocomplete includes command aliases, RHBZ#1100184
  * Remove unused "/filename"/ argument from dump-xml command, RHBZ#1100106
  * aug_save returns non-zero result when unable to delete files,
  + Lens changes/additions
  * Aliases: permit missing whitespace between colon and recipients
  * AptPreferences: Support spaces in origin fields
  * Cgconfig: handle additional valid controllers (Andy Grimm)
  * Chrony: New lens to parse /etc/chrony.conf (Pat Riehecky)
  * CPanel: New lens to parse cpanel.config files
  * Desktop: Allow @ in keys (GH issue #92)
  * Device_map: Parse all device.map files under /boot (Mike Latimer)
  * Dhclient: Add support for option modifiers (Robert Drake,
    GH issue #95)
    Parse hash statements with dhcp-eval strings
  * Dhcpd: stmt_string quoted blocks no longer store quote marks
    (incompatible change),
    many changes to support more record types (Robert Drake)
  * Group: NIS support (KaMichael)
  * Grub: handle "/foreground"/ option, RHBZ#1059383 (Miguel Armas)
  * Gshadow: New lens (Lorenzo Catucci)
  * Httpd: Allow eol comments after section tags
    Allow continued lines inside quoted value (GH issue #104)
    Allow comparison operators in tags (GH issue #154)
  * IPRoute2: handle "//"/ in protocol name, swap ID and name fields
    (incompatible change), RHBZ#1063968,
    handle hex IDs and hyphens, as present in
    rt_dsfield, RHBZ#1063961
  * Iptables: parse /etc/sysconfig/iptables.save, RHBZ#1144651
  * Kdump: parse new options, permit EOL comments, refactor, RHBZ#1139298
  * Keepalived: Add more virtual/real server settings and checks, RHBZ#1064388
  * Known_Hosts: New lens for SSH known hosts files
  * Krb5: permit braces in values when not in sub-section, RHBZ#1066419
  * Ldso: handle "/hwcap"/ lines (GH issue #100)
  * Lvm: support negative numbers, parse /etc/lvm/lvm.conf (Pino Toscano)
  * Multipath: add support for rr_min_io_rq (Joel Loudermilk)
  * NagiosConfig and NagiosObjects: Fix documentation (Simon Sehier)
  * NetworkManager: Use the Quote module, support # in values (no eol comments)
  * OpenVPN: Add support for fragment, mssfix, and script-security
    (Frank Grötzner)
  * Pagekite: New lens (Michael Pimmer)
  * Pam: Add partial support for arguments enclosed in [] (Vincent Brillault)
  * Passwd: Refactor lens (Lorenzo Catucci)
  * Redis: Allow empty quoted values (GH issue #115)
  * Rmt: New lens to parse /etc/default/rmt, RHBZ#1100549
  * Rsyslog: support complex $template lines, property filters and file
    actions with templates, RHBZ#1083016
  * Services: permit colons in service name, RHBZ#1121263
  * Shadow: New lens (Lorenzo Catucci)
  * Shellvars: Handle case statements with same-line ';;', RHBZ#1033799
    Allow any kind of quoted values in block
    conditions (GH issue #118)
    Support $(( .. )) arithmetic expansion in variable
    assignment, RHBZ#1100550
  * Simplevars: Support flags and empty values
  * Sshd: Allow all types of entries in Match groups (GH issue #75)
  * Sssd: Allow ; for comments
  * Squid: Support configuration files for squid 3 (Mykola Nikishov)
  * Sudoers: Allow wuoted string in default str/bool params (Nick Piacentine)
  * Syslog: Support "/# !"/ style comments (Robert Drake, GH issue #65)
    Permit IPv6 loghost addresses, RHBZ#1129388
  * Systemd: Allow quoted Environment key=value pairs, RHBZ#1100547
    Parse /etc/sysconfig/*.systemd, RHBZ#1083022
    Parse semicolons inside entry values, RHBZ#1139498
  * Tuned: New lens for /etc/tuned/tuned-main.conf (Pat Riehecky)
  * UpdateDB: New lens to parse /etc/updatedb.conf
    (incompatible change as this file used to be processed with
  * Xml: Allow backslash in #attribute values (GH issue #145)
    Parse CDATA elements (GH issue #80)
  * Xymon_Alerting: refactor lens (GH issue #89)
- Remove the sig and the keyring file as there is no gpg verification
- Remove augeas-device_map-grub2.patch, fixed on upstream release
- Change desc to describe the "/tools"/ not just the library
- Enable tests but "/pass"/ them even with 2 failures.
- Add check phase, comment out as 2 test fails now.
- Clean up with spec-cleaner
- Version bump to 1.2.0:
  - API changes
  * Add aug_cp and the cp and copy commands
  * aug_to_xml now includes span information in the XML dump
  - General changes/additions
  * Fix documentation link in c_api NaturalDocs menu
  * Fix NaturalDocs documentation for various lenses
  * src/transform.c (filter_matches): wrap fnmatch to ensure that an incl
    pattern containing "///"/ matches file paths, RHBZ#1031084
  * Correct locations table for transform_save() (Tomas Hoger)
  * Corrections for CVE-2012-0786 tests (Tomas Hoger)
  * Fix umask handling when creating new files, RHBZ#1034261
  - Lens changes/additions
  * Access: support DOMAINuser syntax for users and groups, bug #353
  * Authorized_Keys: Allow 'ssh-ed25519' as a valid authorized_key
    type (Jasper Lievisse Adriaanse)
  * Automounter: Handle hostnames with dashes in them, GH issue #27
  * Build: Add combinatorics group
  * Cyrus_Imapd: Create new entries without space before separator,
    RHBZ#1014974 (Dietmar Kling)
  * Desktop: Support square brackets in keys
  * Dhclient: Add dhclient.conf path for Debian/Ubuntu (Esteve Fernandez)
  * Dhcpd: Support conditionals, GH issue #34
    Support a wider variety of allow/deny statement, including
    booting and bootp (Yanis Guenane)
    Support a wider variety of DHCP allow/deny/ignore statements
    (Yanis Guenane)
  * Dovecot: Various enhancements and bug fixes (Michael Haslgrübler):
    add mailbox to block_names, fix for block_args in quotes,
    fix for block's brackets upon write,
    fixes broken tests for mailbox,
    fixes indention,
    test case for block_args with "/,
    fixes broken indention
    Use Quote module
  * Exports: Permit colons for IPv6 client addresses, bug #366
  * Grub: Support the 'setkey' and 'lock' directives
    NFC fix whitespace errors
    Handle makeactive menu command, bug #340
    Add 'verbose' option, GH issue #73
  * Interfaces: Add in support for the source stanza in
    /etc/network/interfaces files
    Map bond-slaves and bridge-ports to arrays (incompatible
    change) (Kaarle Ritvanen)
    Add /etc/network/interfaces.d/* support
    Allow numeric characters in stanza options (Pascal Lalonde)
  * Koji: New lens to parse Koji configs (Pat Riehecky)
  * MongoDBServer: Accept quoted values (Tomas Klouda)
  * NagiosCfg: Do not try to parse /etc/nagios/nrpe.cfg anymore, GH issue #43
    /etc/nagios/nrpe.cfg is parsed by Nrpe (Yanis Guenane)
  * Nagiosobjects: Add support for optional spaces and indents
    and whole-line comments (Sean Millichamp)
  * OpenVPN: Support daemon, client-config-dir, route, and management
    directives (Freakin https://github.com/Freakin)
  * PHP: allow php-fpm syntax in keys, GH issue #35
  * Postfix_Main: Handle stray whitespace at end of multiline lines, bug #348
  * Postfix_virtual: allow '+' and '=' in email addresses (Tom Hendrikx)
  * Properties: support multiline starting with an empty string, GH issue #19
  * Samba: Permit asterisk in key name, bug #354
  * Shellvars: Read /etc/firewalld/firewalld.conf, bug #363
    Support all types of quoted strings in arrays, bug #357
    Exclude /etc/sysconfig/ip*tables.save files
  * Shellvars, Sysconfig: map "/bare"/ export and unset lines to seq numbered
    nodes to handle multiple variables (incompatible change), RHBZ#1033795
  * Shellvars_list: Handle backtick variable assignments, bug #368
    Allow end-of-line comments, bug #342
  * Simplevars: Add /etc/selinux/semanage.conf
  * Slapd: use smart quotes for database entries; rename by/what to by/access;
    allow access to be absent as per official docs (incompatible change)
  * Sshd: Indent Match entries by 2 spaces by default
    Support Ciphers and KexAlgorithms groups, GH issue #69
    Let all special keys be case-insensitive
  * Sudoers: Permit underscores in group names, bug #370 (Matteo Cerutti)
    Allow uppercase characters in user names, bug #376
  * Sysconfig: Permit empty comments after comment lines, RHBZ#1043636
  * Sysconfig_Route: New lens for RedHat's route configs
  * Syslog: Accept UDP(@) and TCP(@@) protocol, bug #364 (Yanis Guenane)
  * Xymon_Alerting: New lens for Xymon alerting files (François Maillard)
  * Yum: Add yum-cron*.conf files (Pat Riehecky)
    Include only *.repo files from yum.repos.d (Andrew N Golovkov)
    Permit spaces after equals sign in list options, GH issue #45
    Split excludes as lists, bug #275
- device_map lense: Find device.map in any dir beneath /boot (bnc#875086)
- download url changed, also added keyring and .sig ring
- Update to version 1.1.0
  - Handle files with special characters in their name, bug #343
  - Fix type error in composition ('f; g') of functions, bug #328
  - Improve detection of version script; make build work on Illumos with
    GBU ld (Igor Pashev)
  - augparse: add --trace option to print filenames of all modules being
  - Various lens documentation improvements (Jasper Lievisse Adriaanse)
  - Lens changes/additions
  - ActiveMQ_*: new lens for ActiveMQ/JBoss A-MQ (Brian Harrington)
  - AptCacherNGSecurity: new lens for /etc/apt-cacher-ng/security.conf
    (Erik Anderson)
  - Automaster: accept spaces between options
  - BBHosts: support more flags and downtime feature (Mathieu Alorent)
  - Bootconf: new lens for OpenBSD's /etc/boot.conf (Jasper Adriaanse)
  - Desktop: Support dos eol
  - Dhclient: read /etc/dhclient.conf used in OpenBSD (Jasper Adriaanse)
  - Dovecot: New lens for dovecot configurations (Serge Smetana)
  - Fai_Diskconfig: Optimize some regexps
  - Fonts: exclude all README files (Jasper Adriaanse)
  - Inetd: support IPv6 addresses, bug #320
  - IniFile: Add lns_loose and lns_loose_multiline definitions
    Support smart quotes
    Warning: Smart quotes support means users should not add
    escaped double quotes themselves. Tests need to be fixed
    Use standard Util.comment_generic and Util.empty_generic
    Warning: Existing lens tests must be adapted to use standard
    comments and empty lines
    Allow spaces in entry_multiline* values
    Add entry_generic and entry_multiline_generic
    Add empty_generic and empty_noindent
    Let multiline values begin with a single newline
    Support dos eol
    Warning: Support for dos eol means existing lenses usually
    need to be adapted to exclude r as well as n.
  - IPRoute2: Support for iproute2 files (Davide Guerri)
  - JaaS: lens for the Java Authentication and Authorization Service
    (Simon Vocella)
  - JettyRealm: new lens for jetty-realm.properties (Brian Harrington)
  - JMXAccess, JMXPassword: new lenses for ActiveMQ's JMX files
    (Brian Harrington)
  - Krb5: Use standard comments and empty lines
    Support dos eol
    Improve performance
    Accept pkinit_anchors (Andrew Anderson)
  - Lightdm: Use standard comments and empty lines
  - LVM: New lens for LVM metadata (Gabriel)
  - Mdadm_conf: optimize some regexps
  - MongoDBServer: new lens (Brian Harrington)
  - Monit: also load /etc/monitrc (Jasper Adriaanse)
  - MySQL: Use standard comments and empty lines
    Support dos eol
  - NagiosCfg: handle Icinga and resources.cfg (Jasper Adriaanse)
  - Nrpe: accept any config option rather than predefined list (Gonzalo
    Servat); optimize some regexps
  - Ntpd: new lense for OpenNTPD config (Jasper Adriaanse)
  - Odbc: Use standard comments and empty lines
  - Openshift_*: new lenses for Openshift support (Brian Harrington)
  - Quote: allow multiple spaces in quote_spaces; improve docs
  - Passwd: allow period in user names in spec, bug #337; allow overrides
    in nisentry
  - PHP: Support smart quotes
    Use standard comments and empty lines
    Load /etc/php*/fpm/pool.d/*.conf (Enrico Stahn)
  - Postfix_master: allow [] in words, bug #345
  - Resolv: support 'lookup' and 'family' key words, bug #320
    (Jasper Adriaanse))
  - Rsyslog: support :omusrmsg: list of users in actions
  - RX: add CR to RX.space_in
  - Samba: Use standard comments and empty lines
    Support dos eol
  - Schroot: Support smart quotes
  - Services: support port ranges (Branan Purvine-Riley)
  - Shellvars: optimize some regexps; reinstate /etc/sysconfig/network,
    fixes bug #330, RHBZ#904222, RHBZ#920609; parse /etc/rc.conf.local
    from OpenBSD
  - Sip_Conf: New lens for sip.conf configurations (Rob Tucker)
  - Splunk: new lens (Tim Brigham)
  - Subversion: Support smart quotes
    Use standard comments and empty lines
    Use IniFile.entry_multiline_generic
    Use IniFile.empty_noindent
    Support dos eol
  - Sudoers: allow user aliases in specs
  - Sysctl: exclude README file
  - Systemd: Support smart quotes; allow backslashes in values
  - Xinetd: handle missing values in list, bug #307
  - Xorg: allow 'Screen' in Device section, bug #344
  - Yum: Support dos eol, optimize some regexps
- update to 1.0.0
  - drop bnc-729491-recognize-suse-sysconfig-files.patch:
    upstream ShellVars lense now uses /etc/sysconfig/* include filter
  - drop patches, now upstream: augeas-pkgdeps.diff, augeas-stdio.h.patch
- license update: GPL-3.0+ and LGPL-2.1+
  semicolon is ambiguous
- Fix build with missing gets declaration (glibc 2.16)
- Ensure libxml2 is present in .pc file
- update to 0.10.0
  - support relative paths by taking them relative to the value of
    /augeas/context in all API functions where paths are used
  - add aug_to_xml to API: transform tree(s) into XML, exposed as dump-xml in
    aug_srun and augtool. Introduces dependency on libxml2
  - fix regular expression escaping. Previously, /[/]/ match either a backslash
    or a slash. Now it only matches a slash
  - path expressions: add function 'int' to convert a node value (string) to an
  - path expressions: make sure the regexp produced by empty nodesets from
    regexp() and glob() matches nothing, rather than the empty word
  - fix --autosave when running single command from command line, BZ 743023
  - aug_srun: support 'insert' and 'move' as aliases for 'ins' and 'mv'
  - aug_srun: allow escaping of spaces, quotes and brackets with +  - aug_init: accept AUG_NO_ERR_CLOSE flag; return augeas handle even when
    initialization fails so that caller gets some details about why
    initialization failed
  - aug_srun: tolerate trailing white space in commands
  - much improved, expanded documentation of many lenses
  - always interpret lens filter paths as absolute, bug #238
  - fix bug in libfa that would incorrectly calculate the difference of a case
    sensistive and case insensitive regexp (/[a-zA-Z]+/ - /word/i would match
  - new builtin 'regexp_match' for .aug files to make testing regexp matching
    easier during development
  - fix 'span' command, bug #220
  - Lens changes/additions
  * Access: parse user@host and (group) in users field; field separator need
    not be surrounded by spaces
  * Aliases: allow spaces before colons
  * Aptconf: new lens for /etc/apt/apt.conf
  * Aptpreferences: support origin entries
  * Backuppchosts: new lens for /etc/backuppc/hosts, bug 233 (Adam Helms)
  * Bbhosts: various fixes
  * Cgconfig: id allowed too many characters
  * Cron: variables aren't set like shellvars, semicolons are allowed in
    email addresses; fix parsing of numeric fields, previously upper case
    chars were allowed; support ranges in time specs
  * Desktop: new lens for .desktop files
  * Dhcpd: slashes must be double-quoted; add Red Hat's dhcpd.conf locations
  * Exports: allow empty options
  * Fai_diskconfig: new lens for FAI disk_config files
  * Fstab: allow ',' in file names, BZ 751342
  * Host_access: new lens for /etc/hosts.{allow,deny}
  * Host_conf: new lens for /etc/host.conf
  * Hostname: new lens for /etc/hostname
  * Hosts: also load /etc/mailname by default
  * Iptables: allow digits in ipt_match keys, bug #224
  * Json: fix whitespace handling, removing some cf ambiguities
  * Kdump: new lens for /etc/kdump.conf (Roman Rakus)
  * Keepalived: support many more flags, fields and blocks
  * Krb5: support [pam] section, bug #225
  * Logrotate: be more tolerant of whitespace in odd places
  * Mdadm_conf: new lens for /etc/mdadm.conf
  * Modprobe: Parse commands in install/remove stanzas (this introduces a
    backwards incompatibility); Drop support for include as it is not documented
    in manpages and no unit tests are shipped.
  * Modules: new lens for /etc/modules
  * Multipath: add support for seveal options in defaults section, bug #207
  * Mysql: includedir statements are not part of sections; support !include;
    allow indentation of entries and flags
  * Networks: new lens for /etc/networks
  * Nrpe: allow '=' in commands, bug #218 (Marc Fournier)
  * Php: allow indented entries
  * Phpvars: allow double quotes in variable names; accept case insensitive
    PHP tags; accept 'include_once'; allow empty lines at EOF; support define()
    and bash-style and end-of-line comments
  * ostfix_master: allow a lot more chars in words/commands, including commas
  * PuppetFileserver: support same-line comments and trailing whitespace,
    bug #214
  * Reprepo_uploaders: new lens for reprepro's uploaders files
  * Resolv: permit end-of-line comments
  * Schroot: new lens for /etc/schroot/schroot.conf
  * Shellvars: greatly expand shell syntax understood; support
    various syntactic constructs like if/then/elif/else, for, while,
    until, case, and select; load /etc/blkid.conf by default
  * Spacevars: add toplevel lens 'lns' for consistency
  * Ssh: new lens for ssh_config (Jiri Suchomel)
  * Stunnel: new lens for /etc/stunnel/stunnel.conf (Oliver Beattie)
  * Sudoers: support more parameter flags/options, bug #143
  * Xendconfsxp: lens for Xen configuration (Tom Limoncelli)
  * Xinetd: allow spaces after '{'
- update modprobe lens patch to apply on 0.10.0
- update shellvars lens patch to add some missing files on SUSE
  distros mentioned in bnc#729491
- Remove rednudant tags/sections from specfile
- Patch shellvars.aug to recognize SUSE specific files in
  sysconfig (bnc#729491)
- move lenses from /usr/share/libaugeas0/augeas
  to /usr/share/augeas (bnc#719199)
- move vim lenses syntax files from -lenses to -devel package
- Remove redundant tags/sections from specfile
- Add augeas-devel to baselibs
- update to 0.9.0:
  - augtool: keep history in ~/.augeas/history
  - add aug_srun API function; this makes it possible to run a sequence of
    commands through the API
  - aug_mv: report error AUG_EMVDESC on attempts to move a node into one of
    its descendants
  - path expressions: allow whitespace inside names, making '/files/etc/foo
    bar/baz' a legal path, but parse [expr1 or expr2] and [expr1 and expr2]
    as the logical and/or of expr1 and expr2
  - path expressions: interpret escape sequences in regexps; since '.' does
    not match newlines, it has to be possible to write '.|n' to match any
  - path expressions: allow concatenating strings and regexps; add
    comparison operator '!~'; add function 'glob'; allow passing a nodeset
    to function 'regexp'
  - store the names of the functions available in path expressions under
  - fix several smaller memory leaks
  - Lens changes/additions
  * Aliases: allow spaces and commas in aliases (Mathieu Arnold)
  * Grub: allow "/bootfs"/ Solaris/ZFS extension for dataset name, bug #201
    (Dominic Cleal); allow kernel path starting with a BIOS device,
    bug #199
  * Inifile: allow multiline values
  * Php: include files from Zend community edition, bug #210
  * Properties: new lens for Java properties files, bug #194 (Craig Dunn)
  * Spacevars: autoload two ldap files, bug #202 (John Morrissey)
  * Sudoers: support users:groups format in a Runas_Spec line, bug #211;
    add CSW paths (Dominic Cleal)
  * Util: allow comment_or_eol to match whitespace-only comments,
    bug #205 (Dominic Cleal)
  * Xorg: accept InputClass section; autoload from /etc/X11/xorg.conf.d,
    bug #197
- fate#311042: Update augeas packages for latest puppet support
  in SLE-11
- update to 0.8.1
  * augtool: respect autosave flag in oneshot mode, bug #193;
    fix segfault caused by unmatched bracket in path expression,
    bug #186
  * eliminate a global variable in the lexer, fixes BZ 690286
  * replace an erroneous assert(0) with a proper error message when
    none of the alternatives in a union match during saving,
    bug #183
  * improve AIX support
  * Lens changes/additions
  * Access: support the format @netgroup@@nisdomain, bug #190
  * Fstab: fix parsing of SELinux labels in the fscontext option
  * Grub: support 'device' directive for UEFI boot, bug #189; support
    'configfile' and 'background'
  * Httpd: handle continuation lines; autoload httpd.conf on
    Fedora/RHEL, BZ 688149; fix support for single-quoted
  * Iptables: support --tcp-flags, bug #157; allow blank and comment
    lines anywhere
  * Mysql: include /etc/my.cnf used on Fedora/RHEL, BZ 688053
  * NagiosCfg: parse setting multiple values on one line
  * NagiosObjects: process /etc/nagios3/objects/*.cfg
  * Nsswitch: support 'sudoers' as a database, bug #187
  * Shellvars: autoload /etc/rc.conf used in FreeBSD
  * Sudoers: support '#include' and '#includedir', bug #188
  * Yum: exclude /etc/yum/pluginconf.d/versionlock.list
- changes for 0.8.0
  * add new 'square' lens combinator
  * add new aug_span API function
  * augtool: short options for --nostdinc, --noload, and --noautoload
  * augtool: read commands from tty after executing file with --interactive
  * augtool: add --autosave option
  * augtool: add --span option to load nodes' span
  * augtool: add span command to get the node's span according to the input
  * augtool: really be quiet when we shouldn't be echoing
  * fix segfault in get.c with L_MAYBE lens; bug #180
  * fix segfault when a path expression called regexp() with an invalid
    regexp; bug #168
  * improved vim syntax file
  * replace augtest by test-augtool.sh to obviate the need for Ruby to run
  * use sys_wait module from gnulib; bug #164
  * Lens changes/additions
  * Access: new lens for /etc/security/access.conf
  * Crypttab: new lens for /etc/crypttab
  * Dhcpd: new lens
  * Exports: accept hostnames with dashes; bug #169
  * Grub: add various Solaris extensions; support "/map"/ entries,
    bug #148
  * Httpd: new lens for Apache config
  * Inifile: new lens indented_title_label
  * Interfaces: allow indentation for "/iface"/ entries; bug #182
  * Mysql: change default comment delimiter from ';' to '#'; bug #181
  * Nsswitch: accept various add'l databases; bug #171
  * PuppetFileserver: new lens for Puppet's fileserver.conf
  * REsolv: allow comments starting with ';'; bug #173
  * Shellvars: autoload various snmpd config files; bug #170
  * Solaris_system: new lens for /etc/system on Solaris
  * Util (comment_c_style, empty_generic, empty_c_style): new lenses
  * Xml: generic lens to process XML files
  * Xorg: make "/position"/ in "/screen"/ optional; allow "/Extensions"/
    section; bug #175
- add baselibs.conf
- update to 0.7.4
  * augtool: new clearm command to parallel setm
  * augtool: add --file option
  * Fix SEGV under gcc 4.5, caused by difficulties of the gcc
    optimizer handling bitfields (bug #149; rhbz #651992)
  * Preserve parse errors under /augeas//error: commit 5ee81630,
    released in 0.7.3, introduced a regression that would cause
    the loss of parse errors; bug #138
  * Avoid losing already parsed nodes under certain circumstances;
    bug #144
  * Properly record the new mtime of a saved file; previously the
    mtime in the tree was reset to 0 when a file was saved, causing
    unnecessary file reloads
  * fix a SEGV when using L_MAYBE in recursive lens; bug #136
  * Incompatible lens changes
  * Fstab: parse option values
  * Squid: various improvements, see bug #46;
  * Xinetd: map service names differently
  * Lens changes/additions
  * Aptsources: map comments properly, allow indented lines;
    bug #151
  * Grub: add indomU setting for Debian.
    Allow '=' as separator in title; bug #150
  * Fstab: also process /etc/mtab
  * Inetd: support rpc services
  * Iptables: allow underscore in chain names
  * Keepalived: new lens for /etc/keepalived/keepalived.conf
  * Krb5: allow digits in realm names; bug #139
  * Login_defs: new lens for /etc/login.defs
    (Erinn Looney-Triggs)
  * Mke2fs: new lens for /etc/mke2fs.conf
  * Nrpe: new lens for Nagios nrpe (Marc Fournier)
  * Nsswitch: new lens for /etc/nsswitch.conf
  * Odbc: new lens for /etc/odbc.ini (Marc Fournier)
  * Pg_hba: New lens; bug #140 (Aurelien Bompard).
    Add system path on Debian; bug #154 (Marc Fournier)
  * Postfix_master: parse arguments in double quotes; bug #69
  * Resolv: new lens for /etc/resolv.conf
  * Shells: new lens for /etc/shells
  * Shellvars: parse ulimit builtin
  * Sudoers: load file from /usr/local/etc (Mathieu Arnold)
    Allow 'visiblepw' parameter flag; bug #143. Read files from
  * Syslog: new lens for /etc/syslog.conf (Mathieu Arnold)
  * Util: exclude dpkg backup files; bug #153 (Marc Fournier)
  * Yum: accept continuation lines for gpgkey; bug #132
- added patch for allow_unsupported_modules command in modprobe.d conf files
- added vim files symlinks for lens syntax files
- fixed a few rpmlint warnings (fixed rpm group, no ldconfig run)
* Update to 0.7.3
  * ug_load: only reparse files that have actually changed; greatly
  speeds up reloading
  * record all variables in /augeas/variables, regardless of whether
  they were defined with aug_defvar or aug_defnode; make sure
  /augeas/variables always exists
  * redefine all variables (by reevaluating their corresponding
  expressions) after a aug_load. This makes variables 'sticky'
  across loads
  * fix behavior of aug_defnode to not fail when the expression
  evaluates to a nonempty node set
  * make gnulib a git submodule so that we record the gnulib commit
  off which we are based
  * allow 'let rec' with non-recursive RHS
  * fix memory corruption when reloading a tree into which a
  variable defined by defnode points (BZ 613967)
  * plug a few small memory leaks, and some segfaults
  * Lens changes/additions
  * Device_map: new lens for grub's device.map (Matt Booth)
  * Limits: also look for files in /etc/security/limits.d
  * Mysql: new lens (Tim Stoop)
  * Shellvars: read /etc/sysconfig/suseconfig (Frederik Wagner)
  * Sudoers: allow escaped spaces in user/group names (Raphael Pinson)
  * Sysconfig: lens for the shell subdialect used in /etc/sysconfig;
    lens strips quotes automatically
* 0.7.2 - 2010-06-22
  * new API call aug_setm to set/create multiple nodes simultaneously
  * record expression used in a defvar underneath /augeas/variables
  * Lens changes/additions
  * Group: add test for disabled account (Raphael Pinson)
  * Grub: handle comments within a boot stanza
  * Iptables: also look for /etc/iptables-save (Nicolas Valcarcel)
  * Modules_conf: new lens for /etc/modules.conf (Matt Booth)
  * Securetty: added handling of emtpy lines/comments (Frederik Wagner)
  * Shellvars: added SuSE sysconfig puppet files (Frederik Wagner),
    process /etc/environment (seph)
  * Shellvars_list: Shellvars-like lens that treats strings of
    space-separated words as lists (Frederik Wagner)
* 0.7.1 - 2010-04-21
  * fix crash when recursive lens was used in a nonrecursive lens (bug #100)
  * context free parser/recursive lenses: handle 'l?' properly (bug #119);
  distinguish between successful parse and parse with an error at end of
  input; do caller filtering to avoid spurious ambiguous parses with
  grammars containing epsilon productions
  * aug_get: return -1 when multiple nodes match (bug #121)
  * much better error message when iteration stops prematurely during
  put/create than the dreaded 'Short iteration'
  * src/lens.c (lns_check_rec): fix refcounting mistake on error path (bug #120)
  * Lens changes/additions
  * Approx: lens and test for the approx proxy server (Tim Stoop)
  * Cgconfig: lens and tests for libcgroup config (Ivana Hutarova Varekova)
  * Cgrules: new lens and test (Ivana Hutarova Varekova)
  * Cobblermodules: lens + tests for cobbler's modules.conf (Shannon Hughes)
  * Debctrl: new lens and test (Dominique Dumont)
  * Dput: add 'allow_dcut' parameter (bug #105) (Raphael Pinson)
  * Dhclient: add rfc code parsing (bug #107) (Raphael Pinson)
  * Group: handle disabled passwords
  * Grub: support empty kernel parameters, Suse incl.s (Frederik Wagner)
  * Inittab: allow ':' in the process field (bug #109)
  * Logrotate: tolerate whitespace at the end of a line (bug #101); files
    can be separated by newlines (bug #104) (Raphael Pinson)
  * Modprobe: Suse includes (Frederik Wagner)
  * Nagisocfg: lens and test for /etc/nagios3/nagios.cfg (Tim Stoop)
  * Ntp: add 'tinker' directive (bug #103)
  * Passwd: parse NIS entries on Solaris
  * Securetty: new lens and test for /etc/securetty (Simon Josi)
  * Shellvars: handle a bare 'export VAR'; Suse includes (Frederik
    Wagner); allow spaces after/before opening/closing parens for array
  * Sudoers: allow del_negate even if no negate_node is found (bug #106)
    (Raphael Pinson); accept 'secure_path' (BZ 566134) (Stuart
* 0.7.0 - 2010-01-14
  * Support for context-free lenses via the 'let rec' keyword. The syntax
  is experimental, though the feature is here to stay. See
  lenses/json.aug for an example of what's possible with that.
  * Support for case-insensitive regular expressions. Simply append 'i' to
  a regexp literal to make it case-insensitive, e.g. /hello/i will match
  all variations of hello, regardless of case.
  * Major revamp of augtool. In particular, path expressions don't need to
  be quoted anymore. The online help has been greatly improved.
  * Check during load/save that each file is only matched by one transform
  under /augeas/load. If there are multiple transforms for a file, the
  file is skipped.
  * New error codes AUG_ENOLENS and AUG_EMXFM
  * Do not choke on non-existing lens during save
  * Change the metadata for files under /augeas/files slightly: the node
  /augeas/files/$PATH/lens now has the name of the lens used to load the
  file; the source location of that lens has moved to
  * New public functions fa_nocase, fa_is_nocase, and fa_expand_nocase in
  * Various smaller bug fixes, performance improvements and improved error
  * Lens changes/additions
  * Cobblersettings: new lens and test (Bryan Kearney)
  * Iptables: allow quoted strings as arguments; handle both negation
  * Json: lens and tests for generic Json files
  * Lokkit: allow '-' in arguments
  * Samba: accept entry keys with ':' (Partha Aji)
  * Shellvars: allow arrays that span multiple lines
  * Xinetd (name): fix bad '-' in character class
* 0.6.0 - 2009-11-30
  * Add error reporting API (aug_error and related calls); use to report
  error details in a variety of places
  * Path expressions: add regexp matching; add operator '|' to form union
  of nodesets (ticket #89)
  * Tolerate non-C locales from the environment (ticket #35); it is no
  longer necessary to set the locale to C from the outside
  * use stpcpy/stpncpy from gnulib (needed for building on Solaris)
  * Properly check regexp literals for syntax errors (ticket #93)
  * Distribute and install vim syntax files (ticket #97)
  * many more bugfixes
  * Lens changes/additions
  * Apt_preferences: support version pin; filter out empty lines (Matt
  * Cron: variables can contain '_' etc. (ticket #94)
  * Ethers: new lens for /etc/ethers (Satoru SATOH)
  * Fstab: allow '#' in spec (ticket #95)
  * Group: allow empty password field (ticket #95)
  * Inittab: parse end-of-line comments into a #comment
  * Krb5: support kdc section; add v4_name_convert subsection to
    libdefaults (ticket #95)
  * Lokkit: add mising eol to forward_port; make argument for --trust
    more permissive
  * Pam: allow '-' before type
  * Postfix_access: new lens for /etc/postfix/access (Partha Aji)
  * Rx: allow '!' in device_name
  * Sudoers: allow certain backslash-quoted characters in a command (Matt
  * Wine: new lens to read Windows registry files
* 0.5.3 - 2009-09-14
  * Match trees on label + value, not just label; see
  tests/modules/pass_strip_quotes.aug for how that enables stripping
  * Do not trip over symlinks to files on a different device during save;
  fixes problems with writing to /etc/grub.conf on Fedora/RHEL
  * API (defnode): always add the newly created node into the resulting
  * Add preceding-sibling and following-sibling axes to path expressions
  * augtool, augparse: add --version option (bug #88)
  * Change file info recorded under /augeas/files/FILE/*: remove lens/id
  and move lens/info to lens
  * Properly record new files under /augeas/files (bug #78)
  * aug_load: clean up variables to avoid dangling references (bug #79)
  * Make Augeas work on AIX
  * Ignore anything but regular files when globbing
  * Add 'clear' function to language for use in unit tests
  * typechecker: print example trees in tree format
  * libfa: properly support regexps with embedded NUL's
  * Lens changes/additions
  * Xorg: revamped, fixes various parse failures (Matt Booth)
  * Inetd: new lens and test (Matt Palmer)
  * Multipath: new lens and test
  * Slapd: also read /etc/openldap.slapd.conf (bug #85)
* 0.5.2 - 2009-07-13
  * Make Augeas work on Mac OS/X (bug #66) (Anders Bjoerklund)
  * reduce symbols exported from libfa with linker script
  * add --echo option to augtool
  * require Automake 1.11 (Jim Meyering)
  * avoid spurious save attempts for freshly read files
  * Lens changes/additions
  * Inittab: schema change: use 'id' field as name of subtree for a line,
    instead of a generated number. Map comments as '#comment' (Matt Palmer)
  * Logrotate: make owner/group in create statement optional, allow
    filenames to be indented
  * Ntp: allow additional options for server etc. (bug #72)
  * Shellvars: allow backticks as quote characters (bug #74)
  * Yum: also read files in /etc/yum/pluginconf.d (Marc Fournier)
* 0.5.1 - 2009-06-09
  * augeas.h: flag AUG_NO_MODL_AUTOLOAD suppresses initial loading
    of modules; exposed as --noautoload in augtool
  * augtool: don't prompt when input is not from tty (Raphael Pinson)
  * augparse: add --notypecheck option
  * path expressions: allow things like '/foo and /bar[3]' in predicates
  * Lens changes/additions
  * Aliases: map comments as #comment (Raphael Pinson)
  * Build, Rx, Sep: new utility modules (Raphael Pinson)
  * Cron: new lens (Raphael Pinson)
  * Dnsmasq: process files in /etc/dnsmasq.d/* (ticket #65)
  * Grub: parse kernel and module args into separate nodes; parse
    arguments for 'serial', 'terminal', and 'chainloader'; allow
    optional argument for 'savedefault'
  * Interfaces: make compliant with actual Debian spec (Matt Palmer)
  * Iptables: relax regexp for chain names; allow comment lines mixed
    in with chains and rules (ticket #51)
  * Logrotate: allow '=' as separator (ticket #61); make newline at end
    of scriptlet optional
  * Modprobe: handle comments at end of line
  * Ntp: parse fudge record (Raphael Pinson); parse all directives in
    default Fedora ntp.conf; process 'broadcastdelay', 'leapfile',
    and enable/disable flags (ticket #62)
  * Pbuilder: new lens for Debian's personal builder (Raphael Pinson)
  * Php: add default path on Fedora/RHEL (Marc Fournier)
  * Squid: handle indented entries (Raphael Pinson)
  * Shellvars: map 'export' and 'unset'; map comments as #comment
    (Raphael Pinson)
  * Sudoers: allow backslashes inside values (ticket #60) (Raphael Pinson)
  * Vsftpd: map comments as #comment; handle empty lines; find
    vsftpd.conf on Fedora/RHEL
  * Xinetd: map comments as #comment (Raphael Pinson)
- enable parallel building
* Update to 0.5.0
  * Upstream notes:
  Clean up interface for libfa; the interface is now considered stable
  * New aug_load API call; allows controlling which files to load by
  modifying /augeas/load and then calling aug_load; on startup, the
  transforms marked with autoload are reported under /augeas/load
  * New flag AUG_NO_LOAD for aug_init to keep it from loading files on
  startup; add --noload option to augtool
  * New API calls aug_defvar and aug_defnode to define variables for
  path expressions; exposed as 'defvar' and 'defnode' in augtool
  * New program examples/fadot to draw various finite automata (Francis
  * Report line number and character offset in the tree when parsing a
  file with a lens fails
  * Fix error in propagation of dirty flag, which could lead to only
  parts of a tree being saved when multiple files were modified
  * Flush files to disk before moving them
  * Fix a number of memory corruptions in the XPath evaluator
  * Several performance improvements in libfa
  * Lens changes/additions
  * Grub: process embedded comments for update-grub (Raphael Pinson)
  * Iptables: new lens for /etc/sysconfig/iptables
  * Krb5: new lens for /etc/krb5.conf
  * Limits: map dpmain as value of 'domain' node, not as label
    (Raphael Pinson)
  * Lokkit: new lens for /etc/sysconfig/system-config-firewall
  * Modprobe: new lens for /etc/modprobe.d/*
  * Sudoers: more finegrained parsing (ticket #48) (Raphael Pinson)
* Update to 0.4.2
  * Moved lense tests into separate package 'augeas-lense-tests'
  * Added augeas-lenses-license-fix patch
  * Upstream notes:
  * Do not delete files that had an error upon parsing
  * For Fedora/EPEL RPM's, BuildRequire libselinux-devel (bug #26)
  * In path expressions, the meaning of '<' and '<=' was reversed
  * Always create an entry /files in aug_init
  * New builtin 'Sys' module with functions 'getenv' and 'read_file',
  the latter reads a the contents of a file into a string
  * Lens changes/additions
  * Postfix_main: handle continuation lines
  * Bbhosts, Hosts, Logrotate, Sudoers: label comment nodes as '#comment'
  * Sshd: map comments as '#comment' nodes
  * Squid: add all keywords from squid 2.7 and 3 (Francois Deppierraz)
  * Logrotate: process unit suffixes for 'size' and 'minsize'
* Update to 0.4.1
  * Moved lenses to separate package 'augeas-lenses'.
  * Upstream notes:
  * Remove files when their entire subtree under /files is deleted
  * Various bug fixes and syntax enhancements for path expressions
  (see tests/xpath.tests for details)
  * Evaluate path expressions with multiple predicates correctly
  * Fix incorrect setting of /augeas/events/saved
  * Major cleanup of matching during get; drastically improves
  performance for very large (on the order of 10k lines) config files
  * Small performance improvement in the typechecker
  * Reject invalid character sets like [x-u] during typecheck
  * Build with compile warnings set to 'maximum' instead of 'error', so
  that builds on platforms with broken headers will work out of the box
  * Lens changes/additions
  * Util.stdexcl now excludes .augsave and .augnew files
  * Logrotate: allow 'yearly' schedule, spaces around braces
  * Ntp: fix so that it processes ntp.conf on Fedora 10
  * Services: lens for /etc/services (Raphael Pinson)
  * Xorg: new lens and tests (Raphael Pinson)
- Update pidfile path to /run from /var/run (bsc#1185155)
- 0003-autofs-5.1.4-fix-fd-leak-in-rpc_do_create_client.patch
  Fix filedescriptor leak (bsc#1093436)
- BuildRequire pkgconfig(udisks2) instead of udisks2-devel: let's
  be flexible on possible package name changes.
- Package COPYRIGHT as %license instead of %doc.
- 0001-use_hostname_for_mounts-shouldn-t-prevent-selection-.patch
  Fix handling of replicated NFS server so that
  selection between servers still works sensibly when
  use_hostname_for_mounts is in effect.
- 0002-Fix-monotonic_elapsed.patch
  Fix bug introduced with monotonic-time patches which
  causes nanoseconds to be ignored and effectively
  disables sorting based on response time and/or weight.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Add build require for rpcgen (preparation for removing it from
- fix ordering of seteuid/setegid in do_spawn (bsc#1062482).
- fix unset tsd group name handling (bsc#1062482).
- fix possible map instance memory leak (bsc#1038198).
- check map instances for staleness on map update (bsc#1038198).
- Added patches:
  - autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch
  - autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch
  - autofs-5-1-3-fix-possible-map-instance-memory-leak.patch
  - autofs-5-1-3-fix-unset-tsd-group-name-handling.patch
- Add libnsl-devel as build require in preparation of libnsl
  removal from glibc
- Add gpg signature
- Update URL to use www.kernel.org now that ftp is gone.
- update to version 5.1.3:
  * limit getgrgid_r() buffer size
  * increase worker thread per-thread stack size
  * fix offset mount location multiple expansion
  * use malloc for expanded map location
  * fix invalid reference in remount_active_mount()
  * fix work around sss startup delay
  * fix possible NULL derefernce
  * use autofs_point to store expire timeout where possibe
  * add config option to use mount request log id
  * factor out set_thread_mount_request_log_id()
  * log functions to prefix messages with attempt_id if available
  * create thread-local ID for mount attempts
  * add the mount requestor's pid to pending_args
  * delay submount exit for amd submounts
  * fix bogus check in expire_cleanup()
  * handle amd cache option all in amd type auto mounts
  * handle map_option cache for top level mounts
  * capture cache option and its settings during parsing
  * add function conf_amd_get_map_options()
  * check for conflicting amd section mounts
  * include amd mount section mounts in master mounts list
  * add function conf_amd_get_mount_paths()
  * add function conf_amd_get_map_name()
  * add support for amd browsable option
  * add ref counting to struct map_source
  * fix typos in README.amd-maps
  * honor last rw in mount options when doing a bind mount
  * set autofs mounts catatonic at exit
  * make set_direct_mount_catatonic() more general
  * check NFS server availability on local mount fallback
  * make lookup_nss_read_master() return nss status
  * don't return until after master map retry read
  * set sane default master read wait timeout
  * dont exit on master map read fail timeout
  * fix included master map not found return
  * fix quoted key handling in sanitize_path()
  * add sss master map wait config option
  * work around sss startup delay
  * add master read wait option
  * wait for master map available at start
  * update and add README for old autofs schema
  * fix create_client() RPC client handling
  * fix _strncmp() usage
  * fix argc off by one in mount_autofs.c
  * fix cachefs parse message not being logged
  * fix typo in MOUNT_FLAG_GHOST comment
  * Avoid local variable name shadowing another
  * configure: add cache variable for Linux proc filesystem check
  * fix count_mounts() function
  * fix short memory allocation in lookup_amd_instance()
  * Fix fgets(3) size argument (another one)
  * Fix typos in error messages
  * Remove unused local 2KB buffer
  * fix file map changed check
  * Change .requestor to .requester for consistency
  * Fix a typo in CREDITS
  * fix libtirpc detection with -Wl,--as-needed
  * Fix size arg of fgets(3)
  * Drop redundant n in logerr()
  * Fix compiler warning in try_remount()
  * build: check for clock_gettime in librt
  * fix possible memory leak in nfs mount
  * add config option to suppress not found log message
  * properly handle errors in lookup_nss_mount
  * fix yp map age not updated during map lookup
  * fix 'nameing' typo in autofs.conf
  * add remote-fs.target systemd dependency
  * add autofs(5) note of IPv6 libtirpc requirement
  * fix autofs(5) description of supported map sources
  * fix modules make clean target
  * fix Makefile linking dependencies
  * fix handle_mounts() termination condition check
  * log pipe read errors
  * fix use-after-free in st_queue_handler()
  * always set direct mounts catatonic at exit
  * improve scalability of direct mount path component
  * fix use after free in match_my_name()
  * fix memory leak in get_network_proximity()
  * fix typo in autofs_sasl_bind()
  * fix use after free in open_lookup()
  * fix use after free in sun parser parse_init()
  * fix memory leak in ldap do_init()
  * fix memory leak in nisplus lookup_reinit()
  * fix sasl connection concurrancy problem
  * fix unbind sasl external mech
  * remove unused function elapsed()
  * change time() to use monotonic_clock()
  * change remaining gettimeofday() to use clock_gettime()
  * use monotonic clock for indirect mount condition
  * use monotonic clock for direct mount condition
  * define pending condition init helper function
  * use monotonic clock for alarm thread condition wait
  * define monotonic clock helper functions
  * Add a mode option for master map entries
  * fix error handling of is_mounted()
  * fix out of order call in program map lookup
  * add configuration option to use fqdn in mounts
  * update map_hash_table_size description
  * change lookup to use reinit instead of reopen
  * implement reinit in multi lookup module
  * fix map format check in nss_open_lookup() multi map module
  * factor out alloc multi map context
  * factor out free multi map context
  * add type to struct lookup_mod
  * implement reinit in yp lookup module
  * implement reinit in sss lookup module
  * implement reinit in program lookup module
  * implement reinit in nisplus lookup module
  * implement reinit in ldap lookup module
  * implement reinit in hosts lookup module
  * implement reinit in hesiod lookup module
  * implement reinit in file lookup module
  * implement reinit in dir lookup module
  * implement reinit in parse modules
  * add reinit entry point to modules
  * fix nsswitch handling when opening multi map
  * make open_lookup() return nss status
  * move check_nss_result() to nsswitchr.c
  * fix update_hosts_mounts() return
  * fix missing source sss in multi map lookup
  * fix direct map expire not set for initial empty map
  * fix direct mount stale instance flag reset
  * fix error handling on ldap bind fail
  * fix config old name lookup
  * fix rwlock unlock crash
  * fix return handling of do_reconnect() in ldap module
  * make find_server() return a status
  * make find_dc_server() return a status
  * make connect_to_server() return a status
  * make do_connect() return a status
  * move query dn calculation from do_bind() to do_connect()
  * fix return handling in sss lookup module
  * fix left mount count return from umount_multi_triggers()
  * revert fix libtirpc name clash
  * update libtirpc workaround for new soname
  * fix fix gcc5 complaints
  * Removed patches:
  * Updated patches for context:
- remove rpmlintrc, review was boo#782691
- Fix spurious ELOOP on certain kinds of failures (bsc#968918):
  * autofs: fix yp map age not updated in s/_/./g case
  * autofs: properly handle errors in lookup_nss_mount
  * Added patches:
- improve scalability of direct mount path component creation (bsc#966573).
  * Added autofs-improve-scalability-of-direct-mount-path-comp.patch
  * Refreshed autofs-5.1.1-dbus-udisks-monitor.patch
- Use libldap_r instead of libldap for thread safety (bsc#955477).
  * Added autofs-use-libldap_r-instead-of-libldap-for-thread-safety.patch
- add patch autofs-5.1.1-leave_auth_destroy.patch (bnc#958410)
  do not redefined auth_destroy, the reason for this has long
  been fixed in libtirpc (version 0.2.1 is already fine)
- autofs.service: Use KillMode=mixed so "/KillSignal"/ (SIGTERM) is
  only sent to the main process and if still does not exit after
  "/TimeoutStopSec"/ then "/SendSIGKILL"/ is sent to all remaining
  processes of the unit's control group.
  This is the desired behaviour for almost all daemons that
  execute foreign programs.
- update to version 5.1.1:
  * fix compile error in defaults.c
  * add serialization to sasl init
  * dont allocate dev_ctl_ops too early
  * fix incorrect round robin host detection
  * fix race accessing qdn in get_query_dn()
  * fix leak in cache_push_mapent()
  * fix config entry read buffer not checked
  * fix FILE pointer check in defaults_read_config()
  * fix memory leak in conf_amd_get_log_options()
  * fix signed comparison in inet_fill_net()
  * fix buffer size checks in get_network_proximity()
  * fix leak in get_network_proximity()
  * fix buffer size checks in merge_options()
  * check amd lex buffer len before copy
  * add return check in ldap check_map_indirect()
  * check host macro is set before use
  * check options length before use in parse_amd.c
  * fix some out of order evaluations in parse_amd.c
  * fix copy and paste error in dup_defaults_entry()
  * fix leak in parse_mount()
  * add mutex call return check in defaults.c
  * force disable browse mode for amd format maps
  * fix hosts map options check in lookup_amd_instance()
  * fix memory leak in create_client()
  * fix memory leak in get_exports()
  * fix memory leak in get_defaults_entry()
  * fix out of order clearing of options buffer
  * fix reset amd lexer scan buffer
  * ignore multiple commas in options strings
  * fix typo in flagdir configure option
  * clarify multiple mounts description
  * gaurd against incorrect umount return
  * update man page autofs(8) for systemd
  * dont pass sloppy option for other than nfs mounts
  * make service want network-online
  * fix fix master map type check
  * init qdn before use in get_query_dn()
  * fix typo in update_hosts_mounts()
  * fix hosts map update on reload
  * make negative cache update consistent for all lookup modules
  * ensure negative cache isn't updated on remount
  * dont add wildcard to negative cache
  * add a prefix to program map stdvars
  * add config option to force use of program map stdvars
  * fix incorrect check in parse_mount()
  * handle duplicates in multi mounts
  * revert special case cifs escapes
  * fix map option parsing for 'strictatime'
  * fix showmount search in auto.net
  * remove obsolete comment in auto.net
  * fix macro usage in lookup_program.c
  * fix gcc5 complaints
  * remove unused offset handling code
  * fix mount as you go offset selection
  * link daemon with pthread library (Debian patch)
  * manpage corrections (Debian patch)
  * fix manpages hyphenation (Debian patch).
- ported patches:
  * autofs-5.1.0-dbus-udisks-monitor.patch ->
  * autofs-debuginfo-fix.patch -> autofs-5.1.1-debuginfo-fix.patch
  * autofs-5.0.9-suse-auto_master_default.patch ->
  * autofs-5.0.9-task-use-after-free.patch ->
- remove patches that are now upstream:
  * autofs-5.1.0-dont-pass-sloppy-option-for-other-than-nfs-mounts.patch
  * autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch
  * autofs-5.1.0-add-config-option-to-force-use-of-program-map-stdvars.patch
  * autofs-5.1.0-gcc5-fixes.patch
- add autofs-5.1.0-gcc5-fixes.patch: Fix build against gcc 5.x
- prevent potential privilege escalation via interpreter load path
  for program-based automount maps, add the following patches:
  (bnc#917977 CVE-2014-8169)
- add autofs-5.1.0-dont-pass-sloppy-option-for-other-than-nfs-mounts.patch
- Fix autofs.service so that multiple options passed through
  sysconfig AUTOFS_OPTIONS work correctly (bsc#909472)
- Fix configuration handling now that we have /etc/autofs.conf
  and /etc/sysconfig/autofs. Runtime options are now configured in
  the former, while settings that affect the daemon start up are
  still handled in the latter.
- Clean-up sysconfig.autofs, leave only init script options:
- Run %fillup also when systemd is enabled. (bsc#906606)
- Use udisks2, udisks development has ceased in favor of udisks2.
- Add reproducible.patch to normalize tar
- Normalize date in man-pages (boo#1047218)
- Add patch to build with guile 2.2:
  * autogen-guile-2.2.patch
- Add autogen-catch-race-error.patch (boo#1021353)
- Update to version 5.8.12:
  * several configury fixes to enable cross platform building.
  * fompletion of a change in "/char-mapper"/ to enable bootstrapping
- GNU autogen 5.18.10:
  * NUL terminate CGI definitions text
- GNU autogen 5.18.9:
  * When parsing CGI, do not allow spaces to be lost
  * In producing usage text, check more rigorously that
    option "/values"/ are really not flag characters.
- GNU autogen 5.18.8:
  * Ensure testing vars start as unset for testing
  * happy new year & de-uglifications
- update download URL and usptream signing key
- Rename devel package to libopts-devel
- Add corresponding obsoletion
- Fix typo in preun script
- Split shared libraries (boo#976068)
- Move info handling to preun section
- Do not ship .la file
- Update to 5.18.7
  * {AG,CL,GD}exe environment variables may be set to force
  bootstrapping with a particular release.
  * MAN_PAGE_DATE can be used with various man page docs to
  override the current date default.
  * project may now be bootstrapped and built in the source
  directory with no ill effect.
  * AutoGen as a daemon will never happen.  Last vestiges gone.
  * templates may now obtain the most recent source modification
  time with "/(max-file-time)"/
- Update to 5.18.6
  * {AG,CL,GD}exe environment variables may be set to force
    bootstrapping with a particular release.
  * MAN_PAGE_DATE can be used with various man page docs to
    override the current date default.
  * project may now be bootstrapped and built in the source
    directory with no ill effect.
  * AutoGen as a daemon will never happen.  Last vestiges gone.
  * templates may now obtain the most recent source modification
    time with "/(max-file-time)"/
- No longer call autoreconf
- Update info files dependencies
- Refresh partially upstreamed autogen-build_ldpath.patch
- Update to 5.18.5
  * Guile 1.6 is now obsolete.  1.7/8 or newer from now on.
    Fixed issues with Guile managed locale string processing.
    (It keeps getting better and better all the time and I
    must keep adjusting over and over all the time.)
  * more Guile-config somersaults
    config/misc.def: sometimes, "/pkg-config --cflags-only-I"/ yields
    multiple directories for Guile and that incantation is the only
    way to find libguile/version.h and that header is the only way
    to determine the micro version and the micro version is the best
    way to check for certain types of breakage.  (Testing is too
  * for-each handler functions may now be able to free (or not)
    the file text via the "/handler-frees"/ attribute.
- Remove upsteamed patch:
  * autoopts-remove-stupid-set-e.patch
  * agen5-testsuite.patch
- Cleanup spec file with spec-cleaner
- Use url for source
- Add gpg signature
- Update to 5.18.4
  * Do Not Edit (dne) warning:  the default of printing a date in
    the warning has now changed to not doing so.  The "/-d"/ option
    to suppress the date is now deprecated (ignored).  A new
    option, "/-D"/ will cause the date to be included.  The
    environment variable, "/AUTOGEN_DNE_DATE"/ overrides everything.
  * The RETURN function was not completely implemented and only
    partially worked.  It is working now.
  * optionPrintVersionAndReturn() is a new function for applications
    that wish to extend the behavior of the "/--version"/ option.
  * mdoc and man pages have been greatly improved.
  * libopts tear-off library used stdnoreturn.h and now includes
    infrastructure for systems deficient in that area
  * new function: insert-file  It will simply insert the contents
    of a file (or list of files) into the output stream.
- Copy the files to the right location when a <file_location>
  is given (bsc#1188357).
- 4.3.86
- Add missing elements to rules.xml schema:
  - installed_product and installed_product_version (boo#1176089)
  - dialog section (bsc#1188153)
- Do not export the general/storage section when it is empty
  (related to bsc#1171356 and bsc#1187916).
- 4.3.85
- Properly register the script to reboot after applying online
  updates (bsc#1187962).
- 4.3.84
- Do not crash when the general/storage section is empty
- 4.3.83
- Import proxy settings during the 1st stage of the installation
- 4.3.82
- Recommend icewm if graphical installation (bsc#1185095)
- 4.3.81
- Install packages in the PackagesProposal during autoupgrade
  (see bsc#1184488).
- 4.3.80
- Consider 'static_text' as a valid value for 'ask/type' elements
- 4.3.79
- During autoupgrade do not try to register the system if it is
  explicitly disabled in the profile (bsc#1176965)
- 4.3.78
- Do not crash while sorting the list of modules to be processed
  during the 2nd stage (bsc#1184316).
- Prevent AutoYaST UI from crashing when trying to apply a module
  changes (bsc#1184429).
- 4.3.77
- Use 'module' instead of 'listentry' when exporting pre-modules
  and post-modules lists (bsc#1184342).
- Show the <ask-list> only once during autoinstallation
- Add the 'mkfs_options' element to the schema (bsc#1184268).
- Fix crash during using autoyast UI (bsc#1184216)
- 4.3.76
- fix handling of empty signature-handling element in autoyast
  profile (bsc#1180968)
- 4.3.75
- Export properly "/ask"/ section "/selection"/  (bsc#1183624)
- 4.3.74
- Move default networking section values to the network repository
  in order to reduce the redundancy and to avoid an unexpected
  behavior (bsc#1180535).
- 4.3.73
- Autoyast schema: allow semi-automatic_entry alias for module in
  semi-automatic entry as it was already documented in autoyast
  documentation (bsc#1183512)
- 4.3.72
- Remove the 'haspcmica' element from the schema (related to
- 4.3.71
- Import the security settings after importing the bootloader
  configuration (bsc#1183042).
- 4.3.70
- Select patterns during auto installation even when not using the
  confirm mode (related to jsc#SMO-20 and bsc#1182543).
- 4.3.69
- Adapted unit test to recent changes in Yast::Report (related to
- 4.3.68
- AutoYaST UI: fixed field Mount Options (fstopt) in the
  partitioning section (bsc#1181577).
- 4.3.67
- AutoYaST UI: added drive types CT_NFS and CT_TMPFS to the
  partitioning section (part of jsc#SLE-11308).
- 4.3.66
- Upgrade: Checking if a valid base product has been selected for
  upgrade and if not asking the user to check the product entry
  in the AY configuration file (bsc#1175876).
- 4.3.65
- Add support for Btrfs quotas (jsc#SLE-7742).
- 4.3.64
- Rules download: The result will be stored in the target file when
  the download has failed. This file has to be removed (bsc#1178804)
- 4.3.63
- AutoYaST warnings timeout applies to the XML validation error
  dialog (bsc#1176973).
- 4.3.62
- Allow setting the 't' (or 'config:type') attribute in the
  'backup' and 'upgrade' elements (bsc#1176834 and bsc#1176848).
- 4.3.61
- Do not show a warning the user when a script just did not run
- 4.3.60
- Fix the progress bar length during autoinstallation
  initialization (bsc#1177322).
- Resolve "/zzz_reboot"/ script conflict (bsc#1177036)
- 4.3.59
- Fix 'inst_autosetup' tests (bsc#1177227).
- 4.3.58
- Add validation of 'activate_systemd_default_target' and
  'final_restart_services' elements in the 'general/mode' section
  (related to bsc#1176595).
- 4.3.57
- Improve validation errors presentation (related to bsc#1176973).
- 4.3.56
- Drop the 'general/mouse' element from the schema. It has been
  unsupported since version 3.0.3, FATE#313101 (bsc#1176973).
- 4.3.55
- Fix tests for CWM::ComboBox (related to the CWM changes for
- 4.3.54
- Add the schema for 'backup' and 'upgrade' sections (bsc#1176834).
- 4.3.53
- Set 0o600 permissions to the generated profile when cloning
  a system (bsc#1174202).
- Add new action `yast2 autoyast check-profile` (related to
  bsc#1175735) which features:
-- XML syntax check
-- XML schema validation
-- try to fetch the profile
-- generate dynamic profile erb or classes/rules
-- optional try to import profile and detect any issues with it
-- optional run of scripts including dynamic profiles in pre-script
-- 4.3.52
- Removing package evaluation via AY schema. Using autoyast(...)
  supplements instead (bsc#1146494).
- 4.3.51
- Import general and report sections in case that some pre-script
  modified the profile (bsc#1175725)
- 4.3.50
- Fix 'bcache_options' element using the right type (bsc#1176595)
- 4.3.49
- Fix the returned value form the AutoinstPartPlan's Read method
- 4.3.48
- Formally mark that fixes made for SP2 no longer affect SP3
  (no code changes bsc#1173793 and bsc#1172026). For the first one
  code is not longer in place and for the second new xml parser
  does not need workaround for empty strings.
- 4.3.47
- Fix installation using encrypted profile (bsc#1176336)
- improve usability by entering password just once
- use shared UI::PasswordDialog
- 4.3.46
- Using "/:"/ in the autoyast(...) supplements (bsc#1146494).
- 4.3.45
- When 'NetworkManager' is selected in the profile as the network
  backend to be used, the 'NetworkManager' package is added to the
  list of packages to be installed in case of missing (bsc#1172817)
- 4.3.44
- Recognize installed_product and installed_product_version as
  legal elements of rules.xml files (boo#1176089).
- 4.3.43
- Add to erb templates more helpers (bsc#1175735)
- Use <script> elements instead of <listentry> when exporting the
  <postpartitioning-scripts> section (related to bsc#1175714).
- Saving log files of postpartitioning-scripts (bsc#1145269)
- 4.3.42
- Fix the AutoYaST storage UI (related to bsc#1175680).
- 4.3.41
- Unify profile element paths (bsc#1175680).
- 4.3.40
- bnc#1174133
  - do not crash with internal error when the profile contains
    corrupted signature_handling option
- 4.3.39
- Add ability to use erb template as dynamic autoyast profile
- 4.3.38
- Speed up finding the "/autoyast()"/ supplements by filtering
  packages directly on the lilbzypp level (bsc#1175317, related to
- 4.3.37
- Reporting an error if an corrupted AY configuration file has been
  read (bsc#160975).
- 4.3.36
- bsc#1173624
  - Run firewall configuration in first stage
- 4.3.35
- AutoYaST: Added supplements: autoyast(files,general,report,scripts,
  partitioning,software) into the spec file in order to install
  this packages if the section has been defined in the AY
  configuration file (bsc#1146494).
- 4.3.34
- Improve finding the respective package for a section in the XML
  installation profile. Find a package with the
  "/autoyast(<section_name>)"/ supplements dependency (bsc#1146494).
- 4.3.33
- Do not report profile validation errors multiple times if the
  errors are the same already reported and accepted (bsc#1173091)
- 4.3.32
- Adapted doc: Calling of post-partitioning scripts moved from
  dropped inst_autoimage to inst_kickoff (bsc#1140711).
- Removed "/image"/ section from "/software"/ section (bsc#1140711).
- 4.3.31
- handle properly exceptions from new XML parser/serializer
  (related to bsc#1171412)
- 4.3.30
- Do not crash when the networking section is missing
- 4.3.29
- Fix fallback for autoyast client name (bsc#1174119)
- 4.3.28
- Do not crash when wait section is not initialized (related to
- 4.3.27
- Moving <files> section handling from second installation stage
  to first installation stage. (bsc#1174194)
- 4.3.26
- Export more methods in AutoinstGeneral so it can be queried for
  general autoyast settings (bsc#1174173)
- 4.3.25
- Fix 'partition' elements using the right type (bsc#1174071).
- 4.3.24
- Fix exception when autoyast module does not report any package
  to install (bsc#1174069)
- 4.3.23
- Move pre-scripts to the autoinit client running them just after
  the profile has been processed (bsc#1110413)
- 4.3.22
- Replace old module registry with newer code that is easier to
  maintain and better test covered (bsc#1173699)
- 4.3.21
- Make the report section elements optional as AutoYaST proposes
  default values when missing (bsc#1173312)
- 4.3.20
- The language, timezone and keyboard sections are applied and
  removed during the first stage (bsc#1173624).
- 4.3.19
- Allow the user to ask for a reduced profile using the 'target'
  argument in the command line (bsc#1171356).
- 4.3.18
- Cloning does not depend on the SetModified API call(bsc#1172552)
- 4.3.17
- Do not export general section if not requested (bsc#1172552)
- 4.3.16
- Validate the XML files before using them (bsc#1173091)
- Allow disabling the validation by setting
- 4.3.15
- Do not export sections with no content (related to bsc#1172749).
- 4.3.14
- AutoinstGeneral.SetRebootAfterFirstStage is not private
  anymore (bsc#1172865).
- 4.3.13
- Do not export Report section when cloning system as it is always
  just defaults (bsc#1172749)
- 4.3.12
- Autoyast User Scripts Improvements:
  - ensure all artifacts are copied to system (bsc#1145269)
  - show warning if script returns non zero value
  - show warning if there are two scripts that overwrite each other
  - allow any interpreter to be used
- 4.3.11
- Do not crash when the partitioning section is not specified
- 4.3.10
- Fix 'autoyast' and 'clone_system' command line interfaces
  - autoyast: add a list-modules command to list all known modules.
  - autoyast: display the correct client name in the help text.
  - autoyast: 'file' and 'module' command are now equivalent.
    Both of them support setting 'filename' and 'modname'
  - clone_system: add a 'filename' option instead of always using
  - clone_system: move the logic to find the clonable modules
    to Y2ModuleConfig.
- 4.3.9
- AutoYaST schema fixes:
  - Work around Relax-NG parser error: "/Found anyName attribute
    without oneOrMore ancestor"/ (bsc#1172131)
  - Rename 'option' to 'fs_option' to fix a duplicate definition
- 4.3.8
- AutoYaST: Cleanup/improve issue handling (bsc#1171335).
- 4.3.7
- When running an autoinstallation with the Online medium, the
  network configuration based on the profile can be written before
  the registration takes place (bsc#1171922)
- 4.3.6
- Do not propose insecure signature handling settings when
  cloning (bsc#1171343).
- Assign the correct callback when "/accept_unknown_digest"/ is set.
- Do not export storage settings in the general section
  unless it is needed (related to bsc#1171356).
- 4.3.5
- The network configuration is applied during the first stage by
  default (bsc#1171922)
- 4.3.4
- Revamp the storage client user interface, adapting it to the
  storage-ng features.
- Avoid detecting bcache as a volume group (bsc#1136454).
- 4.3.3
- Fix error reporting for invalid profile to respect new API
- fix profile loading test
- 4.3.2
- fix schema if it include definition multiple times (bsc#1171412)
- 4.3.1
- Do not export storage settings in the general section
  unless it is needed (related to bsc#1171356).
- Improve AutoInstClone module test coverage and clean-up unused
- AutoYaST schema improvements (bsc#1170886)
-- Allow optional types for string and map objects
-- Allow type specification without namespace
-- Add type specification with 't' shortcut
- 4.3.0
- ayast_setup: Do not add a 'networking' section to the profile
  when it is not defined explicitly as it is not needed anymore
  since keeping the configured network is the default option during
  autoconfiguration (bsc#1170821)
- 4.2.35
- Service for init scripts: Try to start "/network-online.target"/
  before starting the AY init scripts in order to get a working
  network (bsc#1164105).
- 4.2.34
- Restore some missing icons (related to bsc#1168123, boo#1109310
  and boo#1168281).
- 4.2.33
- Fix desktop files updating some icons and groups (related to
- 4.2.32
- Adapted to changes in yast2-storage-ng (related to bsc#1140040).
- 4.2.31
- Security fix: Removed all "/--gpg-auto-import-keys"/ options from
  zypper commands (bsc#1140711) (CVE-2019-18905)
- 4.2.30
- Fixed crash while loading none existing AY file (bsc#1165464).
- 4.2.29
- Service for init scripts: Checking working network with
  "/network-online.target"/ before starting the AY init scripts
- 4.2.28
- Fixed user-visible messages (bsc#1084015)
- 4.2.27
- Fix cloning patterns (regression from 4.2.22)
  (bsc#1159269, bsc#1159472)
- 4.2.26
- Fixed conflicting items in rule dialogs (bsc#1123091).
- Semi-automatic with partition: Do not use the common AY partition
  workflow (bsc#1134501).
- Do not reset Base-Product while registration. Do not call
  registration in the second installation stage again.
- Fix profile validation for scripts elements (bsc#1156905).
- UI: Report XML parsing errors instead of just crashing
- 4.2.25
- Allow to run autoupgrade on registered system with almost empty
  profile (jsc#SLE-7101)
- 4.2.24
- Improve message when registration missing for autoupgrade with
  online medium (jsc#SLE-7101)
- 4.2.23
- Using Y2Packager::Resolvable.any? and Y2Packager::Resolvable.find
  in order to decrease the required memory (bsc#1132650, bsc#1140037).
- 4.2.22
- Do not override all storage proposal settings when importing
  values from the profile (boo#1156539).
- 4.2.21
- Handle renamed add-ons during auto upgrade (part of jsc#SLE-7101)
- 4.2.20
- report wrong type of param-list instead of crash (bsc#1143260)
- 4.2.19
- Fix autoinstallation on online medium (bsc#1156058)
- 4.2.18
- Update schema to support setting the encryption method through
  the 'crypt_method' (related to jsc#SLE-7376).
- 4.2.17
- AutoYaST support for the Full installation medium
- 4.2.16
- fix auto-adding required packages for autoyast sections (bsc#1153746)
- don't run kdump autoyast config in 2nd stage
- 4.2.15
- bnc#1154855 - During firstboot ayast_setup will not be executed.
- 4.2.14
- Do not crash when using the online medium without the
  registration section in the AY XML profile, display an error
  message with some hints (bsc#1154988)
- 4.2.13
- AutoYaST support for the OnlineOnly installation medium
- 4.2.12
- Do not run the registration step again in the installed system
  (in the 2nd stage after reboot) (bsc#1153293)
- 4.2.11
- Fix dependency for autoyast2-installation (bsc#1131235)
- 4.2.10
- Move kdump import before software import to allow kdump to
  specify packages it needs in first stage (bsc#1149208)
- 4.2.9
- Set X-SuSE-YaST-AutoInstResource in desktop file (bsc#144894).
- 4.2.8
- Add missing 'uuid' element to the partition sections
- 4.2.7
- Fixed downloading of AutoYaST configuration file with "/relurl"/
- 4.2.6
- Use modern tar syntax
- Require fillup because it's executed in %post
- Fixed an Internal Error when AutoYaST is importing users and
  groups configuration (bsc#1140339).
- 4.2.5
- Fixed new desktop file name (bsc#1138144).
- 4.2.4
- Always perform a storage re-probe after executing pre-scripts.
- Related to bsc#1133045
- 4.2.3
- Add multi-device Btrfs related elements to the partitioning
  schema (part of jsc#SLE-3877).
- 4.2.2
- Add metainfo (fate#319035)
- Revamp spec
- Replace GenericName with Comment
- 4.2.1
- Uninstall the "/SUSE-Manager-Proxy"/ product when upgrading from
  SLES12 + SUMA Proxy + SUMA Branch Server (bsc#1133215)
- 4.2.0
- Removed check for available devices. When there are no devices,
  the proposal issues will be shown (needed for bsc#1130256).
- 4.1.5
- Postpone disabling local repositories if the second stage is
  required (bsc#1127818).
- 4.1.4
- Add Bcache related elements to the partitioning schema
- 4.1.3
- Avoid to crash when the profile has a not valid sofware section
- 4.1.2
- Reading IPv6 setting in order to initialize it correctly.
- 4.1.1
- Fixed conflicting items in rule dialogs (bsc#1123091).
- 4.1.0
- Provide icon with module (boo#1109310)
- 4.0.70
- Function SelectProduct removed in order NOT to select All
  available products (bsc#1116332).
- 4.0.69
- Fallback to English when using fbiterm on those languages
  which are not properly supported (fate#325746).
- 4.0.68
- Removed unneeded flag network_needed in script section.
- 4.0.67
- Writing security settings in first AY installation stage.
  So other modules (e.g. users) can rely on these settings now.
- 4.0.66
- Saving y2logs after the installation has been finished.
- 4.0.65
- Adapt schema to support the new way of defining a software
  RAID (fate#326573).
- 4.0.64
- Added license file to spec.
- AutoInstallRules:  Do a cleanup of the profile being merged with
- 4.0.63
- AutoYaST configuration module: Enable edit action for firewall
  module (fate#324662).
- 4.0.62
- AutoInstallRules: Fixed crash while merging profiles.
- 4.0.61
- AutoInstallRules: increased default maxdepth for not crashing
  with a big software package list (bsc#1104655)
- 4.0.60
- Switched license in spec file from SPDX2 to SPDX3 format.
- Installation/Update: Do not call registration if module
  yast2-registraion is not available in inst-sys (bsc#1098794).
- 4.0.59
- AY configuration module: Report XML errors while reading an
  AY configuration file (bsc#1098794)
- 4.0.58
- Added additional searchkeys to desktop file (fate#321043).
- 4.0.57
- Showing AutoYaST configuration file errors onetime only.
  (needed for bnc#1095113)
- 4.0.56
- Partition configuration: Do not ask for saving values if they have
  not been changed at all. (bnc#1082556)
- 4.0.55
- Using new libstorage-ng in order to handle "/label"/ tag in URL.
  E.G.: autoyast=label://my_home//autoinst.xml (bnc#1094533)
- 4.0.54
- Handle DASD or zFCP devices even when the profile is not in a
  remote location (bsc#1089554).
- 4.0.53
- Allow 'subvolumes' and 'subvolumes_prefix' elements to be empty
  (bsc#1076337, bsc#1090095 and bsc#1091669).
- Drop 'btrfs_set_default_subvolume_name' element.
- 4.0.52
- Added general API for reporting errors while parsing the AutoYaST
  configuration file (part of bnc#1089855).
- 4.0.51
- Display an error and abort the installation when no storage
  devices are available for installation (bsc#1091033).
- 4.0.50
- AutoYaST: properly handle empty proposals (bsc#1090390).
- 4.0.49
- Probe storage devices again after initializing DASD or zFCP
  devices (bsc#1089326 and bsc#1089554).
- 4.0.48
- Install the module products also in AutoYaST autoupgrade
  (related to bsc#1086818 and bsc#1087206)
- 4.0.47
- Honor partitioning settings from product (bsc#1085755).
- 4.0.46
- Fix tests to use correct storage instance (part of fate#318196).
- 4.0.45
- Properly abort when probing devices fails (part of bsc#1083672).
- 4.0.44
- Do not export an <id/> element in the partitioning section
- Add-On-Products: Handling error popup for wrong settings.
- 4.0.43
- Permitted the use of 'listentry' element in all the software
  AutoYaST schema list entries (bsc#1013047)
- 4.0.42
- Added more entries to be used instead of the listentry tag when
  cloning the system (bsc#1013047)
- 4.0.41
- Improved error message if the base product cannot be found.
  (follow up of bnc#1084820)
- 4.0.40
- Reuse encrypted devices when required (bsc#1085439).
- 4.0.39
- Fixed cloning of the base product name (bsc#1084259)
- 4.0.38
- Fix in showing/accepting base licenses: Using
  inst_product_license module instead of
  ProductLicense.AskLicenseAgreement (bnc#1073324)
- 4.0.37
- adapted to new activate callbacks in libstorage-ng (see
- 4.0.36
- Add missing textdomains to create proper potfiles (bsc#1083015)
- 4.0.35
- Manage errors during hardware activation in the same way than
  normal installation - asking the user and trying to continue if
  the question times out (related to bsc#1079061).
- 4.0.34
- Upgrade: Speedup PKG call (bnc#1074082)
- 4.0.33
- Remove calls to the old yast2-storage layer (bsc#1071978)
- Fix AutoYaST UI to to show partitions properly
- 4.0.32
- fate#319119
  - yast2-ca-management is dropped
- 4.0.31
- fate#323373
  - Xinetd and yast2-inetd are not supported. Marking respective
    autoyast section as obsolete.
- 4.0.30
- fate#323460
  - support for disabling edit action per module. Currently used
    mainly by the new firewall module
- 4.0.29
- Report packages which cannot be select for installation
  (except those packages not included in the AutoYaST profile)
- 4.0.28
- Speed optimization for the previous fix, the "/clone_system"/
  client spent several minutes processing the packages
  (related to bsc#1077882)
- 4.0.27
- Avoid using Pkg.ResolvableProperties("/"/, :package, "/"/) calls
  which require too much memory (bsc#1077882)
- 4.0.26
- Reporting packages which cannot be selected for installation.
- 4.0.25
- Selecting evaluated/given product for installation.
- 4.0.24
- Display more details when the package solver fails
- Using ProductFeatures.SetSection instead of
  ProductFeatures.SetOverlay in order to set product features.
  This is a follow up of bsc#1070726.
- 4.0.23
- adapt to yast2 changes in overlays (related to bsc#1070726)
- 4.0.22
- Upgrade: Adapting to new product handling.
- 4.0.21
- Fixed merging issues due to bnc#1075182 and bsc#1075334.
- 4.0.20
- Merging products before package evaluation starts.
- 4.0.19
- Fix initialization to copy the profile to /tmp/profile again
- 4.0.18
- always upgrade system via equivalent of 'zypper dup', removing
  respective control from the profile (bsc#1071708)
- 4.0.17
- AutoYaST: fix btrfs_set_default_subvolume_name handling
- 4.0.16
- Warn the user if the infrastructure is not available for running
  the second stage (bnc#1061754)
- 4.0.15
- Reinitialize the storage manager when the profile is modified
  by a pre-script (bsc#1071739)
- 4.0.14
- adapt to new schema of ntp-client (FATE#323432)
- 4.0.13
- Drop using ntpdate and instead use NtpClient module for one time
  sync (FATE#323432)
- 4.0.12
- Do not ignore start_multipath setting (bsc#1070343).
- 4.0.11
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468).
- 4.0.10
- Added subvolumes_prefix to schema definition file.
- Exporting base products in list format. (fate323450)
- 4.0.9
- Bring back handling of device=ask (bsc#1069965)
- Use a 1-based index when showing partitioning issues
- 4.0.8
- Cleanup spec file.
- Code cleanup (removing old libstorage code).
- Adapting rules to storage-ng.
- partition_alignment removed because it is not needed
  anymore by storage-ng.
- 4.0.7
- Add storage data to ayast_probe client (bsc#1065668)
- Handle storage proposal exceptions in a proper way
- 4.0.6
- When reporting issues with the partition plan, add in which
  section of the profile were they found (related to bsc#1060637).
- 4.0.5
- Do not mangle partitioning information coming from
  yast2-storage-ng when cloning a system (related to bsc#1064875).
- 4.0.4
- Add basic support for error handling when creating the
  partition plan (fate#318196).
- 4.0.3
- Add missing require of Y2Package::Product class (bsc#1064396)
- fate#323450
  - implemented product selection
- 4.0.2
- Removed the remains of Kickstart import (bsc#1061620).
- 4.0.1
- AutoinstConfig: added network_before_proposal flag that will be
  enable if the network is configured during the first stage.
- 4.0.0
- ayast_setup: Restarting autoyast-initscripts.service in order
  to run init-scripts too. (bnc#1057597)
- 3.3.9
- Rename "/y2storage_probed"/ to "/probed"/. (bnc#1056656)
- 3.3.8
- fate323450
  - export product name when cloning a profile
- 3.3.7
- Handle packages that are missing a PGP signature although
  digests are valid (bsc#1054969)
- 3.3.6
- AY runs in installed system: Writing init scripts again
  to /var/adm/autoinstall/init.d in order to initilaize init
  scripts correctly. This is needed for AY runs which do not
  have an first installation stage (e.g. AY run in KIWI,
  ayast_setup). (bnc#1052145)
- 3.3.5
- Merged storage-ng branch (fate#318196).
- Note: all changes below with this date belong to the merge.
- 3.3.4
- storage-ng: refac class StorageProposal and create a new guided
  proposal by changing settings if it is necessary.
- Use the new storage-ng layer to export the current system to the
  corresponding <partitioning> section of the AutoYaST profile
- Add basic support for customized partitioning using the new
  storage-ng layer. Currently, only plain partitions are supported
- Allow overriding of product's storage partitioning options
- storage-ng: commented several Yast.import for the old storage
  lib. Affected modules not adapted to storage-ng so far.
- storage-ng: Enable storage-ng proposal for AutoYaST installation.
- storage-ng: fix AutoInstallRules to not use old storage lib.
  Tests are commented. Removed dependency from (old) yast2-storage,
  even if it breaks some functionality.
- Removed yast2-update as build dependency and added before
  version (2.18.3) as install dependency. It is only needed for
- Classes/rules will be ignored: Due to self-update, the evaluation
  of classes/rules will be called twice. So we have to initialize
  the stack for each run again. (bnc#1051483)
- 3.3.3
- Saving ask-scripts and corresponding log files
  to /var/adm/autoinstall. (bnc#1049473)
- 3.3.2
- Crash while writing settings via the menue "/File/Apply Profile
  to this System"/ in AutoYaST configuration module:
  As we are switching to "/autoinstallation"/ mode and accessing to
  the target system we have to set StorageDevices flag disks_valid
  to true.  So InitLibstorage can scan valid target disks.
- 3.3.1
- AutoYaST configuration module; Crash while writing settings to
  the system:
  As we are switching to "/normal"/ mode and accessing to the target
  system we have to set StorageDevices flag disks_valid to true.
  So InitLibstorage can scan valid target disks. (bnc#1046738)
- 3.3.0
- Report shrinked partitions if there is not enough space.
- 3.2.16
- clone system: Checking if snapshots have been enabled.
- 3.2.15
- Moved configuration management before software selection in
  order to select packages which are needed for CM. (FATE#319830)
- 3.2.14
- Fix subvolumes schema definition (bsc#1013047)
- 3.2.13
- bnc#1026027
  - removed dependency on insserv
- 3.2.12
- Added configuration-management to first installation step.
- 3.2.11
- Update: Product selection will be done by Packages.SelectProduct
  now (bnc#1014861).
- 3.2.10
- Moved services-manager to first installation stage (FATE#321738).
- 3.2.9
- Add an option to disable the self-update feature through the
  AutoYaST profile (FATE#319716)
- 3.2.8
- Cloning Software: install_recommended can be set by the
  control.xml file (clone_install_recommended_default)
  Default is true. (Fate#321764)
- 3.2.7
- Fixed tests to pass with the latest yast2-core and
  yast2-ruby-bindings packages (related to the bsc#932331 fix)
- 3.2.6
- Moved post-scripts download from second-stage to first-stage.
- 3.2.5
- If Btrfs subvolumes are not specified, the default set
  is created (bsc#1012328)
- Fix building on s390x (bsc#1011489)
- 3.2.4
- Do not crash when services manager configuration is missing
  (related to bsc#887115)
- 3.2.3
- Hiding a module in its .desktop file (Hidden=true) won't prevent
  it from being cloned anymore (bsc#1008301)
- Add support to specify resource aliases using the key
  X-SuSE-YaST-AutoInstResourceAliases in desktop files (related
  to bsc#887115)
- 3.2.2
- Do not check certificate for images which have been created by
  the user/customer. Found while testing bnc#1009023.
- 3.2.1
- Add support to enable copy-on-write for Btrfs subvolumes
- Add support to omit the Btrfs default subvolume name
- 3.2.0
- Adding missed desktop file for "/clone_system"/ in order to show
  it in the control center and command line calls.
- 3.1.152
- Adding an missing PREP partition for PPC, BUT not for
  Power8 system (powerNV). PowerNV do not have PREP partitions
  and do not need any because they do not call grub2-install
- 3.1.151
- Fix IP detection in AutoYaST installation rules
  in order to find the correct profile when "/ip route"/
  mentions "/metric"/ (bnc#997548).
- 3.1.150
- Profile Location: Use Report instead of Popup to not block
  AutoYast if not configured to. (bnc#988949)
- 3.1.149
- Fixed: Setting timeout for error popups has not been possible.
- 3.1.148
- Improved logging for broken script descriptions.
  Still a part of bnc#986049.
- 3.1.147
- Cloning devices: Devices which are not needed for the
  installation will be ignored explicitly in the "/skip_list"/.
- 3.1.146
- Added "/confirm_base_product_license"/ to rnc file.
- 3.1.145
- Reintroduced autoyast=usb as a valid URL to AutoYaST profile
- 3.1.144
- Added missed flag "/install_recommended"/ in software section.
- 3.1.143
- Added new [Stop] button for <ask> dialogs with timeout. The
  button shows the current time in seconds till the automatic
  timeout (bsc#990114).
- More possible user actions can now stop the execution to prevent
  from timeout (bsc#990114).
- 3.1.142
- Check if AutoYaST "/script"/ elements are hashes.
  Other entries will be ignored. (bnc#986049)
- 3.1.141
- Exporting NFS root partition correctly. (bnc#986124)
- 3.1.140
- Moved ssh_import AutoYaST schema file to yast2-installation
  This is a part of Fate#319624.
- 3.1.139
- Adapt docu to new AutoYaST developer docu.
- 3.1.138
- The entry "/kexec_reboot"/ in the Product description can be set
  by the AutoYaST configuration setting (general/forceboot) and should
  not be reset by any other Product description file.
  Fix: Set it again after reading a new Product description.
- 3.1.137
- While AutoYaST installation the user can change the path of the
  AutoYaST configuration file. Fix: This path will be updated in
  /etc/install.inf too.
- 3.1.136
- System shutdown: Removed "/autoyast"/ service shutdown.
  It does not exist anymore. (bnc#986798)
- 3.1.135
- Speed up installation (bnc#986649)
- 3.1.134
- Consider AutoYaST keep_install_network as set to 'true'
  if it's not specified (bsc#984146)
- Restore the keep_install_network default behavior present
  in SLE 12 SP1 and openSUSE Leap 42.1
- 3.1.133
- Fixing typo while reporting not supported modules.
  (part of bnc#955878)
- 3.1.132
- Rename schema definition regarding SSH keys/configuration
  so yast2-schema can find it correctly (fate#319624)
- 3.1.131
- Fix AutoYaST2 schema regarding SSH keys/configuration import
  feature (fate#319624)
- Stop generating autodocs (fate#320356)
- 3.1.130
- AutoYaST support for ssh_import module.
- 3.1.129
- Unsupported sections will be now reported in first installation
  stage. Reducing log level to warning.
  (Additional patch for bnc#955878)
- 3.1.128
- Resetting package selection of previous runs. This is needed
  because it could be that additional repositories are available
  meanwhile. (bnc#979691)
- 3.1.127
- Media-based AutoUpgrade case for feature: No Recommends in
  * -release RPMs (FATE#320199)
- 3.1.126
- Upgrade: Removed obsolete bootloader stuff.
- 3.1.125
- Removed obsolete bootloader stuff.
  (related to FATE#317701)
- 3.1.124
- Updated schema - added optional URL for the installer
  self update repository ("/general"/ -> "/self_update_url"/ node)
- 3.1.123
- Remove unused import of dropped BootCommon package.
  (related to FATE#317701)
- 3.1.122
- Removed calls of dropped LanUdevAuto module (yast2-network)
  (bnc#955217, bnc#956605)
- 3.1.121
- Moved call "/uptime"/ to yast2 package. Cleanup for bnc#956730.
- 3.1.120
- Evaluate the correct domain, network, product and product version
  when applying rules (bnc#963137).
- 3.1.119
- Check uptime instead of system time while waiting for systemd
  services to be restarted (bsc#956730)
- 3.1.118
- Fixed crash if the general/mode section has not been defined.
- 3.1.117
- As network configuration will be moved to first installation
  stage and wickedd should not be restarted in the second stage,
  all wickedd and network services will not be restarted at all
  by AutoYaST.
  (bnc#944349,  bnc#955260)
- 3.1.116
- Moved the body of AutoinstallIoInclude#Get to yast2-update
- 3.1.115
- Confirming base product license. This can be defined by the flag
  <confirm_base_product_license> in the general/mode section.
  Confirming licenses of add-on products can be defined for each
  product by the flag <confirm_license> in the add-on product
- 3.1.114
- "/haspcmcia"/ method is removed from the AutoInstallRules API
- LVM: taking care about "/auto"/ option --> switching to "/max"/.
- 3.1.113
- Fixed rules.xml : OR operator is interpreted as AND.
- 3.1.112
- Fix wrong warning message about the 'init' section
  not being processed (bsc#962526)
- Installation with "/autoyast=default"/. Fixed nil exception error.
- 3.1.111
- Fixed init scripts which have been defined inside an
  AutoYaST configuration file. (bnc#961320)
- 3.1.110
- Fix validation of AutoYaST profiles (bsc#954412)
- 3.1.109
- Downloading init scripts to /mnt during first installation stage.
- 3.1.108
- Network services can be restarted again, because they do not
  depend on YaST2-Second-Stage.service anymore. (bnc#954908)
- 3.1.107
- Added "/cobbler"/ to the obsolete profile section.
  Defined in SUSE Manager but will not be used anymore. (bnc#955878)
- 3.1.106
- Do not restart NetworkManager* services while restarting all
  services in the second installation stage. (bnc#955260)
- 3.1.105
- Export the already saved software selection when present,
  fixes exporting wrong package selection caused by deployment of
  the installation images (bsc#956325, bsc#910728)
- Evaluating needed YAST packages which are defined in the
  AutoYaST configuration file and selecting these packages for
  installation. (bnc#955657)
- 3.1.104
- Updating AutoYaST documentation
- 3.1.103
- Installation workflow: Using ntpdate instead of sntp for time
  syncing (bnc#953781)
- 3.1.102
- Add dependency on yast2-pkg-bindings 3.1.31 (or newer)
- 3.1.101
- Ingore restarting of all wickedd* services while finishing the
  second installation stage. (bnc#944349)
- 3.1.100
- Cloning system while an installation without AutoYaST: Do not
  blame if packages are not available anymore because the
  medium has already been unmounted (e.g. USB device)
- 3.1.99
- Using "/backup"/ or "/partitioning_advanced"/ sections in the profile
  does not produce an error message anymore (bsc#950294)
- 3.1.98
- Move lib/ directory to autoyast2-installation package
- 3.1.97
- Handle pkgGpgCheck callback introduced in libzypp 14.39.0
- 3.1.96
- Enabled translation of some buttons (bsc#948834)
- 3.1.95
- Writing network settings in first installation stage if the
  second installation stage has been disabled ("/second_stage"/)
  in the general/mode section but a "/networking"/ section has
  also been defined. (bnc#944942)
- 3.1.94
- Fix premature loading of AutoInstall which prevented running
  configuration clients during 2nd stage (bsc#944770)
- 3.1.93
- Move users creation to the first stage, so it is not needed
  to run the 2nd stage to have a minimal system.
- Do no add AutoYaST packages if the second stage won't be
- Fixes bnc#892091
- 3.1.92
- Do not restart dbus service after installation. Otherwise some
  other services will hang. (bnc#937900)
- 3.1.91
- S390: handling cio_ignore
  Entry <general><cio_ignore> in order to set it
  (values: true/false). If it is not set cio_ignore is true.
  So it is backward compatible. (bnc#941406)
- 3.1.90
- Fixed typo in partitioning section
- 3.1.89
- Writing init scipts to installed system in the first installation
  stage now. The init scrpits will be called while starting
  the autoyast-initscripts service. So, these scripts will be called
  while a system upgrade too. (bnc#940823)
- 3.1.88
- <software><post-packages>: Must not reinstall already installed
  packages. (fate#319086)
- 3.1.87
- Fixed a syntax error in the schema definition (bsc#938459)
- 3.1.86
- Syncing hardware time before starting installation via ntp.
  This is configurable via the flag
  <general><mode><ntp_sync_time_before_installation> with which
  the name of the ntp server will be defined. If it is not set
  no synchronisation will be done. So it is backward compatible.
- 3.1.85
- Added "/upgrade"/ section to generic list. (bnc#935915)
- 3.1.84
- implemented activation of snapper for btrfs on LVM (bsc#935858)
- 3.1.83
- Enabled snapshots creation after auto-installation/upgrade
- 3.1.82
- Regarding some corner cases of bsc#925381.
  - - Checking for availability of clients/<module>_auto module before
    reporting an error.
  - - Checking if a module supports more than one autoyast configuration
- 3.1.81
- Don't try to format PReP partitions (bsc#927748)
- fixed size parameter "/auto"/ for PReP partitions (bsc#928768)
- 3.1.80
- Added new section "/restricts"/ for ntp configuration
- 3.1.79
- Added 'bootloader' and 'report' into list of supported profile
  sections (bsc#925381)
- 3.1.78
- Added libxslt into BuildRequires - needed for running test-cases
- 3.1.77
- Reporting unknown and unsupported profile sections (bnc#925381)
- 3.1.76
- Evaluate the correct host IP in order to read the proper
  autoyast.xml file (bnc#928303, bnc#908356, bnc#916628)
- 3.1.75
- New autoinst flag in general/mode section:
  The default target of systemd will be activated in the second
  stage of autoyast installation.
  The default is "/true"/ which is a backward compatible value.
- 3.1.74
- Avoid ayast_probe module crashing when called from an installed
- 3.1.73
- New autoinst flag in general/mode section: final_restart_services.
  Restarting all services after finishing the installation.
  The default is "/true"/ which is a backward compatible value.
- load release notes of extensions also during AutoYaST
- Clone_system in autoyast2-installation should call some modules
  (e.g. storage, software) which are defined in autoyast2 package.
  So if needed the user has to install autoyast2 package at first.
- Checking if the disk is -partitionable- instead of checking if it
  is a real disk. Needed for Multipath disks. (bnc#909349)
- autoyast=file:///<autoinst.xml> : Mount the installation source
  in order to copy AutoYaST configuration file into inst_sys.
- Selecting needed yast packages for the second stage correctly.
- 3.1.72
- Setting normal mode while applying single module settings to
  system. (bnc#909223)
- 3.1.71
- Removed code which will be already done by service_manager.
- remove X-KDE-Library from desktop file (bnc#899104)
- AutoYaST configuration module: Reset menu bar after calling
  single YAST configuration module.
- 3.1.69
- Fixed too small dialog for autoyast profile location.
- 3.1.68
- Fixed UI in partition configuration.
  (bnc#901904; bnc#901739)
- 3.1.67
- Fixed "/No base product found"/ error when evaluating
  rules/rules.xml file (bnc#900750)
- 3.1.66
- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
  HUP event in client_work (boo#1184521 CVE-2021-3468).
- Update avahi-daemon-check-dns.sh from Debian. Our previous
  version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
  when invoking avahi-daemon-check-dns.sh (boo#1180827
- Add sudo to requires: used to drop privileges.
- When changing ownership of /var/lib/autoipd, only change
  ownership of files owned by avahi, to mitigate against
  possible exploits (bsc#1154063).
- Drop avahi-daemon-increase-rlimit.patch: rlimits are no longer
  set by default.
- Replace avahi-0.7-python3.patch with avahi-0.7-dbm.patch: use
  what is upstream (boo#1110668).
- Add avahi-0.7-encode-strings-as-utf8.patch: encode strings as
  UTF-8 (boo#1110668).
- Add avahi-0.7-python3-bookmarks.patch: make bookmarks python 3
  compatible (boo#1110668).
- Add CVE-2018-1000845.patch: drop legacy unicast queries from
  address not on local link (boo#1120281 CVE-2018-1000845).
- Drop avahi-0.6.31-invalid-packet.patch: fixed upstream.
- Add avahi-daemon-increase-rlimit.patch: increase rlimit as a
  conservative way to handle certain crashes referring to upstream
  commit 71ace71 (bsc#1085255).
- Drop the qt3 parts
- Add avahi-0.7-python3.patch: Port to python 3 (bsc#1076402).
- Build python bindings against python 3, rather than python 2;
- Python-avahi is now python3-avahi, and python-avahi-gtk is now
- Obsolete the python 2 packages
- Replace python_sitelib with python3_sitelib in %files, and add
- Rename %*soname to %*sover to better reflect its use.
- Modernize spec file by calling spec-cleaner
- Use SPDX3.0 license tags and package COPYING as %license.
- Update to version 0.7:
  + The Avahi 0.7 release brings two new features, binary TXT
    records in XML service files and the ability to start the
    gobject client in a custom context.
  + New Features:
  - Add support for binary values in TXT records in XML service
    files by specifying
    value-format="/text|binary-hex|binary-base64"/. If not
    specified, defaults to the normal value of "/text"/ (thus
    backwards compatible).
  - avahi-gobject: Allow starting the client in a custom
    GMainContext by passing context to ga_client_start_in_context
    instead of ga_client_start (avahi-gobject minor version has
    been incremented).
  + Notable Changes:
  - avahi-daemon: Remove all default rlimits from
    avahi-daemon.conf, as two main problems happened with firstly
    rlimit-nproc causing avahi to fail when started in a
    container without user namespaces and secondly because memory
    rlimits were causing avahi to crash in some cases. Leave it
    up to the init system to impose any modified limits instead.
    It is recommend to ship this change in distribution default
    config files.
  - avahi-common: Fix watch cleanup issue in watch_free
  - avahi-discover (python): Updated for Python3 & GTK3
  - avahi-autoipd:
    . Clear previously set address before binding a new one.
    . Fix dhclient hooks to check for avahi-autoipd before
  - build: Move default rundir from /var/run to /run as per
    modern system setups.
  + Other Changes:
  - build:
    . Fix the printed value of "/Building libavahi-client"/ in
    . autogen.sh improved to work when called from another
    . Fix warnings when compiling against musl libc.
  - avahi-compat-libdns_sd: Fix incorrect URL in warnings.
  - service-type-database: Add new service Types: _ipps._tcp,
  - avahi-dnsconfd: Update manpage with the correct action script
  - avahi-gobject:
    . Use the correct shared library name in AvahiCore-0.6.gir
    . Fix build failing under some locales.
  - avahi-common/dbus-watch-glue.c: remove Unneeded semicolon.
  - Update gentoo init scripts for newer openrc version.
  + Updated translations.
- Drop avahi-empty-share-dir.patch, avahi-gir-fixup.patch,
  avahi-move-everything-to-run.patch and avahi-outdated-URL.patch:
  Fixed upstream.
- Drop systemd_requires macro: on a machine managed by systemd, we
  don't have to require it. If the machine/container is not managed
  by systemd, we don't want to require it.
- Add pkgconfig(pygobject-3.0) BuildRequires: New dependency.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Do not suppress errors from avahi-autoipd user creation, but do
  suppress getent output.
- Replace $RPM_* shell vars by macros.
- Modify user generation (boo#1010384):
  + Use getent to check for existing users/groups, only creating
    them if not found.
  + Do not hide output of groupadd/useradd.
  + Do not mask failures: if a user can't be added, we have a
- Drop %insserv_cleanup scriptlets: it's been a while that avahi
  did not install any sysV init scripts anymore.
- Simplify avahi_spec-prepare.sh: OBS is well able to handle macros
  in package names by now.
- Drop conditions to only handle systemd services on openSUSE >
  12.1; it's been long that we did not ship the sysv scripts
  anymore and openSUSE 12.1 is long EOL.
- Replace avahi-0.6.31-systemd-order.patch with
  avahi-0.6.32-suppress-resolv-conf-warning.patch: only warn
  on missing resolv.conf if the options that use it are enabled.
- Update to version 0.6.32:
  + Don't log warnings about invalid packets, commonly triggered by
    Windows 10 systems.
  + Fix issue with bad packet size estimation, causing probes to
    continuously be sent when hosting large numbers of services.
  + Fix build on Solaris/SmartOS (filio.h issue).
  + Fix build on FreeBSD (PCAP_D_IN issue).
  + Fix debug output with libdaemon >= 0.14.
  + avahi_server_set_browse_domains now correctly uses the provided
    list, instead of re-using the list from the configuration file.
  + Set nl_pid to 0, this will automatically assign the value and
    prevent conflicts per netlink(7). (Bug #334).
  + Check for netlink pid=0 (kernel) instead of uid=0, which works
    correctly with network & user namespaces.
  + Fix reversed IFA_LOCAL and IFA_ADDRESS checks (Avahi#355).
  + Don't fail the build on deprecated GTK/GLIB usage.
  + Gracefully fail if SO_REUSEPORT is not available.
  + Minor Python 3 update for the python ServiceTypeDatabase test
    usage of print, should be backwards compatible.
  + avahi-autoipd: Fix incorrect usage of IFLA_RTA instead of
    IFA_RTA which could crash on ARM (Closes: gh#lathiat/avahi#42).
- Drop upstream fixed patches:
  + avahi-unicastdomains.patch
  + avahi-gtk_box_new.patch
  + avahi-fix-mkdir.diff
  + avahi-enable-ipv6.patch
  + avahi-reserve-space-for-record-data-when-size-e.patch
- Rebase avahi-0.6.31-invalid-packet.patch.
- Add avahi-0.6.31-systemd-order.patch: start after NM/wicked, to
  ensure resolv.conf is present (bsc#982317, gh#lathiat/avahi#59).
- Update to GNOME 3.20.2 (Fate#318572)
- Added License field in spec file.
- Update to GNOME 3.20  Fate#318572
- No longer install sysv services: the systemd services have been
  installed for a long time already and are masking the sysv
  scripts; those scripts existance only add confusion (boo#959908).
- Temp disable 2 old Conflicts that are breaking staging. These can
  back in once there is a new release of avahi.
- Add avahi-0.6.31-invalid-packet.patch: do not spam logs for
  invalid packets (boo#947140 bsc#948277).
- Sync up the multiple .spec files.
- Add avahi-outdated-URL.patch: Do not redirect users to
  <http://0pointer.de/avahi-compat?s=libdns_sd&e=ntpd>, which no
  longer exists, but bring them to the more generic blog entry
  http://0pointer.de/blog/projects/avahi-compat.html (boo#914298).
- Add patch bsc1183064.patch
  * Fix bug bsc#1183064: Segfault from reading a history file not
    starting with # with HISTTIMEFORMAT set and history_multiline_entries
    nonzero and with the history cleared and read on the same input line.
- Move /bin/bash to /usr/bin/bash and provide old location as
  symbolic link of new location (jsc#SLE-15652)
- Remove minimal sh build option as not used
- Rework patch readline-7.0-screen.patch again for bug boo#1143055
  * Map all "/screen(-xxx)?.yyy(-zzz)?"/ to "/screen"/ as well as
    map "/konsole(-xxx)?"/ and "/gnome(-xxx)?"/ to "/xterm"/
- Add patch bash-4.4-bgpoverflow.patch which is a backport from bash
  5.0 to perform better with large numbers of sub processes (bsc#1133773)
- Rework patch readline-7.0-screen.patch
- Add bash-memmove.patch to make bash.html build reproducible (boo#1100488)
- Add patch readline-7.0-screen.patch to be able to parse settings
  in inputrc for all screen TERM variables starting with "/screen."/
  to fix boo#1095661
- In patch bash-4.4.dif avoid setgroups(2) but use initgroups(3) (boo#1095670)
- Add patch 20, 21, 22 and 23 to bash-4.4-patches.tar.bz2
  * 20: In circumstances involving long-running scripts that create
    and reap many processes, it is possible for the hash table bash
    uses to store exit statuses from asynchronous processes to
    develop loops. This patch fixes the loop causes and adds code
    to detect any future loops.
  * 21: A SIGINT received inside a SIGINT trap handler can possibly
    cause the shell to loop.
  * 22: There are cases where a failing readline command (e.g.,
    delete-char at the end of a line) can cause a multi-character
    key sequence to `back up' and attempt to re-read some of the
    characters in the sequence.
  * 23: When sourcing a file from an interactive shell, setting the
    SIGINT handler to the default and typing ^C will cause the
    shell to exit.
- remove bash-4.4-wait-sigint-handler.patch (upstreamed)
- Add patch bash-4.4-wait-sigint-handler.patch to fix bug bsc#1086247
  that is repeating self inserting trap due external command in the
- Create readline-devel-static package to re-enable static libraries
  again (boo#1082913)
- Use %license (boo#1082318)
- Add patch 19 to bash-4.4-patches.tar.bz2
  * With certain values for PS1, especially those that wrap onto
    three or more lines, readline will miscalculate the number of
    invisible characters, leading to crashes and core dumps.
- Add patches 13-18 to bash-4.4-patches.tar.bz2
  * 13: If a here-document contains a command substitution, the
    command substitution can get access to the file descriptor used
    to write the here-document.
  * 14: Under some circumstances, functions that return via the
    `return' builtin do not clean up memory they allocated to keep
    track of FIFOs.
  * 15: Process substitution can leak internal quoting to the
    parser in the invoked subshell.
  * 16: Bash can perform trap processing while reading command
    substitution output instead of waiting until the command
  * 17: There is a memory leak when `read -e' is used to read a
    line using readline.
  * 18: Under certain circumstances (e.g., reading from /dev/zero),
    read(2) will not return -1 even when interrupted by a signal.
    The read builtin needs to check for signals in this case.
- partial cleanup with spec-cleaner
- Modify patch bash-4.3-pathtemp.patch to avoid crash at full
  file system (boo#1076909)
- Enable multibyte characters by default
- Modify patch bash-4.4.dif to let bashline.h install as well as
  this header file is included by general.h due to the same patch
- Make build reproducible in spite of profile based optimizations (boo#1040589)
- Allow to disable do_profiling in builds (related to boo#1040589)
- Simplify patch readline-5.2-conf.patch
- Do not throw info and manual pages away
- Remove bash-4.0-async-bnc523667.dif as this one is fixed (and
  was disabled and nobody had reported trouble)
- Add upstream patch readline70-002 which replace old one
  There is a race condition in add_history() that can be triggered by a fatal
  signal arriving between the time the history length is updated and the time
  the history list update is completed. A later attempt to reference an
  invalid history entry can cause a crash.
- Add upstream patch readline70-003
  Readline-7.0 uses pselect(2) to allow readline to handle signals that do not
  interrupt read(2), such as SIGALRM, before reading another character.  The
  signal mask used in the pselect call did not take into account signals the
  calling application blocked before calling readline().
- Add upstream patch bash44-006
  Out-of-range negative offsets to popd can cause the shell to crash
  attempting to free an invalid memory block.
- Remove patch popd-offset-overflow.patch to use bash44-006
- Add upstream patch bash44-007
  When performing filename completion, bash dequotes the directory
  name being completed, which can result in match failures and
  potential unwanted expansion.
- Duplicate bash44-007 as readline70-002 as it seems to be missed
- Add upstream patch bash44-008
  Under certain circumstances, bash will evaluate arithmetic
  expressions as part of reading an expression token even when
  evaluation is suppressed. This happens while evaluating a
  conditional expression and skipping over the failed branch of the
- Add upstream patch bash44-009
  There is a race condition in add_history() that can be triggered
  by a fatal signal arriving between the time the history length
  is updated and the time the history list update is completed.
  A later attempt to reference an invalid history entry can cause
  a crash.
- Add upstream patch bash44-010
  Depending on compiler optimizations and behavior, the `read'
  builtin may not save partial input when a timeout occurs.
- Add upstream patch bash44-011
  Subshells begun to run command and process substitutions may
  attempt to set the terminal's process group to an incorrect
  value if they receive a fatal signal.  This depends on the
  behavior of the process that starts the shell.
- Add upstream patch bash44-012
  When -N is used, the input is not supposed to be split using
  $IFS, but leading and trailing IFS whitespace was still removed.
- Remove -L option on screen call dues API change, now we depend
  on environment variables only.
- Enable -fprofile-correction to cover misleading profile created due
  to terminating_signal which does not return.
-  Add upstream patch popd-offset-overflow.patch to fix boo#1010845
  CVE-2016-9401: bash: popd controlled free (Segmentation fault)
  Remark: this is a simple Segmentation fault, no security risk
- Add upstream patch bash44-001
  Bash-4.4 changed the way the history list is initially allocated to reduce
  the number of reallocations and copies.  Users who set HISTSIZE to a very
  large number to essentially unlimit the size of the history list will get
  memory allocation errors
- Add upstream patch bash44-002
  Bash-4.4 warns when discarding NUL bytes in command substitution output
  instead of silently dropping them.  This patch changes the warnings from
  one per NUL byte encountered to one warning per command substitution.
- Drop no-null-warning.patch as bash44-002 is official replacement
- Add upstream patch bash44-003
  Specially-crafted input, in this case an incomplete pathname expansion
  bracket expression containing an invalid collating symbol, can cause the
  shell to crash.
- Add upstream patch bash44-004
  There is a race condition that can result in bash referencing freed memory
  when freeing data associated with the last process substitution.
- Add upstream patch bash44-005
  Under certain circumstances, a simple command is optimized to eliminate a
  fork, resulting in an EXIT trap not being executed. (boo#1008459)
- Add upstream patch readline70-001
  Readline-7.0 changed the way the history list is initially allocated to reduce
  the number of reallocations and copies.  Users who set the readline
  history-size variable to a very large number to essentially unlimit the size
  of the history list will get memory allocation errors
- no-null-warning.patch: Don't warn about null bytes in command
- Avoid confusing library path
- Update bash 4.4 final
  * Latest bug fixes since 4.4 rc2
- Update readline 7.0 final
  * Latest bug fixes since 7.0 rc2
  * New application-callable function: rl_pending_signal(): returns the signal
    number of any signal readline has caught but not yet handled.
  * New application-settable variable: rl_persistent_signal_handlers: if set
  to a non-zero value, readline will enable the readline-6.2 signal handler
  behavior in callback mode: handlers are installed when
  rl_callback_handler_install is called and removed removed when a complete
  line has been read.
- Drop patch bash-4.3-async-bnc971410.dif as this one is part of 4.4
- Drop patch bash-3.2-longjmp.dif as now long time be fixed
- Drop patch bash-4.3-headers.dif as loadables now simply work
- Drop readline-6.1-wrap.patch as this seems to be fixed
- Disable patch bash-4.0-async-bnc523667.dif for now as it seems to be fixed
  in an other way
- Update bash 4.4 rc2  -- Bugfixes
- Update readline 7.0 rc2 -- Bugfixes
- Make clear that the files /etc/profile as well as /etc/bash.bashrc
  may source other files as well even if the bash does not.
  Therefore modify patch bash-4.1-bash.bashrc.dif (bsc#959755)
- Update bash 4.4 beta 2
  * Value conversions (arithmetic expansions, case modification, etc.) now
    happen when assigning elements of an array using compound assignment.
  * There is a new option settable in config-top.h that makes multiple
    directory arguments to `cd' a fatal error.
  * Bash now uses mktemp() when creating internal temporary files; it produces
    a warning at build time on many Linux systems.
- Update to readline library 7.0 beta 2 (not enabled as not standalone)
  * The default binding for ^W in vi mode now uses word boundaries specified
    by Posix (vi-unix-word-rubout is bindable command name).
  * rl_clear_visible_line: new application-callable function; clears all
    screen lines occupied by the current visible readline line.
  * rl_tty_set_echoing: application-callable function that controls whether
    or not readline thinks it is echoing terminal output.
  * Handle >| and strings of digits preceding and following redirection
    specifications as single tokens when tokenizing the line for history
  * Fixed a bug with displaying completions when the prefix display length
    is greater than the length of the completions to be displayed.
  * The :p history modifier now applies to the entire line, so any expansion
    specifying :p causes the line to be printed instead of expanded.
- Update bash 4.4 release candidate 1
  * There is now a settable configuration #define that will cause the shell
    to exit if the shell is running setuid without the -p option and setuid
    to the real uid fails.
  * Command and process substitutions now turn off the `-v' option when
    executing, as other shells seem to do.
  * The default value for the `checkhash' shell option may now be set at
    compile time with a #define.
  * The `mapfile' builtin now has a -d option to use an arbitrary character
    as the record delimiter, and a -t option  to strip the delimiter as
    supplied with -d.
  * The maximum number of nested recursive calls to `eval' is now settable in
    config-top.h; the default is no limit.
  * The `-p' option to declare and similar builtins will display attributes for
    named variables even when those variables have not been assigned values
    (which are technically unset).
  * The maximum number of nested recursive calls to `source' is now settable
    in config-top.h; the default is no limit.
  * All builtin commands recognize the `--help' option and print a usage
  * Bash does not allow function names containing `/' and `=' to be exported.
  * The `ulimit' builtin has new -k (kqueues) and -P (pseudoterminals) options.
  * The shell now allows `time ; othercommand' to time null commands.
  * There is a new `--enable-function-import' configuration option to allow
    importing shell functions from the environment; import is enabled by
  * `printf -v var "/"/' will now set `var' to the empty string, as if `var="/"/'
    had been executed.
  * GLOBIGNORE, the pattern substitution word expansion, and programmable
    completion match filtering now honor the value of the `nocasematch' option.
  * There is a new ${parameter@spec} family of operators to transform the
    value of `parameter'.
  * Bash no longer attempts to perform compound assignment if a variable on the
    rhs of an assignment statement argument to `declare' has the form of a
    compound assignment (e.g., w='(word)' ; declare foo=$w); compound
    assignments are accepted if the variable was already declared as an array,
    but with a warning.
  * The declare builtin no longer displays array variables using the compound
    assignment syntax with quotes; that will generate warnings when re-used as
    input, and isn't necessary.
  * Executing the rhs of && and || will no longer cause the shell to fork if
    it's not necessary.
  * The `local' builtin takes a new argument: `-', which will cause it to save
    and the single-letter shell options and restore their previous values at
    function return.
  * `complete' and `compgen' have a new `-o nosort' option, which forces
    readline to not sort the completion matches.
  * Bash now allows waiting for the most recent process substitution, since it
    appears as $!.
  * The `unset' builtin now unsets a scalar variable if it is subscripted with
    a `0', analogous to the ${var[0]} expansion.
  * `set -i' is no longer valid, as in other shells.
  * BASH_SUBSHELL is now updated for process substitution and group commands
    in pipelines, and is available with the same value when running any exit
  * Bash now checks $INSIDE_EMACS as well as $EMACS when deciding whether or
    not bash is being run in a GNU Emacs shell window.
  * Bash now treats SIGINT received when running a non-builtin command in a
    loop the way it has traditionally treated running a builtin command:
    running any trap handler and breaking out of the loop.
  * New variable: EXECIGNORE; a colon-separate list of patterns that will
    cause matching filenames to be ignored when searching for commands.
  * Aliases whose value ends in a shell metacharacter now expand in a way to
    allow them to be `pasted' to the next token, which can potentially change
    the meaning of a command (e.g., turning `&' into `&&').
  * `make install' now installs the example loadable builtins and a set of
    bash headers to use when developing new loadable builtins.
  * `enable -f' now attempts to call functions named BUILTIN_builtin_load when
    loading BUILTIN, and BUILTIN_builtin_unload when deleting it.  This allows
    loadable builtins to run initialization and cleanup code.
  * There is a new BASH_LOADABLES_PATH variable containing a list of directories
    where the `enable -f' command looks for shared objects containing loadable
  * The `complete_fullquote' option to `shopt' changes filename completion to
    quote all shell metacharacters in filenames and directory names.
  * The `kill' builtin now has a `-L' option, equivalent to `-l', for
    compatibility with Linux standalone versions of kill.
  * BASH_COMPAT and FUNCNEST can be inherited and set from the shell's initial
  * inherit_errexit: a new `shopt' option that, when set, causes command
    substitutions to inherit the -e option.  By default, those subshells disable
  - e.  It's enabled as part of turning on posix mode.
  * New prompt string: PS0.  Expanded and displayed by interactive shells after
    reading a complete command but before executing it.
  * Interactive shells now behave as if SIGTSTP/SIGTTIN/SIGTTOU are set to SIG_DFL
    when the shell is started, so they are set to SIG_DFL in child processes.
  * Posix-mode shells now allow double quotes to quote the history expansion
  * OLDPWD can be inherited from the environment if it names a directory.
  * Shells running as root no longer inherit PS4 from the environment, closing a
    security hole involving PS4 expansion performing command substitution.
  * If executing an implicit `cd' when the `autocd' option is set, bash will now
    invoke a function named `cd' if one exists before executing the `cd' builtin.
- Update to readline library 7.0 release candidate 1
  * The history truncation code now uses the same error recovery mechansim as
    the history writing code, and restores the old version of the history file
    on error.  The error recovery mechanism handles symlinked history files.
  * There is a new bindable variable, `enable-bracketed-paste', which enables
    support for a terminal's bracketed paste mode.
  * The editing mode indicators can now be strings and are user-settable
    (new `emacs-mode-string', `vi-cmd-mode-string' and `vi-ins-mode-string'
    variables).  Mode strings can contain invisible character sequences.
    Setting mode strings to null strings restores the defaults.
  * Prompt expansion adds the mode string to the last line of a multi-line
    prompt (one with embedded newlines).
  * There is a new bindable variable, `colored-completion-prefix', which, if
    set, causes the common prefix of a set of possible completions to be
    displayed in color.
  * There is a new bindable command `vi-yank-pop', a vi-mode version of emacs-
    mode yank-pop.
  * The redisplay code underwent several efficiency improvements for multibyte
  * The insert-char function attempts to batch-insert all pending typeahead
    that maps to self-insert, as long as it is coming from the terminal.
  * rl_callback_sigcleanup: a new application function that can clean up and
    unset any state set by readline's callback mode.  Intended to be used
    after a signal.
  * If an incremental search string has its last character removed with DEL, the
    resulting empty search string no longer matches the previous line.
  * If readline reads a history file that begins with `#' (or the value of
    the history comment character) and has enabled history timestamps, the history
    entries are assumed to be delimited by timestamps.  This allows multi-line
    history entries.
  * Readline now throws an error if it parses a key binding without a terminating
    `:' or whitespace.
- Remove patches which are upstream solved
- Rename patches
  bash-4.3.dif become bash-4.4.dif
  readline-6.3.dif become readline-7.0.dif
- Refresh other patches as well
- Define the USE_MKTEMP and USE_MKSTEMP cpp macros as the
  implementation is already there.
- Add patch bash-4.3-pathtemp.patch to allow root to clear the
  file systems.  Otherwise the completion does not work if /tmp
  if full (ENOSPC for here documents)
- Remove --hash-size options as there is no any change in the final
  binary nor library anymore
- Add upstream patch bash43-039
  Using the output of `declare -p' when run in a function can result in variables
  that are invisible to `declare -p'.  This problem occurs when an assignment
  builtin such as `declare' receives a quoted compound array assignment as one of
  its arguments.
- Add upstream patch bash43-040
  There is a memory leak that occurs when bash expands an array reference on
  the rhs of an assignment statement.
- Add upstream patch bash43-041
  There are several out-of-bounds read errors that occur when completing command
  lines where assignment statements appear before the command name.  The first
  two appear only when programmable completion is enabled; the last one only
  happens when listing possible completions.
- Add upstream patch bash43-042
  There is a problem when parsing command substitutions containing `case'
  commands within pipelines that causes the parser to not correctly identify
  the end of the command substitution.
- add bash-4.3-perl522.patch to fix texi2html for perl 5.22
  (defined(@array) has been deprecated since at least 2012)
- Add upstream patch bash43-034
  If neither the -f nor -v options is supplied to unset, and a name argument is
  found to be a function and unset, subsequent name arguments are not treated as
  variables before attempting to unset a function by that name.
- Add upstream patch bash43-035
  A locale with a long name can trigger a buffer overflow and core dump.  This
  applies on systems that do not have locale_charset in libc, are not using
  GNU libiconv, and are not using the libintl that ships with bash in lib/intl.
- Add upstream patch bash43-036
  When evaluating and setting integer variables, and the assignment fails to
  create a variable (for example, when performing an operation on an array
  variable with an invalid subscript), bash attempts to dereference a null
  pointer, causing a segmentation violation.
- Add upstream patch bash43-037
  If an associative array uses `@' or `*' as a subscript, `declare -p' produces
  output that cannot be reused as input.
- Add upstream patch bash43-038
  There are a number of instances where `time' is not recognized as a reserved
  word when the shell grammar says it should be.
- move info deletion to %preun sections
- bash-4.3-loadables.dif: One more warning fixed, in
- bash-4.3-loadables.dif: Reverted one warning fix, which was
  introducing another warning and possibly a bug.
- bash-4.3-loadables.dif: Split changes to shell.h to a separate
  patch "/bash-4.3-include-unistd.dif"/, as the loadables build just
  fine without these changes.
- bash-4.3-loadables.dif: Drop all header file inclusion fixups,
  upstream fixed the problem differently 5 years ago.
- Do not restart all signal handlers for bash 4.3 as this breaks
  trap handler in subshells waotiug for a process
- Remove -DMUST_UNBLOCK_CHLD(=1) as this breaks waitchild(2) on linux
- Add upstream patch bash43-031
  The new nameref assignment functionality introduced in bash-4.3 did not perform
  enough validation on the variable value and would create variables with
  invalid names.
- Add upstream patch bash43-032
  When bash is running in Posix mode, it allows signals -- including SIGCHLD --
  to interrupt the `wait' builtin, as Posix requires.  However, the interrupt
  causes bash to not run a SIGCHLD trap for all exited children.  This patch
  fixes the issue and restores the documented behavior in Posix mode.
- Add upstream patch bash43-033
  Bash does not clean up the terminal state in all cases where bash or
  readline  modifies it and bash is subsequently terminated by a fatal signal.
  This happens when the `read' builtin modifies the terminal settings, both
  when readline is active and when it is not.  It occurs most often when a script
  installs a trap that exits on a signal without re-sending the signal to itself.
- Fix the sed command that fixes up the patch headers. It was
  printing a duplicate header line, which suprisingly did not
  confuse patch, but could in the future.
- Fix all patches that had the duplicate header line issue.
- Use tail command to follow run-tests instead of a simpe cat command
- Really remove obsolete patches
- Skip autoconf on OS 10.2 or older
- Avoid fdupes on SLES-10
- Bump bash version to 4.3
- Allow building on targets from SL 10.1 to current since it's free
- fix [bsc#1177579] -- wrong clamping of hexadecimal digits in dc
- deleted patches
  - bc-1.06-dc_ibase.patch (upstreamed)
- Use %license instead of %doc [bsc#1082318]
- Cleanup %doc section
- added patches
  Correct return value after 'q' [bsc#1129038]
  + bc-dc-correct-return-value.patch
- Update to version 1.07.1:
  * Fixed ibase extension causing problems for read()
  * Fixed parallel make problem.
  * Fixed dc "/Q"/ comanmd bug.
- Changes for version 1.07:
  * Added void functions.
  * fixes bug in load_code introduced by mathlib string storage in 1.06.
  * fix to get long options working.
  * signal code clean-up.
  * fixed a bug in the AVL tree routines.
  * fixed math library to work properly when called with ibase not 10.
  * fixed a symbol table bug when using more than 32 names.
  * removed a double free.
  * Added base 17 to 36 for ibase.
  * Fixed some memory leaks.
  * Various small tweaks and doc bug fixes.
- Drop no longer needed patches:
  * bc-1.06.95-memleak.patch
  * bc-1.06.95-matlib.patch
  * bc-1.06.95-sigintmasking.patch
- Refresh bc-1.06-dc_ibase.patch
- Add gpg signature
- Update url
- Correct info files scriplets and dependencies
- Clean up with spec-cleaner
- Add ncurses-devel as it is inherited from readline
- Explicitely pass without-libedit if we decide to switch for
  it at some point
- Add BuildRequires on makeinfo to fix Factory build
- update to upstream alpha 1.06.95 (2006-09-05), in use in other
  major distros for quite a long time (Debian, Fedora, Ubuntu, ...)
- add patches from Fedora
- automake dependency removed
- add automake as buildrequire to avoid implicit dependency
- Fix last change.
- Fix detection of empty opt_expression in the parser.
- * A broken inbound incremental zone update (IXFR)
    can cause named to terminate unexpectedly
    [CVE-2021-25214, bind-CVE-2021-25214.patch]
  * An assertion check can fail while answering queries
    for DNAME records that require the DNAME to be processed to resolve
    [CVE-2021-25215, bind-CVE-2021-25215.patch]
  * A second vulnerability in BIND's GSSAPI security
    policy negotiation can be targeted by a buffer overflow attack
    This does not affect this package as the affected code is
- pass PIE compiler and linker flags via environment variables to make
  /usr/bin/delv in bind-tools also position independent (bsc#1183453).
- drop pie_compile.diff: no longer needed, this patch is difficult to
  maintain, the environment variable approach is less error prone.
  [bsc#1183453, bind.spec, pie_compile.diff]
- /var/run is deprecated, replaced by /run
  [bsc#1185073, bind-replace-varrun-with-run.patch,
  bind-chrootenv.conf, vendor-files.tar.bz2]
- Removed baselibs.conf as SLE does not distribute 32 bit libraries.
- Added special make instruction for the "/Administrator Reference
  Manual"/ which is built using python3-Sphinx
  [bsc#1177983, bind.spec]
- Removed "/Before=nss-lookup.target"/ from named.service as that
  leads to a systemd ordering cycle
  [bsc#1177491, bsc#1178626, bsc#1177991, vendor-files.tar.bz2]
- Add /usr/lib64/named to the files and directories in
  bind-chrootenv.conf. This directory contains plugins loaded
  after the chroot().
- Replaced named's dependency on time-sync with a dependency on time-set
  in named.service. The former leads to a dependency-loop.
- Removed "/dnssec-enable"/ from named.conf as it has been obsoleted.
  Added a comment for reference which should be removed
  in the future.
- Added a comment to the "/dnssec-validation"/ in named.conf
  with a reference to forwarders which do not return signed responses.
- Replaced an INSIST macro which calls abort with a test and a
  diagnostic output.
- Removed "/-r /dev/urandom"/ from all invocations of rndc-confgen
  (init/named system/lwresd.init system/named.init in vendor-files)
  as this option is deprecated and causes rndc-confgen to fail.
  [bsc#1173311, bsc#1176674, bsc#1170713, vendor-files.tar.bz2]
- /usr/bin/genDDNSkey: Removing the use of the -r option in the call
  of /usr/sbin/dnssec-keygen as BIND now uses the random number
  functions provided by the crypto library (i.e., OpenSSL or a
  PKCS#11 provider) as a source of randomness rather than /dev/random.
  Therefore the -r command line option no longer has any effect on
  dnssec-keygen. Leaving the option in genDDNSkey as to not break
  compatibility. Patch provided by Stefan Eisenwiener.
  [bsc#1171313, vendor-files.tar.bz2]
- Put libns into a separate subpackage to avoid file conflicts
  in the libisc subpackage due to different sonums (bsc#1176092).
- Require /sbin/start_daemon: both init scripts, the one used in
  systemd context as well as legacy sysv, make use of start_daemon.
- Upgrade to version 9.16.6
  Fixes five vilnerabilities:
  5481.   [security]      "/update-policy"/ rules of type "/subdomain"/ were
    incorrectly treated as "/zonesub"/ rules, which allowed
    keys used in "/subdomain"/ rules to update names outside
    of the specified subdomains. The problem was fixed by
    making sure "/subdomain"/ rules are again processed as
    described in the ARM. (CVE-2020-8624) [GL #2055]
  5480.   [security]      When BIND 9 was compiled with native PKCS#11 support, it
    was possible to trigger an assertion failure in code
    determining the number of bits in the PKCS#11 RSA public
    key with a specially crafted packet. (CVE-2020-8623)
    [GL #2037]
  5479.   [security]      named could crash in certain query resolution scenarios
    where QNAME minimization and forwarding were both
    enabled. (CVE-2020-8621) [GL #1997]
  5478.   [security]      It was possible to trigger an assertion failure by
    sending a specially crafted large TCP DNS message.
    (CVE-2020-8620) [GL #1996]
  5476.   [security]      It was possible to trigger an assertion failure when
    verifying the response to a TSIG-signed request.
    (CVE-2020-8622) [GL #2028]
  For the less severe bugs fixed, see the CHANGES file.
  [bsc#1175443, CVE-2020-8624, CVE-2020-8623, CVE-2020-8621,
  CVE-2020-8620, CVE-2020-8622]
- Added "//etc/bind.keys"/ to NAMED_CONF_INCLUDE_FILES in
  /etc/sysconfig/named to suppress warning message re
  missing file.
  [vendor-files.tar.bz2, bsc#1173983]
- Upgrade to version bind-9.16.5
  * The "/primary"/ and "/secondary"/ keywords, when used
    as parameters for "/check-names"/, were not
    processed correctly and were being ignored.
  * 'rndc dnstap -roll <value>' did not limit the number of
    saved files to <value>.
  * Add 'rndc dnssec -status' command.
  * Addressed a couple of situations where named could crash
  For the full list, see the CHANGES file in the source RPM.
- Changed /var/lib/named to owner root:named and perms rwxrwxr-t
  so that named, being a/the only member of the "/named"/ group
  has full r/w access yet cannot change directories owned by root
  in the case of a compromized named.
  [bsc#1173307, bind-chrootenv.conf]
- Upgrade to version bind-9.16.4
  Fixing two security problems:
  * It was possible to trigger an INSIST when determining
    whether a record would fit into a TCP message buffer.
  * It was possible to trigger an INSIST in
    lib/dns/rbtdb.c:new_reference() with a particular zone
    content and query patterns. (CVE-2020-8619)
  Also the following functional changes:
  * Reject DS records at the zone apex when loading
    master files. Log but otherwise ignore attempts to
    add DS records at the zone apex via UPDATE.
  * The default value of "/max-stale-ttl"/ has been changed
    from 1 week to 12 hours.
  * Zone timers are now exported via statistics channel.
    Thanks to Paul Frieden, Verizon Media.
  Added support for idn2 to spec file (Thanks to Holger Bruenjes
  More internal changes see the CHANGES file in the source RPM
  This update obsoletes Makefile.in.diff
  [bsc#1172958, CVE-2020-8618, CVE-2020-8619, Makefile.in.diff
- Upgrade to version bind-9.16.3
  Fixing two security problems:
  * Further limit the number of queries that can be triggered from
    a request.  Root and TLD servers are no longer exempt
    from max-recursion-queries.  Fetches for missing name server
    address records are limited to 4 for any domain. (CVE-2020-8616)
  * Replaying a TSIG BADTIME response as a request could trigger an
    assertion failure. (CVE-2020-8617)
  * Add engine support to OpenSSL EdDSA implementation.
  * Add engine support to OpenSSL ECDSA implementation.
  * Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
  * Warn about AXFR streams with inconsistent message IDs.
  * Make ISC rwlock implementation the default again.
  For more see CHANGS file in source RPM.
  [CVE-2020-8616, CVE-2020-8617, bsc#1171740, bind-9.16.3.tar.xz]
- bind needs an accurate clock, so wait for the time-sync.target
  to be reached before starting bind.
  [bsc#1170667, bsc#1170713, vendor-files.tar.bz2]
- Use sysusers.d to create named user
- Have only one package creating the user
- coreutils are not used in %post, remove Requires.
- Use systemd_ordering instead of hard requiring systemd
- Upgrade to version 9.16.1
  * UDP network ports used for listening can no longer simultaneously
    be used for sending traffic.
  * The system-provided POSIX Threads read-write lock implementation
    is now used by default instead of the native BIND 9 implementation.
  * Fixed re-signing issues with inline zones which resulted in records
    being re-signed late or not at all.
- Update download urls
- Do not enable geoip on old distros, the geoip db was shut down
  so we need to use geoip2 everywhere
- Upgrade to version 9.16.0
  Major upgrade, see
  CHANGES file in the source tree.
  Major functional change:
  * What was set with --with-tuning=large option in older BIND9
    versions is now a default, and a --with-tuning=small option was
    added for small (e.g. OpenWRT) systems.
  * A new "/dnssec-policy"/ option has been added to named.conf to
    implement a key and signing policy (KASP) for zones.
  * The command (and manpage) bind9-config have been dropped as the
    BIND 9 libraries are now purely internal.
  No patches became obsolete through the upgrade.
- Upgrade to bind-9.14.9
  bug fixes and feature improvements
- Upgrade to version 9.14.8:
  * Set a limit on the number of concurrently served pipelined TCP
  * Some other bug fixing, see CHANGES file.
  [CVE-2019-6477, bsc#1157051]
- Upgrade to version 9.14.7
  * removed dnsperf, idn, nslint, perftcpdns, query-loc-0.4.0,
    queryperf, sdb, zkt from contrib as they are not supported
    any more
  * Added support for the GeoIP2 API from MaxMind
  * See CHANGES file in the source RPM.
  * obsoletes bind-CVE-2018-5745.patch (bsc#1126068)
  * obsoletes bind-CVE-2019-6465.patch (bsc#1126069)
  * obsoletes bind-CVE-2018-5743.patch (bsc#1133185)
  * obsoletes bind-CVE-2019-6471.patch (bsc#1138687)
  [bsc#1111722, bsc#1156205, bsc#1126068, bsc#1126069, bsc#1133185,
  bsc#1138687, CVE-2019-6476, CVE-2019-6475,
  CVE-2019-6471, CVE-2018-5743, CVE-2019-6467, CVE-2019-6465,
  CVE-2018-5745, CVE-2018-5744, CVE-2018-5740, CVE-2018-5738,
  CVE-2018-5737, CVE-2018-5736, CVE-2017-3145, CVE-2017-3136,
  configure.in.diff, bind-99-libidn.patch, perl-path.diff,
  bind-sdb-ldap.patch, bind-CVE-2017-3145.patch,
  bind-fix-fips.patch, bind-CVE-2018-5745.patch,
  bind-CVE-2019-6465.patch, bind-CVE-2018-5743.patch,
  bind-CVE-2019-6471.patch, CVE-2016-6170, bsc#1018700,
  bsc#1018701, bsc#1018702, bsc#1033466, bsc#1033467, bsc#1033468,
  bsc#1040039, bsc#1047184, bsc#1104129, bsc#906079, bsc#918330,
  bsc#936476, bsc#937028, bsc#939567, bsc#977657, bsc#983505,
  bsc#987866, bsc#989528, fate#320694, fate#324357, bnc#1127583,
  bnc#1127583, bnc#1109160]
- removal of SuSEfirewall2 service from Factory, since SuSEfirewall2 has been
  replaced by firewalld, see [1].
  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
- Add FIPS patch back into bind (bsc#1128220)
- File: bind-fix-fips.patch
- Don't rely on /etc/insserv.conf anymore for proper dependencies
  against nss-lookup.target in named.service and lwresd.service
  (bsc#1118367 bsc#1118368)
- Update named.root. One of the root servers IP has changed.
- Install the LICENSE file.
- Add bind.conf and bind-chrootenv.conf to install the default
  files in /var/lib/named and create chroot environment on systems
  using transactional-updates [bsc#1100369] [FATE#325524].
- Cleanup pre/post install: remove all old code which was needed to
  update to SLES8.
- Fix a patch error in dnszone-schema file (bsc#901577)
- Add SPF records in dnszone-schema file (bsc#901577)
- Fix the hostname in ldapdump to be valid (bsc#965748)
- Patch file - bind-ldapdump-use-valid-host.patch
- Add bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
  Fixes dynamic DNS updates against samba and Microsoft DNS servers
- Move chroot related files from bind to bind-chrootenv
- Remove rndc.key generation from bind.spec file because bind
  should create it on first boot (bsc#1092283)
- Add misisng rndc.key check and generation code is lwresd.init
- build with --enable-filter-aaaa to make it possible to use
  config option "/filter-aaaa-on-v4 yes"/. Useful to workaround
  broken websites like netflix which block traffic from certain
  IPv6 tunnel providers. (bsc#1069633)
- Add /dev/urandom to chroot env
- Implement systemd init scripts for bind and lwresd (fate#323155)
- Apply bind-CVE-2017-3145.patch to fix CVE-2017-3145 (bsc#1076118)
- Use getent when adding user/group
- update changelog to mention removed options
- license changed to MPL-2.0 according to legal.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Add back init scripts, systemd units aren't ready yet
- Add python3-bind subpackage to allow python bind interactions
- Sync configure options with RH package and remove unused ones
  * Enable python3
  * Enable gssapi
  * Enable dnssec scripts
  * Remove no longer recognized --enable-rrl
- Drop idnkit from the build, the bind uses libidn since 2007 to run
  all the resolutions in dig/etc. bsc#1030306
- Add patch to make sure we build against system idn:
  * bind-99-libidn.patch
- Refresh patch:
  * pie_compile.diff
- Remove patches that are unused due to above:
  * idnkit-powerpc-ltconfig.patch
  * runidn.diff
- drop bind-openssl11.patch (merged upstream)
- Remove systemd conditionals as we are not building on sle11 anyway
- Force the systemd to be base for the initscript deployment
- Bump up version of most of the libraries
- Rename the subpackages to match the version updates
- Add macros for easier handling of the library package names
- Drop more unneeded patches
  * dns_dynamic_db.patch (upstream)
- Update to 9.11.2 release:
  * Many changes compared to 9.10 see the README file for in-depth listing
  * For detailed changes with issues see CHANGES file
  * Fixes for CVE-2017-3141 CVE-2017-3140 CVE-2017-3138 CVE-2017-3137
    CVE-3136 CVE-2016-9778
  * OpenSSL 1.1 support
- Remove support for some old distributions and cleanup the spec file
  to require only what is really needed
- Switch to systemd (bsc#1053808)
- Remove german from the postinst messages
- Remove patches merged upstream:
  * bind-CVE-2017-3135.patch
  * bind-CVE-2017-3142-and-3143.patch
- Refresh named.root with another update
- Use python3 by default (fate#323526)
- bind-openssl11.patch: add a patch for enabling
  openssl 1.1 support (builds for 1.0 and 1.1 openssl).
- Enable JSON statistics
- named.root: refreshed from internic to 2017060102 (bsc#1048729)
- Run systemctl daemon-reload even when this is not build with
  systemd support: if installing bind on a systemd service and not
  reloading systemd daemon, then the service 'named' is not known
  right after package installation, causing confusion.
- Added bind-CVE-2017-3142-and-3143.patch to fix a security issue
  where an attacker with the ability to send and receive messages
  to an authoritative DNS server was able to circumvent TSIG
  authentication of AXFR requests. A server that relies solely on
  TSIG keys for protection with no other ACL protection could be
  manipulated into (1) providing an AXFR of a zone to an
  unauthorized recipient and (2) accepting bogus Notify packets.
  [bsc#1046554, CVE-2017-3142, bsc#1046555, CVE-2017-3143]
- Fix named init script to dynamically find the location of the
  openssl engines (boo#1040027).
- Add with_systemd define with default off, since we still use init
  scripts and no systemd units.
- Don't require and call insserv if we use systemd
- Fix assertion failure or a NULL pointer read for configurations using both DNS64 and RPZ
  * CVE-2017-3135, bsc#1024130
  * bind-CVE-2017-3135.patch
- Update to latest release in the 9.10.X series
  * Security fixes in 9.10.4
  * Duplicate EDNS COOKIE options in a response could trigger an assertion failure.
    CVE-2016-2088. [RT #41809]
  * The resolver could abort with an assertion failure due to improper DNAME handling
    when parsing fetch reply messages. CVE-2016-1286. [RT #41753]
  * Malformed control messages can trigger assertions in named and rndc.
    CVE-2016-1285. [RT #41666]
  * Certain errors that could be encountered when printing out or logging an OPT record containing
    a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure. CVE-2015-8705. [RT #41397]
  * Specific APL data could trigger an INSIST. CVE-2015-8704. [RT #41396]
  * Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing
    a lookup. CVE-2015-8461. [RT#40945]
  * Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted,
    triggering a REQUIRE failure when those records were subsequently cached. CVE-2015-8000. [RT #40987]
  * For Features and other fixes in 9.10.4 see https://kb.isc.org/article/AA-01380/0/BIND-9.10.4-Release-Notes.html
  * Description of patch changes
  * BIND 9.10.4-P5 addresses the security issues described in CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444. [bsc#1018699]
  * BIND 9.10.4-P4 addresses the security issue described in CVE-2016-8864.
  * BIND 9.10.4-P3 addresses the security issue described in CVE-2016-2776 and addresses an interoperability issue with ECS clients.
  * BIND 9.10.4-P2 addresses the security issue described in CVE-2016-2775.
  * BIND 9.10.4-P1 addresses Windows installation issues, the %z modifier is not supported under Windows and
    a race condition in the rbt/rbtdb implementation resulting in named exiting due to assertion failures being detected.
  * Following patches removed, fixed upstream
  * cve-2016-2776.patch
  * cve-2016-8864.patch
- Apply cve-2016-8864.patch to fix CVE-2016-8864 (bsc#1007829).
- Apply cve-2016-2776.patch to fix CVE-2016-2776 (bsc#1000362).
- Remove the start/stop dependency of named and lwresd on remote-fs
  to break a service dependency cycle (bsc#947483, bsc#963971).
- Make /var/lib/named owned by the named user (bsc#908850,
- Call systemd service macros with the full service name.
- remove BuildRequire libcap. That is only a legacy library, not
  actually used for building. libcap-devel pulls in the right one.
- Security update 9.10.3-P4:
  * CVE-2016-1285, bsc#970072: assert failure on input parsing can
    cause premature exit.
  * CVE-2016-1286, bsc#970073: An error when parsing signature
    records for DNAME can lead to named exiting due to an assertion
  * CVE-2016-2088, bsc#970074: a deliberately misconstructed packet
    containing multiple cookie options to cause named to terminate
    with an assertion failure.
- drop a changing timestamp making build reproducible
- Build with --with-randomdev=/dev/urandom otherwise
  libisc will use /dev/random to gather entropy and that might
  block, short read etc..
- Security update 9.10.3-P3:
  * Specific APL data could trigger an INSIST (CVE-2015-8704,
  * Certain errors that could be encountered when printing out or
    logging an OPT record containing a CLIENT-SUBNET option could
    be mishandled, resulting in an assertion failure
    (CVE-2015-8705, bsc#962190).
  * Authoritative servers that were marked as bogus (e.g.
    blackholed in configuration or with invalid addresses) were
    being queried anyway.
- Update to version 9.10.3-P2 to fix a remote denial of service by
  misparsing incoming responses (CVE-2015-8000, bsc#958861).
- Avoid double %setup, it confuses some versions of quilt.
- Summary/description update
- Update to version 9.10.2-P4
  * An incorrect boundary boundary check in the OPENPGPKEY
    rdatatype could trigger an assertion failure.
    (CVE-2015-5986) [RT #40286] (bsc#944107)
  * A buffer accounting error could trigger an
    assertion failure when parsing certain malformed
    DNSSEC keys. (CVE-2015-5722) [RT #40212] (bsc#944066)
- Update to version 9.10.2-P3
  Security Fixes
  * A specially crafted query could trigger an assertion failure in message.c.
    This flaw was discovered by Jonathan Foote, and is disclosed in
    CVE-2015-5477. [RT #39795]
  * On servers configured to perform DNSSEC validation, an assertion failure
    could be triggered on answers from a specially configured server.
    This flaw was discovered by Breno Silveira Soares, and is disclosed
    in CVE-2015-4620. [RT #39795]
  Bug Fixes
  * Asynchronous zone loads were not handled correctly when the zone load was
    already in progress; this could trigger a crash in zt.c. [RT #37573]
  * Several bugs have been fixed in the RPZ implementation:
    + Policy zones that did not specifically require recursion could be treated
    as if they did; consequently, setting qname-wait-recurse no; was
    sometimes ineffective. This has been corrected. In most configurations,
    behavioral changes due to this fix will not be noticeable. [RT #39229]
    + The server could crash if policy zones were updated (e.g. via
    rndc reload or an incoming zone transfer) while RPZ processing
    was still ongoing for an active query. [RT #39415]
    + On servers with one or more policy zones configured as slaves, if a
    policy zone updated during regular operation (rather than at startup)
    using a full zone reload, such as via AXFR, a bug could allow the RPZ
    summary data to fall out of sync, potentially leading to an assertion
    failure in rpz.c when further incremental updates were made to the zone,
    such as via IXFR. [RT #39567]
    + The server could match a shorter prefix than what was
    available in CLIENT-IP policy triggers, and so, an unexpected
    action could be taken. This has been corrected. [RT #39481]
    + The server could crash if a reload of an RPZ zone was initiated while
    another reload of the same zone was already in progress. [RT #39649]
- Update to version 9.10.2-P2
  - An uninitialized value in validator.c could result in an assertion failure.
    (CVE-2015-4620) [RT #39795]
- Update to version 9.10.2-P1
  - Include client-ip rules when logging the number of RPZ rules of each type.
    [RT #39670]
  - Addressed further problems with reloading RPZ zones. [RT #39649]
  - Addressed a regression introduced in change #4121. [RT #39611]
  - The server could match a shorter prefix than what was available in
    CLIENT-IP policy triggers, and so, an unexpected action could be taken.
    This has been corrected. [RT #39481]
  - On servers with one or more policy zones configured as slaves, if a policy
    zone updated during regular operation (rather than at startup) using a full
    zone reload, such as via AXFR, a bug could allow the RPZ summary data to
    fall out of sync, potentially leading to an assertion failure in rpz.c when
    further incremental updates were made to the zone, such as via IXFR.
    [RT #39567]
  - A bug in RPZ could cause the server to crash if policy zones were updated
    while recursion was pending for RPZ processing of an active query.
    [RT #39415]
  - Fix a bug in RPZ that could cause some policy zones that did not
    specifically require recursion to be treated as if they did; consequently,
    setting qname-wait-recurse no; was sometimes ineffective. [RT #39229]
  - Asynchronous zone loads were not handled correctly when the zone load was
    already in progress; this could trigger a crash in zt.c. [RT #37573]
  - Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't
    result in a bug during operation. If the read failed, named could segfault.
    [RT #38559]
- Fix inappropriate use of /var/lib/named for locating dynamic-DB plugins.
  Dynamic-DB plugins are now loaded from %{_libexecdir}/bind, consistent with
  openSUSE packaging guideline.
- Install additional header files which are helpful to the development of
  dynamic-DB plugins.
- Depend on systemd macros and sysvinit on post-12.3 only.
- Create empty lwresd.conf at build time.
- Reduce file list pre-13.1.
- Update to version 9.10.2
  - Handle timeout in legacy system test. [RT #38573]
  - dns_rdata_freestruct could be called on a uninitialised structure when
    handling a error. [RT #38568]
  - Addressed valgrind warnings. [RT #38549]
  - UDP dispatches could use the wrong pseudorandom
    number generator context. [RT #38578]
  - Fixed several small bugs in automatic trust anchor management, including a
    memory leak and a possible loss of key state information. [RT #38458]
  - 'dnssec-dsfromkey -T 0' failed to add ttl field. [RT #38565]
  - Revoking a managed trust anchor and supplying an untrusted replacement
    could cause named to crash with an assertion failure.
    (CVE-2015-1349) [RT #38344]
  - Fix a leak of query fetchlock. [RT #38454]
  - Fix a leak of pthread_mutexattr_t. [RT #38454]
  - RPZ could send spurious SERVFAILs in response
    to duplicate queries. [RT #38510]
  - CDS and CDNSKEY had the wrong attributes. [RT #38491]
  - adb hash table was not being grown. [RT #38470]
- Update bind.keyring
- Update baselibs.conf due to updates to libdns160 and libisc148
- Enable export libraries to support plugin development.
  Install DNSSEC root key.
  Expose new interface for developing dynamic zone database.
  + dns_dynamic_db.patch
- PowerPC can build shared libraries for sure.
- Explicitly BuildRequire systemd-rpm-macros since it is used
  for lwresd %post etc. Then drop pre-12.x material.
  Remove configure.in.diff2.
- Corrections to baselibs.conf
- Update to version 9.10.1-P1
  - A flaw in delegation handling could be exploited to put named into an
    infinite loop.  This has been addressed by placing limits on the number of
    levels of recursion named will allow (default 7), and the number of
    iterative queries that it will send (default 50) before terminating a
    recursive query (CVE-2014-8500); (bnc#908994).
    The recursion depth limit is configured via the "/max-recursion-depth"/
    option, and the query limit via the "/max-recursion-queries"/ option.
    [RT #37580]
  - When geoip-directory was reconfigured during named run-time, the
    previously loaded GeoIP data could remain, potentially causing wrong ACLs
    to be used or wrong results to be served based on geolocation
    (CVE-2014-8680). [RT #37720]; (bnc#908995).
  - Lookups in GeoIP databases that were not loaded could cause an assertion
    failure (CVE-2014-8680). [RT #37679]; (bnc#908995).
  - The caching of GeoIP lookups did not always handle address families
    correctly, potentially resulting in an assertion failure (CVE-2014-8680).
    [RT #37672]; (bnc#908995).
- Convert some hard PreReq to leaner Requires(pre).
- Typographical and orthographic fixes to description texts.
- Fix bashisms in the createNamedConfInclude script.
- Post scripts: remove '-e' option of 'echo' that may be unsupported
  in some POSIX-compliant shells.
- Add openssl engines to the lwresd chroot.
- Add /etc/lwresd.conf with attribute ghost to the list of files.
- Add /run/lwresd to the list of files of the lwresd package.
- Shift /run/named from the chroot sub to the main bind package.
- Drop /proc from the chroot as multi CPU systems work fine even without it.
- Add a versioned dependency when obsoleting packages.
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
- Fix gssapi_krb configure time header detection.
- Update root zone (dated Nov 5, 2014).
- Update to version 9.10.1
  - This release addresses the security flaws described in CVE-2014-3214 and
- Update to version 9.10.0
  - DNS Response-rate limiting (DNS RRL), which blunts the impact of
    reflection and amplification attacks, is always compiled in and no longer
    requires a compile-time option to enable it.
  - An experimental "/Source Identity Token"/ (SIT) EDNS option is now available.
  - A new zone file format, "/map"/, stores zone data in a
    format that can be mapped directly into memory, allowing
    significantly faster zone loading.
  - "/delv"/ (domain entity lookup and validation) is a new tool with dig-like
    semantics for looking up DNS data and performing internal DNSSEC
  - Improved EDNS(0) processing for better resolver performance
    and reliability over slow or lossy connections.
  - Substantial improvement in response-policy zone (RPZ) performance.  Up to
    32 response-policy zones can be configured with minimal performance loss.
  - To improve recursive resolver performance, cache records which are still
    being requested by clients can now be automatically refreshed from the
    authoritative server before they expire, reducing or eliminating the time
    window in which no answer is available in the cache.
  - New "/rpz-client-ip"/ triggers and drop policies allowing
    response policies based on the IP address of the client.
  - ACLs can now be specified based on geographic location using the MaxMind
    GeoIP databases.  Use "/configure --with-geoip"/ to enable.
  - Zone data can now be shared between views, allowing multiple views to serve
    the same zones authoritatively without storing multiple copies in memory.
  - New XML schema (version 3) for the statistics channel includes many new
    statistics and uses a flattened XML tree for faster parsing. The older
    schema is now deprecated.
  - A new stylesheet, based on the Google Charts API, displays XML statistics
    in charts and graphs on javascript-enabled browsers.
  - The statistics channel can now provide data in JSON format as well as XML.
  - New stats counters track TCP and UDP queries received
    per zone, and EDNS options received in total.
  - The internal and export versions of the BIND libraries (libisc, libdns,
    etc) have been unified so that external library clients can use the same
    libraries as BIND itself.
  - A new compile-time option, "/configure --enable-native-pkcs11"/, allows BIND
    9 cryptography functions to use the PKCS#11 API natively, so that BIND can
    drive a cryptographic hardware service module (HSM) directly instead of
    using a modified OpenSSL as an intermediary.
  - The new "/max-zone-ttl"/ option enforces maximum TTLs for zones. This can
    simplify the process of rolling DNSSEC keys by guaranteeing that cached
    signatures will have expired within the specified amount of time.
  - "/dig +subnet"/ sends an EDNS CLIENT-SUBNET option when querying.
  - "/dig +expire"/ sends an EDNS EXPIRE option when querying.
  - New "/dnssec-coverage"/ tool to check DNSSEC key coverage for a zone and
    report if a lapse in signing coverage has been inadvertently scheduled.
  - Signing algorithm flexibility and other improvements
    for the "/rndc"/ control channel.
  - "/named-checkzone"/ and "/named-compilezone"/ can now read
    journal files, allowing them to process dynamic zones.
  - Multiple DLZ databases can now be configured.  Individual zones can be
    configured to be served from a specific DLZ database.  DLZ databases now
    serve zones of type "/master"/ and "/redirect"/.
  - "/rndc zonestatus"/ reports information about a specified zone.
  - "/named"/ now listens on IPv6 as well as IPv4 interfaces by default.
  - "/named"/ now preserves the capitalization of names
    when responding to queries.
  - new "/dnssec-importkey"/ command allows the use of offline
    DNSSEC keys with automatic DNSKEY management.
  - New "/named-rrchecker"/ tool to verify the syntactic
    correctness of individual resource records.
  - When re-signing a zone, the new "/dnssec-signzone -Q"/ option drops
    signatures from keys that are still published but are no longer active.
  - "/named-checkconf -px"/ will print the contents of configuration files with
    the shared secrets obscured, making it easier to share configuration (e.g.
    when submitting a bug report) without revealing private information.
  - "/rndc scan"/ causes named to re-scan network interfaces for
    changes in local addresses.
  - On operating systems with support for routing sockets, network interfaces
    are re-scanned automatically whenever they change.
  - "/tsig-keygen"/ is now available as an alternate command
    name to use for "/ddns-confgen"/.
- Update to version 9.9.6
  New Features
  - Support for CAA record types, as described in RFC 6844 "/DNS
    Certification Authority Authorization (CAA) Resource Record"/,
    was added. [RT#36625] [RT #36737]
  - Disallow "/request-ixfr"/ from being specified in zone statements where it
    is not valid (it is only valid for slave and redirect zones) [RT #36608]
  - Support for CDS and CDNSKEY resource record types was added. For
    details see the proposed Informational Internet-Draft "/Automating
    DNSSEC Delegation Trust Maintenance"/ at
    [RT #36333]
  - Added version printing options to various BIND utilities. [RT #26057]
    [RT #10686]
  - Added a "/no-case-compress"/ ACL, which causes named to use case-insensitive
    compression (disabling change #3645) for specified clients. (This is useful
    when dealing with broken client implementations that use case-sensitive
    name comparisons, rejecting responses that fail to match the capitalization
    of the query that was sent.) [RT #35300]
  Feature Changes
  - Adds RPZ SOA to the additional section of responses to clearly
    indicate the use of RPZ in a manner that is intended to avoid
    causing issues for downstream resolvers and forwarders [RT #36507]
  - rndc now gives distinct error messages when an unqualified zone
    name matches multiple views vs. matching no views [RT #36691]
  - Improves the accuracy of dig's reported round trip times.  [RT #36611]
  - When an SPF record exists in a zone but no equivalent TXT record
    does, a warning will be issued.  The warning for the reverse
    condition is no longer issued. See the check-spf option in the
    documentation for details. [RT #36210]
  - "/named"/ will now log explicitly when using rndc.key to configure
    command channel. [RT #35316]
  - The default setting for the -U option (setting the number of UDP
    listeners per interface) has been adjusted to improve performance.
    [RT #35417]
  - Aging of smoothed round-trip time measurements is now limited
    to no more than once per second, to improve accuracy in selecting
    the best name server. [RT #32909]
  - DNSSEC keys that have been marked active but have no publication
    date are no longer presumed to be publishable. [RT #35063]
  Bug Fixes
  - The Makefile in bin/python was changed to work around a bmake
    bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)
  - Corrected bugs in the handling of wildcard records by the DNSSEC
    validator: invalid wildcard expansions could be treated as valid
    if signed, and valid wildcard expansions in NSEC3 opt-out ranges
    had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]
  - When resigning, dnssec-signzone was removing all signatures from
    delegation nodes. It now retains DS and (if applicable) NSEC
    signatures.  [RT #36946]
  - The AD flag was being set inappopriately on RPZ responses. [RT #36833]
  - Updates the URI record type to current draft standard,
    draft-faltstrom-uri-08, and allows the value field to be zero
    length [RT #36642] [RT #36737]
  - RRSIG sets that were not loaded in a single transaction at start
    up were not being correctly added to re-signing heaps.  [RT #36302]
  - Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]
  - A race condition could cause a crash in isc_event_free during
    shutdown.  [RT #36720]
  - Addresses a race condition issue in dispatch. [RT #36731]
  - acl elements could be miscounted, causing a crash while loading
    a config [RT #36675]
  - Corrects a deadlock between view.c and adb.c. [RT #36341]
  - liblwres wasn't properly handling link-local addresses in
    nameserver clauses in resolv.conf. [RT #36039]
  - Buffers in isc_print_vsnprintf were not properly initialized
    leading to potential overflows when printing out quad values.
    [RT #36505]
  - Don't call qsort() with a null pointer, and disable the GCC 4.9
    "/delete null pointer check"/ optimizer option. This fixes problems
    when using GNU GCC 4.9.0 where its compiler code optimizations
    may cause crashes in BIND. For more information, see the operational
    advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]
  - Fixed a bug that could cause repeated resigning of records in
    dynamically signed zones. [RT #35273]
  - Fixed a bug that could cause an assertion failure after forwarding
    was disabled. [RT #35979]
  - Fixed a bug that caused SERVFAILs when using RPZ on a system
    configured as a forwarder. [RT #36060]
  - Worked around a limitation in Solaris's /dev/poll implementation
    that could cause named to fail to start when configured to use
    more sockets than the system could accomodate. [RT #35878]
- Remove merged rpz2+rl-9.9.5.patch and obsoleted rpz2+rl-9.9.5.patch
- Removed pid-path.diff patch as /run/{named,lwresd}/ are used by default.
- Update baselibs.conf (added libirs and library interface version updates).
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- Don't install using trusted group (bnc#1092157)
- Minor spec-file cleanup
- Update URL to point to exiting website (bnc#1034957)
- run_permissions macro is obsolete: use set_permissions
- cross-build fix: use %__cc macro
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
- updated patches to apply with fuzz=0
- make patch0 usage consistent
- moved bing to /usr/sbin
- removed SUID bit
- converted neededforbuild to BuildRequires
- updated to version 1.0.5
- bziped
- Add binutils-fix-relax.diff to fix linking relaxation problems
  with old object files hitting some enterprise software. [bsc#1179341]
- Update binutils-2.35-branch.diff.gz to commit 1c5243df:
  * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with
    certain DWARF variable descriptions.
  * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878,
    PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869,
  * The above includes fixes for dwo files produced by modern dwp,
    fixing several problems in the DWARF reader.
- Reapply spec file cleanup from format_spec_file
- Remove a SLE10 version check
- Update to 2.35.1 and rebased branch diff:
  * This is a point release over the previous 2.35 version, containing bug
  fixes, and as an exception to the usual rule, one new feature.  The
  new feature is the support for a new directive in the assembler:
  "/.nop"/.  This directive creates a single no-op instruction in whatever
  encoding is correct for the target architecture.  Unlike the .space or
  .fill this is a real instruction, and it does affect the generation of
  DWARF line number tables, should they be enabled.
- Update binutils-2.35-branch.diff.gz to commit 23f268a0:
  * Add xBPF target
  * Fix various problems with DWARF 5 support in gas
- Toolchain module update for SLE15 [jsc#ECO-2373]
- Includes changes that were SLE-only in binutils-add-z15-name.diff
  for [bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464]
- Amend binutils-revert-plt32-in-branches.diff to adjust also new
- Add binutils-2.35-branch.diff.gz: it includes fix for
  nm -B for objects compiled with -flto and -fcommon.
- Add binutils-revert-nm-symversion.diff to be compatible with old
  output of nm relied on in scripts.
- Add binutils-fix-abierrormsg.diff to work around an eager (new)
  error message occuring without inputs and as-needed (affects
  nvme-cli build).
- Update to binutils 2.35:
  * The asseembler can now produce DWARF-5 format line number tables.
  * Readelf now has a "/lint"/ mode to enable extra checks of the files it is processing.
  * Readelf will now display "/[...]"/ when it has to truncate a symbol name.
    The old behaviour - of displaying as many characters as possible, up to
    the 80 column limit - can be restored by the use of the --silent-truncation
  * The linker can now produce a dependency file listing the inputs that it
    has processed, much like the -M -MP option supported by the compiler.
- Regenerate add-ulp-section.diff with -p1 due to a fuzzing issue.
- Remove binutils-2.34-branch.diff.gz.
- Regenerate binutils-build-as-needed.diff due to a fuzzing issue.
- Regenerate binutils-fix-invalid-op-errata.diff as one hunk was upstreamed.
- Remove upstreamed patch binutils-pr25593.diff.
- Regenerate unit-at-a-time.patch due to a fuzzing issue.
- Regenerate binutils-revert-plt32-in-branches.diff.
- Update binutils-2.34-branch.diff.gz.
- Remove fix-try_load_plugin.patch as it is part
  of the updated binutils-2.34-branch.diff.gz patch.
- Add binutils-pr25593.diff to fix DT_NEEDED order with -flto
- Update fix-try_load_plugin.patch to latest version.
- Add fix-try_load_plugin.patch in order to fix fallback caused
  by backport for PR25355.
- Update to binutils 2.34:
  * The disassembler (objdump --disassemble) now has an option to
    generate ascii art thats show the arcs between that start and end
    points of control flow instructions.
  * The binutils tools now have support for debuginfod.  Debuginfod is a
    HTTP service for distributing ELF/DWARF debugging information as
    well as source code.  The tools can now connect to debuginfod
    servers in order to download debug information about the files that
    they are processing.
  * The assembler and linker now support the generation of ELF format
    files for the Z80 architecture.
- Rename and get binutils-2.34-branch.diff.gz (boo#1160254).
- Rebase add-ulp-section.diff, binutils-revert-plt32-in-branches.diff,
  cross-avr-size.patch and binutils-skip-rpaths.patch.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to boo#1163333.
- Includes fixes for these CVEs:
  bnc#1153768 aka CVE-2019-17451 aka PR25070
  bnc#1153770 aka CVE-2019-17450 aka PR25078
- Disable LTO during testsuite run
- Add binutils-fix-invalid-op-errata.diff to fix various
  build fails on aarch64 (PR25210, bsc#1157755).
- Add add-ulp-section.diff for user space live patching.
- Update to binutils 2.33.1:
  * Adds support for the Arm Scalable Vector Extension version 2
    (SVE2) instructions, the Arm Transactional Memory Extension (TME)
    instructions and the Armv8.1-M Mainline and M-profile Vector
    Extension (MVE) instructions.
  * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
    processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
    Cortex-A76AE, and Cortex-A77 processors.
  * Adds a .float16 directive for both Arm and AArch64 to allow
    encoding of 16-bit floating point literals.
  * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
    Loongson3 LLSC Errata.  Add a --enable-mips-fix-loongson3-llsc=[yes|no]
    configure time option to set the default behavior. Set the default
    if the configure option is not used to "/no"/.
  * The Cortex-A53 Erratum 843419 workaround now supports a choice of
    which workaround to use.  The option --fix-cortex-a53-843419 now
    takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
    which can be used to force a particular workaround to be used.
    See --help for AArch64 for more details.
  * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
    GNU_PROPERTY_AARCH64_FEATURE_1_PAC  in ELF GNU program properties
    in the AArch64 ELF linker.
  * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on inputs and use PLTs protected with BTI.
  * Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
  * Add --source-comment[=<txt>] option to objdump which if present,
    provides a prefix to source code lines displayed in a disassembly.
  * Add --set-section-alignment <section-name>=<power-of-2-align>
    option to objcopy to allow the changing of section alignments.
  * Add --verilog-data-width option to objcopy for verilog targets to
    control width of data elements in verilog hex format.
  * The separate debug info file options of readelf (--debug-dump=links
    and --debug-dump=follow) and objdump (--dwarf=links and
  - -dwarf=follow-links) will now display and/or follow multiple
    links if more than one are present in a file.  (This usually
    happens when gcc's -gsplit-dwarf option is used).
    In addition objdump's --dwarf=follow-links now also affects its
    other display options, so that for example, when combined with
  - -syms it will cause the symbol tables in any linked debug info
    files to also be displayed.  In addition when combined with
  - -disassemble the --dwarf= follow-links option will ensure that
    any symbol tables in the linked files are read and used when
    disassembling code in the main file.
  * Add support for dumping types encoded in the Compact Type Format
    to objdump and readelf.
- Includes fixes for these CVEs:
  bnc#1126826 aka CVE-2019-9077 aka PR1126826
  bnc#1126829 aka CVE-2019-9075 aka PR1126829
  bnc#1126831 aka CVE-2019-9074 aka PR24235
  bnc#1140126 aka CVE-2019-12972 aka PR23405
  bnc#1143609 aka CVE-2019-14444 aka PR24829
  bnc#1142649 aka CVE-2019-14250 aka PR90924
- Remove patches that are now included in the release:
  binutils-2.32-branch.diff.gz, binutils-fix-ld-segv.diff,
  binutils-pr24486.patch, riscv-abi-check.patch,
- Add binutils-2.33-branch.diff.gz patch.
- Rebase binutils-revert-plt32-in-branches.diff and
  cross-avr-size.patch patch.
- Add binutils-fix-ld-segv.diff to fix a segfault in ld
  when building some versions of pacemaker.  [bsc#1154025,
- Add avr, epiphany and rx to target_list so that the common
  binutils can handle all objects we can create with crosses.
- Update to current 2.32 branch @7b468db3 adding
  binutils-2.32-branch.diff.gz [jsc#ECO-368].
- Includes fixes for these CVEs:
  bsc#1109412 aka CVE-2018-17358 aka PR23686
  bsc#1109413 aka CVE-2018-17359 aka PR23686
  bsc#1109414 aka CVE-2018-17360 aka PR23685
  bsc#1111996 aka CVE-2018-18309 aka PR23770
  bsc#1112534 aka CVE-2018-18484 aka GCC PR87636
  bsc#1112535 aka CVE-2018-18483 aka PR23767
  bsc#1113247 aka CVE-2018-18607 aka PR23805
  bsc#1113252 aka CVE-2018-18606 aka PR23806
  bsc#1113255 aka CVE-2018-18605 aka PR23804
  bsc#1116827 aka CVE-2018-17985 aka GCC PR87335
  bsc#1118830 aka CVE-2018-19932 aka PR23932
  bsc#1118831 aka CVE-2018-19931 aka PR23942
  bsc#1120640 aka CVE-2018-1000876 aka PR23994
  bsc#1121034 aka CVE-2018-20651 aka PR24041
  bsc#1121035 aka CVE-2018-20623 aka PR24049
  bsc#1121056 aka CVE-2018-20671 aka PR24005
  bsc#1142772 aka CVE-2019-1010180 aka PR23657
- Refresh s390-biarch.diff and
  binutils-revert-plt32-in-branches.diff .
- For the SLE12 package this also removes patches
  binutils-z13-1.diff, binutils-z13-2.diff,
  binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff .
- enable xtensa architecture (Tensilica lc6 and related)
- Fix SUSE typo in README package name
- Use -ffat-lto-objects in order to provide assembly for static libs
Fake entry for SLE12 package variant only:
- Add support for new z13 instructions. [fate#327074, jsc#SLE-6206,
  Adds patches binutils-z13-1.diff, binutils-z13-2.diff,
  binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff .
- Add binutils-pr24486.patch: fix for PR24486 (boo#1133131 boo#1133232).
- Add rx-gas-padding-pr24464.patch: fix for PR24464.
- riscv-abi-check.patch: Don't check ABI flags if no code section
- Add binutils.keyring and verify signature.
- Add disk and RAM (for ppc, ppc64 and ppc64le) constraint with _constraints.
- Update to binutils 2.32:
  * The binutils now support for the C-SKY processor series.
  * The x86 assembler now supports a -mvexwig=[0|1] option to control
    encoding of VEX.W-ignored (WIG) VEX instructions.
    It also has a new -mx86-used-note=[yes|no] option to generate (or
    not) x86 GNU property notes.
  * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2),
    the Loongson EXTensions (EXT) instructions, the Loongson Content
    Address Memory (CAM) ASE and the Loongson MultiMedia extensions
    Instructions (MMI) ASE.
  * The addr2line, c++filt, nm and objdump tools now have a default
    limit on the maximum amount of recursion that is allowed whilst
    demangling strings.  This limit can be disabled if necessary.
  * Objdump's --disassemble option can now take a parameter,
    specifying the starting symbol for disassembly.  Disassembly will
    continue from this symbol up to the next symbol or the end of the
  * The BFD linker will now report property change in linker map file
    when merging GNU properties.
  * The BFD linker's -t option now doesn't report members within
    archives, unless -t is given twice.  This makes it more useful
    when generating a list of files that should be packaged for a
    linker bug report.
  * The GOLD linker has improved warning messages for relocations that
    refer to discarded sections.
- Remove binutils-2.31-branch.diff.gz, fix-pr23919-1.diff,
  fix-pr23919-2.diff, fix-pr23919-3.diff,
  gold-depend-on-opcodes.diff and s390-relro.diff.
- Refresh binutils-skip-rpaths.patch, s390-biarch.diff, cross-avr-size.patch
  and binutils-revert-plt32-in-branches.diff.
- Add s390-relro.diff to improve relro support on s390
- Fix the fix for PR23919 [bsc#1118644]:
  rename handle-ELF-compressed-header-alignment-correctly-by-.patch
  to fix-pr23919-1.diff and add fix-pr23919-2.diff
  and fix-pr23919-3.diff .
- Add handle-ELF-compressed-header-alignment-correctly-by-.patch:
- Update to binutils-2_31-branch @e51abf7e3, minor bugfixes in
  the support for the X86_ISA_1_* notes.  Adds
  patch binutils-2.31-branch.diff.gz .
- Add binutils-revert-plt32-in-branches.diff on anything older
  than Tumbleweed to not break old tools not expecting
  PLT32 instead of PC32 relocs on x86_64.
- Includes fixes for these CVEs:
  * from 2.30:
    bnc#1065643 aka CVE-2017-15996 aka PR22361
    bnc#1065689 aka CVE-2017-15939 aka PR22205
    bnc#1065693 aka CVE-2017-15938 aka PR22209
    bnc#1068640 aka CVE-2017-16826 aka PR22376
    bnc#1068643 aka CVE-2017-16832 aka PR22373
    bnc#1068887 aka CVE-2017-16831 aka PR22385
    bnc#1068888 aka CVE-2017-16830 aka PR22384
    bnc#1068950 aka CVE-2017-16829 aka PR22307
    bnc#1069176 aka CVE-2017-16828 aka PR22386
    bnc#1069202 aka CVE-2017-16827 aka PR22306
  * from 2.31:
    bnc#1077745 aka CVE-2018-6323  aka PR22746
    bnc#1079103 aka CVE-2018-6543  aka PR22769
    bnc#1079741 aka CVE-2018-6759  aka PR22794
    bnc#1080556 aka CVE-2018-6872  aka PR22788
    bnc#1081527 aka CVE-2018-7208  aka PR22741
    bnc#1083528 aka CVE-2018-7570  aka PR22881
    bnc#1083532 aka CVE-2018-7569  aka PR22895
    bnc#1086608 aka CVE-2018-8945  aka PR22809
    bnc#1086784 aka CVE-2018-7643  aka PR22905
    bnc#1086786 aka CVE-2018-7642  aka PR22887
    bnc#1086788 aka CVE-2018-7568  aka PR22894
    bnc#1090997 aka CVE-2018-10373 aka PR23065
    bnc#1091015 aka CVE-2018-10372 aka PR23064
    bnc#1091365 aka CVE-2018-10535 aka PR23113
    bnc#1091368 aka CVE-2018-10534 aka PR23110
- Removes binutils-fix-pr21964.diff as it's included in 2.31.
  Rebase testsuite.diff and aarch64-common-pagesize.patch .
- Disable -z separate-code everywhere but in Tumbleweed.
- Update to binutils 2.31
  * The AArch64 port now supports showing disassembly notes which are emitted
    when inconsistencies are found with the instruction that may result in the
    instruction being invalid.  These can be turned on with the option -M notes
    to objdump.
  * The AArch64 port now emits warnings when a combination of an instruction and
    a named register could be invalid.
  * Added O modifier to ar to display member offsets inside an archive
  * The ADR and ADRL pseudo-instructions supported by the ARM assembler
    now only set the bottom bit of the address of thumb function symbols
    if the -mthumb-interwork command line option is active.
  * Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU
    Build Attribute notes if none are present in the input sources.  Add a
  - -enable-generate-build-notes=[yes|no] configure time option to set the
    default behaviour.  Set the default if the configure option is not used
    to "/no"/.
  * Remove -mold-gcc command-line option for x86 targets.
  * Add -O[2|s] command-line options to x86 assembler to enable alternate
    shorter instruction encoding.
  * Add support for .nops directive.  It is currently supported only for
    x86 targets.
  * Speed up direct linking with DLLs for Cygwin and Mingw targets.
  * Add a configure option --enable-separate-code to decide whether
  - z separate-code should be enabled in ELF linker by default.  Default
    to yes for Linux/x86 targets.  Note that -z separate-code can increase
    disk and memory size.
  * Includes riscv-relax-size.patch, riscv-relax-relocatable.patch,
    riscv-relax-versioned-hidden.patch and riscv-wrap-relax.patch
- Refresh enable-targets-gold.diff.
- Adjust cross-avr-omit_section_dynsym.patch.
- Remove binutils-2.30-branch.diff.
- riscv-relax-versioned-hidden.patch: RISC-V: Fix symbol address problem
  with versioned symbols (PR ld/22756)
- Restore riscv64-elf cross prefix via symlinks
- Fix pacemaker libqb problem with section start/stop
  symbols, aka PR21964.  [bnc#1075418]
  Adds binutils-fix-pr21964.diff .
  (this is a change from SLE12, that was already included in 2.31
  binutils tree, mentioned for completeness to not loose tracking)
- riscv-relax-relocatable.patch: RISC-V: Don't enable relaxation in
  relocatable link
- Update binutils-2.30-branch.diff: 2.30 branch @7c78c26eefbb8
  * Includes more complete fix for PR20882.
  * Includes fix for PR22836.  [boo#1085784]
  * Includes fix for PR22983.
- riscv-relax-size.patch: Fix symbol size bug when relaxation deletes bytes
- Add binutils-pr22868.diff to fix testsuite fails in LLVM.
- Update to binutils 2.30
  * Add --debug-dump=links option to readelf and --dwarf=links option to objdump
    which displays the contents of any .gnu_debuglink or .gnu_debugaltlink
    Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links
    option to objdump which causes indirect links into separate debug info files
    to be followed when dumping other DWARF sections.
  * Add support for loaction views in DWARF debug line information.
  * Add -z separate-code to generate separate code PT_LOAD segment.
  * Add "/-z undefs"/ command line option as the inverse of the "/-z defs"/ option.
  * Add -z globalaudit command line option to force audit libraries to be run
    for every dynamic object loaded by an executable - provided that the loader
    supports this functionality.
  * Tighten linker script grammar around file name specifiers to prevent the use
    of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames.  These would
    previously be accepted but had no effect.
  * The EXCLUDE_FILE directive can now be placed within any SORT_* directive
    within input section lists.
- binutils-2.30-branch.diff: 2.30 branch @4cd0043413
- riscv-wrap-relax.patch: Fix linker relaxation with --wrap
- Remove use-hashtype-both-by-default.diff, use
  - -enable-default-hash-style=both instead
- Remove binutils-2.29-branch.diff, s390x-8fe09d7.diff
- Use riscv64-suse-linux as target for cross-riscv64-binutils
- Drop bc BuildRequires: no longer needed.
- Add riscv64 to %target_list
- Add arm-none-eabi symlinks (bsc#1074741)
- Add s390x-8fe09d7.diff to fix typo in ELF notes.
- Update binutils-2.29-branch.diff to @a45d8fd5ffbf888 fixing PR 22220.
- Update to 2.29.1 release, accumulating bugfixes.
- Update binutils-2.29-branch.diff to @a38a1d80 and to be
  relative to the 2.29.1 release fixing following PRs/bnc/CVE:
  22058 [bnc#1057149, CVE-2017-14130]
  21813 [bnc#1052503, CVE-2017-12456, bnc#1052507, CVE-2017-12454,
    bnc#1052509, CVE-2017-12453, bnc#1052511, CVE-2017-12452,
    bnc#1052514, CVE-2017-12450, bnc#1052503, CVE-2017-12456,
    bnc#1052507, CVE-2017-12454, bnc#1052509, CVE-2017-12453,
    bnc#1052511, CVE-2017-12452, bnc#1052514, CVE-2017-12450]
  22148 [bnc#1060599, CVE-2017-14745]
  22163 [bnc#1061241, CVE-2017-14974]
  21933 [bnc#1053347, CVE-2017-12799]
  21787 [bnc#1052518, CVE-2017-12448]
  22018 [bnc#1056312, CVE-2017-13757]
  22170 [bnc#1060621, CVE-2017-14729]
  22047 [bnc#1057144, CVE-2017-14129]
  22059 [bnc#1057139, CVE-2017-14128]
  21990 [bnc#1058480, CVE-2017-14333]
  22113 [bnc#1059050, CVE-2017-14529]
  as well as these PRs:
  22061, 21786, 21916, 21994, 22064, 21995, 21909, 21441, 22060,
  22067, 22032, 21820, 22048, 22199, 21781, 21824, 21861, 22150.
- Update to 2.29 (@5d25156), upstream fix for PR21884, as
  well as PRs 18808 18841 21840 21988 21910 21962 21964.
- Last fixes for PR21884 weren't complete, adjust
  binutils-2.29-branch.diff some more for this.
- Update to 2.29 branch (@de44148c), fixing PR21884, a segfault
  in ld while building memtest86+ .
  Changes binutils-2.29-branch.diff.
- Update to 2.29 branch, fixing PR21847, affecting the ppc64le
  ABI in corner cases since 2.29 release.
  Adds binutils-2.29-branch.diff.
- Remove binutils-2.29-gold-mips.patch, obsolete by the update.
- Add binutils-2.29-gold-mips.patch to fix build on SLE-11.
- Update to binutils 2.29. [fate#321454, fate#321494, fate#323293]
- Fixes these security-related PRs/bnc/CVEs:
  18750 [bsc#1030296, CVE-2014-9939]
  20891 [bsc#1030585, CVE-2017-7225]
  20892 [bsc#1030588, CVE-2017-7224]
  20898 [bsc#1030589, CVE-2017-7223]
  20905 [bsc#1030584, CVE-2017-7226]
  20908 [bsc#1031644, CVE-2017-7299]
  20909 [bsc#1031656, CVE-2017-7300]
  20921 [bsc#1031595, CVE-2017-7302]
  20922 [bsc#1031593, CVE-2017-7303]
  20924 [bsc#1031638, CVE-2017-7301]
  20931 [bsc#1031590, CVE-2017-7304]
  21409 [bsc#1037052, CVE-2017-8392]
  21412 [bsc#1037057, CVE-2017-8393]
  21414 [bsc#1037061, CVE-2017-8394]
  21432 [bsc#1037066, CVE-2017-8396]
  21440 [bsc#1037273, CVE-2017-8421]
  21580 [bsc#1044891, CVE-2017-9746]
  21581 [bsc#1044897, CVE-2017-9747]
  21582 [bsc#1044901, CVE-2017-9748]
  21587 [bsc#1044909, CVE-2017-9750]
  21594 [bsc#1044925, CVE-2017-9755]
  21595 [bsc#1044927, CVE-2017-9756]
- Feature changes:
  * The MIPS port now supports microMIPS eXtended Physical Addressing (XPA)
    instructions for assembly and disassembly.
  * The MIPS port now supports the microMIPS Release 5 ISA for assembly and
  * The MIPS port now supports the Imagination interAptiv MR2 processor,
    which implements the MIPS32r3 ISA, the MIPS16e2 ASE as well as a couple
    of implementation-specific regular MIPS and MIPS16e2 ASE instructions.
  * The SPARC port now supports the SPARC M8 processor, which implements the
    Oracle SPARC Architecture 2017.
  * The MIPS port now supports the MIPS16e2 ASE for assembly and disassembly.
  * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.
  * Add support for the wasm32 ELF conversion of the WebAssembly file format.
  * Add --inlines option to objdump, which extends the --line-numbers option
    so that inlined functions will display their nesting information.
  * Add --merge-notes options to objcopy to reduce the size of notes in
    a binary file by merging and deleting redundant notes.
  * Add support for locating separate debug info files using the build-id
    method, where the separate file has a name based upon the build-id of
    the original file.
  * Add support for ELF SHF_GNU_MBIND.
  * Add support for the WebAssembly file format and wasm32 ELF conversion.
  * PowerPC gas now checks that the correct register class is used in
    instructions.  For instance, "/addi %f4,%cr3,%r31"/ warns three times
    that the registers are invalid.
  * Add support for the Texas Instruments PRU processor.
  * Support for the ARMv8-R architecture and Cortex-R52 processor has been
    added to the ARM port.
  GNU ld
  * Support for -z shstk in the x86 ELF linker to generate
    GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties.
  * Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program
    properties in the x86 ELF linker.
  * Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program
    properties in the x86 ELF linker.
  * Support for -z ibtplt in the x86 ELF linker to generate IBT-enabled
  * Support for -z ibt in the x86 ELF linker to generate IBT-enabled
    PLT as well as GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program
  * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.
  * Add support for ELF GNU program properties.
  * Add support for the Texas Instruments PRU processor.
  * When configuring for arc*-*-linux* targets the default linker emulation will
    change if --with-cpu=nps400 is used at configure time.
  * Improve assignment of LMAs to orphan sections in some edge cases where a
    mixture of both AT>LMA_REGION and AT(LMA) are used.
  * Orphan sections placed after an empty section that has an AT(LMA) will now
    take an load memory address starting from LMA.
  * Section groups can now be resolved (the group deleted and the group members
    placed like normal sections) at partial link time either using the new
    linker option --force-group-allocation or by placing FORCE_GROUP_ALLOCATION
    into the linker script.
- Includes binutils-bso21193.diff, binutils-bso21333.diff and
- Remove ld-dtags.diff, instead configure with --enable-new-dtags.
- Refresh binutils-build-as-needed.diff.
- Remove binutils-2.28-branch.diff.
- Add riscv64 target, tested with gcc7 and downstream newlib 2.4.0
  * Prepare riscv32 target (gh#riscv/riscv-newlib#8)
- Update binutils-2.28-branch.diff.
- Make compressed debug section handling explicit, disable for
  old products and enable for gas on all architectures otherwise.
- Add binutils-bso21333.diff.  [boo#1029995]
- Remove empty rpath component removal optimization from
  binutils-skip-rpaths.patch to workaround CMake rpath handling.
- Add fix-security-bugs.diff to fix bnc#1029907, bnc#1029908,
  bnc#1029909 and more.  Upstream bugs fixed:
  PR 21135 [bsc#1030298, CVE-2017-7209],
  PR 21137 [bsc#1029909, CVE-2017-6965],
  PR 21139 [bsc#1029908, CVE-2017-6966],
  PR 21156 [bsc#1029907, CVE-2017-6969],
  PR 21157 [bsc#1030297, CVE-2017-7210],
  PR 21147, PR 21148, PR 21149, PR 21150, PR 21151, PR 21155,
  PR 21158, PR 21159
- Update to binutils 2.28.
  * Add support for locating separate debug info files using the build-id
    method, where the separate file has a name based upon the build-id of
    the original file.
  * This version of binutils fixes a problem with PowerPC VLE 16A and 16D
    relocations which were functionally swapped, for example,
    R_PPC_VLE_HA16A performed like R_PPC_VLE_HA16D while R_PPC_VLE_HA16D
    performed like R_PPC_VLE_HA16A.  This could have been fixed by
    renumbering relocations, which would keep object files created by an
    older version of gas compatible with a newer ld.  However, that would
    require an ABI update, affecting other assemblers and linkers that
    create and process the relocations correctly.  It is recommended that
    all VLE object files be recompiled, but ld can modify the relocations
    if --vle-reloc-fixup is passed to ld.  If the new ld command line
    option is not used, ld will ld warn on finding relocations inconsistent
    with the instructions being relocated.
  * The nm program has a new command line option (--with-version-strings)
    which will display a symbol's version information, if any, after the
    symbol's name.
  * The ARC port of objdump now accepts a -M option to specify the extra
    instruction class(es) that should be disassembled.
  * The --remove-section option for objcopy and strip now accepts section
    patterns starting with an exclamation point to indicate a non-matching
    section.  A non-matching section is removed from the set of sections
    matched by an earlier --remove-section pattern.
  * The --only-section option for objcopy now accepts section patterns
    starting with an exclamation point to indicate a non-matching section.
    A non-matching section is removed from the set of sections matched by
    an earlier --only-section pattern.
  * New --remove-relocations=SECTIONPATTERN option for objcopy and strip.
    This option can be used to remove sections containing relocations.
    The SECTIONPATTERN is the section to which the relocations apply, not
    the relocation section itself.
  * Add support for the RISC-V architecture.
  * Add support for the ARM Cortex-M23 and Cortex-M33 processors.
  GNU ld
  * The EXCLUDE_FILE linker script construct can now be applied outside of the
    section list in order for the exclusions to apply over all input sections
    in the list.
  * Add support for the RISC-V architecture.
  * The command line option --no-eh-frame-hdr can now be used in ELF based
    linkers to disable the automatic generation of .eh_frame_hdr sections.
  * Add --in-implib=<infile> to the ARM linker to enable specifying a set of
    Secure Gateway veneers that must exist in the output import library
    specified by --out-implib=<outfile> and the address they must have.
    As such, --in-implib is only supported in combination with --cmse-implib.
  * Extended the --out-implib=<file> option, previously restricted to x86 PE
    targets, to any ELF based target.  This allows the generation of an import
    library for an ELF executable, which can then be used by another application
    to link against the executable.
  * Add -z bndplt option (x86-64 only) to support Intel MPX.
  * Add --orphan-handling option.
  * Add --stub-group-multi option (PowerPC only).
  * Add --target1-rel, --target1-abs, --target2 options (Arm only).
  * Add -z stack-size option.
  * Add --be8 option (Arm only).
  * Add HIDDEN support in linker scripts.
  * Add SORT_BY_INIT_PRIORITY support in linker scripts.
- Add binutils-2.28-branch.diff.
- Remove binutils-2.27-branch.diff
- Remove binutils-2.27-fix-section-order.diff,
  and aarch64-alignment-frags.patch now upstream.
- Configure with --with-system-zlib
- Add binutils-bso21193.diff to fix section alignment on
  .gnu_debuglink.  [bso#21193]
- Add s390x to gold_archs.
- Fix alignment frags for aarch64 (boo#1003846)
- Call ldconfig for libbfd
- Add refine_.cfi_sections_check_to_only_consider_compact_eh_frame.patch
  from upstream to fix an assembler problem with clang on ARM.
  Fixes https://sourceware.org/bugzilla/show_bug.cgi?id=20648
- Update binutils-2.27-branch.diff to include recent fixes from the branch.
- Add binutils-2.27-fix-section-order.diff to restore monotonically
  increasing section offsets.
- Remove qemu workaround from spec file, since qemu 2.5.0rc0 the
  length of the argument list is no longer limited to 128 kByte.
- Update to binutils 2.27.
  * Add a configure option, --enable-64-bit-archive, to force use of a
    64-bit format when creating an archive symbol index.
  * Add --elf-stt-common= option to objcopy for ELF targets to control
    whether to convert common symbols to the STT_COMMON type.
  * Default to --enable-compressed-debug-sections=gas for Linux/x86 targets.
  * Add --no-pad-sections to stop the assembler from padding the end of output
    sections up to their alignment boundary.
  * Support for the ARMv8-M architecture has been added to the ARM port.
    Support for the ARMv8-M Security and DSP Extensions has also been added
    to the ARM port.
  * ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and
    .extCoreRegister pseudo-ops that allow an user to define custom
    instructions, conditional codes, auxiliary and core registers.
  * Add a configure option --enable-elf-stt-common to decide whether ELF
    assembler should generate common symbols with the STT_COMMON type by
    default.  Default to no.
  * New command line option --elf-stt-common= for ELF targets to control
    whether to generate common symbols with the STT_COMMON type.
  * Add ability to set section flags and types via numeric values for ELF
    based targets.
  * Add a configure option --enable-x86-relax-relocations to decide whether
    x86 assembler should generate relax relocations by default.  Default to
    yes, except for x86 Solaris targets older than Solaris 12.
  * New command line option -mrelax-relocations= for x86 target to control
    whether to generate relax relocations.
  * New command line option -mfence-as-lock-add=yes for x86 target to encode
    lfence, mfence and sfence as "/lock addl $0x0, (%[re]sp)"/.
  * Add assembly-time relaxation option for ARC cpus.
  * Add --with-cpu=TYPE configure option for ARC gas.  This allows the default
    cpu type to be adjusted at configure time.
  * Add a configure option --enable-relro to decide whether -z relro should
    be enabled by default.  Default to yes.
  * Add support for s390, MIPS, AArch64, and TILE-Gx architectures.
  * Add support for STT_GNU_IFUNC symbols.
  * Add support for incremental linking (--incremental).
  GNU ld:
  * Add a configure option --enable-relro to decide whether -z relro should
    be enabled in ELF linker by default.  Default to yes for all Linux
    targets except FRV, HPPA, IA64 and MIPS.
  * Support for -z noreloc-overflow in the x86-64 ELF linker to disable
    relocation overflow check.
  * Add -z common/-z nocommon options for ELF targets to control whether to
    convert common symbols to the STT_COMMON type during a relocatable link.
  * Support for -z nodynamic-undefined-weak in the x86 ELF linker, which
    avoids dynamic relocations against undefined weak symbols in executable.
  * The NOCROSSREFSTO command was added to the linker script language.
  * Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply
    link-time values for dynamic relocations.
- Add binutils-2.27-branch.diff with fixes on the branch sofar.
- Remove gold-relocate-tls.patch, included in binutils 2.27.
- Update to binutils 2.26.1.
- Remove binutils-2.26-branch.diff.
- Update binutils-2.26-branch.diff, updates to branch head.
  (swo#19807) (bnc#970239)
- Disable -mrelax-relocations by default on old products.
- Update binutils-2.26-branch.diff, updates to branch head.
  (swo#19739) (swo#19775)
- Add binutils-2.26-branch.diff, updates to branch head.
  * Adds -mrelax-relocations on x86
  * Fixes bso#19698
- Refresh cross-avr-nesc-as.patch
- Update to binutils 2.26
  * Add --fix-stm32l4xx-629360 to the ARM linker to enable a link-time
    workaround for a bug in the bus matrix / memory controller for some of
    the STM32 Cortex-M4 based products (STM32L4xx)
  * Add a configure option --enable-compressed-debug-sections={all,ld} to
    decide whether DWARF debug sections should be compressed by default.
  * Add support for the ARC EM/HS, and ARC600/700 architectures.
  * Experimental support for linker garbage collection (--gc-sections)
    has been enabled for COFF and PE based targets.
  * New command line option for ELF targets to compress DWARF debug
    sections, --compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi].
  * New command line option, --orphan-handling=[place|warn|error|discard], to
    adjust how orphan sections are handled.  The default is 'place' which gives
    the current behaviour, 'warn' and 'error' issue a warning or error
    respectively when orphan sections are found, and 'discard' will discard all
    orphan sections.
  * Add support for LLVM plugin.
  * Add --print-memory-usage option to report memory blocks usage.
  * Add --require-defined option, it's like --undefined except the new symbol
    must be defined by the end of the link.
  * Add a configure option --enable-compressed-debug-sections={all,gas} to
    decide whether DWARF debug sections should be compressed by default.
  * Add support for the ARC EM/HS, and ARC600/700 architectures.  Remove
    assembler support for Argonaut RISC architectures.
  * Add option to objcopy to insert new symbols into a file:
  - -add-symbol <name>=[<section>:]<value>[,<flags>]
  * Add support for the ARC EM/HS, and ARC600/700 architectures.
  * Extend objcopy --compress-debug-sections option to support
  - -compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi] for ELF
  * Add --update-section option to objcopy.
  * Add --output-separator option to strings.
- Includes z13 support, remove 0001-S-390-Add-support-for-IBM-z13.patch,
  0004-S-390-Fixes-for-z13-instructions.patch and
- Includes fixes in binutils-fix--dynamic-list.patch,
  binutils-fix-gold-aarch64.diff, gold-arm64-abi-pagesize.patch
  and s390-troo-insn-type.patch
- Refresh s390-pic-dso.diff and binutils-build-as-needed.diff
- gold-relocate-tls.patch: Fix internal error when applying TLSDESC
  relocations with no TLS segment
- s390-troo-insn-type.patch: fix wrong insn type for troo insn
- aarch64-common-pagesize.patch: change default common-page-size to 64K on
- gold-arm64-abi-pagesize.patch: fix ABI pagesize for aarch64 in gold
- Disable use-hashtype-both-by-default.diff for
  the mips target, it's incompatible with it.  [bnc #938658]
- Add cross-rx-binutils package for Renesas RX
- Work around qemu bug
- Update to 2.25 branch at 2f5b97b4f (changes
  binutils-2.25-branch.diff.gz) fixes PR 18481, gas/18541.
- Add patches for s390 z13 support (backports from
  to-be 2.26):
  0005-S-390-z13-use-GNU-attribute-to-indicate-vector-ABI.patch .
- Fix %TARGET vs. $TARGET_OS inconsistencies by turning $TARGET_OS
  into %TARGET_OS for reuse in install and file sections.
  This fixes the assumption that $TARGET_OS will match %{TARGET}*.
- enable gold for aarch64
- Move sed call from %prep to %build to not disturb quilt.
- Add binutils-2.25-branch.diff.gz:
  Update to 2.25 branch at 8fe8994c, fixing many bugs:
  PR ld/15228, binutils/17512, 17165, binutils/17531, ld/17615, 17666,
  ld/17709, gas/17753, 17755, 17817, ld/17827, 17842, binutils/17926,
  17954, 18010, ld/18167, ld/18222, ld/18270.
- Remove eh-frame-hdr-on-shared-lib-bfd.patch: Included already.
- Remove gold-opd-visibility.patch: Included already.
- move info deinstall to preun section
- Added binutils-fix--dynamic-list.patch:
  Fixes https://sourceware.org/bugzilla/show_bug.cgi?id=13577 and
- gold-opd-visibility.patch: Set default visibility on discarded .opd
- eh-frame-hdr-on-shared-lib-bfd.patch: Don't create .eh_frame_hdr on
  shared lib bfd, fixes building libgcj on ppc64
- Update to binutils 2.25 release.
  * Add --data option to strings to only print strings in loadable, initialized
    data sections.  Change the default behaviour to be --all, but add a new
    configure time option of --disable-default-strings-all to restore the old
    default behaviour.
  * Add --include-all-whitespace to strings.
  * Add --dump-section option to objcopy.
  * Add support for the Andes NDS32.
  * PE binaries now once again contain real timestamps by default.  To disable
    the inclusion of a timestamp in a PE binary, use the --no-insert-timestamp
    command line option.
  * Replace support for openrisc and or32 with support for or1k.
  * Add support for the --build-id command line option to COFF based targets.
  * x86/x86_64 pe-coff now supports the --build-id option.
  * Add support for the AVR Tiny microcontrollers.
  * Enhanced the ARM port to accept the assembler output from the CodeComposer
    Studio tool.  Support is enabled via the new command line option -mccs.
- Update to 2.25 branch head.
  * Pulls PIE fixes.
- Minor fix on the usage of update-alternatives
- Update to current 2.25 pre-release branch, at 127a4644.
- binutils-fix-gold-aarch64.diff: fixing build temporarily broken
  on brach.
- Remove obsolete patches: binutils-2.24-branch.diff.gz,
  pie-m68k.patch, binutils-2.24-auto-plugin.diff, ld-testsuite.patch,
  binutils-2.24-bso16746.diff .
- Enable Adapteva Epiphany target
- btt: make device/devno use PATH_MAX to avoid overflow
  (CVE-2018-10689 bsc#1091942).
  - Added btt-make-device-devno-use-path_max-to-avoid-overflow.patch
- Update to version 1.1.0+git.20170126:
  * blktrace: Add support for sparse CPU numbers
  * blktrace: Reorganize creation of output file name
  * blktrace: Create empty output files for non-existent cpus
- Update to version 1.1.0+git.20160823:
  * Use maximum over all traces for queue depth
  * Process notify events outside of given interval
  * iowatcher: Use queue events if issue not available
  * btt: Replace overlapping IO
  * Zero sectors are strange
  * Don't prepend blktrace destination dir if we didn't run blktrace
  * Separate prefix in legend with space
  * Fixup graph name in help text
  * blktrace: remove -k from manpage synopsis
  * iowatcher: link with -lrt
- Update to version 1.1.0+git.20160425:
  * Refer to sda instead of hda in man pages
  * btreplay: Fix typo in scaling up the dynamic cpu set size.
  * include sys/types.h for dev_t definition
  * Fix warnings on newer gcc
  * Add the "/-a discard"/ filter option to the blktrace.8 man page
  * blktrace: Use number of online CPUs
  * btreplay: fix memory corruption caused by CPU_ZERO_S
  * btreplay: fix sched_{set|get}affinity
  * btreplay: make Ctrl-C work
  * btreplay: remove timestamps
- Add _service for automatic git syncing
  + exclude .git when generating tarball
  + enable automatic changelog updating
- Update to 1.1.0:
  - merge iowatcher
- Update to 1.0.5 version:
  * Fix compiler warnings
  * avoid string overflows
- Some improvements like using macro instead of RPM variables
- Add some missed fonts
- Make it build with latest TeXLive 2012 with new package layout
- Update to v1.0.3 (bnc#720300 and others).
  - Updated documentation
  - Fixed multiple output errors
  - Added FLUSH/FUA support
  - Misc bug fixes
- disable parallel build again
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
- Fix build with no-add-needed (missing -pthread)
- Fix memory leak (bnc #546035)
- Fix memory leak in btrecord (bnc #523444).
- Fix typo in btt (bnc #511264).
- Update to version 1.0.1:
  * blkrawverify: warn and return error if no traces are found
  * blkiomon manpage and usage reference invalid "/msg-queue-name"/ option
  * fix up btrace options & manpage
  * more manpage fixups
  * fix max-pkts option inconsistencies
  * Converted to using the correct remap entries
  * blkiomon: fix unaligned accesses on ia64
  * fix off-by-one issues in blkiomon.h
  * fix include statement in stats.h
  * handle race to mkdir at startup
  * Fixed plug/unplug logic in btt
  * Working on fixing % time q plugged
  * fix trivial typo in manpage
  * Add NOTIFY to activity mask
  * Blktrace failed to lock reader threads on the cpu used by the
    corresponding writer. This resulted in stale data being consumed when
    blktrace accidently read at a position that was being written to at the
    same time. This issue surfaced as "/bad trace magic"/ warnings emitted by
    blktrace tools.
  * Generate matplotlib plots for btt generated data
  * Update Jenkins hash to lookup3() variant
  * Fixed EAGAIN handling in blktrace.c
  * O_NOATIME isn't always present
  * btt: Added no remap option
  * btt general cleanup plus valgrind clean
  * btt: Missed fopen conversion to my_fopen
  * Code review updates
  * Reworked blktrace master/thread interface
  * Cleaned up devs that have no data
  * Moved starting of tracing after tracers are going
  * btt: fixed open in setup_ifile
  * Synchronized trace gathering
  * Invoke gethostbyname once, handle errors better
  * Added accept as a system call needing resource increases
  * Rewrote blktrace to have a single thread per CPU
  * Fix btt to handle large numbers of output files
  * Increased limits to allow for large system runs
  * A couple of min-counters weren't initialised correctly (thrput_r,
    thrput_w). We have got a perfectly working init function for this
    purpose. Removing partially duplicated code.
  * The git commit 11914a53d2ec2974a565311af327b8983d8c820d added
    __BLK_TA_ABORT to blktrace_api.h. A corresponding addition to the blktrace
    tools repository has been missing, breaking the API. Blkparse complained:
    "/Bad fs action 40010011"/
  * Added no messages option to blkparse.c
  * gcc 4.3.2 has started to warn about:
  * Added -P to create a data file w/ Q, D and C per line
  * Fixed 'M' displays on per-io output and added in I/O separator
  * Fixed segfault in aqd.c : need to check for NULL (not requested)
  * Added in -z to provide running waiting-for-issue latencies
  * Moved btrecord/btreplay to version 1.0.0
- Build with docs by default.
- Fix package split done for shared library packaging guideline (bsc#1184479).
- Update to version 2.20
  * Silent some gcc warnings, also avoid common variable (boo#1160385)
  * Include <sys/sysmacros.h> for makedev
  * sort input files (boo#1041090)
  * libconsole: never return empty list from getconsoles()
  * libconsole: Really allow to use /dev/console as a fallback in showconsole
  * libconsole: Add console into the list only when successfully allocated
  * libconsole: Correctly ignore early consoles
- Remove obsolate patch blog-Remove-unused-header.patch
- Add blog-Remove-unused-header.patch: Fix build with new glibc
- Implement shared library packaging guideline.
- Update to version 2.19 which integrates the patches now removed:
  * sysmacros.patch
  * libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
  * libconsole-never-return-empty-list-from-getconsoles.patch
  * showconsole-2.18.tar.gz
  * libconsole-Add-console-into-the-list-only-when-succe.patch
  * libconsole-Correctly-ignore-early-consoles.patch
  as well as the changes
  * Correct wants directory for systemd-ask-password-blog.service
  * Sort input files for reproducible builds
- sysmacros.patch: Include <sys/sysmacros.h> for makedev
- Use %license instead of %doc [bsc#1082318]
- hardening of the console list generation (bsc#1071568):
  * libconsole-never-return-empty-list-from-getconsoles.patch
  * libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
  * libconsole-Add-console-into-the-list-only-when-succe.patch
  * libconsole-Correctly-ignore-early-consoles.patch
- Change description of blog-plymouth in same manner as used by
  the release notes
- Add coreutils as required by post scriptlet (boo#1036436)
- Use github source from tagged version
- Use https://github.com/bitstreamout/showconsole as URL
- Install binaries with read permissions (bnc#990837)
- Do not use privata glibc API (boo#967437) but implement
  missing shared memory mkstemp()
- Remove patch remove-bad-symbol-use.patch
- remove-bad-symbol-use.patch: Remove bad use of internal glibc interface
- Make clear that blog is split off from sysvinit-tools
- Avoid to be tagged with GLIBC_PRIVATE
- Use libblogger.so with version, that is major and minor
- Bug fix version: Handle chached password request gracefully
- add blog-rpmlintrc. The all-manual handling of systemd services
  is required according to Werner.
- Let libblogger become a shared library
- Clean up service uits for close and umount
- First initial package after splitting apart from sysvinit
  * Now blogd can replace plymouth(9) even from initrd
  * Also blogd is able to handle password requests from
    from systemd API
  * The blogd daemon writes out console messages even on reboot
    or halt up to the file systems become unavailable.
  * No locking of the console devices, no frame buffer switching.
- Use url for source
- Tiny spec file cleanups
- Cleanup spec file with spec-cleaner
- Remove ctcs packages
- Update to 1.5: Minor changes.
- disable ctcs for > 11.4, not available
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
- Fix last change.
- make patch0 usage consistent
- added subpackage for CTCS2 integration
- remove unused header file
- Don't build as root.
- Don't strip binaries.
- libreoffice_compat_backports.patch: add a backport of
  Boost.Optional::has_value() for LibreOffice
- Use %license instead of %doc [bsc#1082318]
- Multibuild requires versioned Name: tag and doesn't seem to do
  this automatically. (bnc#1076640)
- Update to version 1.66.0
  + Beast: new portable HTTP, WebSocket and network operations
    using Boost.Asio. Header-only library.
  + Callable Traits: new library and successor to
    Boost.FunctionTypes. Header-only library.
  + Mp11: new metaprogramming library
  + Asio:
  * implemented interface changes to reflect the Networking TS
  * functions and classes that have been superseded by
    Networking TS functionality have been deprecated.
  * added support for customized handler tracking
  * removed previously deprecated functions
  + Atomic: improved compatibility with GCC 7. 128-bit operations
    on x86_64 no longer require linking with compiled library.
  + DateTime: Fixed an integral overflow that could cause incorrect
    results when adding or subtracting many years from a date.
  + Format: New format specifiers added and volatile arguments
    can not be safely used with operator%
  + Fusion:
  * fix compile error with std::array
  * remove circular preprocessor include
  + PolyCollection: backported to GCC 4.8 and 4.9 with some
  + Uuid: added RTF-4122 namespaces in boost::uuids::ns
  + for complete changelog, see
- refreshed patches: boost-rpmoptflags-only.patch
- re-enable Python 2 by default. It's still conditional, but
  remains enabled by default. This can be disabled in project
- build Python 2 conditionally
- Use multibuild setup - build no-dependency libraries in the
  base package and build the rest of the compiled libraries in
  the main variant. This should speed up bootstrapping.
- boost-devel not built by default anymore.
- libboost_headers-devel now provides boost-devel for legacy
  dependencies. If you need compiled boost libraries depend on
  the current compiled devel subpackage.
- run %fdupes only on the header files and documentation
- drop build dependencies on gcc-fortran, chrpath.
- Setup MPI environment prior to building boost.
- Switch to OpenMPI2 as OpenMPI1 is becoming deprecated.
- New upstream version 1.65.1
  + config, fiber - Return a continuation from functions executed
    by resume_with.
  + stacktrace - Change preprocessor file extensions to work with
    the installation system.
- Changes in version 1.65.0
  + stacktrace - new library providing call sequence in human
    readable format.
  + polycollection - new library providing fast containers of
    polymorphic objects, from Joaquín M López Muñoz.
  + For full list of changes, see
- 1d862615.patch: upstreamed and removed
- gcc_path.patch: obsolete, tr1 module is removed
- mpi_upstream.patch: upstreamed and removed
- boost-1.57.0-python-abi_letters.patch: refreshed
- python_library_name.patch: refreshed and reverted upstream
  changes to mpi/build/Jamfile as we are building python2 and
  python3 versions of MPI separately.
- baselibs.conf
  + add libboost_stracktrace
  + update to version 1.65.1
- 1d862615.patch: Fix regression caused by refactoring of
  serialization code (bnc#1038083)
- make python-numpy optional build dependency
- fix building of mpi python3 plugin
- New upstream version 1.64.0
  + process - new library providing cross platform methods to
  - create child processes
  - setup stream for child processes
  - sync and async communication streams with children
  - sync and async wait
  - process termination
  + geometry library had some breaking changes,
  - ublas_transformer is renamed to matrix_transformer
  - explicit modifier is added to constructors of rtree
    index::dynamic_* parameters
  - strategy::area::huiller replaced by strategy::area::spherical
  + context library updates
  - deprecated API:execution-context
  - fixed bad assembly for fcontext on ppc64/sysv/elf
  + Updated libraries: any, atomic, config, container, context,
    conversion, core, coroutine2, fiber, hash, interprocess,
    intrusive, lexicalcast, math, multi-index containers,
    multiprecision, predef, program options, regex, smart pointers,
    test ,typeindex, typetraits, unordered, variant
  + for details, see
- Build PyNumpy module
  + add build requires on python-numpy
- test_lowcase.patch: upstreamed
- refreshed patches: boost-strict_aliasing.patch, gcc_path.patch,
- mpi_upstream.patch: pending upstream fixes to OpenMPI build
- python_library_name.patch: we are building python versions in
  different stagings so drop library renames.
- python_numpy_retfunc.patch: rpmlint fixes
- update python macros
- baselibs.conf: (re)add python 2.7 and 3.x libraries
- Fix dependency typos.
- test_lowcase.patch: downcase Boost::Test usage of uppercase
  variables. VERSION was clashing with GNU Autotools define
  resulting in compilation errors of various packages.
- recombine headers from various devel subpackages under the
  libboost_headers-devel package. Not all usage of headers that
  have compiled parts pull in their associated compiled symbols.
- general cleanup of the spec file from old, commented stuffs
- remove non-existent dependency in the boost mpi python package
- update to version 1.63.0
  * updated libraries: atomic, container, context, fiber,
    fusion, geometry, hash, interprocess, intrusive, lexical cast,
    log, metaparse, move, optional, phoenix, python, test,
    typeindex, units, unordered
  * see http://www.boost.org/users/history/version_1_63_0.html
    for complete list of changes
- refresh patches
  * boost-1.55.0-python-test-PyImport_AppendInittab.patch
  * boost-strict_aliasing.patch, and enable -fno-strict-aliasing
    for python module
- baselibs.conf:
  * add libboost_locale
  * rename python to include new soname
- remove python-2059618.patch, not needed
- make build condition --without buil_mpi work
- allow building without python3 bindings, for SLE11SP4
- remove versioned build dependency on libicu-devel, apparently
  not needed.
- split out the boost-devel package into individudal compiled
  libraries and their -devel subpackages and libboost_headers-devel
  package for header-only libraries.
- remove all the -mt.so symlinks, probably not needed anymore.
- ship MPI python bindings for both Python 2.7 and 3.x
  * add python_mpi.patch to allow proper compiled library loading
- dynamic_linking.patch: first attempt to remove static library
  generation during build process.
- Revert upstream change that set default python version and
  ignored user configuration.
  python-2059618.patch (boo#1006584)
- Rectify groups and description
- package boost-jam
- add missing ldconfig for libboost_type_erasure
- fix EOL encoding for documentation files
- update to version 1.62.0
  * new library: fiber: framework for userland-threads/fibers
  * new library: QVM: library for working with quaternions,
    vectors and matrices of static size
  * see http://www.boost.org/users/history/version_1_62_0.html
    for complete changelog
- remove boost-fix_include_config.patch - upstreamed
- gcc_path.patch - fix GCC search paths (bnc#996917)
  Boost assumes /usr/include/c++/x.y.z/ existence for GCC 4.x
  onward while our version of GCC only has /usr/include/c++/x.y
  for 4.x GCC and /usr/include/c++/x/ for 5.x onward.
- migrate to using %bcond_ instead of hardcoding macros
  for different Boost features
- better way to limit max number of compilation units than
  by reading /proc/meminfo and guesstimating.
- Fix boo#994378, boo#994381, boo#994382 boo#994383:
  Fix build issues when optional_fwd.hpp is used before
  including boost/config.hpp
- Add boost-fix_include_config.patch from
- build it from "/boost.spec"/, but create versioned "/boost-1_61-devel"/
- build quickbook also in versioned package
- update to version 1.61.0
  Details on http://www.boost.org/users/history/version_1_61_0.html
  Obsolete patches:
  * boost-1.59-test-fenv.patch
  * boost-deprecated-type_traits.patch
- rename package to boost-1_60 to allow multiple versions
- Fix build on systems with GCC4
- Added libboost_python3 to the dependency macro.
  * boost-devel will now correctly requires libboost_python3.
- Add boost-deprecated-type_traits.patch to fix deprecated
  type_traits usage in boost/graph/adjacency_matrix.hpp header.
- Add the following patches from Fedora to fix underlinking in
  boost::python code
  * boost-1.57.0-python-abi_letters.patch
  * boost-1.57.0-python-libpython_dep.patch
  * boost-1.55.0-python-test-PyImport_AppendInittab.patch
- Updated to version 1.60.0
  * New library: VMD.
  * Updated libraries: Atomic, Chrono, Container, Context, Core,
    Filesystem, Flyweight, Fusion, Interprocess, Intrusive, Lexical
    Cast, Locale, log, Move, Multi-index Containers, odeint,
    Optional, Predef, Test, Thread, UUID
  * See http://www.boost.org/users/history/version_1_60_0.html for
    complete changelog.
- Modified patch:
  * boost-disable-pch-on-aarch64.patch
  - rediff to a new context
- Removed patch:
  * boost-1.59-python-make_setter.patch
  - integrated upstream
- Add libboost_type_erasure subpackage
- Add support to Boost:Python3 (boo#951902)
  * New library: python3
- Add boost-visibility.patch to make members of basic_xml_grammar<char>
  visible (boo#958150).
- Fix redefinition of _docdir.
- coroutine2 depends on context, disable it if context is not built
- Updated to version 1.59.0:
  * New libraries: Convert, Coroutine2
  * Updated Libraries: Container, Context, Coroutine, Fusion,
    Geometry, Interprocess, Intrusive, Lexical Cast, Log, Move,
    Multi-index Containers, Predef, Program Options, Property Tree,
    Boost.Test v3, TypeIndex, Variant
  * See http://www.boost.org/users/history/version_1_59_0.html for
    complete changelog.
- context now builds on aarch64
- Import two patches from Fedora: boost-1.59-python-make_setter.patch,
- Drop 0001-Fix-exec_file-for-Python-3-3.4.patch,
  boost-uuid-comparison.patch, boost-unrecognized-option.patch.
  Fixed upstream.
- Remove unneeded dependency on xorg-x11-devel
- boost-unrecognized-option.patch: remove unrecognized option -m32
- update to 1.58.0:
  boost docs remain at 1.56 since upstream hasn't updated yet
  * New Libraries: Endian, Sort.
  * Updated Libraries: Asio, Chrono, Container, Context, Conversion,
  DateTime, Flyweight, Function, Functional/Factory, Fusion, Geometry,
  Hash, Interprocess, Intrusive, Lexical Cast, Log, Math, Move,
  Multi-index Containers, Multiprecision, Optional, Phoenix,
  Predef, Random, Thread, TypeErasure, TypeIndex, Units,
  Unordered, Variant.
  See http://www.boost.org/users/history/version_1_58_0.html
- add 0001-Fix-exec_file-for-Python-3-3.4.patch ,
  0002-Fix-a-regression-with-non-constexpr-types.patch: Fixes regressions
  in 1.58
- drop bjam-alignment.patch, boost-gcc5.patch: Already fixed upstream
- add boost-rpmoptflags-only.patch: Build only with optflags
- add boost-aarch64-flags.patch: Avoid using -m64
- add boost-uuid-comparison.patch: Fix regression in UUID operator<
- add boost-disable-pch-on-aarch64.patch: Disable pch on math library
  to avoid compiler segfault
- Add quickbook subpackage
- Use $RPM_OPT_FLAGS for building, force use of the GCC toolset.
  Be more verbose and fail building with the first error.
- Add boost-gcc5.patch to use -std=c++11 when building the coroutines
  module which fixes build with GCC 5.
- Revert the python3 building: it resulted in BOTH libboost_python
  libraries to be using python 3 instructions, resulting in
  failures of all Py2 related packages.
- Replace the initrd update with generic macros(bsc#1183594)
- Update wallpapers (jsc#SLE-14772).
- Update bootloader (jsc#SLE-14772).
- Update wallpapers (jsc#SLE-14772).
- Update wallpapers and bootloaders (jsc#SLE-14772).
- Update wallpapers and bootloaders (jsc#SLE-14772).
- Update gfxboot branding (jsc#SLE-14772, bsc#1178192).
- Move branding image file from gnome-shell to gdm-branding
  (jsc#SLE-11720 bsc#1176304).
- Fix grub2 branding to better handle different screen ratio
- Update gdm branding (jsc#SLE-14772).
- Add 4k backgrounds / screenlocks (jsc#SLE-14772).
- Update grub2 branding (jsc#SLE-14772).
- remove plymouth_parse_newlines.patch, merged in tarball
- update wallpapers and plymouth to new branding (jsc#SLE-14772).
- change the way plymouth defaults are handled (jsc#SLE-11637).
- Add plymouth_parse_newlines.patch to parse "/n"/ in plymouth theme
  text to new lines (bsc#1165825).
- Rebuild for GNOME 3.34 (jsc#SLE-8245).
- Update grub theme to better cope with long menu entry
- Remove autostart file granting X11 access to root (bsc#1084737).
- Remove dynamic backgrounds subpackage.
- New design for SLE15[FATE#323736].
- Add custom.conf to gdm-branding-SLE package: With a new line
  InitialSetupEnable=False, it will disable gnome-initial-setup
  run before gdm. Otherwise if a system without CJK language and
  without normal user could not be login(bnc#1067976).
- Move distributor.svg inside to source package together with
  custom.conf, because they are all gdm resources.
- Add an autostart file that runs on login and grants X11 access
  to root. This allows graphical applications to run as root,
  which is required for YaST (bsc#955101, fate#322297).
- No longer install by default dynamic-wallpaper if
  gnome-settings-daemon is installed.
- Update for SLE15.
- Kill kde-branding-SLE specfile.
- drop generating of yast2-qt-branding-SLE as it is not used on
  media and its content is already part of yast2-theme-SLE
- Add gdm-branding-SLE subpackage (FATE#318572).
- Enable GRUB2 branding for aarch64 (FATE#318444)
- update bzip2-1.0.6-CVE-2019-12900.patch to accept as many
  selectors as the file format allows. This relaxes the previous
  fix for CVE-2019-12900 so that bzip2 allows decompression of bz2
  files that use (too) many selectors again. It fixes a bzip2 and
  lbzip2 incompatibility caused by previous patch [bsc#1139083]
- add bzip2-1.0.6-CVE-2019-12900.patch to fix an out-of-bounds
  write in decompress.c when there are many nSelectors used in a
  loop to access selectorMtf [bsc#1139083] [CVE-2019-12900]
- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
  free vulnerability that was reported in bzip2recover [bsc#985657]
- Update autotools patchset:
  D bzip2-1.0.6-autoconfiscated.patch
  A bzip2-
- Use %license (boo#1082318)
- Fix build on Fedora and Mageia
- Update bzip2-1.0.6-autoconfiscated.patch:
  * Bump version to 1.0.6.
  * Fix script symlinks on platforms with EXEEXT.
- Drop implicit pie building
- Try profiled build
- Move autoreconf to build section
- cleanup with spec-cleaner
- add bzip2-1.0.6-bzgrep_return_value.patch to fix bzgrep wrapper
  that always returns 0 as an exit code when grepping multiple
  archives [bsc#970260]
- Remove bzip2-faster.patch, it causes a crash with libarchive and
  valgrind points out uninitialized memory. See
- Avoid noarch sub package in SLE_11
- Cleanup a bit.
- Remove the profiling stuff as it should not be used nowdays.
  At least even factory builds without it.
- Provide libbz2.so.1.0 as other distros do, so we can run tiny
  things like steam.
- Respect cflags again, borked by previous commit.
- build with PIE
- fix basisms in bzgrep and bznew
- add patches:
  * bzip2-1.0.6-fix-bashisms.patch
- add BR for pkg-config to get the provides in the devel package
- ares_dns.h, missing_header.patch: re-add missing header in last release
- Version update to 1.17.0
  * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
  * Avoid theoretical buffer overflow in RC4 loop comparison
  * Empty hquery->name could lead to invalid memory access
  * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
    passed in (bsc#1178882, CVE-2020-8277)
  * Update help information for adig, acountry, and ahost
  * Test Suite now uses dynamic system-assigned ports rather than hardcoded
    ports to prevent failures in containers
  * Detect remote DNS server does not support EDNS using rules from RFC 6891
  * Source tree has been reorganized to use a more modern layout
  * Allow parsing of CAA Resource Record
  Bug fixes:
  * readaddrinfo bad sizeof()
  * Test cases should honor HAVE_WRITEV flag, not depend on WIN32
  * FQDN with trailing period should be queried first
  * ares_getaddrinfo() was returning members of the struct as garbage values if
    unset, and was not honoring ai_socktype and ai_protocol hints.
  * ares_gethostbyname() with AF_UNSPEC and an ip address would fail
  * Properly document ares_set_local_ip4() uses host byte order
  For details, see https://c-ares.haxx.se/changelog.html
- add missing upstream sources, to be removed for next release
- remove unnecessary BuildRequires
- fix building on SLE12 systems
- simplify conditions bit to make it tad more readable
- Implement multibuild specfile to split out tests into its own
  flavor; this way we can build and run tests, which require
  static lib, as well as avoid packaging the latter without issues
  with the installed cmake file..
- Version update to 1.16.1
  * Prevent possible use-after-free and double-free in ares_getaddrinfo() if
    ares_destroy() is called prior to ares_getaddrinfo() completing.
  Reported by Jann Horn at Google Project Zero.
  * Allow TXT records on CHAOS qclass. Used for retriving things like
    version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3]
  Bug fixes:
  * Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1]
  * Silence false cast-align compiler warnings due to valid casts of struct
    sockaddr to struct sockaddr_in and struct sockaddr_in6.
  * MacOS should use libresolv for retrieving DNS servers, like iOS
  * CMake build system should populate the INCLUDE_DIRECTORIES property of
    installed targets [2]
  * Correct macros in use for the ares_getaddrinfo.3 man page
- Changes in version 1.16.0
  * Introduction of ares_getaddrinfo() API which provides similar output
    (including proper sorting as per RFC 6724) to the system native API, but
  utilizes different data structures in order to provide additional
  information such as TTLs and all aliases. Please reference the respective
  man pages for usage details.
  * Parse SOA records from ns_t_any response
  * CMake: Provide c-ares version in package export file
  * CMake: Add CPACK functionality for DEB and RPM
  * CMake: Generate PDB files during build
  * CMake: Support manpage installation
  Bug fixes:
  * Fix bad expectation in IPv6 localhost test.
  * AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to
    prevent complaints about CPPFLAGS in CFLAGS.
  * Fix .onion handling
  * Command line usage was out of date for adig and ahost.
  * Typos in manpages
  * If ares_getenv is defined, it must return a value on all platforms
  * If /etc/resolv.conf has invalid lookup values, use the defaults.
  * Tests: Separate live tests from SetServers* tests as only live tests
    should require internet access.
  * ares_gethostbyname() should return ENODATA if no valid A or AAAA record
    is found, but a CNAME was found.
  * CMake: Rework library function checking to prevent unintended linking
    with system libraries that aren't needed.
  * Due to use of inet_addr() it was not possible to return
    from ares_gethostbyname().
  * CMake: Fix building of tests on Windows
- Drop regression.patch which have been fixed upstream
- Refresh disable-live-tests.patch
- Remove static lib since its required when doing tests and we dont want it
  included in package
- Run spec-cleaner
- Upgrade to latest snapshot from 2020-01-17
- disable-live-tests.patch: refreshed
- regression.patch: fix a regression in DNS results that contain
  both A and AAAA answers.
- Add netcfg as the build requirement and runtime requirement.
  ares_getaddrinfo function uses the getservbyport_r function which
  requires the /etc/services file to function properly. That config
  file is provided by the netcfg package. Unit tests rely on it
  too, hence it has to be a build dependency as well.
- Switch to cmake-based build.
  Some packages need the cmake build files.
- Fix version number of the snapshot to not be downgrade:
- Update to upstream snapshot 20191108
  * getaddrinfo - avoid infinite loop in case of NXDOMAIN
  * ares_getenv - return NULL in all cases
  * implement ares_getaddrinfo
- onion-crash.patch: removed, upstreamed.
- removed upstream patches that are part of the snapshot:
- disable-live-tests.patch - updated
- Add upstream patches with the ares_getaddrinfo function:
  * 0001-Add-initial-implementation-for-ares_getaddrinfo-112.patch
  * 0002-Remaining-queries-counter-fix-additional-unit-tests-.patch
  * 0003-Bugfix-for-ares_getaddrinfo-and-additional-unit-test.patch
  * 0004-Add-ares__sortaddrinfo-to-support-getaddrinfo-sorted.patch
  * 0005-getaddrinfo-avoid-infinite-loop-in-case-of-NXDOMAIN-.patch
  * 0006-getaddrinfo-callback-must-be-called-on-bad-domain-24.patch
  * 0007-getaddrinfo-enhancements-257.patch
  * 0008-Add-missing-limits.h-include-from-ares_getaddrinfo.c.patch
  * 0009-Increase-portability-of-ares-test-mock-ai.cc-235.patch
- Add a patch which disables test failing on OBS (but passing in
  local environment):
  * 0010-Disable-failing-test.patch
- Version update to 1.15.0:
  * Add ares_init_options() configurability for path to resolv.conf file
  * Ability to exclude building of tools (adig, ahost, acountry) in CMake
  * Report ARES_ENOTFOUND for .onion domain names as per RFC7686
  * Apply the IPv6 server blacklist to all nameserver sources
  * Prevent changing name servers while queries are outstanding
  * ares_set_servers_csv() on failure should not leave channel in a
    bad state
- enable unit tests
- disable-live-tests.patch: disable tests to live servers
- onion-crash.patch: backport fix for a crash affecting .onion TLD
- Remove ineffective --with-pic.
- Version update to 1.14.0:
  * Fix patch for CVE-2017-1000381 to not be overly aggressive
  * gethostbyaddr should fail with ECANCELLED not ENOTFOUND when ares_cancel is called
  * ares_gethostbyname.3: fix callback status values
  * docs: Document WSAStartup requirement
  * Fix a typo in init_by_resolv_conf
- Rename everything to c-ares
- Version update to 1.13.0:
  * Fixes bsc#1044946 CVE-2017-1000381
  * Bunch of bugfixes
- Drop cares-1.9.1-ocloexec.patch as it broke again and it is
  not really worth all the fwdporting
- Drop check phase there is only return 0
- Version update to 1.12.0:
  * Fixes bsc#1007728 CVE-2016-5180
  * api: add ARES_OPT_NOROTATE optmask value
  * Collection of bugfixes
- update to 1.11.0:
  * Allow multiple -s options to the ahost command
  * api: Expose the ares_library_initialized() function
  * api: Add ares_set_sortlist(3) entrypoint
  * api: Add entrypoints to allow use of per-server ports
  * api: introduce `ares_parse_txt_reply_ext`
  * api: Add ares_set_socket_configure_callback()
  * Add -t u option to ahost
  * collection of bug fixes
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- openssl is no longer required but coreutils and findutils are
  (boo#1183680). Keep openssl(cli) at runtime for now nevertheless as this
  package might be the only one pulling it in.
- backport bash rewrite from Factory to make sure to trigger in
  transactional mode (boo#1179884)
- Changed "/openssl"/ requirement to "/openssl(cli)"/
  * (bsc#1101470)
- Use %license instead of %doc [bsc#1082318]
- Revert last change since we fixed systemd-preset-branding and
  this requires is no longer needed.
- Re-add systemd requires, else package will be installed to early
  and services never enabled [bsc#1071776].
- Don't require systemd, since we could be used in environments
  like container images, where we don't have systemd. If systemd
  is installed the systemd units will be used, else they are not
- Update to version 2+git20170807.10b2785:
  * Check TRANSACTIONAL_UPDATE is set (boo#1045942)
  * Add systemd units
- Run update-ca-certificate by systemd unit when the content of
  one of the paths changes. Needed for read-only root and/or
  transactional updates.
- Update to version 2+git20151110.c15593c:
  + set proper umask (boo#948724)
- require p11-kit-tools >= 0.23.1
- Update to version 2+git20150324.e3ee392:
  + p11-kit 0.23.1 supports pem-directory-hash now
- use service file to generate tarball
- fix bashism in postun script
- Updated to 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
- Removed CAs:
  - EE Certification Centre Root CA
  - Taiwan GRCA
- Added CAs:
  - Trustwave Global Certification Authority
  - Trustwave Global ECC P256 Certification Authority
  - Trustwave Global ECC P384 Certification Authority
- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
  Removed CAs:
  - AddTrust External CA Root
  - AddTrust Class 1 CA Root
  - LuxTrust Global Root 2
  - Staat der Nederlanden Root CA - G2
  - Symantec Class 1 Public Primary Certification Authority - G4
  - Symantec Class 2 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G3
  Added CAs:
  - certSIGN Root CA G2
  - e-Szigno Root CA 2017
  - Microsoft ECC Root Certificate Authority 2017
  - Microsoft RSA Root Certificate Authority 2017
- also run update-ca-certificates in %posttrans
- update to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160)
- removed:
  - Certplus Class 2 Primary CA
  - Deutsche Telekom Root CA 2
  - CN=Swisscom Root CA 2
  - UTN-USERFirst-Client Authentication and Email
- added:
  - Entrust Root Certification Authority - G4
- make sure p11-kit with patches is installed on SLE (boo#1154871)
- export correct p11kit trust attributes so Firefox detects built in
  certificates (boo#1154871). Courtesy of Fedora.
- update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)
- Removed CAs:
  - Certinomis - Root CA
- includes added root CAs from the 2.32 version:
  - emSign ECC Root CA - C3 (email and server auth)
  - emSign ECC Root CA - G3 (email and server auth)
  - emSign Root CA - C1 (email and server auth)
  - emSign Root CA - G1 (email and server auth)
  - Hongkong Post Root CA 3 (server auth)
- updated to 2.30 state of the Mozilla NSS Certificate store. (bsc#1121446)
- Removed CAs:
  - AC Raiz Certicamara S.A.
  - Certplus Root CA G1
  - Certplus Root CA G2
  - OpenTrust Root CA G1
  - OpenTrust Root CA G2
  - OpenTrust Root CA G3
  - Visa eCommerce Root
- Added Root CAs:
  - Certigna Root CA (email and server auth)
  - GTS Root R1 (server auth)
  - GTS Root R2 (server auth)
  - GTS Root R3 (server auth)
  - GTS Root R4 (server auth)
  - OISTE WISeKey Global Root GC CA (email and server auth)
  - UCA Extended Validation Root (server auth)
  - UCA Global G2 Root (email and server auth)
- updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780)
  - removed server auth
  - Certplus Root CA G1
  - Certplus Root CA G2
  - OpenTrust Root CA G1
  - OpenTrust Root CA G2
  - OpenTrust Root CA G3
  - remove CA
  - ComSign CA
  - added new CA
  - GlobalSign
- Updated to 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415)
- Removed CAs:
  * S-TRUST_Universal_Root_CA:
  * TC_TrustCenter_Class_3_CA_II:
  * TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5:
-  Use %license instead of %doc [bsc#1082318]
- Updated to 2.22 state of the Mozilla NSS Certificate store (bsc#1071152,
  bsc#1071390, bsc#1010996)
- Removed CAs:
  * AddTrust Public CA Root
  * AddTrust Qualified CA Root
  * ApplicationCA - Japanese Government
  * CA Disig Root R1
  * CA WoSign ECC Root
  * Certification Authority of WoSign G2
  * Certinomis - Autorité Racine
  * China Internet Network Information Center EV Certificates Root
  * Comodo Secure Certificate Services
  * Comodo Trusted Certificate Services
  * ComSign Secured CA
  * GeoTrust Global CA 2
  * StartCom Certification Authority
  * StartCom Certification Authority
  * StartCom Certification Authority G2
  * Swisscom Root CA 1
  * TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
  * UTN USERFirst Hardware Root CA
  * UTN USERFirst Object Root CA
  * VeriSign Class 3 Secure Server CA - G2
  * WellsSecure Public Root Certificate Authority
  * Certification Authority of WoSign
  * WoSign China
- Added CAs:
  * D-TRUST Root CA 3 2013
  * SSL.com EV Root Certification Authority ECC
  * SSL.com EV Root Certification Authority RSA R2
  * SSL.com Root Certification Authority ECC
  * SSL.com Root Certification Authority RSA
  * TrustCor RootCert CA-1
  * TrustCor RootCert CA-2
  * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
- convert processing script to Python 3
- ensure a stable conversion of UTF8 hex-encoded certificate names
- ensure a stable ordering of trust/distrust bits in headers
- updated to 2.11 state of the Mozilla NSS Certificate store.
- removed CAs:
  - Buypass_Class_2_CA_1:2.1.1.crt
  - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:
    codeSigning emailProtection serverAuth
  - Equifax_Secure_CA:
  - Equifax_Secure_eBusiness_CA_1:2.1.4.crt
  - Equifax_Secure_Global_eBusiness_CA:2.1.1.crt
  - IGC_A:
    codeSigning emailProtection serverAuth
  - Juur-SK:
    codeSigning serverAuth
  - Root_CA_Generalitat_Valenciana:
    codeSigning emailProtection serverAuth
  - RSA_Security_2048_v3:
    codeSigning emailProtection serverAuth
  - Sonera_Class_1_Root_CA:2.1.36.crt
  - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:
  - Verisign_Class_1_Public_Primary_Certification_Authority:
  - Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:
  - Verisign_Class_3_Public_Primary_Certification_Authority:
- added CAs:
  + Amazon_Root_CA_1:
    emailProtection serverAuth
  + Amazon_Root_CA_2:
    emailProtection serverAuth
  + Amazon_Root_CA_3:
    emailProtection serverAuth
  + Amazon_Root_CA_4:
    emailProtection serverAuth
  + Certplus_Root_CA_G1:
    emailProtection serverAuth
  + Certplus_Root_CA_G2:
    emailProtection serverAuth
  + Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt
    emailProtection serverAuth
  + Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt
    emailProtection serverAuth
  + ISRG_Root_X1: (bsc#1010996)
  + LuxTrust_Global_Root_2:
  + OpenTrust_Root_CA_G1:
    emailProtection serverAuth
  + OpenTrust_Root_CA_G2:
    emailProtection serverAuth
  + OpenTrust_Root_CA_G3:
    emailProtection serverAuth
  + Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:
  + Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:
  + Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:
  + Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:
- diff-from-upstream-2.7.patch: removed as we should be able to do
  intermediate root chains now with openssl 1.0.2 and also gnutls 3.5
  is able to do so.
- diff-from-upstream-2.7.patch: restore some important legacy
  CAs, otherwise Pidgin fails to talk to Google Talk for instance.
- Updated to 2.7 (bsc#973042).
- diff-from-upstream-2.2.patch: removed as openssl 1.0.2 can do
  immediate root CAs.
- Removed server trust from:
  AC Raíz Certicámara S.A.
  ComSign Secured CA
  NetLock Uzleti (Class B) Tanusitvanykiado
  NetLock Business (Class B) Root
  NetLock Expressz (Class C) Tanusitvanykiado
  TC TrustCenter Class 3 CA II
  TURKTRUST Certificate Services Provider Root 1
  TURKTRUST Certificate Services Provider Root 2
  Equifax Secure Global eBusiness CA-1
  Verisign Class 4 Public Primary Certification Authority G3
- enable server trust
  Actalis Authentication Root CA
- Deleted CAs:
  A Trust nQual 03
  Buypass Class 3 CA 1
  CA Disig
  Digital Signature Trust Co Global CA 1
  Digital Signature Trust Co Global CA 3
  E Guven Kok Elektronik Sertifika Hizmet Saglayicisi
  NetLock Expressz (Class C) Tanusitvanykiado
  NetLock Kozjegyzoi (Class A) Tanusitvanykiado
  NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
  NetLock Uzleti (Class B) Tanusitvanykiado
  Staat der Nederlanden Root CA
  TC TrustCenter Class 2 CA II
  TC TrustCenter Universal CA I
  TDC Internet Root CA
  Verisign Class 1 Public Primary Certification Authority - G2
  Verisign Class 3 Public Primary Certification Authority
  Verisign Class 3 Public Primary Certification Authority - G2
- New added CAs:
  CA WoSign ECC Root
  Certification Authority of WoSign
  Certification Authority of WoSign G2
  Certinomis - Root CA
  Certum Trusted Network CA 2
  COMODO RSA Certification Authority
  DigiCert Assured ID Root G2
  DigiCert Assured ID Root G3
  DigiCert Global Root G2
  DigiCert Global Root G3
  DigiCert Trusted Root G4
  Entrust Root Certification Authority - EC1
  Entrust Root Certification Authority - G2
  IdenTrust Commercial Root CA 1
  IdenTrust Public Sector Root CA 1
  OISTE WISeKey Global Root GB CA
  QuoVadis Root CA 1 G3
  QuoVadis Root CA 2 G3
  QuoVadis Root CA 3 G3
  Staat der Nederlanden EV Root CA
  Staat der Nederlanden Root CA - G3
  S-TRUST Universal Root CA
  TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
  TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
  USERTrust ECC Certification Authority
  USERTrust RSA Certification Authority
- diff-from-upstream-2.2.patch:
  Temporary reenable some root ca trusts, as openssl/gnutls
  have trouble using intermediates as root CA.
  - GTE CyberTrust Global Root
  - Thawte Server CA
  - Thawte Premium Server CA
  - ValiCert Class 1 VA
  - ValiCert Class 2 VA
  - RSA Root Certificate 1
  - Entrust.net Secure Server CA
  - America Online Root Certification Authority 1
  - America Online Root Certification Authority 2
- Updated to 2.2 (bnc#888534)
  - The following CAs were removed:
    + America_Online_Root_Certification_Authority_1
    + America_Online_Root_Certification_Authority_2
    + GTE_CyberTrust_Global_Root
    + Thawte_Premium_Server_CA
    + Thawte_Server_CA
  - The following CAs were added:
    + COMODO_RSA_Certification_Authority
    codeSigning emailProtection serverAuth
    + GlobalSign_ECC_Root_CA_-_R4
    codeSigning emailProtection serverAuth
    + GlobalSign_ECC_Root_CA_-_R5
    codeSigning emailProtection serverAuth
    + USERTrust_ECC_Certification_Authority
    codeSigning emailProtection serverAuth
    + USERTrust_RSA_Certification_Authority
    codeSigning emailProtection serverAuth
    + VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal
  - The following CAs were changed:
    + Equifax_Secure_eBusiness_CA_1
    remote code signing and https trust, leave email trust
    + Verisign_Class_3_Public_Primary_Certification_Authority_-_G2
    only trust emailProtection
- Add 2 upstream bug fix patches:
  + cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch:
    ft: Use FT_Done_MM_Var instead of free when available in
    cairo_ft_apply_variations. Fixes a crash when using freetype
    >= 2.9
  + cairo-composite_color_glyphs.patch: Fix a thinko in
    composite_color_glyphs. We can't just move around the contents
    of the passed-in string, we need to make a copy. This was
    showing up as memory corruption in pango.
- Update to version 1.16.0:
  + test: Free resources in pdf2png.
  + Drop skia backend.
  + Revert "/Correctly decode Adobe CMYK JPEGs in PDF export"/.
- Update to version 1.15.14:
  + Features and Enhancements:
  - Add more FreeeType font color conversions to support
  - Update test reference images against current pixman.
  + Bugs fixed:
  - Fix crash when rendering Microsoft's Segoe UI Emoji Regular
  - Fix build breakage with glesv3 enabled due to non-existant
  - Fix memory leaks found by Coverity.
  - Fix incorrect null ptr handling found by Coverity.
  - Fix test compilation when font-config is disabled.
  - Use _cairo_malloc instead of malloc
    (fdo#101547, CVE-2017-9814).
  - Fix assertion failure in the freetype backend (fdo#105746).
- Drop upstream fixed patches:
  + cairo-fix-assertion-failure-in-freetype-backend.patch.
  + cairo-CVE-2017-9814.patch.
- Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc
  and check cmap size before allocating (boo#1049092,
  CVE-2017-9814, fdo#101547).
- Add cairo-fix-assertion-failure-in-freetype-backend.patch: Fix
  assertion failure in the freetype backend (fdo#105746).
- Update to version 1.15.12:
  + The main focus for this release is the addition of Variable
    Font support. Variable fonts are single font files with various
    typography characteristics, such as weight or slant, that users
    of the font can adjust between two points. Effectively this
    enables a single font to behave as multiple fonts.
  + The Skia backend is disabled in this release, due to severe
    bitrot, and will be removed in future releases. Contact the
    cairo team if you have a need of this backend.
  + Features and Enhancements:
  - Variable font support.
  - Skia backend is disabled.
  + API Changes: cairo_font_options_get_variations() and
    cairo_font_options_set_variations() are added.
  + Bugs fixed:
  - Fix errors in csi-trace --help and --version options.
  - Fix a 'memory leak' in the image compositor, with
  - Fix access of uninitialized memory found by valgrind
  - Fix improper initialization of memory in
    _cairo_ft_font_face_create_for_pattern() (fdo#105084).
  - Fix multi-monitor virtual desktop with negative coords on
    Win32 (fdo#100793).
  - Fix issues occuring with older FreeType versions.
- Modernize spec-file by calling spec-cleaner
- Add explicit pkgconfig(zlib) and (conditionalized on
  build_xcb_backend) pkgconfig(xcb-render) BuildRequires: closer
  alignment with what configure checks for.
- Update to version 1.15.10:
  + Features and Enhancements:
  - Add support for OpenGL ES 3.0 to the gl backend.
  - Use Reusable streams for forms in Level 3 Postscript.
  - Add CAIRO_MIME_TYPE_EPS mime type for embedding EPS files.
  - Add CCITT_FAX mime type for PDF and PS surfaces.
  - svg: add a new function to specify the SVG document unit
  - Use UTF-8 filenames on Windows.
  + API Changes: cairo_svg_surface_set_document_unit() and
  + Bugs fixed:
  - Fix regression in gles version detection.
  - Fix undefined-behavior with integer math.
  - Handle SOURCE and CLEAR operators when painting color glyphs
  - Convert images to rgba or a8 formats when uploading with
  - Use _WIN32 instead of windows.h to check for windows build.
  - Fix sigabrt printing documents with fonts lacking the
    mandatory .nodef glyph (fdo#102922).
  - Prevent curved strokes in small ctms from being culled from
    vector surfaces (fdo#103071).
  - Fix painting an unbounded recording surface with the SVG
  - Fix falling back to system font with PDFs using certain
    embedded fonts, due to truncated font names (fdo#103249).
  - Fix handling of truetype fonts with excessively long font
    names (fdo#103249).
  - Fix race conditions with cairo_mask_compositor_t
  - Fix build error with util/font-view.
  - Fix assertion hit with PDFs using Type 4 fonts rendered with
    user fonts, due to error when destroying glyph page
  - Set default creation date for PDFs.
  - Prevent invalid ptr access for > 4GB images (fdo#98165).
  - Prevent self-copy infinite loop in Postscript surface.
  - Fix padded image crash in Postscript surface.
  - Fix annotation bugs in PDFs and related memory leaks.
  - Fix test failures and other assorted issues in ps and pdf
  - Fix code generation when using GCC legacy atomic operations
  - Fix various compilation warnings and errors.
  - Fix various distcheck errors with private symbols, doxygen
    formatting etc.
- Drop cairo-image-prevent-invalid-ptr-access.patch
- Depend on pkgconfig(gl) and pkgconfig(egl) instead of Mesa-devel.
  * The pkgconfig(gl) and pkgconfig(egl) are what cairo really
    needs. Mesa-devel is too general and is a bottleneck in
    distribution build. (bnc#1071297)
- Update to version 1.15.8:
  + This small snapshot provides new colored emoji glyph support,
    and a handful of minor fixes. For a complete log of changes,
    please see
  + Features and Enhancements: Support colored emoji glyphs, stored
    as PNG images in OpenType fonts.
  + Bug Fixes:
  - pdf:
    . Fix internal links pointing to other pages, by
    pre-calculating page heights so that link positions can be
    calculated more accurately.
    . Don't emit /PageLabel dict when no labels defined.
  - image: Fix crash on negative lengths.
  - win32: Fix initialization of mutexes for static builds.
  - font:
    . Fix color font loading on big-endian systems.
    . Fix color font support infinite-loop with empty glyphs.
  - Fix off by one check in cairo-image-info.c.
- Drop cairo-fix-off-by-one-check.patch: Fixed upstream.
- Run spec-cleaner, modernize spec.
- Rename 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch
  to cairo-image-prevent-invalid-ptr-access.patch.
- Pass enable-gtk-doc instead of disable-gtk-doc to configure, we
  already have the gtk-doc BuildRequires in place so I can only
  assume that this was an honest error.
- Add 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch to
  fix a segfault when using >4GB images since int values were used
  for pointer operations (bsc#1007255, fdo#98165, CVE-2016-9082).
- Update to version 1.15.6:
  + Detect if variable fonts have synthesized bold/italic or
    non-default variants, and use a fallback font where needed.
  + Restore MacOSX 10.4 support. Cairo had dropped 10.4 support
    when moving to the CoreText API.  Now we automatically detect
    which API to use via dynamic linking, so can resume supporting
    this older version of MacOSX.
  + Fix error reporting in the xcb backend if fallback fails.
    Instead of returning NULL when the X11 server can't do some
    operation, return a surface in an error state.
  + Call XSync in the xlib backend before setting the error handler
    to ignore errors for certain requests, to make sure all pending
    errors are handled first.
  + Fix text-glyph-range for quartz-font.  Use 0xFFFF instead of 0
    for invalid index tracking.
  + Fix handling of Supplementary Multilingual Plane (SMP) Unicode
    characters in quartz-font.
  + Fix various issues in the drm backend including updating API
    usage and general code cleanup.
  + Clarify documentation regarding device scale inheritance and
    the units used in cairo_surface_create_similar_image
- Drop cairo-pdf-fixes.patch: Fixed upstream.
- Add cairo-fix-off-by-one-check.patch: Fix off by one check in
  cairo-image-info.c (fdo#101427).
- Add cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff to
  fix a segfault in get_bitmap_surface due to malformed font
  (bsc#1036789, fdo#100763, CVE-2017-7475).
- Rebase cairo-pdf-fixes.patch: Add commit to fix fdo#100029.
- Add cairo-pdf-fixes.patch: Three minor pdf fixes from upstream
  git (fdo#99630).
- Fix RPM groups; update summaries.
  Remove useless --with-pic which is only for static libs.
- Update to version 1.15.4:
  + The PDF backend has gained support for a range of widely used
    features, including thumbnails, page labels, metadata, document
    outlines, structured text, hyperlinks, and tags. Tags permit
    adding logical info such as headings, tables, figures, etc.
    that facilitates indexing, accessibility, text reflow,
    searching, and extraction of the tagged items to other
  + API Changes:
  - Added a cairo API to set up Win32 surfaces for HDC with alpha
  - New API for added PDF functionality (see above), and new
    error status item for problems relating to PDF tagging.
  - New error status items for handling of GDI, libfreetype, and
    libpng errors, respectively.
  + Fix playback of recording surfaces into PDF surfaces, where
    objects with negative coordinates were not getting drawn. To
    address this, the coordinate systems for PDF and PS have been
    changed to match cairo's coordinate system. This allows
    recording surfaces to be emitted in cairo coordinates, and
    results in the same origin being used for all operations when
    using the recording surface XObject. Test cases for PDF and PS
    have also been updated accordingly (fdo#89232).
  + Fix "/invalidfont"/ error on some printers when printing PDFs
    with embedded fonts that have glyphs (such as spaces) with
    num_contours == 0 (fdo#79897).
  + Fix missing glyphs such as thin dashes, which get scaled to 0
    in userspace and thus have their drawing operations culled
  + Fix other oddities caused by variously idiosyncratic fonts.
  + Fix deadlock when destruction of a scaled font indirectly
    triggers destruction of a second scaled font, causing the
    global cache to be locked twice (fdo#93891).
  + Fix X errors reported to applications when shmdt() is called
    before the Attach request is processed, due to missing xcb and
    xlib calls.
  + Fix random failure in record-paint-alpha-clip-mast test case,
    caused by an incorrect assumption that a deferred clear can be
    skipped (fdo#84330).
  + Fix crash when dealing with an XShmGetImage() failure, caused
    by a double free in _get_image_surface() (fdo#91967).
  + Fix invalid execution of ASCII85 data by the PS interpreter
    that the image operator didn't use, by flushing the extraneous
    data after drawing the image (fdo#84811).
  + Fix decoding of Adobe Photoshop's inverted CMYK JPEG files in
    PDF export.
  + Fix unbounded surface assertion in win32-print code.
  + Fix a data race in freed_pool discovered by Firefox's cairo
    usage. The patch adads atomic int load and store functions,
    with relaxed memory ordering (fdo#90318).
  + Cleanup debugging text sent to stdout instead of log
  + Fix build issue when using non-GNU strings utility (fdo#88639).
  + Fix build of cairo modules as regular modules, not as versioned
    shared libaries (fdo#29319).
  + Fix build on win32 using gcc 5.4.
  + Fix build of script backend to require zlib.
  + Update test suite reference images using Debian Jessie 64-bit
    and poppler current as of June, 2016.
  + Various improvements to documentation and tests, compiler
    warning fixes, and an assortment of code refactoring and
- Drop cairo-modules-no-version.patch,
  cairo-bsc958844-deadlock-on-scaled-font-cache-reset.patch and
  cairo-xlib-double-free.patch: Fixed upstream.
- Drop libtool BuildRequires and stop passing autoreconf, we no
  longer have any patches touching the buildsystem.
- Add cairo-xlib-double-free.patch to fix double free in
  _get_image_surface(); patch taken from upstream git (fdo#91967,
- Add back cairo-bsc958844-deadlock-on-scaled-font-cache-reset.patch
  (bsc#958844, fdo#93891). This is still not fixed upstream.
- Update to GNOME 3.20  Fate#318572
- Remove patch:
- Add cairo-bsc958844-deadlock-on-scaled-font-cache-reset.patch
  to fix mutex deadlocks on certain documents (bsc#958844).
- Update to version 1.15.2:
  + Fix xcb/xlib compilation and calls. Make image boxes behave
    when SHM is not available.
  + Fix various issues with printing and transparent images on
  + Fix thin lines that don't show up when printing in Inkscape due
    to overly aggressive culling (fdo#77298).
  + Fix broken printing via pdf when glyph 0 is used for rendering,
    resulting in missing spaces and letters (fdo#89082).
  + Fix crash for certain glyphs in opentype fonts (fdo#91902).
  + Fix incorrect rendering of SVG paths with more than one
    subpath. If more than one trap is passed in then it's
    guaranteed that the returned traps will have their left edge to
    the left of their right edge, but if only one trap is passed in
    then the function always returns without doing anything
  + Improve rendering with Quarts to better match pixman's blending
    and filtering behavior.
- Drop cairo-render-thin-lines.patch: Fixed upstream.
- Update to version 1.14.6:
  + Simple bugfix release to fix one Windows issue.
- Update to version 1.14.4:
  + Avoid appending empty slots to user data arrays. Fixes a memory
    consumption regression since commit 9341c254a.
  + Return a better error (file-not-found) when setting up pango on
    devices where the font files don't have read permissions.
  + Fix regression in the font size of canvas text in Inkscape when
    compiled with the Quartz backend (fdo#84324).
  + Fix _cairo_gl_shader_bind_matrix() to maintain compatibility
    with OpenGL ES 2.0. Manually transpose the matrix.
  + Fix incorrect font descriptor conversion when the font matrix
    yy is negative (fdo#90538).
  + Fix crash when using a complex path for clip and stroke due to
    discarding the intersection exactly at the top edge
  + Fix cairo_get_locale_decimal_point() on Android.
  + Fix compilation problem on AIX due to conflicting usage of
    symbol 'jmpbuf' (fdo#89339).
  + Fix broken rendering with XCB due to snapshotting of uploaded
    part of surfaces (fdo#67505).
  + Fix loss of alpha when copying a mask for a cairo recording
    surface, resulting in a double copy (fdo#73038, fdo#73901).
  + Fix incorrect recording of certain paths with script surfaces
  + Fix typo in definition of MAYBE_WARN in configure script
  + Fix use of filename variable after it's been freed (fdo#91206).
  + Fix out of bounds access when printing pattern (fdo#91266).
  + Fix incorrect size calculation in glyph cache unlocking for
    Cairo GL compositor (fdo#91321).
  + Fix memory leak in _cairo_gl_pattern_texture_setup()
  + Fix transparent images in win32-print (fdo#91835).
  + Fix _put_shm_image_boxes and _put_image_boxes when no SHM
    available with XCB.
- drop cairo-disable-lto.patch: lto was dropped upstream
- Update to version 1.14.2:
  + Features:
  - Improve xcb's handling of per-screen subpixel ordering. If
    no Xft.rgba property is specified, default to the screen's
    subpixel order.
  + Performance Optimizations:
  - Improve performance of cpu_to_be32 and be32_to_cpu, making
    truetype subsetting of large fonts run about 15% faster.
  + Bug fixes:
  - Fix unaligned access on sparc with the compact font format
    Unlike truetype, all data in CFF is not aligned.
    (Debian bug #712836)
  - Fix unaligned access on sparc with tor-scan-converter's
    memory pool.
  - Fix crash when loading a PDF with a transformed image.
    (fdo bug #85151)
  - Fix regression on mingw for bigendian test due to removal of
    file extension for executables. (fdo bug #85120)
  - Fix handling of backslash in PDF interpreter (fdo bug #85662)
  - Fix crash in xlib and xcb renderers when swapping a 0-sized
  - Fix bug with RTL text in PDF operators (fdo bug #86461)
  - Fix compilation 'cairo-path-stroke-traps.c' with MSVC8
    (fdo bug #84908)
  - Fix crash in _fill_xrgb32_lerp_opaque_spans when a span
    length is negative.
  - Fix valgrind error by releasing pattern created by
  - Fix valgrind errors when running cairo-test-suite.
  - Fix memory leak in recording surface replays (fdo bug #87898)
  - Fix destruction of fonts in api-special-cases test.
    (fdo bug #87567)
  - Fix duplicated surface push on similar-image, preventing
    trivial GTK3 program traces from being replayable, with an
    error message about invalid values for the size of the input.
    (fdo bug #73580)
  - Fix crash when win32 surface's image size does not cover the
    surface. (fdo bug #53121)
  - Fix crash due to obsolete CGFontGetGlyphPath call
    (fdo bug #84324)
  - Fix several build issues on AIX (fdo bugs #89338, #89340,
    [#89356], #89354)
  - Fix various documentation warnings and errors
- Remove cairo-tor-scan-convertor.patch. It was upstreamed.
- Spec-cleanify
- Remove the obsoletes for sle10 64bit subpackages on ppc
- Remove libtool archive always
- Add cairo-tor-scan-convertor.patch: tor-scan-converter: can't
  do_fullrow when intersection in row + 0.5subrow (fdo#85151).
- Update to version 1.14.0:
  + Features:
  - Filtering improvements for the image backend, in particular
    down-scaling of images produces filtered images that depend
    on all the pixels of the source.
  - Improve handling of device transformation and scaling,
    allowing Cairo to now support scaling at a device level,
    permitting easier, more transparent HiDPI support.
  - Support JBIG2 mime data in PDF.  This allows embedding of
    more compressed JPEG formats within PDF, rather than
    including the full uncompressed image. Also, reduce the
    number of transparency groups used by PDF to keep the file
    size small and viewing/printing of the PDF fast.
  - Expand the embedding section to include stencil mask support.
  - Reorder font declarations to be in natural order.
  - Update the Skia backend to build against current Skia.
  - Drop Link-Time Optimization (LTO) support from build system.
  - Optimize VBO size on GL to 1M and to 16k for EGL.
  + API changes:
  - cairo_surface_set_device_scale,
  - cairo_egl_device_get_display, cairo_egl_device_get_context.
  + Dependency changes:
  - Cairo now requires glib 2.14 for its gobject helper
    functions, and pixman 0.30 for downscaling.
  + Bug fixes:
  - Don't embed CMYK Jpeg images in svg.
  - Fix tests to place output in proper location.
  - Fix determination of alpha for all surfaces when recording.
  - Extend oversize check to cairo_gl_surface_create_for_texture,
    so an error surface is returned if the texture is too large
    to render to.
  - Fix embedding of mime data in PDF and PS files.
  - Remove useless error handling in *_reply() functions in XCB.
  - Fix a double-free exposed by multithreaded apps creating and
    destroying the same font concurrently (fdo#69470).
  - Fix corrupt stacks produced by bugs in operand emission for
  - Fix out of bounds array access in format cache for xlib.
  - Don't rename glyphs used by seac operator (fdo#70364).
  - Fix crash on calling cairo_create with a finished surface.
  - Fix SSIZE_T definition problem when making with MSYS on
  - Fix one off issue in gl context cleanup.
  - Fix rectangle stroke with non rectilinear pen.
  - Fix imagemask with pattern source failure on some printers
  - Fix whitespace in font names.
  - Fix page size in generated PDFs (fdo#73452).
  - Fix path-currentpoint test by preserving current-point in
    copy_path()/append_path() sequence.
  - Fix generation of HTML in code docs for
    cairo-format-stride-for-width (fdo#63257).
  - Fix spelling of "/tessellator"/ throughout code (fdo#50411).
  - Fix crash in pixman_image_composite32.
  - Fix crash when trying to modify a (const) all-clipped
    cairo_clip_t (fdo#75819).
  - Add check_composite method to all compositors, to fix crashes
    in the test suite.
  - Fix crash in Firefox when scrolling on certain pages.
  - Fix memory leaks found by static analysis.
  - Fix build of any2ppm if fork is not available.
  - Fix broken build for Qt backend, due to missing libstdc++.
  - Fix typo in two cairo_uint128 functions.  Fixes potential
    build issues on systems without a uint128 type.
  - Fix build when --enable-pdf=no.
  - Fix cache_frozen assertions for Win32 print.
  - Correctly check for xcb image surface for inplace upload.
  - Fix webkit-based web browser crashes due to empty boxes by
    skipping over them when tesselating.
  - Make pixman, libpng, and zlib paths commandline configurable
    for win32 builds.
  - Fix image scale on Win32 when GDI scale is not identity.
  - Fix float endian configure test when using clang -O4.
  - Fix compilation with Android bionic libc.
  - Don't try to build util/sphinx on Windows.
  - Fix loss of precision when emitting joins.
  - Fix loss of precision and associated rendering issues in
    cairo-tor-scan-converter from projection onto sample grid.
  - Fix pixman oversampling of neighbouring edges within a cell
    by eliminating self-intersections for the pixman traps
  - Fix multi-line string splitting in PDFs.
  - Various cleanups and fixes to warnings, documentation, tests,
    and build system. Improve error handling and return value
    checks. Cleanup XFAIL tests and reference images. Cover
    recently added functionality.
- Update to catatonit v0.1.5, which fixes two bugs where catatonit would hang
  endlessly when pid1 died in very specific ways. bsc#1176155
- Update to catatonit v0.1.4, which includes support for "/-g"/.
- Update to catatonit v0.1.3, which includes a fix for docker compatiblity so
  that dockerd doesn't give spurrious warnings.
- Fix build to correctly build a static binary (which will allow it to work in
  all containers). This was caused by forgetting to include
  'glibc-devel-static'. I've added a check to ensure it doesn't happen by
  accident again.
- Add catatonit-rpmlintrc to include filters for "/static binary"/ warnings,
  since this is intentional.
- Update package descriptions.
- Update to catatonit v0.1.2 and update links to point to openSUSE repo.
- Update to catatonit v0.1.1, which includes a fix for the libtool requirement.
  This lets us build on much older distributions.
- Initial import of catatonit v0.1.0.
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
  but needed for calculating refids from IPv6 addresses as part of
  the NTP protocol (rfc5905). As this is a non-cryptographic use of
  MD5 we can use our own implementation without violating FIPS
  rules: chrony-refid-internal-md5.patch .
- boo#1162964, bsc#1183783, clknetsim-glibc-2.31.patch:
  Fix build with glibc-2.31
- bsc#1184400, chrony-pidfile.patch:
  Use /run instead of /var/run for PIDFile in chronyd.service.
- Integrate three upstream patches to fix an infinite loop in
  chronyc (bsc#1171806).
  * chrony-select-timeout.patch
  * chrony-gettimeofday.patch
  * chrony-urandom.patch
- Use iburst in the default pool statements to speed up initial
  synchronisation (bsc#1172113).
- Read runtime servers from /var/run/netconfig/chrony.servers to
  fix bsc#1099272 and bsc#1161119.
- Move chrony-helper to /usr/lib/chrony/helper, because there
  should be no executables in /usr/share.
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
  preconfigure chrony to use NTP servers from the  respective
  pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
  preconfigured servers.
- bsc#1159840: Add chrony-ntp-era-split.patch from upstream to fix
  "/make check"/ builds made after 2019-12-20. Existing installations
  do not need to be updated as the bug only affects the test, but
  not chrony itself.
- Fix ordering and dependencies of chronyd.service, so that it is
  started after name resolution is up (bsc#1129914).
- Add chrony-service-ordering.patch
- Make sure to generate correct sysconfig file (boo#1117147)
- Added /etc/chrony.d/ directory to the package (bsc#1083597)
  Modifed default chrony.conf to add "/include /etc/chrony.d/*"/
- Use %license instead of %doc [bsc#1082318]
- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.
- Enable pps support
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Cleanup spec file:
  * Drop pre systemd support
  * Run spec-cleaner
- Modified the spec file to comment out the pool statement
  in chrony.conf if _not_ building for openSUSE. (bsc#1063704).
- refresh patches to apply cleanly again
  - chrony-config.patch
  - chrony-fix-open.patch
- Upgraded to version 3.2:
  * Improve stability with NTP sources and reference clocks
  * Improve stability with hardware timestamping
  * Improve support for NTP interleaved modes
  * Control frequency of system clock on macOS 10.13 and later
  * Set TAI-UTC offset of system clock with leapsectz directive
  * Minimise data in client requests to improve privacy
  * Allow transmit-only hardware timestamping
  * Add support for new timestamping options introduced in Linux 4.13
  * Add root delay, root dispersion and maximum error to tracking log
  * Add mindelay and asymmetry options to server/peer/pool directive
  * Add extpps option to PHC refclock to timestamp external PPS signal
  * Add pps option to refclock directive to treat any refclock as PPS
  * Add width option to refclock directive to filter wrong pulse edges
  * Add rxfilter option to hwtimestamp directive
  * Add -x option to disable control of system clock
  * Add -l option to log to specified file instead of syslog
  * Allow multiple command-line options to be specified together
  * Allow starting without root privileges with -Q option
  * Update seccomp filter for new glibc versions
  * Dump history on exit by default with dumpdir directive
  * Use hardening compiler options by default
  Bug fixes
  * Don't drop PHC samples with low-resolution system clock
  * Ignore outliers in PHC tracking, RTC tracking, manual input
  * Increase polling interval when peer is not responding
  * Exit with error message when include directive fails
  * Don't allow slash after hostname in allow/deny directive/command
  * Try to connect to all addresses in chronyc before giving up
- Upgraded clknetsim to version 71dbbc5.
- Reworked chrony-fix-open.patch to fit the new version
- Upgraded to version 3.1:
  - Enhancements
  - Add support for precise cross timestamping of PHC on Linux
  - Add minpoll, precision, nocrossts options to hwtimestamp directive
  - Add rawmeasurements option to log directive and modify measurements
    option to log only valid measurements from synchronised sources
  - Allow sub-second polling interval with NTP sources
  - Bug fixes
  - Fix time smoothing in interleaved mode
- Upgraded clknetsim to version ce89a1b.
- Reworked the following patches to fit the new versions
  - chrony-config.patch
  - chrony-service-helper.patch
  - chrony-fix-open.patch
- Upgraded to version 3.0:
  - Enhancements
  - Add support for software and hardware timestamping on Linux
  - Add support for client/server and symmetric interleaved modes
  - Add support for MS-SNTP authentication in Samba
  - Add support for truncated MACs in NTPv4 packets
  - Estimate and correct for asymmetric network jitter
  - Increase default minsamples and polltarget to improve stability with very low jitter
  - Add maxjitter directive to limit source selection by jitter
  - Add offset option to server/pool/peer directive
  - Add maxlockage option to refclock directive
  - Add -t option to chronyd to exit after specified time
  - Add partial protection against replay attacks on symmetric mode
  - Don't reset polling interval when switching sources to online state
  - Allow rate limiting with very short intervals
  - Improve maximum server throughput on Linux and NetBSD
  - Remove dump files after start
  - Add tab-completion to chronyc with libedit/readline
  - Add ntpdata command to print details about NTP measurements
  - Allow all source options to be set in add server/peer command
  - Indicate truncated addresses/hostnames in chronyc output
  - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
  - Bug fixes
  - Fix crash with disabled asynchronous name resolving
- Upgraded clknetsim to version 6bb6519.
- Upgraded to version 2.4.1:
  - Bug fixes
  - Fix processing of kernel timestamps on non-Linux systems
  - Fix crash with smoothtime directive
  - Fix validation of refclock sample times
  - Fix parsing of refclock directive
- update to 2.4:
  - Enhancements
  - Add orphan option to local directive for orphan mode
    compatible with ntpd
  - Add distance option to local directive to set activation
    threshold (1 second by default)
  - Add maxdrift directive to set maximum allowed drift of system
  - Try to replace NTP sources exceeding maximum distance
  - Randomise source replacement to avoid getting stuck with bad
  - Randomise selection of sources from pools on start
  - Ignore reference timestamp as ntpd doesn't always set it
  - Modify tracking report to use same values as seen by NTP
  - Add -c option to chronyc to write reports in CSV format
  - Provide detailed manual pages
  - Bug fixes
  - Fix SOCK refclock to work correctly when not specified as
    last refclock
  - Fix initstepslew and -q/-Q options to accept time from own
    NTP clients
  - Fix authentication with keys using 512-bit hash functions
  - Fix crash on exit when multiple signals are received
  - Fix conversion of very small floating-point numbers in
    command packets
  - Removed features
  - Drop documentation in Texinfo format
- update clknetsim to a5949fe for fixing a testsuite failure:
  - add IP_PKTINFO socket option
  - accept environment variables in make
  - fix building with FORTIFY_SOURCE
  - fix compiler warning
  - support multiple SHM refclocks
  - fix recv functions with new glibc headers
- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim
- drop patches:
  - chrony-include-termios.patch
  - make-105-ntpauth-more-reliable.patch
- drop buildrequires for texinfo and pre requires on the install
  info packages
- no longer use make install-docs: it only installed 0 byte html
- Provide ntp-daemon (bsc#973981)
- chrony-fix-open.patch: make sure _open and _close are initialized
  in open()/close() override, as libfreebl3 also calls from the
  the ELF constructor. FATE#319508
- enable mozilla-nss
- Use correct license
- Drop hardcoded dependency on libseccomp, it is detected during
- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun as it would lead to error.
- Change conditions for libseccom, we can use any version on SLE-12
- Removed %if for distributions that aren't building chrony.
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
  the patch is not particularly version-dependent.
- Added clknetsim for "/make check"/ processing.
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
  and running "/make check"/.
- Changed Buildrequires and Requires to specify the minimum level of
  libseccomp needed to build on s390x and ppc64le.
- Removed "/-Recommends: timedatex"/ since I couldn't find any instance
  of it anywhere in the build service.
- Modified the description to use some of the information from the
  chrony web site.
- Added chrony-include-termios.patch so that it will build on ppc64le.
- Added make-105-ntpauth-more-reliable.patch so that "/make check"/
  will not report a non-failure as a failure.
- Added --without-nss to ./configure to avoid "/interruption code
  0x2003B in chronyd"/ errors.
- Changed the symbolic links for rcchronyd and rcchronyd-wait to
  point to the actual location of the service command, not the symlink
  in /sbin.
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun.
- Cleanup spec file with spec-cleaner
- Prepare for submission to Factory (see fate#319508)
- update to 2.3
  - Enhancements
  - Add support for NTP and command response rate limiting
  - Add support for dropping root privileges on Mac OS X,
    FreeBSD, Solaris
  - Add require and trust options for source selection
  - Enable logchange by default (1 second threshold)
  - Set RTC on Mac OS X with rtcsync directive
  - Allow binding to NTP port after dropping root privileges on
  - Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
    is disabled
  - Resolve names in separate process when seccomp filter is
  - Replace old records in client log when memory limit is
  - Don't reveal local time and synchronisation state in client
  - Don't keep client sockets open for longer than necessary
  - Ignore poll in KoD RATE packets as ntpd doesn't always set it
  - Warn when using keys shorter than 80 bits
  - Add keygen command to generate random keys easily
  - Add serverstats command to report NTP and command packet
  - Bug fixes
  - Fix clock correction after making step on Mac OS X
  - Fix building on Solaris
- refreshed patches to apply cleanly again:
- update to 2.2.1
  Restrict authentication of NTP server/peer to specified key
- silence groupadd/useradd call and drop the shell from the user.
- update to 2.2
  see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
  longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
  changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir
- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
  * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
  container; (bsc#1183239); CVE-2021-20208.
- CVE-2020-14342: Shell command injection vulnerability in mount.cifs;
  (bsc#1174477); (bso#14442); CVE-2020-14342.
  * add 0013-CVE-2020-14342-mount.cifs-fix-shell-command-injectio.patch
- Fix invalid free in mount.cifs; (bsc#1152930).
  * add 0012-mount.cifs-Fix-invalid-free.patch
- Fix double-free in mount.cifs; (bsc#1149164).
  * add 0011-fix-doublefree.patch
- Update to cifs-utils 6.9; (bsc#1132087); (bsc#1136031).
  * adds fixes for Azure
  * new smbinfo utility
  * remove cifs-utils-6.8.tar.bz2
  * remove cifs-utils-6.8.tar.bz2.asc
  * add cifs-utils-6.9.tar.bz2
  * add cifs-utils-6.9.tar.bz2.asc
  * add 0001-smbinfo-Improve-help-usage-and-add-h-option.patch
  * add 0002-smbinfo-Add-bash-completion-support-for-smbinfo.patch
  * add 0003-getcifsacl-Add-support-to-accept-more-paths.patch
  * add 0004-getcifsacl-Fix-usage-message-to-include-multiple-fil.patch
  * add 0005-smbinfo-add-GETCOMPRESSION-support.patch
  * add 0006-getcifsacl-Add-support-for-R-recursive-option.patch
  * add 0007-smbinfo-add-bash-completion-support-for-getcompressi.patch
  * add 0008-mount.cifs.c-fix-memory-leaks-in-main-func.patch
  * add 0009-Zero-fill-the-allocated-memory-for-new-struct-cifs_n.patch
  * add 0010-Zero-fill-the-allocated-memory-for-a-new-ACE.patch
- Remove backports that are already in 6.9; (fate#325270); (bsc#1130528);
  * remove 0001-docs-cleanup-rst-formating.patch
  * remove 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
  * remove 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
  * remove 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
  * remove 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
  * remove 0006-cifs-utils-support-rst2man-3.patch
  * remove 0007-checkopts-report-duplicated-options-in-man-page.patch
  * remove 0008-mount.cifs.rst-more-cleanups.patch
  * remove 0009-mount.cifs.rst-document-vers-3-mount-option.patch
  * remove 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
  * remove allow-dns-resolver-key-to-expire.patch
  * remove suse-document-new-vers-default-SMB2.1.patch
- Remove dependency workaround regarding python2/python3
- Fix dependency failure on SLE15 regarding python2/python3.
- Allow cached DNS entry to expire; (fate#325270).
  * add allow-dns-resolver-key-to-expire.patch
- Document new SMB2.1+ defaults; (bsc#1130528).
  * be more verbose on mount errors, especially with EHOSTDOWN which
    is often returned on SMB version issues.
  * add suse-document-new-vers-default-SMB2.1.patch
- Fix python dependency stalemate by requiring python3 version of
- Update to cifs-utils 6.8.
  + document more mount options
  + man pages now generated from RST files
  + add python-docutils build dependency
  + update keyring to check tarball signature
  + remove 0001-manpage-correct-typos-and-spelling-mistakes.patch
  + remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Add typo corrections, better doc and configure fixes from upstream
  + add 0001-docs-cleanup-rst-formating.patch
  + add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
  + add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
  + add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
  + add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
  + add 0006-cifs-utils-support-rst2man-3.patch
  + add 0007-checkopts-report-duplicated-options-in-man-page.patch
  + add 0008-mount.cifs.rst-more-cleanups.patch
  + add 0009-mount.cifs.rst-document-vers-3-mount-option.patch
  + add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
- Cleanup spec file
  * assume SUSE vendor and SLE >= 11
- Update BuildIgnore to break build cycle samba-client <-> cifs-utils
- update to 6.7:
  * mount.cifs cleanups
- includes 6.6:
  * cleanup/overhaul of cifs.upcall krb5 credcache handling
- partial cleanup with spec-cleaner
- Document SMB3+ and new seal option; (fate#322075).
  + add patch 0001-manpage-correct-typos-and-spelling-mistakes.patch
  + add patch 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Get rid of init script on everything based off SLE12+ (bsc#1025471).
- Use https urls.
- Don't ignore libldb, libtalloc, libtevent, and samba-client-libs at build
  time; (bsc#966174).
- Update to cifs-utils 6.5.
  + mount.cifs: ignore x- mount options
  + minor build fixes; obsoletes include_paths.h_for__PATH_MOUNTED.patch
  + minor manpage fix
- Ignore samba-client-libs at build-time on post-22 Fedora systems.
- Add include_paths.h_for__PATH_MOUNTED.patch
- Use rccifs -> service symlink for proper status (bnc#908023).
- Remove dependency on gpg-offline as signature checking is implemented in the
  source validator.
- Add README.cifstab.migration to document the cifstab removal; (bnc#902947).
- Fix broken rccifs symbolic link.
- Remove dead code associated with cifstab file which is no longer used.
- Update to version 1.5:
  + Add support for GCE (bsc#1159460, bsc#1178486)
  + Improve default gateway determination
- Update to version 1.4:
  + copy routes from default routing table (bsc#1162705, bsc#1162707)
  + make CLOUD_NETCONFIG_MANAGE default configurable
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
  shortcut through the -mini flavors.
- Removed obsolete Group tag from spec file
- Update to version 1.3:
  + Fix IPv4 address handling on secondary NICs in Azure
- Update to version 1.2:
  + support AWS IMDSv2 token
- Update to version 1.1
  + fix use of GATEWAY variable (bsc#1157117, bsc#1157190)
  + remove secondary IPv4 address only when added by cloud-netconfig
  + simplify routing setup for single NIC systems (partly fixes
- Update to version 1.0:
  + pause and retry if API call throttling is detected in Azure
    (bsc#1135257 bsc#1135263)
- Update to version 0.9:
  + run cloud-netconfig periodically (bsc#1118783 bsc#1122013)
  + do not treat eth0 special wrt routing policies (bsc#1123008)
  + reduce timeout on metadata read (bsc#1112822)
- Update to version 0.7:
  + no persistent interface names in Azure (bsc#1095485)
- Added dependency on curl
- Use otherproviders() only on SLES 11 builds
- Remove dependency on udev-persistent-ifnames (bsc#1075484)
- Add missing Provides/Conflicts statements to spec file
- Prepare for SLE11 submission (bsc#1063292)
- Update to version 0.6:
  + Use tested and supported metadata API versions
- Update to version 0.5
  + New API version for Azure metadata server
  + Wait for the metadata server in EC2
- Update to version 0.4:
  Do not touch VF interfaces in Azure (bsc#1055553)
- Prepare for SLE submission (FATE#323820, bsc#1027212)
- Added conflict tags
- Fix requires for non-Leap platforms
- Initial version 0.3
- Update to version 1.0.12+v1.git.1587474580.a5fda2bc:
  * Fix EC2 stonith plugin (bsc#1169784)
- Update to version 1.0.12+v1.git.1560323319.fd5a3bef:
  * ibmhmc: Create /var/run/heartbeat/rsctmp if it doesn't exist (bsc#1131545)
- Create /var/run/heartbeat/rsctmp directory (bsc#1131545)
- Update to version 1.0.12+v1.git.1534346580.be86a9f2:
  * Fix: stonith:ibmhmc: Add "/managedsyspat"/ and "/password"/ as supported parameters (bsc#1098758)
- Remove obsolete patch:
  * Remove 0001-Medium-external-ec2-Mitigate-fence-race-bsc-1088656.patch
- Update to version 1.0.12+v1.git.1523280117.43b22d15:
  * High: external/ec2: Avoid unicode errors and improve performance (bsc#1088656)
- Medium: external/ec2: Mitigate fence race (bsc#1088656)
  * Add 0001-Medium-external-ec2-Mitigate-fence-race-bsc-1088656.patch
- Build: Ship cibsecret by pacemaker instead of cluster-glue (bsc#1082456)
- spec: Still use 90 as the consistent gid for the group "/haclient"/ among the cluster
- Stop building static archives only to remove them later.
- Switch to pkgconfig dependencies
- Drop asciidoc from deps, even tho configure.ac checks for it
  the mans are generated by docbook
- Format with spec-cleaner
- Remove old distributions as we build only on SLE12+ (sle11/sle10)
- Always disable fatal warnings, it only turns on -Werror which is
  pointless for distro builds and just could break with gcc updates
- Use the user creation oneliner like other packages
- Fix Python 3 compatibility in these agents (bsc#1073376):
  * external/ibmrsa-telnet
  * external/dracmc-telnet
  * external/riloe
- Port scripts to Python 3
  * Add 0001-Port-scripts-to-Python-3.patch
- Update to version 1.0.12+v1.git.1511436818.71ae59fa:
  * Fix: stonith:external/ec2: Enforce en_US.UTF-8 locale when invoking aws client (bsc#1059171)
  * Drop libnet dependency (bsc#1069596)
- Update to version 1.0.12+v1.git.1501749673.bdd95fd0:
  * stonith: external/vcenter: Reset returns success with RESETPOWERON=0 if vm is already off (bsc#1050908)
  * Remove hb_report from doc/
  * Fix warnings reported by GCC7. (bsc#1030241)
  * * Drop 0001-Fix-warnings-reported-by-GCC7.patch which has been merged upstream
- Remove openhpi support as the packages is going to be removed.
- Add 0001-Fix-warnings-reported-by-GCC7.patch to fix bnc#1030241.
- Require user and group nobody
- Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13.
- Update to version 1.0.12+v1.git.1485976882.03d61cd:
  * Low: ipc: fix poll function parameter type
  * Medium: hb_report: invoke crm to create a report
- Update to version 1.0.12+v1.git.1478088779.afaeeb2:
  * Low: stonith: Convert gethostbyname() usage to getaddrinfo()
  * Low: apcmastersnmp: Convert gethostbyname() usage to getaddrinfo()
  * Low: ipmilan_command: Convert gethostbyname() to getaddrinfo()
  * Low: wti_mpc: Convert gethostbyname() usage to getaddrinfo()
- Update to version 1.0.12+v1.git.1476869614.524e5d0:
  * Adjust version to correct sorting
- Update to version 1.0.12+git.1476707642.08bec62:
  * low: cl_plumbing: Fix incorrect negations
- Drop merged patches:
  * Remove cluster-glue-gcc5.patch
  * Remove remove-unused-constants.patch
- Update to version 1.0.12+git.1476172419.3e86358:
  * Upstream is now github.com/ClusterLabs/cluster-glue.git
  * stonith: describe -E option
- Update to 1.0.12+hg2818
  + Fix addresses of FSF, point to gnu.org/licenses instead
- Fix build with GCC 6
  + Add remove-unused-constants.patch
- Update to 1.0.12+hg2816
  + Medium: stonith: external/libvirt: fix handling of hosts with uppercase letters in names
- upstream cs: 56f40ec5d37e
- Update to 1.0.12+hg2815
  + Medium: stonith: external/ec2: use target's uname as default for port (bsc#947026)
- Replace hb_report with script which calls crm report (bsc#950182) (bsc#950483)
- Remove 0006-ec2-instance-tag-bsc-947026.patch
- Remove 0001-high-hb_report-Collect-logs-from-journald-boo-900654.patch
- Remove 0002-high-hb_report-Prefer-pacemaker.log-if-it-exists-bsc.patch
- Remove 0003-high-hb_report-Always-prefer-syslog-if-available-bsc.patch
- Remove 0004-low-hb_report-increase-time-to-wait-for-the-logmark.patch
- Remove 0005-low-hb_report-collect-libqb-version-bsc-943327.patch
- Remove bnc662816_cluster-glue_hb_report_abspath.patch
- Move libglue-devel to group Development/Libraries/C and C++
- Upstream cs: a10cd7cc13f5
- Dev: stonith: external/ec2: Be able to omit the "/port"/ option. (bsc#947026) (fate#319008)
- Add 0006-ec2-instance-tag-bsc-947026.patch
- high: hb_report: Always prefer syslog if available (bsc#942906)
- low: hb_report: Increase time to wait for the logmark
- low: hb_report: Collect libqb version (bsc#943327)
- Add 0003-high-hb_report-Always-prefer-syslog-if-available-bsc.patch
- Add 0004-low-hb_report-increase-time-to-wait-for-the-logmark.patch
- Add 0005-low-hb_report-collect-libqb-version-bsc-943327.patch
- high: hb_report: Prefer pacemaker.log if it exists (bsc#941681)
- Add 0002-high-hb_report-Prefer-pacemaker.log-if-it-exists-bsc.patch
- Low: stonith: external/ec2: update name in the short description
- High: stonith: external/ec2: new agent for aws/ec2
- Medium: hb_report: use faster zypper interface if available
- Medium: stonith: external/vcenter: replace experimental smartmatch (bnc#900353)
- Medium: ha_logd: prevent race caused by pid reuse (bsc#894272)
- fix syslogmsgfmt logging inconsistency for stderr/stdout
- Medium: clplumbing: don't abort on bad input
- upstream cs: 9da0680bc9c0
- Add cluster-glue-gcc5.patch to fix gazillions of -Wformat=2 warnings
  about signed/unsigned format vs. argument mismatches GCC 5 now emits.
  Fixes build with GCC 5.
- buildrequire the systemd macros before using them - and all
  the package wants is the macro anyway, so no need to buildrequire
  systemd libraries
- undo: fix using hb_report script with non-bash shells due to
  bad logic
  * removed cluster-glue-fix-bashisms.patch
- fix using hb_report script with non-bash shells
- add patches:
  + cluster-glue-fix-bashisms.patch
- Replace systemd BuildRequires with pkgconfig(systemd): we do not
  require the full installation / dep chain of systemd.
- conntrackd-cthelper-Add-new-SLP-helper.patch:
  userspace conntrack helper for SLP (Service Location Protocol) to
  replace SUSE specific kernel helper (rejected by upstream) from
  openSUSE / SLE kernel packages (FATE#324143 bsc#1127886)
- run autoreconf before build (patch above touches Makefile.am)
- add commented out conntrack helper config example to default
- drop deprecated (and ignored) options Nice and UNIX/Backlog from
  default conntrackd.conf
- Fix 1.4.5 parser issues (bsc#1141480):
- Update to new upstream release 1.4.5
  * new synproxy support
  * improved logging support (both stdout/stderr and log files)
  * new mDNS ct helper
  * deprecate unix backlog configuration
  * drop old/obsolete/deprecated conntrackd.conf config options
  * improved support for UPnP in the SSDP ct helper
  * add stronger TCP flags support
  * conntrack CLI tool: new support for IPv6 NAT
  * nfct CLI tool: some improvements to the build (-z lazy)
- Add tirpc for openSUSE 15 and onwards.
- submission from lars@linux-schulserver.de, partially applied
- split out new subpackage "/conntrackd"/ for the eponymous
  daemon (has systemd dependencies)
- add systemd service, logrotate config, sample sysconfig,
  and sample config file.
- Update to new upstream release 1.4.4
  * conntrackd: add systemd support
  * conntrack: support delete by label
  * conntrack: add support for netmask filtering
  * conntrack: add support for CIDR notation
  * conntrack: Add missing tables "/dying"/ and "/unconfirmed"/
  to usage output.
- Update to new upstream release 1.4.3
  * conntrack: fix expectation entry creation
  * expect: Fix wrong memset usage
  * cthelper: don't pass up a 0 length queue
  * conntrackd: allow strings with underscore from flex scanner
  * conntrack: fix setting labels in updates
- Update to new git snapshot 1.4.2.g26
  * Chromecast/SSDP support, SSDP userspace helper
  * TFTP userspace helper support
  * Support for attaching expectations via nfqueue
  * Fix directory lookup for helper plugins
  * Fixes a possible crash if conntrackd sees DCCP, SCTP and ICMPv6
  traffic and the corresponding kernel modules that track this
  traffic are not available. [bnc#942419, CVE-2015-6496]
- Drop gpg-offline build-time requirement; this is now handled by
  the local source validator
- Update to new upstream release 1.4.2
  * This release includes bugfixes and the connlabel support.
- Add patch for CVE-2021-32760. bsc#1188282
  + bsc1188282-use-chmod-path-for-checking-symlink.patch
- Drop long-since upstreamed patch, originally needed to fix i386 builds on
  - 0001-makefile-remove-emoji.patch
- Update to containerd v1.4.4, to fix CVE-2021-21334.
- Update to handle the docker-runc removal, and drop the -kubic flavour.
  bsc#1181677 bsc#1181749
- Update to containerd v1.4.3, which is needed for Docker v20.10.2-ce.
- Install the containerd-shim* binaries and stop creating
  docker-containerd-shim because that isn't used by Docker anymore.
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and
  fixes CVE-2020-15257. bsc#1178969 bsc#1180243
- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce.
  boo#1176708 bsc#1177598 CVE-2020-15157
- Refresh patches:
  * 0001-makefile-remove-emoji.patch
- Use Go 1.13 for build.
- Update to containerd v1.2.13, which is required for Docker 19.03.11-ce.
- Update to containerd v1.2.10, which is required for Docker 19.03.3-ce.
  bsc#1153367 bsc#1157330
- Update to containerd v1.2.6, which is required for Docker v18.09.7-ce.
- Remove containerd-test (it's not useful for actual testing).
- Update to containerd v1.2.5, which is required for v18.09.5-ce.
  bsc#1128376 boo#1134068
- Update containerd to v1.2.4
  * cri: Set /etc/hostname
  * cri: Fix env performance issue
  * runc updated to 6635b4f0c6af3810594d2770f662f34ddc15b40d to solve
    bsc#1121967 CVE-2019-5736
  * cri updated to da0c016c830b2ea97fd1d737c49a568a816bf964
  * Windows: NewDirectIOFromFIFOSet
  * Changelogs from previous versions also included in this update:
- Update to containerd v1.2.2, which is required for Docker v18.09.1-ce.
  * Fix rare deadlock on FIFO creation with timeout
  * Fix a bug that a container can't be stopped or inspected when its
    corresponding image is deleted
  * Fix a bug that the cri plugin handles containerd events outside of
    k8s.io namespace
  more changes at:
  Changelogs from previous versions also included in this update:
- Remove required_dockerrunc commit pinning, as it just lead to issues.
- Remove upstreamed patches.
  - 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Disable leap based builds for kubic flavor. bsc#1121412
- Update go requirements to >= go1.10 to fix
  * bsc#1118897 CVE-2018-16873
    go#29230 cmd/go: remote command execution during "/go get -u"/
  * bsc#1118898 CVE-2018-16874
    go#29231 cmd/go: directory traversal in "/go get"/ via curly braces in import paths
  * bsc#1118899 CVE-2018-16875
    go#29233 crypto/x509: CPU denial of service
- Add backport of https://github.com/containerd/containerd/pull/2764, which is
  required for us to build containerd on i586 SLE-12 (where /bin/sh doesn't
  like emoji in shell scripts). bsc#1102522 bsc#1113313
  + 0001-makefile-remove-emoji.patch
- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
- Merge -kubic packages back into the main Virtualization:containers packages.
  This is done using _multibuild to add a "/kubic"/ flavour, which is then used
  to conditionally compile patches and other kubic-specific features.
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
  to work with Docker and containerd. fate#325877
- Update to containerd v1.1.1, which is the required version for the Docker
  v18.06.0-ce upgrade. bsc#1102522
- Add backport of https://github.com/containerd/containerd/pull/2534 to make
  the man page no longer pollute the global namespace.
  + 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Remove the following patch since it has already been merged upstream.
  - bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Remove systemd-related files and add docker-containerd-* symlinks; this
  aligns with the upstream defaults where dockerd will execute
  docker-containerd. Version upgrades of docker are expected to work more
  smoothly as much of the upgrade logic is implemented in dockerd.
- Add containerd-rpmlintrc (or containerd-kubic-rpmlintrc) to deal with
  /usr/src/containerd/* rpmlint errors (which don't affect normal users of this
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
  and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
  testing has been far more useful. boo#1095817
- Review obsoletes tag to fix bsc#1080978
- Put containerd under the podruntime slice. This the recommended
  deployment to allow fine resource control on Kubernetes.
- Add ${version} to equivalent non-kubic package provides
- Add Provides for equivalent non-kubic packages
- do not build on s390, only on s390x (no go on s390)
- Fix build with RPM 4.14: exclude is not meant for files to NOT be
  packaged, but should only be used if the files are to be excluded
  from a glob when they end up in a different package. Rather
  remove the unwanted files in the install section.
- Update to containerd@06b9cb35161009dcb7123345749fef02f7cea8e0, which is
  requried by Docker 17.09.1_ce.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Set --start-timeout=2m by default to match upstream. bsc#1064926
- Use the upstream makefile so that Docker can get the commit ID in `docker
  info`. This also will avoid possible future warnings being spit out like
  bsc#1065109 and boo#1053532.
- Backport https://github.com/containerd/containerd/pull/1686, which is
  required for the above fix. bsc#1065109 boo#1053532
  + bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Update to containerd@3addd840653146c90a254301d6c3a663c7fd6429, which is
  required by Docker 17.07.0_ce (this commit is effectively v0.2.9 with a few
  bugfixes missing).
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
- change dependency to docker-runc
- fix golang requirement to 1.7 for the subpackages
- fix golang requirement to 1.7
- Replace %__-type macro indirections
- update containerd to the commit version needed for
  docker-v17.04.0-ce (bsc#1034053)
  fix bsc#1032769: containerd spurious messages filling journal
- make sure this package is being built with go 1.7
- remove the go_arches macro because we are using go1.7 which
  is available in all archs
- Set TasksMax=infinity to make sure runC doesn't start failing randomly.
- update to docker 1.13.0 requirement
- Update docker to the version used in Docker 1.12.6. This is necessary to fix
  CVE-2016-9962 (bsc#1012568).
- update containerd to the version used in docker 1.12.5 (bsc#1016307).
  This fixes bsc#1015661
- fix runc version
  fix bsc#1009961
- fix version so that it contains a sequence number and zypper does
  not think is a downgrade
- fix bsc#1006368: docker/containerd is broken when installed by
  SuSE Studio in an appliance: We were missing the
    Requires(post): %fillup_prereq
- update runc requirement to 02f8fa7863dd3f82909a73e2061897828460d52f
  (see RUNC_COMMIT in Dockerfile)
- update to commit 0366d7e which is the one required for docker-1.12.2
- fix go_arches definition: use global instead of define, otherwise
  it fails to build
- Remove GOPATH at the end of the GOPATH assignment
  cause GOPATH is empty and if we do that, we get the path "/"/
  appended, which causes gcc6-go to complain
- add go_arches in project configuration: this way, we can use the
  same spec file but decide in the project configuration if to
  use gc-go or gcc-go for some archs.
- update to v2.3.0 (bsc#995058)
- Remove patches which were already merged upstream:
  * socket-activation-01-vendor.patch
  * socket-activation-02-daemon.patch
  * socket-activation-03-ctr.patch
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
- bump git commit id to the one required by docker v1.12.0
- run test during build
- only run tests on architectures that provide the go list and got test tools
- add aarch64 to go arches
- Add containerd-test package which contains the source code and the test. This
  package will be used to run the integration tests.
- Simplify package build and check sections: Instead of symlinking we default to
  cp -avr. go list gets confused by symlinks hence, we need to copy the source
  code anyway if we want to run unit tests during package build at some point.
* Explicitly state the version dependency for runC, to avoid potential
  issues with incompatible component versions. These must be updated
  * each time we do a release*. Unfortunately we cannot create a hard
  dependency because that would conflict with Docker, and was a mistake
  on upstream's part. bsc#993847
* Set --runtime option specifically to runC. bsc#978260
* Update to containerd v0.2.2. (bsc#989566 FATE#320763)
  * Includes updates to the out-of-tree patches.
* Remove MountFlags=slave from containerd.service. This causes many issues with
  interactions with Docker.
* Added /usr/sbin/rccontainerd symlink as per suse-missing-rclink.
  * Updated socket activation patches to use the same patchset that was merged
  upstream (https://github.com/docker/containerd/pull/178):
  * socket-activation-01-vendor.patch
  * socket-activation-02-daemon.patch
  * socket-activation-03-ctr.patch
  * Removed aarch64 that was patched upstream:
  - fix-aarch64-epoll.patch
  * Update containerd to 0.2.1. Upstream changelog:
  * Fixes for cgroup memory updates and process labeling.
  * Truncate the event log on disk and in memory so that it does not
    grow forever.  This is mainly used for higher levels to receive past
    events if they miss any.
* Use the gc compiler for aarch64 builds.
  * Add a patch to fix the new aarch64 build support, which has not yet been
  merged upstream (https://github.com/docker/containerd/pull/195):
  + fix-aarch64-epoll.patch
  * Rebase the socket activation patchset which has yet to be merged
  * socket-activation-01-vendor.patch
  * socket-activation-02-daemon.patch
  * socket-activation-03-ctr.patch
  * Update to containerd 0.2.0. Changelog:
  + Add Limit to PidsStats
  + Add timeout flag for container start times.
  + Add timeout option for GRPC connection.
  + Add no_pivot_root support.
  + Add runtimeArgs to pass to shim
  * Move epoll syscall to a separate package so we can build on aarch64.
  * Fix ctr termios restoration isssues.
  * Several bug fixes.
  - Remove dependencies on larger packages.
* Use socket activation with the containerd-daemon. This requires a
  not-yet-upstream patchset (https://github.com/docker/containerd/pull/178):
  + socket-activation-01-vendor.patch
  + socket-activation-02-daemon.patch
  + socket-activation-03-ctr.patch
  * Remove MountFlags=slave since it's not relevant to containerd and might cause
  issues in the future.
  * Update to containerd 0.1.0. This required quite a few fixes.
* Add initial packaging of containerd 0.0.5.
  * Add service and sysconfig files.
  * Separately package the client from the server.
  * Install to /usr/sbin.
- prepare usrmerge (boo#1029961)
- gnulib-test-avoid-FP-perror-strerror.patch: Add patch to
  avoid false-positive error in gnulib tests 'test-perror2' and
  'test-strerror_r', visible on armv7l.
- coreutils.spec: Reference the patch.
- Drop suse-module-tools BuildRequires: this was used for the macro
  regenerate_initrd_post/posttrans, which have been moved to
  rpm-config-SUSE in Jan 2019.
- coreutils-gnulib-disable-test-float.patch: Add patch to temporarily
  disable the gnulib test 'test-float' failing on ppc and ppc64le.
- coreutils.spec: Reference the patch.  While at it, avoid conditional
  Patch and Source entries as that break cross-platform builds from
  source RPMs.
- add coreutils-use-python3.patch to minimally port away from
  python 2.x use of pyinotify in the testsuite
- Update to 8.32:
  * Noteworthy changes in release 8.32 (2020-03-05) [stable]
  * * Bug fixes
  cp now copies /dev/fd/N correctly on platforms like Solaris where
  it is a character-special file whose minor device number is N.
  [bug introduced in fileutils-4.1.6]
  dd conv=fdatasync no longer reports a "/Bad file descriptor"/ error
  when fdatasync is interrupted, and dd now retries interrupted calls
  to close, fdatasync, fstat and fsync instead of incorrectly
  reporting an "/Interrupted system call"/ error.
  [bugs introduced in coreutils-6.0]
  df now correctly parses the /proc/self/mountinfo file for unusual entries
  like ones with 'r' in a field value ("/mount -t tmpfs tmpfs /foo$'r'bar"/),
  when the source field is empty ('mount -t tmpfs "/"/ /mnt'), and when the
  filesystem type contains characters like a blank which need escaping.
  [bugs introduced in coreutils-8.24 with the introduction of reading
  the /proc/self/mountinfo file]
  factor again outputs immediately when stdout is a tty but stdin is not.
  [bug introduced in coreutils-8.24]
  ln works again on old systems without O_DIRECTORY support (like Solaris 10),
  and on systems where symlink ("/x"/, "/."/) fails with errno == EINVAL
  (like Solaris 10 and Solaris 11).
  [bug introduced in coreutils-8.31]
  rmdir --ignore-fail-on-non-empty now works correctly for directories
  that fail to be removed due to permission issues.  Previously the exit status
  was reversed, failing for non empty and succeeding for empty directories.
  [bug introduced in coreutils-6.11]
  'shuf -r -n 0 file' no longer mistakenly reads from standard input.
  [bug introduced with the --repeat feature in coreutils-8.22]
  split no longer reports a "/output file suffixes exhausted"/ error
  when the specified number of files is evenly divisible by 10, 16, 26,
  for --numeric, --hex, or default alphabetic suffixes respectively.
  [bug introduced in coreutils-8.24]
  seq no longer prints an extra line under certain circumstances (such as
  'seq -f "/%g "/ 1000000 1000000').
  [bug introduced in coreutils-6.10]
  * * Changes in behavior
  Several programs now check that numbers end properly.  For example,
  'du -d 1x' now reports an error instead of silently ignoring the 'x'.
  Affected programs and options include du -d, expr's numeric operands
  on non-GMP builds, install -g and -o, ls's TABSIZE environment
  variable, mknod b and c, ptx -g and -w, shuf -n, and sort --batch-size
  and --parallel.
  date now parses military time zones in accordance with common usage:
    "/A"/ to "/M"/  are equivalent to UTC+1 to UTC+12
    "/N"/ to "/Y"/  are equivalent to UTC-1 to UTC-12
    "/Z"/ is "/zulu"/ time (UTC).
  For example, 'date -d "/09:00B"/ is now equivalent to 9am in UTC+2 time zone.
  Previously, military time zones were parsed according to the obsolete
  rfc822, with their value negated (e.g., "/B"/ was equivalent to UTC-2).
  [The old behavior was introduced in sh-utils 2.0.15 ca. 1999, predating
  coreutils package.]
  ls issues an error message on a removed directory, on GNU/Linux systems.
  Previously no error and no entries were output, and so indistinguishable
  from an empty directory, with default ls options.
  uniq no longer uses strcoll() to determine string equivalence,
  and so will operate more efficiently and consistently.
  * * New Features
  ls now supports the --time=birth option to display and sort by
  file creation time, where available.
  od --skip-bytes now can use lseek even if the input is not a regular
  file, greatly improving performance in some cases.
  stat(1) supports a new --cached= option, used on systems with statx(2)
  to control cache coherency of file system attributes,
  useful on network file systems.
  * * Improvements
  stat and ls now use the statx() system call where available, which can
  operate more efficiently by only retrieving requested attributes.
  stat and tail now know about the "/binderfs"/, "/dma-buf-fs"/, "/erofs"/,
  "/ppc-cmm-fs"/, and "/z3fold"/ file systems.
  stat -f -c%T now reports the file system type, and tail -f uses inotify.
  * * Build-related
  gzip-compressed tarballs are distributed once again
- Refresh patches:
  * coreutils-disable_tests.patch
  * coreutils-getaddrinfo.patch
  * coreutils-i18n.patch
  * coreutils-invalid-ids.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch:
  * uniq: remove collation handling as required by newer POSIX; see
  - https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8e81d44b5
  - https://www.austingroupbugs.net/view.php?id=963
- coreutils-ls-restore-8.31-behavior-on-removed-dirs.patch:
  * Add patch for 'ls' to restore 8.31 behavior on removed directories.
- coreutils.spec:
  * Version: bump version.
  * %check: re-enable regular 'make check' for non-multibuild package.
  * reference the above new patch.
- coreutils.keyring:
  * Update from upstream (Savannah).
- disable single and testsuite builds in rings/staging
- remove duplicate "/coreutils"/ in flavor to make it look nicer in OBS
- minor: remove obsolete comment in spec file.
- switch to multibuild
- add coreutils-single subpackage that contains a single binary coreutils tool
  similar to busybox
- package LC_CTIME directories also in lang package
- split off doc package
- remove info macros, handled by file trigger nowadays
- Do not recommend lang package. The lang package already has a
- Update to 8.31:
  * Noteworthy changes in release 8.31 (2019-03-10) [stable]
  * * Bug fixes
  'base64 a b' now correctly diagnoses 'b' as the extra operand, not 'a'.
  [bug introduced in coreutils-5.3.0]
  When B already exists, 'cp -il A B' no longer immediately fails
  after asking the user whether to proceed.
  [This bug was present in "/the beginning"/.]
  df no longer corrupts displayed multibyte characters on macOS.
  [bug introduced with coreutils-8.18]
  seq no longer outputs inconsistent decimal point characters
  for the last number, when locales are misconfigured.
  [bug introduced in coreutils-7.0]
  shred, sort, and split no longer falsely report ftruncate errors
  when outputting to less-common file types.  For example, the shell
  command 'sort /dev/null -o /dev/stdout | cat' no longer fails with
  an "/error truncating"/ diagnostic.
  [bug was introduced with coreutils-8.18 for sort and split, and
  (for shared memory objects only) with fileutils-4.1 for shred]
  sync no longer fails for write-only file arguments.
  [bug introduced with argument support to sync in coreutils-8.24]
  'tail -f file | filter' no longer exits immediately on AIX.
  [bug introduced in coreutils-8.28]
  'tail -f file | filter' no longer goes into an infinite loop
  if filter exits and SIGPIPE is ignored.
  [bug introduced in coreutils-8.28]
  * * Changes in behavior
  cksum, dd, hostid, hostname, link, logname, sleep, tsort, unlink,
  uptime, users, whoami, yes: now always process --help and --version options,
  regardless of any other arguments present before any optional '--'
  end-of-options marker.
  nohup now processes --help and --version as first options even if other
  parameters follow.
  'yes a -- b' now outputs 'a b' instead of including the end-of-options
  marker as before: 'a -- b'.
  echo now always processes backslash escapes when the POSIXLY_CORRECT
  environment variable is set.
  When possible 'ln A B' now merely links A to B and reports an error
  if this fails, instead of statting A and B before linking.  This
  uses fewer system calls and avoids some races.  The old statting
  approach is still used in situations where hard links to directories
  are allowed (e.g., NetBSD when superuser).
  ls --group-directories-first will also group symlinks to directories.
  'test -a FILE' is not supported anymore.  Long ago, there were concerns about
  the high probability of humans confusing the -a primary with the -a binary
  operator, so POSIX changed this to 'test -e FILE'.  Scripts using it were
  already broken and non-portable; the -a unary operator was never documented.
  wc now treats non breaking space characters as word delimiters
  unless the POSIXLY_CORRECT environment variable is set.
  * * New features
  id now supports specifying multiple users.
  'date' now supports the '+' conversion specification flag,
  introduced in POSIX.1-2017.
  printf, seq, sleep, tail, and timeout now accept floating point
  numbers in either the current or the C locale.  For example, if the
  current locale's decimal point is ',', 'sleep 0,1' and 'sleep 0.1'
  now mean the same thing.  Previously, these commands accepted only
  C-locale syntax with '.' as the decimal point.  The new behavior is
  more compatible with other implementations in non-C locales.
  test now supports the '-N FILE' unary operator (like e.g. bash) to check
  whether FILE exists and has been modified since it was last read.
  env now supports '--default-signal[=SIG]', '--ignore-signal[=SIG]', and
  '--block-signal[=SIG], to setup signal handling before executing a program.
  env now supports '--list-signal-handling' to indicate non-default
  signal handling before executing a program.
  * * New commands
  basenc is added to complement existing base64,base32 commands,
  and encodes and decodes printable text using various common encodings:
  * * Improvements
  ls -l now better aligns abbreviated months containing digits,
  which is common in Asian locales.
  stat and tail now know about the "/sdcardfs"/ file system on Android.
  stat -f -c%T now reports the file system type, and tail -f uses inotify.
  stat now prints file creation time when supported by the file system,
  on GNU Linux systems with glibc >= 2.28 and kernel >= 4.11.
- Refresh patches (line number changes only):
  * coreutils-disable_tests.patch
  * coreutils-i18n.patch
  * coreutils-misc.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
  * Version: bump version.
  * URL: Use https scheme.
  * %description: Add 'basenc' tool.
  * Change gitweb to cgit URL with https in a comment.
- coreutils.keyring:
  * Update for added section headers ('GPG keys of <MAINTAINER>').
- Update to 8.30:
  * Noteworthy changes in release 8.30 (2018-07-01) [stable]
  * * Bug fixes
  'cp --symlink SRC DST' will again correctly validate DST.
  If DST is a regular file and SRC is a symlink to DST,
  then cp will no longer allow that operation to clobber DST.
  Also with -d, if DST is a symlink, then it can always be replaced,
  even if it points to SRC on a separate device.
  [bugs introduced with coreutils-8.27]
  'cp -n -u' and 'mv -n -u' now consistently ignore the -u option.
  Previously, this option combination suffered from race conditions
  that caused -u to sometimes override -n.
  [bug introduced with coreutils-7.1]
  'cp -a --no-preserve=mode' now sets appropriate default permissions
  for non regular files like fifos and character device nodes etc.,
  and leaves mode bits of existing files unchanged.
  Previously it would have set executable bits on created special files,
  and set mode bits for existing files as if they had been created.
  [bug introduced with coreutils-8.20]
  'cp --remove-destination file symlink' now removes the symlink
  even if it can't be traversed.
  [bug introduced with --remove-destination in fileutils-4.1.1]
  ls no longer truncates the abbreviated month names that have a
  display width between 6 and 12 inclusive.  Previously this would have
  output ambiguous months for Arabic or Catalan locales.
  'ls -aA' is now equivalent to 'ls -A', since -A now overrides -a.
  [bug introduced in coreutils-5.3.0]
  'mv -n A B' no longer suffers from a race condition that can
  overwrite a simultaneously-created B.  This bug fix requires
  platform support for the renameat2 or renameatx_np syscalls, found
  in recent Linux and macOS kernels.  As a side effect, ‘mv -n A A’
  now silently does nothing if A exists.
  [bug introduced with coreutils-7.1]
  * * Changes in behavior
  'cp --force file symlink' now removes the symlink even if
  it is self referential.
  ls --color now matches file extensions case insensitively.
  * * New features
  cp --reflink now supports --reflink=never to enforce a standard copy.
  env supports a new -v/--debug option to show verbose information about
  each processing step.
  env supports a new -S/--split-string=S option to split a single argument
  string into multiple arguments. Used to pass multiple arguments in scripts
  (shebang lines).
  md5sum accepts a new option: --zero (-z) to delimit the output lines with a
  NUL instead of a newline character.  This also disables file name escaping.
  This also applies to sha*sum and b2sum.
  rm --preserve-root now supports the --preserve-root=all option to
  reject any command line argument that is mounted to a separate file system.
  * * Improvements
  cut supports line lengths up to the max file size on 32 bit systems.
  Previously only offsets up to SIZE_MAX-1 were supported.
  stat and tail now know about the "/exfs"/ file system, which is a
  version of XFS.  stat -f --format=%T now reports the file system type,
  and tail -f uses inotify.
  wc avoids redundant processing of ASCII text in multibyte locales,
  which is especially significant on macOS.
  * * Build-related
  Adjust to glibc >= 2.28  (bsc#1182550, jsc#SLE-13520, jsc#SLE-13756)
- Refresh patches (line number changes only):
  * coreutils-build-timeout-as-pie.patch
  * coreutils-disable_tests.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
  * (License): osc changed the value from "/GPL-3.0+"/ to "/GPL-3.0-or-later"/.
  * (build): Make sure that parse-datetime.{c,y} ends up in debuginfo (rh#1555079).
- coreutils-i18n.patch:
  * src/exand.c,src/unexpand.c: Avoid -Wcomment warning.
  * src/cut.c (cut_characters_or_cut_bytes_no_split): Change idx from size_t
    to uintmax_t type to avoid a regression on i586, armv7l and ppc.
    Compare upstream, non-MB commit:
    (cut_fields_mb): Likewise for field_idx.
  * tests/misc/cut.pl: Remove downstream tweaks as upstream MB tests are
    working since a while.
- coreutils.keyring: Update Assaf Gordon's GPG public key.
- Use %license (boo#1082318)
- Update to 8.29:
  * Noteworthy changes in release 8.29 (2017-12-27) [stable]
  * * Bug fixes
  b2sum no longer crashes when processing certain truncated check files.
  [bug introduced with b2sum coreutils-8.26]
  dd now ensures the correct cache ranges are specified for the "/nocache"/
  and "/direct"/ flags.  Previously some pages in the page cache were not
  invalidated.  [bug introduced for "/direct"/ in coreutils-7.5,
  and with the "/nocache"/ implementation in coreutils-8.11]
  df no longer hangs when given a fifo argument.
  [bug introduced in coreutils-7.3]
  ptx -S no longer infloops for a pattern which returns zero-length matches.
  [the bug dates back to the initial implementation]
  shred --remove will again repeatedly rename files with shortening names
  to attempt to hide the original length of the file name.
  [bug introduced in coreutils-8.28]
  stty no longer crashes when processing settings with -F also specified.
  [bug introduced in fileutils-4.0]
  tail --bytes again supports non seekable inputs on all systems.
  On systems like android it always tried to process as seekable inputs.
  [bug introduced in coreutils-8.24]
  timeout will again notice its managed command exiting, even when
  invoked with blocked CHLD signal, or in a narrow window where
  this CHLD signal from the exiting child was missed.  In each case
  timeout would have then waited for the time limit to expire.
  [bug introduced in coreutils-8.27]
  * * New features
  timeout now supports the --verbose option to diagnose forced termination.
  * * Improvements
  dd now supports iflag=direct with arbitrary sized files on all file systems.
  tail --bytes=NUM will efficiently seek to the end of block devices,
  rather than reading from the start.
  Utilities which do not support long options (other than the default --help
  and --version), e.g. cksum and sleep, now use more consistent error diagnostic
  for unknown long options.
  * * Build-related
  Default man pages are now distributed which are used if perl is
  not available on the build system, or when cross compiling.
- Refresh patches (line number changes only):
  * coreutils-i18n.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- Update to 8.28
  (for details see included NEWS file)
- Refresh patches:
  * coreutils-disable_tests.patch
  * coreutils-i18n.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.keyring: Update from upstream (Savannah).
- Remove now-upstream patches:
  * coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch
  * coreutils-tests-port-to-timezone-2017a.patch
- coreutils.spec: Add "/BuildRequires: user(bin)"/ for the tests.
- Drop coreutils-ocfs2_reflinks.patch
  OCFS2 file system has supported file clone ioctls like btrfs,
  then, coreutils doesn't need this patch from the kernel v4.10-rc1
- coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch:
  Add upstream patch to fix an heap overflow security issue
  in date(1) and touch(1) with a large TZ variable
  (CVE-2017-7476, rh#1444774, boo#1037124).
- Update to 8.27
  (for details see included NEWS file)
- Refresh patches:
  * coreutils-build-timeout-as-pie.patch
  * coreutils-disable_tests.patch
  * coreutils-getaddrinfo.patch
  * coreutils-i18n.patch
  * coreutils-ocfs2_reflinks.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
  * coreutils-testsuite.spec
- coreutils.keyring: Update (now ascii-armored) by
    'osc service localrun download_files'.
- coreutils-tests-port-to-timezone-2017a.patch: Add patch to
  workaround a FP test failure with newer timezone-2017a.
- Update to 8.26
  (for details see included NEWS file)
- coreutils.spec (%description): Add b2sum, a new utility.
  (BuildRequires): Add timezone to enable new 'date-debug.sh' test.
- coreutils-i18n.patch: Sync I18N patch from Fedora, as the diff
  for the old i18n implementation of expand/unexpand has become
- Remove now-upstream patches:
  * coreutils-df-hash-in-filter.patch
  * coreutils-diagnose-fts-readdir-failure.patch
  * coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch
  * coreutils-maint-fix-dependency-of-man-arch.1.patch
- Refresh/merge all other patches:
  * coreutils-invalid-ids.patch
  * coreutils-ocfs2_reflinks.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-sysinfo.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch:
  Add upstream patch to fix "/md5sum --check --ignore-missing"/ which
  treated files with checksums starting with "/00"/ as missing.
- coreutils-maint-fix-dependency-of-man-arch.1.patch: Add Upstream
  patch to fix the build dependency between src/arch -> man/arch.1
  which lead to spurious build failures.
- coreutils-df-hash-in-filter.patch: Refresh with -p0.
- Add coreutils-df-hash-in-filter.patch that speeds up df.
- coreutils-diagnose-fts-readdir-failure.patch: Add upstream patch
  to diagnose readdir() failures in fts-based utilities: rm, chmod,
  du, etc. (boo#984910)
- Update to 8.25
  (for details see included NEWS file)
- coreutils.spec (%description): Add base32, a new utility.
- Remove now-upstream patch:
  * coreutils-tests-avoid-FP-of-ls-stat-free-color.patch
- Refresh/merge all other patches:
  * coreutils-build-timeout-as-pie.patch
  * coreutils-disable_tests.patch
  * coreutils-i18n.patch
  * coreutils-invalid-ids.patch
  * coreutils-misc.patch
  * coreutils-ocfs2_reflinks.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-test_without_valgrind.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch: Sync I18N patch from semi-official repository
  (shared among distributions, maintained by Padraig Brady):
  This fixes the following issues in multi-byte locales:
  * sort: fix large mem leak with --month-sort (boo#945361, rh#1259942):
  * sort: fix assertion with some inputs to --month-sort
- coreutils-tests-avoid-FP-of-ls-stat-free-color.patch: Add upstream
  patch on top of v8.24 to avoid a FP test failure with glibc>=2.22.
- Sync I18N patch from semi-official repository (shared among
  distributions, maintained by Padraig Brady):
  * coreutils-i18n.patch: Improve cut(1) performance in field-mode
    in UTF8 locales.  Squash in sort-keycompare-mb.patch.
  * sort-keycompare-mb.patch: Remove.
- coreutils-build-timeout-as-pie.patch: Refresh.
- Update to 8.24:
  * * Bug fixes
  * dd supports more robust SIGINFO/SIGUSR1 handling for outputting statistics.
    Previously those signals may have inadvertently terminated the process.
  * df --local no longer hangs with inaccessible remote mounts.
    [bug introduced in coreutils-8.21]
  * du now silently ignores all directory cycles due to bind mounts.
    Previously it would issue a warning and exit with a failure status.
    [bug introduced in coreutils-8.1 and partially fixed in coreutils-8.23]
  * chroot again calls chroot(DIR) and chdir("//"/), even if DIR is "//"/.
    This handles separate bind mounted "//"/ trees, and environments
    depending on the implicit chdir("//"/).
    [bugs introduced in coreutils-8.23]
  * cp no longer issues an incorrect warning about directory hardlinks when a
    source directory is specified multiple times.  Now, consistent with other
    file types, a warning is issued for source directories with duplicate names,
    or with -H the directory is copied again using the symlink name.
  * factor avoids writing partial lines, thus supporting parallel operation.
    [the bug dates back to the initial implementation]
  * head, od, split, tac, tail, and wc no longer mishandle input from files in
    /proc and /sys file systems that report somewhat-incorrect file sizes.
  * mkdir --parents -Z now correctly sets the context for the last component,
    even if the parent directory exists and has a different default context.
    [bug introduced with the -Z restorecon functionality in coreutils-8.22]
  * numfmt no longer outputs incorrect overflowed values seen with certain
    large numbers, or with numbers with increased precision.
    [bug introduced when numfmt was added in coreutils-8.21]
  * numfmt now handles leading zeros correctly, not counting them when
    settings processing limits, and making them optional with floating point.
    [bug introduced when numfmt was added in coreutils-8.21]
  * paste no longer truncates output for large input files.  This would happen
    for example with files larger than 4GiB on 32 bit systems with a 'n'
    character at the 4GiB position.
    [the bug dates back to the initial implementation]
  * rm indicates the correct number of arguments in its confirmation prompt,
    on all platforms.  [bug introduced in coreutils-8.22]
  * shuf -i with a single redundant operand, would crash instead of issuing
    a diagnostic.  [bug introduced in coreutils-8.22]
  * tail releases inotify resources when unused.  Previously it could exhaust
    resources with many files, or with -F if files were replaced many times.
    [bug introduced in coreutils-7.5]
  * tail -f again follows changes to a file after it's renamed.
    [bug introduced in coreutils-7.5]
  * tail --follow no longer misses changes to files if those files were
    replaced before inotify watches were created.
    [bug introduced in coreutils-7.5]
  * tail --follow consistently outputs all data for a truncated file.
    [bug introduced in the beginning]
  * tail --follow=name correctly outputs headers for multiple files
    when those files are being created or renamed.
    [bug introduced in coreutils-7.5]
  * * New features
  * chroot accepts the new --skip-chdir option to not change the working directory
    to "//"/ after changing into the chroot(2) jail, thus retaining the current wor-
    king directory.  The new option is only permitted if the new root directory is
    the old "//"/, and therefore is useful with the --group and --userspec options.
  * dd accepts a new status=progress level to print data transfer statistics
    on stderr approximately every second.
  * numfmt can now process multiple fields with field range specifications similar
    to cut, and supports setting the output precision with the --format option.
  * split accepts a new --separator option to select a record separator character
    other than the default newline character.
  * stty allows setting the "/extproc"/ option where supported, which is
    a useful setting with high latency links.
  * sync no longer ignores arguments, and syncs each specified file, or with the
  - -file-system option, the file systems associated with each specified file.
  * tee accepts a new --output-error option to control operation with pipes
    and output errors in general.
  * * Changes in behavior
  * df no longer suppresses separate exports of the same remote device, as
    these are generally explicitly mounted.  The --total option does still
    suppress duplicate remote file systems.
    [suppression was introduced in coreutils-8.21]
  * mv no longer supports moving a file to a hardlink, instead issuing an error.
    The implementation was susceptible to races in the presence of multiple mv
    instances, which could result in both hardlinks being deleted.  Also on case
    insensitive file systems like HFS, mv would just remove a hardlinked 'file'
    if called like `mv file File`.  The feature was added in coreutils-5.0.1.
  * numfmt --from-unit and --to-unit options now interpret suffixes as SI units,
    and IEC (power of 2) units are now specified by appending 'i'.
  * tee will exit early if there are no more writable outputs.
  * tee does not treat the file operand '-' as meaning standard output any longer,
    for better conformance to POSIX.  This feature was added in coreutils-5.3.0.
  * timeout --foreground no longer sends SIGCONT to the monitored process,
    which was seen to cause intermittent issues with GDB for example.
  * * Improvements
  * cp,install,mv will convert smaller runs of NULs in the input to holes,
    and cp --sparse=always avoids speculative preallocation on XFS for example.
  * cp will read sparse files more efficiently when the destination is a
    non regular file.  For example when copying a disk image to a device node.
  * mv will try a reflink before falling back to a standard copy, which is
    more efficient when moving files across BTRFS subvolume boundaries.
  * stat and tail now know about IBRIX.  stat -f --format=%T now reports the file
    system type, and tail -f uses polling for files on IBRIX file systems.
  * wc -l processes short lines much more efficiently.
  * References from --help and the man pages of utilities have been corrected
    in various cases, and more direct links to the corresponding online
    documentation are provided.
- Patches adapted because of changed sources:
- Patches removed because they're included in 8.24:
- coreutils-doc-adjust-reference-to-info-nodes-in-man-pages.patch:
  add upstream patch:
  doc: adjust reference to info nodes in man pages (boo#933396)
- coreutils-i18n.patch: Use a later version of the previous patch
  to fix the sort I18N issue (boo#928749, CVE-2015-4041) to also
  avoid CVE-2015-4042.
- Download keyring file from Savannah; prefer HTTPS over FTP
  for remote sources.
- Fix memory handling error with case insensitive sort using UTF-8
  (boo#928749): coreutils-i18n.patch
  src/sort.c (keycompare_mb): Ensure the buffer is big enough
  to handle anything output from wctomb().  Theoretically any
  input char could be converted to multiple output chars,
  and so we need to multiply the storage by MB_CUR_MAX.
- If coreutils changes, for consistency, we must regenerate
  the initrd.
- Add gpg signature
- For openSUSE > 13.2 drop coreutils-build-timeout-as-pie.patch and
  instead add a BuildRequire for gcc-PIE.
- coreutils-tests-aarch64-env.patch: Add patch to avoid false
  positive failures of the coreutils-testsuite on OBS/aarch64:
  work around execve() reversing the order of "/env"/ output.
- Add upstream patches for df(1) from upstream, thus aligning with SLES12:
  * df: improve mount point selection with inaccurate mount list:
  - coreutils-df-improve-mount-point-selection.patch
  * doc: mention that df -a includes duplicate file systems (deb#737399)
  - coreutils-df-doc-df-a-includes-duplicate-file-systems.patch
  * df: ensure -a shows all remote file system entries (deb#737399)
  - coreutils-df-show-all-remote-file-systems.patch
  * df: only suppress remote mounts of separate exports with --total
    (deb#737399, rh#920806, boo#866010, boo#901905)
  - coreutils-df-total-suppress-separate-remotes.patch
- Refresh patches:
  * coreutils-chroot-perform-chdir-unless-skip-chdir.patch
  * coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch
Avoid spurious false positive failures of the testsuite on OBS due
  to high load.
- coreutils-tests-rm-ext3-perf-increase-timeout.patch:
  Add patch to increase timeout.
- coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch:
  Add upstream patch.
- (Again) Fix bsc#1163460 Corosync does not support link-local IPv6 addresses
  Added: bug-1163460-totemip-Add-support-for-sin6_scope_id.patch
  Reason: This time the path will NOT cause problems when doing rolling
    upgrade, see bsc#1168771
- Stop mangling libexecdir: it's not needed at all.
- Revoke the patch bug-1163460-totemip-Add-support-for-sin6_scope_id.patch
  Deleted: bug-1163460-totemip-Add-support-for-sin6_scope_id.patch
  Reason: That path will cause problems while doing rolling upgrade, see bsc#1168771
- Fix bsc#1163460 Corosync does not support link-local IPv6 addresses
  Added: bug-1163460-totemip-Add-support-for-sin6_scope_id.patch
- Fix bsc#1166899, return value of "/corosync-quorumtool -s"/ was not correct
  Added: bug-1166899-quorumtool-Fix-exit-status-codes.patch
- Don't package sysconfig file in tmpfiles.d, it's a bug. Instead correctly
  add it to /etc/sysconfig, invoking fillup accordingly.
- Packaging bug updating Corosync(bsc#1155792)
  Some noisy output from Tumbleweed caused by RPM macro not fairly used
  Make sure corosync sysconfig keep original configured firstly(bsc1153502)
  Store the tmp file to a more security directory
- Replace corosync-2.4.5.tar.gz with a clean source.tar.gz(bsc#1144200)
  The reason is some binaries left in corosync-2.4.5.tar.gz
- corosync-2.4.5 upgrade(bsc#1144200)
  block_unlisted_ips block package from ips not in nodelist
  Qnetd now supports updated NSS database format
  Partly fixed problem with ifdown (only for UDPU)
  0001-coroapi-Use-size_t-for-private_data_size.patch -> upstream-afd97d7884940_coroapi-Use-size_t-for-private_data_size.patch
  0006-Fix-compile-warnings-with-GCC-7.2.1.patch -> Fix-compile-warnings-with-GCC-7.2.1.patch
  0008-bsc#1083561-upgrade-from-1-x-y.patch -> bug-1083561_upgrade-from-1-x-y.patch
  bnc#882449-corosync-conf-example.patch -> bug-882449_corosync-conf-example.patch
  0002-fix-ifdown-udp.patch -> bug-1032634_fix-ifdown-udp.patch
  bsc#1001164-corosync.conf-example.patch -> bug-1001164_corosync.conf-example.patch
- cpg: Inform clients about left nodes during pause(bsc#1091593)
    Added: 0012-cpg-Inform-clients-about-left-nodes-during-pause.patch
- NSS_NoDB_Init: the parameter is reserved, must be NULL(bsc#1090996)
    Added: 0011-NSS_NoDB_Init-the-parameter-is-reserved-must-be-NULL.patch
- corosync-2.4.4 is available now(bsc#1089836)
    man:fix in corosync-qdevice.8
    quorumtool: remove duplicated help message
    cfg: nodeid should be unsigned int
    coroparse: Use readdir instead of readdir_r
    wd: fix snprintf warnings
    Fix compile errors in qdevice on FreeBSD
    qdevice: mv free(str) after port validation
    Fix various typos
    Fix typo: recomended -> recommended
    man: support SOURCE_DATE_EPOCH
    configure: add --with-initconfigdir option
    Use static case blocks to determine distro flavor
    Use RuntimeDirectory instead of tmpfiles.d
    coroparse: Do not convert empty uid, gid to 0
    sam: Fix snprintf compiler warnings
    quorumtool: Use full buffer size in snprintf
    man: Add note about qdevice parallel cmds start
    sync: Remove unneeded determine sync code
    sync: Call sync_init of all services at once
    corosync.conf: publicize nodelist.node.name
    totemudp[u]: Drop truncated packets on receive
    logging: Make blackbox configurable
    logging: Close before and open blackbox after fork
    init: Quote subshell result properly
    blackbox: Quote subshell result properly
    qdevice: quote certutils scripts properly
    sam_test_agent: Remove unused assignment
    qdevice: Fix NULL pointer dereference
    quorumtool: Don't set our_flags without v_handle
    qdevice: Nodelist is set into string not array
    qdevice: Check if user_data can be dereferenced
    qdevice: Add safer wrapper of strtoll
    qdevice: Replace strtol by strtonum
    qnetd: Replace strtol by strtonum
    main: Set errno before calling of strtol
    totemcrypto: Implement bad crypto header guess
    cpg: Use list_del instead of qb_list_del
    totemcrypto: Check length of the packet
    totemsrp: Implement sanity checks of received msgs
    totemsrp: Check join and leave msg length
    totemudp: Check lenght of message to sent
    qdevice msgio: Fix reading of msg longer than i32
    logsys: Avoid redundant callsite section checking
    man: corosync-qdevice: fix formatting vs. punctuation
    man: corosync-qdevice: some more stylistics
    man: fix cpg_mcast_joined.3.in
    libcpg: Fix issue with partial big packet assembly
    totempg: Fix fragmentation segfault
    totempg: use iovec[i].iov_len instead of copy_len
    totempg: Fix corrupted messages
    cpg: Handle fragmented message sending interrupt
    corosync.aug: Add missing options
    systemd: Delete unnecessary soft_margin
    0009-add-config-for-corosync-qnetd.patch -> 0007-add-config-for-corosync-qnetd.patch
    0016-bsc#1083561-upgrade-from-1-x-y.patch -> 0008-bsc#1083561-upgrade-from-1-x-y.patch
    0017-bsc#1088619-add-version.patch -> 0009-bsc#1088619-add-version.patch
-  (CVE-2018-1084) VUL-0: CVE-2018-1084: corosync: Integer overflow in totemcrypto(bsc#1089346)
    Added: 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch
- UNKNOWN version in corosync pkg-config(bsc#1088619)
    Added: 0017-bsc#1088619-add-version.patch
- [Build 489.1] Corosync is not working after upgrade from sle11sp4-ha to sle15-ha(bsc#1083561)
    Added: 0016-bsc#1083561-upgrade-from-1-x-y.patch
- some coverity fixes for corosync on upstream(bsc#1083895)
    Added: 0015-coverity-fixes.patch
- corosync exposes itself for a self-crash under rare circumstance(bsc#1078412)
    Added: 0013-logging-Make-blackbox-configurable.patch
    Modified: remove unncessary git commit messages
- totemudp[u]: Drop truncated packets on receive(bsc#1075300)
    Added: 0012-totemudp-u-Drop-truncated-packets-on-receive.patch
- issue with partial packets assembly when multiple nodes are sending big packets(bsc#1074929)
    Added: 0011-libcpg-Fix-issue-with-partial-big-packet-assembly.patch
- qdevice failed to run(bsc#1074276)
    Added: 0010-qdevice-mv-free-str-after-port-validation.patch
- add support for corosync-qdevice in yast2-cluster and bootstrap(bsc#1070961)
    Added: 0009-add-config-for-corosync-qnetd.patch
- wd: gcc shows snprintf warnings(bsc#1071187)
    Added: 0008-wd-fix-snprintf-warnings.patch
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- corosync race condition when node leaves immediately after joining(bsc#1067958)
    Added: 0007-sync-Call-sync_init-of-all-services-at-once.patch
- gcc: snprintf gives warning: ‘%s’ directive output may be truncated writing
    8 bytes into a region of size between 1 and 255(bsc#1066090)
    Added: 0006-Fix-compile-warnings-with-GCC-7.2.1.patch
- coroparse: uidgid with empty uid or gid results into add uid 0(bsc#1066585)
    Added: 0005-do-not-convert-empty-uid-gid-to-0.patch
    Modified: 0005-do-not-convert-empty-uid-gid-to-0.patch,
    check whether the uid, gid is empty before calling strtol
- Upgrade corosync-2.4.2 to corosync-2.4.3(fate#321385)
    doc: document watchdog_device parameter
    Main: Call mlockall after fork
    Totempg: remove duplicate memcpy in mcast_msg func
    Qdevice: fix spell errors in qdevice
    logconfig: Do not overwrite logger_subsys priority
    totemconfig: Prefer nodelist over bindnetaddr
    cpghum: Fix printf of size_t variable
    Qnetd lms: Use UTILS_PRI_RING_ID printf format str
    wd: Report error when close of wd fails
    votequorum: Don't update expected_votes display if value is too high
    votequorum: simplify reconfigure message handling
    quorumtool: Add option to show all node addresses
    main: Don't ask libqb to handle segv, it doesn't work
    man: Document -a option to corosync-quorumtool
    main: use syslog & printf directly for early log messages
    votequorum: make atb consistent on nodelist reload
    Fix typo: Destorying -> Destroying
    init: Add doc URIs to the systemd service files
    wd: fix typo
    corosync.conf.5: Fix watchdog documentation
    corosync.conf.5: add warning about slow watchdogs
    wd: remove extra capitalization typo
    corosync.conf.5: watchdog support is conditional
    notifyd: Add the community name to an SNMP trap
    Logsys: Change logsys syslog_priority priority
    totemrrp: Fix situation when all rings are faulty
    main: Display reason why cluster cannot be formed
    totem: Propagate totem initialization failure
    totemcrypto: Refactor symmetric key importing
    totemcrypto: Use different method to import key
    main: Add option to set priority
    main: Add support for libcgroup
    totemcrypto: Fix compiler warning
    cmap: Remove noop highest config version check
    qdevice: Add support for heuristics
    Spec: drop unneeded dependency
    Spec: make internal dependencies arch-qualified
    cmap: don't shutdown highest config_version node
    totemudp: Remove memb_join discarding
    Spec: fix arch-qualified dependencies
    Include fcntl.h for F_* and O_* defines
    totemudp: Retry if bind fails
    Remove deprecated doxygen flags
    man: Fix typos in man page
    man: Modify man-page according to command usage
    Remove redundant header file inclusion
    upstart: Add softdog module loading example
    bsc#1047860-add-version.patch: change version to 2.4.3
    corosync.changes: add changelogs
    corosync.spec: remove unnecessary patches
    0006-coroapi-Use-size_t-for-private_data_size.patch -> 0001-coroapi-Use-size_t-for-private_data_size.patch
    0010-fix-ifdown-udp.patch -> 0002-fix-ifdown-udp.patch
    0011-fix-tmpfiles-create.patch -> 0003-fix-tmpfiles-create.patch
    0012-mark-corosync-as-a-static-service.patch -> 0004-mark-corosync-as-a-static-service.patch
- wrong "/service_del_postun corosync.service"/(bsc#1060767)
    Modified: corosync.spec, remove service_del_postun in postun of corosync
- Restore conformance to shared library packaging guideline.
- Remove redundant cleaning in %install and %clean.
- corosync.service should be marked as a static service(bsc#1055585)
    Added: 0012-mark-corosync-as-a-static-service.patch
- Fix RPM groups.
- L3: corosync: assert(sender_node != NULL) fails after tearing down a network interface(bsc#1032634)
    Added: 0010-fix-ifdown-udp.patch
- Fix rpmlint warnings
    Added: 0011-fix-tmpfiles-create.patch
- some errors in spec file(bsc#1047862)
  1) as in openSUSE:factory, there are %define, but bcond_with coudld be toggled by osc command , change %define to %bcond_with and %bcond_without
  2) change service_del_postun to service_del_preun, since service_del_postun is not a right macro
  3) remove macro tpmfiles_create define from corosync.spec.
- make corosync.spec uniform (bsc#1051385)
  Modified: corosync.spec
    1. there are some lines are commented in corosync.spec, will define new macro to make these lines uncommented
    2. in former, xmlconf, rdma and snmp were disabled, these features are wrongly enabled, will disable them
-  some upstream fixes for corosync(bsc#1048259)
    0007-improve-corosync-keygen.patch(since this patch is not for corosync v2.x)
    corosync.spec, add judgement whether /etc/sysconfig/corosycn* exist before remove these files
- some errors in spec file(bsc#1047862)
- improvement for corosync-keygen(bsc#1047861)
- 1047860corosync report wrong version number(bsc#1047860)
-  some Fixes from upstream(bsc#1043045)
[patch-lost-in-sle] Missing issues in openSUSE:Factory/corosync(bsc#1041587)
  add change log for upgrading corosync to v2.3.6 and make this change log contain all records in SLE12 SP3
  make the format consistent
- totemrrp: Fix situation when all rings are faulty(bsc#1039215)
- calling mlockall before corosync_tty_detach is noop when corosync is executed as a daemon(bsc#1038147)
- [upgrade] Changing the pre-upgrade role for node failed(bsc#1030437)
- L3-Question: corosync logging priority takes no effect(bsc#1023959)
-  Corosync 2.4.1 still produces libvotequorum.so.7.0.0, just like Corosync 2.3.6.(bsc#1013842)
  upgrade to corosync-2.4.2:
    Man: Fix corosync-qdevice-net-certutil link
    man: mention qdevice incompatibilites in votequorum.5
    Qnetd LMS: Fix two partition use case
    cfg: Prevents use of uninitialized buffer
- upgrade to corosync-2.4.1(bsc#1004967)
  modified: bnc#867767-add-version.patch, change version to 2.4.1
    Low: totemsrp: Addition of the log.
    cts: Make it run with pacemaker-1.13+
    Config: Flag config uidgid entries
    Spec: Qdevice require same version of corosync
    qdevice and qnet
    config: get_cluster_mcast_addr error is not fatal
    some typo fixes
upgrade corosync-v2.3.5 to corosync-v2.3.6, and backport patches from v2.4.2(FATE#322113, bsc#1020550)
- logconfig: Fix logging reload disabling logfiles
- wd: Warn if values are out of range
- parser: WD Read type correctly from corosync.conf
- Add some more RO keys
- Reapply config defaults corosync.conf reload
- schedwrk: Cleanup and make it work on PPC BE
- cmapctl: Handle corosync errors in print_key func
- Adds doxygen stubs to include directory
- Add clang-format configuration file
- wd: make watchdog device configurable
- logging: Use our own version of basename
- logsys: fix TOTEM logging when corosync built out of tree
- parser: Make config file parser more hierarchy
- totemconfig: Explicitly pass IP version
- cpg: Handle ipc error in cpg_zcb_alloc/free
- cpg: Memory not unmapped in cpg_zcb_free
- totempg: Fix memory leak
- Fix spelling errors
- Add section in manual title for cpg_zcb_free 3
- Add section in manual title for cpg_zcb_alloc 3
- Update corosync.spec source link
- Update gitignore files
- Remove all links to old ML
- totemsrp: Fix clang warning (tautological compare)
- configure.ac: Make location of .pc overrideable
- Remove a few unused variables and functions
- configure.ac: We don't need no C++ compiler
- configure.ac: Remove deprecated AC_PROG_LIBTOOL
- configure.ac: make foreign apply to all Makefiles
- Remove unused, obsolete check
- Fix detection of qb_log_thread_priority_set
- cpghum: Fix type of recv_crc
- Check for fdatasync
- Fix detection of warning flags for clang
- quorum: Display node id as unsigned int.
- cts: InitClusterManager is now BootCluster
- totemudp: Move udp bind() so that multicast works with IPv6
- cfgtool: Display nodeid as unsigned int
- votequorum: Don't send multiple callbacks when nodes join
- man: Add synopsis for cpg_zcb_alloc and free
- man html index: Update index
- votequorum: Make sure cs_error_t is defined
- Doxygen fix for cmap_iter_next()
- configure: Correct help entry for logdir
- totmesrp: Fix typo in log message
- configure: typo in include
- man page: Correct option letter for DBus
- wd: fix setting of watchdog timeouts
- CFG: Prevent CFG orignating messages during SYNC
- Default token timeout was 5000 ms in SLE 11 SP4, but is 1000 ms in SLE 12(bsc#1001164)
  Added: bsc#1001164-corosync.conf-example.patch
- Fix: [s390]Upgrade from SP1-GM + HA to SP2-RC2 +: Failed to start Corosync Cluster engine(bsc#996230)
- modify corosync.spec to remove "/chkconfig --add"/
- remove corosync-devel and require lines from baselibs.conf
-  corosync process still exists when stop pacemaker service(bnc#988683)
- remove git files from tarball(bnc#941910)
- modify corosync.spec to delete logrotate.d
update from v2.3.3 to v2.3.5 (bnc#939328)
- Log: Add logrotate configuration file
- totemsrp: Improve logging of left/down nodes
- totemconfig: Check for duplicate nodeids
- Really add cpghum
- cpg: Add support for messages larger than 1Mb
- Handle adding and removing UDPU members atomically
- add patches:
  * corosync-cts-api-error.patch
  * bnc#867767-add-version.patch
- mv the place of corosync.conf.example*(fate#318190)
- Replace systemd BuildRequires with pkgconfig(systemd): we do not
  require the full installation / dep chain of systemd.
- fix bashisms in mem_leak_test.sh script
- add patches:
  * corosync-2.3.4-fix-bashisms.patch
- fix bashism in preun script
- add cpio-2.12-CVE-2019-14866.patch to fix a security issue where
  cpio does not properly validate the values written in the header
  of a TAR file through the to_oct() function [bsc#1155199]
- modify cpio-2.12-out_of_bounds_write.patch to fix a regression
  causing cpio to crash for tar and ustar archive types
- Use macro for configure and make install
- Use update-alternatives according to current documentation
- Enable testsuite
- Enable mt building
- Separated cpio-mt subpackge
- Change recommend to own mt subpackge
- Remove cpio-mt.patch - those features available in original mt-st package
- Switch to use alternatives system for mt
- Disable rmt building: this binary fully identical to rmt from tar
- Change default rmt dir to /usr/bin
- cleanup with spec-cleaner
- Recommend mt_st as it is not hard dependency
- fix typos in the description
- add 'Require: mt_st' in order not to surprise users by the missing
  'mt' binary
- Disable mt building: this binary from mt_st package offers
  advanced capabilities with the same functionality.
- Enable rmt building: 'dump' package no longer include it, besides
  cpio code base for rmt is more fresh.
- Reflect those changes in the package description.
- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds
  write in a way cpio parses certain cpio files [bsc#963448],
- update to 2.12
  * Improved documentation
  * Manpages are installed by make install
  * New options for copy-out mode: --ignore-devno,
  - -renumber-inodes, --device-independent, --reproducible
  * update
  * cpio-use_new_ascii_format.patch
  * cpio-mt.patch
  * cpio-eof_tape_handling.patch
  * cpio-pattern-file-sigsegv.patch
  * cpio-check_for_symlinks.patch
  * remove (no longer needed)
  * cpio-stdio.in.patch
  * 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
  * add
  * cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch to add missing
    return to the nonvoid get_inode_and_dev() function
- use spec-cleaner
- Add gpg signature
- Correct info scriplet dependencies
- Cleanup spec file with spec-cleaner
- build with PIE
- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)
  * added 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
- jsc#SLE-17797 cpupower updates for Milan
  All patches have been fetched from mainline git repo:
  A    cpupower-Add-CPUPOWER_CAP_AMD_HW_PSTATE-cpuid-caps-flag.patch
  A    cpupower-Add-cpuid-cap-flag-for-MSR_AMD_HWCR-support.patch
  A    cpupower-Condense-pstate-enabled-bit-checks-in-decode_pstates.patch
  A    cpupower-Correct-macro-name-for-CPB-caps-flag.patch
  A    cpupower-Remove-family-arg-to-decode_pstates.patch
  A    cpupower-Remove-unused-pscur-variable.patch
  A    cpupower-Update-family-checks-when-decoding-HW-pstates.patch
  A    cpupower-Update-msr_pstate-union-struct-naming.patch
- Add AMD Fam 19h support (bsc#1177394)
  D tools-power-turbostat-Support-AMD-Family-19h.patch
  Already included  in the mainline sources now
- Update turbostat to latest version 20.09.30 including:
  * jsc#SLE-13412, jsc#SLE-13174 (rocket lake support)
  * jsc#SLE-13448 (Alder Lake support)
  * jsc#SLE-13348, jsc#SLE-13171 (Sapphire Rapid support)
  * Support AMD Fam 19h
- Touched patches:
  Deleted mainline integrated patches:
  D    Correction-to-manpage-of-cpupower.patch
  D    cpupower-Revert-library-ABI-changes-from-commit-ae2917093fb60bdc1ed3e.patch
  Patches refreshed:
  M    rapl_monitor.patch
  M    turbostat_makefile_fix_asm_header.patch
- Update intel-speed-select to version 1.6 (jsc#SLE-13334)
- Add -fcommon to allow building against GCC10
- Update to latest:
  turbostat 20.03.20
  intel-speed-select 1.3  (bsc#1171810)
- Adjust needed kernel and userspace requirements in:
  BuildRequires: libcap-devel
  A remove_bits_h.patch
- Do not show 0 boost states if boost states are supported, but could
  not be read from PCI registers.
  bsc#1165712, bsc#1164983
  A amd_do_not_show_amount_of_boost_states_if_zero.patch
- Add mainline patch with proper patch header and filename:
  D libcpupower_fix_api_cpufreq_get_frequencies_breakage.patch
  A cpupower-Revert-library-ABI-changes-from-commit-ae2917093fb60bdc1ed3e.patch
- Fix manpage (bsc#1162142)
  A Correction-to-manpage-of-cpupower.patch
- Update intel-speed-select to latest 5.5-rc1 kernel version
  latest mainline commit:
  commit b3abfd778bf1dbdd
- Update cpupower to latest 5.5-rc1 kernel version
  latest mainline commit:
  commit 4611a4fb0cce3
  Fixes aperf/mperf monitoring on latest AMD Rome CPUs (bsc#1152967)
- Fix library API breakage (bsc#1154240)
  A libcpupower_fix_api_cpufreq_get_frequencies_breakage.patch
- Update turbostat to latest version 19.08.31
- Add intel-speed-select tool (jsc#SLE-5364)
  A intel-speed-select-1.0.tar.bz2
  A intel-speed-select_remove_DATE_TIME.patch
- Fix missing governors when running cpupower frequency-info (bsc#1117709)
  M rapl_monitor.patch
- jira#5244 Turbostat for Ice Lake
- Remove very old cpufrequtils provides and requires (predecessor)
- Update libcpupower description
- Sidenote about fate#321274 - This feature is on the kernel side
  and got wrongly mentioned in cpupower in a released product.
- Update to latest kernel HEAD sources
  (5.1-rc4, 15ade5d2e7775667cf191cf2f94327a4889f8b9d)
  Patches included mainline:
  D cpupower_fix_compilation_and_sysfs_read_file_mess.patch
  D cpupower_bash-completion_for_cpupower_tool.patch
  Adjusted patches:
  M turbostat_makefile_fix_asm_header.patch
  M x86_perf_makefile_fix_asm_header.patch
  M rapl_monitor.patch
  M cpupower_rapl.patch
- Description updates.
- Run spec-cleaner
- Don't disable as-needed, it works now.
- Add bash completion for cpupower command (from mainline submit)
  A cpupower_bash-completion_for_cpupower_tool.patch
- Fix static compilation and sysfs_read_file mess
  A cpupower_fix_compilation_and_sysfs_read_file_mess.patch
- Updating to latest 4.19(-rc6) kernel sources
  Turbostat is increased to version 18.07.27 by this
  Patches which got deleted because they are now mainline:
  D    turbostat_decode_MSR_IA32_MISC_ENABLE_only_on_Intel.patch
  D    turbostat_fix_man_perm.patch
  D    x86_perf_fix_man_permissions.patch
- Update cpupower to latest kernel version (version name 4.15, but
  checked out against latest kernel tag 4.15-rc7. There will not
  be important changes any more, maybe a fix).
- cpu online/offline fixes
- This is the first cpupower package (with updated version) which
  includes x86_energy_perf_policy binary.
  This is important for later package dependencies, namely tuned.
  A cpupower_exclude_kernel_Makefile.patch
- Add x86_energy_perf_bias tool
  This is a tool which is, same as turbostat, located in kernel sources here:
  A x86_energy_perf_policy-17.05.11.tar.bz2
  A x86_perf_fix_man_permissions.patch
  A x86_perf_makefile_fix_asm_header.patch
- Provide rapl domain info (cpupower powercap-info cmd)
  * Add: cpupower_rapl.patch
- Provide rapl power monitoring
  * Add: rapl_monitor.patch
- Added missing references.
- Rectify RPM groups. Replace old $RPM_ shell variables by macros.
  Apply consistent styling to macros.
- Enter decode_misc_enable_msr() only if genuine_intel.
- Update to latest mainline sources
- turbostat changed versioning scheme (we now have version 17.04.12)
- Update cpupower and turbostat to latest kernel v4.10 sources
  D library_cleanup.patch
- Change .c file header file modification, modify in Makefile instead:
  D turbostat_set_asm_header_fixed.patch
  A turbostat_makefile_fix_asm_header.patch
- fate #320908: KBL: Turbostat for KBL H/S & U/Y
- fate #321191: [KNL] turbostat reports to report corect MSR_TURBO_RATIO_LIMIT
- fate #321193: [KNL] turbostat should report correct cpu clock values for
  Knights Landing
- fate #321285: turbostat support for Skylake-SP server
- fate #321286: turbostat support for Harrisonville (Denverton SoC)
- fate #321925: [HPC, KNM, kernel] turbostat support
- Update turbostat to version 4.12
- Update cpupower to latest sources
- Let turbostat only build against a local msr-index.h
  Also add the msr-index.h export to the tarball from git repo script
  * Delete make_header_file_passable_from_outside.patch
- Add cpuidle functions to public libcpupower
  * Add library_cleanup.patch
- Move from kernel version to turbostat internal version for turbostat
- Add latest turbostat sources (latest git commit: 30f05309bde492)
- Adds Skylake, Broadwell and Knights Landing support for turbostat
  (fate#319798, fate#319183, fate#319516)
- Drop dead link.
- Fix Obsoletes statement, cpufrequtils package versions were
  greater than cpupower package versions so we must obsolete all
  versions of cpufrequtils.
- Make sources also build against 13.1 and older by providing
  asm-index.h which is included in linux-glibc-devel in newer
  * Add turbostat_set_asm_header_fixed.patch
- Update cpupower and turbostat to latest git kernel HEAD version
  this currently is 3.19-rc6, but it is expected that there are no
  changes anymore and the version gets named 3.19 already.
  The patches are already included mainline and get removed from osc:
- Update to version 2.9.7:
  + fix a buffer overflow processing long words.
- Drop 0003-overflow-processing-gecos.patch and
  0004-overflow-processing-long-words.patch: fixed upstream.
- Update source URI.
- Remove use of translation-update-upstream. It cannot be added to
  ring 0 on leap, and 2.9.7 has some translation fixes
- Enable translation-update-upstream on leap, to remove the use of
  is_opensuse (jsc#SLE-12096).
- use /usr/lib instead of %{_libexecdir}, %{_libexecdir} should
  contain internal binaries, not data
- Use %license (boo#1082318)
- Update to 2.9.6
  * fix issue with sort and locale
  * some particularly bad cases to the cracklib small dictionary
  * updates to cracklib-words (adds a bunch of other dictionary lists)
  * migration to github
- run spec-cleaner
- Only buildrequire and call translation-update-upstream on SLE:
  the package in openSUSE is a dummy and is empty.
- Add patch 0004-overflow-processing-long-words.patch
  to fix a new buffer overflow identified together with bsc#992966.
- Relabel patches:
  cracklib-magic.diff -> 0001-cracklib-magic.diff
  cracklib-2.9.2-visibility.patch -> 0002-cracklib-2.9.2-visibility.patch
- Add patch 0003-overflow-processing-gecos.patch
  to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)
- Update to 2.9.5
  * fix matching against first password in dictionary (Anton Dobkin)
- Changes for 2.9.4
  * remove doubled prototype
- Changes for 2.9.3
  * expose additional functions externally
- Cleanup spec file with spec-cleaner
- Remove old ppc provides/obsoletes
- Update to version 2.9.2
  + support build of python support outside of source tree
  + fix bug in Python string distance calculation
  + fix bug #16 / debian bug 724570 - broken optimization with packlib
- Adapt patch to upstream changes
  + cracklib-visibility.patch > cracklib-2.9.2-visibility.patch
- Kernel commit 5c83511bdb9832c86be20fb86b783356e2f58062 removed
  pv_init_ops, and commit 054ac8ad5ebe4a69e1f0e842483821ddbe560121
  removed the Xen-specific paravirt patch function. As a result,
  pvops Xen dumps are no longer recognized as Xen dumps, and
  virtual-to-physical translation fails.
  Use the value of xen_start_info to determine whether the kernel
  is running in Xen PV mode. As suggested by Juergen Gross.
  + crash-xen-pvops.patch
- Fix bt command with SEV-ES (bsc#1185209)
  + crash-x86_64-VC-exception-stack-support.patch
- Add back some more missing KMP conditionals
- Refresh crash-sles9-time.patch
  * fix warning: format '%ld' expects argument of type 'long int', but argument 3 has type 'int'
- Crash KMPs cannot be always built.
- Upgrade to version 7.2.9:
  * x86_64: Add support for new divide_error name
  * calc_kaslr_offset: 5-level paging support
  * Append time zone to output of date and time
  * s390dbf: support s390 debug feature version 3
  * x86_64: Add support for 1GB huge pages to "/vtop"/ command
  * Implement support for user-space zram reads on x86_64
  * Prepare for the introduction of ARM64 8.3 Pointer Authentication
  * New "/log -T"/ option
  * New ARM64 "/--machdep vabits_actual=<value>"/ command line option
  * Enhancement of the "/struct -r"/ option
  * Enhancement of the "/bpf -p|-P"/ options
  * New "/extend -s"/ option
- Dropped the following patches obsoleted by the version upgrade:
  * crash-Fix-for-reading-compressed-kdump-dumpfiles-from-syst.patch
  * crash-Fix-kmem-i-option-on-Linux-5.9-rc1-and-later-kernels.patch
  * crash-Fix-to-allow-the-translation-of-ARM64-FIXMAP-address.patch
  * crash-Introduce-a-new-ARM64-machdep-vabits_actual-value-co.patch
  * crash-Prepare-for-the-introduction-of-ARM64-8.3-Pointer-Au.patch
  * crash-Several-fixes-for-ARM64-kernels.patch
  * crash-arm64-Change-tcr_el1_t1sz-variable-name-to-TCR_EL1_T.patch
  * crash-fix-kmem-sS-for-caches-created-during-SLUB-bootstrap.patch
  * crash-fix-memory_driver-build-kernel-5.8.patch
  * crash-gdb-fix-aarch64.patch
  * crash-task.c-avoid-unnecessary-cpu-cycles-in-stkptr_to_tas.patch
  * crash-update-whitepaper-URL.patch
  * crash-verify-exception-frame-accessible-for-all-verify-requests.patch
  * crash-xendump-fix-failure-to-match-arm-aarch64-elf-format-.patch
- Support the lockless printk ringbuffer added into kernel-5.10 (bsc#1183965)
  * crash-printk-add-support-for-lockless-ringbuffer.patch
  * crash-printk-use-committed-finalized-state-values.patch
- Install and ship the small built-in extensions snap.so, trace.so,
  and dminfo.so. "/trace.so"/ is particularly useful.
  Ship them in the main "/crash"/ package, as they are small.
- Added crash-xen-increase-__physical_mask_shift_xen-to-52.patch
- Update arm64 support (boo#1169099).
- Fix "/kmem -i"/ option on Linux 5.9-rc1 and later kernels (bsc#1179970 ltc#188981).
- Fix crash utility is taking forever to initialize a vmcore from large config
  system (bsc#1178827 ltc#189279).
- Corrected project URL in spec file to match the changed upstream
  location as-of May 30th 2020.
  Noted the project URL change in README.SUSE without removing the old URL
  because it represents the location the project source was obtained from.
  The next project source update is available from the new project URL. When
  the package is updated with that source all URL project references will be
  modified to only show the new URL.
  Add crash-update-whitepaper-URL.patch
  Note change of no longer valid old project whitepaper URL to current valid
  project whitepaper URL in help output. Leave the old one reported because it
  represents the location the project source was obtained from for this
  package version.
- Fix build on aarch64:
- Add crash-verify-exception-frame-accessible-for-all-verify-requests.patch
  In calls to search a stack for x86_64 exceptions a flag is used
  to request the stack be verified for room to contain saved
  registers. The verify is not performed if other flags are used
  in the same call. Fixing this exposes another bug where only a
  kernel stack is verified anyway, even if the exception is being
  searched for on a userspace stack. Patch fixes both problems.
- Add eppic-remove-duplicate-symbols.patch
  Fix eppic extension build.
- Add crash-fix-memory_driver-build-kernel-5.8.patch
  Fix memory driver build failure with kernels 5.8+.
- Always build crash KMPs.
- remove bypass lto and add -mfull-toc for ppc64le to check boo#1146646
- Add crash-Define-fallback-PN_XNUM.patch
  Add a fallback PN_XNUM definition.
- Make Factory ppc64 crash usable on both SLE 15 SP1 and releases before
  SLE15 SP1 (bsc#1148197).  This is only a workaround that requires to build
  crash for each codestream separately.
- Drop crash-s390-autodetect-kaslr.patch which has been merged in 7.2.7.
- Add crash-fix-kmem-sS-for-caches-created-during-SLUB-bootstrap.patch
  Fix "/kmem -[sS]"/ for caches created during SLUB bootstrap (bsc#1164815 ltc#182973).
- Add crash-Fix-for-reading-compressed-kdump-dumpfiles-from-syst.patch
  Fix integer overflow with large memory configuration (bsc#1168233 ltc#184660).
- Upgraded the source to version 7.2.8. The previous version was
  modified to support newer kernels used in SLE-15-SP2 but was not
  * Includes a fix for kernels that contain:
    which introduces symbol namespaces. Without the change then
    depending on architecture:
    (1) the kernel module symbol list will contain garbage
    (2) the session fails during initialization with a dump of
    the internal buffer allocation stats followed by the
    message "/crash: cannot allocate any more memory"/
    (3) the session fails during initialization with a
    segmentation violation (bsc#1162064)
  * Includes the merge of the S390x patches since crash 7.2.7
  * Source already includes XZ compressed module support, removed:
  * Refreshed patches that were no longer aligned with source:
- Upgraded the source tarball to version 7.2.7. This is required
  to support coredumps from currently used kernel versions in the
  product (bsc#1159686).
- droped the patch obsoleted due to already being present in the
  new source:
  * crash-allow-kmem-section-is-early.patch
- Added commit c0371f6ee2cae31ec9f506bbd231ab8fbe334c13 - Fix to
  allow live analysis of s390x kernels that have been configured
  with CONFIG_RANDOMIZE_BASE=y (KASLR). This allows crash to load
  the coredump without the need for "/--kaslr=<offset> on the
  Implements jsc#SLE-9797
- add crash-symbols-add-support-for-XZ.patch (bnc#1155921)
- Disable LTO for PowerPC as bypass boo#1146646
- Added patch for commit 326e1b8f83a4318b09033ef754f40c785aed5e68
  in linux 5.3:
Upgraded the source tarball to version 7.2.6 to bring better
  support of version 5 kernels such as 5.3 in SLE-15-SP2
  Dropped the following patches obsoleted by the version upgrade:
  * crash-xen-invalid-pcpu-vaddr-use-hardware-domain-symbol.patch
  * crash-fix-for-4.20-without-CONFIG_RANDOMIZE_BASE.patch
  * crash-fix-for-virsh-dump-dumps-with-KASLR.patch
  * crash-fix-kmem-z-on-kernel-5.0.patch
  * crash-fix-kmem-i-on-kernel-5.0.patch
  * crash-fix-sym-for-module-symbols-on-kernel-5.0.patch
  * crash-fix-dis-function-for-module-symbols-on-kernel-5.0.patch
  * crash-handle-radix_tree_root-changes-in-post-5.1-kernels.patch
  * crash-find-kernel-configuration-data-with-kernel-5.1.patch
  * crash-fix-dev-dD-on-kernel-5.1.patch
  Re-aligned the following patches with the new version source:
  Modified the following patches to integrate with version upgrade:
- Upgrade the source tarball to version 7.2.5
- drop patches obsoleted by version upgrade:
  * crash-fix-snprintf-overflow.patch
  * crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
- post-7.2.5 upstream patches for kernel 5.0/5.1 compatibility:
  * crash-fix-for-4.20-without-CONFIG_RANDOMIZE_BASE.patch
  * crash-fix-for-virsh-dump-dumps-with-KASLR.patch
  * crash-fix-kmem-z-on-kernel-5.0.patch
  * crash-fix-kmem-i-on-kernel-5.0.patch
  * crash-fix-sym-for-module-symbols-on-kernel-5.0.patch
  * crash-fix-dis-function-for-module-symbols-on-kernel-5.0.patch
  * crash-handle-radix_tree_root-changes-in-post-5.1-kernels.patch
  * crash-find-kernel-configuration-data-with-kernel-5.1.patch
  * crash-fix-dev-dD-on-kernel-5.1.patch
- Update for XEN dom0 changes in v4.11 that cause coredumps made
  of a domU using virch on the dom0 to fail to load in the dom0
  version of crash reporting "/crash: invalid kernel virtual address:
  <address> type:fill_pcpu_struct"/, followed by "/WARNING: cannot
  fill pcpu_struct"/ and "/crash: cannot read cpu_info"/
  (bsc#1124690 and bsc#1122594)
- Update the recognition of x86_64 CPU_ENTRY_AREA (bsc#1104743, bsc#1090127)
- Fix SLE15 SP1 Incorrect vmcore generated (bsc#1119791).
  This is not compatible with SLE15 and SLE12 SP4.
- Sync with SLE15 SP1 (SR#173916) to enable the kmp-rt for SLERT15 SP1 only
  set %if 0%{?sle_version} >= 150100
- Added:
  The update is required for Linux 4.11 and greater kernels, which
  reimplemented the IDR facility to use radix trees in kernel commit
  0a835c4f090af2c76fc2932c539c3b32fd21fbbb, titled "/Reimplement IDR and IDA
  using the radix tree"/.  Without the patch, if any IPCS entry exists, the
  command would fail with the message "/ipcs: invalid structure member offset:
  idr_top"/ (bsc#1092101)
- Added crash-fix-snprintf-overflow.patch
  Fix to address a "/__builtin___snprintf_chk"/ compiler warning.
- Added crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
  Update the recognition of x86_64 CPU_ENTRY_AREA.
- Upgrade the source tarball to version to 7.2.3
  A complete changelog is available via the crash source page at:
- Refreshed:
- Upgraded to 7.2.1 because it includes the fixes to support
  several core cases that recently were caused tofail to open.
  As a result, removed patches that were already superceded by
  7.2.1 source (bsc#1103371).
- Added:
  Fixes Xen dump files that cannot be opened in hypervisor mode.
- Added crash-ppc64-ensure-chosen-stack-symbol-relates-to-an-actual-backtrace.patch
  With latest NMI IPI changes, crash_ipi_callback is found multiple
  times on the stack. Ensure the chosen symbol relates to an actual
  backtrace. bsc#1072718
- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
- Added crash-x86_64_kvtop-usable-symtab_init.patch to change
  x86_64_kvtop() so that it can be called during symtab_init()
  Added crash-allow-use-of-sadump-captured-KASLR-kernel.patch to
  allow use of dumps of KASLR enabled kernels that were captured
  by sadump.
  Both are bsc#1070278/FATE#323473
- Upgrade the source tarball to version to 7.2.0 which requires the
  removal of patches that are then already applied:
  A complete changelog is available via the crash source page at:
  Added crash-ppc64-book3s-update-hash-page-table-geometry.patch
  from hbathini@linux.vnet.ibm.com via bsc#1067702 to correct
  errors with virtual-to-physical address translation in the larger
  virtual address range of newer kernels.
  Added a BuildRequires of libelf that will populate the build
  workspace with libelf (from elfutils) even though it is not
  directly required by crash but is required by gdb (which crash
  nests). It no longer got picked up automatically for build and
  gdb and kernel module features had build errors before it.
- crash-xen_add_support_for_domU_with_linux_kernel_from_3.19.patch:
  Since linux kernel 3.19 crash readmem() can't be used to read
  xen_p2m_addr associate memory directly during m2p translation.
  PV domU p2m mapping is also stored at xd->xfd + xch_index_offset
  and organized as struct xen_dumpcore_p2m. This patch implements
  a special reading function read_xc_p2m() to extract the mfns
  from xd->xfd + xch_index_offset and makes and crash support Xen
  PV domU dumpfiles for kernel 3.19 and later (bsc#1043501).
  - add crash-xen_add_support_for_domU_with_linux_kernel_from_3.19.patch
- Merge SLE changes into Factory (bsc#1041638)
- crash-stop_read_error_when_intent_is_retry.patch: When reading a
  memory image fails it may not be an error if it is still possible
  to switch image and retry the read. Fix the error message output
  to only occur if no retries are intended (bsc#1038839).
  - add crash-stop_read_error_when_intent_is_retry.patch
- Exclude openSUSE from RT KMP build (bsc#1013843)
- crash source nests gdb source but gdb has a new build error on
  Factory due to the bug and build environment modifications. The
  fix is upstream gdb but not upstream crash's gdb.
  Created crash patch:
  to create the gdb patch in expanded crash and added to the gdb
  Makefile patch it's application. Resolves the build error.
- Upgrade of source tarball to 7.1.8 from upstream and refresh of
  patches to align with the version. For a detailed changelog of
  the source tarball see:
  Adds a feature to permit the use of the command-line options
  "/--kaslr=<offset>"/ and/or "/--kaslr=auto"/ with the x86 32-bit
- refresh crash-sles9-time.patch crash-compressed-booted-kernel.patch
- drop crash-Fix-for-the-PPC64-bt-command-for-non-panicking-activ.patch
  merged upstram in 7.1.8
- Fix analyzing fadump dumps on PPC64 (bsc#1022962).
  + crash-Fix-for-the-PPC64-bt-command-for-non-panicking-activ.patch
- Upgrade of source tarball to 7.1.7 from upstream, removal of
  crash-kernel-4.7.patch (source includes it) and refresh of other
  patches to align with the version. For a detailed changelog of
  the source tarball see:
  Feature enhancements included from 7.1.6:
  - Introduction of support for "/live"/ ramdump files, such as those
    that are specified by the latest QEMU version's mem-path
    argument of a memory-backend-file  object, e.g.:
    $ qemu-kvm ...other-options... +  - object memory-backend-file,id=MEM,size=128m,mem-path=/tmp/MEM,share=on +  - numa node,memdev=MEM -m 128
    and a live session run can be run against the guest kernel like so:
    $ crash <path-to-guest-vmlinux> live:/tmp/MEM@0
  - Implemented support for the redesigned ARM64 kernel virtual
    memory layout that was introduced in Linux 4.6. Plus ARM64
    support for 4k pages with 4-level page tables and 48 VA bits.
    NB: On live systems automatic operation with Linux 4.6 ARM64
    kernels requires that CONFIG_RANDOMIZE_BASE is not configured.
    If it is configured then use with a live system requires two
  - -machdep arguments, e.g.:
  - -machdep phys_offset=<base physical address>
  - -machdep kimage_voffset=<kernel kimage_voffset value>
  - Improvement of the ARM64 bt -f display so that, for most cases,
    the stack frame delimiter will be the location of the old FP
    and LR pair.
  - New bt -v option that checks all tasks for evidence of stack
  - Incorporation of an alternative stack backtrace mathod
    accessed directly using bt -o and the default method can be
    toggled between the two using bt -O.
  - Fix for the case where the sym/dis commands fail for a symbol
    name that is composed entirely of hexadecimal characters and
    was previously interpreted as an address.
  - Determine structure member data if the member is contained in
    an anonymous structure or union (no longer necessary to use a]
    discrete gdb "/printf"/ command to find the offset of it).
  - Session initialization speed up.
  - Addition of "/list -S"/ and "/tree -S"/ options (similar to the -s
    option of each command) where member values are read from
    memory instead of being interpreting gdb output (much faster
    behavior for 1-, 2-, 4- and 8-byte members).
  - Fix to recognize x86_64 Linux 4.8-rc1 and later kernels that
    are configured with CONFIG_RANDOMIZE_MEMORY.
  - Support for PPC64 virtual address translation of radix MMU.
  - Improvement of "/dev -d"/ output to display I/O statistics for
    devices that use the blk-mq interface.
  Feature enhancements included from 7.1.7:
  - Restore x86_64 "/dis"/ command's symbol translation for call or
    jump target addresses for kernels configured with
  - Re-factor of the trace extension module to locate all of the
    ftrace buffers and extracts data from each of them rather than
    only the primary one.
  - Support for s390x CONFIG_THREAD_INFO_IN_TASK configuration so
    that "/bt"/ command no longer shows incomplete output.
  - Support for live ARM64 kernels from Linux 4.6 that have the
    kernel image loaded anywhere in physical memory.
  - Update of /dev/crash/kernel driver to v1.3 which adds support
    Linux 4.6 and later ARM64 kernels configured with
    CONFIG_HARDENED_USERCOPY and S390x kernels that use
    xlate_dev_mem_ptr() and unxlate_dev_mem_ptr() rather than
    kmap() and kunmap().
  - refresh eppic-support-arm64.patch crash-debuginfo-compressed.patch
  - drop crash-linux-4.6-printk-flags.patch merged upstream in 7.1.6
- Enabled RT KMP build (bsc#1005578)
- crash-linux-4.6-printk-flags.patch: Fix warning "/failed to read
  pageflag_names entry"/ on Linux 4.6 (bsc#978601).
- crash-kernel-4.7.patch:
  support 4.7 kernel (page._count renamed to page._refcount)
- eppic-support-arm64.patch: Support for ARM64 (FATE#320844).
- Upgrade of source tarball to 7.1.5 from upstream and fix of
  crash-sles9-time.patch for the version and refresh of other
  patches to align with the version. For a detailed changelog of
  the source tarball see:
  includes a fix for bsc#977306.
  Feature enhancements include:
  - "/whatis -r"/ and "/whatis -m"/ commands that allow search for
    data structure of a specified size and that contains a member
    of a given type respectively.
- Upgrade to 7.1.4 from upstream. For a detailed changelog see
- Disable RT KMP build (bsc#962719)
- Enable RT KMP build (bsc#948840)
- For 7.1.3 ppc64le the following patches are obsoleted by mainline
- Update to 7.1.3 (bsc#946458)
  o Introduction of "/dis -f <address>"/ which disassembles from the
    address to the end of the function
  o Introduction of "/dis -s <address>"/ which displays the filename
    and line number associated with the specified text location,
    followed by a source code listing if available.
  o Addition of a new "/--src <directory>"/ command line option for
    use by the "/dis -s"/ option if the kernel source is not located
    in the standard location.
  o Do not search for a panic task in s390x dumpfiles that are
    marked as a "/live dump"/
  o Fix unnecessary error messages when a directory is used as a
    command line argument
  o See http://people.redhat.com/anderson/crash.changelog.html for
    the complete changelog
- Removed these patches obsoleted by mainline:
- Refreshed patches
- crash-move-xen-dom0-handling-into-own-file.patch: Move Xen Dom0
  handling into xen_dom0.c (FATE#316467).
- crash-move-xen-p2m-map.patch: Move xen p2m map initialization to
  xen_kdump_p2m (FATE#316467).
- crash-use-xen_machine_addr-command.patch: Use XEN_MACHINE_ADDR
  command flag instead of overriding readmem (FATE#316467).
- crash-move-xen-elf-note-processing.patch: Move Xen ELF note
  processing to xen_dom0.c (FATE#316467).
- crash-add-xen-dom0-support-for-kdump.patch: Add Xen Dom0 support
  for kdump compressed files (FATE#316467).
- crash-s390x-add-vector-support.patch: SIMD support for dump
  tools (z13) (FATE#318058).
- Upgrade to 7.1.2 from upstream. For a detailed changelog see
- Refreshed patch series with some changes required to
  adjust for git host changes in eppic-switch-to-system-lib.patch
- Upgrade to 7.1.1 from upstream. At the time of writing the only
  published changelog was supplied by e-mail list and is as follows
  - Fix for two minor issues with the "/net"/ command.  Without the patch,
  the "/net -a"/ option appends its correct output with the command's
  "/Usage:"/ message; and if either the "/net -x"/ or "/net -d"/ options are
  used without also specifying "/-s"/ or "/-S"/, the error message would
  indicate "/net: illegal flag: 800000"/ or "/net: illegal flag: 1000000"/
  instead of showing the command's "/Usage:"/ message.
  - If the kernel (live or dumpfile) has the TAINT_LIVEPATCH bit set, or
  if the Red Hat "/kpatch"/ module is installed, the tag "/[LIVEPATCH]"/
  will be displayed next to the kernel name in the initial system
  banner and by the "/sys"/ command.  This new tag replaces the
  "/[KPATCH]"/ tag that was introduced in crash-7.0.7.
  - Addressed three Coverity Scan complaints in vmware_vmss.c:
    50:leaked_storage: Variable "/fp"/ going out of scope leaks the
    storage it points to.
    53:leaked_storage: Variable "/fp"/ going out of scope leaks the
    storage it points to.
    256:warning: Use of memory after it is freed
  - Remove the LKCD-only "/propeller spinner"/ seen when a dumpfile read
  requires more than 2048 page header accesses.  This was put in place
  because of the non-random-access design of LKCD dumpfiles.  Without
  the patch, the spinner display is intermingled with command output,
  which complicates the parsing of the output.
  - Fix to support the Linux version increment from 3 to 4.  Without the
  patch, both dumpfile and live sessions fail during initialization,
  issuing the message "/WARNING: kernel version inconsistency between
  vmlinux and dumpfile"/ or "/WARNING: kernel version inconsistency
  between vmlinux and live memory"/, followed by the nonsensical fatal
  error message "/crash: incompatible arguments:  vmlinux is not SMP --
  vmcore is SMP"/ or "/crash: incompatible arguments:  vmlinux is not
  SMP -- live system is SMP"/.  To prevent unexpected kernel version
  bumps in the future, support has been added for version 5.
  - Add support for more than 16TB of physical memory space in the SADUMP
  dumpfile format.  Without the patch, there is a limitation caused
  by several 32-bit members of dump_header structure, in particular
  the max_mapnr member, which overflows if the dumpfile contains more
  than 16TB of physical memory space.  The header_version member of
  the dump_header structure has been increased from 0 to 1 in this
  extended new format, and the new 64-bit members will be used.
  - Fix for command lines that are redirected to a pipe.  Without the
  patch, if an external piped-to command contains a quoted string that
  includes a "/|"/ character, the command fails with the message "/crash:
  pipe operation failed"/.
  - Fix for insecure temporary file usage in _rl_tropen() as reported by
  readline library CVE-2014-2524.
  - When the gdb-<version>.patch file has changed and a rebuild is
  done from within a previously-existing build tree, the "/patch -N"/
  option is used to ignore patches that have been previously applied;
  this patch also applies the "/patch -r-"/ option to prevent unnecessary
  .rej files from being created.
  - Fix to account for Xen hypervisor's "/domain"/ structure member name
  change from "/is_paused_by_controller"/ to "/controller_pause_count"/.
  Without the patch, in Xen 4.2.5 and later, the crash session fails
  during initialization with the error message 'crash: invalid
  structure member offset: domain_is_paused_by_controller"/.
  - During initialization, reject useless ARM64 "/(A)"/ and "/(a)"/ absolute
  symbols that are below the text region.  Without the patch, several
  recently-introduced absolute symbols have been introduced into the
  kernel, which will be displayed by "/sym -l"/ prior to the first kernel
  virtual address symbol, and will show up in command output where
  memory values are translated into kernel symbol references.
  - Fix for ARM64 kernels to account for changes in the virtual memory
  layout introduced in Linux 3.17.  The vmalloc region end address, and
  the vmemmap start and end addresses are now calculated at kernel
  build time, because they depend upon the size of a struct page.
  Accordingly, the crash utility needs to calculate those three address
  values dynamically, after the embedded gdb module has initialized.
  Without the patch, reads of page structures return invalid data due
  to incorrect virtual-to-physical translations of memory in the
  vmemmap range.  This in turn causes commands that require page
  structure contents to fail or show invalid data, such as "/kmem -p"/,
  "/kmem -[sS]"/, and the "/kmem -[fF]"/ options.
  - Fix to support ELF vmcore dumpfiles whose PT_LOAD file offset values
  of their respective memory segments are not laid out sequentially
  from low to high in the dumpfile.  This has only been seen in ELF
  dumpfiles created by VMware's "/vmss2core -M"/ facility.  Without the
  patch, the crash session may fail during initialization, either with
  the message "/cannot malloc ELF header buffer"/, or "/crash: <dumpfile>:
  not a supported file format"/.
  - Enhancement to the support of VMware .vmss suspended state dumpfiles.
  There may be holes in the memory address saved for PCI, etc.  In such
  cases, the memory dump is divided into regions.  With this patch, up
  to 3 memory regions are supported.
  - Fortified the error handling of task gathering from the pid_hash[]
  chains during session initialization.  If a chain has been corrupted,
  the patch prevents the sequence from entering an infinite loop, and
  the error messages associated with corrupt/invalid chains have been
  updated to report the pid_hash[] index number.
  - Implemented a new STRDUPBUF() utility that will duplicate an existing
  string into a buffer allocated with GETBUF().  As is the case with
  any buffer allocated with GETBUF(), it is only meant to exist during
  the life-span of the current command.  If it is not explicitly freed
  via FREEBUF(), then it will be freed automatically prior to the next
  - Implemented a new fill_struct_member_data() function that gathers
  a bundle of data that describes a structure member.  The function
  receives a pointer to a struct_member_data structure, in which the
  caller has initialized the "/structure"/ and "/member"/ name pointers:
    struct struct_member_data {
    char *structure;
    char *member;
    long type;
    long unsigned_type;
    long length;
    long offset;
    long bitpos;
    long bitsize;
  A gdb "/printm"/ command is crafted using those two fields, and the
  output of the command is used to initialize the remaining six fields.
  Adapted from Qiao Nuohan's "/pstruct"/ extension module.
  (anderson@redhat.com, qiaonuohan@cn.fujitsu.com)
  - Implemented a new "/runq -c cpu(s)"/ option to display the run queue
  data of specified cpus.  It can be used in conjunction with all runq
  command options.  The cpus must be specified in a comma- and/or
  dash-separated list; for examples, "/3"/, "/1,8,9"/, "/1-23"/, or "/1,8-15"/.
  - Build extension modules that utilize the generic extensions/Makefile
  with -g.  In addition, build the snap.c extension module with -g.
  - Several fixes, updates, and enhancements for 32-bit MIPS support:
    (1) The MIPS general purpose registers in the elf_gregset_t
    don't start at index 0 but at index 6.
    (2) Adjust for the kernel's pt_regs structure changes between
    kernel versions.  For example, fields are inserted into the
    middle based on build time options, and the amount of padding
    at the head of the structure was changed relatively recently.
    To handle this, split the structure definition into two parts
    and get the offsets of these two parts dynamically.
    (3) Do not display each parsed kernel symbol during initialization
    when invoked with "/crash -d8"/.
    (4) Add support for loading raw MIPS ramdump dumpfiles.
    (5) Add support for compressed kdump dumpfiles.
  - Fix for a typo in "/help foreach"/, and a fix for a spelling error in
  "/help input"/.
  - Fix for "/and and"/ and "/the the"/ typos in the README file.
  - Fix to address the Xen 4.5.0 hypervisor symbol name change from
  "/dom0"/ to "/hardware_domain"/.  Without the patch, the crash session
  fails with the error message "/crash: cannot resolve: dom0"/.
  - Fix for a regression in crash-7.1.0 that causes failures when the
  "/crash -t"/ option is run on a live system, and when analyzing remote
  Linux kernels.  Without the patch, "/crash -t"/ on a live system fails
  with the message "/crash: cannot open remote memory source: /dev/mem"/,
  and attempts to analyze a Linux kernel remotely just shows the kernel
  timestamp and exits immediately.
  (dslutz@verizon.com, anderson@redhat.com)
  - Speed up the session invocation time of "/flattened"/ format dumpfiles
  created by the makedumpfile(8) facility.  When sorting the blocks of
  memory by their intended ELF or compressed kdump file offsets, the
  patch replaces the bubble-sort method that is currently used with an
  insertion sort method.
  - Remove the non-existent "/-L"/ option from the "/ps"/ command's mutually-
  exclusive options error message.
  - Fix for the "/irq"/, "/mount"/, "/kmem -p"/ and "/kmem -v"/ commands when
  they are used in an input file.  If more than one of any of those
  four commands are used in an input file, the output of the second
  and subsequent command instances will not display their respective
  command headers.
  - Implemented a new "/kmem -m"/ option that is similar to "/kmem -p"/,
  but it allows the user to specify the page struct members to be
  displayed.  The option takes a comma-separated list of one or
  more page struct members, which will be displayed following the
  page structure address.  The "/flags"/ member will always be expressed
  in hexadecimal format, and the "/_count"/ and "/_mapcount"/ members will
  always be expressed in decimal format.  Otherwise, all other members
  will be displayed in hexadecimal format unless the current output
  radix is 10 and the member is a signed/unsigned integer.  Members
  that are data structures may be specified by the data structure's
  member name, or expanded to specify a member of that data structure.
  For example, "/-m lru"/ refers to a list_head data structure, in which
  case both the list_head.next and list_head.prev pointer values will
  be displayed; if "/-m lru.next"/ is specified, just the list_head.next
  value will be displayed.
  (atomlin@redhat.com, anderson@redhat.com)
  - Support enhancement for the 32-bit MIPS architecture that retrieves
  the per-cpu registers from the NT_PRSTATUS notes stored in the header
  of compressed kdump dumpfiles.
  - Fix to remove an invalid warning message on ARM64 if a crash session
  is invoked with the "/-d<number>"/ debug flag.  Without the patch,
  the invalid message is "/WARNING: SPARSEMEM_EX: questionable section
  - Remove the leftover "/.constructor"/ build file in the extensions
  subdirectory when "/make extensions"/ is complete, and update the
  top-level .gitignore file to ignore post-build extensions
  subdirectory files.
  - Fix for a segmentation violation generated by the "/help -[n|D]"/
  options on ARM64 compressed kdumps.
  - Additional output for the "/help [-D|-n]"/ options on ARM64.  For ELF
  kdump vmcores and compressed kdumps, the elf_prstatus structure in
  each NT_PRSTATUS note will be translated.
  - The "/help -r"/ option has been extended to dump the ARM64 registers
  stored in each per-cpu NT_PRSTATUS note in compressed kdump and
  ELF kdump dumpfiles.
  - Fix for the ARM64 page size determination on Linux 4.1 and later
  kernels.  Without the patch, the crash session fails during
  initialization with the message "/crash: invalid/unsupported page
  size: 98304"/ on kernels with 64K pages.  On kernels with 4K pages,
  the message is "/crash: invalid/unsupported page size: 6144"/.  In
  addition, the "/-p <page-size>"/ command line override option
  had no effect on ARM64; that has been fixed as well.
  - Fix for the DATE display in the initial system banner and by the
  "/sys"/ command to account for the Linux 3.17 change that moved
  the "/timekeeper"/ symbol and structure into a containing tk_core
  structure; the "/shadow_timekeeper"/ timekeeper will be used as an
  alternative.  Without the patch, the DATE shows something within
  a few hours of the Linux epoch, such as "/Wed Dec 31 18:00:00 1969"/.
  - Fixes for the translation of ARM64 PTEs, as displayed by the "/vm -p"/
  and "/vtop"/ commands.  Without the patch, if "/vm -p"/ references a
  swapped-out page on Linux 4.0 and later kernels, the SWAP location
  may indicate "/(unknown swap location)"/, and will show an invalid
  OFFSET value; on Linux 3.13 and later kernels, running "/vtop"/ on a
  user virtual address incorrectly translates the PTE contents of
  swapped out pages by showing a PHYSICAL address and FLAGS translation
  instead of the SWAP device and OFFSET.  It is possible that there may
  be PTE bit translation errors on other kernel versions; the patch
  addresses the changes in ARM64 PTE bit definitions made in Linux
  3.11, 3.13, and 4.0 kernels.
  - Enhanced the "/struct.member"/ display capability of the "/struct"/,
  "/union"/, "/task"/, "/list"/ and "/tree"/ commands.  If a specified
  structure member contains an embedded structure, the output may
  be restricted to just the embedded structure by expressing the
  .member argument as "/member.member"/.  If a specified structure
  member is an array, the output may be restricted to a single array
  element by expressing the .member argument as "/member[index]"/.
  Furthermore, these embedded member specifications may extend beyond
  one level deep, for example, by expressing the member argument as
  "/member.member.member"/, or "/member[index].member"/.
  (Alexandr_Terekhov@epam.com, anderson@redhat.com)
  - Fix for any command that passes strings to gdb for evaluation,
  where the string contains a parentheses-within-parentheses
  expression along with a "/>"/ or "/>>"/ operator inside the outermost
  set of parentheses.  Without the patch, a command such as the
  following fails like so:
    crash> p ((1+1) >> 1)
    p: gdb request failed: p ((1+1)
  - Fix for the handling of ARM64 kernel module per-cpu symbols.  Without
  the patch, if the debuginfo data of an ARM64 kernel module that
  contains a per-cpu section is loaded by "/mod -s <module>"/ or
  "/mod -S"/, commands such as "/bt"/ or "/sym"/ may incorrectly translate
  the module's virtual addresses to symbol names.
- 0001-Prepare-for-the-future-increment-of-Linux-3.x-to-4.x.patch:
  Dropped. Handling kernel 4.0 is now part of the upstream source.
- add patch from upstream to handle kernel 4.0
- Upgrade to 7.1.0 from upstream. For a detailed changelog see
- Refreshed patch series with only re-alignment required.
- Upgrade to 7.0.9 from upstream, For a detailed changelog see
- Refreshed patch series but no modifications required.
- Update to version 4.3.1+20210702.4e0ee8fb:
  * Fix: bootstrap: check for missing fields in 'crm_node -l' output (bsc#1182131)
  * Fix: resource: make untrace consistent with trace (bsc#1187396)
  * Dev: sbd: enable SBD_DELAY_START in virtualization environment
- Update to version 4.3.1+20210624.67223df2:
  * Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node (bsc#1187553)
- Update to version 4.3.0+20210616.cdcfe52e:
  * Fix: history: use Path.mkdir instead of mkdir command(bsc#1179999, CVE-2020-35459)
  * Dev: crash_test: Add big warnings to have users' attention to potential failover(jsc#SLE-17979)
  * Dev: crash_test: rename preflight_check as crash_test(jsc#SLE-17979)
  * Fix: bootstrap: update sbd watchdog timeout when using diskless SBD with qdevice(bsc#1184465)
  * Dev: utils: allow configure link-local ipv6 address(bsc#1163460)
  * Fix: parse: shouldn't allow property setting with an empty value(bsc#1185423)
  * Fix: help: show help message from argparse(bsc#1175982)
- Remove patches:
- Update to version 4.3.0+20210507.bf02d791:
  * Fix: bootstrap: add sbd via bootstrap stage on an existing cluster (bsc#1181906)
  * Fix: bootstrap: change StrictHostKeyChecking=no as a constants(bsc#1185437)
  * Dev: bootstrap: disable unnecessary warnings (bsc#1178118)
  * Fix: bootstrap: sync corosync.conf before finished joining(bsc#1183359)
  * Dev: add "/crm corosync status qdevice"/ sub-command
  * Dev: ui_cluster: add qdevice help info
- Update to version 4.3.0+20210330.06bf9cad:
  * Dev: ui_cluster: enable/disable corosync-qdevice.service
  * Fix: bootstrap: parse space in sbd device correctly(bsc#1183883)
  * Dev: preflight_check: move preflight_check directory into crmsh
  * Fix: bootstrap: get the peer node name correctly (bsc#1183654)
  * Fix: update verion and author (bsc#1183689)
  * Dev: bootstrap: enable configuring qdevice on interactive mode (jsc#ECO-3567)
- Update to version 4.3.0+20210315.5d07d43e:
  * Fix: ui_resource: change return code and error to warning for some unharmful actions(bsc#1180332)
  * Fix: bootstrap: raise warning when configuring diskless SBD with node's count less than 3(bsc#1181907)
- Update to version 4.3.0+20210305.9db5c9a8:
  * Fix: bootstrap: Adjust qdevice configure/remove process to avoid race condition due to quorum lost(bsc#1181415)
  * Dev: cibconfig: remove related code about detecting crm_diff support --no-verion
  * Fix: ui_configure: raise error when params not exist(bsc#1180126)
  * Dev: doc: remove doc for crm node status
  * Dev: ui_node: remove status subcommand
- Update to version 4.3.0+20210219.5d1bf034:
  * Fix: hb_report: walk through hb_report process under hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571)
  * Fix: bootstrap: setup authorized ssh access for hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571)
  * Dev: analyze: Add analyze sublevel and put preflight_check in it(jsc#ECO-1658)
  * Dev: utils: change default file mod as 644 for str2file function
  * Dev: hb_report: Detect if any ocfs2 partitions exist
  * Dev: lock: give more specific error message when raise ClaimLockError
  * Fix: Replace mktemp() to mkstemp() for security
  * Fix: Remove the duplicate --cov-report html in tox.
  * Fix: fix some lint issues.
  * Fix: Replace utils.msg_info to task.info
  * Fix: Solve a circular import error of utils.py
  * Fix: hb_report: run lsof with specific ocfs2 device(bsc#1180688)
  * Dev: corosync: change the permission of corosync.conf to 644
  * Fix: preflight_check: task: raise error when report_path isn't a directory
  * Fix: bootstrap: Use class Watchdog to simplify watchdog config(bsc#1154927, bsc#1178869)
  * Dev: Polish the sbd feature.
  * Dev: Replace -f with -c and run check when no parameter provide.
  * Fix: Fix the yes option not working
  * Fix: Remove useless import and show help when no input.
  * Dev: Correct SBD device id inconsistenc during ASR
  * Fix: completers: return complete start/stop resource id list correctly(bsc#1180137)
  * Dev: Makefile.am: change makefile to integrate preflight_check
  * Medium: integrate preflight_check into crmsh(jsc#ECO-1658)
  * Fix: bootstrap: make sure sbd device UUID was the same between nodes(bsc#1178454)
- Update to version 4.2.0+git.1609987436.0d3a9bf5:
  * Fix: utils: skip if no netmask in the result of ip -o addr show(bsc#1180421)
  * Fix: bootstrap: add /etc/modules-load.d/watchdog.conf into csync.cfg(bsc#1180424)
  * Low: bootstrap: make invoke return specific error(bsc#1177023)
  * Fix: bootstrap: Refactor join_lock.py for more generic using purpose(bsc#1180149)
  * Dev: bootstrap: use ping to test host is reachable before joining
  * Low: bootstrap: check cluster was running on init node
- Use Path.mkdir instead of mkdir command(bsc#1179999); Add patch:
  * 0001-Fix-history-use-Path.mkdir-instead-of-mkdir-command-.patch
- Update to version 4.2.0+git.1607075079.a25648d8:
  * Fix: bootstrap: use class JoinLock to manage lock in parallel join(bsc#1175976)
  * Fix: utils: improve disable_service and enable_service function(bsc#1178701)
  * Fix: bootstrap: disable corosync-qdevice if not configured(bsc#1178701)
  * Dev: hb_report: change the default dest data format, more readable
  * Low: bootstrap: should include /etc/sysconfig/nfs into csync2.cfg(bsc#1178373)
  * Low: bootstrap: minor change for _get_sbd_device_interactive function(bsc#1178333)
- Update to version 4.2.0+git.1604052559.2a348644:
  * Fix: hb_report: collect corosync.log if it defined in config file(bsc#1148874)
  * Fix: ui_cluster: check service status while start/stop(bsc#1177980)
  * Dev: bootstrap: stop service which is active, not which is available
  * Fix: bootstrap: Stop hawk service when removing node(bsc#1175708)
  * Fix: cibverify: give warning if crm_verify return warning(bsc#1122391)
  * Dev: doc: remove score related in doc for rsc_order configure
  * Fix: parse: convert score to kind for rsc_order configure(bsc#1122391)
  * Fix: bootstrap: remove specific configured address while removing node(bsc#1165644)
- Update to version 4.2.0+git.1602225426.5f84efb5:
  * Fix: hb_report: fix sanitize functionality(bsc#1163581)
- Update to version 4.2.0+git.1600915005.e8089225:
  * FIx start_delay with start-delay(bsc#1176569)
  * fix on_fail should be on-fail(bsc#1176569)
  * Low: config: Try to handle configparser.MissingSectionHeaderError while reading config file
  * Medium: ui_configure: Obscure sensitive data by default(bsc#1163581)
- Update to version 4.2.0+git.1599810948.3db12a7a:
  * Fix: hb_report: collect archived logs(bsc#1148873, bsc#1176441)
- Update to version 4.2.0+git.1599702667.157fc6b5:
  * Low: bootstrap: check whether sbd package installed
  * Low: bootstrap: Improve qdevice configure process * More reasonable naming for variables * More function docstrings * Move function to more reasonable location * Create functions to integrate similar functions inside one * Change big function to small one, more easier for unit test, like: * Refactor functions * Create utils.cluster_run_cmd function to avoid using crm cluster run directly in code(jsc#ECO-1745)
  * Low: bootstrap: swap keys with other nodes when join_ssh(bsc#1176178)
- Update to version 4.2.0+git.1598257562.570eb99d:
  * Fix: bootstrap: revert ssh_merge function for compatibility(bsc#1175057)
  * Fix: bootstrap: adjust sbd config process to fix bug on sbd stage(bsc#1175057)
- Update to version 4.2.0+git.1595940615.c452cc00:
  * Low: corosync: handle the return code of corosync-quorumtool correctly(bsc#1174588)
- Update to version 4.2.0+git.1595517298.a06e892f:
  * Low: ui_corosync: copy ssh key to qnetd while detect need password(bsc#1174385)
- Update to version 4.2.0+git.1594286044.7a596d12:
  * Low: hb_report: Fix collecting of binary data (bsc#1166962)
  * High: bootstrap: ssh key configuration improvement(bsc#1169581, ECO-2035)
  * High: bootstrap: bootstrap network improvement
  * Low: cibconfig: Avoid adding the ID attribute to select_* nodes
  * High: bootstrap: using class SBDManager for sbd configuration and management(bsc#1170037, bsc#1170999)
  * Low: bootstrap: change ha-cluster-bootstrap log path
  * Low: ui_corosync: print cluster nodes while getting quorum and qnetd status
  * Low: bootstrap: exit with proper error messages when ssh return failed
  * Low: ui_cluster: use argparse choices to validate -i and -t option
  * Low: corosync: Use with statement  to open file
  * Fix: ui_resource: refresh <Tab> should complete resource first(bsc#1167220)
  * Low: ui_context: give warning if using alias command
  * Low: bootstrap: Simplify bootstrap context
  * Fix: doc: Update man page about completion example of crm resource(bsc#1166644)
- Remove patches:
  * 0001-Low-bootstrap-Simplify-bootstrap-context.patch
  * 0002-High-bootstrap-using-class-SBDManager-for-sbd-config.patch
- Add patches:
  - Low: bootstrap: Simplify bootstrap context
  * 0001-Low-bootstrap-Simplify-bootstrap-context.patch
  - High: bootstrap: using class SBDManager for sbd configuration and management(bsc#1170037, bsc#1170999)
  * 0002-High-bootstrap-using-class-SBDManager-for-sbd-config.patch
- Update to version 4.2.0+git.1585096577.f3257c89:
  * Low: corosync: Improve qdevice configure process
  * Fix: bootstrap: Change condition to add stonith-sbd resource(bsc#1166967)
  * Fix: bootstrap: use csync2 '-f' option correctly(bsc#1166684)
- Update to version 4.2.0+git.1584013187.b45cfcb6:
  * Fix: crmsh.spec.in: enable completion of crm command(bsc#1166329)
  * Low: crmsh.spec.in: sync contents from NHF's crmsh.spec file
  * Low: corosync: check whether local ip has already configured
  * Low: bootstrap: check whether init node is online while joining
  * Low: bootstrap: for udpu, don't check join node's ip was in the same network
- Update to version 4.2.0+git.1580544897.c42c9530:
  * Low: unittest: add unit test to detect_cloud
- Update to version 4.2.0+git.1580467952.1931808d:
  * Low: utils: update detect_cloud pattern for aws
- Update to version 4.2.0+git.1580263559.a2b0f500:
  * scripts: python3.8 unittest compatibility
- Update to version 4.2.0+git.1579603179.bf924b8b:
  * Low: testcases: adjust testcases based on related upstream version
  * Low: unittest: replace nose with pytest
  * Low: replace configparser.SafeConfigParser as configparser.ConfigParser
- Update to version 4.2.0+git.1579517638.06d53d8a:
  * Low: doc: update configure.set documentation
  * Low: behave: functional test for configure.set subcommand
  * Feature: configure: make configure.set to update operation
- Update to version 4.2.0+git.1578911004.c1a33535:
  * Dev: behave: Not allowed space value for option
  * Fix: ui_cluster: Not allowed space value for option (bsc#1141976)
- Update to version 4.2.0+git.1578645670.4df2f015:
  * Dev: unittest: add unit test for dump_D_process function
  * Fix: hb_report: disable dump all tasks stack into dmesg(bsc#1158060)
- Update to version 4.2.0+git.1578641542.ddda681c:
  * Dev: behave: varify help output for commands which replace as argparse
  * Dev: replace optparse with argparse
- Update to version 4.2.0+git.1578400179.830baba1:
  * Dev: unittest: remove "/placement-strategy=balanced"/ in ut codes
  * Dev: behave: test placement-strategy value is "/default"/
  * Fix: bootstrap: set placement-strategy value as "/default"/(bsc#1129462)
- Update to version 4.2.0+git.1578389070.fb171448:
  * Fix: crmsh.spec: using mktemp to create tmp file(bsc#1154163)
- Update to version 4.2.0+git.1578387778.867a085b:
  * Dev: bootstrap: Maximum number of SBD device is 3
  * Dev: bootstrap: improve multi disk sbd usability support both '-s device1 -s device2' and '-s "/device1;device2"/' improve the logic of code
- Update to version 4.2.0+git.1578030883.465b4212:
  * dev: unittest: fix test_report.py failing in 2020
- Update to version 4.2.0+git.1577086871.f544180c:
  * Update ChangeLog for 4.2.0
- Update to version 4.1.0+git.1576228931.ae559358:
  * Dev: bootstrap: support multi disk sbd configure
- Update to version 4.1.0+git.1576047267.d87652bb:
  * Dev: behave: functional test for resource failcount set subcommand
  * Low: unittest: add ut for utils.get_nodeid_from_name
  * Fix: ui_resource: set resource failcount correctly(bsc#1144241)
- Update to version 4.1.0+git.1575875711.41d65be4:
  * Dev: ui_cluster: replace --qdevice as --qnetd-hostname
  * Dev: corosync: add log and debug messages on each certificate steps
  * Dev: Improvements on naming and class constants
  * Dev: behave: functional test for qdevice setup and options
  * Dev: behave: improve functional test for bootstrap process
  * Dev: ui_cluster: change qdevice related option's help message
  * Dev: utils: add is_unicast function to check transport type
  * Dev: corosync: use custom exception IPAlreadyConfiguredError for add_node_ucast
  * Dev: unittests: test corosync.Qdevice class
  * Dev: bootstrap: support qdevice heuristics
  * Dev: bootstrap: start qdevice/qnetd service when not overwrite configuration
  * Dev: ui_corosync: improve corosync status sub-command
  * Low: utils: refactor parallax_copy, parallax_call and parallax_slurp
  * Dev: bootstrap: remove qnetd
  * Dev: bootstrap: when removing qdevice, remove qdevice database
  * Dev: bootstrap: qdevice certification process when cluster join
  * Dev: ui_cluster: change option info for qdevice/qnetd
  * Dev: bootstrap: qdevice certification process when cluster init
  * Dev: bootstrap: interface for removing qdevice
  * Dev: corosync: check tie-breaker is a valid nodeid
  * Dev: bootstrap: combine Qdevice.valid2 into Qdevice.valid_attr
  * Dev: bootstrap: improve init_qdevice function
  * Dev: bootstrap: make update_expected_votes as outer function for reuse
  * Dev: bootstrap: write qdevice config section when configuring qdevice in stage
  * Dev: bootstrap: adjust corosync configuration for qdevice
  * Dev: bootstrap: make qdevice process as a bootstrap stage
  * Dev: bootstrap: manage qnetd node
  * Dev: bootstrap: valid qdevice parameters
- Update to version 4.1.0+git.1573020742.a0b88227:
  * Test: unittest: test Parallax class
  * Dev: parallax: create class Parallax to simplify using parallax
- Update to version 4.1.0+git.1572504697.472361c5:
  * Doc: ui_configure: do_property: ask to remove maintenance from resources and nodes
  * Test: ui_configure: do_property: ask to remove maintenance from resources and nodes
  * Dev: ui_configure: do_property: ask to remove maintenance from resources and nodes
- Update to version 4.1.0+git.1572385946.69f4f51b:
  * Low: unittest: test init_ssh and init_ssh_remote in bootstrap.py
  * Low: bootstrap: create authorized_keys file if not exists
  * Low: bootstrap: add "/--no-overwrite-sshkey"/ option to avoid SSH key be overwritten
  * Low: bootstrap: don't overwrite ssh key if already exists
- Update to version 4.1.0+git.1572337494.6f2c8ea9:
  * Doc: ui_node: do_maintenance: ask to remove maintenance attr from primitives
  * Test: ui_node: do_maintenance: ask to remove maintenance attr from primitives
  * Dev: ui_node: do_maintenance: ask to remove maintenance attr from primitives
- Update to version 4.1.0+git.1572251962.bc706121:
  * unittest: add unittest for corosync.add_node_ucast
  * Fix: corosync: reject append ipaddress to config file if already have(bsc#1127095, 1127096)
- Update to version 4.1.0+git.1571645029.57177c5d:
  * Test: ui_resource: ask about ALL primitives when overriding attributes
  * Dev: ui_resource: ask about ALL primitives when overriding attributes
- Update to version 4.1.0+git.1569593219.e357a9b9:
  * Fix: ui_cluster: refactor function list_cluster_nodes and handle the None situation(bsc#1145520)
- Update to version 4.1.0+git.1569593061.35f57072:
  * High: cibconfig: Correctly sanitize the original CIB as patch base (bsc#1127716, bsc#1138405)
  * Revert "/high: cibconfig: Use correct CIB as patch base (bsc#1127716)"/
  * Partially revert "/medium: cibconfig: Sanitize CIB for patching (bsc#1127716)"/
- Update to version 4.1.0+git.1567524903.fff07b88:
  * Doc: ui_resource: resolve maintenance vs is-managed conflict
  * Test: ui_resource: resolve maintenance vs is-managed conflict
  * Dev: ui_resource: resolve maintenance vs is-managed conflict
- Update to version 4.1.0+git.1566912937.ad2608af:
  * Test: ui_resource: maintenance: stop using crm_resource
  * Dev: ui_resource: maintenance: stop using crm_resource
- Update to version 4.1.0+git.1566462738.45748f84:
  * Revert "/dev: Suggestion: Try to centralized command options in one file"/
- Update to version 4.1.0+git.1566218232.dbdf060c:
  * Fix: utils: fix logic for process non comments line(bsc#1145823)
  * Low: unittest: add unittest for bsc#1145823
- Update to version 4.1.0+git.1563261260.3b251242:
  * doc: manpages: Fix spelling
- Update to version 4.1.0+git.1561107542.79593cb0:
  * Fix: utils: issue in to_ascii (bsc#1138115)
- Update to version 4.0.0+git.1558430233.89bb6eec:
  * Fix: bootstrap: bindnetaddr should accept both network and specific IP(bsc#1135585, bsc#1135586)
  * Fix: hb_report: analysis.txt should includes warning, error, critical messages(bsc#1135696)
  * medium: ui_node: Check corosync state before clearstate (bsc#1129702)
- Update to version 4.0.0+git.1558344349.9cd3669a:
  * fix: hb_report: handle UnicodeDecodeError(bsc#1130715)
  * setting error='replace' to replace invalid utf-8 characters
  * try to catch UnicodeDecodeError and print traceback
- Update to version 4.0.0+git.1557307618.dc73b57b:
  * medium: cibconfig: Sanitize CIB for patching (bsc#1127716)
  * high: cibconfig: Use correct CIB as patch base (bsc#1127716)
  * medium: parse: Detect and error on illegal ordering of op attributes (bsc#1129210)
  * medium: utils: Handle sysconfig values containing = (bsc#1129317)
  * low: hb_report: collect output of "/sbd dump"/ and "/sbd list"/(bsc#1129383)
  * low: msg: add timestamp for DEBUG messages(bsc#1129380)
- Update to version 4.0.0+git.1552985860.56f2db3a:
  * Fix: bsc#1129719: check command and related files exist
  * High: constants: add "/promotable"/, "/promoted-max"/ and "/promoted-node-max"/ in clone meta attributes
  * Fix: cibconfig: #425 The ID attribute is not required for select and select_attributes
  * medium: scripts: Set kind for order constraints, not score (bsc#1123187)
  * low: utils: add support for dpkg
  * low: utils: add support for apt-get
  * low: utils: convert string contstants to bytes
  * Fix: bsc#1120857,1120856 bootstrap warning messages should better start with like "/WARNING:"/ instead of "/!"/
  * Fix: bsc#1120554, bsc#1120555 crmsh crashed when using configure>template>apply
  * High: hbreport: fix UnicodeEncodeError while print(bsc#1093564)
- Avoid touching files to make build more reproducible
- Install bash completion to correct location
- Update to version 4.0.0+git.1543873923.0f9166fd:
  * medium: cibverify: Increase log level for verification (bsc#1116559)
- Update to version 4.0.0+git.1542103310.dd114188:
  * high: cibconfig: Normalize - to _ in param names (bsc#1111579)
  * medium: ra: Handle obsoletes attribute (bsc#1111579)
- Update to version 4.0.0+git.1540390310.315a48ed:
  * ui_cluster: restart cluster is added (bsc#1052088)
  * auto-commit enabling/disabling maintenance mode for a whole cluster (bsc#1112593)
- Update to version 4.0.0+git.1539006450.f80a6308:
  * medium: bootstrap: Skip netmask check on GCP (bsc#1106946)
  * medium: utils: Detect local IP on GCP (bsc#1106946)
- Update to version 4.0.0+git.1538492109.4b1170b0:
  * medium: bootstrap: Correctly check rrp_mode flag (bsc#1110463)
  * medium: bootstrap: Pick first match for multiple routes (bsc#1106946)
  * medium: utils: Use cloud metadata service to discover IP (bsc#1106946)
  * Fix: bootstrap: change default ip address way for both mcast and unicat(bsc#1109975,bsc#1109974)
- Update to version 4.0.0+git.1537967262.68a0bd1e:
  * Fix incorrect bindnetaddr in corosync.conf (bsc#1103833) (bsc#1103834)
- Update to version 4.0.0+git.1537860833.be41d63c:
  * fix: bootstrap: non interactive unicast cluster init and join(bsc#1109172)
  * medium: bootstrap: Disable strict host key checking on all ssh invocations
  * medium: support ocfs2 log collecting
  * hbreport: process name change for pacemaker 2.0(bsc#1106052)
  * Fix: bootstrap: "/-i"/ option doesn't work(bsc#1103833, bsc#1103834)
  * Low: bootstrap: No warning message when using '-q'
  * high: ra: Support Pacemaker 2.0 daemon names
  * high: config: Locate pacemaker daemons more intelligently (#67) (bsc#1096783)
  * Fix: TypeError in logparser.py(bsc#1093433)
- Always require python3-parallax (bsc#1103832)
- Update to version 4.0.0+git.1526547258.54aafa1d:
  * high: bash_completion: Adjust for non-interactive mode(bsc#1090304)
  * high: utils: Parse /32 route entries
  * low: terminal will lose cursor after type ctrl+c(bsc#1090626)
  * low: ui_configure: Adjust prompt string after help messages(bsc#1090140)
  * low: bootstrap: Strip spaces before some status descriptions
- Update to version 4.0.0+git.1523871649.78999e05:
  * doc: Fix unbalanced example marker (bsc#1075764)
- Update to version 4.0.0+git.1523435067.43bb4847:
  * high: hbreport: adjustment for hbreport (bsc#1088784)
- Update to version 4.0.0+git.1522278003.cd7ae188:
  * high: ui_resource: Undeprecate refresh and remove reprobe (bsc#1084736)
- Update to version 4.0.0+git.1519721966.9abd841c:
  * low: bootstrap: Updated authkey generation (bsc#1077389)
- Update to version 4.0.0+git.1518510059.7a6f94e6:
  * fix: bootstrap: Create pacemaker_remote authkey (bsc#1077389)
  * low: bootstrap: Always ask whether to use sbd
  * fix: hb_report: got the right file decompressor(bsc#1077553)
  * medium: hb_report: Avoid calling deprecated network utilities (bsc#1073638)
- Update to version 4.0.0+git.1518073467.76fb6a0b:
  * high: crm_script: Python2->3 string conversion crash in wizards (bsc#1074835)
- Update to version 4.0.0+git.1518010150.a58fa637:
  * high: bootstrap: Add QDevice/QNetd support (bsc#1070961)
  * medium: hb_report: implement dlm_dump info (bsc#1078710)
  * fix: hb_report: collect sbd info (bsc#1076389)
  * fix: hb_report: Collect irregular log file (bsc#1067438)
- Update to version 4.0.0+git.1516124911.d66d9d1f:
  * medium: constants: Add bundle to constants (bsc#1076239)
  * low: xmlutil: Add bundle to sort (bsc#1076239)
- Update to version 4.0.0+git.1515767348.9561209c:
  * medium: ui_cluster: Stop corosync when stopping pacemaker (bsc#1066156)
  * medium: bootstrap: Don't try to remove full nodes from remote nodes
  * medium: clvm-vg: update to use LVM-activate RA (bsc#1074835)
  * medium: clvm: update to use lvmlockd instead of clvmd (bsc#1074835)
  * low: ui_node: normal is deprecated in favor of member (fate#324508)
  * low: ui_configure: no complete for rename new_id
  * low: bootstrap: Don't ssh to localhost in remove
  * low: ui_configure: improve do_group completer
- Update to version 4.0.0+git.1515511613.5ee0eb23:
  * high: scripts: Enable complex expressions in when: (bsc#1074835)
  * medium: hb_report: Support new pacemaker.log location (fate#324508)
  * low: ui_configure: Complete rsc template correctly
  * fix: ra: Convert bytes to str
  * fix: ui_resource: Using crm_failcount instead of crm_attribute(bsc#1074127)
- Update to version 4.0.0+git.1513179435.e1d17d7b:
  * high: scripts: Fix Python 3 migration issues in health, check-uptime (bsc#1071519)
- Update to version 4.0.0+git.1513011384.5aebf8a4:
  * high: parse: Support new alert syntax (#280) (bsc#1069129)
  * high: parse: Support new container bundles (fate#323415)
  * low: hb_report: return "/"/ to avoid TypeError
  * low: ui_configure: use filter_keys replace any_startswith
- Update to version 4.0.0+git.1512406036.adc26906:
  * high: bootstrap: Fix firewall reload command invocation (bsc#1071108)
- Update to version 4.0.0+git.1512395407.e65870b4:
  * high: bootstrap: Encode, not decode (bsc#1070344)
- Update to version 4.0.0+git.1512385350.d06aa847:
  * Fix writing non-ascii chars to log (bsc#1070344)
  * Fix is_program(dmidecode) error (bsc#1070344)
  * low: ui_configure: fix for 309d2e, remove "/id="/ in a save way
  * low: ra: Don't require deprecated parameters (#321)
  * low: cibconfig: use refresh instead of reset after commit
- Update to version 4.0.0+git.1511604050.816cb0f5:
  * high: crm_rpmcheck: Fix bytes to str encoding error (bsc#1069294)
  * medium: bootstrap: Missing dmidecode on ppc64le (bsc#1069802)
- Update to version 4.0.0+git.1511256861.18b44cfa:
  * high: bootstrap: Use default IP address for ring0 (bsc#1069142)
  * medium: scripts: make sure gfs2 can be configured using hawk (bsc#1067123)
  * medium: bootstrap: fix init vgfs crash if no "/-o device"/ option
  * medium: bootstrap: fix init storage crash if no value input
  * medium: ui_configure: fix crash when no args given
  * medium: filter exist args
  * low: utils: convert bytes to str (bsc#1067823)
  * low: ui_context: Continue completing when input is an alias
  * low: bootstrap: Change error/confirm message with specific device name
- Update to version 4.0.0+git.1510563824.1aecfa01:
  * high: utils: Use python3 in util scripts (bsc#1067823)
  * high: bootstrap: Use firewall-offline-cmd for firewalld (bsc#1067498)
  * medium: hb_report: Verify corosync.conf exists before opening it (bsc#1067456)
  * low: config: Collect /var/log/ha-cluster-bootstrap.log (bsc#1067438)
  * medium: bootstrap: Avoid SSH to localhost (bsc#1067324)
- Update to version 4.0.0+git.1510233955.43c72bf7:
  * high: bootstrap: Fix readline error in cluster remove (bsc#1067424)
  * low: bootstrap: Clarify removal warning
  * low: bootstrap: Avoid printing None instead of NTP service name (bsc#1060602)
- Update to version 4.0.0+git.1509626995.fa880522:
  * high: bootstrap: revert corosync ports for mcast configuration as well (bsc#1066196)
  * high: bootstrap: Revert default corosync port to 5405/5404 (bsc#1066196)
  * medium: NewCommit: ui_configure: complete for ra actions
  * medium: ui_configure: Replace compl.null to compl.attr_id where an id is required
  * medium: ui_context: Stop completing when an id is required
  * low: ui_context: reset term when using help command+ctrlC
  * low: utils: Stop using deprecated functionality
- Update to version 4.0.0+git.1509449399.1e22e954:
  * Make sure scripts use python3 (fate#323526)
  * medium: enable add the second heartbeat line for unicast
  * medium: bootstrap: check init options before running
  * low: ui_script: Sort keys when printing JSON
- Update to version 4.0.0+git.1509349758.2bd8a099:
  * Port to Python 3 (fate#323526)
  * hb_report: config file for hb_report (fate#321640)
- Correct name of python-dateutil package
- Update to version 3.0.1+git.1504985015.b695b452:
  * medium: ui_node: node attribute/status-attr is about node attr, not for resources
  * medium: bootstrap: Only call firewall-cmd if firewalld is active
- Update to version 3.0.1+git.1504075678.b5dce7ab:
  * low: utils: is_process did not work
  * low: utils: Use /proc for process discovery
  * low: bootstrap: Fix formatting of confirmation prompt (bsc#1028704)
  * medium: bootstrap: Set expected_votes based on actual node count (bsc#1033288)
  * remove bindnetaddr for unicast(bsc#1030437)
  * lsb, service, stonith and systemd don't have any providers; so, it shouldn't be completed when type 'tab' after these ra classes.
  * doc: Document lifetime parameter format
  * medium: Add support for pacemaker PR#1208
  * Feature: add rules support to operations
  * low: bootstrap: Fall back to logging into $TMPDIR/ha-cluster-bootstrap.log
  * Improved cd completion
  * Improve ls command outputs
  * Remove "/up/back/end"/ option at root level
  * medium: ui_context: Make all the options can be completed
  * medium: ui_ra: Improve resource agents completion
  * medium: ui_cluster: Add enable/disable option to enable/disable pacemaker service
  * medium:command:adjust the 'ls' print width for long options
  * low:scripts:health: save health-report when run "/crm cluster health"/
  * low: ui_cluster: add "/delete"/ alias for "/remove"/ option
  * low: bootstrap: give a confirm message when remove node
  * medium: bootstrap: add callback function to check valid port range
  * medium: ui_cluster: Add cluster rename command
  * low: ui_cluster: when use help option, do not exit, just print help messages and return
  * low: ui_cluster: when have an error for optparse, just return and stay at shell
  * low: ui_cluster: complete node name once
  * low: help: adjust the help print width
  * low: ui_cluster: show cluster name in cluster status command
  * Add missing ')'
  * low: completers: filter out ms resource when doing promote/demote
  * low: bootstrap: Don't rely on ha-cluster-* shortcuts
  * low: bootstrap: Improve message when sbd is not installed (bsc#1050427)
  * low: ui_cluster: run command on a specific node
  * medium: bootstrap: run "/csync2_update"/ for all files after new joining node call csync2_remote
  * low: ui_cluster: change cluster name need restart cluster service
  * medium: bootstrap: disable completion and history when running bootstrap
  * high: bootstrap: expected votes wouldn't update in unicast mode
  * medium: bootstrap: configure with IPv6(mcast)
  * medium: bootstrap: configure with IPv6(unicast)
  * medium: bootstrap: validation for bindnetaddr/mcastaddr
  * medium: bootstrap: validation for admin IP
  * medium: utils: list_cluster_nodes: read nodes list from cib.xml
  * low: main: add hostname in promptstr
  * medium: enable adding a second heartbeat ring for mcast
  * low: bootstrap: give error hints when use sbd without watchdog
  * medium: ui_resource: start stopped resources and stop started resources
  * Detect firewall by checking installed packages
  * Fix SBD configuration when using SBD device (Fixes #235)
  * medium: bootstrap: Add support for chrony
  * low: bootstrap: Check for firewalld before SuSEfirewall2
  * medium: ui_configure: in modgroup, add free id and remove id in group
  * medium: ui_node: node utilization is about node attr, not for resources
- Drop merged patches:
  * Remove 0001-Allow-empty-fencing_topology-bsc-1025393.patch
  * Remove 0002-low-bootstrap-Fix-warning-for-formatting-SBD-device-.patch
  * Remove 0003-medium-ui_cluster-Fix-init-with-no-arguments-bsc-102.patch
  * Remove 0004-low-utils-Use-proc-for-process-discovery.patch
  * Remove 0005-medium-scripts-health-Make-health-script-available-a.patch
  * Remove 0006-remove-bindnetaddr-for-unicast-bsc-1030437.patch
  * Remove 0007-medium-bootstrap-Set-expected_votes-based-on-actual-.patch
  * Remove 0008-high-cibconfig-Graph-file-output-option-was-reversed.patch
  * Remove 0009-medium-bootstrap-Enable-help-geo-init-etc.-bsc-10374.patch
  * Remove 0010-medium-bootstrap-Handle-failure-to-fetch-config-grac.patch
  * Remove 0011-medium-bootstrap-Check-required-arguments-to-geo-joi.patch
  * Remove 0012-doc-geo-join-requires-clusters-argument-bsc-1037442.patch
  * Remove 0013-medium-bootstrap-Make-arbitrator-argument-optional-b.patch
  * Remove 0014-medium-history-Revert-preference-of-messages-over-ha.patch
  * Remove 0015-medium-ui_cluster-Add-force-to-ha-cluster-remove-bsc.patch
  * Remove 0016-high-bootstrap-Add-option-to-enable-diskless-SBD-mod.patch
  * Remove 0017-medium-scripts-Clarify-help-text-for-NFS-wizard-bsc-.patch
  * Remove 0018-medium-scripts-Relax-broadcast-IP-validation-bsc-104.patch
  * Remove 0019-medium-bootstrap-Fix-watchdog-SBD-envvars-bsc-104511.patch
- Rewrite python shebang of scripts to help other distributions
- keep .adoc timestamp to not embed build date in crm.8.html (boo#1047218)
- medium: bootstrap: Fix watchdog SBD envvars (bsc#1045118)
  * Add 0019-medium-bootstrap-Fix-watchdog-SBD-envvars-bsc-104511.patch
- medium: scripts: Relax broadcast IP validation (bsc#1044233)
  * Add 0018-medium-scripts-Relax-broadcast-IP-validation-bsc-104.patch
- medium: scripts: Clarify help text for NFS wizard (bsc#1044244)
  * Add 0017-medium-scripts-Clarify-help-text-for-NFS-wizard-bsc-.patch
- high: bootstrap: Add option to enable diskless SBD mode to cluster init (bsc#1045118)
  * Add 0016-high-bootstrap-Add-option-to-enable-diskless-SBD-mod.patch
- medium: ui_cluster: Add --force to ha-cluster-remove (bsc#1044071)
  * Add 0015-medium-ui_cluster-Add-force-to-ha-cluster-remove-bsc.patch
- medium: history: Revert preference of messages over ha-log.txt (bsc#1031138)
  * Add 0014-medium-history-Revert-preference-of-messages-over-ha.patch
- medium: bootstrap: Make arbitrator argument optional (bsc#1038386)
  * Add 0013-medium-bootstrap-Make-arbitrator-argument-optional-b.patch
- doc: geo-join requires --clusters argument (bsc#1037442)
  * Add 0012-doc-geo-join-requires-clusters-argument-bsc-1037442.patch
- medium: bootstrap: Check required arguments to geo-join (bsc#1037421)
  * Add 0011-medium-bootstrap-Check-required-arguments-to-geo-joi.patch
- medium: bootstrap: Handle failure to fetch config gracefully (bsc#1037423)
  * Add 0010-medium-bootstrap-Handle-failure-to-fetch-config-grac.patch
- medium: bootstrap: Enable "/help geo-init"/ etc. (bsc#1037417)
  * Add 0009-medium-bootstrap-Enable-help-geo-init-etc.-bsc-10374.patch
- high: cibconfig: Graph file output option was reversed (bsc#1036595)
- Add 0008-high-cibconfig-Graph-file-output-option-was-reversed.patch
- low: bootstrap: Update fix for formatting SBD device (bsc#1028704)
- medium: bootstrap: Set expected votes based on actual node count (bsc#1033288)
- Add 0007-medium-bootstrap-Set-expected_votes-based-on-actual-.patch
- low: remove bindnetaddr for unicast(bsc#1030437)
- Add 0006-remove-bindnetaddr-for-unicast-bsc-1030437.patch
- medium: scripts/health: Make health script available as wizard (fate#320848) (fate#320866)
- Add 0005-medium-scripts-health-Make-health-script-available-a.patch
- low: bootstrap: Fix warning for formatting SBD device (bsc#1028704)
- medium: ui_cluster: Fix init with no arguments (bsc#1028735)
- low: utils: Use /proc for process discovery
- Add 0002-low-bootstrap-Fix-warning-for-formatting-SBD-device-.patch
- Add 0003-medium-ui_cluster-Fix-init-with-no-arguments-bsc-102.patch
- Add 0004-low-utils-Use-proc-for-process-discovery.patch
- Allow empty fencing topology (bsc#1025393)
- Add 0001-Allow-empty-fencing_topology-bsc-1025393.patch
- Update to version 3.0.0:
  * high: bootstrap: Add bootstrap commands (fate#321114)
  * high: logparser: Update transition RE (#168)
  * medium: hb_report: don't use backticks in local
  * medium: hb_report: Make sure this never expands to rm -rf /
  * medium: ui_history: Avoid ugly wrapping of diff output
  * medium: ui_cluster: Fix broken cluster remove command
  * low: cibconfig: Clearer error for duplicate ID (bsc#1009748)
  * low: crm_pssh: Fix nodenum envvar name
  * low: cmd_status: More detail in verify output
  * low: ui_cluster: start/stop don't touch corosync, just pacemaker
  * low: ui_script: Fix script list all/names argument handling
  * low: ui: Fix vim highlightning support.
  * low: ui_cluster: No need to check the cluster stack in requires
  * low: completers: give the op's hint when type tab after 'op'
- Update to version 2.2.0+git.1476084519.a000372:
  * high: cibconfig: Ensure temp CIB is readable by crm_diff (bsc#999683)
  * high: parse: Support target pattern in fencing topology
  * medium: ui_configure: option to obscure passwords
  * medium: cibconfig: Remove from tags when removing object
  * medium: scripts: Better corosync defaults (bsc#1001164)
  * medium: scripts: Drop logrotate check from cluster health
  * medium: corosync: Fix missing variable in del-node
  * low: cmd_status: Highlight plural forms (bsc#996806)
- Update to version 2.2.0+git.1473924149.8abc212:
  * high: history: Quote archive tarball name if it contains spaces (bsc#998959)
  * high: history: Prefer /var/log/messages over ha-log.txt (bsc#998891)
- Update to version 2.3.1+git.1472802925.a4a4041:
  * Require Python 2.6+, not 2.7 (bsc#995611)
- Update to version 2.2.0+git.1470743271.64d1a40:
  * medium: constants: Add missing alerts constants (#150) (bsc#992789)
- Update to version 2.2.0+git.1469918297.1b801f6:
  * high: hb_report: Skip lines without timestamps in log correctly (bsc#989810)
  * high: hb_report: Don't collect logs from journalctl if -M is set (bsc#990025)
  * high: parse: Use original _TARGET_RE
  * low: Fix a setting example of the alert to become the error
  * low: scripts: Fix use of non-relative import for ra
- Update to version 2.2.0+git.1464769043.9e4df55:
  * medium: tmpfiles: Create temporary directory if non-existing (bsc#981583)
- Update to version 2.2.0+git.1464237560.fd9e583:
  + high: constants: Add maintenance to set of known attributes (bsc#981659)
  + medium: xmlutil: reduce unknown attribute to warning (bsc#981659)
- Update to version 2.2.0+git.1464167894.621fe00:
  + medium: scripts: no-quorum-policy=ignore is deprecated (bsc#981056)
- Update to version 2.2.0+git.1463777827.9b402a8:
  + high: history: Store live report in per-user directory (bsc#980924)
  + medium: logparser: Handle read-only access to metadata cache (bsc#980924)
  + medium: logparser: Fix use-before-declaration error in logparser
  + medium: history: Report better error when history user is not sudoer (bsc#980924)
  + low: utils: Clearer error if permission denied when locking (bsc#980924)
  + low: history: fall back to any log file in report root
- Update to version 2.2.0+git.1462967444.169c554:
  + high: parse: Support for event-driven alerts (fate#320855) (#136)
  + high: utils: Avoid deadlock if DC changes during idle wait (bsc#978480)
  + medium: ui_resource: Add force argument to resource cleanup (bsc#979420)
  + medium: ui_resource: Show utilization in output from crm resource scores
  + high: ui_resource: Improved resource move/clear/locate commands
- Update to version 2.2.0+git.1462285059.d79cd0d:
  + high: ui_root: Add crm verify command
  + medium: hb_report: Fix broken -S option (#137)
  + low: hb_report: Fix spurious error on missing events.txt
  + low: scripts: Note SBD recommendation in vmware script (fate#318320)
  + low: scripts: Note SBD recommendation in libvirt script (fate#318320)
- Update to version 2.2.0+git.1461246131.bf3c265:
  + medium: scripts: Add vmware to data manifest (fate#318320)
  + medium: ui_node: Fix crash in node fence command (bsc#974902)
  + low: scripts: Preserve formatting in description for vmware wizard
  + low: scripts: Better description for sbd
- Update to version 2.2.0+git.1461083981.dab79a4:
  + high: scripts: VMware fencing using vCenter (fate#318320)
- Update to version 2.2.0+git.1461051741.724349d:
  + low: cibconfig: Don't mix up CLI name with XML tag
  + low: constants: Add missing reload operation to parser
  + low: corosync: Recycle node IDs when possible
  + low: parse: Don't validate operation name in parser (bsc#975357)
  + low: scripts: Only print debug output locally unless there were remote actions
  + low: scripts: Fix watchdog test in sbd-device (fate#318320)
  + low: scripts: Shouldn't set -e here (fate#318320)
- Remove bug-974902_crm-node-fence.patch
- medium: ui_node: Fix "/crm node fence"/ (bsc#974902)
  - bug-974902_crm-node-fence.patch
- Update to version 2.2.0+git.1458546035.5df0420:
  + medium: scripts: SBD wizard which configures SBD itself (fate#318320)
  + medium: main: Add -o|--opt to pass extra options for crmsh
  + medium: hb_report: Add timeout to SSH connection (bsc#971690)
  + low: command: handle stray regex characters in input
  + low: scripts: Clean up various scripts
- Fix build-compare by only touching files with timestamps in the future
  and by not including the rebuild counter in hb_report
- Update to version 2.2.0+git.1458042315.389d264:
  + high: history: Faster log parsing (bsc#970278)
  + medium: ui_node: Use stonith_admin -F to fence remote nodes (bsc#967907)
  + medium: crm_pssh: Fix live refresh of journalctl logs (bsc#970931)
  + medium: hb_report: Use server attribute for remote nodes if set (bsc#970819)
  + medium: ui_node: Add crm node server command
  + medium: scripts: Simplify SBD script (bsc#968076) (fate#318320)
  + medium: scripts: inline scripts for call actions
  + medium: scripts: Don't require sudo for root
  + medium: scripts: Set sudo and full path for exportfs -v in nfs scripts
  + medium: scripts: Add nfs-utils to list of packages for nfsserver
  + low: history: use os.listdir to list history sessions
  + low: scripts: Fix error in service action
  + low: logtime: Improve performance of syslog_ts (bsc#970278)
  + low: hb_report: Print covered time span at exit (bsc#970823)
  + low: hb_report: Warn if generated report is empty (bsc#970823)
  + low: log_patterns_118: Add captures to log patterns for tagging (bsc#970278)
  + low: ui_resource: alias show to get
  + low: hb_report: Suggest user checks timeframe on empty logs (bsc#970823)
  + low: logparser: Add cib info to __meta for hawk
- Update to version 2.2.0+git.1456299101.87fe3c9:
  + high: ui_configure: Fix commit force (#120)
  + medium: config: make multiarch dependency a dynamic include (#119)
  + low: ui_node: Less cryptic query when fencing node
- Update to version 2.2.0+git.1455627181.78fd949:
  + high: scripts: Add LVM on DRBD cluster script (bsc#951132)
  + high: scripts: Add NFS on LVM and DRBD cluster script (bsc#951132)
  + high: added the "/push"/ method to the "/configure load"/ command (fate#320389)
  + medium: ui_configure: Only wait for DC if resources were stopped (#117)
  + medium: hb_report: Don't collect logs on non-nodes (bsc#959031)
  + medium: hb_report: Don't collect logs on non-nodes (bsc#959031)
  + medium: ui_configure: Only wait for DC if resources were stopped (#117)
  + medium: command: Disable fuzzy matcher for completion (#116)
  + medium: corosync: added optional parameter [name] to "/corosync add-node"/ function
  + medium: constants: clone-min meta attribute (new in Pacemaker 1.1.14)
  + medium: cibconfig: add and|or filter combinators to influence filtering (fate#320401)
  + Medium: history: update patterns for resource (new lrmd)
  + medium: ui_configure: Rename show-property to get-property
  + medium: scripts: Updated SBD cluster script (fate#318320)
  + low: Fix title style vs. sentence style in cluster scripts (bsc#892108)
  + low: Fix title style vs. sentence style in cluster scripts (bsc#892108)
  + Low: maintenance: allow action to be forced
- Remove merged patches:
  - Remove 0001-high-history-Parse-log-lines-without-timestamp-bsc-9.patch
  - Remove 0002-high-scripts-Improved-OCFS2-cluster-script-bsc-95398.patch
  - Remove 0003-high-scripts-fix-broken-cluster-init-script-bsc-9631.patch
- high: scripts: fix broken cluster init script (bsc#963135)
- high: scripts: Improved OCFS2 cluster script (bsc#953984)
- high: history: Parse log lines without timestamp (bsc#955581)
- Add 0001-high-history-Parse-log-lines-without-timestamp-bsc-9.patch
- Add 0002-high-scripts-Improved-OCFS2-cluster-script-bsc-95398.patch
- Add 0003-high-scripts-fix-broken-cluster-init-script-bsc-9631.patch
- Update to version 2.2.0~rc3+git.1452867205.c160c5a:
  + high: cibconfig: Fix XML import bug for cloned groups (bsc#959895)
  + high: cibconfig: fail if new object already exists (bsc#959965)
  + high: cibconfig: Preserve failure through edit (bsc#959965)
  + medium: ui_cib: Call crm_shadow in batch mode to avoid spawning subshell (bsc#961392)
  + medium: ui_history: Add events command (bsc#952449)
  + medium: scripts: Reformat scripts to simplified form
  + medium: scripts: Load single file yml scripts
  + medium: cibconfig: Detect false container children
  + medium: history: Ignore central log
  + medium: history: Fix live report refresh (bsc#950422) (bsc#927414)
  + low: don't use deprecated crm_attribute -U option
  + low: hb_report: Drop function from event patterns
  + low: clidisplay: Avoid crash when colorizing None
  + doc: Documentation for history events command
- Update to version 2.2.0~rc3+git.1449475283.649c9d2:
  + high: ui_configure: Move validate-all validation to a separate command (bsc#956442)
  + high: scripts: Don't delete steps from upgraded wizards (bnc#957925)
  + medium: scripts: Enable setting category in legacy wizards (bnc#957926)
  + high: scripts: Don't require scripts to be an array of one element
  + high: scripts: Conservatively verify scripts that modify the CIB (bsc#951954)
  + high: ui_resource: Enable start/stop/status for multiple resources at once (bsc#952775)
  + high: ui_resource: Add constraints and operations commands
  + high: ui_ra: Add ra validate command (bsc#956442)
  + high: script: Fix issues found in cluster scripts
  + low: resource: Fix unban alias for unmigrate
- Update to version 2.2.0~rc3+git.1447774225.24dd944:
  + high: xmlutil: Order is significant in resource_set (bsc#955434)
- Update to version 2.2.0~rc3+git.1447033314.c640af6:
  + medium: script: (filesystem) create stopped (bsc#952670)
  + doc: configure load can read from stdin
  + medium: scripts: Lower copy target to string
- Update to version 2.2.0~rc3+git.1446121677.5f4ab3c:
  + high: scripts: Eval CIB text in correct scope (bsc#952600)
  + medium: scripts: Check required parameters for optional sub-steps
  + medium: utils: Fix python 2.6 compatibility
- Update to version 2.2.0~rc3+git.1446022288.cbb7d77:
  + medium: scripts: No optional steps in legacy wizards (bsc#952226)
  + medium: ui_script: Tag legacy wizards as legacy in show (bsc#952226)
- Update to version 2.2.0~rc3+git.1445863187.686e3ec:
  + high: utils: Revised time zone handling (bsc#951759)
- Update to version 2.2.0~rc3+git.1445338389.7433378:
  + high: scripts: Fix DRBD script resource reference (bsc#951028)
  + low: constants: Tweaked graph colors
- Update to version 2.2.0~rc3+git.1444854254.fc37f7f:
  + high: utils: Handle time zones in parse_time (bsc#949511)
  + medium: cibconfig: Fix sanity check for attribute-based fencing topology (#110)
  + medium: ui_script: Optionally print common params
  + medium: hb_report: Remove reference to function name in event patterns (bsc#942906)
  + medium: report: Make transitions without end stretch to 2525
  + doc: add missing <> to fencing_topology syntax
  + doc: add missing backslash in fencing_topology example
  + doc: add explanatory comments to fencing_topology
  + doc: Update the scripts documentation
  + doc: Fix unclosed block in scripts documentation
- Update to version 2.2.0~rc3+git.1444661352.14fa72b:
  + high: scripts: Determine output format of script correctly (bsc#949980)
  + high: cibconfig: Fix bug with node/resource collision
- Update to version 2.2.0~rc3+git.1444340345.59850ca:
  + high: utils: Fix cluster_copy_file error when nodes provided (bsc#949603)
  + low: xmlutil: More informative message when updating resource references after rename
  + doc: fix some command syntax grammar in the man page
  + doc: resource-discovery for location constraints
- Update to version 2.2.0~rc3+git.1444133917.3f7f79f:
  + high: cibconfig: Fix bug in is_edit_valid (bsc#948547)
  + high: cibconfig: Delete constraints before resources
- Update to version 2.2.0~rc3+git.1444122392.193bf69:
  + high: cibconfig: Allow nodes and resources with the same ID (bsc#948547)
  + high: cibconfig: Allow node/rsc id collision in _set_update (bsc#948547)
  + medium: hb_report: Don't cat binary logs
  + low: report: Silence tar warning on early stream close
- Update to version 2.2.0~rc3+git.1443544100.aa2abda:
  + medium: report: Enable opening .xz-compressed report tarballs
  + medium: config: Always fall back to /usr/bin:/usr/sbin:/bin:/sbin for programs (bsc#947818)
  + low: ui_resource: Silence spurious migration non-warning from pacemaker
  + high: log_patterns_118: Update the correct set of log patterns (bsc#942906)
- Update to version 2.2.0~rc3+git.1443105613.80a246f:
  + medium: cibconfig: Only warn for grouped children in colocations (bsc#927423)
- Update to version 2.2.0~rc3+git.1443102798.74361f5:
  + high: ui_node: Show remote nodes in crm node list (bsc#877962)
  + medium: cibconfig: Warn if configuring constraint on child resource (bsc#927423) (#101)
  + medium: cibconfig: Allow order constraints on group children (bsc#927423)
- Update to version 2.2.0~rc3+git.1442913222.4ba506b:
  + high: config: Remove config.core.supported_schemas (bsc#946893)
- Update to version 2.2.0~rc3+git.1441965248.a9a616d:
  + low: scripts: Fix typo in email type verifier
  + low: scripts: [MailTo] install mailx package
  + high: scripts: Add enum type to script values
  + medium: parse: Add support for node attribute as fencing topology target
  + doc: Improve documentation for the history level
  + low: ui_history: Swap from and to times if to < from
  + low: ui_history: Better error handling and documentation for the detail command
  + medium: report: Add transition tags command (bsc#943470)
  + medium: report: Mark transitions with errors with a star in info output (bsc#943470)
- Update to version 2.2.0~rc3+git.1441319359.d823416:
  + high: scripts: Generate actions for includes if none are defined
  + high: script: Fix subscript agent reference bug
  + medium: crm_pssh: Timeout is an int (bsc#943820)
  + medium: scripts: Fix typo in lvm script
  + low: scripts: [virtual-ip] make lvs_support an advanced parameter
  + low: constants: Add meta attributes for remote nodes
- Update to version 2.2.0~rc3+git.1440887645.cd6ac8a:
  + doc: Clarify documentation for colocations using node-attribute
  + high: parse: Fix crash when referencing score types by name (bsc#940194)
  + low: scripts: Improved script parameter validation
  + medium: scripts: Add MailTo script
- Update to version 2.2.0~rc3+git.1440626270.8872dbc:
  + low: hb_report: Increase time to wait for the logmark
  + medium: log_patterns: Remove reference to function name in log patterns (bsc#942906)
  + low: hb_report: Collect libqb version (bsc#943327)
  + medium: report: Reintroduce empty transition pruning (bsc#943291)
  + medium: scripts: Ensure that the Filesystem resource exists [nfsserver] (bsc#898658)
  + low: scripts: Make virtual IP optional [nfsserver]
  + high: scripts: Add force parameter to cib and crm actions, and don't pass --force by default
  + high: scripts: Default to passing --force to crm after all
  + medium: options: Add --no option
  + medium: scripts: Use --no option over --force unless force: true is set in the script
  + high: ui_script: Print cached errors in json run
- Update to version 2.2.0~rc3+git.1440506835.395dad0:
  + high: report: Update transition edge regexes (bsc#942906)
  + high: hb_report: Always prefer syslog if available (bsc#942906)
- Update to version 2.2.0~rc3+git.1440493477.255685f:
  + low: scripts: Catch attempt to pass dict as parameter value
  + medium: scripts: Switch install default to false (fate#318482)
- Update to version 2.2.0~rc3+git.1439547680.0877a90:
  + low: main: Bash completion didn't handle sudo correctly
  + high: hb_report: Correct path to hb_report after move to subdirectory (bsc#936026)
  + medium: report: Add pacemaker.log to find_node_log list (bsc#941734)
  + high: hb_report: Prefer pacemaker.log if it exists (bsc#941681)
  + high: report: Output format from pacemaker has changed (bsc#941681)
- Update to version 2.2.0~rc3+git.1439305144.fbe773c:
  + medium: config: Add report_tool_options (bsc#917638)
- Update to version 2.2.0~rc3+git.1438934728.5abada2:
  + Medium: cibconfig: skip sanity check for properties other than cib-bootstrap-options
  + high: parse: Add attributes to terminator set (bsc#940920)
- Update to version 2.2.0~rc3+git.1436439891.2cc4984 (fate#318281):
  + high: ui_script: drop end sentinel from API output (fate#318211)
  + low: scripts: Title and category for exportfs
  + low: scripts: Strip shortdesc for scripts and params
  + low: scripts: Tweak description for libvirt
  + low: scripts: make overridden parameters non-advanced by default
  + low: scripts: add missing type annotations to libvirt script
  + low: scripts: Fix formatting for SAP scripts
  + low: scripts: Clearer shortdesc for filesystem
  + low: scripts: Preserve formatting of longdescs
  + medium: ui_script: Add name to action output (fate#318211)
  + low: ui_script: Check JSON command syntax
  + medium: ui_script: Fix bug in verify json encoding
- Update to version 2.2.0~rc3+git.1436110355.d603e20:
  + low: scripts: Fix possible reference error in agent include
- Update to version 2.2.0~rc3+git.1435949142.a824a98:
  + low: Add HAProxy script to data manifest
  + low: Remove build revision from version
  + low: scripts: Clearer error message
- Update to version 2.2.0~rc3+git.1435679589.07d4206:
  + medium: scripts: Add HAProxy script
  + medium: constants: Add 'provides' meta attribute (bsc#936587)
- Update to version 2.2.0~rc3+git.1435265407.2865580:
  + high: hb_report: find utility scripts after move (bsc#936026)
  + high: ui_report: Move hb_report to subdirectory (bsc#936026)
  + high: scripts: subscript values not required if subscript has no parameters / all defaults (fate#318211)
  + high: Makefile: Don't unstall hb_report using data-manifest (bsc#936026)
  + medium: scripts: Fix name override for subscripts (fate#318211)
  + medium: scripts: stop inserting comments as values
  + medium: report: Fall back to cluster-glue hb_report if necessary (bsc#936026)
  + low: scripts: Clean up generated CIB (fate#318211)
- Pre-release 2.2.0-rc3
- high: Merge rewizards development branch (fate#318211)
  (fate#318384) (fate#318483) (fate#318482) (fate#318550)
- Summary of some of the changes included in the merge of
  the rewizards branch:
  + Colorized status output
  + New and more capable cluster script implementation
  + Deprecated the crmsh templates (not the CIB templates,
    the configuration templates)
  + Implemented a JSON API interface to the cluster scripts
    for hawk to use instead of having its own wizards
  + Handlebars-like templating language for cluster scripts
    that modify the CIB
  + Collect metadata from resource agents to avoid duplication
    in configuration scripts
  + Extended validation support for parameter values
  + New cluster scripts:
  - Stonith: SBD and libvirt
  - Apache web server
  - NFS server
  - cLVM
  - Databases: MySQL / MariaDB / Oracle / DB2
  - SAP
  - OCFS2
  - etc.
  + Radically simplified automake and autoconf setup
  + Improved completion performance
  + Added pygment lexers used by the history guide as stand-alone
    python module in contrib/
  + Removed dependency on corosync for regression test suite
  + Sort topics and commands in help output
  + Hide internal commands in help and ls
  + Clearer debug output when simulating
  + Cleaned up and fixed documentation bugs
- Update to version 2.2.0~rc3+git.1434151485.7365522:
  + low: crm: Detect and report use of python 3
  + medium: hb_report: Collect logs from pacemaker.log
  + medium: ui_root: Make the cibstatus command available directly from the root
  + medium: resource: Add ban command
  + medium: handles: {{^feature}}invert blocks{{/feature}}
  + medium: handles: Replace magic value with callables
  + low: handles: Also allow # and $ in identifiers
  + doc: Update reference to parallax in scripts documentation
  + WIP: in-progress notes etc.
  + scripts: Add placeholders for some basic scripts
  + medium: handles: Fix error in strict parameter handling
  + medium: config: add config.path.hawk_wizards
  + medium: ui_script: Add JSON API
  + build: Add update-data-manifest.sh to generate datadir file list
  + contrib: Add pygment lexers used by the history guide
  + doc: Describe website compilation process in development.md
  + doc: scripts: Basic documentation for the cluster scripts
  + medium: help: Sort topics and commands in help output
  + low: handles: Clean up special values
  + doc: Document the script JSON API
  + low: script: Rename describe to show
  + low: command: Hide internal commands from ls
  + doc: Fix unterminated block
  + low: scripts: Stricter regexp for identifiers
  + low: scripts: Handle local runs even if nodelist doesn't contain local node
  + low: cmd_status: Add full argument to status
  + high: cmd_status: Colorize status output
  + Pre-release 2.2.0-rc3
- Pre-release 2.2.0-rc2
- medium: crm_pkg: Fix cluster init bug on RH-based systems
- medium: crm_gv: Improved quoting of non-identifier node names (bsc#931837)
- medium: crm_gv: Wrap non-identifier names in quotes (bsc#931837)
- low: Fix references to pssh to refer to parallax
- medium: report: Try to load source as session if possible (bsc#927407)
- low: xmlutil: Update comment to match the code
- high: report: New detection to fix missing transitions (bnc#917131)
- medium: ui_configure: Add resource as an alias for primitive
- medium: parse: Allow implicit initial for groups as well
- medium: parse: More robust implicit initial parser
- Medium: doc: add history guide
- Low: doc: simplify to make it work with python 2.6
- Medium: hb_report: use faster zypper interface if available
- medium: ui_configure: Wait for DC when removing running resource
- low: schema: Don't leak PacemakerError exceptions (#93)
- high: ui_cluster: Add copy command
- doc: Update the documentation for the upgrade command
- parse: Don't require trailing colon in tag definitions
- high: crm_pssh: Explicitly set parallax inline option (krig/parallax#1)
- high: ui_configure: Add show-property command
- medium: utils: Allow 1/0 as boolean values for parameters
- low: hb_report: Use crmsh config to find pengine/cib dirs (bsc#926377)
- low: ui_options: add alias list for show
- medium: cliformat: Escape double-quotes in nvpair values
- high: parse: Don't allow constraints without applicants
- medium: parse: Disallow location rules without resources
- medium: ui_template: Make new command more robust (bnc#924641)
- high: fix typo in previous commit
- high: ui_node: Don't fence node in clearstate (boo#912919)
- low: Replaced README with README.md
- medium: ui_template: Always generate id unless explicitly defined (boo#921028)
- high: cibconfig: Derive id for ops from referenced resource name (boo#921028)
- medium: templates: Clearer descriptions for editing templates (boo#921028)
- high: ui_context: Wait for DC after commit, not before (#85)
- high: cibconfig: Don't delete valid tickets when removing referenced objects (bnc#922039)
- high: ui_configure: Remove acl_group command (bnc#921056)
- doc: Document changes to template list|new
- medium: help: Teach help to fuzzy match topics
- doc: Describe the shorthand syntax for commands
- low: command: Use fuzzy match for sublevel check
- medium: command: Fuzzy match command names
- low: ui_context: Use true command name when reporting errors
- Low: hb_report: add -X option for extra ssh options
- low: allow pacemaker 1.0 version detection
- low: allow (0,1) as option booleans
- medium: cibconfig: Allow removal of non-existing elements if --force is set
- medium: cibconfig: Allow delete of objects that don't exist without returning error code
- medium: cibconfig: If a change results in no diff, exit silently
- low: pacemaker: Remove debug output
- medium: schema: Remove extra debug output
- medium: schema: Test if node type is optional via schema
- medium: parse: Treat pacemaker-next schema as 2.0+
- low: cibconfig: Improved debug output when schema change fails
- medium: cibconfig: Fix inverted logic causing spurious warning
- Medium: cibconf: preserve cib user attributes
- medium: ra: Handle non-OCF agent meta-data better
- medium: config: Fix case-sensitivity for booleans
- medium: report: Include transitions with configuration changes (bnc#917131)
- medium: xmlutil: Improved check for related elements
- doc: Documentation for show related:<obj>
- medium: report: Convert RE exception to simpler UI output
- medium: cibconfig: add show related:<obj>
- medium: parse: Encode unicode using xmlcharrefreplace in parser
- medium: parse: nvpair attributes with no value = <nvpair name="/.."//> (#71)
- medium: ui_cluster: Add diff command (bnc#914525)
- medium: report: Fall back to end_ts = start_ts
- medium: util: Don't fall back to current time
- high: xmlutil: Treat node type=member as normal (boo#904698)
- low: xmlutil: logic bug in sanity_check_nvpairs
- medium: xmlutil: Modify sort order of object types
- medium: cibconfig: Use orderedset to avoid reordering bugs (#79)
- medium: orderedset: Add OrderedSet type
- medium: cibconfig: Detect v1 format and don't patch container changes (bnc#914098)
- medium: constants: Update transition regex (#77)
- Revert "/high: xmlutil: Reorder elements only if sort_elements is set (#78)"/
- low: ui_options: Add underscore aliases for legacy options
- high: xmlutil: Reorder elements only if sort_elements is set (#78)
- medium: cibconfig: Strip digest from v1 diffs (bnc#914098)
- medium: crm_pssh: Make tar follow symlinks
- medium: constants: Fix transition start detection
- medium: crm_pssh: Handle incomplete Option argument
- high: crm_pssh: Use correct Task API in do_pssh (bnc#913261)
- medium: cibconfig: Break infinite edit loop if --force is set
- high: utils: Locate binaries across sudo boundary (bnc#912483)
- low: config: Convert NoOptionError to ValueError
- low: msg: Add note on modifying supported schemas
- medium: config: Add 2.3 to list of supported schemas
- medium: utils: crm_daemon_dir is added to PATH in envsetup (#67)
- Version 2.2.0-rc2, update ChangeLog
- low: cibconfig: Protect against dereferencing None when building graph
- low: crm_gv: Avoid crashing if passed None in my_edge
- low: cibconfig: Use LXML to remove version data more robustly (#75)
- Remove CIB version in case no --no-version.
- medium: ui_options: Accept prefix or suffix of option as argument
- medium: utils: Check if path basename is less (#74)
- low: report: Delay Report creation until use
- Medium: history: match error/crit messages of pcmk 1.1.12
- low: report: Fix references to PSSH
- high: crm_pssh: Switch to python-parallax over pssh (bnc#905116)
- high: parse: Implicit initial parameter list
- Low: term: get rid of annying ^O in piped-to-less-R output
- medium: parse: Enable name[=value] for nvpair (#71)
- medium: parse: Allow nvpair with no value using name= syntax (#71)
- utils: append_file: open destination in append-mode (boo#907528)
- medium: ui_history: Fix crash using empty object set
- doc: Add note about modeline for vim syntax
- doc: Improved documentation for show and save
- medium: cibconfig: Delete containers first in edits (boo#905268)
- medium: Allow removing groups even if is_running (boo#905271)
- doc: Add documentation section describing rule expressions (boo#905637)
- doc: Clarify documentation for property (boo#905637)
- Medium: config: add alwayscolor to display output option
- medium: config: Add core.ignore_missing_metadata (#68) (boo#905910)
- medium: ui_configure: selectors in save command
- medium: ui_context: Lazily import readline
- medium: cibconfig: Don't bump epoch if stripping version
- medium: ui_configure: Add replace option to commit
- medium: cibconfig: Revised CIB schema handling
- low: cliformat: Colorize id: as identifier (boo#905338)
- medium: config: Fall back to /etc/crm/crmsh.conf (#67)
- high: config: Fix path to system-wide crm.conf (#67)
- medium: cmd_status: Show pending if available, enable extra options
- medium: ra: Use correct path for crmd (#67)
- medium: cibconfig: Allow unsupported schemas with warning
- medium: pacemaker: Support pacemaker-next as schema
- medium: parse: Support resource-discovery in location constraints
- doc: Document deprecation of refresh and reprobe (bnc#905092)
- low: ui_resource: --reprobe and --refresh are deprecated (bnc#905092)
- doc: Document probe op in resource trace (bnc#905050)
- medium: ui_resource: Set probe interval 0 if not set (bnc#905050)
- high: ui_resource: resource trace failed if operation existed (bnc#901453)
- high: ui_resource: Use correct name for error function (bnc#901453)
- medium: ui_resource: Flatten, then filter (#64)
- medium: ui_resource: Only act on resources (#64)
- high: xmlutil: Filter list of referenced resources (bnc#901714)
- high: cibconfig: Don't crash if given an invalid pattern (bnc#901714)
- doc: cibconfig: Add note on inner ids after rename
- medium: xmlutil: Use idmgmt when creating new elements (bnc#901543)
- doc: Remove reference to crmsh documentation at clusterlabs.org
- doc: Clarified note for default-timeouts
- high: hb_report: Collect logs from journald (boo#900654)
- high: report: Find nodes for any log type (boo#900654)
- low: cibconfig: Fix vim modeline
- medium: main: Disable interspersed args
- high: cibconfig: Delay reinitialization after commit
- low: cibconfig: Improve wording of commit prompt
- low: rsctest: Better error message for unsupported action
- medium: ui_maintenance: Combine action and actionssh into a single command
- medium: rsctest: Add basic support for systemd services
- high: ui_maintenance: Add maintenance sublevel (bnc#899234)
- high: parse: Allow empty attribute values in nvpairs (bnc#898625)
- low: main: Replace getopt with optparse
- low: ui_cluster: More informative error message
- low: report: Sort list of nodes
- high: cibconfig: Add tag:<tag> to get all resources in tag
- high: cibconfig: Generate valid CLI syntax for attribute lists (bnc#897462)
- doc: Sort command list in documentation alphabetically
- doc: Handle command names with underscore
- low: ra: Add systemd-support to RaOS
- low: ui_ra: Don't crash when no OCF agents installed
- low: corosync: Check tools before use
- low: main: Catch any ValueErrors that may leak through
- medium: config: Assign default path in all cases
- low: ui_template: List both templates and configs by default
- low: ui_configure: add rm as alias for delete
- low: template: Add 'new <template>' shortcut
- high: scripts: Handle corosync.conf without nodelist in add-node (bnc#862577)
- medium: Handle broken CIB in find_objects
- high: parse: split shortcuts into valid rules
- doc: Rename asciidoc files to %.adoc
- medium: cibconfig: Add set command
- Low: hb_report: add -Q to usage
- upstream cs: 2.2.0-rc2-167-g4e7baf3
- Release 2.1.1 (bnc#902993)
- upstream cs: 2.1.1
- medium: ui_resource: Only act on resources (#64)
- medium: ui_resource: Flatten, then filter (#64)
- high: ui_resource: Use correct name for error function (bnc#901453)
- high: ui_resource: resource trace failed if operation existed (bnc#901453)
- upstream cs: 2.1.0-63-g9b8d798
- high: hb_report: Collect logs from journald (boo#900654)
- high: report: Find nodes for any log type (boo#900654)
- low: cibconfig: Fix vim modeline
- upstream cs: 2.1.0-55-ga69c53c
- drop 'checkproc' line from the run-crons as the usage is bogus
- update cronie-nheader_lines.diff so it doesn't print the first 3
  crontab lines (static comments) with the 'crontab -l' command
- remove cronie-nofork-nopid.patch that allowed running of multiple
  "/cron -n"/ instances at once which is an unwanted behaviour
- update cronie-1.5.1-huge_crontab_DoS.patch to fix a regression
  that caused that only the first job from a crontab was being run
- add cronie-1.5.1-huge_crontab_DoS.patch to fix two security issues
  where users can cause DoS of the crond by loading huge crontab
  files. We now allow maximum 1000 environment variables and 1000
  crontab entries. Also the comments and whitespace between the
  entries and variables are now limited to 32768 characters.
  [bnc#1128937] [CVE-2019-9704] and [bnc#1128935] [CVE-2019-9705]
- Requires mail as it's really needed by cron-crons script, not
  smtp_daemon [bsc#1070565] [bsc#1064834]
- Ensure that /etc/cron.{hourly,daily,weekly,monthly} have proper
  permissions and owner. This is racy but prevents some LPE vectors
- Requires smtp_daemon (not just Recommends) as it's needed by
  run-crons script [bsc#1064834]
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Require group trusted if we use them
- update to 1.5.1
  * crontab: Use temporary file name that is ignored by crond.
  * crond: Inherit PATH from the crond environment if -P option
    is used.
  * crond: Remove hardcoded "/system_u"/ SELinux user, use the
    SELinux user
    of the running crond.
  * anacron: Small cleanups and fixes.
  * crond: Fix longstanding race condition on repeated crontab
- refresh cronie-pam_config.diff
- get rid of %{name} macros in the patch names
- use %{ext_man} macro for anacron man pages
- fedorahosted.org was retired on March 1st, 2017
  * update Url and Source address
- cleanup with spec-cleaner
- remove the omc xml config that is useless nowdays
- Add fix for bnc#983925 to run crons even when not on AC_POWER
  * Nowdays it does not make much sense to not run crons when on
    battery and actually it can even confuse people
- cron.service: Use KillMode=process like upstream does.
- revert last change, it is a bug in sssd.service, fixed in
- add support for MAILFROM, MAIL_CONFIG and different mailer binaries
  in run-crons (bnc#812367, bnc#366762)
- Start cron after sssd.service bnc#926961
- Redo the post/pre update approach to fix migration from SLE11.
  Should fix bnc#919028
- update to 1.5.0
  * crond: Job environment variables are set also when executing
  * crond: Adding duplicate orphans on reload is now prevented.
  * crond: The regular crond shutdown is now logged.
  * crontab: PAM is not called in crontab command if the caller's
    uid is 0.
  * crond: PAM is not called from crond for system cron jobs
    (/etc/crontab, /etc/cron.d) which are run for uid 0.
  * crond: The existence of an user is checked at time when job is
    run and not when the crontab is parsed on database reload.
- use spec-cleaner
- cron.service: Start After=nss-user-lookup.target not
  after ypbind.service nscd.service
-cron.service: Crons run at wall-time, order after time-sync.target
- fix bashisms in pre scripts
- SLE marker: implements jsc#SLE-5911, bsc#1165580, jsc#SLE-145149
- prepare usrmerge (boo#1029961)
- Update to 2.3.4:
  * Fix a possible out-of-bounds memory write while validating LUKS2 data
    segments metadata (CVE-2020-14382, boo#1176128).
  * Ignore reported optimal IO size if not aligned to minimal page size.
  * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
  * Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
  * Support --master-key-file option for online LUKS2 reencryption
  * Always return EEXIST error code if a device already exists.
  * Fix a problem in integritysetup if a hash algorithm has dash in the name.
  * Fix crypto backend to properly handle ECB mode.
  * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
    with a larger sector.
  * LUKS2: Do not create excessively large headers.
  * Fix unspecified sector size for BitLocker compatible mode.
  * Fix reading key data size in metadata for BitLocker compatible mode.
- Update to 2.3.3:
  * Fix BitLocker compatible device access that uses native 4kB
  * Support large IV count (--iv-large-sectors) cryptsetup option
    for plain device mapping
  * Fix a memory leak in BitLocker compatible handling
  * Allow EBOIV (Initialization Vector algorithm) use
  * LUKS2: Require both keyslot cipher and key size option, do
    not fail silently
- includes changes from 2.3.2:
  * Add option to dump content of LUKS2 unbound keyslot
  * Add support for discards (TRIM) for standalone dm-integrity
    devices (Kernel 5.7) via --allow-discards, not for LUKS2
  * Fix cryptsetup-reencrypt to work on devices that do not allow
    direct-io device access.
  * Fix a crash in the BitLocker-compatible code error path
  * Fix Veracrypt compatible support for longer (>64 bytes)
- Split translations to -lang package
- New version to 2.3.1
  * Support VeraCrypt 128 bytes passwords.
    VeraCrypt now allows passwords of maximal length 128 bytes
    (compared to legacy TrueCrypt where it was limited by 64 bytes).
  * Strip extra newline from BitLocker recovery keys
    There might be a trailing newline added by the text editor when
    the recovery passphrase was passed using the --key-file option.
  * Detect separate libiconv library.
    It should fix compilation issues on distributions with iconv
    implemented in a separate library.
  * Various fixes and workarounds to build on old Linux distributions.
  * Split lines with hexadecimal digest printing for large key-sizes.
  * Do not wipe the device with no integrity profile.
    With --integrity none we performed useless full device wipe.
  * Workaround for dm-integrity kernel table bug.
    Some kernels show an invalid dm-integrity mapping table
    if superblock contains the "/recalculate"/ bit. This causes
    integritysetup to not recognize the dm-integrity device.
    Integritysetup now specifies kernel options such a way that
    even on unpatched kernels mapping table is correct.
  * Print error message if LUKS1 keyslot cannot be processed.
    If the crypto backend is missing support for hash algorithms
    used in PBKDF2, the error message was not visible.
  * Properly align LUKS2 keyslots area on conversion.
    If the LUKS1 payload offset (data offset) is not aligned
    to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
  * Validate LUKS2 earlier on conversion to not corrupt the device
    if binary keyslots areas metadata are not correct.
- Update to 2.3.0 (include release notes for 2.2.0)
  * BITLK (Windows BitLocker compatible) device access
  * Veritysetup now supports activation with additional PKCS7 signature
    of root hash through --root-hash-signature option.
  * Integritysetup now calculates hash integrity size according to algorithm
    instead of requiring an explicit tag size.
  * Integritysetup now supports fixed padding for dm-integrity devices.
  * A lot of fixes to online LUKS2 reecryption.
  * Add crypt_resume_by_volume_key() function to libcryptsetup.
    If a user has a volume key available, the LUKS device can be resumed
    directly using the provided volume key.
    No keyslot derivation is needed, only the key digest is checked.
  * Implement active device suspend info.
    Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags
    that informs the caller that device is suspended (luksSuspend).
  * Allow --test-passphrase for a detached header.
    Before this fix, we required a data device specified on the command
    line even though it was not necessary for the passphrase check.
  * Allow --key-file option in legacy offline encryption.
    The option was ignored for LUKS1 encryption initialization.
  * Export memory safe functions.
    To make developing of some extensions simpler, we now export
    functions to handle memory with proper wipe on deallocation.
  * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot.
  * Add optional global serialization lock for memory hard PBKDF.
  * Abort conversion to LUKS1 with incompatible sector size that is
    not supported in LUKS1.
  * Report error (-ENOENT) if no LUKS keyslots are available. User can now
    distinguish between a wrong passphrase and no keyslot available.
  * Fix a possible segfault in detached header handling (double free).
  * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2.
  * The libcryptsetup now keeps all file descriptors to underlying device
    open during the whole lifetime of crypt device context to avoid excessive
    scanning in udev (udev run scan on every descriptor close).
  * The luksDump command now prints more info for reencryption keyslot
    (when a device is in-reencryption).
  * New --device-size parameter is supported for LUKS2 reencryption.
  * New --resume-only parameter is supported for LUKS2 reencryption.
  * The repair command now tries LUKS2 reencryption recovery if needed.
  * If reencryption device is a file image, an interactive dialog now
    asks if reencryption should be run safely in offline mode
    (if autodetection of active devices failed).
  * Fix activation through a token where dm-crypt volume key was not
    set through keyring (but using old device-mapper table parameter mode).
  * Online reencryption can now retain all keyslots (if all passphrases
    are provided). Note that keyslot numbers will change in this case.
  * Allow volume key file to be used if no LUKS2 keyslots are present.
  * Print a warning if online reencrypt is called over LUKS1 (not supported).
  * Fix TCRYPT KDF failure in FIPS mode.
  * Remove FIPS mode restriction for crypt_volume_key_get.
  * Reduce keyslots area size in luksFormat when the header device is too small.
  * Make resize action accept --device-size parameter (supports units suffix).
- Create a weak dependency cycle between libcryptsetup and
  libcryptsetup-hmac to make sure they are installed together
- Use noun phrase in summary.
- New version 2.1.0
  * The default size of the LUKS2 header is increased to 16 MB.
    It includes metadata and the area used for binary keyslots;
    it means that LUKS header backup is now 16MB in size.
  * Cryptsetup now doubles LUKS default key size if XTS mode is used
    (XTS mode uses two internal keys). This does not apply if key size
    is explicitly specified on the command line and it does not apply
    for the plain mode.
    This fixes a confusion with AES and 256bit key in XTS mode where
    code used AES128 and not AES256 as often expected.
  * Default cryptographic backend used for LUKS header processing is now
    OpenSSL. For years, OpenSSL provided better performance for PBKDF.
  * The Python bindings are no longer supported and the code was removed
    from cryptsetup distribution. Please use the libblockdev project
    that already covers most of the libcryptsetup functionality
    including LUKS2.
  * Cryptsetup now allows using --offset option also for luksFormat.
  * Cryptsetup now supports new refresh action (that is the alias for
    "/open --refresh"/).
  * Integritysetup now supports mode with detached data device through
    new --data-device option.
- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
  someone has time to evaluate the fallout from switching to LUKS2.
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
  Changes since version 2.0.4
  * Wipe full header areas (including unused) during LUKS format.
    Since this version, the whole area up to the data offset is zeroed,
    and subsequently, all keyslots areas are wiped with random data.
    This ensures that no remaining old data remains in the LUKS header
    areas, but it could slow down format operation on some devices.
    Previously only first 4k (or 32k for LUKS2) and the used keyslot
    was overwritten in the format operation.
  * Several fixes to error messages that were unintentionally replaced
    in previous versions with a silent exit code.
    More descriptive error messages were added, including error
    messages if
  - a device is unusable (not a block device, no access, etc.),
  - a LUKS device is not detected,
  - LUKS header load code detects unsupported version,
  - a keyslot decryption fails (also happens in the cipher check),
  - converting an inactive keyslot.
  * Device activation fails if data area overlaps with LUKS header.
  * Code now uses explicit_bzero to wipe memory if available
    (instead of own implementation).
  * Additional VeraCrypt modes are now supported, including Camellia
    and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
    hash function. These were introduced in a recent VeraCrypt upstream.
    Note that Kuznyechik requires out-of-tree kernel module and
    Streebog hash function is available only with the gcrypt cryptographic
    backend for now.
  * Fixes static build for integritysetup if the pwquality library is used.
  * Allows passphrase change for unbound keyslots.
  * Fixes removed keyslot number in verbose message for luksKillSlot,
    luksRemoveKey and erase command.
  * Adds blkid scan when attempting to open a plain device and warn the user
    about existing device signatures in a ciphertext device.
  * Remove LUKS header signature if luksFormat fails to add the first keyslot.
  * Remove O_SYNC from device open and use fsync() to speed up
    wipe operation considerably.
  * Create --master-key-file in luksDump and fail if the file already exists.
  * Fixes a bug when LUKS2 authenticated encryption with a detached header
    wiped the header device instead of dm-integrity data device area (causing
    unnecessary LUKS2 header auto recovery).
- make parallell installable version for SLE12
- New version 2.0.4
  Changes since version 2.0.3
  * Use the libblkid (blockid) library to detect foreign signatures
    on a device before LUKS format and LUKS2 auto-recovery.
    This change fixes an unexpected recovery using the secondary
    LUKS2 header after a device was already overwritten with
    another format (filesystem or LVM physical volume).
    LUKS2 will not recreate a primary header if it detects a valid
    foreign signature. In this situation, a user must always
    use cryptsetup repair command for the recovery.
    Note that libcryptsetup and utilities are now linked to libblkid
    as a new dependence.
    To compile code without blockid support (strongly discouraged),
    use --disable-blkid configure switch.
  * Add prompt for format and repair actions in cryptsetup and
    integritysetup if foreign signatures are detected on the device
    through the blockid library.
    After the confirmation, all known signatures are then wiped as
    part of the format or repair procedure.
  * Print consistent verbose message about keyslot and token numbers.
    For keyslot actions: Key slot <number> unlocked/created/removed.
    For token actions: Token <number> created/removed.
  * Print error, if a non-existent token is tried to be removed.
  * Add support for LUKS2 token definition export and import.
    The token command now can export/import customized token JSON file
    directly from command line. See the man page for more details.
  * Add support for new dm-integrity superblock version 2.
  * Add an error message when nothing was read from a key file.
  * Update cryptsetup man pages, including --type option usage.
  * Add a snapshot of LUKS2 format specification to documentation
    and accordingly fix supported secondary header offsets.
  * Add bundled optimized Argon2 SSE (X86_64 platform) code.
    If the bundled Argon2 code is used and the new configure switch
  - -enable-internal-sse-argon2 option is present, and compiler flags
    support required optimization, the code will try to use optimized
    and faster variant.
    Always use the shared library (--enable-libargon2) if possible.
    This option was added because an enterprise distribution
    rejected to support the shared Argon2 library and native support
    in generic cryptographic libraries is not ready yet.
  * Fix compilation with crypto backend for LibreSSL >= 2.7.0.
    LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility
    wrapper must be commented out.
  * Fix on-disk header size calculation for LUKS2 format if a specific
    data alignment is requested. Until now, the code used default size
    that could be wrong for converted devices.
  Changes since version 2.0.2
  * Expose interface to unbound LUKS2 keyslots.
    Unbound LUKS2 keyslot allows storing a key material that is independent
    of master volume key (it is not bound to encrypted data segment).
  * New API extensions for unbound keyslots (LUKS2 only)
    crypt_keyslot_get_key_size() and crypt_volume_key_get()
    These functions allow to get key and key size for unbound keyslots.
  * New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
  * Add --unbound keyslot option to the cryptsetup luksAddKey command.
  * Add crypt_get_active_integrity_failures() call to get integrity
    failure count for dm-integrity devices.
  * Add crypt_get_pbkdf_default() function to get per-type PBKDF default
  * Add new flag to crypt_keyslot_add_by_key() to force update device
    volume key. This call is mainly intended for a wrapped key change.
  * Allow volume key store in a file with cryptsetup.
    The --dump-master-key together with --master-key-file allows cryptsetup
    to store the binary volume key to a file instead of standard output.
  * Add support detached header for cryptsetup-reencrypt command.
  * Fix VeraCrypt PIM handling - use proper iterations count formula
    for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes.
  * Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim).
  * Add --with-default-luks-format configure time option.
    (Option to override default LUKS format version.)
  * Fix LUKS version conversion for detached (and trimmed) LUKS headers.
  * Add luksConvertKey cryptsetup command that converts specific keyslot
    from one PBKDF to another.
  * Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata)
    header is detected.
  * More cleanup and hardening of LUKS2 keyslot specific validation options.
    Add more checks for cipher validity before writing metadata on-disk.
  * Do not allow LUKS1 version downconversion if the header contains tokens.
  * Add "/paes"/ family ciphers (AES wrapped key scheme for mainframes)
    to allowed ciphers.
    Specific wrapped ley configuration logic must be done by 3rd party tool,
    LUKS2 stores only keyslot material and allow activation of the device.
  * Add support for --check-at-most-once option (kernel 4.17) to veritysetup.
    This flag can be dangerous; if you can control underlying device
    (you can change its content after it was verified) it will no longer
    prevent reading tampered data and also it does not prevent silent
    data corruptions that appear after the block was once read.
  * Fix return code (EPERM instead of EINVAL) and retry count for bad
    passphrase on non-tty input.
  * Enable support for FEC decoding in veritysetup to check dm-verity devices
    with additional Reed-Solomon code in userspace (verify command).
  Changes since version 2.0.1
  * Fix a regression in early detection of inactive keyslot for luksKillSlot.
    It tried to ask for passphrase even for already erased keyslot.
  * Fix a regression in loopaesOpen processing for keyfile on standard input.
    Use of "/-"/ argument was not working properly.
  * Add LUKS2 specific options for cryptsetup-reencrypt.
    Tokens and persistent flags are now transferred during reencryption;
    change of PBKDF keyslot parameters is now supported and allows
    to set precalculated values (no benchmarks).
  * Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
    combination. Persistent flags are now stored only if the device was
    successfully activated with the specified flags.
  * Fix integritysetup format after recent Linux kernel changes that
    requires to setup key for HMAC in all cases.
    Previously integritysetup allowed HMAC with zero key that behaves
    like a plain hash.
  * Fix VeraCrypt PIM handling that modified internal iteration counts
    even for subsequent activations. The PIM count is no longer printed
    in debug log as it is sensitive information.
    Also, the code now skips legacy TrueCrypt algorithms if a PIM
    is specified (they cannot be used with PIM anyway).
  * PBKDF values cannot be set (even with force parameters) below
    hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2
    it is 4 iterations and 32 KiB of memory cost.
  * Introduce new crypt_token_is_assigned() API function for reporting
    the binding between token and keyslots.
  * Allow crypt_token_json_set() API function to create internal token types.
    Do not allow unknown fields in internal token objects.
  * Print message in cryptsetup that about was aborted if a user did not
    answer YES in a query.
- update to 2.0.1:
  * To store volume key into kernel keyring, kernel 4.15 with
    dm-crypt 1.18.1 is required
  * Increase maximum allowed PBKDF memory-cost limit to 4 GiB
  * Use /run/cryptsetup as default for cryptsetup locking dir
  * Introduce new 64-bit byte-offset *keyfile_device_offset functions.
  * New set of fucntions that allows 64-bit offsets even on 32bit systems
    are now availeble:
  - crypt_resume_by_keyfile_device_offset
  - crypt_keyslot_add_by_keyfile_device_offset
  - crypt_activate_by_keyfile_device_offset
  - crypt_keyfile_device_read
    The new functions have added the _device_ in name.
    Old functions are just internal wrappers around these.
  * Also cryptsetup --keyfile-offset and --new-keyfile-offset now
    allows 64-bit offsets as parameters.
  * Add error hint for wrongly formatted cipher strings in LUKS1 and
    properly fail in luksFormat if cipher format is missing required IV.
- Update to version 2.0.0:
  * Add support for new on-disk LUKS2 format
  * Enable to use system libargon2 instead of bundled version
  * Install tmpfiles.d configuration for LUKS2 locking directory
  * New command integritysetup: support for the new dm-integrity kernel target
  * Support for larger sector sizes for crypt devices
  * Miscellaneous fixes and improvements
- Update to version 1.7.5:
  * Fixes to luksFormat to properly support recent kernel running
    in FIPS mode (bsc#1031998).
  * Fixes accesses to unaligned hidden legacy TrueCrypt header.
  * Fixes to optional dracut ramdisk scripts for offline
    re-encryption on initial boot.
- Update to version 1.7.4:
  * Allow to specify LUKS1 hash algorithm in Python luksFormat
  * Use LUKS1 compiled-in defaults also in Python wrapper.
  * OpenSSL backend: Fix OpenSSL 1.1.0 support without backward
    compatible API.
  * OpenSSL backend: Fix LibreSSL compatibility.
  * Check for data device and hash device area overlap in
  * Fix a possible race while allocating a free loop device.
  * Fix possible file descriptor leaks if libcryptsetup is run from
    a forked process.
  * Fix missing same_cpu_crypt flag in status command.
  * Various updates to FAQ and man pages.
- Changes for version 1.7.3:
  * Fix device access to hash offsets located beyond the 2GB device
    boundary in veritysetup.
  * Set configured (compile-time) default iteration time for
    devices created directly through libcryptsetup
  * Fix PBKDF2 benchmark to not double iteration count for specific
    corner case.
  * Verify passphrase in cryptsetup-reencrypt when encrypting a new
  * OpenSSL backend: fix memory leak if hash context was repeatedly
  * OpenSSL backend: add support for OpenSSL 1.1.0.
  * Fix several minor spelling errors.
  * Properly check maximal buffer size when parsing UUID from
- Update to version 1.7.2:
  * Update LUKS documentation format.
    Clarify fixed sector size and keyslots alignment.
  * Support activation options for error handling modes in
    Linux kernel dm-verity module:
  - -ignore-corruption - dm-verity just logs detected corruption
  - -restart-on-corruption - dm-verity restarts the kernel if
    corruption is detected
    If the options above are not specified, default behavior for
    dm-verity remains. Default is that I/O operation fails with
    I/O error if corrupted block is detected.
  - -ignore-zero-blocks - Instructs dm-verity to not verify
    blocks that are expected to contain zeroes and always
    return zeroes directly instead.
    NOTE that these options could have security or functional
    impacts, do not use them without assessing the risks!
  * Fix help text for cipher benchmark specification
    (mention --cipher option).
  * Fix off-by-one error in maximum keyfile size.
    Allow keyfiles up to compiled-in default and not that value
    minus one.
  * Support resume of interrupted decryption in cryptsetup-reencrypt
    utility. To resume decryption, LUKS device UUID (--uuid option)
    option must be used.
  * Do not use direct-io for LUKS header with unaligned keyslots.
    Such headers were used only by the first cryptsetup-luks-1.0.0
    release (2005).
  * Fix device block size detection to properly work on particular
    file-based containers over underlying devices with 4k sectors.
- Update to version 1.7.1:
  * Code now uses kernel crypto API backend according to new
    changes introduced in mainline kernel
    While mainline kernel should contain backward compatible
    changes, some stable series kernels do not contain fully
    backported compatibility patches.
    Without these patches  most of cryptsetup operations
    (like unlocking device) fail.
    This change in cryptsetup ensures that all operations using
    kernel crypto API works even on these kernels.
  * The cryptsetup-reencrypt utility now properly detects removal
    of underlying link to block device and does not remove
    ongoing re-encryption log.
    This allows proper recovery (resume) of reencrypt operation later.
    NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
    this link disappears once the device metadata is temporarily
    removed from device.
  * Cryptsetup now allows special "/-"/ (standard input) keyfile handling
    even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
  * Cryptsetup now fails if there are more keyfiles specified
    for non-TCRYPT device.
  * The luksKillSlot command now does not suppress provided password
    in batch mode (if password is wrong slot is not destroyed).
    Note that not providing password in batch mode means that keyslot
    is destroyed unconditionally.
- update to 1.7.0:
  * The cryptsetup 1.7 release changes defaults for LUKS,
    there are no API changes.
  * Default hash function is now SHA256 (used in key derivation
    function and anti-forensic splitter).
  * Default iteration time for PBKDF2 is now 2 seconds.
  * Fix PBKDF2 iteration benchmark for longer key sizes.
  * Remove experimental warning for reencrypt tool.
  * Add optional libpasswdqc support for new LUKS passwords.
  * Update FAQ document.
- Fix missing dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at postun (boo#958562)
- Update to 1.6.8
  * If the null cipher (no encryption) is used, allow only empty
    password for LUKS. (Previously cryptsetup accepted any password
    in this case.)
    The null cipher can be used only for testing and it is used
    temporarily during offline encrypting not yet encrypted device
    (cryptsetup-reencrypt tool).
    Accepting only empty password prevents situation when someone
    adds another LUKS device using the same UUID (UUID of existing
    LUKS device) with faked header containing null cipher.
    This could force user to use different LUKS device (with no
    encryption) without noticing.
    (IOW it prevents situation when attacker intentionally forces
    user to boot into different system just by LUKS header
    Properly configured systems should have an additional integrity
    protection in place here (LUKS here provides only
    confidentiality) but it is better to not allow this situation
    in the first place.
    (For more info see QubesOS Security Bulletin QSB-019-2015.)
  * Properly support stdin "/-"/ handling for luksAddKey for both new
    and old keyfile parameters.
  * If encrypted device is file-backed (it uses underlying loop
    device), cryptsetup resize will try to resize underlying loop
    device as well. (It can be used to grow up file-backed device
    in one step.)
  * Cryptsetup now allows to use empty password through stdin pipe.
    (Intended only for testing in scripts.)
- Enable verbose build log.
- regenerate the initrd if cryptsetup tool changes
  (wanted by 90crypt dracut module)
- Update to 1.6.7
  * Cryptsetup TCRYPT mode now supports VeraCrypt devices
    (TrueCrypt extension)
  * Support keyfile-offset and keyfile-size options even for plain
  * Support keyfile option for luksAddKey if the master key is
  * For historic reasons, hashing in the plain mode is not used if
    keyfile is specified (with exception of --key-file=-). Print
    a warning if these parameters are ignored.
  * Support permanent device decryption for cryptsetup-reencrypt.
    To remove LUKS encryption from a device, you can now use
  - -decrypt option.
  * Allow to use --header option in all LUKS commands. The
  - -header always takes precedence over positional device argument.
  * Allow luksSuspend without need to specify a detached header.
  * Detect if O_DIRECT is usable on a device allocation. There are
    some strange storage stack configurations which wrongly allows
    to open devices with direct-io but fails on all IO operations later.
  * Add low-level performance options tuning for dmcrypt (for
    Linux 4.0 and later).
  * Get rid of libfipscheck library.
    (Note that this option was used only for Red Hat and derived
    distributions.) With recent FIPS changes we do not need to
    link to this FIPS monster anymore. Also drop some no longer
    needed FIPS mode checks.
  * Many fixes and clarifications to man pages.
  * Prevent compiler to optimize-out zeroing of buffers for on-stack
  * Fix a crash if non-GNU strerror_r is used.
- (bsc#1187080) Upgrade and removal of csync2 package throws error
  for non-existent service template:
  Removeinstance templates from %service_* macros.
- Update to 2.0+git.1600444747.83b3644:
  * VUL-1: CVE-2019-15522: csync2: daemon fails to enforce TLS
  * VUL-1: CVE-2019-15523: csync2: incorrect TLS handshake error handling
  * use standard %lld instead of non-standard %Ld format specifier
  * try to avoid (temporary) -rw------- root:root files on receiving side
  * fix diff mode truncation to first 512 byte
  * disable xinetd template by default as preparation for systemd socket unit
  * add systemd csync2.socket and csync2@.service templates
  * escape peername in SQL statements
- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032)
  Adapt suggested changes in %post section.
  Do not hide output on standard error during generating the keys.
- Remove patches contained by update:
  * 0003-Set-AC_PROG_CPP-in-configure.ac.patch
  * 0002-Patch-sonames.patch
  * 0001-Add-COPYING-as-docfile.patch
- Update to 2.0+git.1542296533.b974921:
  * Convert documentation to asciidoc
  * Add error handling for out-of-memory while parsing config file
  * create_key: use all random bits; add some error handling
- Update patches
  * Add 0001-Add-COPYING-as-docfile.patch
  * Add 0002-Patch-sonames.patch
  * Add 0003-Set-AC_PROG_CPP-in-configure.ac.patch
  * Remove add-COPYING.patch
  * Remove add-ac_prog_cpp.patch
  * Remove fix-sonames.patch
- Update patches
  * Add 0001-Add-COPYING-as-docfile.patch
  * Add 0002-Patch-sonames.patch
  * Add 0003-Set-AC_PROG_CPP-in-configure.ac.patch
  * Remove add-COPYING.patch
  * Remove add-ac_prog_cpp.patch
  * Remove fix-sonames.patch
- comparison of peer names provided via command line should not be case sensitive (bsc#1082576)
- fix for inetd stderr >& stdout
- fix log message when generating backup files, demote log level
- document -l and -N switches
- Avoid systemd service removal errors when uninstalling (bsc#1093165)
- Remove systemd dep in favor of systemd-rpm-macros
- Format a bit with spec-cleaner
- Add proper dependency over openssl
- Remove all the tex deps as we now reduce from 300 to 160 buildrequires
- Remove xinetd service and use only socket activation to keep
  only one tool for the job
  * Also remove patch csync2-fix-xinetd.patch
- Requires(post) hostname|openssl
- Avoid runtime dependency on systemd, the macros can all deal with
  its absence.
- Ensure csync@.service template instances are disabled on package
- Update to csync2-2.0-6-g10636a4:
  - Document the -N flag to bind csync2 to a specific ip address.
  - fix diff mode truncation to first 512 byte
  - fix diff mode prefix substitution
- Drop merged patches:
  - Remove csync2-librsync-1.0.0.patch
  - Remove fix-csync2_ssl_cert-filename.patch
- Add csync2-librsync-1.0.0.patch: Fix build with librsync 1.0.0.
- When cupsd creates directories with specific owner group
  and permissions (usually owner is 'root' and group matches
  "/configure --with-cups-group=lp"/) specify same owner group and
  permissions in the RPM spec file to ensure those directories
  are installed by RPM with the right settings because if those
  directories were installed by RPM with different settings then
  cupsd would use them as is and not adjust its specific owner
  group and permissions which could lead to privilege escalation
  from 'lp' user to 'root' via symlink attacks e.g. if owner is
  falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
- cups-2.2.7-web-ui-kerberos-authentication.patch (bsc#1175960)
  Fix web UI kerberos authentication
- cups-2.2.7-CVE-2020-10001.patch fixes CVE-2020-10001
  access to uninitialized buffer in ipp.c (bsc#1180520)
- cups-2.2.7-CVE-2019-8842.patch fixes CVE-2019-8842 (bsc#1170671)
  the ippReadIO function may under-read an extension field
- cups-2.2.7-CVE-2020-3898.patch fixes CVE-2020-3898 (bsc#1168422)
  heap-buffer-overflow in libcups ppdFindOption() function
- cups-2.2.7-CVE-2019-8675.CVE-2019-8696.patch fixes
  CVE-2019-8675 and CVE-2019-8696 (bsc#1146358 and bsc#1146359)
  and some other security/disclosure issues
  (Apple's internal issues rdar://51685251, rdar://50035411,
  rdar://51373853, rdar://51373929)
- Add issue5509-fix-utf-8-validation-issue.patch (bsc#1118118)
  Fixes https://github.com/apple/cups/issues/5509
- cups-2.2.7-CVE-2018-4700.patch fixes CVE-2018-4700: session
  cookie is extremely predictable, effectively breaking the
  CSRF protection of the CUPS web interface (bsc#1115750)
- cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954.diff
  is 'git show 97cb566568a8c3a9c07c7ccec09f28f5c5015954' for
  (except the not needed hunk for patching CHANGES.md which fails)
  that fixes local privilege escalation to root and sandbox
  bypasses in scheduler (Apple's internal issues rdar://37836779,
  rdar://37836995, rdar://37837252, rdar://37837581)
  in the CUPS 2.2 branch
  bsc#1096405 CVE-2018-4180:
  Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
  bsc#1096406 CVE-2018-4181:
  Limited Local File Reads as Root via cupsd.conf Include Directive
  bsc#1096407 CVE-2018-4182:
  cups-exec Sandbox Bypass Due to Insecure Error Handling
  bsc#1096408 CVE-2018-4183:
  cups-exec Sandbox Bypass Due to Profile Misconfiguration
- Version upgrade to 2.2.7:
  CUPS 2.2.7 is a general bug fix release.
  For details see https://github.com/apple/cups/releases
  or the CHANGES.md file.
  Changes include:
  * Additional security fixes for:
    bsc#1061066 DBUS library aborts caller process
    in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
    bsc#1087018 CVE-2017-18248: cups: The add_job function in
    scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is
    enabled, can be crashed by remote attackers by sending print
    jobs with an invalid username, related to a D-Bus notification
    which are the CUPS upstream issues
    Remote DoS attack against cupsd via invalid username
    and malicious D-Bus library
    squash non-UTF-8 strings into ASCII on plain IPP level
    persistently substitute invalid job attributes
    with default values - not only in add_job
    see also
    bsc#1087072 dbus-1:
    Disable assertions to prevent un-expected DDoS attacks
  * NOTICE: Raw print queues are now deprecated (Issue #5269)
    so that now there is a warning message when you
    add or modify a queue to use the "/raw driver"/ but
    raw printing will continue to work through CUPS 2.3.x, cf.
  * Fixed an Avahi crash bug in the scheduler (Issue #5268)
  * Systemd did not restart cupsd when configuration changes
    were made that required a restart (Issue #5263)
  * The scheduler could crash while adding an IPP Everywhere
    printer (Issue #5258)
  * The scheduler now supports using temporary print queues
    for older IPP/1.1 print queues like those shared by CUPS 1.3
    and earlier (Issue #5241)
  * Kerberized printing to another CUPS server did not work
    correctly (Issue #5233)
  * More fixes for printing to old CUPS servers (Issue #5211)
  * The scheduler now substitutes default values for invalid
    job attributes when running in "/relaxed conformance"/
    mode (Issue #5186)
  * The cups-driverd program incorrectly stopped scanning PPDs
    as soon as a loop was seen (Issue #5170)
  * The `SSLOptions` directive now supports `MinTLS` and `MaxTLS`
    options to control the minimum and maximum TLS versions
    that will be allowed, respectively (Issue #5119)
  * The scheduler did not write out dirty configuration and
    state files if there were open client connections (Issue #5118)
  * The `lpadmin` command now provides a better error message when
    an unsupported System V interface script is used (Issue #5111)
  * No longer support backslash, question mark, or quotes
    in printer names (Issue #4966)
  * The CUPS library now supports the latest HTTP Digest
    authentication specification including support
    for SHA-256 (Issue #4862)
  * TLS connections now properly timeout (rdar://34938533)
- Make sure cups-libs-<targettype> is removed
- Version upgrade to 2.2.6:
  CUPS 2.2.6 is a general bug fix release.
  For details see https://github.com/apple/cups/releases
  Changes include:
  * DBUS notifications could crash the scheduler (Issue #5143)
    (see also bsc#1061066 "/DBUS library aborts caller process"/)
- Use again the baselibs.conf from Fri Oct 13 11:11:10 UTC 2017
  that got broken by the change on Wed Oct 18 06:11:10 UTC 2017.
- Version upgrade to 2.2.5:
  CUPS 2.2.5 is a general bug fix release.
  For details see https://github.com/apple/cups/releases
- Version upgrade to 2.2.4:
  CUPS 2.2.4 is a general bug fix release.
  For details see https://github.com/apple/cups/releases
- Removed
  because since CUPS 2.2.4 it is fixed in the upstream code
  via https://github.com/apple/cups/pull/4989 more precisely via
- Fix typo in requires
- Implement shared library packaging guideline [boo#862112]
- Update package descriptions.
- Remove redundant Requires(pre) line — the use of %post -p
  already implies it.
- Pre-require user(lp) in cups-libs
- In /usr/lib/tmpfiles.d/cups.conf use
  group 'root' for /run/cups/certs (boo#1042916).
- Major backward incompatible change since CUPS 2.2.0:
  There is no longer the directory /etc/cups/interfaces because
  since CUPS 2.2.0 so called "/System V style Interface Scripts"/
  are no longer supported for security reasons (see below the
  entry about the changes included in CUPS 2.2.0).
- Disabled cups-2.1.0-cups-systemd-socket.patch
  because it does no longer apply which needs to be examined
  and decided by someone who knows about systemd internals.
- Disabled
  because they do no longer apply which needs to be examined
  and decided by someone who knows about Avahi internals.
- Version upgrade to 2.2.3:
  CUPS 2.2.3 is a general bug fix release.
  See https://github.com/apple/cups/releases
  Changes include:
  * The IPP backend could get into an infinite loop for certain
    errors, causing a hung queue (rdar://problem/28008717)
  * The scheduler could pause responding to client requests in
    order to save state changes to disk (rdar://problem/28690656)
  * Added support for PPD finishing keywords
    (Issue #4960, Issue #4961, Issue #4962)
  * The IPP backend did not send a media-col attribute for just
    the source or type (Issue #4963)
  * IPP Everywhere print queues did not always support all print
    qualities supported by the printer (Issue #4953)
  * IPP Everywhere print queues did not always support all media
    types supported by the printer (Issue #4953)
  * The IPP Everywhere PPD generator did not return useful error
    messages (Issue #4954)
  * The IPP Everywhere finishings support did not work correctly
    with common UI or command-line options (Issue #4976)
  * Fixed an error handling issue for the network backends
    (Issue #4979)
  * The "/reprint job"/ option was not available for some canceled
    jobs (Issue #4915)
  * Updated the job listing in the web interface (Issue #4978)
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.2:
  CUPS 2.2.2 is a general bug fix release.
  See https://github.com/apple/cups/releases
  Changes include:
  * Fixed some issues with IPP Everywhere printer support
    (Issue #4893, Issue #4909, Issue #4916, Issue #4921,
    Issue #4923, Issue #4932, Issue #4933, Issue #4938)
  * The rastertopwg filter could crash with certain input
    (Issue #4942)
  * The scheduler did not detect when an encrypted connection
    was closed by the client on Linux (Issue #4901)
  * The cups-lpd program did not catch all legacy usage
    of ISO-8859-1 (Issue #4899)
  * The scheduler no longer creates log files on startup
  * The ippContainsString function now uses case-insensitive
    comparisons for mimeMediaType, name, and text values in
    conformance with RFC 2911.
  * The network backends now log the addresses that were found
    for a printer (<rdar://problem/29268474>)
  * Let's Encrypt certificates did not work when the hostname
    contained uppercase letters (Issue #4919)
  * Fixed reporting of printed pages in the web interface
    (Issue #4924)
  * Updated systemd config files (Issue #4935)
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.1:
  CUPS 2.2.1 is a general bug fix release.
  See https://github.com/apple/cups/releases
  Changes include:
  * Added "/CreateSelfSignedCerts"/ directive for cups-files.conf
    to control whether the scheduler automatically creates
    its own self-signed X.509 certificates for TLS connections
    (Issue #4876)
  * http*Connect did not handle partial failures (Issue #4870)
  * cupsHashData did not use the correct hashing algorithm
  * Updated man pages (PR #4885)
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.0:
  CUPS 2.2.0 adds support for local IPP Everywhere print queues
  and includes several performance and security improvements.
  See https://github.com/apple/cups/releases
  Changes include:
  * Normalized the TLS certificate validation code and added
    additional error messages to aid troubleshooting.
  * http*Connect did not work on Linux when cupsd was not running
    (Issue #4870)
  * The --no-remote-any option of cupsctl had no effect
    (Issue #4866)
  * http*Connect did not return early when all addresses failed
    (Issue #4870)
  * The IPP backend did not validate TLS credentials properly.
  * The printer-state-message attribute was not cleared after a
    print job with no errors (Issue #4851)
  * The CUPS-Add-Modify-Class and CUPS-Add-Modify-Printer
    operations did not always return an error for failed
    adds (Issue #4854)
  * PPD files with names longer than 127 bytes did not work
    (Issue #4860)
  * CUPS now supports Let's Encrypt certificates on Linux.
  * All CUPS commands now support POSIX options (Issue #4813)
  * The scheduler now restarts faster (Issue #4760)
  * Improved performance of web interface with large numbers
    of jobs (Issue #3819)
  * Encrypted printing can now be limited to only trusted
    printers and servers (<rdar://problem/25711658>)
  * The scheduler now advertises PWG Raster attributes for
    IPP Everywhere clients (Issue #4428)
  * The scheduler now logs informational messages for jobs
    at LogLevel "/info"/ (Issue #4815)
  * The scheduler now uses the getgrouplist function
    when available (Issue #4611)
  * The IPP backend no longer enables compression by default
    except for certain raster formats that generally benefit
    from it (<rdar://problem/25166952>)
  * The scheduler did not handle out-of-disk situations
    gracefully (Issue #4742)
  * The LPD mini-daemon now detects invalid UTF-8 sequences
    in job, document, and user names (Issue #4748)
  * The IPP backend now continues on to the next job
    when the remote server/printer puts the job on hold
  * The scheduler did not cancel multi-document jobs immediately
  * The scheduler did not return non-shared printers to local
    clients unless they connected to the domain socket
  * The scheduler now reads the spool directory if one or more
    job cache entries point to deleted jobs
  * Added support for disc media sizes (<rdar://problem/20219536>)
  * The httpAddrConnect and httpConnect* APIs now try connecting
    to multiple addresses in parallel (<rdar://problem/20643153>)
  * Interface scripts are no longer supported for security reasons
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.1.4:
  CUPS 2.1.4 is a general bug fix release.
  See https://github.com/apple/cups/releases
  Changes include:
  * Fixed reporting of 1284 Device IDs (Issue #3835, PR #3836)
  * Fixed printing of multiple files to raw queues (Issue #4782)
  * The scheduler did not implement the Hold-New-Jobs opertion
    correctly (Issue #4767)
  * The cups-lpd mini-daemon incorrectly included the document-name
    attribute when creating a job.  It should only be included when
    sending a job (Issue #4790)
  A detailed list of changes can be found in the CHANGES.txt file.
- Replace krb5-devel BuildRequires with pkgconfig(krb5) on
  suse_version >= 1315: give OBS a better chance to break up build
- Drop cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff and add
  0002-Save-work-on-Avahi-code.patch and
  0003-Avahi-fixes-for-cupsEnumDests.patch which is what upstream
  finally commited to cups 2.2 sources in response to
  https://github.com/apple/cups/pull/4989 in order to fix cupsEnumDests
  to react to the ALL_FOR_NOW avahi event (and also include a similar
  fix for the dnssd case). Related to bsc#955432.
- Add cups-2.1.3-cupsEnumDests-react-to-all-for-now.diff .
  Avahi sends an ALL_FOR_NOW event when it finishes sending
  its cache contents. This patch makes cupsEnumDests finish
  when the signal is received so it doesn't block the caller
  doing nothing until the timeout finishes (related to bsc#955432,
  submitted upstream at https://github.com/apple/cups/pull/4989)
- Add /etc/cups to cups-libs package [bsc#1025689]
- Replace pkgconfig(libsystemd-daemon) BuildRequires with
  pkgconfig(libsystemd) on openSUSE 13.2 and newer: the various
  sub-libraries have been merged into libsystemd since version 209.
  openSUSE 13.1 was the last product to ship systemd 208.
- Remove CUPS.desktop and pixmap
  * Obsoletes patch cups-1.3.9-desktop_file.patch
- Version upgrade to 2.1.3:
  CUPS 2.1.3 fixes some issues in the scheduler, sample drivers,
  and user commands.
  A detailed list of changes can be found in the CHANGES.txt file.
  Changes include (excerpt):
  * The scheduler should not exit under memory pressure
  * Fixed some issues in ipptool for skipped tests
  * The "/lp -H resume"/ command did not reset the
    "/job-state-reasons"/ attribute value (STR #4752)
  * The scheduler did not allow access to resource files
    (icons, etc.) when the web interface was disabled (STR #4755)
- Version upgrade to 2.1.2:
  CUPS 2.1.2 fixes an issue in the 2.1.1 source archives which
  actually contained a current 2.2 snapshot.
  There are no other changes.
- Version upgrade to 2.1.1:
  CUPS 2.1.1 fixes a number of USB and IPP printing issues,
  addresses some error reporting and hardening issues in
  the scheduler, and updates some localizations.
  A detailed list of changes can be found in the CHANGES.txt file.
  Changes include (excerpt):
  * Security hardening fixes (<rdar://problem/23131948>,
    <rdar://problem/23132108>, <rdar://problem/23132353>,
    <rdar://problem/23132803>, <rdar://problem/23133230>,
    <rdar://problem/23133393>, <rdar://problem/23133466>,
    <rdar://problem/23133833>, <rdar://problem/23133998>,
    <rdar://problem/23134228>, <rdar://problem/23134299>,
    <rdar://problem/23134356>, <rdar://problem/23134415>,
    <rdar://problem/23134506>, <rdar://problem/23135066>,
    <rdar://problem/23135122>, <rdar://problem/23135207>,
    <rdar://problem/23144290>, <rdar://problem/23144358>,
  * The cupsGetPPD* functions did not work with IPP printers
    (STR #4725)
  * Some older HP LaserJet printers need a delayed close when
    printing using the libusb-based USB backend (STR #4549)
  * The libusb-based USB backend did not unload the kernel usblp
    module if it was preventing the backend from accessing the
    printer (STR #4707)
  * Current Primera printers were incorrectly reported as Fargo
    printers (STR #4708)
  * The IPP backend did not always handle jobs getting canceled
    at the printer (<rdar://problem/22716820>)
  * Added USB quirk for Canon MP530 (STR #4730)
  * The scheduler did not deliver job notifications for jobs
    submitted to classes (STR #4733)
  * Changing the printer-is-shared value for a remote queue
    did not produce an error (STR #4738)
  * The IPP backend incorrectly included the job-password
    attribute in Validate-Job requests (<rdar://problem/23531939>)
- add -devel to build a 32bit wine on 64bit only Leap systems.
- Version upgrade to 2.1.0:
  CUPS 2.1.0 offers improved support for IPP Everywhere,
  adds support for advanced logging using journald on Linux, and
  includes new security features for encrypted printing and
  reduced network visibility in the default configuration.
  A detailed list of changes can be found in the CHANGES.txt file.
  Changes include (excerpt):
  * Added support for 3D printers (basic types only,
    no built-in filters) based on PWG white paper.
  * The IPP backend now stops sending print data
    if the printer indicates the job has been aborted
    or canceled (<rdar://problem/17837631>)
  * The IPP backend now sends the job-pages-per-set
    attribute when printing multiple copy jobs with
    finishings (<rdar://problem/16792757>)
  * The IPP backend now updates the cupsMandatory values when the
    printer configuration changes (<rdar://problem/18126570>)
  * No longer install banner files since third-party banner
    filters now supply their own (STR #4518)
  * The scheduler no longer listens on the loopback
    interface unless the web interface or printer sharing
    are enabled (<rdar://problem/9136448>)
  * Added a PPD generator for IPP Everywhere printers (STR #4258)
  * Now install "/default"/ versions of more configuration
    files (<rdar://problem/19024491>) in particular
    cups-files.conf.default and snmp.conf.default
  * Added SSLOptions values to allow Diffie-Hellman key exchange
    and disable TLS/1.0 support.
  * Updated the scheduler to support more IPP Everywhere
    attributes (STR #4630)
  * The scheduler now supports advanced ASL and journald logging
    when "/syslog"/ output is configured (STR #4474)
  * The scheduler now supports logging to stderr when running
    in the foreground (STR #4505)
- Adapted patches so that they apply to CUPS 2.1.0 sources:
  * cups-2.1.0-choose-uri-template.patch replaces
  * cups-2.1.0-default-webcontent-path.patch replaces
  * cups-2.1.0-cups-systemd-socket.patch replaces
- Fix bnc#943950, escape the macro call %systemd-tmpfiles
  in comment.
- Add gpg verification for the tarball
- Version update to 2.0.4:
  * Fixed a bug in cupsRasterWritePixels (STR #4650)
  * Fixed redirection in the web interface (STR #4538)
  * The IPP backend did not respond to side-channel
    requests (STR #4645)
  * The scheduler did not start all pending jobs
    at once (STR #4646)
  * The web search incorrectly searched time-at-xxx
    values (STR #4652)
  * Fixed an RPM spec file issue (STR #4657)
  * The scheduler incorrectly started jobs while canceling
    multiple jobs (STR #4648)
  * Fixed processing of server overrides without
    port numbers (STR #4675)
  * Documentation changes (STR #4651, STR #4674)
- cups-2.0.3-additional_policies.patch replaces
  cups-1.7-additional_policies.patch that still adds the same
  "/allowallforanybody"/ policy but now with separated "/Limit All"/
  to avoid https://www.cups.org/str.php?L4659 (boo#936309).
- Added "/-p /bin/bash"/ to RPM shell commands scriptlets that
  enforces bash to be safe against any possible "/bashisms"/, cf
- Fix the previous commit by using direct systemd call and
  ensuring we work even on older distros
- Fix postin-without-tmpfile-creation and run %tmpfiles_create
  macro on our cups.conf
- Version upgrade to 2.0.3:
  The new release addresses two security vulnerabilities,
  add localizations for German and Russian, and includes several
  general bug fixes. Changes include (excerpt):
  * Security: Fixed CERT VU #810572 CVE-2015-1158 CVE-2015-1159
    exploiting the dynamic linker (STR #4609) (bsc#924208)
  * Security: The scheduler could hang with malformed gzip data
    (STR #4602)
  * Restored missing generic printer icon file (STR #4587)
  * Fixed logging of configuration errors to show up as errors
    (STR #4582)
  * Fixed potential buffer overflows in raster code and filters
    (STR #4598, STR #4599, STR #4600, STR #4601)
  * Fixed <Limit> inside <Location> (STR #4575)
  * Fixed lpadmin when both -m and -o are used (STR #4578)
  * The web interface always showed support for 2-sided printing
    (STR #4595)
  * cupsRasterReadHeader did not fully validate the raster header
    (STR #4596)
  * The rastertopwg filter did not check for truncated input
    (STR #4597)
  * The cups-lpd mini-daemon did not check for request parameters
    (STR #4603)
  * The scheduler could get caught in a busy loop (STR #4605)
  * The sample Epson driver could crash (STR #4616)
  * The IPP backend now correctly monitors jobs
  * The ppdhtml and ppdpo utilities crashed when the -D option
    was used before a driver information file (STR #4627)
  * ippfind incorrectly substituted "/=port"/ for service_port.
  * The IPP/1.1 test file did not handle the initial print job
    completing early (STR #4576)
  * Fixed a memory leak in cupsConnectDest (STR #4634)
  * PWG Raster Format output contained invalid ImageBox values
  * Added Russian translation (STR #4577)
  * Added German translation (STR #4635)
- cups-busy-loop.patch fixed STR #4605 is obsolete because
  it is fixed upstream (see above).
- cleaned up this whole RPM changlog (wrapped too long lines if
  possible and removed trailing whitespaces).
- Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605
- Add back the posttrans cleanup script as it is needed
- Add patch cups-systemd-socket.patch to fix socket activation
  and to match socket approach Fedora has.
- Version bump to 2.0.2:
  * Security: cupsRasterReadPixels buffer overflow with invalid
    page header and compressed raster data (STR #4551)
  * Mapping of PPD keywords to IPP keywords did not work if the PPD
    keyword was already an IPP keyword (<rdar://problem/19121005>)
  * cupsGetPPD* sent bad requests (STR #4567)
  * For detailed list see CHANGES.txt file
- Enable PIE for build
- Remove legacy paralel-port support as it is not really needed
  as most do not want it
- Update descriptions to just state what changed and let user
  find it out.
- Add back comment about %fdupes
- Remove exit 0 on scriptlets as it is provided by
  the %service bla ones already
- Fix the comment about openSUSE version on tmpfilesdir declaration
- cups-2.0.1 update:
  * lengthy list of changes see the upstream CHANGES.txt that is
    distributed with the package
  * Disabling of sslv3 to mitigate poodle
- Use gnutls to provide SSLOPtions configuration directive
  * openssl is no longer supported upstream
  * Remove the with-openssl-exception from license
- Remove cups.sysconfig as it is not used with systemd based distros
- Purposely lose support for SLE11 as it doubles size of some of the
  sections and keep suppor for openSUSE+SLE12
  * even with the conditions we would have to go unencrypted only
    as needs newer gnutls, so don't bother with keeping the compat
- Use upstream service and socket files to allow more working tools
- Removed patches:
  * cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch
  * cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch
  * cups-0003-systemd-secure-cups.service-unit-file.patch
  * cups-1.3.6-access_conf.patch
  * cups-1.5-additional_policies.patch
  * cups-1.5.4-CVE-2012-5519.patch
  * cups-1.5.4-strftime.patch
  * cups-move-everything-to-run.patch
  * cups-polld_avoid_busy_loop.patch
  * cups-provides-cupsd-service.patch
  * str4190.patch
  * str4351.patch
  * str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch
- Refreshed patches:
  * cups-1.3.9-desktop_file.patch
  * cups-config-libs.patch
- Added patches:
  * cups-1.7-additional_policies.patch
  * cups-systemd-socket.patch
- Security fix: [bsc#1188220, CVE-2021-22925]
  * TELNET stack contents disclosure again
  * Add curl-CVE-2021-22925.patch
- Security fix: [bsc#1188219, CVE-2021-22924]
  * Bad connection reuse due to flawed path name checks
  * Add curl-CVE-2021-22924.patch
- Security fix: Disable the metalink feature:
  * Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923]
  * Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922]
- Security fix: [bsc#1186114, CVE-2021-22898]
  * TELNET stack contents disclosure
- Add curl-CVE-2021-22898.patch
- Allow partial chain verification [jsc#SLE-17956]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.
- Add curl-X509_V_FLAG_PARTIAL_CHAIN.patch
- Security fix: [bsc#1183934, CVE-2021-22890]
  * When using a HTTPS proxy and TLS 1.3, libcurl can confuse
    session tickets arriving from the HTTPS proxy but work as
    if they arrived from the remote server and then wrongly
    "/short-cut"/ the host handshake.
- Add curl-CVE-2021-22890.patch
- Security fix: [bsc#1183933, CVE-2021-22876]
  * The automatic referer leaks credentials
- Add curl-CVE-2021-22876.patch
- Security fix: [bsc#1179593, CVE-2020-8286]
  * Inferior OCSP verification: libcurl offers "/OCSP stapling"/ via
    the 'CURLOPT_SSL_VERIFYSTATUS' option that, when set, verifies
    the OCSP response that a server responds with as part of the TLS
    handshake. It then aborts the TLS negotiation if something is
    wrong with the response. The same feature can be enabled with
    '--cert-status' using the curl tool.
  * As part of the OCSP response verification, a client should verify
    that the response is indeed set out for the correct certificate.
    This step was not performed by libcurl when built or told to use
    OpenSSL as TLS backend.
- Add curl-CVE-2020-8286.patch
- Security fix: [bsc#1179399, CVE-2020-8285]
  * FTP wildcard stack overflow: The wc_statemach() internal
    function has been rewritten to use an ordinary loop instead of
    the recursive approach.
- Add curl-CVE-2020-8285.patch
- Security fix: [bsc#1179398, CVE-2020-8284]
  * Trusting FTP PASV responses: When curl performs a passive FTP
    transfer, it first tries the 'EPSV' command and if that is not
    supported, it falls back to using 'PASV'. A malicious server
    can use the 'PASV' response to trick curl into connecting
    back to a given IP address and port, and this way potentially
    make curl extract information about services that are otherwise
    private and not disclosed.
  * The IP address part of the response is now ignored by default,
    by making 'CURLOPT_FTP_SKIP_PASV_IP' default to '1L'. The same
    goes for the command line tool, which then might need
    '--no-ftp-skip-pasv-ip' set to prevent curl from ignoring the
    address in the server response.
- Add curl-CVE-2020-8284.patch
- Security fix: [bsc#1175109, CVE-2020-8231]
  * An application that performs multiple requests with libcurl's
    multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
    rare circumstances experience that when subsequently using the
    setup connect-only transfer, libcurl will pick and use the wrong
    connection and instead pick another one the application has
    created since then.
- Add curl-CVE-2020-8231.patch
- Security fix: [bsc#1173027, CVE-2020-8177]
  * curl can be tricked my a malicious server to overwrite a local
    file when using '-J' ('--remote-header-name') and '-i' ('--head')
    in the same command line.
- Add curl-CVE-2020-8177.patch
- Security fix: [bsc#1173026, CVE-2020-8169]
  * Partial password leak over DNS on HTTP redirect
- Add curl-CVE-2020-8169.patch
- Fix segfault in zypper ref: [bsc#1156481]
  * remove_handle: clear expire timers after multi_done()
  * Add patch curl-expire-clear.patch
- Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481]
  [bsc#1149604, bsc#1149572, jsc#SLE-9295]
  * Changes:
  - CURLINFO_RETRY_AFTER: parse the Retry-After header value
  - HTTP3: initial (experimental still not working) support
  - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
  - curl: support parallel transfers with -Z
  - curl_multi_poll: a sister to curl_multi_wait() that waits more
  - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
  * Bugfixes:
  - CVE-2019-5481: FTP-KRB double-free
  - CVE-2019-5482: TFTP small blocksize heap buffer overflow
  - CMake: remove needless newlines at end of gss variables
  - CMake: use platform dependent name for dlopen() library
  - CURLINFO docs: mention that in redirects times are added
  - CURLOPT_ALTSVC.3: use a "/"/ file name to not load from a file
  - CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
  - CURLOPT_READFUNCTION.3: provide inline example
  - CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
  - Curl_addr2string: take an addrlen argument too
  - Curl_fillreadbuffer: avoid double-free trailer buf on error
  - HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
  - alt-svc: add protocol version selection masking
  - alt-svc: fix removal of expired cache entry
  - alt-svc: make it use h3-22 with ngtcp2 as well
  - alt-svc: more liberal ALPN name parsing
  - alt-svc: send Alt-Used: in redirected requests
  - alt-svc: with quiche, use the quiche h3 alpn string
  - asyn-thread: create a socketpair to wait on
  - cleanup: move functions out of url.c and make them static
  - cleanup: remove the 'numsocks' argument used in many places
  - configure: avoid undefined check_for_ca_bundle
  - curl.h: add CURL_HTTP_VERSION_3 to the version enum
  - curl: cap the maximum allowed values for retry time arguments
  - curl: handle a libcurl build without netrc support
  - curl: make use of CURLINFO_RETRY_AFTER when retrying
  - curl: use CURLINFO_PROTOCOL to check for HTTP(s)
  - curl_global_init_mem.3: mention it was added in 7.12.0
  - curl_version: bump string buffer size to 250
  - curl_version_info.3: mentioned ALTSVC and HTTP3
  - curl_version_info: offer quic (and h3) library info
  - curl_version_info: provide nghttp2 details
  - defines: avoid underscore-prefixed defines
  - docs/ALTSVC: remove what works and the experimental explanation
  - docs/EXPERIMENTAL: explain what it means and what's experimental now
  - docs/MANUAL.md: converted to markdown from plain text
  - docs/examples/curlx: fix errors
  - docs: s/curl_debug/curl_dbg_debug in comments and docs
  - easy: resize receive buffer on easy handle reset
  - examples: Avoid reserved names in hiperfifo examples
  - examples: add http3.c, altsvc.c and http3-present.c
  - http09: disable HTTP/0.9 by default in both tool and library
  - http2: when marked for closure and wanted to close == OK
  - http2_recv: trigger another read when the last data is returned
  - http: fix use of credentials from URL when using HTTP proxy
  - http_negotiate: improve handling of gss_init_sec_context() failures
  - md4: Use our own MD4 when no crypto libraries are available
  - multi: call detach_connection before Curl_disconnect
  - nss: use TLSv1.3 as default if supported
  - openssl: build warning free with boringssl
  - openssl: use SSL_CTX_set__proto_version() when available
  - plan9: add support for running on Plan 9
  - progress: reset download/uploaded counter between transfers
  - readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
  - scp: fix directory name length used in memcpy
  - smb: init *msg to NULL in smb_send_and_recv()
  - smtp: check for and bail out on too short EHLO response
  - source: remove names from source comments
  - spnego_sspi: add typecast to fix build warning
  - src/makefile: fix uncompressed hugehelp.c generation
  - ssh-libssh: do not specify O_APPEND when not in append mode
  - ssh: move code into vssh for SSH backends
  - sspi: fix memory leaks
  - tests: Replace outdated test case numbering documentation
  - tftp: return error when packet is too small for options
  - timediff: make it 64 bit (if possible) even with 32 bit time_t
  - travis: reduce number of torture tests in 'coverage'
  - url: make use of new HTTP version if alt-svc has one
  - urlapi: verify the IPv6 numerical address
  - urldata: avoid 'generic', use dedicated pointers
  - vauth: Use CURLE_AUTH_ERROR for auth function errors
  * Removed patches:
  - curl-CVE-2018-0500.patch
  - curl-CVE-2018-14618.patch
  - curl-CVE-2018-16839.patch
  - curl-CVE-2018-16840.patch
  - curl-CVE-2018-16842.patch
  - curl-CVE-2018-16890.patch
  - curl-CVE-2019-3822.patch
  - curl-CVE-2019-3823.patch
  - curl-CVE-2019-5436.patch
  - curl-CVE-2019-5481.patch
  - curl-CVE-2019-5482.patch
- Security fix: [bsc#1149496,CVE-2019-5482]
  * TFTP small blocksize heap buffer overflow
  * Added curl-CVE-2019-5482.patch
- Security fix: [bsc#1149495,CVE-2019-5481]
  * FTP-KRB: double-free during kerberos FTP data transfer
  * Added curl-CVE-2019-5481.patch
- Update to 7.65.3
  * progress: make the progress meter appear again
- Update to 7.65.2
  * Bugfixes:
  - CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
  - CMake: Fix finding Brotli on case-sensitive file systems
  - CURLOPT_RANGE.3: Caution against using it for HTTP PUT
  - CURLOPT_SEEKDATA.3: fix variable name
  - bindlocal: detect and avoid IP version mismatches in bind()
  - build: fix Codacy warnings
  - c-ares: honor port numbers in CURLOPT_DNS_SERVERS
  - config-os400: add getpeername and getsockname defines
  - configure: --disable-progress-meter
  - configure: fix --disable-code-coverage
  - configure: more --disable switches to toggle off individual features
  - configure: remove CURL_DISABLE_TLS_SRP
  - conn_maxage: move the check to prune_dead_connections()
  - curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
  - docs: Explain behavior change in --tlsv1. options since 7.54
  - docs: Fix links to OpenSSL docs
  - docs: fix string suggesting HTTP/2 is not the default
  - headers: Remove no longer exported functions
  - http2: call done_sending on end of upload
  - http2: don't call stream-close on already closed streams
  - http2: remove CURL_DISABLE_TYPECHECK define
  - http: allow overriding timecond with custom header
  - http: clarify header buffer size calculation
  - krb5: fix compiler warning
  - lib: Use UTF-8 encoding in comments
  - libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
  - multi: enable multiplexing by default (again)
  - multi: fix the transfer hashes in the socket hash entries
  - multi: make sure 'data' can present in several sockhash entries
  - netrc: Return the correct error code when out of memory
  - nss: don't set unused parameter
  - nss: inspect returnvalue of token check
  - nss: only cache valid CRL entries
  - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
  - openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
  - openssl: fix pubkey/signature algorithm detection in certinfo
  - os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
  - quote.d: asterisk prefix works for SFTP as well
  - runtests: keep logfiles around by default
  - runtests: report single test time + total duration
  - test1165: verify that CURL_DISABLE_ symbols are in sync
  - test1521: adapt to SLISTPOINT
  - test1523: test CURLOPT_LOW_SPEED_LIMIT
  - test153: fix content-length to avoid occasional hang
  - test188/189: fix Content-Length
  - tests: have runtests figure out disabled features
  - tests: support non-localhost HOSTIP for dict/smb servers
  - tests: update fixed IP for hostip/clientip split
  - tool_cb_prg: Fix integer overflow in progress bar
  - typecheck: CURLOPT_CONNECT_TO takes an slist too
  - typecheck: add 3 missing strings and a callback data pointer
  - unit1654: cleanup on memory failure
  - unpause: trigger a timeout for event-based transfers
  - url: Fix CURLOPT_MAXAGE_CONN time comparison
- Rebased patch curl-use_OPENSSL_config.patch
- Disable new added failing test1165
- Update to 7.65.1
  * Bugfixes:
  - CURLOPT_LOW_SPEED_* repaired
  - NTLM: reset proxy "/multipass"/ state when CONNECT request is done
  - PolarSSL: deprecate support step 1. Removed from configure
  - cmake: check for if_nametoindex()
  - cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
  - conncache: Remove the DEBUGASSERT on length check
  - conncache: make "/bundles"/ per host name when doing proxy tunnels
  - curl_share_setopt.3: improve wording
  - dump-header.d: spell out that no headers == empty file
  - example/http2-download: fix format specifier
  - examples: cleanups and compiler warning fixes
  - http2: Stop drain from being permanently set
  - http: don't parse body-related headers in bodyless responses
  - md4: build correctly with openssl without MD4
  - md4: include the mbedtls config.h to get the MD4 info
  - multi: track users of a socket better
  - nss: allow to specify TLS 1.3 ciphers if supported by NSS
  - parse_proxy: make sure portptr is initialized
  - parse_proxy: use the IPv6 zone id if given
  - sectransp: handle errSSLPeerAuthCompleted from SSLRead()
  - singlesocket: use separate variable for inner loop
  - ssl: Update outdated "/openssl-only"/ comments for supported backends
  - tests: add HAProxy keywords
  - tests: make test 1420 and 1406 work with rtsp-disabled libcurl
  - tls13-docs: mention it is only for OpenSSL >= 1.1.1
  - tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
  - url: fix bad feature-disable #ifdef
  - url: use correct port in ConnectionExists()
- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436]
  * Changes:
  - CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
  - pipelining: removed
  * Bugfixes:
  - CVE-2019-5435: Integer overflows in curl_url_set
  - CVE-2019-5436: tftp: use the current blksize for recvfrom()
  - --config: clarify that initial : and = might need quoting
  - CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
  - CURLOPT_ADDRESS_SCOPE: fix range check and more
  - CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
  - CURL_MAX_INPUT_LENGTH: largest acceptable string input size
  - Curl_disconnect: treat all CONNECT_ONLY connections as "/dead"/
  - OS400/ccsidcurl: replace use of Curl_vsetopt
  - OpenSSL: Report -fips in version if OpenSSL is built with FIPS
  - WRITEFUNCTION: add missing set_in_callback around callback
  - altsvc: Fix building with cookies disabled
  - auth: Rename the various authentication clean up functions
  - base64: build conditionally if there are users
  - cmake: avoid linking executable for some tests with cmake 3.6+
  - cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
  - cmake: set SSL_BACKENDS
  - configure: avoid unportable '==' test(1) operator
  - configure: error out if OpenSSL wasn't detected when asked for
  - configure: fix default location for fish completions
  - cookie: Guard against possible NULL ptr deref
  - curl: make code work with protocol-disabled libcurl
  - curl: report error for "/--no-"/ on non-boolean options
  - curlver.h: use parenthesis in CURL_VERSION_BITS macro
  - docs/INSTALL: fix broken link
  - doh: acknowledge CURL_DISABLE_DOH
  - doh: disable DOH for the cases it doesn't work
  - examples: remove unused variables
  - ftplistparser: fix LGTM alert "/Empty block without comment"/
  - hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
  - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
  - http: acknowledge CURL_DISABLE_HTTP_AUTH
  - http: mark bundle as not for multiuse on < HTTP/2 response
  - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
  - http_negotiate: do not treat failure of gss_init_sec_context() as fatal
  - http_ntlm: Corrected the name of the include guard
  - http_ntlm_wb: Handle auth for only a single request
  - http_ntlm_wb: Return the correct error on receiving an empty auth message
  - lib509: add missing include for strdup
  - lib557: initialize variables
  - mbedtls: enable use of EC keys
  - mime: acknowledge CURL_DISABLE_MIME
  - multi: improved HTTP_1_1_REQUIRED handling
  - netrc: acknowledge CURL_DISABLE_NETRC
  - nss: allow fifos and character devices for certificates
  - nss: provide more specific error messages on failed init
  - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
  - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
  - openssl: mark connection for close on TLS close_notify
  - openvms: Remove pre-processor for SecureTransport
  - parse_proxy: use the URL parser API
  - parsedate: disabled on CURL_DISABLE_PARSEDATE
  - pingpong: disable more when no pingpong protocols are enabled
  - polarssl_threadlock: remove conditionally unused code
  - progress: acknowledge CURL_DISABLE_PROGRESS_METER
  - proxy: acknowledge DISABLE_PROXY more
  - resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
  - revert "/multi: support verbose conncache closure handle"/
  - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
  - sasl: only enable if there's a protocol enabled using it
  - singleipconnect: show port in the verbose "/Trying ..."/ message
  - socks5: user name and passwords must be shorter than 256
  - socks: fix error message
  - socksd: new SOCKS 4+5 server for tests
  - spnego_gssapi: fix return code on gss_init_sec_context() failure
  - ssh-libssh: remove unused variable
  - ssh: define USE_SSH if SSH is enabled (any backend)
  - ssh: move variable declaration to where it's used
  - test1002: correct the name
  - test2100: Fix typos in test description
  - tests: Run global cleanup at end of tests
  - tests: make Impacket (SMB server) Python 3 compatible
  - tool_cb_wrt: fix bad-function-cast warning
  - tool_formparse: remove redundant assignment
  - tool_help: Warn if curl and libcurl versions do not match
  - tool_help: include for strcasecmp
  - url: always clone the CUROPT_CURLU handle
  - url: convert the zone id from a IPv6 URL to correct scope id
  - urlapi: add CURLUPART_ZONEID to set and get
  - urlapi: increase supported scheme length to 40 bytes
  - urlapi: require a non-zero host name length when parsing URL
  - urlapi: stricter CURLUPART_PORT parsing
  - urlapi: strip off zone id from numerical IPv6 addresses
  - urlapi: urlencode characters above 0x7f correctly
  - vauth/cleartext: update the PLAIN login to match RFC 4616
  - vauth/oauth2: Fix OAUTHBEARER token generation
  - vauth: Fix incorrect function description for Curl_auth_user_contains_domain
  - vtls: fix potential ssl_buffer stack overflow
  - wildcard: disable from build when FTP isn't present
  - xattr: skip unittest on unsupported platforms
- Security fix [bsc#1135170, CVE-2019-5436]
  * A heap buffer overflow exists in tftp_receive_packet that
    receives data from a TFTP server
  * Added curl-CVE-2019-5436.patch
- Install curl.fish completions file from curl rather than from the fish package
- update to version 7.64.1
  * Changes:
  - alt-svc: experiemental support added
  - configure: add --with-amissl
  * Bugfixes:
  - AppVeyor: switch VS 2015 builds to VS 2017 image
  - CURLU: fix NULL dereference when used over proxy
  - Curl_easy: remove req.maxfd - never used!
  - Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
  - DoH: inherit some SSL options from user's easy handle
  - Secure Transport: no more "/darwinssl"/
  - Secure Transport: tvOS 11 is required for ALPN support
  - cirrus: Added FreeBSD builds using Cirrus CI
  - cleanup: make local functions static
  - cli tool: do not use mime.h private structures
  - cmdline-opts/proxytunnel.d: the option tunnnels all protocols
  - configure: add additional libraries to check for LDAP support
  - configure: remove the unused fdopen macro
  - configure: show features as well in the final summary
  - conncache: use conn->data to know if a transfer owns it
  - connection: never reuse CONNECT_ONLY connections
  - connection_check: restore original conn->data after the check
  - connection_check: set ->data to the transfer doing the check
  - cookie: Add support for cookie prefixes
  - cookies: dotless names can set cookies again
  - cookies: fix NULL dereference if flushing cookies with no CookieInfo set
  - curl.1: --user and --proxy-user are hidden from ps output
  - curl.1: mark the argument to --cookie as
  - curl.h: use __has_declspec_attribute for shared builds
  - curl: display --version features sorted alphabetically
  - curl: fix FreeBSD compiler warning in the --xattr code
  - curl: remove MANUAL from -M output
  - curl_easy_duphandle.3: clarify that a duped handle has no shares
  - curl_multi_remove_handle.3: use at any time, just not from within callbacks
  - curl_url.3: this API is not experimental anymore
  - dns: release sharelock as soon as possible
  - docs: update max-redirs.d phrasing
  - examples/10-at-a-time.c: improve readability and simplify
  - examples/cacertinmem.c: use multiple certificates for loading CA-chain
  - examples/crawler: Fix the Accept-Encoding setting
  - examples/ephiperfifo.c: various fixes
  - examples/externalsocket: add missing close socket calls
  - examples/http2-download: cleaned up
  - examples/http2-serverpush: add some sensible error checks
  - examples/http2-upload: cleaned up
  - examples/httpcustomheader: Value stored to 'res' is never read
  - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
  - examples/sftpuploadresume: Value stored to 'result' is never read
  - examples: only include
  - examples: remove recursive calls to curl_multi_socket_action
  - examples: remove superfluous null-pointer checks
  - file: fix "/Checking if unsigned variable 'readcount' is less than zero."/
  - fnmatch: disable if FTP is disabled
  - gnutls: remove call to deprecated gnutls_compression_get_name
  - gopher: remove check for path == NULL
  - gssapi: fix deprecated header warnings
  - hostip: make create_hostcache_id avoid alloc + free
  - http2: multi_connchanged() moved from multi.c, only used for h2
  - http2: verify :athority in push promise requests
  - http: make adding a blank header thread-safe
  - http: send payload when (proxy) authentication is done
  - http: set state.infilesize when sending multipart formposts
  - makefile: make checksrc and hugefile commands "/silent"/
  - mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
  - mbedtls: release sessionid resources on error
  - memdebug: log pointer before freeing its data
  - memdebug: make debug-specific functions use curl_dbg_ prefix
  - mime: put the boundary buffer into the curl_mime struct
  - multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
  - multi: remove verbose "/Expire in"/ ... messages
  - multi: removed unused code for request retries
  - multi: support verbose conncache closure handle
  - negotiate: fix for HTTP POST with Negotiate
  - openssl: add support for TLS ASYNC state
  - openssl: if cert type is ENG and no key specified, key is ENG too
  - pretransfer: don't strlen() POSTFIELDS set for GET requests
  - rand: Fix a mismatch between comments in source and header
  - runtests: detect "/schannel"/ as an alias for "/winssl"/
  - schannel: be quiet - remove verbose output
  - schannel: close TLS before removing conn from cache
  - schannel: support CALG_ECDH_EPHEM algorithm
  - scripts/completion.pl: also generate fish completion file
  - singlesocket: fix the 'sincebefore' placement
  - source: fix two 'nread' may be used uninitialized warnings
  - ssh: fix Condition '!status' is always true
  - ssh: loop the state machine if not done and not blocking
  - strerror: make the strerror function use local buffers
  - test578: make it read data from the correct test
  - tests: Fixed XML validation errors in some test files
  - tests: add stderr comparison to the test suite
  - tests: fix multiple may be used uninitialized warnings
  - threaded-resolver: shutdown the resolver thread without error message
  - tool_cb_wrt: fix writing to Windows null device NUL
  - tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
  - tool_operate: build on AmigaOS
  - tool_operate: fix typecheck warning
  - transfer.c: do not compute length of undefined hex buffer
  - travis: add build using gnutls
  - travis: add scan-build
  - travis: bump the used wolfSSL version to 4.0.0
  - travis: enable valgrind for the iconv tests
  - travis: use updated compiler versions: clang 7 and gcc 8
  - unit1307: require FTP support
  - unit1651: survive curl_easy_init() fails
  - url/idnconvert: remove scan for <= 32 ascii values
  - url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
  - urlapi: reduce variable scope, remove unreachable 'break'
  - urldata: convert bools to bitfields and move to end
  - urldata: simplify bytecounters
  - urlglob: Argument with 'nonnull' attribute passed null
  - version.c: silent scan-build even when librtmp is not enabled
  - vtls: rename some of the SSL functions
  - wolfssl: stop custom-adding curves
  - x509asn1: "/Dereference of null pointer"/
  - x509asn1: cleanup and unify code layout
  - zsh.pl: escape ':' character
  - zsh.pl: update regex to better match curl -h output
- Dropped patches fixed upstream:
  * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
  * 0002-connection_check-restore-original-conn-data-after-th.patch
  * curl-singlesocket-sincebefore-placement.patch
- Fix variable placement that wasn't properly reset within a loop
  missing to notify sockets. [bsc#1129083, bsc#1129470]
  * Added curl-singlesocket-sincebefore-placement.patch
- Add patches to fix use-after-free (boo#1127849):
  * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
  * 0002-connection_check-restore-original-conn-data-after-th.patch
- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles
  due to cmake pulling libcurl4
- update to version 7.64.0
  [bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
  [bcs#1123378, CVE-2019-3823]
  * Changes:
  - cookies: leave secure cookies alone
  - hostip: support wildcard hosts
  - http: Implement trailing headers for chunked transfers
  - http: added options for allowing HTTP/0.9 responses
  - timeval: Use high resolution timestamps on Windows
  * Bugfixes:
  - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
  - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
  - CVE-2019-3823: SMTP end-of-response out-of-bounds read
  - FAQ: remove mention of sourceforge for github
  - OS400: handle memory error in list conversion
  - OS400: upgrade ILE/RPG binding.
  - README: add codacy code quality badge
  - Revert http_negotiate: do not close connection
  - THANKS: added several missing names from year <= 2000
  - build: make 'tidy' target work for metalink builds
  - cmake: added checks for variadic macros
  - cmake: updated check for HAVE_POLL_FINE to match autotools
  - cmake: use lowercase for function name like the rest of the code
  - configure: detect xlclang separately from clang
  - configure: fix recv/send/select detection on Android
  - configure: rewrite --enable-code-coverage
  - conncache_unlock: avoid indirection by changing input argument type
  - cookie: fix comment typo
  - cookies: allow secure override when done over HTTPS
  - cookies: extend domain checks to non psl builds
  - cookies: skip custom cookies when redirecting cross-site
  - curl --xattr: strip credentials from any URL that is stored
  - curl -J: refuse to append to the destination file
  - curl/urlapi.h: include "/curl.h"/ first
  - curl_multi_remove_handle() don't block terminating c-ares requests
  - darwinssl: accept setting max-tls with default min-tls
  - disconnect: separate connections and easy handles better
  - disconnect: set conn->data for protocol disconnect
  - docs/version.d: mention MultiSSL
  - docs: fix the --tls-max description
  - docs: use $(INSTALL_DATA) to install man page
  - docs: use meaningless port number in CURLOPT_LOCALPORT example
  - gopher: always include the entire gopher-path in request
  - http2: clear pause stream id if it gets closed
  - if2ip: remove unused function Curl_if_is_interface_name
  - libssh: do not let libssh create socket
  - libssh: free sftp_canonicalize_path() data correctly
  - libtest/stub_gssapi: use "/real"/ snprintf
  - mbedtls: use VERIFYHOST
  - multi: multiplexing improvements
  - multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
  - ntlm: fix NTMLv2 compliance
  - ntlm_sspi: add support for channel binding
  - openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
  - openssl: fix the SSL_get_tlsext_status_ocsp_resp call
  - openvms: fix OpenSSL discovery on VAX
  - openvms: fix typos in documentation
  - os400: add a missing closing bracket
  - os400: fix extra parameter syntax error
  - pingpong: change default response timeout to 120 seconds
  - pingpong: ignore regular timeout in disconnect phase
  - printf: fix format specifiers
  - runtests.pl: Fix perl call to include srcdir
  - schannel: fix compiler warning
  - schannel: preserve original certificate path parameter
  - schannel: stop calling it "/winssl"/
  - sigpipe: if mbedTLS is used, ignore SIGPIPE
  - smb: fix incorrect path in request if connection reused
  - ssh: log the libssh2 error message when ssh session startup fails
  - test1558: verify CURLINFO_PROTOCOL on file:// transfer
  - test1561: improve test name
  - test1653: make it survive torture tests
  - tests: allow tests to pass by 2037-02-12
  - tests: move objnames-* from lib into tests
  - timediff: fix math for unsigned time_t
  - timeval: Disable MSVC Analyzer GetTickCount warning
  - tool_cb_prg: avoid integer overflow
  - travis: added cmake build for osx
  - urlapi: Fix port parsing of eol colon
  - urlapi: distinguish possibly empty query
  - urlapi: fix parsing ipv6 with zone index
  - urldata: rename easy_conn to just conn
  - winbuild: conditionally use /DZLIB_WINAPI
  - wolfssl: fix memory-leak in threaded use
  - spnego_sspi: add support for channel binding
- Security fix [bsc#1123378, CVE-2019-3823]
  * SMTP end-of-response out-of-bounds read
  * Added patch curl-CVE-2019-3823.patch
- Security fix [bsc#1123377, CVE-2019-3822]
  * NTLMv2 type-3 header stack buffer overflow
  * Added patch curl-CVE-2019-3822.patch
- Fix wrong summary, curl is at version 7, not 4.
- Security fix [bsc#1123371, CVE-2018-16890]
  * NTLM type-2 out-of-bounds buffer read
  * Added patch curl-CVE-2018-16890.patch
- Provide libcurl4 = %version in the mini library package
- Update to version 7.63.0
  * curl: add %{stderr} and %{stdout} for --write-out
  * curl: add undocumented option --dump-module-paths for w32
  * setopt: add CURLOPT_CURLU
  * (lib)curl.rc: fixup for minor bugs
  * CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
  * CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis/desc
  * CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
  * Curl_follow: accept non-supported schemes for "/fake"/ redirects
  * KNOWN_BUGS: add --proxy-any connection issue
  * NTLM: Remove redundant ifdef USE_OPENSS
  * NTLM: force the connection to HTTP/1.1
  * OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
  * SECURITY-PROCESS: bountygraph shuts down again
  * TODO: Have the URL API offer IDN decoding
  * ares: remove fd from multi fd set when ares is about to close the fd
  * axtls: removed
  * checksrc: add COPYRIGHTYEAR check
  * cmake: fix MIT/Heimdal Kerberos detection
  * configure: include all libraries in ssl-libs fetch
  * configure: show CFLAGS, LDFLAGS etc in summary
  * connect: fix building for recent versions of Minix
  * cookies: create the cookiejar even if no cookies to save
  * cookies: expire "/Max-Age=0"/ immediately
  * curl: --local-port range was not "/including"/
  * curl: fix --local-port integer overflow
  * curl: fix memory leak reading --writeout from file
  * curl: fixed UTF-8 in current console code page (Win)
  * curl_easy_perform: fix timeout handling
  * curl_global_sslset(): id == -1 is not necessarily an error
  * curl_multibyte: fix a malloc overcalculation
  * curle: move deprecated error code to ifndef block
  * docs: curl_formadd field and file names are now escaped
  * docs: escape "/n"/ codes
  * doh: fix memory leak in OOM situation
  * doh: make it work for h2-disabled builds too
  * examples/ephiperfifo: report error when epoll_ctl fails
  * ftp: avoid unsigned int overflows in FTP listing parser
  * host names: allow trailing dot in name resolve, then strip it
  * http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
  * http: don't set CURLINFO_CONDIITON_UNMET for http status code 204
  * http: fix HTTP DIgest auth to include query in URI
  * http_negotiate: do not close connection until negotiation is completed
  * impacket: add LICENSE
  * infof: clearly indicate truncation
  * ldap: fix LDAP URL parsing regressions
  * libcurl: stop reading from paused transfers
  * mprintf: avoid unsigned integer overflow warning
  * netrc: don't ignore the login name specified with "/--user"/
  * nss: Fall back to latest supported SSL version
  * nss: Fix compatibility with nss versions 3.14 to 3.15
  * nss: fix fallthrough comment to fix picky compiler warning
  * nss: remove version selecting dead code
  * nss: set default max-tls to 1.3/1.2
  * openssl: Remove SSLEAY leftovers
  * openssl: do not log excess "/TLS app data"/ lines for TLS 1.3
  * openssl: do not use file BIOs if not requested
  * openssl: fix unused variable compiler warning with old openssl
  * openssl: support session resume with TLS 1.3
  * openvms: fix example name
  * os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
  * os400: add CURLOPT_CURLU to ILE/RPG binding
  * os400: fix return type of curl_easy_pause() in ILE/RPG binding
  * packages: remove old leftover files and dirs
  * pop3: only do APOP with a valid timestamp
  * runtests: use the local curl for verifying
  * schannel: be consistent in Schannel capitalization
  * schannel: better CURLOPT_CERTINFO support
  * schannel: use Curl_prefix for global private symbols
  * snprintf: renamed and now we only use msnprintf()
  * ssl: fix compilation with OpenSSL 0.9.7
  * ssl: replace all internal uses of CURLE_SSL_CACERT
  * symbols-in-versions: add missing CURLU_symbols
  * test328: verify Content-Encoding: none
  * tests: disable SO_EXCLUSIVEADDRUSE for stunnel/Win
  * tests: drop http_pipe.py script no longer used
  * tests: drop http_pipe.py script no longer used
  * tool_cb_wrt: Silence function cast compiler warning
  * tool_doswin: Fix uninitialized field warning
  * travis: build with clang sanitizers
  * travis: remove curl before a normal build
  * url: a short host name + port is not a scheme
  * url: fix IPv6 numeral address parser
  * urlapi: only skip encoding the first '=' with APPENDQUERY set
- refreshed curl-disabled-redirect-protocol-message.patch
- Update to version 7.62.0
  * multiplex: enable by default
  * url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
  * setopt: add CURLOPT_DOH_URL
  * curl: --doh-url added
  * setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
  * imap: change from "/FETCH"/ to "/UID FETCH"/
  * configure: add option to disable automatic OpenSSL config loading
  * upkeep: add a connection upkeep API: curl_easy_upkeep()
  * URL-API: added five new functions
  * vtls: MesaLink is a new TLS backend
  * CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
  * CVE-2018-16840: use-after-free in handle close [bsc#1113029]
  * CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
  * Curl_dedotdotify(): always nul terminate returned string
  * Curl_follow: Always free the passed new URL
  * Curl_http2_done: fix memleak in error path
  * Curl_retry_request: fix memory leak
  * Curl_saferealloc: Fixed typo in docblock
  * GnutTLS: TLS 1.3 support
  * SECURITY-PROCESS: mention the bountygraph program
  * VS projects: add USE_IPV6:
  * certs: generate tests certs with sha256 digest algorithm
  * checksrc: enable strict mode and warnings
  * checksrc: handle zero scoped ignore commands
  * cmake: Backport to work with CMake 3.0 again
  * cmake: Improve config installation
  * cmake: add support for transitive ZLIB target
  * cmake: disable -Wpedantic-ms-format
  * cmake: don't require OpenSSL if USE_OPENSSL=OFF
  * cmake: fixed path used in generation of docs/tests
  * cmake: remove unused *SOCKLEN_T variables
  * cmake: suppress MSVC warning C4127 for libtest
  * cmake: test and set missed defines during configuration
  * config: Remove unused SIZEOF_VOIDP
  * configure: force-use -lpthreads on HPUX
  * configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
  * cookies: Remove redundant expired check
  * cookies: fix leak when writing cookies to file
  * curl-config.in: remove dependency on bc
  * curl.1: --ipv6 mutexes ipv4 (fixed typo)
  * curl: update the documentation of --tlsv1.0
  * curl_multi_wait: call getsock before figuring out timeout
  * curl_ntlm_wb: check aprintf() return codes
  * data-binary.d: clarify default content-type is x-www-form-urlencoded
  * docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
  * docs/CIPHERS: fix the TLS 1.3 cipher names
  * docs/CIPHERS: mention the colon separation for OpenSSL
  * docs/examples: URL updates
  * docs: add "/see also"/ links for SSL options
  * example/asiohiper: insert warning comment about its status
  * example/htmltidy: fix include paths of tidy libraries
  * examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
  * examples/parseurl.c: show off the URL API
  * examples: Fix memory leaks from realloc errors
  * examples: do not wait when no transfers are running
  * ftp: include command in Curl_ftpsend sendbuffer
  * gskit: make sure to terminate version string
  * gtls: Values stored to but never read
  * hostip: fix check on Curl_shuffle_addr return value
  * http2: fix memory leaks on error-path
  * http: fix memleak in rewind error path
  * krb5: fix memory leak in krb_auth
  * memory: add missing curl_printf header
  * memory: ensure to check allocation results
  * multi: Fix error handling in the SENDPROTOCONNECT state
  * multi: fix memory leak in content encoding related error path
  * multi: make the closure handle "/inherit"/ CURLOPT_NOSIGNAL
  * netrc: free temporary strings if memory allocation fails
  * nss: try to connect even if libnssckbi.so fails to load
  * ntlm_wb: Fix memory leaks in ntlm_wb_response
  * ntlm_wb: bail out if the response gets overly large
  * openssl: assume engine support in 0.9.8 or later
  * openssl: enable TLS 1.3 post-handshake auth
  * openssl: fix gcc8 warning
  * openssl: load built-in engines too
  * openssl: make 'done' a proper boolean
  * openssl: output the correct cipher list on TLS 1.3 error
  * openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
  * openssl: show "/proper"/ version number for libressl builds
  * pipelining: deprecated
  * rand: add comment to skip a clang-tidy false positive
  * rtmp: fix for compiling with lwIP
  * runtests: ignore disabled even when ranges are given
  * schannel: unified error code handling
  * sendf: Fix whitespace in infof/failf concatenation
  * ssh: free the session on init failures
  * ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
  * system.h: use proper setting with Sun C++ as well
  * test1299: use single quotes around asterisk
  * test1452: mark as flaky
  * test1651: unit test Curl_extract_certinfo()
  * test320: strip out more HTML when comparing
  * tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
  * tests: add unit tests for url.c
  * tool_cb_hdr: handle failure of rename()
  * travis: add a "/make tidy"/ build that runs clang-tidy
  * travis: add build for "/configure --disable-verbose"/
  * travis: bump the Secure Transport build to use xcode
  * travis: make distcheck scan for BOM markers
  * unit1300: fix stack-use-after-scope AddressSanitizer warning
  * urldata: Fix "/connecting"/ comment
  * urlglob: improve error message on bad globs
  * vtls: fix ssl version "/or later"/ behavior change for many backends
  * x509asn1: Fix SAN IP address verification
  * x509asn1: always check return code from getASN1Element()
  * x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
  * x509asn1: suppress left shift on signed value
- Rebased patches after update:
  * curl-disabled-redirect-protocol-message.patch
  * curl-use_OPENSSL_config.patch
- Security fix [bsc#1113660, CVE-2018-16842]
  * Fixed Out-of-bounds Read in tool_msgs.c
  * Added curl-CVE-2018-16842.patch
- Security fix [bsc#1113029, CVE-2018-16840]
  * use-after-free in handle close
  * Added curl-CVE-2018-16840.patch
- Security fix [bsc#1112758, CVE-2018-16839]
  * SASL password overflow via integer overflow
  * Added curl-CVE-2018-16839.patch
- Security fix [CVE-2018-14618, bsc#1106019]
  * NTLM password overflow via integer overflow
  * Added patch curl-CVE-2018-14618.patch
- Update to version 7.61.1
  * CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
  * CURLINFO_SIZE_UPLOAD: fix missing counter update
  * CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
  * CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
  * Curl_getoff_all_pipelines: improved for multiplexed
  * DEPRECATE: remove release date from 7.62.0
  * HTTP: Don't attempt to needlessly decompress redirect body
  * INTERNALS: require GnuTLS >= 2.11.3
  * README.md: add LGTM.com code quality grade for C/C++
  * SSLCERTS: improve the openssl command line
  * Silence GCC 8 cast-function-type warnings
  * ares: check for NULL in completed-callback
  * asyn-thread: Remove unused macro
  * auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
  * auth: pick Bearer authentication whenever a token is available
  * cmake: CMake config files are defining CURL_STATICLIB for static builds
  * cmake: Respect BUILD_SHARED_LIBS
  * cmake: Update scripts to use consistent style
  * cmake: bumped minimum version to 3.4
  * cmake: link curl to the OpenSSL targets instead of lib absolute paths
  * configure: conditionally enable pedantic-errors
  * configure: fix for -lpthread detection with OpenSSL and pkg-config
  * conn: remove the boolean 'inuse' field
  * content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
  * cookie tests: treat files as text
  * cookies: support creation-time attribute for cookies
  * curl: Fix segfault when -H @headerfile is empty
  * curl: add http code 408 to transient list for --retry
  * curl: fix time-of-check, time-of-use race in dir creation
  * curl: use Content-Disposition before the "/URL end"/ for -OJ
  * curl: warn the user if a given file name looks like an option
  * curl_threads: silence bad-function-cast warning
  * darwinssl: add support for ALPN negotiation
  * docs/CURLOPT_URL: fix indentation
  * docs/CURLOPT_WRITEFUNCTION: size is always 1
  * docs/SECURITY-PROCESS: mention bounty, drop pre-notify
  * docs/examples: add hiperfifo example using linux epoll/timerfd
  * docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
  * docs: clarify NO_PROXY env variable functionality
  * docs: improved the manual pages of some callbacks
  * docs: mention NULL is fine input to several functions
  * formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
  * gopher: Do not translate `?' to `%09'
  * header output: switch off all styles, not just unbold
  * hostip: fix unused variable warning
  * http2: Use correct format identifier for stream_id
  * http2: abort the send_callback if not setup yet
  * http2: avoid set_stream_user_data() before stream is assigned
  * http2: check nghttp2_session_set_stream_user_data return code
  * http2: clear the drain counter in Curl_http2_done
  * http2: make sure to send after RST_STREAM
  * http2: separate easy handle from connections better
  * http: fix for tiny "/HTTP/0.9"/ response
  * http_proxy: Remove unused macro SELECT_TIMEOUT
  * lib/Makefile: only do symbol hiding if told to
  * lib1502: fix memory leak in torture test
  * lib1522: fix curl_easy_setopt argument type
  * libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
  * mime: check Curl_rand_hex's return code
  * multi: always do the COMPLETED procedure/state
  * openssl: assume engine support in 1.0.0 or later
  * openssl: fix debug messages
  * projects: Improve Windows perl detection in batch scripts
  * retry: return error if rewind was necessary but didn't happen
  * reuse_conn(): memory leak - free old_conn->options
  * schannel: client certificate store opening fix
  * schannel: enable CALG_TLS1PRF for w32api >= 5.1
  * schannel: fix MinGW compile break
  * sftp: don't send post-qoute sequence when retrying a connection
  * smb: fix memory leak on early failure
  * smb: fix memory-leak in URL parse error path
  * smb_getsock: always wait for write socket too
  * ssh-libssh: fix infinite connect loop on invalid private key
  * ssh-libssh: reduce excessive verbose output about pubkey auth
  * ssh-libssh: use FALLTHROUGH to silence gcc8
  * ssl: set engine implicitly when a PKCS#11 URI is provided
  * sws: handle EINTR when calling select()
  * system_win32: fix version checking
  * telnet: Remove unused macros TELOPTS and TELCMDS
  * test1143: disable MSYS2's POSIX path conversion
  * test1148: disable if decimal separator is not point
  * test1307: (fnmatch testing) disabled
  * test1422: add required file feature
  * test1531: Add timeout
  * test1540: Remove unused macro TEST_HANG_TIMEOUT
  * test214: disable MSYS2's POSIX path conversion for URL
  * test320: treat curl320.out file as binary
  * tests/http_pipe.py: Use /usr/bin/env to find python
  * tests: Don't use Windows path %PWD for SSH tests
  * tests: fixes for Windows line endlings
  * tool_operate: Fix setting proxy TLS 1.3 ciphers
  * travis: build darwinssl on macos 10.12 to fix linker errors
  * travis: execute "/set -eo pipefail"/ for coverage build
  * travis: run a 'make checksrc' too
  * travis: update to GCC-8
  * travis: verify that man pages can be regenerated
  * upload: allocate upload buffer on-demand
  * upload: change default UPLOAD_BUFSIZE to 64KB
  * urldata: remove unused pipe_broke struct field
  * vtls: reinstantiate engine on duplicated handles
  * windows: implement send buffer tuning
  * wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
- Remove patch included upstream:
  * curl-switch-off-all-styles.patch
- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences,
  which might mess up the terminal (bsc#1105624)
- security update
  * CVE-2018-0500 [bsc#1099793]
    + curl-CVE-2018-0500.patch
- Update to version 7.61.0
  [bsc#1099793, CVE-2018-0500]
  * getinfo: add microsecond precise timers for seven intervals
  * curl: show headers in bold, switch off with --no-styled-output
  * httpauth: add support for Bearer tokens
  * curl: --tls13-ciphers and --proxy-tls13-ciphers
  * curl: --disallow-username-in-url
  * CVE-2018-0500: smtp: fix SMTP send buffer overflow
  * schannel: disable client cert option if APIs not available
  * schannel: disable manual verify if APIs not available
  * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
  * openssl: acknowledge --tls-max for default version too
  * stub_gssapi: fix 'unused parameter' warnings
  * examples/progressfunc: make it build on both new and old libcurls
  * docs: mention it is HA Proxy protocol "/version 1"/
  * curl_fnmatch: only allow two asterisks for matching
  * docs: clarify CURLOPT_HTTPGET
  * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
  * configure: do compile-time SIZEOF checks instead of run-time
  * checksrc: make sure sizeof() is used *with* parentheses
  * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
  * schannel: make CAinfo parsing resilient to CR/LF
  * tftp: make sure error is zero terminated before printfing it
  * http resume: skip body if http code 416 (range error) is ignored
  * configure: add basic test of --with-ssl prefix
  * cmake: set -d postfix for debug builds
  * multi: provide a socket to wait for in Curl_protocol_getsock
  * content_encoding: handle zlib versions too old for Z_BLOCK
  * winbuild: only delete OUTFILE if it exists
  * winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
  * schannel: add failf calls for client certificate failures
  * cmake: Fix the test for fsetxattr and strerror_r
  * curl.1: Fix cmdline-opts reference errors
  * cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
  * cmake: check for getpwuid_r
  * configure: fix ssh2 linking when built with a static mbedtls
  * psl: use latest psl and refresh it periodically
  * fnmatch: insist on escaped bracket to match
  * KNOWN_BUGS: restore text regarding #2101
  * INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
  * configure: override AR_FLAGS to silence warning
  * os400: implement mime api EBCDIC wrappers
  * curl.rc: embed manifest for correct Windows version detection
  * strictness: correct {infof, failf} format specifiers
  * tests: update .gitignore for libtests
  * configure: check for declaration of getpwuid_r
  * fnmatch: use the system one if available
  * CURLOPT_RESOLVE: always purge old entry first
  * multi: remove a potentially bad DEBUGF()
  * curl_addrinfo: use same #ifdef conditions in source as header
  * build: remove the Borland specific makefiles
  * axTLS: not considered fit for use
  * cmdline-opts/cert-type.d: mention "/p12"/ as a recognized type
  * system.h: add support for IBM xlc C compiler
  * tests/libtest: Add lib1521 to nodist_SOURCES
  * mk-ca-bundle.pl: leave certificate name untouched
  * boringssl + schannel: undef X509_NAME in lib/schannel.h
  * openssl: assume engine support in 1.0.1 or later
  * cppcheck: fix warnings
  * test 46: make test pass after year 2025
  * schannel: support selecting ciphers
  * Curl_debug: remove dead printhost code
  * test 1455: unflakified
  * Curl_init_do: handle NULL connection pointer passed in
  * progress: remove a set of unused defines
  * mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
  * GOVERNANCE.md: explains how this project is run
  * configure: use pkg-config for c-ares detection
  * configure: enhance ability to build with static openssl
  * maketgz: fix sed issues on OSX
  * multi: fix memory leak when stopped during name resolve
  * CURLOPT_INTERFACE.3: interface names not supported on Windows
  * url: fix dangling conn->data pointer
  * cmake: allow multiple SSL backends
  * system.h: fix for gcc on 32 bit OpenServer
  * ConnectionExists: make sure conn->data is set when "/taking"/ a connection
  * multi: fix crash due to dangling entry in connect-pending list
  * CURLOPT_SSL_VERIFYPEER.3: Add performance note
  * netrc: use a larger buffer to support longer passwords
  * url: check Curl_conncache_add_conn return code
  * configure: Add dependent libraries after crypto
  * easy_perform: faster local name resolves by using *multi_timeout()
  * getnameinfo: not used, removed all configure checks
  * travis: add a build using the synchronous name resolver
  * CURLINFO_TLS_SSL_PTR.3: improve the example
  * openssl: allow TLS 1.3 by default
  * openssl: make the requested TLS version the *minimum* wanted
  * openssl: Remove some dead code
  * telnet: fix clang warnings
  * DEPRECATE: new doc describing planned item removals
  * example/crawler.c: simple crawler based on libxml2
  * libssh: goto DISCONNECT state on error, not SESSION_FREE
  * CMake: Remove unused functions
  * darwinssl: allow High Sierra users to build the code using GCC
  * scripts: include _curl as part of CLEANFILES
  * examples: fix -Wformat warnings
  * curl_setup: include <winerror.h> before <windows.h>
  * schannel: make more cipher options conditional
  * CMake: remove redundant and old end-of-block syntax
  * post303.d: clarify that this is an RFC violation
- refreshed libcurl-ocloexec.patch
- Use OPENSSL_config instead of CONF_modules_load_file() to avoid
  crashes due to openssl engines conflicts (bsc#1086367)
  * add curl-use_OPENSSL_config.patch
- Update to version 7.60.0
  [bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301]
  * Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
  * Add --haproxy-protocol for the command line tool
  * Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
  * FTP: shutdown response buffer overflow CVE-2018-1000300
  * RTSP: bad headers buffer over-read CVE-2018-1000301
  * FTP: fix typo in recursive callback detection for seeking
  * test1208: marked flaky
  * HTTP: make header-less responses still count correct body size
  * user-agent.d:: mention --proxy-header as well
  * http2: fixes typo
  * cleanup: misc typos in strings and comments
  * rate-limit: use three second window to better handle high speeds
  * examples/hiperfifo.c: improved
  * pause: when changing pause state, update socket state
  * multi: improved pending transfers handling => improved performance
  * curl_version_info.3: fix ssl_version description
  * add_handle/easy_perform: clear errorbuffer on start if set
  * cmake: add support for brotli
  * parsedate: support UT timezone
  * vauth/ntlm.h: fix the #ifdef header guard
  * lib/curl_path.h: added #ifdef header guard
  * vauth/cleartext: fix integer overflow check
  * CURLINFO_COOKIELIST.3: made the example not leak memory
  * cookie.d: mention that "/-"/ as filename means stdin
  * CURLINFO_SSL_VERIFYRESULT.3: fixed the example
  * http2: read pending frames (including GOAWAY) in connection-check
  * timeval: remove compilation warning by casting
  * cmake: avoid warn-as-error during config checks
  * travis-ci: enable -Werror for CMake builds
  * openldap: fix for NULL return from ldap_get_attribute_ber()
  * threaded resolver: track resolver time and set suitable timeout values
  * cmake: Add advapi32 as explicit link library for win32
  * docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
  * test1148: set a fixed locale for the test
  * cookies: when reading from a file, only remove_expired once
  * cookie: store cookies per top-level-domain-specific hash table
  * openssl: fix build with LibreSSL 2.7
  * tls: fix mbedTLS 2.7.0 build + handle sha256 failures
  * openssl: RESTORED verify locations when verifypeer==0
  * file: restore old behavior for file:////foo/bar URLs
  * FTP: allow PASV on IPv6 connections when a proxy is being used
  * build-openssl.bat: allow custom paths for VS and perl
  * winbuild: make the clean target work without build-type
  * build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
  * curl: retry on FTP 4xx, ignore other protocols
  * configure: detect (and use) sa_family_t
  * examples/sftpuploadresume: Fix Windows large file seek
  * build: cleanup to fix clang warnings/errors
  * winbuild: updated the documentation
  * lib: silence null-dereference warnings
  * travis: bump to clang 6 and gcc 7
  * travis: build libpsl and make builds use it
  * proxy: show getenv proxy use in verbose output
  * duphandle: make sure CURLOPT_RESOLVE is duplicated
  * all: Refactor malloc+memset to use calloc
  * checksrc: Fix typo
  * system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
  * vauth: Fix typo
  * ssh: show libSSH2 error code when closing fails
  * test1148: tolerate progress updates better
  * urldata: make service names unconditional
  * configure: keep LD_LIBRARY_PATH changes local
  * ntlm_sspi: fix authentication using Credential Manager
  * schannel: add client certificate authentication
  * winbuild: Support custom devel paths for each dependency
  * schannel: add support for CURLOPT_CAINFO
  * http2: handle on_begin_headers() called more than once
  * openssl: support OpenSSL 1.1.1 verbose-mode trace messages
  * openssl: fix subjectAltName check on non-ASCII platforms
  * http2: avoid strstr() on data not zero terminated
  * http2: clear the "/drain counter"/ when a stream is closed
  * http2: handle GOAWAY properly
  * tool_help: clarify --max-time unit of time is seconds
  * curl.1: clarify that options and URLs can be mixed
  * http2: convert an assert to run-time check
  * curl_global_sslset: always provide available backends
  * ftplistparser: keep state between invokes
  * Curl_memchr: zero length input can't match
  * examples/sftpuploadresume: typecast fseek argument to long
  * examples/http2-upload: expand buffer to avoid silly warning
  * ctype: restore character classification for non-ASCII platforms
  * mime: avoid NULL pointer dereference risk
  * cookies: ensure that we have cookies before writing jar
  * os400.c: fix checksrc warnings
  * configure: provide --with-wolfssl as an alias for --with-cyassl
  * cyassl: adapt to libraries without TLS 1.0 support built-in
  * http2: get rid of another strstr
  * checksrc: force indentation of lines after an else
  * cookies: remove unused macro
  * CURLINFO_PROTOCOL.3: mention the existing defined names
  * tests: provide 'manual' as a feature to optionally require
  * travis: enable libssh2 on both macos and Linux
  * CURLOPT_URL.3: added ENCODING section
  * wolfssl: Fix non-blocking connect
  * vtls: don't define MD5_DIGEST_LENGTH for wolfssl
  * docs: remove extraneous commas in man pages
  * URL: fix ASCII dependency in strcpy_url and strlen_url
  * ssh-libssh.c: fix left shift compiler warning
  * configure: only check for CA bundle for file-using SSL backends
  * travis: add an mbedtls build
  * http: don't set the "/rewind"/ flag when not uploading anything
  * configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
  * transfer: don't unset writesockfd on setup of multiplexed conns
  * vtls: use unified "/supports"/ bitfield member in backends
  * URLs: fix one more http url
  * travis: add a build using WolfSSL
  * openssl: change FILE ops to BIO ops
  * travis: add build using NSS
  * smb: reject negative file sizes
  * cookies: accept parameter names as cookie name
  * http2: getsock fix for uploads
  * all over: fixed format specifiers
  * http2: use the correct function pointer typedef
- Added message about protocol redirection not supported or
  disabled to the function findprotocol() [bsc#1076446]
  * Added curl-disabled-redirect-protocol-message.patch
- Update to version 7.59.0
  [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
  [bsc#1084532, CVE-2018-1000122]
  * curl: add --proxy-pinnedpubkey
  * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
  * Add new tool option --happy-eyeballs-timeout-ms
  * openldap: check ldap_get_attribute_ber() results for NULL before using
  * FTP: reject path components with control codes
  * readwrite: make sure excess reads don't go beyond buffer end
  * lib555: drop text conversion and encode data as ascii codes
  * lib517: make variable static to avoid compiler warning
  * lib544: sync ascii code data with textual data
  * GSKit: restore pinnedpubkey functionality
  * darwinssl: Don't import client certificates into Keychain on macOS
  * parsedate: fix date parsing for systems with 32 bit long
  * openssl: fix pinned public key build error in FIPS mode
  * SChannel/WinSSL: Implement public key pinning
  * cookies: remove verbose "/cookie size:"/ output
  * progress-bar: don't use stderr explicitly, use bar->out
  * build: open VC15 projects with VS 2017
  * curl_ctype: private is*() type macros and functions
  * configure: set PATH_SEPARATOR to colon for PATH w/o separator
  * curl_easy_reset: clear digest auth state
  * curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
  * range: commonize FTP and FILE range handling
  * progress-bar docs: update to match implementation
  * fnmatch: do not match the empty string with a character set
  * fnmatch: accept an alphanum to be followed by a non-alphanum in char set
  * build: fix termios issue on android cross-compile
  * getdate: return -1 for out of range
  * formdata: use the mime-content type function
  * openssl: Don't add verify locations when verifypeer==0
  * fnmatch: optimize processing of consecutive *s and ?s pattern characters
  * schannel: fix compiler warnings
  * content_encoding: Add "/none"/ alias to "/identity"/
  * get_posix_time: only check for overflows if they can happen
  * http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
  * README: language fix
  * sha256: build with OpenSSL < 0.9.8
  * smtp: fix processing of initial dot in data
  * --tlsauthtype: works only if libcurl is built with TLS-SRP support
  * tests: new tests for http raw mode
  * libcurl-security.3: man page discussion security concerns when using libcurl
  * curl_gssapi: make sure this file too uses our *printf()
  * BINDINGS: fix curb link (and remove ruby-curl-multi)
  * nss: use PK11_CreateManagedGenericObject() if available
  * travis: add build with iconv enabled
  * ssh: add two missing state names
  * CURLOPT_HEADERFUNCTION.3: mention folded headers
  * http: fix the max header length detection logic
  * header callback: don't chop headers into smaller pieces
  * CURLOPT_HEADER.3: clarify problems with different data sizes
  * curl --version: show PSL if the run-time lib has it enabled
  * examples/sftpuploadresume: resume upload via CURLOPT_APPEND
  * Return error if called recursively from within callbacks
  * sasl: prefer PLAIN mechanism over LOGIN
  * winbuild: Use CALL to run batch scripts
  * curl_share_setopt.3: connection cache is shared within multi handles
  * projects/README: remove reference to dead IDN link/package
  * lib655: silence compiler warning
  * configure: Fix version check for OpenSSL 1.1.1
  * docs/MANUAL: formfind.pl is not accessible on the site anymore
  * unit1307: proper cleanup on OOM to fix torture tests
  * curl_ctype: fix macro redefinition warnings
  * build: get CFLAGS (including -werror) used for examples and tests
  * NO_PROXY: fix for IPv6 numericals in the URL
  * krb5: use nondeprecated functions
  * http2: mark the connection for close on GOAWAY
  * limit-rate: kick in even before "/limit"/ data has been received
  * HTTP: allow "/header;"/ to replace an internal header with a blank one
  * http2: verbose output new MAX_CONCURRENT_STREAMS values
  * SECURITY: distros' max embargo time is 14 days
  * curl tool: accept --compressed also if Brotli is enabled and zlib is not
  * WolfSSL: adding TLSv1.3
  * checksrc.pl: add -i and -m options
  * CURLOPT_COOKIEFILE.3: "/-"/ as file name means stdin
- Refreshed patch libcurl-ocloexec.patch
- Sort a bit with spec-cleaner
- Install license with the library
- ignore all test failures for PowerPC as bypass boo#1075219
  (not only the 1501 previously skipped)
  * Added patch ignore_runtests_failure.patch
- Build curl with libssh.org
  libssh offers a lot more features than libssh2, for example:
  * Key Exchange Methods: curve25519-sha256@libssh.org
  * Hostkey Types: ssh-ed25519
  * Authentication: gssapi-with-mic
- Update to version 7.58.0
  * new libssh-powered SSH SCP/SFTP back-end
  * curl-config: add --ssl-backends
  * http2: fix incorrect trailer buffer size
  * http: prevent custom Authorization headers in redirects
  * travis: add boringssl build
  * examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
  * SSL: Avoid magic allocation of SSL backend specific data
  * lib: don't export all symbols, just everything curl_*
  * libssh2: send the correct CURLE error code on scp file not found
  * libssh2: return CURLE_UPLOAD_FAILED on failure to upload
  * openssl: enable pkcs12 in boringssl builds
  * libssh2: remove dead code from SSH_SFTP_QUOTE
  * sasl_getmesssage: make sure we have a long enough string to pass
  * conncache: fix several lock issues
  * threaded-shared-conn.c: new example
  * conncache: only allow multiplexing within same multi handle
  * configure: check for netinet/in6.h
  * URL: tolerate backslash after drive letter for FILE:
  * openldap: add commented out debug possibilities
  * include: get netinet/in.h before linux/tcp.h
  * CONNECT: keep close connection flag in http_connect_state struct
  * BINDINGS: another PostgreSQL client
  * curl: limit -# update frequency for unknown total size
  * configure: add AX_CODE_COVERAGE only if using gcc
  * curl.h: remove incorrect comment about ERRORBUFFER
  * openssl: improve data-pending check for https proxy
  * curl: remove __EMX__ #ifdefs
  * CURLOPT_PRIVATE.3: fix grammar
  * sftp: allow quoted commands to use relative paths
  * RESOLVE: output verbose text when trying to set a duplicate name
  * multi_done: prune DNS cache
  * tests: update .gitignore for libtests
  * tests: mark data files as non-executable in git
  * CURLOPT_DNS_LOCAL_IP4.3: fixed the "/SEE ALSO"/ to not self-reference
  * curl.1: documented two missing valid exit codes
  * curl.1: mention http:// and https:// as valid proxy prefixes
  * vtls: replaced getenv() with curl_getenv()
  * setopt: less *or equal* than INT_MAX/1000 should be fine
  * examples/smtp-mail.c: use separate defines for options and mail
  * curl: support >256 bytes warning messsages
  * conncache: fix a return code
  * krb5: fix a potential access of uninitialized memory
  * rand: add a clang-analyzer work-around
  * CURLOPT_READFUNCTION.3: refer to argument with correct name
  * brotli: allow compiling with version 0.6.0
  * content_encoding: rework zlib_inflate
  * curl_easy_reset: release mime-related data
  * examples/rtsp: fix error handling macros
  * curl: Support size modifiers for --max-filesize
  * examples/cacertinmem: ignore cert-already-exists error
  * brotli: data at the end of content can be lost
  * curl_version_info.3: call the argument 'age'
  * openssl: fix memory leak of SSLKEYLOGFILE filename
  * build: remove HAVE_LIMITS_H check
  * --mail-rcpt: fix short-text description
  * scripts: allow all perl scripts to be run directly
  * progress: calculate transfer speed on milliseconds if possible
  * system.h: check __LONG_MAX__ for defining curl_off_t
  * easy: fix connection ownership in curl_easy_pause
  * setopt: reintroduce non-static Curl_vsetopt() for OS400 support
  * setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
  * configure.ac: append extra linker flags instead of prepending them
  * HTTP: bail out on negative Content-Length: values
  * docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
  * mime: clone mime tree upon easy handle duplication
  * openssl: enable SSLKEYLOGFILE support by default
  * smtp/pop3/imap_get_message: decrease the data length too...
  * CURLOPT_TCP_NODELAY.3: fix typo
  * SMB: fix numeric constant suffix and variable types
  * ftp-wildcard: fix matching an empty string with "/*[^a]"/
  * curl_fnmatch: only allow 5 '*' sections in a single patt