- Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's
  timeout so that a recorded lease can be used when dhcp server
  is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
- Modified NetworkManager.conf: Use dhclient as the default dhcp
  client(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
- Add NM-restore-MAC-on-release-only-when-cloned.patch: bond:
  restore MAC on release only when there is a cloned MAC address
  (glfo#NetworkManager/NetworkManager!775, bsc#1183967).
- Rebase nm-add-CAP_SYS_ADMIN-permission.patch.
- Update to version 1.22.10:
  + core: periodically cleanup stale device state files from /run.
  + dhcp: fix crash in nettools client.
  + bond: fixed the validation of the miimon option.
  + Various minor bug fixes and improvements.
- Modify nfs script (boo#1164642)
  * Also mount nfs4 shares
  * Ignore nfs or nfs4 shares in case if the noauto option is set
- Update to version 1.22.8:
  + Added configuration option to customize IPv6 RA timeout.
  + Internal DHCP client will now request a lease renewal using the
    previously obtained IP address when expired.
  + Removed length limitation for OVS Bridge, Patches and
    Interfaces (only Patch types) names.
  + Fixed initialization of 'secs' DHCP header field, this caused
    some DHCP relays to drop packets.
  + Fixed failure when creating team interfaces using 'nmstate'.
  + Various bug fixes and improvements.
- Add -fcommon to CFLAGS. This is currently being done upstream
- Update to version 1.22.6:
  + Various fixes for the internal DHCP client.
  + Slave devices now do not get created/activated if master is
  + Fixed 'startup-complete' bug where NetworkManager would reach
    the even when not all the connections had
    been tried.
  + Updated translations.
- No longer recommend -lang: supplements are in use
- Update to version 1.22.4:
  + Fix behavior of internal DHCP client when the server sends a
  + Support 31-bit prefixes on IPv4 point-to-point links according
    to RFC 3021.
  + Fix memory leak parsing RequestScan D-Bus method arguments.
- Fix 'nfs' dispatcher script
  It was checking for an enabled unit 'nfs.service' - which does not
  exist (anymore?). Switched to a check for an enabled unit
- Update to version 1.22.2:
  + Fix multiple issues in the internal DHCP client, including
    wrong parsing of search domains and classless routes options,
    and failures in obtaining and renewing the lease with certain
    server configurations.
  + Export NM_CAPABILITY_OVS capability on D-Bus and in libnm to
    indicate that the OVS plugin is loaded.
  + Fix libnm annotations for nm_sriov_vf_get_vlan_ids() to allow
    the usage of the function through GObject introspection.
- Update to version 1.22.0:
  + Drop support for BlueZ 4. BlueZ 5 was released in 2012 and
    should nowadays be available everywhere.
  + DHCP: switch "/internal"/ DHCPv4 plugin from code based on
    systemd to use nettools' n-dhcp4 library.
  + Add support for "/scope"/ attribute for IPv4 routes.
  + Add support for specifying IAID and FQDN flags for DHCP
  + Add a '802-1x.optional' property to consider the wired 802.1X
    authentication as optional.
  + Use the Network Cost Wi-Fi information element to determine
    metered device state.
  + Support main.auth-polkit=root-only setting to disable PolicyKit
    use and restrict authorization to root user.
  + core: declare "/startup complete"/ when device reaches
    "/connected"/ state, even if IP addressing methods did not yet
    fully complete. This changes behavior for unblocking
    "/NetworkManager-wait-online.service"/, and
    "/"/ earlier. If this causes issues in your
    setup, you may need to configure "/ipv4.may-fail=no"/ or
    "/ipv6.may-fail=no"/, which delays reaching "/connected"/ state for
    the address family accordingly.
  + libnm: hide NMObject and NMClient typedefs from header files.
    This prevents the user from subclassing these types and is an
    ABI change (in the unlikely case that a user was subclassing
    the types, which is no longer supported).
  + libnm: retire deprecated WiMAX API NMDeviceWimax and
    NMWimaxNsp. WiMAX support was removed from NetworkManager in
    version 1.2 (2016) and no such type instances would have been
    created by NMClient for a while now.
  + Deprecate synchronous API for D-Bus calls in libnm. We don't
    remove libnm API so you are free to continue using it. But
    tells you that using it might be a bad idea.
  + libnm: heavily internal rework NMClient. This slims down libnm
    and makes the implementation more efficient. NMClient should
    work now well with a separate GMainContext.
  + Add `nmcli general reload` subcommand to reload NetworkManager
    configuration and DNS settings.
  + nm-cloud-setup: add new tool for automatically configuring
    NetworkManager in cloud. This is still experimental and
    currently only EC2 and IPv4 is supported.
  + Add new NetworkManager logo to "/contrib/art/logo"/.
  + Various bug fixes and improvements.
- Disable networkmanager-checks-po.patch: Needs rebase.
- Add new nm-cloud-setup.service to pre/post/preun/postun calls.
- Update to version 1.20.8:
  + Fix handling of system CA certificates in the ifcfg parser.
  + Handle ReachableTime and RetransTimer from IPv6 Router
  + Fixed setting of MTU according to its parent device for some
    device types.
  + Various fixes for the initramfs configuration genertor.
- Update to version 1.20.6:
  + Fix updating agent-owned VPN secrets.
  + Adjust IWD support to new D-Bus path of IWD 1.0.
  + Introduce an 'optional' property in the 802-1x setting to
    allow the activation to proceed in case of missing
  + Fix ARP announcements for IP addresses configured on
  + Use proper interface when adding s390 specific details in
    initrd generator.
  + Don't disable PMF on Wi-Fi connections using SAE.
  + Properly handle uint16 property types in libnm.
- Drop NetworkNanager-client recommends: this is no longer needed,
  as NM itself ships a frontend by now (nmtui). If a DE has a
  better way to manage NM (by means of applets or other way of
  integration) it is up to the DE to depend on the applets.
- Update to version 1.20.4:
  + Fix crash related to Wi-Fi-P2P.
  + Support rd.znet option in initrd generator to support s390.
  + Fix not creating default-wired-connection when a suitable
    profile exists which is not tied to the device by
  + tui: support WPA3-Personal (SAE).
  + Fixes for OLPC Mesh Wi-Fi.
  + Various bug fixes. Notably, fix unit test and build issues.
- Drop nm-fix-gtk-doc.patch: Fixed upstream.
- Add nm-fix-gtk-doc.patch: Fix build with gtk-doc 1.32 and newer.
- Update to version 1.20.2:
  + Don't ask wpa_supplicant to attempt to enable FT if the
    interface doesn't support it.
  + Various bug fixes and improvements.
  + Updated translations.
- Update to version 1.20.0:
  + The libnm-glib library, deprecated in favor of libnm since
    NetworkManager 1.0, and disabled by default since
    NetworkManager 1.12, has now been removed.
  + The DHCP client now defaults to "/internal"/. The default can be
    overriden at build time by using the --with-config-dhcp-default
    option of the configure script or at run time by setting the
    main.dhcp option in the configuration file.
  + Added support for configuring fq_codel line discipline and
    mirred action.
  + Added a possibility for distributions to ship dispatcher
    scripts in /usr/lib.
  + Drop deprecated setting "/main.monitor-connection-files"/ in
    NetworkManager.conf. This setting now has no more effect and
    was disabled by default for a long time. Instead, after
    changes, load files explicitly with `nmcli connection load` or
    `nmcli connection reload`.
  + Rework parsing team JSON config in libnm and stricter validate
    settings. With this, NetworkManager rejects settings that it
    considers invalid while still allowing setting arbitrary JSON
    config directly.
  + Drop ibft settings plugin. This functionality is now covered by
    using nm-initrd-generator from initrd to pre-generate in-memory
  + Support "/suppress_prefixlength"/ attribute for policy routing
  + This is what wg-quick uses for the "/Improved Rule-based
    Routing"/ solution, and the user can now manually configure such
    policy routing rules.
  + Support "/wireguard.ip4-auto-default-route"/ and
    "/wireguard.ip6-auto-default-route"/. This automatically
    implements the "/Improved Rule-based Routing"/ of wg-quick to
    help avoiding routing loops when setting the default-route on
    the WireGuard interface. Note that this is now enabled by
    default, so there is a change in behavior if your WireGuard
    connection profiles from before had a default-route (/0) in
  + Rework implementation of settings plugins and how profiles are
    presisted to disk. This is a large internal refactoring of the
    settings plugins that allows to migrate a connection profile
    between plugins.
  + In-memory profiles are now only handled by keyfile plugin and
    will also be persisted to /run directory. This allows to
    restart NetworkManager without loosing these profiles and it
    provides a file-system based API for creating in-memory
  + Keyfile plugin now supports a read-only directory of profiles
    under directory "//usr/lib/NetworkManager/system-connections"/.
    Such profiles still can be modified and deleted via D-Bus,
    which results in writing profiles to /etc or /run that shadow
    the read-only files.
  + Add new D-Bus method AddConnection2() that allows to block
    autoconnect of the profile at the moment when creating the
    profile. Also add support for this API to libnm.
  + Add flag "/no-reapply"/ to Update2() D-Bus method. Normally, when
    a connection profile gets modified, this only changes the
    profile itself. When the profile is currently activated on a
    device, then the device's configuration does not update before
    the profile is fully re-activated or Reapply on the device is
    called. There is an exception to this: the "/"/
    and the "/connection.metered"/ properties take effect
    immediately. The "/no-reapply"/ flag allows suppressing to
    reapply any properties, so that no changes take effect
    automatically. The purpose is to really only modify the profile
    itself without changes to the runtime configuration of the
  + Add "/ipv6.method=disabled"/ to disable IPv6 on a device, like
    also possible for IPv4. Until now, the users could only set
    "/ipv6.method=ignore"/ which means the users are free to set IPv6
    related sysctl values themselves.
  + Added support for Wi-Fi Mesh network.
- Stop passing --with-libnm-glib to configure, feature was dropped.
- Drop sub-packages libnm-util2, libnm-glib4 and libnm-glib-vpn1
  and obsolete them from the main package (also in baselibs.conf).
- Drop typelib-1_0-NetworkManager-1_0 and typelib-1_0-NMClient-1_0.
- Rebase some patches with quilt.
- Disable nm-add-CAP_SYS_ADMIN-permission.patch: Needs rework or
  possibly dropping as the ibft plugin is dropped.
- Pass --with-iwd=yes to configure, build experimental IWD backend
  support. Not recommended for endusers, only for testers willing
  to take the risk of broken wifi with no support from distro.
- Update to version 1.18.4:
  + Improve handling of externally added policy routing rules and
    for rules that are taken over after a restart of NetworkManager
  + Fix taking over OVS devices after restart of NetworkManager.
  + Bugfix reapplying IP configuration while activating.
  + Allow reapplying Wi-Fi profile when seen-bssids changes.
  + Various other bugfixes for minor issues and memory leaks.
  + Various build and test fixes.
- Update to version 1.18.2(bsc#1138213):
  + Add support for policy routing rules.
  + Add support for VLAN filtering for Linux bridge.
  + Support ieee-802-1 and ieee-802-3 LLDP TLVs.
  + Allow large MTU sizes for infiniband/IPoIB connection profiles.
  + Improve nmcli's handling of list options for connection properties.
  + Add compatibility with out-of-tree WireGuard module on 5.2 kernels
  + Fix parsing of BOOTIF= variables in initrd.
  + Accept numeric IPv4 prefix in place of a mask when parsing a command line
    in initrd.
  + Don't check connectivity of unconfigured devices.
  + Fix PKCS#12 handling in the ifcfg-rh plugin.
  + Avoid waiting for udev to see software devices created by NetworkManager.
  + Don't attempt to stop management daemon for Team devices created
    externally to NetworkManager.
  + Use FQDN for persistent hostname on Slackware.
  + Restore IPv6 configuration of a device when its link goes back up.
  + Fix management status of software devices on system suspend.
  + Make nmcli not print certificate blobs if --show-secrets is not used.
  + Fix MTU reapply.
- Drop 0001-Update-connectivity-value-on-device-removal.patch:
  Fixed upstream.
- Add nm-add-CAP_SYS_ADMIN-permission.patch: Add CAP_SYS_ADMIN
  which netconfig needs to call setdomainname (bsc#1129587).
- Update to version 1.16.2:
  + Use FQDN for persistent hostname on Slackware.
  + Fix wrong permissions of the /var/lib/NetworkManager/secret_key
  + Don't terminate teamd when assuming existing team connections.
  + Fix incorrect persistence of connections with EAP-TLS and a
    PKCS#12 certificate when using the ifcfg-rh plugin.
  + Fix reapply of the MTU property on devices.
  + Restore IPv6 configuration when the link goes up.
  + Fix build with sanitizers.
  + Other various bug fixes and improvements.
- Avoid using "/systemctl enable"/ in spec file (bsc#1038403).
- Remove legacy checks which fixes bnc#803058 during distribution
  upgrade from 12.2 to 12.3 in .spec file.
- Fix systemd-network-config.patch which added lines starting with "/+"/
  to NetworkManager-wait-online.service
- Fix the connectivity value of devices which was set to LIMITED when
  the connectivity check fails. Now if the connectivity is being set
  to LIMITED but the device state is DISCONNECTED, then the value is
  coerced to NONE. Add patch submitted to
  upstream (boo#1103678, glfdo#NetworkManager/NetworkManager#138):
  * 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch
- Fix the global connectivity value which wasn't updated when a
  device was removed. Which is a problem if the device being removed
  is the one providing the connectivity. Add patch submitted to
  upstream (boo#1103678, glfdo#NetworkManager/NetworkManager#141):
  * 0001-Update-connectivity-value-on-device-removal.patch
- Update to version 1.16.0:
  + Check connectivity per address family.
  + Support "/main.systemd-resolved"/ to let NetworkManager configure
    DNS settings in systemd-resolved without making it the main DNS
    plugin of NetworkManager.
  + Write "//var/run/NetworkManager/no-stub-resolv.conf"/ with
    original nameservers. That is useful with caching DNS plugins
    like "/systemd-resolved"/ or "/dnsmasq"/ where
    "//var/run/NetworkManager/resolv.conf"/ refers to localhost.
  + Change default "/ipv4.dhcp-client-id"/ setting for the internal
    DHCP plugin from "/duid"/ to "/mac"/. This is a change in behavior
    on upgrade when using the internal DHCP plugin (unless the
    default is overwritten in "/NetworkManager.conf"/ or specified
    per connection profile).
  + Improve handling of DHCP router options with internal DHCP
    plugin. For one, accept multiple routers and add a
    default-route to each. On D-Bus expose the original DNS and
    NTP servers without cleaning up local nameservers.
  + Allow binding a connections lifetime to the DBus client that
    activated it.
  + Add support for establishing Wi-Fi Direct connections (Wi-Fi
  + Add support for WireGuard VPN tunnels to NetworkManager. D-Bus
    API and libnm support all options. nmcli supports creating and
    managing WireGuard profiles, with the exception of configuring
    and showing peers.
  + Add initrd generator to be used by dracut and use it as new way
    of handling iBFT.
  + Deprecated "/plugins.monitor-connection-files"/ setting in
    NetworkManager.conf. This option will have no effect in future
  + Add AP and Ad-hoc support for iwd Wi-Fi backend.
  + Warn about invalid settings in "/NetworkManager.conf"/.
  + Support announcing "/ANDROID_METERED"/ DHCP option for shared
  + Support SAE authentication as used for 802.11s Meshing and
  + NetworkManager is no longer installed as D-Bus activatable
  + Mark docker bridges as unmanaged via udev rule.
  + Add new PolicyKit permission
    "/org.freedesktop.NetworkManager.wifi.scan"/ for controlling
    Wi-Fi scanning.
- Rebase systemd-network-config.patch and
- Drop NetworkManager-1.12.2-docker-unmanaged.patch and
  NM-add-wifi-scan-polkit-rule.patch: Fixed upstream (bsc#1128560).
- Do away with em dashes in summaries.
- Combine %service_* calls to reduce generated boilerplate.
- Update to version 1.14.6:
  + Fix memory corruption in internal DHCPv6 client
  + No longer limit number of search entires in resolv.conf to 6.
  + Support restricting NetworkManager.conf device configuration
    based on used DHCP plugin.
  + Add "/${MAC}"/ specifier for connection.stable-id. This uses the
    current MAC address for seeding the stable generation of MAC
    address, DHCP client-id or IPv6 stable-privacy interface
  + Support special value "/duid"/ for "/ipv4.dhcp-client-id"/. This
    generates an RFC4361-compliant client-id like the internal DHCP
    client used to do by default. Previously, there was no explicit
    name for such a client-id and it was not usable with dhclient
    DHCP plugin. This also generates the same client-id as
    systemd-networkd does by default.
  + Support and use a new kind of secret-key in
    "//var/lib/NetworkManager/secret_key"/. The secret-key represents
    the identity of the machine that is used for various purposes
    like generating IPv6 stable privacy addesses. It is now
    combined with "//etc/machine-id"/ so that changing only the
    machine-id results in new identifiers. That matters for example
    when cloning a virtual machine. Previously, the user hard to
    prune NetworkManager's secret-key to get a new identity, now
    regenerating machine-id suffices. Secret-keys generated by
    earlier versions of NetworkManager are not affected and keep
    their previous behavior.
  + Fix the DHCP client-ids based on the MAC address of
    IPoIB/infiniband devices.
  + Fix restoring IP configuration after interface went down.
  + No longer let NetworkManager touch rp_filter setting. The
    rp_filter sysctl must now be set outside of NetworkManager
    according to the admin's preference. Note that a strict
    rp_filter may break valid use-cases and interacts badly with
    connectivity checking.
  + Various bug fixes and improvements.
- Add NM-add-wifi-scan-polkit-rule.patch: Adding a new polkit
  action "/org.freedesktop.NetworkManager.wifi-scan"/ so that
  distributions can add specific rule to allow Wi-Fi scans
  (bsc#1122262, glfo#NetworkManager/NetworkManager!68).
- Modify nfs script: Only mount/unmount when the file type is nfs
  (bsc#1074074, bsc#1146935).
- Update to version 1.14.4:
  + Fix a crash in nmcli when a device is removed while being
  + Fix a crash in ifupdown (Debian) configuration plugin.
  + Fix a daemon crash when a generated connection doesn't
  + Fix a memory leak in dhclient DHCP plugin.
  + Fix line editing in nmcli password prompts.
  + Fix a RPATH in bluetooth and wwan plugin when built with Meson
    (otherwise they wouldn't find
- Update to version 1.14.2:
  + Fix a bug that could cause NetworkManager to crash after
    checking connectivity status.
  + Correctly apply a default (-1) metric from DHCP.
  + Multiple fixes for IWD Wi-Fi backend.
  + Multiple fixes for builds with Meson build system.
  + Fix a crash with OLPC XO-1 mesh Wi-Fi.
  + Fix handling "/serial.parity"/ and "/serial.send-delay"/ properties
    in nmcli.
  + Improve auto-selecting device when activating a connection
    profile and don't auto-select unmanaged devices when activating
    multi-connect profile.
  + Avoid expiring the lifetime of IPv6 addresses from router
- Update to version 1.14.0:
  + Added support for IEEE 802.15.4 and 6LowPAN devices.
  + Support activating profile multiple times via
    connection.multi-connect setting.
  + Add match setting to restrict a profile to devices based on a
    list of interface names with globbing supported.
  + Fix PrimaryConnection for VPN with default-route.
  + Add support for ethtool offload features.
  + Add support for configuring llmnr.
  + Deprecate endian-dependent D-Bus API and add new API that can
    be used instead (rh#1153559).
  + Add support for ip6gre/ip6gretap IP tunnels.
  + Add support for detecting WireGuard interfaces (WireGuard VPN
    cannot be controlled via NetworkManager).
  + Add support for configuring SR-IOV devices.
  + Improve error reporting of activation when no device is
  + Support reapplying changes of the route metric.
  + Support EAP profiles with iwd Wi-Fi backend and support iwd API
  + Expose slaves of OVS bridges and ports.
- Add NetworkManager-1.12.2-docker-unmanaged.patch: Do not manage
  Docker bridge interfaces (glfdo#NetworkManager/NetworkManager!15)
- Update to version 1.12.4:
  + Fix crash in connectivity check.
  + Fix accepted input format for vpn.secrets in nmcli's password file.
  + libnm: support private keys encrypted with AES-{192,256}-CBC.
  + Fix stopping pppd on modem hangup
  + Various minor bugfixes and translation updates.
- Drop NetworkManager-fix-compile-error.patch and
  NetworkManager-remove-assertion.patch: Fixed upstream.
- Add NetworkManager-fix-compile-error.patch: Fix compile error due
  to NM_AVAILABLE_IN_1_12_2 macro.
- Add NetworkManager-remove-assertion.patch: cli: remove assertion
  in nmc_device_state_to_color() (bgo#796834).
- Update to version 1.12.2:
  + Fix missing symbols in libnm ABI for settings.
  + Fix a regression that disallowed activations of VPN connections
    with a device specified.
  + Robustness fixes to connectivity checking.
- Changes from version 1.12.0:
  + Improved support for configuration checkpoint, including
    support in libnm.
  + Added capability to set IP Tunnel configuration flags.
  + The systemd-resolved DNS plugins now supports MDNS.
  + Systemd-resolved and dnsmasq DNS plugins now honor the DNS
    priority setting (CVE-2018-1000135).
  + Wi-Fi devices now support FILS for speedier roaming support.
  + Drop dependency on libnl3 library.
  + Add support for "/onlink"/ routes.
  + More robust connectivity checking.
  + Dropped the obsolete "/ifnet"/ settings plugin,
  + Try harder to generate reasonable human-readable names for
    devices even if the hwdb contains garbage.
  + Add an "/overview"/ option to hide default values in nmcli,
    resulting in more concise output.
  + Reworked the inner workings of D-Bus interface for better
    resource efficiency.
  + Add support for configuring nmcli coloring via
  + Added experimental support for Meson build system.
  + Added initial IWD Wi-Fi daemon support.
  + A non-hexadecimal DHCPv4 client-id is now properly passed to
    dhclient with the first byte (type) set to zero, as stated in
    the documentation. This represents a change in behavior since
    previous versions where the first character of the string was
    used as type. The internal client is not affected by the
  + DNS setting rc-manager=file now always follows dangling
    symlinks instead of replacing /etc/resolv.conf with a plain
  + Added wake_on_wlan connection setting to configure
    wake-on-wireless-lan (WoWLAN).
  + The libnm-glib library, deprecated in favor of libnm since
    NetworkManager 1.0, is now not built by default. While it can
    still be enabled, the distributions should have a good plan for
    removing it if they need to keep shipping it at this point.
  + Nmcli now scans for Wi-Fi networks before displaying them, if
    the last scan was too long ago.
  + Added the ipv6.dhcp-duid property to allow configuring the
    DHCPv6 DUID.
  + Extended ipv6.dhcp-client-id property to support DHCP client
    identifers depending on the MAC address and the stable ID.
  + Set NM_DISPATCHER_ACTION environment variable in dispatcher
- Rebase NetworkManager-1.10.6-netconfig.patch and
  systemd-network-config.patch with quilt.
- Disable networkmanager-obs-net.patch and make check, needs
- Pass with-libnm-glib to configure, deprecated libnm-glib support
  is no long built by default, and since we can not remove this yet
  due to Steam, we pass this option for now.
- Update to version 1.10.10:
  + Fix crash during reapply of connection settings.
  + Minor bugfixes.
- Don't fall back to writing /etc/resolv.conf if launching
  netconfig fails for some reason (boo#1092352,
- Update to version 1.10.8:
  + Fix connectivity timeout handling (bgo#794464).
  + Retry activating devices when the parent becomes managed
  + Correctly set the rp_filter value (rh#1565529).
  + A fix to ensure teamd is respawned after daemon restart
  + Better handle DHCP expiry (bgo#783391).
  + Fix configuration of IPv6 over master interfaces (rh#1575944).
  + Other various bug fixes including possible crashes.
  + Updated translations.
- Drop NM-look-at-all-rp-filter-value.patch: Fixed upstream.
- Add NM-look-at-all-rp-filter-value.patch: look at 'all' rp_filter
  value too to determine actual value (bsc#1084336, bgo#794689).
- Unconditionally enable translation-update-upstream: on
  Tumbleweed, this results in a NOP and for Leap in SLE paid
  translations being used (boo#1086036).
- Update to version 1.10.6:
  + ovs: fix compilation issue of OVS plugin and various fixes.
  + team: add support for team runner "/random"/.
  + core: cleanup activation of device (rh#1537160).
  + dhcp: retry indefinitely to renew the lease (rh#1503587).
  + core: fix blocking autoconnect for no-secrets (bgo#794014).
  + libnm: mark async results as cancelled (bgo#794088).
  + Various bug fixes including possible crashes.
  + Updated translations.
- Drop nm-preserve-agent-owned-secrets-on-connection-update.patch,
  NetworkManager-1.10.4-buildfixes.patch and
  nm-fix-autoconnect.patch: fixed upstream.
- Add nm-fix-autoconnect.patch: Fix autoconnect with agent-owned
  secrets (bgo#794014, boo#1079672).
- fix nfs dispatcher script (boo#1083831)
- Modernize spec-file by calling spec-cleaner
- Add nm-preserve-agent-owned-secrets-on-connection-update.patch:
  Backport upstream commit to preserve agent-owned secrets on
  connection update (bgo#793324, bsc#1082762).
- Update to version 1.10.4:
  + Load jansson at runtime. This solves a clash with json-glib
    that caused a gnome-control-center crash, but also gets rid of
    a hard dependency.
  + Correct nmcli exit values after receiving a signal.
  + Fix libnm secret agent asynchronous initialization.
  + Add a default route for a modem even if it didn't sent a
  + Improve communication of DAD failures.
  + Remember device default metrics across daemon restarts.
  + Various bug fixes including possible crashes.
  + Updated translations.
  + Add NetworkManager-1.10.4-buildfixes.patch: Fix OVS compile
  errors (bgo#793183).
- Replace sysconfig with sysconfig-netconfig BuildRequires and
  Requires, this is what we in reality need.
- Update to version 1.10.2:
  + Added support for 'onlink' IPv4 routes attribute.
  + Wait longer for the carrier to come up after a MTU change.
  + Implemented abstraction for team connections that exposes team
    configuration items as distinct properties.
  + Added basic support for tc queueing disciplines and filters.
  + Introduced an Update2() D-Bus method to update connection
    settings with more flexibility.
  + Many bug fixes and improvements.
- Changes from version 1.10.0:
  + NetworkManager includes now basic OpenVSwitch support, good
    enough to be capable of setting up simple OpenVSwitch
  + Added support for activating PPP connections on non-Ethernet
  + It is now possible to authenticate to a Wi-Fi network using WPS
    (Wi-Fi Protected Setup).
  + Implemented support for Wi-Fi PMF (Protected Management Frames,
    802.11w), which can be configured via the wifi-sec.pmf
  + Now the maximum rate of wireless access points supporting
    802.11 is properly calculated and exposed on D-Bus.
  + Background scanning is now disabled for non-WPA-Enterprise
    Wi-Fi networks.
  + Added support for the Bluetooth NAP (Network Access Point)
  + Added support for disabling connectivity checking via the D-Bus
  + The internal DHCP client now understands the domain-search
  + Bridge connections support the group-forward-mask property.
  + NetworkManager can now configure multiple IPv6 default routes
    received through RA and each gets configured with the announced
  + It is possible to specify the routing table for each static
  + Support specifying a explicit routing table for any
    non-static-route, including routes from DHCP, device-routes,
    IPv6 autoconf.
  + Device are left configured when a user sets them as unmanaged
    by NetworkManager.
  + New connection.auth-retry property to configure how often
    authentication is prompted before failing the configuration.
  + The platform code that handles synchronization with kernel
    status via netlink has been reworked and is more efficient.
  + Allowed the update of connections that have an associated
    ifcfg-rh routing rules file.
  + Non-UTF8 properties are now escaped when they are exported on
  + NetworkManager-wait-online.service now starts
    NetworkManager.service if needed.
  + The MAC address for bond connections can be changed in nmtui.
  + Fixed dependency problems when setting the MTU of VLAN and
    master devices.
  + The systemd-resolved DNS plugin properly handles the DNS
    priority setting.
  + Fixed setting a DHCP timeout greater than 60 seconds
  + Fixed some memory leaks.
  + Many other bug fixes and improvements.
- Rebase networkmanager-obs-net.patch and
- Drop nm-disconnect-proxy-signals.patch and
  nm-vpn-remote-connection-disconnect-signals.patch: Fixed
- Update to version 1.8.6:
  + Fix a daemon crash on permission check (bgo#787897).
  + Fix a daemon crash on VPN state change (bgo#787893).
  + Fix a nmcli crash in interactive mode's describe command
  + Fix termination of the nmcli interactive mode (rh#1517401).
  + Properly handle route metric of zero in keyfiles.
  + Add support for DSA switch devices (rh#1371289).
  + Fix a memory leak of connection D-Bus objects (rh#1461643).
  + A double close that could potentially race with the D-Bus
    thread reusing the same file descriptor (rh#1451236).
  + Connectivity check fixes (bgo#785281) (bgo#784629).
  + Fix the metered properties handling in libnm.
  + Avoid dropping agent secrets unnecessarily (bgo#789383).
  + Fix the asynchronous initialization of a secret agent in libnm.
- Drop nm-disconnect-proxy-signals.patch and
  nm-vpn-remote-connection-disconnect-signals.patch: Fixed
- Minor spec cleaning, tweak spec to silence a few rpm lint
- Replace addFilter("/dbus-policy-missing-allow"/) with
  addFilter("/dbus-policy-allow-without-destination"/), filter out
  the current rpmlint warning.
- Add addFilter("/suse-branding-unversioned-requires*"/) to
  rpmlintrc, we have this unversioned on purpose.
- Add
  addFilter("/systemd-service-without-service_add_post NetworkManager-wait-online.service"/)
  addFilter("/systemd-service-without-service_add_pre NetworkManager-wait-online.service"/)
  addFilter("/systemd-service-without-service_del_postun NetworkManager-wait-online.service"/)
  addFilter("/systemd-service-without-service_del_preun NetworkManager-wait-online.service"/)
  to rpmlintrc, filter out warnings we do not care about nor want
  as we do not want to enable this service by default.
- "/Mark"/ %%{_sysconfdir}/dbus-1/system.d/org.freedesktop.NetworkManager.conf
  and %%config %{_sysconfdir}/dbus-1/system.d/nm-dispatcher.conf as
  config files in spec, silence rpmlint.
- Add nm-disconnect-proxy-signals.patch: disconnect proxy signals
  when closing; fixes possible crash when opening the user panel
- Add nm-vpn-remote-connection-disconnect-signals.patch:
  disconnect signal handlers when remote/vpn connections are
  disposed; fixes a gnome-control-center crash (bsc#1073472
- Remove reference to deprecated and dropped ifcfg-suse plugin from
- Switch to python3:
  + Replace BuildRequires python-gobject, python2-dbus-python with
    python3-gobject, python3-dbus-python.
  + Explictly set environment variable PYTHON as python3 in
    build time.
- Modify nm-dont-overwrite-resolv-conf.patch: make netconfig call
  an atomic action, don't kill it after 2000ms (bsc#960153).
- Update to version 1.8.4:
  + No longer install NetworkManager-wait-online.service in directory (rh#1455704).
  + Fix nmcli device connect wifi for APs that support both
    WPA-PSK and WPA-EAP (rh#1492064).
  + Fix crash unregistering object manager in libnm on restart of
  + Improve handling externally managed slaves devices.
  + Don't reset MAC address of software devices to fake permanent
  + For dhclient use "/timeout"/ option in configuration file,
    instead of the command line option which is only supported by
  + Perform the public-suffix check only for the hostname-derived
  + Fix memory leak in connectivity check.
  + Better restore device managed state on rollback of checkpoint.
  + Skip addition of default-route if it already exists.
  + Bug fix detecting error condition when deleting route in
- Drop NM-dhcp-improve-parsing-interface-statement.patch: Fixed
- Add NM-dhcp-improve-parsing-interface-statement.patch: Fix NM
  not writing DNS servers to /etc/resolv.conf (boo#1047004).
- Update to version 1.8.2:
  + Fix bug blocking startup wrongly waiting for carrier.
  + Fix handling of non UTF-8 strings in libnm and fix non NUL
    terminated string.
  + Handle DNS priority for systemd-resolved DNS plugin.
  + Fix assuming master devices as they wait for slaves to
  + Fix reading managed state from device state file.
  + Fix crash activating bluetooth or WWAN connection.
  + No longer add a direct route to the DHCP server.
  + Several bug fixes and improvements.
- Call networkmanager-obs-net.patch touches the build
- Add nm-dont-overwrite-resolv-conf.patch: Fix NetworkManager
  overwriting /etc/resolv.conf (bsc#960153, bsc#1021665).
- Disable 6 of the tests that are failing on OBS runs
  * networkmanager-obs-net.patch
- Version update to 1.8.0:
  * Default routes set by devices that failed connectivity checks are now
    penalized with a higher metric
  * nmcli is now able to produce output more friendly for machine parsing
  * The slaves available at the time a master connection is activated are
    enslaved in a stable order, making the automatic MAC address for Bonding
    devices more predictable.
  * Hostname management is now more flexibly configured
  * Support for additional route options (pref-src, src, tos, window, cwnd,
    initcwnd, initrwnd, mtu, lock-window, lock-cwnd, lock-initcwnd,
    lock-initrwnd, and lock-mtu).
  * Fixed detection of EAP-FAST support in wpa_supplicant
  * Support for handling PINs for PKCS#11 tokens as secrets
  * GSM and CDMA connections now have a MTU property
  * An option to disable selected TLS versions during EAP phase 1
  * The 802.1x authentication timeout is now configurable to allow a faster
    fallback to other connections
  * Persist managed state of device until reboot. This improves seamless take
    over of a previously managed device after restart of NetworkManager.
  * Better handle devices that are externally managed by somebody else by
    consistently generating an in-memory connection to reflect the external
  * Expose SRIOV capability of a device on D-Bus and support configuring the
    number of virtual functions via NetworkManager.conf.
  * Support matching networking devices via new "/driver:"/ device spec in
  * Introduced support for creating and managing dummy links
  * The teaming devices now support setting a hardcoded MAC address
  * Settings of bonding devices can now be modified on-the-fly, without the
    need to reactivate a connection
  * The failures to activate a connection now communicate better error
    responses to nmcli
  * Reverse Path filtering is now disabled in multihoming configurations where
    it would interfere with legitimate network traffic
  * libcurl is used instead of libsoup for connectivity checking, resulting in
    a smaller dependency footprint
  * With DNS mode "/rc-manager=symlink"/, don't write /etc/resolv.conf as
    a symlink if it already exists as a regular file.
  * Support attaching user-data in form of key-value pairs to connection
  * Fix accpeting fully qualified name for ipv4.dhcp-hostname setting.
  * Make NetworkManager more forgiving to failure to change the MAC address
    during scanning.
- Wimax switches are completely removed
- Added dependencies on packages with versions to ensure
  all features are properly detected, configure reports yes for
  most items now
  * add libcurl
  * add libpsl
  * add python-dbus test dep
- Remove gudev and soup deps as per upstream changes
- Enable testsuite
- Add patch networkmanager-checks-po.patch:
  * Our patch added new .in file that needs to be excluded from
- Replace nfs NetworkManager dispatcher script. Issues of the old
  nfs dispatcher script, fixed by this commit:
  + It only mounts NFS shares with auto-mount. In SUSE's default
    configuration, those are tried to be mounted at boot.
    Unfortunately, this would not work, when NetworkManager
    handles the connection later. The boot process stops at this
  + It unmounts everything on each "/down"/ for any network
    interface, even if the NFS share is still connected to the
    computer via another network interface.
- Update to version 1.6.2:
  + Fixed build warnings with GCC 7.
  + Multiple bug fixes in NetworkManager, nmcli and nm-online
    including several crashes.
- Update to version 1.6.0:
  + No further changes since rc2 (1.5.91).
- Update to version 1.5.91:
  + Bugs fixed: bgo#777402, rh#1406454, rh#1414186.
- Update to version 1.5.90:
  + Avoid reading the permanent MAC address before the device is
    initialized by UDEV. This avoids a race where NetworkManager
    might detect the MAC address of the wrong interface.
  + Fixed race conditions when renaming interfaces, for example as
    done by UDEV for persistent interface naming. This could cause
    detecting devices as the wrong hardware type.
  + Added initial support for PKCS#11 tokens with 802.1x
  + The stable-addressing for MAC address randomization and RFC7217
    IPv6 stable privacy addressing can now be more flexibly
    configured using dynamic randomization seeds in
  + Added support for managing the MACsec links. Requires support
    in wpa_supplicant (version newer than 2.6).
  + When the master of Team, Bridge and Bond devices is specified
    as a connection UUID, the ifcfg-rh plugin now writes the master
    connection's interface name into the ifcfg file for improved
    compatibility with the legacy network service.
  + Improve handling of MTU by resetting the previous MTU when the
    device deactivates and reset the MTU to a defined value on
  + Improve tracking of parent devices for dependend devices like
    ip-tunnels, MACVLAN, VETH, VLAN, and VXLAN.
  + Many bug fixes and improvements.
- Update to version 1.5.3:
  + The cloned.mac-address property can now be used with Bond and
    Bridge devices.
  + The ifcfg parsing code has been reworked for better
    compatibility with actual shell variable files.
  + The ipv6.method=shared is now supported, utilizing DHCPv6
    Prefix Delegation option to obtain prefixes for the interface.
  + nmtui now supports creating and editing IP tunnel connections.
  + The libnm client library now uses the D-Bus ObjectManager API
    that allows for quicker initialization of the clients.
  + nmtui now utilizes the asynchronous libnm client API to
    paralellize communication with the daemon, reducing the client
    startup time.
  + Ethernet devices now use "/802-3.speed"/ and "/802-3.duplex"/
    properties to allow controlling overriding the negotiated link
  + Order in which IP addresses are configured is now preserved so
    that primary address is selected correctly.
  + The PPP manager can now be split into a separate package.
  + Details of the DNS information obtained from the connections is
    now exposed on the D-Bus and can be inspected with nmcli.
  + Added the support for DHCPV6_HOSTNAME and DHCPV6_SEND_HOSTNAME
    keys in ifcfg files that control "/dhcp-hostname"/ and
    "/dhcp-send-hostname"/ properties of the "/ipv6"/ setting.
- Add python-gobject BuildRequires: needed in order to build the
  settings documentation.
- Update to version 1.5.2:
  + Introduced Vala bindings for libnm.
  + NetworkManager would now keep most connections up on shutdown
    (except Wi-Fi connections, VPN connections and other kinds that
    can't be assumed on startup)
  + The checkpoint/restore connection can now also remove new
    connections and disconnect devices that were activated since
    the checkpoint was taken.
  + The configuration is now read from /run/NetworkManager/conf.d
    as well. This is useful for handing over configuration
    discovered on system startup to NetworkManager.
  + New connection.autoconnect_retries property that allows
    fine-tuning the autoconnect behavior.
  + Support for configuration and discovery of Web Proxy settings
    with PacRunner service.
  + Support for systemd-resolved local DNS forwarder backend.
  + Fix emission of NM-style PropertiesChanged signals and
    deprecate them for PropertiesChanged on
    "/org.freedesktop.DBus.Properties"/ interface.
  + Change the meaning of unset "/cloned-mac-address"/ settings from
    "/permanent"/ to "/preserve"/. This changes the default value and
    affects existing connections during upgrade that did not
    explicitly configure cloned-mac-address. This has the effect
    that externally configured MAC addresses are preserved by
    default instead of setting the permanent address (bgo#770611).
- Update to version 1.4.4:
  + Order in which IP addresses are configured is now preserved so
    that primary address is selected correctly.
  + Don't deconfigure devices we can take over on shutdown. Makes
    it possible to restart without connection disruption for most
    device types.
  + Avoid reading the permanent MAC address before the device is
    initialized by UDEV. This avoids a race where NetworkManager
    might detect the MAC address of the wrong interface.
  + Fixed race condition when renaming interfaces, for example as
    done by UDEV for persistent interface naming. This could cause
    detecting a Wi-Fi interface as ethernet.
  + Fixed a race condition in libnm that could cause a client hang
    if a last value from a property of object array type
  + Fixed a possible nmcli hang on D-Bus object fetch failure.
  + Other fixes and improvements.
- Update to version 1.4.2:
  + Fixed emission of NM-style PropertiesChanged signals and
    deprecated them for PropertiesChanged on
    "/org.freedesktop.DBus.Properties"/ interface.
  + Fixed race condition in the communication between
    NetworkManager and the DHCP helper which caused loss of events.
  + Added workaround for failures in changing MAC address with some
    wireless drivers.
  + Improved bash autocompletion.
  + Restored check on JSON syntax when built with Jansson support.
  + Fixed a regression in the serialization of empty
    "/cloned-mac-address"/ property in libnm.
  + Other fixes and improvements.
- Drop NetworkManager-fix-broadcom-wifi.patch: Fixed upstream.
- Add even more commits to really fix bgo#770456 to
- Add NetworkManager-fix-broadcom-wifi.patch: Broadcom driver does
  not support the random mac addr introduced. This patch works
  around the problem (bgo#770456).
- Conditionally apply translations-update-upstream BuildRequires
  and macro for non-openSUSE only.
- Update to version 1.4.0:
  + The MAC address assigned to a device can now be set according
    to different policies: preserve, permanent, random, stable.
  + NetworkManager now waits for IPv6 DAD to terminate before
    completing the activation.
  + Added support for setting IPv6 tokenized interface identifiers
    through the 'ipv6.token' connection property.
  + Added a 'Reload' D-Bus method to reload configuration and
    reapply DNS configuration.
  + Added ability to create a configuration checkpoints and rolling
    back changes after a timeout.
  + NetworkManager now follows symlinks when accessing resolv.conf
    and rc-manager is set to 'file'.
  + Added support for oFono as modem manager.
  + The devices now exposes counters of transferred data.
  + The 'may-fail' property of ipv4 and ipv6 settings is now
    respected more accurately.
  + The timeout for requests of secrets to agents has been
    increased from 25 to 120 seconds.
  + Name servers passed to dnsmasq now specify an egress interface
    to avoid problems with multiple active connections.
  + Reverse DNS entries for IPv6 are now added to dnsmasq, and IPv4
    reverse entries now honor the network prefix.
  + A new 'dns-priority' property of ipv4 and ipv6 settings can be
    used to tweak the order of servers in resolv.conf when multiple
    connections are active.
  + configure script accepts --enable-{address,undefined}-sanitizer
    options to build NetworkManager with GCC sanitizers.
  + The default resolv.conf manager can now be specified at build
    time using the --with-config-dns-rc-manager-default configure
  + NetworkManager is now compiled with --gc-sections to reduce
    executable size.
  + Added a new 'VPN_PLUGIN' logging domain.
  + It is now possible to change the configuration currently
    applied on a device with 'nmcli device modify' and 'nmcli
    device reapply'.
  + nmcli invoked without parameters shows an overview of the
    current network configuration.
  + The 'nmcli connection add' syntax has been extended and is now
    possible to pass properties (e.g. 'ipv4.dns') along with
  + nmtui now returns to initial menu after a sub-form exits.
  + Improved bash autocompletion for nmcli.
  + Now devices are disconnected before the system suspends,
    executing dispatcher scripts. This allows external applications
    to be notified of the change in connectivity.
  + Dispatcher scripts are now called also when connectivity status
  + Many other fixes and improvements.
- Pass --with-config-dns-rc-manager-default=netconfig to configure:
  ensure to use netconfig, which is SUSE's default.
- Replace pgkconfig(systemd) BuildRequires with
  pkgconfig(libsystemd), following upstream.
- Rebase systemd-network-config.patch.
- Update to version 1.2.2:
  + The dnsmasq DNS management mode now uses D-Bus API of dnsmasq
    to make signal nameserver changes.
  + Hostname is now correctly read on Slackware.
  + IPv6 addresses for default wired connections now stay stable.
  + Reading portname on s390 systems on 4.4 kernels and newer has
    been corrected.
  + nmcli no longer warns about version mismatches.
  + Improved developer documentations.
  + Multiple minor bugfixes.
  + Updated translations.
- Update to version 1.2.0:
  + Bugs fixed: bgo#764750, bgo#764955, bgo#764956, bgo#765225,
- Changes from version 1.1.94 (1.2-rc2):
  + Bugs fixed: bgo#764839, bgo#764690, rh#1324895.
- Add post/postun scritlets for libnm0.
- Update to version 1.1.93 (1.2-rc1):
  + Bugs fixed: bgo#761389, bgo#763236, bgo#764317, bgo#764332,
    bgo#764398, bgo#764402, bgo#764483, bgo#764606, rh#1299103.
  + Updated translations.
- Changes from version 1.1.92:
  + Added an option to enable the old-fashioned /etc/resolv.conf
    handling (using a symlink).
  + NetworkManager now checks the connection data from client for
    validity and gracefully handles unknown properties in client.
    This improves interoperability between the server and clients
    of different versions.
  + The activation of a VLAN device with a virtual parent that is
    inactive now results in a parent being activated first.
  + The server name used with 802.1x authentication can now be
    constrained to a particular domain suffix (CVE-2006-7246).
- Drop (presumably) no longer needed patches:
  + nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff
  + nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff
- Update to version 1.1.91:
  + Added support for detecting duplicate IPv4 addresses, with a
    timeout configurable through the connection
  + Fixed a race condition that could potentially lead to
    unauthorized access to connection secrets (CVE-2016-0764).
  + dnsmasq configuration for shared connections can now be
    extended by placing custom files in
  + Generic devices are no longer assumed unless explicitly
    requested by user.
  + The reorder-header VLAN flag setting is now honored; to keep
    backwards compatibility in behavior, an existing REORDER_HDR=0
    ifcfg-rh key is ignored; the flag must be disabled with
  + Fair amount of bugs was fixed and robustness was generally
- Rebase systemd-network-config.patch.
- Update to version 1.1.90:
  + Added an option to enable use of random MAC addresses for Wi-Fi
    access point scanning (defaults to disabled).  Controlled with
    'wifi.mac-address-randomization' property
    (MAC_ADDRESS_RANDOMIZATION key in ifcfg files).
  + Wi-Fi scanning now utilizes wpa_supplicant's AP list.
  + Added support for Wi-Fi powersave, configured with POWERSAVE
    key in ifcfg files.
  + Added support for creation of more types of software devices:
    tun & tap, maxvlan, vxlan and ip tunnels (ipip, gre, sit,
    isatap, vti, ip6ip6, ipip6, ip6gre and vti6).
  + The software devices (bond, bridge, vlan, team, ...) can now be
    stacked arbitrarily. The nmcli interface for creating
    master-slave relationships has been significantly improved by
    the use of 'master' argument to all link types.
  + RFC7217 stable privacy addressing is now used by default to
    protect from address-based host tracking. The IPv6 addressing
    mode is configured with IPV6_ADDR_GEN_MODE key in ifcfg files.
  + Improved route management code to avoid clashes between
    conflicting routes in multiple connections.
  + Refactored platform code resulting in more robust interface to
    platform, less overhead and reduced memory footprint.
  + Improved interoperability with other network management tools.
    The externally created software devices are not managed until
    they're activated.
  + The Device instances now exist for all software connections and
    the platform devices are now only created when the device is
    activated. This makes it possible for connections with device
    of same name not to clash unless they're activated
    concurrently. The links are now not unnecessarily present
    unless the connection is active, avoiding pollution of the link
    name space.
  + NetworkManager now correctly manages connectivity in
    namespace-based containers such as LXC and Docker.
  + Support for configuring ethernet Wake-On-Lan has been added.
  + Added LLDP listener functionality and related CLI client
    commands. Enabled via LLDP option in ifcfg files.
  + CLI secret agent has been extended with support for VPN
  + The command line client now utilizes colors for its output.
  + The command line client now sorts the devices and properties
    for better clarity.
  + Numerous impovement to Bash command completion for nmcli.
  + NetworkManager relies on less external libraries. The use of
    dbus-glib has been replaced with gio's native D-Bus support and
    libnl-route is no longer used.
  + Dependency on avahi-autoipd has been dropped. Native IPv4
    link-local addressing configuration based on systemd network
    library is now used instead.
  + Hostname is now managed via systemd-hostnamed on systemd-based
  + Management of resolv.conf management can be changed at runtime,
    private resolv.conf is always written in /run.
  + DNS options in resolv.conf are now honored.
  + Updated version of systemd network library used for internal
    DHCP and IPv4 link-local support.
  + Support for event logging via audit subsystem has been added.
  + Support for native logging via systemd-journald has been added
    taking advantage of its structured logging.
  + Live reconfiguration in IP configuration after changing the
    settings without reactivation of the device with "/nmcli device
    reapply"/ command and via D-Bus API.
  + The API for VPN plugins now supports multiple simultaneous
    connections. Most popular VPN plugins have been updated to
    support this functionality.
  + The libnm library now provides API to access VPN service
  + Fair amount of bugs was fixed and robustness was generally
  + New DHCP_FQDN key in ifcfg files to configure the full FQDN to
    be sent to the DHCP servers.
  + Added multicast_snooping option to BRIDGING_OPTS ifcfg key.
- Pass --enable-gtk-doc to configure: needed to have the man pages
- Remove --enable-ifcfg-suse configure parameter: the ifcfg-suse
  plugin has been deprecated.
- Add perl(YAML) BuildRequires: dependency to build the
- Rebased systemd-network-config.patch.
- Drop NetworkManager-geoclue-interaction.patch: the patch has side
  effects when geoclue itself is not installed.
- Drop NetworkManager-openvpn-route-configuration.patch: no longer
- Drop nm-ppp-manager-clear-ppp_watch_id.patch and
  nm-update-ip_iface-only-if-IP-interface-exists.patch: fixed
- No longer recommend avahi-autoipd: the functionality is no longer
- Flip with_cacert_patch off (set to 0): patch needs rebase.
- Modify nm-probe-radius-server-cert.patch: Make sure the "/Apply"/
  button in Wifi configuration page of gnome-control-center is
  clickable (bsc#985332).
- Move provides NetworkManager(cacert-patch) to libnm-util2, to
  ensure gnome-control-center doesn't hard requires NetworkManager.
- Update to version 1.0.12 (FATE#318572)
- drop nm-core-fix-crash-during-Wi-Fi-rescan-by-emitting-NM_DE.patch
  contained in version
- Rebase NetworkManager-geoclue-interaction.patch
- Rebase nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff
- Rebase nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff
- Rebase systemd-network-config.patch
- Rebase nm-probe-radius-server-cert.patch
- nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff
_ Update to version 1.0.12:
  + DHCP leases on software devices are now renewed when the
    computer is awoken from suspend.
  + Improved ifupdown plugin robustness and interoperability on
    Yocto and OpenEmbedded.
  + Fixed failed VPN activations when plugin supports interactive
    mode, but the VPN daemon does not.
  + Wi-Fi monitor interfaces are now ignored, not turned into
    managed mode.
  + AP and AdHoc mode connections with manual IP configuration are
    now able to autoconnect.
  + Broken device drivers (AWS ENI) that initially have invalid
    MAC addresses are now properly managed as soon as correct MAC
    address is set.
  + WWAN devices are unlocked a bit earlier so that supported IP
    versions can be queried.
  + The NetworkManager.service was ordered after and dbus.service. This ensures
    NetworkManager doesn't set up connectivity before firewall
    rules are in place and wouldn't exit before remote filesystems
    can be umounted ensuring orderly operation of systemd managed
  + The netfilter rules used with shared IPv4 method are now
    removed on exit.
  + Ability to manage USB gadget drivers (UDC side) has beed
  + Infiniband transport mode change now takes place with the link
    set down because some drivers need that.
  + Race conditions that could disclose connection secrets to
    authenticated local users when changing ifcfg and keyfile
    connections have been fixed.  This has security impact of low
    severity (CVE-2016-0764).
  + A handful of memory leak and crasher bugs of minor importance
    have been fixed.
- Drop patches incorporated upstream:
  - NetworkManager-openvpn-route-configuration.patch.
  - nm-ppp-manager-clear-ppp_watch_id.patch.
  - nm-update-ip_iface-only-if-IP-interface-exists.patch.
- Rebase systemd-network-config.patch for updated version.
- nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff
- Split out a NetworkManager-branding-upstream subpackage that
  installs the default upstream version of the
  /etc/NetworkManager/NetworkManager.conf file.
- Add Requires: NetworkManager-branding to main package.
- Add nm-ppp-manager-clear-ppp_watch_id.patch and
  nm-update-ip_iface-only-if-IP-interface-exists.patch: Patches
  from upstream git cherrypicked to stable branch from master.
- Add NetworkManager-openvpn-route-configuration.patch: Fix routes
  not being applied when connecting to openVPN.
- Add explicit pkgconfig(libteam) BuildRequires: force team
  connection support.
- Update to version 1.0.10:
  + Added support for handling VPN secrets to nmtui and nmcli agent.
  + Fixed a regression that caused NetworkManager to ignore
    external deletion of a device with master.
  + Fixed glitches with older versions of glib (prior to 2.36.0).
  + Fixed build with most recent versions of libsoup.
  + Fixed busy retry loop on non-transient errors from
  + Improvements to testing infrastructure.
  + Updated translations.
- Update to version 1.0.8:
  + MTU indicated by a VPN gateway is now properly applied.
  + Fixed MSS setting when MTU changes.
  + The default route is properly restored on device disconnect.
  + Build with older toolchains has been fixed.
  + The team devices can now properly be enslaved to bridges.
  + Failed DHCP attempts for assumed connections are now retried
    after a timeout.
  + Default wired connection is now created after udev registers
    the device.
  + Support for Bluetooth DUN devices with Bluez 5 has been fixed.
  + The ipv6.ignore-auto-dns property is now properly honored
    making it possible to override automatically obtained name
  + Invalid permanent MAC adddresses as reported by some devices
    are now ignored.
  + Device links reported by more recent versions of Linux kernel
    that reside in different network namespaces are no longer
    confused with links in the namespace NetworkManager runs in.
  + MAC address changes of VLANs enslaved to a bond are now
    properly propagated to the master device.
  + Fixed error handling for teaming devices with invalid
  + Wi-Fi AP list is now updated correctly after AP mode has been
  + Management of a device is not attempted until the device has
    been registered with udev.
  + The error handling for VPN secret agents is now significantly
    more robust.
  + Detection of s390 CTC devices now works properly.
  + A GATEWAY property in /etc/sysconfig/network now no longer
    affects non-static connections.
  + Added support for IPv6-only VPN connections.
  + The systemd service now uses HUP signal to reload
  + Change VLAN default flags to set REORDER_HDR for new
  + nmtui is now able to ignore automatically configured routes.
  + Numerous bash shell autocompletion fixes for nmcli.
  + Allow setting IPv6 and PPP settings for GSM and CDMA
    connections via nmcli.
  + Added support for adding ADSL connections in nmcli.
  + Numerous crash fixes.
  + Updated translations.
- Rebase NetworkManager-geoclue-interaction.patch.
- Update to version 1.0.6:
  + Improved capture portal detection.
  + Default route through WiFi connection is now preferred to
    Mobile Broadband if both are available.
  + Expose a flag to determine whether a particular connection is
    metered via API and client tools.
  + Add support for locking connections to a channel within a
    particular band.
  + Add support for configuring Wake-on-LAN capabilitites.
  + Allow overriding the MTU for team device.
  + Usual pile of bug fixes and robustness improvements.
- Rebase NetworkManager-geoclue-interaction.patch .
- Toggle with_cacert_patch to 1: the patch has been rebased.
- Change nfs dispatcher-script to be more reliable in mixed ip v4
  v6 environments.
- Rebase nm-probe-radius-server-cert.patch for 1.0.4 (bsc#938198).
- Add explicit pkgconfig(udev) BuildRequires: we need it to define
- Update to version 1.0.4:
  + The MTU setting from an IPv6 neighbor discovery Router
    Advertisements is now ignored if applying it would result in
    invalid configuration.
  + Some configuration options can now be changed without
    restarting the daemon. Notably, this applies to 'dns',
    'connectivity' and 'ignore-carrier' settings.
  + The connection activation was made more robust. If an active
    connection is reactivated, the device it's active on takes
    precedence. If an attempt is made to activate a connection on a
    different device than it is active on, the activation proceeds
    removing the connection from the active device.
  + The device specifiers in configuration files now support
    negation via 'except:' match.
  + Devices that only have IPv6 link-local address are no longer
    assumed to be connected.
  + nmcli now provides hints and tab-completion for enumeration
  + If the IPv6 interface tokens are set they are honored when
    creating an interface identifier for IPv6 addressing.
  + NetworkManager now maintains correct routing configuration when
    multiple interfaces are connected to the same network.
  + The management of devices can now be controlled with udev
    rules. The veth devices as well as the virtual Ethernet devices
    of various virtualization tools (VMWare, VirtualBox, Parallels
    Workstation) are now ignored by default.
  + The IPv6 privacy extensions are now enabled by default and
    handling of the ip6-privacy sysctl has been improved.
  + Activating a Bond, Bridge or Team device can now optionally
    activate the slave connections as well. The behavior is
    controlled with 'connection.autoconnect-slaves' property.
  + The platform support code has been refactored, resulting in
    better scalability in large configurations.
  + Changes to network interfaces configuration done outside
    NetworkManager are now picked up and exposed to the user via
    NetworkManager API and tools.
  + A connection can now optionally leave externally configured
    default route in place instead of overriding it. The behavior
    is controlled with 'ipv4.never-default' and
    'ipv6.never-default' properties.
  + Multiple crasher and memory leak bugs in the daemon were fixed.
  + Multiple bugs that could cause the client tools to hang or
    crash were fixed.
  + nmcli allows multiple devices for 'nmcli device
  + Firewall zone is added to firewalld for device-based VPN
    connections too.
- Toggle with_cacert_patch to 0: the Radius CA patch neeeds to be
  reworked. Wrap applying the patch into a with_cacert_patch
  condition, to make enabling/disabling a one-stop change.
- Update to version 1.0.2:
  + Wi-Fi devices now indicate support for 2GHz and 5GHz
  + "/nmcli device"/ output now indicates physical port ID
  + New config items added to the 'ifcfg-rh' plugin:
  - IPADDR and PREFIX are now supported for specifying address
    ranges of shared IPv4 connections.
  + Dispatcher scripts now get a CONNECTION_FILENAME variable with
    the path to the configuration file for the connection.
  + An example dispatcher script that is able to apply complex
    routing rules (such as setting up policy-based routing) for
    'ifcfg-rh' connections was added to examples/dispatcher/.
  + 'mode' key of Bond device options property now accepts numeric
  + Connection attempts for devices without carrier on startup now
    wait for carrier to appear within a short timeout instead of
    failing immediately. This makes system startup more robust.
  + Bridge connectivity is now properly restored on resume from
  + The D-Bus name is acquired earlier during the daemon startup.
    This makes it possible for the systemd service manager to
    optimize the service startup so that services that require
    networking are activated sooner contributing to faster system
    start up time.
  + A lot of memory leak problems were fixed, resulting in reduced
    memory usage. Many of them were discovered as a result of
    improvements in use of Valgrind in the testing infrastructure.
  + Management of 'teamd' daemon instances for Team devices is now
    more robust.
  + The 'dnsmasq' daemon respawns when it terminates and it is
    configured for management of DNS resolver configuration.
  + Hostnames that are not fully qualified are no longer sent to a
    DHCPv6 server for a dynamic DNS update.
  + Connection UUIDs are now checked for uniqueness when connection
    configurations are read.
  + Receipt of a NDP Router Advertisement can no longer lower the
    IPv6 hop limit (CVE-2015-2924).
  + Many other bugs were fixed.
  + Updated translations.
- Add NetworkManager(cacert-patch) provides: to be toggled to 0
  whenever we disable nm-probe-radius-server-cert.patch. Other
  packages that consume the ABI introduced by this patch can
  specify this as a requirement.
- Reabse nm-probe-radius-server-cert.patch
- Add rp-pppoe BuildRequires, so configure can autodetect the path
  to the pppoe binary.
- Recommend rp-pppoe: the program is needed for NetworkManager to
  be able to initiate PPPoE connections (commonly used by ADSL
  providers). It is not strictly required to operate NM in most
  setups, thus only recommended (boo#903553).
- Update to version 1.0:
  + A new 'libnm' GObject-based client library to replace
  - IP address, IP route, hardware address, and other properties
    are now represented as strings.
  - Based on GIO's GDBus bindings instead of dbus-glib.
  - Uses modern GObject APIs including GAsyncResult and GVariant.
  - See
  + Devices and VPN connections now have individual default routes.
    Priorities are handled through configurable route metrics.
  + nmcli now supports password requests and PolicyKit
  + A faster, lighter-weight (though less capable) internal DHCP
    client has been added and may be selected with the
    "/dhcp=internal"/ option. It supports fewer DHCP options and
    does not yet support DHCPv6.
  + A new 'configure-and-quit=yes' option has been added for
    environments with less dynamic network configuration.
  + When running on 3.17 and later kernels, NetworkManager handles
    IPv6LL address assignment to ensure that IPv6 connectivity is
    not enabled until intentionally configured by the user.
  + NetworkManager no longer causes the nl80211 kernel module to be
    loaded on systems with no Wi-Fi devices.
  + Bluetooth DUN support now works with Bluez 5.x.
  + VPN connections can now persist across link changes and
    suspend/resume if their VPN plugin supports this feature.
  + A new 'ibft' settings plugin has been added to support
    firmware-based iBFT/iSCSI configurations. This functionality
    has been moved to 'ibft' from the 'ifcfg-rh' plugin.
  + IPv6 router advertisement MTUs are now respected.
  + NetworkManager no longer requires polkit libraries at runtime
    when Polkit support is enabled, and Polkit can be disabled at
    build time too.
  + Automatically created connections are now deleted when their
    device goes away.
  + 'nmcli dev connect' now attemts to create a connection if none
  + Manually configured static IPv6 configuration is kept even if
    SLAAC fails.
  + Manpages for the 'keyfile' and 'ifcfg-rh' plugins now describe
    their configuration syntax and available options.
  + WWAN connections now support IPv6 if the modem and provider
    support IPv6.
  + Software devices (bridge, bond, team, etc) can now be deleted
    from the D-Bus API or with nmcli.
  + The manpages, documentation, and API annotations have received
    many cleanups.
  + Externally created virtual interfaces are no longer managed by
    NetworkManager until they are set "/up"/ or activated via nmcli.
- Disable nm-probe-radius-server-cert.patch for now: needs rebase.
- Drop 0001-core-don-t-auto-launch-logind-bgo-741572.patch and
  NetworkManager-dhcpv6.patch: fixed upstream.
- Split out new subpackage typelib-1_0-NM-1_0 and libnm0.
- Require typelib-1_0-NM-1_0 and libnm0 by the -devel package.
- Add pkgconfig(bluez) BuildRequires.
- Replace pkgconfig(libsystemd-login) BuildRequires with
  pkgconfig(libsystemd) and pkgconfig(polkit-gobject-1) with
  pkgconfig(polkit-agent-1), following upstream.
- Update to version
  + Kernel 'cache' routes (such as those added by IPv6 operations)
    are ignored, preventing unwanted CPU usage.
  + Vala bindings for libnm-glib async methods have been added.
  + Some interactions with external OpenVPN daemon default routes
    have been fixed.
  + Fixed usage of libnm-glib connectivity checking from
    garbage-collected languages.
  + An unusual delay acquiring a DHCP lease with dhcpcd has been
  + A libnm-glib crash has been fixed when multiple NMClients are
  + A failure to pass certificate blobs to wpa_supplicant has been
  + A failure to send the inner private key password to
    wpa_supplicant has been fixed.
  + nmcli now returns earlier when activating master interfaces.
  + nmtui password fields now correctly display the password.
  + The IPv6 hop limit is no longer mistakenly set to 0 in some
  + Some DHCPv6 failures are no longer fatal.
  + Handling of DHCP 'nak' and 'expire' states has been fixed in
    some cases.
  + WiFi band locking has been fixed.
  + Support for Bluetooth DUN with Bluez5 has returned.
  + Non-local users can now control networking after
    authenticating with PolicyKit.
  + Externally added routes no longer have their metrics
  + Some child interfaces (eg VPN or WWAN) are no longer
    deconfigured when recognized.
  + Support for the PrimaryConnection D-Bus property has been
  + IPv6 RDNSS/DNSSL forced expiration is now handled properly.
  + An invalid route to the DHCP server is no longer added in some
  + A crash when external master/slave changes were made has been
  + Various nmtui bugs for slaves, WiFi, and IP address buttons
    have been fixed.
  + DHCP no longer fails due to SIGPIPE when the systemd journal
    is restarted.
  + Unmanaged slaves are now updated correctly when they
  + Cooperation with external team interfaces has been fixed.
  + Bridge STP property ranges are now properly checked.
  + Manager state is now properly updated on resume.
  + Slave interfaces are no longer released on exit.
  + Static IPv6 configuration is now added before SLAAC is
  + Allow shared connections to be started without a carrier.
  + A crash when disconnecting older Nokia phones has been fixed.
- Drop patches incorporated upstream:
  + 0001-core-don-t-auto-launch-logind-bgo-741572.patch.
  + NetworkManager-dhcpv6.patch.
- Add NetworkManager-dhcpv6.patch: dhcp: let dhclient handle
  requesting the 'server-id' option (boo#912315).
- Add 0001-core-don-t-auto-launch-logind-bgo-741572.patch: do not
  trigger logind start on system startup to avoid deadlock
- Handle NetworkManager-dispatcher.service using the systemd
- Enable NetworkManager-dispatcher.service in %post: as this is a
  dbus service, the 'systemd unit' must be enabled in order to be
  fired up.
- Update to 0.3.29
- replace env ruby path with native ruby path during build phase
- Recognize more formats when parsing .curlrc for proxy credentials (bsc#1155027)
- Add rpmlintrc to filter false-positive warning about patch not applied
- Update to 0.3.27
- SUSEConnect now ensures that it writes its configuration when it
  encounters errors. This helps in the situation where SUSEConnect
  announces itself, but fails during a later step. Without the saved
  configuration, a system could have credentials, but be unsure which
  registration proxy they're valid for.
- Update to 0.3.26
  - Extend the YaST API in order to access to the package search
    functionality (jsc#SLE-9109)
- Don't fail de-activation when '-release' package already got removed
- Update to 0.3.25
- Fix cloud_provider detection on AWS large instances (bsc#1160007)
- Update to 0.3.24
- Forbid de-registration for on-demand Public Cloud instances (bsc#1155911)
- 0.3.23
  fix .spec file to correctly apply switch_server_cert_location_to_etc.patch to SLE15SP2+ (bsc#1130864)
- Update to 0.3.22
  switch_server_cert_location_to_etc.patch: add patch to switch server cert path for SLE15.2+ to /etc (bsc#1130864)
- Update to 0.3.21
  Fix error on first activation of packagehub extension (bsc#1124318)
- Update to 0.3.20
- Fix getting the list of installed products when zypper plugins are
  present (bsc#1143635)
- Update to 0.3.19
  - Fix failing on registered system without arguments (bsc#1144020)
- Update to 0.3.18
- Fix base product service removal during de-registration in public clouds (bsc#1136752)
- Update to 0.3.17
  - Don't try to remove a service during migration if a zypper service
    plugin already exists (bsc#1128969)
- Replace --no-ri --no-rdoc with --no-document - these options
  are obsolete since at least ruby 2.1 - and finally removed in
  ruby 2.6
- Only overwrite --bindir on fedora, it will overwrite --buildroot
  (which needs to be combined on newer fedoras)
- Update to 0.3.16
  - Show non-enabled extensions with a remark about availability
- Update to 0.3.15
  - Output information about registration and de-registration progress
- Output proper message when SUSEConnect is called without parameters (bsc#959561)
- Default to https URI when no protocol prefix is provided for --url
- Support transactional-update systems (fate#326482)
- Changed "/openssl"/ recommendation to "/openssl(cli)"/
  on SLE 12 SP3+ and SLE 15+ (bsc#1101470).
- Update to 0.3.14
  - Fix s390 activation fails due to unavailable 'dmidecode' bsc#1112702
- Update to 0.3.13
  - Fix migration targets sorting (bsc#1104183)
- Update to 0.3.12
  - Detect if system is in cloud provider (AWS/Google/Azure)
  - Don't fail when trying to parse an empty body. Fixes bsc#1098220
  - Don't install release packages if they are already present
- Fix .spec file for running SUSEConnect on Fedora28
- Weaken dependencies of rmt-client-setup script to Recommends:
- Enhance error message generation
- Add not supported operation exception to PackageSearch API
- Update to 0.3.11
- Add dependencies needed by the rmt-client-setup script. bsc#1093658
- Prevent the automatic registration of recommended products that
  are not mirrored by the registration proxy.
- Update to 0.3.10
  - Fix rollback mechanism on SLE15 systems (bsc#1089320)
- Update to 0.3.9
  - Enable access to package search via gem
  - Don't try to delete directory of nonexistent service files
- Update to 0.3.8
  - Fix list-extensions to show the full SLE 15 tree (bsc#1064264)
  - Enable automatic activation of recommended extensions/modules
  - Automatically deregister all installed extensions/modules when
    deregistering a system
- Repackage gem
- Remove unnecessary .gz files
- Update to 0.3.7
  - virt-create-rootfs connects to SMT server without breaking (bsc#914297)
- Update to 0.3.6
  - Make target_base_product parameter mandatory.
- Update to 0.3.5
  - Add YaST.system_offline_migrations
- Update to version 0.3.4:
  - Packaging improvements (bsc#964013)
- Update to version 0.3.3:
  - Fix SLE15 build
- Properly refresh zypper services when deactivating a product on SMT (bsc#1047153)
- Update to 0.3.2:
  - Fix --namespace parameter persistence (bsc#1044493)
- Update to 0.3.1:
  - Fix license auto-agree issue (bsc#1037783)
  - Add missing archs to SLE 12 SP3 build target
- Update to 0.3.0:
  - Single product deactivation feature (fate#320572)
- Update to 0.2.43:
  - RPM spec fix for openSUSE:Factory rpmlint compliance (bsc#1028660)
- Update to 0.2.42:
  - Better error message for network request failure (bsc#982630)
  - Fix error message for --product with malformed identifier (bsc#1018190)
  - Fix some errors and formatting in manpages and help output
- Update to 0.2.41:
  - Better error message for --list-extensions on unregistered systems
- Update to 0.2.40:
  - Update man page to include the --list-extensions option (bsc#998583)
- Update to 0.2.39:
  - Fix for bnc#990475: support for aarch64 hardware info
- Update to 0.2.38:
  - Fix for bnc#975484: better error message if SMT is too old
- Update to 0.2.37:
  - Add method to YaST class to get Installer-Updates repositories (fate#319716).
- Update to 0.2.36:
  - Fix for bnc#973851: More flexible exit codes handling in internal zypper calls
- Update to 0.2.35:
  - Fix for bnc#973315: Direct update from <=0.2.27 does not remove /usr/bin symlink
- Update to 0.2.34:
  - Fix for bnc#963996: Do not crash on --list-extensions when connected to SMT
  - Fix for bnc#968245: Do not let zypper attempt to read products from remote locations
- Update to 0.2.33:
  - Re-add SUSEConnect binary to /usr/sbin (bnc#963080)
  - Use `--match-exact` when searching for a product (bnc#952804)
  - Fix fonts on xterm (bnc#957354)
- Update to version 0.2.32: Remove unneeded link in %post which caused a warning (bnc#946183)
- Update to version 0.2.31 (bnc#946183)
  - Drop url-implies-writeconfig.diff; it is included in upstream since commit 2ef5aa
  - Correct RPM group
  - Include SCCcredentials file as a ghost entry
  - Further packaging improvements
- Update to version 0.2.30
  - New packaging spec. One `SUSEConnect` package to rule them all (bnc#951671)
  - Update manpages to match the latest CLI options
- Update to version 0.2.29
  - bnc#954266 Silently ignore malformed lscpu lines instead of failing
- Update to version 0.2.28
  - Properly handle empty repository lists from zypper (bnc#951566)
- Update to version 0.2.27
  - Do not install recommended dependencies when installing the product release package (bnc#945462)
  - Addd --rollback option (fate#319114)
- Update to version 0.2.26
  - zypper migration extremly slow with lot of modules and extensions registered (bnc#945462)
- Update to version 0.2.25
  - Solves Allow registration without system uid (dmidecode fails on qemu system) (bnc#934582)
- bnc#949424 ensure version of SUSEConnect is bumped in order to be
  able to distinct requests from affected YaST version in SCC API
- Update to version 0.2.24
  - Bug 943451 - [Migration] failure when "/zypper search"/ returns empty list
  - Bug 946488 - Synchronization API call returns "/no implicit conversion of Symbol into Integer"/ error
  - Bug 941565 - zypper migration not using --releasever
  - Bug 945462 - zypper migration extremly slow with lot of modules and extensions registered
- Update to version 0.2.23
  - Improve hwinfo detection on physical s390 systems
  - Bug 939293 - [S390] Error: Registration failed. Undefined method 'strip' for nil:NilClass (bnc#939293)
- Update to version 0.2.22
  - Migration rollback (fate#319114)
  - [Migration rollback] zypper migrate: baseproduct mismatch (bnc#941303)
- Update to version 0.2.21
  - Escape parameters of remove and add_repository methods
- Update to version 0.2.20
  - Add find_products method to migration abstraction layer fate#319140
  - Fix add_service method which also creates the credentials files
- Update to version 0.2.19
  - Introduction of migration abstraction layer for migration script
  - Clean up and re-factoring of yast abstraction layer
- Update to version 0.2.18
  - Improve SUSEConnect error messages
  - New --cleanup option (remove old system credentials and all zypper services installed by SUSEConnect)
  - New --namespace option (forward SMT staging environment to proxy registration server)
- Update to version 0.2.17
  - Added migrations endpoint support for Yast
  - Use C locale for all the syscalls (solves output parsing issues in some locales)
  - Stripping UUID from SCC API calls if it is not settable
  - Moved examples from gist to project
- Update to version 0.2.16
  - In case of wrong regcode provide meaningful message back to
    the user (Wrong regcode in that case).
- Update to version 0.2.15
  - Always write config file when --url parameter used (bnc#900689)
- Add patch git-33-d12420cc66e6d26a9dff6c0e86e00de232151c82.patch
  * Avoid semicolon within (t)csh login script on S/390.
- Add patch git-21-0064ecd132c30a939125acbc5b9a1c7bcd180fa0.patch
  * add screen.xterm-256color to DIR_COLORS
- Add patch git-22-f5e90d70d119b6aa12d019947029f9337aec378d.patch
  * check for Packages.db and use this instead of Packages
- Add patch git-23-8f1fe28287466235ade9c62fa5995eba9e642660.patch
  * Rename path() to _path() to avoid using a general name.
- Add patch git-24-2de52ae391e2963eb1913183a6b0530c7e781b55.patch
  * DIR_COLORS add TERM rxvt-unicode-256color (bug#1006973)
- Add patch git-25-287cf7cb851c0636fa46a610015d2d22ad36acea.patch
  * sort TERM entries in etc/DIR_COLORS
- Add patch git-26-0c2f2340cc6ebb51f20b36e550adc517a6b2ae42.patch
  * DIR_COLORS: merge TERM entries with list from (bug#1006973)
- Add patch git-27-abf7927eebbd4d7f47a362d49ae7856520682c49.patch
  * refresh_initrd call modprobe as /sbin/modprobe (bug#1011548)
- Add patch git-28-3351bcc9613ba022503103e7e4ffd01e7bd8e0fd.patch
  * etc/profile add some missing ;; in case esac statements
- Add patch git-29-5220a5f6ba250503ccda326e65ca069d245a5ebe.patch
  * profile and csh.login: on s390x set TERM to dumb on serial console
    for sclp_line0 and ttyS0 console (bug#1153946)
- Add patch git-30-b9dd70f33a124556f16dbbafc89585a82218ad61.patch
  * backup-rpmdb: exit if is there and running
- Add patch git-31-52dc403d54f2c926ee5cc892d1a8a830a45d7412.patch
  * also add color alias for ip command, jira#sle-9880, bsc#1153943
- Add patch git-32-0ee79834ea9ebf6573a7b903f374c21e53a56c14.patch
  * alias.bash check if ip command knows color=auto (jsc#SLE-7679)
- Add patch git-19-1149066a54a372b30b7cbd79cd222e11d96dc984.patch
  * Not all XTerm based emulators do have an terminfo entry (boo#1087982)
- Add patch git-20-6452441f2054b4b290c089ce6269889993b95fc1.patch
  * Better support of Midnight Commander (bsc#1170527)
- Add patch git-16-ed897a1090cafb678f75dbed8802bd671d3c1921.patch
  get_kernel_version: fix for current kernel on s390x (from azouhr)
  (bsc#1151023) (bsc#1139939)
- Add patch git-17-fe967bddbd74af9aba435900878397c0c7ea0b0b.patch
  added "/-h"//"/--help"/ to "/old"/ command (from Bernhard Lang)
- Add patch git-18-bb11f02d5dd940803c08d25b0cfd3650d9de7d41.patch
  change feedback url from to
- Add patch git-15-27e2c6180a45cca63d71ffa5de7b32dec749d2cd.patch
  change rp_filter to 2 to follow the current default (bsc#1160735)
- Add patch git-14-12023f2e8aae5b2ac3a895301945566b9f5eb9c3.patch
  drop dev.cdrom.autoclose = 0 from sysctl config (bsc#1160970)
- Clear broken ghost entry in patch
  which breaks (lib)readline (bsc#1157278)
- Add patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  Use official key binding functions in inputrc
  that is replace up-history with previous-history, down-history with
  next-history and backward-delete-word with backward-kill-word
  (bsc#1084934).  Add some missed key escape sequences for urxvt-unicode
  terminal as well (boo#1007715).
- Add patch git-12-80d14205f913cc67a98c562f988ea700a56c369b.patch
  * service: check if there is a second argument before using it
- Add patch git-11-b20083a930f766939f47dddc66d089c9fee5d38a.patch
  * check if variables can be set before modifying them
    to avoid warnings on login with a restricted shell
- Add patch git-08-9875dffab3ddda0c3e8399f935f059246c961f2a.patch
  * Add s390x compressed kernel support (bsc#1151023)
- Add git-09-c6cd010dd8b6efddd71c30f00a923d8f2537584c.patch
  * Fix LC_NAME and LC_ADDRESS in sh.ssh
- Add patch git-10-43091e644ff54997468a215b891dcaa75173f133.patch
  * fix string test to arithmetic test in /etc/profile.d/
- Add patch git-07-82a17f1689e8957635c8ccaae7c9b3bff7f94d49.patch
  * add sysctl.d/51-network.conf to tighten network security a bit
    see also (boo#1146866) (jira#SLE-9132)
- Add patch git-06-8640f848c6677f1149b9765a8c86135956604007.patch
  * Make systemd detection cgroup oblivious (bsc#1140647)
    systemd can work in three exclusive cgroup modes: legacy, hybrid and
    unified. The mode affects where and what cgroup hierarchies are mounted.
    detect running systemd as systemd itself does it
    (src/libsystemd/sd-daemon/sd-daemon.c, function sd_booted)
- Add patch git-05-ae2a49183ba0ad9dff6b8c1efd4de076bd34ab0f.patch
  * /etc/profile does not work in AppArmor-confined containers
- Add patch git-04-b66cf03e673e84902ce0330f88f84f4fbdc8c9e9.patch
  * Restore old position of ssh/sudo source of profile
    for bug bsc#1118364 but hopefully do not reintroduce
    bug boo#1088524
- Add patch git-03-00d332a443062395957f422c89eaed9d0979ec00.patch
  * update logic for JRE_HOME env variable (bsc#1128246)
- Add patch git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch
  Let bash.bashrc work even for (m)ksh (boo#1104531)
- Add patch git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch
  No error at login if java system directory is empty (bsc#1102310)
- Update to version 84.87+git20180409.04c9dae:
  * In bash.bashrc move ssh/sudo source of profile to avoid removing
    the `is' variable before last use (boo#1088524).
  * Avoid the shell code checker stumble over `function' keys word
    in ls.bash (git#54).
- Use %license (boo#1082318)
- Update to version 84.87+git20180208.8eeab90:
  * Don't call fillup for removed
  * Adjust path for script converting sysctl config
  * For ksh use builtin keyword 'function' to make sure that the
    keyword 'typeset' really set the variable IFS to be local within
    the function _ls.
- Update to version 84.87+git20180205.2d2832f:
  * Move /lib/aaa_base/convert_sysctl to /usr/lib/base-scripts/convert_sysctl
    to cleanup filesystem.
  * Don't create /etc/init.d/{boot.local,after.local,halt.local} in
    aaa_base.pre section.
  * Remove dead code from pre/post install sections.
- Add /var/adm/backup subdirectories to aaa_base-extras, they are
  only needed by this package.
- Update to version 84.87+git20180204.875cba8:
  * Move sysconfig.backup into extra subpackage, where all the
    scripts using it are, too.
  * Create systemd timer for the cron.daily scripts for backup-rpmdb,
    backup-sysconfig and check-battery. Move scripts to
  * Remove If somebody really still has a
    /root/cron.daily.local file, he can move it to /etc/cron.daily.
  * Don't modify data in root's home directory
  * Don't create userdel.local, this isn't in use since many years
- Update to version 84.87+git20180130.ae1f262:
  * Really remove /usr/sbin/Check, obsolete since 8 years
  * Remove ChangeSymlinks, 90% are obsolete, the rest is dangerous
  * Remove 14 year old outdated documentation and dummy scripts for
- Update to version 84.87+git20180130.36ea161:
  * Remove obsolete/outdated manual pages (route.conf.5,init.d.7,
- Cleanup PreReq and move some parts to Requires(post), so that
  we can deinstall them if we no longer need them
- Update to version 84.87+git20171201.65000be:
  * Revert changes on sysconfig language and make lang.(c)sh
    to use sysconfig language as fallback or better use
    locale.conf as default. See discussion in bsc#1069971
    and FATE#319454 as well
- Update to version 84.87+git20171130.974ac5c:
  * Better parsing of sh variable settings in lang.csh
- Update to version 84.87+git20171129.a45b936:
  * Remove RC_* variables from language sysconf template
    (bsc#1069971 as well as FATE#319454)
- Update to version 84.87+git20171128.945b960:
  * lang.(c)sh: catch if ROOT_USES_LANG becomes not set
- Update to version 84.87+git20171128.aa232d3:
  * Add wsl specific code to profile.d/wsl.csh
  * move wsl specific code from profile into profile.d/
  * Remove obsolete "/make package"/
- Update to version 84.87+git20171128.a6752e8:
  * lang.(c)sh: handle locale.conf if sysconfig does not
- lang.(c)sh: handle locale.conf if sysconfig does not provide
  default locale (bsc#1069971, FATE#319454)
- Update to version 84.87+git20171128.17ae554:
  * Check for /proc/version before using it
  * Remove legacy code for /proc/iSeries
  * Move fillup-templates to /usr/share (boo#1069468)
- Fix installation of fillup-templates.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- use TW versioning, 13.2 is misleading
- Update to version 84.87+git20171120.d36b8b1:
  * Fix double sourcing of /etc/bash_completion.d
  * create in /etc/profile.d to set umask in WSL
  * Add support for /usr/bin/fish (boo#1068840)
  * Get mixed use case of service wrapper script straight (bsc#1040613)
- Update to version 13.2+git20170828.8f12a9e:
  * profile: don't override PATH in WSL
  * Remove passwd, group and shadow files. Remove %ghost entry for
    /run/utmp, /var/log/wtmp and /var/log/btmp, systemd is taking
    care of them
  * Remove run/utmp, too.
- Update to version 13.2+git20170814.cc9e34e:
  * Unset id in csh.cshrc instead of profile.csh (bsc#1049577)
  * Restore the is variable within /etc/profile
- Update to version 13.2+git20170731.c10ca77:
  * Fix csh.cshrc as tcsh does not handle stderr
  * Do not set alias cwdcmd for experts (boo#1045889)
  * unset unused variables on profile files (bsc#1049577)
  * Deprecate DEFAULT_WM in sysconfig.windowmanager
- Fix csh.cshrc as tcsh does not handle stderr messages within {}
  well (boo#1044876)
- Fix copy+paste error in /etc/csh.login boo#1043560
- Support changing PS1 even for mksh and user root (bsc#1036895)
- Be aware that on s390/s390x the ttyS0 is misused
- Reset extended screen TERM variables if no terminfo
- Better status line support even for tcsh
- Modernize /etc/ttytype as tset of ncurses use it
- Off application keypad (keyboard transmit) mode
- Missed a meta prefix in new inputrs.keys
- More 8bit key escape control sequences for XTerm
- Do not set INPUTRC as readline does know personal as well as system
  inputrc also make /etc/inputrc do set know sequences for both vi
  line editing modes as well as for emacs line editing mode.
- Do remove patch aaa_base-13.2+git20170308.c0ecf2e.dif not
  only from package but also from spec file
- Update to version 13.2+git20170425.47e703a:
  * Add Enlightenment to the list of windowmanagers
  * Add a number of audio/video formats to be colorized
  * Revert "/Avoid NAT on Bridges. Bridges are L2 devices, really."/
  * aaa_base.pre: drop some system users from aaa_base and create them in the respective packages: bin,daemon,news,uucp,games,man
  * Remove /var/log/faillog, there no application using this left [bsc#980484]
  * Remove users and groups sys, mail, lp, wwwrun, ftp and nobody
- Make lang.csh work again (bsc#1025673)
- Update to version 13.2+git20170306.3deb627:
  * aaa_base.pre: drop some system users from aaa_base and create
    them in the respective packages: bin,daemon,news,uucp,games,man
- Update to version 13.2+git20160915.106a00d:
  * enhance comment for NO_PROXY variable (bsc#990254)
  * Fix spelling of SUSE (skipped copyright statements - they need more thoughts)
  * fix regression introduced by fix for bnc#971567 (bnc#996442)
- Correct logic error in usage of variable restricted (boo#994111)
- enhance comment for NO_PROXY variable (bsc#990254)
- Update to version 13.2+git20160807.7f4c8c4:
  * switch IPv6 privacy extensions (use_tempaddr) back to 1
  * history see bsc#678066,bsc#752842,bsc#988023,bsc#990838
- Do not use the = sign for setenv in /etc/profile.d/lang.csh
- Follow the bash manual page that is respect --norc and --noprofile
- Update to version 13.2+git20160609.bf76b13:
  * Mark scripts /etc/init.d/{boot.,after-,halt.}local as deprecated
-, lang.csh: if GDM_LANG equals system LANG then use system defaults
- Update to version 13.2+git20160530.bd5210c:
  + Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#958295)
  + Remove spurious assignment to unknown variable term from /etc/inputrc
  + chkconfig: return 1 trying to list unknown service (bnc#971567)
  + chckconfig: add --no-systemctl option
  + fix typo in last patch (no-systemctl support for chkconfig)
  +, lang.csh: allow GDM to override locale
  + There is no kde4 anymore
  + Removed '/usr/bin/X11' from PATH (boo #982185)
- fix typo in last patch (no-systemctl support for chkconfig)
- chckconfig: add --no-systemctl option
- chkconfig: return 1 trying to list unknown service (bnc#971567)
- Merge pull request #26 from andreas-schwab/master
- Remove spurious assignment to unknown variable term from /etc/inputrc
- Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#567324)
- Update to version 13.2+git20151221.244f2a3:
  + drop old dns6 hack migration from 2002
  + remove more dropped variables
  + make chkconfig -a/-d work (bsc#926539)
  + avoid recursion if systemd call chkconfig back for sysv units
  + fix non-working line breaks
- make _service generate .changes
- Replace UNICODE double dash with simple ASCII single dash (boo#954909)
- Use the `+' for find's -exec option as this also respects white
  spaces in files names but is more like xargs.  Respect status
  of screen sessions.
- trigger also if only files changed
  that have spaces in their name (bnc#915259)
- sysconf_addword: do not insert spaces at start of string (bnc#932456)
- Merge pull request #19 from super7ramp/cleaning-references-to-suseconfig
  - drop references to sysconfig/suseconfig
  - drop SCANNER_TYPE variable
- Merge pull request #25 from ptesarik/master
- Enable SysRq dump by default
- Revert "/fix /etc/init.d/foo status return code (bnc#931388)"/
- Merge pull request #23 from bmwiedemann/master
- fix /etc/init.d/foo status return code (bnc#931388)
- xdg-environment: reduce list in /opt/* to gnome,kde4,kde3 (bnc#910904)
- add SOCKS5_SERVER and socks_proxy to proxy settings (bnc#928398)
- Simplify version check
- Handle also command lines starting with the env command
  as this is used by gnome xsessions (bsc#921172)
- Correct the boolean in /etc/profile.d/
- Even if GDM has done language setup the personal ~/.i18n should
  be sourced (boo#567324)
- Remove the official patch for fate#314974 as now part of systemd
- Merge pull request #21 from arvidjaar/bnc/907873
- Avoid sourcing /etc/bash_completion.d twice
- Fix spelling of SUSE
- Add the official patch for Fate#314974 (bnc#903009)
- test: Add helper library to fake passwd/group files
- quote: escape literal backslashes (bsc#953659).
- Added patch:
  * 0001-test-Add-helper-library-to-fake-passwd-group-files.patch
  * 0002-quote-escape-literal-backslashes.patch
- refresh acl-2.2.52-tests.patch to work with perl 5.26
- BuildRequires gettext-tools-mini instead of gettext-tools: as
  acl is part of the bootstrap, we want to try to keep the dep
  chain as small as possible.
- Remove --with-pic that's just for static libraries.
- Replace %__-type macro indirections.
  Replace old $RPM_ by their macro equivalents for consistency.
  Make the macro style consistent across the file again.
- reenable full Larg File Support for i586
- Make it possible to disable tests (for Ring0)
- Add BuildRequires: system-user-daemon for the testsuite
- Add BuildRequires for system user bin needed by test suite
- Update to git snapshot dated 21 Sep 2015.
  - Added:
  * 0001-Install-the-libraries-to-the-appropriate-directory.patch
  * 0002-setfacl.1-fix-typo-inclu-de-include.patch
  * 0003-test-fix-insufficient-quoting-of.patch
  * 0005-Bad-markup-in-acl.5-page.patch
  * 0007-Use-autoreconf-rather-than-autoconf-to-regenerate-th.patch
  * 0008-libacl-Make-sure-that-acl_from_text-always-sets-errn.patch
  * 0009-libacl-fix-SIGSEGV-of-getfacl-e-on-overly-long-group.patch
  * 0010-punt-debian-rpm-packaging-logic.patch
  * 0011-move-gettext-logic-into-misc.h.patch
  * 0012-test-make-running-parallel-out-of-tree-safe.patch
  * 0013-modernize-build-system.patch
  * 0014-po-regenerate-files-after-move.patch
  * 0015-build-drop-aclincludedir-use-pkgincludedir.patch
  * 0016-build-make-use-of-an-aux-dir-to-stow-away-helper-scr.patch
  * 0017-build-ship-a-pkgconfig-file-for-libacl.patch
  * 0018-read_acl_-comments-seq-rename-line-to-lineno.patch
  * 0019-read_acl_-comments-seq-switch-to-next_line.patch
  * 0020-telldir-return-value-and-seekdir-second-parameters-a.patch
  * 0021-mark-libmisc-funcs-as-hidden-so-they-are-not-exporte.patch
  * 0022-add-__acl_-prefixes-to-internal-symbols.patch
  * 0023-cp.test-Check-permissions-of-the-right-file.patch
  * 0024-libacl-acl_set_file-Remove-unnecesary-racy-check.patch
  * 0025-fix-compilation-with-latest-xattr-git.patch
  * 0026-getfacl-Fix-memory-leak.patch
  * 0027-Fix-the-display-block-nesting-in-acl.5.patch
  * 0028-setfacl-man-page-Minor-wording-improvements.patch
  * 0029-getfacl-Fix-minor-resource-leak.patch
  * 0030-Do-not-export-symbols-that-are-not-supposed-to-be-ex.patch
  * 0031-walk_tree-mark-internal-variables-as-static.patch
  * 0032-ignore-configure.lineno.patch
- Signficant spec file restructuring due to 0013-modernize-build-system.patch
- removed
- Reduce size of filelist by using wildcards;
  remove %doc (some locations are always %doc),
  remove %attr (files already have proper permissions)
- add acl-2.2.52-tests.patch and enable tests, check section taken
  from Fedora package
- remove gpg-offline calls from bootstrap package
- Update to new upstream release 2.2.52
  * This release fixes a few build system issues that were found and
  merges in a tree walking bug fix.
- Remove acl-fiximplicit.patch (merged upstream),
  config-guess-sub-update.diff (no longer applies)
- Sync baselibs.conf with in-.spec obsoletes/provides.
- add gpg checking
- use source url
- Add config-guess-sub-update.diff:
  update config.guess/sub to latest state for AArch64
- Use OS byteswapping routines, application already Includes
  "/endian.h"/ but then goes ahead defining ad-hoc equivalent
  functionality (0001-Use-OS-byteswapping-macros.patch)
- remove useless automake deps
- patch license to follow standard
- license update: GPL-2.0+;LGPL-2.1+
  SPDX format
- add automake as buildrequire to avoid implicit dependency
- Fix provides/Obsoletes
- Implement shlib package (libacl1)
- Enable libacl-devel on all baselib arches
- upgrade to 2.2.51
  - Test fixes
- upgrade to 2.2.50
  - OPTIONS in man pages should be a section heading, not a subsection heading
  - Fix a typo in the setfacl man page
  - setfacl: Clarify that removing a non-existent acl entry is not an error
  - Prevent setfacl --restore from SIGSEGV on malformed restore file
  - setfacl: make sure that -R only calls stat(2) on symlinks when it needs to
  - libacl: fix potential null pointer dereference
  - setfacl: fix restore crash on malformed input
  - setfacl: print useful error from read_acl_comments
  - setfacl: changing owner and when S_ISUID should be set --restore fix
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- readded incorrectly removed libattr-devel requires in -devel
- fixed implicit strchr() usage.
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.2.48
  - Document the new flags comments
  - Include the S_ISUID, S_ISGID, S_ISVTX flags in the getfacl output, and restore them with "/setfacl --restore=file"/.
  - Make sure that getfacl -R only calls stat(2) on symlinks when it needs to
  - Stop quoting nonprintable characters in the getfacl output
  - Avoid unnecessary but destructive chown calls
  - Clarify license notice
- Yet more fixes for the crash with dmix plugin (bsc#1181194):
- Backport upstream fixes:
  yet more PCM plugin fixes, topology fixes/cleanups, UAF fix in
  UCM (bsc#1181194):
- Backport upstream fixes:
  a PCM plugin regression fix about snd_pcm_status() call, plugin
  directory handling fixes, missing audio timestamp types,
  use-after-free fix for conf parser, PCM plugin delay account fixes,
- Update to alsa-lib 1.2.4:
  Major updates, including previous patches.
  Documentation updates, PCM optional lockless, meter and iec958
  plugin updates, UCM updates, topology API updates, LTO fixes, etc.
  See the details in
- Drop the superfluous udev rules for HD-audio;
  it's already handled in the kernel properly
- Drop obsoleted patches:
- Placeholder for SLE15-SP3 sync (bsc#1171246):
  the actual fix is found in alsa-ucm-conf updates
- Enable topology support for riscv64
- Enable topology support for aarch64
- Backport upstream fixes:
- Build topology library conditionally;
  currently it's supported only for little-endian
- Update to alsa-lib
  another bug fix release: control namehint fixes, PCM dnsoop fixes,
  UCM regression fixes, etc.  See the details in
- Update to alsa-lib
  a bug fix release, see the detailed changes at:
- Update to alsa-lib 1.2.3:
  including previous fixes, see the detailed changes at:
- Drop obsoleted patches:
- Revert a problematic namehint change (boo#1171044)
- Backport upstream fixes:
  fixes for PCM rate plugin, draining fix, topology parameter parser
  fix, USB device name for UCM:
- Backport recent upstream fixes:
  topology API fix, UCM fixes/improvements, config fixes, chmap
  support in route plugin, timestamp type fix for dmix:
- Update to alsa-lib 1.2.2:
  including previous fixes
- Backport recent upstream fixes:
  conf updates, PCM ordering fix, configure fix;
- Drop obsoleted patches:
- Backport upstream fixes:
  ucm-parser fixes and enhancements, configure script cleanup,
  fixes of 5.6 kernel ABI, O_CLOEXEC flag fix:
- Backport upstream fixes:
  more topology fixes, a memory leak fix in mixer API, alsactl
  string handling fix, UCM config fixes:
- Remove INSTALL document, add NOTES instead
- Upstream fixes, including the alsa-tools build breakage:
- Update to alsa-lib
  More UCM and UCMv2 fixes / enhancements, details are found in
- Obsoleted patch:
- Fix the detection of topology library in alsa.m4:
- Update to alsa-lib
  * Minor fixes spotted by coverity
  * Fixes for UCM parser regressions
- Update to alsa-lib 1.2.1: including previous fixes
  for the detailed changes, see the following:
  The topology-related code is split into subpackages,
  libatopology2 and alsa-topology-devel.  The topology config is
  also moved into another package, alsa-topology-conf, which is
  required by alsa-topology-devel package.
  Also, the UCM profiles are moved into an individual package,
  alsa-ucm-conf, too, which is now required by alsa package.
- Drop obsoleted upstream patches:
- Disable LTO completely (boo#1149612);
  the versioned symbols in alsa-lib doesn't seem work properly on
  some apps
- Remove hackish modprobe install scripts for auto-loading OSS and
  sequencer modules (bsc#1136562);
  it's invoked from systemd unit file included in alsa-utils now
- Backport upstream fixes:
- Drop the downstream CX2072X UCM profile, which is replaced with
  upstream patches above
- Re-enable LTO (bsc#1133086);
  we need to pass -flto-partition=none as a workaround
- Update to version 1.1.9: including previous fixes
  for detailed changes
- Dropped obsoleted patches:
- Move definition of _lto_cflags into %build.
- Disable LTO (boo#1133086).
- Backport upstream fixes: PCM sw_params behavior fix, UCM additions and
  corrections, dshare position overflow fix, build fixes for Android:
- Drop -Iinclude/alsa from alsa.pc (bsc#1130333)
- Replace unspecific historic boilerplate summaries,
  and replace $RPM_* shell vars.
- Update to alsa-lib 1.1.8
  * Core:
    conf: rename snd_conf_load1() to _snd_config_load_with_include()
    conf/ucm: bytcht-es8316: Add long-name UCM profiles
    conf/ucm: Add UCM profile for bytcht-es8316 boards
    Create shared {En,Dis}ableSeq.conf components for rt5645 variants
    conf/ucm: bytcr-rt5651: Add bytcr-rt5651-stereo-spk-dmic-mic config
    conf/ucm: kblrt5660: Add ucm setting for Dell Edge IoT platform
    conf/ucm: chtrt5650: Add UCM config for chtrt5650
    ucm: Set default include path
    conf: Move UCM profile snippets into components subdirectory
    initial version of .travis.yml file
  * Control API:
    control: fix the assert() in snd_ctl_elem_set_bytes
  * PCM API:
    pcm: ioplug: Fix the regression of pulse plugin drain
    pcm: extplug: Keep format and channels the same if requested
    pcm: dshare: Fix segfault when not binding channel 0
    pcm: dmix: Add option to allow alignment of slave pointers
    pcm: interval: Interpret (x x+1] correctly and return x+1
  * Use Case Manager API:
    conf: rename snd_conf_load1() to _snd_config_load_with_include()
    ucm: Set default include path
    conf: Move UCM profile snippets into components subdirectory
  * Configuration:
    conf: rename snd_conf_load1() to _snd_config_load_with_include()
    conf/ucm: bytcht-es8316: Add long-name UCM profiles
    conf/ucm: Add UCM profile for bytcht-es8316 boards
    Create device component for rt5645 Internal Analog Mic UCM
    Factor out rt5645 variants Headset+Digital Mic UCM shared {en,dis}able sequences
    Factor out rt5645 variants Speaker+Headphones shared UCM enable sequences
    Create shared {En,Dis}ableSeq.conf components for rt5645 variants
    Update chtrt5645 ucm variants to use bytcr/PlatformEnableSeq.conf component
    conf/ucm: bytcr-rt5651: Document mono speaker wiring
    conf/ucm: bytcr-rt5651: Add bytcr-rt5651-stereo-spk-dmic-mic config
    conf/ucm: bytcr-rt5651: Add digital mic support
    conf/ucm: bytcr-rt5651: Add support for a headset-mic on IN2
    conf/ucm: bytcr-rt5651: Enable Stereo? ADC MIXL ADC? switches when enabling inputs
    conf/ucm: kblrt5660: Add ucm setting for Dell Edge IoT platform
    conf/ucm: chtrt5650: Add UCM config for chtrt5650
    ucm: Set default include path
    conf: Move UCM profile snippets into components subdirectory
    conf: USB-Audio: Add Dell WD19 Dock in the IEC958 blacklist
    conf/ucm/Dell-WD15-Dock: Fix incorrect device names
  * Documentation: add link to
    initial version of for github
  * External PCM Filter Plugin SDK:
    pcm: extplug: Keep format and channels the same if requested
  * Test/Example code:
    test/audio_time: remove unused variables
    test: rename code to more approriate mixtest
    test/code: make it work again
    test/latecy: fix typo in tstamp compare
  * Utils:
    utils/alsa.m4: conditionally enable libdl in AM_PATH_ALSA m4 macro
- Drop obsoleted patches:
- Remove obsoleted UCM profile for rt5640
- Don't treat the non-existing $ALSA_CONFIG_PATH too severely
- Backport upstream fix for a PCM regression for audacity
- Fix the incorrect UCM profile for Dell WD15 dock (bsc#1112292):
- Updated to alsa-lib 1.1.7:
  * change the location for add-on configs to /etc/alsa/conf.d
  * topology: Fix bclk and fsync inversion in set_link_hw_format()
  * topology: Add missing clock gating parameter when parsing hw_configs
  * topology: Add definitions for mclk_direction values
  * topology: Add alias conf parameter names for hw_configs
  * softvol: Allow up to 90 dB of gain
  * ucm: adding the folder of card_long_name when finding verb conf file
  * TLV macro cleanup and fixes
  * conf: USB-audio: Fix for Xonar U7 SPDIF device
  * pcm: add missing flags initialization for the fallback control data
  * pcm ioplug: fix some coverity issues
  * pcm: dmix: Fix hwptr updates at status call
  * New UCM files: bytcr-rt5640, chtnau8824, Dell WD-dock
  * UCM fixes: VEYRON-I2S, bytcr-rt5645, bytcr-rt5651, bytcr-rt5640,
  * Comment fixes
  * pcm: Define refine mask bits for DSD
  * pcm: snd_interval_refine_first/last fix
  * pcm: ioplug: Provide avail helper function for plugins
  * pcm: rate: Add error check for snd_pcm_avail_update()
  * pcm: Fix header guard in pcm_plugin.h
  * pcm: ioplug: Transfer all available data
  * control_hw: Fix issue when applying seccomp policy
  * seq: Fix signedness in MIDI encoder/decoder
- Remove obsoleted patches:
- Backport UCM fix and new profiles from upstream (bsc#1091678):
- Avoid the use of license tag for old distros for fixing build
- Updated to alsa-lib 1.1.6:
  * Change FSF address (Franklin Street)
  * pcm: route: Fix use_getput flag computation for 3 byte formats
  * test: correct emulation for channel-map TLV
  * Change snd_dlopen() function to return the error string
  * build extra mixer modules conditionally
  * do not enable alisp code by default
  * conf/ucm: Rearrange
  * conf/ucm: Add dual HD-audio codecs config for Lenovo
  * conf/ucm: Add Gigabyte mobo UCM profile with dual HD-audio codecs
  * asound.h: add SNDRV_PCM_FORMAT_{S, U}20
  * pcm: add and describe SND_PCM_FORMAT_{S, U}20
  * pcm: linear, route: handle linear formats with 20-bit sample on 4 bytes
  * pcm: plug: add SND_PCM_FORMAT_{S, U}20 to linear_preferred_formats
  * pcm: remove unused macros of COPY_LABELS/COPY_END
  * pcm: remove unused macros of GETU_LABELS/GETU_END
  * pcm: remove unused macros of NORMS_LABELS/NORMS_END
  * pcm: fix wrong comments for some cases of linear interpolation of PCM samples
  * topology: Fix to skip writing of header for compound elements
  * control: Proper reference of internal versioned functions
  * timer: Proper reference of internal versioned symbols
  * core: Proper reference of internal snd_dlopen()
  * conf/ucm: Add chtrt5645-mono-speaker-analog-mic configuration
  * pcm: Return the consistent error code for unexpected PCM states
  * pcm: Fix two bugs in snd_pcm_area_silence()
  * pcm: fix a bug to copy silent samples aligned to 64
  * pcm: another fix for the snd_pcm_area_silence() fast path
  * pcm: ioplug: Use boundary for wrap around
  * pcm: Do not access lock_enabled if thread safe API
  * pcm: ioplug: Provide hw_avail helper function for plugins
  * pcm: Provide areas_copy function which handles buffer wrap around
  * pcm: ioplug: update prepare and draining state correctly
  * topology: Fix parsing config with multiple hw_configs
  * pcm: hw: Keep control data from kernel when SND_PCM_APPEND
  * control ext: fix the default .rawmidi_next_device callback
  * modules: smixer_python - add support for python3
  * a set of fixes to reduce gcc warnings
  * pcm: Skip avail_min check during draining
  * pcm: ioplug: Implement proper drain behavior
  * conf: USB-Audio: Add second S/PDIF device on Phiree U2SX
- Remove obsoleted patches:
- Use %license file tag
- Add UCM profile for Baytrail CR with RT5460 (bsc#1083195)
- Upstream fixes:
  * Add the new ucm for Cherrytrail devices (bsc#1068546):
  * Fix for error code from PCM API functions at unexpected states:
- Recover udev 42-hd-audio-pm.rules for TW that was dropped
  mistakenly at the previous change
- Backport fix patches from upstream:
- Add missing UCM profile for chtcx2072x (bsc#1068546)
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Update to alsa-lib 1.1.5:
  * snd_user_file: avoid use wordexp
  * cleanup: fix poll.h includes
  * ctl: deprecate APIs of dimensional information
  * ctl: ext: error at undefined read_event() callback
  * pcm: softvol: add support for S24_LE
  * cleanup: Use uint*_t instead of u_int*_t everythwere
  * cleanup: fix poll.h includes
  * pcm: hw: Call USER_PVERSION ioctl at open
  * pcm: hw: proper mmap and set_appl_ptr handling
  * pcm: code cleanup and refactoring
  * pcm: obsolete 'mmap_emulation' parameter of snd_pcm_hw_open_fd()
  * pcm: dmix: Fix the inconsistent PCM state
  * pcm: dshare: Call snd_pcm_dshare_state() directly
  * pcm: dmix: Workaround for binary incompatibility
  * conf: Check the availability of PTHREAD_MUTEX_RECURSIVE
  * build: Define __USE_UNIX98 for old glibc
  * rawmidi: symbols: use rawmidi_virt only when available
  * seq: fix snd_seq_set_queue_tempo() usage example in the documentation
  * topology: a few fixes
  * conf/ucm: rt565 support
  * conf: HdmiLpeAudio: add support for 3 devices
  * conf: HdmiLpeAudio: remove the "/front"/ pcm definition
  * conf/ucm: DB410c-HiFi: add CIC selection
  * conf: USB-Audio: allow custom definitions for "/default"/ devices
  * conf: USB-Audio: fix dsnoop args for Audiophile USB card
- Update to alsa-lib it's a bug-fix release, including
  all previous patches:
  * pcm: dmix: Fix the inconsistent PCM state
  * pcm: dshare: Call snd_pcm_dshare_state() directly
  * pcm: dmix: Workaround for binary incompatibility
  * test: add a test for list operation to user-defined element sets
  * conf: Check the availability of PTHREAD_MUTEX_RECURSIVE
  * build: Define __USE_UNIX98 for old glibc
- Obsoleted patches:
- Update to alsa-lib 1.1.4: including most of previous fixes,
  in addition to topology API updates
- Upstream fix for building with old glibc:
- Obsoleted patches:
- Remove direct_memory_access flag from dmix definition again for
  fixing a regression used with old alsa-lib binary (boo#1037021):
- Disable dmix var_periodsize as default (boo#1033179)
- Workaround for binary incompatibility of dmix shm (boo#1033080):
- Backport upstream fix patches, including the deadlock fix for
  aplay/arecord (boo#1031525):
- Drop alsa-lib-doxygen-avoid-crash-for-11.3.diff as it was applied
  only in case of 11.3 and never else
- Use Requires(phase) instead of prereq string
- Use official %udevrulesdir macro instead of handbrew udevdir
- Version provides/obsoletes in devel pkg to avoid warning
- Remove hack that allowed build on SLE10
- Don't require insserv if we don't need it.
- Really bump the version number to 1.1.3 (sorry, forgot to change
  in Version tag).
- Update to alsa-lib 1.1.3 release;
  just including all previous fixes
- Drop obsoleted patches:
- Backport upstream fixes (bsc#1012594):
  - A few PCM bugs have been fixed:
  * Stall of dmix and others in a wrong PCM state
  * Refactoring of PCM locking scheme
  * SHM initialization race fix
  * plug PCM memory leaks
  * Improvement of dshare/dmix delay calculation
  * Fix endless dshare draining
  * Fix semaphore discard race fix of direct plugins
  - UCM fixes and updates for DB410c and skylake-r5286
  - Mixer code cleanup not to install bogus plugin codes
  - Documentation fixes / updates
- smixer module files got removed from the file list as well
- Update to alsa-lib v1.1.2:
  * topology API updates
  * support of stacked async handlers
  * new UCM configs: rockchip-i2s, skylake-i2s, chtrt5645,
  * add cset-tlv ucm support
  * fix conversion of TLVs min_db and max_dB value in softvol
  * fix appl pointer in the error path of PCM plugin
  * PCM code cleanup
  * fix suspend/resume of PCM dmix, dsnoop and dshare plugins
  * fix doubly enumerated items via namehint
  * make PCM codes thread-safe
  * API documentation enhancements
  * element-set ctl API
  * Optimization by replacing alloca() usages
- Drop obsoleted patches:
- Backport upstream fixes: fixing PCM dmix & co suspend/resume,
  namehint parser fixes, stackable async handler:
- Backport various upstream fixes for PCM (bnc#979702):
- Update to alsa-lib 1.1.1:
  * including previous fixes
  * a few more fixes/cleanup of control API
  * BSD compatibility changes
  * sync with 4.6 kernel ABI
  * provide API for sequencer sound card number / pid
  * fix races at dmix/dsnoop plugin
  * a few topology API updates
- Drop the obsoleted patches:
- Backports from upstream: minor PCM fixes, topology API updates,
  and a few build cleanup:
- Update to alsa-lib 1.1.0:
  including all previous fixes, with more updates for topology API,
  a fix for dmix/dsnoop slave PCM xrun, some build fixes /
- Fix the build with old gcc on SLE11:
- Dropped patches:
- Backport upsteram fixes: more topology API updates/fixes, misc
  documentation fixes, some logical error fixes in PCM plugins,
  LADSPA plugin segfault fix:
- Backport upstream fixes: surround41/50 chmap fix, UCM documents,
  config string fix, PCM timestamp query API, replacement of list.h
  with LGPL:
- Backport topology API addition patches:
- Enable autoreconf call to regenerate after patching
- Change libudev-devel BuildRequires to pkgconfig(udev): makes us
  less prone to packaging changes, and in the end udev.pc is
  exactly what we need to define _udevdir.
- Backport upstream fixes: fix bogus assert() in hw_params, a few
  PCM dmix/dshare/dsnoop fixes, enhacement of amixer, etc:
- Backport upstream fixes: UCM updates, Broadwell UCM support,
  namehint fixes, fix faulty assert in PCM plugins, etc:
- Updated to alsa-lib 1.0.29:
  Just a version bump including previous fixes
- Drop the obsoleted patches:
- Backport upstream fixes: new OXFW hwdep definition, chmap print
  overflow fix, improvement of UCM parser, GoogleNyan UCM config,
  removal of gethostbyname() usages:
- Suppress timestamps in the generated documents for make the
  package comparison easier:
- Backport upstream fixes:
  A couple of USB-audio config addition/fix, dmix PCM stop fix,
  a memory leak fix, DSD format endianess fix, PCM timestamp fixes, etc.
- fix bashism in scripts
- Backport upstream fixes / enhancements: mostly small fixes
  spotted by coccinelle and oethers, the fixes for proper rewind
  support, a new DSD format support, hwdep definitions sync, and
  addition of PAZ00 UCM configs.
- Not only provide python-antlr, but also obsolete it
- Use FAT LTO objects in order to provide proper static library.
- Install as maven artifact using the pom file from maven central
- Do not create compat symlink for python stuff as it was not working
  before anyway
- Rename python package to python2-antlr (provide old symbol)
- Do not use old compat macros for python directories
- Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility
- Add condition about python2 module, the rewrite happened in antlr4
  for python3 support and it is completely different than the antlr2
  * The python module is not used by any package in TW bsc#1068226
- Fix build with RPM 4.14: a command that exits with error > 0
  aborts the build (and grep not finding a string is retval 1).
- Explicitly require python2 [bsc#1068226, fate#323526]
- Require java-devel >= 1.6 to build, because of the source and
  target level
- fixes necessary to compile with Java 9
  * set javac source and target to 1.6
- Drop the javadoc so we can be build with java bootstrapping reducing
  the cycle/failures
- Reduce dependencies a bit
- Remove java-devel dependency; not needed anymore
- Fix build with java9
- Added:
  * 3.5.2-jdk9.patch
- initial release
- Add aliases to account for the ephemeral commons-beanutils-core
  and commons-beanutils-bean-collections split.
- Remove reference to parent pom, since it is not needed when not
  building with maven
- Update to 1.9.4
  * BEANUTILS-520: BeanUtils mitigate CVE-2014-0114
- Security fix: [bsc#1146657, CVE-2019-10086]
  * PropertyUtilsBean (and consequently BeanUtilsBean) now disallows class
    level property access by default, thus protecting against CVE-2014-0114.
- Fix build version in build.xml
  * Added apache-commons-beanutils-fix-build-version.patch
- Cleanup the maven pom files installation
- Fix the Source URLs to use mirrors properly
- Updated to 1.9.3
  * This is a bug fix release, which also improves the tests for
    building on Java 8.
  * Note that Java 8 and later no longer support indexed bean
    properties on java.util.List, only on arrays like String[].
    (BEANUTILS-492). This affects PropertyUtils.getPropertyType()
    and PropertyUtils.getPropertyDescriptor(); their javadoc have
    therefore been updated to reflect this change in the JDK.
  * Changes in this version include:
  - Fixed Bugs:
  * BEANUTILS-477: Changed log level in FluentPropertyBeanIntrospector
  * BEANUTILS-492: Fixed exception when setting indexed properties
    on DynaBeans.
  * BEANUTILS-470: Precision lost when converting BigDecimal.
  * BEANUTILS-465: Indexed List Setters fixed.
  - Changes:
  * BEANUTILS-433: Update dependency from JUnit 3.8.1 to 4.12.
  * BEANUTILS-469: Update commons-logging from 1.1.1 to 1.2.
  * BEANUTILS-474: FluentPropertyBeanIntrospector does not use the
    same naming algorithm as DefaultBeanIntrospector.
  * BEANUTILS-490: Update Java requirement from Java 5 to 6.
  * BEANUTILS-482: Update commons-collections from 3.2.1 to 3.2.2
  * BEANUTILS-490: Update java requirement to Java 6.
  * BEANUTILS-492: IndexedPropertyDescriptor tests now pass on Java 8.
  * BEANUTILS-495: DateConverterTestBase fails on M/d/yy in Java 9.
  * BEANUTILS-496: testGetDescriptorInvalidBoolean fails on Java 9.
  - Historical list of changes:
- Refreshed patch jdk9.patch for this version update
- Modified patch:
  * jdk9.patch
    + Build with source and target 8 to prepare for a possible
    removal of 1.6 compatibility
- Run fdupes on documentation
- Added patch:
  * jdk9.patch
  - Specify java source and target level 1.6 in order to allow
    building with jdk9
- Remove java-devel dependency; not needed anymore
- Cleanup bit with spec-cleaner
- Remove pom parent, since we don't use it when not building with
- Trim bias from description; update RPM groups.
- Clean-up the spec file
- Removed patch:
  * commons-cli-1.4-jdk9.patch
    + not needed since we are not building with maven
- Added patch:
  * CLI-253-workaround.patch
    + [CLI-253] Prevent "/Unrecognized option: --null"/ when handling
  long opts in PosixParser
- Upgrade to version 1.4
- Modify the build.xml.tar.bz2 to build with source/target 8 and
  adapt for the commons-cli-1.4
- Modified patch:
  * commons-cli-1.2-jdk9.patch -> commons-cli-1.4-jdk9.patch
    + Rediff the remaining hunk to the changed context of pom.xml
- Modified patch:
  * commons-cli-1.2-jdk9.patch
    + Build with source and target 8 to prepare for a possible
    removal of 1.6 compatibility
- Run fdupes on the documentation
- Don't condition the maven defines on release version, but on
  _maven_repository being defined
- Added patch:
  * commons-cli-1.2-jdk9.patch
  - Specify java source and target level 1.6 in order to allow
    building with jdk9
- Fix build with new javapackages-tools
- Fix build with new javapackages-tools
- Remove java-devel dependency; not needed anymore
- Remove pom parent, since we don't use it when not building with
- Update to version 1.11
  * New features:
    + Add Automatic-Module-Name manifest entry for Java 9.
    Fixes CODEC-242.
    + Add BaseNCodec.encode(byte[], int, int) input with offset and
    length parameters for Base64 and Base32. Fixes CODEC-202.
    + Add convenience API org.apache.commons.codec.binary.Hex.
    .encodeHexString(byte[]|ByteBuffer, boolean).
    Fixes CODEC-224.
    + Add convenience method decodeHex(String). Fixes CODEC-203.
    + Add DigestUtils.getDigest(String, MessageDigest).
    Fixes CODEC-210.
    + Add faster CRC32 implementation. Fixes CODEC-205.
    + Add HmacAlgorithms.HMAC_SHA_224 (Java 8 only).
    Fixes CODEC-217.
    + Add APIs to MessageDigestAlgorithm.
    Fixes CODEC-206.
    + Add support for CRC32-C. Fixes CODEC-171.
    + Add support for XXHash32. Fixes CODEC-241.
    + BaseNCodecOutputStream only supports writing EOF on close().
    Fixes CODEC-183.
    + Create a minimal Digest command line utility:
    org.apache.commons.codec.digest.Digest. Fixes CODEC-212.
    + Fluent interface for DigestUtils. Fixes CODEC-220.
    + Fluent interface for HmacUtils. Fixes CODEC-222.
    + Make some DigestUtils APIs public. Fixes CODEC-208.
    + Support java.nio.ByteBuffer in DigestUtils. Fixes CODEC-193.
    + Support java.nio.ByteBuffer in
    org.apache.commons.codec.binary.Hex. Fixes CODEC-194.
    + Support JEP 287: SHA-3 Hash Algorithms. Fixes CODEC-213.
    + Support SHA-224 in DigestUtils on Java 8. Fixes CODEC-195.
  * Removed feature:
    + Drop obsolete Ant build. Fixes CODEC-223.
  * Changes:
    + Base32.decode should support lowercase letters.
  Fixes CODEC-234.
    + HmacUtils.updateHmac calls reset() unnecessarily.
  Fixes CODEC-221.
    + Soundex should support more algorithm variants.
  Fixes CODEC-233.
  * Fixed bugs:
    + Base32.HEX_DECODE_TABLE contains the wrong value 32.
  Fixes CODEC-200.
    + Base64.encodeBase64String could better use newStringUsAscii
  (ditto encodeBase64URLSafeString). Fixes CODEC-145.
    + BaseNCodec: encodeToString and encodeAsString methods are
  identical. Fixes CODEC-144.
    + Bug in HW rule in Soundex. Fixes CODEC-199.
    + Charsets Javadoc breaks build when using Java 8.
  Fixes CODEC-207.
    + Don't deprecate Charsets Charset constants in favor of
  Java 7's java.nio.charset.StandardCharsets. Fixes CODEC-219.
    + Fix minor resource leaks. Fixes CODEC-225.
    + Javadoc for SHA-224 DigestUtils methods should mention
  Java 1.8.0 restriction instead of 1.4.0. Fixes CODEC-209.
    + StringUtils.equals(CharSequence cs1, CharSequence cs2) can
  fail with String Index OBE. Fixes CODEC-231.
    + StringUtils.newStringxxx(null) should return null, not NPE.
  Fixes CODEC-229.
    + URLCodec is neither immutable nor threadsafe.
  Fixes CODEC-232.
    + URLCodec.WWW_FORM_URL should be private. Fixes CODEC-230.
- Generate the Ant build file and use it
- Add an option --with tests and don't run tests by default. This
  diminshes the number of dependencies and speeds-up the build.
- Clean-up the spec file
- Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility
- Run fdupes on documentation
- Don't condition the maven defines on release version, but on
  _maven_repository being defined
- Build with java source and target versions 1.6
  * fixes build with jdk9
- Fix build with new javapackages-tools
- Fix build with new javapackages-tools
- Update to version 1.10
  New features:
  + Add Daitch-Mokotoff Soundex
    Issue: CODEC-192.
  + QuotedPrintableCodec does not support soft line break per the
    'quoted-printable' example on Wikipedia
    Issue: CODEC-121.
  + Make possible to provide padding byte to BaseNCodec in constructor
    Issue: CODEC-181.
  Fixed Bugs:
  + Added clarification to Javadoc of Base64 concerning the use of the
    urlSafe parameter
    Issue: CODEC-185.
  + Added clarification to the Javadoc of Base[32|64]OutputStream that it
    is mandatory to call close()
    Issue: CODEC-191.
  + Add support for HMAC Message Authentication Code (MAC) digests
    Issue: CODEC-188.
  + Beider Morse Phonetic Matching producing incorrect tokens
    Issue: CODEC-187.
  + NullPointerException in DoubleMetaPhone.isDoubleMetaphoneEqual when
    using empty strings
    Issue: CODEC-184.
  + Fix Javadoc 1.8.0 errors
    Issue: CODEC-180.
  + Fix Java 8 build Javadoc errors
    Issue: CODEC-189.
  + Deprecate Charsets Charset constants in favor of Java 7's
    Issue: CODEC-178.
  + Update from commons-parent 34 to 35
    Issue: CODEC-190.
- Use javapackages-tools instead of java-devel
- Remove gpg_verify usage; let obs handle it
- Set the bytecode properly on sle11
- Remove pom parent, since we don't use it when not building with
- Added patch:
  * commons-collections-jdk11.patch
    + resolve ambiguity with toArray(null)
  + fixes tests with jdk11
- Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility
- Run fdupes on documentation
- Don't condition the maven defines on release version, but on
  _maven_repository being defined
- Fix build with jdk9 by specifying java source and target 1.6
- Added patch:
  * commons-collections-3.2.2-tf.javadoc.patch
  - Fix unresolved symbols when building tf.javadoc
- Fix build with new javapackages-tools
- Version update to 3.2.2:
  * Various bugfixes
  * Unix formating in the archive
  * Fixes bnc#954102
- Refresh patches for the dos2unix conversion:
  * commons-collections-3.2-build_xml.patch
  * jakarta-commons-collections-javadoc-nonet.patch
- Add patch to add missing MANIFEST.MF file:
  * commons-collections-missing-MF.patch
- Fix build with jdk8:
  * java8-compat.patch
- Fix build with new javapackages-tools
- Do not depend on junit4 but use junit
- Disable code coverage (broken at SLES15)
- initial version 1.2
- Remove pom parent, since we don't use it when not building with
- apache-commons-daemon-riscv64.patch: add riscv64 to the list of
  supported cpus
- Use %license for LICENSE.txt
- Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility
- Run fdupes on documentation
- Fix jdk9 build by specifying java source and target 1.6
- New build dependency: javapackages-local
- Drop gpg verification. We can stick to what osc services do for us
- Drop unused patches:
  * 0001-execve-path-warning.patch
  * config-guess-sub-update.patch
  * jsvc-libcap-relative.patch
- Fix build with new javapackages-tools
- add javapackages-tools to build requires
- update to 1.0.15
  * bugfix release, see RELEASE-NOTES.txt for a list of fixed bugs
- obsoleted patches:
  * 0001-execve-path-warning.patch, already upstream
  * jsvc-libcap-relative.patch, already upstream
  * config-guess-sub-update.patch, already upstream
- don't install pointless filesfor SUSE Linux
- verify package signature on openSUSE 12.3+
- use source urls
- Build classpath using directly geronimo-jta-1.1-api instead of
  the jta symlink
- Remove pom parent, since we don't use it when not building with
- Add maven pom file
- Added patches:
  * apache-commons-dbcp-sourcetarget.patch
    + build with java source / target 8 to align with other
  * apache-commons-dbcp-javadoc.patch
    + do not attempt to load urls while building
- Search for jta not jta-api as SLE has issues locating the api while
  the jta is just simple symlink
- Update version to 2.1.1 wrt fate#321029
  * Fixes to actually work with tomcat 8
- rename to apache-commons-dbcp
- updating requirements
- Fix build with new javapackages-tools
- Do not require tomcat, it is just test dependency causing cycle
- Update the alternatives once more to match docu.
- Use global defines for name
- Upgrade to 2.1
  * Breaking changes:
    + The minimum JDK requirement is now JDK 1.5. The provided
    binaries will not work on lower JDKs. The source has been
    updated to leverage Generics and other JDK 1.5 features where
    possible, and requires JDK 1.5 to compile.
    + This release eliminates all dependencies on Commons
    Collections classes. Previously, ArrayStack was used in the
    Digester implementation and was exposed via protected fields
    or inner classes of the following classes:
  - org.apache.commons.digester.Digester,
  - org.apache.commons.digester.CallParamRule, and
  - org.apache.commons.digester.xmlrules.DigesterRuleParser
    These classes now use java.util.Stack instead. Any subclasses
    of the above using protected ArrayStack members will require
    appropriate migration to use java.util.Stack instead before
    they can be used with version 2.0 or later.
  * Important changes:
    + The legacy schema support has been deprecated in favor of
    javax.xml.validation.Schema support.
  * New features:
    + Support for XML Schema validation using
    javax.xml.validation.Schema  has been added to Digester.
    See Digester class Javadoc, and
    Digester#setSchema(javax.xml.validation.Schema) method.
    This allows usage of W3C XML Schema, Relax NG and Schematron
    for validation of XML documents.
    The legacy schema support has been deprecated (details below).
    + The underlying SAXParser factory can now be easily configured
    to be XInclude aware. This allows for general purpose
    inclusion of XML or text documents, for example, and
    facilitates document modularity.
    + Added a new package 'annotations' that provides for Java5
    Annotations  meta-data based definition of rules for Digester.
    This improves maintainability of both Java code and XML
    documents, as  rules are now defined in POJOs and generating
    Digester parsers at  runtime, avoiding manual updates.
  * Bugs from previous release:
    + SetPropertyRule throws java.lang.IllegalArgumentException:
    No name specified when matched element has no attributes.
    + Missing unit tests using Ant and Maven. [DIGESTER-117]
    + Digesting XML content with NodeCreateRule swallows spaces.
    + Potential NullPointerException if debug is enabled in
    Digester#resolveEntity() [DIGESTER-122]
    + Clear inputSources list in method Digester.clear()
    + Potential NullPointerException if debug is enabled in
    FactoryCreateRule#begin() [DIGESTER-126]
  * Improvements from previous release:
    + Null arguments to all Digester#parse() methods now throw an
    IllegalArgumentException. [DIGESTER-111]
    + 'serialVersionUID' fields have been added to Serializable
- Generate ant build files that were removed in 2.1 by upstream
- Removed patch:
  * apache-commons-digester-build.patch
    + the generated build is handling the build classpath
- Renamed package to apache-commons-digester
- Removed patch:
  * jakarta-commons-digester-java16compat.patch
    + no need to patch build.xml to build with source/target 1.6
- Added patch:
  * apache-commons-digester-build.patch
    + add commons-collections to the build classpath
- Removed patch:
  * jakarta-commons-digester-java14compat.patch
- Added patch:
  * jakarta-commons-digester-java16compat.patch
  - Build with java source and target 1.6
  - Fixes build with jdk9
- Align the spec file to the way the ant build gets its
  dependencies and fix the javadoc build
- Cleanup with spec cleaner and fix build again.
- don't use icecream
- use source="/1.4"/ and target="/1.4"/ for build with java 1.5
- converted neededforbuild to BuildRequires
- Current version 1.7 from
- Current version 1.6 from
- enable build of rss package (needed by struts)
- Provide and Obsolete jakarta-commons-el (bsc#1179637)
- Initial packaging of apache-commons-el 1.0
- Rename to apache-commons-fileupload and upgrade to version 1.4
- Generate and customize ant build.xml file
- Build against xml-commons-apis instead of xerces-j2-xml-apis
- Fix build with jdk9: specify java source and target 1.6
- Clean spec file and fix rpmlint warnings
- Not needed condition.
- Cleanup with spec-cleaner and fix build on sle11 properly.
- added Xerces xml-apis to dependencies to fix build
- disable bytecode check on sle_11
- remove removal of buildroot in %install
- Fix bnc#862781/CVE-2014-0050: buffer overflow
  * jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch
- remove gcj part and deprecated macros
- fix bnc#846174/CVE-2013-2186: null byte injection flaw
  * jakarta-commons-fileupload-CVE-2013-2186.patch
- Security fix [bsc#945190, CVE-2015-5262]
  * http/conn/ssl/ ignores the
    http.socket.timeout configuration setting during an SSL handshake,
    which allows remote attackers to cause a denial of service (HTTPS
    call hang) via unspecified vectors.
- Add apache-commons-httpclient-CVE-2015-5262.patch
- Security fix [bsc#1178171, CVE-2014-3577]
  * org.apache.http.conn.ssl.AbstractVerifier does not properly
    verify that the server hostname matches a domain name in the
    subject's Common Name (CN) or subjectAltName field of the X.509
    certificate, which allows MITM attackers to spoof SSL servers
    via a "/CN="/ string in a field in the distinguished name (DN)
    of a certificate.
- Add apache-commons-httpclient-CVE-2014-3577.patch
- Trim conjecture from description.
- Add maven pom file and clean-up the spec file
- Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility
- Run fdupes on documentation
- Build with java source and target versions 1.6
  * fixes build with jdk9
- Redo the bytcode disabling properly.
- Cleanup with spec-cleaner
- disable bytecode test on SLES
- really apply CVE-2012-5783 patch
- build with java 6 and higher
- enhance fix of bnc#803332 / CVE-2012-5783
  * add a check for subjectAltNames for instance
- Security fix: [bsc#1184755, CVE-2021-29425]
  * Limited path traversal when invoking the method
    FileNameUtils.normalize with an improper input string
  * Add apache-commons-io-CVE-2021-29425.patch
- Remove pom parent, since we don't use it when not building with
- Update to upstream version 2.6
  * many bugfixes, features and enhancenments, like
    Automatic-Module-Name entry in manifest
  * requires jdk7 or later
  * see RELEASE-NOTES.txt for details
- Generated a build.xml to be able to build with ant
- Build with tests is now optional
- Removed patch:
  * commons-io-version-property.patch
    + not needed anymore in this version
- Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility
- Run fdupes on documentation
- Fix build with jdk9 by specifying source and target level 1.6
- Remove unused depedencies
- New build dependency: javapackages-local
- Fix build with new javapackages-tools
- Use junit not junit4
- Move from jpackage-utils to javapackage-tools
- Initial package based on Fedora rpm
- Generate and sanitize ant build files
- Added patch:
  * commons-lang-bundle-manifest.patch
    + Add bundle manifest to make usable from eclipse
- On supported platforms, avoid building with OpenJ9 in order to
  prevent a build cycle.
- Remove pom parent, since we don't use it when not building with
- Clean up the spec file
- fix flaky StopWatch tests on slow systems by increasing the max value (bsc#1085999)
  * fix_StopWatchTest_for_slow_systems.patch
- Require java-devel < 1.9 because all those versions can use
  target level < 1.5
- Require for build java-devel = 1.8.0, since it is the last
  version being able to build with source and target levels < 1.5
- New build dependency: javapackages-local
- Fix build with new javapackages-tools
- Depend on junit not junit4
- Remove pom parent, since we don't use it when not building with
- Clean-up the spec file and install less jar symlinks
- Build commons-lang3-3.8.1 using modified build.xml and from 3.4.
- Removed patch:
  * commons-lang3-3.4-javadoc.patch
  - integrated in the build.xml
- Use source and target version 1.7, since the code contains
  diamond operator.
- Format with spec-cleaner
- Modified patch:
  * commons-lang3-3.4-javadoc.patch
    + Fix build with jdk9
- Allow building with jdk9 too
- Run fdupes on javadoc
- Specify java target and source level 1.6
- Force building with jdk < 1.9, since jdk9's javadoc chocks on one
  class file (internal error)
- New build dependency: javapackages-local
- Initial release (version 3.4)
- Build against the new compatibility log4j12-mini package
- Remove pom parent, since we don't use it when not building with
- Use the pom.xml distributed with the package instead of
  downloading the same file as a separate source
- Build against glassfish-servlet-api
- Added patch:
  * commons-logging-manifests.patch
    + Different Bundle-SymbolicName for different jars
- Cleanup of maven pom files installation
- Modified patch:
  * commons-logging-1.2-sourcetarget.patch
    + Build with source and target 8 to prepare for a possible
    removal of 1.6 compatibility
- Added patch:
  * commons-logging-1.2-sourcetarget.patch
  - set java source and target versions to 1.6 in order to allow
    build with jdk9
- Remove bootstrap conditional
- New build dependency: javapackages-local
- Fixed requires
- Update to version 1.2
  or RELEASE-NOTES.txt for details
- Drop maven conditionals that were never triggered.
- Drop gpg offline and rely on service
- Fix build with new javapackages-tools
- Use log4j-mini to hopefully avoid build-cycle
- add the log4j adapter to commons-logging-adapters
- Fix build with java9
- Add:
  * commons-math3-3.2-src-jdk9.patch
- initial release
- Remove pom parent, since we don't use it when not building with
- Add maven pom file
- Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility
- Run fdupes on documentation
- Fix javadoc build
- Version update to 2.4.2 release from pool2:
  * rename to latest 2.x pool series for dbcp and other packages
- Rename from jakarta-commons-pool to apache-commons-pool
- Version update to 1.6:
  * drop the tomcat5 package, we need pool2 to work with new tomcat
  * Last and final from the pool1 series, new pool2 was introduced
    for future developement.
- Move from jpackage-utils to javapackage-tools
- merged with jpackage 1.7
- update to 1.3
- changes in BuildRequires:
  - java2-deve-packages was substituded by java-devel
  - added a junit
  - added a maven build support and maven related BuildRequires
  - xml-commons-apis was moved to the maven build branch
- added a gcj build support
- included a maven depmap files
- remove a source=1.4 from build and a java14compat patch
- provides and obsoletes of main package contains the version
- new tomcat5 subpackage
- new manual subpackage (build only with maven)
- set source=1.4 for java
- converted neededforbuild to BuildRequires
- Install missing LICENSE.txt file (bsc#1114814)
- Adding symlink for mybatis.jar in java lib extension folder for
  easier imports.
- Initial commit for apache-mybatis.
- security update
- added patches
  fix CVE-2021-30641 [bsc#1187174], MergeSlashes regression
  + apache2-CVE-2021-30641.patch
- security update
- added patches
  fix CVE-2021-31618 [bsc#1186924], NULL pointer dereference on specially crafted HTTP/2 request
  + apache2-CVE-2021-31618.patch
- security update
- added patches
  fix CVE-2020-13950 [bsc#1187040], mod_proxy NULL pointer dereference
  + apache2-CVE-2020-13950.patch
- security update
- added patches
  fix CVE-2020-35452 [bsc#1186922], Single zero byte stack overflow in mod_auth_digest
  + apache2-CVE-2020-35452.patch
  fix CVE-2021-26690 [bsc#1186923], mod_session NULL pointer dereference in parser
  + apache2-CVE-2021-26690.patch
  fix CVE-2021-26691 [bsc#1187017], Heap overflow in mod_session
  + apache2-CVE-2021-26691.patch
- gensslcert sets CA:TRUE in basic constrains of CA cert [bsc#1180530]
- modified sources
  % gensslcert
- systemd-ask-password is located in /usr/bin
- gensslcert: add -a argument to override default SAN value
- security update
- added patches
  fix CVE-2020-11984 [bsc#1175074], mod_proxy_uwsgi info disclosure and possible RCE
  + apache2-CVE-2020-11984.patch
  fix CVE-2020-11993 [bsc#1175070], CVE-2020-9490 [bsc#1175071]
  + apache2-mod_http2-1.15.14.patch
- fix crash in mod_proxy_uwsgi for empty values of environment
  variables [bsc#1174052]
- added patches
  + apache2-mod_proxy_uwsgi-fix-crash.patch
- declare ap_sock_disable_nagle to fix loading mod_proxy_http2
  (thanks to
- modified patches
  % httpd-visibility.patch (refreshed)
- version update to 2.4.43
  * ) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
  * ) mod_proxy_http: Fix the forwarding of requests with content body when a
    balancer member is unavailable; the retry on the next member was issued
    with an empty body (regression introduced in 2.4.41). PR63891.
    [Yann Ylavic]
  * ) mod_http2: Fixes issue where mod_unique_id would generate non-unique request
    identifier under load, see <>.
    [Michael Kaufmann, Stefan Eissing]
  * ) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
    PR64140. [Renier Velazco <renier.velazco>]
  * ) mod_authz_groupfile: Drop AH01666 from loglevel "/error"/ to "/info"/.
  * ) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure
    to allow customization of the usertrack cookie. PR64077.
    [Prashant Keshvani <prashant2400>, Eric Covener]
  * ) mod_proxy_ajp: Add "/secret"/ parameter to proxy workers to implement legacy
    AJP13 authentication.  PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
  * ) mpm_event: avoid possible KeepAliveTimeout off by -100 ms.
    [Eric Covener, Yann Ylavic]
  * ) Add a config layout for OpenWRT. [Graham Leggett]
  * ) Add support for cross compiling to apxs. If apxs is being executed from
    somewhere other than its target location, add that prefix to includes and
    library directories. Without this, apxs would fail to find
    and exit. [Graham Leggett]
  * ) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github
    issue mod_md#172 (
    [Michael Kaufmann <mail>, Stefan Eissing]
  * ) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.
    [Graham Leggett]
  * ) mod_ssl: Support use of private keys and certificates from an
    OpenSSL ENGINE via PKCS#11 URIs in SSLCertificateFile/KeyFile.
    [Anderson Sasaki <ansasaki>, Joe Orton]
  * ) mod_md:
  - Prefer MDContactEmail directive to ServerAdmin for registration. New directive
    thanks to Timothe Litt (@tlhackque).
  - protocol check for pre-configured "/tls-alpn-01"/ challenge has been improved. It will now
    check all matching virtual hosts for protocol support. Thanks to @mkauf.
  - Corrected a check when OCSP stapling was configured for hosts
    where the responsible MDomain is not clear, by Michal Karm Babacek (@Karm).
  - Softening the restrictions where mod_md configuration directives may appear. This should
    allow for use in <If> and <Macro> sections. If all possible variations lead to the configuration
    you wanted in the first place, is another matter.
    [Michael Kaufmann <mail>, Timothe Litt (@tlhackque),
    Michal Karm Babacek (@Karm), Stefan Eissing (@icing)]
  * ) test: Added continuous testing with Travis CI.
    This tests various scenarios on Ubuntu with the full test suite.
    Architectures tested: amd64, s390x, ppc64le, arm64
    The tests pass successfully.
    [Luca Toscano, Joe Orton, Mike Rumph, and others]
  * ) core: Be stricter in parsing of Transfer-Encoding headers.
    [ZeddYu <>, Eric Covener]
  * ) mod_ssl: negotiate the TLS protocol version per name based vhost
    configuration, when linked with OpenSSL-1.1.1 or later. The base vhost's
    SSLProtocol (from the first vhost declared on the IP:port) is now only
    relevant if no SSLProtocol is declared for the vhost or globally,
    otherwise the vhost or global value apply.  [Yann Ylavic]
  * ) mod_cgi, mod_cgid: Fix a memory leak in some error cases with large script
    output.  PR 64096.  [Joe Orton]
  * ) config: Speed up graceful restarts by using pre-hashed command table. PR 64066.
    [Giovanni Bechis <giovanni>, Jim Jagielski]
  * ) mod_systemd: New module providing integration with systemd.  [Jan Kaluza]
  * ) mod_lua: Add r:headers_in_table, r:headers_out_table, r:err_headers_out_table,
    r:notes_table, r:subprocess_env_table as read-only native table alternatives
    that can be iterated over. [Eric Covener]
  * ) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection.
    [Yann Ylavic, Stefan Eissing]
  * ) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env,
    r.headers_out, etc) to remove the key from the table. PR63971.
    [Eric Covener]
  * ) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
    ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
    always `on`, regardless of configuration. Found and reported by
    <> and
    <>. [Stefan Eissing]
  * ) mod_http2: Multiple field length violations in the same request no longer cause
    several log entries to be written. [@mkauf]
  * ) mod_ssl: OCSP does not apply to proxy mode.  PR 63679.
    [Lubos Uhliarik <luhliari>, Yann Ylavic]
  * ) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469
    [Jim Jagielski]
  * ) mod_authn_socache: Increase the maximum length of strings that can be cached by
    the module from 100 to 256.  PR 62149 [<thorsten.meinl>]
  * ) mod_proxy: Fix crash by resolving pool concurrency problems. PR 63503
    [Ruediger Pluem, Eric Covener]
  * ) core: On Windows, fix a start-up crash if <IfFile ...> is used with a path that is not
    valid (For example, testing for a file on a flash drive that is not mounted)
    [Christophe Jaillet]
  * ) mod_deflate, mod_brotli: honor "/Accept-Encoding: foo;q=0"/ as per RFC 7231; which
    means 'foo' is "/not acceptable"/.  PR 58158 [Chistophe Jaillet]
  * ) mod_md v2.2.3:
  - Configuring MDCAChallenges replaces any previous existing challenge configuration. It
    had been additive before which was not the intended behaviour. [@mkauf]
  - Fixing order of ACME challenges used when nothing else configured. Code now behaves as
    documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this.
  - Fixing a potential, low memory null pointer dereference [thanks to @uhliarik].
  - Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted
    "/transfer-encoding"/ to POST requests. This failed in directy communication with
    Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing. [Stefan Eissing]
  * ) mod_md: Adding the several new features.
    The module offers an implementation of OCSP Stapling that can replace fully or
    for a limited set of domains the existing one from mod_ssl. OCSP handling
    is part of mod_md's monitoring and message notifications. If can be used
    for sites that do not have ACME certificates.
    The url for a CTLog Monitor can be configured. It is used in the server-status
    to link to the external status page of a certicate.
    The MDMessageCmd is called with argument "/installed"/ when a new certificate
    has been activated on server restart/reload. This allows for processing of
    the new certificate, for example to applications that require it in different
    locations or formats.
    [Stefan Eissing]
  * ) mod_proxy_balancer: Fix case-sensitive referer check related to CSRF/XSS
    protection. PR 63688. [Armin Abfalterer <a.abfalterer>]
- deleted patches
  - apache2-load-private-keys-from-pkcs11.patch (upstreamed)
  - httpd-2.4.3-mod_systemd.patch (upstreamed)
- use r1874196 [SLE-7472] [bsc#1164820c#6]
- modified patches
  % apache2-load-private-keys-from-pkcs11.patch (upstream 2.4.x port)
- deleted patches
  - apache2-load-certificates-from-pkcs11.patch (merged to above)
- require just libbrotli-devel
- build mod_proxy_http2 extension
- fix build for older distributions
- define DEFAULT_LISTENBACKLOG=APR_INT32_MAX. We want apache
  to honour net.core.somaxconn sysctl as the mandatory limit.
  the old value of 511 was never used as until v5.4-rc6 it was
  clamped to 128, in current kernels the default limit is 4096.
  Cannot use the apr_socket_listen(.., -1) idiom because the function
  expects a positive integer argument.
- apache2-devel now provides httpd-devel [bsc#1160100]
- add openssl call to DEFAULT_SUSE comment [bsc#1159480]
- modified sources
  % apache2-ssl-global.conf
- use %license [bsc#1156171]
- load private keys and certificates from pkcs11 token [SLE-7653]
- added patches
  load certificates from openssl engine
  + apache2-load-certificates-from-pkcs11.patch
  load private keys from openssl engine
  + apache2-load-private-keys-from-pkcs11.patch
- Add custom log files to logrotate according to apache2-vhost.template
- Remove redundant metadata from summary.
- version update to 2.4.41 with security fixes:
  * low: Limited cross-site scripting in mod_proxy
    error page (CVE-2019-10092)
  * low: mod_rewrite potential open redirect (CVE-2019-10098)
  * moderate: mod_http2, read-after-free in h2
    connection shutdown (CVE-2019-10082)
  * moderate: mod_http2, memory corruption on
    early pushes (CVE-2019-10081)
  * moderate: mod_http2, DoS attack by exhausting
    h2 workers. (CVE-2019-9517)
  * moderate: mod_remoteip: Stack buffer overflow and
    NULL pointer dereference (CVE-2019-10097)
- fix typo
- modified sources
  % apache2-README-instances.txt
- revive apache-22-24-upgrade [bsc#1134294] (internal)
- added sources
  + apache-22-24-upgrade
- version update to 2.4.39
  * mod_proxy/ssl: Cleanup per-request SSL configuration anytime a
    backend connection is recycled/reused to avoid a possible crash
    with some SSLProxy configurations in <Location> or <Proxy>
    context. PR 63256. [Yann Ylavic]
  * mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA
    failure. [Michael Kaufmann <mail>]
  * mod_log_config: Support %{c}h for conn-hostname, %h for
    useragent_host PR 55348
  * mod_socache_redis: Support for Redis as socache storage
  * core: new configuration option 'MergeSlashes on|off' that
    controls handling of multiple, consecutive slash ('/')
    characters in the path component of the request URL. [Eric
  * mod_http2: when SSL renegotiation is inhibited and a 403
    ErrorDocument is in play, the proper HTTP/2 stream reset did
    not trigger with H2_ERR_HTTP_1_1_REQUIRED. Fixed. [Michael
  * mod_http2: new configuration directive: `H2Padding numbits` to
    control padding of HTTP/2 payload frames. 'numbits' is a number
    from 0-8, controlling the range of padding bytes added to a
    frame. The actual number added is chosen randomly per frame.
    This applies to HEADERS, DATA and PUSH_PROMISE frames equally.
    The default continues to be 0, e.g. no padding. [Stefan
  * mod_http2: ripping out all the h2_req_engine internal features
    now that mod_proxy_http2 has no more need for it. Optional
    functions are still declared but no longer implemented. While
    previous mod_proxy_http2 will work with this, it is
    recommeneded to run the matching versions of both modules.
    [Stefan Eissing]
  * mod_proxy_http2: changed mod_proxy_http2 implementation and
    fixed several bugs which resolve PR63170. The proxy module does
    now a single h2 request on the (reused) connection and returns.
    [Stefan Eissing]
  * mod_http2/mod_proxy_http2: proxy_http2 checks correct master
    connection aborted status to trigger immediate shutdown of
    backend connections. This is now always signalled by mod_http2
    when the the session is being released. proxy_http2 now only
    sends a PING frame to the backend when there is not already one
    in flight. [Stefan Eissing]
  * mod_proxy_http2: fixed an issue where a proxy_http2 handler
    entered an infinite loop when encountering certain errors on
    the backend connection. See
    <>. [Stefan
  * mod_http2: Configuration directives H2Push and H2Upgrade can
    now be specified per Location/Directory, e.g. disabling PUSH
    for a specific set of resources. [Stefan Eissing]
  * mod_http2: HEAD requests to some module such as mod_cgid caused
    the stream to terminate improperly and cause a HTTP/2
    <>. [Michael
  * http: Fix possible empty response with mod_ratelimit for HEAD
    requests. PR 63192. [Yann Ylavic]
  * mod_cache_socache: Avoid reallocations and be safe with
    outgoing data lifetime. [Yann Ylavic]
  * MPMs unix: bind the bucket number of each child to its slot
    number, for a more efficient per bucket maintenance. [Yann
  * mod_auth_digest: Fix a race condition. Authentication with
    valid credentials could be refused in case of concurrent
    accesses from different users. PR 63124. [Simon Kappel
  * mod_http2: enable re-use of slave connections again. Fixed
    slave connection keepalives counter. [Stefan Eissing]
  * mod_reqtimeout: Allow to configure (TLS-)handshake timeouts. PR
    61310. [Yann Ylavic]
  * mod_proxy_wstunnel: Fix websocket proxy over UDS. PR 62932
  * mod_ssl: Don't unset FIPS mode on restart unless it's forced by
    configuration (SSLFIPS on) and not active by default in
    OpenSSL. PR 63136. [Yann Ylavic]
- deleted patches
  - apache2-mod_http2-issue-167.patch (upstreamed)
- Reduce scriptlets' hard dependency on systemd.
- added patches
  fix [bsc#1125965]
  + apache2-mod_http2-issue-167.patch
- Replace old $RPM_* shell vars. Avoid old tar syntax.
- Tag scriptlets as explicitly requiring bash.
- updated to 2.4.38
  * mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
    PR 63052 [Joe Orton]
  * mod_negotiation: Treat LanguagePriority as case-insensitive to match
    AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
  * mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
    have been fixed. [Michael Kaufmann, Stefan Eissing]
  * mod_setenvif: We can have expressions that become true if a regex pattern
    in the expression does NOT match. In this case val is NULL
    and we should just set the value for the environment variable
    like in the pattern case. [Ruediger Pluem]
  * mod_session: Always decode session attributes early. [Hank Ibell]
  * core: Incorrect values for environment variables are substituted when
    multiple environment variables are specified in a directive. [Hank Ibell]
  * mod_rewrite: Only create the global mutex used by "/RewriteMap prg:"/ when
    this type of map is present in the configuration.  PR62311.
    [Hank Ibell <hwibell>]
  * mod_dav: Fix invalid Location header when a resource is created by
    passing an absolute URI on the request line [Jim Jagielski]
  * mod_session_cookie: avoid duplicate Set-Cookie header in the response.
    [Emmanuel Dreyfus <>, Luca Toscano]
  * mod_ssl: clear *SSL errors before loading certificates and checking
    afterwards. Otherwise errors are reported when other SSL using modules
    are in play. Fixes PR 62880. [Michael Kaufmann]
  * mod_ssl: Fix the error code returned in an error path of
    'ssl_io_filter_handshake()'. This messes-up error handling performed
    in 'ssl_io_filter_error()' [Yann Ylavic]
  * mod_ssl: Fix $HTTPS definition for "/SSLEngine optional"/ case, and fix
    authz provider so "/Require ssl"/ works correctly in HTTP/2.
    PR 61519, 62654.  [Joe Orton, Stefan Eissing]
  * mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
    redirects, subsequent ProxyPassReverse statements, whether they are
    relative or absolute, may fail.  PR 60408.  [Peter Haworth <pmh1wheel>]
  * mod_lua: Now marked as a stable module []
- SSLProtocol use TLSv1.2 or higher
- do not create sysconfig.d when already exists [bsc#1121086]
- use secure http sites by default in configs
- Switch to DEFAULT_SUSE Cipher suite
- the "/event"/ MPM is fully supported since 2.4
- configure an OCSP stapling cache by default (still requires enabling
  SSLUseStapling in vhost)
- updated to 2.4.37
  * mod_ssl: Fix HTTP/2 failures when using OpenSSL 1.1.1. [Rainer Jung]
  * mod_ssl: Fix crash during SSL renegotiation with OptRenegotiate set,
    when client certificates are available from the original handshake
    but were originally not verified and should get verified now.
    This is a regression in 2.4.36 (unreleased). [Ruediger Pluem]
  * mod_ssl: Correctly merge configurations that have client certificates set
    by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
- updated to 2.4.36
  * mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified
    responses. Regression introduced in 2.4.35.
  * mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the
    body of the response. [Jim Jagielski]
  * mod_http2: adding defensive code for stream EOS handling, in case the request handler
    missed to signal it the normal way (eos buckets). Addresses github issues,
    and [Stefan Eissing]
  * ab: Add client certificate support. [Graham Leggett]
  * ab: Disable printing temp key for OpenSSL before
    version 1.0.2. SSL_get_server_tmp_key is not available
    there. [Rainer Jung]
  * mod_ssl: Fix a regression that the configuration settings for verify mode
    and verify depth were taken from the frontend connection in case of
    connections by the proxy to the backend. PR 62769. [Ruediger Pluem]
  * MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and
    before signals handling to avoid lifetime issues on restart or shutdown.
    PR 62658. [Yann Ylavic]
  * mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3.  TLSv1.3 has
    behavioural changes compared to v1.2 and earlier; client and
    configuration changes should be expected.  SSLCipherSuite is
    enhanced for TLSv1.3 ciphers, but applies at vhost level only.
    [Stefan Eissing, Yann Ylavic, Ruediger Pluem, Joe Orton]
  * mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
    should be accepted after the authorization scheme. t are also tolerated.
    [Christophe Jaillet]
  * mod_proxy_hcheck: Fix issues with interval determination. PR 62318
    [Jim Jagielski]
  * mod_proxy_hcheck: Fix issues with TCP health checks. PR 61499
    [Dominik Stillhard <dominik.stillhard>]
  * mod_proxy_hcheck: take balancer's SSLProxy* directives into account.
    [Jim Jagielski]
  * mod_status, mod_echo: Fix the display of client addresses.
    They were truncated to 31 characters which is not enough for IPv6 addresses.
    This is done by deprecating the use of the 'client' field and using
    the new 'client64' field in worker_score.
    PR 54848 [Bernhard Schmidt <berni birkenwald de>, Jim Jagielski]
- consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation
  says (patch Juergen Gleiss)
- relink /usr/sbin/httpd after apache2-MPM uninstall [bsc#1107930c#1]
- simplify find_mpm function from script-helpers
- /usr/sbin/httpd is now created depending on preference hardcoded
  in find_mpm (script-helpers), not depending on alphabetical
  order of MPMs
- simplify spec file a bit
- updated to 2.4.35:
  * http: Enforce consistently no response body with both 204 and 304
  * mod_status: Cumulate CPU time of exited child processes in the
    "/cu"/ and "/cs"/ values. Add CPU time of the parent process to the
    "/c"/ and "/s"/ values.
  * mod_proxy: Improve the balancer member data shown in mod_status when
    "/ProxyStatus"/ is "/On"/: add "/busy"/ count and show byte counts in
    auto mode always in units of kilobytes.
  * mod_status: Add cumulated response duration time in milliseconds.
  * mod_status: Complete the data shown for async MPMs in "/auto"/ mode.
    Added number of processes, number of stopping processes and number
    of busy and idle workers.
  * mod_ratelimit: Don't interfere with "/chunked"/ encoding, fixing regression
    introduced in 2.4.34.  PR 62568.
  * mod_proxy: Remove load order and link dependency between mod_lbmethod_*
    modules and mod_proxy. PR 62557.
  * Allow the argument to <IfFile>, <IfDefine>, <IfSection>, <IfDirective>,
    and <IfModule> to be quoted.  This is primarily for the benefit of
  * mod_watchdog: Correct some log messages.
  * mod_md: When the last domain name from an MD is moved to another one,
    that now empty MD gets moved to the store archive. PR 62572.
  * mod_ssl: Fix merging of SSLOCSPOverrideResponder.
  * mod_proxy_balancer: Restore compatibility with APR 1.4.
- updated to 2.4.34:
  * ) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
    document translations. [CodeingBoy, popcorner]
  * ) event: avoid possible race conditions with modules on the child pool.
    [Stefan Fritsch]
  * ) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
    ProxyPassReverseCookiePath directive could fail to update correctly
    'domain=' or 'path=' in the 'Set-Cookie' header.  PR 61560.
    [Christophe Jaillet]
  * ) mod_ratelimit: fix behavior when proxing content. PR 62362.
    [Luca Toscano, Yann Ylavic]
  * ) core: Re-allow '_' (underscore) in hostnames.
    [Eric Covener]
  * ) mod_authz_core: If several parameters are used in a AuthzProviderAlias
    directive, if these parameters are not enclosed in quotation mark, only
    the first one is handled. The other ones are silently ignored.
    Add a message to warn about such a spurious configuration.
    PR 62469 [Hank Ibell <hwibell>, Christophe Jaillet]
  * ) mod_md: improvements and bugfixes
  - MDNotifyCmd now takes additional parameter that are passed on to the called command.
  - ACME challenges have better checks for interference with other modules
  - ACME challenges are only handled for domains managed by the module, allowing
    other ACME clients to operate for other domains in the server.
  - better libressl integration
  * ) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
    PR 62480. [Lubos Uhliarik <luhliari>}
  * ) logging: Some early logging-related startup messages could be lost
    when using syslog for the global ErrorLog. [Eric Covener]
  * ) mod_cache: Handle case of an invalid Expires header value RFC compliant
    like the case of an Expires time in the past: allow to overwrite the
    non-caching decision using CacheStoreExpired and respect Cache-Control
    "/max-age"/ and "/s-maxage"/.  [Rainer Jung]
  * ) mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180.
    [Micha Lenk <micha>, Yann Ylavic]
  * ) mod_proxy_http: Fix response header thrown away after the previous one
    was considered too large and truncated. PR 62196. [Yann Ylavic]
  * ) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family
    of functions to consume the end of line when the buffer is exhausted.
    PR 62198. [Yann Ylavic]
  * ) mod_proxy_http: Add new worker parameter 'responsefieldsize' to
    allow maximum HTTP response header size to be increased past 8192
    bytes.  PR 62199.  [Hank Ibell <hwibell>]
  * ) mod_ssl: Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf
    of a certificate chain.  PR62112.
    [Ricardo Martin Camarero <rickyepoderi>]
  * ) http: Fix small memory leak per request when handling persistent
    connections.  [Ruediger Pluem, Joe Orton]
  * ) mod_proxy_html: Fix variable interpolation and memory allocation failure
    in ProxyHTMLURLMap.  [Ewald Dieterich <ewald>]
  * ) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
    PR 62220.  [Chritophe Jaillet, Yann Ylavic]
  * ) mod_remoteip: When overriding the useragent address from X-Forwarded-For,
    zero out what had been initialized as the connection-level port.  PR59931.
    [Hank Ibell <hwibell>]
  * ) core: In ONE_PROCESS/debug mode, cleanup everything when exiting.
    [Yann Ylavic]
  * ) mod_proxy_balancer: Add hot spare member type and corresponding flag (R).
    Hot spare members are used as drop-in replacements for unusable workers
    in the same load balancer set. This differs from hot standbys which are
    only used when all workers in a set are unusable. PR 61140. [Jim Riggs]
  * ) suexec: Add --enable-suexec-capabilites support on Linux, to use
    setuid/setgid capability bits rather than a setuid root binary.
    [Joe Orton]
  * ) suexec: Add support for logging to syslog as an alternative to
    logging to a file; use --without-suexec-logfile --with-suexec-syslog.
    [Joe Orton]
  * ) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling
    which broke some rare but previously-working configs.  [Joe Orton]
  * ) core, log: improve sanity checks for the ErrorLog's syslog config, and
    explicitly allow only lowercase 'syslog' settings. PR 62102
    [Luca Toscano, Jim Riggs, Christophe Jaillet]
  * ) mod_http2: accurate reporting of h2 data input/output per request via
    mod_logio. Fixes an issue where output sizes where counted n-times on
    reused slave connections.  [Stefan Eissing]
    See github issue:
  * ) mod_http2: Fix unnecessary timeout waits in case streams are aborted.
    [Stefan Eissing]
  * ) mod_http2: restoring the v1.10.16 keepalive timeout behaviour of mod_http2.
    [Stefan Eissing]
  * ) mod_proxy: Do not restrict the maximum pool size for backend connections
    any longer by the maximum number of threads per process and use a better
    default if mod_http2 is loaded.
    [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Gregg Smith]
  * ) mod_slotmem_shm: Add generation number to shm filename to fix races
    with graceful restarts. PRs 62044 and 62308.  [Jim Jagielski, Yann Ylavic]
  * ) core: Preserve the original HTTP request method in the '%<m' LogFormat
    when an path-based ErrorDocument is used.  PR 62186.
    [Micha Lenk <micha>]
  * ) mod_remoteip: make proxy-protocol work on slave connections, e.g. in
    HTTP/2 requests.  [Stefan Eissing]
    See also
  * ) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
    regression introduced in 2.4.30. PR 62232. [Rainer Jung, Yann Ylavic]
  * ) mod_md: Fix compilation with OpenSSL before version 1.0.2.  [Rainer Jung]
  * ) mod_dumpio: do nothing below log level TRACE7.  [Yann Ylavic]
  * ) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard).
    [Eric Covener]
  * ) core: On ECBDIC platforms, some errors related to oversized headers
    may be misreported or be logged as ASCII escapes.  PR 62200
    [Hank Ibell <hwibell>]
  * ) mod_ssl: Fix cmake-based build.  PR 62266.  [Rainer Jung]
  * ) core: Add <IfFile>, <IfDirective> and <IfSection> conditional
    section containers.  [Eric Covener, Joe Orton]
  * %check: do not load all modules, just use default loadmodule.conf; some
  modules require to load another ones in advance
  * %install: parallel install is broken
- Updated description for SSLProtocol option. [bsc#1086854]
- Updated description (PCI DSS) for SSLProtocol option. [bsc#1086854]
- SSLProtocol TLSv1.2 [bsc#1086854]
- updated to 2.4.33:
  * ) core: Fix request timeout logging and possible crash for error_log hooks.
    [Yann Ylavic]
  * ) mod_slomem_shm: Fix failure to create balancers's slotmems in Windows MPM,
    where children processes need to attach them instead since they are owned
    by the parent process already.  [Yann Ylavic]
  * ) ab: try all destination socket addresses returned by
    apr_sockaddr_info_get instead of failing on first one when not available.
    Needed for instance if localhost resolves to both ::1 and
    e.g. if both are in /etc/hosts.  [Jan Kaluza]
  * ) ab: Use only one connection to determine working destination socket
    address.  [Jan Kaluza]
  * ) ab: LibreSSL doesn't have or require Windows applink.c.  [Gregg L. Smith]
  * ) htpasswd/htdigest: Disable support for bcrypt on EBCDIC platforms.
    apr-util's bcrypt implementation doesn't tolerate EBCDIC.  [Eric Covener]
  * ) htpasswd/htdbm: report the right limit when get_password() overflows.
    [Yann Ylavic]
  * ) htpasswd: Don't fail in -v mode if password file is unwritable.
    PR 61631.  [Joe Orton]
  * ) htpasswd: don't point to (unused) stack memory on output
    to make static analysers happy.  PR 60634.
    [Yann Ylavic, reported by shqking and Zhenwei Zou]
  * ) mod_access_compat: Fail if a comment is found in an Allow or Deny
    directive.  [Jan Kaluza]
  * ) mod_authz_host: Ignore comments after "/Require host"/, logging a
    warning, or logging an error if the line is otherwise empty.
    [Jan Kaluza, Joe Orton]
  * ) rotatelogs: Fix expansion of %Z in localtime (-l) mode, and fix
    Y2K38 bug.  [Joe Orton]
  * ) mod_ssl: Support SSL DN raw variable extraction without conversion
    to UTF-8, using _RAW suffix on variable names.  [Joe Orton]
  * ) ab: Fix https:// connection failures (regression in 2.4.30); fix
    crash generating CSV output for large -n.  [Joe Orton, Jan Kaluza]
  * ) mod_proxy_fcgi: Add the support for mod_proxy's flushpackets and flushwait
    parameters. [Luca Toscano, Ruediger Pluem, Yann Ylavic]
  * ) mod_ldap: Avoid possible crashes, hangs, and busy loops due to
    improper merging of the cache lock in vhost config.
    PR 43164 [Eric Covener]
  * ) mpm_event: Do lingering close in worker(s).  [Yann Ylavic]
  * ) mpm_queue: Put fdqueue code in common for MPMs event and worker.
    [Yann Ylavic]
  * ) mod_session: Strip Session header when SessionEnv is on.  [Yann Ylavic]
  * ) mod_cache_socache: Fix caching of empty headers up to carriage return.
    [Yann Ylavic]
  * ) core: For consistency, ensure that read lines are NUL terminated on any
    error, not only on buffer full.  [Yann Ylavic]
  * ) mod_authnz_ldap: Fix language long names detection as short name.
    [Yann Ylavic]
  * ) mod_proxy: Worker schemes and hostnames which are too large are no
    longer fatal errors; it is logged and the truncated values are stored.
    [Jim Jagielski]
  * ) regex: Allow to configure global/default options for regexes, like
    caseless matching or extended format.  [Yann Ylavic]
  * ) mod_auth_digest: Actually use the secret when generating nonces. This change
    may cause problems if used with round robin load balancers. PR 54637
    [Stefan Fritsch]
  * ) mod_proxy: Allow setting options to globally defined balancer from
    ProxyPass used in VirtualHost. Balancers are now merged using the new
    merge_balancers method which merges the balancers options.  [Jan Kaluza]
  * ) logresolve: Fix incorrect behavior or segfault if -c flag is used
    [Stefan Fritsch]
  * ) mod_remoteip: Add support for PROXY protocol (code donated by Cloudzilla).
    Add ability for PROXY protocol processing to be optional to donated code.
    See also:
    [Cloudzilla/roadrunner2@GitHub, Jim Jagielski, Daniel Ruggeri]
  * ) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections,
    allowing per backend TLS configuration.  [Yann Ylavic]
  * ) mod_proxy_uwsgi: Add in UWSGI proxy (sub)module. [Roberto De Ioris,
    Jim Jagielski]
  * ) mod_proxy_balancer,mod_slotmem_shm: Rework SHM reuse/deletion to not
    depend on the number of restarts (non-Unix systems) and preserve shared
    names as much as possible on configuration changes for SHMs and persisted
    files.  PR 62044.  [Yann Ylavic, Jim Jagielski]
  * ) mod_http2: obsolete code removed, no more events on beam pool destruction,
    discourage content encoders on http2-status response (where they do not work).
    [Stefan Eissing]
  * ) mpm_event: Let the listener thread do its maintenance job on resources
    shortage.  PR 61979.  [Yann Ylavic]
  * ) mpm_event: Wakeup the listener to re-enable listening sockets.
    [Yann Ylavic]
  * ) mod_ssl: The SSLCompression directive will now give an error if used
    with an OpenSSL build which does not support any compression methods.
    [Joe Orton]
  * ) mpm_event,worker: Mask signals for threads created by modules in child
    init, so that they don't receive (implicitely) the ones meant for the MPM.
    PR 62009. [Armin Abfalterer <a.abfalterer gmail com>, Yann Ylavic]
  * ) mod_md: new experimental, module for managing domains across virtual hosts,
    implementing the Let's Encrypt ACMEv1 protocol to signup and renew
    certificates. Please read the modules documentation for further instructions
    on how to use it. [Stefan Eissing]
  * ) mod_proxy_html: skip documents shorter than 4 bytes
    PR 56286 [Micha Lenk <micha lenk info>]
  * ) core, mpm_event: Avoid a small memory leak of the scoreboard handle, for
    the lifetime of the connection, each time it is processed by MPM event.
    [Yann Ylavic]
  * ) mpm_event: Update scoreboard status for KeepAlive state.  [Yann Ylavic]
  * ) mod_ldap: Fix a case where a full LDAP cache would continually fail to
    purge old entries and log AH01323. PR61891.
    [Hendrik Harms <hendrik.harms>]
  * ) mpm_event: close connections not reported as handled by any module to
    avoid losing track of them and leaking scoreboard entries.  PR 61551.
    [Yann Ylavic]
  * ) core: A signal received while stopping could have crashed the main
    process.  PR 61558.  [Yann Ylavic]
  * ) mod_ssl: support for mod_md added. [Stefan Eissing]
  * ) mod_proxy_html: process parsed comments immediately.
    Fixes bug (seen in the wild when used with IBM's HTTPD bundle)
    where parsed comments may be lost. [Nick Kew]
  * ) mod_proxy_html: introduce doctype for HTML 5 [Nick Kew]
  * ) mod_proxy_html: fix typo-bug processing "/strict"/ vs "/transitional"/
    HTML/XHTML.  PR 56457  [Nick Kew]
  * ) mpm_event: avoid a very unlikely race condition between the listener and
    the workers when the latter fails to add a connection to the pollset.
    [Yann Ylavic]
  * ) core: silently ignore a not existent file path when IncludeOptional
    is used. PR 57585. [Alberto Murillo Silva <powerbsd>, Luca Toscano]
  * ) mod_macro: fix usability of globally defined macros in .htaccess files.
    PR 57525.  [Jose Kahan <jose>, Yann Ylavic]
  * ) mod_rewrite, core: add the Vary header when a condition evaluates to true
    and the related RewriteRule is used in a Directory context
    (triggering an internal redirect). [Luca Toscano]
  * ) ab: Make the TLS layer aware that the underlying socket is nonblocking,
    and use/handle POLLOUT where needed to avoid busy IOs and recover write
    errors when appropriate.  [Yann Ylavic]
  * ) ab: Keep reading nonblocking to exhaust TCP or SSL buffers when previous
    read was incomplete (the SSL case can cause the next poll() to timeout
    since data are buffered already).  PR 61301 [Luca Toscano, Yann Ylavic]
  * ) mod_http2: avoid unnecessary data retrieval for a trace log. Allow certain
    information retrievals on null bucket beams where it makes sense. [Stefan Eissing]
- Replace SuSEFirewall2 by firewalld II (fate#323460) [bsc#1083492]
- build mod_http2 also for 42.3
- remove NameVirtualHost from documentation [bsc#1078557]
- for older distros, still use SuSEFirewall2 [bsc#1071548c#7]
- Replace SuSEFirewall2 by firewalld (fate#323460)
- build brotli module
- Do not requires w3m, only recommends it.
- do not build with nghttp2 for SLE-12-SP3
- which was split after SLE11
- Add which and w3m as dependencies. poo#28406
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- APACHE_MODULES now contains authn_core in default configuration
- updated to 2.4.29:
  * ) mod_unique_id: Use output of the PRNG rather than IP address and
    pid, avoiding sleep() call and possible DNS issues at startup,
    plus improving randomness for IPv6-only hosts.  [Jan Kaluza]
  * ) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST
    is used in a condition that evaluates to true. PR 58231 [Luca Toscano]
  * ) mod_http2: v0.10.12, removed optimization for mutex handling in bucket
    beams that could lead to assertion failure in edge cases.
    [Stefan Eissing]
  * ) mod_proxy: Fix regression for non decimal loadfactor parameter introduced
    in 2.4.28.  [Jim Jagielski]
  * ) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set.
    PR 61546.  [Lubos Uhliarik <luhliari>]
  * ) mod_rewrite: Add support for starting External Rewriting Programs
    as non-root user on UNIX systems by specifying username and group
    name as third argument of RewriteMap directive.  [Jan Kaluza]
  * ) core: Rewrite the Content-Length filter to avoid excessive memory
    consumption. Chunked responses will be generated in more cases
    than in previous releases.  PR 61222.  [Joe Orton, Ruediger Pluem]
  * ) mod_ssl: Fix SessionTicket callback return value, which does seem to
    matter with OpenSSL 1.1. [Yann Ylavic]
- gensslcert:
  * set also SAN [bsc#1045159]
  * drop -C argument, it was not mapped to CN actually
  * consider also case when hostname does return empty string or
    does not exist [bsc#1057406]
  * do not consider environment ROOT variable
- updated to 2.4.28:
  * ) SECURITY: CVE-2017-9798 (
    Corrupted or freed memory access. <Limit[Except]> must now be used in the
    main configuration file (httpd.conf) to register HTTP methods before the
    .htaccess files.  [Yann Ylavic]
  * ) event: Avoid possible blocking in the listener thread when shutting down
    connections. PR 60956.  [Yann Ylavic]
  * ) mod_speling: Don't embed referer data in a link in error page.
    PR 38923 [Nick Kew]
  * ) htdigest: prevent a buffer overflow when a string exceeds the allowed max
    length in a password file.
    [Luca Toscano, Hanno Böck <hanno hboeck de>]
  * ) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).
    [Jim Jagielski]
  * ) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
    PR 61142.
  * ) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
    down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
    's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski]
  * ) mod_http2: Fix for stalling when more than 32KB are written to a
    suspended stream.  [Stefan Eissing]
  * ) build: allow configuration without APR sources.  [Jacob Champion]
  * ) mod_ssl, ab: Fix compatibility with LibreSSL.  PR 61184.
    [Bernard Spil <brnrd>, Michael Schlenker <msc>,
    Yann Ylavic]
  * ) core/log: Support use of optional "/tag"/ in syslog entries.
    PR 60525. [Ben Rubson <ben.rubson>, Jim Jagielski]
  * ) mod_proxy: Fix ProxyAddHeaders merging.  [Joe Orton]
  * ) core: Disallow multiple Listen on the same IP:port when listener buckets
    are configured (ListenCoresBucketsRatio > 0), consistently with the single
    bucket case (default), thus avoiding the leak of the corresponding socket
    descriptors on graceful restart.  [Yann Ylavic]
  * ) event: Avoid listener periodic wake ups by using the pollset wake-ability
    when available.  PR 57399.  [Yann Ylavic, Luca Toscano]
  * ) mod_proxy_wstunnel: Fix detection of unresponded request which could have
    led to spurious HTTP 502 error messages sent on upgrade connections.
    PR 61283.  [Yann Ylavic]
- suexec binary moved to main package [bsc#1054741]
- do not call and do not ship apache-22-24-upgrade [bsc#1042037]
- make the package runable on non systemd systems
  + deprecated-scripts-arch.patch
- updated to 2.4.27:
  * ) COMPATIBILITY: mod_lua: Remove the undocumented exported 'apr_table'
    global variable when using Lua 5.2 or later. This was exported as a
    side effect from luaL_register, which is no longer supported as of
    Lua 5.2 which deprecates pollution of the global namespace.
    [Rainer Jung]
  * ) COMPATIBILITY: mod_http2: Disable and give warning when using Prefork.
    The server will continue to run, but HTTP/2 will no longer be negotiated.
    [Stefan Eissing]
  * ) COMPATIBILITY: mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the
    default ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
    [Jacob Champion, Jim Jagielski]
  * ) mod_lua: Improve compatibility with Lua 5.1, 5.2 and 5.3.
    PR58188, PR60831, PR61245. [Rainer Jung]
  * ) mod_http2: Simplify ready queue, less memory and better performance. Update
    mod_http2 version to 1.10.7. [Stefan Eissing]
  * ) Allow single-char field names inadvertantly disallowed in 2.4.25.
    PR 61220. [Yann Ylavic]
  * ) htpasswd / htdigest: Do not apply the strict permissions of the temporary
    passwd file to a possibly existing passwd file. PR 61240. [Ruediger Pluem]
  * ) core: Avoid duplicate HEAD in Allow header.
    This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26.
    PR 61207. [Christophe Jaillet]
- drop upstreamed patch:
  * httpd-2.4.12-lua-5.2.patch (see upstream's PR#58188 for details)
- Adjust dependencies for rename apr/apr-util packages
-  remove /usr/bin/http2 symlink only during apache2 package
  uninstall, not upgrade [bsc#1041830]
- updated to 2.4.26: This release of Apache is a security, feature,
  and bug fix release. For details, see
- refreshed patches:
  . httpd-2.4.12-lua-5.2.patch
  . httpd-2.4.x-fate317766-config-control-two-protocol-options.diff
- removed patches (upstreamed)
  . httpd-cache-forward-http-proxy.patch
  . httpd-cache-revert-svn1773397.patch
- server-tunning.conf: MaxClients was renamed to MaxRequestWorkers
- gensslcert: use hostname when fqdn is too long [bsc#1035829]
- remove apache-doc and apache-example-pages obsoletes/provides
- PreRequire user wwwrun and group www
- start_apache2: include individual sysconfig.d files instead of
  sysconfig.d dir, include sysconfig.d/include.conf after httpd.conf
  is processed [bsc#1023616]
- revert an attempt to fix PR 60458
  + httpd-cache-revert-svn1773397.patch
- fix caching of forward proxy
  + httpd-cache-forward-http-proxy.patch
- Don't require insserv if we don't need it.
- Added new HTTP2 option to sysconfig to ease enabling http2
- Added new protocols.conf which is included globally
- Enable http2 also for Leap 42.2+ and SLE12_SP2+
- update to 2.4.25: fixed several security issues (CVE-2016-8740,
  CVE-2016-5387, CVE-2016-2161, CVE-2016-0736, CVE-2016-8743), many
  fixes and improvements of mod_http2 and other modules; see CHANGES
  for full change log
- verify tarball: added httpd*.bz2.asc, apache2.keyring and remove
- fix build with new systemd
  + amended httpd-2.4.3-mod_systemd.patch
- Replace mixed indentation with predominant style.
- add NotifyAccess=all to service file [bsc#980663]
- Remove the omc xml config. It is useless nowdays
- readd the support of multiple entries in APACHE_ACCESS_LOG
- add httpd-2.4.x-fate317766-config-control-two-protocol-options.diff
  Introduces directives to control two protocol options:
  * HttpContentLengthHeadZero - allow Content-Length of 0 to be
    returned on HEAD
  * HttpExpectStrict - allow admin to control whether we must
    see "/100-continue"/
  [bsc#894225], [fate#317766]
- version 2.4.23
  * Fixes CVE-2016-4979 [bsc#987365]
  * mod_proxy_hcheck was missing due to upstream bug.
  * mod_proxy_fdpass needs explicit configure line now.
  * Full list of changes:
- Remove pkgconfig(libsystemd-daemon). Nowadays pkgconfig(libsystemd)
  is enough and replaces all libsystemd-* libs which are obsolete.
- remove Alias= from [Install] of the template service
- remove unneded httpd-2.4.17-debug-crash.patch
- start apache services after remote-fs [bsc#978543]
- removed note about ulimits in sysconfig file [bsc#976711]
- do not build mod_http2 for 13.2
- Update to version 2.4.20 (2.4.19 was never released)
  * Drop httpd-2.4.18-missing-semicolon.patch now upstream
- Big changelog available, see: for details.
- enable authnz_fcgi module
- fix build for SLE_11_SP4:
  + httpd-2.4.18-missing-semicolon.patch
- Update to version 2.4.18
  * drop 2.4.17-protocols.patch in upstream.
- Change list too long to mention here see: for details.
- systemd: Set TasksMax=infinity for current systemd releases.
  The default limit of 512 is too small and prevents the creation of
  new server processes. Apache has its own runtime/harcoded limits.
- fix crash when for -X
  + httpd-2.4.17-debug-crash.patch
- add a note: FollowSymLinks or SymLinksIfOwnerMatch is neccessary
  for RewriteRule in given dir [bnc#955701]
- restart apache once after the rpm or zypper transaction
- drop some old compat code from %post
- 2.4.17-protocols.patch from upstream http2 module:
  * master conn_rec* addition to conn_rec
  * improved ALPN and Upgrade handling
  * allowing requests for servers whose TLS configuration is compatible
  to the SNI server ones
  * disabling TLS renegotiation for slave connections
- LogLevel directive into correct config file, thanks Michael Calmer
  for the fix [bsc#953329]
- do not build mod_http2 for older distros than 13.2 for now (nghttp2
  does not build there)
- Include directives really into /etc/apache2/sysconfig.d/include.conf,
  fix from Erik Wegner [bsc#951901]
- gensslcert: CN now defaults to `hostname -f` [bnc#949766]
  (internal), fix help [bnc#949771] (internal)
-  Update to 2.4.17
- Enable mod_http2/ BuildRequire nghttp2
- MPMs: Support SO_REUSEPORT to create multiple duplicated listener
  records for scalability
- mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3
- For more changes see:
- start_apache2: reintroduce sysconfig.d, include it on
  command line (not in httpd.conf) instead of individual directives
  [bnc#949434] (internal), [bnc#941331]
- Fixup libdir in installed files
- fix Logjam vulnerability: change SSLCipherSuite cipherstring to
  disable export cipher suites and deploy Ephemeral Elliptic-Curve
  Diffie-Hellman (ECDHE) ciphers. Adjust 'gensslcert' script to
  generate a strong and unique Diffie Hellman Group and append it
  to the server certificate file [bnc#931723], [CVE-2015-4000]
- add reference upstream bug#58188 along httpd-2.4.12-lua-5.2.patch
- update to 2.4.16
  * changes
  * remove the following patches (fixed in 2.4.16)
  * httpd-2.4.x-mod_lua_websocket_DoS.patch
  * httpd-2.4.12-CVE-2015-0253.patch
  * update httpd-2.4.12-lua-5.2.patch
- add patch: httpd-2.4.12-lua-5.2.patch
  * lua_dump introduced a new strip option in 5.3, set it to 0
    to get the old behavior
  * luaL_register was deprecated in 5.2, use luaL_setfuncs and
    luaL_newlib instead
  * luaL_optint was deprecated in 5.3, use luaL_optinteger instead
  * lua_strlen and lua_objlen wad deprecated in 5.2, use lua_rawlen
- change Provides: from suse_maintenance_mmn = # to
- apache2 Suggests:, not Recommends: apache2-prefork; that means
  for example, that `zypper in apache2-worker` will not pull
  apache2-prefork also
- installing /usr/sbin/httpd link:
  * do not try to install it in '%post <MPM>' when apache2 (which
    includes /usr/share/apache2/script-helpers) is not installed
    yet (fixes installation on 11sp3)
  * install it in '%post' if apache2 is installed after
    apache2-<MPM> to be sure it is there
- access_compat shared also for 11sp3
- apache2-implicit-pointer-decl.patch renamed to
  httpd-implicit-pointer-decl.patch to align with other
  patches names
- apachectl is now wrapper to start_apache2; therefore, it honors
  HTTPD_INSTANCE variable, see README-instances.txt for details
  + httpd-apachectl.patch
  - httpd-2.4.10-apachectl.patch
- a2enmod/a2dismod and a2enflag/a2disflag now respect
  HTTPD_INSTANCE=<instance_name> environment variable, which can be
  used to specify apache instance name; sysconfig file is expected
  at /etc/sysconfig/apache2@<instance_name>
  (see README-instances.txt for details)
- provides suse_maintenance_mmn symbol [bnc#915666] (internal)
- credits to Roman Drahtmueller:
  * add reference to /etc/permissions.local to output of %post if
    setting the permissions of suexec2 fails
  * do not enable mod_php5 by default any longer
  * httpd-2.0.49-log_server_status.dif obsoleted
  * apache2-mod_ssl_npn.patch removed because not used
  * include mod_reqtimeout.conf in httpd.conf
  * added cgid-timeout.conf, include
    it in httpd.conf
- fix default value APACHE_MODULES in sysconfig file
- %service_* macros for apache2@.service
- reenable 690734.patch, it should be upstreamed by the author
  (Adrian Schroeter) though
  + httpd-2.4.9-bnc690734.patch
  - httpd-2.2.x-bnc690734.patch
- drop startssl from start_apache2
- allow to run multiple instances of Apache on one system
  [fate#317786] (internal)
  * distributed httpd.conf no longer includes sysconfig.d, nor this
    directory is shipped. httpd.conf includes loadmodule.conf and
    global.conf which are former sysconfig.d/loadmodule.conf and
    sysconfig.d/global.conf for default /etc/sysconfig/apache2
    global.conf and loadmodule.conf are not included when
    sysconfig variables could have been read by start_apache2
    startup script (run with systemd services). Therefore, when
    starting server via /usr/sbin/httpd, sysconfig variables
    are not taken into account.
  * some not-maintained scripts are moved from
    /usr/share/apache2 to /usr/share/apache2/deprecated-scripts
  * all modules comment in sysconfig file is not generated
  * added README-instances.txt
  * removed Sources:
  * added Sources:
- add SSLHonorCipherOrder directive to apache2-ssl-global.conf
- adopt SSLCipherSuite directive value from SLE12
- remove default-vhost-ssl.conf and default-vhost.conf from
  /etc/apache2. These two files are not (!) read by the
  configuration framework, but are named *.conf, which is
  misleading. The files are almost identical with the vhost
  templates in /etc/apache2/vhosts.d/. The two templates there do
  it right because they are not named *.conf and are not sourced
  either. apache's response with no explicit (eg. default, vanilla)
  configuration is contained in /etc/apache2/default-server.conf.
  * remove apache2-README.default-vhost as there are no
    default-vhost* files anymore.
- apache2.service: We have to use KillMode=mixed for the
  graceful stop, restart to work properly.
- dropped 2.0 -> 2.2 modules transition during upgrade
  * apache-20-22-upgrade renamed to apache-22-24-upgrade
- apache-*-upgrade script is called in %posttrans now [bnc#927223]
- fix find_mpm to echo mpm binary
- apache2.service: Only order us after and but not pull the units in.
- apache2.service: SSL requires correct system time to
  work properly, order after
- align filenames with upstream names (and add compat symlinks)
- find_httpd2_includes renamed to find_httpd_includes
- access_compat now built as shared and disabled by default
- amend config to use also old syntax when access_compat is
- added apache2-README-access_compat.txt
- added apache-find-directive script
- see [bnc#896083] and its duplicates
- add httpd-2.4.12-CVE-2015-0253.patch to fix SECURITY: CVE-2015-0253
  ( core: Fix a crash introduced in with ErrorDocument
  400 pointing to a local URL-path with the INCLUDES filter active,
  introduced in 2.4.11. PR 57531. [Yann Ylavic]
- simplify apache2.logrotate, use sharedscripts [bnc#713581]
- remove curly brackets around format sequence "/%y"/ in
  `stat --format="/%{y}"/ %{SOURCE1}` that caused an incorrect
  evaluation. Add escaping to proper spec-cleaner processing in
  the future
- remove 'exit 0' from the %post section in the specfile that was
  placed here incorrectly and caused that the rest of the %post
  section couldn't be executed.
- /etc/init.d/apache2 reload -> systemctl reload apache2.service
  in apache2.logrotate [bnc#926523]
- authz_default -> authz_core in sysconfig.apache2/APACHE_MODULES
- Add Requires(post) apache2 to the subpackage -worker, -event and
  - prefork: their respective post scriptlets execute
  /usr/share/apache2/get_module_list, which is shipped as part of
  the main package. This script has the side-effect to call
  find_mpm, which in turn creates the corresponding /usr/sbin/httpd2
- Patched get_module_list to ensure proper SELinux context for
- Pname -> name variable reduction
- Try to fix sle11 build
- Version bumpt o 2.4.12:
  * ) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
    internationalization.  [William Rowe]
  * ) mpm_winnt: Normalize the error and status messages emitted by service.c,
    the service control interface for Windows.  [William Rowe]
  * ) configure: Fix --enable-v4-mapped configuration on *BSD. PR 53824.
    [ olli hauer <ohauer>, Yann Ylavic ]
- Exit cleanly on end of the post and cleanup the update detection
- Remove Apache.xpm as it ain't used
- Cleanup init/unit decision making and provide just systemd service
  on systemd systems
- Deprecate realver define as it is equal to version.
- Explicitely state MPM mods to ensure we don't lose some bnc#444878
- Pass over spec-cleaner, there should be no actual technical
  change in this just reduction of lines in the spec
- add httpd-2.4.x-mod_lua_websocket_DoS.patch to fix mod_lua bug
  where a maliciously crafted websockets PING after a script calls
  r:wsupgrade() can cause a child process crash
  [CVE-2015-0228], [bnc#918352].
- in rc.apache2 was wrong [bnc#898193]
- httpd-2.4.3-mod_systemd.patch find libsystemd-daemon
  with pkg-config, this is the only correct way, in current
  versions sd_notify is in libsystemd and in old products
  in libsystemd-daemon.
- remove obsolete patches
  * httpd-2.4.10-check_null_pointer_dereference.patch
  * httpd-event-deadlock.patch
  * httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
  * httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch
- Apache 2.4.11
  * ) SECURITY: CVE-2014-3583 (
    mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with
    response headers' size above 8K.  [Yann Ylavic, Jeff Trawick]
  * ) SECURITY: CVE-2014-3581 (
    mod_cache: Avoid a crash when Content-Type has an empty value.
    PR 56924.  [Mark Montague <mark>, Jan Kaluza]
  * ) SECURITY: CVE-2014-8109 (
    mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
    used in multiple Require directives with different arguments.
    PR57204 [Edward Lu <Chaosed0>]
  * ) SECURITY: CVE-2013-5704 (
    core: HTTP trailers could be used to replace HTTP headers
    late during request processing, potentially undoing or
    otherwise confusing modules that examined or modified
    request headers earlier.  Adds "/MergeTrailers"/ directive to restore
    legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
  * ) mod_ssl: New directive SSLSessionTickets (On|Off).
    The directive controls the use of TLS session tickets (RFC 5077),
    default value is "/On"/ (unchanged behavior).
    Session ticket creation uses a random key created during web
    server startup and recreated during restarts. No other key
    recreation mechanism is available currently. Therefore using session
    tickets without restarting the web server with an appropriate frequency
    (e.g. daily) compromises perfect forward secrecy. [Rainer Jung]
  * ) mod_proxy_fcgi: Provide some basic alternate options for specifying
    how PATH_INFO is passed to FastCGI backends by adding significance to
    the value of proxy-fcgi-pathinfo. PR 55329. [Eric Covener]
  * ) mod_proxy_fcgi: Enable UDS backends configured with SetHandler/RewriteRule
    to opt-in to connection reuse and other Proxy options via explicitly
    declared "/proxy workers"/ (<Proxy unix:... enablereuse=on max=...)
    [Eric Covener]
  * ) mod_proxy: Add "/enablereuse"/ option as the inverse of "/disablereuse"/.
    [Eric Covener]
  * ) mod_proxy_fcgi: Enable opt-in to TCP connection reuse by explicitly
    setting proxy option disablereuse=off. [Eric Covener] PR 57378.
  * ) event: Update the internal "/connection id"/ when requests
    move from thread to thread. Reuse can confuse modules like
    mod_cgid. PR 57435. [Michael Thorpe <mike>]
  * ) mod_proxy_fcgi: Remove proxy:balancer:// prefix from SCRIPT_FILENAME
    passed to fastcgi backends. [Eric Covener]
  * ) core: Configuration files with long lines and continuation characters
    are not read properly. PR 55910. [Manuel Mausz <manuel-as>]
  * ) mod_include: the 'env' function was incorrectly handled as 'getenv' if the
    leading 'e' was written in upper case in <!--#if expr="/..."/ -->
    statements. [Christophe Jaillet]
  * ) split-logfile: Fix perl error:  'Can't use string ("/"/)
    as a symbol ref while "/strict refs"/'. PR 56329.
    [Holger Mauermann <mauermann>]
  * ) mod_proxy: Prevent ProxyPassReverse from doing a substitution when
    the URL parameter interpolates to an empty string. PR 56603.
  * ) core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
    PR 57328.  [Armin Abfalterer <a.abfalterer>, Yann Ylavic].
  * ) mod_proxy: Preserve original request headers even if they differ
    from the ones to be forwarded to the backend. PR 45387.
    [Yann Ylavic]
  * ) mod_ssl: dump SSL IO/state for the write side of the connection(s),
    like reads (level TRACE4). [Yann Ylavic]
  * ) mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198.
    [Jan Kaluza]
  * ) mod_ssl: Do not crash when looking up SSL related variables during
    expression evaluation on non SSL connections. PR 57070  [Ruediger Pluem]
  * ) mod_proxy_ajp: Fix handling of the default port (8009) in the
    ProxyPass and <Proxy> configurations.  PR 57259.  [Yann Ylavic]
  * ) mpm_event: Avoid a possible use after free when notifying the end of
    connection during lingering close.  PR 57268.  [Eric Covener, Yann Ylavic]
  * ) mod_ssl: Fix recognition of OCSP stapling responses that are encoded
    improperly or too large.  [Jeff Trawick]
  * ) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
    [Jeff Trawick]
  * ) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
    error when parsing or forwarding the response fails. [Yann Ylavic]
  * ) mod_ssl: Fix a memory leak in case of graceful restarts with OpenSSL >= 0.9.8e
    PR 53435 [tadanori <tadanori2007>, Sebastian Wiedenroth <wiedi>]
  * ) mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read
    determine whether it is a normal close or a real error. PR 57168. [Yann
  * ) mod_proxy_wstunnel: abort backend connection on polling error to avoid
    further processing.  [Yann Ylavic]
  * ) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
    PR 57167 [Edward Lu <Chaosed0>]
  * ) mod_proxy_connect: Fix ProxyRemote to https:// backends on EBCDIC
    systems. PR 57092 [Edward Lu <Chaosed0>]
  * ) mod_cache: Avoid a 304 response to an unconditional requst when an AH00752
    CacheLock error occurs during cache revalidation. [Eric Covener]
  * ) mod_ssl: Move OCSP stapling information from a per-certificate store to
    a per-server hash. PR 54357, PR 56919. [Alex Bligh <alex>,
    Yann Ylavic, Kaspar Brand]
  * ) mod_cache_socache: Change average object size hint from 32 bytes to
    2048 bytes.  [Rainer Jung]
  * ) mod_cache_socache: Add cache status to server-status.  [Rainer Jung]
  * ) event: Fix worker-listener deadlock in graceful restart.
    PR 56960.
  * ) Concat strings at compile time when possible. PR 53741.
  * ) mod_substitute: Restrict configuration in .htaccess to
    FileInfo as documented.  [Rainer Jung]
  * ) mod_substitute: Make maximum line length configurable.  [Rainer Jung]
  * ) mod_substitute: Fix line length limitation in case of regexp plus flatten.
    [Rainer Jung]
  * ) mod_proxy: Truncated character worker names are no longer fatal
    errors. PR53218. [Jim Jagielski]
  * ) mod_dav: Set r->status_line in dav_error_response. PR 55426.
  * ) mod_proxy_http, mod_cache: Avoid (unlikely) accesses to freed memory.
    [Yann Ylavic, Christophe Jaillet]
  * ) http_protocol: fix logic in ap_method_list_(add|remove) in order:
  - to correctly reset bits
  - not to modify the 'method_mask' bitfield unnecessarily
    [Christophe Jaillet]
  * ) mod_slotmem_shm: Increase log level for some originally debug messages.
    [Jim Jagielski]
  * ) mod_ldap: In 2.4.10, some LDAP searches or comparisons might be done with
    the wrong credentials when a backend connection is reused.
    [Eric Covener]
  * ) mod_macro: Add missing APLOGNO for some Warning log messages.
    [Christophe Jaillet]
  * ) mod_cache: Avoid sending 304 responses during failed revalidations
    PR56881. [Eric Covener]
  * ) mod_status: Honor client IP address using mod_remoteip. PR 55886.
    [Jim Jagielski]
  * ) cmake-based build for Windows: Fix incompatibility with cmake 2.8.12
    and later.  PR 56615.  [Chuck Liu <cliu81>, Jeff Trawick]
  * ) mod_ratelimit: Drop severity of AH01455 and AH01457 (ap_pass_brigade
    failed) messages from ERROR to TRACE1.  Other filters do not bother
    re-reporting failures from lower level filters.  PR56832.  [Eric Covener]
  * ) core: Avoid useless warning message when parsing a section guarded by
    <IfDefine foo> if $(foo) is used within the section.
    PR 56503 [Christophe Jaillet]
  * ) mod_proxy_fcgi: Fix faulty logging of large amounts of stderr from the
    application.  PR 56858.  [Manuel Mausz <manuel-asf>]
  * ) mod_proxy_http: Proxy responses with error status and
    "/ProxyErrorOverride On"/ hang until proxy timeout.
    PR53420 [Rainer Jung]
  * ) mod_log_config: Allow three character log formats to be registered. For
    backwards compatibility, the first character of a three-character format
    must be the '^' (caret) character.  [Eric Covener]
  * ) mod_lua: Don't quote Expires and Path values. PR 56734.
    [Keith Mashinter, <kmashint yahoo com>]
  * ) mod_authz_core: Allow <AuthzProviderAlias>'es to be seen from auth
    stanzas under virtual hosts. PR 56870. [Eric Covener]
- Redone lost patch to fix boo#859439
  + service reload can cause log data to be lost with logrotate
  under some circumstances: remove "/-t"/ from service reload.
- Fix URL syntax in various files
- fix IfModule directive around SSLSessionCache [bnc#842377c#11]
- added httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
  to fix flaw in the way mod_headers handled chunked requests. Adds
  "/MergeTrailers"/ directive to restore legacy behavior
  [bnc#871310], [CVE-2013-5704].
- added httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch
  that fixes handling of the Require line when a LuaAuthzProvider is
  used in multiple Require directives with different arguments
  [bnc#909715], [CVE-2014-8109].
- fixed start at boot for ssl and encrypted key [bnc#792309]
- fix shebang in start_apache2 script that contains bash-specific
- small improvement of ssl instructions [bnc#891813]
- fix bashisms in post scripts
- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid
  a crash when Content-Type has an empty value [bnc#899836],
- httpd-event-deadlock.patch:  Fix worker-listener
  deadlock in graceful restart.
- httpd-2.1.9-apachectl.dif renamed to httpd-2.4.10-apachectl.patch
  and updated (fixed bashism).
- drop (turned off) itk mpm spec file code as mpm-itk is now
  provided as a separate module, not via patch
  (see and [bnc#851229])
- enable mod_imagemap [bnc#866366]
- Fix description (bsc#1084882)
- update to 4.5.18 see full changes bugfix and new features here:
- specleanup
- update to 4.5.2
  * Upstream release notes:
- minimized delta between spec files
- use the #/ trick for the source url
- update to 4.4.22
  * Upstream release notes:
- update to 4.4.13
  * Upstream release notes:
- test module with %apache_test_module_load
- update to 4.4.8
  * Upstream release notes:
- seperate package for python3 to fix module loading errors
- conflict with mod_wsgi-python3
- Build subpackage with mod_wsgi_python3 (bsc#939717)
- Requries: %{apache_suse_maintenance_mmn}
  This will pull this module to the update (in released distribution)
  when apache maintainer thinks it is good (due api/abi changes).
- Fix build failure on SLE 12 (Apache 2.4.10)
  + add wsgi_fixVersionCheck.patch
  + build failed due to improper version check
- Update to version 4.4.6
  - Upstream release notes:
  - As of version 4.2.7 mod_wsgi is effected by
- call spec-cleaner
- use apache rpm macros
- change URL to new location
- provide short module name
- Update to version 4.2.5
  - remove mod_wsgi-3.4-connsbh.patch - included in upstream version
  - remove mod_wsgi-setuid-patch.diff - included in upstream version
  - No longer support the use of mod_python in conjunction with
  - Adding a lot of new configuration option
  - fix off-by-one error in setgroups (bnc#883229)
- fix Local privilege escalation (bnc#878550)
- Fix module name sent to a2enmod/a2dismod and fix/cleanup
  post/postun scripts.
- Add patch "/mod_wsgi-3.4-connsbh.patch"/ to fix segmentation faults
  with apache 2.4 (
- Update to version 3.4:
  + New support for Apache 2.4
  + Support for Python 3.2
  + Is now guaranteed that mod_ssl access handler is run before
    that for mod_wsgi so that any per request variables setup by
    mod_ssl are available in the mod_wsgi access handler as
    implemented by WSGIAccessScript directive.
  + Added 'python-home' option to WSGIDaemonProcess.
  + Added 'lang' and 'locale' options to WSGIDaemonProcess.
  + Split combined WWW-Authenticate header returned from daemon
    process back into separate headers.
- Introduce build compatibility with apache 2.4: apxs2 was moved
  from %{_sbindir} to %{_bindir}
- Require apache2, a module makes little sense without
- add post/postun section
  * enable module after install (a2enmod)
  * disable module after deinstall (a2enmod -d)
- fix License as required by
  * Apache-2.0
- fix build for CentOS/RHEL
- spec-cleanup
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
- update to 3.3:
- update to 2.5:
- minor spec file fixes (use %configure, -j%jobs)
- Modified to build on RHEL8.
- test module with %apache_test_module_load
- Requries: %{apache_suse_maintenance_mmn}
  This will pull this module to the update (in released distribution)
  when apache maintainer thinks it is good (due api/abi changes).
- call spec-cleaner
- use apache rpm macros
- Initial package
- update to AppArmor 2.13.6
  - fix utils hotkey conflicts in some languages
  - aa-autodep: load abstractions on start (boo#1178527)
  - add usr.lib.dovecot.script-login profile
  - minor additions in abstractions/X and the dovecot profile
  - see
    for the detailed upstream changelog
- drop upstreamed patch libapparmor-so-number.diff
- update to AppArmor 2.13.5
  - add missing permissions to several profiles and abstractions
  - bugfixes in parser and tools
  - see
    for the detailed upstream changelog
- remove upstream(ed) patches
  - changes-since-2.13.4.diff
  - abstractions-X-xauth-mr582.diff
  - sevdb-caps-mr589.diff
  - libvirt-leaseshelper.patch
  - cap_checkpoint_restore.diff
- add libapparmor-so-number.diff to fix libapparmor so version (!658)
- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
- %service_del_postun_without_restart only works for Tumbleweed,
  keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
- Make use of %service_del_postun_without_restart
  And stop using DISABLE_RESTART_ON_UPDATE as this interface is
- libvirt-leaseshelper.patch: add /usr/libexec as a path to the
  libvirt leaseshelper script (jsc#SLE-14253)
- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON
  to severity.db (lp#1890547)
- add abstractions-X-xauth-mr582.diff to allow reading the xauth file
  from its new sddm location (boo#1174290, boo#1174293)
- add changes-since-2.13.4.diff with upstream changes and fixes
  since 2.13.4 up to 5f61bd4c:
  - add several abstractions related to xdg-open:
    dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
    kde-open5, xdg-open
  - introduce @{run} variable
  - update dnsmasq and winbindd profile
  - update mdns, mesa and nameservice abstraction
  - some bugfixes in the aa-* tools, including a remote bugfix in the
    YaST AppArmor module (boo#1171315)
- drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
  - make-4.3-capabilities.diff
  - make-4.3-capabilities-vim.diff
  - make-4.3-fix-utils-network-test.diff
  - make-4.3-network.diff
  - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- apply usr-etc-abstractions-base-nameservice.diff only for
  Tumbleweed, but not for Leap 15.x where it's not needed
- refresh usr-etc-abstractions-base-nameservice.diff
- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- fix build with make 4.3 by backporting some commits from upstream
  master (boo#1167953):
  - make-4.3-capabilities.diff
  - make-4.3-capabilities-vim.diff
  - make-4.3-network.diff
  - make-4.3-fix-utils-network-test.diff
- update to AppArmor 2.13.4
  - several abstraction updates (including boo#1153162)
  - disallow writing to fontconfig cache in abstractions/fonts
  - some bugfixes in the aa-* tools
  - see
    for the detailed upstream changelog
- drop upstreamed patches:
  - abstractions-ssl-certbot-paths.diff
  - apparmor-krb5-conf-d.diff
  - libapparmor-python3.8.diff
  - usr-etc-abstractions-authentification.diff
- refresh usr-etc-abstractions-base-nameservice.diff
- add usr-etc-abstractions-base-nameservice.diff to adjust
  abstractions/base and nameservice for /usr/etc/ (boo#1161756)
- Properly pull in full python3 interpreter
- add libapparmor-python3.8.diff to fix building the libapparmor python
  bindings (deb#943657)
- add usr-etc-abstractions-authentification.diff to allow reading
  /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)
- add abstractions-ssl-certbot-paths.diff - add certbot paths to
  abstractions/ssl_certs and abstractions/ssl_keys
- add apparmor-krb5-conf-d.diff for kerberos client
- update to 2.13.3
  - profile updates for dnsmasq, dovecot, identd, syslog-ng
  - new "/lsb_release"/ profile (only used when using "/Px -> lsb_release"/)
  - fix buggy syntax in tunables/share
  - several abstraction updates
  - parser: fix "/Px -> foo-bar"/ (the "/-"/ was rejected before)
  - several bugfixes in aa-genprof and aa-logprof
  - see
    for the detailed upstream changelog
- drop upstream(ed) patches:
  - apparmor-nameservice-resolv-conf-link.patch
  - profile_filename_cornercase.diff
  - dnsmasq-libvirtd.diff
  - dnsmasq-revert-alternation.diff
  - usrmerge-fixes.diff
  - libapparmor-swig-4.diff
- re-number remaining patches
- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
  4.0 (boo#1135751)
- Disable LTO (boo#1133091).
- update profile for usrMerge (bash and tar) (boo#1132350)
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
  update-alternatives (boo#1127877)
- add dnsmasq-revert-alternation.diff: revert path alternation in
  dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
  breaking libvirtd (boo#1127073)
- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
  to match the newly added libvirtd profile name (boo#1118952#c3)
- Use %license instead of %doc [bsc#1082318]
- add apparmor-lessopen-nfs-workaround.diff: allow network access in for reading files on NFS (workaround for boo#1119937 /
- add profile_filename_cornercase.diff: drop check that lets aa-logprof
  error out in a corner-case (log event for a non-existing profile while
  a profile file with the default filename for that non-existing profile
  exists) (boo#1120472)
- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
  boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
- update to AppArmor 2.13.2
  - add profile names to most profiles
  - update dnsmasq profile (pid file and logfile path) (boo#1111342)
  - add vulkan abstraction
  - add letsencrypt certificate path to abstractions/ssl_*
  - ignore *.orig and *.rej files when loading profiles
  - fix aa-complain etc. to handle named profiles
  - several bugfixes and small profile improvements
  - see
    for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
- update to 2.13.1
  - add qt5 and qt5-compose-cache-write abstractions
  - add @{uid} and @{uids} kernel var placeholders
  - several profile and abstraction updates
  - ignore "/abi"/ rules in parser and tools (instead of erroring out)
  - utils: fix overwriting of child profile flags if they differ from
    the main profile
  - several bugfixes (including boo#1100779)
  - see
    for the detailed upstream changelog
- remove upstream(ed) patches:
  - aa-teardown-path.diff
  - fix-apparmor-systemd-perms.diff
  - logprof-skip-cache-d.diff
  - fix-samba-profiles.patch
  - make-pyflakes-happy.diff
  - dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch
- update rpmlintrc:
  - whitelist .features file which is part of the pre-compiled cache
  - comment out filters for the disabled tomcat_apparmor subpackage
- Backport dnsmasq fix:
  025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch
- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
- add fix-samba-profiles.patch - smbd loads new shared libraries.
  Allow winbindd to access new kerberos credential cache location
- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
- add fix-apparmor-systemd-perms.diff - fix permissions of
  /lib/apparmor/apparmor.systemd (boo#1090545)
- create and package precompiled cache (/usr/share/apparmor/cache,
  read-only) (boo#1069906, boo#1074429)
- change (writeable) cache directory to /var/cache/apparmor/ - with the
  new btrfs layout, the only reason for using /var/lib/apparmor/cache/
  (which was "/it's part of the / subvolume"/) is gone, and /var/cache
  makes more sense for the cache
- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
  cache locations
- clear cache also in %post of abstractions package
- update to AppArmor 2.13
  - add support for multiple cache directories and cache overlays
    (boo#1069906, boo#1074429)
  - add support for conditional includes in policy
  - remove group restrictions from aa-notify (boo#1058787)
  - aa-complain etc.: set flags for profiles represented by a glob
  - aa-status: split profile from exec name
  - several profile and abstraction updates
  - see
    for the detailed upstream changelog
- drop upstreamed patches and files:
  - aa-teardown
  - apparmor.service
  - apparmor.systemd
  - 32-bit-no-uid.diff
  - disable-cache-on-ro-fs.diff
  - dovecot-stats.diff
  - parser-write-cache-warn-only.diff
  - set-flags-for-profiles-represented-by-glob.patch
  - fix-regression-in-set-flags.patch
- drop spec code that handled installing aa-teardown, apparmor.service
  and apparmor.systemd (now part of upstream Makefile)
- simplify "/make -C profiles parser-check"/ call (upstream Makefile bug
  that required to call "/cd"/ was fixed)
- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
- move 'exec' symlink to parser package (belongs to aa-exec)
- Set flags for profiles represented by glob (bsc#1086154)
- add dovecot-stats.diff:
  - add dovecot/stats profile and allow dovecot to run it (boo#1088161)
  - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)
- update 32-bit-no-uid.diff with upstream fix
- Change of path of rpm in (boo#1082956)
- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is
  read-only and don't bail out (bsc#1069906, bsc#1074429)
- add parser-write-cache-warn-only.diff to make cache write failures a
  warning instead of an error (boo#1069906, boo#1074429)
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "/Suggests"/
  to avoid pulling in several Gnome packages on servers (boo#1067477)
- update to AppArmor 2.12
  - add support for 'owner' rules in aa-logprof and aa-genprof
  - add support for includes with absolute path in aa-logprof etc. (lp#1733700)
  - update aa-decode to also decode PROCTITLE (lp#1736841)
  - several profile and abstraction updates, including boo#1069470
  - see
    for the detailed upstream changelog
- drop upstreamed patches:
  - read_inactive_profile-exactly-once.patch
  - utils-fix-sorted-save_profiles-regression.diff
- lessopen profile: change all 'rix' rules to 'mrix'
- add 32-bit-no-uid.diff to fix handling of log events without ouid on
  32 bit systems
- update to AppArmor 2.11.95 aka 2.12 beta1
  - add JSON interface to aa-logprof and aa-genprof (used by YaST)
  - drop old YaST interface code
  - update audio, base and nameservice abstractions
  - allow @{pid} to match 7-digit pids
  - see
    for the detailed upstream changelog
- drop upstreamed patches
  - apparmor-yast-cleanup.patch
  - apparmor-json-support.patch
  - nameservice-libtirpc.diff
- drop obsolete perl modules (YaST no longer needs them)
- drop patches that were only needed by the obsolete perl modules:
  - apparmor-utils-string-split
  - apparmor-abstractions-no-multiline.diff
- drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
- refresh utils-fix-sorted-save_profiles-regression.diff
- add aa-teardown (new script to unload all profiles)
- make ExecStop in apparmor.service a no-op (workaround for a systemd
  restriction, see boo#996520 and boo#853019 for details)
- lessopen profile: allow capability dac_read_search and dac_override,
  allow groff to execute several helpers (boo#1065388)
- read_inactive_profile-exactly-once.patch (bsc#1069346)
  Perform reading of inactive profiles exactly once.
- update to AppArmor 2.11.1
  - add permissions to several profiles and abstractions (including
    lp#1650827 and boo#1057900)
  - several fixes in the aa-* tools (including lp#1689667, lp#1628286,
    lp#1661766 and boo#1062667)
  - fix downgrading/converting of 'unix' rules (will be supported in
    kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
  - see for
    upstream changelog
- remove upstream(ed) patches
  - upstream-changes-r3616..3628.diff
  - upstream-changes-r3629..3648.diff
  - parser-tests-dbus-duplicated-conditionals.diff
  - apparmor-fix-podsyntax.patch
  - sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
  in displaying the "/changed profiles"/ list in aa-logprof
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
- profiles-sockets-temporary-fix.patch to cater to nameservices with the
  new sockets mediation, until unix rules are upstreamed (boo#1061195)
- add apparmor-fix-podsyntax.patch from mailing list to fix
  compilation with perl 5.26
- do not require exact X.Y version of "/python3"/
- require also matching python(abi) which is arguably more important
- don't rely on implementation details for reload in %post
- add JSON support. Required for FATE#323380.
  (apparmor-yast-cleanup.patch, apparmor-json-support.patch)
- add upstream-changes-r3629..3648.diff:
  - preserve unknown profiles when reloading apparmor.service
    (CVE-2017-6507, lp#1668892, boo#1029696)
  - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
  - update nvidia abstraction for newer nvidia drivers
  - don't enforce ordering of dbus rule attributes in utils (lp#1628286)
  - add --parser, --base and --Include option to aa-easyprof to allow
    non-standard paths (useful for tests) (lp#1521031)
  - move initialization code in apparmor.aa to init_aa(). This allows to
    run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
    don't exist.
  - several improvements in the utils tests
- drop upstreamed python3-drop-re-locale.patch
- no longer delete/skip some of the utils tests (to allow this, add
- add var.mount dependeny to apparmor.service (boo#1016259#c34)
- Cleanup spec file:
  - don't use insserv if we afterwards call systemd, this can
    have bad side effects
  - remove dead code
  - remove now obsolete 'distro' checks
- Replace init.d script with new wrapper working with systemd
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE
  flag in Python UI as it was dropped from Python 3.6 (lp#1661766)
- add upstream-changes-r3616..3628.diff:
  - update abstractions/base, abstractions/apache2-common and dovecot profiles
  - merge ask_the_questions() of aa-logprof and aa-mergeprof
  - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)
- split libapparmor into separate spec to get rid of build loop
  involving mariadb, systemd, apparmor, libapr and mariadb again
  (see the discussion in SR 448871 for details)
- update to AppArmor 2.11.0
  - apparmor_parser now supports parallel compiles and loads
  - add full support for dbus, ptrace and signal rules and events to the
  - full rewrite of the file rule handling in the utils
  - lots of improvements and fixes
  - see for the
    detailed changelog
- patches:
  - add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
  - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
  - refresh apparmor-abstractions-no-multiline.diff
  - refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
  - aa-unconfined switched to using ss (from iproute2), adjust Recommends:
  - move libapparmor to /usr/lib*/
  - drop %if %suse_version checks for 12.x
  - change several Obsoletes from %version to < 2.9. Those package names
    weren't used since years, and 2.9 is still a careful choice
  - include apparmor.service independent of %suse_version
  - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
  - drop latex2html, texlive-* and w3m BuildRequires
  - techdoc.txt and techdoc.html not included, drop them from the package
  - run most of utils/ make check (some tests expect /etc/apparmor.d/ and
    /sbin/apparmor_parser to exist, skip them)
  - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
  - drop sed'ing python3 into aa-* shebang (upstreamed)
  - build binutils
  - aa-exec is now written in C and lives in /usr/bin/, move it to the
    apparmor_parser package and create a compability symlink in /usr/sbin/
  - aa-exec manpage moved to section 1
  - aa-enabled is a small new tool to find out if AppArmor is enabled
  - package new aa_stack_profile(2) manpage
- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
  This is part of the root partition (at least with default partitioning)
  and should be available earlier than /var/cache/apparmor/
  (boo#1015249, boo#980081, bsc#1016259)
- add dependency on var-lib.mount to apparmor.service as safety net
- update to AppArmor 2.10.2 maintenance release
  - lots of bugfixes and profile updates (including boo#1000201,
    boo#1009964, boo#1014463)
  - see for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
  in aa-unconfined
- drop upstream(ed) patches:
  - changes-since-2.10.1--r3326..3346.diff
  - changes-since-2.10.1--r3347..3353.diff
  - libapparmor-fix-import-path.diff (upstream fix is slightly different)
  - nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
  abstractions/nameservice (path changed in latest nscd in Tumbleweed)
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and
  fixes in the 2.10 branch, including
  - allow writing *.qf files (for disk-based buffering) in syslog-ng profile
  - add several permissions to the dovecot profiles (deb#835826)
  - add a missing path in the traceroute profile
- add changes-since-2.10.1--r3326..3346.diff with upstream changes and
  fixes since the 2.10.1 release, including
  - allow dac_override in winbindd profile (boo#990006#c5)
  - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
    Samba 4.4.x, boo#990006)
  - abstractions/nameservice: also support ConnMan-managed resolv.conf
  - let aa-genprof ask about profiles in extra dir (again)
  - fix aa-logprof "/add hat"/ endless loop (lp#1538306)
  - honor 'chown' file events in
  - ignore log file events with a request mask of 'send' or 'receive'
    because they are actually network events (lp#1577051, lp#1582374)
  - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
- fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
- refresh apparmor-abstractions-no-multiline.diff
- drop upstreamed profiles-ping-inet6-r3449.diff
- add %check section - runs libapparmor (including swig bindings),
  parser and profiles tests
- add BuildRequires: perl(Locale::gettext) - needed for parser tests
- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
- update to AppArmor 2.10.1 (2.10 branch r3326):
  - fix incorrect output of child profile names (apparmor_parser -N) which
    caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
  - fix a crash in aa-logprof / for change_hat log events
    (lp#1523297) and log events that look like file events, but aren't
    (lp#1540562, lp#1525119, lp#1466812)
  - write unix rules when saving a profile (lp#1522938, boo#954104#c3)
  - several fixes for variable handling in aa-logprof
  - map c (create) log events to w instead of a
  - add python to the "/no Px rule"/ list in logprof.conf
  - let aa-logprof check for duplicate profiles
  - let aa-status work without the python module (boo#971917,
  - add permissions in several profiles (including boo#948584, boo#948753,
    boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
  - and many more fixes, see the full changelog at
- drop upstream(ed) patches:
  - fix-initscript-aa_log_end_msg.diff
  - syslog-ng-profile-boo948584.diff
  - upstream-profile-updates-r3205-3241.diff
- refresh patches:
  - apparmor-abstractions-no-multiline.diff
  - apparmor-samba-include-permissions-for-shares.diff
- drop libapparmor call (broke the build) and remove libtool BR
- add syslog-ng-profile-boo948584.diff - add several permissions needed
  by latest syslog-ng (boo#948584, boo#948753)
- add upstream-profile-updates-r3205-3241.diff with several profile updates:
  - add /usr/share/locale-bundle/** to abstractions/base
  - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
  - allow dovecot imap to read /run/dovecot/mounts
  - allow avahi-daemon to write to /run/systemd/notify
  - allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
  - update dhclient profile
  - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
  - and some other small updates
- drop upstreamed apparmor-winbindd-r3213.diff (included in the
  upstream-profile-updates patch)
- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
- add apparmor-winbindd-r3213.diff - add missing k permissions for
  /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)
- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
  output (boo#862170)
- update to AppArmor 2.10 (trunk r3205)
  - profile names can now contain variables
  - improved profile compile time in apparmor_parser
  - lots of improvements, refactoring and bugfixes in the aa-* tools
  - new apis for managing and loading profile caches into the kernel in
  - lots of profile updates
  - see for the
    complete changelog with more details
- add new apparmor_private.h and the aa_query_label(2), aa_features(3),
  aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
  to libapparmor-devel
- drop apparmor-2.5.1-edirectory-profile patch - it's most probably
  no longer needed (see boo#621394 for details)
- drop upstreamed samba-4.2-profiles.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
- systemd-rpm-macros and %systemd_requires were at the wrong place,
  move them to the parser package (boo#931792)
- update to AppArmor 2.9.2 (2.9 branch r2911)
  - lots of bugfixes in the parser and the aa-* tools (including
  - update dovecot and dnsmasq profiles and several abstractions
    (including boo#911001)
  - see for the
    full changelog
- remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
- replace GPG key with new AppArmor GPG signing key, see
- make sure %service_del_postun doesn't call systemctl try-restart
  (boo#853019, bare systemd edition)
- add samba-4.2-profiles.diff: update samba (winbindd and nmb)
  profiles for samba 4.2 (boo#921098, boo#923201)
- only install apparmor.service for openSUSE > 13.2
- Add a native systemd unit which *at the moment* only
  wraps/masks the early boot script.
- add apparmor-fix-stl-ostream.diff which fixes odd uses of
  std::ostream which are not valid.  Fixes build with GCC 5
- allow to run /usr/bin/unzip-plain (boo#906858)
- add Requires: python3 to python3-apparmor package - readline isn't
  part of python3-base (boo#917577)
- add apparmor-changes-since-2.9.1.diff with upstream fixes since the
  2.9.1 release
  - update to support changed syslog format (lp#1399027)
  - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles
  - update the mysqld profile
  - fix network rule description in apparmor.d(5) manpage
- drop upstreamed dnsmasq-profile-fixes.patch
- update expired GPG key
- update to AppArmor 2.9.1 (2.9 branch r2831)
  - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
  - several fixes and performance improvements in the aa-* utils
  - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and
    bnc#908856), useradd, sendmail, man and passwd
  - see
    for full release notes
- refresh dnsmasq-profile-fixes.patch
- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
  argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
  leasehealper script to run even on x86_64.
  dnsmasq-profile-fixes.patch. boo#911001
- rename profile file to to match the
  script filename
- add apparmor-lessopen-profile.patch: /usr/bin/ needs
  confinement. bnc#906858
- delete cache in apparmor-profiles %post (workaround for
  bnc#904620#c8 / lp#1392042)
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- fix bashism in post script
- update to AppArmor 2.9.0 (r2759)
  - change aa-mergeprof to the final commandline syntax
  - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
    bugs without a formal bugreport)
  - small additions to gnome,, ubuntu-browsers.d/java
    and user-mail abstractions
  - fix mod_apparmor to not break basic auth
  - update perl modules to support signal, unix and ptrace rules (bnc#900013)
  - don't warn about rules not supported by the kernel
  - fix logging of "/audit capability"/ (lp#1378091)
  - add support for the "/hat"/ keyword in apparmor.vim
  - build html version of apparmor.vim manpage again (lp#1366572)
  - see also
- update apparmor-abstractions-no-multiline.diff
- remove upstreamed apparmor-profiles-ntpd-pid-location.diff
- added patches
  increase timeout to fix random failure of testsuite [bsc#1151059]
  + apr-test-sendfile-timeout.patch
- Version 1.6.3:
  * apr_file_trunc: Truncating a buffered file could add unexpected
  data after the truncate position. PR 51017.
  * apr_file_trunc: Fix an issue where reading from a buffered file
  after truncate could return stale data from the buffer.
  * apr_ipsubnet_create() now fails for an empty input string.
- fixes [bsc#1092981]
- Add gcc8-integer-overflow.patch to handle an undefined
  behavior (boo#1090085).
- ignore PowerPC transient test failures
- Do not require python for building - its not needed anyways
- We need to obsolete same version of package (bsc#1063305)
- Replace vision statement in %description with feature list.
  Fix RPM groups.
- Drop --with-pic which is only useful for static libs.
- Rename package
- apr 1.6.2
  * apr_allocator: Provide apr_allocator_align()
  * apr_file_io: Add apr_file_pipe_create_pools()
  * Add APR_SO_FREEBIND option for apr_socket_opt_set.
  * apr_skiplist: Add apr_skiplist_addne*()
  * Added Unix domain socket support.
  * See for
    a full list of changes.
- Drop patches from upstream:
  * 0017-Merge-r1733694-r1733708-from-trunk.patch
  * 0018-apr_proc_mutex-unix-backport-r1733775-from-trunk-par.patch
- define READDIR_IS_THREAD_SAFE, because it is. Avoid
  using obsolete and potentially dangerous readdir_r.
- 0017-Merge-r1733694-r1733708-from-trunk.patch and
  Refcount shared mutexes usage to avoid
  destruction while still is use by some processes, this fixes
  apache graceful-restart sometimes leaving processes in
  "/Gracefully finishing"/ state forever.
- apr-proc-mutex-map-anon.patch use MAP_ANON instead of mmap'ing
- Add gpg signature
- remove baselibs.conf that osc rejects now with message:
  ERROR: 'arch' referenced in baselibs.conf is not being built
  ERROR: 'ppc' referenced in baselibs.conf is not being built
  ERROR: 'package' referenced in baselibs.conf is not being built
  ERROR: 'arch' referenced in baselibs.conf is not being built
  ERROR: 'ppc' referenced in baselibs.conf is not being built
  ERROR: 'package' referenced in baselibs.conf is not being built
- apr 1.5.2
  * apr_escape: Correctly calculate the size of the returned string in
  apr_escape_path and set the correct return value in case we actually
  escape the string
  * apr_poll(cb): fix error paths returned values and leaks.
  * apr_skiplist: Optimize the number of allocations by reusing pooled or
  malloc()ed nodes for the lifetime of the skiplist.
  * apr_skiplist: Fix possible multiple-free() on the same value in
  (obsoletes 0007-backport-r1604596-1604598-from-trunk.patch)
  * apr_global_mutex/apr_proc_mutex: Resolve failures with the
  POSIX sem implementation in environments which receive signals.
  (obsoletes 0009-Merge-r1610854-from-trunk.patch)
  * drop already included or no longer needed patches:
- No longer use --enable-allocator-uses-mmap but the default
  which is using malloc, this feature exists to reduce
  fragmentation but this is currently at the expense of:
  * Loosing all malloc sanity checks.
  * mmap and munmap are expensive operations when using
    at lot of threads (like in apache worker,event)
  * It will waste memory, even more on archs that have big
    page sizes.
- If there are fragmentation or performance problems in glibc
  malloc, the library has to be fixed instead.
- apr-use-getrandom.patch: Update, if getrandom blocks, fallback
  to the old codepath, restoring old always non-blocking behaviour
  in practice it blocks only at boottime when the entropy pool
  has not been fully initialized, this delays the startup
  of apache for example.
  * Use SYS_getrandom constant instead of the "/internal"/
- apr-use-getrandom.patch Use the new getrandom() system call
  in apr_generate_random_bytes() if the system call number
  is defined and if the call is sucessful, fallback if otherwise.
- devel package has to require gdbm-devel [jsc#SLE-12211]
- separate dbm_db into own package [jsc#SLE-12211]
- build dbm_gdbm connector
- added patches
  + apr-util-apr_dbm_gdbm-fix-handling-of-error-codes.patch
- fix linking with libpq
- modified patches
  % apr-util-postgresql.patch
- apr-util-postgresql.patch: PostrgeSQL's pg_config is meant for
  linking server extensions, use libpq's pkg-config, if pg_config
  is missing. This fixes build with PostgreSQL 11.
- Add missing zlib-devel build dependency which used to be pulled in
  by libopenssl-devel
- extend apr-util-mariadb-10.2.patch: Fix detection / build with
  MariaDB 10.2. [bsc#1094754]
- Add apr-util-mariadb-10.2.patch: Fix detection / build with
  MariaDB 10.2.
- APR-util 1.6.1
  * apr_crypto: Fix compatibility with LibreSSL. PR 61596.
  * sdbm: better database/page validation to fail cleanly when
    corrupted [bsc#1064990], CVE-2017-12618
- We need to obsolete same version of package (bsc#1063305)
- Replace unusual *.?a match by *.la.
- Fix RPM groups, diversify summaries.
- Rename package to apr-util
- Drop baselib.conf as it does not target any supported
- APR-util 1.6.0
  * Update MySQL build to stop using libmysqlclient_r
  * apr_siphash: Implement keyed hash function SipHash
  * apr_buckets: Add apr_bucket_file_set_buf_size()
  * apr_crypto: avoid excessive iteration in bcrypt hash.
  * apr_xml_to_text: Add style APR_XML_X2T_PARSED.
  * see for
  extra details
- require just posgresql-devel everywhere, it seems to work now
- require postgresql-devel less then 9.4 to fix build on SLE_12
  and SLE_12_SP1
- require postgresql-devel version at least 9.1.0 to fix build for
- fix requires after spec-cleaner
- Clean up with spec-cleaner
- Kill support of sle10 and sle9
- Remove unused configure switches
- add baselibs.conf as cryptsetup also has 32bit variants
- Update description.
- Update to version 0.0+git20171227.670229c:
  * Added ABI version number
  * AVX2/AVX-512F optimizations of BLAMKA
  * Set Argon2 version number from the command line
  * New bindings
  * Minor bug and warning fixes (no security issue)
- use _service file
- ship libargon2.pc (bsc#1034441)
- moved argon2-specs.pdf to doc subpackage
- added packaging of man page
- make sure to call cc with -pthread option (implies -lpthread)
- run test suite
- Initial release
- change login shell for at user from /bin/bash to /bin/false as it
  shouldn't need a valid login shell [jsc#SLE-17611] [bsc#1181576]
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Drop patch at-3.1.8-eal3-manpages.patch merged upstream differently
- Version update to at 3.1.20 to match latest upstream:
  * Pam and selinux implemented upstream
  * various tiny fixes
- Rebase patches:
  * at-3.1.13-documentation-dir.patch
  * at-3.1.13-massive_batch.patch
  * at-3.1.14-joblist.patch
  * at-3.1.14-parse-suse-sysconfig.patch
  * at-3.1.14-usePOSIXtimers.patch
  * at-3.1.14.patch
- Drop no longer needed patches:
  * at-3.1.13-formatbugs.patch
  * at-3.1.13-pam-session-as-root.patch
  * at-3.1.13-pam.patch
  * at-3.1.13-queue-nice-level.patch
  * at-3.1.14-selinux.patch
- add at-3.1.16-handle_malformed_jobs.patch to prevent creation of
  the corrupted files and their looping [bnc#945124]
- loadavg on Linux is a sum over all CPUs, so multiply LOADAVG_MX
  by the amount of CPUs when comparing to loadavg (bnc#889174)
  * added at-adjust_load_to_cpu_count.patch
- Version bump to 3.1.16 to match latest upstream:
  * Fix regression for sec-fix in bash we applied in form of patch
    till now - deleting at-3.1.15-sane-envkeys.patch
- Sync/split features to be patch specific, modifying:
  * at-3.1.13-pam.patch
  * at-3.1.14-parse-suse-sysconfig.patch
  * at-3.1.14-selinux.patch
- Cleanup with spec-cleaner
- Remove systemd conditional (we do not work on sle11 anyway)
- atd.service: run not after
- atd.service: run
- Replace at-sane-envkeys.diff by at-3.1.15-sane-envkeys.patch,
  a simpler fix from upstream [bsc#899160]
- Ad at-spi2-core-async-session-register.patch: make bus-launcher
  session registration more robust (boo#1154582).
- Update to version 2.34.0:
  + Fix a use after free when freeing an event.
  + Clean up handling of the X11 property specifying the bus
  + Update doap.
- Update to version 2.33.92:
  + Now requires meson 0.50.0.
  + License is now LGPL-2.1+.
  + Meson: only link to libdl when it is necessary.
  + Update installation instructions.
  + Clarify atspi_editable_text_insert_text documentation.
  + Do not warn on no reply from pending get_items call.
  + Eliminate some superfluous runtime warnings.
- Require meson >= 0.50.0.
- Set license to LGPL-2.1-or-later.
- Update to version 2.33.90:
  + Refactor the API for the screen reader to notify listeners
    of its status.
  + Add a sender to the AtspiEvent struct.
  + Add missing atspi_application_get_type prototype.
  + Support mutter remote desktop interface for synthesizing
    keyboard/mouse events (likely still needs work).
- Update to version 2.33.2:
  + Check WAYLAND_DISPLAY, rather than XDG_SESSION_TYPE, to avoid X
    connections. Fixes breakage if X is started with startx and
    XDG_SESSION_TYPE is unset.
  + X11: also try mod4 and mod5 to generate keysyms.
  + Check for dbus-daemon in /usr/lib (for Solaris).
- Update to version 2.32.1:
  + Fix meson build for meson 0.50.0 and newer.
- Drop at-spi2-core-meson-build-fix.patch: Fixed upstream.
- Add at-spi2-core-meson-build-fix.patch: fix build for meson
  0.50.0 (glgo#GNOME/at-spi2-core!9).
- Update to version 2.32.0:
  + Stable release version bump.
- Update to version 2.31.92:
  + Fix atspi_table_cell_get_(row_column)_headers.
  + Update documentation to indicate that extents are only
    meaningful when an object has both STATE_VISIBLE and
  + Use a consistent style for the meson options.
  + Fix a compiler warning on BSD.
  + Add ScrollSubstringTo and ScrollSubstringToPoint text
- Enable gtk-docs BuildRequires and update options passed to meson.
- Drop unneeded and unused intltool BuildRequires.
- Update to version 2.31.2:
  + Add ScrollSubstringTo and ScrollSubstringToPoint text
- Update to version 2.31.1:
  + Bus launcher: fix an issue where the error wasn't cleared on
  + Add support for locking/unlocking modifiers.
  + Update error log text for consistency.
  + Documentation clean-ups.
- Drop upstream fixed patches:
  + at-spi2-core-bus-launch-use__linux__.patch.
  + at-spi2-core-generate-pc.patch.
- Update to version 2.30.1:
  + Fix atspi_table_cell_get_(row|column)_header_cells
- Add at-spi2-core-bus-launch-use__linux__.patch: bus-launch:
  use __linux__ over __linux.
- Add at-spi2-core-generate-pc.patch: meson: Generate a pkg-config
- Disable gtk-doc BuildRequires and pass enable_docs=false to
  meson. Temp workaround for buildfail when building docs with
  meson 0.48.
- Update to version 2.30.0:
  + No changes, stable bump only.
- Update to version 2.29.1:
  + Add dbus-broker support to bus launcher.
  + Add ScrollTo and ScrollToPoint component interfaces.
  + Do not use deprecated GSettings API.
  + Fix various compiler warnings and documentation annotations.
- Update to version 2.28.0:
  + Support building a static library (bgo#793652).
  + Fix build on FreeBSD (bgo#791608).
- Update to version 2.27.92:
  + Dropped autotools support.
  + Documentation: Remove list association from
  + Fix a potential buffer overflow in at-spi-bus-launcher
  + Make the build reproducible (bgo#791167).
- Drop at-spi2-core-bgo791124-buffer-overflow.patch and
  at-spi2-core-bgo791167-reproducible-build.patch: fixed upstream.
- Modernize spec-file by calling spec-cleaner
- Add at-spi2-core-bgo791124-buffer-overflow.patch: fix possible
  buffer overflow reading dbus address in at-spi-bus-launcher
  (boo#1073027, bgo#791124).
- Add at-spi2-core-bgo791167-reproducible-build.patch: use
  @basename@ in templates, rather than @filename@; fixes build
  reproducibility and multiarch conflict (bgo#791167).
- Switch to using meson buildsystem:
  + Add meson and gtk-doc BuildRequires.
  + Use meson, meson_build and meson_install macros instead of
    autotools macros.
  + Drop update-desktop-files BuildRequires and stop using
    suse_update_desktop_file macro, no longer needed.
  + Modernize spec, use spec-cleaner.
- Update to version 2.26.2:
  + dist po/ (bgo#789666).
  + Generate correct sonname when building with meson.
- Update to version 2.26.1:
  + Remove unused dependency on libxkbcommon.
  + Various meson build fixes.
  + Updated translations.
- Update package summaries and old RPM macros.
- Update to version 2.26.0:
  + m4/gettext.m4, m4/iconv.m4, m4/lib-ld.m4, m4/lib-link.m4,
    m4/lib-prefix.m4, m4/nls.m4, m4/po.m4 and m4/progtest.m4:
    Upgrade to gettext-
  + (AM_GNU_GETTEXT_VERSION): Bump to 0.19.8.
- Update to version 2.25.92:
  + make xkb optional, as intended.
  + Optionally read the bus adddress from the ATSPI_BUS_ADDRESS
    environment variable (bgo#787126).
- Update to version 2.25.91:
  + Meson build files should now be usable, with the exception of
    the dist target.
- Update to version 2.25.90:
  + Fix a couple of introspection issues (bgo#784481).
  + atspi_get_a11_bus: don't leak the DBusConnection.
  + Meson fixes.
- Update to version 2.25.4:
  + Fix gir generation with autotools (bgo#783994).
- Update to version 2.25.3:
  + Fix -Wmisleading-indentation warnings.
  + Fix memory leak of at-spi-bus-launcher.
  + Add error-message, error-for, details, and details-for relation
  + Poll direct dbus connections in the main loop--fixes processes
    being marked hung and the hung flag never being removed.
  + Add Meson build system.
  + Various build fixes.
- Add pkgconfig(xkbcommon-x11) BuildRequires: new dependency.
- Update to version 2.25.2:
  + Attempt to fix an occasional crash when an application
    disappears (bgo#767074).
  + Add some missing roles to correspond with atk (description
    list, description term, description value, and footnote).
- Update to version 2.25.1:
  + No changes.
- Update to version 2.24.1:
  + atspi_table_cell_get_position: Don't crash on error.
- Update to version 2.24.0:
  + No changes.
- Update to version 2.23.92:
  + Table cell API fixes (bgo#779835).
- Update to version 2.23.90:
  + Fix an occasional crash when an application is closed
- Update to version 2.23.4:
  + Don't pull in X headers if x11 is disabled (bgo#773710).
  + at-spi-bus-launcher: session management fixes (bgo#774441).
  + events: add recently added page changed event (bgo#719898).
  + roles: EXTENDED roles are deprecated (bgo#720123).
- Update to version 2.22.0:
  + at-spi-bus-launcher: Fix uninitialized variable.
  + Fix return value error in session_manager_connect (bgo#768881).
  + Updated translations.
- Update to version 2.21.4:
  + Fixed a crash in atspi_accessible_clear_cache.
  + Fixed a crash caused by at-spi2-registryd dying.
  + Fixed some session management issues in at-spi-bus-launcher.
- Drop at-spi2-core-session-management.patch: Fixed upstream.
- Update to version 2.21.2:
  + Allow building without Xtst, Xi with --disable-x11.
  + ref_accessible_desktop: don't unref reply until we're finished
    with it.
  + Updated translations.
- Update to version 2.21.1:
  + Fix parsing of at-spi-bus-launcher command line arguments
  + Build clean-ups.
- Update at-spi2-core-session-management.patch: fix uninitialized
  variable (bsc#984109).
- Add at-spi2-core-session-management.patch: properly register
  at-spi-bus-launcher with gnome-session (bsc#984109).
- Drop at-spi2-core-devel Obsolete: the devel package have not
  existed since 2009. At the same time, drop rpmlintrc, since it's
  not needed anymore.
- Pkgconfig'ify spec file BuildRequires:
  + Replace/Remove: glib2-devel, gobject-introspection-devel,
  + Add: pkgconfig(gio-2.0), pkgconfig(glib-2.0),
    pkgconfig(gobject-2.0), pkgconfig(gobject-introspection-1.0),
    pkgconfig(x11), pkgconfig(xtst), pkgconfig(xi).
- Update to GNOME 3.20.2  Fate#318572
- Update to version 2.20.2:
  + Fixed an invalid memory access when fetching an accessible.
- Update to GNOME 3.20  Fate#318572
- Drop at-spi2-core-null-event-source.patch: fixed upstream.
- Update to version 2.20.1:
  + registryd: avoid crashing with a NULL keystring (bgo#764688).
  + Plug a memory leak in AtspiEventListener (bgo#764688).
- Update to version 2.20.0:
  + No changes.
- Update to version 2.19.92:
  + Support a stateless configuration by default (bgo#763540).
- Update to version 2.19.91:
  + Don't display warnings when connecting to an app that no longer
- Update to version 2.19.90:
  + Don't display warning if unable to connect when logged in via
    ssh (bgo#761600).
  + at-spi-bus-launcher: register with session manager
- Update to version 2.19.2:
  + Disable xevie by default--it probably doesn't do anything
  + get_index_in_parent: Don't crash if parent is defunct.
  + Don't crash when trying to set an invalid state (bgo#757915).
- Update to version 2.19.1:
  + atspi_hyperlink_get_index_range: don't return random values if
    the call fails (bgo#755727).
  + Fixed some atspi_text_ functions (bgo#755731).
- Update to version 2.18.3:
  + get_index_in_parent: Don't crash if the parent is defunct.
- Update to version 2.18.2:
  + Really don't crash if we get a children-changed event with a
    non-existent child (bgo#755951).
  + Fixed crash during removal of last application in registryd
- Disable xevie when configuring (boo#952011).
- Update to version 2.18.1:
  + Don't crash if we get a children-changed event with a
    non-existent child (bgo#755951).
  + atspi_hyperlink_get_index_range: don't return random values if
    the call fails (bgo#755727).
  + Fixed some atspi_text_ functions (bgo#755731).
- Update to version 2.18.0:
  + Updated translations.
- Update to version 2.17.90:
  + Modified the cache API to specify an object's index and child
    count rather than its children. This eliminates the need for
    the application to enumerate its children, improving
    performance in some places with large lists (bgo#650090).
- Update to version 2.17.1:
  + Functions shouldn't try to return values (bgo#749330).
  + Fix atspi_table_cell_get_position.
- Update to version 2.16.0:
  + Fix GTK-Doc comment blocks.
  + Updated translations.
- Update to version 2.15.90:
  + Deprecate atspi_text_get_text_{before,at,after}_offset()
  + Add roles for fractions, roots, subscripts, and superscripts
- Update to version 2.15.4:
  + Add names to every timeout (bgo#710644).
  + Remove accessibility.conf from EXTRA_DIST (bgo#742987).
  + Add ATSPI_STATE_READONLY (bgo#690004).
- Update to version 2.15.3:
  + Replace deprecated "/Rename to"/ gtk-doc tag.
  + Fix atspi_table_cell_get_column_span prototype.
- Update to version 2.15.2:
  + Make the documentation of ATSPI's STATE_ACTIVE consistent with
    that of ATK's (bgo#740274).
  + Add ATSPI_ROLE_STATIC and update documentation for
    ATSPI_ROLE_TEXT (bgo#740340).
  + gi-annotations: get_relation_set returns a array of
- Update to version 2.15.1:
  + Fix some issues with the accessibility bus configuration
  + Documentation for AtspiTableCell is now built.
- Update to version 2.14.1:
  + Docs: add AtspiTableCell.
- Use %license instead of %doc [bsc#1082318]
- remove man5/attr.5, it is now part of man-pages
- Reduce size of filelist by using wildcards;
  remove %doc (some locations are always %doc),
  remove %attr (files already have proper permissions)
- remove gpg-offline from bootstrap packages
- Update to new upstream release 2.4.47
  * This release fixes two functional bugs related to tree walking
  and the return code from getfattr. Also, a number of build system
  problems were fixed.
- Remove config-guess-sub-update.patch (no longer applies),
  attr-syscalls.patch (resolved differently upstream), (replaced by logic in specfile)
- Signature verification
- Added url as source.
  Please see
- Remove unused autoconf and automake build requires
- Add attr-syscalls.patch:
  Define attr syscall numbers for aarch64
- Add config-guess-sub-update.patch:
  Update confg.guess/sub for aarch64
- update license to new format
- add autoconf as buildrequire to avoid implicit dependency
- Add libattr-devel-static package
- Enable libattr-devel for all baselib arches
- Implement shlib package (libattr1)
- make shared library executable
- upgrade to 2.4.46
  - Fix tests
- upgrade to 2.4.45
  - OPTIONS in man pages should be a section heading, not a subsection heading
  - getfattr: encode NULs properly with --encoding=text
  - setfattr.1: document supported encodings of values
  - convert the man pages into html
  - attr_parse_attr_conf: eliminate a double free
  - attr_parse_attr_conf: eliminate a memory leak
  - quote: pull in string.h for strchr prototype
  - libattr: fix memory leak in attr_copy_action()
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- fixed implicit strchr() call
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.4.44
  - Stop quoting nonprintable characters in the getfattr output
  - More license updates
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- Fix specfile to require libauparse0 and libaudit1 after splitting
  audit-libs (bsc#1172295)
- Update to version 2.6.5:
  * Fix segfault on shutdown
  * Fix hang on startup (#1587995)
  * Add sleep to script to dump state so file is ready when needed
  * Add auparse_normalizer support for SOFTWARE_UPDATE event
  * Mark netlabel events as simple events so that get processed quicker
  * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
  * Add 30-ospp-v42.rules to meet new Common Criteria requirements
  * Update lookup tables for the 4.18 kernel
  * In aureport, fix segfault in file report
  * Add auparse_normalizer support for labeled networking events
  * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
  * Event aging is off by a second
  * In ausearch/auparse, correct event ordering to process oldest first
  * auparse_reset was not clearing everything it should
  * In ausearch/report, lightly parse selinux portion of USER_AVC events
  * In ausearch/report, limit record size when malformed
  * In auditd, fix extract_type function for network originating events
  * In auditd, calculate right size and location for network originating events
  * Treat all network originating events as VER2 so dispatcher doesn't format it
  * In audisp-remote do an initial connection attempt (#1625156)
  * In auditd, allow expression of space left as a percentage (#1650670)
  * On PPC64LE systems, only allow 64 bit rules (#1462178)
  * Make some parts of auditd state report optional based on config
  * Fix ausearch when checkpointing a single file (Burn Alting)
  * Fix scripting in 31-privileged.rules wrt filecap (#1662516)
  * In ausearch, do not checkpt if stdin is input source
  * In libev, remove __cold__ attribute for functions to allow proper hardening
  * Add tests to for openldap support
  * Make systemd support files use /run rather than /var/run (Christian Hesse)
  * Fix minor memory leak in auditd kerberos credentials code
  * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
  * In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Remote zos building is now a configurable option.
  It should be disabled in audit (and left enabled in audit-secondary).
- Make use of some %make_install.
- Update to version 2.8.4:
  * Generate checkpoint file even when not results are returned
    (Burn Alting).
  * Fix log file creation when file logging is disabled entirely
    (Vlad Glagolev).
  * Use SIGCONT to dump auditd internal state (rh#1504251).
  * Fix parsing of virtual timestamp fields in ausearch_expression
  * Fix parsing of uid & success for ausearch.
  * Hide lru symbols in auparse.
  * Fix aureport summary time range reporting.
  * Allow unlimited retries on startup for remote logging.
  * Add queue_depth to remote logging stats and increase default
    queue_depth size.
- Update to version 2.8.3:
  * Correct msg function name in lru debug code.
  * Fix a segfault in auditd when dns resolution isn't available.
  * Make a reload legacy service for auditd.
  * In auparse python bindings, expose some new types that were
  * In normalizer, pickup subject kind for user_login events.
  * Fix interpretation of unknown ioctcmds (rh#1540507).
  * In auparse_normalize for USER_LOGIN events, map acct for
  * Fix logging of IPv6 addresses in DAEMON_ACCEPT events
  * Do not rotate auditd logs when num_logs < 2 (brozs).
- Update header in audit-python3.patch
- Update patch guidelines in README-BEFORE-ADDING-PATCHES
- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname
- Update to version 2.8.1 release (includes 2.8 and 2.7.8 changes)
  * many features added to auparse_normalize
  * cli option added to auditd and audispd for setting config dir
  * in auditd, restore the umask after creating a log file
  * option added to auditd for skipping email verification
-  Full changelog:
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7 release
- Create folder for the m4 file from previous commit to avoid install
- Version update to 2.5 release
- Refresh two patches and README to contain SUSE and not SuSE
  * audit-allow-manual-stop.patch
  * audit-plugins-path.patch
- Cleanup with spec-cleaner and do not use subshells but rather use
  - C parameter of make
- Install m4 file to the devel package
- Do not depend on insserv nor fillup; the package provides
  neither sysconfig nor sysvinit files
- Update to version 2.4.4 (bsc#941922, CVE-2015-5186)
- Remove patch 'audit-no_m4_dir.patch'
  (added Fri Apr 26 11:14:39 UTC 2013 by
  No idea what earlier 'automake' build error this was trying to fix but
  it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
  occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- Require pkgconfig for build
  Changelog 2.4.4
  - Fix linked list correctness in ausearch/report
  - Add more cross compile fixups (Clayton Shotwell)
  - Update auparse python bindings
  - Update libev to 4.20
  - Fix CVE-2015-5186 Audit: log terminal emulator escape sequences handling
  Changelog 2.4.3
  - Add python3 support for libaudit
  - Cleanup automake warnings
  - Add AuParser_search_add_timestamp_item_ex to python bindings
  - Add AuParser_get_type_name to python bindings
  - Correct processing of obj_gid in auditctl (Aleksander Zdyb)
  - Make plugin config file parsing more robust for long lines (#1235457)
  - Make auditctl status print lost field as unsigned number
  - Add interpretation mode for auditctl -s
  - Add python3 support to auparse library
  - Make --enable-zos-remote a build time configuration option (Clayton Shotwell)
  - Updates for cross compiling (Clayton Shotwell)
  - Add MAC_CHECK audit event type
  - Add libauparse pkgconfig file (Aleksander Zdyb)
  Changelog 2.4.2
  - Ausearch should parse exe field in SECCOMP events
  - Improve output for short mode interpretations in auparse
  - If auditctl is reading rules from a file, send messages to syslog (#1144252)
  - Correct lookup of ppc64le when determining machine type
  - Increase time buffer for wide character numbers in ausearch/report (#1200314)
  - In aureport, add USER_TTY events to tty report
  - In audispd, limit reporting of queue full messages (#1203810)
  - In auditctl, don't segfault when invalid options passed (#1206516)
  - In autrace, remove some older unimplemented syscalls for aarch64 (#1185892)
  - In auditctl, correct lookup of aarch64 in arch field (#1186313)
  - Update lookup tables for 4.1 kernel
- Update to version 2.4.1
  Changelog 2.4.1
  - Make python3 support easier
  - Add support for ppc64le (Tony Jones)
  - Add some translations for a1 of ioctl system calls
  - Add command & virtualization reports to aureport
  - Update aureport config report for new events
  - Add account modification summary report to aureport
  - Add GRP_MGMT and GRP_CHAUTHTOK event types
  - Correct aureport account change reports
  - Add integrity event report to aureport
  - Add config change summary report to aureport
  - Adjust some syslogging level settings in audispd
  - Improve parsing performance in everything
  - When ausearch outputs a line, use the previously parsed values (Burn Alting)
  - Improve searching and interpreting groups in events
  - Fully interpret the proctitle field in auparse
  - Correct libaudit and auditctl support for kernel features
  - Add support for backlog_time_wait setting via auditctl
  - Update syscall tables for the 3.18 kernel
  - Ignore DNS failure for email validation in auditd (#1138674)
  - Allow rotate as action for space_left and disk_full in auditd.conf
  - Correct login summary report of aureport
  - Auditctl syscalls can be comma separated list now
  - Update rules for new subsystems and capabilities
- Drop patch audit-add-ppc64le-mach-support.patch (already upstream)
- Do not explicitly provide group(audit) in system-users-audit:
  this is automatically handled by rpm/providers.
- Create new "/audit"/ group for read access to logs (bsc#1178154)
  * add change-default-log_group.patch
  * update audit-secondary.spec
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- prepare usrmerge (boo#1029961)
- Update to version 2.6.5:
  * Fix segfault on shutdown
  * Fix hang on startup (#1587995)
  * Add sleep to script to dump state so file is ready when needed
  * Add auparse_normalizer support for SOFTWARE_UPDATE event
  * Mark netlabel events as simple events so that get processed quicker
  * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
  * Add 30-ospp-v42.rules to meet new Common Criteria requirements
  * Update lookup tables for the 4.18 kernel
  * In aureport, fix segfault in file report
  * Add auparse_normalizer support for labeled networking events
  * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
  * Event aging is off by a second
  * In ausearch/auparse, correct event ordering to process oldest first
  * auparse_reset was not clearing everything it should
  * In ausearch/report, lightly parse selinux portion of USER_AVC events
  * In ausearch/report, limit record size when malformed
  * In auditd, fix extract_type function for network originating events
  * In auditd, calculate right size and location for network originating events
  * Treat all network originating events as VER2 so dispatcher doesn't format it
  * In audisp-remote do an initial connection attempt (#1625156)
  * In auditd, allow expression of space left as a percentage (#1650670)
  * On PPC64LE systems, only allow 64 bit rules (#1462178)
  * Make some parts of auditd state report optional based on config
  * Fix ausearch when checkpointing a single file (Burn Alting)
  * Fix scripting in 31-privileged.rules wrt filecap (#1662516)
  * In ausearch, do not checkpt if stdin is input source
  * In libev, remove __cold__ attribute for functions to allow proper hardening
  * Add tests to for openldap support
  * Make systemd support files use /run rather than /var/run (Christian Hesse)
  * Fix minor memory leak in auditd kerberos credentials code
  * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
  * In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Fix build errors when using gcc-10 no-common default (bsc#1160384)
  New patch: audit-fno-common.patch
- Refresh audit-allow-manual-stop.patch
- Reduce scriptlets' hard dependency on systemd.
- Update to version 2.8.4:
  * Generate checkpoint file even when not results are returned
    (Burn Alting).
  * Fix log file creation when file logging is disabled entirely
    (Vlad Glagolev).
  * Use SIGCONT to dump auditd internal state (rh#1504251).
  * Fix parsing of virtual timestamp fields in ausearch_expression
  * Fix parsing of uid & success for ausearch.
  * Hide lru symbols in auparse.
  * Fix aureport summary time range reporting.
  * Allow unlimited retries on startup for remote logging.
  * Add queue_depth to remote logging stats and increase default
    queue_depth size.
- Update to version 2.8.3:
  * Correct msg function name in lru debug code.
  * Fix a segfault in auditd when dns resolution isn't available.
  * Make a reload legacy service for auditd.
  * In auparse python bindings, expose some new types that were
  * In normalizer, pickup subject kind for user_login events.
  * Fix interpretation of unknown ioctcmds (rh#1540507).
  * In auparse_normalize for USER_LOGIN events, map acct for
  * Fix logging of IPv6 addresses in DAEMON_ACCEPT events
  * Do not rotate auditd logs when num_logs < 2 (brozs).
- Use %license instead of %doc [bsc#1082318]
- Change openldap dependency to client only (bsc#1085003)
- Resolve issue with previous change if both Python2 and Python3 are
  present, tests were failing as python2 bindings are preferred in this
- reverted -j1 force ppc specific only
- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname
- force -j1 for PowerPC make check to avoid build failure
  (lookup_test.o: file not recognized: File truncated)
- Add conditions around python plugins to allow us to conditionalize
  them in enviroment without python2
- Rename python binding packages to match current python packaging
- Update python build dependencies to resolve future split of
- Update to version 2.8.1. See audit.spec (libaudit1) for upstream
- Remove audit-implicit-writev.patch (fixed upstream across 2
  * 3b30db20ad983274989ce9a522120c3c225436b3
  * 07132c22314e9abbe64d1031fd8734243285bb3f
- Cleanup with spec-cleaner
- Add audit-implicit-writev.patch: include sys/uio.h to ensure
  readv and writev are declared.
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7. See audit.spec (libaudit1) for upstream
  Since commit 6cf57d27 (2.7.4) audit is now started as an non-forking
  service (bsc#1042781).
  Add config: audit-stop.rules
  Refresh patch: audit-allow-manual-stop.patch
  Refresh patch: audit-no-gss.patch
- Version update to 2.5. See audit.spec (libaudit1) for upstream
- Cleanup with spec-cleaner
- Sort out bit /sbin /usr/sbin/ installation
- Install the rules as documentation
- Remove needless %py_requires from python subpkgs
- Update to version 2.4.4. See audit.spec (libaudit1) for upstream
- Add python3 bindings for libaudit and libauparse
- Remove patch 'audit-no_m4_dir.patch'
  (added Fri Apr 26 11:14:39 UTC 2013 by
  No idea what earlier 'automake' build error this was trying to fix but
  it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
  occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- update to 1.10.1:
  General changes/additions
    New CLI utility 'augmatch' to print the tree for a file and select
    some of its contents
    New command 'count' in augtool
    New function 'not(bool) -> bool' for path expressions
    The path expression 'label[. = "/value"/]' can now be written more
    concisely as 'label["/value"/]'
  API changes
    libfa has now a function fa_json to export an FA as a JSON file, and
    fa_state_* functions that make it possible to iterate over the FA's
    states and transitions. (Pedro Valero Mejia)
    Add functions aug_ns_label, aug_ns_value, aug_ns_count, and
    aug_ns_path to get the label (with index), the value, the number of
    nodes, and the fully qualified path for nodes stored in a nodeset in
    a variable efficiently
  Lens changes/additions
    Grubenv: new lens to process /boot/grub/grubenv (omgold)
    Httpd: also read files from /etc/httpd/conf.modules.d/*.conf
    (Tomas Meszaros) (Issue #537)
    Nsswitch: allow comments at the end of a line (Philip Hahn) (Issue #517)
    Ntp: accept 'ntpsigndsocket' statement (Philip Hahn) (Issue #516)
    Properties: accept empty comments with DOS line endings (Issue #161)
    Rancid: new lens for RANCiD router databases (Matt Dainty)
    Resolv: accept empty comments with DOS line endings (Issue #161)
    Systemd: also process /etc/systemd/logind.conf (Pat Riehecky)
    YAML: process a document that is just a sequence (John Vandenberg)
- drop chrpath dependency, the offending dump binary is no longer shipped
- Use %license (boo#1082318)
- Version update to 1.9.0:
  - General changes/additions
  * Fix error in handling escaped whitespace at the end of path expressions
    (addresses CVE-2017-7555)
  * several improvements to the error messages when transforming a tree
    back to text fails. They now make it clearer what part of the tree
    was problematic, and what the tree should have looked like.
  * Fixed the pkg-config file, which should now be usable
  * Fix handling of backslash-escaping in strings and regular expressions
    in the lens language. We used to handle constructs like "//"/ and
    //// incorrectly. (Issue #495)
  * do not unescape the default value of a del on create; otherwise we are
    double unescaping these strings (Issue #507)
  * remove tempfile when saving files because destination is not writable
    (Issue #479)
  * span information is now updated on save (Issue #467)
  * fix lots of warnings generated by gcc 7.1
  * Various changes to reduce bashisms in tests and make them run on
    FreeBSD (Romain Tartière)
  - API changes
  * add function aug_ns_attr to allow iterating through a nodeset
    quickly. See examples/dump.c for an example of how to use them
    instead of aug_get, aug_label etc. and for a way to measure
    performance gains.
  - Lens changes/additions
  * Ceph: new lens for /etc/ceph/ceph.conf
  * Cgconfig: accept fperm & dperm in admin & task (Pino Toscano)
  * Dovecot: also load files from /usr/local/etc (Roy Hubbard)
  * Exports: relax the rules for the path at the beginning of a line so
    that double-quoted paths are legal, too
  * Getcap: new lens to parse generic termcap-style capability databases
  * Grub: accept toplevel 'boot' entry (Pino Toscano)
  * Httpd: handle empty comments with a continuation line (Issue #423);
    handle '>"/"/' in a directive properly (Issue #429); make space between
    quoted arguments optional (Issue #435); accept quoted strings as part
    of bare arguments (Issue #470)
  * Nginx: load files from sites-available directory (Omer Katz) (Issue #471)
  * Nslcd: new lens for nss-pam-ldapd config (Jose Plana)
  * Oz: New lense for /etc/oz/oz.cnf
  * postfix lenses: also load files from /usr/local/etc (Roy Hubbard)
  * Properties: accept DOS line endings (Issue #468)
  * Rtadvd: new lens to parse the rtadvd configuration file (Matt Dainty)
  * Rsyslog: load files from /etc/rsyslog.d (Doug Wilson) (Issue #475);
    allow spaces before the # starting a comment; allow comments inside
    config statements like 'module'
  * Ssh: accept '=' to separate keyword from arguments
  * Sshd: split HostKeyAlgorithms into list of values; recognize quoted
    group names with spaces in them (Issue #477)
  * Sudoers: recognize "/match_group_by_gid"/ (Luigi Toscano) (Issue #482)
  * Syslog: allow spaces before the # starting a comment
  * Termcap: new lens to parse termcap capability databases (Matt Dainty)
  * Vsftpd: accept seccomp_sandbox (Denys Stroebel)
  * Xymon: accept 'group-sorted' directive (Issue #462)
- Version update to 1.8.0:
  * See the News file for all the details
- Verified it contains fixes for bsc#933210 bsc#975729 bsc#925225
  bsc#1023204 CVE-2014-8119
- Version update to 1.6.0:
  * See the NEWS file for the details
- Update to version 1.5.0:
  - General changes/additions
  * augtool: new --timing option that prints after each operation how long
    it took
  * augtool: print brief help message when incorrect options are given rather
    than dumping all help text
  * Path expressions: optimize performance of evaluating certain
  * lots of safety improvements in libfa to avoid using uninitialized
    values and the like (Daniel Trebbien)
  * tolerate building against OSX' libedit (Issue #256)
  - API changes
  * aug_match: fix a bug where expressions like /foo/*[2] would match a
    hidden node and pretend there was no match at all. We now make sure
    we never match a hidden node. Thanks to Xavier Mol for reporting the
  * aug_get: make sure we set *value to NULL, even if the provided path is
    invalid (Issue #372)
  * aug_rm: fix segfault when deleting a tree and one of its ancestors
    (Issue #319)
  * aug_save: fix segfault when trying to save an invalid subtree. A
    routine that was generating details for the error message overflowed
    a buffer it had created (Issue #349)
  - Lens changes/additions
  * AptConf: support hash comments
  * AptSources: support options (Issue #295),
    support brackets with spaces in URI (GH #296)
    rename test file to test_aptsources.aug
  * Chrony: allow signed numbers and indentation, fix stray EOL entry,
    disallow comment on EOL, add many missing directives and
    options (Miroslav Lichvar, RHBZ#1213281)
    add new directives and options that were added in
    chrony-2.2 and chrony-2.3 and improve parsing of
    access configuration (Miroslav Lichvar, Issue #348)
    add new options for chrony-2.4 (Miroslav Lichvar)
  * Dhclient: avoid put ambiguity for node without value (Issue #294)
  * Group: support NIS map, support an overridden and disabled password,
    i.e. `+:*::` (Matt Dainty) (Issue #258)
  * Host_Conf: support spaces between list items (Cedric Bosdonnat, Issue #358)
  * Httpd: add paths to SLES vhosts
    (Jan Doleschal) (Issue #268)
    parse backslashes in directive arguments (Issue #307)
    parse mismatching case of opening/closing tags
    parse multiple ending section tags on one line
    parse wordlists in braces in SSLRequire directives
    parse directive args starting with double quote (Issue #330)
    parse directive args containing quotes
    support perl directives (Issue #327)
    parse line breaks/continuations in section arguments
    parse escaped spaces in directive/section arguments
    parse backslashes at the start of directive args (Issue #324)
  * Inputrc: support $else (Cedric Bosdonnat, Issue #359)
  * Interfaces: add support for source-directory (Issue #306)
  * Json: add comments support, refactor,
    allow escaped quotes and blackslashes
  * Keepalived: fix space/tag alignments and hanging spaces,
    add vrrp_mcast_group4 and vrrp_mcast_group6,
    add more vrrp_instance flags,
    add mcast/unicast_src_ip and unicast_peer,
    add missing garp options,
    add vrrp_script options,
    expand vrrp_sync_group block,
    allow notify option
    (Joe Topjian) (Issue #266)
  * Known_Hosts: refactoring and description fixed
  * Logrotate: support dateyesterday option (Chris Reeves) (GH #367, #368)
  * MasterPasswd: new lens to parse /etc/master.passwd
    (Matt Dainty) (Issue #258)
  * Multipath: add various missing keywoards (Olivier Mangold) (Issue #289)
  * MySQL: include /etc/my.cnf.d/*.cnf (Issue #353)
  * Nginx: improve typechecking of lens,
    allow masks in IP keys and IPv6 (Issue #260)
    add @server simple nodes (Issue #335)
  * Ntp: add support for basic interface syntax
  * OpenShift_Quickstarts: Use Json.lns
  * OpenVPN: add all options available in OpenVPN 2.3o
    (Justin Akers) (Issue #278)
  * Puppetfile: name separator is not mandatory
    add support for moduledir (Christoph Maser)
  * Rabbitmq: remove space in option name,
    add support for cluster_partitioning_handling,
    add missing simple options (Joe Topjian) (Issue #264)
  * Reprepro_Uploaders: add support for distribution field
    (Mathieu Alorent) (Issue #277),
    add support for groups (Issue #283)
  * Rhsm: new lens to parse subscription-manager's /etc/rhsm/rhsm.conf
  * Rsyslog: improve property filter parsing,
    treat whitespace after commas as optional.
    recognize '~' as a valid syslog action (discard)
    (Gregory Smith) (Issue #282),
    add support for redirecting output to named pipes
    (Gerlof Fokkema) (Issue #366)
  * Shellvars: allow partial quoting, mixing multiple styles
    (Kaarle Ritvanen) (Issue #183);
    allow wrapping builtin argument to multiple lines
    (Kaarle Ritvanen) (Issue #184);
    support ;; on same line with multiple commands
    (Kaarle Ritvanen) (Issue #185);
    allow line wrapping and improve quoting support
    (Kaarle Ritvanen) (Issue #187);
    accept [] and [[]] builtins (Issue #188);
    allow && and || constructs after condition
    (Kaarle Ritvanen) (Issue #265);
    add pattern nodes in case entries
    (BREAKING CHANGE: case entry values are now in a
    @pattern subnode) (Kaarle Ritvanen) (Issue #265)
    add eval builtin support;
    add alias builtin support;
    allow (almost) any command;
    allow && and || after commands (Issue #215);
    allow wrapping command sequences
    (Kaarle Ritvanen) (Issue #333);
    allow command-specific environment variable
    (Kaarle Ritvanen) (Issue #332);
    support subshells (Issue #339)
    newlines in start of functions
    allow newlines after actions
    support comments after function name (Issue #339)
    exclude SuSEfirewall2 (Cedric Bosdonnat, Issue #357)
  * Simplelines: parse OpenBSD's hostname.if(5)
    files (Jasper Lievisse Adriaanse) (Issue #252)
  * Smbusers: add support for ; comments
  * Spacevars: support flags (Issue #279)
  * Ssh: add support for HostKeyAlgorithms, KexAlgorithms
    and PubkeyAcceptedKeyTypes (Oliver Mangold) (Issue #290),
    add support for GlobalKnownHostsFile (Issue #316)
  * Star: New lens to parse /etc/default/star
  * Sudoers: support for negated command alias
    (Geoff Williams) (Issue #262)
  * Syslog: recognize '~' as a valid syslog action (discard)
    (Gregory Smith) (Issue #282)
  * Tmpfiles: new lens to parse systemd's tempfiles.d configuration
    files (Julien Pivotto) (Issue #269)
  * Trapperkeeper: new lens for Puppet server configuration files
  * Util: add comment_c_style_or_hash lens
    add empty_any lens
  * Vsftpd: add isolate and isolate_network options
    (Florian Chazal) (Issue #334)
  * Xml: allow empty document (Issue #255)
  * YAML: new lens (subset) (Dimitar Dimitrov) (Issue #338)
- Drop upstreamed patches:
- Fix errors showing up in guestfs tools.
  Add upstreamed patches:
- Version bump to 1.4.0:
  * Loads of bugfixes all around the package
  * Read up NEWS file for the detailed changes
- Whitespace
- restore keyring and .sig file, as this is checked by the OBS
  source service
- Update  to version 1.3.0
  + General changes/additions
  * Add missing cp entry in manpage (GH issue #78)
  * Add seq to vim syntax highlight (Robert Drake)
  * Update augtool.1 man page with new commands and --span, RHBZ#1100077
  * augtool autocomplete includes command aliases, RHBZ#1100184
  * Remove unused "/filename"/ argument from dump-xml command, RHBZ#1100106
  * aug_save returns non-zero result when unable to delete files,
  + Lens changes/additions
  * Aliases: permit missing whitespace between colon and recipients
  * AptPreferences: Support spaces in origin fields
  * Cgconfig: handle additional valid controllers (Andy Grimm)
  * Chrony: New lens to parse /etc/chrony.conf (Pat Riehecky)
  * CPanel: New lens to parse cpanel.config files
  * Desktop: Allow @ in keys (GH issue #92)
  * Device_map: Parse all files under /boot (Mike Latimer)
  * Dhclient: Add support for option modifiers (Robert Drake,
    GH issue #95)
    Parse hash statements with dhcp-eval strings
  * Dhcpd: stmt_string quoted blocks no longer store quote marks
    (incompatible change),
    many changes to support more record types (Robert Drake)
  * Group: NIS support (KaMichael)
  * Grub: handle "/foreground"/ option, RHBZ#1059383 (Miguel Armas)
  * Gshadow: New lens (Lorenzo Catucci)
  * Httpd: Allow eol comments after section tags
    Allow continued lines inside quoted value (GH issue #104)
    Allow comparison operators in tags (GH issue #154)
  * IPRoute2: handle "//"/ in protocol name, swap ID and name fields
    (incompatible change), RHBZ#1063968,
    handle hex IDs and hyphens, as present in
    rt_dsfield, RHBZ#1063961
  * Iptables: parse /etc/sysconfig/, RHBZ#1144651
  * Kdump: parse new options, permit EOL comments, refactor, RHBZ#1139298
  * Keepalived: Add more virtual/real server settings and checks, RHBZ#1064388
  * Known_Hosts: New lens for SSH known hosts files
  * Krb5: permit braces in values when not in sub-section, RHBZ#1066419
  * Ldso: handle "/hwcap"/ lines (GH issue #100)
  * Lvm: support negative numbers, parse /etc/lvm/lvm.conf (Pino Toscano)
  * Multipath: add support for rr_min_io_rq (Joel Loudermilk)
  * NagiosConfig and NagiosObjects: Fix documentation (Simon Sehier)
  * NetworkManager: Use the Quote module, support # in values (no eol comments)
  * OpenVPN: Add support for fragment, mssfix, and script-security
    (Frank Grötzner)
  * Pagekite: New lens (Michael Pimmer)
  * Pam: Add partial support for arguments enclosed in [] (Vincent Brillault)
  * Passwd: Refactor lens (Lorenzo Catucci)
  * Redis: Allow empty quoted values (GH issue #115)
  * Rmt: New lens to parse /etc/default/rmt, RHBZ#1100549
  * Rsyslog: support complex $template lines, property filters and file
    actions with templates, RHBZ#1083016
  * Services: permit colons in service name, RHBZ#1121263
  * Shadow: New lens (Lorenzo Catucci)
  * Shellvars: Handle case statements with same-line ';;', RHBZ#1033799
    Allow any kind of quoted values in block
    conditions (GH issue #118)
    Support $(( .. )) arithmetic expansion in variable
    assignment, RHBZ#1100550
  * Simplevars: Support flags and empty values
  * Sshd: Allow all types of entries in Match groups (GH issue #75)
  * Sssd: Allow ; for comments
  * Squid: Support configuration files for squid 3 (Mykola Nikishov)
  * Sudoers: Allow wuoted string in default str/bool params (Nick Piacentine)
  * Syslog: Support "/# !"/ style comments (Robert Drake, GH issue #65)
    Permit IPv6 loghost addresses, RHBZ#1129388
  * Systemd: Allow quoted Environment key=value pairs, RHBZ#1100547
    Parse /etc/sysconfig/*.systemd, RHBZ#1083022
    Parse semicolons inside entry values, RHBZ#1139498
  * Tuned: New lens for /etc/tuned/tuned-main.conf (Pat Riehecky)
  * UpdateDB: New lens to parse /etc/updatedb.conf
    (incompatible change as this file used to be processed with
  * Xml: Allow backslash in #attribute values (GH issue #145)
    Parse CDATA elements (GH issue #80)
  * Xymon_Alerting: refactor lens (GH issue #89)
- Remove the sig and the keyring file as there is no gpg verification
- Remove augeas-device_map-grub2.patch, fixed on upstream release
- Change desc to describe the "/tools"/ not just the library
- Enable tests but "/pass"/ them even with 2 failures.
- Add check phase, comment out as 2 test fails now.
- Clean up with spec-cleaner
- Version bump to 1.2.0:
  - API changes
  * Add aug_cp and the cp and copy commands
  * aug_to_xml now includes span information in the XML dump
  - General changes/additions
  * Fix documentation link in c_api NaturalDocs menu
  * Fix NaturalDocs documentation for various lenses
  * src/transform.c (filter_matches): wrap fnmatch to ensure that an incl
    pattern containing "///"/ matches file paths, RHBZ#1031084
  * Correct locations table for transform_save() (Tomas Hoger)
  * Corrections for CVE-2012-0786 tests (Tomas Hoger)
  * Fix umask handling when creating new files, RHBZ#1034261
  - Lens changes/additions
  * Access: support DOMAINuser syntax for users and groups, bug #353
  * Authorized_Keys: Allow 'ssh-ed25519' as a valid authorized_key
    type (Jasper Lievisse Adriaanse)
  * Automounter: Handle hostnames with dashes in them, GH issue #27
  * Build: Add combinatorics group
  * Cyrus_Imapd: Create new entries without space before separator,
    RHBZ#1014974 (Dietmar Kling)
  * Desktop: Support square brackets in keys
  * Dhclient: Add dhclient.conf path for Debian/Ubuntu (Esteve Fernandez)
  * Dhcpd: Support conditionals, GH issue #34
    Support a wider variety of allow/deny statement, including
    booting and bootp (Yanis Guenane)
    Support a wider variety of DHCP allow/deny/ignore statements
    (Yanis Guenane)
  * Dovecot: Various enhancements and bug fixes (Michael Haslgrübler):
    add mailbox to block_names, fix for block_args in quotes,
    fix for block's brackets upon write,
    fixes broken tests for mailbox,
    fixes indention,
    test case for block_args with "/,
    fixes broken indention
    Use Quote module
  * Exports: Permit colons for IPv6 client addresses, bug #366
  * Grub: Support the 'setkey' and 'lock' directives
    NFC fix whitespace errors
    Handle makeactive menu command, bug #340
    Add 'verbose' option, GH issue #73
  * Interfaces: Add in support for the source stanza in
    /etc/network/interfaces files
    Map bond-slaves and bridge-ports to arrays (incompatible
    change) (Kaarle Ritvanen)
    Add /etc/network/interfaces.d/* support
    Allow numeric characters in stanza options (Pascal Lalonde)
  * Koji: New lens to parse Koji configs (Pat Riehecky)
  * MongoDBServer: Accept quoted values (Tomas Klouda)
  * NagiosCfg: Do not try to parse /etc/nagios/nrpe.cfg anymore, GH issue #43
    /etc/nagios/nrpe.cfg is parsed by Nrpe (Yanis Guenane)
  * Nagiosobjects: Add support for optional spaces and indents
    and whole-line comments (Sean Millichamp)
  * OpenVPN: Support daemon, client-config-dir, route, and management
    directives (Freakin
  * PHP: allow php-fpm syntax in keys, GH issue #35
  * Postfix_Main: Handle stray whitespace at end of multiline lines, bug #348
  * Postfix_virtual: allow '+' and '=' in email addresses (Tom Hendrikx)
  * Properties: support multiline starting with an empty string, GH issue #19
  * Samba: Permit asterisk in key name, bug #354
  * Shellvars: Read /etc/firewalld/firewalld.conf, bug #363
    Support all types of quoted strings in arrays, bug #357
    Exclude /etc/sysconfig/ip* files
  * Shellvars, Sysconfig: map "/bare"/ export and unset lines to seq numbered
    nodes to handle multiple variables (incompatible change), RHBZ#1033795
  * Shellvars_list: Handle backtick variable assignments, bug #368
    Allow end-of-line comments, bug #342
  * Simplevars: Add /etc/selinux/semanage.conf
  * Slapd: use smart quotes for database entries; rename by/what to by/access;
    allow access to be absent as per official docs (incompatible change)
  * Sshd: Indent Match entries by 2 spaces by default
    Support Ciphers and KexAlgorithms groups, GH issue #69
    Let all special keys be case-insensitive
  * Sudoers: Permit underscores in group names, bug #370 (Matteo Cerutti)
    Allow uppercase characters in user names, bug #376
  * Sysconfig: Permit empty comments after comment lines, RHBZ#1043636
  * Sysconfig_Route: New lens for RedHat's route configs
  * Syslog: Accept UDP(@) and TCP(@@) protocol, bug #364 (Yanis Guenane)
  * Xymon_Alerting: New lens for Xymon alerting files (François Maillard)
  * Yum: Add yum-cron*.conf files (Pat Riehecky)
    Include only *.repo files from yum.repos.d (Andrew N Golovkov)
    Permit spaces after equals sign in list options, GH issue #45
    Split excludes as lists, bug #275
- device_map lense: Find in any dir beneath /boot (bnc#875086)
- download url changed, also added keyring and .sig ring
- Update to version 1.1.0
  - Handle files with special characters in their name, bug #343
  - Fix type error in composition ('f; g') of functions, bug #328
  - Improve detection of version script; make build work on Illumos with
    GBU ld (Igor Pashev)
  - augparse: add --trace option to print filenames of all modules being
  - Various lens documentation improvements (Jasper Lievisse Adriaanse)
  - Lens changes/additions
  - ActiveMQ_*: new lens for ActiveMQ/JBoss A-MQ (Brian Harrington)
  - AptCacherNGSecurity: new lens for /etc/apt-cacher-ng/security.conf
    (Erik Anderson)
  - Automaster: accept spaces between options
  - BBHosts: support more flags and downtime feature (Mathieu Alorent)
  - Bootconf: new lens for OpenBSD's /etc/boot.conf (Jasper Adriaanse)
  - Desktop: Support dos eol
  - Dhclient: read /etc/dhclient.conf used in OpenBSD (Jasper Adriaanse)
  - Dovecot: New lens for dovecot configurations (Serge Smetana)
  - Fai_Diskconfig: Optimize some regexps
  - Fonts: exclude all README files (Jasper Adriaanse)
  - Inetd: support IPv6 addresses, bug #320
  - IniFile: Add lns_loose and lns_loose_multiline definitions
    Support smart quotes
    Warning: Smart quotes support means users should not add
    escaped double quotes themselves. Tests need to be fixed
    Use standard Util.comment_generic and Util.empty_generic
    Warning: Existing lens tests must be adapted to use standard
    comments and empty lines
    Allow spaces in entry_multiline* values
    Add entry_generic and entry_multiline_generic
    Add empty_generic and empty_noindent
    Let multiline values begin with a single newline
    Support dos eol
    Warning: Support for dos eol means existing lenses usually
    need to be adapted to exclude r as well as n.
  - IPRoute2: Support for iproute2 files (Davide Guerri)
  - JaaS: lens for the Java Authentication and Authorization Service
    (Simon Vocella)
  - JettyRealm: new lens for (Brian Harrington)
  - JMXAccess, JMXPassword: new lenses for ActiveMQ's JMX files
    (Brian Harrington)
  - Krb5: Use standard comments and empty lines
    Support dos eol
    Improve performance
    Accept pkinit_anchors (Andrew Anderson)
  - Lightdm: Use standard comments and empty lines
  - LVM: New lens for LVM metadata (Gabriel)
  - Mdadm_conf: optimize some regexps
  - MongoDBServer: new lens (Brian Harrington)
  - Monit: also load /etc/monitrc (Jasper Adriaanse)
  - MySQL: Use standard comments and empty lines
    Support dos eol
  - NagiosCfg: handle Icinga and resources.cfg (Jasper Adriaanse)
  - Nrpe: accept any config option rather than predefined list (Gonzalo
    Servat); optimize some regexps
  - Ntpd: new lense for OpenNTPD config (Jasper Adriaanse)
  - Odbc: Use standard comments and empty lines
  - Openshift_*: new lenses for Openshift support (Brian Harrington)
  - Quote: allow multiple spaces in quote_spaces; improve docs
  - Passwd: allow period in user names in spec, bug #337; allow overrides
    in nisentry
  - PHP: Support smart quotes
    Use standard comments and empty lines
    Load /etc/php*/fpm/pool.d/*.conf (Enrico Stahn)
  - Postfix_master: allow [] in words, bug #345
  - Resolv: support 'lookup' and 'family' key words, bug #320
    (Jasper Adriaanse))
  - Rsyslog: support :omusrmsg: list of users in actions
  - RX: add CR to RX.space_in
  - Samba: Use standard comments and empty lines
    Support dos eol
  - Schroot: Support smart quotes
  - Services: support port ranges (Branan Purvine-Riley)
  - Shellvars: optimize some regexps; reinstate /etc/sysconfig/network,
    fixes bug #330, RHBZ#904222, RHBZ#920609; parse /etc/rc.conf.local
    from OpenBSD
  - Sip_Conf: New lens for sip.conf configurations (Rob Tucker)
  - Splunk: new lens (Tim Brigham)
  - Subversion: Support smart quotes
    Use standard comments and empty lines
    Use IniFile.entry_multiline_generic
    Use IniFile.empty_noindent
    Support dos eol
  - Sudoers: allow user aliases in specs
  - Sysctl: exclude README file
  - Systemd: Support smart quotes; allow backslashes in values
  - Xinetd: handle missing values in list, bug #307
  - Xorg: allow 'Screen' in Device section, bug #344
  - Yum: Support dos eol, optimize some regexps
- update to 1.0.0
  - drop bnc-729491-recognize-suse-sysconfig-files.patch:
    upstream ShellVars lense now uses /etc/sysconfig/* include filter
  - drop patches, now upstream: augeas-pkgdeps.diff, augeas-stdio.h.patch
- license update: GPL-3.0+ and LGPL-2.1+
  semicolon is ambiguous
- Fix build with missing gets declaration (glibc 2.16)
- Ensure libxml2 is present in .pc file
- update to 0.10.0
  - support relative paths by taking them relative to the value of
    /augeas/context in all API functions where paths are used
  - add aug_to_xml to API: transform tree(s) into XML, exposed as dump-xml in
    aug_srun and augtool. Introduces dependency on libxml2
  - fix regular expression escaping. Previously, /[/]/ match either a backslash
    or a slash. Now it only matches a slash
  - path expressions: add function 'int' to convert a node value (string) to an
  - path expressions: make sure the regexp produced by empty nodesets from
    regexp() and glob() matches nothing, rather than the empty word
  - fix --autosave when running single command from command line, BZ 743023
  - aug_srun: support 'insert' and 'move' as aliases for 'ins' and 'mv'
  - aug_srun: allow escaping of spaces, quotes and brackets with +  - aug_init: accept AUG_NO_ERR_CLOSE flag; return augeas handle even when
    initialization fails so that caller gets some details about why
    initialization failed
  - aug_srun: tolerate trailing white space in commands
  - much improved, expanded documentation of many lenses
  - always interpret lens filter paths as absolute, bug #238
  - fix bug in libfa that would incorrectly calculate the difference of a case
    sensistive and case insensitive regexp (/[a-zA-Z]+/ - /word/i would match
  - new builtin 'regexp_match' for .aug files to make testing regexp matching
    easier during development
  - fix 'span' command, bug #220
  - Lens changes/additions
  * Access: parse user@host and (group) in users field; field separator need
    not be surrounded by spaces
  * Aliases: allow spaces before colons
  * Aptconf: new lens for /etc/apt/apt.conf
  * Aptpreferences: support origin entries
  * Backuppchosts: new lens for /etc/backuppc/hosts, bug 233 (Adam Helms)
  * Bbhosts: various fixes
  * Cgconfig: id allowed too many characters
  * Cron: variables aren't set like shellvars, semicolons are allowed in
    email addresses; fix parsing of numeric fields, previously upper case
    chars were allowed; support ranges in time specs
  * Desktop: new lens for .desktop files
  * Dhcpd: slashes must be double-quoted; add Red Hat's dhcpd.conf locations
  * Exports: allow empty options
  * Fai_diskconfig: new lens for FAI disk_config files
  * Fstab: allow ',' in file names, BZ 751342
  * Host_access: new lens for /etc/hosts.{allow,deny}
  * Host_conf: new lens for /etc/host.conf
  * Hostname: new lens for /etc/hostname
  * Hosts: also load /etc/mailname by default
  * Iptables: allow digits in ipt_match keys, bug #224
  * Json: fix whitespace handling, removing some cf ambiguities
  * Kdump: new lens for /etc/kdump.conf (Roman Rakus)
  * Keepalived: support many more flags, fields and blocks
  * Krb5: support [pam] section, bug #225
  * Logrotate: be more tolerant of whitespace in odd places
  * Mdadm_conf: new lens for /etc/mdadm.conf
  * Modprobe: Parse commands in install/remove stanzas (this introduces a
    backwards incompatibility); Drop support for include as it is not documented
    in manpages and no unit tests are shipped.
  * Modules: new lens for /etc/modules
  * Multipath: add support for seveal options in defaults section, bug #207
  * Mysql: includedir statements are not part of sections; support !include;
    allow indentation of entries and flags
  * Networks: new lens for /etc/networks
  * Nrpe: allow '=' in commands, bug #218 (Marc Fournier)
  * Php: allow indented entries
  * Phpvars: allow double quotes in variable names; accept case insensitive
    PHP tags; accept 'include_once'; allow empty lines at EOF; support define()
    and bash-style and end-of-line comments
  * ostfix_master: allow a lot more chars in words/commands, including commas
  * PuppetFileserver: support same-line comments and trailing whitespace,
    bug #214
  * Reprepo_uploaders: new lens for reprepro's uploaders files
  * Resolv: permit end-of-line comments
  * Schroot: new lens for /etc/schroot/schroot.conf
  * Shellvars: greatly expand shell syntax understood; support
    various syntactic constructs like if/then/elif/else, for, while,
    until, case, and select; load /etc/blkid.conf by default
  * Spacevars: add toplevel lens 'lns' for consistency
  * Ssh: new lens for ssh_config (Jiri Suchomel)
  * Stunnel: new lens for /etc/stunnel/stunnel.conf (Oliver Beattie)
  * Sudoers: support more parameter flags/options, bug #143
  * Xendconfsxp: lens for Xen configuration (Tom Limoncelli)
  * Xinetd: allow spaces after '{'
- update modprobe lens patch to apply on 0.10.0
- update shellvars lens patch to add some missing files on SUSE
  distros mentioned in bnc#729491
- Remove rednudant tags/sections from specfile
- Patch shellvars.aug to recognize SUSE specific files in
  sysconfig (bnc#729491)
- move lenses from /usr/share/libaugeas0/augeas
  to /usr/share/augeas (bnc#719199)
- move vim lenses syntax files from -lenses to -devel package
- Remove redundant tags/sections from specfile
- Add augeas-devel to baselibs
- update to 0.9.0:
  - augtool: keep history in ~/.augeas/history
  - add aug_srun API function; this makes it possible to run a sequence of
    commands through the API
  - aug_mv: report error AUG_EMVDESC on attempts to move a node into one of
    its descendants
  - path expressions: allow whitespace inside names, making '/files/etc/foo
    bar/baz' a legal path, but parse [expr1 or expr2] and [expr1 and expr2]
    as the logical and/or of expr1 and expr2
  - path expressions: interpret escape sequences in regexps; since '.' does
    not match newlines, it has to be possible to write '.|n' to match any
  - path expressions: allow concatenating strings and regexps; add
    comparison operator '!~'; add function 'glob'; allow passing a nodeset
    to function 'regexp'
  - store the names of the functions available in path expressions under
  - fix several smaller memory leaks
  - Lens changes/additions
  * Aliases: allow spaces and commas in aliases (Mathieu Arnold)
  * Grub: allow "/bootfs"/ Solaris/ZFS extension for dataset name, bug #201
    (Dominic Cleal); allow kernel path starting with a BIOS device,
    bug #199
  * Inifile: allow multiline values
  * Php: include files from Zend community edition, bug #210
  * Properties: new lens for Java properties files, bug #194 (Craig Dunn)
  * Spacevars: autoload two ldap files, bug #202 (John Morrissey)
  * Sudoers: support users:groups format in a Runas_Spec line, bug #211;
    add CSW paths (Dominic Cleal)
  * Util: allow comment_or_eol to match whitespace-only comments,
    bug #205 (Dominic Cleal)
  * Xorg: accept InputClass section; autoload from /etc/X11/xorg.conf.d,
    bug #197
- fate#311042: Update augeas packages for latest puppet support
  in SLE-11
- update to 0.8.1
  * augtool: respect autosave flag in oneshot mode, bug #193;
    fix segfault caused by unmatched bracket in path expression,
    bug #186
  * eliminate a global variable in the lexer, fixes BZ 690286
  * replace an erroneous assert(0) with a proper error message when
    none of the alternatives in a union match during saving,
    bug #183
  * improve AIX support
  * Lens changes/additions
  * Access: support the format @netgroup@@nisdomain, bug #190
  * Fstab: fix parsing of SELinux labels in the fscontext option
  * Grub: support 'device' directive for UEFI boot, bug #189; support
    'configfile' and 'background'
  * Httpd: handle continuation lines; autoload httpd.conf on
    Fedora/RHEL, BZ 688149; fix support for single-quoted
  * Iptables: support --tcp-flags, bug #157; allow blank and comment
    lines anywhere
  * Mysql: include /etc/my.cnf used on Fedora/RHEL, BZ 688053
  * NagiosCfg: parse setting multiple values on one line
  * NagiosObjects: process /etc/nagios3/objects/*.cfg
  * Nsswitch: support 'sudoers' as a database, bug #187
  * Shellvars: autoload /etc/rc.conf used in FreeBSD
  * Sudoers: support '#include' and '#includedir', bug #188
  * Yum: exclude /etc/yum/pluginconf.d/versionlock.list
- changes for 0.8.0
  * add new 'square' lens combinator
  * add new aug_span API function
  * augtool: short options for --nostdinc, --noload, and --noautoload
  * augtool: read commands from tty after executing file with --interactive
  * augtool: add --autosave option
  * augtool: add --span option to load nodes' span
  * augtool: add span command to get the node's span according to the input
  * augtool: really be quiet when we shouldn't be echoing
  * fix segfault in get.c with L_MAYBE lens; bug #180
  * fix segfault when a path expression called regexp() with an invalid
    regexp; bug #168
  * improved vim syntax file
  * replace augtest by to obviate the need for Ruby to run
  * use sys_wait module from gnulib; bug #164
  * Lens changes/additions
  * Access: new lens for /etc/security/access.conf
  * Crypttab: new lens for /etc/crypttab
  * Dhcpd: new lens
  * Exports: accept hostnames with dashes; bug #169
  * Grub: add various Solaris extensions; support "/map"/ entries,
    bug #148
  * Httpd: new lens for Apache config
  * Inifile: new lens indented_title_label
  * Interfaces: allow indentation for "/iface"/ entries; bug #182
  * Mysql: change default comment delimiter from ';' to '#'; bug #181
  * Nsswitch: accept various add'l databases; bug #171
  * PuppetFileserver: new lens for Puppet's fileserver.conf
  * REsolv: allow comments starting with ';'; bug #173
  * Shellvars: autoload various snmpd config files; bug #170
  * Solaris_system: new lens for /etc/system on Solaris
  * Util (comment_c_style, empty_generic, empty_c_style): new lenses
  * Xml: generic lens to process XML files
  * Xorg: make "/position"/ in "/screen"/ optional; allow "/Extensions"/
    section; bug #175
- add baselibs.conf
- update to 0.7.4
  * augtool: new clearm command to parallel setm
  * augtool: add --file option
  * Fix SEGV under gcc 4.5, caused by difficulties of the gcc
    optimizer handling bitfields (bug #149; rhbz #651992)
  * Preserve parse errors under /augeas//error: commit 5ee81630,
    released in 0.7.3, introduced a regression that would cause
    the loss of parse errors; bug #138
  * Avoid losing already parsed nodes under certain circumstances;
    bug #144
  * Properly record the new mtime of a saved file; previously the
    mtime in the tree was reset to 0 when a file was saved, causing
    unnecessary file reloads
  * fix a SEGV when using L_MAYBE in recursive lens; bug #136
  * Incompatible lens changes
  * Fstab: parse option values
  * Squid: various improvements, see bug #46;
  * Xinetd: map service names differently
  * Lens changes/additions
  * Aptsources: map comments properly, allow indented lines;
    bug #151
  * Grub: add indomU setting for Debian.
    Allow '=' as separator in title; bug #150
  * Fstab: also process /etc/mtab
  * Inetd: support rpc services
  * Iptables: allow underscore in chain names
  * Keepalived: new lens for /etc/keepalived/keepalived.conf
  * Krb5: allow digits in realm names; bug #139
  * Login_defs: new lens for /etc/login.defs
    (Erinn Looney-Triggs)
  * Mke2fs: new lens for /etc/mke2fs.conf
  * Nrpe: new lens for Nagios nrpe (Marc Fournier)
  * Nsswitch: new lens for /etc/nsswitch.conf
  * Odbc: new lens for /etc/odbc.ini (Marc Fournier)
  * Pg_hba: New lens; bug #140 (Aurelien Bompard).
    Add system path on Debian; bug #154 (Marc Fournier)
  * Postfix_master: parse arguments in double quotes; bug #69
  * Resolv: new lens for /etc/resolv.conf
  * Shells: new lens for /etc/shells
  * Shellvars: parse ulimit builtin
  * Sudoers: load file from /usr/local/etc (Mathieu Arnold)
    Allow 'visiblepw' parameter flag; bug #143. Read files from
  * Syslog: new lens for /etc/syslog.conf (Mathieu Arnold)
  * Util: exclude dpkg backup files; bug #153 (Marc Fournier)
  * Yum: accept continuation lines for gpgkey; bug #132
- added patch for allow_unsupported_modules command in modprobe.d conf files
- added vim files symlinks for lens syntax files
- fixed a few rpmlint warnings (fixed rpm group, no ldconfig run)
* Update to 0.7.3
  * ug_load: only reparse files that have actually changed; greatly
  speeds up reloading
  * record all variables in /augeas/variables, regardless of whether
  they were defined with aug_defvar or aug_defnode; make sure
  /augeas/variables always exists
  * redefine all variables (by reevaluating their corresponding
  expressions) after a aug_load. This makes variables 'sticky'
  across loads
  * fix behavior of aug_defnode to not fail when the expression
  evaluates to a nonempty node set
  * make gnulib a git submodule so that we record the gnulib commit
  off which we are based
  * allow 'let rec' with non-recursive RHS
  * fix memory corruption when reloading a tree into which a
  variable defined by defnode points (BZ 613967)
  * plug a few small memory leaks, and some segfaults
  * Lens changes/additions
  * Device_map: new lens for grub's (Matt Booth)
  * Limits: also look for files in /etc/security/limits.d
  * Mysql: new lens (Tim Stoop)
  * Shellvars: read /etc/sysconfig/suseconfig (Frederik Wagner)
  * Sudoers: allow escaped spaces in user/group names (Raphael Pinson)
  * Sysconfig: lens for the shell subdialect used in /etc/sysconfig;
    lens strips quotes automatically
* 0.7.2 - 2010-06-22
  * new API call aug_setm to set/create multiple nodes simultaneously
  * record expression used in a defvar underneath /augeas/variables
  * Lens changes/additions
  * Group: add test for disabled account (Raphael Pinson)
  * Grub: handle comments within a boot stanza
  * Iptables: also look for /etc/iptables-save (Nicolas Valcarcel)
  * Modules_conf: new lens for /etc/modules.conf (Matt Booth)
  * Securetty: added handling of emtpy lines/comments (Frederik Wagner)
  * Shellvars: added SuSE sysconfig puppet files (Frederik Wagner),
    process /etc/environment (seph)
  * Shellvars_list: Shellvars-like lens that treats strings of
    space-separated words as lists (Frederik Wagner)
* 0.7.1 - 2010-04-21
  * fix crash when recursive lens was used in a nonrecursive lens (bug #100)
  * context free parser/recursive lenses: handle 'l?' properly (bug #119);
  distinguish between successful parse and parse with an error at end of
  input; do caller filtering to avoid spurious ambiguous parses with
  grammars containing epsilon productions
  * aug_get: return -1 when multiple nodes match (bug #121)
  * much better error message when iteration stops prematurely during
  put/create than the dreaded 'Short iteration'
  * src/lens.c (lns_check_rec): fix refcounting mistake on error path (bug #120)
  * Lens changes/additions
  * Approx: lens and test for the approx proxy server (Tim Stoop)
  * Cgconfig: lens and tests for libcgroup config (Ivana Hutarova Varekova)
  * Cgrules: new lens and test (Ivana Hutarova Varekova)
  * Cobblermodules: lens + tests for cobbler's modules.conf (Shannon Hughes)
  * Debctrl: new lens and test (Dominique Dumont)
  * Dput: add 'allow_dcut' parameter (bug #105) (Raphael Pinson)
  * Dhclient: add rfc code parsing (bug #107) (Raphael Pinson)
  * Group: handle disabled passwords
  * Grub: support empty kernel parameters, Suse incl.s (Frederik Wagner)
  * Inittab: allow ':' in the process field (bug #109)
  * Logrotate: tolerate whitespace at the end of a line (bug #101); files
    can be separated by newlines (bug #104) (Raphael Pinson)
  * Modprobe: Suse includes (Frederik Wagner)
  * Nagisocfg: lens and test for /etc/nagios3/nagios.cfg (Tim Stoop)
  * Ntp: add 'tinker' directive (bug #103)
  * Passwd: parse NIS entries on Solaris
  * Securetty: new lens and test for /etc/securetty (Simon Josi)
  * Shellvars: handle a bare 'export VAR'; Suse includes (Frederik
    Wagner); allow spaces after/before opening/closing parens for array
  * Sudoers: allow del_negate even if no negate_node is found (bug #106)
    (Raphael Pinson); accept 'secure_path' (BZ 566134) (Stuart
* 0.7.0 - 2010-01-14
  * Support for context-free lenses via the 'let rec' keyword. The syntax
  is experimental, though the feature is here to stay. See
  lenses/json.aug for an example of what's possible with that.
  * Support for case-insensitive regular expressions. Simply append 'i' to
  a regexp literal to make it case-insensitive, e.g. /hello/i will match
  all variations of hello, regardless of case.
  * Major revamp of augtool. In particular, path expressions don't need to
  be quoted anymore. The online help has been greatly improved.
  * Check during load/save that each file is only matched by one transform
  under /augeas/load. If there are multiple transforms for a file, the
  file is skipped.
  * New error codes AUG_ENOLENS and AUG_EMXFM
  * Do not choke on non-existing lens during save
  * Change the metadata for files under /augeas/files slightly: the node
  /augeas/files/$PATH/lens now has the name of the lens used to load the
  file; the source location of that lens has moved to
  * New public functions fa_nocase, fa_is_nocase, and fa_expand_nocase in
  * Various smaller bug fixes, performance improvements and improved error
  * Lens changes/additions
  * Cobblersettings: new lens and test (Bryan Kearney)
  * Iptables: allow quoted strings as arguments; handle both negation
  * Json: lens and tests for generic Json files
  * Lokkit: allow '-' in arguments
  * Samba: accept entry keys with ':' (Partha Aji)
  * Shellvars: allow arrays that span multiple lines
  * Xinetd (name): fix bad '-' in character class
* 0.6.0 - 2009-11-30
  * Add error reporting API (aug_error and related calls); use to report
  error details in a variety of places
  * Path expressions: add regexp matching; add operator '|' to form union
  of nodesets (ticket #89)
  * Tolerate non-C locales from the environment (ticket #35); it is no
  longer necessary to set the locale to C from the outside
  * use stpcpy/stpncpy from gnulib (needed for building on Solaris)
  * Properly check regexp literals for syntax errors (ticket #93)
  * Distribute and install vim syntax files (ticket #97)
  * many more bugfixes
  * Lens changes/additions
  * Apt_preferences: support version pin; filter out empty lines (Matt
  * Cron: variables can contain '_' etc. (ticket #94)
  * Ethers: new lens for /etc/ethers (Satoru SATOH)
  * Fstab: allow '#' in spec (ticket #95)
  * Group: allow empty password field (ticket #95)
  * Inittab: parse end-of-line comments into a #comment
  * Krb5: support kdc section; add v4_name_convert subsection to
    libdefaults (ticket #95)
  * Lokkit: add mising eol to forward_port; make argument for --trust
    more permissive
  * Pam: allow '-' before type
  * Postfix_access: new lens for /etc/postfix/access (Partha Aji)
  * Rx: allow '!' in device_name
  * Sudoers: allow certain backslash-quoted characters in a command (Matt
  * Wine: new lens to read Windows registry files
* 0.5.3 - 2009-09-14
  * Match trees on label + value, not just label; see
  tests/modules/pass_strip_quotes.aug for how that enables stripping
  * Do not trip over symlinks to files on a different device during save;
  fixes problems with writing to /etc/grub.conf on Fedora/RHEL
  * API (defnode): always add the newly created node into the resulting
  * Add preceding-sibling and following-sibling axes to path expressions
  * augtool, augparse: add --version option (bug #88)
  * Change file info recorded under /augeas/files/FILE/*: remove lens/id
  and move lens/info to lens
  * Properly record new files under /augeas/files (bug #78)
  * aug_load: clean up variables to avoid dangling references (bug #79)
  * Make Augeas work on AIX
  * Ignore anything but regular files when globbing
  * Add 'clear' function to language for use in unit tests
  * typechecker: print example trees in tree format
  * libfa: properly support regexps with embedded NUL's
  * Lens changes/additions
  * Xorg: revamped, fixes various parse failures (Matt Booth)
  * Inetd: new lens and test (Matt Palmer)
  * Multipath: new lens and test
  * Slapd: also read /etc/openldap.slapd.conf (bug #85)
* 0.5.2 - 2009-07-13
  * Make Augeas work on Mac OS/X (bug #66) (Anders Bjoerklund)
  * reduce symbols exported from libfa with linker script
  * add --echo option to augtool
  * require Automake 1.11 (Jim Meyering)
  * avoid spurious save attempts for freshly read files
  * Lens changes/additions
  * Inittab: schema change: use 'id' field as name of subtree for a line,
    instead of a generated number. Map comments as '#comment' (Matt Palmer)
  * Logrotate: make owner/group in create statement optional, allow
    filenames to be indented
  * Ntp: allow additional options for server etc. (bug #72)
  * Shellvars: allow backticks as quote characters (bug #74)
  * Yum: also read files in /etc/yum/pluginconf.d (Marc Fournier)
* 0.5.1 - 2009-06-09
  * augeas.h: flag AUG_NO_MODL_AUTOLOAD suppresses initial loading
    of modules; exposed as --noautoload in augtool
  * augtool: don't prompt when input is not from tty (Raphael Pinson)
  * augparse: add --notypecheck option
  * path expressions: allow things like '/foo and /bar[3]' in predicates
  * Lens changes/additions
  * Aliases: map comments as #comment (Raphael Pinson)
  * Build, Rx, Sep: new utility modules (Raphael Pinson)
  * Cron: new lens (Raphael Pinson)
  * Dnsmasq: process files in /etc/dnsmasq.d/* (ticket #65)
  * Grub: parse kernel and module args into separate nodes; parse
    arguments for 'serial', 'terminal', and 'chainloader'; allow
    optional argument for 'savedefault'
  * Interfaces: make compliant with actual Debian spec (Matt Palmer)
  * Iptables: relax regexp for chain names; allow comment lines mixed
    in with chains and rules (ticket #51)
  * Logrotate: allow '=' as separator (ticket #61); make newline at end
    of scriptlet optional
  * Modprobe: handle comments at end of line
  * Ntp: parse fudge record (Raphael Pinson); parse all directives in
    default Fedora ntp.conf; process 'broadcastdelay', 'leapfile',
    and enable/disable flags (ticket #62)
  * Pbuilder: new lens for Debian's personal builder (Raphael Pinson)
  * Php: add default path on Fedora/RHEL (Marc Fournier)
  * Squid: handle indented entries (Raphael Pinson)
  * Shellvars: map 'export' and 'unset'; map comments as #comment
    (Raphael Pinson)
  * Sudoers: allow backslashes inside values (ticket #60) (Raphael Pinson)
  * Vsftpd: map comments as #comment; handle empty lines; find
    vsftpd.conf on Fedora/RHEL
  * Xinetd: map comments as #comment (Raphael Pinson)
- enable parallel building
* Update to 0.5.0
  * Upstream notes:
  Clean up interface for libfa; the interface is now considered stable
  * New aug_load API call; allows controlling which files to load by
  modifying /augeas/load and then calling aug_load; on startup, the
  transforms marked with autoload are reported under /augeas/load
  * New flag AUG_NO_LOAD for aug_init to keep it from loading files on
  startup; add --noload option to augtool
  * New API calls aug_defvar and aug_defnode to define variables for
  path expressions; exposed as 'defvar' and 'defnode' in augtool
  * New program examples/fadot to draw various finite automata (Francis
  * Report line number and character offset in the tree when parsing a
  file with a lens fails
  * Fix error in propagation of dirty flag, which could lead to only
  parts of a tree being saved when multiple files were modified
  * Flush files to disk before moving them
  * Fix a number of memory corruptions in the XPath evaluator
  * Several performance improvements in libfa
  * Lens changes/additions
  * Grub: process embedded comments for update-grub (Raphael Pinson)
  * Iptables: new lens for /etc/sysconfig/iptables
  * Krb5: new lens for /etc/krb5.conf
  * Limits: map dpmain as value of 'domain' node, not as label
    (Raphael Pinson)
  * Lokkit: new lens for /etc/sysconfig/system-config-firewall
  * Modprobe: new lens for /etc/modprobe.d/*
  * Sudoers: more finegrained parsing (ticket #48) (Raphael Pinson)
* Update to 0.4.2
  * Moved lense tests into separate package 'augeas-lense-tests'
  * Added augeas-lenses-license-fix patch
  * Upstream notes:
  * Do not delete files that had an error upon parsing
  * For Fedora/EPEL RPM's, BuildRequire libselinux-devel (bug #26)
  * In path expressions, the meaning of '<' and '<=' was reversed
  * Always create an entry /files in aug_init
  * New builtin 'Sys' module with functions 'getenv' and 'read_file',
  the latter reads a the contents of a file into a string
  * Lens changes/additions
  * Postfix_main: handle continuation lines
  * Bbhosts, Hosts, Logrotate, Sudoers: label comment nodes as '#comment'
  * Sshd: map comments as '#comment' nodes
  * Squid: add all keywords from squid 2.7 and 3 (Francois Deppierraz)
  * Logrotate: process unit suffixes for 'size' and 'minsize'
* Update to 0.4.1
  * Moved lenses to separate package 'augeas-lenses'.
  * Upstream notes:
  * Remove files when their entire subtree under /files is deleted
  * Various bug fixes and syntax enhancements for path expressions
  (see tests/xpath.tests for details)
  * Evaluate path expressions with multiple predicates correctly
  * Fix incorrect setting of /augeas/events/saved
  * Major cleanup of matching during get; drastically improves
  performance for very large (on the order of 10k lines) config files
  * Small performance improvement in the typechecker
  * Reject invalid character sets like [x-u] during typecheck
  * Build with compile warnings set to 'maximum' instead of 'error', so
  that builds on platforms with broken headers will work out of the box
  * Lens changes/additions
  * Util.stdexcl now excludes .augsave and .augnew files
  * Logrotate: allow 'yearly' schedule, spaces around braces
  * Ntp: fix so that it processes ntp.conf on Fedora 10
  * Services: lens for /etc/services (Raphael Pinson)
  * Xorg: new lens and tests (Raphael Pinson)
- Update pidfile path to /run from /var/run (bsc#1185155)
- 0003-autofs-5.1.4-fix-fd-leak-in-rpc_do_create_client.patch
  Fix filedescriptor leak (bsc#1093436)
- BuildRequire pkgconfig(udisks2) instead of udisks2-devel: let's
  be flexible on possible package name changes.
- Package COPYRIGHT as %license instead of %doc.
- 0001-use_hostname_for_mounts-shouldn-t-prevent-selection-.patch
  Fix handling of replicated NFS server so that
  selection between servers still works sensibly when
  use_hostname_for_mounts is in effect.
- 0002-Fix-monotonic_elapsed.patch
  Fix bug introduced with monotonic-time patches which
  causes nanoseconds to be ignored and effectively
  disables sorting based on response time and/or weight.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Add build require for rpcgen (preparation for removing it from
- fix ordering of seteuid/setegid in do_spawn (bsc#1062482).
- fix unset tsd group name handling (bsc#1062482).
- fix possible map instance memory leak (bsc#1038198).
- check map instances for staleness on map update (bsc#1038198).
- Added patches:
  - autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch
  - autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch
  - autofs-5-1-3-fix-possible-map-instance-memory-leak.patch
  - autofs-5-1-3-fix-unset-tsd-group-name-handling.patch
- Add libnsl-devel as build require in preparation of libnsl
  removal from glibc
- Add gpg signature
- Update URL to use now that ftp is gone.
- update to version 5.1.3:
  * limit getgrgid_r() buffer size
  * increase worker thread per-thread stack size
  * fix offset mount location multiple expansion
  * use malloc for expanded map location
  * fix invalid reference in remount_active_mount()
  * fix work around sss startup delay
  * fix possible NULL derefernce
  * use autofs_point to store expire timeout where possibe
  * add config option to use mount request log id
  * factor out set_thread_mount_request_log_id()
  * log functions to prefix messages with attempt_id if available
  * create thread-local ID for mount attempts
  * add the mount requestor's pid to pending_args
  * delay submount exit for amd submounts
  * fix bogus check in expire_cleanup()
  * handle amd cache option all in amd type auto mounts
  * handle map_option cache for top level mounts
  * capture cache option and its settings during parsing
  * add function conf_amd_get_map_options()
  * check for conflicting amd section mounts
  * include amd mount section mounts in master mounts list
  * add function conf_amd_get_mount_paths()
  * add function conf_amd_get_map_name()
  * add support for amd browsable option
  * add ref counting to struct map_source
  * fix typos in README.amd-maps
  * honor last rw in mount options when doing a bind mount
  * set autofs mounts catatonic at exit
  * make set_direct_mount_catatonic() more general
  * check NFS server availability on local mount fallback
  * make lookup_nss_read_master() return nss status
  * don't return until after master map retry read
  * set sane default master read wait timeout
  * dont exit on master map read fail timeout
  * fix included master map not found return
  * fix quoted key handling in sanitize_path()
  * add sss master map wait config option
  * work around sss startup delay
  * add master read wait option
  * wait for master map available at start
  * update and add README for old autofs schema
  * fix create_client() RPC client handling
  * fix _strncmp() usage
  * fix argc off by one in mount_autofs.c
  * fix cachefs parse message not being logged
  * fix typo in MOUNT_FLAG_GHOST comment
  * Avoid local variable name shadowing another
  * configure: add cache variable for Linux proc filesystem check
  * fix count_mounts() function
  * fix short memory allocation in lookup_amd_instance()
  * Fix fgets(3) size argument (another one)
  * Fix typos in error messages
  * Remove unused local 2KB buffer
  * fix file map changed check
  * Change .requestor to .requester for consistency
  * Fix a typo in CREDITS
  * fix libtirpc detection with -Wl,--as-needed
  * Fix size arg of fgets(3)
  * Drop redundant n in logerr()
  * Fix compiler warning in try_remount()
  * build: check for clock_gettime in librt
  * fix possible memory leak in nfs mount
  * add config option to suppress not found log message
  * properly handle errors in lookup_nss_mount
  * fix yp map age not updated during map lookup
  * fix 'nameing' typo in autofs.conf
  * add systemd dependency
  * add autofs(5) note of IPv6 libtirpc requirement
  * fix autofs(5) description of supported map sources
  * fix modules make clean target
  * fix Makefile linking dependencies
  * fix handle_mounts() termination condition check
  * log pipe read errors
  * fix use-after-free in st_queue_handler()
  * always set direct mounts catatonic at exit
  * improve scalability of direct mount path component
  * fix use after free in match_my_name()
  * fix memory leak in get_network_proximity()
  * fix typo in autofs_sasl_bind()
  * fix use after free in open_lookup()
  * fix use after free in sun parser parse_init()
  * fix memory leak in ldap do_init()
  * fix memory leak in nisplus lookup_reinit()
  * fix sasl connection concurrancy problem
  * fix unbind sasl external mech
  * remove unused function elapsed()
  * change time() to use monotonic_clock()
  * change remaining gettimeofday() to use clock_gettime()
  * use monotonic clock for indirect mount condition
  * use monotonic clock for direct mount condition
  * define pending condition init helper function
  * use monotonic clock for alarm thread condition wait
  * define monotonic clock helper functions
  * Add a mode option for master map entries
  * fix error handling of is_mounted()
  * fix out of order call in program map lookup
  * add configuration option to use fqdn in mounts
  * update map_hash_table_size description
  * change lookup to use reinit instead of reopen
  * implement reinit in multi lookup module
  * fix map format check in nss_open_lookup() multi map module
  * factor out alloc multi map context
  * factor out free multi map context
  * add type to struct lookup_mod
  * implement reinit in yp lookup module
  * implement reinit in sss lookup module
  * implement reinit in program lookup module
  * implement reinit in nisplus lookup module
  * implement reinit in ldap lookup module
  * implement reinit in hosts lookup module
  * implement reinit in hesiod lookup module
  * implement reinit in file lookup module
  * implement reinit in dir lookup module
  * implement reinit in parse modules
  * add reinit entry point to modules
  * fix nsswitch handling when opening multi map
  * make open_lookup() return nss status
  * move check_nss_result() to nsswitchr.c
  * fix update_hosts_mounts() return
  * fix missing source sss in multi map lookup
  * fix direct map expire not set for initial empty map
  * fix direct mount stale instance flag reset
  * fix error handling on ldap bind fail
  * fix config old name lookup
  * fix rwlock unlock crash
  * fix return handling of do_reconnect() in ldap module
  * make find_server() return a status
  * make find_dc_server() return a status
  * make connect_to_server() return a status
  * make do_connect() return a status
  * move query dn calculation from do_bind() to do_connect()
  * fix return handling in sss lookup module
  * fix left mount count return from umount_multi_triggers()
  * revert fix libtirpc name clash
  * update libtirpc workaround for new soname
  * fix fix gcc5 complaints
  * Removed patches:
  * Updated patches for context:
- remove rpmlintrc, review was boo#782691
- Fix spurious ELOOP on certain kinds of failures (bsc#968918):
  * autofs: fix yp map age not updated in s/_/./g case
  * autofs: properly handle errors in lookup_nss_mount
  * Added patches:
- improve scalability of direct mount path component creation (bsc#966573).
  * Added autofs-improve-scalability-of-direct-mount-path-comp.patch
  * Refreshed autofs-5.1.1-dbus-udisks-monitor.patch
- Use libldap_r instead of libldap for thread safety (bsc#955477).
  * Added autofs-use-libldap_r-instead-of-libldap-for-thread-safety.patch
- add patch autofs-5.1.1-leave_auth_destroy.patch (bnc#958410)
  do not redefined auth_destroy, the reason for this has long
  been fixed in libtirpc (version 0.2.1 is already fine)
- autofs.service: Use KillMode=mixed so "/KillSignal"/ (SIGTERM) is
  only sent to the main process and if still does not exit after
  "/TimeoutStopSec"/ then "/SendSIGKILL"/ is sent to all remaining
  processes of the unit's control group.
  This is the desired behaviour for almost all daemons that
  execute foreign programs.
- update to version 5.1.1:
  * fix compile error in defaults.c
  * add serialization to sasl init
  * dont allocate dev_ctl_ops too early
  * fix incorrect round robin host detection
  * fix race accessing qdn in get_query_dn()
  * fix leak in cache_push_mapent()
  * fix config entry read buffer not checked
  * fix FILE pointer check in defaults_read_config()
  * fix memory leak in conf_amd_get_log_options()
  * fix signed comparison in inet_fill_net()
  * fix buffer size checks in get_network_proximity()
  * fix leak in get_network_proximity()
  * fix buffer size checks in merge_options()
  * check amd lex buffer len before copy
  * add return check in ldap check_map_indirect()
  * check host macro is set before use
  * check options length before use in parse_amd.c
  * fix some out of order evaluations in parse_amd.c
  * fix copy and paste error in dup_defaults_entry()
  * fix leak in parse_mount()
  * add mutex call return check in defaults.c
  * force disable browse mode for amd format maps
  * fix hosts map options check in lookup_amd_instance()
  * fix memory leak in create_client()
  * fix memory leak in get_exports()
  * fix memory leak in get_defaults_entry()
  * fix out of order clearing of options buffer
  * fix reset amd lexer scan buffer
  * ignore multiple commas in options strings
  * fix typo in flagdir configure option
  * clarify multiple mounts description
  * gaurd against incorrect umount return
  * update man page autofs(8) for systemd
  * dont pass sloppy option for other than nfs mounts
  * make service want network-online
  * fix fix master map type check
  * init qdn before use in get_query_dn()
  * fix typo in update_hosts_mounts()
  * fix hosts map update on reload
  * make negative cache update consistent for all lookup modules
  * ensure negative cache isn't updated on remount
  * dont add wildcard to negative cache
  * add a prefix to program map stdvars
  * add config option to force use of program map stdvars
  * fix incorrect check in parse_mount()
  * handle duplicates in multi mounts
  * revert special case cifs escapes
  * fix map option parsing for 'strictatime'
  * fix showmount search in
  * remove obsolete comment in
  * fix macro usage in lookup_program.c
  * fix gcc5 complaints
  * remove unused offset handling code
  * fix mount as you go offset selection
  * link daemon with pthread library (Debian patch)
  * manpage corrections (Debian patch)
  * fix manpages hyphenation (Debian patch).
- ported patches:
  * autofs-5.1.0-dbus-udisks-monitor.patch ->
  * autofs-debuginfo-fix.patch -> autofs-5.1.1-debuginfo-fix.patch
  * autofs-5.0.9-suse-auto_master_default.patch ->
  * autofs-5.0.9-task-use-after-free.patch ->
- remove patches that are now upstream:
  * autofs-5.1.0-dont-pass-sloppy-option-for-other-than-nfs-mounts.patch
  * autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch
  * autofs-5.1.0-add-config-option-to-force-use-of-program-map-stdvars.patch
  * autofs-5.1.0-gcc5-fixes.patch
- add autofs-5.1.0-gcc5-fixes.patch: Fix build against gcc 5.x
- prevent potential privilege escalation via interpreter load path
  for program-based automount maps, add the following patches:
  (bnc#917977 CVE-2014-8169)
- add autofs-5.1.0-dont-pass-sloppy-option-for-other-than-nfs-mounts.patch
- Fix autofs.service so that multiple options passed through
  sysconfig AUTOFS_OPTIONS work correctly (bsc#909472)
- Fix configuration handling now that we have /etc/autofs.conf
  and /etc/sysconfig/autofs. Runtime options are now configured in
  the former, while settings that affect the daemon start up are
  still handled in the latter.
- Clean-up sysconfig.autofs, leave only init script options:
- Run %fillup also when systemd is enabled. (bsc#906606)
- Use udisks2, udisks development has ceased in favor of udisks2.
- Copy the files to the right location when a <file_location>
  is given (bsc#1188357).
- 4.3.86
- Add missing elements to rules.xml schema:
  - installed_product and installed_product_version (boo#1176089)
  - dialog section (bsc#1188153)
- Do not export the general/storage section when it is empty
  (related to bsc#1171356 and bsc#1187916).
- 4.3.85
- Properly register the script to reboot after applying online
  updates (bsc#1187962).
- 4.3.84
- Do not crash when the general/storage section is empty
- 4.3.83
- Import proxy settings during the 1st stage of the installation
- 4.3.82
- Recommend icewm if graphical installation (bsc#1185095)
- 4.3.81
- Install packages in the PackagesProposal during autoupgrade
  (see bsc#1184488).
- 4.3.80
- Consider 'static_text' as a valid value for 'ask/type' elements
- 4.3.79
- During autoupgrade do not try to register the system if it is
  explicitly disabled in the profile (bsc#1176965)
- 4.3.78
- Do not crash while sorting the list of modules to be processed
  during the 2nd stage (bsc#1184316).
- Prevent AutoYaST UI from crashing when trying to apply a module
  changes (bsc#1184429).
- 4.3.77
- Use 'module' instead of 'listentry' when exporting pre-modules
  and post-modules lists (bsc#1184342).
- Show the <ask-list> only once during autoinstallation
- Add the 'mkfs_options' element to the schema (bsc#1184268).
- Fix crash during using autoyast UI (bsc#1184216)
- 4.3.76
- fix handling of empty signature-handling element in autoyast
  profile (bsc#1180968)
- 4.3.75
- Export properly "/ask"/ section "/selection"/  (bsc#1183624)
- 4.3.74
- Move default networking section values to the network repository
  in order to reduce the redundancy and to avoid an unexpected
  behavior (bsc#1180535).
- 4.3.73
- Autoyast schema: allow semi-automatic_entry alias for module in
  semi-automatic entry as it was already documented in autoyast
  documentation (bsc#1183512)
- 4.3.72
- Remove the 'haspcmica' element from the schema (related to
- 4.3.71
- Import the security settings after importing the bootloader
  configuration (bsc#1183042).
- 4.3.70
- Select patterns during auto installation even when not using the
  confirm mode (related to jsc#SMO-20 and bsc#1182543).
- 4.3.69
- Adapted unit test to recent changes in Yast::Report (related to
- 4.3.68
- AutoYaST UI: fixed field Mount Options (fstopt) in the
  partitioning section (bsc#1181577).
- 4.3.67
- AutoYaST UI: added drive types CT_NFS and CT_TMPFS to the
  partitioning section (part of jsc#SLE-11308).
- 4.3.66
- Upgrade: Checking if a valid base product has been selected for
  upgrade and if not asking the user to check the product entry
  in the AY configuration file (bsc#1175876).
- 4.3.65
- Add support for Btrfs quotas (jsc#SLE-7742).
- 4.3.64
- Rules download: The result will be stored in the target file when
  the download has failed. This file has to be removed (bsc#1178804)
- 4.3.63
- AutoYaST warnings timeout applies to the XML validation error
  dialog (bsc#1176973).
- 4.3.62
- Allow setting the 't' (or 'config:type') attribute in the
  'backup' and 'upgrade' elements (bsc#1176834 and bsc#1176848).
- 4.3.61
- Do not show a warning the user when a script just did not run
- 4.3.60
- Fix the progress bar length during autoinstallation
  initialization (bsc#1177322).
- Resolve "/zzz_reboot"/ script conflict (bsc#1177036)
- 4.3.59
- Fix 'inst_autosetup' tests (bsc#1177227).
- 4.3.58
- Add validation of 'activate_systemd_default_target' and
  'final_restart_services' elements in the 'general/mode' section
  (related to bsc#1176595).
- 4.3.57
- Improve validation errors presentation (related to bsc#1176973).
- 4.3.56
- Drop the 'general/mouse' element from the schema. It has been
  unsupported since version 3.0.3, FATE#313101 (bsc#1176973).
- 4.3.55
- Fix tests for CWM::ComboBox (related to the CWM changes for
- 4.3.54
- Add the schema for 'backup' and 'upgrade' sections (bsc#1176834).
- 4.3.53
- Set 0o600 permissions to the generated profile when cloning
  a system (bsc#1174202).
- Add new action `yast2 autoyast check-profile` (related to
  bsc#1175735) which features:
-- XML syntax check
-- XML schema validation
-- try to fetch the profile
-- generate dynamic profile erb or classes/rules
-- optional try to import profile and detect any issues with it
-- optional run of scripts including dynamic profiles in pre-script
-- 4.3.52
- Removing package evaluation via AY schema. Using autoyast(...)
  supplements instead (bsc#1146494).
- 4.3.51
- Import general and report sections in case that some pre-script
  modified the profile (bsc#1175725)
- 4.3.50
- Fix 'bcache_options' element using the right type (bsc#1176595)
- 4.3.49
- Fix the returned value form the AutoinstPartPlan's Read method
- 4.3.48
- Formally mark that fixes made for SP2 no longer affect SP3
  (no code changes bsc#1173793 and bsc#1172026). For the first one
  code is not longer in place and for the second new xml parser
  does not need workaround for empty strings.
- 4.3.47
- Fix installation using encrypted profile (bsc#1176336)
- improve usability by entering password just once
- use shared UI::PasswordDialog
- 4.3.46
- Using "/:"/ in the autoyast(...) supplements (bsc#1146494).
- 4.3.45
- When 'NetworkManager' is selected in the profile as the network
  backend to be used, the 'NetworkManager' package is added to the
  list of packages to be installed in case of missing (bsc#1172817)
- 4.3.44
- Recognize installed_product and installed_product_version as
  legal elements of rules.xml files (boo#1176089).
- 4.3.43
- Add to erb templates more helpers (bsc#1175735)
- Use <script> elements instead of <listentry> when exporting the
  <postpartitioning-scripts> section (related to bsc#1175714).
- Saving log files of postpartitioning-scripts (bsc#1145269)
- 4.3.42
- Fix the AutoYaST storage UI (related to bsc#1175680).
- 4.3.41
- Unify profile element paths (bsc#1175680).
- 4.3.40
- bnc#1174133
  - do not crash with internal error when the profile contains
    corrupted signature_handling option
- 4.3.39
- Add ability to use erb template as dynamic autoyast profile
- 4.3.38
- Speed up finding the "/autoyast()"/ supplements by filtering
  packages directly on the lilbzypp level (bsc#1175317, related to
- 4.3.37
- Reporting an error if an corrupted AY configuration file has been
  read (bsc#160975).
- 4.3.36
- bsc#1173624
  - Run firewall configuration in first stage
- 4.3.35
- AutoYaST: Added supplements: autoyast(files,general,report,scripts,
  partitioning,software) into the spec file in order to install
  this packages if the section has been defined in the AY
  configuration file (bsc#1146494).
- 4.3.34
- Improve finding the respective package for a section in the XML
  installation profile. Find a package with the
  "/autoyast(<section_name>)"/ supplements dependency (bsc#1146494).
- 4.3.33
- Do not report profile validation errors multiple times if the
  errors are the same already reported and accepted (bsc#1173091)
- 4.3.32
- Adapted doc: Calling of post-partitioning scripts moved from
  dropped inst_autoimage to inst_kickoff (bsc#1140711).
- Removed "/image"/ section from "/software"/ section (bsc#1140711).
- 4.3.31
- handle properly exceptions from new XML parser/serializer
  (related to bsc#1171412)
- 4.3.30
- Do not crash when the networking section is missing
- 4.3.29
- Fix fallback for autoyast client name (bsc#1174119)
- 4.3.28
- Do not crash when wait section is not initialized (related to
- 4.3.27
- Moving <files> section handling from second installation stage
  to first installation stage. (bsc#1174194)
- 4.3.26
- Export more methods in AutoinstGeneral so it can be queried for
  general autoyast settings (bsc#1174173)
- 4.3.25
- Fix 'partition' elements using the right type (bsc#1174071).
- 4.3.24
- Fix exception when autoyast module does not report any package
  to install (bsc#1174069)
- 4.3.23
- Move pre-scripts to the autoinit client running them just after
  the profile has been processed (bsc#1110413)
- 4.3.22
- Replace old module registry with newer code that is easier to
  maintain and better test covered (bsc#1173699)
- 4.3.21
- Make the report section elements optional as AutoYaST proposes
  default values when missing (bsc#1173312)
- 4.3.20
- The language, timezone and keyboard sections are applied and
  removed during the first stage (bsc#1173624).
- 4.3.19
- Allow the user to ask for a reduced profile using the 'target'
  argument in the command line (bsc#1171356).
- 4.3.18
- Cloning does not depend on the SetModified API call(bsc#1172552)
- 4.3.17
- Do not export general section if not requested (bsc#1172552)
- 4.3.16
- Validate the XML files before using them (bsc#1173091)
- Allow disabling the validation by setting
- 4.3.15
- Do not export sections with no content (related to bsc#1172749).
- 4.3.14
- AutoinstGeneral.SetRebootAfterFirstStage is not private
  anymore (bsc#1172865).
- 4.3.13
- Do not export Report section when cloning system as it is always
  just defaults (bsc#1172749)
- 4.3.12
- Autoyast User Scripts Improvements:
  - ensure all artifacts are copied to system (bsc#1145269)
  - show warning if script returns non zero value
  - show warning if there are two scripts that overwrite each other
  - allow any interpreter to be used
- 4.3.11
- Do not crash when the partitioning section is not specified
- 4.3.10
- Fix 'autoyast' and 'clone_system' command line interfaces
  - autoyast: add a list-modules command to list all known modules.
  - autoyast: display the correct client name in the help text.
  - autoyast: 'file' and 'module' command are now equivalent.
    Both of them support setting 'filename' and 'modname'
  - clone_system: add a 'filename' option instead of always using
  - clone_system: move the logic to find the clonable modules
    to Y2ModuleConfig.
- 4.3.9
- AutoYaST schema fixes:
  - Work around Relax-NG parser error: "/Found anyName attribute
    without oneOrMore ancestor"/ (bsc#1172131)
  - Rename 'option' to 'fs_option' to fix a duplicate definition
- 4.3.8
- AutoYaST: Cleanup/improve issue handling (bsc#1171335).
- 4.3.7
- When running an autoinstallation with the Online medium, the
  network configuration based on the profile can be written before
  the registration takes place (bsc#1171922)
- 4.3.6
- Do not propose insecure signature handling settings when
  cloning (bsc#1171343).
- Assign the correct callback when "/accept_unknown_digest"/ is set.
- Do not export storage settings in the general section
  unless it is needed (related to bsc#1171356).
- 4.3.5
- The network configuration is applied during the first stage by
  default (bsc#1171922)
- 4.3.4
- Revamp the storage client user interface, adapting it to the
  storage-ng features.
- Avoid detecting bcache as a volume group (bsc#1136454).
- 4.3.3
- Fix error reporting for invalid profile to respect new API
- fix profile loading test
- 4.3.2
- fix schema if it include definition multiple times (bsc#1171412)
- 4.3.1
- Do not export storage settings in the general section
  unless it is needed (related to bsc#1171356).
- Improve AutoInstClone module test coverage and clean-up unused
- AutoYaST schema improvements (bsc#1170886)
-- Allow optional types for string and map objects
-- Allow type specification without namespace
-- Add type specification with 't' shortcut
- 4.3.0
- ayast_setup: Do not add a 'networking' section to the profile
  when it is not defined explicitly as it is not needed anymore
  since keeping the configured network is the default option during
  autoconfiguration (bsc#1170821)
- 4.2.35
- Service for init scripts: Try to start "/"/
  before starting the AY init scripts in order to get a working
  network (bsc#1164105).
- 4.2.34
- Restore some missing icons (related to bsc#1168123, boo#1109310
  and boo#1168281).
- 4.2.33
- Fix desktop files updating some icons and groups (related to
- 4.2.32
- Adapted to changes in yast2-storage-ng (related to bsc#1140040).
- 4.2.31
- Security fix: Removed all "/--gpg-auto-import-keys"/ options from
  zypper commands (bsc#1140711) (CVE-2019-18905)
- 4.2.30
- Fixed crash while loading none existing AY file (bsc#1165464).
- 4.2.29
- Service for init scripts: Checking working network with
  "/"/ before starting the AY init scripts
- 4.2.28
- Fixed user-visible messages (bsc#1084015)
- 4.2.27
- Fix cloning patterns (regression from 4.2.22)
  (bsc#1159269, bsc#1159472)
- 4.2.26
- Fixed conflicting items in rule dialogs (bsc#1123091).
- Semi-automatic with partition: Do not use the common AY partition
  workflow (bsc#1134501).
- Do not reset Base-Product while registration. Do not call
  registration in the second installation stage again.
- Fix profile validation for scripts elements (bsc#1156905).
- UI: Report XML parsing errors instead of just crashing
- 4.2.25
- Allow to run autoupgrade on registered system with almost empty
  profile (jsc#SLE-7101)
- 4.2.24
- Improve message when registration missing for autoupgrade with
  online medium (jsc#SLE-7101)
- 4.2.23
- Using Y2Packager::Resolvable.any? and Y2Packager::Resolvable.find
  in order to decrease the required memory (bsc#1132650, bsc#1140037).
- 4.2.22
- Do not override all storage proposal settings when importing
  values from the profile (boo#1156539).
- 4.2.21
- Handle renamed add-ons during auto upgrade (part of jsc#SLE-7101)
- 4.2.20
- report wrong type of param-list instead of crash (bsc#1143260)
- 4.2.19
- Fix autoinstallation on online medium (bsc#1156058)
- 4.2.18
- Update schema to support setting the encryption method through
  the 'crypt_method' (related to jsc#SLE-7376).
- 4.2.17
- AutoYaST support for the Full installation medium
- 4.2.16
- fix auto-adding required packages for autoyast sections (bsc#1153746)
- don't run kdump autoyast config in 2nd stage
- 4.2.15
- bnc#1154855 - During firstboot ayast_setup will not be executed.
- 4.2.14
- Do not crash when using the online medium without the
  registration section in the AY XML profile, display an error
  message with some hints (bsc#1154988)
- 4.2.13
- AutoYaST support for the OnlineOnly installation medium
- 4.2.12
- Do not run the registration step again in the installed system
  (in the 2nd stage after reboot) (bsc#1153293)
- 4.2.11
- Fix dependency for autoyast2-installation (bsc#1131235)
- 4.2.10
- Move kdump import before software import to allow kdump to
  specify packages it needs in first stage (bsc#1149208)
- 4.2.9
- Set X-SuSE-YaST-AutoInstResource in desktop file (bsc#144894).
- 4.2.8
- Add missing 'uuid' element to the partition sections
- 4.2.7
- Fixed downloading of AutoYaST configuration file with "/relurl"/
- 4.2.6
- Use modern tar syntax
- Require fillup because it's executed in %post
- Fixed an Internal Error when AutoYaST is importing users and
  groups configuration (bsc#1140339).
- 4.2.5
- Fixed new desktop file name (bsc#1138144).
- 4.2.4
- Always perform a storage re-probe after executing pre-scripts.
- Related to bsc#1133045
- 4.2.3
- Add multi-device Btrfs related elements to the partitioning
  schema (part of jsc#SLE-3877).
- 4.2.2
- Add metainfo (fate#319035)
- Revamp spec
- Replace GenericName with Comment
- 4.2.1
- Uninstall the "/SUSE-Manager-Proxy"/ product when upgrading from
  SLES12 + SUMA Proxy + SUMA Branch Server (bsc#1133215)
- 4.2.0
- Removed check for available devices. When there are no devices,
  the proposal issues will be shown (needed for bsc#1130256).
- 4.1.5
- Postpone disabling local repositories if the second stage is
  required (bsc#1127818).
- 4.1.4
- Add Bcache related elements to the partitioning schema
- 4.1.3
- Avoid to crash when the profile has a not valid sofware section
- 4.1.2
- Reading IPv6 setting in order to initialize it correctly.
- 4.1.1
- Fixed conflicting items in rule dialogs (bsc#1123091).
- 4.1.0
- Provide icon with module (boo#1109310)
- 4.0.70
- Function SelectProduct removed in order NOT to select All
  available products (bsc#1116332).
- 4.0.69
- Fallback to English when using fbiterm on those languages
  which are not properly supported (fate#325746).
- 4.0.68
- Removed unneeded flag network_needed in script section.
- 4.0.67
- Writing security settings in first AY installation stage.
  So other modules (e.g. users) can rely on these settings now.
- 4.0.66
- Saving y2logs after the installation has been finished.
- 4.0.65
- Adapt schema to support the new way of defining a software
  RAID (fate#326573).
- 4.0.64
- Added license file to spec.
- AutoInstallRules:  Do a cleanup of the profile being merged with
- 4.0.63
- AutoYaST configuration module: Enable edit action for firewall
  module (fate#324662).
- 4.0.62
- AutoInstallRules: Fixed crash while merging profiles.
- 4.0.61
- AutoInstallRules: increased default maxdepth for not crashing
  with a big software package list (bsc#1104655)
- 4.0.60
- Switched license in spec file from SPDX2 to SPDX3 format.
- Installation/Update: Do not call registration if module
  yast2-registraion is not available in inst-sys (bsc#1098794).
- 4.0.59
- AY configuration module: Report XML errors while reading an
  AY configuration file (bsc#1098794)
- 4.0.58
- Added additional searchkeys to desktop file (fate#321043).
- 4.0.57
- Showing AutoYaST configuration file errors onetime only.
  (needed for bnc#1095113)
- 4.0.56
- Partition configuration: Do not ask for saving values if they have
  not been changed at all. (bnc#1082556)
- 4.0.55
- Using new libstorage-ng in order to handle "/label"/ tag in URL.
  E.G.: autoyast=label://my_home//autoinst.xml (bnc#1094533)
- 4.0.54
- Handle DASD or zFCP devices even when the profile is not in a
  remote location (bsc#1089554).
- 4.0.53
- Allow 'subvolumes' and 'subvolumes_prefix' elements to be empty
  (bsc#1076337, bsc#1090095 and bsc#1091669).
- Drop 'btrfs_set_default_subvolume_name' element.
- 4.0.52
- Added general API for reporting errors while parsing the AutoYaST
  configuration file (part of bnc#1089855).
- 4.0.51
- Display an error and abort the installation when no storage
  devices are available for installation (bsc#1091033).
- 4.0.50
- AutoYaST: properly handle empty proposals (bsc#1090390).
- 4.0.49
- Probe storage devices again after initializing DASD or zFCP
  devices (bsc#1089326 and bsc#1089554).
- 4.0.48
- Install the module products also in AutoYaST autoupgrade
  (related to bsc#1086818 and bsc#1087206)
- 4.0.47
- Honor partitioning settings from product (bsc#1085755).
- 4.0.46
- Fix tests to use correct storage instance (part of fate#318196).
- 4.0.45
- Properly abort when probing devices fails (part of bsc#1083672).
- 4.0.44
- Do not export an <id/> element in the partitioning section
- Add-On-Products: Handling error popup for wrong settings.
- 4.0.43
- Permitted the use of 'listentry' element in all the software
  AutoYaST schema list entries (bsc#1013047)
- 4.0.42
- Added more entries to be used instead of the listentry tag when
  cloning the system (bsc#1013047)
- 4.0.41
- Improved error message if the base product cannot be found.
  (follow up of bnc#1084820)
- 4.0.40
- Reuse encrypted devices when required (bsc#1085439).
- 4.0.39
- Fixed cloning of the base product name (bsc#1084259)
- 4.0.38
- Fix in showing/accepting base licenses: Using
  inst_product_license module instead of
  ProductLicense.AskLicenseAgreement (bnc#1073324)
- 4.0.37
- adapted to new activate callbacks in libstorage-ng (see
- 4.0.36
- Add missing textdomains to create proper potfiles (bsc#1083015)
- 4.0.35
- Manage errors during hardware activation in the same way than
  normal installation - asking the user and trying to continue if
  the question times out (related to bsc#1079061).
- 4.0.34
- Upgrade: Speedup PKG call (bnc#1074082)
- 4.0.33
- Remove calls to the old yast2-storage layer (bsc#1071978)
- Fix AutoYaST UI to to show partitions properly
- 4.0.32
- fate#319119
  - yast2-ca-management is dropped
- 4.0.31
- fate#323373
  - Xinetd and yast2-inetd are not supported. Marking respective
    autoyast section as obsolete.
- 4.0.30
- fate#323460
  - support for disabling edit action per module. Currently used
    mainly by the new firewall module
- 4.0.29
- Report packages which cannot be select for installation
  (except those packages not included in the AutoYaST profile)
- 4.0.28
- Speed optimization for the previous fix, the "/clone_system"/
  client spent several minutes processing the packages
  (related to bsc#1077882)
- 4.0.27
- Avoid using Pkg.ResolvableProperties("/"/, :package, "/"/) calls
  which require too much memory (bsc#1077882)
- 4.0.26
- Reporting packages which cannot be selected for installation.
- 4.0.25
- Selecting evaluated/given product for installation.
- 4.0.24
- Display more details when the package solver fails
- Using ProductFeatures.SetSection instead of
  ProductFeatures.SetOverlay in order to set product features.
  This is a follow up of bsc#1070726.
- 4.0.23
- adapt to yast2 changes in overlays (related to bsc#1070726)
- 4.0.22
- Upgrade: Adapting to new product handling.
- 4.0.21
- Fixed merging issues due to bnc#1075182 and bsc#1075334.
- 4.0.20
- Merging products before package evaluation starts.
- 4.0.19
- Fix initialization to copy the profile to /tmp/profile again
- 4.0.18
- always upgrade system via equivalent of 'zypper dup', removing
  respective control from the profile (bsc#1071708)
- 4.0.17
- AutoYaST: fix btrfs_set_default_subvolume_name handling
- 4.0.16
- Warn the user if the infrastructure is not available for running
  the second stage (bnc#1061754)
- 4.0.15
- Reinitialize the storage manager when the profile is modified
  by a pre-script (bsc#1071739)
- 4.0.14
- adapt to new schema of ntp-client (FATE#323432)
- 4.0.13
- Drop using ntpdate and instead use NtpClient module for one time
  sync (FATE#323432)
- 4.0.12
- Do not ignore start_multipath setting (bsc#1070343).
- 4.0.11
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468).
- 4.0.10
- Added subvolumes_prefix to schema definition file.
- Exporting base products in list format. (fate323450)
- 4.0.9
- Bring back handling of device=ask (bsc#1069965)
- Use a 1-based index when showing partitioning issues
- 4.0.8
- Cleanup spec file.
- Code cleanup (removing old libstorage code).
- Adapting rules to storage-ng.
- partition_alignment removed because it is not needed
  anymore by storage-ng.
- 4.0.7
- Add storage data to ayast_probe client (bsc#1065668)
- Handle storage proposal exceptions in a proper way
- 4.0.6
- When reporting issues with the partition plan, add in which
  section of the profile were they found (related to bsc#1060637).
- 4.0.5
- Do not mangle partitioning information coming from
  yast2-storage-ng when cloning a system (related to bsc#1064875).
- 4.0.4
- Add basic support for error handling when creating the
  partition plan (fate#318196).
- 4.0.3
- Add missing require of Y2Package::Product class (bsc#1064396)
- fate#323450
  - implemented product selection
- 4.0.2
- Removed the remains of Kickstart import (bsc#1061620).
- 4.0.1
- AutoinstConfig: added network_before_proposal flag that will be
  enable if the network is configured during the first stage.
- 4.0.0
- ayast_setup: Restarting autoyast-initscripts.service in order
  to run init-scripts too. (bnc#1057597)
- 3.3.9
- Rename "/y2storage_probed"/ to "/probed"/. (bnc#1056656)
- 3.3.8
- fate323450
  - export product name when cloning a profile
- 3.3.7
- Handle packages that are missing a PGP signature although
  digests are valid (bsc#1054969)
- 3.3.6
- AY runs in installed system: Writing init scripts again
  to /var/adm/autoinstall/init.d in order to initilaize init
  scripts correctly. This is needed for AY runs which do not
  have an first installation stage (e.g. AY run in KIWI,
  ayast_setup). (bnc#1052145)
- 3.3.5
- Merged storage-ng branch (fate#318196).
- Note: all changes below with this date belong to the merge.
- 3.3.4
- storage-ng: refac class StorageProposal and create a new guided
  proposal by changing settings if it is necessary.
- Use the new storage-ng layer to export the current system to the
  corresponding <partitioning> section of the AutoYaST profile
- Add basic support for customized partitioning using the new
  storage-ng layer. Currently, only plain partitions are supported
- Allow overriding of product's storage partitioning options
- storage-ng: commented several Yast.import for the old storage
  lib. Affected modules not adapted to storage-ng so far.
- storage-ng: Enable storage-ng proposal for AutoYaST installation.
- storage-ng: fix AutoInstallRules to not use old storage lib.
  Tests are commented. Removed dependency from (old) yast2-storage,
  even if it breaks some functionality.
- Removed yast2-update as build dependency and added before
  version (2.18.3) as install dependency. It is only needed for
- Classes/rules will be ignored: Due to self-update, the evaluation
  of classes/rules will be called twice. So we have to initialize
  the stack for each run again. (bnc#1051483)
- 3.3.3
- Saving ask-scripts and corresponding log files
  to /var/adm/autoinstall. (bnc#1049473)
- 3.3.2
- Crash while writing settings via the menue "/File/Apply Profile
  to this System"/ in AutoYaST configuration module:
  As we are switching to "/autoinstallation"/ mode and accessing to
  the target system we have to set StorageDevices flag disks_valid
  to true.  So InitLibstorage can scan valid target disks.
- 3.3.1
- AutoYaST configuration module; Crash while writing settings to
  the system:
  As we are switching to "/normal"/ mode and accessing to the target
  system we have to set StorageDevices flag disks_valid to true.
  So InitLibstorage can scan valid target disks. (bnc#1046738)
- 3.3.0
- Report shrinked partitions if there is not enough space.
- 3.2.16
- clone system: Checking if snapshots have been enabled.
- 3.2.15
- Moved configuration management before software selection in
  order to select packages which are needed for CM. (FATE#319830)
- 3.2.14
- Fix subvolumes schema definition (bsc#1013047)
- 3.2.13
- bnc#1026027
  - removed dependency on insserv
- 3.2.12
- Added configuration-management to first installation step.
- 3.2.11
- Update: Product selection will be done by Packages.SelectProduct
  now (bnc#1014861).
- 3.2.10
- Moved services-manager to first installation stage (FATE#321738).
- 3.2.9
- Add an option to disable the self-update feature through the
  AutoYaST profile (FATE#319716)
- 3.2.8
- Cloning Software: install_recommended can be set by the
  control.xml file (clone_install_recommended_default)
  Default is true. (Fate#321764)
- 3.2.7
- Fixed tests to pass with the latest yast2-core and
  yast2-ruby-bindings packages (related to the bsc#932331 fix)
- 3.2.6
- Moved post-scripts download from second-stage to first-stage.
- 3.2.5
- If Btrfs subvolumes are not specified, the default set
  is created (bsc#1012328)
- Fix building on s390x (bsc#1011489)
- 3.2.4
- Do not crash when services manager configuration is missing
  (related to bsc#887115)
- 3.2.3
- Hiding a module in its .desktop file (Hidden=true) won't prevent
  it from being cloned anymore (bsc#1008301)
- Add support to specify resource aliases using the key
  X-SuSE-YaST-AutoInstResourceAliases in desktop files (related
  to bsc#887115)
- 3.2.2
- Do not check certificate for images which have been created by
  the user/customer. Found while testing bnc#1009023.
- 3.2.1
- Add support to enable copy-on-write for Btrfs subvolumes
- Add support to omit the Btrfs default subvolume name
- 3.2.0
- Adding missed desktop file for "/clone_system"/ in order to show
  it in the control center and command line calls.
- 3.1.152
- Adding an missing PREP partition for PPC, BUT not for
  Power8 system (powerNV). PowerNV do not have PREP partitions
  and do not need any because they do not call grub2-install
- 3.1.151
- Fix IP detection in AutoYaST installation rules
  in order to find the correct profile when "/ip route"/
  mentions "/metric"/ (bnc#997548).
- 3.1.150
- Profile Location: Use Report instead of Popup to not block
  AutoYast if not configured to. (bnc#988949)
- 3.1.149
- Fixed: Setting timeout for error popups has not been possible.
- 3.1.148
- Improved logging for broken script descriptions.
  Still a part of bnc#986049.
- 3.1.147
- Cloning devices: Devices which are not needed for the
  installation will be ignored explicitly in the "/skip_list"/.
- 3.1.146
- Added "/confirm_base_product_license"/ to rnc file.
- 3.1.145
- Reintroduced autoyast=usb as a valid URL to AutoYaST profile
- 3.1.144
- Added missed flag "/install_recommended"/ in software section.
- 3.1.143
- Added new [Stop] button for <ask> dialogs with timeout. The
  button shows the current time in seconds till the automatic
  timeout (bsc#990114).
- More possible user actions can now stop the execution to prevent
  from timeout (bsc#990114).
- 3.1.142
- Check if AutoYaST "/script"/ elements are hashes.
  Other entries will be ignored. (bnc#986049)
- 3.1.141
- Exporting NFS root partition correctly. (bnc#986124)
- 3.1.140
- Moved ssh_import AutoYaST schema file to yast2-installation
  This is a part of Fate#319624.
- 3.1.139
- Adapt docu to new AutoYaST developer docu.
- 3.1.138
- The entry "/kexec_reboot"/ in the Product description can be set
  by the AutoYaST configuration setting (general/forceboot) and should
  not be reset by any other Product description file.
  Fix: Set it again after reading a new Product description.
- 3.1.137
- While AutoYaST installation the user can change the path of the
  AutoYaST configuration file. Fix: This path will be updated in
  /etc/install.inf too.
- 3.1.136
- System shutdown: Removed "/autoyast"/ service shutdown.
  It does not exist anymore. (bnc#986798)
- 3.1.135
- Speed up installation (bnc#986649)
- 3.1.134
- Consider AutoYaST keep_install_network as set to 'true'
  if it's not specified (bsc#984146)
- Restore the keep_install_network default behavior present
  in SLE 12 SP1 and openSUSE Leap 42.1
- 3.1.133
- Fixing typo while reporting not supported modules.
  (part of bnc#955878)
- 3.1.132
- Rename schema definition regarding SSH keys/configuration
  so yast2-schema can find it correctly (fate#319624)
- 3.1.131
- Fix AutoYaST2 schema regarding SSH keys/configuration import
  feature (fate#319624)
- Stop generating autodocs (fate#320356)
- 3.1.130
- AutoYaST support for ssh_import module.
- 3.1.129
- Unsupported sections will be now reported in first installation
  stage. Reducing log level to warning.
  (Additional patch for bnc#955878)
- 3.1.128
- Resetting package selection of previous runs. This is needed
  because it could be that additional repositories are available
  meanwhile. (bnc#979691)
- 3.1.127
- Media-based AutoUpgrade case for feature: No Recommends in
  * -release RPMs (FATE#320199)
- 3.1.126
- Upgrade: Removed obsolete bootloader stuff.
- 3.1.125
- Removed obsolete bootloader stuff.
  (related to FATE#317701)
- 3.1.124
- Updated schema - added optional URL for the installer
  self update repository ("/general"/ -> "/self_update_url"/ node)
- 3.1.123
- Remove unused import of dropped BootCommon package.
  (related to FATE#317701)
- 3.1.122
- Removed calls of dropped LanUdevAuto module (yast2-network)
  (bnc#955217, bnc#956605)
- 3.1.121
- Moved call "/uptime"/ to yast2 package. Cleanup for bnc#956730.
- 3.1.120
- Evaluate the correct domain, network, product and product version
  when applying rules (bnc#963137).
- 3.1.119
- Check uptime instead of system time while waiting for systemd
  services to be restarted (bsc#956730)
- 3.1.118
- Fixed crash if the general/mode section has not been defined.
- 3.1.117
- As network configuration will be moved to first installation
  stage and wickedd should not be restarted in the second stage,
  all wickedd and network services will not be restarted at all
  by AutoYaST.
  (bnc#944349,  bnc#955260)
- 3.1.116
- Moved the body of AutoinstallIoInclude#Get to yast2-update
- 3.1.115
- Confirming base product license. This can be defined by the flag
  <confirm_base_product_license> in the general/mode section.
  Confirming licenses of add-on products can be defined for each
  product by the flag <confirm_license> in the add-on product
- 3.1.114
- "/haspcmcia"/ method is removed from the AutoInstallRules API
- LVM: taking care about "/auto"/ option --> switching to "/max"/.
- 3.1.113
- Fixed rules.xml : OR operator is interpreted as AND.
- 3.1.112
- Fix wrong warning message about the 'init' section
  not being processed (bsc#962526)
- Installation with "/autoyast=default"/. Fixed nil exception error.
- 3.1.111
- Fixed init scripts which have been defined inside an
  AutoYaST configuration file. (bnc#961320)
- 3.1.110
- Fix validation of AutoYaST profiles (bsc#954412)
- 3.1.109
- Downloading init scripts to /mnt during first installation stage.
- 3.1.108
- Network services can be restarted again, because they do not
  depend on YaST2-Second-Stage.service anymore. (bnc#954908)
- 3.1.107
- Added "/cobbler"/ to the obsolete profile section.
  Defined in SUSE Manager but will not be used anymore. (bnc#955878)
- 3.1.106
- Do not restart NetworkManager* services while restarting all
  services in the second installation stage. (bnc#955260)
- 3.1.105
- Export the already saved software selection when present,
  fixes exporting wrong package selection caused by deployment of
  the installation images (bsc#956325, bsc#910728)
- Evaluating needed YAST packages which are defined in the
  AutoYaST configuration file and selecting these packages for
  installation. (bnc#955657)
- 3.1.104
- Updating AutoYaST documentation
- 3.1.103
- Installation workflow: Using ntpdate instead of sntp for time
  syncing (bnc#953781)
- 3.1.102
- Add dependency on yast2-pkg-bindings 3.1.31 (or newer)
- 3.1.101
- Ingore restarting of all wickedd* services while finishing the
  second installation stage. (bnc#944349)
- 3.1.100
- Cloning system while an installation without AutoYaST: Do not
  blame if packages are not available anymore because the
  medium has already been unmounted (e.g. USB device)
- 3.1.99
- Using "/backup"/ or "/partitioning_advanced"/ sections in the profile
  does not produce an error message anymore (bsc#950294)
- 3.1.98
- Move lib/ directory to autoyast2-installation package
- 3.1.97
- Handle pkgGpgCheck callback introduced in libzypp 14.39.0
- 3.1.96
- Enabled translation of some buttons (bsc#948834)
- 3.1.95
- Writing network settings in first installation stage if the
  second installation stage has been disabled ("/second_stage"/)
  in the general/mode section but a "/networking"/ section has
  also been defined. (bnc#944942)
- 3.1.94
- Fix premature loading of AutoInstall which prevented running
  configuration clients during 2nd stage (bsc#944770)
- 3.1.93
- Move users creation to the first stage, so it is not needed
  to run the 2nd stage to have a minimal system.
- Do no add AutoYaST packages if the second stage won't be
- Fixes bnc#892091
- 3.1.92
- Do not restart dbus service after installation. Otherwise some
  other services will hang. (bnc#937900)
- 3.1.91
- S390: handling cio_ignore
  Entry <general><cio_ignore> in order to set it
  (values: true/false). If it is not set cio_ignore is true.
  So it is backward compatible. (bnc#941406)
- 3.1.90
- Fixed typo in partitioning section
- 3.1.89
- Writing init scipts to installed system in the first installation
  stage now. The init scrpits will be called while starting
  the autoyast-initscripts service. So, these scripts will be called
  while a system upgrade too. (bnc#940823)
- 3.1.88
- <software><post-packages>: Must not reinstall already installed
  packages. (fate#319086)
- 3.1.87
- Fixed a syntax error in the schema definition (bsc#938459)
- 3.1.86
- Syncing hardware time before starting installation via ntp.
  This is configurable via the flag
  <general><mode><ntp_sync_time_before_installation> with which
  the name of the ntp server will be defined. If it is not set
  no synchronisation will be done. So it is backward compatible.
- 3.1.85
- Added "/upgrade"/ section to generic list. (bnc#935915)
- 3.1.84
- implemented activation of snapper for btrfs on LVM (bsc#935858)
- 3.1.83
- Enabled snapshots creation after auto-installation/upgrade
- 3.1.82
- Regarding some corner cases of bsc#925381.
  - - Checking for availability of clients/<module>_auto module before
    reporting an error.
  - - Checking if a module supports more than one autoyast configuration
- 3.1.81
- Don't try to format PReP partitions (bsc#927748)
- fixed size parameter "/auto"/ for PReP partitions (bsc#928768)
- 3.1.80
- Added new section "/restricts"/ for ntp configuration
- 3.1.79
- Added 'bootloader' and 'report' into list of supported profile
  sections (bsc#925381)
- 3.1.78
- Added libxslt into BuildRequires - needed for running test-cases
- 3.1.77
- Reporting unknown and unsupported profile sections (bnc#925381)
- 3.1.76
- Evaluate the correct host IP in order to read the proper
  autoyast.xml file (bnc#928303, bnc#908356, bnc#916628)
- 3.1.75
- New autoinst flag in general/mode section:
  The default target of systemd will be activated in the second
  stage of autoyast installation.
  The default is "/true"/ which is a backward compatible value.
- 3.1.74
- Avoid ayast_probe module crashing when called from an installed
- 3.1.73
- New autoinst flag in general/mode section: final_restart_services.
  Restarting all services after finishing the installation.
  The default is "/true"/ which is a backward compatible value.
- load release notes of extensions also during AutoYaST
- Clone_system in autoyast2-installation should call some modules
  (e.g. storage, software) which are defined in autoyast2 package.
  So if needed the user has to install autoyast2 package at first.
- Checking if the disk is -partitionable- instead of checking if it
  is a real disk. Needed for Multipath disks. (bnc#909349)
- autoyast=file:///<autoinst.xml> : Mount the installation source
  in order to copy AutoYaST configuration file into inst_sys.
- Selecting needed yast packages for the second stage correctly.
- 3.1.72
- Setting normal mode while applying single module settings to
  system. (bnc#909223)
- 3.1.71
- Removed code which will be already done by service_manager.
- remove X-KDE-Library from desktop file (bnc#899104)
- AutoYaST configuration module: Reset menu bar after calling
  single YAST configuration module.
- 3.1.69
- Fixed too small dialog for autoyast profile location.
- 3.1.68
- Fixed UI in partition configuration.
  (bnc#901904; bnc#901739)
- 3.1.67
- Fixed "/No base product found"/ error when evaluating
  rules/rules.xml file (bnc#900750)
- 3.1.66
- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
  HUP event in client_work (boo#1184521 CVE-2021-3468).
- Update from Debian. Our previous
  version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
  when invoking (boo#1180827
- Add sudo to requires: used to drop privileges.
- When changing ownership of /var/lib/autoipd, only change
  ownership of files owned by avahi, to mitigate against
  possible exploits (bsc#1154063).
- Drop avahi-daemon-increase-rlimit.patch: rlimits are no longer
  set by default.
- Replace avahi-0.7-python3.patch with avahi-0.7-dbm.patch: use
  what is upstream (boo#1110668).
- Add avahi-0.7-encode-strings-as-utf8.patch: encode strings as
  UTF-8 (boo#1110668).
- Add avahi-0.7-python3-bookmarks.patch: make bookmarks python 3
  compatible (boo#1110668).
- Add CVE-2018-1000845.patch: drop legacy unicast queries from
  address not on local link (boo#1120281 CVE-2018-1000845).
- Drop avahi-0.6.31-invalid-packet.patch: fixed upstream.
- Add avahi-daemon-increase-rlimit.patch: increase rlimit as a
  conservative way to handle certain crashes referring to upstream
  commit 71ace71 (bsc#1085255).
- Drop the qt3 parts
- Add avahi-0.7-python3.patch: Port to python 3 (bsc#1076402).
- Build python bindings against python 3, rather than python 2;
- Python-avahi is now python3-avahi, and python-avahi-gtk is now
- Obsolete the python 2 packages
- Replace python_sitelib with python3_sitelib in %files, and add
- Rename %*soname to %*sover to better reflect its use.
- Modernize spec file by calling spec-cleaner
- Use SPDX3.0 license tags and package COPYING as %license.
- Update to version 0.7:
  + The Avahi 0.7 release brings two new features, binary TXT
    records in XML service files and the ability to start the
    gobject client in a custom context.
  + New Features:
  - Add support for binary values in TXT records in XML service
    files by specifying
    value-format="/text|binary-hex|binary-base64"/. If not
    specified, defaults to the normal value of "/text"/ (thus
    backwards compatible).
  - avahi-gobject: Allow starting the client in a custom
    GMainContext by passing context to ga_client_start_in_context
    instead of ga_client_start (avahi-gobject minor version has
    been incremented).
  + Notable Changes:
  - avahi-daemon: Remove all default rlimits from
    avahi-daemon.conf, as two main problems happened with firstly
    rlimit-nproc causing avahi to fail when started in a
    container without user namespaces and secondly because memory
    rlimits were causing avahi to crash in some cases. Leave it
    up to the init system to impose any modified limits instead.
    It is recommend to ship this change in distribution default
    config files.
  - avahi-common: Fix watch cleanup issue in watch_free
  - avahi-discover (python): Updated for Python3 & GTK3
  - avahi-autoipd:
    . Clear previously set address before binding a new one.
    . Fix dhclient hooks to check for avahi-autoipd before
  - build: Move default rundir from /var/run to /run as per
    modern system setups.
  + Other Changes:
  - build:
    . Fix the printed value of "/Building libavahi-client"/ in
    . improved to work when called from another
    . Fix warnings when compiling against musl libc.
  - avahi-compat-libdns_sd: Fix incorrect URL in warnings.
  - service-type-database: Add new service Types: _ipps._tcp,
  - avahi-dnsconfd: Update manpage with the correct action script
  - avahi-gobject:
    . Use the correct shared library name in AvahiCore-0.6.gir
    . Fix build failing under some locales.
  - avahi-common/dbus-watch-glue.c: remove Unneeded semicolon.
  - Update gentoo init scripts for newer openrc version.
  + Updated translations.
- Drop avahi-empty-share-dir.patch, avahi-gir-fixup.patch,
  avahi-move-everything-to-run.patch and avahi-outdated-URL.patch:
  Fixed upstream.
- Drop systemd_requires macro: on a machine managed by systemd, we
  don't have to require it. If the machine/container is not managed
  by systemd, we don't want to require it.
- Add pkgconfig(pygobject-3.0) BuildRequires: New dependency.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Do not suppress errors from avahi-autoipd user creation, but do
  suppress getent output.
- Replace $RPM_* shell vars by macros.
- Modify user generation (boo#1010384):
  + Use getent to check for existing users/groups, only creating
    them if not found.
  + Do not hide output of groupadd/useradd.
  + Do not mask failures: if a user can't be added, we have a
- Drop %insserv_cleanup scriptlets: it's been a while that avahi
  did not install any sysV init scripts anymore.
- Simplify OBS is well able to handle macros
  in package names by now.
- Drop conditions to only handle systemd services on openSUSE >
  12.1; it's been long that we did not ship the sysv scripts
  anymore and openSUSE 12.1 is long EOL.
- Replace avahi-0.6.31-systemd-order.patch with
  avahi-0.6.32-suppress-resolv-conf-warning.patch: only warn
  on missing resolv.conf if the options that use it are enabled.
- Update to version 0.6.32:
  + Don't log warnings about invalid packets, commonly triggered by
    Windows 10 systems.
  + Fix issue with bad packet size estimation, causing probes to
    continuously be sent when hosting large numbers of services.
  + Fix build on Solaris/SmartOS (filio.h issue).
  + Fix build on FreeBSD (PCAP_D_IN issue).
  + Fix debug output with libdaemon >= 0.14.
  + avahi_server_set_browse_domains now correctly uses the provided
    list, instead of re-using the list from the configuration file.
  + Set nl_pid to 0, this will automatically assign the value and
    prevent conflicts per netlink(7). (Bug #334).
  + Check for netlink pid=0 (kernel) instead of uid=0, which works
    correctly with network & user namespaces.
  + Fix reversed IFA_LOCAL and IFA_ADDRESS checks (Avahi#355).
  + Don't fail the build on deprecated GTK/GLIB usage.
  + Gracefully fail if SO_REUSEPORT is not available.
  + Minor Python 3 update for the python ServiceTypeDatabase test
    usage of print, should be backwards compatible.
  + avahi-autoipd: Fix incorrect usage of IFLA_RTA instead of
    IFA_RTA which could crash on ARM (Closes: gh#lathiat/avahi#42).
- Drop upstream fixed patches:
  + avahi-unicastdomains.patch
  + avahi-gtk_box_new.patch
  + avahi-fix-mkdir.diff
  + avahi-enable-ipv6.patch
  + avahi-reserve-space-for-record-data-when-size-e.patch
- Rebase avahi-0.6.31-invalid-packet.patch.
- Add avahi-0.6.31-systemd-order.patch: start after NM/wicked, to
  ensure resolv.conf is present (bsc#982317, gh#lathiat/avahi#59).
- Update to GNOME 3.20.2 (Fate#318572)
- Added License field in spec file.
- Update to GNOME 3.20  Fate#318572
- No longer install sysv services: the systemd services have been
  installed for a long time already and are masking the sysv
  scripts; those scripts existance only add confusion (boo#959908).
- Temp disable 2 old Conflicts that are breaking staging. These can
  back in once there is a new release of avahi.
- Add avahi-0.6.31-invalid-packet.patch: do not spam logs for
  invalid packets (boo#947140 bsc#948277).
- Sync up the multiple .spec files.
- Add avahi-outdated-URL.patch: Do not redirect users to
  <>, which no
  longer exists, but bring them to the more generic blog entry (boo#914298).
- Add patch bsc1183064.patch
  * Fix bug bsc#1183064: Segfault from reading a history file not
    starting with # with HISTTIMEFORMAT set and history_multiline_entries
    nonzero and with the history cleared and read on the same input line.
- Move /bin/bash to /usr/bin/bash and provide old location as
  symbolic link of new location (jsc#SLE-15652)
- Remove minimal sh build option as not used
- Rework patch readline-7.0-screen.patch again for bug boo#1143055
  * Map all "/screen(-xxx)?.yyy(-zzz)?"/ to "/screen"/ as well as
    map "/konsole(-xxx)?"/ and "/gnome(-xxx)?"/ to "/xterm"/
- Add patch bash-4.4-bgpoverflow.patch which is a backport from bash
  5.0 to perform better with large numbers of sub processes (bsc#1133773)
- Rework patch readline-7.0-screen.patch
- Add bash-memmove.patch to make bash.html build reproducible (boo#1100488)
- Add patch readline-7.0-screen.patch to be able to parse settings
  in inputrc for all screen TERM variables starting with "/screen."/
  to fix boo#1095661
- In patch bash-4.4.dif avoid setgroups(2) but use initgroups(3) (boo#1095670)
- Add patch 20, 21, 22 and 23 to bash-4.4-patches.tar.bz2
  * 20: In circumstances involving long-running scripts that create
    and reap many processes, it is possible for the hash table bash
    uses to store exit statuses from asynchronous processes to
    develop loops. This patch fixes the loop causes and adds code
    to detect any future loops.
  * 21: A SIGINT received inside a SIGINT trap handler can possibly
    cause the shell to loop.
  * 22: There are cases where a failing readline command (e.g.,
    delete-char at the end of a line) can cause a multi-character
    key sequence to `back up' and attempt to re-read some of the
    characters in the sequence.
  * 23: When sourcing a file from an interactive shell, setting the
    SIGINT handler to the default and typing ^C will cause the
    shell to exit.
- remove bash-4.4-wait-sigint-handler.patch (upstreamed)
- Add patch bash-4.4-wait-sigint-handler.patch to fix bug bsc#1086247
  that is repeating self inserting trap due external command in the
- Create readline-devel-static package to re-enable static libraries
  again (boo#1082913)
- Use %license (boo#1082318)
- Add patch 19 to bash-4.4-patches.tar.bz2
  * With certain values for PS1, especially those that wrap onto
    three or more lines, readline will miscalculate the number of
    invisible characters, leading to crashes and core dumps.
- Add patches 13-18 to bash-4.4-patches.tar.bz2
  * 13: If a here-document contains a command substitution, the
    command substitution can get access to the file descriptor used
    to write the here-document.
  * 14: Under some circumstances, functions that return via the
    `return' builtin do not clean up memory they allocated to keep
    track of FIFOs.
  * 15: Process substitution can leak internal quoting to the
    parser in the invoked subshell.
  * 16: Bash can perform trap processing while reading command
    substitution output instead of waiting until the command
  * 17: There is a memory leak when `read -e' is used to read a
    line using readline.
  * 18: Under certain circumstances (e.g., reading from /dev/zero),
    read(2) will not return -1 even when interrupted by a signal.
    The read builtin needs to check for signals in this case.
- partial cleanup with spec-cleaner
- Modify patch bash-4.3-pathtemp.patch to avoid crash at full
  file system (boo#1076909)
- Enable multibyte characters by default
- Modify patch bash-4.4.dif to let bashline.h install as well as
  this header file is included by general.h due to the same patch
- Make build reproducible in spite of profile based optimizations (boo#1040589)
- Allow to disable do_profiling in builds (related to boo#1040589)
- Simplify patch readline-5.2-conf.patch
- Do not throw info and manual pages away
- Remove bash-4.0-async-bnc523667.dif as this one is fixed (and
  was disabled and nobody had reported trouble)
- Add upstream patch readline70-002 which replace old one
  There is a race condition in add_history() that can be triggered by a fatal
  signal arriving between the time the history length is updated and the time
  the history list update is completed. A later attempt to reference an
  invalid history entry can cause a crash.
- Add upstream patch readline70-003
  Readline-7.0 uses pselect(2) to allow readline to handle signals that do not
  interrupt read(2), such as SIGALRM, before reading another character.  The
  signal mask used in the pselect call did not take into account signals the
  calling application blocked before calling readline().
- Add upstream patch bash44-006
  Out-of-range negative offsets to popd can cause the shell to crash
  attempting to free an invalid memory block.
- Remove patch popd-offset-overflow.patch to use bash44-006
- Add upstream patch bash44-007
  When performing filename completion, bash dequotes the directory
  name being completed, which can result in match failures and
  potential unwanted expansion.
- Duplicate bash44-007 as readline70-002 as it seems to be missed
- Add upstream patch bash44-008
  Under certain circumstances, bash will evaluate arithmetic
  expressions as part of reading an expression token even when
  evaluation is suppressed. This happens while evaluating a
  conditional expression and skipping over the failed branch of the
- Add upstream patch bash44-009
  There is a race condition in add_history() that can be triggered
  by a fatal signal arriving between the time the history length
  is updated and the time the history list update is completed.
  A later attempt to reference an invalid history entry can cause
  a crash.
- Add upstream patch bash44-010
  Depending on compiler optimizations and behavior, the `read'
  builtin may not save partial input when a timeout occurs.
- Add upstream patch bash44-011
  Subshells begun to run command and process substitutions may
  attempt to set the terminal's process group to an incorrect
  value if they receive a fatal signal.  This depends on the
  behavior of the process that starts the shell.
- Add upstream patch bash44-012
  When -N is used, the input is not supposed to be split using
  $IFS, but leading and trailing IFS whitespace was still removed.
- Remove -L option on screen call dues API change, now we depend
  on environment variables only.
- Enable -fprofile-correction to cover misleading profile created due
  to terminating_signal which does not return.
-  Add upstream patch popd-offset-overflow.patch to fix boo#1010845
  CVE-2016-9401: bash: popd controlled free (Segmentation fault)
  Remark: this is a simple Segmentation fault, no security risk
- Add upstream patch bash44-001
  Bash-4.4 changed the way the history list is initially allocated to reduce
  the number of reallocations and copies.  Users who set HISTSIZE to a very
  large number to essentially unlimit the size of the history list will get
  memory allocation errors
- Add upstream patch bash44-002
  Bash-4.4 warns when discarding NUL bytes in command substitution output
  instead of silently dropping them.  This patch changes the warnings from
  one per NUL byte encountered to one warning per command substitution.
- Drop no-null-warning.patch as bash44-002 is official replacement
- Add upstream patch bash44-003
  Specially-crafted input, in this case an incomplete pathname expansion
  bracket expression containing an invalid collating symbol, can cause the
  shell to crash.
- Add upstream patch bash44-004
  There is a race condition that can result in bash referencing freed memory
  when freeing data associated with the last process substitution.
- Add upstream patch bash44-005
  Under certain circumstances, a simple command is optimized to eliminate a
  fork, resulting in an EXIT trap not being executed. (boo#1008459)
- Add upstream patch readline70-001
  Readline-7.0 changed the way the history list is initially allocated to reduce
  the number of reallocations and copies.  Users who set the readline
  history-size variable to a very large number to essentially unlimit the size
  of the history list will get memory allocation errors
- no-null-warning.patch: Don't warn about null bytes in command
- Avoid confusing library path
- Update bash 4.4 final
  * Latest bug fixes since 4.4 rc2
- Update readline 7.0 final
  * Latest bug fixes since 7.0 rc2
  * New application-callable function: rl_pending_signal(): returns the signal
    number of any signal readline has caught but not yet handled.
  * New application-settable variable: rl_persistent_signal_handlers: if set
  to a non-zero value, readline will enable the readline-6.2 signal handler
  behavior in callback mode: handlers are installed when
  rl_callback_handler_install is called and removed removed when a complete
  line has been read.
- Drop patch bash-4.3-async-bnc971410.dif as this one is part of 4.4
- Drop patch bash-3.2-longjmp.dif as now long time be fixed
- Drop patch bash-4.3-headers.dif as loadables now simply work
- Drop readline-6.1-wrap.patch as this seems to be fixed
- Disable patch bash-4.0-async-bnc523667.dif for now as it seems to be fixed
  in an other way
- Update bash 4.4 rc2  -- Bugfixes
- Update readline 7.0 rc2 -- Bugfixes
- Make clear that the files /etc/profile as well as /etc/bash.bashrc
  may source other files as well even if the bash does not.
  Therefore modify patch bash-4.1-bash.bashrc.dif (bsc#959755)
- Update bash 4.4 beta 2
  * Value conversions (arithmetic expansions, case modification, etc.) now
    happen when assigning elements of an array using compound assignment.
  * There is a new option settable in config-top.h that makes multiple
    directory arguments to `cd' a fatal error.
  * Bash now uses mktemp() when creating internal temporary files; it produces
    a warning at build time on many Linux systems.
- Update to readline library 7.0 beta 2 (not enabled as not standalone)
  * The default binding for ^W in vi mode now uses word boundaries specified
    by Posix (vi-unix-word-rubout is bindable command name).
  * rl_clear_visible_line: new application-callable function; clears all
    screen lines occupied by the current visible readline line.
  * rl_tty_set_echoing: application-callable function that controls whether
    or not readline thinks it is echoing terminal output.
  * Handle >| and strings of digits preceding and following redirection
    specifications as single tokens when tokenizing the line for history
  * Fixed a bug with displaying completions when the prefix display length
    is greater than the length of the completions to be displayed.
  * The :p history modifier now applies to the entire line, so any expansion
    specifying :p causes the line to be printed instead of expanded.
- Update bash 4.4 release candidate 1
  * There is now a settable configuration #define that will cause the shell
    to exit if the shell is running setuid without the -p option and setuid
    to the real uid fails.
  * Command and process substitutions now turn off the `-v' option when
    executing, as other shells seem to do.
  * The default value for the `checkhash' shell option may now be set at
    compile time with a #define.
  * The `mapfile' builtin now has a -d option to use an arbitrary character
    as the record delimiter, and a -t option  to strip the delimiter as
    supplied with -d.
  * The maximum number of nested recursive calls to `eval' is now settable in
    config-top.h; the default is no limit.
  * The `-p' option to declare and similar builtins will display attributes for
    named variables even when those variables have not been assigned values
    (which are technically unset).
  * The maximum number of nested recursive calls to `source' is now settable
    in config-top.h; the default is no limit.
  * All builtin commands recognize the `--help' option and print a usage
  * Bash does not allow function names containing `/' and `=' to be exported.
  * The `ulimit' builtin has new -k (kqueues) and -P (pseudoterminals) options.
  * The shell now allows `time ; othercommand' to time null commands.
  * There is a new `--enable-function-import' configuration option to allow
    importing shell functions from the environment; import is enabled by
  * `printf -v var "/"/' will now set `var' to the empty string, as if `var="/"/'
    had been executed.
  * GLOBIGNORE, the pattern substitution word expansion, and programmable
    completion match filtering now honor the value of the `nocasematch' option.
  * There is a new ${parameter@spec} family of operators to transform the
    value of `parameter'.
  * Bash no longer attempts to perform compound assignment if a variable on the
    rhs of an assignment statement argument to `declare' has the form of a
    compound assignment (e.g., w='(word)' ; declare foo=$w); compound
    assignments are accepted if the variable was already declared as an array,
    but with a warning.
  * The declare builtin no longer displays array variables using the compound
    assignment syntax with quotes; that will generate warnings when re-used as
    input, and isn't necessary.
  * Executing the rhs of && and || will no longer cause the shell to fork if
    it's not necessary.
  * The `local' builtin takes a new argument: `-', which will cause it to save
    and the single-letter shell options and restore their previous values at
    function return.
  * `complete' and `compgen' have a new `-o nosort' option, which forces
    readline to not sort the completion matches.
  * Bash now allows waiting for the most recent process substitution, since it
    appears as $!.
  * The `unset' builtin now unsets a scalar variable if it is subscripted with
    a `0', analogous to the ${var[0]} expansion.
  * `set -i' is no longer valid, as in other shells.
  * BASH_SUBSHELL is now updated for process substitution and group commands
    in pipelines, and is available with the same value when running any exit
  * Bash now checks $INSIDE_EMACS as well as $EMACS when deciding whether or
    not bash is being run in a GNU Emacs shell window.
  * Bash now treats SIGINT received when running a non-builtin command in a
    loop the way it has traditionally treated running a builtin command:
    running any trap handler and breaking out of the loop.
  * New variable: EXECIGNORE; a colon-separate list of patterns that will
    cause matching filenames to be ignored when searching for commands.
  * Aliases whose value ends in a shell metacharacter now expand in a way to
    allow them to be `pasted' to the next token, which can potentially change
    the meaning of a command (e.g., turning `&' into `&&').
  * `make install' now installs the example loadable builtins and a set of
    bash headers to use when developing new loadable builtins.
  * `enable -f' now attempts to call functions named BUILTIN_builtin_load when
    loading BUILTIN, and BUILTIN_builtin_unload when deleting it.  This allows
    loadable builtins to run initialization and cleanup code.
  * There is a new BASH_LOADABLES_PATH variable containing a list of directories
    where the `enable -f' command looks for shared objects containing loadable
  * The `complete_fullquote' option to `shopt' changes filename completion to
    quote all shell metacharacters in filenames and directory names.
  * The `kill' builtin now has a `-L' option, equivalent to `-l', for
    compatibility with Linux standalone versions of kill.
  * BASH_COMPAT and FUNCNEST can be inherited and set from the shell's initial
  * inherit_errexit: a new `shopt' option that, when set, causes command
    substitutions to inherit the -e option.  By default, those subshells disable
  - e.  It's enabled as part of turning on posix mode.
  * New prompt string: PS0.  Expanded and displayed by interactive shells after
    reading a complete command but before executing it.
  * Interactive shells now behave as if SIGTSTP/SIGTTIN/SIGTTOU are set to SIG_DFL
    when the shell is started, so they are set to SIG_DFL in child processes.
  * Posix-mode shells now allow double quotes to quote the history expansion
  * OLDPWD can be inherited from the environment if it names a directory.
  * Shells running as root no longer inherit PS4 from the environment, closing a
    security hole involving PS4 expansion performing command substitution.
  * If executing an implicit `cd' when the `autocd' option is set, bash will now
    invoke a function named `cd' if one exists before executing the `cd' builtin.
- Update to readline library 7.0 release candidate 1
  * The history truncation code now uses the same error recovery mechansim as
    the history writing code, and restores the old version of the history file
    on error.  The error recovery mechanism handles symlinked history files.
  * There is a new bindable variable, `enable-bracketed-paste', which enables
    support for a terminal's bracketed paste mode.
  * The editing mode indicators can now be strings and are user-settable
    (new `emacs-mode-string', `vi-cmd-mode-string' and `vi-ins-mode-string'
    variables).  Mode strings can contain invisible character sequences.
    Setting mode strings to null strings restores the defaults.
  * Prompt expansion adds the mode string to the last line of a multi-line
    prompt (one with embedded newlines).
  * There is a new bindable variable, `colored-completion-prefix', which, if
    set, causes the common prefix of a set of possible completions to be
    displayed in color.
  * There is a new bindable command `vi-yank-pop', a vi-mode version of emacs-
    mode yank-pop.
  * The redisplay code underwent several efficiency improvements for multibyte
  * The insert-char function attempts to batch-insert all pending typeahead
    that maps to self-insert, as long as it is coming from the terminal.
  * rl_callback_sigcleanup: a new application function that can clean up and
    unset any state set by readline's callback mode.  Intended to be used
    after a signal.
  * If an incremental search string has its last character removed with DEL, the
    resulting empty search string no longer matches the previous line.
  * If readline reads a history file that begins with `#' (or the value of
    the history comment character) and has enabled history timestamps, the history
    entries are assumed to be delimited by timestamps.  This allows multi-line
    history entries.
  * Readline now throws an error if it parses a key binding without a terminating
    `:' or whitespace.
- Remove patches which are upstream solved
- Rename patches
  bash-4.3.dif become bash-4.4.dif
  readline-6.3.dif become readline-7.0.dif
- Refresh other patches as well
- Define the USE_MKTEMP and USE_MKSTEMP cpp macros as the
  implementation is already there.
- Add patch bash-4.3-pathtemp.patch to allow root to clear the
  file systems.  Otherwise the completion does not work if /tmp
  if full (ENOSPC for here documents)
- Remove --hash-size options as there is no any change in the final
  binary nor library anymore
- Add upstream patch bash43-039
  Using the output of `declare -p' when run in a function can result in variables
  that are invisible to `declare -p'.  This problem occurs when an assignment
  builtin such as `declare' receives a quoted compound array assignment as one of
  its arguments.
- Add upstream patch bash43-040
  There is a memory leak that occurs when bash expands an array reference on
  the rhs of an assignment statement.
- Add upstream patch bash43-041
  There are several out-of-bounds read errors that occur when completing command
  lines where assignment statements appear before the command name.  The first
  two appear only when programmable completion is enabled; the last one only
  happens when listing possible completions.
- Add upstream patch bash43-042
  There is a problem when parsing command substitutions containing `case'
  commands within pipelines that causes the parser to not correctly identify
  the end of the command substitution.
- add bash-4.3-perl522.patch to fix texi2html for perl 5.22
  (defined(@array) has been deprecated since at least 2012)
- Add upstream patch bash43-034
  If neither the -f nor -v options is supplied to unset, and a name argument is
  found to be a function and unset, subsequent name arguments are not treated as
  variables before attempting to unset a function by that name.
- Add upstream patch bash43-035
  A locale with a long name can trigger a buffer overflow and core dump.  This
  applies on systems that do not have locale_charset in libc, are not using
  GNU libiconv, and are not using the libintl that ships with bash in lib/intl.
- Add upstream patch bash43-036
  When evaluating and setting integer variables, and the assignment fails to
  create a variable (for example, when performing an operation on an array
  variable with an invalid subscript), bash attempts to dereference a null
  pointer, causing a segmentation violation.
- Add upstream patch bash43-037
  If an associative array uses `@' or `*' as a subscript, `declare -p' produces
  output that cannot be reused as input.
- Add upstream patch bash43-038
  There are a number of instances where `time' is not recognized as a reserved
  word when the shell grammar says it should be.
- move info deletion to %preun sections
- bash-4.3-loadables.dif: One more warning fixed, in
- bash-4.3-loadables.dif: Reverted one warning fix, which was
  introducing another warning and possibly a bug.
- bash-4.3-loadables.dif: Split changes to shell.h to a separate
  patch "/bash-4.3-include-unistd.dif"/, as the loadables build just
  fine without these changes.
- bash-4.3-loadables.dif: Drop all header file inclusion fixups,
  upstream fixed the problem differently 5 years ago.
- Do not restart all signal handlers for bash 4.3 as this breaks
  trap handler in subshells waotiug for a process
- Remove -DMUST_UNBLOCK_CHLD(=1) as this breaks waitchild(2) on linux
- Add upstream patch bash43-031
  The new nameref assignment functionality introduced in bash-4.3 did not perform
  enough validation on the variable value and would create variables with
  invalid names.
- Add upstream patch bash43-032
  When bash is running in Posix mode, it allows signals -- including SIGCHLD --
  to interrupt the `wait' builtin, as Posix requires.  However, the interrupt
  causes bash to not run a SIGCHLD trap for all exited children.  This patch
  fixes the issue and restores the documented behavior in Posix mode.
- Add upstream patch bash43-033
  Bash does not clean up the terminal state in all cases where bash or
  readline  modifies it and bash is subsequently terminated by a fatal signal.
  This happens when the `read' builtin modifies the terminal settings, both
  when readline is active and when it is not.  It occurs most often when a script
  installs a trap that exits on a signal without re-sending the signal to itself.
- Fix the sed command that fixes up the patch headers. It was
  printing a duplicate header line, which suprisingly did not
  confuse patch, but could in the future.
- Fix all patches that had the duplicate header line issue.
- Use tail command to follow run-tests instead of a simpe cat command
- Really remove obsolete patches
- Skip autoconf on OS 10.2 or older
- Avoid fdupes on SLES-10
- Bump bash version to 4.3
- Allow building on targets from SL 10.1 to current since it's free
- fix [bsc#1177579] -- wrong clamping of hexadecimal digits in dc
- deleted patches
  - bc-1.06-dc_ibase.patch (upstreamed)
- Use %license instead of %doc [bsc#1082318]
- Cleanup %doc section
- added patches
  Correct return value after 'q' [bsc#1129038]
  + bc-dc-correct-return-value.patch
- Update to version 1.07.1:
  * Fixed ibase extension causing problems for read()
  * Fixed parallel make problem.
  * Fixed dc "/Q"/ comanmd bug.
- Changes for version 1.07:
  * Added void functions.
  * fixes bug in load_code introduced by mathlib string storage in 1.06.
  * fix to get long options working.
  * signal code clean-up.
  * fixed a bug in the AVL tree routines.
  * fixed math library to work properly when called with ibase not 10.
  * fixed a symbol table bug when using more than 32 names.
  * removed a double free.
  * Added base 17 to 36 for ibase.
  * Fixed some memory leaks.
  * Various small tweaks and doc bug fixes.
- Drop no longer needed patches:
  * bc-1.06.95-memleak.patch
  * bc-1.06.95-matlib.patch
  * bc-1.06.95-sigintmasking.patch
- Refresh bc-1.06-dc_ibase.patch
- Add gpg signature
- Update url
- Correct info files scriplets and dependencies
- Clean up with spec-cleaner
- Add ncurses-devel as it is inherited from readline
- Explicitely pass without-libedit if we decide to switch for
  it at some point
- Add BuildRequires on makeinfo to fix Factory build
- update to upstream alpha 1.06.95 (2006-09-05), in use in other
  major distros for quite a long time (Debian, Fedora, Ubuntu, ...)
- add patches from Fedora
- automake dependency removed
- add automake as buildrequire to avoid implicit dependency
- Fix last change.
- Fix detection of empty opt_expression in the parser.
- BuildIgnore xalan-j2, xml-apis, xml-resolver, xerces-j2, since
  those packages are not necessary for the build.
- Build against the generic xml-apis provider which allows
  building against bootstrap and non-bootstrap packages according
  of their availability.
- Add maven pom file and generate mvn(...) dependencies for this
- Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility
- Allow building with any java-devel provider
- Specify java source and target level 1.6 to fix build with jdk9
- Added patch:
  * bcel-5.2-encoding.patch
    + specify the correct encoding of the files
- Buildignore more java implementations
- Drop gpg-offline
- Drop conditional for manual that is never triggered
- Do not depend on ant-nodeps.
- use pristine tarballs
- fix source url
- add gpg verification
- format spec file
- disable javadoc generation
- Add LICENSE file to packages
- Upgrade to released bea-stax 1.2.0 and bea-stax-api 1.0.1
- Add maven pom files
- Modified patch:
  * bea-stax-target16.patch -> bea-stax-target8.patch
    + Build with source and target 8 to prepare for a possible
    removal of 1.6 compatibility
- Don't require java-1_5_0-gcj-compat and build with source and
  target level 1.6
- Removed patch:
  * bea-stax-target15.patch
- Added patch:
  * bea-stax-target16.patch
  - change the source and target levels and fix a problem with
    the encoding of one file
- Cleanup a bit and remove unused patch bea-stax-gcj43-build.patch
- Move from jpackage-utils to javapackage-tools
- don't build javadoc
- remove xerces-j2-bootstrap depenency (bnc#789163)
- Remove redundant tags/sections from specfile
- build ignore xml-commons-jaxp-1.3-apis
- * A broken inbound incremental zone update (IXFR)
    can cause named to terminate unexpectedly
    [CVE-2021-25214, bind-CVE-2021-25214.patch]
  * An assertion check can fail while answering queries
    for DNAME records that require the DNAME to be processed to resolve
    [CVE-2021-25215, bind-CVE-2021-25215.patch]
  * A second vulnerability in BIND's GSSAPI security
    policy negotiation can be targeted by a buffer overflow attack
    This does not affect this package as the affected code is
- pass PIE compiler and linker flags via environment variables to make
  /usr/bin/delv in bind-tools also position independent (bsc#1183453).
- drop pie_compile.diff: no longer needed, this patch is difficult to
  maintain, the environment variable approach is less error prone.
  [bsc#1183453, bind.spec, pie_compile.diff]
- /var/run is deprecated, replaced by /run
  [bsc#1185073, bind-replace-varrun-with-run.patch,
  bind-chrootenv.conf, vendor-files.tar.bz2]
- Removed baselibs.conf as SLE does not distribute 32 bit libraries.
- Added special make instruction for the "/Administrator Reference
  Manual"/ which is built using python3-Sphinx
  [bsc#1177983, bind.spec]
- Removed "/"/ from named.service as that
  leads to a systemd ordering cycle
  [bsc#1177491, bsc#1178626, bsc#1177991, vendor-files.tar.bz2]
- Add /usr/lib64/named to the files and directories in
  bind-chrootenv.conf. This directory contains plugins loaded
  after the chroot().
- Replaced named's dependency on time-sync with a dependency on time-set
  in named.service. The former leads to a dependency-loop.
- Removed "/dnssec-enable"/ from named.conf as it has been obsoleted.
  Added a comment for reference which should be removed
  in the future.
- Added a comment to the "/dnssec-validation"/ in named.conf
  with a reference to forwarders which do not return signed responses.
- Replaced an INSIST macro which calls abort with a test and a
  diagnostic output.
- Removed "/-r /dev/urandom"/ from all invocations of rndc-confgen
  (init/named system/lwresd.init system/named.init in vendor-files)
  as this option is deprecated and causes rndc-confgen to fail.
  [bsc#1173311, bsc#1176674, bsc#1170713, vendor-files.tar.bz2]
- /usr/bin/genDDNSkey: Removing the use of the -r option in the call
  of /usr/sbin/dnssec-keygen as BIND now uses the random number
  functions provided by the crypto library (i.e., OpenSSL or a
  PKCS#11 provider) as a source of randomness rather than /dev/random.
  Therefore the -r command line option no longer has any effect on
  dnssec-keygen. Leaving the option in genDDNSkey as to not break
  compatibility. Patch provided by Stefan Eisenwiener.
  [bsc#1171313, vendor-files.tar.bz2]
- Put libns into a separate subpackage to avoid file conflicts
  in the libisc subpackage due to different sonums (bsc#1176092).
- Require /sbin/start_daemon: both init scripts, the one used in
  systemd context as well as legacy sysv, make use of start_daemon.
- Upgrade to version 9.16.6
  Fixes five vilnerabilities:
  5481.   [security]      "/update-policy"/ rules of type "/subdomain"/ were
    incorrectly treated as "/zonesub"/ rules, which allowed
    keys used in "/subdomain"/ rules to update names outside
    of the specified subdomains. The problem was fixed by
    making sure "/subdomain"/ rules are again processed as
    described in the ARM. (CVE-2020-8624) [GL #2055]
  5480.   [security]      When BIND 9 was compiled with native PKCS#11 support, it
    was possible to trigger an assertion failure in code
    determining the number of bits in the PKCS#11 RSA public
    key with a specially crafted packet. (CVE-2020-8623)
    [GL #2037]
  5479.   [security]      named could crash in certain query resolution scenarios
    where QNAME minimization and forwarding were both
    enabled. (CVE-2020-8621) [GL #1997]
  5478.   [security]      It was possible to trigger an assertion failure by
    sending a specially crafted large TCP DNS message.
    (CVE-2020-8620) [GL #1996]
  5476.   [security]      It was possible to trigger an assertion failure when
    verifying the response to a TSIG-signed request.
    (CVE-2020-8622) [GL #2028]
  For the less severe bugs fixed, see the CHANGES file.
  [bsc#1175443, CVE-2020-8624, CVE-2020-8623, CVE-2020-8621,
  CVE-2020-8620, CVE-2020-8622]
- Added "//etc/bind.keys"/ to NAMED_CONF_INCLUDE_FILES in
  /etc/sysconfig/named to suppress warning message re
  missing file.
  [vendor-files.tar.bz2, bsc#1173983]
- Upgrade to version bind-9.16.5
  * The "/primary"/ and "/secondary"/ keywords, when used
    as parameters for "/check-names"/, were not
    processed correctly and were being ignored.
  * 'rndc dnstap -roll <value>' did not limit the number of
    saved files to <value>.
  * Add 'rndc dnssec -status' command.
  * Addressed a couple of situations where named could crash
  For the full list, see the CHANGES file in the source RPM.
- Changed /var/lib/named to owner root:named and perms rwxrwxr-t
  so that named, being a/the only member of the "/named"/ group
  has full r/w access yet cannot change directories owned by root
  in the case of a compromized named.
  [bsc#1173307, bind-chrootenv.conf]
- Upgrade to version bind-9.16.4
  Fixing two security problems:
  * It was possible to trigger an INSIST when determining
    whether a record would fit into a TCP message buffer.
  * It was possible to trigger an INSIST in
    lib/dns/rbtdb.c:new_reference() with a particular zone
    content and query patterns. (CVE-2020-8619)
  Also the following functional changes:
  * Reject DS records at the zone apex when loading
    master files. Log but otherwise ignore attempts to
    add DS records at the zone apex via UPDATE.
  * The default value of "/max-stale-ttl"/ has been changed
    from 1 week to 12 hours.
  * Zone timers are now exported via statistics channel.
    Thanks to Paul Frieden, Verizon Media.
  Added support for idn2 to spec file (Thanks to Holger Bruenjes
  More internal changes see the CHANGES file in the source RPM
  This update obsoletes
  [bsc#1172958, CVE-2020-8618, CVE-2020-8619,
- Upgrade to version bind-9.16.3
  Fixing two security problems:
  * Further limit the number of queries that can be triggered from
    a request.  Root and TLD servers are no longer exempt
    from max-recursion-queries.  Fetches for missing name server
    address records are limited to 4 for any domain. (CVE-2020-8616)
  * Replaying a TSIG BADTIME response as a request could trigger an
    assertion failure. (CVE-2020-8617)
  * Add engine support to OpenSSL EdDSA implementation.
  * Add engine support to OpenSSL ECDSA implementation.
  * Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
  * Warn about AXFR streams with inconsistent message IDs.
  * Make ISC rwlock implementation the default again.
  For more see CHANGS file in source RPM.
  [CVE-2020-8616, CVE-2020-8617, bsc#1171740, bind-9.16.3.tar.xz]
- bind needs an accurate clock, so wait for the
  to be reached before starting bind.
  [bsc#1170667, bsc#1170713, vendor-files.tar.bz2]
- Use sysusers.d to create named user
- Have only one package creating the user
- coreutils are not used in %post, remove Requires.
- Use systemd_ordering instead of hard requiring systemd
- Upgrade to version 9.16.1
  * UDP network ports used for listening can no longer simultaneously
    be used for sending traffic.
  * The system-provided POSIX Threads read-write lock implementation
    is now used by default instead of the native BIND 9 implementation.
  * Fixed re-signing issues with inline zones which resulted in records
    being re-signed late or not at all.
- Update download urls
- Do not enable geoip on old distros, the geoip db was shut down
  so we need to use geoip2 everywhere
- Upgrade to version 9.16.0
  Major upgrade, see
  CHANGES file in the source tree.
  Major functional change:
  * What was set with --with-tuning=large option in older BIND9
    versions is now a default, and a --with-tuning=small option was
    added for small (e.g. OpenWRT) systems.
  * A new "/dnssec-policy"/ option has been added to named.conf to
    implement a key and signing policy (KASP) for zones.
  * The command (and manpage) bind9-config have been dropped as the
    BIND 9 libraries are now purely internal.
  No patches became obsolete through the upgrade.
- Upgrade to bind-9.14.9
  bug fixes and feature improvements
- Upgrade to version 9.14.8:
  * Set a limit on the number of concurrently served pipelined TCP
  * Some other bug fixing, see CHANGES file.
  [CVE-2019-6477, bsc#1157051]
- Upgrade to version 9.14.7
  * removed dnsperf, idn, nslint, perftcpdns, query-loc-0.4.0,
    queryperf, sdb, zkt from contrib as they are not supported
    any more
  * Added support for the GeoIP2 API from MaxMind
  * See CHANGES file in the source RPM.
  * obsoletes bind-CVE-2018-5745.patch (bsc#1126068)
  * obsoletes bind-CVE-2019-6465.patch (bsc#1126069)
  * obsoletes bind-CVE-2018-5743.patch (bsc#1133185)
  * obsoletes bind-CVE-2019-6471.patch (bsc#1138687)
  [bsc#1111722, bsc#1156205, bsc#1126068, bsc#1126069, bsc#1133185,
  bsc#1138687, CVE-2019-6476, CVE-2019-6475,
  CVE-2019-6471, CVE-2018-5743, CVE-2019-6467, CVE-2019-6465,
  CVE-2018-5745, CVE-2018-5744, CVE-2018-5740, CVE-2018-5738,
  CVE-2018-5737, CVE-2018-5736, CVE-2017-3145, CVE-2017-3136,, bind-99-libidn.patch, perl-path.diff,
  bind-sdb-ldap.patch, bind-CVE-2017-3145.patch,
  bind-fix-fips.patch, bind-CVE-2018-5745.patch,
  bind-CVE-2019-6465.patch, bind-CVE-2018-5743.patch,
  bind-CVE-2019-6471.patch, CVE-2016-6170, bsc#1018700,
  bsc#1018701, bsc#1018702, bsc#1033466, bsc#1033467, bsc#1033468,
  bsc#1040039, bsc#1047184, bsc#1104129, bsc#906079, bsc#918330,
  bsc#936476, bsc#937028, bsc#939567, bsc#977657, bsc#983505,
  bsc#987866, bsc#989528, fate#320694, fate#324357, bnc#1127583,
  bnc#1127583, bnc#1109160]
- removal of SuSEfirewall2 service from Factory, since SuSEfirewall2 has been
  replaced by firewalld, see [1].
- Add FIPS patch back into bind (bsc#1128220)
- File: bind-fix-fips.patch
- Don't rely on /etc/insserv.conf anymore for proper dependencies
  against in named.service and lwresd.service
  (bsc#1118367 bsc#1118368)
- Update named.root. One of the root servers IP has changed.
- Install the LICENSE file.
- Add bind.conf and bind-chrootenv.conf to install the default
  files in /var/lib/named and create chroot environment on systems
  using transactional-updates [bsc#1100369] [FATE#325524].
- Cleanup pre/post install: remove all old code which was needed to
  update to SLES8.
- Fix a patch error in dnszone-schema file (bsc#901577)
- Add SPF records in dnszone-schema file (bsc#901577)
- Fix the hostname in ldapdump to be valid (bsc#965748)
- Patch file - bind-ldapdump-use-valid-host.patch
- Add bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
  Fixes dynamic DNS updates against samba and Microsoft DNS servers
- Move chroot related files from bind to bind-chrootenv
- Remove rndc.key generation from bind.spec file because bind
  should create it on first boot (bsc#1092283)
- Add misisng rndc.key check and generation code is lwresd.init
- build with --enable-filter-aaaa to make it possible to use
  config option "/filter-aaaa-on-v4 yes"/. Useful to workaround
  broken websites like netflix which block traffic from certain
  IPv6 tunnel providers. (bsc#1069633)
- Add /dev/urandom to chroot env
- Implement systemd init scripts for bind and lwresd (fate#323155)
- Apply bind-CVE-2017-3145.patch to fix CVE-2017-3145 (bsc#1076118)
- Use getent when adding user/group
- update changelog to mention removed options
- license changed to MPL-2.0 according to legal.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Add back init scripts, systemd units aren't ready yet
- Add python3-bind subpackage to allow python bind interactions
- Sync configure options with RH package and remove unused ones
  * Enable python3
  * Enable gssapi
  * Enable dnssec scripts
  * Remove no longer recognized --enable-rrl
- Drop idnkit from the build, the bind uses libidn since 2007 to run
  all the resolutions in dig/etc. bsc#1030306
- Add patch to make sure we build against system idn:
  * bind-99-libidn.patch
- Refresh patch:
  * pie_compile.diff
- Remove patches that are unused due to above:
  * idnkit-powerpc-ltconfig.patch
  * runidn.diff
- drop bind-openssl11.patch (merged upstream)
- Remove systemd conditionals as we are not building on sle11 anyway
- Force the systemd to be base for the initscript deployment
- Bump up version of most of the libraries
- Rename the subpackages to match the version updates
- Add macros for easier handling of the library package names
- Drop more unneeded patches
  * dns_dynamic_db.patch (upstream)
- Update to 9.11.2 release:
  * Many changes compared to 9.10 see the README file for in-depth listing
  * For detailed changes with issues see CHANGES file
  * Fixes for CVE-2017-3141 CVE-2017-3140 CVE-2017-3138 CVE-2017-3137
    CVE-3136 CVE-2016-9778
  * OpenSSL 1.1 support
- Remove support for some old distributions and cleanup the spec file
  to require only what is really needed
- Switch to systemd (bsc#1053808)
- Remove german from the postinst messages
- Remove patches merged upstream:
  * bind-CVE-2017-3135.patch
  * bind-CVE-2017-3142-and-3143.patch
- Refresh named.root with another update
- Use python3 by default (fate#323526)
- bind-openssl11.patch: add a patch for enabling
  openssl 1.1 support (builds for 1.0 and 1.1 openssl).
- Enable JSON statistics
- named.root: refreshed from internic to 2017060102 (bsc#1048729)
- Run systemctl daemon-reload even when this is not build with
  systemd support: if installing bind on a systemd service and not
  reloading systemd daemon, then the service 'named' is not known
  right after package installation, causing confusion.
- Added bind-CVE-2017-3142-and-3143.patch to fix a security issue
  where an attacker with the ability to send and receive messages
  to an authoritative DNS server was able to circumvent TSIG
  authentication of AXFR requests. A server that relies solely on
  TSIG keys for protection with no other ACL protection could be
  manipulated into (1) providing an AXFR of a zone to an
  unauthorized recipient and (2) accepting bogus Notify packets.
  [bsc#1046554, CVE-2017-3142, bsc#1046555, CVE-2017-3143]
- Fix named init script to dynamically find the location of the
  openssl engines (boo#1040027).
- Add with_systemd define with default off, since we still use init
  scripts and no systemd units.
- Don't require and call insserv if we use systemd
- Fix assertion failure or a NULL pointer read for configurations using both DNS64 and RPZ
  * CVE-2017-3135, bsc#1024130
  * bind-CVE-2017-3135.patch
- Update to latest release in the 9.10.X series
  * Security fixes in 9.10.4
  * Duplicate EDNS COOKIE options in a response could trigger an assertion failure.
    CVE-2016-2088. [RT #41809]
  * The resolver could abort with an assertion failure due to improper DNAME handling
    when parsing fetch reply messages. CVE-2016-1286. [RT #41753]
  * Malformed control messages can trigger assertions in named and rndc.
    CVE-2016-1285. [RT #41666]
  * Certain errors that could be encountered when printing out or logging an OPT record containing
    a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure. CVE-2015-8705. [RT #41397]
  * Specific APL data could trigger an INSIST. CVE-2015-8704. [RT #41396]
  * Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing
    a lookup. CVE-2015-8461. [RT#40945]
  * Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted,
    triggering a REQUIRE failure when those records were subsequently cached. CVE-2015-8000. [RT #40987]
  * For Features and other fixes in 9.10.4 see
  * Description of patch changes
  * BIND 9.10.4-P5 addresses the security issues described in CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444. [bsc#1018699]
  * BIND 9.10.4-P4 addresses the security issue described in CVE-2016-8864.
  * BIND 9.10.4-P3 addresses the security issue described in CVE-2016-2776 and addresses an interoperability issue with ECS clients.
  * BIND 9.10.4-P2 addresses the security issue described in CVE-2016-2775.
  * BIND 9.10.4-P1 addresses Windows installation issues, the %z modifier is not supported under Windows and
    a race condition in the rbt/rbtdb implementation resulting in named exiting due to assertion failures being detected.
  * Following patches removed, fixed upstream
  * cve-2016-2776.patch
  * cve-2016-8864.patch
- Apply cve-2016-8864.patch to fix CVE-2016-8864 (bsc#1007829).
- Apply cve-2016-2776.patch to fix CVE-2016-2776 (bsc#1000362).
- Remove the start/stop dependency of named and lwresd on remote-fs
  to break a service dependency cycle (bsc#947483, bsc#963971).
- Make /var/lib/named owned by the named user (bsc#908850,
- Call systemd service macros with the full service name.
- remove BuildRequire libcap. That is only a legacy library, not
  actually used for building. libcap-devel pulls in the right one.
- Security update 9.10.3-P4:
  * CVE-2016-1285, bsc#970072: assert failure on input parsing can
    cause premature exit.
  * CVE-2016-1286, bsc#970073: An error when parsing signature
    records for DNAME can lead to named exiting due to an assertion
  * CVE-2016-2088, bsc#970074: a deliberately misconstructed packet
    containing multiple cookie options to cause named to terminate
    with an assertion failure.
- drop a changing timestamp making build reproducible
- Build with --with-randomdev=/dev/urandom otherwise
  libisc will use /dev/random to gather entropy and that might
  block, short read etc..
- Security update 9.10.3-P3:
  * Specific APL data could trigger an INSIST (CVE-2015-8704,
  * Certain errors that could be encountered when printing out or
    logging an OPT record containing a CLIENT-SUBNET option could
    be mishandled, resulting in an assertion failure
    (CVE-2015-8705, bsc#962190).
  * Authoritative servers that were marked as bogus (e.g.
    blackholed in configuration or with invalid addresses) were
    being queried anyway.
- Update to version 9.10.3-P2 to fix a remote denial of service by
  misparsing incoming responses (CVE-2015-8000, bsc#958861).
- Avoid double %setup, it confuses some versions of quilt.
- Summary/description update
- Update to version 9.10.2-P4
  * An incorrect boundary boundary check in the OPENPGPKEY
    rdatatype could trigger an assertion failure.
    (CVE-2015-5986) [RT #40286] (bsc#944107)
  * A buffer accounting error could trigger an
    assertion failure when parsing certain malformed
    DNSSEC keys. (CVE-2015-5722) [RT #40212] (bsc#944066)
- Update to version 9.10.2-P3
  Security Fixes
  * A specially crafted query could trigger an assertion failure in message.c.
    This flaw was discovered by Jonathan Foote, and is disclosed in
    CVE-2015-5477. [RT #39795]
  * On servers configured to perform DNSSEC validation, an assertion failure
    could be triggered on answers from a specially configured server.
    This flaw was discovered by Breno Silveira Soares, and is disclosed
    in CVE-2015-4620. [RT #39795]
  Bug Fixes
  * Asynchronous zone loads were not handled correctly when the zone load was
    already in progress; this could trigger a crash in zt.c. [RT #37573]
  * Several bugs have been fixed in the RPZ implementation:
    + Policy zones that did not specifically require recursion could be treated
    as if they did; consequently, setting qname-wait-recurse no; was
    sometimes ineffective. This has been corrected. In most configurations,
    behavioral changes due to this fix will not be noticeable. [RT #39229]
    + The server could crash if policy zones were updated (e.g. via
    rndc reload or an incoming zone transfer) while RPZ processing
    was still ongoing for an active query. [RT #39415]
    + On servers with one or more policy zones configured as slaves, if a
    policy zone updated during regular operation (rather than at startup)
    using a full zone reload, such as via AXFR, a bug could allow the RPZ
    summary data to fall out of sync, potentially leading to an assertion
    failure in rpz.c when further incremental updates were made to the zone,
    such as via IXFR. [RT #39567]
    + The server could match a shorter prefix than what was
    available in CLIENT-IP policy triggers, and so, an unexpected
    action could be taken. This has been corrected. [RT #39481]
    + The server could crash if a reload of an RPZ zone was initiated while
    another reload of the same zone was already in progress. [RT #39649]
- Update to version 9.10.2-P2
  - An uninitialized value in validator.c could result in an assertion failure.
    (CVE-2015-4620) [RT #39795]
- Update to version 9.10.2-P1
  - Include client-ip rules when logging the number of RPZ rules of each type.
    [RT #39670]
  - Addressed further problems with reloading RPZ zones. [RT #39649]
  - Addressed a regression introduced in change #4121. [RT #39611]
  - The server could match a shorter prefix than what was available in
    CLIENT-IP policy triggers, and so, an unexpected action could be taken.
    This has been corrected. [RT #39481]
  - On servers with one or more policy zones configured as slaves, if a policy
    zone updated during regular operation (rather than at startup) using a full
    zone reload, such as via AXFR, a bug could allow the RPZ summary data to
    fall out of sync, potentially leading to an assertion failure in rpz.c when
    further incremental updates were made to the zone, such as via IXFR.
    [RT #39567]
  - A bug in RPZ could cause the server to crash if policy zones were updated
    while recursion was pending for RPZ processing of an active query.
    [RT #39415]
  - Fix a bug in RPZ that could cause some policy zones that did not
    specifically require recursion to be treated as if they did; consequently,
    setting qname-wait-recurse no; was sometimes ineffective. [RT #39229]
  - Asynchronous zone loads were not handled correctly when the zone load was
    already in progress; this could trigger a crash in zt.c. [RT #37573]
  - Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't
    result in a bug during operation. If the read failed, named could segfault.
    [RT #38559]
- Fix inappropriate use of /var/lib/named for locating dynamic-DB plugins.
  Dynamic-DB plugins are now loaded from %{_libexecdir}/bind, consistent with
  openSUSE packaging guideline.
- Install additional header files which are helpful to the development of
  dynamic-DB plugins.
- Depend on systemd macros and sysvinit on post-12.3 only.
- Create empty lwresd.conf at build time.
- Reduce file list pre-13.1.
- Update to version 9.10.2
  - Handle timeout in legacy system test. [RT #38573]
  - dns_rdata_freestruct could be called on a uninitialised structure when
    handling a error. [RT #38568]
  - Addressed valgrind warnings. [RT #38549]
  - UDP dispatches could use the wrong pseudorandom
    number generator context. [RT #38578]
  - Fixed several small bugs in automatic trust anchor management, including a
    memory leak and a possible loss of key state information. [RT #38458]
  - 'dnssec-dsfromkey -T 0' failed to add ttl field. [RT #38565]
  - Revoking a managed trust anchor and supplying an untrusted replacement
    could cause named to crash with an assertion failure.
    (CVE-2015-1349) [RT #38344]
  - Fix a leak of query fetchlock. [RT #38454]
  - Fix a leak of pthread_mutexattr_t. [RT #38454]
  - RPZ could send spurious SERVFAILs in response
    to duplicate queries. [RT #38510]
  - CDS and CDNSKEY had the wrong attributes. [RT #38491]
  - adb hash table was not being grown. [RT #38470]
- Update bind.keyring
- Update baselibs.conf due to updates to libdns160 and libisc148
- Enable export libraries to support plugin development.
  Install DNSSEC root key.
  Expose new interface for developing dynamic zone database.
  + dns_dynamic_db.patch
- PowerPC can build shared libraries for sure.
- Explicitly BuildRequire systemd-rpm-macros since it is used
  for lwresd %post etc. Then drop pre-12.x material.
- Corrections to baselibs.conf
- Update to version 9.10.1-P1
  - A flaw in delegation handling could be exploited to put named into an
    infinite loop.  This has been addressed by placing limits on the number of
    levels of recursion named will allow (default 7), and the number of
    iterative queries that it will send (default 50) before terminating a
    recursive query (CVE-2014-8500); (bnc#908994).
    The recursion depth limit is configured via the "/max-recursion-depth"/
    option, and the query limit via the "/max-recursion-queries"/ option.
    [RT #37580]
  - When geoip-directory was reconfigured during named run-time, the
    previously loaded GeoIP data could remain, potentially causing wrong ACLs
    to be used or wrong results to be served based on geolocation
    (CVE-2014-8680). [RT #37720]; (bnc#908995).
  - Lookups in GeoIP databases that were not loaded could cause an assertion
    failure (CVE-2014-8680). [RT #37679]; (bnc#908995).
  - The caching of GeoIP lookups did not always handle address families
    correctly, potentially resulting in an assertion failure (CVE-2014-8680).
    [RT #37672]; (bnc#908995).
- Convert some hard PreReq to leaner Requires(pre).
- Typographical and orthographic fixes to description texts.
- Fix bashisms in the createNamedConfInclude script.
- Post scripts: remove '-e' option of 'echo' that may be unsupported
  in some POSIX-compliant shells.
- Add openssl engines to the lwresd chroot.
- Add /etc/lwresd.conf with attribute ghost to the list of files.
- Add /run/lwresd to the list of files of the lwresd package.
- Shift /run/named from the chroot sub to the main bind package.
- Drop /proc from the chroot as multi CPU systems work fine even without it.
- Add a versioned dependency when obsoleting packages.
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
- Fix gssapi_krb configure time header detection.
- Update root zone (dated Nov 5, 2014).
- Update to version 9.10.1
  - This release addresses the security flaws described in CVE-2014-3214 and
- Update to version 9.10.0
  - DNS Response-rate limiting (DNS RRL), which blunts the impact of
    reflection and amplification attacks, is always compiled in and no longer
    requires a compile-time option to enable it.
  - An experimental "/Source Identity Token"/ (SIT) EDNS option is now available.
  - A new zone file format, "/map"/, stores zone data in a
    format that can be mapped directly into memory, allowing
    significantly faster zone loading.
  - "/delv"/ (domain entity lookup and validation) is a new tool with dig-like
    semantics for looking up DNS data and performing internal DNSSEC
  - Improved EDNS(0) processing for better resolver performance
    and reliability over slow or lossy connections.
  - Substantial improvement in response-policy zone (RPZ) performance.  Up to
    32 response-policy zones can be configured with minimal performance loss.
  - To improve recursive resolver performance, cache records which are still
    being requested by clients can now be automatically refreshed from the
    authoritative server before they expire, reducing or eliminating the time
    window in which no answer is available in the cache.
  - New "/rpz-client-ip"/ triggers and drop policies allowing
    response policies based on the IP address of the client.
  - ACLs can now be specified based on geographic location using the MaxMind
    GeoIP databases.  Use "/configure --with-geoip"/ to enable.
  - Zone data can now be shared between views, allowing multiple views to serve
    the same zones authoritatively without storing multiple copies in memory.
  - New XML schema (version 3) for the statistics channel includes many new
    statistics and uses a flattened XML tree for faster parsing. The older
    schema is now deprecated.
  - A new stylesheet, based on the Google Charts API, displays XML statistics
    in charts and graphs on javascript-enabled browsers.
  - The statistics channel can now provide data in JSON format as well as XML.
  - New stats counters track TCP and UDP queries received
    per zone, and EDNS options received in total.
  - The internal and export versions of the BIND libraries (libisc, libdns,
    etc) have been unified so that external library clients can use the same
    libraries as BIND itself.
  - A new compile-time option, "/configure --enable-native-pkcs11"/, allows BIND
    9 cryptography functions to use the PKCS#11 API natively, so that BIND can
    drive a cryptographic hardware service module (HSM) directly instead of
    using a modified OpenSSL as an intermediary.
  - The new "/max-zone-ttl"/ option enforces maximum TTLs for zones. This can
    simplify the process of rolling DNSSEC keys by guaranteeing that cached
    signatures will have expired within the specified amount of time.
  - "/dig +subnet"/ sends an EDNS CLIENT-SUBNET option when querying.
  - "/dig +expire"/ sends an EDNS EXPIRE option when querying.
  - New "/dnssec-coverage"/ tool to check DNSSEC key coverage for a zone and
    report if a lapse in signing coverage has been inadvertently scheduled.
  - Signing algorithm flexibility and other improvements
    for the "/rndc"/ control channel.
  - "/named-checkzone"/ and "/named-compilezone"/ can now read
    journal files, allowing them to process dynamic zones.
  - Multiple DLZ databases can now be configured.  Individual zones can be
    configured to be served from a specific DLZ database.  DLZ databases now
    serve zones of type "/master"/ and "/redirect"/.
  - "/rndc zonestatus"/ reports information about a specified zone.
  - "/named"/ now listens on IPv6 as well as IPv4 interfaces by default.
  - "/named"/ now preserves the capitalization of names
    when responding to queries.
  - new "/dnssec-importkey"/ command allows the use of offline
    DNSSEC keys with automatic DNSKEY management.
  - New "/named-rrchecker"/ tool to verify the syntactic
    correctness of individual resource records.
  - When re-signing a zone, the new "/dnssec-signzone -Q"/ option drops
    signatures from keys that are still published but are no longer active.
  - "/named-checkconf -px"/ will print the contents of configuration files with
    the shared secrets obscured, making it easier to share configuration (e.g.
    when submitting a bug report) without revealing private information.
  - "/rndc scan"/ causes named to re-scan network interfaces for
    changes in local addresses.
  - On operating systems with support for routing sockets, network interfaces
    are re-scanned automatically whenever they change.
  - "/tsig-keygen"/ is now available as an alternate command
    name to use for "/ddns-confgen"/.
- Update to version 9.9.6
  New Features
  - Support for CAA record types, as described in RFC 6844 "/DNS
    Certification Authority Authorization (CAA) Resource Record"/,
    was added. [RT#36625] [RT #36737]
  - Disallow "/request-ixfr"/ from being specified in zone statements where it
    is not valid (it is only valid for slave and redirect zones) [RT #36608]
  - Support for CDS and CDNSKEY resource record types was added. For
    details see the proposed Informational Internet-Draft "/Automating
    DNSSEC Delegation Trust Maintenance"/ at
    [RT #36333]
  - Added version printing options to various BIND utilities. [RT #26057]
    [RT #10686]
  - Added a "/no-case-compress"/ ACL, which causes named to use case-insensitive
    compression (disabling change #3645) for specified clients. (This is useful
    when dealing with broken client implementations that use case-sensitive
    name comparisons, rejecting responses that fail to match the capitalization
    of the query that was sent.) [RT #35300]
  Feature Changes
  - Adds RPZ SOA to the additional section of responses to clearly
    indicate the use of RPZ in a manner that is intended to avoid
    causing issues for downstream resolvers and forwarders [RT #36507]
  - rndc now gives distinct error messages when an unqualified zone
    name matches multiple views vs. matching no views [RT #36691]
  - Improves the accuracy of dig's reported round trip times.  [RT #36611]
  - When an SPF record exists in a zone but no equivalent TXT record
    does, a warning will be issued.  The warning for the reverse
    condition is no longer issued. See the check-spf option in the
    documentation for details. [RT #36210]
  - "/named"/ will now log explicitly when using rndc.key to configure
    command channel. [RT #35316]
  - The default setting for the -U option (setting the number of UDP
    listeners per interface) has been adjusted to improve performance.
    [RT #35417]
  - Aging of smoothed round-trip time measurements is now limited
    to no more than once per second, to improve accuracy in selecting
    the best name server. [RT #32909]
  - DNSSEC keys that have been marked active but have no publication
    date are no longer presumed to be publishable. [RT #35063]
  Bug Fixes
  - The Makefile in bin/python was changed to work around a bmake
    bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)
  - Corrected bugs in the handling of wildcard records by the DNSSEC
    validator: invalid wildcard expansions could be treated as valid
    if signed, and valid wildcard expansions in NSEC3 opt-out ranges
    had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]
  - When resigning, dnssec-signzone was removing all signatures from
    delegation nodes. It now retains DS and (if applicable) NSEC
    signatures.  [RT #36946]
  - The AD flag was being set inappopriately on RPZ responses. [RT #36833]
  - Updates the URI record type to current draft standard,
    draft-faltstrom-uri-08, and allows the value field to be zero
    length [RT #36642] [RT #36737]
  - RRSIG sets that were not loaded in a single transaction at start
    up were not being correctly added to re-signing heaps.  [RT #36302]
  - Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]
  - A race condition could cause a crash in isc_event_free during
    shutdown.  [RT #36720]
  - Addresses a race condition issue in dispatch. [RT #36731]
  - acl elements could be miscounted, causing a crash while loading
    a config [RT #36675]
  - Corrects a deadlock between view.c and adb.c. [RT #36341]
  - liblwres wasn't properly handling link-local addresses in
    nameserver clauses in resolv.conf. [RT #36039]
  - Buffers in isc_print_vsnprintf were not properly initialized
    leading to potential overflows when printing out quad values.
    [RT #36505]
  - Don't call qsort() with a null pointer, and disable the GCC 4.9
    "/delete null pointer check"/ optimizer option. This fixes problems
    when using GNU GCC 4.9.0 where its compiler code optimizations
    may cause crashes in BIND. For more information, see the operational
    advisory at [RT #35968]
  - Fixed a bug that could cause repeated resigning of records in
    dynamically signed zones. [RT #35273]
  - Fixed a bug that could cause an assertion failure after forwarding
    was disabled. [RT #35979]
  - Fixed a bug that caused SERVFAILs when using RPZ on a system
    configured as a forwarder. [RT #36060]
  - Worked around a limitation in Solaris's /dev/poll implementation
    that could cause named to fail to start when configured to use
    more sockets than the system could accomodate. [RT #35878]
- Remove merged rpz2+rl-9.9.5.patch and obsoleted rpz2+rl-9.9.5.patch
- Removed pid-path.diff patch as /run/{named,lwresd}/ are used by default.
- Update baselibs.conf (added libirs and library interface version updates).
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- Add binutils-fix-relax.diff to fix linking relaxation problems
  with old object files hitting some enterprise software. [bsc#1179341]
- Update binutils-2.35-branch.diff.gz to commit 1c5243df:
  * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with
    certain DWARF variable descriptions.
  * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878,
    PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869,
  * The above includes fixes for dwo files produced by modern dwp,
    fixing several problems in the DWARF reader.
- Reapply spec file cleanup from format_spec_file
- Remove a SLE10 version check
- Update to 2.35.1 and rebased branch diff:
  * This is a point release over the previous 2.35 version, containing bug
  fixes, and as an exception to the usual rule, one new feature.  The
  new feature is the support for a new directive in the assembler:
  "/.nop"/.  This directive creates a single no-op instruction in whatever
  encoding is correct for the target architecture.  Unlike the .space or
  .fill this is a real instruction, and it does affect the generation of
  DWARF line number tables, should they be enabled.
- Update binutils-2.35-branch.diff.gz to commit 23f268a0:
  * Add xBPF target
  * Fix various problems with DWARF 5 support in gas
- Toolchain module update for SLE15 [jsc#ECO-2373]
- Includes changes that were SLE-only in binutils-add-z15-name.diff
  for [bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464]
- Amend binutils-revert-plt32-in-branches.diff to adjust also new
- Add binutils-2.35-branch.diff.gz: it includes fix for
  nm -B for objects compiled with -flto and -fcommon.
- Add binutils-revert-nm-symversion.diff to be compatible with old
  output of nm relied on in scripts.
- Add binutils-fix-abierrormsg.diff to work around an eager (new)
  error message occuring without inputs and as-needed (affects
  nvme-cli build).
- Update to binutils 2.35:
  * The asseembler can now produce DWARF-5 format line number tables.
  * Readelf now has a "/lint"/ mode to enable extra checks of the files it is processing.
  * Readelf will now display "/[...]"/ when it has to truncate a symbol name.
    The old behaviour - of displaying as many characters as possible, up to
    the 80 column limit - can be restored by the use of the --silent-truncation
  * The linker can now produce a dependency file listing the inputs that it
    has processed, much like the -M -MP option supported by the compiler.
- Regenerate add-ulp-section.diff with -p1 due to a fuzzing issue.
- Remove binutils-2.34-branch.diff.gz.
- Regenerate binutils-build-as-needed.diff due to a fuzzing issue.
- Regenerate binutils-fix-invalid-op-errata.diff as one hunk was upstreamed.
- Remove upstreamed patch binutils-pr25593.diff.
- Regenerate unit-at-a-time.patch due to a fuzzing issue.
- Regenerate binutils-revert-plt32-in-branches.diff.
- Update binutils-2.34-branch.diff.gz.
- Remove fix-try_load_plugin.patch as it is part
  of the updated binutils-2.34-branch.diff.gz patch.
- Add binutils-pr25593.diff to fix DT_NEEDED order with -flto
- Update fix-try_load_plugin.patch to latest version.
- Add fix-try_load_plugin.patch in order to fix fallback caused
  by backport for PR25355.
- Update to binutils 2.34:
  * The disassembler (objdump --disassemble) now has an option to
    generate ascii art thats show the arcs between that start and end
    points of control flow instructions.
  * The binutils tools now have support for debuginfod.  Debuginfod is a
    HTTP service for distributing ELF/DWARF debugging information as
    well as source code.  The tools can now connect to debuginfod
    servers in order to download debug information about the files that
    they are processing.
  * The assembler and linker now support the generation of ELF format
    files for the Z80 architecture.
- Rename and get binutils-2.34-branch.diff.gz (boo#1160254).
- Rebase add-ulp-section.diff, binutils-revert-plt32-in-branches.diff,
  cross-avr-size.patch and binutils-skip-rpaths.patch.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to boo#1163333.
- Includes fixes for these CVEs:
  bnc#1153768 aka CVE-2019-17451 aka PR25070
  bnc#1153770 aka CVE-2019-17450 aka PR25078
- Disable LTO during testsuite run
- Add binutils-fix-invalid-op-errata.diff to fix various
  build fails on aarch64 (PR25210, bsc#1157755).
- Add add-ulp-section.diff for user space live patching.
- Update to binutils 2.33.1:
  * Adds support for the Arm Scalable Vector Extension version 2
    (SVE2) instructions, the Arm Transactional Memory Extension (TME)
    instructions and the Armv8.1-M Mainline and M-profile Vector
    Extension (MVE) instructions.
  * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
    processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
    Cortex-A76AE, and Cortex-A77 processors.
  * Adds a .float16 directive for both Arm and AArch64 to allow
    encoding of 16-bit floating point literals.
  * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
    Loongson3 LLSC Errata.  Add a --enable-mips-fix-loongson3-llsc=[yes|no]
    configure time option to set the default behavior. Set the default
    if the configure option is not used to "/no"/.
  * The Cortex-A53 Erratum 843419 workaround now supports a choice of
    which workaround to use.  The option --fix-cortex-a53-843419 now
    takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
    which can be used to force a particular workaround to be used.
    See --help for AArch64 for more details.
  * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
    GNU_PROPERTY_AARCH64_FEATURE_1_PAC  in ELF GNU program properties
    in the AArch64 ELF linker.
  * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on inputs and use PLTs protected with BTI.
  * Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
  * Add --source-comment[=<txt>] option to objdump which if present,
    provides a prefix to source code lines displayed in a disassembly.
  * Add --set-section-alignment <section-name>=<power-of-2-align>
    option to objcopy to allow the changing of section alignments.
  * Add --verilog-data-width option to objcopy for verilog targets to
    control width of data elements in verilog hex format.
  * The separate debug info file options of readelf (--debug-dump=links
    and --debug-dump=follow) and objdump (--dwarf=links and
  - -dwarf=follow-links) will now display and/or follow multiple
    links if more than one are present in a file.  (This usually
    happens when gcc's -gsplit-dwarf option is used).
    In addition objdump's --dwarf=follow-links now also affects its
    other display options, so that for example, when combined with
  - -syms it will cause the symbol tables in any linked debug info
    files to also be displayed.  In addition when combined with
  - -disassemble the --dwarf= follow-links option will ensure that
    any symbol tables in the linked files are read and used when
    disassembling code in the main file.
  * Add support for dumping types encoded in the Compact Type Format
    to objdump and readelf.
- Includes fixes for these CVEs:
  bnc#1126826 aka CVE-2019-9077 aka PR1126826
  bnc#1126829 aka CVE-2019-9075 aka PR1126829
  bnc#1126831 aka CVE-2019-9074 aka PR24235
  bnc#1140126 aka CVE-2019-12972 aka PR23405
  bnc#1143609 aka CVE-2019-14444 aka PR24829
  bnc#1142649 aka CVE-2019-14250 aka PR90924
- Remove patches that are now included in the release:
  binutils-2.32-branch.diff.gz, binutils-fix-ld-segv.diff,
  binutils-pr24486.patch, riscv-abi-check.patch,
- Add binutils-2.33-branch.diff.gz patch.
- Rebase binutils-revert-plt32-in-branches.diff and
  cross-avr-size.patch patch.
- Add binutils-fix-ld-segv.diff to fix a segfault in ld
  when building some versions of pacemaker.  [bsc#1154025,
- Add avr, epiphany and rx to target_list so that the common
  binutils can handle all objects we can create with crosses.
- Update to current 2.32 branch @7b468db3 adding
  binutils-2.32-branch.diff.gz [jsc#ECO-368].
- Includes fixes for these CVEs:
  bsc#1109412 aka CVE-2018-17358 aka PR23686
  bsc#1109413 aka CVE-2018-17359 aka PR23686
  bsc#1109414 aka CVE-2018-17360 aka PR23685
  bsc#1111996 aka CVE-2018-18309 aka PR23770
  bsc#1112534 aka CVE-2018-18484 aka GCC PR87636
  bsc#1112535 aka CVE-2018-18483 aka PR23767
  bsc#1113247 aka CVE-2018-18607 aka PR23805
  bsc#1113252 aka CVE-2018-18606 aka PR23806
  bsc#1113255 aka CVE-2018-18605 aka PR23804
  bsc#1116827 aka CVE-2018-17985 aka GCC PR87335
  bsc#1118830 aka CVE-2018-19932 aka PR23932
  bsc#1118831 aka CVE-2018-19931 aka PR23942
  bsc#1120640 aka CVE-2018-1000876 aka PR23994
  bsc#1121034 aka CVE-2018-20651 aka PR24041
  bsc#1121035 aka CVE-2018-20623 aka PR24049
  bsc#1121056 aka CVE-2018-20671 aka PR24005
  bsc#1142772 aka CVE-2019-1010180 aka PR23657
- Refresh s390-biarch.diff and
  binutils-revert-plt32-in-branches.diff .
- For the SLE12 package this also removes patches
  binutils-z13-1.diff, binutils-z13-2.diff,
  binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff .
- enable xtensa architecture (Tensilica lc6 and related)
- Fix SUSE typo in README package name
- Use -ffat-lto-objects in order to provide assembly for static libs
Fake entry for SLE12 package variant only:
- Add support for new z13 instructions. [fate#327074, jsc#SLE-6206,
  Adds patches binutils-z13-1.diff, binutils-z13-2.diff,
  binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff .
- Add binutils-pr24486.patch: fix for PR24486 (boo#1133131 boo#1133232).
- Add rx-gas-padding-pr24464.patch: fix for PR24464.
- riscv-abi-check.patch: Don't check ABI flags if no code section
- Add binutils.keyring and verify signature.
- Add disk and RAM (for ppc, ppc64 and ppc64le) constraint with _constraints.
- Update to binutils 2.32:
  * The binutils now support for the C-SKY processor series.
  * The x86 assembler now supports a -mvexwig=[0|1] option to control
    encoding of VEX.W-ignored (WIG) VEX instructions.
    It also has a new -mx86-used-note=[yes|no] option to generate (or
    not) x86 GNU property notes.
  * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2),
    the Loongson EXTensions (EXT) instructions, the Loongson Content
    Address Memory (CAM) ASE and the Loongson MultiMedia extensions
    Instructions (MMI) ASE.
  * The addr2line, c++filt, nm and objdump tools now have a default
    limit on the maximum amount of recursion that is allowed whilst
    demangling strings.  This limit can be disabled if necessary.
  * Objdump's --disassemble option can now take a parameter,
    specifying the starting symbol for disassembly.  Disassembly will
    continue from this symbol up to the next symbol or the end of the
  * The BFD linker will now report property change in linker map file
    when merging GNU properties.
  * The BFD linker's -t option now doesn't report members within
    archives, unless -t is given twice.  This makes it more useful
    when generating a list of files that should be packaged for a
    linker bug report.
  * The GOLD linker has improved warning messages for relocations that
    refer to discarded sections.
- Remove binutils-2.31-branch.diff.gz, fix-pr23919-1.diff,
  fix-pr23919-2.diff, fix-pr23919-3.diff,
  gold-depend-on-opcodes.diff and s390-relro.diff.
- Refresh binutils-skip-rpaths.patch, s390-biarch.diff, cross-avr-size.patch
  and binutils-revert-plt32-in-branches.diff.
- Add s390-relro.diff to improve relro support on s390
- Fix the fix for PR23919 [bsc#1118644]:
  rename handle-ELF-compressed-header-alignment-correctly-by-.patch
  to fix-pr23919-1.diff and add fix-pr23919-2.diff
  and fix-pr23919-3.diff .
- Add handle-ELF-compressed-header-alignment-correctly-by-.patch:
- Update to binutils-2_31-branch @e51abf7e3, minor bugfixes in
  the support for the X86_ISA_1_* notes.  Adds
  patch binutils-2.31-branch.diff.gz .
- Add binutils-revert-plt32-in-branches.diff on anything older
  than Tumbleweed to not break old tools not expecting
  PLT32 instead of PC32 relocs on x86_64.
- Includes fixes for these CVEs:
  * from 2.30:
    bnc#1065643 aka CVE-2017-15996 aka PR22361
    bnc#1065689 aka CVE-2017-15939 aka PR22205
    bnc#1065693 aka CVE-2017-15938 aka PR22209
    bnc#1068640 aka CVE-2017-16826 aka PR22376
    bnc#1068643 aka CVE-2017-16832 aka PR22373
    bnc#1068887 aka CVE-2017-16831 aka PR22385
    bnc#1068888 aka CVE-2017-16830 aka PR22384
    bnc#1068950 aka CVE-2017-16829 aka PR22307
    bnc#1069176 aka CVE-2017-16828 aka PR22386
    bnc#1069202 aka CVE-2017-16827 aka PR22306
  * from 2.31:
    bnc#1077745 aka CVE-2018-6323  aka PR22746
    bnc#1079103 aka CVE-2018-6543  aka PR22769
    bnc#1079741 aka CVE-2018-6759  aka PR22794
    bnc#1080556 aka CVE-2018-6872  aka PR22788
    bnc#1081527 aka CVE-2018-7208  aka PR22741
    bnc#1083528 aka CVE-2018-7570  aka PR22881
    bnc#1083532 aka CVE-2018-7569  aka PR22895
    bnc#1086608 aka CVE-2018-8945  aka PR22809
    bnc#1086784 aka CVE-2018-7643  aka PR22905
    bnc#1086786 aka CVE-2018-7642  aka PR22887
    bnc#1086788 aka CVE-2018-7568  aka PR22894
    bnc#1090997 aka CVE-2018-10373 aka PR23065
    bnc#1091015 aka CVE-2018-10372 aka PR23064
    bnc#1091365 aka CVE-2018-10535 aka PR23113
    bnc#1091368 aka CVE-2018-10534 aka PR23110
- Removes binutils-fix-pr21964.diff as it's included in 2.31.
  Rebase testsuite.diff and aarch64-common-pagesize.patch .
- Disable -z separate-code everywhere but in Tumbleweed.
- Update to binutils 2.31
  * The AArch64 port now supports showing disassembly notes which are emitted
    when inconsistencies are found with the instruction that may result in the
    instruction being invalid.  These can be turned on with the option -M notes
    to objdump.
  * The AArch64 port now emits warnings when a combination of an instruction and
    a named register could be invalid.
  * Added O modifier to ar to display member offsets inside an archive
  * The ADR and ADRL pseudo-instructions supported by the ARM assembler
    now only set the bottom bit of the address of thumb function symbols
    if the -mthumb-interwork command line option is active.
  * Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU
    Build Attribute notes if none are present in the input sources.  Add a
  - -enable-generate-build-notes=[yes|no] configure time option to set the
    default behaviour.  Set the default if the configure option is not used
    to "/no"/.
  * Remove -mold-gcc command-line option for x86 targets.
  * Add -O[2|s] command-line options to x86 assembler to enable alternate
    shorter instruction encoding.
  * Add support for .nops directive.  It is currently supported only for
    x86 targets.
  * Speed up direct linking with DLLs for Cygwin and Mingw targets.
  * Add a configure option --enable-separate-code to decide whether
  - z separate-code should be enabled in ELF linker by default.  Default
    to yes for Linux/x86 targets.  Note that -z separate-code can increase
    disk and memory size.
  * Includes riscv-relax-size.patch, riscv-relax-relocatable.patch,
    riscv-relax-versioned-hidden.patch and riscv-wrap-relax.patch
- Refresh enable-targets-gold.diff.
- Adjust cross-avr-omit_section_dynsym.patch.
- Remove binutils-2.30-branch.diff.
- riscv-relax-versioned-hidden.patch: RISC-V: Fix symbol address problem
  with versioned symbols (PR ld/22756)
- Restore riscv64-elf cross prefix via symlinks
- Fix pacemaker libqb problem with section start/stop
  symbols, aka PR21964.  [bnc#1075418]
  Adds binutils-fix-pr21964.diff .
  (this is a change from SLE12, that was already included in 2.31
  binutils tree, mentioned for completeness to not loose tracking)
- riscv-relax-relocatable.patch: RISC-V: Don't enable relaxation in
  relocatable link
- Update binutils-2.30-branch.diff: 2.30 branch @7c78c26eefbb8
  * Includes more complete fix for PR20882.
  * Includes fix for PR22836.  [boo#1085784]
  * Includes fix for PR22983.
- riscv-relax-size.patch: Fix symbol size bug when relaxation deletes bytes
- Add binutils-pr22868.diff to fix testsuite fails in LLVM.
- Update to binutils 2.30
  * Add --debug-dump=links option to readelf and --dwarf=links option to objdump
    which displays the contents of any .gnu_debuglink or .gnu_debugaltlink
    Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links
    option to objdump which causes indirect links into separate debug info files
    to be followed when dumping other DWARF sections.
  * Add support for loaction views in DWARF debug line information.
  * Add -z separate-code to generate separate code PT_LOAD segment.
  * Add "/-z undefs"/ command line option as the inverse of the "/-z defs"/ option.
  * Add -z globalaudit command line option to force audit libraries to be run
    for every dynamic object loaded by an executable - provided that the loader
    supports this functionality.
  * Tighten linker script grammar around file name specifiers to prevent the use
    of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames.  These would
    previously be accepted but had no effect.
  * The EXCLUDE_FILE directive can now be placed within any SORT_* directive
    within input section lists.
- binutils-2.30-branch.diff: 2.30 branch @4cd0043413
- riscv-wrap-relax.patch: Fix linker relaxation with --wrap
- Remove use-hashtype-both-by-default.diff, use
  - -enable-default-hash-style=both instead
- Remove binutils-2.29-branch.diff, s390x-8fe09d7.diff
- Use riscv64-suse-linux as target for cross-riscv64-binutils
- Drop bc BuildRequires: no longer needed.
- Add riscv64 to %target_list
- Add arm-none-eabi symlinks (bsc#1074741)
- Add s390x-8fe09d7.diff to fix typo in ELF notes.
- Update binutils-2.29-branch.diff to @a45d8fd5ffbf888 fixing PR 22220.
- Update to 2.29.1 release, accumulating bugfixes.
- Update binutils-2.29-branch.diff to @a38a1d80 and to be
  relative to the 2.29.1 release fixing following PRs/bnc/CVE:
  22058 [bnc#1057149, CVE-2017-14130]
  21813 [bnc#1052503, CVE-2017-12456, bnc#1052507, CVE-2017-12454,
    bnc#1052509, CVE-2017-12453, bnc#1052511, CVE-2017-12452,
    bnc#1052514, CVE-2017-12450, bnc#1052503, CVE-2017-12456,
    bnc#1052507, CVE-2017-12454, bnc#1052509, CVE-2017-12453,
    bnc#1052511, CVE-2017-12452, bnc#1052514, CVE-2017-12450]
  22148 [bnc#1060599, CVE-2017-14745]
  22163 [bnc#1061241, CVE-2017-14974]
  21933 [bnc#1053347, CVE-2017-12799]
  21787 [bnc#1052518, CVE-2017-12448]
  22018 [bnc#1056312, CVE-2017-13757]
  22170 [bnc#1060621, CVE-2017-14729]
  22047 [bnc#1057144, CVE-2017-14129]
  22059 [bnc#1057139, CVE-2017-14128]
  21990 [bnc#1058480, CVE-2017-14333]
  22113 [bnc#1059050, CVE-2017-14529]
  as well as these PRs:
  22061, 21786, 21916, 21994, 22064, 21995, 21909, 21441, 22060,
  22067, 22032, 21820, 22048, 22199, 21781, 21824, 21861, 22150.
- Update to 2.29 (@5d25156), upstream fix for PR21884, as
  well as PRs 18808 18841 21840 21988 21910 21962 21964.
- Last fixes for PR21884 weren't complete, adjust
  binutils-2.29-branch.diff some more for this.
- Update to 2.29 branch (@de44148c), fixing PR21884, a segfault
  in ld while building memtest86+ .
  Changes binutils-2.29-branch.diff.
- Update to 2.29 branch, fixing PR21847, affecting the ppc64le
  ABI in corner cases since 2.29 release.
  Adds binutils-2.29-branch.diff.
- Remove binutils-2.29-gold-mips.patch, obsolete by the update.
- Add binutils-2.29-gold-mips.patch to fix build on SLE-11.
- Update to binutils 2.29. [fate#321454, fate#321494, fate#323293]
- Fixes these security-related PRs/bnc/CVEs:
  18750 [bsc#1030296, CVE-2014-9939]
  20891 [bsc#1030585, CVE-2017-7225]
  20892 [bsc#1030588, CVE-2017-7224]
  20898 [bsc#1030589, CVE-2017-7223]
  20905 [bsc#1030584, CVE-2017-7226]
  20908 [bsc#1031644, CVE-2017-7299]
  20909 [bsc#1031656, CVE-2017-7300]
  20921 [bsc#1031595, CVE-2017-7302]
  20922 [bsc#1031593, CVE-2017-7303]
  20924 [bsc#1031638, CVE-2017-7301]
  20931 [bsc#1031590, CVE-2017-7304]
  21409 [bsc#1037052, CVE-2017-8392]
  21412 [bsc#1037057, CVE-2017-8393]
  21414 [bsc#1037061, CVE-2017-8394]
  21432 [bsc#1037066, CVE-2017-8396]
  21440 [bsc#1037273, CVE-2017-8421]
  21580 [bsc#1044891, CVE-2017-9746]
  21581 [bsc#1044897, CVE-2017-9747]
  21582 [bsc#1044901, CVE-2017-9748]
  21587 [bsc#1044909, CVE-2017-9750]
  21594 [bsc#1044925, CVE-2017-9755]
  21595 [bsc#1044927, CVE-2017-9756]
- Feature changes:
  * The MIPS port now supports microMIPS eXtended Physical Addressing (XPA)
    instructions for assembly and disassembly.
  * The MIPS port now supports the microMIPS Release 5 ISA for assembly and
  * The MIPS port now supports the Imagination interAptiv MR2 processor,
    which implements the MIPS32r3 ISA, the MIPS16e2 ASE as well as a couple
    of implementation-specific regular MIPS and MIPS16e2 ASE instructions.
  * The SPARC port now supports the SPARC M8 processor, which implements the
    Oracle SPARC Architecture 2017.
  * The MIPS port now supports the MIPS16e2 ASE for assembly and disassembly.
  * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.
  * Add support for the wasm32 ELF conversion of the WebAssembly file format.
  * Add --inlines option to objdump, which extends the --line-numbers option
    so that inlined functions will display their nesting information.
  * Add --merge-notes options to objcopy to reduce the size of notes in
    a binary file by merging and deleting redundant notes.
  * Add support for locating separate debug info files using the build-id
    method, where the separate file has a name based upon the build-id of
    the original file.
  * Add support for ELF SHF_GNU_MBIND.
  * Add support for the WebAssembly file format and wasm32 ELF conversion.
  * PowerPC gas now checks that the correct register class is used in
    instructions.  For instance, "/addi %f4,%cr3,%r31"/ warns three times
    that the registers are invalid.
  * Add support for the Texas Instruments PRU processor.
  * Support for the ARMv8-R architecture and Cortex-R52 processor has been
    added to the ARM port.
  GNU ld
  * Support for -z shstk in the x86 ELF linker to generate
    GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties.
  * Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program
    properties in the x86 ELF linker.
  * Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program
    properties in the x86 ELF linker.
  * Support for -z ibtplt in the x86 ELF linker to generate IBT-enabled
  * Support for -z ibt in the x86 ELF linker to generate IBT-enabled
    PLT as well as GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program
  * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.
  * Add support for ELF GNU program properties.
  * Add support for the Texas Instruments PRU processor.
  * When configuring for arc*-*-linux* targets the default linker emulation will
    change if --with-cpu=nps400 is used at configure time.
  * Improve assignment of LMAs to orphan sections in some edge cases where a
    mixture of both AT>LMA_REGION and AT(LMA) are used.
  * Orphan sections placed after an empty section that has an AT(LMA) will now
    take an load memory address starting from LMA.
  * Section groups can now be resolved (the group deleted and the group members
    placed like normal sections) at partial link time either using the new
    linker option --force-group-allocation or by placing FORCE_GROUP_ALLOCATION
    into the linker script.
- Includes binutils-bso21193.diff, binutils-bso21333.diff and
- Remove ld-dtags.diff, instead configure with --enable-new-dtags.
- Refresh binutils-build-as-needed.diff.
- Remove binutils-2.28-branch.diff.
- Add riscv64 target, tested with gcc7 and downstream newlib 2.4.0
  * Prepare riscv32 target (gh#riscv/riscv-newlib#8)
- Update binutils-2.28-branch.diff.
- Make compressed debug section handling explicit, disable for
  old products and enable for gas on all architectures otherwise.
- Add binutils-bso21333.diff.  [boo#1029995]
- Remove empty rpath component removal optimization from
  binutils-skip-rpaths.patch to workaround CMake rpath handling.
- Add fix-security-bugs.diff to fix bnc#1029907, bnc#1029908,
  bnc#1029909 and more.  Upstream bugs fixed:
  PR 21135 [bsc#1030298, CVE-2017-7209],
  PR 21137 [bsc#1029909, CVE-2017-6965],
  PR 21139 [bsc#1029908, CVE-2017-6966],
  PR 21156 [bsc#1029907, CVE-2017-6969],
  PR 21157 [bsc#1030297, CVE-2017-7210],
  PR 21147, PR 21148, PR 21149, PR 21150, PR 21151, PR 21155,
  PR 21158, PR 21159
- Update to binutils 2.28.
  * Add support for locating separate debug info files using the build-id
    method, where the separate file has a name based upon the build-id of
    the original file.
  * This version of binutils fixes a problem with PowerPC VLE 16A and 16D
    relocations which were functionally swapped, for example,
    R_PPC_VLE_HA16A performed like R_PPC_VLE_HA16D while R_PPC_VLE_HA16D
    performed like R_PPC_VLE_HA16A.  This could have been fixed by
    renumbering relocations, which would keep object files created by an
    older version of gas compatible with a newer ld.  However, that would
    require an ABI update, affecting other assemblers and linkers that
    create and process the relocations correctly.  It is recommended that
    all VLE object files be recompiled, but ld can modify the relocations
    if --vle-reloc-fixup is passed to ld.  If the new ld command line
    option is not used, ld will ld warn on finding relocations inconsistent
    with the instructions being relocated.
  * The nm program has a new command line option (--with-version-strings)
    which will display a symbol's version information, if any, after the
    symbol's name.
  * The ARC port of objdump now accepts a -M option to specify the extra
    instruction class(es) that should be disassembled.
  * The --remove-section option for objcopy and strip now accepts section
    patterns starting with an exclamation point to indicate a non-matching
    section.  A non-matching section is removed from the set of sections
    matched by an earlier --remove-section pattern.
  * The --only-section option for objcopy now accepts section patterns
    starting with an exclamation point to indicate a non-matching section.
    A non-matching section is removed from the set of sections matched by
    an earlier --only-section pattern.
  * New --remove-relocations=SECTIONPATTERN option for objcopy and strip.
    This option can be used to remove sections containing relocations.
    The SECTIONPATTERN is the section to which the relocations apply, not
    the relocation section itself.
  * Add support for the RISC-V architecture.
  * Add support for the ARM Cortex-M23 and Cortex-M33 processors.
  GNU ld
  * The EXCLUDE_FILE linker script construct can now be applied outside of the
    section list in order for the exclusions to apply over all input sections
    in the list.
  * Add support for the RISC-V architecture.
  * The command line option --no-eh-frame-hdr can now be used in ELF based
    linkers to disable the automatic generation of .eh_frame_hdr sections.
  * Add --in-implib=<infile> to the ARM linker to enable specifying a set of
    Secure Gateway veneers that must exist in the output import library
    specified by --out-implib=<outfile> and the address they must have.
    As such, --in-implib is only supported in combination with --cmse-implib.
  * Extended the --out-implib=<file> option, previously restricted to x86 PE
    targets, to any ELF based target.  This allows the generation of an import
    library for an ELF executable, which can then be used by another application
    to link against the executable.
  * Add -z bndplt option (x86-64 only) to support Intel MPX.
  * Add --orphan-handling option.
  * Add --stub-group-multi option (PowerPC only).
  * Add --target1-rel, --target1-abs, --target2 options (Arm only).
  * Add -z stack-size option.
  * Add --be8 option (Arm only).
  * Add HIDDEN support in linker scripts.
  * Add SORT_BY_INIT_PRIORITY support in linker scripts.
- Add binutils-2.28-branch.diff.
- Remove binutils-2.27-branch.diff
- Remove binutils-2.27-fix-section-order.diff,
  and aarch64-alignment-frags.patch now upstream.
- Configure with --with-system-zlib
- Add binutils-bso21193.diff to fix section alignment on
  .gnu_debuglink.  [bso#21193]
- Add s390x to gold_archs.
- Fix alignment frags for aarch64 (boo#1003846)
- Call ldconfig for libbfd
- Add refine_.cfi_sections_check_to_only_consider_compact_eh_frame.patch
  from upstream to fix an assembler problem with clang on ARM.
- Update binutils-2.27-branch.diff to include recent fixes from the branch.
- Add binutils-2.27-fix-section-order.diff to restore monotonically
  increasing section offsets.
- Remove qemu workaround from spec file, since qemu 2.5.0rc0 the
  length of the argument list is no longer limited to 128 kByte.
- Update to binutils 2.27.
  * Add a configure option, --enable-64-bit-archive, to force use of a
    64-bit format when creating an archive symbol index.
  * Add --elf-stt-common= option to objcopy for ELF targets to control
    whether to convert common symbols to the STT_COMMON type.
  * Default to --enable-compressed-debug-sections=gas for Linux/x86 targets.
  * Add --no-pad-sections to stop the assembler from padding the end of output
    sections up to their alignment boundary.
  * Support for the ARMv8-M architecture has been added to the ARM port.
    Support for the ARMv8-M Security and DSP Extensions has also been added
    to the ARM port.
  * ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and
    .extCoreRegister pseudo-ops that allow an user to define custom
    instructions, conditional codes, auxiliary and core registers.
  * Add a configure option --enable-elf-stt-common to decide whether ELF
    assembler should generate common symbols with the STT_COMMON type by
    default.  Default to no.
  * New command line option --elf-stt-common= for ELF targets to control
    whether to generate common symbols with the STT_COMMON type.
  * Add ability to set section flags and types via numeric values for ELF
    based targets.
  * Add a configure option --enable-x86-relax-relocations to decide whether
    x86 assembler should generate relax relocations by default.  Default to
    yes, except for x86 Solaris targets older than Solaris 12.
  * New command line option -mrelax-relocations= for x86 target to control
    whether to generate relax relocations.
  * New command line option -mfence-as-lock-add=yes for x86 target to encode
    lfence, mfence and sfence as "/lock addl $0x0, (%[re]sp)"/.
  * Add assembly-time relaxation option for ARC cpus.
  * Add --with-cpu=TYPE configure option for ARC gas.  This allows the default
    cpu type to be adjusted at configure time.
  * Add a configure option --enable-relro to decide whether -z relro should
    be enabled by default.  Default to yes.
  * Add support for s390, MIPS, AArch64, and TILE-Gx architectures.
  * Add support for STT_GNU_IFUNC symbols.
  * Add support for incremental linking (--incremental).
  GNU ld:
  * Add a configure option --enable-relro to decide whether -z relro should
    be enabled in ELF linker by default.  Default to yes for all Linux
    targets except FRV, HPPA, IA64 and MIPS.
  * Support for -z noreloc-overflow in the x86-64 ELF linker to disable
    relocation overflow check.
  * Add -z common/-z nocommon options for ELF targets to control whether to
    convert common symbols to the STT_COMMON type during a relocatable link.
  * Support for -z nodynamic-undefined-weak in the x86 ELF linker, which
    avoids dynamic relocations against undefined weak symbols in executable.
  * The NOCROSSREFSTO command was added to the linker script language.
  * Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply
    link-time values for dynamic relocations.
- Add binutils-2.27-branch.diff with fixes on the branch sofar.
- Remove gold-relocate-tls.patch, included in binutils 2.27.
- Update to binutils 2.26.1.
- Remove binutils-2.26-branch.diff.
- Update binutils-2.26-branch.diff, updates to branch head.
  (swo#19807) (bnc#970239)
- Disable -mrelax-relocations by default on old products.
- Update binutils-2.26-branch.diff, updates to branch head.
  (swo#19739) (swo#19775)
- Add binutils-2.26-branch.diff, updates to branch head.
  * Adds -mrelax-relocations on x86
  * Fixes bso#19698
- Refresh cross-avr-nesc-as.patch
- Update to binutils 2.26
  * Add --fix-stm32l4xx-629360 to the ARM linker to enable a link-time
    workaround for a bug in the bus matrix / memory controller for some of
    the STM32 Cortex-M4 based products (STM32L4xx)
  * Add a configure option --enable-compressed-debug-sections={all,ld} to
    decide whether DWARF debug sections should be compressed by default.
  * Add support for the ARC EM/HS, and ARC600/700 architectures.
  * Experimental support for linker garbage collection (--gc-sections)
    has been enabled for COFF and PE based targets.
  * New command line option for ELF targets to compress DWARF debug
    sections, --compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi].
  * New command line option, --orphan-handling=[place|warn|error|discard], to
    adjust how orphan sections are handled.  The default is 'place' which gives
    the current behaviour, 'warn' and 'error' issue a warning or error
    respectively when orphan sections are found, and 'discard' will discard all
    orphan sections.
  * Add support for LLVM plugin.
  * Add --print-memory-usage option to report memory blocks usage.
  * Add --require-defined option, it's like --undefined except the new symbol
    must be defined by the end of the link.
  * Add a configure option --enable-compressed-debug-sections={all,gas} to
    decide whether DWARF debug sections should be compressed by default.
  * Add support for the ARC EM/HS, and ARC600/700 architectures.  Remove
    assembler support for Argonaut RISC architectures.
  * Add option to objcopy to insert new symbols into a file:
  - -add-symbol <name>=[<section>:]<value>[,<flags>]
  * Add support for the ARC EM/HS, and ARC600/700 architectures.
  * Extend objcopy --compress-debug-sections option to support
  - -compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi] for ELF
  * Add --update-section option to objcopy.
  * Add --output-separator option to strings.
- Includes z13 support, remove 0001-S-390-Add-support-for-IBM-z13.patch,
  0004-S-390-Fixes-for-z13-instructions.patch and
- Includes fixes in binutils-fix--dynamic-list.patch,
  binutils-fix-gold-aarch64.diff, gold-arm64-abi-pagesize.patch
  and s390-troo-insn-type.patch
- Refresh s390-pic-dso.diff and binutils-build-as-needed.diff
- gold-relocate-tls.patch: Fix internal error when applying TLSDESC
  relocations with no TLS segment
- s390-troo-insn-type.patch: fix wrong insn type for troo insn
- aarch64-common-pagesize.patch: change default common-page-size to 64K on
- gold-arm64-abi-pagesize.patch: fix ABI pagesize for aarch64 in gold
- Disable use-hashtype-both-by-default.diff for
  the mips target, it's incompatible with it.  [bnc #938658]
- Add cross-rx-binutils package for Renesas RX
- Work around qemu bug
- Update to 2.25 branch at 2f5b97b4f (changes
  binutils-2.25-branch.diff.gz) fixes PR 18481, gas/18541.
- Add patches for s390 z13 support (backports from
  to-be 2.26):
  0005-S-390-z13-use-GNU-attribute-to-indicate-vector-ABI.patch .
- Fix %TARGET vs. $TARGET_OS inconsistencies by turning $TARGET_OS
  into %TARGET_OS for reuse in install and file sections.
  This fixes the assumption that $TARGET_OS will match %{TARGET}*.
- enable gold for aarch64
- Move sed call from %prep to %build to not disturb quilt.
- Add binutils-2.25-branch.diff.gz:
  Update to 2.25 branch at 8fe8994c, fixing many bugs:
  PR ld/15228, binutils/17512, 17165, binutils/17531, ld/17615, 17666,
  ld/17709, gas/17753, 17755, 17817, ld/17827, 17842, binutils/17926,
  17954, 18010, ld/18167, ld/18222, ld/18270.
- Remove eh-frame-hdr-on-shared-lib-bfd.patch: Included already.
- Remove gold-opd-visibility.patch: Included already.
- move info deinstall to preun section
- Added binutils-fix--dynamic-list.patch:
  Fixes and
- gold-opd-visibility.patch: Set default visibility on discarded .opd
- eh-frame-hdr-on-shared-lib-bfd.patch: Don't create .eh_frame_hdr on
  shared lib bfd, fixes building libgcj on ppc64
- Update to binutils 2.25 release.
  * Add --data option to strings to only print strings in loadable, initialized
    data sections.  Change the default behaviour to be --all, but add a new
    configure time option of --disable-default-strings-all to restore the old
    default behaviour.
  * Add --include-all-whitespace to strings.
  * Add --dump-section option to objcopy.
  * Add support for the Andes NDS32.
  * PE binaries now once again contain real timestamps by default.  To disable
    the inclusion of a timestamp in a PE binary, use the --no-insert-timestamp
    command line option.
  * Replace support for openrisc and or32 with support for or1k.
  * Add support for the --build-id command line option to COFF based targets.
  * x86/x86_64 pe-coff now supports the --build-id option.
  * Add support for the AVR Tiny microcontrollers.
  * Enhanced the ARM port to accept the assembler output from the CodeComposer
    Studio tool.  Support is enabled via the new command line option -mccs.
- Update to 2.25 branch head.
  * Pulls PIE fixes.
- Minor fix on the usage of update-alternatives
- Update to current 2.25 pre-release branch, at 127a4644.
- binutils-fix-gold-aarch64.diff: fixing build temporarily broken
  on brach.
- Remove obsolete patches: binutils-2.24-branch.diff.gz,
  pie-m68k.patch, binutils-2.24-auto-plugin.diff, ld-testsuite.patch,
  binutils-2.24-bso16746.diff .
- Enable Adapteva Epiphany target
- btt: make device/devno use PATH_MAX to avoid overflow
  (CVE-2018-10689 bsc#1091942).
  - Added btt-make-device-devno-use-path_max-to-avoid-overflow.patch
- Update to version 1.1.0+git.20170126:
  * blktrace: Add support for sparse CPU numbers
  * blktrace: Reorganize creation of output file name
  * blktrace: Create empty output files for non-existent cpus
- Update to version 1.1.0+git.20160823:
  * Use maximum over all traces for queue depth
  * Process notify events outside of given interval
  * iowatcher: Use queue events if issue not available
  * btt: Replace overlapping IO
  * Zero sectors are strange
  * Don't prepend blktrace destination dir if we didn't run blktrace
  * Separate prefix in legend with space
  * Fixup graph name in help text
  * blktrace: remove -k from manpage synopsis
  * iowatcher: link with -lrt
- Update to version 1.1.0+git.20160425:
  * Refer to sda instead of hda in man pages
  * btreplay: Fix typo in scaling up the dynamic cpu set size.
  * include sys/types.h for dev_t definition
  * Fix warnings on newer gcc
  * Add the "/-a discard"/ filter option to the blktrace.8 man page
  * blktrace: Use number of online CPUs
  * btreplay: fix memory corruption caused by CPU_ZERO_S
  * btreplay: fix sched_{set|get}affinity
  * btreplay: make Ctrl-C work
  * btreplay: remove timestamps
- Add _service for automatic git syncing
  + exclude .git when generating tarball
  + enable automatic changelog updating
- Update to 1.1.0:
  - merge iowatcher
- Update to 1.0.5 version:
  * Fix compiler warnings
  * avoid string overflows
- Some improvements like using macro instead of RPM variables
- Add some missed fonts
- Make it build with latest TeXLive 2012 with new package layout
- Update to v1.0.3 (bnc#720300 and others).
  - Updated documentation
  - Fixed multiple output errors
  - Added FLUSH/FUA support
  - Misc bug fixes
- disable parallel build again
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
- Fix build with no-add-needed (missing -pthread)
- Fix memory leak (bnc #546035)
- Fix memory leak in btrecord (bnc #523444).
- Fix typo in btt (bnc #511264).
- Update to version 1.0.1:
  * blkrawverify: warn and return error if no traces are found
  * blkiomon manpage and usage reference invalid "/msg-queue-name"/ option
  * fix up btrace options & manpage
  * more manpage fixups
  * fix max-pkts option inconsistencies
  * Converted to using the correct remap entries
  * blkiomon: fix unaligned accesses on ia64
  * fix off-by-one issues in blkiomon.h
  * fix include statement in stats.h
  * handle race to mkdir at startup
  * Fixed plug/unplug logic in btt
  * Working on fixing % time q plugged
  * fix trivial typo in manpage
  * Add NOTIFY to activity mask
  * Blktrace failed to lock reader threads on the cpu used by the
    corresponding writer. This resulted in stale data being consumed when
    blktrace accidently read at a position that was being written to at the
    same time. This issue surfaced as "/bad trace magic"/ warnings emitted by
    blktrace tools.
  * Generate matplotlib plots for btt generated data
  * Update Jenkins hash to lookup3() variant
  * Fixed EAGAIN handling in blktrace.c
  * O_NOATIME isn't always present
  * btt: Added no remap option
  * btt general cleanup plus valgrind clean
  * btt: Missed fopen conversion to my_fopen
  * Code review updates
  * Reworked blktrace master/thread interface
  * Cleaned up devs that have no data
  * Moved starting of tracing after tracers are going
  * btt: fixed open in setup_ifile
  * Synchronized trace gathering
  * Invoke gethostbyname once, handle errors better
  * Added accept as a system call needing resource increases
  * Rewrote blktrace to have a single thread per CPU
  * Fix btt to handle large numbers of output files
  * Increased limits to allow for large system runs
  * A couple of min-counters weren't initialised correctly (thrput_r,
    thrput_w). We have got a perfectly working init function for this
    purpose. Removing partially duplicated code.
  * The git commit 11914a53d2ec2974a565311af327b8983d8c820d added
    __BLK_TA_ABORT to blktrace_api.h. A corresponding addition to the blktrace
    tools repository has been missing, breaking the API. Blkparse complained:
    "/Bad fs action 40010011"/
  * Added no messages option to blkparse.c
  * gcc 4.3.2 has started to warn about:
  * Added -P to create a data file w/ Q, D and C per line
  * Fixed 'M' displays on per-io output and added in I/O separator
  * Fixed segfault in aqd.c : need to check for NULL (not requested)
  * Added in -z to provide running waiting-for-issue latencies
  * Moved btrecord/btreplay to version 1.0.0
- Build with docs by default.
- Fix package split done for shared library packaging guideline (bsc#1184479).
- Update to version 2.20
  * Silent some gcc warnings, also avoid common variable (boo#1160385)
  * Include <sys/sysmacros.h> for makedev
  * sort input files (boo#1041090)
  * libconsole: never return empty list from getconsoles()
  * libconsole: Really allow to use /dev/console as a fallback in showconsole
  * libconsole: Add console into the list only when successfully allocated
  * libconsole: Correctly ignore early consoles
- Remove obsolate patch blog-Remove-unused-header.patch
- Add blog-Remove-unused-header.patch: Fix build with new glibc
- Implement shared library packaging guideline.
- Update to version 2.19 which integrates the patches now removed:
  * sysmacros.patch
  * libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
  * libconsole-never-return-empty-list-from-getconsoles.patch
  * showconsole-2.18.tar.gz
  * libconsole-Add-console-into-the-list-only-when-succe.patch
  * libconsole-Correctly-ignore-early-consoles.patch
  as well as the changes
  * Correct wants directory for systemd-ask-password-blog.service
  * Sort input files for reproducible builds
- sysmacros.patch: Include <sys/sysmacros.h> for makedev
- Use %license instead of %doc [bsc#1082318]
- hardening of the console list generation (bsc#1071568):
  * libconsole-never-return-empty-list-from-getconsoles.patch
  * libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
  * libconsole-Add-console-into-the-list-only-when-succe.patch
  * libconsole-Correctly-ignore-early-consoles.patch
- Change description of blog-plymouth in same manner as used by
  the release notes
- Add coreutils as required by post scriptlet (boo#1036436)
- Use github source from tagged version
- Use as URL
- Install binaries with read permissions (bnc#990837)
- Do not use privata glibc API (boo#967437) but implement
  missing shared memory mkstemp()
- Remove patch remove-bad-symbol-use.patch
- remove-bad-symbol-use.patch: Remove bad use of internal glibc interface
- Make clear that blog is split off from sysvinit-tools
- Avoid to be tagged with GLIBC_PRIVATE
- Use with version, that is major and minor
- Bug fix version: Handle chached password request gracefully
- add blog-rpmlintrc. The all-manual handling of systemd services
  is required according to Werner.
- Let libblogger become a shared library
- Clean up service uits for close and umount
- First initial package after splitting apart from sysvinit
  * Now blogd can replace plymouth(9) even from initrd
  * Also blogd is able to handle password requests from
    from systemd API
  * The blogd daemon writes out console messages even on reboot
    or halt up to the file systems become unavailable.
  * No locking of the console devices, no frame buffer switching.
- libreoffice_compat_backports.patch: add a backport of
  Boost.Optional::has_value() for LibreOffice
- Use %license instead of %doc [bsc#1082318]
- Multibuild requires versioned Name: tag and doesn't seem to do
  this automatically. (bnc#1076640)
- Update to version 1.66.0
  + Beast: new portable HTTP, WebSocket and network operations
    using Boost.Asio. Header-only library.
  + Callable Traits: new library and successor to
    Boost.FunctionTypes. Header-only library.
  + Mp11: new metaprogramming library
  + Asio:
  * implemented interface changes to reflect the Networking TS
  * functions and classes that have been superseded by
    Networking TS functionality have been deprecated.
  * added support for customized handler tracking
  * removed previously deprecated functions
  + Atomic: improved compatibility with GCC 7. 128-bit operations
    on x86_64 no longer require linking with compiled library.
  + DateTime: Fixed an integral overflow that could cause incorrect
    results when adding or subtracting many years from a date.
  + Format: New format specifiers added and volatile arguments
    can not be safely used with operator%
  + Fusion:
  * fix compile error with std::array
  * remove circular preprocessor include
  + PolyCollection: backported to GCC 4.8 and 4.9 with some
  + Uuid: added RTF-4122 namespaces in boost::uuids::ns
  + for complete changelog, see
- refreshed patches: boost-rpmoptflags-only.patch
- re-enable Python 2 by default. It's still conditional, but
  remains enabled by default. This can be disabled in project
- build Python 2 conditionally
- Use multibuild setup - build no-dependency libraries in the
  base package and build the rest of the compiled libraries in
  the main variant. This should speed up bootstrapping.
- boost-devel not built by default anymore.
- libboost_headers-devel now provides boost-devel for legacy
  dependencies. If you need compiled boost libraries depend on
  the current compiled devel subpackage.
- run %fdupes only on the header files and documentation
- drop build dependencies on gcc-fortran, chrpath.
- Setup MPI environment prior to building boost.
- Switch to OpenMPI2 as OpenMPI1 is becoming deprecated.
- New upstream version 1.65.1
  + config, fiber - Return a continuation from functions executed
    by resume_with.
  + stacktrace - Change preprocessor file extensions to work with
    the installation system.
- Changes in version 1.65.0
  + stacktrace - new library providing call sequence in human
    readable format.
  + polycollection - new library providing fast containers of
    polymorphic objects, from Joaquín M López Muñoz.
  + For full list of changes, see
- 1d862615.patch: upstreamed and removed
- gcc_path.patch: obsolete, tr1 module is removed
- mpi_upstream.patch: upstreamed and removed
- boost-1.57.0-python-abi_letters.patch: refreshed
- python_library_name.patch: refreshed and reverted upstream
  changes to mpi/build/Jamfile as we are building python2 and
  python3 versions of MPI separately.
- baselibs.conf
  + add libboost_stracktrace
  + update to version 1.65.1
- 1d862615.patch: Fix regression caused by refactoring of
  serialization code (bnc#1038083)
- make python-numpy optional build dependency
- fix building of mpi python3 plugin
- New upstream version 1.64.0
  + process - new library providing cross platform methods to
  - create child processes
  - setup stream for child processes
  - sync and async communication streams with children
  - sync and async wait
  - process termination
  + geometry library had some breaking changes,
  - ublas_transformer is renamed to matrix_transformer
  - explicit modifier is added to constructors of rtree
    index::dynamic_* parameters
  - strategy::area::huiller replaced by strategy::area::spherical
  + context library updates
  - deprecated API:execution-context
  - fixed bad assembly for fcontext on ppc64/sysv/elf
  + Updated libraries: any, atomic, config, container, context,
    conversion, core, coroutine2, fiber, hash, interprocess,
    intrusive, lexicalcast, math, multi-index containers,
    multiprecision, predef, program options, regex, smart pointers,
    test ,typeindex, typetraits, unordered, variant
  + for details, see
- Build PyNumpy module
  + add build requires on python-numpy
- test_lowcase.patch: upstreamed
- refreshed patches: boost-strict_aliasing.patch, gcc_path.patch,
- mpi_upstream.patch: pending upstream fixes to OpenMPI build
- python_library_name.patch: we are building python versions in
  different stagings so drop library renames.
- python_numpy_retfunc.patch: rpmlint fixes
- update python macros
- baselibs.conf: (re)add python 2.7 and 3.x libraries
- Fix dependency typos.
- test_lowcase.patch: downcase Boost::Test usage of uppercase
  variables. VERSION was clashing with GNU Autotools define
  resulting in compilation errors of various packages.
- recombine headers from various devel subpackages under the
  libboost_headers-devel package. Not all usage of headers that
  have compiled parts pull in their associated compiled symbols.
- general cleanup of the spec file from old, commented stuffs
- remove non-existent dependency in the boost mpi python package
- update to version 1.63.0
  * updated libraries: atomic, container, context, fiber,
    fusion, geometry, hash, interprocess, intrusive, lexical cast,
    log, metaparse, move, optional, phoenix, python, test,
    typeindex, units, unordered
  * see
    for complete list of changes
- refresh patches
  * boost-1.55.0-python-test-PyImport_AppendInittab.patch
  * boost-strict_aliasing.patch, and enable -fno-strict-aliasing
    for python module
- baselibs.conf:
  * add libboost_locale
  * rename python to include new soname
- remove python-2059618.patch, not needed
- make build condition --without buil_mpi work
- allow building without python3 bindings, for SLE11SP4
- remove versioned build dependency on libicu-devel, apparently
  not needed.
- split out the boost-devel package into individudal compiled
  libraries and their -devel subpackages and libboost_headers-devel
  package for header-only libraries.
- remove all the symlinks, probably not needed anymore.
- ship MPI python bindings for both Python 2.7 and 3.x
  * add python_mpi.patch to allow proper compiled library loading
- dynamic_linking.patch: first attempt to remove static library
  generation during build process.
- Revert upstream change that set default python version and
  ignored user configuration.
  python-2059618.patch (boo#1006584)
- Rectify groups and description
- package boost-jam
- add missing ldconfig for libboost_type_erasure
- fix EOL encoding for documentation files
- update to version 1.62.0
  * new library: fiber: framework for userland-threads/fibers
  * new library: QVM: library for working with quaternions,
    vectors and matrices of static size
  * see
    for complete changelog
- remove boost-fix_include_config.patch - upstreamed
- gcc_path.patch - fix GCC search paths (bnc#996917)
  Boost assumes /usr/include/c++/x.y.z/ existence for GCC 4.x
  onward while our version of GCC only has /usr/include/c++/x.y
  for 4.x GCC and /usr/include/c++/x/ for 5.x onward.
- migrate to using %bcond_ instead of hardcoding macros
  for different Boost features
- better way to limit max number of compilation units than
  by reading /proc/meminfo and guesstimating.
- Fix boo#994378, boo#994381, boo#994382 boo#994383:
  Fix build issues when optional_fwd.hpp is used before
  including boost/config.hpp
- Add boost-fix_include_config.patch from
- build it from "/boost.spec"/, but create versioned "/boost-1_61-devel"/
- build quickbook also in versioned package
- update to version 1.61.0
  Details on
  Obsolete patches:
  * boost-1.59-test-fenv.patch
  * boost-deprecated-type_traits.patch
- rename package to boost-1_60 to allow multiple versions
- Fix build on systems with GCC4
- Added libboost_python3 to the dependency macro.
  * boost-devel will now correctly requires libboost_python3.
- Add boost-deprecated-type_traits.patch to fix deprecated
  type_traits usage in boost/graph/adjacency_matrix.hpp header.
- Add the following patches from Fedora to fix underlinking in
  boost::python code
  * boost-1.57.0-python-abi_letters.patch
  * boost-1.57.0-python-libpython_dep.patch
  * boost-1.55.0-python-test-PyImport_AppendInittab.patch
- Updated to version 1.60.0
  * New library: VMD.
  * Updated libraries: Atomic, Chrono, Container, Context, Core,
    Filesystem, Flyweight, Fusion, Interprocess, Intrusive, Lexical
    Cast, Locale, log, Move, Multi-index Containers, odeint,
    Optional, Predef, Test, Thread, UUID
  * See for
    complete changelog.
- Modified patch:
  * boost-disable-pch-on-aarch64.patch
  - rediff to a new context
- Removed patch:
  * boost-1.59-python-make_setter.patch
  - integrated upstream
- Add libboost_type_erasure subpackage
- Add support to Boost:Python3 (boo#951902)
  * New library: python3
- Add boost-visibility.patch to make members of basic_xml_grammar<char>
  visible (boo#958150).
- Fix redefinition of _docdir.
- coroutine2 depends on context, disable it if context is not built
- Updated to version 1.59.0:
  * New libraries: Convert, Coroutine2
  * Updated Libraries: Container, Context, Coroutine, Fusion,
    Geometry, Interprocess, Intrusive, Lexical Cast, Log, Move,
    Multi-index Containers, Predef, Program Options, Property Tree,
    Boost.Test v3, TypeIndex, Variant
  * See for
    complete changelog.
- context now builds on aarch64
- Import two patches from Fedora: boost-1.59-python-make_setter.patch,
- Drop 0001-Fix-exec_file-for-Python-3-3.4.patch,
  boost-uuid-comparison.patch, boost-unrecognized-option.patch.
  Fixed upstream.
- Remove unneeded dependency on xorg-x11-devel
- boost-unrecognized-option.patch: remove unrecognized option -m32
- update to 1.58.0:
  boost docs remain at 1.56 since upstream hasn't updated yet
  * New Libraries: Endian, Sort.
  * Updated Libraries: Asio, Chrono, Container, Context, Conversion,
  DateTime, Flyweight, Function, Functional/Factory, Fusion, Geometry,
  Hash, Interprocess, Intrusive, Lexical Cast, Log, Math, Move,
  Multi-index Containers, Multiprecision, Optional, Phoenix,
  Predef, Random, Thread, TypeErasure, TypeIndex, Units,
  Unordered, Variant.
- add 0001-Fix-exec_file-for-Python-3-3.4.patch ,
  0002-Fix-a-regression-with-non-constexpr-types.patch: Fixes regressions
  in 1.58
- drop bjam-alignment.patch, boost-gcc5.patch: Already fixed upstream
- add boost-rpmoptflags-only.patch: Build only with optflags
- add boost-aarch64-flags.patch: Avoid using -m64
- add boost-uuid-comparison.patch: Fix regression in UUID operator<
- add boost-disable-pch-on-aarch64.patch: Disable pch on math library
  to avoid compiler segfault
- Add quickbook subpackage
- Use $RPM_OPT_FLAGS for building, force use of the GCC toolset.
  Be more verbose and fail building with the first error.
- Add boost-gcc5.patch to use -std=c++11 when building the coroutines
  module which fixes build with GCC 5.
- Revert the python3 building: it resulted in BOTH libboost_python
  libraries to be using python 3 instructions, resulting in
  failures of all Py2 related packages.
- Add brotli_Verbose-CLI+Shared-Brotli.patch: Verbose CLI + start
  pulling "/Shared-Brotli"/.
  * verbose CLI output; fix gh#google/brotlie#666.
  * pull `SHIFT` transforms; currently this is semantically dead
    code; later it will be used by "/Shared-Brotli"/.
- Add brotli_Ensure-decompression-consumes-all-input.patch: Ensure
  decompression consumes all input. If not, it's a corrupt stream.
- Tweak spec slightly.
- Avoid bashisms, install manpages without +x bit, get rid of
  wrap descriptions, feed through cleaner.
- brotli 1.0.7:
  * faster decoding on ARM
  * improved precision of window size calculation in CLI
- includes changes from 1.0.6:
  * fix unaligned 64-bit accesses on AArch32
  * add ASAN/MSAN unaligned read specializations
  * fix JDK 8<->9 incompatibility
- Add baselibs.conf, build 32bit library support.
- Use cmake macros for building and tests
- Update to version 1.0.5:
  * improve q=1 compression on small files
  * inverse Bazel workspace tree
  * add rolling-composite-hasher for large-window mode
  * add tools to download and transform static dictionary data
- Changes for version 1.0.4:
  * fix unaligned access for aarch64-cross-armhf build
  * fix aarch64 target detection
  * allow CLI to compress with enabled "/large window"/ feature
  * add NPOSTFIX / NDIRECT encoder parameters
  * automatic NDIRECT/NPOSTFIX tuning (better compression)
  * fix "/memory leak"/ in python tests
  * fix bug in durchschlag
  * fix source file lists (add params.h)
  * fix Bazel/MSVC compilator options
  * fix "/fall though"/ warnings
- Add missing libbrotlicommon%%{sover} and libbrotlidec%%{sover}
  Requires to devel subpackage.
- Update to new upstream release 1.0.3
  * New "/Large Window Brotli"/ feature
  * New dictionary generator
- Merge devel subpackages as libbrotli-devel
- Avoid shipping duplicate files.
  Avoid shipping, this just contains the description -
  and build instructions.
- Drop duplicate Requires on -devel.
- build for SLE_12 and SLE_12_SP1
- update to Brotli 1.0.2
  + Major chnages
  * added Autotools build files
  * switched shared library version to libtool scheme
  + Minor changes
  * BrotliDictionary members are not const now
  * ZopfliNode distance could be up to 128MiB
  * fixed API documentation typos
  * total_out is always set by decoder
  * fixed BROTLI_ENSURE_CAPACITY macro; no-op in preprocessed output
  + Other changes
  * fixed scripts for oss-fuzz, test them with Travis
  * made Bazel JNI tests less messy
  * fixed linter warnings in JS decoder
  * fixed permissions of various files
  * added Bazel build to Appveyor matrix
  * added Sieve dictionary generator
- update to Brotli 1.0.1
  + updated
  + fixed parallel exeuction of CMake "/compatibility"/ tests
- update to Brotli 1.0.0
  + new CLI; bro -> brotli; + man page
  + remove "/custom dictionary"/ support
  + add ability to side-load brotli RFC dictionary
  + add decoder API to avoid ringbuffer reallocation
  + PY streaming decompression support
  + PY wrapper accepts memview
- spec file changes
  + improve descriptions
  + add man pages
- spec file changes
  + improve package description
- update to Brotli 0.6.0
  + better compression on 1MiB+ files
  + update "/common"/ API to make dictionary fetching more flexible
  + fix decoder bug #502
  + faster compression on mid-low quality levels
  + fix encoder q10-11 slowdown after long copy #468
  + introduce Brotli*TakeOutput API
- now build shared libraries and development files in the following
  new packages:
  + libbrotlicommon0_6_0
  + libbrotlicommon-devel
  + libbrotlidec0_6_0
  + libbrotlidec-devel
  + libbrotlienc0_6_0
  + libbrtolienc-devel
- initial package
- Correct check_running_fs_exclop() return value (bsc#1184481)
- Refresh manual pages after the docs change (jsc#SLE-13586)
- Enqueue feature to wait for exclusive operation to finish
- Added patches:
  * 0001-btrfs-progs-add-get_fsid_fd-for-getting-fsid-using-f.patch
  * 0002-btrfs-progs-add-sysfs-file-reading-helpers.patch
  * 0003-btrfs-progs-add-helpers-for-parsing-filesystem-exclu.patch
  * 0004-btrfs-progs-check-for-exclusive-operation-before-iss.patch
  * 0005-btrfs-progs-add-helper-to-check-or-wait-for-exclusiv.patch
  * 0006-btrfs-progs-add-enqueue-parameter-for-exclusive-ops.patch
- btrfs-progs: check: fix segfault with -Q (bsc#1158560)
- Added patches:
  * btrfs-progs-check-initialize-qgroup_item_count-in-ea.patch
- btrfs-progs: check: fixup_extent_flags needs to deal with non-skinny
  metadata (bsc#1131334).
- Added patches:
  * btrfs-progs-check-fixup_extent_flags-needs-to-deal-with-non-skinny-metadata.patch
- Use correct path for dracut-fsck-help.txt in (bsc#1122539)
  * Remove
  * Add
- Advise user of fs recovery options when we fail to mount (fate#320443,
  * Add dracut-fsck-help.txt
  * Add
- Implement fate#325871
  * Added 0001-btrfs-progs-Add-support-for-metadata_uuid-field.patch
  * Added 0002-btrfs-progs-btrfstune-Add-support-for-changing-the-u.patch
  * Added 0003-btrfs-progs-Remove-fsid-metdata_uuid-fields-from-fs_.patch
  * Added 0004-btrfs-progs-Remove-btrfs_fs_info-new_fsid.patch
  * Added 0005-btrfs-progs-Directly-pass-root-to-change_devices_uui.patch
- update to version 4.19.1
  * check
  * many lowmem mode improvements
  * properly report qgroup mismatch errors
  * check symlinks with append/immutable flags
  * fi usage
  * correctly calculate allocated/unallocated for raid10
  * minor output updates
  * mkfs
  * detect ENOSPC on thinly provisioned devices
  * fix spurious EEXIST during directory traversal
  * restore: fix relative path for restore target
  * dump-tree: print symbolic tree names for backrefs
  * send: fix regression preventing send -p with subvolumes mounted on "//"/
  * corrupt-tree: refactoring and command line updates
  * build
  * make it work with e2fsprogs < 1.42 again
  * restore support for autoconf 2.63
  * detect if -std=gnu90 is supported
  * other
  * new tests
  * cleanups
- update to version 4.19
  * check: support repair of fs with free-space-tree feature
  * core:
  * port delayed ref infrastructure from kernel
  * support write to free space tree
  * dump-tree: new options for BFS and DFS enumeration of b-trees
  * quota: rescan is now done automatically after 'assign'
  * btrfstune: incomplete fix to uuid change
  * subvol: fix 255 char limit checks
  * completion: complete block devices and now regular files too
  * docs:
  * ship uncompressed manual pages
  * btrfsck uses a manual page link instead of symlink
  * other
  * improved error handling
  * docs
  * new tests
- update to version 4.17.1
  * check:
  * add ability to fix wrong ram_bytes for compressed inline files
  * beautify progress output
  * btrfstune: allow to continue uuid change after unclean interruption
  * several fuzz fixes:
  * detect overalpping chunks
  * chunk loading error handling
  * don't crash with unexpected root refs to extents
  * relax option parsing again to allow mixing options and non-options
  * fix qgroup rescan status reporting
  * build:
  * drop obsolete dir-test
  * new configure option to disable building of tools
  * add compatibility options --disable-static and --disable-shared
  * other:
  * cleanups and preparatory work
  * new test images
- spec cleanup
- update to version 4.17
  * check
  * many lowmem mode improvements
  * properly report qgroup mismatch errors
  * check symlinks with append/immutable flags
  * fi usage
  * correctly calculate allocated/unallocated for raid10
  * minor output updates
  * mkfs
  * detect ENOSPC on thinly provisioned devices
  * fix spurious EEXIST during directory traversal
  * restore: fix relative path for restore target
  * dump-tree: print symbolic tree names for backrefs
  * send: fix regression preventing send -p with subvolumes mounted on "//"/
  * corrupt-tree: refactoring and command line updates
  * build
  * make it work with e2fsprogs < 1.42 again
  * restore support for autoconf 2.63
  * detect if -std=gnu90 is supported
- Removed patches (upstreamed):
  * 0001-btrfs-progs-convert-fix-support-for-e2fsprogs-1.42.patch
  * 0002-btrfs-progs-build-autoconf-2.63-compatibility.patch
  * 0003-btrfs-progs-build-detect-whether-std-gnu90-is-suppor.patch
- Fix building on SLE11:
  * btrfs-progs: convert: fix support for e2fsprogs < 1.42
  * btrfs-progs: build: detect whether -std=gnu90 is supported
  * btrfs-progs: build: autoconf 2.63 compatibility
  * Fixed mismerged addition of libbtrfsutil1 package description
- Added patches:
  * 0001-btrfs-progs-convert-fix-support-for-e2fsprogs-1.42.patch
  * 0002-btrfs-progs-build-autoconf-2.63-compatibility.patch
  * 0003-btrfs-progs-build-detect-whether-std-gnu90-is-suppor.patch
- update to version 4.16.1
  * remove obsolete tools: btrfs-debug-tree, btrfs-zero-log, btrfs-show-super,
  * sb-mod: new debugging tool to edit superblock items
  * mkfs: detect if thin-provisioned device does not have enough space
  * check: don't try to verify checksums on metadata dump images
  * build: fail documentation build if xmlto is not found
  * build: fix build of btrfs.static
- Remove patch: 0001-btrfs-progs-build-fix-static-build.patch (upstream)
- Update initrd script
- update to version 4.16
  * libbtrfsutil - new LGPL library to wrap userspace functionality
  * several 'btrfs' commands converted to use it:
  * properties
  * filesystem sync
  * subvolume set-default/get-default/delete/show/sync
  * python bindings, tests
  * build
  * use configured pkg-config path
  * CI: add python, musl/clang, built dependencies caching
  * convert: build fix for e2fsprogs 1.44+
  * don't install library links with wrong permissions
  * fixes
  * prevent incorrect use of subvol_strip_mountpoint
  * dump-super: don't verify csum for unknown type
  * convert: fix inline extent creation condition
  * check:
  * lowmem: fix false alert for 'data extent backref lost for snapshot'
  * lowmem: fix false alert for orphan inode
  * lowmem: fix false alert for shared prealloc extents
  * mkfs:
  * add UUID and otime to root of FS_TREE - with the uuid, snapshots will
    be now linked to the toplevel subvol by the parent UUID
  * don't follow symlinks when calculating size
  * pre-create the UUID tree
  * fix --rootdir with selinux enabled
  * dump-tree: add option to print only children nodes of a given block
  * image: handle missing device for RAID1
  * other
  * new tests
  * test script cleanups (quoting, helpers)
  * tool to edit superblocks
  * updated docs
- Add patch: 0001-btrfs-progs-build-fix-static-build.patch
- Add new library packages: libbtrfsutil
- use documentation shipped by upstream tar, reduce dependencies
- update to version 4.15
  * mkfs --rootdir reworked, does not minimize the final image but can be still
    done using a new option --shrink
  * fix allocation of system chunk, don't allocate from the reserved area
  * other
  * new and updated tests
  * cleanups, refactoring
  * doc updates
- spec: fix distro version condition
- update to version 4.14.1
  * dump-tree: print times of root items
  * check: fix several lowmem mode bugs
  * convert: fix rollback after balance
  * other
  * new and updated tests, enabled lowmem mode in CI
  * docs updates
  * fix travis CI build
  * build fixes
  * cleanups
- update to version 4.14
  * build: libzstd now required by default
  * check: more lowmem mode repair enhancements
  * subvol set-default: also accept path
  * prop set: compression accepts no/none, same as "/"/
  * filesystem usage: enable for filesystem on top of a seed device
  * rescue: new command fix-device-size
  * other
  * new tests
  * cleanups and refactoring
  * doc updates
- Removed patches:
  - rollback-regression-fix.patch - upstreamed
- spec: disable static build, missing libzstd-devel-static
- spec: disable zstd support for non-Tumbleweed distros
- Fix rollback regression which can lead to data corruption
  Added patches: rollback-regression-fix.patch (bsc#1069478)
- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
- Add dependencies for libreiserfscore0 3.6.27 or newer (bsc#1071085).
- update to version 4.13.3:
  * check: fix --force, wrong check for a mounted block device
  * build: fix --with-convert parsing
  * subvol list: don't list TOPLEVEL
  * other: update tests
- update to version 4.13.2:
  * subvol list:
  * don't list toplevel subvolume among deleted (broken since 4.8.3)
  * minor adjustments of uuid print format
  * subvol delete:
  * fix swapped behaviour of --commit-each and --commit-after
  * fix potentially lost sync if subvolumes are from different filesystems
  * check: add cache for metadata blocks, should improve performance
  * other:
  * new tests, testsuite updates
  * doc updates
  * cleanups
- update to version 4.13.1:
  * image: speed up generating the sanitized names, do not generate unprintable chars
  * completion: add missing commands, better mount point detection
  * restore: add zstd support; libzstd detected automatically, will be
    requested by default in the future, or can be configured out
  * other:
  * misc fixes found by sparse
  * doc enhancements, ioctl manual page started
  * updated and new tests
  * build fixes
- update to version 4.13:
  * convert: reiserfs support
  * check: new option --force to allow check of a mounted filesystem (no repair)
  * mkfs: --rootdir will now copy special files
  * dump-tree: minor output changes
  * inspect rootid: accept file as arugment
  * dev usage: don't calculate slack space for missing devices
  * fi du: don't print error on EMPTY_SUBVOL (inode number 2)
  * build:
  * fixed support for sanitization features on gcc (tsan, asan, ubsan)
  * fix PIE build
  * other:
  * misc cleanups and stability fixes
  * travis CI enhancements
  * new tests, fuzzed images
  * testsuite cleanups
- Removed patches:
  - 0163-btrfs-progs-fsck-fix-segfault.patch - will be upstreamed
  - local-version-override.patch - not needed anymore
  - btrfs-support-pie.patch - upstremed
- Removed patches:
  - 0167-Btrfs-progs-make-find_and_setup_root-return-an-error.patch
  - 0168-Btrfs-progs-don-t-bug-out-if-we-can-t-find-the-last-.patch
- update to 4.12.1
  * build:
  * fix cross-compilation
  * use gnu90 explicitly
  * dump-tree: more relaxed checks so -b can print block on a damaged fs
  * convert: fix the 1MB range exclusion
  * check: more dir_item hash checks
  * other
  * added missing getopt spec for some options
  * doc fixes
  * cleanups
  * test updates
- update to 4.12
  * subvol show: new options --rootid, --uuid to show subvol by the given spec
  * convert: progress report fixes, found by tsan
  * image: progress report fixes, found by tsan
  * fix infinite looping in find-root, or when looking for free extents
  * other:
  * code refactoring
  * docs updates
  * build: ThreadSanitizer support
  * tests: stricter checks for mounted filesystem
- update to -4.11.1
  * image: restoring from multiple devices
  * dev stats: make --check option work
  * check: fix false alert with extent hole on a NO_HOLE filesystem
  * check: lowmem mode, fix false alert in case of mixed inline and compressed
  * convert: work with large filesystems (many TB)
  * convert: fix overwriting of eb header flags
  * convert: do not clear NODATASUM flag in inodes when run with --no-datasum
  * docs updates
  * build: sync with Makefile
  * tests:
  * new tests
  * fix 008 and 009, shell quotation mistake
- update to 4.11
  * receive: fix handling empty stream with -e (multi-stream)
  * send dump: fix printing long file names
  * stability fixes for: dump-super, print-tree, check
  * option parser updates: global options are parsed before the subcommand name
    (old xfstests will fail)
  * new and updated tests
  * documentation updates
- btrfs-support-pie.patch: remove CFLAGS usage from linker lines,
  this will allow the default PIE support to work.
- update to 4.10.2
  * check: lowmem mode fix for false alert about lost backrefs
  * convert: minor bugfix
  * library: fix build, misisng symbols, added tests
- update to 4.10.1
  * receive: handle subvolume in path clone
  * convert: rollback fixed (rewrite was needed to address previous design issues)
  * build: fix build of 3rd party tools, missing <linux/sizes.h>
  * dump-tree: print log trees
  * other: new and updated tests
- update to 4.10
  * send: dump output fixes: missing newlies
  * check: several fixes for the lowmem mode, improved error reporting
  * build
  * removed some library deps for binaries that not use them
  * ctags, cscope
  * split Makefile to the autotool generated part and the rest, not needed
    to after adding a file
  * shared code: sync easy parts with kernel sources
  * other
  * lots of cleanups
  * source file reorganization: convert, mkfs, utils
  * lots of spelling fixes in docs, other updates
  * more tests
- update to 4.9.1
  * check:
  * use correct inode number for lost+found files
  * lowmem mode: fix false alert on dropped leaf
  * size reports: negative numbers might appear in size reports during device
    deletes (previously in EiB units)
  * mkfs: print device being trimmed
  * defrag: v1 ioctl support dropped
  * quota: print message before starting to wait for rescan
  * qgroup show: new option to sync before printing the stats
  * other:
  * corrupt-block enhancements
  * backtrace and co. cleanups
  * doc fixes
- update to 4.9
  * check: many lowmem mode updates
  * send: use splice syscall to copy buffer from kernel
  * receive: new option to dump the stream in textual form
  * convert:
  * move sources to own directory
  * prevent accounting of blocks beyond end of the device
  * make it work with 64k sectorsize
  * mkfs: move sources to own directory
  * defrag: warns if directory used without -r
  * dev stats:
  * new option to check stats for non-zero values
  * add long option for -z
  * library: version bump to 0.1.2, added subvol_uuid_search2
  * other:
  * cleanups
  * docs updates
- update to 4.8.5
  * receive: fix detection of end of stream (error reported even for valid
  * other:
  * added test for the receive bug
  * fix linking of library-test
- update to 4.8.4
  * check: support for clearing space cache v2 (free-space-tree)
  * send:
  * more sanity checks (with tests), cleanups
  * fix for fstests/btrfs/038 and btrfs/117 failures
  * build:
  * fix compilation of standalone ioctl.h, pull NULL definition
  * fix library link errors introduced in 4.8.3
  * tests:
  * add more fuzzed images from bugzilla
  * add bogus send stream checks
  * fixups and enhancements for CI environment builds
  * misc refinements and updates of testing framework
  * other:
  * move sources for btrfs-image to own directory
  * deprecated and not build by default: btrfs-calc-size, btrfs-show-super
  * docs updates
- update to 4.8.3
  * check:
  * support for clearing space cache (v1)
  * size reduction of inode backref structure
  * send:
  * fix handling of multiple snapshots (-p and -c options)
  * transfer buffer increased (should reduce number of context switches)
  * reuse existing file for output (-f), eg. when root cannot create files (NFS)
  * dump-tree:
  * print missing items for various structures
  * new: dev stats, balance status item
  * sync key names with kernel (the persistent items)
  * subvol show: now able to print the toplevel subvolume -- the creation time
    might be wrong though
  * mkfs:
  * store the creation time of toplevel root inode
  * print UUID in the summary
  * build: travis CI for devel
  * other:
  * lots of cleanups and refactoring
  * switched to on-stack path structure
  * fixes from coverity, asan, ubsan
  * new tests
  * updates in testing infrastructure
  * fixed convert test 005
- update to 4.8.2
  * convert: also convert file attributes
  * convert: fix wrong tree block alignment for unalianged block group
  * check: quota verify fixes, handle reloc tree
  * build: add stub for FIEMAP_EXTENT_SHARED, compiles on ancient kernels
  * build: add stub for BUILD_ASSERT when ioctl.h is included
  * dump-tree: don't crash on unrecognized tree id for -t
  * tests:
  * add more ioctl tests
  * convert: more symlink tests, attribute tests
  * quota verify for reloc tree
  * other cleanups
- Add ability to provide site specific defaults for mkfs (FATE#320615).
  * Only used for SLES11 defaults.
- Added patch mkfs-default-features.patch
- update to 4.8.1
  * 32bit builds fixed
  * build without backtrace support fixed
- update to 4.8
  * error handling improvements all over the place
  * new fuzzed images, test updates
  * doc fixups
  * minor cleanups and improvements
  * kernel library helpers moved to own directory
  * qgroup: fix regression leading to incorrect status after check,
    introduced in 4.7
- update to 4.7.3
  * fixed free space tree compat status
  * check: low-mem mode: handle partially dropped snapshots
  * dump-super: consolidate options for superblock copy
  * tree-stats: check mount status
  * subvol delete: handle verbosity option
  * defrag: print correct error string
  * mkfs: fix reading rotational status
  * other:
  * UBSAN build option
  * documentation updates
  * enhanced tests: convert, fuzzed images, more tools to run on fuzzed
- removed btrfsprogs-only-install-udev-rules-for-udev-190.patch: fix build
- update to 4.7.2
  * check:
  * urgent fix: false report of backref mismatches; do not --repair
    last unaffected version 4.6.1 (code reverted to that state)
  * fuzzing and fixes
  * added more sanity checks for various structures
  * testing images added
  * build: udev compatibility: do not install .rules on version < 190
  * other:
  * dump-super: do not crash on garbage value in csum_type
  * minor improvements in messages and help strings
  * documentation:
  * filesystem features
- Add new btrfsprogs-udev-rules package to contain the udev rules.
- Fix packaging for udev rules:
  - btrfs builtin didn't exist prior to udev v190, so the rules must
    depend on that version.
- Added patch:
  * btrfsprogs-only-install-udev-rules-for-udev-190.patch
- update to 4.7.1
  * check:
  * new optional mode: optimized for low memory usage (memory/io tradeoff)
  * --mode=lowmem, not default, still considered experimental
  * does not work with --repair yet
  * convert: regression fix, ext2_subvol/image rw permissions
  * mkfs/convert:
  * two-staged creation, partially created filesystem will not be recognized
  * improved error handling (fewer BUG_ONs)
  * convert: preparation for more filesystems to convert from
  * documentation updates: quota, qgroup
  * other
  * message updates
  * more tests
  * more build options, enhanced debugging
- update to 4.7
  * convert: fix creating discontig extents
  * check: speed up traversing heavily reflinked extents within a file
  * check: verify qgroups of higher levels
  * check: repair can now fix wrong qgroup numbers
  * balance: new option to run in the background
  * defrag: default extent target size changed to 32MiB
  * du: silently skip non-btrfs dirs/files
  * documentation updates: btrfs(5), btrfs(8), balance, subvolume, scrub,
    filesystem, convert
  * bugfixes:
  * unaligned access (reported for sparc64) in raid56 parity calculations
  * use /bin/bash
  * other stability fixes and cleanups
  * more tests
- Removed patches:
  * 0002-btrfs-progs-btrfsck-verify-qgroups-above-level-0.patch
  * 0003-btrfs-progs-btrfsck-write-corrected-qgroup-info-to-d.patch
- update to 4.6.1
  * fi resize: negative resize argument accepted again
  * qgroup rescan: fix skipping when rescan is in progress
  * mkfs: initialize stripesize to correct value
  * testsuite updates, mostly convert tests
  * documentation updates
  * btrfs-device, btrfs-restore manual pages enhanced
  * misc fixups
- update to 4.6
  * convert - major rewrite:
  * fix a long-standing bug that led to mixing data blocks into metadata block
  * the workaround was to do full balance after conversion, which was
    recommended practice anyway
  * explicitly set the lowest supported version of e2fstools to 1.41
  * provide and install udev rules file that addresses problems with device
    mapper devices, renames after removal
  * send: new option: quiet
  * dev usage: report slack space (device size minus filesystem area on the dev)
  * image: support DUP
  * build: short options to enable debugging builds
  * other:
  * code cleanups
  * build fixes
  * more tests and other enhancements
  * Removed patches:
  * 0001-btrfs-progs-free-qgroup-counts-in-btrfsck.patch
  * 0169-btrfs-progs-udev-add-rules-for-dm-devices.patch
  * btrfs-progs-no-PKG_CHECK_VAR
- btrfsck updates for qgroup verification and repair (fate#318144)
  * We can now check all qgroup levels
  * btrfsck will write out corrected qgroups when run with --repair
  - Added patch: 0001-btrfs-progs-free-qgroup-counts-in-btrfsck.patch
  - Added patch: 0002-btrfs-progs-btrfsck-verify-qgroups-above-level-0.patch
  - Added patch: 0003-btrfs-progs-btrfsck-write-corrected-qgroup-info-to-d.patch
- update to 4.5.3
  * ioctl: fix unaligned access in buffer from TREE_SEARCH; might cause SIGBUS
    on architectures that do not support unaligned access and do not performa
    any fixups
  * improved validation checks of superblock and chunk-related structures
  * subvolume sync: fix handling of -s option
  * balance: adjust timing of safety delay countdown with --full-balance
  * rescue super-recover: fix reversed condition check
  * check: fix bytes_used accounting
  * documentation updates: mount options, scrub, send, receive, select-super,
    check, mkfs
  * testing: new fuzzed images, for superblock and chunks
- fix build failure on 13.1: conditional default for udevdir
- fix build failure on SLE11SP4: wrong check in makefile
- Add udev rules for dm devices (bsc#912170 bsc#888215)
  - Added patch: 0169-btrfs-progs-udev-add-rules-for-dm-devices.patch
  - Added patch: btrfs-progs-no-PKG_CHECK_VAR
- update to 4.5.2
  * new/moved command: btrfs-calc-stats -> btrfs inspect tree-stats
  * check: fix false alert for metadata blocks crossing stripe boundary
  * check: catch when qgroup numbers mismatch
  * check: detect running quota rescan and report mismatches
  * balance start: add safety delay before doing a full balance
  * fi sync: is now silent
  * fi show: don't miss filesystems with partially matching uuids
  * dev ready: accept only one argument for device
  * dev stats: print "/devid:N"/ for a missing device instead of "/(null)"/
  * other:
  * lowest supported version of e2fsprogs is 1.41
  * minor cleanups, test updates
- Removed patch: 2000-btrfs-full-balance-warning.diff
- update to 4.5.1
  * mkfs: allow DUP on multidev fs
  * fix static build
- update to 4.5
  * new/moved commands
  * btrfs-show-super -> btrfs inspect-internal dump-super
  * btrfs-debug-tree -> btrfs inspect-internal dump-tree
  * new commands
  * btrfs fi du - calculate disk usage, including shared extents
  * enhancements
  * device delete - delete by id (needs kernel support, not merged to 4.6)
  * check - new option to specify chunk root
  * debug-tree/dump-tree - option -t understands human readable name of the
    tree (along numerical ids)
  * btrfs-debugfs - can dump block group information
  * bugfixes
  * all commands should accept the option separator "/--"/
  * several fixes in device scan
  * restore works on filesystems with sectorsize > 4k
  * debug-tree/dump-tree - print compression type as string
  * subvol sync: fix crash, memory corruption
  * argument parsing fixes: subvol get-default, qgroup create/destroy/assign,
    inspect subvolid-resolve
  * check for block device or regular file in several commands
  * other
  * documentation updates
  * manual pages for the moved tools now point to btrfs-filesystem
  * testsuite updates
- Removed patch (upstream):
- Recommend btrfsmaintenance
- hide min/max macros clashing with gcc 6 (bnc#966257)
- update to 4.4.1
  * find-root: don't skip the first chunk
  * free-space-tree compat bits fix
  * build: target symlinks
  * documentation updates
  * test updates
- update to 4.4
  * mkfs.btrfs --data dup
  * support balance filters added/enhanced in linux 4.4
  * manual pages enhanced (btrfs, mkfs, mount, filesystem, balance)
  * 'btrfs filesystem usage' works with mixed blockgroups
  * build: installation to /usr/local
  * build: the 'ar' tool is properly deteced during cross-compilation
  * improved stability on fuzzed/crafted images when reading sys array in
  * debug-tree: option -t understands ids for tree root and chnuk tree
  * check: properly reset nlink of multi-linked file
  * chunk recovery: fix floating point exception
  * chunk recovery: endianity bugfix during rebuild
  * mkfs with 64K pages and nodesize reported superblock checksum mismatch
- Removed patches:
  * 0001-btrfs-progs-mkfs-use-correct-size-for-superblock-csu.patch
  * fix-doc-build-on-SLE11SP3.diff
- Fix missing dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at post / postun (boo#958562)
- fix mkfs failure on ppc64 (or with sectorsize > 4k) (bsc#956819)
- Added patch: 0001-btrfs-progs-mkfs-use-correct-size-for-superblock-csu.patch
- update to 4.3.1
  * fixes
  * device delete: recognize 'missing' again
  * mkfs: long names are not trimmed when doing ssd check
  * support partitioned loop devices
  * other
  * replace several mallocs with on-stack variables
  * more memory allocation failure handling
  * add tests for bugs fixed
  * cmd-device: switch to new message printing helpers
  * minor code cleanups
- update to 4.3
  * mkfs
  * mixed mode is not forced for filesystems smaller than 1GiB
  * mixed mode broken with mismatching sectorsize and nodesize, fixed
  * print version info earlier
  * print devices sorted by id
  * do not truncate target image with --rootsize
  * fi usage:
  * don't print global block reserve
  * print device id
  * minor output tuning
  * other cleanups
  * calc-size:
  * div-by-zero fix on an empty filesystem
  * fix crash
  * bugfixes:
  * more superblock sanity checks
  * consistently round size of all devices down to sectorsize
  * misc leak fixes
  * convert: don't try to rollback with a half-deleted ext2_saved subvolume
  * other:
  * check: add progress indicator
  * scrub: enahced error message
  * show-super: read superblock from a given offset
  * add README
  * docs: update manual page for mkfs.btrfs, btrfstune, balance, convert and inspect-internal
  * build: optional build with more warnings (W=...)
  * build: better support for static checkers
  * build: html output of documentation
  * pretty-print: last_snapshot for root_item
  * pretty-print: stripe dev uuid
  * error reporting wrappers, introduced and example use
  * refactor open_file_or_dir
  * other docs and help updates
  * testing:
  * test for nodes crossing stripes
  * test for broken 'subvolume sync'
  * basic tests for mkfs, raid option combinations
  * basic tests for fuzzed images (check)
  * command intrumentation (eg valgrind)
  * print commands if requested
  * add README for tests
- build btrfsprogs-static package for 13.2 and Factory, package
  with static versions of the utilities, aimed for rescue environments
- update to 4.2.3
  - subvol sync: make it actually work again
  - scanning: do not scan already discovered filesystems (minor optimization)
  - convert: better error message in case the filesystem is not finalized
  - restore: off-by-one symlink path check fix
- update to 4.2.2
  - fi label: use fallback if the label ioctl is not available
  - convert: check nodesize constraints against commandline features (-O)
  - scrub: report status 'running' until all devices are finished
  - device scanning might crash in some scenarios
  - fi usage: print summary for non-root users
- update to 4.2.1
  - fix an off-by-one error in cross-stripe boundary check
  - convert: don't write uninitialized data to image
  - image:  don't loop with option -t0
  - image: don't create threads if compression is not requested
- Removed patches:
  * 0001-btrfs-progs-fix-cross-stripe-boundary-check.patch
- make mkfs work with 64k nodesize again, notably fixes mkfs on ppc64
- Added patch:
  * 0001-btrfs-progs-fix-cross-stripe-boundary-check.patch
- version 4.2
  * enhancements:
  * mkfs: do not create extra single chunks on multiple devices
  * resize: try to guess the minimal size, 'inspect min-dev-size'
  * qgroup assign: add option to schedule rescan
  * chunk-recover: be more verbose about the scanning process
  * fixes:
  * check:
  * find stripes crossing stripe boundary -- created by convert
  * print correct range for file hole when there are no extents
  and learn how to fix it
  * replace: more sanity checks
  * convert: concurrency fixes related to reporting progress
  * find-root: option -a will not skip the current root anymore
  * subvol list: fix occasional crash
  * do not create stripes crossing stripe boundary
  * build:
  * fixes for musl libc
  * preliminary support for android (not working yet, more code changes needed)
  * other:
  * lots of cleanups
  * tests: lots of updates, new tests, framework improvements
  * documentation updates
  * debugging: print-tree shows stripe length
- Removed patches (upstreamed):
  * 2104-get-min-size-for-resize.patch
  * 2105-move-min-resize-implementation-to-inspec.patch
  * 2106-inspect-add-command-min-dev-size.patch
- add warning before full balance starts (bsc#940467, fate#319317)
- Added patches:
- Add feature to get minimum size a filesystem can be resized to
- Added patches:
  * 2104-get-min-size-for-resize.patch
  * 2105-move-min-resize-implementation-to-inspec.patch
  * 2106-inspect-add-command-min-dev-size.patch
- version 4.1.2
  - mkfs: bugfix, previous version does not create entierly correct
    filesystem (has to be recreated)
- version 4.1.1
  * bugfixes
  - defrag: threshold overflow fix
  - fsck:
  - check if items fit into the leaf space
  - fix wrong nbytes
  - mkfs:
  - create only desired block groups for single device
  - preparatory work for fix on multiple devices
  * enhancements
  - new alias for 'device delete': 'device remove'
  * other
  - fix compilation on old gcc (4.3)
  - documentation updates
  - debug-tree: print nbytes
  - test: image for corrupted nbytes
  - corupt-block: let it kill nbytes
- spec: drop libacl dependency
- version 4.1
  * bugfixes
  - fsck.btrfs: no bash-isms
  - bugzilla 97171: invalid memory access (with tests)
  - receive:
  - cloning works with --chroot
  - capabilities not lost
  - mkfs: do not try to register bare file images
  - option --help accepted by the standalone utilities
  * enhancements
  - corrupt block: ability to remove csums
  - mkfs:
  - warn if metadata redundancy is lower than for data
  - options to make the output quiet (only errors)
  - mixed case names of raid profiles accepted
  - rework the output:
  - more comprehensive, 'key: value' format
  - subvol:
  - show:
  - print received uuid
  - update the output
  - new options to specify size units
  - sync:
  - grab all deleted ids and print them as they're removed,
  previous implementation only checked if there are any
  to be deleted - change in command semantics
  - scrub: print timestamps in days HMS format
  - receive:
  - can specify mount point, do not rely on /proc
  - can work inside subvolumes
  - send:
  - new option to send stream without data (NO_FILE_DATA)
  - convert:
  - specify incompat features on the new fs
  - qgroup:
  - show: distinguish no limits and 0 limit value
  - limit: ability to clear the limit
  - help for 'btrfs' is shorter, 1st level command overview
  - debug tree: print key names according to their C name
  * new
  - rescure zero-log
  - btrfsune:
  - rewrite uuid on a filesystem image
  - new option to turn on NO_HOLES incompat feature
  * deprecated
  - standalone btrfs-zero-log
  * other
  - testing framework updates
  - uuid rewrite test
  - btrfstune feature setting test
  - zero-log tests
  - more testing image formats
  - manual page updates
  - ioctl.h synced with current kernel uapi version
  - convert: preparatory works for more filesystems (reiserfs pending)
  - use static buffers for path handling where possible
  - add new helpers for send uilts that check memory allocations,
    switch all users, deprecate old helpers
  - Makefile: fix build dependency generation
  - map-logical: make it work again
- Install bash completion for btrfs.
- version 4.0
  * resize:
  * don't accept file as an argument (it's confusing)
  * print better error message in case of an error
  * restore: optionally restore metadata (time, mode, uid/gid)
  * receive: optionally enforce chroot
  * new rescue subcommand 'zero-log', same as btrfs-zero-log, but
    now also part of the main utility
  * check:
  * free space checks match kernel, fixes incorrect reports
  * convert: fix setting of checksum bit if --no-datasum is used
  * fsck.btrfs: don't print messages
  * fix quota rescan on PPC64 (mangled ioctl number)
  * test updates
  * documentation: files renamed to .asciidoc, misc fixups
- version 3.19.1
  - convert:
  - new option to specify metadata block size
  - --no-progress actually works
  - restore: properly handle the page boundary corner case
  - build fixes:
  - missing macro from public header, BTRFS_BUILD_VERSION
  - wrong handling of --enable-convert
  - fi usage: reports correct space for degraded mounts
  - other:
  - mkfs: help string updates
  - completion: added 'usage' subcommands
  - cleanups in qgroup code, preparatory work
- version 3.19
  - btrfs-image
  - restore can now run in parallel threads
  - fixed restore of multiple image from multiple devices onto a single dev
  - introduced metadump v2
  - check
  - make --init-csum-tree and --init-extent-tree work together
  - find-new
  - option to search through all metadata even if a root was already found
  - convert
  - show progress by default, can be turned off
  - corrupt-block
  - option to work on a specific root
  - bash completion script for all subcommands
- spec: convert to autotools
  Removed patch 0169-btrfs-progs-Check-metadata-mirrors-in-find-root.patch
- version 3.18.2
  * qgroup show: print human readable sizes, options to say otherwise
  * check: new option to explicitly say no to writes
  * mkfs: message about trimming is not printed to stderr
  * fi show: fixed return value
  * tests: new infrastructure
  * btrfstune: force flag can be used together with seeding option
  * backtrace support is back
  * getopt cleanups
  * doc and help updates
- version 3.18.1
  - minor fixes
  - documentation updates
- version 3.18
  - mkfs - skinny-metadata feature is now on by default, first introduced in
    kernel 3.10
  - filesystem usage - give an overview of fs usage in a way that's more
    comprehensible than existing 'fi df'
  - device usage - more detailed information about per-device allocations
  - check:
  - option to set a different tree root byte number
  - ability to link lost files to lost+found, caused by a recent kernel bug
  - repair of severely corrupted fs (use with care)
  - convert - option to show progress
  - subvol create - print the commit mode inline, print the global mode only if --verbose
  - other updates: musl-libc support, coverity bugfixes, new test images,
- Removed patches (upstreamed):
  * 0010-btrfs-progs-move-group-type-and-profile-pretty-print.patch
  * 0011-btrfs-progs-Enhance-the-command-btrfs-filesystem-df.patch
  * 0012-btrfs-progs-Add-helpers-functions-to-handle-the-prin.patch
  * 0013-btrfs-progs-Add-command-btrfs-filesystem-disk-usage.patch
  * 0014-btrfs-progs-Add-btrfs-device-disk-usage-command.patch
  * 0015-btrfs-progs-cleanup-dead-return-after-usage-for-fi-d.patch
  * 0016-btrfs-progs-Fix-memleak-in-get_raid56_used.patch
  * 0017-Btrfs-progs-fi-usage-free-memory-if-realloc-fails.patch
  * 0019-btrfs-progs-add-original-df-and-rename-disk_usage-to.patch
  * 0020-btrfs-progs-move-device-usage-to-cmds-device-more-cl.patch
  * 0021-btrfs-progs-check-if-we-can-t-get-info-from-ioctls-d.patch
  * 0022-btrfs-progs-zero-out-structures-before-calling-ioctl.patch
  * 0024-btrfs-progs-Print-more-info-about-device-sizes.patch
  * 0025-btrfs-progs-compare-unallocated-space-against-the-co.patch
  * 0026-btrfs-progs-add-section-of-overall-filesystem-usage.patch
  * 0027-btrfs-progs-cleanup-filesystem-device-usage-code.patch
  * 0028-btrfs-progs-rework-calculations-of-fi-usage.patch
  * 0029-btrfs-progs-replace-df_pretty_sizes-with-pretty_size.patch
  * 0030-btrfs-progs-clean-up-return-codes-and-paths.patch
  * 0031-btrfs-progs-move-global-reserve-to-overall-summary.patch
- version 3.17.3
  - convert: fix conversion of sparse ext* filesystems
  - show: resolve to the correct path
  - fsck: more verbose error for root dir problems
- version 3.17.2
  - check improvements
  - add ability to replace missing dir item/dir indexes
  - fix missing inode items
  - create missing root dirid
  - corrupt block: enhancements for testing fsck
  - zero-log: able to reset a fs with bogus log tree pointer (bko#72151)
- package mkinitrd scripts conditionally (bsc#893577)
- spec: minor updates
- version 3.17.1
  - fi df: argument handling
  - fix linking with libbtrfs
  - replace: better error reporting
  - fi show: fixed stall if run concurrently with balance
  - check: fixed argument parsing for --subvol-extents
  - fi df: SI prefixes corrected
- Added patches:
  * fix-doc-build-on-SLE11SP3.diff
- Removed patches:
  * 0042-btrfs-progs-fix-linking-with-libbtrfs.patch
  * 0043-btrfs-progs-libbtrfs-make-exported-headers-compatibl.patch
- Modified patches:
  * 0011-btrfs-progs-Enhance-the-command-btrfs-filesystem-df.patch
  * 0012-btrfs-progs-Add-helpers-functions-to-handle-the-prin.patch
  * 0019-btrfs-progs-add-original-df-and-rename-disk_usage-to.patch
- version 3.17
  - check: --init-csum-tree acutally does something useful, rebuilds the whole
    csum tree
  - /dev scanning for btrfs devices is gone
  - /proc/partitions scanning is gone, blkid is used exclusively
  - new subcommand subvolume sync
  - filesystem df: new options to set unit format
  - convert: allow to copy label from the origin, or specify a new one
- Modified patches:
  * 0011-btrfs-progs-Enhance-the-command-btrfs-filesystem-df.patch
  * 0012-btrfs-progs-Add-helpers-functions-to-handle-the-prin.patch
  * 0013-btrfs-progs-Add-command-btrfs-filesystem-disk-usage.patch
  * 0014-btrfs-progs-Add-btrfs-device-disk-usage-command.patch
  * 0015-btrfs-progs-cleanup-dead-return-after-usage-for-fi-d.patch
  * 0016-btrfs-progs-Fix-memleak-in-get_raid56_used.patch
  * 0017-Btrfs-progs-fi-usage-free-memory-if-realloc-fails.patch
  * 0019-btrfs-progs-add-original-df-and-rename-disk_usage-to.patch
  * 0020-btrfs-progs-move-device-usage-to-cmds-device-more-cl.patch
  * 0021-btrfs-progs-check-if-we-can-t-get-info-from-ioctls-d.patch
  * 0022-btrfs-progs-zero-out-structures-before-calling-ioctl.patch
  * 0024-btrfs-progs-Print-more-info-about-device-sizes.patch
  * 0025-btrfs-progs-compare-unallocated-space-against-the-co.patch
  * 0026-btrfs-progs-add-section-of-overall-filesystem-usage.patch
  * 0027-btrfs-progs-cleanup-filesystem-device-usage-code.patch
  * 0029-btrfs-progs-replace-df_pretty_sizes-with-pretty_size.patch
  * 0030-btrfs-progs-clean-up-return-codes-and-paths.patch
  * 0031-btrfs-progs-move-global-reserve-to-overall-summary.patch
- Added patches:
  * 0010-btrfs-progs-move-group-type-and-profile-pretty-print.patch
  * 0028-btrfs-progs-rework-calculations-of-fi-usage.patch
  * 0042-btrfs-progs-fix-linking-with-libbtrfs.patch
  * 0043-btrfs-progs-libbtrfs-make-exported-headers-compatibl.patch
- Removed patches:
  * 0006-Btrfs-progs-fsck-clear-out-log-tree-in-repair-mode.patch
  * 0007-Btrfs-progs-fsck-avoid-pinning-same-block-several-ti.patch
  * 0008-Btrfs-progs-fsck-add-ability-to-check-reloc-roots.patch
  * 0018-btrfs-progs-read-global-reserve-size-from-space-info.patch
  * 0023-btrfs-progs-print-B-for-bytes.patch
  * 0028-btrfs-progs-extend-pretty-printers-with-unit-mode.patch
  * 0164-btrfs-progs-convert-set-label-or-copy-from-origin.patch
  * 0171-btrfs-progs-make-free-space-checker-work-on-non-4k-s.patch
- initial version
- update bzip2-1.0.6-CVE-2019-12900.patch to accept as many
  selectors as the file format allows. This relaxes the previous
  fix for CVE-2019-12900 so that bzip2 allows decompression of bz2
  files that use (too) many selectors again. It fixes a bzip2 and
  lbzip2 incompatibility caused by previous patch [bsc#1139083]
- add bzip2-1.0.6-CVE-2019-12900.patch to fix an out-of-bounds
  write in decompress.c when there are many nSelectors used in a
  loop to access selectorMtf [bsc#1139083] [CVE-2019-12900]
- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
  free vulnerability that was reported in bzip2recover [bsc#985657]
- Update autotools patchset:
  D bzip2-1.0.6-autoconfiscated.patch
  A bzip2-
- Use %license (boo#1082318)
- Fix build on Fedora and Mageia
- Update bzip2-1.0.6-autoconfiscated.patch:
  * Bump version to 1.0.6.
  * Fix script symlinks on platforms with EXEEXT.
- Drop implicit pie building
- Try profiled build
- Move autoreconf to build section
- cleanup with spec-cleaner
- add bzip2-1.0.6-bzgrep_return_value.patch to fix bzgrep wrapper
  that always returns 0 as an exit code when grepping multiple
  archives [bsc#970260]
- Remove bzip2-faster.patch, it causes a crash with libarchive and
  valgrind points out uninitialized memory. See
- Avoid noarch sub package in SLE_11
- Cleanup a bit.
- Remove the profiling stuff as it should not be used nowdays.
  At least even factory builds without it.
- Provide as other distros do, so we can run tiny
  things like steam.
- Respect cflags again, borked by previous commit.
- build with PIE
- fix basisms in bzgrep and bznew
- add patches:
  * bzip2-1.0.6-fix-bashisms.patch
- add BR for pkg-config to get the provides in the devel package
- ares_dns.h, missing_header.patch: re-add missing header in last release
- Version update to 1.17.0
  * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
  * Avoid theoretical buffer overflow in RC4 loop comparison
  * Empty hquery->name could lead to invalid memory access
  * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
    passed in (bsc#1178882, CVE-2020-8277)
  * Update help information for adig, acountry, and ahost
  * Test Suite now uses dynamic system-assigned ports rather than hardcoded
    ports to prevent failures in containers
  * Detect remote DNS server does not support EDNS using rules from RFC 6891
  * Source tree has been reorganized to use a more modern layout
  * Allow parsing of CAA Resource Record
  Bug fixes:
  * readaddrinfo bad sizeof()
  * Test cases should honor HAVE_WRITEV flag, not depend on WIN32
  * FQDN with trailing period should be queried first
  * ares_getaddrinfo() was returning members of the struct as garbage values if
    unset, and was not honoring ai_socktype and ai_protocol hints.
  * ares_gethostbyname() with AF_UNSPEC and an ip address would fail
  * Properly document ares_set_local_ip4() uses host byte order
  For details, see
- add missing upstream sources, to be removed for next release
- remove unnecessary BuildRequires
- fix building on SLE12 systems
- simplify conditions bit to make it tad more readable
- Implement multibuild specfile to split out tests into its own
  flavor; this way we can build and run tests, which require
  static lib, as well as avoid packaging the latter without issues
  with the installed cmake file..
- Version update to 1.16.1
  * Prevent possible use-after-free and double-free in ares_getaddrinfo() if
    ares_destroy() is called prior to ares_getaddrinfo() completing.
  Reported by Jann Horn at Google Project Zero.
  * Allow TXT records on CHAOS qclass. Used for retriving things like
    version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3]
  Bug fixes:
  * Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1]
  * Silence false cast-align compiler warnings due to valid casts of struct
    sockaddr to struct sockaddr_in and struct sockaddr_in6.
  * MacOS should use libresolv for retrieving DNS servers, like iOS
  * CMake build system should populate the INCLUDE_DIRECTORIES property of
    installed targets [2]
  * Correct macros in use for the ares_getaddrinfo.3 man page
- Changes in version 1.16.0
  * Introduction of ares_getaddrinfo() API which provides similar output
    (including proper sorting as per RFC 6724) to the system native API, but
  utilizes different data structures in order to provide additional
  information such as TTLs and all aliases. Please reference the respective
  man pages for usage details.
  * Parse SOA records from ns_t_any response
  * CMake: Provide c-ares version in package export file
  * CMake: Add CPACK functionality for DEB and RPM
  * CMake: Generate PDB files during build
  * CMake: Support manpage installation
  Bug fixes:
  * Fix bad expectation in IPv6 localhost test.
  * AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to
    prevent complaints about CPPFLAGS in CFLAGS.
  * Fix .onion handling
  * Command line usage was out of date for adig and ahost.
  * Typos in manpages
  * If ares_getenv is defined, it must return a value on all platforms
  * If /etc/resolv.conf has invalid lookup values, use the defaults.
  * Tests: Separate live tests from SetServers* tests as only live tests
    should require internet access.
  * ares_gethostbyname() should return ENODATA if no valid A or AAAA record
    is found, but a CNAME was found.
  * CMake: Rework library function checking to prevent unintended linking
    with system libraries that aren't needed.
  * Due to use of inet_addr() it was not possible to return
    from ares_gethostbyname().
  * CMake: Fix building of tests on Windows
- Drop regression.patch which have been fixed upstream
- Refresh disable-live-tests.patch
- Remove static lib since its required when doing tests and we dont want it
  included in package
- Run spec-cleaner
- Upgrade to latest snapshot from 2020-01-17
- disable-live-tests.patch: refreshed
- regression.patch: fix a regression in DNS results that contain
  both A and AAAA answers.
- Add netcfg as the build requirement and runtime requirement.
  ares_getaddrinfo function uses the getservbyport_r function which
  requires the /etc/services file to function properly. That config
  file is provided by the netcfg package. Unit tests rely on it
  too, hence it has to be a build dependency as well.
- Switch to cmake-based build.
  Some packages need the cmake build files.
- Fix version number of the snapshot to not be downgrade:
- Update to upstream snapshot 20191108
  * getaddrinfo - avoid infinite loop in case of NXDOMAIN
  * ares_getenv - return NULL in all cases
  * implement ares_getaddrinfo
- onion-crash.patch: removed, upstreamed.
- removed upstream patches that are part of the snapshot:
- disable-live-tests.patch - updated
- Add upstream patches with the ares_getaddrinfo function:
  * 0001-Add-initial-implementation-for-ares_getaddrinfo-112.patch
  * 0002-Remaining-queries-counter-fix-additional-unit-tests-.patch
  * 0003-Bugfix-for-ares_getaddrinfo-and-additional-unit-test.patch
  * 0004-Add-ares__sortaddrinfo-to-support-getaddrinfo-sorted.patch
  * 0005-getaddrinfo-avoid-infinite-loop-in-case-of-NXDOMAIN-.patch
  * 0006-getaddrinfo-callback-must-be-called-on-bad-domain-24.patch
  * 0007-getaddrinfo-enhancements-257.patch
  * 0008-Add-missing-limits.h-include-from-ares_getaddrinfo.c.patch
- Add a patch which disables test failing on OBS (but passing in
  local environment):
  * 0010-Disable-failing-test.patch
- Version update to 1.15.0:
  * Add ares_init_options() configurability for path to resolv.conf file
  * Ability to exclude building of tools (adig, ahost, acountry) in CMake
  * Report ARES_ENOTFOUND for .onion domain names as per RFC7686
  * Apply the IPv6 server blacklist to all nameserver sources
  * Prevent changing name servers while queries are outstanding
  * ares_set_servers_csv() on failure should not leave channel in a
    bad state
- enable unit tests
- disable-live-tests.patch: disable tests to live servers
- onion-crash.patch: backport fix for a crash affecting .onion TLD
- Remove ineffective --with-pic.
- Version update to 1.14.0:
  * Fix patch for CVE-2017-1000381 to not be overly aggressive
  * gethostbyaddr should fail with ECANCELLED not ENOTFOUND when ares_cancel is called
  * ares_gethostbyname.3: fix callback status values
  * docs: Document WSAStartup requirement
  * Fix a typo in init_by_resolv_conf
- Rename everything to c-ares
- Version update to 1.13.0:
  * Fixes bsc#1044946 CVE-2017-1000381
  * Bunch of bugfixes
- Drop cares-1.9.1-ocloexec.patch as it broke again and it is
  not really worth all the fwdporting
- Drop check phase there is only return 0
- Version update to 1.12.0:
  * Fixes bsc#1007728 CVE-2016-5180
  * api: add ARES_OPT_NOROTATE optmask value
  * Collection of bugfixes
- update to 1.11.0:
  * Allow multiple -s options to the ahost command
  * api: Expose the ares_library_initialized() function
  * api: Add ares_set_sortlist(3) entrypoint
  * api: Add entrypoints to allow use of per-server ports
  * api: introduce `ares_parse_txt_reply_ext`
  * api: Add ares_set_socket_configure_callback()
  * Add -t u option to ahost
  * collection of bug fixes
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- Enhanced for RHEL8
- fix XXE in extractXmlConfigFromInputStream (bsc#1120648)
  Add: fix-CVE-2018-20433.patch
- Disable javadoc generation (broken for java9)
- update to version
- update mchange-commons-java component to version 0.2.11
- clean spec file
- bugfix: dependent library was not embedded correctly
- updated to upstream 0.9.5, that is compatible with Java 7 / JDBC 4
- Explicitly BuildRequires java-devel
- initial release
- openssl is no longer required but coreutils and findutils are
  (boo#1183680). Keep openssl(cli) at runtime for now nevertheless as this
  package might be the only one pulling it in.
- backport bash rewrite from Factory to make sure to trigger in
  transactional mode (boo#1179884)
- Changed "/openssl"/ requirement to "/openssl(cli)"/
  * (bsc#1101470)
- Use %license instead of %doc [bsc#1082318]
- Revert last change since we fixed systemd-preset-branding and
  this requires is no longer needed.
- Re-add systemd requires, else package will be installed to early
  and services never enabled [bsc#1071776].
- Don't require systemd, since we could be used in environments
  like container images, where we don't have systemd. If systemd
  is installed the systemd units will be used, else they are not
- Update to version 2+git20170807.10b2785:
  * Check TRANSACTIONAL_UPDATE is set (boo#1045942)
  * Add systemd units
- Run update-ca-certificate by systemd unit when the content of
  one of the paths changes. Needed for read-only root and/or
  transactional updates.
- Update to version 2+git20151110.c15593c:
  + set proper umask (boo#948724)
- require p11-kit-tools >= 0.23.1
- Update to version 2+git20150324.e3ee392:
  + p11-kit 0.23.1 supports pem-directory-hash now
- use service file to generate tarball
- fix bashism in postun script
- Updated to 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
- Removed CAs:
  - EE Certification Centre Root CA
  - Taiwan GRCA
- Added CAs:
  - Trustwave Global Certification Authority
  - Trustwave Global ECC P256 Certification Authority
  - Trustwave Global ECC P384 Certification Authority
- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
  Removed CAs:
  - AddTrust External CA Root
  - AddTrust Class 1 CA Root
  - LuxTrust Global Root 2
  - Staat der Nederlanden Root CA - G2
  - Symantec Class 1 Public Primary Certification Authority - G4
  - Symantec Class 2 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G3
  Added CAs:
  - certSIGN Root CA G2
  - e-Szigno Root CA 2017
  - Microsoft ECC Root Certificate Authority 2017
  - Microsoft RSA Root Certificate Authority 2017
- also run update-ca-certificates in %posttrans
- update to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160)
- removed:
  - Certplus Class 2 Primary CA
  - Deutsche Telekom Root CA 2
  - CN=Swisscom Root CA 2
  - UTN-USERFirst-Client Authentication and Email
- added:
  - Entrust Root Certification Authority - G4
- make sure p11-kit with patches is installed on SLE (boo#1154871)
- export correct p11kit trust attributes so Firefox detects built in
  certificates (boo#1154871). Courtesy of Fedora.
- update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)
- Removed CAs:
  - Certinomis - Root CA
- includes added root CAs from the 2.32 version:
  - emSign ECC Root CA - C3 (email and server auth)
  - emSign ECC Root CA - G3 (email and server auth)
  - emSign Root CA - C1 (email and server auth)
  - emSign Root CA - G1 (email and server auth)
  - Hongkong Post Root CA 3 (server auth)
- updated to 2.30 state of the Mozilla NSS Certificate store. (bsc#1121446)
- Removed CAs:
  - AC Raiz Certicamara S.A.
  - Certplus Root CA G1
  - Certplus Root CA G2
  - OpenTrust Root CA G1
  - OpenTrust Root CA G2
  - OpenTrust Root CA G3
  - Visa eCommerce Root
- Added Root CAs:
  - Certigna Root CA (email and server auth)
  - GTS Root R1 (server auth)
  - GTS Root R2 (server auth)
  - GTS Root R3 (server auth)
  - GTS Root R4 (server auth)
  - OISTE WISeKey Global Root GC CA (email and server auth)
  - UCA Extended Validation Root (server auth)
  - UCA Global G2 Root (email and server auth)
- updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780)
  - removed server auth
  - Certplus Root CA G1
  - Certplus Root CA G2
  - OpenTrust Root CA G1
  - OpenTrust Root CA G2
  - OpenTrust Root CA G3
  - remove CA
  - ComSign CA
  - added new CA
  - GlobalSign
- Updated to 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415)
- Removed CAs:
  * S-TRUST_Universal_Root_CA:
  * TC_TrustCenter_Class_3_CA_II:
  * TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5:
-  Use %license instead of %doc [bsc#1082318]
- Updated to 2.22 state of the Mozilla NSS Certificate store (bsc#1071152,
  bsc#1071390, bsc#1010996)
- Removed CAs:
  * AddTrust Public CA Root
  * AddTrust Qualified CA Root
  * ApplicationCA - Japanese Government
  * CA Disig Root R1
  * CA WoSign ECC Root
  * Certification Authority of WoSign G2
  * Certinomis - Autorité Racine
  * China Internet Network Information Center EV Certificates Root
  * Comodo Secure Certificate Services
  * Comodo Trusted Certificate Services
  * ComSign Secured CA
  * GeoTrust Global CA 2
  * StartCom Certification Authority
  * StartCom Certification Authority
  * StartCom Certification Authority G2
  * Swisscom Root CA 1
  * TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
  * UTN USERFirst Hardware Root CA
  * UTN USERFirst Object Root CA
  * VeriSign Class 3 Secure Server CA - G2
  * WellsSecure Public Root Certificate Authority
  * Certification Authority of WoSign
  * WoSign China
- Added CAs:
  * D-TRUST Root CA 3 2013
  * EV Root Certification Authority ECC
  * EV Root Certification Authority RSA R2
  * Root Certification Authority ECC
  * Root Certification Authority RSA
  * TrustCor RootCert CA-1
  * TrustCor RootCert CA-2
  * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
- convert processing script to Python 3
- ensure a stable conversion of UTF8 hex-encoded certificate names
- ensure a stable ordering of trust/distrust bits in headers
- updated to 2.11 state of the Mozilla NSS Certificate store.
- removed CAs:
  - Buypass_Class_2_CA_1:2.1.1.crt
  - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:
    codeSigning emailProtection serverAuth
  - Equifax_Secure_CA:
  - Equifax_Secure_eBusiness_CA_1:2.1.4.crt
  - Equifax_Secure_Global_eBusiness_CA:2.1.1.crt
  - IGC_A:
    codeSigning emailProtection serverAuth
  - Juur-SK:
    codeSigning serverAuth
  - Root_CA_Generalitat_Valenciana:
    codeSigning emailProtection serverAuth
  - RSA_Security_2048_v3:
    codeSigning emailProtection serverAuth
  - Sonera_Class_1_Root_CA:2.1.36.crt
  - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:
  - Verisign_Class_1_Public_Primary_Certification_Authority:
  - Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:
  - Verisign_Class_3_Public_Primary_Certification_Authority:
- added CAs:
  + Amazon_Root_CA_1:
    emailProtection serverAuth
  + Amazon_Root_CA_2:
    emailProtection serverAuth
  + Amazon_Root_CA_3:
    emailProtection serverAuth
  + Amazon_Root_CA_4:
    emailProtection serverAuth
  + Certplus_Root_CA_G1:
    emailProtection serverAuth
  + Certplus_Root_CA_G2:
    emailProtection serverAuth
  + Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt
    emailProtection serverAuth
  + Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt
    emailProtection serverAuth
  + ISRG_Root_X1: (bsc#1010996)
  + LuxTrust_Global_Root_2:
  + OpenTrust_Root_CA_G1:
    emailProtection serverAuth
  + OpenTrust_Root_CA_G2:
    emailProtection serverAuth
  + OpenTrust_Root_CA_G3:
    emailProtection serverAuth
  + Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:
  + Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:
  + Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:
  + Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:
- diff-from-upstream-2.7.patch: removed as we should be able to do
  intermediate root chains now with openssl 1.0.2 and also gnutls 3.5
  is able to do so.
- diff-from-upstream-2.7.patch: restore some important legacy
  CAs, otherwise Pidgin fails to talk to Google Talk for instance.
- Updated to 2.7 (bsc#973042).
- diff-from-upstream-2.2.patch: removed as openssl 1.0.2 can do
  immediate root CAs.
- Removed server trust from:
  AC Raíz Certicámara S.A.
  ComSign Secured CA
  NetLock Uzleti (Class B) Tanusitvanykiado
  NetLock Business (Class B) Root
  NetLock Expressz (Class C) Tanusitvanykiado
  TC TrustCenter Class 3 CA II
  TURKTRUST Certificate Services Provider Root 1
  TURKTRUST Certificate Services Provider Root 2
  Equifax Secure Global eBusiness CA-1
  Verisign Class 4 Public Primary Certification Authority G3
- enable server trust
  Actalis Authentication Root CA
- Deleted CAs:
  A Trust nQual 03
  Buypass Class 3 CA 1
  CA Disig
  Digital Signature Trust Co Global CA 1
  Digital Signature Trust Co Global CA 3
  E Guven Kok Elektronik Sertifika Hizmet Saglayicisi
  NetLock Expressz (Class C) Tanusitvanykiado
  NetLock Kozjegyzoi (Class A) Tanusitvanykiado
  NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
  NetLock Uzleti (Class B) Tanusitvanykiado
  Staat der Nederlanden Root CA
  TC TrustCenter Class 2 CA II
  TC TrustCenter Universal CA I
  TDC Internet Root CA
  Verisign Class 1 Public Primary Certification Authority - G2
  Verisign Class 3 Public Primary Certification Authority
  Verisign Class 3 Public Primary Certification Authority - G2
- New added CAs:
  CA WoSign ECC Root
  Certification Authority of WoSign
  Certification Authority of WoSign G2
  Certinomis - Root CA
  Certum Trusted Network CA 2
  COMODO RSA Certification Authority
  DigiCert Assured ID Root G2
  DigiCert Assured ID Root G3
  DigiCert Global Root G2
  DigiCert Global Root G3
  DigiCert Trusted Root G4
  Entrust Root Certification Authority - EC1
  Entrust Root Certification Authority - G2
  IdenTrust Commercial Root CA 1
  IdenTrust Public Sector Root CA 1
  OISTE WISeKey Global Root GB CA
  QuoVadis Root CA 1 G3
  QuoVadis Root CA 2 G3
  QuoVadis Root CA 3 G3
  Staat der Nederlanden EV Root CA
  Staat der Nederlanden Root CA - G3
  S-TRUST Universal Root CA
  TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
  TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
  USERTrust ECC Certification Authority
  USERTrust RSA Certification Authority
- diff-from-upstream-2.2.patch:
  Temporary reenable some root ca trusts, as openssl/gnutls
  have trouble using intermediates as root CA.
  - GTE CyberTrust Global Root
  - Thawte Server CA
  - Thawte Premium Server CA
  - ValiCert Class 1 VA
  - ValiCert Class 2 VA
  - RSA Root Certificate 1
  - Secure Server CA
  - America Online Root Certification Authority 1
  - America Online Root Certification Authority 2
- Updated to 2.2 (bnc#888534)
  - The following CAs were removed:
    + America_Online_Root_Certification_Authority_1
    + America_Online_Root_Certification_Authority_2
    + GTE_CyberTrust_Global_Root
    + Thawte_Premium_Server_CA
    + Thawte_Server_CA
  - The following CAs were added:
    + COMODO_RSA_Certification_Authority
    codeSigning emailProtection serverAuth
    + GlobalSign_ECC_Root_CA_-_R4
    codeSigning emailProtection serverAuth
    + GlobalSign_ECC_Root_CA_-_R5
    codeSigning emailProtection serverAuth
    + USERTrust_ECC_Certification_Authority
    codeSigning emailProtection serverAuth
    + USERTrust_RSA_Certification_Authority
    codeSigning emailProtection serverAuth
    + VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal
  - The following CAs were changed:
    + Equifax_Secure_eBusiness_CA_1
    remote code signing and https trust, leave email trust
    + Verisign_Class_3_Public_Primary_Certification_Authority_-_G2
    only trust emailProtection
- version 4.2.1-1
- Update package version to 4.2.0
- version 4.1.1-1
- Initial package release
- version 4.2.1-1
- Update package version to 4.2.0
- version 4.1.1-1
- Initial package release
- Install the maven pom files in order to generate correctly the
  mvn(...) provides.
- Modified patch:
  * cal10n-0.7.7-sourcetarget.patch
    + Build with source and target 8 to prepare for a possible
    removal of 1.6 compatibility
- Run fdupes on documentation
- Added patch:
  * cal10n-0.7.7-sourcetarget.patch
  - Force java source and target levels to 1.6 in order to allow
    building with jdk9
- Update to version 0.7.7
  + Correctly read escaped ':', '#', '!', '=' characters. The behavior
  is documented in the Properties javadocs (
  This fixes CAL-37 (
- Update build.xml.tar.bz2, rename it to build.xml-$VERSION and
  recompress it in xz format
- Add a requirement to xz
- Depend on junit not junit4
- Move from jpackage-utils to javapackage-tools
- fix bnc#759912 - Manual for cal10n 0.7.4 uses CC-BY-SA-NC-2.5 license
- format spec for Factory
- fix build.xml files to build in openSUSE 12.1 and newer.
  MANIFEST contained an absolute path in maven-build.xml
- Fix group for javadoc subpackage
- remove id generation for buildroot (used in Fedora)
- Un-mavenize. Build with ant
- Update to catatonit v0.1.5, which fixes two bugs where catatonit would hang
  endlessly when pid1 died in very specific ways. bsc#1176155
- Update to catatonit v0.1.4, which includes support for "/-g"/.
- Update to catatonit v0.1.3, which includes a fix for docker compatiblity so
  that dockerd doesn't give spurrious warnings.
- Fix build to correctly build a static binary (which will allow it to work in
  all containers). This was caused by forgetting to include
  'glibc-devel-static'. I've added a check to ensure it doesn't happen by
  accident again.
- Add catatonit-rpmlintrc to include filters for "/static binary"/ warnings,
  since this is intentional.
- Update package descriptions.
- Update to catatonit v0.1.2 and update links to point to openSUSE repo.
- Update to catatonit v0.1.1, which includes a fix for the libtool requirement.
  This lets us build on much older distributions.
- Initial import of catatonit v0.1.0.
- Upgrade to upstream 3.2.4
- Generate and customize ant build system
- Removed patches:
  * cglib-build_xml.patch
  * fix-javadoc.patch
    + Not needed any more
- Build with objectweb-asm >= 5 in order not get stuck on a
  particular asmN dependency
- Upgrade to version 3.1, the last one buildable with ant
- Depend on asm5
- Modified patch:
  * cglib-build_xml.patch
    + rediff to changed context
- Added patch:
  * fix-javadoc.patch
    + Do not import with wildcards a package that has no classes
    + Fixes javadoc generation
- Add aliases to the maven artifact
- Depend on asm3 and not objectweb-asm, since the binaries
  are equivalent.
- Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility
- Specify java source and target 1.6 in order to allow building
  with jdk9
- Fix javadoc generation
- Clean spec file
- Update package dependencies
- Fix build with new javapackages-tools
- add javapackages-tools to build requires
- Update to version 3.0
  * add flag to enable policy optimization
  * allow to write policy to stdout
  * remove a redundant if-condition
- Add extern_te_assert_t.patch to mark te_assert_t as extern.
  Prevents build failures on gcc10 (bsc#1160259)
- Update to version 2.9
  * Add option to sort contexts when creating a binary policy
  * Update manpage
  * check the result value of hashtable_search
  * destroy the class datum if it fails to initialize
  * remove extraneous policy build noise
- Enable parallel build. Remove ineffective LDFLAGS="/$RPM_LD_FLAGS"/
  (RPM_LD_FLAGS is always empty).
- Source URL was invalid (bsc#1115052)
- Update to version 2.8 (bsc#1111732).
  For changes please see
- Dropped checkpolicy-build.patch, not necessary anymore
- Removed BuildRequires for byacc. It builds without and this blocks
  building on SLE 15
- checkpolicy-build.patch was added in the former change to fix build
- Rebase to 2.7.
  For changes please see
- Update to version 2.6. Notable changes:
  * Add types associated to a role in the current scope when parsing
  * Extend checkpolicy pathname matching
  * Set flex as default lexer
  * Fix checkmodule output message
  * Fail if module name different than output base filename
  * Add support for portcon dccp protocol
- Use plain flex
- Trim/update description
- Without bug number no submit to SLE 12 SP2 is possible, so to make
  sle-changelog-checker happy: bsc#988977
- update version 2.5
  * Add neverallow support for ioctl extended permissions
  * fix double free on name-based type transitions
  * switch operations to extended perms
  * policy_define.c: fix compiler warnings
  * Remove uses of -Wno-return-type
  * Fix -Wreturn-type issues
  * dispol: display operations as ranges
  * dispol: Extend to display operations
  * Add support for ioctl command whitelisting
  * Add option to write CIL policy
  * Add device tree ocontext nodes to Xen policy
  * Widen Xen IOMEM context entries
  * Expand allowed character set in paths
  * Fix precedence between number and filesystem tokens
  * dispol/dismod fgets function warnings fix
- changes in 2.4
  * Fix bugs found by hardened gcc flags
  * Add missing semicolon in cond_else parser rule
  * Clear errno before call to strtol(3)
  * Global C++11 compatibility
  * Allow libsepol C++ static library on device
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
  but needed for calculating refids from IPv6 addresses as part of
  the NTP protocol (rfc5905). As this is a non-cryptographic use of
  MD5 we can use our own implementation without violating FIPS
  rules: chrony-refid-internal-md5.patch .
- boo#1162964, bsc#1183783, clknetsim-glibc-2.31.patch:
  Fix build with glibc-2.31
- bsc#1184400, chrony-pidfile.patch:
  Use /run instead of /var/run for PIDFile in chronyd.service.
- Integrate three upstream patches to fix an infinite loop in
  chronyc (bsc#1171806).
  * chrony-select-timeout.patch
  * chrony-gettimeofday.patch
  * chrony-urandom.patch
- Use iburst in the default pool statements to speed up initial
  synchronisation (bsc#1172113).
- Read runtime servers from /var/run/netconfig/chrony.servers to
  fix bsc#1099272 and bsc#1161119.
- Move chrony-helper to /usr/lib/chrony/helper, because there
  should be no executables in /usr/share.
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
  preconfigure chrony to use NTP servers from the  respective
  pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
  preconfigured servers.
- bsc#1159840: Add chrony-ntp-era-split.patch from upstream to fix
  "/make check"/ builds made after 2019-12-20. Existing installations
  do not need to be updated as the bug only affects the test, but
  not chrony itself.
- Fix ordering and dependencies of chronyd.service, so that it is
  started after name resolution is up (bsc#1129914).
- Add chrony-service-ordering.patch
- Make sure to generate correct sysconfig file (boo#1117147)
- Added /etc/chrony.d/ directory to the package (bsc#1083597)
  Modifed default chrony.conf to add "/include /etc/chrony.d/*"/
- Use %license instead of %doc [bsc#1082318]
- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.
- Enable pps support
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Cleanup spec file:
  * Drop pre systemd support
  * Run spec-cleaner
- Modified the spec file to comment out the pool statement
  in chrony.conf if _not_ building for openSUSE. (bsc#1063704).
- refresh patches to apply cleanly again
  - chrony-config.patch
  - chrony-fix-open.patch
- Upgraded to version 3.2:
  * Improve stability with NTP sources and reference clocks
  * Improve stability with hardware timestamping
  * Improve support for NTP interleaved modes
  * Control frequency of system clock on macOS 10.13 and later
  * Set TAI-UTC offset of system clock with leapsectz directive
  * Minimise data in client requests to improve privacy
  * Allow transmit-only hardware timestamping
  * Add support for new timestamping options introduced in Linux 4.13
  * Add root delay, root dispersion and maximum error to tracking log
  * Add mindelay and asymmetry options to server/peer/pool directive
  * Add extpps option to PHC refclock to timestamp external PPS signal
  * Add pps option to refclock directive to treat any refclock as PPS
  * Add width option to refclock directive to filter wrong pulse edges
  * Add rxfilter option to hwtimestamp directive
  * Add -x option to disable control of system clock
  * Add -l option to log to specified file instead of syslog
  * Allow multiple command-line options to be specified together
  * Allow starting without root privileges with -Q option
  * Update seccomp filter for new glibc versions
  * Dump history on exit by default with dumpdir directive
  * Use hardening compiler options by default
  Bug fixes
  * Don't drop PHC samples with low-resolution system clock
  * Ignore outliers in PHC tracking, RTC tracking, manual input
  * Increase polling interval when peer is not responding
  * Exit with error message when include directive fails
  * Don't allow slash after hostname in allow/deny directive/command
  * Try to connect to all addresses in chronyc before giving up
- Upgraded clknetsim to version 71dbbc5.
- Reworked chrony-fix-open.patch to fit the new version
- Upgraded to version 3.1:
  - Enhancements
  - Add support for precise cross timestamping of PHC on Linux
  - Add minpoll, precision, nocrossts options to hwtimestamp directive
  - Add rawmeasurements option to log directive and modify measurements
    option to log only valid measurements from synchronised sources
  - Allow sub-second polling interval with NTP sources
  - Bug fixes
  - Fix time smoothing in interleaved mode
- Upgraded clknetsim to version ce89a1b.
- Reworked the following patches to fit the new versions
  - chrony-config.patch
  - chrony-service-helper.patch
  - chrony-fix-open.patch
- Upgraded to version 3.0:
  - Enhancements
  - Add support for software and hardware timestamping on Linux
  - Add support for client/server and symmetric interleaved modes
  - Add support for MS-SNTP authentication in Samba
  - Add support for truncated MACs in NTPv4 packets
  - Estimate and correct for asymmetric network jitter
  - Increase default minsamples and polltarget to improve stability with very low jitter
  - Add maxjitter directive to limit source selection by jitter
  - Add offset option to server/pool/peer directive
  - Add maxlockage option to refclock directive
  - Add -t option to chronyd to exit after specified time
  - Add partial protection against replay attacks on symmetric mode
  - Don't reset polling interval when switching sources to online state
  - Allow rate limiting with very short intervals
  - Improve maximum server throughput on Linux and NetBSD
  - Remove dump files after start
  - Add tab-completion to chronyc with libedit/readline
  - Add ntpdata command to print details about NTP measurements
  - Allow all source options to be set in add server/peer command
  - Indicate truncated addresses/hostnames in chronyc output
  - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
  - Bug fixes
  - Fix crash with disabled asynchronous name resolving
- Upgraded clknetsim to version 6bb6519.
- Upgraded to version 2.4.1:
  - Bug fixes
  - Fix processing of kernel timestamps on non-Linux systems
  - Fix crash with smoothtime directive
  - Fix validation of refclock sample times
  - Fix parsing of refclock directive
- update to 2.4:
  - Enhancements
  - Add orphan option to local directive for orphan mode
    compatible with ntpd
  - Add distance option to local directive to set activation
    threshold (1 second by default)
  - Add maxdrift directive to set maximum allowed drift of system
  - Try to replace NTP sources exceeding maximum distance
  - Randomise source replacement to avoid getting stuck with bad
  - Randomise selection of sources from pools on start
  - Ignore reference timestamp as ntpd doesn't always set it
  - Modify tracking report to use same values as seen by NTP
  - Add -c option to chronyc to write reports in CSV format
  - Provide detailed manual pages
  - Bug fixes
  - Fix SOCK refclock to work correctly when not specified as
    last refclock
  - Fix initstepslew and -q/-Q options to accept time from own
    NTP clients
  - Fix authentication with keys using 512-bit hash functions
  - Fix crash on exit when multiple signals are received
  - Fix conversion of very small floating-point numbers in
    command packets
  - Removed features
  - Drop documentation in Texinfo format
- update clknetsim to a5949fe for fixing a testsuite failure:
  - add IP_PKTINFO socket option
  - accept environment variables in make
  - fix building with FORTIFY_SOURCE
  - fix compiler warning
  - support multiple SHM refclocks
  - fix recv functions with new glibc headers
- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim
- drop patches:
  - chrony-include-termios.patch
  - make-105-ntpauth-more-reliable.patch
- drop buildrequires for texinfo and pre requires on the install
  info packages
- no longer use make install-docs: it only installed 0 byte html
- Provide ntp-daemon (bsc#973981)
- chrony-fix-open.patch: make sure _open and _close are initialized
  in open()/close() override, as libfreebl3 also calls from the
  the ELF constructor. FATE#319508
- enable mozilla-nss
- Use correct license
- Drop hardcoded dependency on libseccomp, it is detected during
- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun as it would lead to error.
- Change conditions for libseccom, we can use any version on SLE-12
- Removed %if for distributions that aren't building chrony.
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
  the patch is not particularly version-dependent.
- Added clknetsim for "/make check"/ processing.
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
  and running "/make check"/.
- Changed Buildrequires and Requires to specify the minimum level of
  libseccomp needed to build on s390x and ppc64le.
- Removed "/-Recommends: timedatex"/ since I couldn't find any instance
  of it anywhere in the build service.
- Modified the description to use some of the information from the
  chrony web site.
- Added chrony-include-termios.patch so that it will build on ppc64le.
- Added make-105-ntpauth-more-reliable.patch so that "/make check"/
  will not report a non-failure as a failure.
- Added --without-nss to ./configure to avoid "/interruption code
  0x2003B in chronyd"/ errors.
- Changed the symbolic links for rcchronyd and rcchronyd-wait to
  point to the actual location of the service command, not the symlink
  in /sbin.
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun.
- Cleanup spec file with spec-cleaner
- Prepare for submission to Factory (see fate#319508)
- update to 2.3
  - Enhancements
  - Add support for NTP and command response rate limiting
  - Add support for dropping root privileges on Mac OS X,
    FreeBSD, Solaris
  - Add require and trust options for source selection
  - Enable logchange by default (1 second threshold)
  - Set RTC on Mac OS X with rtcsync directive
  - Allow binding to NTP port after dropping root privileges on
  - Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
    is disabled
  - Resolve names in separate process when seccomp filter is
  - Replace old records in client log when memory limit is
  - Don't reveal local time and synchronisation state in client
  - Don't keep client sockets open for longer than necessary
  - Ignore poll in KoD RATE packets as ntpd doesn't always set it
  - Warn when using keys shorter than 80 bits
  - Add keygen command to generate random keys easily
  - Add serverstats command to report NTP and command packet
  - Bug fixes
  - Fix clock correction after making step on Mac OS X
  - Fix building on Solaris
- refreshed patches to apply cleanly again:
- update to 2.2.1
  Restrict authentication of NTP server/peer to specified key
- silence groupadd/useradd call and drop the shell from the user.
- update to 2.2
  see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
  longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
  changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir
- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
  * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
  container; (bsc#1183239); CVE-2021-20208.
- CVE-2020-14342: Shell command injection vulnerability in mount.cifs;
  (bsc#1174477); (bso#14442); CVE-2020-14342.
  * add 0013-CVE-2020-14342-mount.cifs-fix-shell-command-injectio.patch
- Fix invalid free in mount.cifs; (bsc#1152930).
  * add 0012-mount.cifs-Fix-invalid-free.patch
- Fix double-free in mount.cifs; (bsc#1149164).
  * add 0011-fix-doublefree.patch
- Update to cifs-utils 6.9; (bsc#1132087); (bsc#1136031).
  * adds fixes for Azure
  * new smbinfo utility
  * remove cifs-utils-6.8.tar.bz2
  * remove cifs-utils-6.8.tar.bz2.asc
  * add cifs-utils-6.9.tar.bz2
  * add cifs-utils-6.9.tar.bz2.asc
  * add 0001-smbinfo-Improve-help-usage-and-add-h-option.patch
  * add 0002-smbinfo-Add-bash-completion-support-for-smbinfo.patch
  * add 0003-getcifsacl-Add-support-to-accept-more-paths.patch
  * add 0004-getcifsacl-Fix-usage-message-to-include-multiple-fil.patch
  * add 0005-smbinfo-add-GETCOMPRESSION-support.patch
  * add 0006-getcifsacl-Add-support-for-R-recursive-option.patch
  * add 0007-smbinfo-add-bash-completion-support-for-getcompressi.patch
  * add 0008-mount.cifs.c-fix-memory-leaks-in-main-func.patch
  * add 0009-Zero-fill-the-allocated-memory-for-new-struct-cifs_n.patch
  * add 0010-Zero-fill-the-allocated-memory-for-a-new-ACE.patch
- Remove backports that are already in 6.9; (fate#325270); (bsc#1130528);
  * remove 0001-docs-cleanup-rst-formating.patch
  * remove 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
  * remove 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
  * remove 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
  * remove 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
  * remove 0006-cifs-utils-support-rst2man-3.patch
  * remove 0007-checkopts-report-duplicated-options-in-man-page.patch
  * remove 0008-mount.cifs.rst-more-cleanups.patch
  * remove 0009-mount.cifs.rst-document-vers-3-mount-option.patch
  * remove 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
  * remove allow-dns-resolver-key-to-expire.patch
  * remove suse-document-new-vers-default-SMB2.1.patch
- Remove dependency workaround regarding python2/python3
- Fix dependency failure on SLE15 regarding python2/python3.
- Allow cached DNS entry to expire; (fate#325270).
  * add allow-dns-resolver-key-to-expire.patch
- Document new SMB2.1+ defaults; (bsc#1130528).
  * be more verbose on mount errors, especially with EHOSTDOWN which
    is often returned on SMB version issues.
  * add suse-document-new-vers-default-SMB2.1.patch
- Fix python dependency stalemate by requiring python3 version of
- Update to cifs-utils 6.8.
  + document more mount options
  + man pages now generated from RST files
  + add python-docutils build dependency
  + update keyring to check tarball signature
  + remove 0001-manpage-correct-typos-and-spelling-mistakes.patch
  + remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Add typo corrections, better doc and configure fixes from upstream
  + add 0001-docs-cleanup-rst-formating.patch
  + add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
  + add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
  + add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
  + add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
  + add 0006-cifs-utils-support-rst2man-3.patch
  + add 0007-checkopts-report-duplicated-options-in-man-page.patch
  + add 0008-mount.cifs.rst-more-cleanups.patch
  + add 0009-mount.cifs.rst-document-vers-3-mount-option.patch
  + add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
- Cleanup spec file
  * assume SUSE vendor and SLE >= 11
- Update BuildIgnore to break build cycle samba-client <-> cifs-utils
- update to 6.7:
  * mount.cifs cleanups
- includes 6.6:
  * cleanup/overhaul of cifs.upcall krb5 credcache handling
- partial cleanup with spec-cleaner
- Document SMB3+ and new seal option; (fate#322075).
  + add patch 0001-manpage-correct-typos-and-spelling-mistakes.patch
  + add patch 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Get rid of init script on everything based off SLE12+ (bsc#1025471).
- Use https urls.
- Don't ignore libldb, libtalloc, libtevent, and samba-client-libs at build
  time; (bsc#966174).
- Update to cifs-utils 6.5.
  + mount.cifs: ignore x- mount options
  + minor build fixes; obsoletes include_paths.h_for__PATH_MOUNTED.patch
  + minor manpage fix
- Ignore samba-client-libs at build-time on post-22 Fedora systems.
- Add include_paths.h_for__PATH_MOUNTED.patch
- Use rccifs -> service symlink for proper status (bnc#908023).
- Remove dependency on gpg-offline as signature checking is implemented in the
  source validator.
- Add README.cifstab.migration to document the cifstab removal; (bnc#902947).
- Fix broken rccifs symbolic link.
- Remove dead code associated with cifstab file which is no longer used.
- upgrade to minor version forward-compatible with Hibernate 5.3
  - 1.3.4: #38: Add `Automatic-Module-Name` for JDK9 interoperability
  - 1.3.3: #33: "/ghost"/ type parameter in field
  - 1.3.2: #30: ArrayIndexOutOfBoundsException when resolving Object.class
  - 1.3.1 Fix a problem with caching of subtype-extended types, causing problems due to mutable `TypePlaceHolder`
- Remove:
  * classmate-1.3.0-jdk9.patch (obsoleted)
- Fix build for JDK9
- Add:
- Changed:
- Initial version
- Update to version 1.5:
  + Add support for GCE (bsc#1159460, bsc#1178486)
  + Improve default gateway determination
- Update to version 1.4:
  + copy routes from default routing table (bsc#1162705, bsc#1162707)
  + make CLOUD_NETCONFIG_MANAGE default configurable
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
  shortcut through the -mini flavors.
- Removed obsolete Group tag from spec file
- Update to version 1.3:
  + Fix IPv4 address handling on secondary NICs in Azure
- Update to version 1.2:
  + support AWS IMDSv2 token
- Update to version 1.1
  + fix use of GATEWAY variable (bsc#1157117, bsc#1157190)
  + remove secondary IPv4 address only when added by cloud-netconfig
  + simplify routing setup for single NIC systems (partly fixes
- Update to version 1.0:
  + pause and retry if API call throttling is detected in Azure
    (bsc#1135257 bsc#1135263)
- Update to version 0.9:
  + run cloud-netconfig periodically (bsc#1118783 bsc#1122013)
  + do not treat eth0 special wrt routing policies (bsc#1123008)
  + reduce timeout on metadata read (bsc#1112822)
- Update to version 0.7:
  + no persistent interface names in Azure (bsc#1095485)
- Added dependency on curl
- Use otherproviders() only on SLES 11 builds
- Remove dependency on udev-persistent-ifnames (bsc#1075484)
- Add missing Provides/Conflicts statements to spec file
- Prepare for SLE11 submission (bsc#1063292)
- Update to version 0.6:
  + Use tested and supported metadata API versions
- Update to version 0.5
  + New API version for Azure metadata server
  + Wait for the metadata server in EC2
- Update to version 0.4:
  Do not touch VF interfaces in Azure (bsc#1055553)
- Prepare for SLE submission (FATE#323820, bsc#1027212)
- Added conflict tags
- Fix requires for non-Leap platforms
- Initial version 0.3
- Avoid traceback when building tftp files for ppc arch system when boot_loader is not set (bsc#1185679)
- Added:
  * fix_issue_when_inherited_boot_loader_bsc1185679.patch
- Prevent some race conditions when writting tftpboot files and
  the destination directory is not existing (bsc#1186124)
- Added:
  * prevent-race-condition-writting-tftpboot-files-bsc1186124.patch
- Fix trail stripping in case of using UTF symbols (bsc#1184561)
- Added:
  * fix-trail-stripping-utf8.diff
- Update spec file to satisfy current rpmbuild (>=4.16) and make
  the build on Tumbleweed work again.
- Update tarball from upstream to remove the .pc quilt folder.
- Fix string replacement for @@xyz@@
- Better performing string replacements
- Added:
  * better-string-replacement-performance.diff
  * fix-string-replacement.diff
- Remove redundant '.json' suffix
- Added:
  * remove-redundant-json-suffix.diff
- Fixes usage of str.join()
- Added:
  * fix-for-old-str.join-usage.diff
- Add fence-agents package as requirement
- Fix position of wrong endif
- Add cobbler-tests subpackage for unit testing for openSUSE/SLE
- Adds LoadModule definitions for openSUSE/SLE
- Added:
  * load_module_apache_suse_fix.diff
- Switch to new refactored auth module.
- Added:
  * refactored_auth_module.diff
- Adding tornado dependency for cobbler tftpd again.
- cgi.parse_qs is deprecated. Using urllib instead.
- Added:
  * cgi_parse_qs_is_deprecated.diff
- Adds requirement for python-distro
- Removes Tornado as dependency and only recommends Ldap3
- Bring changelog in sync with Uyuni:
- Fixes template engine selection(bsc#1170462)
  Fixed mainline by commit 33c769e99
  D fix-template-engine-selection.patch
- Fixes a template rendering error (bsc#1169779)
  Fixed mainline by commit 5e5ef6c8c
  D fixes-a-template-rendering-error.patch
- use systemctl to restart cobblerd on logfile rotation (bsc#1169207)
  Mainline logrotate conf file uses already /sbin/service instead of
  outdated: /etc/init.d/cobblerd
- Fix cobbler sync for DHCP or DNS (bsc#1169553)
  Fixed mainline by commit 2d6cfe42da
  D fix_cobbler_sync_for_dhcp_or_dns.diff
- Signatures file now uses "/default_autoinstall"/ which fixes import
  problem happening with some distributions (bsc#1159010)
  Fixed mainline by commit 33d181199f0da1da
- Fix for kernel and initrd detection (bsc#1159010)
  Fixed mainline by commit 872f505f66c50059
- New:
  * For the distro there is now a parameter remote_boot_initrd and remote_boot_kernel ()
  * For the profile there is now a parameter filename for DHCP. (#2280)
  * Signatures for ESXi 6 and 7 (#2308)
  * The hardlink command is now detected more dynamically and thus more error resistant (#2297)
  * HTTPBoot will now work in some cases out of the bug. (#2295)
  * Additional DNS query for a case where the wrong record was queried in the nsupdate system case (#2285)
- Changes:
  * Enabled a lot of tests, removed some and implemented new. (#2202)
  * Removed not used files from the codebase. (#2302)
  * Exchanged mkisofs to xorrisofs. (#2296)
  * Removed duplicate code. (#2224)
  * Removed unreachable code. (#2223)
  * Snippet creation and deletion now works again via xmlrpc. (#2244)
  * Replace createrepo with createrepo_c. (#2266)
  * Enable Kerberos through having a case sensitive users.conf. (#2272)
- Bugfixes:
  * General various Bugfixes (#2331, )
  * Makefile usage and commands. (#2344, #2304)
  * Fix the dhcp template. (#2314)
  * Creation of the management classes and gPXE. (#2310)
  * Fix the scm_track module. (#2275, #2279)
  * Fix passing the netdevice parameter correctly to the linuxrc. (#2263)
  * powerstatus from cobbler now works thanks to a wrapper for ipmitool. (#2267)
  * In case the LDAP is used for auth, it now works with ADs. (#2274)
  * Fix passthru authentication. (#2271)
- Other:
  * Add Codecov. (#2229)
  * Documentation updates. (#2333, #2326, #2305, #2249, #2268)
  * Buildprocess:
  * Recreation and cleanup of Grub2. (#2278)
  * Fix small errors for openSUSE Leap. (#2233)
  * Fix rpmlint errors. (#2237)
  * Maximum compatibility for debbuild package creation. (#2255, #2292, #2242, #2300)
  * Fixes related to our CI Pipeline (#2254, #2269)
  * Internal Code cleanup (#2273, #2270)
- Breaking Changes:
  * Hash handling in users.digest file. (#2299)
- Removed not needed files in obs. This is now all mainline:
  D logrotate_cobbler
  D fix_hardcoded_libpath_for_websession.patch
  D fence_ipmitool.template
  D cobbler_management_mac.diff
- Added source files:
  A cobbler.obsinfo
  A cobbler-rpmlintrc
  D exclude_get-loaders_command.patch
  Spec file is mostly adopted to mainline spec file.
  Still it is not directly extracted from mainline tarball.
  First the remaining diff has to be submitted mainline.
- Change group to Productivity/Networking/Boot/Servers
- Disable any python_*_dependency_generator macros
  According to Tomas Chvatal they are much too experimental yet
  in OBS to be used. They have to be undefined, because of a half
  baken implementation in SLE 15 SP2 build env (defined but not
  properly implemented). At some point of time the introduced
  undefine python_*_dependency_generator
  will be conditionally removed via suse_version.
- Updated to version 3.1.1.
  * Introduce new packaging from upstream
  * Changelog see below
- New:
  * We are now having a cross-distro specfile which can be build in the OBS
    (#2220) - before rewritten it was improved by #2144 & #2174
  * Grub Submenu for net-booting machines (#2217)
  * Building the Cent-OS RPMs in Docker (#2190 #2189)
  * Reintroduced manpage build in (#2185)
  * mgmt_parameters are now passed to the dhcp template (#2182)
  * Using the standard Pyhton3 logger instead of a custom one (#2160 #2139 #2151)
  * Script for converting the settings file from 3.0.0 to 3.0.1 (#2154)
  * Docs now inside the repo instead of and improved with sphinx (#2117)
- Changes:
  * The default tftpboot directory is now /var/lib/tftpboot instead of previously /srv/tftpboot (#2220)
  * Distro signatures were adjusted where necessary (#2219 #2134)
  * Removed requirements.txt and placed the requirements in (#2204)
  * Display only entries in grub which are from the same arch (#2191 #2216)
  * Change the name of the cobbler manpage form cobbler-cli to cobbler back and move it to section 8 (#2188 #2186)
- Bugfixes:
  * Incremented Version to 3.1.1 from 3.0.1
  * S390 Support was cleaned up (#2207 #2178)
  * PowerPC Support was cleaned up (#2178)
  * Added a missing import while importing a distro with cobbler import (#2201)
  * Fixed a case where a stacktrace would be produced so pass none instead (#2203)
  * Rename of suse_kopts_textmode_overwrite to kops_overwrite to utils (#2143 #2200)
  * Fix rsync subprocess call (#2199 #2179)
  * Fixed an error where the template rendering did not work (#2176)
  * Fixed some cobbler import errors (#2172)
  * Wrong shebang in various scripts (#2148)
  * Fix some imports which fixes errors introduced by the remodularization (#2150 #2153)
- Other:
  * Issue Templates for Github (#2187)
- Update to latest git HEAD code base
  This version (from mainline so for quite a while already)
  also includes fixes for "/bsc#1149075"/ and bsc#1151875
  These patches are mainline already:
  D kopts-utils-path.diff
  D item-repo-import-fix.diff
  D no-system-in-kopts-call.diff
  This patch is going to be submitted mainline:
  A cobbler_management_mac.diff
- Fix up manpage creation: Do not zip manpages ourselves
  Thanks to namtrac.
- Fix for cobbler import and buildiso (bsc#1156574)
- Added:
  * kopts-utils-path.diff
  * no-system-in-kopts-call.diff
  * item-repo-import-fix.diff
- Update to latest git HEAD code base (commit fbebd758)
- Adjusted manpage creation (needs sphinx as BuildRequires)
- Switch to openSUSE latest_mulitarch_work for shortterm until
  everything is in place and submitted mainline
- started to switch to Sphinx manpage generation, but comment out.
  SuMa people must have done this already somewhere.
- Already mainline:
  D fix_module_renaming.diff
- Fix cobbler sync for dhcp and dns enabled due to latest module
  renaming patches
- Update to latest git HEAD
  - Fixes permission denied in apache2 context when trying to write
    cobbler log
  - Fixes a bad import in import_signature (item)
  - Fixes bad shebang bash path in (used in post section)
- Now track Github master branch
  WARNING: This release contains breaking changes for your settings file!
  * Notable changes:
  - Now using standard python logger
  - Updated dhcpd.template
- Removed fix_shebang.patch: now in upstream.
- added -s parameter to fdupes call to prevent hardlink across
- Update to latest v3.0.0 cobbler release
- Add previouly added patch: exclude_get-loaders_command.patch to
  the list of patches to apply.
- Fix log file world readable (as suggested by Matthias Gerstner)
  and change file attributes via attr in spec file
- Do not allow get-loaders command (download of third party
  provided network boot loaders we do not trust)
  A exclude_get-loaders_command.patch
- Add apache min version requires to 2.4 (due to mainline commit:
  Remove apache IfVersion tags from apache configs
- Fix Tumbleweed build where python2-Cheetah3 and python3-Cheetah3
  are build for a while by changing (Build- and) Requires from:
  Cheetah3 to python3-Cheetah3
- Setting test package group to a valid one
- Fix test files to be added to test package, not only the directory
- Remove general dir from file section: %{_datadir}
- Fix test package requires
  missing Requires: python3-pytest python3-pyflakes python3-pycodestyle
- Mainline fixes:
  3172d1df9b9cc8 Add missing help text in redhat_management_key field
  c8f5490e507a72 Set default interface if cobbler system add has no
  - -interface= param
  31a1aa31d26c4a Remove apache IfVersion tags from apache configs
- Updated to latest git master branch
  commit d43461b39073ac01a54a3f52be0b133d36cb8061
  Author: Jochen Breuer <>
  Date:   Fri May 10 16:41:32 2019 +0200
  Remove already mainline patches:
  D fix-login-error.patch
  D remove-newline-from-token.diff
  D fixes-distro-none-case.diff
  D return-the-name-of-the-unknown-method.patch
  D call-with-logger-where-possible.patch
  D fix-http-status-code.patch
  D create-system-directory-at-the-correct-place.patch
  D remodeled-distro-detection.diff
  D disable_nsupdate_enabled_by_default.diff
  D power_system_xmlrpc_api.patch
  D renamed-methods-alias.patch
  D changes-return-to-float.diff
  D revert-redhat-management-removal.patch
  D add-docker-integration-testing.diff
  D refactor-unittest-to-pytest.diff
  D renamed-methods-alias-part2.patch
  D changes-detection-to-distro-like-for-suse-distributions.diff
  D rhn-mngmnt-key-field-fix.diff
- Re-enabling build for cobbler-test package.
- Integrated fixes that came in from mainline from other products
  (to calm down obs regression checker):
  CVE-2011-4953, fate#312397, bsc#660126, bsc#671212, bsc#672471, bsc#682665
  bsc#687891, bsc#695955, bsc#722443, bsc#722445, bsc#757062, bsc#763610
  bsc#783671, bsc#790545, bsc#796773, bsc#811025, bsc#812948, bsc#842699
  bsc#846580, bsc#869371, bsc#884051, bsc#976826, bsc#984998
  Some older bugs need bnc# references as well:
  bnc#660126, bnc#671212, bnc#672471, bnc#682665
  bnc#687891, bnc#695955, bnc#722443, bnc#722445, bnc#757062, bnc#763610
  bnc#783671, bnc#790545, bnc#796773, bnc#811025, bnc#812948, bnc#842699
  bnc#846580, bnc#869371, bnc#884051
- Fix for redhat_management_key not being listed as a choice
  during profile rename (bsc#1134588)
- Added:
  * rhn-mngmnt-key-field-fix.diff
- Fixes distribution detection in for SLESo
- Added:
  * changes-detection-to-distro-like-for-suse-distributions.diff
- Moving to pytest and adding Docker test integration
- Added:
  * add-docker-integration-testing.diff
  * refactor-unittest-to-pytest.diff
- Additional compatability changes for old Koan versions.
- Modified:
  * renamed-methods-alias-part2.patch
- Old Koan versions not only need method aliases, but also need
  compatible responses
- Added:
  * renamed-methods-alias-part2.patch
- Add the redhat_managment_* fields again to enable templating in SUMA.
- Added:
  * revert-redhat-management-removal.patch
- Changes return of last_modified_time RPC to float
- Added:
  * changes-return-to-float.diff
- provide old name aliases for all renamed methods:
  - get_distro_for_koan     =>  get_distro_as_rendered
  - get_profile_for_koan    =>  get_profile_as_rendered
  - get_system_for_koan     =>  get_system_as_rendered
  - get_repo_for_koan       =>  get_repo_as_rendered
  - get_image_for_koan      =>  get_image_as_rendered
  - get_mgmtclass_for_koan  =>  get_mgmtclass_as_rendered
  - get_package_for_koan    =>  get_package_as_rendered
  - get_file_for_koan       =>  get_file_as_rendered
- Renamed:
  get_system_for_koan.patch => renamed-methods-alias.patch
- provide renamed method "/get_system_for_koan"/ under old name
  for old clients.
- Added:
  * get_system_for_koan.patch
- Bring back power_system method in the XML-RPC API
- Changed lanplus option to lanplus=true in fence_ipmitool.template
- Added:
  * power_system_xmlrpc_api.patch
- Changed:
  * fence_ipmitool.template
- Disables nsupdate_enabled by default
- Added:
  * disable_nsupdate_enabled_by_default.diff
- Fixes issue in distribution detection with "/lower"/ function call.
- Modified:
  * remodeled-distro-detection.diff
- Adds imporoved distribution detection. Since now all base products
  get detected correctly, we no longer need the SUSE Manager patch.
- Added:
  * remodeled-distro-detection.diff
- fix grub directory layout
- Added:
  * create-system-directory-at-the-correct-place.patch
- fix HTTP status code of XMLRPC service
- Added:
  * fix-http-status-code.patch
- touch /etc/genders when it not exists (bsc#1128926)
- Add patches to fix logging
- Added:
  * return-the-name-of-the-unknown-method.patch
  * call-with-logger-where-possible.patch
- Switching version schema from 3.0 to 3.0.0
- Fixes case where distribution detection returns None (bsc#1130658)
- Added:
  * fixes-distro-none-case.diff
- Removes newline from token, which caused authentication error (bsc#1128754)
- Added:
  * remove-newline-from-token.diff
- Added a patch which fixes an exception when login in with a non-root user.
- Added:
  * fix-login-error.patch
- Added a patch which fixes an exception when login in with a non-root user.
- Added:
  * fix-login-error.patch
- Remove patch merged at upstream:
  * 0001-return-token-as-string.patch
- change grub2-x86_64-efi dependency to Recommends
- grub2-i386pc is not really required. Changed to recommended
  to allow building for architectures other than x86_64
- Use cdrtools starting with SLE-15 and Leap-15 again. (bnc#1081739)
- Update cobbler loaders server hostname (bsc#980577)
- Update outdated apache config (bsc#956264)
- Replace builddate with changelog date to fix build-compare (bsc#969538)
- LOCKFILE usage removed on openSUSE (bnc#714618)
- Power management subsystem completely re-worked to prevent
  command-injection (CVE-2012-2395)
- Removed patch merged at upstream:
  * cobblerd_needs_apache2_service_started.patch
- Checking bug fixes of released products are in latest develop pkg:
  - remove fix-nameserver-search.fix; bug is invalid (bsc#1029276)
  - > not needed anymore
  - fix cobbler yaboot handling (bsc#968406, bsc#966622)
  - > no yaboot support anymore
  - support UEFI boot with cobbler generated tftp tree (bsc#1020376)
  - > upstream
  - Enabling PXE grub2 support for PowerPC (bsc#986978)
  - > We have grub2 support for ppc64le
  - (bsc#1048183) fix missing args and location for xen
  - > is in
  - no koan support anymore:
    bsc#969541, bsc#924118, bsc#967523
  - not installed (bsc#966841)
- These still have to be looked at:
  SUSE system as systemd only (bsc#952844)
  handle list value for kernel options
  correctly (bsc#973413)
  entry in pxe menu (bsc#988889)
- This still has to be switched off (at least in internal cobbler versions):
  Disabling 'get-loaders' command and 'check' fixed. bsc#973418
- Add python3-requests and removed old python2 requires:
  Requires:       python-PyYAML
  Requires:       python-urlgrabber
  (originally from
- Add explicity require to tftp, so it is used for both SLE
  and openSUSE (originally from
- Moved Recommends according to spec_cleaner
- Require latest apache2-mod_wsgi-python3 package
  This fixes interface to http://localhost/cblr/svc/...
- Use latest github cobbler/cobbler master branch in _service file
- cobblerd_needs_apache2_service_started.patch reverted, that is mainline
  D cobblerd_needs_apache2_service_started.patch
- Only recommend grub2-arm and grub2-ppc packages or we might not be
  able to build on factory where arm/ppc might not be built
- Remove genders package requires. A genders file is generated, but
  we do not need/use the genders package.
- Cleanup with spec-cleaner
- Update to latest cobbler version 3.0 mainline git HEAD version
  and remove already integrated or not needed anymore patches:
  D    cobbler-symlink.diff
  D    detect-parallel-cobbler-sync.patch
  D    escape-shell-parameters-provided-by-user-on-reposync.patch
  D    fix_subprocess_sp_encoding.patch
  D    fix-os-release.patch
  D    disable_not_relevant_checks_bnc_828453.patch
  D    update-outdated-apache-config-bsc956264.patch
  D    cve-2018-10931-forbid-exposure-of-private-methods-in.patch
  D    fix-broken-tests.diff
  D    fix-manpage-creation.patch
  D    do_not_use_grubby_compat_when_grub2_is_in_use.diff
  D    fix_hardcoded_libpath_for_websession.patch
  D    looking_for_cobbler_order_changed.diff
  D    grubby-compat.diff
  D    fix-restart-paravirt-xen.dif
  D    koan_old_cobbler_compat.diff
  D    fix_shebang.patch
  D    catch_cheetah_exception.patch
  D    fix-script-endpoint-security-bug-1030582.patch
  D    cobbler_web_config.diff
  D    fix-koan-port-guessing.dif
  D    cobblerd_needs_apache2_service_started.patch
  D    fix-powermanagement-status.dif
  D    check-access-token-when-calling-modify_setting-api-e.patch
  D    fix_sle_detection.patch
  D    fix_test_create_systems.diff
  D    fix_subprocess_sp_encoding.patch
  D    cobbler-2.4.2-reprovision-rhel-on-suse-bnc883487.patch
- Serial console support added, did some testing already
  Things should start to work as expected
- Add general grub2 support
- Put mkgrub.* into
- Add git date and commit to version string for now
- Add grub2 mkimage scripts:
  and generate grub executables with them in the %post section
* * Backported fixes from SLE12 SP3
- build server wants explicite package in BuildRequires; use tftp
- require tftp(server) instead of atftp
- cleanup: cobbler is noarch, so arch specific requires do not make
- SLES15 is using /etc/os-release instead of /etc/SuSE-release, use
  this one for checking also
- Add:
  * sles15.patch
- add sles15 distro profile (bsc#1090205)
- Add:
  * add-sles15-distro.patch
- fix signature for SLES15 (bsc#1075014)
- Updated:
  * add-sles15-distro.patch
- fix signature for SLES15 (bsc#1075014)
- Updated:
  * add-sles15-distro.patch
  Missing fixes
  This SLE fixes are missing.
  The reason for this is that koan got split out into a separate
  package, these changes (changelog entries) therefore are not relevant
  for this package anymore:
  Koan specific:
- fix koan wait parameter initialization
  * fix-wait.patch
- Fix koan shebang
- Add:
  * fix-usr-bin-env-bash-koan.diff
  But these patches still have to be double checked and
  probably applied to current cobbler sources.
  The patches are still added in the package, but do not
  get patched. If this work has been done, these changelog
  entries should show up in the
  * * Backported fixes from SLE12 SP3
  section above to please maintenance and "/factory first"/
  release checking tools:
  cobbler specific (still have to be done):
- Escape shell parameters provided by the user for the
  reposync action (CVE-2017-1000469) (bsc#1074594)
- Added:
  * escape-shell-parameters-provided-by-user-on-reposync.patch
- detect if there is already another instance of "/cobbler sync"/
  running and exit with failure if so (bsc#1081714)
- Add:
  * detect-parallel-cobbler-sync.patch
- do not try to hardlink to a symlink. The result will be a
  dangling symlink in the general case (bsc#1097733)
- Added:
  * cobbler-symlink.diff
- fix kernel options when generating bootiso (bsc#1101670)
- Added:
  * cobbler-buildiso-list-to-string.patch
- Refreshed:
  * cobbler-symlink.diff
- fix service restart after logrotate for cobblerd (bsc#1113747)
- rotate cobbler logs at higher frequency to prevent disk fillup
- Forbid exposure of private methods in the API (CVE-2018-10931)
  (CVE-2018-1000225) (bsc#1104287) (bsc#1104189) (bsc#1105442)
- Check access token when calling 'modify_setting' API endpoint
  (bsc#1104190) (bsc#1105440) (CVE-2018-1000226)
- Added:
  * check-access-token-when-calling-modify_setting-api-e.patch
  * cve-2018-10931-forbid-exposure-of-private-methods-in.patch
- Escape shell parameters provided by the user for the
  reposync action (CVE-2017-1000469) (bsc#1074594)
- Added:
  * escape-shell-parameters-provided-by-user-on-reposync.patch
- Use cdrtools starting with SLE-15 and Leap-15 again.
- Cleanup of the spec file.
- fix creation of manpages:
    option '--release "/"/' resulted in empty man pages
- added patch:
  * fix-manpage-creation.patch
- Update to latest stable version of cobbler (2.8.2)
  * many changes since 2.6.6. see:
- rebase patches
  * koan_old_cobbler_compat.diff
  * disable_not_relevant_checks_bnc_828453.patch
  * update-outdated-apache-config-bsc956264.patch
    + potentionally fixed in 3d4db162c7b7c0fe7de00c30fcb81798b7db5039
- remove fix-cobbler-loaders-server-bsc980577.patch
  * fixed in 77328c0b05d37878f13704efa31e4daa162fda12
- remove vendor-files.tar.bz2
  * use built in manpage instead of vendored one
  * add cobbler_firewall_settings to package root
- use py macros to do installation
- fix script endpoint security bug CVE-2016-9605 (bsc#1030582)
  * fix-script-endpoint-security-bug-1030582.patch
- fix to identify SUSE OS correctly bsc#1046679
  * fix-os-release.patch
- Recommend fence-agents for broader power switch support
- Update cobbler loaders server hostname bsc#980577
  * fix-cobbler-loaders-server-bsc980577.patch
- Update outdated apache config bsc#956264
  * update-outdated-apache-config-bsc956264.patch
- Replace builddate with changelog date to fix build-compare (bsc#969538)
- Added 'fix_test_create_systems.diff': fixes the "/create_systens"/ unit test
- Fix runtime dependency: ensure the yaml module is available.
- Install the right cobblerd.service file
- Do not ship cobbler_web.conf inside of the cobbler package, get rid
  of part of our patches to,
- Added new patch required to fix the broken unit tests:
  * fix-broken-tests.diff
- Removed another no longer needed patch:
  * fix-textmode-for-SUSE.dif
- Update to latest stable version of cobbler (2.6.6)
- Removed no longer needed patches
  * bnc_877009.patch
  * cobbler-2.4.2-Fix-koan-s-get_insert_script.patch
  * fix-broken-tests.diff
  * fix-initscript.diff
  * suse_config.diff
- Fixed old patches to apply against the new code:
  * catch_cheetah_exception.patch
  * grubby-compat.diff
  * setup_py.diff
- Fix the broken unit tests
- Created sub package for unit tests
- use fdupes only on SUSE
- Fix for re-installation of machines on SLE with static
  network configuration (bnc#883487)
- Added patches:
  * cobbler-2.4.2-Fix-koan-s-get_insert_script.patch
  * cobbler-2.4.2-reprovision-rhel-on-suse-bnc883487.patch
- fix port guessing in koan (bsc#855389)
  * fix-koan-port-guessing.dif
- add "/copy-default"/ option to grubby-compat (bsc#855389)
- handle elilo in SUSE (bsc#855389)
- fix wrong option "/text"/ in SUSE environment (bsc#901058)
  * fix-textmode-for-SUSE.dif
- Fix build on CentOS 8
- Fix build with java9
- Add:
  * concurrent-1.3.4-jdk9.patch
- Change:
- use SPDX for license names
- don't use icecream
- use source="/1.4"/ and target="/1.4"/ for build with java 1.5
- converted neededforbuild to BuildRequires
- Adjustments in the spec file.
- Current version 1.3.4 from
- update to version 1.3.4
- don't use icecream
- Fix prerequires of javadoc subpackage
- Initial package created with version 1.3.2 (JPackage 1.5)
- Initial version
- Add patch for CVE-2021-32760. bsc#1188282
  + bsc1188282-use-chmod-path-for-checking-symlink.patch
- Drop long-since upstreamed patch, originally needed to fix i386 builds on
  - 0001-makefile-remove-emoji.patch
- Update to containerd v1.4.4, to fix CVE-2021-21334.
- Update to handle the docker-runc removal, and drop the -kubic flavour.
  bsc#1181677 bsc#1181749
- Update to containerd v1.4.3, which is needed for Docker v20.10.2-ce.
- Install the containerd-shim* binaries and stop creating
  docker-containerd-shim because that isn't used by Docker anymore.
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and
  fixes CVE-2020-15257. bsc#1178969 bsc#1180243
- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce.
  boo#1176708 bsc#1177598 CVE-2020-15157
- Refresh patches:
  * 0001-makefile-remove-emoji.patch
- Use Go 1.13 for build.
- Update to containerd v1.2.13, which is required for Docker 19.03.11-ce.
- Update to containerd v1.2.10, which is required for Docker 19.03.3-ce.
  bsc#1153367 bsc#1157330
- Update to containerd v1.2.6, which is required for Docker v18.09.7-ce.
- Remove containerd-test (it's not useful for actual testing).
- Update to containerd v1.2.5, which is required for v18.09.5-ce.
  bsc#1128376 boo#1134068
- Update containerd to v1.2.4
  * cri: Set /etc/hostname
  * cri: Fix env performance issue
  * runc updated to 6635b4f0c6af3810594d2770f662f34ddc15b40d to solve
    bsc#1121967 CVE-2019-5736
  * cri updated to da0c016c830b2ea97fd1d737c49a568a816bf964
  * Windows: NewDirectIOFromFIFOSet
  * Changelogs from previous versions also included in this update:
- Update to containerd v1.2.2, which is required for Docker v18.09.1-ce.
  * Fix rare deadlock on FIFO creation with timeout
  * Fix a bug that a container can't be stopped or inspected when its
    corresponding image is deleted
  * Fix a bug that the cri plugin handles containerd events outside of namespace
  more changes at:
  Changelogs from previous versions also included in this update:
- Remove required_dockerrunc commit pinning, as it just lead to issues.
- Remove upstreamed patches.
  - 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Disable leap based builds for kubic flavor. bsc#1121412
- Update go requirements to >= go1.10 to fix
  * bsc#1118897 CVE-2018-16873
    go#29230 cmd/go: remote command execution during "/go get -u"/
  * bsc#1118898 CVE-2018-16874
    go#29231 cmd/go: directory traversal in "/go get"/ via curly braces in import paths
  * bsc#1118899 CVE-2018-16875
    go#29233 crypto/x509: CPU denial of service
- Add backport of, which is
  required for us to build containerd on i586 SLE-12 (where /bin/sh doesn't
  like emoji in shell scripts). bsc#1102522 bsc#1113313
  + 0001-makefile-remove-emoji.patch
- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
- Merge -kubic packages back into the main Virtualization:containers packages.
  This is done using _multibuild to add a "/kubic"/ flavour, which is then used
  to conditionally compile patches and other kubic-specific features.
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
  to work with Docker and containerd. fate#325877
- Update to containerd v1.1.1, which is the required version for the Docker
  v18.06.0-ce upgrade. bsc#1102522
- Add backport of to make
  the man page no longer pollute the global namespace.
  + 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Remove the following patch since it has already been merged upstream.
  - bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Remove systemd-related files and add docker-containerd-* symlinks; this
  aligns with the upstream defaults where dockerd will execute
  docker-containerd. Version upgrades of docker are expected to work more
  smoothly as much of the upgrade logic is implemented in dockerd.
- Add containerd-rpmlintrc (or containerd-kubic-rpmlintrc) to deal with
  /usr/src/containerd/* rpmlint errors (which don't affect normal users of this
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
  and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
  testing has been far more useful. boo#1095817
- Review obsoletes tag to fix bsc#1080978
- Put containerd under the podruntime slice. This the recommended
  deployment to allow fine resource control on Kubernetes.
- Add ${version} to equivalent non-kubic package provides
- Add Provides for equivalent non-kubic packages
- do not build on s390, only on s390x (no go on s390)
- Fix build with RPM 4.14: exclude is not meant for files to NOT be
  packaged, but should only be used if the files are to be excluded
  from a glob when they end up in a different package. Rather
  remove the unwanted files in the install section.
- Update to containerd@06b9cb35161009dcb7123345749fef02f7cea8e0, which is
  requried by Docker 17.09.1_ce.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Set --start-timeout=2m by default to match upstream. bsc#1064926
- Use the upstream makefile so that Docker can get the commit ID in `docker
  info`. This also will avoid possible future warnings being spit out like
  bsc#1065109 and boo#1053532.
- Backport, which is
  required for the above fix. bsc#1065109 boo#1053532
  + bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Update to containerd@3addd840653146c90a254301d6c3a663c7fd6429, which is
  required by Docker 17.07.0_ce (this commit is effectively v0.2.9 with a few
  bugfixes missing).
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
- change dependency to docker-runc
- fix golang requirement to 1.7 for the subpackages
- fix golang requirement to 1.7
- Replace %__-type macro indirections
- update containerd to the commit version needed for
  docker-v17.04.0-ce (bsc#1034053)
  fix bsc#1032769: containerd spurious messages filling journal
- make sure this package is being built with go 1.7
- remove the go_arches macro because we are using go1.7 which
  is available in all archs
- Set TasksMax=infinity to make sure runC doesn't start failing randomly.
- update to docker 1.13.0 requirement
- Update docker to the version used in Docker 1.12.6. This is necessary to fix
  CVE-2016-9962 (bsc#1012568).
- update containerd to the version used in docker 1.12.5 (bsc#1016307).
  This fixes bsc#1015661
- fix runc version
  fix bsc#1009961
- fix version so that it contains a sequence number and zypper does
  not think is a downgrade
- fix bsc#1006368: docker/containerd is broken when installed by
  SuSE Studio in an appliance: We were missing the
    Requires(post): %fillup_prereq
- update runc requirement to 02f8fa7863dd3f82909a73e2061897828460d52f
  (see RUNC_COMMIT in Dockerfile)
- update to commit 0366d7e which is the one required for docker-1.12.2
- fix go_arches definition: use global instead of define, otherwise
  it fails to build
- Remove GOPATH at the end of the GOPATH assignment
  cause GOPATH is empty and if we do that, we get the path "/"/
  appended, which causes gcc6-go to complain
- add go_arches in project configuration: this way, we can use the
  same spec file but decide in the project configuration if to
  use gc-go or gcc-go for some archs.
- update to v2.3.0 (bsc#995058)
- Remove patches which were already merged upstream:
  * socket-activation-01-vendor.patch
  * socket-activation-02-daemon.patch
  * socket-activation-03-ctr.patch
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
- bump git commit id to the one required by docker v1.12.0
- run test during build
- only run tests on architectures that provide the go list and got test tools
- add aarch64 to go arches
- Add containerd-test package which contains the source code and the test. This
  package will be used to run the integration tests.
- Simplify package build and check sections: Instead of symlinking we default to
  cp -avr. go list gets confused by symlinks hence, we need to copy the source
  code anyway if we want to run unit tests during package build at some point.
* Explicitly state the version dependency for runC, to avoid potential
  issues with incompatible component versions. These must be updated
  * each time we do a release*. Unfortunately we cannot create a hard
  dependency because that would conflict with Docker, and was a mistake
  on upstream's part. bsc#993847
* Set --runtime option specifically to runC. bsc#978260
* Update to containerd v0.2.2. (bsc#989566 FATE#320763)
  * Includes updates to the out-of-tree patches.
* Remove MountFlags=slave from containerd.service. This causes many issues with
  interactions with Docker.
* Added /usr/sbin/rccontainerd symlink as per suse-missing-rclink.
  * Updated socket activation patches to use the same patchset that was merged
  upstream (
  * socket-activation-01-vendor.patch
  * socket-activation-02-daemon.patch
  * socket-activation-03-ctr.patch
  * Removed aarch64 that was patched upstream:
  - fix-aarch64-epoll.patch
  * Update containerd to 0.2.1. Upstream changelog:
  * Fixes for cgroup memory updates and process labeling.
  * Truncate the event log on disk and in memory so that it does not
    grow forever.  This is mainly used for higher levels to receive past
    events if they miss any.
* Use the gc compiler for aarch64 builds.
  * Add a patch to fix the new aarch64 build support, which has not yet been
  merged upstream (
  + fix-aarch64-epoll.patch
  * Rebase the socket activation patchset which has yet to be merged
  * socket-activation-01-vendor.patch
  * socket-activation-02-daemon.patch
  * socket-activation-03-ctr.patch
  * Update to containerd 0.2.0. Changelog:
  + Add Limit to PidsStats
  + Add timeout flag for container start times.
  + Add timeout option for GRPC connection.
  + Add no_pivot_root support.
  + Add runtimeArgs to pass to shim
  * Move epoll syscall to a separate package so we can build on aarch64.
  * Fix ctr termios restoration isssues.
  * Several bug fixes.
  - Remove dependencies on larger packages.
* Use socket activation with the containerd-daemon. This requires a
  not-yet-upstream patchset (
  + socket-activation-01-vendor.patch
  + socket-activation-02-daemon.patch
  + socket-activation-03-ctr.patch
  * Remove MountFlags=slave since it's not relevant to containerd and might cause
  issues in the future.
  * Update to containerd 0.1.0. This required quite a few fixes.
* Add initial packaging of containerd 0.0.5.
  * Add service and sysconfig files.
  * Separately package the client from the server.
  * Install to /usr/sbin.
- prepare usrmerge (boo#1029961)
- gnulib-test-avoid-FP-perror-strerror.patch: Add patch to
  avoid false-positive error in gnulib tests 'test-perror2' and
  'test-strerror_r', visible on armv7l.
- coreutils.spec: Reference the patch.
- Drop suse-module-tools BuildRequires: this was used for the macro
  regenerate_initrd_post/posttrans, which have been moved to
  rpm-config-SUSE in Jan 2019.
- coreutils-gnulib-disable-test-float.patch: Add patch to temporarily
  disable the gnulib test 'test-float' failing on ppc and ppc64le.
- coreutils.spec: Reference the patch.  While at it, avoid conditional
  Patch and Source entries as that break cross-platform builds from
  source RPMs.
- add coreutils-use-python3.patch to minimally port away from
  python 2.x use of pyinotify in the testsuite
- Update to 8.32:
  * Noteworthy changes in release 8.32 (2020-03-05) [stable]
  * * Bug fixes
  cp now copies /dev/fd/N correctly on platforms like Solaris where
  it is a character-special file whose minor device number is N.
  [bug introduced in fileutils-4.1.6]
  dd conv=fdatasync no longer reports a "/Bad file descriptor"/ error
  when fdatasync is interrupted, and dd now retries interrupted calls
  to close, fdatasync, fstat and fsync instead of incorrectly
  reporting an "/Interrupted system call"/ error.
  [bugs introduced in coreutils-6.0]
  df now correctly parses the /proc/self/mountinfo file for unusual entries
  like ones with 'r' in a field value ("/mount -t tmpfs tmpfs /foo$'r'bar"/),
  when the source field is empty ('mount -t tmpfs "/"/ /mnt'), and when the
  filesystem type contains characters like a blank which need escaping.
  [bugs introduced in coreutils-8.24 with the introduction of reading
  the /proc/self/mountinfo file]
  factor again outputs immediately when stdout is a tty but stdin is not.
  [bug introduced in coreutils-8.24]
  ln works again on old systems without O_DIRECTORY support (like Solaris 10),
  and on systems where symlink ("/x"/, "/."/) fails with errno == EINVAL
  (like Solaris 10 and Solaris 11).
  [bug introduced in coreutils-8.31]
  rmdir --ignore-fail-on-non-empty now works correctly for directories
  that fail to be removed due to permission issues.  Previously the exit status
  was reversed, failing for non empty and succeeding for empty directories.
  [bug introduced in coreutils-6.11]
  'shuf -r -n 0 file' no longer mistakenly reads from standard input.
  [bug introduced with the --repeat feature in coreutils-8.22]
  split no longer reports a "/output file suffixes exhausted"/ error
  when the specified number of files is evenly divisible by 10, 16, 26,
  for --numeric, --hex, or default alphabetic suffixes respectively.
  [bug introduced in coreutils-8.24]
  seq no longer prints an extra line under certain circumstances (such as
  'seq -f "/%g "/ 1000000 1000000').
  [bug introduced in coreutils-6.10]
  * * Changes in behavior
  Several programs now check that numbers end properly.  For example,
  'du -d 1x' now reports an error instead of silently ignoring the 'x'.
  Affected programs and options include du -d, expr's numeric operands
  on non-GMP builds, install -g and -o, ls's TABSIZE environment
  variable, mknod b and c, ptx -g and -w, shuf -n, and sort --batch-size
  and --parallel.
  date now parses military time zones in accordance with common usage:
    "/A"/ to "/M"/  are equivalent to UTC+1 to UTC+12
    "/N"/ to "/Y"/  are equivalent to UTC-1 to UTC-12
    "/Z"/ is "/zulu"/ time (UTC).
  For example, 'date -d "/09:00B"/ is now equivalent to 9am in UTC+2 time zone.
  Previously, military time zones were parsed according to the obsolete
  rfc822, with their value negated (e.g., "/B"/ was equivalent to UTC-2).
  [The old behavior was introduced in sh-utils 2.0.15 ca. 1999, predating
  coreutils package.]
  ls issues an error message on a removed directory, on GNU/Linux systems.
  Previously no error and no entries were output, and so indistinguishable
  from an empty directory, with default ls options.
  uniq no longer uses strcoll() to determine string equivalence,
  and so will operate more efficiently and consistently.
  * * New Features
  ls now supports the --time=birth option to display and sort by
  file creation time, where available.
  od --skip-bytes now can use lseek even if the input is not a regular
  file, greatly improving performance in some cases.
  stat(1) supports a new --cached= option, used on systems with statx(2)
  to control cache coherency of file system attributes,
  useful on network file systems.
  * * Improvements
  stat and ls now use the statx() system call where available, which can
  operate more efficiently by only retrieving requested attributes.
  stat and tail now know about the "/binderfs"/, "/dma-buf-fs"/, "/erofs"/,
  "/ppc-cmm-fs"/, and "/z3fold"/ file systems.
  stat -f -c%T now reports the file system type, and tail -f uses inotify.
  * * Build-related
  gzip-compressed tarballs are distributed once again
- Refresh patches:
  * coreutils-disable_tests.patch
  * coreutils-getaddrinfo.patch
  * coreutils-i18n.patch
  * coreutils-invalid-ids.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch:
  * uniq: remove collation handling as required by newer POSIX; see
- coreutils-ls-restore-8.31-behavior-on-removed-dirs.patch:
  * Add patch for 'ls' to restore 8.31 behavior on removed directories.
- coreutils.spec:
  * Version: bump version.
  * %check: re-enable regular 'make check' for non-multibuild package.
  * reference the above new patch.
- coreutils.keyring:
  * Update from upstream (Savannah).
- disable single and testsuite builds in rings/staging
- remove duplicate "/coreutils"/ in flavor to make it look nicer in OBS
- minor: remove obsolete comment in spec file.
- switch to multibuild
- add coreutils-single subpackage that contains a single binary coreutils tool
  similar to busybox
- package LC_CTIME directories also in lang package
- split off doc package
- remove info macros, handled by file trigger nowadays
- Do not recommend lang package. The lang package already has a
- Update to 8.31:
  * Noteworthy changes in release 8.31 (2019-03-10) [stable]
  * * Bug fixes
  'base64 a b' now correctly diagnoses 'b' as the extra operand, not 'a'.
  [bug introduced in coreutils-5.3.0]
  When B already exists, 'cp -il A B' no longer immediately fails
  after asking the user whether to proceed.
  [This bug was present in "/the beginning"/.]
  df no longer corrupts displayed multibyte characters on macOS.
  [bug introduced with coreutils-8.18]
  seq no longer outputs inconsistent decimal point characters
  for the last number, when locales are misconfigured.
  [bug introduced in coreutils-7.0]
  shred, sort, and split no longer falsely report ftruncate errors
  when outputting to less-common file types.  For example, the shell
  command 'sort /dev/null -o /dev/stdout | cat' no longer fails with
  an "/error truncating"/ diagnostic.
  [bug was introduced with coreutils-8.18 for sort and split, and
  (for shared memory objects only) with fileutils-4.1 for shred]
  sync no longer fails for write-only file arguments.
  [bug introduced with argument support to sync in coreutils-8.24]
  'tail -f file | filter' no longer exits immediately on AIX.
  [bug introduced in coreutils-8.28]
  'tail -f file | filter' no longer goes into an infinite loop
  if filter exits and SIGPIPE is ignored.
  [bug introduced in coreutils-8.28]
  * * Changes in behavior
  cksum, dd, hostid, hostname, link, logname, sleep, tsort, unlink,
  uptime, users, whoami, yes: now always process --help and --version options,
  regardless of any other arguments present before any optional '--'
  end-of-options marker.
  nohup now processes --help and --version as first options even if other
  parameters follow.
  'yes a -- b' now outputs 'a b' instead of including the end-of-options
  marker as before: 'a -- b'.
  echo now always processes backslash escapes when the POSIXLY_CORRECT
  environment variable is set.
  When possible 'ln A B' now merely links A to B and reports an error
  if this fails, instead of statting A and B before linking.  This
  uses fewer system calls and avoids some races.  The old statting
  approach is still used in situations where hard links to directories
  are allowed (e.g., NetBSD when superuser).
  ls --group-directories-first will also group symlinks to directories.
  'test -a FILE' is not supported anymore.  Long ago, there were concerns about
  the high probability of humans confusing the -a primary with the -a binary
  operator, so POSIX changed this to 'test -e FILE'.  Scripts using it were
  already broken and non-portable; the -a unary operator was never documented.
  wc now treats non breaking space characters as word delimiters
  unless the POSIXLY_CORRECT environment variable is set.
  * * New features
  id now supports specifying multiple users.
  'date' now supports the '+' conversion specification flag,
  introduced in POSIX.1-2017.
  printf, seq, sleep, tail, and timeout now accept floating point
  numbers in either the current or the C locale.  For example, if the
  current locale's decimal point is ',', 'sleep 0,1' and 'sleep 0.1'
  now mean the same thing.  Previously, these commands accepted only
  C-locale syntax with '.' as the decimal point.  The new behavior is
  more compatible with other implementations in non-C locales.
  test now supports the '-N FILE' unary operator (like e.g. bash) to check
  whether FILE exists and has been modified since it was last read.
  env now supports '--default-signal[=SIG]', '--ignore-signal[=SIG]', and
  '--block-signal[=SIG], to setup signal handling before executing a program.
  env now supports '--list-signal-handling' to indicate non-default
  signal handling before executing a program.
  * * New commands
  basenc is added to complement existing base64,base32 commands,
  and encodes and decodes printable text using various common encodings:
  * * Improvements
  ls -l now better aligns abbreviated months containing digits,
  which is common in Asian locales.
  stat and tail now know about the "/sdcardfs"/ file system on Android.
  stat -f -c%T now reports the file system type, and tail -f uses inotify.
  stat now prints file creation time when supported by the file system,
  on GNU Linux systems with glibc >= 2.28 and kernel >= 4.11.
- Refresh patches (line number changes only):
  * coreutils-disable_tests.patch
  * coreutils-i18n.patch
  * coreutils-misc.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
  * Version: bump version.
  * URL: Use https scheme.
  * %description: Add 'basenc' tool.
  * Change gitweb to cgit URL with https in a comment.
- coreutils.keyring:
  * Update for added section headers ('GPG keys of <MAINTAINER>').
- Update to 8.30:
  * Noteworthy changes in release 8.30 (2018-07-01) [stable]
  * * Bug fixes
  'cp --symlink SRC DST' will again correctly validate DST.
  If DST is a regular file and SRC is a symlink to DST,
  then cp will no longer allow that operation to clobber DST.
  Also with -d, if DST is a symlink, then it can always be replaced,
  even if it points to SRC on a separate device.
  [bugs introduced with coreutils-8.27]
  'cp -n -u' and 'mv -n -u' now consistently ignore the -u option.
  Previously, this option combination suffered from race conditions
  that caused -u to sometimes override -n.
  [bug introduced with coreutils-7.1]
  'cp -a --no-preserve=mode' now sets appropriate default permissions
  for non regular files like fifos and character device nodes etc.,
  and leaves mode bits of existing files unchanged.
  Previously it would have set executable bits on created special files,
  and set mode bits for existing files as if they had been created.
  [bug introduced with coreutils-8.20]
  'cp --remove-destination file symlink' now removes the symlink
  even if it can't be traversed.
  [bug introduced with --remove-destination in fileutils-4.1.1]
  ls no longer truncates the abbreviated month names that have a
  display width between 6 and 12 inclusive.  Previously this would have
  output ambiguous months for Arabic or Catalan locales.
  'ls -aA' is now equivalent to 'ls -A', since -A now overrides -a.
  [bug introduced in coreutils-5.3.0]
  'mv -n A B' no longer suffers from a race condition that can
  overwrite a simultaneously-created B.  This bug fix requires
  platform support for the renameat2 or renameatx_np syscalls, found
  in recent Linux and macOS kernels.  As a side effect, ‘mv -n A A’
  now silently does nothing if A exists.
  [bug introduced with coreutils-7.1]
  * * Changes in behavior
  'cp --force file symlink' now removes the symlink even if
  it is self referential.
  ls --color now matches file extensions case insensitively.
  * * New features
  cp --reflink now supports --reflink=never to enforce a standard copy.
  env supports a new -v/--debug option to show verbose information about
  each processing step.
  env supports a new -S/--split-string=S option to split a single argument
  string into multiple arguments. Used to pass multiple arguments in scripts
  (shebang lines).
  md5sum accepts a new option: --zero (-z) to delimit the output lines with a
  NUL instead of a newline character.  This also disables file name escaping.
  This also applies to sha*sum and b2sum.
  rm --preserve-root now supports the --preserve-root=all option to
  reject any command line argument that is mounted to a separate file system.
  * * Improvements
  cut supports line lengths up to the max file size on 32 bit systems.
  Previously only offsets up to SIZE_MAX-1 were supported.
  stat and tail now know about the "/exfs"/ file system, which is a
  version of XFS.  stat -f --format=%T now reports the file system type,
  and tail -f uses inotify.
  wc avoids redundant processing of ASCII text in multibyte locales,
  which is especially significant on macOS.
  * * Build-related
  Adjust to glibc >= 2.28  (bsc#1182550, jsc#SLE-13520, jsc#SLE-13756)
- Refresh patches (line number changes only):
  * coreutils-build-timeout-as-pie.patch
  * coreutils-disable_tests.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
  * (License): osc changed the value from "/GPL-3.0+"/ to "/GPL-3.0-or-later"/.
  * (build): Make sure that parse-datetime.{c,y} ends up in debuginfo (rh#1555079).
- coreutils-i18n.patch:
  * src/exand.c,src/unexpand.c: Avoid -Wcomment warning.
  * src/cut.c (cut_characters_or_cut_bytes_no_split): Change idx from size_t
    to uintmax_t type to avoid a regression on i586, armv7l and ppc.
    Compare upstream, non-MB commit:
    (cut_fields_mb): Likewise for field_idx.
  * tests/misc/ Remove downstream tweaks as upstream MB tests are
    working since a while.
- coreutils.keyring: Update Assaf Gordon's GPG public key.
- Use %license (boo#1082318)
- Update to 8.29:
  * Noteworthy changes in release 8.29 (2017-12-27) [stable]
  * * Bug fixes
  b2sum no longer crashes when processing certain truncated check files.
  [bug introduced with b2sum coreutils-8.26]
  dd now ensures the correct cache ranges are specified for the "/nocache"/
  and "/direct"/ flags.  Previously some pages in the page cache were not
  invalidated.  [bug introduced for "/direct"/ in coreutils-7.5,
  and with the "/nocache"/ implementation in coreutils-8.11]
  df no longer hangs when given a fifo argument.
  [bug introduced in coreutils-7.3]
  ptx -S no longer infloops for a pattern which returns zero-length matches.
  [the bug dates back to the initial implementation]
  shred --remove will again repeatedly rename files with shortening names
  to attempt to hide the original length of the file name.
  [bug introduced in coreutils-8.28]
  stty no longer crashes when processing settings with -F also specified.
  [bug introduced in fileutils-4.0]
  tail --bytes again supports non seekable inputs on all systems.
  On systems like android it always tried to process as seekable inputs.
  [bug introduced in coreutils-8.24]
  timeout will again notice its managed command exiting, even when
  invoked with blocked CHLD signal, or in a narrow window where
  this CHLD signal from the exiting child was missed.  In each case
  timeout would have then waited for the time limit to expire.
  [bug introduced in coreutils-8.27]
  * * New features
  timeout now supports the --verbose option to diagnose forced termination.
  * * Improvements
  dd now supports iflag=direct with arbitrary sized files on all file systems.
  tail --bytes=NUM will efficiently seek to the end of block devices,
  rather than reading from the start.
  Utilities which do not support long options (other than the default --help
  and --version), e.g. cksum and sleep, now use more consistent error diagnostic
  for unknown long options.
  * * Build-related
  Default man pages are now distributed which are used if perl is
  not available on the build system, or when cross compiling.
- Refresh patches (line number changes only):
  * coreutils-i18n.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- Update to 8.28
  (for details see included NEWS file)
- Refresh patches:
  * coreutils-disable_tests.patch
  * coreutils-i18n.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.keyring: Update from upstream (Savannah).
- Remove now-upstream patches:
  * coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch
  * coreutils-tests-port-to-timezone-2017a.patch
- coreutils.spec: Add "/BuildRequires: user(bin)"/ for the tests.
- Drop coreutils-ocfs2_reflinks.patch
  OCFS2 file system has supported file clone ioctls like btrfs,
  then, coreutils doesn't need this patch from the kernel v4.10-rc1
- coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch:
  Add upstream patch to fix an heap overflow security issue
  in date(1) and touch(1) with a large TZ variable
  (CVE-2017-7476, rh#1444774, boo#1037124).
- Update to 8.27
  (for details see included NEWS file)
- Refresh patches:
  * coreutils-build-timeout-as-pie.patch
  * coreutils-disable_tests.patch
  * coreutils-getaddrinfo.patch
  * coreutils-i18n.patch
  * coreutils-ocfs2_reflinks.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
  * coreutils-testsuite.spec
- coreutils.keyring: Update (now ascii-armored) by
    'osc service localrun download_files'.
- coreutils-tests-port-to-timezone-2017a.patch: Add patch to
  workaround a FP test failure with newer timezone-2017a.
- Update to 8.26
  (for details see included NEWS file)
- coreutils.spec (%description): Add b2sum, a new utility.
  (BuildRequires): Add timezone to enable new '' test.
- coreutils-i18n.patch: Sync I18N patch from Fedora, as the diff
  for the old i18n implementation of expand/unexpand has become
- Remove now-upstream patches:
  * coreutils-df-hash-in-filter.patch
  * coreutils-diagnose-fts-readdir-failure.patch
  * coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch
  * coreutils-maint-fix-dependency-of-man-arch.1.patch
- Refresh/merge all other patches:
  * coreutils-invalid-ids.patch
  * coreutils-ocfs2_reflinks.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-sysinfo.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch:
  Add upstream patch to fix "/md5sum --check --ignore-missing"/ which
  treated files with checksums starting with "/00"/ as missing.
- coreutils-maint-fix-dependency-of-man-arch.1.patch: Add Upstream
  patch to fix the build dependency between src/arch -> man/arch.1
  which lead to spurious build failures.
- coreutils-df-hash-in-filter.patch: Refresh with -p0.
- Add coreutils-df-hash-in-filter.patch that speeds up df.
- coreutils-diagnose-fts-readdir-failure.patch: Add upstream patch
  to diagnose readdir() failures in fts-based utilities: rm, chmod,
  du, etc. (boo#984910)
- Update to 8.25
  (for details see included NEWS file)
- coreutils.spec (%description): Add base32, a new utility.
- Remove now-upstream patch:
  * coreutils-tests-avoid-FP-of-ls-stat-free-color.patch
- Refresh/merge all other patches:
  * coreutils-build-timeout-as-pie.patch
  * coreutils-disable_tests.patch
  * coreutils-i18n.patch
  * coreutils-invalid-ids.patch
  * coreutils-misc.patch
  * coreutils-ocfs2_reflinks.patch
  * coreutils-remove_hostname_documentation.patch
  * coreutils-remove_kill_documentation.patch
  * coreutils-skip-gnulib-test-tls.patch
  * coreutils-test_without_valgrind.patch
  * coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch: Sync I18N patch from semi-official repository
  (shared among distributions, maintained by Padraig Brady):
  This fixes the following issues in multi-byte locales:
  * sort: fix large mem leak with --month-sort (boo#945361, rh#1259942):
  * sort: fix assertion with some inputs to --month-sort
- coreutils-tests-avoid-FP-of-ls-stat-free-color.patch: Add upstream
  patch on top of v8.24 to avoid a FP test failure with glibc>=2.22.
- Sync I18N patch from semi-official repository (shared among
  distributions, maintained by Padraig Brady):
  * coreutils-i18n.patch: Improve cut(1) performance in field-mode
    in UTF8 locales.  Squash in sort-keycompare-mb.patch.
  * sort-keycompare-mb.patch: Remove.
- coreutils-build-timeout-as-pie.patch: Refresh.
- Update to 8.24:
  * * Bug fixes
  * dd supports more robust SIGINFO/SIGUSR1 handling for outputting statistics.
    Previously those signals may have inadvertently terminated the process.
  * df --local no longer hangs with inaccessible remote mounts.
    [bug introduced in coreutils-8.21]
  * du now silently ignores all directory cycles due to bind mounts.
    Previously it would issue a warning and exit with a failure status.
    [bug introduced in coreutils-8.1 and partially fixed in coreutils-8.23]
  * chroot again calls chroot(DIR) and chdir("//"/), even if DIR is "//"/.
    This handles separate bind mounted "//"/ trees, and environments
    depending on the implicit chdir("//"/).
    [bugs introduced in coreutils-8.23]
  * cp no longer issues an incorrect warning about directory hardlinks when a
    source directory is specified multiple times.  Now, consistent with other
    file types, a warning is issued for source directories with duplicate names,
    or with -H the directory is copied again using the symlink name.
  * factor avoids writing partial lines, thus supporting parallel operation.
    [the bug dates back to the initial implementation]
  * head, od, split, tac, tail, and wc no longer mishandle input from files in
    /proc and /sys file systems that report somewhat-incorrect file sizes.
  * mkdir --parents -Z now correctly sets the context for the last component,
    even if the parent directory exists and has a different default context.
    [bug introduced with the -Z restorecon functionality in coreutils-8.22]
  * numfmt no longer outputs incorrect overflowed values seen with certain
    large numbers, or with numbers with increased precision.
    [bug introduced when numfmt was added in coreutils-8.21]
  * numfmt now handles leading zeros correctly, not counting them when
    settings processing limits, and making them optional with floating point.
    [bug introduced when numfmt was added in coreutils-8.21]
  * paste no longer truncates output for large input files.  This would happen
    for example with files larger than 4GiB on 32 bit systems with a 'n'
    character at the 4GiB position.
    [the bug dates back to the initial implementation]
  * rm indicates the correct number of arguments in its confirmation prompt,
    on all platforms.  [bug introduced in coreutils-8.22]
  * shuf -i with a single redundant operand, would crash instead of issuing
    a diagnostic.  [bug introduced in coreutils-8.22]
  * tail releases inotify resources when unused.  Previously it could exhaust
    resources with many files, or with -F if files were replaced many times.
    [bug introduced in coreutils-7.5]
  * tail -f again follows changes to a file after it's renamed.
    [bug introduced in coreutils-7.5]
  * tail --follow no longer misses changes to files if those files were
    replaced before inotify watches were created.
    [bug introduced in coreutils-7.5]
  * tail --follow consistently outputs all data for a truncated file.
    [bug introduced in the beginning]
  * tail --follow=name correctly outputs headers for multiple files
    when those files are being created or renamed.
    [bug introduced in coreutils-7.5]
  * * New features
  * chroot accepts the new --skip-chdir option to not change the working directory
    to "//"/ after changing into the chroot(2) jail, thus retaining the current wor-
    king directory.  The new option is only permitted if the new root directory is
    the old "//"/, and therefore is useful with the --group and --userspec options.
  * dd accepts a new status=progress level to print data transfer statistics
    on stderr approximately every second.
  * numfmt can now process multiple fields with field range specifications similar
    to cut, and supports setting the output precision with the --format option.
  * split accepts a new --separator option to select a record separator character
    other than the default newline character.
  * stty allows setting the "/extproc"/ option where supported, which is
    a useful setting with high latency links.
  * sync no longer ignores arguments, and syncs each specified file, or with the
  - -file-system option, the file systems associated with each specified file.
  * tee accepts a new --output-error option to control operation with pipes
    and output errors in general.
  * * Changes in behavior
  * df no longer suppresses separate exports of the same remote device, as
    these are generally explicitly mounted.  The --total option does still
    suppress duplicate remote file systems.
    [suppression was introduced in coreutils-8.21]
  * mv no longer supports moving a file to a hardlink, instead issuing an error.
    The implementation was susceptible to races in the presence of multiple mv
    instances, which could result in both hardlinks being deleted.  Also on case
    insensitive file systems like HFS, mv would just remove a hardlinked 'file'
    if called like `mv file File`.  The feature was added in coreutils-5.0.1.
  * numfmt --from-unit and --to-unit options now interpret suffixes as SI units,
    and IEC (power of 2) units are now specified by appending 'i'.
  * tee will exit early if there are no more writable outputs.
  * tee does not treat the file operand '-' as meaning standard output any longer,
    for better conformance to POSIX.  This feature was added in coreutils-5.3.0.
  * timeout --foreground no longer sends SIGCONT to the monitored process,
    which was seen to cause intermittent issues with GDB for example.
  * * Improvements
  * cp,install,mv will convert smaller runs of NULs in the input to holes,
    and cp --sparse=always avoids speculative preallocation on XFS for example.
  * cp will read sparse files more efficiently when the destination is a
    non regular file.  For example when copying a disk image to a device node.
  * mv will try a reflink before falling back to a standard copy, which is
    more efficient when moving files across BTRFS subvolume boundaries.
  * stat and tail now know about IBRIX.  stat -f --format=%T now reports the file
    system type, and tail -f uses polling for files on IBRIX file systems.
  * wc -l processes short lines much more efficiently.
  * References from --help and the man pages of utilities have been corrected
    in various cases, and more direct links to the corresponding online
    documentation are provided.
- Patches adapted because of changed sources:
- Patches removed because they're included in 8.24:
- coreutils-doc-adjust-reference-to-info-nodes-in-man-pages.patch:
  add upstream patch:
  doc: adjust reference to info nodes in man pages (boo#933396)
- coreutils-i18n.patch: Use a later version of the previous patch
  to fix the sort I18N issue (boo#928749, CVE-2015-4041) to also
  avoid CVE-2015-4042.
- Download keyring file from Savannah; prefer HTTPS over FTP
  for remote sources.
- Fix memory handling error with case insensitive sort using UTF-8
  (boo#928749): coreutils-i18n.patch
  src/sort.c (keycompare_mb): Ensure the buffer is big enough
  to handle anything output from wctomb().  Theoretically any
  input char could be converted to multiple output chars,
  and so we need to multiply the storage by MB_CUR_MAX.
- If coreutils changes, for consistency, we must regenerate
  the initrd.
- Add gpg signature
- For openSUSE > 13.2 drop coreutils-build-timeout-as-pie.patch and
  instead add a BuildRequire for gcc-PIE.
- coreutils-tests-aarch64-env.patch: Add patch to avoid false
  positive failures of the coreutils-testsuite on OBS/aarch64:
  work around execve() reversing the order of "/env"/ output.
- Add upstream patches for df(1) from upstream, thus aligning with SLES12:
  * df: improve mount point selection with inaccurate mount list:
  - coreutils-df-improve-mount-point-selection.patch
  * doc: mention that df -a includes duplicate file systems (deb#737399)
  - coreutils-df-doc-df-a-includes-duplicate-file-systems.patch
  * df: ensure -a shows all remote file system entries (deb#737399)
  - coreutils-df-show-all-remote-file-systems.patch
  * df: only suppress remote mounts of separate exports with --total
    (deb#737399, rh#920806, boo#866010, boo#901905)
  - coreutils-df-total-suppress-separate-remotes.patch
- Refresh patches:
  * coreutils-chroot-perform-chdir-unless-skip-chdir.patch
  * coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch
Avoid spurious false positive failures of the testsuite on OBS due
  to high load.
- coreutils-tests-rm-ext3-perf-increase-timeout.patch:
  Add patch to increase timeout.
- coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch:
  Add upstream patch.
- add cpio-2.12-CVE-2019-14866.patch to fix a security issue where
  cpio does not properly validate the values written in the header
  of a TAR file through the to_oct() function [bsc#1155199]
- modify cpio-2.12-out_of_bounds_write.patch to fix a regression
  causing cpio to crash for tar and ustar archive types
- Use macro for configure and make install
- Use update-alternatives according to current documentation
- Enable testsuite
- Enable mt building
- Separated cpio-mt subpackge
- Change recommend to own mt subpackge
- Remove cpio-mt.patch - those features available in original mt-st package
- Switch to use alternatives system for mt
- Disable rmt building: this binary fully identical to rmt from tar
- Change default rmt dir to /usr/bin
- cleanup with spec-cleaner
- Recommend mt_st as it is not hard dependency
- fix typos in the description
- add 'Require: mt_st' in order not to surprise users by the missing
  'mt' binary
- Disable mt building: this binary from mt_st package offers
  advanced capabilities with the same functionality.
- Enable rmt building: 'dump' package no longer include it, besides
  cpio code base for rmt is more fresh.
- Reflect those changes in the package description.
- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds
  write in a way cpio parses certain cpio files [bsc#963448],
- update to 2.12
  * Improved documentation
  * Manpages are installed by make install
  * New options for copy-out mode: --ignore-devno,
  - -renumber-inodes, --device-independent, --reproducible
  * update
  * cpio-use_new_ascii_format.patch
  * cpio-mt.patch
  * cpio-eof_tape_handling.patch
  * cpio-pattern-file-sigsegv.patch
  * cpio-check_for_symlinks.patch
  * remove (no longer needed)
  * 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
  * add
  * cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch to add missing
    return to the nonvoid get_inode_and_dev() function
- use spec-cleaner
- Add gpg signature
- Correct info scriplet dependencies
- Cleanup spec file with spec-cleaner
- build with PIE
- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)
  * added 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
- Update to version 0.3:
  - Handle unsupported target systems gracefully (bsc#1179273)
- Update to 0.2:
  - add mitigations for Xen hypervisor
- Fix grub entry changed for sle12* so it matches sle15* (bsc#1145873)
- Initial commit of cpu-mitigations-formula (bsc#1143946)
- Update to version 2.9.7:
  + fix a buffer overflow processing long words.
- Drop 0003-overflow-processing-gecos.patch and
  0004-overflow-processing-long-words.patch: fixed upstream.
- Update source URI.
- Remove use of translation-update-upstream. It cannot be added to
  ring 0 on leap, and 2.9.7 has some translation fixes
- Enable translation-update-upstream on leap, to remove the use of
  is_opensuse (jsc#SLE-12096).
- use /usr/lib instead of %{_libexecdir}, %{_libexecdir} should
  contain internal binaries, not data
- Use %license (boo#1082318)
- Update to 2.9.6
  * fix issue with sort and locale
  * some particularly bad cases to the cracklib small dictionary
  * updates to cracklib-words (adds a bunch of other dictionary lists)
  * migration to github
- run spec-cleaner
- Only buildrequire and call translation-update-upstream on SLE:
  the package in openSUSE is a dummy and is empty.
- Add patch 0004-overflow-processing-long-words.patch
  to fix a new buffer overflow identified together with bsc#992966.
- Relabel patches:
  cracklib-magic.diff -> 0001-cracklib-magic.diff
  cracklib-2.9.2-visibility.patch -> 0002-cracklib-2.9.2-visibility.patch
- Add patch 0003-overflow-processing-gecos.patch
  to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)
- Update to 2.9.5
  * fix matching against first password in dictionary (Anton Dobkin)
- Changes for 2.9.4
  * remove doubled prototype
- Changes for 2.9.3
  * expose additional functions externally
- Cleanup spec file with spec-cleaner
- Remove old ppc provides/obsoletes
- Update to version 2.9.2
  + support build of python support outside of source tree
  + fix bug in Python string distance calculation
  + fix bug #16 / debian bug 724570 - broken optimization with packlib
- Adapt patch to upstream changes
  + cracklib-visibility.patch > cracklib-2.9.2-visibility.patch
- Kernel commit 5c83511bdb9832c86be20fb86b783356e2f58062 removed
  pv_init_ops, and commit 054ac8ad5ebe4a69e1f0e842483821ddbe560121
  removed the Xen-specific paravirt patch function. As a result,
  pvops Xen dumps are no longer recognized as Xen dumps, and
  virtual-to-physical translation fails.
  Use the value of xen_start_info to determine whether the kernel
  is running in Xen PV mode. As suggested by Juergen Gross.
  + crash-xen-pvops.patch
- Fix bt command with SEV-ES (bsc#1185209)
  + crash-x86_64-VC-exception-stack-support.patch
- Add back some more missing KMP conditionals
- Refresh crash-sles9-time.patch
  * fix warning: format '%ld' expects argument of type 'long int', but argument 3 has type 'int'
- Crash KMPs cannot be always built.
- Upgrade to version 7.2.9:
  * x86_64: Add support for new divide_error name
  * calc_kaslr_offset: 5-level paging support
  * Append time zone to output of date and time
  * s390dbf: support s390 debug feature version 3
  * x86_64: Add support for 1GB huge pages to "/vtop"/ command
  * Implement support for user-space zram reads on x86_64
  * Prepare for the introduction of ARM64 8.3 Pointer Authentication
  * New "/log -T"/ option
  * New ARM64 "/--machdep vabits_actual=<value>"/ command line option
  * Enhancement of the "/struct -r"/ option
  * Enhancement of the "/bpf -p|-P"/ options
  * New "/extend -s"/ option
- Dropped the following patches obsoleted by the version upgrade:
  * crash-Fix-for-reading-compressed-kdump-dumpfiles-from-syst.patch
  * crash-Fix-kmem-i-option-on-Linux-5.9-rc1-and-later-kernels.patch
  * crash-Fix-to-allow-the-translation-of-ARM64-FIXMAP-address.patch
  * crash-Introduce-a-new-ARM64-machdep-vabits_actual-value-co.patch
  * crash-Prepare-for-the-introduction-of-ARM64-8.3-Pointer-Au.patch
  * crash-Several-fixes-for-ARM64-kernels.patch
  * crash-arm64-Change-tcr_el1_t1sz-variable-name-to-TCR_EL1_T.patch
  * crash-fix-kmem-sS-for-caches-created-during-SLUB-bootstrap.patch
  * crash-fix-memory_driver-build-kernel-5.8.patch
  * crash-gdb-fix-aarch64.patch
  * crash-task.c-avoid-unnecessary-cpu-cycles-in-stkptr_to_tas.patch
  * crash-update-whitepaper-URL.patch
  * crash-verify-exception-frame-accessible-for-all-verify-requests.patch
  * crash-xendump-fix-failure-to-match-arm-aarch64-elf-format-.patch
- Support the lockless printk ringbuffer added into kernel-5.10 (bsc#1183965)
  * crash-printk-add-support-for-lockless-ringbuffer.patch
  * crash-printk-use-committed-finalized-state-values.patch
- Install and ship the small built-in extensions,,
  and "/"/ is particularly useful.
  Ship them in the main "/crash"/ package, as they are small.
- Added crash-xen-increase-__physical_mask_shift_xen-to-52.patch
- Update arm64 support (boo#1169099).
- Fix "/kmem -i"/ option on Linux 5.9-rc1 and later kernels (bsc#1179970 ltc#188981).
- Fix crash utility is taking forever to initialize a vmcore from large config
  system (bsc#1178827 ltc#189279).
- Corrected project URL in spec file to match the changed upstream
  location as-of May 30th 2020.
  Noted the project URL change in README.SUSE without removing the old URL
  because it represents the location the project source was obtained from.
  The next project source update is available from the new project URL. When
  the package is updated with that source all URL project references will be
  modified to only show the new URL.
  Add crash-update-whitepaper-URL.patch
  Note change of no longer valid old project whitepaper URL to current valid
  project whitepaper URL in help output. Leave the old one reported because it
  represents the location the project source was obtained from for this
  package version.
- Fix build on aarch64:
- Add crash-verify-exception-frame-accessible-for-all-verify-requests.patch
  In calls to search a stack for x86_64 exceptions a flag is used
  to request the stack be verified for room to contain saved
  registers. The verify is not performed if other flags are used
  in the same call. Fixing this exposes another bug where only a
  kernel stack is verified anyway, even if the exception is being
  searched for on a userspace stack. Patch fixes both problems.
- Add eppic-remove-duplicate-symbols.patch
  Fix eppic extension build.
- Add crash-fix-memory_driver-build-kernel-5.8.patch
  Fix memory driver build failure with kernels 5.8+.
- Always build crash KMPs.
- remove bypass lto and add -mfull-toc for ppc64le to check boo#1146646
- Add crash-Define-fallback-PN_XNUM.patch
  Add a fallback PN_XNUM definition.
- Make Factory ppc64 crash usable on both SLE 15 SP1 and releases before
  SLE15 SP1 (bsc#1148197).  This is only a workaround that requires to build
  crash for each codestream separately.
- Drop crash-s390-autodetect-kaslr.patch which has been merged in 7.2.7.
- Add crash-fix-kmem-sS-for-caches-created-during-SLUB-bootstrap.patch
  Fix "/kmem -[sS]"/ for caches created during SLUB bootstrap (bsc#1164815 ltc#182973).
- Add crash-Fix-for-reading-compressed-kdump-dumpfiles-from-syst.patch
  Fix integer overflow with large memory configuration (bsc#1168233 ltc#184660).
- Upgraded the source to version 7.2.8. The previous version was
  modified to support newer kernels used in SLE-15-SP2 but was not
  * Includes a fix for kernels that contain:
    which introduces symbol namespaces. Without the change then
    depending on architecture:
    (1) the kernel module symbol list will contain garbage
    (2) the session fails during initialization with a dump of
    the internal buffer allocation stats followed by the
    message "/crash: cannot allocate any more memory"/
    (3) the session fails during initialization with a
    segmentation violation (bsc#1162064)
  * Includes the merge of the S390x patches since crash 7.2.7
  * Source already includes XZ compressed module support, removed:
  * Refreshed patches that were no longer aligned with source:
- Upgraded the source tarball to version 7.2.7. This is required
  to support coredumps from currently used kernel versions in the
  product (bsc#1159686).
- droped the patch obsoleted due to already being present in the
  new source:
  * crash-allow-kmem-section-is-early.patch
- Added commit c0371f6ee2cae31ec9f506bbd231ab8fbe334c13 - Fix to
  allow live analysis of s390x kernels that have been configured
  with CONFIG_RANDOMIZE_BASE=y (KASLR). This allows crash to load
  the coredump without the need for "/--kaslr=<offset> on the
  Implements jsc#SLE-9797
- add crash-symbols-add-support-for-XZ.patch (bnc#1155921)
- Disable LTO for PowerPC as bypass boo#1146646
- Added patch for commit 326e1b8f83a4318b09033ef754f40c785aed5e68
  in linux 5.3:
Upgraded the source tarball to version 7.2.6 to bring better
  support of version 5 kernels such as 5.3 in SLE-15-SP2
  Dropped the following patches obsoleted by the version upgrade:
  * crash-xen-invalid-pcpu-vaddr-use-hardware-domain-symbol.patch
  * crash-fix-for-4.20-without-CONFIG_RANDOMIZE_BASE.patch
  * crash-fix-for-virsh-dump-dumps-with-KASLR.patch
  * crash-fix-kmem-z-on-kernel-5.0.patch
  * crash-fix-kmem-i-on-kernel-5.0.patch
  * crash-fix-sym-for-module-symbols-on-kernel-5.0.patch
  * crash-fix-dis-function-for-module-symbols-on-kernel-5.0.patch
  * crash-handle-radix_tree_root-changes-in-post-5.1-kernels.patch
  * crash-find-kernel-configuration-data-with-kernel-5.1.patch
  * crash-fix-dev-dD-on-kernel-5.1.patch
  Re-aligned the following patches with the new version source:
  Modified the following patches to integrate with version upgrade:
- Upgrade the source tarball to version 7.2.5
- drop patches obsoleted by version upgrade:
  * crash-fix-snprintf-overflow.patch
  * crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
- post-7.2.5 upstream patches for kernel 5.0/5.1 compatibility:
  * crash-fix-for-4.20-without-CONFIG_RANDOMIZE_BASE.patch
  * crash-fix-for-virsh-dump-dumps-with-KASLR.patch
  * crash-fix-kmem-z-on-kernel-5.0.patch
  * crash-fix-kmem-i-on-kernel-5.0.patch
  * crash-fix-sym-for-module-symbols-on-kernel-5.0.patch
  * crash-fix-dis-function-for-module-symbols-on-kernel-5.0.patch
  * crash-handle-radix_tree_root-changes-in-post-5.1-kernels.patch
  * crash-find-kernel-configuration-data-with-kernel-5.1.patch
  * crash-fix-dev-dD-on-kernel-5.1.patch
- Update for XEN dom0 changes in v4.11 that cause coredumps made
  of a domU using virch on the dom0 to fail to load in the dom0
  version of crash reporting "/crash: invalid kernel virtual address:
  <address> type:fill_pcpu_struct"/, followed by "/WARNING: cannot
  fill pcpu_struct"/ and "/crash: cannot read cpu_info"/
  (bsc#1124690 and bsc#1122594)
- Update the recognition of x86_64 CPU_ENTRY_AREA (bsc#1104743, bsc#1090127)
- Fix SLE15 SP1 Incorrect vmcore generated (bsc#1119791).
  This is not compatible with SLE15 and SLE12 SP4.
- Sync with SLE15 SP1 (SR#173916) to enable the kmp-rt for SLERT15 SP1 only
  set %if 0%{?sle_version} >= 150100
- Added:
  The update is required for Linux 4.11 and greater kernels, which
  reimplemented the IDR facility to use radix trees in kernel commit
  0a835c4f090af2c76fc2932c539c3b32fd21fbbb, titled "/Reimplement IDR and IDA
  using the radix tree"/.  Without the patch, if any IPCS entry exists, the
  command would fail with the message "/ipcs: invalid structure member offset:
  idr_top"/ (bsc#1092101)
- Added crash-fix-snprintf-overflow.patch
  Fix to address a "/__builtin___snprintf_chk"/ compiler warning.
- Added crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
  Update the recognition of x86_64 CPU_ENTRY_AREA.
- Upgrade the source tarball to version to 7.2.3
  A complete changelog is available via the crash source page at:
- Refreshed:
- Upgraded to 7.2.1 because it includes the fixes to support
  several core cases that recently were caused tofail to open.
  As a result, removed patches that were already superceded by
  7.2.1 source (bsc#1103371).
- Added:
  Fixes Xen dump files that cannot be opened in hypervisor mode.
- Added crash-ppc64-ensure-chosen-stack-symbol-relates-to-an-actual-backtrace.patch
  With latest NMI IPI changes, crash_ipi_callback is found multiple
  times on the stack. Ensure the chosen symbol relates to an actual
  backtrace. bsc#1072718
- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
- Added crash-x86_64_kvtop-usable-symtab_init.patch to change
  x86_64_kvtop() so that it can be called during symtab_init()
  Added crash-allow-use-of-sadump-captured-KASLR-kernel.patch to
  allow use of dumps of KASLR enabled kernels that were captured
  by sadump.
  Both are bsc#1070278/FATE#323473
- Upgrade the source tarball to version to 7.2.0 which requires the
  removal of patches that are then already applied:
  A complete changelog is available via the crash source page at:
  Added crash-ppc64-book3s-update-hash-page-table-geometry.patch
  from via bsc#1067702 to correct
  errors with virtual-to-physical address translation in the larger
  virtual address range of newer kernels.
  Added a BuildRequires of libelf that will populate the build
  workspace with libelf (from elfutils) even though it is not
  directly required by crash but is required by gdb (which crash
  nests). It no longer got picked up automatically for build and
  gdb and kernel module features had build errors before it.
- crash-xen_add_support_for_domU_with_linux_kernel_from_3.19.patch:
  Since linux kernel 3.19 crash readmem() can't be used to read
  xen_p2m_addr associate memory directly during m2p translation.
  PV domU p2m mapping is also stored at xd->xfd + xch_index_offset
  and organized as struct xen_dumpcore_p2m. This patch implements
  a special reading function read_xc_p2m() to extract the mfns
  from xd->xfd + xch_index_offset and makes and crash support Xen
  PV domU dumpfiles for kernel 3.19 and later (bsc#1043501).
  - add crash-xen_add_support_for_domU_with_linux_kernel_from_3.19.patch
- Merge SLE changes into Factory (bsc#1041638)
- crash-stop_read_error_when_intent_is_retry.patch: When reading a
  memory image fails it may not be an error if it is still possible
  to switch image and retry the read. Fix the error message output
  to only occur if no retries are intended (bsc#1038839).
  - add crash-stop_read_error_when_intent_is_retry.patch
- Exclude openSUSE from RT KMP build (bsc#1013843)
- crash source nests gdb source but gdb has a new build error on
  Factory due to the bug and build environment modifications. The
  fix is upstream gdb but not upstream crash's gdb.
  Created crash patch:
  to create the gdb patch in expanded crash and added to the gdb
  Makefile patch it's application. Resolves the build error.
- Upgrade of source tarball to 7.1.8 from upstream and refresh of
  patches to align with the version. For a detailed changelog of
  the source tarball see:
  Adds a feature to permit the use of the command-line options
  "/--kaslr=<offset>"/ and/or "/--kaslr=auto"/ with the x86 32-bit
- refresh crash-sles9-time.patch crash-compressed-booted-kernel.patch
- drop crash-Fix-for-the-PPC64-bt-command-for-non-panicking-activ.patch
  merged upstram in 7.1.8
- Fix analyzing fadump dumps on PPC64 (bsc#1022962).
  + crash-Fix-for-the-PPC64-bt-command-for-non-panicking-activ.patch
- Upgrade of source tarball to 7.1.7 from upstream, removal of
  crash-kernel-4.7.patch (source includes it) and refresh of other
  patches to align with the version. For a detailed changelog of
  the source tarball see:
  Feature enhancements included from 7.1.6:
  - Introduction of support for "/live"/ ramdump files, such as those
    that are specified by the latest QEMU version's mem-path
    argument of a memory-backend-file  object, e.g.:
    $ qemu-kvm ...other-options... +  - object memory-backend-file,id=MEM,size=128m,mem-path=/tmp/MEM,share=on +  - numa node,memdev=MEM -m 128
    and a live session run can be run against the guest kernel like so:
    $ crash <path-to-guest-vmlinux> live:/tmp/MEM@0
  - Implemented support for the redesigned ARM64 kernel virtual
    memory layout that was introduced in Linux 4.6. Plus ARM64
    support for 4k pages with 4-level page tables and 48 VA bits.
    NB: On live systems automatic operation with Linux 4.6 ARM64
    kernels requires that CONFIG_RANDOMIZE_BASE is not configured.
    If it is configured then use with a live system requires two
  - -machdep arguments, e.g.:
  - -machdep phys_offset=<base physical address>
  - -machdep kimage_voffset=<kernel kimage_voffset value>
  - Improvement of the ARM64 bt -f display so that, for most cases,
    the stack frame delimiter will be the location of the old FP
    and LR pair.
  - New bt -v option that checks all tasks for evidence of stack
  - Incorporation of an alternative stack backtrace mathod
    accessed directly using bt -o and the default method can be
    toggled between the two using bt -O.
  - Fix for the case where the sym/dis commands fail for a symbol
    name that is composed entirely of hexadecimal characters and
    was previously interpreted as an address.
  - Determine structure member data if the member is contained in
    an anonymous structure or union (no longer necessary to use a]
    discrete gdb "/printf"/ command to find the offset of it).
  - Session initialization speed up.
  - Addition of "/list -S"/ and "/tree -S"/ options (similar to the -s
    option of each command) where member values are read from
    memory instead of being interpreting gdb output (much faster
    behavior for 1-, 2-, 4- and 8-byte members).
  - Fix to recognize x86_64 Linux 4.8-rc1 and later kernels that
    are configured with CONFIG_RANDOMIZE_MEMORY.
  - Support for PPC64 virtual address translation of radix MMU.
  - Improvement of "/dev -d"/ output to display I/O statistics for
    devices that use the blk-mq interface.
  Feature enhancements included from 7.1.7:
  - Restore x86_64 "/dis"/ command's symbol translation for call or
    jump target addresses for kernels configured with
  - Re-factor of the trace extension module to locate all of the
    ftrace buffers and extracts data from each of them rather than
    only the primary one.
  - Support for s390x CONFIG_THREAD_INFO_IN_TASK configuration so
    that "/bt"/ command no longer shows incomplete output.
  - Support for live ARM64 kernels from Linux 4.6 that have the
    kernel image loaded anywhere in physical memory.
  - Update of /dev/crash/kernel driver to v1.3 which adds support
    Linux 4.6 and later ARM64 kernels configured with
    CONFIG_HARDENED_USERCOPY and S390x kernels that use
    xlate_dev_mem_ptr() and unxlate_dev_mem_ptr() rather than
    kmap() and kunmap().
  - refresh eppic-support-arm64.patch crash-debuginfo-compressed.patch
  - drop crash-linux-4.6-printk-flags.patch merged upstream in 7.1.6
- Enabled RT KMP build (bsc#1005578)
- crash-linux-4.6-printk-flags.patch: Fix warning "/failed to read
  pageflag_names entry"/ on Linux 4.6 (bsc#978601).
- crash-kernel-4.7.patch:
  support 4.7 kernel (page._count renamed to page._refcount)
- eppic-support-arm64.patch: Support for ARM64 (FATE#320844).
- Upgrade of source tarball to 7.1.5 from upstream and fix of
  crash-sles9-time.patch for the version and refresh of other
  patches to align with the version. For a detailed changelog of
  the source tarball see:
  includes a fix for bsc#977306.
  Feature enhancements include:
  - "/whatis -r"/ and "/whatis -m"/ commands that allow search for
    data structure of a specified size and that contains a member
    of a given type respectively.
- Upgrade to 7.1.4 from upstream. For a detailed changelog see
- Disable RT KMP build (bsc#962719)
- Enable RT KMP build (bsc#948840)
- For 7.1.3 ppc64le the following patches are obsoleted by mainline
- Update to 7.1.3 (bsc#946458)
  o Introduction of "/dis -f <address>"/ which disassembles from the
    address to the end of the function
  o Introduction of "/dis -s <address>"/ which displays the filename
    and line number associated with the specified text location,
    followed by a source code listing if available.
  o Addition of a new "/--src <directory>"/ command line option for
    use by the "/dis -s"/ option if the kernel source is not located
    in the standard location.
  o Do not search for a panic task in s390x dumpfiles that are
    marked as a "/live dump"/
  o Fix unnecessary error messages when a directory is used as a
    command line argument
  o See for
    the complete changelog
- Removed these patches obsoleted by mainline:
- Refreshed patches
- crash-move-xen-dom0-handling-into-own-file.patch: Move Xen Dom0
  handling into xen_dom0.c (FATE#316467).
- crash-move-xen-p2m-map.patch: Move xen p2m map initialization to
  xen_kdump_p2m (FATE#316467).
- crash-use-xen_machine_addr-command.patch: Use XEN_MACHINE_ADDR
  command flag instead of overriding readmem (FATE#316467).
- crash-move-xen-elf-note-processing.patch: Move Xen ELF note
  processing to xen_dom0.c (FATE#316467).
- crash-add-xen-dom0-support-for-kdump.patch: Add Xen Dom0 support
  for kdump compressed files (FATE#316467).
- crash-s390x-add-vector-support.patch: SIMD support for dump
  tools (z13) (FATE#318058).
- Upgrade to 7.1.2 from upstream. For a detailed changelog see
- Refreshed patch series with some changes required to
  adjust for git host changes in eppic-switch-to-system-lib.patch
- Upgrade to 7.1.1 from upstream. At the time of writing the only
  published changelog was supplied by e-mail list and is as follows
  - Fix for two minor issues with the "/net"/ command.  Without the patch,
  the "/net -a"/ option appends its correct output with the command's
  "/Usage:"/ message; and if either the "/net -x"/ or "/net -d"/ options are
  used without also specifying "/-s"/ or "/-S"/, the error message would
  indicate "/net: illegal flag: 800000"/ or "/net: illegal flag: 1000000"/
  instead of showing the command's "/Usage:"/ message.
  - If the kernel (live or dumpfile) has the TAINT_LIVEPATCH bit set, or
  if the Red Hat "/kpatch"/ module is installed, the tag "/[LIVEPATCH]"/
  will be displayed next to the kernel name in the initial system
  banner and by the "/sys"/ command.  This new tag replaces the
  "/[KPATCH]"/ tag that was introduced in crash-7.0.7.
  - Addressed three Coverity Scan complaints in vmware_vmss.c:
    50:leaked_storage: Variable "/fp"/ going out of scope leaks the
    storage it points to.
    53:leaked_storage: Variable "/fp"/ going out of scope leaks the
    storage it points to.
    256:warning: Use of memory after it is freed
  - Remove the LKCD-only "/propeller spinner"/ seen when a dumpfile read
  requires more than 2048 page header accesses.  This was put in place
  because of the non-random-access design of LKCD dumpfiles.  Without
  the patch, the spinner display is intermingled with command output,
  which complicates the parsing of the output.
  - Fix to support the Linux version increment from 3 to 4.  Without the
  patch, both dumpfile and live sessions fail during initialization,
  issuing the message "/WARNING: kernel version inconsistency between
  vmlinux and dumpfile"/ or "/WARNING: kernel version inconsistency
  between vmlinux and live memory"/, followed by the nonsensical fatal
  error message "/crash: incompatible arguments:  vmlinux is not SMP --
  vmcore is SMP"/ or "/crash: incompatible arguments:  vmlinux is not
  SMP -- live system is SMP"/.  To prevent unexpected kernel version
  bumps in the future, support has been added for version 5.
  - Add support for more than 16TB of physical memory space in the SADUMP
  dumpfile format.  Without the patch, there is a limitation caused
  by several 32-bit members of dump_header structure, in particular
  the max_mapnr member, which overflows if the dumpfile contains more
  than 16TB of physical memory space.  The header_version member of
  the dump_header structure has been increased from 0 to 1 in this
  extended new format, and the new 64-bit members will be used.
  - Fix for command lines that are redirected to a pipe.  Without the
  patch, if an external piped-to command contains a quoted string that
  includes a "/|"/ character, the command fails with the message "/crash:
  pipe operation failed"/.
  - Fix for insecure temporary file usage in _rl_tropen() as reported by
  readline library CVE-2014-2524.
  - When the gdb-<version>.patch file has changed and a rebuild is
  done from within a previously-existing build tree, the "/patch -N"/
  option is used to ignore patches that have been previously applied;
  this patch also applies the "/patch -r-"/ option to prevent unnecessary
  .rej files from being created.
  - Fix to account for Xen hypervisor's "/domain"/ structure member name
  change from "/is_paused_by_controller"/ to "/controller_pause_count"/.
  Without the patch, in Xen 4.2.5 and later, the crash session fails
  during initialization with the error message 'crash: invalid
  structure member offset: domain_is_paused_by_controller"/.
  - During initialization, reject useless ARM64 "/(A)"/ and "/(a)"/ absolute
  symbols that are below the text region.  Without the patch, several
  recently-introduced absolute symbols have been introduced into the
  kernel, which will be displayed by "/sym -l"/ prior to the first kernel
  virtual address symbol, and will show up in command output where
  memory values are translated into kernel symbol references.
  - Fix for ARM64 kernels to account for changes in the virtual memory
  layout introduced in Linux 3.17.  The vmalloc region end address, and
  the vmemmap start and end addresses are now calculated at kernel
  build time, because they depend upon the size of a struct page.
  Accordingly, the crash utility needs to calculate those three address
  values dynamically, after the embedded gdb module has initialized.
  Without the patch, reads of page structures return invalid data due
  to incorrect virtual-to-physical translations of memory in the
  vmemmap range.  This in turn causes commands that require page
  structure contents to fail or show invalid data, such as "/kmem -p"/,
  "/kmem -[sS]"/, and the "/kmem -[fF]"/ options.
  - Fix to support ELF vmcore dumpfiles whose PT_LOAD file offset values
  of their respective memory segments are not laid out sequentially
  from low to high in the dumpfile.  This has only been seen in ELF
  dumpfiles created by VMware's "/vmss2core -M"/ facility.  Without the
  patch, the crash session may fail during initialization, either with
  the message "/cannot malloc ELF header buffer"/, or "/crash: <dumpfile>:
  not a supported file format"/.
  - Enhancement to the support of VMware .vmss suspended state dumpfiles.
  There may be holes in the memory address saved for PCI, etc.  In such
  cases, the memory dump is divided into regions.  With this patch, up
  to 3 memory regions are supported.
  - Fortified the error handling of task gathering from the pid_hash[]
  chains during session initialization.  If a chain has been corrupted,
  the patch prevents the sequence from entering an infinite loop, and
  the error messages associated with corrupt/invalid chains have been
  updated to report the pid_hash[] index number.
  - Implemented a new STRDUPBUF() utility that will duplicate an existing
  string into a buffer allocated with GETBUF().  As is the case with
  any buffer allocated with GETBUF(), it is only meant to exist during
  the life-span of the current command.  If it is not explicitly freed
  via FREEBUF(), then it will be freed automatically prior to the next
  - Implemented a new fill_struct_member_data() function that gathers
  a bundle of data that describes a structure member.  The function
  receives a pointer to a struct_member_data structure, in which the
  caller has initialized the "/structure"/ and "/member"/ name pointers:
    struct struct_member_data {
    char *structure;
    char *member;
    long type;
    long unsigned_type;
    long length;
    long offset;
    long bitpos;
    long bitsize;
  A gdb "/printm"/ command is crafted using those two fields, and the
  output of the command is used to initialize the remaining six fields.
  Adapted from Qiao Nuohan's "/pstruct"/ extension module.
  - Implemented a new "/runq -c cpu(s)"/ option to display the run queue
  data of specified cpus.  It can be used in conjunction with all runq
  command options.  The cpus must be specified in a comma- and/or
  dash-separated list; for examples, "/3"/, "/1,8,9"/, "/1-23"/, or "/1,8-15"/.
  - Build extension modules that utilize the generic extensions/Makefile
  with -g.  In addition, build the snap.c extension module with -g.
  - Several fixes, updates, and enhancements for 32-bit MIPS support:
    (1) The MIPS general purpose registers in the elf_gregset_t
    don't start at index 0 but at index 6.
    (2) Adjust for the kernel's pt_regs structure changes between
    kernel versions.  For example, fields are inserted into the
    middle based on build time options, and the amount of padding
    at the head of the structure was changed relatively recently.
    To handle this, split the structure definition into two parts
    and get the offsets of these two parts dynamically.
    (3) Do not display each parsed kernel symbol during initialization
    when invoked with "/crash -d8"/.
    (4) Add support for loading raw MIPS ramdump dumpfiles.
    (5) Add support for compressed kdump dumpfiles.
  - Fix for a typo in "/help foreach"/, and a fix for a spelling error in
  "/help input"/.
  - Fix for "/and and"/ and "/the the"/ typos in the README file.
  - Fix to address the Xen 4.5.0 hypervisor symbol name change from
  "/dom0"/ to "/hardware_domain"/.  Without the patch, the crash session
  fails with the error message "/crash: cannot resolve: dom0"/.
  - Fix for a regression in crash-7.1.0 that causes failures when the
  "/crash -t"/ option is run on a live system, and when analyzing remote
  Linux kernels.  Without the patch, "/crash -t"/ on a live system fails
  with the message "/crash: cannot open remote memory source: /dev/mem"/,
  and attempts to analyze a Linux kernel remotely just shows the kernel
  timestamp and exits immediately.
  - Speed up the session invocation time of "/flattened"/ format dumpfiles
  created by the makedumpfile(8) facility.  When sorting the blocks of
  memory by their intended ELF or compressed kdump file offsets, the
  patch replaces the bubble-sort method that is currently used with an
  insertion sort method.
  - Remove the non-existent "/-L"/ option from the "/ps"/ command's mutually-
  exclusive options error message.
  - Fix for the "/irq"/, "/mount"/, "/kmem -p"/ and "/kmem -v"/ commands when
  they are used in an input file.  If more than one of any of those
  four commands are used in an input file, the output of the second
  and subsequent command instances will not display their respective
  command headers.
  - Implemented a new "/kmem -m"/ option that is similar to "/kmem -p"/,
  but it allows the user to specify the page struct members to be
  displayed.  The option takes a comma-separated list of one or
  more page struct members, which will be displayed following the
  page structure address.  The "/flags"/ member will always be expressed
  in hexadecimal format, and the "/_count"/ and "/_mapcount"/ members will
  always be expressed in decimal format.  Otherwise, all other members
  will be displayed in hexadecimal format unless the current output
  radix is 10 and the member is a signed/unsigned integer.  Members
  that are data structures may be specified by the data structure's
  member name, or expanded to specify a member of that data structure.
  For example, "/-m lru"/ refers to a list_head data structure, in which
  case both the and list_head.prev pointer values will
  be displayed; if "/-m"/ is specified, just the
  value will be displayed.
  - Support enhancement for the 32-bit MIPS architecture that retrieves
  the per-cpu registers from the NT_PRSTATUS notes stored in the header
  of compressed kdump dumpfiles.
  - Fix to remove an invalid warning message on ARM64 if a crash session
  is invoked with the "/-d<number>"/ debug flag.  Without the patch,
  the invalid message is "/WARNING: SPARSEMEM_EX: questionable section
  - Remove the leftover "/.constructor"/ build file in the extensions
  subdirectory when "/make extensions"/ is complete, and update the
  top-level .gitignore file to ignore post-build extensions
  subdirectory files.
  - Fix for a segmentation violation generated by the "/help -[n|D]"/
  options on ARM64 compressed kdumps.
  - Additional output for the "/help [-D|-n]"/ options on ARM64.  For ELF
  kdump vmcores and compressed kdumps, the elf_prstatus structure in
  each NT_PRSTATUS note will be translated.
  - The "/help -r"/ option has been extended to dump the ARM64 registers
  stored in each per-cpu NT_PRSTATUS note in compressed kdump and
  ELF kdump dumpfiles.
  - Fix for the ARM64 page size determination on Linux 4.1 and later
  kernels.  Without the patch, the crash session fails during
  initialization with the message "/crash: invalid/unsupported page
  size: 98304"/ on kernels with 64K pages.  On kernels with 4K pages,
  the message is "/crash: invalid/unsupported page size: 6144"/.  In
  addition, the "/-p <page-size>"/ command line override option
  had no effect on ARM64; that has been fixed as well.
  - Fix for the DATE display in the initial system banner and by the
  "/sys"/ command to account for the Linux 3.17 change that moved
  the "/timekeeper"/ symbol and structure into a containing tk_core
  structure; the "/shadow_timekeeper"/ timekeeper will be used as an
  alternative.  Without the patch, the DATE shows something within
  a few hours of the Linux epoch, such as "/Wed Dec 31 18:00:00 1969"/.
  - Fixes for the translation of ARM64 PTEs, as displayed by the "/vm -p"/
  and "/vtop"/ commands.  Without the patch, if "/vm -p"/ references a
  swapped-out page on Linux 4.0 and later kernels, the SWAP location
  may indicate "/(unknown swap location)"/, and will show an invalid
  OFFSET value; on Linux 3.13 and later kernels, running "/vtop"/ on a
  user virtual address incorrectly translates the PTE contents of
  swapped out pages by showing a PHYSICAL address and FLAGS translation
  instead of the SWAP device and OFFSET.  It is possible that there may
  be PTE bit translation errors on other kernel versions; the patch
  addresses the changes in ARM64 PTE bit definitions made in Linux
  3.11, 3.13, and 4.0 kernels.
  - Enhanced the "/struct.member"/ display capability of the "/struct"/,
  "/union"/, "/task"/, "/list"/ and "/tree"/ commands.  If a specified
  structure member contains an embedded structure, the output may
  be restricted to just the embedded structure by expressing the
  .member argument as "/member.member"/.  If a specified structure
  member is an array, the output may be restricted to a single array
  element by expressing the .member argument as "/member[index]"/.
  Furthermore, these embedded member specifications may extend beyond
  one level deep, for example, by expressing the member argument as
  "/member.member.member"/, or "/member[index].member"/.
  - Fix for any command that passes strings to gdb for evaluation,
  where the string contains a parentheses-within-parentheses
  expression along with a "/>"/ or "/>>"/ operator inside the outermost
  set of parentheses.  Without the patch, a command such as the
  following fails like so:
    crash> p ((1+1) >> 1)
    p: gdb request failed: p ((1+1)
  - Fix for the handling of ARM64 kernel module per-cpu symbols.  Without
  the patch, if the debuginfo data of an ARM64 kernel module that
  contains a per-cpu section is loaded by "/mod -s <module>"/ or
  "/mod -S"/, commands such as "/bt"/ or "/sym"/ may incorrectly translate
  the module's virtual addresses to symbol names.
- 0001-Prepare-for-the-future-increment-of-Linux-3.x-to-4.x.patch:
  Dropped. Handling kernel 4.0 is now part of the upstream source.
- add patch from upstream to handle kernel 4.0
- Upgrade to 7.1.0 from upstream. For a detailed changelog see
- Refreshed patch series with only re-alignment required.
- Upgrade to 7.0.9 from upstream, For a detailed changelog see
- Refreshed patch series but no modifications required.
- Update to 0.15.4
  + Add reboot_suggested field to UpdateRecord (rh#1772466)
  + Skip directory matching --exclude right away
  + Add restart_suggested to updatecollectionpackage
- Update to 0.15.3
  + Export all changelog entries in compatibility mode
  + Libmagic to follow symlinks (rh#1776399)
  + Add shortcut to detect *.yaml files as not compressed
- Ensure createrepo_c fully replaces createrepo on Tumbleweed
- Remove old and now unused dependency on deltarpm as drpm is used now
- Update to 0.15.2
  + Fix file mode for cache (rh#1686812)
  + Honor umask on cache files (rh#1686812)
- Enable DeltaRPM support for openSUSE targets on Leap 15.2+ and TW
- Add BuildRequires on python3, it won't be pulled in side effect of
  requiring python3-nose
- fix build by adding missing tarball and updating filelist
- Update to version 0.15.1:
  * Release 0.15.1
  * Fix null pointer crash in cr_dumper_thread() if it fails to get checksum
  * Fix search in string with missing terminating zero (rh#1750673)
  * Depend on DRPM minimum version 0.4.0
  * Release 0.15.0
  * Revise drpm dependency check and bump the minimum version to 0.3.0
  * Release 0.14.4
  * Update documentation and regenerate man pages to sync up
  * Use drpm_make from drpm instead of deltarpm (rh#1687843)
  * Fix some DEBUG build warnings
  * Switch off html timestamps on documentation (rh#1731050)
  * Update documentation for mergerepo_c merge methods (rh#1722803)
  * Update documentation for --retain-old-md and --compatibility
  * Fix --read-pkgs-list to only list actually read packages
  * Release 0.14.3
  * Add missing python metadata to python2/3-createrepo_c (rh#1695677)
  * detect plain tar file as non compressed
- Update to 0.14.2
  + Fix issue with createrepo_c hanging at the end (rh#1714666)
  + Don't include packages with forbidden control chars in repodata (boo#1110914)
  + Correct pkg count in headers if there were invalid pkgs (rh#1596211)
  + Prevent exiting with 0 if errors occur while finalizing repodata
- Update to 0.14.0
  + Fix crash when dumping updateinfo and module is omitted (rh#1707981)
  + Add --pkgorigins mode
- Update to 0.13.1
  + Fix tests to work properly when modulemd support is not enabled
- Enable modulemd support on openSUSE Leap 15.1+ and Tumbleweed
- Update to 0.13.0
  + Add support for handling modulemd
  + Add support for Koji simple merge mode
  + Add support for zchunked modulemd
  + Fixed --keep-all-metadata to keep all additional metadata
- Disable tests if modulemd support is not enabled to prevent wrong failures
- Drop patches included in this release
  + 0001-Find-correct-nosetests-version-even-when-which-comma.patch
  + 0002-fix-linking-when-Wl-no-undefined-is-set.patch
- Use noun phrase in summary.
- Added upstream patches
  * 0001-Find-correct-nosetests-version-even-when-which-comma.patch
  * 0002-fix-linking-when-Wl-no-undefined-is-set.patch
- Drop included patches
  * 0001-zck_end_chunk-returns-number-of-bytes-written-or-1-f.patch
  * 0002-Add-missing-sentinal.patch
  * 0003-Fix-misc-test.patch
- Disable drpm support
- Update to version 0.12.1:
  * Release 0.12.1
  * For make test, xz and zchunk (not just *-devel) are required.
  * Make cmake variable PYTHON_EXECUTABLE global
  * Add zchunk support already to Fedora 29
  * [spec] Fix spec to work for epel 7
  * Add CMake support for python interpreter path
  * Add space after if statement
  * Fix misc test
  * Add missing sentinal
  * Add zchunk support to mergerepo_c for extra files
- Backport fixes from upstream
  * 0001-zck_end_chunk-returns-number-of-bytes-written-or-1-f.patch
  * 0002-Add-missing-sentinal.patch
  * 0003-Fix-misc-test.patch
- Update to 0.12.0
  + Add basic support for zchunk metadata
  + Add support for building wheels to upload to PyPI
- Drop Python 2 subpackage
- Enable drpm support
- Enable zchunk for openSUSE Leap 15.1+ and Tumbleweed
- Adjust changes entries to use full author identities
- Update to 0.11.1
  + Add support for RPMs with large files
  + Identify Requires(missingok) as Recommends correctly
  + Enable legacy tags by default
  + Fix missing packages in mergerepo_c with multiple VR of same name
  + Add mergerepo_c --repo-prefix-search and --repo-prefix-replace
  + Build against Python 3 by default for bindings
- Drop snapshot source service and snapshot tarball
- Use license macro for license file
- Drop trailing whitespace
- Fix comment about drpm support
- [boo#1125044] fix for huge rpm packages
- fix spelling of old weakdeps feature switch (bsc#1088328)
- [bnc#1075670] changed to provide createrepo as update-alternative
  because createrepo_c will replace createrepo because of switch to
- also provide createrepo-implementation
- Disable tests on SLE12 due to the python-nose requirements
- Switch to singlespec buidling of python bindings
- Make sure to use cmake macros to have it easier to gork what is
  happending by overriding %__builddir
- Sort out with spec-cleaner
- Fix embedding of date and time to documentation
- Enable Python bindings for openSUSE Leap.
- Enable Python bindings for openSUSE Tumbleweed.
- Updated upstream sources
- Removed patch 000-Ensure_that_provides-requires_versions_are_factored_into_dep_filtering.diff
  (upstream included equal patch)
- Added missing copyright statements
- Fixed license tag and other misc cleanups
- updated upstream sources
- Added patch 000-Ensure_that_provides-requires_versions_are_factored_into_dep_filtering.diff
- Run fdupes to eliminate duplicate .js files
- Disable Python 3 bindings for SLE
- Update to 0.10.0, add Python 3 bindings
- Initial package based on Mageia package
- drop 'checkproc' line from the run-crons as the usage is bogus
- update cronie-nheader_lines.diff so it doesn't print the first 3
  crontab lines (static comments) with the 'crontab -l' command
- remove cronie-nofork-nopid.patch that allowed running of multiple
  "/cron -n"/ instances at once which is an unwanted behaviour
- update cronie-1.5.1-huge_crontab_DoS.patch to fix a regression
  that caused that only the first job from a crontab was being run
- add cronie-1.5.1-huge_crontab_DoS.patch to fix two security issues
  where users can cause DoS of the crond by loading huge crontab
  files. We now allow maximum 1000 environment variables and 1000
  crontab entries. Also the comments and whitespace between the
  entries and variables are now limited to 32768 characters.
  [bnc#1128937] [CVE-2019-9704] and [bnc#1128935] [CVE-2019-9705]
- Requires mail as it's really needed by cron-crons script, not
  smtp_daemon [bsc#1070565] [bsc#1064834]
- Ensure that /etc/cron.{hourly,daily,weekly,monthly} have proper
  permissions and owner. This is racy but prevents some LPE vectors
- Requires smtp_daemon (not just Recommends) as it's needed by
  run-crons script [bsc#1064834]
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Require group trusted if we use them
- update to 1.5.1
  * crontab: Use temporary file name that is ignored by crond.
  * crond: Inherit PATH from the crond environment if -P option
    is used.
  * crond: Remove hardcoded "/system_u"/ SELinux user, use the
    SELinux user
    of the running crond.
  * anacron: Small cleanups and fixes.
  * crond: Fix longstanding race condition on repeated crontab
- refresh cronie-pam_config.diff
- get rid of %{name} macros in the patch names
- use %{ext_man} macro for anacron man pages
- was retired on March 1st, 2017
  * update Url and Source address
- cleanup with spec-cleaner
- remove the omc xml config that is useless nowdays
- Add fix for bnc#983925 to run crons even when not on AC_POWER
  * Nowdays it does not make much sense to not run crons when on
    battery and actually it can even confuse people
- cron.service: Use KillMode=process like upstream does.
- revert last change, it is a bug in sssd.service, fixed in
- add support for MAILFROM, MAIL_CONFIG and different mailer binaries
  in run-crons (bnc#812367, bnc#366762)
- Start cron after sssd.service bnc#926961
- Redo the post/pre update approach to fix migration from SLE11.
  Should fix bnc#919028
- update to 1.5.0
  * crond: Job environment variables are set also when executing
  * crond: Adding duplicate orphans on reload is now prevented.
  * crond: The regular crond shutdown is now logged.
  * crontab: PAM is not called in crontab command if the caller's
    uid is 0.
  * crond: PAM is not called from crond for system cron jobs
    (/etc/crontab, /etc/cron.d) which are run for uid 0.
  * crond: The existence of an user is checked at time when job is
    run and not when the crontab is parsed on database reload.
- use spec-cleaner
- cron.service: Start not
  after ypbind.service nscd.service
-cron.service: Crons run at wall-time, order after
- fix bashisms in pre scripts
- SLE marker: implements jsc#SLE-5911, bsc#1165580, jsc#SLE-145149
- prepare usrmerge (boo#1029961)
- Update to 2.3.4:
  * Fix a possible out-of-bounds memory write while validating LUKS2 data
    segments metadata (CVE-2020-14382, boo#1176128).
  * Ignore reported optimal IO size if not aligned to minimal page size.
  * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
  * Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
  * Support --master-key-file option for online LUKS2 reencryption
  * Always return EEXIST error code if a device already exists.
  * Fix a problem in integritysetup if a hash algorithm has dash in the name.
  * Fix crypto backend to properly handle ECB mode.
  * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
    with a larger sector.
  * LUKS2: Do not create excessively large headers.
  * Fix unspecified sector size for BitLocker compatible mode.
  * Fix reading key data size in metadata for BitLocker compatible mode.
- Update to 2.3.3:
  * Fix BitLocker compatible device access that uses native 4kB
  * Support large IV count (--iv-large-sectors) cryptsetup option
    for plain device mapping
  * Fix a memory leak in BitLocker compatible handling
  * Allow EBOIV (Initialization Vector algorithm) use
  * LUKS2: Require both keyslot cipher and key size option, do
    not fail silently
- includes changes from 2.3.2:
  * Add option to dump content of LUKS2 unbound keyslot
  * Add support for discards (TRIM) for standalone dm-integrity
    devices (Kernel 5.7) via --allow-discards, not for LUKS2
  * Fix cryptsetup-reencrypt to work on devices that do not allow
    direct-io device access.
  * Fix a crash in the BitLocker-compatible code error path
  * Fix Veracrypt compatible support for longer (>64 bytes)
- Split translations to -lang package
- New version to 2.3.1
  * Support VeraCrypt 128 bytes passwords.
    VeraCrypt now allows passwords of maximal length 128 bytes
    (compared to legacy TrueCrypt where it was limited by 64 bytes).
  * Strip extra newline from BitLocker recovery keys
    There might be a trailing newline added by the text editor when
    the recovery passphrase was passed using the --key-file option.
  * Detect separate libiconv library.
    It should fix compilation issues on distributions with iconv
    implemented in a separate library.
  * Various fixes and workarounds to build on old Linux distributions.
  * Split lines with hexadecimal digest printing for large key-sizes.
  * Do not wipe the device with no integrity profile.
    With --integrity none we performed useless full device wipe.
  * Workaround for dm-integrity kernel table bug.
    Some kernels show an invalid dm-integrity mapping table
    if superblock contains the "/recalculate"/ bit. This causes
    integritysetup to not recognize the dm-integrity device.
    Integritysetup now specifies kernel options such a way that
    even on unpatched kernels mapping table is correct.
  * Print error message if LUKS1 keyslot cannot be processed.
    If the crypto backend is missing support for hash algorithms
    used in PBKDF2, the error message was not visible.
  * Properly align LUKS2 keyslots area on conversion.
    If the LUKS1 payload offset (data offset) is not aligned
    to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
  * Validate LUKS2 earlier on conversion to not corrupt the device
    if binary keyslots areas metadata are not correct.
- Update to 2.3.0 (include release notes for 2.2.0)
  * BITLK (Windows BitLocker compatible) device access
  * Veritysetup now supports activation with additional PKCS7 signature
    of root hash through --root-hash-signature option.
  * Integritysetup now calculates hash integrity size according to algorithm
    instead of requiring an explicit tag size.
  * Integritysetup now supports fixed padding for dm-integrity devices.
  * A lot of fixes to online LUKS2 reecryption.
  * Add crypt_resume_by_volume_key() function to libcryptsetup.
    If a user has a volume key available, the LUKS device can be resumed
    directly using the provided volume key.
    No keyslot derivation is needed, only the key digest is checked.
  * Implement active device suspend info.
    Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags
    that informs the caller that device is suspended (luksSuspend).
  * Allow --test-passphrase for a detached header.
    Before this fix, we required a data device specified on the command
    line even though it was not necessary for the passphrase check.
  * Allow --key-file option in legacy offline encryption.
    The option was ignored for LUKS1 encryption initialization.
  * Export memory safe functions.
    To make developing of some extensions simpler, we now export
    functions to handle memory with proper wipe on deallocation.
  * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot.
  * Add optional global serialization lock for memory hard PBKDF.
  * Abort conversion to LUKS1 with incompatible sector size that is
    not supported in LUKS1.
  * Report error (-ENOENT) if no LUKS keyslots are available. User can now
    distinguish between a wrong passphrase and no keyslot available.
  * Fix a possible segfault in detached header handling (double free).
  * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2.
  * The libcryptsetup now keeps all file descriptors to underlying device
    open during the whole lifetime of crypt device context to avoid excessive
    scanning in udev (udev run scan on every descriptor close).
  * The luksDump command now prints more info for reencryption keyslot
    (when a device is in-reencryption).
  * New --device-size parameter is supported for LUKS2 reencryption.
  * New --resume-only parameter is supported for LUKS2 reencryption.
  * The repair command now tries LUKS2 reencryption recovery if needed.
  * If reencryption device is a file image, an interactive dialog now
    asks if reencryption should be run safely in offline mode
    (if autodetection of active devices failed).
  * Fix activation through a token where dm-crypt volume key was not
    set through keyring (but using old device-mapper table parameter mode).
  * Online reencryption can now retain all keyslots (if all passphrases
    are provided). Note that keyslot numbers will change in this case.
  * Allow volume key file to be used if no LUKS2 keyslots are present.
  * Print a warning if online reencrypt is called over LUKS1 (not supported).
  * Fix TCRYPT KDF failure in FIPS mode.
  * Remove FIPS mode restriction for crypt_volume_key_get.
  * Reduce keyslots area size in luksFormat when the header device is too small.
  * Make resize action accept --device-size parameter (supports units suffix).
- Create a weak dependency cycle between libcryptsetup and
  libcryptsetup-hmac to make sure they are installed together
- Use noun phrase in summary.
- New version 2.1.0
  * The default size of the LUKS2 header is increased to 16 MB.
    It includes metadata and the area used for binary keyslots;
    it means that LUKS header backup is now 16MB in size.
  * Cryptsetup now doubles LUKS default key size if XTS mode is used
    (XTS mode uses two internal keys). This does not apply if key size
    is explicitly specified on the command line and it does not apply
    for the plain mode.
    This fixes a confusion with AES and 256bit key in XTS mode where
    code used AES128 and not AES256 as often expected.
  * Default cryptographic backend used for LUKS header processing is now
    OpenSSL. For years, OpenSSL provided better performance for PBKDF.
  * The Python bindings are no longer supported and the code was removed
    from cryptsetup distribution. Please use the libblockdev project
    that already covers most of the libcryptsetup functionality
    including LUKS2.
  * Cryptsetup now allows using --offset option also for luksFormat.
  * Cryptsetup now supports new refresh action (that is the alias for
    "/open --refresh"/).
  * Integritysetup now supports mode with detached data device through
    new --data-device option.
- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
  someone has time to evaluate the fallout from switching to LUKS2.
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
  Changes since version 2.0.4
  * Wipe full header areas (including unused) during LUKS format.
    Since this version, the whole area up to the data offset is zeroed,
    and subsequently, all keyslots areas are wiped with random data.
    This ensures that no remaining old data remains in the LUKS header
    areas, but it could slow down format operation on some devices.
    Previously only first 4k (or 32k for LUKS2) and the used keyslot
    was overwritten in the format operation.
  * Several fixes to error messages that were unintentionally replaced
    in previous versions with a silent exit code.
    More descriptive error messages were added, including error
    messages if
  - a device is unusable (not a block device, no access, etc.),
  - a LUKS device is not detected,
  - LUKS header load code detects unsupported version,
  - a keyslot decryption fails (also happens in the cipher check),
  - converting an inactive keyslot.
  * Device activation fails if data area overlaps with LUKS header.
  * Code now uses explicit_bzero to wipe memory if available
    (instead of own implementation).
  * Additional VeraCrypt modes are now supported, including Camellia
    and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
    hash function. These were introduced in a recent VeraCrypt upstream.
    Note that Kuznyechik requires out-of-tree kernel module and
    Streebog hash function is available only with the gcrypt cryptographic
    backend for now.
  * Fixes static build for integritysetup if the pwquality library is used.
  * Allows passphrase change for unbound keyslots.
  * Fixes removed keyslot number in verbose message for luksKillSlot,
    luksRemoveKey and erase command.
  * Adds blkid scan when attempting to open a plain device and warn the user
    about existing device signatures in a ciphertext device.
  * Remove LUKS header signature if luksFormat fails to add the first keyslot.
  * Remove O_SYNC from device open and use fsync() to speed up
    wipe operation considerably.
  * Create --master-key-file in luksDump and fail if the file already exists.
  * Fixes a bug when LUKS2 authenticated encryption with a detached header
    wiped the header device instead of dm-integrity data device area (causing
    unnecessary LUKS2 header auto recovery).
- make parallell installable version for SLE12
- New version 2.0.4
  Changes since version 2.0.3
  * Use the libblkid (blockid) library to detect foreign signatures
    on a device before LUKS format and LUKS2 auto-recovery.
    This change fixes an unexpected recovery using the secondary
    LUKS2 header after a device was already overwritten with
    another format (filesystem or LVM physical volume).
    LUKS2 will not recreate a primary header if it detects a valid
    foreign signature. In this situation, a user must always
    use cryptsetup repair command for the recovery.
    Note that libcryptsetup and utilities are now linked to libblkid
    as a new dependence.
    To compile code without blockid support (strongly discouraged),
    use --disable-blkid configure switch.
  * Add prompt for format and repair actions in cryptsetup and
    integritysetup if foreign signatures are detected on the device
    through the blockid library.
    After the confirmation, all known signatures are then wiped as
    part of the format or repair procedure.
  * Print consistent verbose message about keyslot and token numbers.
    For keyslot actions: Key slot <number> unlocked/created/removed.
    For token actions: Token <number> created/removed.
  * Print error, if a non-existent token is tried to be removed.
  * Add support for LUKS2 token definition export and import.
    The token command now can export/import customized token JSON file
    directly from command line. See the man page for more details.
  * Add support for new dm-integrity superblock version 2.
  * Add an error message when nothing was read from a key file.
  * Update cryptsetup man pages, including --type option usage.
  * Add a snapshot of LUKS2 format specification to documentation
    and accordingly fix supported secondary header offsets.
  * Add bundled optimized Argon2 SSE (X86_64 platform) code.
    If the bundled Argon2 code is used and the new configure switch
  - -enable-internal-sse-argon2 option is present, and compiler flags
    support required optimization, the code will try to use optimized
    and faster variant.
    Always use the shared library (--enable-libargon2) if possible.
    This option was added because an enterprise distribution
    rejected to support the shared Argon2 library and native support
    in generic cryptographic libraries is not ready yet.
  * Fix compilation with crypto backend for LibreSSL >= 2.7.0.
    LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility
    wrapper must be commented out.
  * Fix on-disk header size calculation for LUKS2 format if a specific
    data alignment is requested. Until now, the code used default size
    that could be wrong for converted devices.
  Changes since version 2.0.2
  * Expose interface to unbound LUKS2 keyslots.
    Unbound LUKS2 keyslot allows storing a key material that is independent
    of master volume key (it is not bound to encrypted data segment).
  * New API extensions for unbound keyslots (LUKS2 only)
    crypt_keyslot_get_key_size() and crypt_volume_key_get()
    These functions allow to get key and key size for unbound keyslots.
  * New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
  * Add --unbound keyslot option to the cryptsetup luksAddKey command.
  * Add crypt_get_active_integrity_failures() call to get integrity
    failure count for dm-integrity devices.
  * Add crypt_get_pbkdf_default() function to get per-type PBKDF default
  * Add new flag to crypt_keyslot_add_by_key() to force update device
    volume key. This call is mainly intended for a wrapped key change.
  * Allow volume key store in a file with cryptsetup.
    The --dump-master-key together with --master-key-file allows cryptsetup
    to store the binary volume key to a file instead of standard output.
  * Add support detached header for cryptsetup-reencrypt command.
  * Fix VeraCrypt PIM handling - use proper iterations count formula
    for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes.
  * Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim).
  * Add --with-default-luks-format configure time option.
    (Option to override default LUKS format version.)
  * Fix LUKS version conversion for detached (and trimmed) LUKS headers.
  * Add luksConvertKey cryptsetup command that converts specific keyslot
    from one PBKDF to another.
  * Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata)
    header is detected.
  * More cleanup and hardening of LUKS2 keyslot specific validation options.
    Add more checks for cipher validity before writing metadata on-disk.
  * Do not allow LUKS1 version downconversion if the header contains tokens.
  * Add "/paes"/ family ciphers (AES wrapped key scheme for mainframes)
    to allowed ciphers.
    Specific wrapped ley configuration logic must be done by 3rd party tool,
    LUKS2 stores only keyslot material and allow activation of the device.
  * Add support for --check-at-most-once option (kernel 4.17) to veritysetup.
    This flag can be dangerous; if you can control underlying device
    (you can change its content after it was verified) it will no longer
    prevent reading tampered data and also it does not prevent silent
    data corruptions that appear after the block was once read.
  * Fix return code (EPERM instead of EINVAL) and retry count for bad
    passphrase on non-tty input.
  * Enable support for FEC decoding in veritysetup to check dm-verity devices
    with additional Reed-Solomon code in userspace (verify command).
  Changes since version 2.0.1
  * Fix a regression in early detection of inactive keyslot for luksKillSlot.
    It tried to ask for passphrase even for already erased keyslot.
  * Fix a regression in loopaesOpen processing for keyfile on standard input.
    Use of "/-"/ argument was not working properly.
  * Add LUKS2 specific options for cryptsetup-reencrypt.
    Tokens and persistent flags are now transferred during reencryption;
    change of PBKDF keyslot parameters is now supported and allows
    to set precalculated values (no benchmarks).
  * Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
    combination. Persistent flags are now stored only if the device was
    successfully activated with the specified flags.
  * Fix integritysetup format after recent Linux kernel changes that
    requires to setup key for HMAC in all cases.
    Previously integritysetup allowed HMAC with zero key that behaves
    like a plain hash.
  * Fix VeraCrypt PIM handling that modified internal iteration counts
    even for subsequent activations. The PIM count is no longer printed
    in debug log as it is sensitive information.
    Also, the code now skips legacy TrueCrypt algorithms if a PIM
    is specified (they cannot be used with PIM anyway).
  * PBKDF values cannot be set (even with force parameters) below
    hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2
    it is 4 iterations and 32 KiB of memory cost.
  * Introduce new crypt_token_is_assigned() API function for reporting
    the binding between token and keyslots.
  * Allow crypt_token_json_set() API function to create internal token types.
    Do not allow unknown fields in internal token objects.
  * Print message in cryptsetup that about was aborted if a user did not
    answer YES in a query.
- update to 2.0.1:
  * To store volume key into kernel keyring, kernel 4.15 with
    dm-crypt 1.18.1 is required
  * Increase maximum allowed PBKDF memory-cost limit to 4 GiB
  * Use /run/cryptsetup as default for cryptsetup locking dir
  * Introduce new 64-bit byte-offset *keyfile_device_offset functions.
  * New set of fucntions that allows 64-bit offsets even on 32bit systems
    are now availeble:
  - crypt_resume_by_keyfile_device_offset
  - crypt_keyslot_add_by_keyfile_device_offset
  - crypt_activate_by_keyfile_device_offset
  - crypt_keyfile_device_read
    The new functions have added the _device_ in name.
    Old functions are just internal wrappers around these.
  * Also cryptsetup --keyfile-offset and --new-keyfile-offset now
    allows 64-bit offsets as parameters.
  * Add error hint for wrongly formatted cipher strings in LUKS1 and
    properly fail in luksFormat if cipher format is missing required IV.
- Update to version 2.0.0:
  * Add support for new on-disk LUKS2 format
  * Enable to use system libargon2 instead of bundled version
  * Install tmpfiles.d configuration for LUKS2 locking directory
  * New command integritysetup: support for the new dm-integrity kernel target
  * Support for larger sector sizes for crypt devices
  * Miscellaneous fixes and improvements
- Update to version 1.7.5:
  * Fixes to luksFormat to properly support recent kernel running
    in FIPS mode (bsc#1031998).
  * Fixes accesses to unaligned hidden legacy TrueCrypt header.
  * Fixes to optional dracut ramdisk scripts for offline
    re-encryption on initial boot.
- Update to version 1.7.4:
  * Allow to specify LUKS1 hash algorithm in Python luksFormat
  * Use LUKS1 compiled-in defaults also in Python wrapper.
  * OpenSSL backend: Fix OpenSSL 1.1.0 support without backward
    compatible API.
  * OpenSSL backend: Fix LibreSSL compatibility.
  * Check for data device and hash device area overlap in
  * Fix a possible race while allocating a free loop device.
  * Fix possible file descriptor leaks if libcryptsetup is run from
    a forked process.
  * Fix missing same_cpu_crypt flag in status command.
  * Various updates to FAQ and man pages.
- Changes for version 1.7.3:
  * Fix device access to hash offsets located beyond the 2GB device
    boundary in veritysetup.
  * Set configured (compile-time) default iteration time for
    devices created directly through libcryptsetup
  * Fix PBKDF2 benchmark to not double iteration count for specific
    corner case.
  * Verify passphrase in cryptsetup-reencrypt when encrypting a new
  * OpenSSL backend: fix memory leak if hash context was repeatedly
  * OpenSSL backend: add support for OpenSSL 1.1.0.
  * Fix several minor spelling errors.
  * Properly check maximal buffer size when parsing UUID from
- Update to version 1.7.2:
  * Update LUKS documentation format.
    Clarify fixed sector size and keyslots alignment.
  * Support activation options for error handling modes in
    Linux kernel dm-verity module:
  - -ignore-corruption - dm-verity just logs detected corruption
  - -restart-on-corruption - dm-verity restarts the kernel if
    corruption is detected
    If the options above are not specified, default behavior for
    dm-verity remains. Default is that I/O operation fails with
    I/O error if corrupted block is detected.
  - -ignore-zero-blocks - Instructs dm-verity to not verify
    blocks that are expected to contain zeroes and always
    return zeroes directly instead.
    NOTE that these options could have security or functional
    impacts, do not use them without assessing the risks!
  * Fix help text for cipher benchmark specification
    (mention --cipher option).
  * Fix off-by-one error in maximum keyfile size.
    Allow keyfiles up to compiled-in default and not that value
    minus one.
  * Support resume of interrupted decryption in cryptsetup-reencrypt
    utility. To resume decryption, LUKS device UUID (--uuid option)
    option must be used.
  * Do not use direct-io for LUKS header with unaligned keyslots.
    Such headers were used only by the first cryptsetup-luks-1.0.0
    release (2005).
  * Fix device block size detection to properly work on particular
    file-based containers over underlying devices with 4k sectors.
- Update to version 1.7.1:
  * Code now uses kernel crypto API backend according to new
    changes introduced in mainline kernel
    While mainline kernel should contain backward compatible
    changes, some stable series kernels do not contain fully
    backported compatibility patches.
    Without these patches  most of cryptsetup operations
    (like unlocking device) fail.
    This change in cryptsetup ensures that all operations using
    kernel crypto API works even on these kernels.
  * The cryptsetup-reencrypt utility now properly detects removal
    of underlying link to block device and does not remove
    ongoing re-encryption log.
    This allows proper recovery (resume) of reencrypt operation later.
    NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
    this link disappears once the device metadata is temporarily
    removed from device.
  * Cryptsetup now allows special "/-"/ (standard input) keyfile handling
    even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
  * Cryptsetup now fails if there are more keyfiles specified
    for non-TCRYPT device.
  * The luksKillSlot command now does not suppress provided password
    in batch mode (if password is wrong slot is not destroyed).
    Note that not providing password in batch mode means that keyslot
    is destroyed unconditionally.
- update to 1.7.0:
  * The cryptsetup 1.7 release changes defaults for LUKS,
    there are no API changes.
  * Default hash function is now SHA256 (used in key derivation
    function and anti-forensic splitter).
  * Default iteration time for PBKDF2 is now 2 seconds.
  * Fix PBKDF2 iteration benchmark for longer key sizes.
  * Remove experimental warning for reencrypt tool.
  * Add optional libpasswdqc support for new LUKS passwords.
  * Update FAQ document.
- Fix missing dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at postun (boo#958562)
- Update to 1.6.8
  * If the null cipher (no encryption) is used, allow only empty
    password for LUKS. (Previously cryptsetup accepted any password
    in this case.)
    The null cipher can be used only for testing and it is used
    temporarily during offline encrypting not yet encrypted device
    (cryptsetup-reencrypt tool).
    Accepting only empty password prevents situation when someone
    adds another LUKS device using the same UUID (UUID of existing
    LUKS device) with faked header containing null cipher.
    This could force user to use different LUKS device (with no
    encryption) without noticing.
    (IOW it prevents situation when attacker intentionally forces
    user to boot into different system just by LUKS header
    Properly configured systems should have an additional integrity
    protection in place here (LUKS here provides only
    confidentiality) but it is better to not allow this situation
    in the first place.
    (For more info see QubesOS Security Bulletin QSB-019-2015.)
  * Properly support stdin "/-"/ handling for luksAddKey for both new
    and old keyfile parameters.
  * If encrypted device is file-backed (it uses underlying loop
    device), cryptsetup resize will try to resize underlying loop
    device as well. (It can be used to grow up file-backed device
    in one step.)
  * Cryptsetup now allows to use empty password through stdin pipe.
    (Intended only for testing in scripts.)
- Enable verbose build log.
- regenerate the initrd if cryptsetup tool changes
  (wanted by 90crypt dracut module)
- Update to 1.6.7
  * Cryptsetup TCRYPT mode now supports VeraCrypt devices
    (TrueCrypt extension)
  * Support keyfile-offset and keyfile-size options even for plain
  * Support keyfile option for luksAddKey if the master key is
  * For historic reasons, hashing in the plain mode is not used if
    keyfile is specified (with exception of --key-file=-). Print
    a warning if these parameters are ignored.
  * Support permanent device decryption for cryptsetup-reencrypt.
    To remove LUKS encryption from a device, you can now use
  - -decrypt option.
  * Allow to use --header option in all LUKS commands. The
  - -header always takes precedence over positional device argument.
  * Allow luksSuspend without need to specify a detached header.
  * Detect if O_DIRECT is usable on a device allocation. There are
    some strange storage stack configurations which wrongly allows
    to open devices with direct-io but fails on all IO operations later.
  * Add low-level performance options tuning for dmcrypt (for
    Linux 4.0 and later).
  * Get rid of libfipscheck library.
    (Note that this option was used only for Red Hat and derived
    distributions.) With recent FIPS changes we do not need to
    link to this FIPS monster anymore. Also drop some no longer
    needed FIPS mode checks.
  * Many fixes and clarifications to man pages.
  * Prevent compiler to optimize-out zeroing of buffers for on-stack
  * Fix a crash if non-GNU strerror_r is used.
- When cupsd creates directories with specific owner group
  and permissions (usually owner is 'root' and group matches
  "/configure --with-cups-group=lp"/) specify same owner group and
  permissions in the RPM spec file to ensure those directories
  are installed by RPM with the right settings because if those
  directories were installed by RPM with different settings then
  cupsd would use them as is and not adjust its specific owner
  group and permissions which could lead to privilege escalation
  from 'lp' user to 'root' via symlink attacks e.g. if owner is
  falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
- cups-2.2.7-web-ui-kerberos-authentication.patch (bsc#1175960)
  Fix web UI kerberos authentication
- cups-2.2.7-CVE-2020-10001.patch fixes CVE-2020-10001
  access to uninitialized buffer in ipp.c (bsc#1180520)
- cups-2.2.7-CVE-2019-8842.patch fixes CVE-2019-8842 (bsc#1170671)
  the ippReadIO function may under-read an extension field
- cups-2.2.7-CVE-2020-3898.patch fixes CVE-2020-3898 (bsc#1168422)
  heap-buffer-overflow in libcups ppdFindOption() function
- cups-2.2.7-CVE-2019-8675.CVE-2019-8696.patch fixes
  CVE-2019-8675 and CVE-2019-8696 (bsc#1146358 and bsc#1146359)
  and some other security/disclosure issues
  (Apple's internal issues rdar://51685251, rdar://50035411,
  rdar://51373853, rdar://51373929)
- Add issue5509-fix-utf-8-validation-issue.patch (bsc#1118118)
- cups-2.2.7-CVE-2018-4700.patch fixes CVE-2018-4700: session
  cookie is extremely predictable, effectively breaking the
  CSRF protection of the CUPS web interface (bsc#1115750)
- cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954.diff
  is 'git show 97cb566568a8c3a9c07c7ccec09f28f5c5015954' for
  (except the not needed hunk for patching which fails)
  that fixes local privilege escalation to root and sandbox
  bypasses in scheduler (Apple's internal issues rdar://37836779,
  rdar://37836995, rdar://37837252, rdar://37837581)
  in the CUPS 2.2 branch
  bsc#1096405 CVE-2018-4180:
  Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
  bsc#1096406 CVE-2018-4181:
  Limited Local File Reads as Root via cupsd.conf Include Directive
  bsc#1096407 CVE-2018-4182:
  cups-exec Sandbox Bypass Due to Insecure Error Handling
  bsc#1096408 CVE-2018-4183:
  cups-exec Sandbox Bypass Due to Profile Misconfiguration
- Version upgrade to 2.2.7:
  CUPS 2.2.7 is a general bug fix release.
  For details see
  or the file.
  Changes include:
  * Additional security fixes for:
    bsc#1061066 DBUS library aborts caller process
    in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
    bsc#1087018 CVE-2017-18248: cups: The add_job function in
    scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is
    enabled, can be crashed by remote attackers by sending print
    jobs with an invalid username, related to a D-Bus notification
    which are the CUPS upstream issues
    Remote DoS attack against cupsd via invalid username
    and malicious D-Bus library
    squash non-UTF-8 strings into ASCII on plain IPP level
    persistently substitute invalid job attributes
    with default values - not only in add_job
    see also
    bsc#1087072 dbus-1:
    Disable assertions to prevent un-expected DDoS attacks
  * NOTICE: Raw print queues are now deprecated (Issue #5269)
    so that now there is a warning message when you
    add or modify a queue to use the "/raw driver"/ but
    raw printing will continue to work through CUPS 2.3.x, cf.
  * Fixed an Avahi crash bug in the scheduler (Issue #5268)
  * Systemd did not restart cupsd when configuration changes
    were made that required a restart (Issue #5263)
  * The scheduler could crash while adding an IPP Everywhere
    printer (Issue #5258)
  * The scheduler now supports using temporary print queues
    for older IPP/1.1 print queues like those shared by CUPS 1.3
    and earlier (Issue #5241)
  * Kerberized printing to another CUPS server did not work
    correctly (Issue #5233)
  * More fixes for printing to old CUPS servers (Issue #5211)
  * The scheduler now substitutes default values for invalid
    job attributes when running in "/relaxed conformance"/
    mode (Issue #5186)
  * The cups-driverd program incorrectly stopped scanning PPDs
    as soon as a loop was seen (Issue #5170)
  * The `SSLOptions` directive now supports `MinTLS` and `MaxTLS`
    options to control the minimum and maximum TLS versions
    that will be allowed, respectively (Issue #5119)
  * The scheduler did not write out dirty configuration and
    state files if there were open client connections (Issue #5118)
  * The `lpadmin` command now provides a better error message when
    an unsupported System V interface script is used (Issue #5111)
  * No longer support backslash, question mark, or quotes
    in printer names (Issue #4966)
  * The CUPS library now supports the latest HTTP Digest
    authentication specification including support
    for SHA-256 (Issue #4862)
  * TLS connections now properly timeout (rdar://34938533)
- Make sure cups-libs-<targettype> is removed
- Version upgrade to 2.2.6:
  CUPS 2.2.6 is a general bug fix release.
  For details see
  Changes include:
  * DBUS notifications could crash the scheduler (Issue #5143)
    (see also bsc#1061066 "/DBUS library aborts caller process"/)
- Use again the baselibs.conf from Fri Oct 13 11:11:10 UTC 2017
  that got broken by the change on Wed Oct 18 06:11:10 UTC 2017.
- Version upgrade to 2.2.5:
  CUPS 2.2.5 is a general bug fix release.
  For details see
- Version upgrade to 2.2.4:
  CUPS 2.2.4 is a general bug fix release.
  For details see
- Removed
  because since CUPS 2.2.4 it is fixed in the upstream code
  via more precisely via
- Fix typo in requires
- Implement shared library packaging guideline [boo#862112]
- Update package descriptions.
- Remove redundant Requires(pre) line — the use of %post -p
  already implies it.
- Pre-require user(lp) in cups-libs
- In /usr/lib/tmpfiles.d/cups.conf use
  group 'root' for /run/cups/certs (boo#1042916).
- Major backward incompatible change since CUPS 2.2.0:
  There is no longer the directory /etc/cups/interfaces because
  since CUPS 2.2.0 so called "/System V style Interface Scripts"/
  are no longer supported for security reasons (see below the
  entry about the changes included in CUPS 2.2.0).
- Disabled cups-2.1.0-cups-systemd-socket.patch
  because it does no longer apply which needs to be examined
  and decided by someone who knows about systemd internals.
- Disabled
  because they do no longer apply which needs to be examined
  and decided by someone who knows about Avahi internals.
- Version upgrade to 2.2.3:
  CUPS 2.2.3 is a general bug fix release.
  Changes include:
  * The IPP backend could get into an infinite loop for certain
    errors, causing a hung queue (rdar://problem/28008717)
  * The scheduler could pause responding to client requests in
    order to save state changes to disk (rdar://problem/28690656)
  * Added support for PPD finishing keywords
    (Issue #4960, Issue #4961, Issue #4962)
  * The IPP backend did not send a media-col attribute for just
    the source or type (Issue #4963)
  * IPP Everywhere print queues did not always support all print
    qualities supported by the printer (Issue #4953)
  * IPP Everywhere print queues did not always support all media
    types supported by the printer (Issue #4953)
  * The IPP Everywhere PPD generator did not return useful error
    messages (Issue #4954)
  * The IPP Everywhere finishings support did not work correctly
    with common UI or command-line options (Issue #4976)
  * Fixed an error handling issue for the network backends
    (Issue #4979)
  * The "/reprint job"/ option was not available for some canceled
    jobs (Issue #4915)
  * Updated the job listing in the web interface (Issue #4978)
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.2:
  CUPS 2.2.2 is a general bug fix release.
  Changes include:
  * Fixed some issues with IPP Everywhere printer support
    (Issue #4893, Issue #4909, Issue #4916, Issue #4921,
    Issue #4923, Issue #4932, Issue #4933, Issue #4938)
  * The rastertopwg filter could crash with certain input
    (Issue #4942)
  * The scheduler did not detect when an encrypted connection
    was closed by the client on Linux (Issue #4901)
  * The cups-lpd program did not catch all legacy usage
    of ISO-8859-1 (Issue #4899)
  * The scheduler no longer creates log files on startup
  * The ippContainsString function now uses case-insensitive
    comparisons for mimeMediaType, name, and text values in
    conformance with RFC 2911.
  * The network backends now log the addresses that were found
    for a printer (<rdar://problem/29268474>)
  * Let's Encrypt certificates did not work when the hostname
    contained uppercase letters (Issue #4919)
  * Fixed reporting of printed pages in the web interface
    (Issue #4924)
  * Updated systemd config files (Issue #4935)
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.1:
  CUPS 2.2.1 is a general bug fix release.
  Changes include:
  * Added "/CreateSelfSignedCerts"/ directive for cups-files.conf
    to control whether the scheduler automatically creates
    its own self-signed X.509 certificates for TLS connections
    (Issue #4876)
  * http*Connect did not handle partial failures (Issue #4870)
  * cupsHashData did not use the correct hashing algorithm
  * Updated man pages (PR #4885)
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.0:
  CUPS 2.2.0 adds support for local IPP Everywhere print queues
  and includes several performance and security improvements.
  Changes include:
  * Normalized the TLS certificate validation code and added
    additional error messages to aid troubleshooting.
  * http*Connect did not work on Linux when cupsd was not running
    (Issue #4870)
  * The --no-remote-any option of cupsctl had no effect
    (Issue #4866)
  * http*Connect did not return early when all addresses failed
    (Issue #4870)
  * The IPP backend did not validate TLS credentials properly.
  * The printer-state-message attribute was not cleared after a
    print job with no errors (Issue #4851)
  * The CUPS-Add-Modify-Class and CUPS-Add-Modify-Printer
    operations did not always return an error for failed
    adds (Issue #4854)
  * PPD files with names longer than 127 bytes did not work
    (Issue #4860)
  * CUPS now supports Let's Encrypt certificates on Linux.
  * All CUPS commands now support POSIX options (Issue #4813)
  * The scheduler now restarts faster (Issue #4760)
  * Improved performance of web interface with large numbers
    of jobs (Issue #3819)
  * Encrypted printing can now be limited to only trusted
    printers and servers (<rdar://problem/25711658>)
  * The scheduler now advertises PWG Raster attributes for
    IPP Everywhere clients (Issue #4428)
  * The scheduler now logs informational messages for jobs
    at LogLevel "/info"/ (Issue #4815)
  * The scheduler now uses the getgrouplist function
    when available (Issue #4611)
  * The IPP backend no longer enables compression by default
    except for certain raster formats that generally benefit
    from it (<rdar://problem/25166952>)
  * The scheduler did not handle out-of-disk situations
    gracefully (Issue #4742)
  * The LPD mini-daemon now detects invalid UTF-8 sequences
    in job, document, and user names (Issue #4748)
  * The IPP backend now continues on to the next job
    when the remote server/printer puts the job on hold
  * The scheduler did not cancel multi-document jobs immediately
  * The scheduler did not return non-shared printers to local
    clients unless they connected to the domain socket
  * The scheduler now reads the spool directory if one or more
    job cache entries point to deleted jobs
  * Added support for disc media sizes (<rdar://problem/20219536>)
  * The httpAddrConnect and httpConnect* APIs now try connecting
    to multiple addresses in parallel (<rdar://problem/20643153>)
  * Interface scripts are no longer supported for security reasons
  A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.1.4:
  CUPS 2.1.4 is a general bug fix release.
  Changes include:
  * Fixed reporting of 1284 Device IDs (Issue #3835, PR #3836)
  * Fixed printing of multiple files to raw queues (Issue #4782)
  * The scheduler did not implement the Hold-New-Jobs opertion
    correctly (Issue #4767)
  * The cups-lpd mini-daemon incorrectly included the document-name
    attribute when creating a job.  It should only be included when
    sending a job (Issue #4790)
  A detailed list of changes can be found in the CHANGES.txt file.
- Replace krb5-devel BuildRequires with pkgconfig(krb5) on
  suse_version >= 1315: give OBS a better chance to break up build
- Drop cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff and add
  0002-Save-work-on-Avahi-code.patch and
  0003-Avahi-fixes-for-cupsEnumDests.patch which is what upstream
  finally commited to cups 2.2 sources in response to in order to fix cupsEnumDests
  to react to the ALL_FOR_NOW avahi event (and also include a similar
  fix for the dnssd case). Related to bsc#955432.
- Add cups-2.1.3-cupsEnumDests-react-to-all-for-now.diff .
  Avahi sends an ALL_FOR_NOW event when it finishes sending
  its cache contents. This patch makes cupsEnumDests finish
  when the signal is received so it doesn't block the caller
  doing nothing until the timeout finishes (related to bsc#955432,
  submitted upstream at
- Add /etc/cups to cups-libs package [bsc#1025689]
- Replace pkgconfig(libsystemd-daemon) BuildRequires with
  pkgconfig(libsystemd) on openSUSE 13.2 and newer: the various
  sub-libraries have been merged into libsystemd since version 209.
  openSUSE 13.1 was the last product to ship systemd 208.
- Remove CUPS.desktop and pixmap
  * Obsoletes patch cups-1.3.9-desktop_file.patch
- Version upgrade to 2.1.3:
  CUPS 2.1.3 fixes some issues in the scheduler, sample drivers,
  and user commands.
  A detailed list of changes can be found in the CHANGES.txt file.
  Changes include (excerpt):
  * The scheduler should not exit under memory pressure
  * Fixed some issues in ipptool for skipped tests
  * The "/lp -H resume"/ command did not reset the
    "/job-state-reasons"/ attribute value (STR #4752)
  * The scheduler did not allow access to resource files
    (icons, etc.) when the web interface was disabled (STR #4755)
- Version upgrade to 2.1.2:
  CUPS 2.1.2 fixes an issue in the 2.1.1 source archives which
  actually contained a current 2.2 snapshot.
  There are no other changes.
- Version upgrade to 2.1.1:
  CUPS 2.1.1 fixes a number of USB and IPP printing issues,
  addresses some error reporting and hardening issues in
  the scheduler, and updates some localizations.
  A detailed list of changes can be found in the CHANGES.txt file.
  Changes include (excerpt):
  * Security hardening fixes (<rdar://problem/23131948>,
    <rdar://problem/23132108>, <rdar://problem/23132353>,
    <rdar://problem/23132803>, <rdar://problem/23133230>,
    <rdar://problem/23133393>, <rdar://problem/23133466>,
    <rdar://problem/23133833>, <rdar://problem/23133998>,
    <rdar://problem/23134228>, <rdar://problem/23134299>,
    <rdar://problem/23134356>, <rdar://problem/23134415>,
    <rdar://problem/23134506>, <rdar://problem/23135066>,
    <rdar://problem/23135122>, <rdar://problem/23135207>,
    <rdar://problem/23144290>, <rdar://problem/23144358>,
  * The cupsGetPPD* functions did not work with IPP printers
    (STR #4725)
  * Some older HP LaserJet printers need a delayed close when
    printing using the libusb-based USB backend (STR #4549)
  * The libusb-based USB backend did not unload the kernel usblp
    module if it was preventing the backend from accessing the
    printer (STR #4707)
  * Current Primera printers were incorrectly reported as Fargo
    printers (STR #4708)
  * The IPP backend did not always handle jobs getting canceled
    at the printer (<rdar://problem/22716820>)
  * Added USB quirk for Canon MP530 (STR #4730)
  * The scheduler did not deliver job notifications for jobs
    submitted to classes (STR #4733)
  * Changing the printer-is-shared value for a remote queue
    did not produce an error (STR #4738)
  * The IPP backend incorrectly included the job-password
    attribute in Validate-Job requests (<rdar://problem/23531939>)
- add -devel to build a 32bit wine on 64bit only Leap systems.
- Version upgrade to 2.1.0:
  CUPS 2.1.0 offers improved support for IPP Everywhere,
  adds support for advanced logging using journald on Linux, and
  includes new security features for encrypted printing and
  reduced network visibility in the default configuration.
  A detailed list of changes can be found in the CHANGES.txt file.
  Changes include (excerpt):
  * Added support for 3D printers (basic types only,
    no built-in filters) based on PWG white paper.
  * The IPP backend now stops sending print data
    if the printer indicates the job has been aborted
    or canceled (<rdar://problem/17837631>)
  * The IPP backend now sends the job-pages-per-set
    attribute when printing multiple copy jobs with
    finishings (<rdar://problem/16792757>)
  * The IPP backend now updates the cupsMandatory values when the
    printer configuration changes (<rdar://problem/18126570>)
  * No longer install banner files since third-party banner
    filters now supply their own (STR #4518)
  * The scheduler no longer listens on the loopback
    interface unless the web interface or printer sharing
    are enabled (<rdar://problem/9136448>)
  * Added a PPD generator for IPP Everywhere printers (STR #4258)
  * Now install "/default"/ versions of more configuration
    files (<rdar://problem/19024491>) in particular
    cups-files.conf.default and snmp.conf.default
  * Added SSLOptions values to allow Diffie-Hellman key exchange
    and disable TLS/1.0 support.
  * Updated the scheduler to support more IPP Everywhere
    attributes (STR #4630)
  * The scheduler now supports advanced ASL and journald logging
    when "/syslog"/ output is configured (STR #4474)
  * The scheduler now supports logging to stderr when running
    in the foreground (STR #4505)
- Adapted patches so that they apply to CUPS 2.1.0 sources:
  * cups-2.1.0-choose-uri-template.patch replaces
  * cups-2.1.0-default-webcontent-path.patch replaces
  * cups-2.1.0-cups-systemd-socket.patch replaces
- Fix bnc#943950, escape the macro call %systemd-tmpfiles
  in comment.
- Add gpg verification for the tarball
- Version update to 2.0.4:
  * Fixed a bug in cupsRasterWritePixels (STR #4650)
  * Fixed redirection in the web interface (STR #4538)
  * The IPP backend did not respond to side-channel
    requests (STR #4645)
  * The scheduler did not start all pending jobs
    at once (STR #4646)
  * The web search incorrectly searched time-at-xxx
    values (STR #4652)
  * Fixed an RPM spec file issue (STR #4657)
  * The scheduler incorrectly started jobs while canceling
    multiple jobs (STR #4648)
  * Fixed processing of server overrides without
    port numbers (STR #4675)
  * Documentation changes (STR #4651, STR #4674)
- cups-2.0.3-additional_policies.patch replaces
  cups-1.7-additional_policies.patch that still adds the same
  "/allowallforanybody"/ policy but now with separated "/Limit All"/
  to avoid (boo#936309).
- Added "/-p /bin/bash"/ to RPM shell commands scriptlets that
  enforces bash to be safe against any possible "/bashisms"/, cf
- Fix the previous commit by using direct systemd call and
  ensuring we work even on older distros
- Fix postin-without-tmpfile-creation and run %tmpfiles_create
  macro on our cups.conf
- Version upgrade to 2.0.3:
  The new release addresses two security vulnerabilities,
  add localizations for German and Russian, and includes several
  general bug fixes. Changes include (excerpt):
  * Security: Fixed CERT VU #810572 CVE-2015-1158 CVE-2015-1159
    exploiting the dynamic linker (STR #4609) (bsc#924208)
  * Security: The scheduler could hang with malformed gzip data
    (STR #4602)
  * Restored missing generic printer icon file (STR #4587)
  * Fixed logging of configuration errors to show up as errors
    (STR #4582)
  * Fixed potential buffer overflows in raster code and filters
    (STR #4598, STR #4599, STR #4600, STR #4601)
  * Fixed <Limit> inside <Location> (STR #4575)
  * Fixed lpadmin when both -m and -o are used (STR #4578)
  * The web interface always showed support for 2-sided printing
    (STR #4595)
  * cupsRasterReadHeader did not fully validate the raster header
    (STR #4596)
  * The rastertopwg filter did not check for truncated input
    (STR #4597)
  * The cups-lpd mini-daemon did not check for request parameters
    (STR #4603)
  * The scheduler could get caught in a busy loop (STR #4605)
  * The sample Epson driver could crash (STR #4616)
  * The IPP backend now correctly monitors jobs
  * The ppdhtml and ppdpo utilities crashed when the -D option
    was used before a driver information file (STR #4627)
  * ippfind incorrectly substituted "/=port"/ for service_port.
  * The IPP/1.1 test file did not handle the initial print job
    completing early (STR #4576)
  * Fixed a memory leak in cupsConnectDest (STR #4634)
  * PWG Raster Format output contained invalid ImageBox values
  * Added Russian translation (STR #4577)
  * Added German translation (STR #4635)
- cups-busy-loop.patch fixed STR #4605 is obsolete because
  it is fixed upstream (see above).
- cleaned up this whole RPM changlog (wrapped too long lines if
  possible and removed trailing whitespaces).
- Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605
- Add back the posttrans cleanup script as it is needed
- Add patch cups-systemd-socket.patch to fix socket activation
  and to match socket approach Fedora has.
- Version bump to 2.0.2:
  * Security: cupsRasterReadPixels buffer overflow with invalid
    page header and compressed raster data (STR #4551)
  * Mapping of PPD keywords to IPP keywords did not work if the PPD
    keyword was already an IPP keyword (<rdar://problem/19121005>)
  * cupsGetPPD* sent bad requests (STR #4567)
  * For detailed list see CHANGES.txt file
- Enable PIE for build
- Remove legacy paralel-port support as it is not really needed
  as most do not want it
- Update descriptions to just state what changed and let user
  find it out.
- Add back comment about %fdupes
- Remove exit 0 on scriptlets as it is provided by
  the %service bla ones already
- Fix the comment about openSUSE version on tmpfilesdir declaration
- cups-2.0.1 update:
  * lengthy list of changes see the upstream CHANGES.txt that is
    distributed with the package
  * Disabling of sslv3 to mitigate poodle
- Use gnutls to provide SSLOPtions configuration directive
  * openssl is no longer supported upstream
  * Remove the with-openssl-exception from license
- Remove cups.sysconfig as it is not used with systemd based distros
- Purposely lose support for SLE11 as it doubles size of some of the
  sections and keep suppor for openSUSE+SLE12
  * even with the conditions we would have to go unencrypted only
    as needs newer gnutls, so don't bother with keeping the compat
- Use upstream service and socket files to allow more working tools
- Removed patches:
  * cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch
  * cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch
  * cups-0003-systemd-secure-cups.service-unit-file.patch
  * cups-1.3.6-access_conf.patch
  * cups-1.5-additional_policies.patch
  * cups-1.5.4-CVE-2012-5519.patch
  * cups-1.5.4-strftime.patch
  * cups-move-everything-to-run.patch
  * cups-polld_avoid_busy_loop.patch
  * cups-provides-cupsd-service.patch
  * str4190.patch
  * str4351.patch
  * str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch
- Refreshed patches:
  * cups-1.3.9-desktop_file.patch
  * cups-config-libs.patch
- Added patches:
  * cups-1.7-additional_policies.patch
  * cups-systemd-socket.patch
- Security fix: [bsc#1188220, CVE-2021-22925]
  * TELNET stack contents disclosure again
  * Add curl-CVE-2021-22925.patch
- Security fix: [bsc#1188219, CVE-2021-22924]
  * Bad connection reuse due to flawed path name checks
  * Add curl-CVE-2021-22924.patch
- Security fix: Disable the metalink feature:
  * Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923]
  * Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922]
- Security fix: [bsc#1186114, CVE-2021-22898]
  * TELNET stack contents disclosure
- Add curl-CVE-2021-22898.patch
- Allow partial chain verification [jsc#SLE-17956]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.
- Add curl-X509_V_FLAG_PARTIAL_CHAIN.patch
- Security fix: [bsc#1183934, CVE-2021-22890]
  * When using a HTTPS proxy and TLS 1.3, libcurl can confuse
    session tickets arriving from the HTTPS proxy but work as
    if they arrived from the remote server and then wrongly
    "/short-cut"/ the host handshake.
- Add curl-CVE-2021-22890.patch
- Security fix: [bsc#1183933, CVE-2021-22876]
  * The automatic referer leaks credentials
- Add curl-CVE-2021-22876.patch
- Security fix: [bsc#1179593, CVE-2020-8286]
  * Inferior OCSP verification: libcurl offers "/OCSP stapling"/ via
    the 'CURLOPT_SSL_VERIFYSTATUS' option that, when set, verifies
    the OCSP response that a server responds with as part of the TLS
    handshake. It then aborts the TLS negotiation if something is
    wrong with the response. The same feature can be enabled with
    '--cert-status' using the curl tool.
  * As part of the OCSP response verification, a client should verify
    that the response is indeed set out for the correct certificate.
    This step was not performed by libcurl when built or told to use
    OpenSSL as TLS backend.
- Add curl-CVE-2020-8286.patch
- Security fix: [bsc#1179399, CVE-2020-8285]
  * FTP wildcard stack overflow: The wc_statemach() internal
    function has been rewritten to use an ordinary loop instead of
    the recursive approach.
- Add curl-CVE-2020-8285.patch
- Security fix: [bsc#1179398, CVE-2020-8284]
  * Trusting FTP PASV responses: When curl performs a passive FTP
    transfer, it first tries the 'EPSV' command and if that is not
    supported, it falls back to using 'PASV'. A malicious server
    can use the 'PASV' response to trick curl into connecting
    back to a given IP address and port, and this way potentially
    make curl extract information about services that are otherwise
    private and not disclosed.
  * The IP address part of the response is now ignored by default,
    by making 'CURLOPT_FTP_SKIP_PASV_IP' default to '1L'. The same
    goes for the command line tool, which then might need
    '--no-ftp-skip-pasv-ip' set to prevent curl from ignoring the
    address in the server response.
- Add curl-CVE-2020-8284.patch
- Security fix: [bsc#1175109, CVE-2020-8231]
  * An application that performs multiple requests with libcurl's
    multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
    rare circumstances experience that when subsequently using the
    setup connect-only transfer, libcurl will pick and use the wrong
    connection and instead pick another one the application has
    created since then.
- Add curl-CVE-2020-8231.patch
- Security fix: [bsc#1173027, CVE-2020-8177]
  * curl can be tricked my a malicious server to overwrite a local
    file when using '-J' ('--remote-header-name') and '-i' ('--head')
    in the same command line.
- Add curl-CVE-2020-8177.patch
- Security fix: [bsc#1173026, CVE-2020-8169]
  * Partial password leak over DNS on HTTP redirect
- Add curl-CVE-2020-8169.patch
- Fix segfault in zypper ref: [bsc#1156481]
  * remove_handle: clear expire timers after multi_done()
  * Add patch curl-expire-clear.patch
- Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481]
  [bsc#1149604, bsc#1149572, jsc#SLE-9295]
  * Changes:
  - CURLINFO_RETRY_AFTER: parse the Retry-After header value
  - HTTP3: initial (experimental still not working) support
  - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
  - curl: support parallel transfers with -Z
  - curl_multi_poll: a sister to curl_multi_wait() that waits more
  - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
  * Bugfixes:
  - CVE-2019-5481: FTP-KRB double-free
  - CVE-2019-5482: TFTP small blocksize heap buffer overflow
  - CMake: remove needless newlines at end of gss variables
  - CMake: use platform dependent name for dlopen() library
  - CURLINFO docs: mention that in redirects times are added
  - CURLOPT_ALTSVC.3: use a "/"/ file name to not load from a file
  - CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
  - CURLOPT_READFUNCTION.3: provide inline example
  - CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
  - Curl_addr2string: take an addrlen argument too
  - Curl_fillreadbuffer: avoid double-free trailer buf on error
  - HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
  - alt-svc: add protocol version selection masking
  - alt-svc: fix removal of expired cache entry
  - alt-svc: make it use h3-22 with ngtcp2 as well
  - alt-svc: more liberal ALPN name parsing
  - alt-svc: send Alt-Used: in redirected requests
  - alt-svc: with quiche, use the quiche h3 alpn string
  - asyn-thread: create a socketpair to wait on
  - cleanup: move functions out of url.c and make them static
  - cleanup: remove the 'numsocks' argument used in many places
  - configure: avoid undefined check_for_ca_bundle
  - curl.h: add CURL_HTTP_VERSION_3 to the version enum
  - curl: cap the maximum allowed values for retry time arguments
  - curl: handle a libcurl build without netrc support
  - curl: make use of CURLINFO_RETRY_AFTER when retrying
  - curl: use CURLINFO_PROTOCOL to check for HTTP(s)
  - curl_global_init_mem.3: mention it was added in 7.12.0
  - curl_version: bump string buffer size to 250
  - curl_version_info.3: mentioned ALTSVC and HTTP3
  - curl_version_info: offer quic (and h3) library info
  - curl_version_info: provide nghttp2 details
  - defines: avoid underscore-prefixed defines
  - docs/ALTSVC: remove what works and the experimental explanation
  - docs/EXPERIMENTAL: explain what it means and what's experimental now
  - docs/ converted to markdown from plain text
  - docs/examples/curlx: fix errors
  - docs: s/curl_debug/curl_dbg_debug in comments and docs
  - easy: resize receive buffer on easy handle reset
  - examples: Avoid reserved names in hiperfifo examples
  - examples: add http3.c, altsvc.c and http3-present.c
  - http09: disable HTTP/0.9 by default in both tool and library
  - http2: when marked for closure and wanted to close == OK
  - http2_recv: trigger another read when the last data is returned
  - http: fix use of credentials from URL when using HTTP proxy
  - http_negotiate: improve handling of gss_init_sec_context() failures
  - md4: Use our own MD4 when no crypto libraries are available
  - multi: call detach_connection before Curl_disconnect
  - nss: use TLSv1.3 as default if supported
  - openssl: build warning free with boringssl
  - openssl: use SSL_CTX_set__proto_version() when available
  - plan9: add support for running on Plan 9
  - progress: reset download/uploaded counter between transfers
  - readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
  - scp: fix directory name length used in memcpy
  - smb: init *msg to NULL in smb_send_and_recv()
  - smtp: check for and bail out on too short EHLO response
  - source: remove names from source comments
  - spnego_sspi: add typecast to fix build warning
  - src/makefile: fix uncompressed hugehelp.c generation
  - ssh-libssh: do not specify O_APPEND when not in append mode
  - ssh: move code into vssh for SSH backends
  - sspi: fix memory leaks
  - tests: Replace outdated test case numbering documentation
  - tftp: return error when packet is too small for options
  - timediff: make it 64 bit (if possible) even with 32 bit time_t
  - travis: reduce number of torture tests in 'coverage'
  - url: make use of new HTTP version if alt-svc has one
  - urlapi: verify the IPv6 numerical address
  - urldata: avoid 'generic', use dedicated pointers
  - vauth: Use CURLE_AUTH_ERROR for auth function errors
  * Removed patches:
  - curl-CVE-2018-0500.patch
  - curl-CVE-2018-14618.patch
  - curl-CVE-2018-16839.patch
  - curl-CVE-2018-16840.patch
  - curl-CVE-2018-16842.patch
  - curl-CVE-2018-16890.patch
  - curl-CVE-2019-3822.patch
  - curl-CVE-2019-3823.patch
  - curl-CVE-2019-5436.patch
  - curl-CVE-2019-5481.patch
  - curl-CVE-2019-5482.patch
- Security fix: [bsc#1149496,CVE-2019-5482]
  * TFTP small blocksize heap buffer overflow
  * Added curl-CVE-2019-5482.patch
- Security fix: [bsc#1149495,CVE-2019-5481]
  * FTP-KRB: double-free during kerberos FTP data transfer
  * Added curl-CVE-2019-5481.patch
- Update to 7.65.3
  * progress: make the progress meter appear again
- Update to 7.65.2
  * Bugfixes:
  - Explain Schannel error SEC_E_ALGORITHM_MISMATCH
  - CMake: Fix finding Brotli on case-sensitive file systems
  - CURLOPT_RANGE.3: Caution against using it for HTTP PUT
  - CURLOPT_SEEKDATA.3: fix variable name
  - bindlocal: detect and avoid IP version mismatches in bind()
  - build: fix Codacy warnings
  - c-ares: honor port numbers in CURLOPT_DNS_SERVERS
  - config-os400: add getpeername and getsockname defines
  - configure: --disable-progress-meter
  - configure: fix --disable-code-coverage
  - configure: more --disable switches to toggle off individual features
  - configure: remove CURL_DISABLE_TLS_SRP
  - conn_maxage: move the check to prune_dead_connections()
  - curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
  - docs: Explain behavior change in --tlsv1. options since 7.54
  - docs: Fix links to OpenSSL docs
  - docs: fix string suggesting HTTP/2 is not the default
  - headers: Remove no longer exported functions
  - http2: call done_sending on end of upload
  - http2: don't call stream-close on already closed streams
  - http2: remove CURL_DISABLE_TYPECHECK define
  - http: allow overriding timecond with custom header
  - http: clarify header buffer size calculation
  - krb5: fix compiler warning
  - lib: Use UTF-8 encoding in comments
  - libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
  - multi: enable multiplexing by default (again)
  - multi: fix the transfer hashes in the socket hash entries
  - multi: make sure 'data' can present in several sockhash entries
  - netrc: Return the correct error code when out of memory
  - nss: don't set unused parameter
  - nss: inspect returnvalue of token check
  - nss: only cache valid CRL entries
  - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
  - openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
  - openssl: fix pubkey/signature algorithm detection in certinfo
  - os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
  - quote.d: asterisk prefix works for SFTP as well
  - runtests: keep logfiles around by default
  - runtests: report single test time + total duration
  - test1165: verify that CURL_DISABLE_ symbols are in sync
  - test1521: adapt to SLISTPOINT
  - test1523: test CURLOPT_LOW_SPEED_LIMIT
  - test153: fix content-length to avoid occasional hang
  - test188/189: fix Content-Length
  - tests: have runtests figure out disabled features
  - tests: support non-localhost HOSTIP for dict/smb servers
  - tests: update fixed IP for hostip/clientip split
  - tool_cb_prg: Fix integer overflow in progress bar
  - typecheck: CURLOPT_CONNECT_TO takes an slist too
  - typecheck: add 3 missing strings and a callback data pointer
  - unit1654: cleanup on memory failure
  - unpause: trigger a timeout for event-based transfers
  - url: Fix CURLOPT_MAXAGE_CONN time comparison
- Rebased patch curl-use_OPENSSL_config.patch
- Disable new added failing test1165
- Update to 7.65.1
  * Bugfixes:
  - CURLOPT_LOW_SPEED_* repaired
  - NTLM: reset proxy "/multipass"/ state when CONNECT request is done
  - PolarSSL: deprecate support step 1. Removed from configure
  - cmake: check for if_nametoindex()
  - cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
  - conncache: Remove the DEBUGASSERT on length check
  - conncache: make "/bundles"/ per host name when doing proxy tunnels
  - curl_share_setopt.3: improve wording
  - dump-header.d: spell out that no headers == empty file
  - example/http2-download: fix format specifier
  - examples: cleanups and compiler warning fixes
  - http2: Stop drain from being permanently set
  - http: don't parse body-related headers in bodyless responses
  - md4: build correctly with openssl without MD4
  - md4: include the mbedtls config.h to get the MD4 info
  - multi: track users of a socket better
  - nss: allow to specify TLS 1.3 ciphers if supported by NSS
  - parse_proxy: make sure portptr is initialized
  - parse_proxy: use the IPv6 zone id if given
  - sectransp: handle errSSLPeerAuthCompleted from SSLRead()
  - singlesocket: use separate variable for inner loop
  - ssl: Update outdated "/openssl-only"/ comments for supported backends
  - tests: add HAProxy keywords
  - tests: make test 1420 and 1406 work with rtsp-disabled libcurl
  - tls13-docs: mention it is only for OpenSSL >= 1.1.1
  - tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
  - url: fix bad feature-disable #ifdef
  - url: use correct port in ConnectionExists()
- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436]
  * Changes:
  - CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
  - pipelining: removed
  * Bugfixes:
  - CVE-2019-5435: Integer overflows in curl_url_set
  - CVE-2019-5436: tftp: use the current blksize for recvfrom()
  - --config: clarify that initial : and = might need quoting
  - CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
  - CURLOPT_ADDRESS_SCOPE: fix range check and more
  - CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
  - CURL_MAX_INPUT_LENGTH: largest acceptable string input size
  - Curl_disconnect: treat all CONNECT_ONLY connections as "/dead"/
  - OS400/ccsidcurl: replace use of Curl_vsetopt
  - OpenSSL: Report -fips in version if OpenSSL is built with FIPS
  - WRITEFUNCTION: add missing set_in_callback around callback
  - altsvc: Fix building with cookies disabled
  - auth: Rename the various authentication clean up functions
  - base64: build conditionally if there are users
  - cmake: avoid linking executable for some tests with cmake 3.6+
  - cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
  - cmake: set SSL_BACKENDS
  - configure: avoid unportable '==' test(1) operator
  - configure: error out if OpenSSL wasn't detected when asked for
  - configure: fix default location for fish completions
  - cookie: Guard against possible NULL ptr deref
  - curl: make code work with protocol-disabled libcurl
  - curl: report error for "/--no-"/ on non-boolean options
  - curlver.h: use parenthesis in CURL_VERSION_BITS macro
  - docs/INSTALL: fix broken link
  - doh: acknowledge CURL_DISABLE_DOH
  - doh: disable DOH for the cases it doesn't work
  - examples: remove unused variables
  - ftplistparser: fix LGTM alert "/Empty block without comment"/
  - hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
  - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
  - http: acknowledge CURL_DISABLE_HTTP_AUTH
  - http: mark bundle as not for multiuse on < HTTP/2 response
  - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
  - http_negotiate: do not treat failure of gss_init_sec_context() as fatal
  - http_ntlm: Corrected the name of the include guard
  - http_ntlm_wb: Handle auth for only a single request
  - http_ntlm_wb: Return the correct error on receiving an empty auth message
  - lib509: add missing include for strdup
  - lib557: initialize variables
  - mbedtls: enable use of EC keys
  - mime: acknowledge CURL_DISABLE_MIME
  - multi: improved HTTP_1_1_REQUIRED handling
  - netrc: acknowledge CURL_DISABLE_NETRC
  - nss: allow fifos and character devices for certificates
  - nss: provide more specific error messages on failed init
  - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
  - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
  - openssl: mark connection for close on TLS close_notify
  - openvms: Remove pre-processor for SecureTransport
  - parse_proxy: use the URL parser API
  - parsedate: disabled on CURL_DISABLE_PARSEDATE
  - pingpong: disable more when no pingpong protocols are enabled
  - polarssl_threadlock: remove conditionally unused code
  - progress: acknowledge CURL_DISABLE_PROGRESS_METER
  - proxy: acknowledge DISABLE_PROXY more
  - resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
  - revert "/multi: support verbose conncache closure handle"/
  - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
  - sasl: only enable if there's a protocol enabled using it
  - singleipconnect: show port in the verbose "/Trying ..."/ message
  - socks5: user name and passwords must be shorter than 256
  - socks: fix error message
  - socksd: new SOCKS 4+5 server for tests
  - spnego_gssapi: fix return code on gss_init_sec_context() failure
  - ssh-libssh: remove unused variable
  - ssh: define USE_SSH if SSH is enabled (any backend)
  - ssh: move variable declaration to where it's used
  - test1002: correct the name
  - test2100: Fix typos in test description
  - tests: Run global cleanup at end of tests
  - tests: make Impacket (SMB server) Python 3 compatible
  - tool_cb_wrt: fix bad-function-cast warning
  - tool_formparse: remove redundant assignment
  - tool_help: Warn if curl and libcurl versions do not match
  - tool_help: include for strcasecmp
  - url: always clone the CUROPT_CURLU handle
  - url: convert the zone id from a IPv6 URL to correct scope id
  - urlapi: add CURLUPART_ZONEID to set and get
  - urlapi: increase supported scheme length to 40 bytes
  - urlapi: require a non-zero host name length when parsing URL
  - urlapi: stricter CURLUPART_PORT parsing
  - urlapi: strip off zone id from numerical IPv6 addresses
  - urlapi: urlencode characters above 0x7f correctly
  - vauth/cleartext: update the PLAIN login to match RFC 4616
  - vauth/oauth2: Fix OAUTHBEARER token generation
  - vauth: Fix incorrect function description for Curl_auth_user_contains_domain
  - vtls: fix potential ssl_buffer stack overflow
  - wildcard: disable from build when FTP isn't present
  - xattr: skip unittest on unsupported platforms
- Security fix [bsc#1135170, CVE-2019-5436]
  * A heap buffer overflow exists in tftp_receive_packet that
    receives data from a TFTP server
  * Added curl-CVE-2019-5436.patch
- Install completions file from curl rather than from the fish package
- update to version 7.64.1
  * Changes:
  - alt-svc: experiemental support added
  - configure: add --with-amissl
  * Bugfixes:
  - AppVeyor: switch VS 2015 builds to VS 2017 image
  - CURLU: fix NULL dereference when used over proxy
  - Curl_easy: remove req.maxfd - never used!
  - Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
  - DoH: inherit some SSL options from user's easy handle
  - Secure Transport: no more "/darwinssl"/
  - Secure Transport: tvOS 11 is required for ALPN support
  - cirrus: Added FreeBSD builds using Cirrus CI
  - cleanup: make local functions static
  - cli tool: do not use mime.h private structures
  - cmdline-opts/proxytunnel.d: the option tunnnels all protocols
  - configure: add additional libraries to check for LDAP support
  - configure: remove the unused fdopen macro
  - configure: show features as well in the final summary
  - conncache: use conn->data to know if a transfer owns it
  - connection: never reuse CONNECT_ONLY connections
  - connection_check: restore original conn->data after the check
  - connection_check: set ->data to the transfer doing the check
  - cookie: Add support for cookie prefixes
  - cookies: dotless names can set cookies again
  - cookies: fix NULL dereference if flushing cookies with no CookieInfo set
  - curl.1: --user and --proxy-user are hidden from ps output
  - curl.1: mark the argument to --cookie as
  - curl.h: use __has_declspec_attribute for shared builds
  - curl: display --version features sorted alphabetically
  - curl: fix FreeBSD compiler warning in the --xattr code
  - curl: remove MANUAL from -M output
  - curl_easy_duphandle.3: clarify that a duped handle has no shares
  - curl_multi_remove_handle.3: use at any time, just not from within callbacks
  - curl_url.3: this API is not experimental anymore
  - dns: release sharelock as soon as possible
  - docs: update max-redirs.d phrasing
  - examples/10-at-a-time.c: improve readability and simplify
  - examples/cacertinmem.c: use multiple certificates for loading CA-chain
  - examples/crawler: Fix the Accept-Encoding setting
  - examples/ephiperfifo.c: various fixes
  - examples/externalsocket: add missing close socket calls
  - examples/http2-download: cleaned up
  - examples/http2-serverpush: add some sensible error checks
  - examples/http2-upload: cleaned up
  - examples/httpcustomheader: Value stored to 'res' is never read
  - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
  - examples/sftpuploadresume: Value stored to 'result' is never read
  - examples: only include
  - examples: remove recursive calls to curl_multi_socket_action
  - examples: remove superfluous null-pointer checks
  - file: fix "/Checking if unsigned variable 'readcount' is less than zero."/
  - fnmatch: disable if FTP is disabled
  - gnutls: remove call to deprecated gnutls_compression_get_name
  - gopher: remove check for path == NULL
  - gssapi: fix deprecated header warnings
  - hostip: make create_hostcache_id avoid alloc + free
  - http2: multi_connchanged() moved from multi.c, only used for h2
  - http2: verify :athority in push promise requests
  - http: make adding a blank header thread-safe
  - http: send payload when (proxy) authentication is done
  - http: set state.infilesize when sending multipart formposts
  - makefile: make checksrc and hugefile commands "/silent"/
  - mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
  - mbedtls: release sessionid resources on error
  - memdebug: log pointer before freeing its data
  - memdebug: make debug-specific functions use curl_dbg_ prefix
  - mime: put the boundary buffer into the curl_mime struct
  - multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
  - multi: remove verbose "/Expire in"/ ... messages
  - multi: removed unused code for request retries
  - multi: support verbose conncache closure handle
  - negotiate: fix for HTTP POST with Negotiate
  - openssl: add support for TLS ASYNC state
  - openssl: if cert type is ENG and no key specified, key is ENG too
  - pretransfer: don't strlen() POSTFIELDS set for GET requests
  - rand: Fix a mismatch between comments in source and header
  - runtests: detect "/schannel"/ as an alias for "/winssl"/
  - schannel: be quiet - remove verbose output
  - schannel: close TLS before removing conn from cache
  - schannel: support CALG_ECDH_EPHEM algorithm
  - scripts/ also generate fish completion file
  - singlesocket: fix the 'sincebefore' placement
  - source: fix two 'nread' may be used uninitialized warnings
  - ssh: fix Condition '!status' is always true
  - ssh: loop the state machine if not done and not blocking
  - strerror: make the strerror function use local buffers
  - test578: make it read data from the correct test
  - tests: Fixed XML validation errors in some test files
  - tests: add stderr comparison to the test suite
  - tests: fix multiple may be used uninitialized warnings
  - threaded-resolver: shutdown the resolver thread without error message
  - tool_cb_wrt: fix writing to Windows null device NUL
  - tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
  - tool_operate: build on AmigaOS
  - tool_operate: fix typecheck warning
  - transfer.c: do not compute length of undefined hex buffer
  - travis: add build using gnutls
  - travis: add scan-build
  - travis: bump the used wolfSSL version to 4.0.0
  - travis: enable valgrind for the iconv tests
  - travis: use updated compiler versions: clang 7 and gcc 8
  - unit1307: require FTP support
  - unit1651: survive curl_easy_init() fails
  - url/idnconvert: remove scan for <= 32 ascii values
  - url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
  - urlapi: reduce variable scope, remove unreachable 'break'
  - urldata: convert bools to bitfields and move to end
  - urldata: simplify bytecounters
  - urlglob: Argument with 'nonnull' attribute passed null
  - version.c: silent scan-build even when librtmp is not enabled
  - vtls: rename some of the SSL functions
  - wolfssl: stop custom-adding curves
  - x509asn1: "/Dereference of null pointer"/
  - x509asn1: cleanup and unify code layout
  - escape ':' character
  - update regex to better match curl -h output
- Dropped patches fixed upstream:
  * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
  * 0002-connection_check-restore-original-conn-data-after-th.patch
  * curl-singlesocket-sincebefore-placement.patch
- Fix variable placement that wasn't properly reset within a loop
  missing to notify sockets. [bsc#1129083, bsc#1129470]
  * Added curl-singlesocket-sincebefore-placement.patch
- Add patches to fix use-after-free (boo#1127849):
  * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
  * 0002-connection_check-restore-original-conn-data-after-th.patch
- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles
  due to cmake pulling libcurl4
- update to version 7.64.0
  [bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
  [bcs#1123378, CVE-2019-3823]
  * Changes:
  - cookies: leave secure cookies alone
  - hostip: support wildcard hosts
  - http: Implement trailing headers for chunked transfers
  - http: added options for allowing HTTP/0.9 responses
  - timeval: Use high resolution timestamps on Windows
  * Bugfixes:
  - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
  - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
  - CVE-2019-3823: SMTP end-of-response out-of-bounds read
  - FAQ: remove mention of sourceforge for github
  - OS400: handle memory error in list conversion
  - OS400: upgrade ILE/RPG binding.
  - README: add codacy code quality badge
  - Revert http_negotiate: do not close connection
  - THANKS: added several missing names from year <= 2000
  - build: make 'tidy' target work for metalink builds
  - cmake: added checks for variadic macros
  - cmake: updated check for HAVE_POLL_FINE to match autotools
  - cmake: use lowercase for function name like the rest of the code
  - configure: detect xlclang separately from clang
  - configure: fix recv/send/select detection on Android
  - configure: rewrite --enable-code-coverage
  - conncache_unlock: avoid indirection by changing input argument type
  - cookie: fix comment typo
  - cookies: allow secure override when done over HTTPS
  - cookies: extend domain checks to non psl builds
  - cookies: skip custom cookies when redirecting cross-site
  - curl --xattr: strip credentials from any URL that is stored
  - curl -J: refuse to append to the destination file
  - curl/urlapi.h: include "/curl.h"/ first
  - curl_multi_remove_handle() don't block terminating c-ares requests
  - darwinssl: accept setting max-tls with default min-tls
  - disconnect: separate connections and easy handles better
  - disconnect: set conn->data for protocol disconnect
  - docs/version.d: mention MultiSSL
  - docs: fix the --tls-max description
  - docs: use $(INSTALL_DATA) to install man page
  - docs: use meaningless port number in CURLOPT_LOCALPORT example
  - gopher: always include the entire gopher-path in request
  - http2: clear pause stream id if it gets closed
  - if2ip: remove unused function Curl_if_is_interface_name
  - libssh: do not let libssh create socket
  - libssh: free sftp_canonicalize_path() data correctly
  - libtest/stub_gssapi: use "/real"/ snprintf
  - mbedtls: use VERIFYHOST
  - multi: multiplexing improvements
  - multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
  - ntlm: fix NTMLv2 compliance
  - ntlm_sspi: add support for channel binding
  - openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
  - openssl: fix the SSL_get_tlsext_status_ocsp_resp call
  - openvms: fix OpenSSL discovery on VAX
  - openvms: fix typos in documentation
  - os400: add a missing closing bracket
  - os400: fix extra parameter syntax error
  - pingpong: change default response timeout to 120 seconds
  - pingpong: ignore regular timeout in disconnect phase
  - printf: fix format specifiers
  - Fix perl call to include srcdir
  - schannel: fix compiler warning
  - schannel: preserve original certificate path parameter
  - schannel: stop calling it "/winssl"/
  - sigpipe: if mbedTLS is used, ignore SIGPIPE
  - smb: fix incorrect path in request if connection reused
  - ssh: log the libssh2 error message when ssh session startup fails
  - test1558: verify CURLINFO_PROTOCOL on file:// transfer
  - test1561: improve test name
  - test1653: make it survive torture tests
  - tests: allow tests to pass by 2037-02-12
  - tests: move objnames-* from lib into tests
  - timediff: fix math for unsigned time_t
  - timeval: Disable MSVC Analyzer GetTickCount warning
  - tool_cb_prg: avoid integer overflow
  - travis: added cmake build for osx
  - urlapi: Fix port parsing of eol colon
  - urlapi: distinguish possibly empty query
  - urlapi: fix parsing ipv6 with zone index
  - urldata: rename easy_conn to just conn
  - winbuild: conditionally use /DZLIB_WINAPI
  - wolfssl: fix memory-leak in threaded use
  - spnego_sspi: add support for channel binding
- Security fix [bsc#1123378, CVE-2019-3823]
  * SMTP end-of-response out-of-bounds read
  * Added patch curl-CVE-2019-3823.patch
- Security fix [bsc#1123377, CVE-2019-3822]
  * NTLMv2 type-3 header stack buffer overflow
  * Added patch curl-CVE-2019-3822.patch
- Fix wrong summary, curl is at version 7, not 4.
- Security fix [bsc#1123371, CVE-2018-16890]
  * NTLM type-2 out-of-bounds buffer read
  * Added patch curl-CVE-2018-16890.patch
- Provide libcurl4 = %version in the mini library package
- Update to version 7.63.0
  * curl: add %{stderr} and %{stdout} for --write-out
  * curl: add undocumented option --dump-module-paths for w32
  * setopt: add CURLOPT_CURLU
  * (lib)curl.rc: fixup for minor bugs
  * CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
  * CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis/desc
  * CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
  * Curl_follow: accept non-supported schemes for "/fake"/ redirects
  * KNOWN_BUGS: add --proxy-any connection issue
  * NTLM: Remove redundant ifdef USE_OPENSS
  * NTLM: force the connection to HTTP/1.1
  * OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
  * SECURITY-PROCESS: bountygraph shuts down again
  * TODO: Have the URL API offer IDN decoding
  * ares: remove fd from multi fd set when ares is about to close the fd
  * axtls: removed
  * checksrc: add COPYRIGHTYEAR check
  * cmake: fix MIT/Heimdal Kerberos detection
  * configure: include all libraries in ssl-libs fetch
  * configure: show CFLAGS, LDFLAGS etc in summary
  * connect: fix building for recent versions of Minix
  * cookies: create the cookiejar even if no cookies to save
  * cookies: expire "/Max-Age=0"/ immediately
  * curl: --local-port range was not "/including"/
  * curl: fix --local-port integer overflow
  * curl: fix memory leak reading --writeout from file
  * curl: fixed UTF-8 in current console code page (Win)
  * curl_easy_perform: fix timeout handling
  * curl_global_sslset(): id == -1 is not necessarily an error
  * curl_multibyte: fix a malloc overcalculation
  * curle: move deprecated error code to ifndef block
  * docs: curl_formadd field and file names are now escaped
  * docs: escape "/n"/ codes
  * doh: fix memory leak in OOM situation
  * doh: make it work for h2-disabled builds too
  * examples/ephiperfifo: report error when epoll_ctl fails
  * ftp: avoid unsigned int overflows in FTP listing parser
  * host names: allow trailing dot in name resolve, then strip it
  * http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
  * http: don't set CURLINFO_CONDIITON_UNMET for http status code 204
  * http: fix HTTP DIgest auth to include query in URI
  * http_negotiate: do not close connection until negotiation is completed
  * impacket: add LICENSE
  * infof: clearly indicate truncation
  * ldap: fix LDAP URL parsing regressions
  * libcurl: stop reading from paused transfers
  * mprintf: avoid unsigned integer overflow warning
  * netrc: don't ignore the login name specified with "/--user"/
  * nss: Fall back to latest supported SSL version
  * nss: Fix compatibility with nss versions 3.14 to 3.15
  * nss: fix fallthrough comment to fix picky compiler warning
  * nss: remove version selecting dead code
  * nss: set default max-tls to 1.3/1.2
  * openssl: Remove SSLEAY leftovers
  * openssl: do not log excess "/TLS app data"/ lines for TLS 1.3
  * openssl: do not use file BIOs if not requested
  * openssl: fix unused variable compiler warning with old openssl
  * openssl: support session resume with TLS 1.3
  * openvms: fix example name
  * os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
  * os400: add CURLOPT_CURLU to ILE/RPG binding
  * os400: fix return type of curl_easy_pause() in ILE/RPG binding
  * packages: remove old leftover files and dirs
  * pop3: only do APOP with a valid timestamp
  * runtests: use the local curl for verifying
  * schannel: be consistent in Schannel capitalization
  * schannel: better CURLOPT_CERTINFO support
  * schannel: use Curl_prefix for global private symbols
  * snprintf: renamed and now we only use msnprintf()
  * ssl: fix compilation with OpenSSL 0.9.7
  * ssl: replace all internal uses of CURLE_SSL_CACERT
  * symbols-in-versions: add missing CURLU_symbols
  * test328: verify Content-Encoding: none
  * tests: disable SO_EXCLUSIVEADDRUSE for stunnel/Win
  * tests: drop script no longer used
  * tests: drop script no longer used
  * tool_cb_wrt: Silence function cast compiler warning
  * tool_doswin: Fix uninitialized field warning
  * travis: build with clang sanitizers
  * travis: remove curl before a normal build
  * url: a short host name + port is not a scheme
  * url: fix IPv6 numeral address parser
  * urlapi: only skip encoding the first '=' with APPENDQUERY set
- refreshed curl-disabled-redirect-protocol-message.patch
- Update to version 7.62.0
  * multiplex: enable by default
  * url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
  * setopt: add CURLOPT_DOH_URL
  * curl: --doh-url added
  * setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
  * imap: change from "/FETCH"/ to "/UID FETCH"/
  * configure: add option to disable automatic OpenSSL config loading
  * upkeep: add a connection upkeep API: curl_easy_upkeep()
  * URL-API: added five new functions
  * vtls: MesaLink is a new TLS backend
  * CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
  * CVE-2018-16840: use-after-free in handle close [bsc#1113029]
  * CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
  * Curl_dedotdotify(): always nul terminate returned string
  * Curl_follow: Always free the passed new URL
  * Curl_http2_done: fix memleak in error path
  * Curl_retry_request: fix memory leak
  * Curl_saferealloc: Fixed typo in docblock
  * GnutTLS: TLS 1.3 support
  * SECURITY-PROCESS: mention the bountygraph program
  * VS projects: add USE_IPV6:
  * certs: generate tests certs with sha256 digest algorithm
  * checksrc: enable strict mode and warnings
  * checksrc: handle zero scoped ignore commands
  * cmake: Backport to work with CMake 3.0 again
  * cmake: Improve config installation
  * cmake: add support for transitive ZLIB target
  * cmake: disable -Wpedantic-ms-format
  * cmake: don't require OpenSSL if USE_OPENSSL=OFF
  * cmake: fixed path used in generation of docs/tests
  * cmake: remove unused *SOCKLEN_T variables
  * cmake: suppress MSVC warning C4127 for libtest
  * cmake: test and set missed defines during configuration
  * config: Remove unused SIZEOF_VOIDP
  * configure: force-use -lpthreads on HPUX
  * configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
  * cookies: Remove redundant expired check
  * cookies: fix leak when writing cookies to file
  * remove dependency on bc
  * curl.1: --ipv6 mutexes ipv4 (fixed typo)
  * curl: update the documentation of --tlsv1.0
  * curl_multi_wait: call getsock before figuring out timeout
  * curl_ntlm_wb: check aprintf() return codes
  * data-binary.d: clarify default content-type is x-www-form-urlencoded
  * docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
  * docs/CIPHERS: fix the TLS 1.3 cipher names
  * docs/CIPHERS: mention the colon separation for OpenSSL
  * docs/examples: URL updates
  * docs: add "/see also"/ links for SSL options
  * example/asiohiper: insert warning comment about its status
  * example/htmltidy: fix include paths of tidy libraries
  * examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
  * examples/parseurl.c: show off the URL API
  * examples: Fix memory leaks from realloc errors
  * examples: do not wait when no transfers are running
  * ftp: include command in Curl_ftpsend sendbuffer
  * gskit: make sure to terminate version string
  * gtls: Values stored to but never read
  * hostip: fix check on Curl_shuffle_addr return value
  * http2: fix memory leaks on error-path
  * http: fix memleak in rewind error path
  * krb5: fix memory leak in krb_auth
  * memory: add missing curl_printf header
  * memory: ensure to check allocation results
  * multi: Fix error handling in the SENDPROTOCONNECT state
  * multi: fix memory leak in content encoding related error path
  * multi: make the closure handle "/inherit"/ CURLOPT_NOSIGNAL
  * netrc: free temporary strings if memory allocation fails
  * nss: try to connect even if fails to load
  * ntlm_wb: Fix memory leaks in ntlm_wb_response
  * ntlm_wb: bail out if the response gets overly large
  * openssl: assume engine support in 0.9.8 or later
  * openssl: enable TLS 1.3 post-handshake auth
  * openssl: fix gcc8 warning
  * openssl: load built-in engines too
  * openssl: make 'done' a proper boolean
  * openssl: output the correct cipher list on TLS 1.3 error
  * openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
  * openssl: show "/proper"/ version number for libressl builds
  * pipelining: deprecated
  * rand: add comment to skip a clang-tidy false positive
  * rtmp: fix for compiling with lwIP
  * runtests: ignore disabled even when ranges are given
  * schannel: unified error code handling
  * sendf: Fix whitespace in infof/failf concatenation
  * ssh: free the session on init failures
  * ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
  * system.h: use proper setting with Sun C++ as well
  * test1299: use single quotes around asterisk
  * test1452: mark as flaky
  * test1651: unit test Curl_extract_certinfo()
  * test320: strip out more HTML when comparing
  * tests/ fix Python2-ism in neg TELNET server
  * tests: add unit tests for url.c
  * tool_cb_hdr: handle failure of rename()
  * travis: add a "/make tidy"/ build that runs clang-tidy
  * travis: add build for "/configure --disable-verbose"/
  * travis: bump the Secure Transport build to use xcode
  * travis: make distcheck scan for BOM markers
  * unit1300: fix stack-use-after-scope AddressSanitizer warning
  * urldata: Fix "/connecting"/ comment
  * urlglob: improve error message on bad globs
  * vtls: fix ssl version "/or later"/ behavior change for many backends
  * x509asn1: Fix SAN IP address verification
  * x509asn1: always check return code from getASN1Element()
  * x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
  * x509asn1: suppress left shift on signed value
- Rebased patches after update:
  * curl-disabled-redirect-protocol-message.patch
  * curl-use_OPENSSL_config.patch
- Security fix [bsc#1113660, CVE-2018-16842]
  * Fixed Out-of-bounds Read in tool_msgs.c
  * Added curl-CVE-2018-16842.patch
- Security fix [bsc#1113029, CVE-2018-16840]
  * use-after-free in handle close
  * Added curl-CVE-2018-16840.patch
- Security fix [bsc#1112758, CVE-2018-16839]
  * SASL password overflow via integer overflow
  * Added curl-CVE-2018-16839.patch
- Security fix [CVE-2018-14618, bsc#1106019]
  * NTLM password overflow via integer overflow
  * Added patch curl-CVE-2018-14618.patch
- Update to version 7.61.1
  * CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
  * CURLINFO_SIZE_UPLOAD: fix missing counter update
  * CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
  * CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
  * Curl_getoff_all_pipelines: improved for multiplexed
  * DEPRECATE: remove release date from 7.62.0
  * HTTP: Don't attempt to needlessly decompress redirect body
  * INTERNALS: require GnuTLS >= 2.11.3
  * add code quality grade for C/C++
  * SSLCERTS: improve the openssl command line
  * Silence GCC 8 cast-function-type warnings
  * ares: check for NULL in completed-callback
  * asyn-thread: Remove unused macro
  * auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
  * auth: pick Bearer authentication whenever a token is available
  * cmake: CMake config files are defining CURL_STATICLIB for static builds
  * cmake: Respect BUILD_SHARED_LIBS
  * cmake: Update scripts to use consistent style
  * cmake: bumped minimum version to 3.4
  * cmake: link curl to the OpenSSL targets instead of lib absolute paths
  * configure: conditionally enable pedantic-errors
  * configure: fix for -lpthread detection with OpenSSL and pkg-config
  * conn: remove the boolean 'inuse' field
  * content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
  * cookie tests: treat files as text
  * cookies: support creation-time attribute for cookies
  * curl: Fix segfault when -H @headerfile is empty
  * curl: add http code 408 to transient list for --retry
  * curl: fix time-of-check, time-of-use race in dir creation
  * curl: use Content-Disposition before the "/URL end"/ for -OJ
  * curl: warn the user if a given file name looks like an option
  * curl_threads: silence bad-function-cast warning
  * darwinssl: add support for ALPN negotiation
  * docs/CURLOPT_URL: fix indentation
  * docs/CURLOPT_WRITEFUNCTION: size is always 1
  * docs/SECURITY-PROCESS: mention bounty, drop pre-notify
  * docs/examples: add hiperfifo example using linux epoll/timerfd
  * docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
  * docs: clarify NO_PROXY env variable functionality
  * docs: improved the manual pages of some callbacks
  * docs: mention NULL is fine input to several functions
  * formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
  * gopher: Do not translate `?' to `%09'
  * header output: switch off all styles, not just unbold
  * hostip: fix unused variable warning
  * http2: Use correct format identifier for stream_id
  * http2: abort the send_callback if not setup yet
  * http2: avoid set_stream_user_data() before stream is assigned
  * http2: check nghttp2_session_set_stream_user_data return code
  * http2: clear the drain counter in Curl_http2_done
  * http2: make sure to send after RST_STREAM
  * http2: separate easy handle from connections better
  * http: fix for tiny "/HTTP/0.9"/ response
  * http_proxy: Remove unused macro SELECT_TIMEOUT
  * lib/Makefile: only do symbol hiding if told to
  * lib1502: fix memory leak in torture test
  * lib1522: fix curl_easy_setopt argument type
  * libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
  * mime: check Curl_rand_hex's return code
  * multi: always do the COMPLETED procedure/state
  * openssl: assume engine support in 1.0.0 or later
  * openssl: fix debug messages
  * projects: Improve Windows perl detection in batch scripts
  * retry: return error if rewind was necessary but didn't happen
  * reuse_conn(): memory leak - free old_conn->options
  * schannel: client certificate store opening fix
  * schannel: enable CALG_TLS1PRF for w32api >= 5.1
  * schannel: fix MinGW compile break
  * sftp: don't send post-qoute sequence when retrying a connection
  * smb: fix memory leak on early failure
  * smb: fix memory-leak in URL parse error path
  * smb_getsock: always wait for write socket too
  * ssh-libssh: fix infinite connect loop on invalid private key
  * ssh-libssh: reduce excessive verbose output about pubkey auth
  * ssh-libssh: use FALLTHROUGH to silence gcc8
  * ssl: set engine implicitly when a PKCS#11 URI is provided
  * sws: handle EINTR when calling select()
  * system_win32: fix version checking
  * telnet: Remove unused macros TELOPTS and TELCMDS
  * test1143: disable MSYS2's POSIX path conversion
  * test1148: disable if decimal separator is not point
  * test1307: (fnmatch testing) disabled
  * test1422: add required file feature
  * test1531: Add timeout
  * test1540: Remove unused macro TEST_HANG_TIMEOUT
  * test214: disable MSYS2's POSIX path conversion for URL
  * test320: treat curl320.out file as binary
  * tests/ Use /usr/bin/env to find python
  * tests: Don't use Windows path %PWD for SSH tests
  * tests: fixes for Windows line endlings
  * tool_operate: Fix setting proxy TLS 1.3 ciphers
  * travis: build darwinssl on macos 10.12 to fix linker errors
  * travis: execute "/set -eo pipefail"/ for coverage build
  * travis: run a 'make checksrc' too
  * travis: update to GCC-8
  * travis: verify that man pages can be regenerated
  * upload: allocate upload buffer on-demand
  * upload: change default UPLOAD_BUFSIZE to 64KB
  * urldata: remove unused pipe_broke struct field
  * vtls: reinstantiate engine on duplicated handles
  * windows: implement send buffer tuning
  * wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
- Remove patch included upstream:
  * curl-switch-off-all-styles.patch
- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences,
  which might mess up the terminal (bsc#1105624)
- security update
  * CVE-2018-0500 [bsc#1099793]
    + curl-CVE-2018-0500.patch
- Update to version 7.61.0
  [bsc#1099793, CVE-2018-0500]
  * getinfo: add microsecond precise timers for seven intervals
  * curl: show headers in bold, switch off with --no-styled-output
  * httpauth: add support for Bearer tokens
  * curl: --tls13-ciphers and --proxy-tls13-ciphers
  * curl: --disallow-username-in-url
  * CVE-2018-0500: smtp: fix SMTP send buffer overflow
  * schannel: disable client cert option if APIs not available
  * schannel: disable manual verify if APIs not available
  * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
  * openssl: acknowledge --tls-max for default version too
  * stub_gssapi: fix 'unused parameter' warnings
  * examples/progressfunc: make it build on both new and old libcurls
  * docs: mention it is HA Proxy protocol "/version 1"/
  * curl_fnmatch: only allow two asterisks for matching
  * docs: clarify CURLOPT_HTTPGET
  * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
  * configure: do compile-time SIZEOF checks instead of run-time
  * checksrc: make sure sizeof() is used *with* parentheses
  * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
  * schannel: make CAinfo parsing resilient to CR/LF
  * tftp: make sure error is zero terminated before printfing it
  * http resume: skip body if http code 416 (range error) is ignored
  * configure: add basic test of --with-ssl prefix
  * cmake: set -d postfix for debug builds
  * multi: provide a socket to wait for in Curl_protocol_getsock
  * content_encoding: handle zlib versions too old for Z_BLOCK
  * winbuild: only delete OUTFILE if it exists
  * winbuild: In fix typo DISTDIR->DIRDIST
  * schannel: add failf calls for client certificate failures
  * cmake: Fix the test for fsetxattr and strerror_r
  * curl.1: Fix cmdline-opts reference errors
  * cmdline-opts/ warn if mutexes: or see-also: list non-existing options
  * cmake: check for getpwuid_r
  * configure: fix ssh2 linking when built with a static mbedtls
  * psl: use latest psl and refresh it periodically
  * fnmatch: insist on escaped bracket to match
  * KNOWN_BUGS: restore text regarding #2101
  * INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
  * configure: override AR_FLAGS to silence warning
  * os400: implement mime api EBCDIC wrappers
  * curl.rc: embed manifest for correct Windows version detection
  * strictness: correct {infof, failf} format specifiers
  * tests: update .gitignore for libtests
  * configure: check for declaration of getpwuid_r
  * fnmatch: use the system one if available
  * CURLOPT_RESOLVE: always purge old entry first
  * multi: remove a potentially bad DEBUGF()
  * curl_addrinfo: use same #ifdef conditions in source as header
  * build: remove the Borland specific makefiles
  * axTLS: not considered fit for use
  * cmdline-opts/cert-type.d: mention "/p12"/ as a recognized type
  * system.h: add support for IBM xlc C compiler
  * tests/libtest: Add lib1521 to nodist_SOURCES
  * leave certificate name untouched
  * boringssl + schannel: undef X509_NAME in lib/schannel.h
  * openssl: assume engine support in 1.0.1 or later
  * cppcheck: fix warnings
  * test 46: make test pass after year 2025
  * schannel: support selecting ciphers
  * Curl_debug: remove dead printhost code
  * test 1455: unflakified
  * Curl_init_do: handle NULL connection pointer passed in
  * progress: remove a set of unused defines
  * make -u delete certdata.txt if found not changed
  * explains how this project is run
  * configure: use pkg-config for c-ares detection
  * configure: enhance ability to build with static openssl
  * maketgz: fix sed issues on OSX
  * multi: fix memory leak when stopped during name resolve
  * CURLOPT_INTERFACE.3: interface names not supported on Windows
  * url: fix dangling conn->data pointer
  * cmake: allow multiple SSL backends
  * system.h: fix for gcc on 32 bit OpenServer
  * ConnectionExists: make sure conn->data is set when "/taking"/ a connection
  * multi: fix crash due to dangling entry in connect-pending list
  * CURLOPT_SSL_VERIFYPEER.3: Add performance note
  * netrc: use a larger buffer to support longer passwords
  * url: check Curl_conncache_add_conn return code
  * configure: Add dependent libraries after crypto
  * easy_perform: faster local name resolves by using *multi_timeout()
  * getnameinfo: not used, removed all configure checks
  * travis: add a build using the synchronous name resolver
  * CURLINFO_TLS_SSL_PTR.3: improve the example
  * openssl: allow TLS 1.3 by default
  * openssl: make the requested TLS version the *minimum* wanted
  * openssl: Remove some dead code
  * telnet: fix clang warnings
  * DEPRECATE: new doc describing planned item removals
  * example/crawler.c: simple crawler based on libxml2
  * libssh: goto DISCONNECT state on error, not SESSION_FREE
  * CMake: Remove unused functions
  * darwinssl: allow High Sierra users to build the code using GCC
  * scripts: include _curl as part of CLEANFILES
  * examples: fix -Wformat warnings
  * curl_setup: include <winerror.h> before <windows.h>
  * schannel: make more cipher options conditional
  * CMake: remove redundant and old end-of-block syntax
  * post303.d: clarify that this is an RFC violation
- refreshed libcurl-ocloexec.patch
- Use OPENSSL_config instead of CONF_modules_load_file() to avoid
  crashes due to openssl engines conflicts (bsc#1086367)
  * add curl-use_OPENSSL_config.patch
- Update to version 7.60.0
  [bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301]
  * Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
  * Add --haproxy-protocol for the command line tool
  * Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
  * FTP: shutdown response buffer overflow CVE-2018-1000300
  * RTSP: bad headers buffer over-read CVE-2018-1000301
  * FTP: fix typo in recursive callback detection for seeking
  * test1208: marked flaky
  * HTTP: make header-less responses still count correct body size
  * user-agent.d:: mention --proxy-header as well
  * http2: fixes typo
  * cleanup: misc typos in strings and comments
  * rate-limit: use three second window to better handle high speeds
  * examples/hiperfifo.c: improved
  * pause: when changing pause state, update socket state
  * multi: improved pending transfers handling => improved performance
  * curl_version_info.3: fix ssl_version description
  * add_handle/easy_perform: clear errorbuffer on start if set
  * cmake: add support for brotli
  * parsedate: support UT timezone
  * vauth/ntlm.h: fix the #ifdef header guard
  * lib/curl_path.h: added #ifdef header guard
  * vauth/cleartext: fix integer overflow check
  * CURLINFO_COOKIELIST.3: made the example not leak memory
  * cookie.d: mention that "/-"/ as filename means stdin
  * CURLINFO_SSL_VERIFYRESULT.3: fixed the example
  * http2: read pending frames (including GOAWAY) in connection-check
  * timeval: remove compilation warning by casting
  * cmake: avoid warn-as-error during config checks
  * travis-ci: enable -Werror for CMake builds
  * openldap: fix for NULL return from ldap_get_attribute_ber()
  * threaded resolver: track resolver time and set suitable timeout values
  * cmake: Add advapi32 as explicit link library for win32
  * docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
  * test1148: set a fixed locale for the test
  * cookies: when reading from a file, only remove_expired once
  * cookie: store cookies per top-level-domain-specific hash table
  * openssl: fix build with LibreSSL 2.7
  * tls: fix mbedTLS 2.7.0 build + handle sha256 failures
  * openssl: RESTORED verify locations when verifypeer==0
  * file: restore old behavior for file:////foo/bar URLs
  * FTP: allow PASV on IPv6 connections when a proxy is being used
  * build-openssl.bat: allow custom paths for VS and perl
  * winbuild: make the clean target work without build-type
  * build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
  * curl: retry on FTP 4xx, ignore other protocols
  * configure: detect (and use) sa_family_t
  * examples/sftpuploadresume: Fix Windows large file seek
  * build: cleanup to fix clang warnings/errors
  * winbuild: updated the documentation
  * lib: silence null-dereference warnings
  * travis: bump to clang 6 and gcc 7
  * travis: build libpsl and make builds use it
  * proxy: show getenv proxy use in verbose output
  * duphandle: make sure CURLOPT_RESOLVE is duplicated
  * all: Refactor malloc+memset to use calloc
  * checksrc: Fix typo
  * system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
  * vauth: Fix typo
  * ssh: show libSSH2 error code when closing fails
  * test1148: tolerate progress updates better
  * urldata: make service names unconditional
  * configure: keep LD_LIBRARY_PATH changes local
  * ntlm_sspi: fix authentication using Credential Manager
  * schannel: add client certificate authentication
  * winbuild: Support custom devel paths for each dependency
  * schannel: add support for CURLOPT_CAINFO
  * http2: handle on_begin_headers() called more than once
  * openssl: support OpenSSL 1.1.1 verbose-mode trace messages
  * openssl: fix subjectAltName check on non-ASCII platforms
  * http2: avoid strstr() on data not zero terminated
  * http2: clear the "/drain counter"/ when a stream is closed
  * http2: handle GOAWAY properly
  * tool_help: clarify --max-time unit of time is seconds
  * curl.1: clarify that options and URLs can be mixed
  * http2: convert an assert to run-time check
  * curl_global_sslset: always provide available backends
  * ftplistparser: keep state between invokes
  * Curl_memchr: zero length input can't match
  * examples/sftpuploadresume: typecast fseek argument to long
  * examples/http2-upload: expand buffer to avoid silly warning
  * ctype: restore character classification for non-ASCII platforms
  * mime: avoid NULL pointer dereference risk
  * cookies: ensure that we have cookies before writing jar
  * os400.c: fix checksrc warnings
  * configure: provide --with-wolfssl as an alias for --with-cyassl
  * cyassl: adapt to libraries without TLS 1.0 support built-in
  * http2: get rid of another strstr
  * checksrc: force indentation of lines after an else
  * cookies: remove unused macro
  * CURLINFO_PROTOCOL.3: mention the existing defined names
  * tests: provide 'manual' as a feature to optionally require
  * travis: enable libssh2 on both macos and Linux
  * CURLOPT_URL.3: added ENCODING section
  * wolfssl: Fix non-blocking connect
  * vtls: don't define MD5_DIGEST_LENGTH for wolfssl
  * docs: remove extraneous commas in man pages
  * URL: fix ASCII dependency in strcpy_url and strlen_url
  * ssh-libssh.c: fix left shift compiler warning
  * configure: only check for CA bundle for file-using SSL backends
  * travis: add an mbedtls build
  * http: don't set the "/rewind"/ flag when not uploading anything
  * configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
  * transfer: don't unset writesockfd on setup of multiplexed conns
  * vtls: use unified "/supports"/ bitfield member in backends
  * URLs: fix one more http url
  * travis: add a build using WolfSSL
  * openssl: change FILE ops to BIO ops
  * travis: add build using NSS
  * smb: reject negative file sizes
  * cookies: accept parameter names as cookie name
  * http2: getsock fix for uploads
  * all over: fixed format specifiers
  * http2: use the correct function pointer typedef
- Added message about protocol redirection not supported or
  disabled to the function findprotocol() [bsc#1076446]
  * Added curl-disabled-redirect-protocol-message.patch
- Update to version 7.59.0
  [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
  [bsc#1084532, CVE-2018-1000122]
  * curl: add --proxy-pinnedpubkey
  * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
  * Add new tool option --happy-eyeballs-timeout-ms
  * openldap: check ldap_get_attribute_ber() results for NULL before using
  * FTP: reject path components with control codes
  * readwrite: make sure excess reads don't go beyond buffer end
  * lib555: drop text conversion and encode data as ascii codes
  * lib517: make variable static to avoid compiler warning
  * lib544: sync ascii code data with textual data
  * GSKit: restore pinnedpubkey functionality
  * darwinssl: Don't import client certificates into Keychain on macOS
  * parsedate: fix date parsing for systems with 32 bit long
  * openssl: fix pinned public key build error in FIPS mode
  * SChannel/WinSSL: Implement public key pinning
  * cookies: remove verbose "/cookie size:"/ output
  * progress-bar: don't use stderr explicitly, use bar->out
  * build: open VC15 projects with VS 2017
  * curl_ctype: private is*() type macros and functions
  * configure: set PATH_SEPARATOR to colon for PATH w/o separator
  * curl_easy_reset: clear digest auth state
  * curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
  * range: commonize FTP and FILE range handling
  * progress-bar docs: update to match implementation
  * fnmatch: do not match the empty string with a character set
  * fnmatch: accept an alphanum to be followed by a non-alphanum in char set
  * build: fix termios issue on android cross-compile
  * getdate: return -1 for out of range
  * formdata: use the mime-content type function
  * openssl: Don't add verify locations when verifypeer==0
  * fnmatch: optimize processing of consecutive *s and ?s pattern characters
  * schannel: fix compiler warnings
  * content_encoding: Add "/none"/ alias to "/identity"/
  * get_posix_time: only check for overflows if they can happen
  * http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
  * README: language fix
  * sha256: build with OpenSSL < 0.9.8
  * smtp: fix processing of initial dot in data
  * --tlsauthtype: works only if libcurl is built with TLS-SRP support
  * tests: new tests for http raw mode
  * libcurl-security.3: man page discussion security concerns when using libcurl
  * curl_gssapi: make sure this file too uses our *printf()
  * BINDINGS: fix curb link (and remove ruby-curl-multi)
  * nss: use PK11_CreateManagedGenericObject() if available
  * travis: add build with iconv enabled
  * ssh: add two missing state names
  * CURLOPT_HEADERFUNCTION.3: mention folded headers
  * http: fix the max header length detection logic
  * header callback: don't chop headers into smaller pieces
  * CURLOPT_HEADER.3: clarify problems with different data sizes
  * curl --version: show PSL if the run-time lib has it enabled
  * examples/sftpuploadresume: resume upload via CURLOPT_APPEND
  * Return error if called recursively from within callbacks
  * sasl: prefer PLAIN mechanism over LOGIN
  * winbuild: Use CALL to run batch scripts
  * curl_share_setopt.3: connection cache is shared within multi handles
  * projects/README: remove reference to dead IDN link/package
  * lib655: silence compiler warning
  * configure: Fix version check for OpenSSL 1.1.1
  * docs/MANUAL: is not accessible on the site anymore
  * unit1307: proper cleanup on OOM to fix torture tests
  * curl_ctype: fix macro redefinition warnings
  * build: get CFLAGS (including -werror) used for examples and tests
  * NO_PROXY: fix for IPv6 numericals in the URL
  * krb5: use nondeprecated functions
  * http2: mark the connection for close on GOAWAY
  * limit-rate: kick in even before "/limit"/ data has been received
  * HTTP: allow "/header;"/ to replace an internal header with a blank one
  * http2: verbose output new MAX_CONCURRENT_STREAMS values
  * SECURITY: distros' max embargo time is 14 days
  * curl tool: accept --compressed also if Brotli is enabled and zlib is not
  * WolfSSL: adding TLSv1.3
  * add -i and -m options
  * CURLOPT_COOKIEFILE.3: "/-"/ as file name means stdin
- Refreshed patch libcurl-ocloexec.patch
- Sort a bit with spec-cleaner
- Install license with the library
- ignore all test failures for PowerPC as bypass boo#1075219
  (not only the 1501 previously skipped)
  * Added patch ignore_runtests_failure.patch
- Build curl with
  libssh offers a lot more features than libssh2, for example:
  * Key Exchange Methods:
  * Hostkey Types: ssh-ed25519
  * Authentication: gssapi-with-mic
- Update to version 7.58.0
  * new libssh-powered SSH SCP/SFTP back-end
  * curl-config: add --ssl-backends
  * http2: fix incorrect trailer buffer size
  * http: prevent custom Authorization headers in redirects
  * travis: add boringssl build
  * examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
  * SSL: Avoid magic allocation of SSL backend specific data
  * lib: don't export all symbols, just everything curl_*
  * libssh2: send the correct CURLE error code on scp file not found
  * libssh2: return CURLE_UPLOAD_FAILED on failure to upload
  * openssl: enable pkcs12 in boringssl builds
  * libssh2: remove dead code from SSH_SFTP_QUOTE
  * sasl_getmesssage: make sure we have a long enough string to pass
  * conncache: fix several lock issues
  * threaded-shared-conn.c: new example
  * conncache: only allow multiplexing within same multi handle
  * configure: check for netinet/in6.h
  * URL: tolerate backslash after drive letter for FILE:
  * openldap: add commented out debug possibilities
  * include: get netinet/in.h before linux/tcp.h
  * CONNECT: keep close connection flag in http_connect_state struct
  * BINDINGS: another PostgreSQL client
  * curl: limit -# update frequency for unknown total size
  * configure: add AX_CODE_COVERAGE only if using gcc
  * curl.h: remove incorrect comment about ERRORBUFFER
  * openssl: improve data-pending check for https proxy
  * curl: remove __EMX__ #ifdefs
  * CURLOPT_PRIVATE.3: fix grammar
  * sftp: allow quoted commands to use relative paths
  * RESOLVE: output verbose text when trying to set a duplicate name
  * multi_done: prune DNS cache
  * tests: update .gitignore for libtests
  * tests: mark data files as non-executable in git
  * CURLOPT_DNS_LOCAL_IP4.3: fixed the "/SEE ALSO"/ to not self-reference
  * curl.1: documented two missing valid exit codes
  * curl.1: mention http:// and https:// as valid proxy prefixes
  * vtls: replaced getenv() with curl_getenv()
  * setopt: less *or equal* than INT_MAX/1000 should be fine
  * examples/smtp-mail.c: use separate defines for options and mail
  * curl: support >256 bytes warning messsages
  * conncache: fix a return code
  * krb5: fix a potential access of uninitialized memory
  * rand: add a clang-analyzer work-around
  * CURLOPT_READFUNCTION.3: refer to argument with correct name
  * brotli: allow compiling with version 0.6.0
  * content_encoding: rework zlib_inflate
  * curl_easy_reset: release mime-related data
  * examples/rtsp: fix error handling macros
  * curl: Support size modifiers for --max-filesize
  * examples/cacertinmem: ignore cert-already-exists error
  * brotli: data at the end of content can be lost
  * curl_version_info.3: call the argument 'age'
  * openssl: fix memory leak of SSLKEYLOGFILE filename
  * build: remove HAVE_LIMITS_H check
  * --mail-rcpt: fix short-text description
  * scripts: allow all perl scripts to be run directly
  * progress: calculate transfer speed on milliseconds if possible
  * system.h: check __LONG_MAX__ for defining curl_off_t
  * easy: fix connection ownership in curl_easy_pause
  * setopt: reintroduce non-static Curl_vsetopt() for OS400 support
  * setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
  * append extra linker flags instead of prepending them
  * HTTP: bail out on negative Content-Length: values
  * docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
  * mime: clone mime tree upon easy handle duplication
  * openssl: enable SSLKEYLOGFILE support by default
  * smtp/pop3/imap_get_message: decrease the data length too...
  * CURLOPT_TCP_NODELAY.3: fix typo
  * SMB: fix numeric constant suffix and variable types
  * ftp-wildcard: fix matching an empty string with "/*[^a]"/
  * curl_fnmatch: only allow 5 '*' sections in a single pattern
  * openssl: fix potential memory leak in SSLKEYLOGFILE logic
  * SSH: Fix state machine for ssh-agent authentication
  * examples/url2file.c: add missing curl_global_cleanup() call
  * http2: don't close connection when single transfer is stopped
  * libcurl-env.3: first version
  * curl: progress bar refresh, get width using ioctl()
  * CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
- disable 1501 test for PowerPC as byass boo#1075219
- Update to version 7.57.0  [bsc#1069226, CVE-2017-8816]
  [bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818]
  * auth: add support for RFC7616 - HTTP Digest access authentication
  * share: add support for sharing the connection cache
  * HTTP: implement Brotli content encoding
  * CVE-2017-8816: NTLM buffer overflow via integer overflow
  * CVE-2017-8817: FTP wildcard out of bounds read
  * CVE-2017-8818: SSL out of buffer access
  * curl_mime_filedata.3: fix typos
  * libtest: Add required test libraries for lib1552 and lib1553
  * fix time diffs for systems using unsigned time_t
  * ftplistparser: memory leak fix: free temporary memory always
  * multi: allow table handle sizes to be overridden
  * wildcards: don't use with non-supported protocols
  * curl_fnmatch: return error on illegal wildcard pattern
  * transfer: Fix chunked-encoding upload too early exit
  * resolvers: only include anything if needed
  * setopt: fix CURLOPT_SSH_AUTH_TYPES option read
  * Curl_timeleft: change return type to timediff_t
  * cmake: Export libcurl and curl targets to use by other cmake projects
  * curl: in -F option arg, comma is a delimiter for files only
  * curl: improved "/;type="/ handling in -F option arguments
  * timeval: use mach_absolute_time() on MacOS
  * curlx: the timeval functions are no longer provided as curlx_*
  * do not generate comment with current date
  * memdebug: use send/recv signature for curl_dosend/curl_dorecv
  * cookie: avoid NULL dereference
  * url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
  * include: remove conncache.h inclusion from where its not needed
  * CURLOPT_MAXREDIRS: allow -1 as a value
  * tests: Fixed torture tests on tests 556 and 650
  * http2: Fixed OOM handling in upgrade request
  * url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
  * curl: pass through [] in URLs instead of calling globbing error
  * curl: speed up handling of many URLs
  * ntlm: avoid malloc(0) for zero length passwords
  * url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
  * HTTP: support multiple Content-Encodings
  * travis: add a job with brotli enabled
  * url: remove unncessary NULL-check
  * fnmatch: remove dead code
  * connect: store IPv6 connection status after valid connection
  * imap: deal with commands case insensitively
  * --interface: add support for Linux VRF
  * content_encoding: fix inflate_stream for no bytes available
  * cmake: Add missing setmode check
  * connect.c: remove executable bit on file
  * SMB: fix uninitialized local variable
  * zlib/brotli: only include header files in modules needing them
  * URL: return error on malformed URLs with junk after IPv6 bracket
  * openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
  * macOS: Fix missing connectx function with Xcode version older than 9.0
  * --resolve: allow IP address within [] brackets
  * examples/curlx: Fix code style
  * ntlm: remove unnecessary NULL-check to please scan-build
  * Curl_llist_remove: fix potential NULL pointer deref
  * mime: fix "/Value stored to 'sz' is never read"/ scan-build error
  * openssl: fix "/Value stored to 'rc' is never read"/ scan-build error
  * http2: fix "/Value stored to 'hdbuf' is never read"/ scan-build error
  * http2: fix "/Value stored to 'end' is never read"/ scan-build error
  * Curl_open: fix OOM return error correctly
  * url: reject ASCII control characters and space in host names
  * examples/rtsp: clear RANGE again after use
  * connect: improve the bind error message
  * make: fix "/make distclean"/
  * connect: add support for new TCP Fast Open API on Linux
  * metalink: fix memory-leak and NULL pointer dereference
  * URL: update "/file:"/ URL handling
  * ssh: remove check for a NULL pointer
  * global_init: ignore CURL_GLOBAL_SSL's absense
- Update to version 7.56.1 [bsc#1063824]
  * imap: if a FETCH response has no size, don't call write
    callback [CVE-2017-1000257]
  * ftp: UBsan fixup 'pointer index expression overflowed
  * failf: skip the sprintf() if there are no consumers
  * fuzzer: move to using external curl-fuzzer
  * lib/Makefile.m32: allow customizing dll suffixes
  * docs: fix typo in curl_mime_data_cb man page
  * darwinssl: add support for TLSv1.3
  * build: fix --disable-crypto-auth
  * openssl: fix build without HAVE_OPAQUE_EVP_PKEY
  * strtoofft: Remove extraneous null check
  * multi_cleanup: call DONE on handles that never got that
  * tests: added flaky keyword to tests 587 and 644
  * pingpong: return error when trying to send without connection
  * remove_handle: call multi_done() first, then clear dns cache pointer
  * mime: be tolerant about setting the same header list twice in a part
  * mime: improve unbinding top multipart from easy handle
  * mime: avoid resetting a part's encoder when part's contents change
  * mime: refuse to add subparts to one of their own descendants
  * RTSP: avoid integer overflow on funny RTSP responses
  * curl: don't pass semicolons when parsing Content-Disposition
  * openssl: enable PKCS12 support for !BoringSSL
  * CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
  * CURLOPT_XFERINFODATA.3: fix duplicate see also
  * test298: verify --ftp-method nowcwd with URL encoded path
  * FTP: URL decode path for dir listing in nocwd mode
  * smtp_done: fix memory leak on send failure
  * ftpserver: support case insensitive commands
  * test950; verify SMTP with custom request
  * openssl: don't use old BORINGSSL_YYYYMM macros
  * setopt: update current connection SSL verify params
  * curl: reimplement stdin buffering in -F option
  * mime: keep "/text/plain"/ content type if user-specified
  * mime: fix the content reader to handle >16K data properly
  * configure: remove the C++ compiler check
  * memdebug: trace send, recv and socket
  * runtests: use valgrind for torture as well
  * ldap: silence clang warning
  * makefile.m32: allow to override gcc, ar and ranlib
  * setopt: avoid integer overflows when setting millsecond values
  * setopt: range check most long options
  * ftp: reject illegal IP/port in PASV 227 response
  * mime: do not reuse previously computed multipart size
  * vtls: change struct Curl_ssl `close' field name to `close_one'
  * os400: add missing symbols in config file
  * mime: limit bas64-encoded lines length to 76 characters
  * mk-ca-bundle: Remove URL for aurora
  * mk-ca-bundle: Fix URL for NSS
- Update to 7.56.0 [bsc#1061876, CVE-2017-1000254]
  * curl: enable compression for SCP/SFTP with --compressed-ssh
  * libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION
  * vtls: added dynamic changing SSL backend with curl_global_sslset()
  * new MIME API, curl_mime_init() and friends
  * openssl: initial SSLKEYLOGFILE implementation
  Security fixes:
  * CVE-2017-1000254 FTP PWD response parser out of bounds read
  * FTP: zero terminate the entry path even on bad input
  * examples/ftpuploadresume.c: use portable code
  * runtests: match keywords case insensitively
  * strtoofft: reduce integer overflow risks globally
  * produce a working completion script again
  * cmake: remove dead code for CURL_DISABLE_RTMP
  * progress: Track total times following redirects
  * configure: fix --disable-threaded-resolver
  * configure: fix clang version detection
  * darwinssi: fix error: variable length array used
  * configure: check for __builtin_available() availability
  * http_proxy: fix build error for CURL_DOES_CONVERSIONS
  * examples/ftpuploadresume: checksrc compliance
  * ftp: fix CWD when doing multicwd then nocwd on same connection
  * system.h: remove all CURL_SIZEOF_* defines
  * http: Don't wait on CONNECT when there is no proxy
  * system.h: check for __ppc__ as well
  * http2_recv: return error better on fatal h2 errors
  * tftp: fix memory leak on too long filename
  * system.h: fix build for hppa
  * cmake: enable picky compiler options with clang and gcc
  * makefile.m32: add support for libidn2
  * curl: shorten and clean up CA cert verification error message
  * imap: support PREAUTH
  * examples/threaded-ssl: mention that this is for openssl before 1.1
  * tests: Make sure libtests & unittests call curl_global_cleanup()
  * system.h: include sys/poll.h for AIX
  * darwinssl: handle long strings in TLS certs
  * strtooff: fix build for systems with long long but no strtoll
  * asyn-thread: Improved cleanup after OOM situations
  * curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
  * unit1301: fix error message on first test
  * ossfuzz: moving towards the ideal integration
  * http: fix a memory leakage in checkrtspprefix()
  * examples/post-callback: stop returning one byte at a time
  * schannel: return CURLE_SSL_CACERT on failed verification
  * http-proxy: treat all 2xx as CONNECT success
  * openssl: use OpenSSL's default ciphers by default
  * support attribute "/nonewline"/ in part verify/upload
  * configure: remove --enable-soname-bump and SONAME_BUMP
  * vtls: fix WolfSSL 3.12 build problems
  * http-proxy: when not doing CONNECT, that phase is done immediately
  * configure: fix curl_off_t check's include order
  * configure: use -Wno-varargs on clang 3.9[.X] debug builds
  * rtsp: do not call fwrite() with NULL pointer FILE *
  * mbedtls: enable CA path processing
  * checksrc: verify more code style rules
  * HTTP proxy: on connection re-use, still use the new remote port
  * tests: add initial gssapi test using stub implementation
  * rtsp: Segfault when using WRITEDATA
  * docs: clarify the CURLOPT_INTERLEAVE* options behavior
  * non-ascii: use iconv() with 'char **' argument
  * server/getpart: provide dummy function to build conversion enabled
  * conversions: fix several compiler warnings
  * openssl: add missing includes
  * schannel: Support partial send for when data is too large
  * socks: fix incorrect port number in SOCKS4 error message
  * curl: fix integer overflow in timeout options
  * cookies: reject oversized cookies instead of truncating
  * cookies: use lock when using CURLINFO_COOKIELIST
  * curl: check fseek() return code and bail on error
  * examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
  * openssl: only verify RSA private key if supported
  * tests: make the imap server not verify user+password
  * imap: quote atoms properly when escaping characters
  * tests: fix a compiler warning in test 643
  * file_range: avoid integer overflow when figuring out byte range
  * reuse_conn: don't copy flags that are known to be equal
  * http: fix adding custom empty headers to repeated requests
  * connect: fix race condition with happy eyeballs timeout
  * cookie: fix memory leak if path was set twice in header
  * vtls: compare and clone ssl configs properly
  * proxy: read the "/no_proxy"/ variable only if necessary
- Refreshed patches:
  * libcurl-ocloexec.patch
- Removed patches fixed upstream:
  * curl-man3.patch
  * ppc-build.patch
  * curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch
  * curl-disable-test1427-i586.patch
- Add curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch:
  Fix NetworkManagers connectivity test.
- ppc-build.patch: Fix build for powerpc
- Upstream fix to build libcurl man3 pages
  * Added patch curl-man3.patch
- Disabled test1425 that fails in i586 architecture
  * Added patch curl-disable-test1427-i586.patch
- Update to 7.55.0
  * curl: allow --header and --proxy-header read from file
  * getinfo: provide sizes as curl_off_t
  * curl: prevent binary output spewed to terminal
  * curl: added --request-target
  * curl: added --socks5-{basic,gssapi}: control socks5 auth
  * libcurl: added CURLOPT_REQUEST_TARGET
  * libcurl: added CURLOPT_SOCKS5_AUTH
  * Security Fixes:
  - glob: do not parse after a strtoul() overflow range
    (CVE-2017-1000101, bsc#1051643)
  - tftp: reject file name lengths that don't fit
    (CVE-2017-1000100, bsc#1051644)
  - file: output the correct buffer to the user
    (CVE-2017-1000099, bsc#1051645)
  * includes: remove curl/curlbuild.h and curl/curlrules.h
  * dist: make the hugehelp.c not get regenerated unnecessarily
  * timers: store internal time stamps as time_t instead of doubles
  * progress: let "/current speed"/ be UL + DL speeds combined
  * http-proxy: do the HTTP CONNECT process entirely non-blocking
  * lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
  * fuzz: bring oss-fuzz initial code converted to C89
  * configure: disable nghttp2 too if HTTP has been disabled
  * Check curl's exit code after certdata download
  * test1148: verify the -# progressbar
  * tests: stabilize test 2032 and 2033
  * HTTPS-Proxy: don't offer h2 for https proxy connections
  * http-proxy: only attempt FTP over HTTP proxy
  * curl-compilers.m4: enable vla warning for clang
  * curl-compilers.m4: enable double-promotion warning
  * curl-compilers.m4: enable missing-variable-declarations clang
  * curl-compilers.m4: enable comma clang warning
  * CURLOPT_PREQUOTE: not supported for SFTP
  * http2: fix OOM crash
  * PIPELINING_SERVER_BL: cleanup the internal list use
  * fix script name in usage text
  * lib1521: add curl_easy_getinfo calls to the test set
  * travis: do the distcheck test build out-of-tree as well
  * if2ip: fix compiler warning in ISO C90 mode
  * lib: fix the djgpp build
  * typecheck-gcc: add support for CURLINFO_OFF_T
  * travis: enable typecheck-gcc warnings
  * maketgz: switch to xz instead of lzma
  * curl/system.h: add check for XTENSA for 32bit gcc
  * test1537: fixed memory leak on OOM
  * test1521: fix compiler warnings
  * curl: fix memory leak on test 1147 OOM
  * libtest/make: generate lib1521.c dynamically at build-time
  * curl_strequal.3: fix typo in SYNOPSIS
  * progress: prevent resetting t_starttransfer
  * openssl: improve fallback seed of PRNG with a time based hash
  * http2: improved PING frame handling
  * test1450: add simple testing for DICT
  * make: build the docs subdir only from within src
  * gtls: fix build when sizeof(long) < sizeof(void *)
  * url: make the original string get used on subsequent transfers
  * timeval.c: Use long long constant type for timeval assignment
  * tool_sleep: typecast to avoid macos compiler warning
  * travis.yml: use --enable-werror on debug builds
  * test1451: add SMB support to the testbed
  * configure: remove checks for 5 functions never used
  * configure: try ldap/lber in reversed order first
  * smb: fix build for djgpp/MSDOS
  * travis: install nghttp2 on linux builds
  * smb: add support for CURLOPT_FILETIME
  * select.h: avoid macro redefinition harder
  * runtests: support "/threaded-resolver"/ as a feature
  * test506: skip if threaded-resolver
  * cmake: remove spurious "/-l"/ from linker flags
  * cmake: add CURL_WERROR for enabling "/warning as errors"/
  * memdebug: don't setbuf() if the file open failed
  * curl_easy_escape.3: mention the (lack of) encoding
  * test1452: add telnet negotiation
  * CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
  * cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
  * tests/valgrind.supp: supress OpenSSL false positive seen on
  * curl_setup_once: Remove ERRNO/SET_ERRNO macros
  * rtspd: fix MSVC level 4 warning
  * sockfilt: suppress conversion warning with explicit cast
  * libtest: fix MSVC warning C4706
  * tests/server/resolve.c: fix deprecation warning
  * nss: fix a possible use-after-free in SelectClientCert()
  * checksrc: escape open brace in regex
  * multi: mention integer overflow risk if using > 500 million
  * timeval: struct curltime is a struct timeval replacement
  * curl_rtmp: fix a compiler warning
  * include.d: clarify that it concerns the response headers
  * cmake: support make uninstall
  * include.d: clarify --include is only for response headers
  * libcurl: Stop using error codes defined under CURL_NO_OLDIES
  * http: fix response code parser to avoid integer overflow
  * configure: fix the check for IdnToUnicode
  * multi: fix request timer management
  * curl_threads: fix MSVC compiler warning
  * cmake: set MSVC warning level to 4
  * netrc: skip lines starting with '#'
  * FTP: skip unnecessary CWD when in nocwd mode
  * gssapi: fix memory leak of output token in multi round context
  * getparameter: avoid returning uninitialized 'usedarg'
  * curl (debug build) easy_events: make event data static
  * curl: detect and bail out early on parameter integer overflows
- Removed patch curl-invalid-free.patch
- Update License to 'curl' as per review on OBS sr#505976.
- Have the -mini packages conflict the real ones.
- Add curl-invalid-free.patch to fix an invalid free in
  curl_multi_setopt function.
- Update to 7.54.1
  * curl now shows release date in --version output
  * Fixes CVE-2017-9502: default protocol drive letter
    buffer overflow bsc#1044243
  * openssl: fix memory leak in servercert
  * curl: set a 100K buffer size by default
  * nss: do not leak PKCS #11 slot while loading a key
  * nss: load if no other trust is specified
  * curl: use utimes instead of obsolescent utime when available
  * url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
  * CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
  * curl: non-boolean command line args reject --no- prefixes
  * telnet: Write full buffer instead of byte-by-byte
  * curl: remove --environment and tool_writeenv.c
  * curl: generate the --help output
  * curl.1: clarify --config
  * curl.1: mention --oauth2-bearer's argument
  * ssh: fix memory leak in disconnect due to timeout
  * redirect: store the "/would redirect to"/ URL when max redirs is reached
  * file: make speedcheck use current time for checks
  * urlglob: fix division by zero
- Create curl-mini for bootstrapping (boo#1042919)
- Update to 7.54.0
  * Add --max-tls
  * Add --suppress-connect-headers
  * CVE-2017-7468: switch off SSL session id when client cert is used
  * bsc#1033413
  * tests: use consistent environment variables for setting charset
  * proxy: fixed a memory leak on OOM
  * ftp: removed an erroneous free in an OOM path
  * ftp: fixed a NULL pointer dereference on OOM
  * gopher: fixed detection of an error condition from Curl_urldecode
  * url: fix unix-socket support for proxy-disabled builds
  * fix potential use of uninitialized variables
  * ares: return error at once if timed out before name resolve starts
  * URL: return error on malformed URLs with junk after port number
  * http2: Fix assertion error on redirect with CL=0
  * --insecure: clarify that this option is for server connections
  * authneg: clear auth.multi flag at http_done
  * curl_easy_reset: Also reset the authentication state
  * proxy: skip SSL initialization for closed connections
  * http_proxy: ignore TE and CL in CONNECT 2xx responses
  * multi: fix streamclose() crash in debug mode
  * openssl: fall back on SSL_ERROR_* string when no error detail
  * asiohiper: make sure socket is open in event_cb
  * curl: check for end of input in writeout backslash handling
  * openssl: exclude DSA code when OPENSSL_NO_DSA is defined
  * http: Fix proxy connection reuse with basic-auth
  * pause: handle mixed types of data when paused
  * http: do not treat FTPS over CONNECT as HTTPS
  * conncache: make hashkey avoid malloc
  * multi: fix queueing of pending easy handles
  * low_speed_limit: improved function for longer time periods
  * nss: load CA certificates even with --insecure
  * Curl_expire_latest: ignore already expired timers
  * http2: fix handle leak in error path
  * openssl: make SSL_ERROR_to_str more future-proof
  * openssl: fix thread-safety bugs in error-handling
  * openssl: don't try to print nonexistant peer private keys
- Update to 7.53.1
  * url: Improve CURLOPT_PROXY_CAPATH error handling
  * urldata: include curl_sspi.h when Windows SSPI is enabled
  * formdata: check for EOF when reading from stdin
  * tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
  * url: Default the proxy CA bundle location to CURL_CA_BUNDLE
  * rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
- Update to 7.53.0
  * unix_socket: added --abstract-unix-socket and
  * CURLOPT_BUFFERSIZE: support enlarging receive buffer
  * CVE-2017-2629: make SSL_VERIFYSTATUS work again
  * gnutls-random: check return code for failed random
  * openssl-random: check return code when asking for random
  * http: remove "/Curl_http_done: called premature"/ message
  * cyassl: use time_t instead of long for timeout
  * build-wolfssl: Sync config with wolfSSL 3.10
  * ftp-gss: check for init before use
  * configure: accept --with-libidn2 instead
  * ftp: failure to resolve proxy should return that error code
  * curl.1: add three more exit codes
  * docs/ciphers: link to our own new page about ciphers
  * vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl
  * darwinssl: fix iOS build
  * darwinssl: fix CFArrayRef leak
  * cmake: use crypt32.lib when building with OpenSSL on windows
  * curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked
  * digest_sspi: copy terminating NUL as well
  * curl: fix --remote-time incorrect times on Windows
  * curl.1: several updates and corrections
  * content_encoding: change return code on a failure
  * curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
  * docs: TCP_KEEPALIVE start and interval default to 60
  * darwinssl: --insecure overrides --cacert if both settings are in use
  * TheArtOfHttpScripting: grammar
  * document GSKit ciphers
  * wolfssl: support setting cipher list
  * wolfssl: display negotiated SSL version and cipher
  * lib506: fix build for Open Watcom
  * asiohiper: improved socket handling
  * examples: make the C++ examples follow our code style too
  * tests/sws: retry send() on EWOULDBLOCK
  * cmake: Fix passing _WINSOCKAPI_ macro to compiler
  * smtp: Fix STARTTLS denied error message
  * imap/pop3: don't print response character in STARTTLS denied messages
  * rand: make it work without TLS backing
  * url: fix parsing for when 'file' is the default protocol
  * url: allow file://X:/path URLs on windows again
  * gnutls: check for alpn and ocsp in configure
  * IDN: Use TR46 'non-transitional' for toASCII translations
  * url: Fix NO_PROXY env var to work properly with --proxy option
  * CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*
  * docs: Add note about libcurl copying strings to CURLOPT_* manpages
  * curl: reset the easy handle at --next
  * --next docs: --trace and --trace-ascii are also global
  * --write-out docs: 'time_total' is not always shown with ms precision
  * http: print correct HTTP string in verbose output when using HTTP/2
  * docs: improved language in
  * http2: disable server push if not requested
  * nss: use the correct lock in nss_find_slot_by_name()
  * usercertinmem.c: improve the short description
  * CURLOPT_CONNECT_TO: Fix compile warnings
  * docs: non-blocking SSL handshake is now supported with NSS
  * *.rc: escape non-ASCII/non-UTF-8 character for clarity
  * mbedTLS: fix multi interface non-blocking handshake
  * PolarSSL: fix multi interface non-blocking handshake
  * VC: remove the makefile.vc6 build infra
  * telnet: fix windows compiler warnings
  * cookies: do not assume a valid domain has a dot
  * polarssl: fix hangs
  * gnutls: disable TLS session tickets
  * mbedtls: disable TLS session tickets
  * mbedtls: implement CTR-DRBG and HAVEGE random generators
  * openssl: Don't use certificate after transferring ownership
  * cmake: Support curl --xattr when built with cmake
  * OS400: Fix symbols
  * docs: Add more HTTPS proxy documentation
  * docs: use more HTTPS links
  * cmdline-opts: Fixed build and test in out of source tree builds
  * CHANGES.0: removed
  * schannel: Remove incorrect SNI disabled message
  * darwinssl: Avoid parsing certificates when not in verbose mode
  * test552: Fix typos
  * telnet: Fix typos
  * transfer: only retry nobody-requests for HTTP
  * http2: reset push header counter fixes crash
  * nss: make FTPS work with --proxytunnel
  * test1139: Added the --manual keyword since the manual is required
  * polarssl, mbedtls: Fix detection of pending data
  * http_proxy: Fix tiny memory leak upon edge case connecting to proxy
  * URL: only accept "/;options"/ in SMTP/POP3/IMAP URL schemes
  * curl.1: is no longer an FTP mirror
  * tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT
  * http2: fix memory-leak when denying push streams
  * configure: Allow disabling pthreads, fall back on Win32 threads
  * curl: fix typo in time condition warning message
  * axtls: adapt to API changes
  * tool_urlglob: Allow a glob range with the same start and stop
  * winbuild: add note on auto-detection of MACHINE in
  * http: fix missing 'Content-Length: 0' while negotiating auth
  * proxy: fix hostname resolution and IDN conversion
  * docs: fix timeout handling in multi-uv example
  * digest_sspi: Fix nonce-count generation in HTTP digest
  * sftp: improved checks for create dir failures
  * smb: use getpid replacement for windows UWP builds
  * digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
- Remove curl-7.52.1-idn-fixes.patch, fixed upstream.
- build with libidn2 for IDNA2008 support
  FATE#321897 CVE-2016-8625 bsc#1005649
  add curl-7.52.1-idn-fixes.patch to fix test, among other things
- re-enable tests that are no longer failing,
  remove curl-disable_failing_tests.patch
- Update to 7.52.1
  * CVE-2016-9594: unititialized random bsc#1016738
- Update to 7.52.0
  * nss: map CURL_SSLVERSION_DEFAULT to NSS default
  * vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
  * curl: introduce the --tlsv1.3 option to force TLS 1.3
  * curl: Add --retry-connrefused
  * proxy: Support HTTPS proxy and SOCKS+HTTP(s)
  * curl: add --fail-early
  * CVE-2016-9586: printf floating point buffer overflow
  * curl -w: added more decimal digits to timing counters
  * easy: Initialize info variables on easy init and duphandle
  * http2: Don't send header fields prohibited by HTTP/2 spec
  * ssh: check md5 fingerprints case insensitively (regression)
  * openssl: initial TLS 1.3 adaptions
  * SPNEGO: Fix memory leak when authentication fails
  * realloc: use Curl_saferealloc to avoid common mistakes
  * openssl: make sure to fail in the unlikely event that PRNG
    seeding fails
  * URL-parser: for file://[host]/ URLs, the [host] must be localhost
  * timeval: prefer time_t to hold seconds instead of long
  * glob: fix [a-c] globbing regression
  * curl.1: Clarify --dump-header only writes received headers
  * http2: Fix address sanitizer memcpy warning
  * http2: Use huge HTTP/2 windows
  * connects: Don't mix unix domain sockets with regular ones
  * url: Fix conn reuse for local ports and interfaces
  * x509: Limit ASN.1 structure sizes to 256K
  * http2: check nghttp2_session_set_local_window_size exists
  * http2: Fix crashes when parent stream gets aborted
  * CURLOPT_CONNECT_TO: Skip non-matching "/connect-to"/ entries
  * URL parser: reject non-numerical port numbers
  * CONNECT: reject TE or CL in 2xx responses
  * CONNECT: read responses one byte at a time
  * curl: support zero-length argument strings in config files
  * openssl: don't use OpenSSL's ERR_PACK
  * curl.1: generated with the new man page system
  * curl_easy_recv: Improve documentation and example program
  * Curl_getconnectinfo: avoid checking if the connection is closed
  * attempt to document TLS cipher names
- Update to 7.51.0
  * nss: additional cipher suites are now accepted by
  * CVE-2016-8615: cookie injection for other servers
  * CVE-2016-8616: case insensitive password comparison
  * CVE-2016-8617: OOB write via unchecked multiplication
  * CVE-2016-8618: double-free in curl_maprintf
  * CVE-2016-8619: double-free in krb5 code
  * CVE-2016-8620: glob parser write/read out of bounds
  * CVE-2016-8621: curl_getdate read out of bounds
  * CVE-2016-8622: URL unescape heap overflow via integer truncation
  * CVE-2016-8623: Use-after-free via shared cookies
  * CVE-2016-8624: invalid URL parsing with '#'
  * CVE-2016-8625: IDNA 2003 makes curl use wrong host
  * openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
  * http: accept "/Transfer-Encoding: chunked"/ for HTTP/2 as well
  * update with mbedTLS dual licensing
  * examples/imap-append: Set size of data to be uploaded
  * test2048: fix url
  * darwinssl: disable RC4 cipher-suite support
  * openssl: don’t call CRYTPO_cleanup_all_ex_data
  * libressl: fix version output
  * easy: Reset all statistical session info in curl_easy_reset
  * curl_global_cleanup.3: don't unload the lib with sub threads running
  * dist: add CurlSymbolHiding.cmake to the tarball
  * docs: Remove that --proto is just used for initial retrieval
  * configure: Fixed builds with libssh2 in a custom location
  * curl.1: --trace supports % for sending to stderr!
  * cookies: same domain handling changed to match browser behavior
  * formpost: trying to attach a directory no longer crashes
  * CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning
  * formpost: avoid silent snprintf() truncation
  * ftp: fix Curl_ftpsendf
  * mprintf: return error on too many arguments
  * smb: properly check incoming packet boundaries
  * GIT-INFO: remove the Mac 10.1-specific details
  * resolve: add error message when resolving using SIGALRM
  * cmake: add nghttp2 support
  * dist: remove PDF and HTML converted docs from the releases
  * configure: disable poll() in macOS builds
  * vtls: only re-use session-ids using the same scheme
  * pipelining: skip to-be-closed connections when pipelining
  * win: fix Universal Windows Platform build
  * curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically
  * maketgz: make it support "/only"/ generating version info
  * Curl_socket_check: add extra check to avoid integer overflow
  * gopher: properly return error for poll failures
  * curl: set INTERLEAVEDATA too
  * polarssl: clear thread array at init
  * polarssl: fix unaligned SSL session-id lock
  * polarssl: reduce #ifdef madness with a macro
  * curl_multi_add_handle: set timeouts in closure handles
  * configure: set min version flags for builds on mac
  * INSTALL: converted to markdown =>
  * curl_multi_remove_handle: fix a double-free
  * multi: fix inifinte loop in curl_multi_cleanup()
  * nss: fix tight loop in non-blocking TLS handhsake over proxy
  * mk-ca-bundle: Change URL retrieval to HTTPS-only by default
  * mbedtls: stop using deprecated include file
  * docs: fix req->data in multi-uv example
  * configure: Fix test syntax for monotonic clock_gettime
  * CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
- Refresh libcurl-ocloexec.patch
- update to 7.50.3
  * CVE-2016-7167: escape and unescape integer overflows
  * use SHA256 instead of SHA1
  * checksrc: detect strtok() use
  * errors: new alias CURLE_WEIRD_SERVER_REPLY
  * http2: support > 64bit sized uploads
  * openssl: fix bad memory free (regression)
  * CMake: hide private library symbols
  * http: refuse to pass on response body when NO_NODY is set
  * cmake: fix curl-config --static-libs
  * mbedtls: switch off NTLM in build if md4 isn't available
  * curl: --create-dirs on windows groks both forward and
    backward slashes
- update to 7.50.2
  * mbedtls: Added support for NTLM
  * SSH: fixed SFTP/SCP transfer problems
  * multi: make Curl_expire() work with 0 ms timeouts
  * -m keeps ca cert meta data in output
  * TFTP: Fix upload problem with piped input
  * CURLOPT_TCP_NODELAY: now enabled by default
  * mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
  * http2: always wait for readable socket
  * cmake: Enable win32 large file support by default
  * cmake: Enable win32 threaded resolver by default
  * winbuild: Avoid setting redundant CFLAGS to compile commands
  * curl.h: make CURL_NO_OLDIES define CURL_STRICTER
  * docs: make more markdown files use .md extension
  * docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
  * winbuild: Allow changing C compiler via environment variable CC
  * rtsp: accept any RTSP session id
  * HTTP: retry failed HEAD requests on reused connections too
  * configure: add zlib search with pkg-config
  * openssl: accept subjectAltName iPAddress if no dNSName match
  * MANUAL: Remove invalid link to LDAP documentation
  * socks: improved connection procedure
  * proxy: reject attempts to use unsupported proxy schemes
  * proxy: bring back use of "/Proxy-Connection:"/
  * curl: allow "/pkcs11:"/ prefix for client certificates
  * spnego_sspi: fix memory leak in case *outlen is zero
  * SOCKS: improve verbose output of SOCKS5 connection sequence
  * SOCKS: display the hostname returned by the SOCKS5 proxy server
  * http/sasl: Query authentication mechanism supported by SSPI before using
  * sasl: Don't use GSSAPI authentication when domain name not specified
  * win: Basic support for Universal Windows Platform apps
  * nss: fix incorrect use of a previously loaded certificate from file,
  * nss: work around race condition in PK11_FindSlotByName()
  * ftp: fix wrong poll on the secondary socket
  * openssl: build warning-free with 1.1.0 (again)
  * HTTP: stop parsing headers when switching to unknown protocols
  * test219: Add http as a required feature
  * TLS: random file/egd doesn't have to match for conn reuse
  * schannel: Disable ALPN for Wine since it is causing problems
  * http2: make sure stream errors don't needlessly close the connection
  * http2: return CURLE_HTTP2_STREAM for unexpected stream close
  * darwinssl: --cainfo is intended for backward compatibility only
  * speed caps: not based on average speeds anymore
  * configure: make the cpp -P detection not clobber CPPFLAGS
  * http2: use named define instead of magic constant in read callback
  * http2: skip the content-length parsing, detect unknown size
  * http2: return EOF when done uploading without known size
  * darwinssl: test for errSecSuccess in PKCS12 import rather than noErr
- update to 7.50.1
  * TLS: switch off SSL session id when client cert is used
  * TLS: only reuse connections with the same client cert
  * curl_multi_cleanup: clear connection pointer for easy handles
  * include the CURLINFO_HTTP_VERSION man page into the release tarball
  * include the script in the release tarball
  * test558: fix test by stripping file paths from FD lines
  * spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
  * tests: Fix for http/2 feature
  * cmake: Fix for schannel support
  * curl.h: make public types void * again
  * win32: fix a potential memory leak in Curl_load_library
  * travis: fix OSX build by re-installing libtool
  * mbedtls: Fix debug function name
- removed
- update to 7.50.0
  * http: add CURLINFO_HTTP_VERSION and %{http_version}
  * openssl: fix build with OPENSSL_NO_COMP
  * cmake: Added missing mbedTLS support
  * URL parser: allow URLs to use one, two or three slashes
  * curl: fix -q [regression]
  * openssl: Use correct buffer sizes for error messages
  * curl: fix SIGSEGV while parsing URL with too many globs
  * vtls: fix ssl session cache race condition
  * http: Fix HTTP/2 connection reuse [regression]
  * checksrc: Add LoadLibrary to the banned functions list
  * configure: occasional ignorance of --enable-symbol-hiding with GCC
  * http2: test17xx are the first real HTTP/2 tests
  * resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
  * curl_multi_socket_action.3: rewording
  * CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
  * cmake: Fix build with winldap
  * openssl: fix cert check with non-DNS name fields present
  * curl.1: mention the units for the progress meter
  * openssl: use more 'const' to fix build warnings with 1.1.0 branch
  * cmake: now using BUILD_TESTING=ON/OFF
  * vtls: Only call add/getsession if session id is enabled
  * headers: forward declare CURL, CURLM and CURLSH as structs
  * configure: improve detection of CA bundle path on FreeBSD
  * SFTP: set a generic error when no SFTP one exists
  * curl_global_init.3: expand on the SSL and WIN32 bits purpose
  * conn: don't free easy handle data in handler->disconnect
  * cookie.c: Fix misleading indentation
  * library: Fix memory leaks found during static analysis
  * curl_global_init: moved the "/IPv6 works"/ check here
  * connect: disable TFO on Linux when using SSL
  * vauth: Fixed memory leak due to function returning without free
- refresh libcurl-ocloexec.patch
- disable tests 1139 and 1140 which fail due to missing manpage
  * add curl-disable_failing_tests.patch
- ship for testing
  * add
- curl 7.49.1:
  * http2: use HTTP/2 in the HTTP/1.1-alike response
  * ssh: fix build for libssh2 before 1.2.6
  * a number of bug and build fixes
- curl 7.49.0:
  * schannel: Add ALPN support
  * SSH: new CURLOPT_QUOTE command "/statvfs"/
  * wolfssl: Add ALPN support
  * http2: added --http2-prior-knowledge
  * libcurl: added CURLOPT_CONNECT_TO
  * curl: added --connect-to
  * libcurl: added CURLOPT_TCP_FASTOPEN
  * curl: added --tcp-fastopen
  * curl: remove support for --ftpport, -http-request and --socks
  * a number of bug and build fixes
- update upstream signing key and download URLs
- 0001-Fix-invalid-Network-is-unreachable-errors.patch is upstream
- Depend on libssh2 >= 1.6.0 since curl depends on the
  libssh2_scp_recv2 symbol now. Fixes boo#983170
- Add 0001-Fix-invalid-Network-is-unreachable-errors.patch.
  Fixes "/Network is unreachable"/ errors in valid situations when ipv6
  is not available but ipv4 is working fine. This also fixes the same
  error from happening in applications using libcurl4 (like zypper).
- Update to 7.48.0
  * configure: --with-ca-fallback: use built-in TLS CA fallback
  * TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS
  * Lots of bugfixes, see
- Drop curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff,
  superseded by --with-ca-fallback configure option.
- curl 7.47.1:
  * getredirect.c: fix variable name
  * tool_doswin: silence unused function warning
  * curl.1: Explain remote-name behavior if file already exists
  * sasl_sspi: Fix memory leak in domain populate
  * openssl: Fix signed/unsigned mismatch warning in X509V3_ext
- Enable PSL (Publix Suffix List)
- Make building more verbose
- update to 7.47.0
  * fixes CVE-2016-0755 (bsc#962983)
    (NTLM credentials not-checked for proxy connection re-use)
  * drop curl-fix-zsh-completion.patch (upstream)
  * version: Add flag CURL_VERSION_PSL for libpsl
  * http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only
  * curl: use 2TLS by default
  * curl --expect100-timeout: added
  * Add .dir-locals and set c-basic-offset to 2 (for emacs)
- Fix path to curl in to unbreak _curl completion
  * curl-fix-zsh-completion.patch
- Update to 7.46.0
  * oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP,
    POP3 and SNMP
  * Many bugfixes, see for the
  complete list.
- revert the curl-config change for bsc#900419 until we have a better
  fix, because it was breaking builds of other packages
- Enable HTTP/2 support, buildrequires pkgconfig(libnghttp2)
- Update to 7.45.0
  * added new tool option --proto-default
  * getinfo: added CURLINFO_ACTIVESOCKET
  * turned CURLINFO_* option docs as stand-alone man pages
  * curl: point out unnecessary uses of -X in verbose mode
- Drop curl-disable_failing_tests.patch as it is now part of
- drop a hack that made curl-config print only -lcurl (bsc#900419)
  * --as-needed is used by default now
- update to 7.44.0
    examples: added http2-serverpush.c
    http2: added curl_pushheader_byname() and curl_pushheader_bynum()
    docs: added
    curl: Add --ssl-no-revoke to disable certificate revocation checks
    makefile: Added support for VC14
- dropped unexpire-test46.patch (upstream)
- unexpire-test46.patch: Unexpire test 46
- do not run flaky tests for any architecture (bnc#940009)
  at least test 1510 do fail for i586 and ppc64le
- fix a typo in curl-secure-getenv.patch (bsc#936676)
- Update to 7.43.0
  * New curl option: --proxy-service-name
  * Mew curl option: --service-name
  * New curl option: --data-raw
  * Added support for multiplexing transfers using HTTP/2, enable
    this with the new CURLPIPE_MULTIPLEX bit for
  * HTTP/2: requires nghttp2 1.0.0 or later
  * scripts: add for generating zsh completion
  * curl.h: add CURL_HTTP_VERSION_2
  * CVE-2015-3236: lingering HTTP credentials in connection re-use
  * CVE-2015-3237: SMB send off unrelated memory contents
- Disable HTTP/2 as it would create build cycle
- enable HTTP/2 support
- make the testsuite failure fatal
  * added curl-disable_failing_tests.patch
  * added groff to BuildRequires to enable builtin manual (test 1026)
- update to 7.42.1
  * fixes CVE-2015-3153 (bnc#928533)
  - sensitive HTTP server headers also sent to proxies
- rename curl-devel to libcurl-devel in baselibs.conf
- update to 7.42.0
  * refresh libcurl-ocloexec.patch
- fixes security vulnerabilities:
  * CVE-2015-3143 (bnc#927556)
  - Re-using authenticated connection when unauthenticated
  * CVE-2015-3144 (bnc#927608)
  - host name out of boundary memory access
  * CVE-2015-3145 (bnc#927607)
  - cookie parser out of boundary memory access
  * CVE-2015-3148 (bnc#927746)
  - Negotiate not treated as connection-oriented
- don't hardcode /etc/ssl/certs. Use openssl's default instead
- update to 7.41.0:
  * Changes:
    NetWare build: added TLS-SRP enabled build
    winbuild: Added option to build with c-ares
    Added --cert-status
    sasl: implement EXTERNAL authentication mechanism
- Re-enable metalink supoort
- Use pkgconfig() style dependencies
- update to 7.40.0:
  * fixes CVE-2014-8150 (bnc#911363)
  * Changes:
    http_digest: Added support for Windows SSPI based authentication
    version info: Added Kerberos V5 to the supported features
    Makefile: Added VC targets for WinIDN
    config-win32: Introduce build targets for VS2012+
    SSL: Add PEM format support for public key pinning
    smtp: Added support for the conversion of Unix newlines during mail send
    smb: Added initial support for the SMB/CIFS protocol
    Added support for HTTP over unix domain sockets,
    via CURLOPT_UNIX_SOCKET_PATH and --unix-socket
    sasl: Added support for GSS-API based Kerberos V5 authentication
- build with PIE
- update to 7.39.0:
- changes:
    SSLv3 is disabled by default
    CURLOPT_COOKIELIST: Added "/RELOAD"/ command
    build: Added WinIDN build configuration options to Visual Studio projects
    ssh: improve key file search
    SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
    vtls: remove QsoSSL support, use gskit!
    mk-ca-bundle: added SHA-384 signature algorithm
    docs: added many examples for libcurl opts and other doc improvements
    build: Added VC ssh2 target to main Makefile
    MinGW: Added support to build with nghttp2
    NetWare: Added support to build with nghttp2
    build: added Watcom support to build with WinSSL
    build: Added optional specific version generation of VC project files
    ... and a bunch of bugfixes
- refreshed libcurl-ocloexec.patch
- removed gpg-offline verification
- spec-cleaned curl.spec
- Ensure the curl command line tool always require
  the same libcurl it was used for build, even expert users
  got confused.
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
  due to insecure tmp file usage. (bsc#1180669)
  Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
- Remove Berkeley DB dependency (JIRA#SLE-12190)
  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
  without Berkely DB support. gdbm will be used instead of BDB.
  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
  with Berkely DB support.
- Update to 2.1.27
  * Added support for OpenSSL 1.1
  * Added support for lmdb
  * Lots of build fixes
  * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
  * DIGEST-MD5 plugin:
    Fixed memory leaks
    Fixed a segfault when looking for non-existent reauth cache
    Prevent client from going from step 3 back to step 2
    Allow cmusaslsecretDIGEST-MD5 property to be disabled
  * GSSAPI plugin:
    Added support for retrieving negotiated SSF
    Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
    Properly compute maxbufsize AFTER security layers have been set
  * SCRAM plugin:
    Added support for SCRAM-SHA-256
  * LOGIN plugin:
    Don’t prompt client for password until requested by server
  * NTLM plugin:
    Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- bsc#983938 `` left-overs in several unit files
- added patches:
  fix_libpq-fe_include.diff  for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
  * shared_link_on_ppc.patch
  * cyrus-sasl-2.1.27-openssl-1.1.0.patch
  * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * 0004-Add-support-for-retrieving-the-mech_ssf.patch
  * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
  * cyrus-sasl-fix-logging-in-gssapi.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
  * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
  * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- added backport-patch cyrus-sasl-bug587.patch which fixes
  off-by-one error in _sasl_add_string function
  (see CVE-2019-19906 bsc#1159635)
- bnc#1044840 syslog is polluted with messages "/GSSAPI client step 1"/
  By server context the connection will be sent to the log function.
  Client content does not have log level information. I.e. there is no
  way to stop DEBUG level logs nece I've removed it.
  * add cyrus-sasl-fix-logging-in-gssapi.patch
- OpenSSL 1.1 support (bsc#1055463)
  * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
- added cyrus-sasl-issue-402.patch to fix
  SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
- really use SASLAUTHD_PARAMS variable (bnc#938657)
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
- Make sure /usr/sbin/rcsaslauthd exists
- Remove Berkeley DB dependency (JIRA#SLE-12190)
  The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build
  without Berkely DB support. gdbm will be used instead of BDB.
  The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build
  with Berkely DB support.
- Update to 2.1.27
  * Added support for OpenSSL 1.1
  * Added support for lmdb
  * Lots of build fixes
  * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
  * DIGEST-MD5 plugin:
    Fixed memory leaks
    Fixed a segfault when looking for non-existent reauth cache
    Prevent client from going from step 3 back to step 2
    Allow cmusaslsecretDIGEST-MD5 property to be disabled
  * GSSAPI plugin:
    Added support for retrieving negotiated SSF
    Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
    Properly compute maxbufsize AFTER security layers have been set
  * SCRAM plugin:
    Added support for SCRAM-SHA-256
  * LOGIN plugin:
    Don’t prompt client for password until requested by server
  * NTLM plugin:
    Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- bsc#983938 `` left-overs in several unit files
- added patches:
  fix_libpq-fe_include.diff  for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
  * shared_link_on_ppc.patch
  * cyrus-sasl-2.1.27-openssl-1.1.0.patch
  * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * 0004-Add-support-for-retrieving-the-mech_ssf.patch
  * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
  * cyrus-sasl-fix-logging-in-gssapi.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
  * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
  * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- added backport-patch cyrus-sasl-bug587.patch which fixes
  off-by-one error in _sasl_add_string function
  (see CVE-2019-19906 bsc#1159635)
- bnc#1044840 syslog is polluted with messages "/GSSAPI client step 1"/
  By server context the connection will be sent to the log function.
  Client content does not have log level information. I.e. there is no
  way to stop DEBUG level logs nece I've removed it.
  * add cyrus-sasl-fix-logging-in-gssapi.patch
- OpenSSL 1.1 support (bsc#1055463)
  * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
- added cyrus-sasl-issue-402.patch to fix
  SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
- really use SASLAUTHD_PARAMS variable (bnc#938657)
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
- Make sure /usr/sbin/rcsaslauthd exists
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
  * fix-upstream-userdb-constpointer.patch
  * fix-upstream-CVE-2020-35512.patch
- Fix CVE-2019-12749 Authentication bypass (CVE-2019-12749 bsc#1137832)
  * added fix-CVE-2019-12749.patch
- Make libdbus-1-3 own the %{_datadir}/dbus-1/system.d directory
- Use %license instead of %doc [bsc#1082318]
- Avoid bashisms in scriptlets.
- Avoid ugly error message from %pre(install) script when installing
  for the first time.
- Don't spit out a warning if /usr/bin/dbus-daemon does not exist
  when we run the pre-script.
- Swap a missed libdir to libexecdir
- Do not hide errors during useradd.
- Fix dbus-daemon-launch-helper to use proper ref to libexecdir
- use %{_libexecdir}/dbus-1 as libexecdir
- Update to 1.12.2
  • Eavesdropping is officially deprecated in favour of BecomeMonitor.
  See the release notes for spec version 0.31 (in dbus 1.11.14).
  • [Unix] Flag files in /var/run/console/${username} are deprecated.
  See the release notes for 1.11.18.
  New APIs:
  • <allow> and <deny> rules in dbus-daemon configuration can now
  include send_broadcast="/true"/, send_broadcast="/false"/,
  max_unix_fds="/N"/, min_unix_fds="/N"/ (for some integer N).
  See the release notes for 1.11.18.
  • dbus_try_get_local_machine_id() is like
  dbus_get_local_machine_id(), but returns a DBusError.
  • New APIs around DBusMessageIter to simplify cleanup.
  See the release notes for 1.11.16.
  • The message bus daemon now implements the standard Introspectable,
  Peer and Properties interfaces. See the release notes for
  dbus 1.11.14 and spec version 0.31.
  • DTDs for introspection XML and bus configuration are installed.
  • [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but
  never uses Linux abstract sockets, which is advantageous for
  containers. On non-Linux it is equivalent to unix:tmpdir=….
  See the release notes for dbus 1.11.14 and spec version 0.31.
  • [Unix] New option "/dbus-launch --exit-with-x11"/.
  • [Unix] Session managers can create transient .service files in
  $XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12.
  • [Unix] A sysusers.d snippet can create the messagebus user on-demand.
  Miscellaneous behaviour changes:
  • [Unix] The session bus now logs to syslog if it was started by
  • [Unix] Internal warnings are logged to syslog if configured.
  • [Unix] Exceeding an anti-DoS limit is logged to syslog if configured,
  or to stderr.
- Enabled "/make check test suite"/
- Patches removed, fixed upstream
  * fix-upstream-drop-install-sections-from-user-services.patch
  * fix-upstream-increase-backlog.patch
  * fix-upstream-timeout-reset-1.patch
  * fix-upstream-timeout-reset-2.patch
- boo#1027201 dbus-daemon not found
- boo#978477 systemd reseting under heavy load
  * fix-upstream-timeout-reset-1.patch
  * fix-upstream-timeout-reset-2.patch
- boo#1027200 don't generate machine-id in %post systemd will do it
  on first boot.
- swap usage of /bin/false to /usr/bin/false
- Use libexecdir=%{_libdir}/dbus-1 rather then /lib/dbus-1
- No need to set --libdir anymore now that prefix is /usr/bin,
  * fixes boo#1047532
- No need to set --bindir, bindir in dbus-1-x11 was incorrect
- Other fixes required to properly change prefix
- Don't pass --with-initscripts we don't use them anymore.
- Update to 1.10.20
  * Fixes:
    + Fix a reference leak when blocking on a pending call on a
    connection that has been disconnected (fdo#101481, Shin-ichi
    + Don't put timestamps in the Doxygen-generated documentation,
    for closer-to-reproducible builds (fdo#100692, Simon
    + Avoid an assertion failure when connecting to a
    semicolon-separated series of addresses, one of which fails
    (fdo#101257, Simon McVittie)
  * Documentation:
    + Update git URIs in HACKING document to sync up with (fdo#100715, Simon McVittie)
- swap to /usr/bin bsc#1029968
- Add the following fixes from SLE12
  * bsc#980928 increase listen() backlog of AF_UNIX sockets to
    SOMAXCONN fix-upstream-increase-backlog.patch
- The following bugs were already fixed but are missing changelog
  * bsc#867256 (No longer applicable)
  * bsc#916785 (No longer applicable)
  * bsc#1012564 (Not applicable)
  * fdo#90004 (Fixed Upstream)
- Rename the following patches as a tidy up
  * dbus-log-deny.patch to feature-suse-log-deny.patch
  * dbus-do-autolaunch.patch feature-suse-do-autolaunch.patch
  * 0001-Add-RefuseManualStartStop.patch to
  * 0001-Drop-Install-sections-from-user-services.patch to
- Update to 1.10.18
  * Fixes
    + Re-order dbus-daemon startup so that on SELinux systems, the
    thread that reads AVC notifications retains the ability to
    write to the audit log (fdo#92832, Debian #857660; Laurent
    + Fix a harmless read overflow and some memory leaks in a unit
    test (fdo#100568, Philip Withnall)
- Update to 1.10.16
  * Prevent symlink attacks in the nonce-tcp transport on Unix that could
  allow an attacker to overwrite a file named "/nonce"/, in a directory
  that the user running dbus-daemon can write, with a random value
  known only to the user running dbus-daemon. This is unlikely to be
  exploitable in practice, particularly since the nonce-tcp transport
  is really only useful on Windows.
  (fd.o #99828, Simon McVittie) (bsc#1025950)
  * Avoid symlink attacks in the "/embedded tests"/, which are not enabled
  by default and should never be enabled in production builds of dbus.
  (fd.o #99828, Simon McVittie) (bsc#1025951)
  * Work around an undesired effect of the fix for CVE-2014-3637
  (fd.o #80559), in which processes that frequently send fds, such as
  logind during a flood of new PAM sessions, can get disconnected for
  continuously having at least one fd "/in flight"/ for too long;
  dbus-daemon interprets that as a potential denial of service attack.
  The workaround is to disable that check for uid 0 process such as
  logind, with a message in the system log. The bug remains open while
  we look for a more general solution.
  (fd.o #95263, LP#1591411; Simon McVittie)
  * Don't run the test if X11 autolaunching
  was disabled at compile time. That test is not expected to work
  in that configuration. (fd.o #98665, Simon McVittie)
  * Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
  stable and Debian testing in addition to the older Ubuntu that is
  the default (fd.o #98889, Simon McVittie)
- A note for scripts bsc#974092 (remove sysvinit script) is already
  fixed here.
- Don't restart dbus on upgrade - Includes temporary work around
  for last version boo#1020301
- Add 0001-Add-RefuseManualStartStop.patch don't allow users to Manually
  start or stop dbus.
- Add systemd unit files to start session bus via systemd
- Added patch:
  * 0001-Drop-Install-sections-from-user-services.patch
    + remove install section from socket unit because it does not
    need to be enabled explicitly (see fdo#92402)
- Requires systemd >= 209 and drop the compatibility pkg-config
  names that don't exist in newer systemd
- Drop useless --with-pic which is only for static libs
- Abort installation when user/group creation fails
- Avoid calling %service_* more than once
- Build the dbus-1 package without X in the dbus-1.spec
- Move the dbus-launch.nox11 to the dbus-1 package and install
  it by default
- Build devel-doc package in dbus-1.spec and don't build any
  documentation in dbus-1-x11
- Make dbus-1-x11 package contains only the X11-enabled dbus-launch
- Fix some rpmlint warnings
- Delete the file, since maintaining it is
  more complicated then keeping in sync a dbus-1-x11.spec file of
  less then 120 lines
- Create new subpackage: dbus-1-nox11
  - contains dbus-launch without x11 support
- Rename dbus-launch to dbus-launch.x11
- use update-alternatives to switch between dbus-launch with and
  without X11
- Solves [bnc#934214]
- Update to 1.10.12
  * Security fixes:
    + Do not treat ActivationFailure message received from
    root-owned systemd name as a format string. In principle this
    is a security vulnerability, but we do not believe it is
    exploitable in practice, because only privileged processes can
    own the org.freedesktop.systemd1 bus name, and systemd does
    not appear to send activation failures that contain "/%"/.
    Please note that this probably *was* exploitable in dbus
    versions older than 1.6.30, 1.8.16 and 1.9.10 due to a missing
    check which at the time was only thought to be a denial of
    service vulnerability (CVE-2015-0245). If you are still
    running one of those versions, patch or upgrade immediately.
    (fdo#98157, bsc#1003898, Simon McVittie)
  * Other fixes:
    + Harden dbus-daemon against malicious or incorrect
    ActivationFailure messages by rejecting them if they do not
    come from a privileged process, or if systemd activation is
    not enabled (fdo#98157, Simon McVittie)
    + Avoid undefined behaviour when setting reply serial number
    without going via union DBusBasicValue (fdo#98035, Marc Mutz)
    + fail cleanly if autoconf fails (Simon McVittie)
- Moved dbus-run-session from dbus-1-x11 to dbus-1 (bdo#836296)
- Update to 1.10.10
  * Fixes:
    + On Linux, when dbus-daemon is run with reduced susceptibility
    to the OOM killer (typically via systemd), do not let child
    processes inherit that setting (fdo#32851;
    Kimmo Hämäläinen, WaLyong Cho)
    + Output valid shell syntax in ~/.dbus/session-bus/ if the bus
    address contains a semicolon (fdo#94746, Thiago Macieira)
    + Fix memory leaks and thread safety in subprocess starting on
    Windows (fdo#95191, Ralf Habacker)
    + Do not require systemd to have a service file if using it for
    activation (fdo#93194; Simon McVittie; backport from 1.11.0)
    + Stop test-dbus-daemon incorrectly failing on platforms that
    cannot discover the process ID of clients (fdo#96653,
    Руслан Ижбулатов)
    + In tests that exercise correct handling of crashing D-Bus
    services, suppress Windows crash handler (fdo#95155;
    Yiyang Fei, Ralf Habacker)
    + Explicitly check for stdint.h (Ioan-Adrian Ratiu)
    + update-activation-environment: produce better diagnostics on
    error (fdo#96653, Simon McVittie)
    + Don't fail the build with an unused const variable warning
    under gcc 6 (fdo#97282; Thomas Zimmermann, Simon McVittie)
    + Merge dbus-1.10-ci branch, containing backports from 1.11.0
    in build/test code to support continuous integration
    (fdo#93194, Simon McVittie)
  - Avoid -Wunused-label when compiling with libselinux but no
  - In development builds, allow OOM tests to be disabled as
  - Accept and ignore the --tap argument in all "/embedded
    tests"/, and run all automated tests with that argument for
    better diagnostics
  - Fix the systemd activation test under CMake by installing
    the required files
  - In Automake, fix shell syntax for installcheck-local with
    no DESTDIR
  - In Automake, don't try to run manual tests in installcheck
  - In CMake, don't run manual-tcp test as an automated test
  - Add build machinery
- Update to 1.10.8
  * Fixes:
    + Enable "/large file support"/ on systems where it exists:
    dbus-daemon is not expected to open large files, but it might
    need to stat files that happen to have large inode numbers
    (fdo#93545, Hongxu Jia)
    + Eliminate padding inside DBusMessageIter on 64-bit platforms,
    which might result in a pedantic C compiler not copying the
    entire contents of a DBusMessageIter; statically assert that
    this is not an ABI change in practice (fdo#94136, Simon
    + Document dbus-test-tool echo --sleep-ms=N instead of
    incorrect --sleep=N (fdo#94244, Dmitri Iouchtchenko)
    + Correctly report test failures in C tests from
    (fdo#93379; amit tewari, Simon McVittie)
    + When tests are enabled, run all the marshal-validate tests,
    not just the even-numbered ones (fdo#93908, Nick Lewycky)
    + Correct the expected error from one marshal-validate test,
    which was previously not run due to the above bug(fdo#93908,
    Simon McVittie)
- Update to 1.10.6
  * Fixes:
  - On Unix when running tests as root, don't assert that root
    and the dbus-daemon user can still call
    UpdateActivationEnvironment; assert that those privileged
    users can call BecomeMonitor instead (fdo#93036, Simon
  - On Windows, fix a memory leak in the autolaunch transport
    (fdo#92899, Simon McVittie)
  - On Windows Autotools builds, don't run tests that rely on
    dbus-run-session and other Unix-specifics (fdo#92899, Simon
- Update to 1.10.4
  * Changes between 1.10.2 and 1.10.4
  - Enhancements:
    + GetConnectionCredentials, GetConnectionUnixUser and
    GetConnectionUnixProcessID with argument
    "/org.freedesktop.DBus"/ will now return details of the
    dbus-daemon itself. This is required to be able to call
    SetEnvironment on systemd. (fdo#92857, Jan Alexander
  - Fixes:
    + Make UpdateActivationEnvironment always fail with
    AccessDenied  on the system bus. Previously, it was
    possible to configure it so root could call it, but the
    environment variables were not actually used, because the
    launch helper would discard them. (fdo#92857, Jan Alexander
    + On Unix with --systemd-activation on a user bus, make
    UpdateActivationEnvironment pass on its arguments to
    systemd's SetEnvironment method, solving inconsistency
    between the environments used for traditional activation
    and systemd user-service activation. (fdo#92857, Jan
    Alexander Steffens)
    + On Windows, don't crash if <syslog/> or --syslog is used
    (fdo#92538, Ralf Habacker)
    + On Windows, fix a memory leak when setting a DBusError from
    a Windows error (fdo#92721, Ralf Habacker)
    + On Windows, don't go into infinite recursion if we abort the
    process with backtraces enabled (fdo#92721, Ralf Habacker)
    + Fix various failing tests, variously on Windows and
    . don't test system.conf features (users, groups) that only
    make sense on the system bus, which is not supported on
    . don't call _dbus_warn() when we skip a test, since it is
    . fix computation of expected <standard_session_servicedirs/>
    . when running TAP tests, translate newlines to Unix format,
    fixing cross-compiled tests under Wine on Linux
    . don't stress-test refcounting under Wine, where it's
    really slow
    . stop assuming that a message looped-back to the test will
    be received immediately
    . skip some system bus tests on Windows since they make no
    sense there (fdo#92538, fdo#92721; Ralf Habacker, Simon
  * Changes between 1.10.0 and 1.10.2
  - Fixes:
    + Correct error handling for activation: if there are multiple
    attempts to activate the same service and it fails
    immediately, the first attempt would get the correct reply,
    but the rest would time out. We now send the same error
    reply to each attempt. (fdo#92200, Simon McVittie)
    + If BecomeMonitor is called with a syntactically invalid
    match rule, don't crash with an assertion failure, fixing a
    regression in 1.9.10. This was not exploitable as a denial
    of service, because the check for a privileged user is done
    first. (fdo#92298, Simon McVittie)
    + On Linux with --enable-user-session, add the bus address to
    the environment of systemd services for better backwards
    compatibility (fdo#92612, Jan Alexander Steffens)
    + On Windows, fix the logic for replacing the installation
    prefix in service files' Exec lines (fdo#83539; Milan Crha,
    Simon McVittie)
    + On Windows, if installed in the conventional layout with
    ${prefix}/etc and ${prefix}/share, use relative paths
    between bus configuration files to allow the tree to be
    relocated (fdo#92028, Simon McVittie)
    + Make more of the regression tests pass in Windows builds
    (fdo#92538, Simon McVittie)
  * Summary of major changes since 1.8.0:
  - The basic setup for the well-known system and session buses is
    now done in read-only files in ${datadir} (normally /usr/share).
  - AppArmor integration has been merged, with features similar to
    the pre-existing SELinux integration. It is mostly compatible
    with the patches previously shipped by Ubuntu, with one
    significant change: Ubuntu's GetConnectionAppArmorSecurityContext
    method has been superseded by GetConnectionCredentials and was
    not included.
  - The --enable-user-session configure option can be enabled
    by OS integrators intending to use systemd to provide a
    session bus per user (in effect, treating all concurrent
    graphical and non-graphical login sessions as one large session).
  - The new listenable address mode "/unix:runtime=yes"/ listens on
    $XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the
    systemd user session. libdbus and "/dbus-launch --autolaunch"/
    will connect to this address by default. GLib >= 2.45.3 and
    sd-bus >= 209 have a matching default.
  - All executables are now dynamically linked to libdbus-1.
    Previously, some executables, most notably dbus-daemon, were
    statically linked to a specially-compiled variant of libdbus.
    This results in various private functions in the _dbus
    namespace being exposed by the shared library. These are not
    API, and must not be used outside the dbus source tree.
  - On platforms with ELF symbol versioning, all public symbols
    are versioned LIBDBUS_1_3.
  * New bus APIs:
  - org.freedesktop.DBus.GetConnectionCredentials returns
    LinuxSecurityLabel where supported
  - org.freedesktop.DBus.Monitoring interface (privileged)
    . BecomeMonitor method supersedes match rules with eavesdrop=true,
    which are now deprecated
  - org.freedesktop.DBus.Stats interface (semi-privileged)
    . now enabled by default
    . new GetAllMatchRules method
  - org.freedesktop.DBus.Verbose interface (not normally compiled)
    . toggles the effect of DBUS_VERBOSE
  * New executables:
  - dbus-test-tool
  - dbus-update-activation-environment
  * New optional dependencies:
  - The systemd: pseudo-transport requires libsystemd or libsd-daemon
  - Complete documentation requires Ducktype and yelp-tools
  - Full test coverage requires GLib 2.36 and PyGI
  - AppArmor integration requires libapparmor and optionally libaudit
  * Dependencies removed:
  - dbus-glib
- Update to 1.8.20:
  * Fixes:
  - Fix a memory leak when GetConnectionCredentials() succeeds
    (fdo#91008, Jacek Bukarewicz)
  - Ensure that dbus-monitor does not reply to messages intended
    for others (fdo#90952, Simon McVittie)
- Account for openSUSE:Leap in the conditional for chosing right
  local state directories (boo#941352)
- Move common-begin sections around to make pre_checkin work again
- Unconditionally build with systemd features, there are no cycles
  now, systemd no longer buildrequires dbus-1-devel
- Update to 1.8.18:
  * Security hardening:
  - On Unix platforms, change the default configuration for the
    session bus to only allow EXTERNAL authentication (secure
    kernel-mediated credentials-passing), as was already done for
    the system bus.
    This avoids falling back to DBUS_COOKIE_SHA1, which relies on
    strongly unpredictable pseudo-random numbers; under certain
    circumstances (/dev/urandom unreadable or malloc() returns
    NULL), dbus could fall back to using rand(), which does not
    have the desired unpredictability. The fallback to rand() has
    not been changed in this stable-branch since the necessary
    code changes for correct error-handling are rather intrusive.
    If you are using D-Bus over the (unencrypted!) tcp: or
    nonce-tcp: transport, in conjunction with DBUS_COOKIE_SHA1
    and a shared home directory using NFS or similar, you will
    need to reconfigure the session bus to accept DBUS_COOKIE_SHA1
    by commenting out the <auth> element. This configuration is
    not recommended. (bsc#931066, fdo#90414, Simon McVittie)
  * Other fixes:
  - Add locking to DBusCounter's reference count and notify
    function (fdo#89297, Adrian Szyndela)
  - Ensure that DBusTransport's reference count is protected by
    the corresponding DBusConnection's lock (fdo#90312,
    Adrian Szyndela)
  - On Windows, listen on the same port for IPv4 and IPv6
    (previously broken by an endianness mistake), and fix a
    failure to bind TCP sockets on approximately 1 attempt in 256
    (fdo#87999, Ralf Habacker)
  - Correctly release DBusServer mutex before early-return if we
    run out of memory while copying authentication mechanisms
    (fdo#90021, Ralf Habacker)
  - Correctly initialize all fields of DBusTypeReader (fdo#90021,
    Ralf Habacker, Simon McVittie)
  - Fix some missing n in verbose (debug log) messages
    (fdo#90021, Ralf Habacker)
  - Clean up some memory leaks in test code (fdo#90021,
    Ralf Habacker)
- Sync changes from SLE12 conditionalized for suse_version <= 1315
- Update to 1.8.16:
  * Security fixes:
  - Do not allow non-uid-0 processes to send forged
    ActivationFailure messages. On Linux systems with systemd
    activation, this would allow a local denial of service:
    unprivileged processes could flood the bus with these forged
    messages, winning the race with the actual service activation
    and causing an error reply to be sent back when service
    auto-activation was requested. This does not prevent the real
    service from being started, so it only works while the real
    service is not running. (CVE-2015-0245, fdo#88811, bnc#916343;
    Simon McVittie)
  * Other fixes:
  - fix a Windows build failure (fdo#88009, Ralf Habacker)
  - on Windows, allow up to 8K connections to the dbus-daemon
    instead of the previous 64, completing a previous fix which
    only worked under Autotools (fdo#71297, Ralf Habacker)
- Update to 1.8.14
  * Security hardening:
  - Do not allow calls to UpdateActivationEnvironment from uids
    other than the uid of the dbus-daemon. If a system service
    installs unsafe security policy rules that allow arbitrary
    method calls (such as CVE-2014-8148) then this prevents
    memory consumption and possible privilege escalation via
    We believe that in practice, privilege escalation here is
    avoided by dbus-daemon-launch-helper sanitizing its
    environment; but it seems better to be safe.
  - Do not allow calls to UpdateActivationEnvironment or the
    Stats interface on object paths other than
    /org/freedesktop/DBus. Some system services install unsafe
    security policy rules that allow arbitrary method calls to
    any destination, method and interface with a specified object
    path; while less bad than allowing arbitrary method calls,
    these security policies are still harmful, since dbus-daemon
    normally offers the same API on all object paths and other
    system services might behave similarly.
  * Other fixes:
  - Add missing initialization so GetExtendedTcpTable doesn't
    crash on Windows Vista SP0 (fdo#77008, Ilya A. Tkachenko)
- Update to 1.8.12:
  * Fixes:
  - Partially revert the CVE-2014-3639 patch by increasing the
    default authentication timeout on the system bus from 5
    seconds back to 30 seconds, since this has been reported to
    cause boot regressions for some users, mostly with parallel
    boot (systemd) on slower hardware.
    On fast systems where local users are considered particularly
    hostile, administrators can return to the 5 second timeout
    (or any other value in milliseconds) by saving this as
    <limit name="/auth_timeout"/>5000</limit>
    (fdo#86431, Simon McVittie)
  - Add a message in syslog/the Journal when the auth_timeout is
    exceeded (fdo#86431, Simon McVittie)
  - Send back an AccessDenied error if the addressed recipient is
    not allowed to receive a message (and in builds with
    assertions enabled, don't assert under the same conditions).
    (fdo#86194, Jacek Bukarewicz)
- Update to 1.8.10:
  * Security fixes:
  - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
    so that CVE-2014-3636 part A cannot exhaust the system bus'
    file descriptors, completing the incomplete fix in 1.8.8.
    (CVE-2014-7824, fdo#85105; Simon McVittie, Alban Crequy)
- remove CFLAGS setting, -fstack-protector is default and -fPIC
  will be auto-selected.
- Split out dbus-binding-tool in own sub-package.
- Update to version 0.108:
  + Use dbus-run-session instead of dbus-launch for tests.
- Changes from version 0.106:
  + Stop testing G_HAVE_INLINE, which ceased to work in GLib 2.47.2
    and wasn't meant to be API anyway. Instead, rely on "/static
    inline"/ doing the right thing. On pre-C99 compilers, this
    relies on <glib.h> defining inline to __inline, __inline__ or
    the empty string if the compiler requires it, which it has done
    since 2000. (fdo#93513).
  + Stop calling g_mem_profile() in the tests, which no longer does
    anything and caused the tests to fail by issuing a warning.
  + Slightly modernize build system, and remove a weird
    cross-directory dependency which was breaking distcheck.
  + Stop distributing generated marshallers in the tarball.
- Run spec-clean, modernize spec-file macros and also drop a no
  longer conditional dbus-1-glib-64bit Obsoletes.
- Update to version 0.104:
  + Deprecations: Document the entire library as deprecated.
  + Dependencies:
  - libdbus 1.8 is required.
  - GLib 2.32 is required.
  + Enhancements:
  - The libdbus 1.8 dependency means we can now document that
    dbus_g_thread_init() is idempotent and thread-safe
  - Use g_cclosure_marshal_generic for all marshalling
  + Fixes:
  - Allow timeouts to be migrated from one main context to
    another without an assertion failure (fdo#30574).
  - Don't trip a libdbus fatal warning if a Unix fd or other
    unsupported type is encountered in a message (fdo#80557).
  - Make the tests pass with newer GLib by not removing removed
    sources (fdo#83530).
  - Fix some typos in the documentation (fdo#45686).
  - Make the Autotools setup less awful (fdo#58698).
- Update to version 0.102:
  + Enhancements:
  - Add dbus_g_method_invocation_get_connection (fdo#55729).
  - Add dbus_g_connection_open_private (fdo#55730).
  - Better regression tests (fdo#23633, fdo#40711, fdo#41129,
    fdo#51511, fdo#68603).
  - Get rid of more dead code (fdo#40711).
  - dbus-binding-tool: check validity of names (fdo#7909).
  + Bugs fixed:
  - dbus_g_value_build_g_variant: treat GValues containing
    (G_TYPE_STRING, NULL) or (G_TYPE_STRV, NULL) as empty string
    or empty array instead of asserting (fdo#71811).
  - Upload documentation correctly.
  - Fix under-linking (fdo#68601).
- Remove the exacutable bit from
- Update to version 0.100.2:
  + Respin tarball.
- Update to version 0.100.1:
  + dbus-gproxy: Verify sender of NameOwnerChanged signals to be
    o.f.DBus (CVE-2013-0292, bnc#804392).
  + Some cleanups.
  + Other bugs fixed: fdo#23633, fdo#40711, fdo#55729, fdo#55730.
- Update to version 0.100:
  + Enhancements:
  - Support building on Android with androgenizer
  - Respect NOCONFIGURE=1 in
  + Fixes:
  - Fix several GVariant reference leaks in
    dbus_g_value_parse_variant (fdo#41125)
  - Don't crash if an error code is out of range for its domain
    or has a negative code (fdo#40151)
  - Fix compilation with -Werror=format-security
  - Don't crash if dbus_g_proxy_new_for_peer() is used to talk to
    the dbus-daemon (fdo#41126)
- Further dependency changes: Let dbus-1-glib-devel require
  dbus-1-devel (implicitly pulls dbus-1).
- Fix and loosen dependency towards dbus-1. Reported by Andreas
  Jaeger <>.
- license update: AFL-2.1 or GPL-2.0+
  License is a dual license choice of either Academic Free License 2.1 or
  GNU GPL 2+. This is the SPDX format for that license
- Update to version 0.98:
  + Fix the documentation, a lot. We have nearly 100% coverage now.
  + In specialized collection iterators, check that the type is
    correct; g_critical and return harmlessly, rather than
    crashing, if not
  + If library users register specialized GTypes, warn if their
    vtables have missing callbacks which would cause accessors to
  + Fix production of documentation out-of-tree with newer gtk-doc
  + Simplify invoke_object_method() and OOM handling in
    dbus-gobject (fdo#35767)
- Changes from version 0.96:
  + Fix a regression in marshalling GObject instances as object
    paths, which broke NetworkManager (fdo#37852, deb#628890)
  + Fix crashes when sending a message when disconnected from D-Bus
    but still working through our backlog of incoming messages,
    similar to fdo#12675 (fdo#38406)
  + Cope more gracefully, with a critical warning instead of a
    memory leak, if programmer error causes G_VALUE_COLLECT to fail
    (fdo#38406, nokia#86280, nokia#180486)
  + Avoid an assertion failure when unregistering a proxy if
    GetNameOwner failed (fdo#38408, nokia#116862)
  + Don't report various programmer errors as "/out of memory"/;
    raise suitable critical warnings instead, and don't leak memory
    (fdo#35767, fdo#35766)
  + If a remote process sends a wrong method call on the Properties
    interface, send back an error reply, instead of warning on
    stderr and not replying (fdo#35766)
  + Show a warning if dbus_g_method_return fails to marshal
    something (fdo#29884, nokia#180486)
  + Remove remnants of i18n (fdo#36428)
  + Remove dead code (nokia#180486)
- Drop dbus-1-glib-fix-marshalling-regression.patch: fixed
- cross-build fix: use host's dbus-binding-tool
- Remove redundant tags/sections from specfile
  (cf. packaging guidelines)
- Add dbus-1-glib-devel to baselibs
- Add dbus-1-glib-fix-marshalling-regression.patch: this fixes a
  regression causing issues in NetworkManager; taken from git.
- Update to version 0.94:
  + Check validity of more arguments, don't report "/out of memory"/
    or "/should not have been reached"/ if an invalid string or
    boolean is given, and abandon broken containers more gracefully
  + Allow underscores in error names (fdo#30274)
  + If an object is on more than one connection, emit signals on
    all of them; if it's unregistered, only unregister it from the
    requested connection (fdo#32087)
  + Fix ability to switch a DBusConnection from one GMainContext to
    another (fdo#35115)
  + Forbid a ReturnVal annotation after the first OUT <arg>, which
    had never worked correctly anyway (fdo#35952)
  + Remove false claim that we use Introspect() at runtime, and
    document more error cases (fdo#36216)
  + Remove unused support for translated messages (fdo#36428)
  + Don't corrupt internal data if a GObject is registered twice on
    the same (connection, path) tuple, and fix out-of-bounds
    reading (fdo#36793)
  + Fix multiple signal emissions if an object is removed from all
    of its locations then re-exported, and a memory leak if an
    exported object is disposed (fdo#36811)
  + Log the error message if object registration fails (fdo#37795)
  + Several small fixes.
  + Remove Doxygen support (as gtk-doc is used) (fdo#10890)
  + Build fixes.
  + Bugs fixed: fdo#22667, fdo#22854, fdo#23616, fdo#26952,
    fdo#27193, fdo#27598, fdo#29884, fdo#32351, fdo#33145,
    fdo#33646, fdo#34282, fdo#37060, fdo#37062, fdo#37789,
    fdo#37790, fdo#37812.
- Update to version 0.92:
  + Require glib 2.26: this dependency bump was missed in 0.90.
- Update to version 0.90:
  + Add DBusGObjectPath, DBusGSignature typedefs
  + Give specialized GArrays iteration/appending support
  + fdo#30428: add dbus_g_value_parse_g_variant
  + Fix switching a connection's GMainContext
  + Various small fixes
- Update to version 0.88:
  + Allow duplicate object path registrations for different
  + Don't use the identifier "/interface"/ in public headers
  + Don't pass malformed error interface to dbus (rh#581794)
  + Fix a crash in dbus_pending_call_cancel() (fdo#14579)
  + Fix lookup of regular properties when shadow properties are
  + fdo#28715: Add dbus_g_value_build_g_variant()
  + Respect property access flags for writing, allow disabling for
  + Documentation improvements
  + Build fixes, especially for windows
- Drop bug-628607-access-flags-CVE-2010-1172.diff: fixed upstream.
- honor access properties from xml file (CVE-2010-1172, bnc#628607)
- use %_smp_mflags
- Update to version 0.86:
  + core: allow duplicate property names on GInterfaces
  + core: performance optimization for object info lookup
  + Fix hyphenated error codes correctly
  + Free errors returned by method implementations
  + Trivial compiler warning fixes
  + Use AM_SILENT_RULES if available
  + Turn the gtk-doc documentation into buildable shape
- Update to version 0.84:
  + Support duplicate object registrations
  + Only re-set registration list if it's non-empty
  + Copy object registration list when unregistering.
  + fdo#19623 - Add dbus_g_bus_get_private
  + fdo#25119 - Don't leak DBusGMethodInvocation for no-reply calls
  + Import dbus-bus-introspect.xml upstream
  + dbus-gvalue: set an error when demarshal_basic doesn't
    recognize type
  + Man page fixes.
- add baselibs.conf as a source
- package documentation as noarch
- Update to version 0.82:
  + Fix format-security warning
  + Use -fno-strict-aliasing by default
  + fdo#14183 - Listen to NameOwnerChanged using arg0 matching
  + Use g_strdup instead of strdup in dbus_g_method_get_sender
  + fdo#13908: make dbus_g_type_specialized_init() safe for library
    users to call
  + fdo#16776: teach dbus_g_method_return_error about DBUS_GERROR
  + fdo#20884: dbus_g_proxy_manager_replace_name_owner: don't leave
    freed memory in the hash table if the name was the owner's
  + dbus_g_type_specialized_init: make some effort at being
  + add --with-dbus-binding-tool configure option to use an
    external dbus-binding-tool
  + fdo#5688: don't assert when exported object is destroyed
  * after* D-Bus connection closes
  + fdo#21219: implement unregistration of objects
  + dbus-gobject: save the ObjectRegistration on each object, not
    just the path
  + fdo#20879 - Use --skip-source argument for glib-genmarshal
  + fdo#19927 - Use const for GError * param we're not modifying
  + fdo#13908: silently initialize specialized types whenever
  + fdo#21362 - Remove use of deprecated symbols
  + fdo#21753 - Correctly initialize GValues in dbus-binding-tool
    generated code
  + fdo#22244 - Only include <glib.h>, not individual headers
  + fdo#20343 - Add a man page for dbus-binding-tool
  + fdo#18294 - Be defensive about a possibly NULL property string
  + Various build fixes.
- Remove AutoReqProv: it's default now.
- Remove -fno-strict-aliasing from our custom CFLAGS since it's by
  default now.
- Drop dbus-1-glib-selinux.patch: unneeded now.
- Drop marshall-skip-source.patch: fixed upstream.
- Use libexecdir whenever possible.
- Remove Requires from doc package since it's purely html files.
- Do not add source file name as comment for glib-genmarshall Aufruf.
  This creates otherwise files with temporary filenames that make
  comparison of builds impossible (marshall-skip-source.patch)
- Update to 2.37
  * Changes from 2.36 to 2.37
  * Fix issue with empty glyphs in condensed typefaces in the released source files.
  * Changes from 2.35 to 2.36
  * Math: added DejaVu Math Tex Gyre by B. Jackowski, P. Strzelczyk and P. Pianowski (on behalf of TeX users groups)
  * Sans: removed dot of U+06BA in all forms
  * Sans: fixed position of three dots of U+06BD in init and medi forms (by Denis Jacquerye)
  * Sans: corrected direction of contours in U+05E7 (by Lior Halphon]])
  * Sans: added U+1F643 (by Olleg Samoylov)
  * Serif: moved up U+0360-0361 (by Gee Fung Sit 薛至峰]])
  * Serif: increased spacing of Roman numerals U+2161-2163, U+2165-2168, U+216A-216B (by Gee Fung Sit 薛至峰)
  * Serif: fixed anchor position of U+00E6 (by Gee Fung Sit 薛至峰)
  * Sans: fixed vertical position of U+20BA (by Gee Fung Sit 薛至峰)
  * Sans, Serif: fixed glyph height of Block Elements (by Gee Fung Sit 薛至峰)
  * Sans, Serif: added U+A698-A699 (by Gee Fung Sit 薛至峰)
  * Sans, Mono, Serif: added U+037F (by Gee Fung Sit 薛至峰)
  * Mono: added U+0376-0377, U+037B-037D (by Gee Fung Sit 薛至峰)
  * Serif: removed duplicate point from U+1D05 (by Gee Fung Sit 薛至峰)
  * Mono: added U+20BA, U+20BD (by Gee Fung Sit 薛至峰)
  * Sans: Added moon symbols U+1F311-1F318 (by Ben Laenen)
- Update to 2.35:
  * For details see:
- Update to 2.34:
  * This release includes the addition of Lisu, an update of Georgian,
    the addition of some symbols and the addition and modification
    of several Latin characters.
  * Sans, SansMono, Serif: unlinked references of U+2596 for bug 50848
  * Sans, SansMono, Serif: added U+A7AA
  * Sans, SansMono, Serif: added U+2A6A, U+2A6B, U+2E1F based on U+223B
  * Sans, Serif: removed superfluous ligature definitions for
    ffl und ffi (bug 55363)
  * Sans, Serif: swapped glyphs for U+25D2 and U+25D3 (bug 55197)
  * Sans, Serif: added U+A740, U+A741
  * Sans: added U+20BA Turkish Lira sign
  * Sans: replaced Georgian Asomtavruli U+10A0-U+10C5 and Mkhedruli
    U+10D0-U+10FC with new version
  * Sans: added Georgian Nuskhuri U+2D00-U+U+2D25
  * Sans: added Private Use Area glyphs for Georgian U+F400-U+F441
  * Sans: tweaked U+0250, U+0254
  * Sans: adjusted hinting of U+032C-U+032D, avoiding problem on
    some platforms
  * Sans: added U+A7A0-U+A7A9, pre-1921 Latvian letters with
    oblique stroke
  * Sans: added anchors to U+2C6D
  * Sans: added cedilla anchor to some Latin characters
  * Sans: added ogonek anchor to A, E, O, U, Y
  * Sans: adjusted ogonek reference in U+0172, U+01EA, U+01EB
  * Sans: added anchors to U+0104, U+0105
  * Sans: added U+1F600, U+1F611, U+1F615, U+1F617, U+1F619,
    U+1F61B, U+1F61F, U+1F626-U+1F627, U+1F62E-U+1F62F, U+1F634
  * Sans: replaced U+27A1 with mirror image of U+2B05 for consistency
  * Sans: copied hints from U+14A3, U+14A7 to U+2142-U+2143
  * Sans: added Lisu block
  * Sans: typographical improvements to U+0166-U+0167, U+02A6, U+02AA
  * Sans: slightly change hinting of "/2"/ to fix bug 37395
  * Sans: fixed U+1444 which had wrong top dot that shouldn't be there
  * Sans: added anchors for diacritics to U+01B7, U+01B8, U+01B9, U+0292
  * Sans: added U+01B7, U+01B8 to context for case diacritics above
  * SansMono: fixed U+0574
  * SansMono: added U+2016, U+27C2
  * SansMono: added U+02CE, U+02CF
  * SansMono: added U+2148, U+27E6-U+27E7, U+2B05-U+2B0D, U+1D55A
  * Serif: added U+02BA, U+02C2-U+02C5, U+02CA-U+02CB, U+02D7, U+02F3,
    U+02F7, U+046C-U+046D, U+0476-U+0477, U+1D7C-U+1D7F, U+20B8, U+2132,
    U+214E, U+2C7B to Serif
  * Serif: typographic improvements to U+0194, U+01B1, U+0263, U+028A,
    U+02A6, U+02A8, U+02AA, U+02E0, U+03DC, U+1D3B, U+1D7B
  * Serif: added small cap versions of q, x (in italic styles), delta,
    theta, xi, sigma, phi, omega, not wired in yet
  * Serif: added anchors to U+0234-U+0236
  * Serif: added U+02EC, U+02EF, U+02F0, U+0360
- Added url as source.
  Please see
- amend spec file to reflect new font packaging scheme
  (see openFATE#313536);
- call spec-cleaner
- license update: SUSE-Permissive
  Use this SPDX proprietary extension tag until upstream SPDX adopts a
  permissive category
- Renamed dejavu -> dejavu-fonts according to
  openSUSE packaging guidelines and FATE#313035
  Adjusted Obsoletes and Provides accordingly
- Remove redundant tags/sections from specfile
  (cf. packaging guidelines)
- update to version 2.33
  * added Old Italic block to Sans
  * added U+051E, U+051F to Sans
  * added U+01BA, U+0372-U+0373, U+0376-U+0377, U+03CF, U+1D00-U+1D01,
    U+1D03-U+1D07, U+1D0A-U+1D13, U+1D15, U+1D18-U+1D1C, U+1D20-U+1D2B,
    U+1D2F, U+1D3D, U+1D5C-U+1D61, U+1D66-U+1D6B, U+1DB8, U+1E9C-U+1E9D,
    U+1EFA-U+1EFB, U+2C60-U+2C61, U+2C63, U+A726-U+A73C, U+A73E-U+A73F,
    U+A746-U+A747, U+A74A-U+A74B, U+A74E+U+A74F, U+A768-U+A769,
    U+A77B-U+A77C, U+A780-U+A787, U+A790-U+A791, U+A7FA-U+A7FF to Serif
  * added alternate forms to U+014A and U+01B7 in Serif
  * typographical improvements to U+0166-U+0167, U+0197, U+01B5-U+01B6,
    U+01BB, U+0222-U+0223, U+023D, U+0250-U+0252, U+026E, U+0274, U+028F,
    U+029F, U+02A3-U+02A5, U+02AB, U+03FE-U+03FF, U+1D02, U+1D14,
    U+1D1D-U+1D1F, U+1D3B, U+1D43-U+1D46, U+1D59, U+1D9B, U+2C71, U+2C73 in Serif
  * fixed bugs #31762 and #34700 plus other small fixes
    (wrong direction, duplicate points, etc.) for Sans and Serif
  * added U+204B to Mono
  * added U+26E2 to Sans
  * added Playing Cards block (U+1F0A0-U+1F0DF) to Sans
  * emoticons in Sans: replace U+2639-U+263B with better versions,
    add U+1F601-U+1F610, U+1F612-U+1F614, U+1F616, U+1F618,
    U+1F61A, U+1F61C-U+1F61E, U+1F620-U+1F624, U+1F625,
    U+1F628-U+1F62B, U+1F62D, U+1F630-U+1F633, U+1F635-U+1F640
  * added U+A78E, U+A790-U+A791 to Sans and Mono
  * added U+A7FA to Sans
  * subscripts: added U+2095-U+209C to Sans, Serif and Mono,
    adjusted U+1D49-U+1D4A in Sans and Mono
  * added U+0243 to Mono
  * adjusted U+0307 to match dot of i, replaced dotaccent U+02D9 with
    U+0307 in most dependencies in Sans
  * adjusted anchors of f and added them to long s in Sans
  * added anchors to precomposed dependencies of D and d
  * added debug glyphs U+F002 and U+F003 which will show current point size
  * use correct version for Serbian italic be
  * added pictograms U+1F42D-U+1F42E, U+1F431, U+1F435
  * improved Hebrew in Sans
  * improved Armenian in Sans, and added Armenian in Serif and Mono
  * remove "/locl"/ feature for Romanian for S/T/s/t with cedilla/comma accent
  * replace wrong "/dflt"/ script tag in Mono with "/DFLT"/
- updated to version 2.32:
  * added to Sans: Latin small letter p with stroke (U+1D7D),
  Latin capital letter p with stroke through descender (U+A750),
  Latin small letter p with stroke through descender (U+A751),
  Latin capital letter thorn with stroke (U+A764),
  Latin small letter thorn with stroke (U+A765),
  Latin capital letter thorn with stroke through descender (U+A766),
  Latin small letter thorn with stroke through descender (U+A767),
  Latin capital letter q with stroke through descender (U+A756),
  Latin small letter q with stroke through descender (U+A757),
  Latin capital letter p with flourish (U+A752),
  Latin small letter p with flourish (U+A753)
  * add new Indian rupee symbol (U+20B9) to Sans, Serif and Mono
  * Sans: adjusted U+0E3F, U+20AB, U+20AD-U+20AE, U+20B1, U+20B5, U+20B8
  to have them take up the same width as digits
  * added U+23E8 to Sans
  * fixed numerous bugs (#22579, #28189, #28977, N'Ko in Windows, fixed U+FB4F,
  anchors for U+0332-U+0333, made extensions in Misc. Technical connect,
  and other small fixes)
  * added looptail g as stylistic variant to Serif
  * added the remaining precomposed characters in Latin Extended Additional
  in Serif
  * added Georgian Mkhedruli (U+10D0-U+10FC) to Sans ExtraLight
  * fix spacing in hinting of U+042E in Mono
  * replaced U+2650 and minor changes to U+2640-U+2642, U+2699,
  U+26A2-U+26A5, U+26B2-U+26B5, U+26B8 in Sans
  * added U+1E9C-U+1E9D, U+1EFA-U+1EFB, U+2028-U+2029, U+20B8, U+2150-U+2152,
  U+2189, U+26C0-U+26C3, U+A722-U+A725, U+1F030-U+1F093 to Sans
  * added U+1E9C-U+1E9E, U+1EFA-U+1EFB, U+2028-U+2029, U+20B8, U+2181-U+2182,
  U+2185 U+A722-U+A725, to Sans ExtraLight
  * added U+20B8, U+22A2-U+22A5, U+A722-U+A725 to Mono
  * added U+02CD, U+01BF, U+01F7, U+0222-U+0223, U+0243-U+0244, U+0246-U+024F,
  U+2150-U+2152, U+2189, U+239B-U+23AD and U+A73D to Serif
- updated to version 2.31:
  * Fixed bug where Serif Condensed Italic wouldn't get proper subfamily tags
  * Added math operators U+2234-U+2237 to Mono
  * Removed buggy instructions of U+032D
  * added U+2C70, U+2C7E, U+2C7F to Sans and Sans Mono
  * added U+2C7D to Sans Mono
  * added U+2C6D, U+2C70-2C73, U+2C7E-2C7F to Serif
  * added extremas to alpha U+03B1 in Serif-Italic
  * added U+4A4, U+4A5 to Mono
  * added Arabic letters U+0657, U+0670, U+0688-U+0690, U+0693-U+0694,
  U+0696-U+0697, U+0699-U+06A0, U+06A2-U+06A3, U+06A5, U+06A7-U+06A8,
  U+06AA-U+06AE, U+06B0-U+06B4, U+06B6-U+06B9, U+06BB-U+06BE and their
  contextual forms to Sans
  * added U+A78D LATIN CAPITAL LETTER TURNED H for coming Unicode 6.0
- removed unnecessary buildrequires for too old distros
- updated to version 2.30:
  * added U+0462-U+0463 to Mono
  * corrected U+1E53 in Serif
  * added U+1E4C-U+1E4D to Mono and Serif
  * added U+1E78-U+1E79 to Mono
  * fixed missing diacritics in Latin Extended Additional in Sans ExtraLight
  * fixed anchors on U+1E78 in Serif
  * added U+1DC4-U+1DC9 to Serif
  * renamed above-mark to above-mark in Serif-Italic
  * added U+1DC4-U+1DC9 to context class for dotless substitution
  * changed Doubleacute to Doublegrave in Sans ExtraLight
  * removed redundant reference in U+01FB in Sans Oblique
  * added U+A726-U+A727 to Mono
  * changed U+04BE and U+04BF according to recommedations of Sasha Ankwab in Sans
  * remove "/Symbol Charset"/ from set of codepages in Sans
- updated to version 2.29:
  * modified U+10FB in Sans to be a mirror image of U+2056
  * added U+2B1F, U+2B24, U+2B53, U+2B54 in Sans
  * fixed TUR opentype language tag to TRK in Serif (bug 19825)
  * early implementation of Abkhaz letter U+0524-U+0525 in Sans
  * flipped U+1D538 in Sans
  * added U+26B3-U+26B8, U+1D7D8-U+1D7E1 in Sans
  * corrected U+1D7A9 in Sans Bold Oblique
  * Fixed U+0649 to be dual-joining in Sans Mono
  * Remove unnecessary 'isol' feature from Sans Mono
  * Remove 'cmap' mappings for U+066E, U+066F, U+067C, U+067D, U+0681,
  U+0682, U+0685, U+0692, U+06A1, U+06B5, U+06BA, U+06C6, U+06CE,
  and U+06D5 in Sans Mono (bug 20323)
  * add half brackets (U+2E22 - U+2E25, by Steve Tinney)
- Make python2 and python3 conditional to ensure we can build with
  python3 only
- Correct provides/obsoletes for python2 subpackage
- Build python3 bindings as well
- Rename python2 subpackage to name consistent with current python
- Drop patch.sles8 - there does not seem to be any reason for it
- update to version 3.6.1
  - remove upstreamed patch deltarpm-zlibcppflags.diff
  - fix off-by-one error in delta generation code (bnc#948504)
    This could lead to a segfault in rare circumstances.
  - Return error rather than crashing if we can't allocate memory
  - add newline in missing prelink error
  - do not finish applydeltarpm jobs when in the middle of a request
  - fix zlibcppflags typo
- update to deltarpm-3.6
  * fixes failing applydeltarpm with gzip -9 compression
  * adds a couple of manpages
- Package binary Python module, python-deltarpm isn't noarch any more
- Run spec-cleaner
- Add python-deltarpm subpackage
- cross-build fix: use %__cc macro
- Remove redundant tags/sections from specfile
  (cf. packaging guidelines)
- Use %_smp_mflags for parallel build
- update to current git to get support for the '-m' option,
  which limits memory consumption
- adapt to rpm-4.7 lzma level change
- update to version 3.5
- no changes, just patch integration
- Oops, when upgrading to 4.3.6-P1 in 2018 only isc_version was
  bumped, but not the RPM package version.
- CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A buffer
  overrun in lease file parsing code can be used to exploit a
  common vulnerability shared by dhcpd and dhclient.
- bsc#1185157:
  Use /run instead of /var/run for PIDFile in dhcrelay.service.
- bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch:
  DHCPv6 server crashes regularly.
- Add compile option --enable-secs-byteorder to avoid duplicate
  lease warnings [bsc#1089524].
- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and
  dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
- Update to dhcp-4.3.6-P1:
  * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
  * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
  * Plugged a socket descriptor leak in OMAPI
  * The server now allows the client identifier (option 61) to own
    leases in more than one subnet concurrently [ISC-Bugs #41358].
  * When replying to a DHCPINFORM, the server will now include
    options specified at the pool scope, provided the ciaddr field
    of the DHCPINFORM is populated.
    [ISC-Bugs #43219] [ISC-Bugs #45051].
  * When memory allocation fails in a repeated way the process
    writes "/Run out of memory."/ on the standard error and exists
    with status 1  [ISC-Bugs #32744].
  * The new lmdb (Lightning Memory DataBase) bind9 configure
    option is now disabled by default to avoid the presence of
    this library to be detected which can lead to a link failure.
    [ISC-Bugs #45069]
  * The linux interface discovery code has been modified to use
    getifaddrs() as is done for BSD and OS-X.
    [ISC-Bugs #28761] and others.
  * Fixed a bug in OMAPI that causes omshell to crash when a
    name-value pair with a zero length value is shipped in an
    object [ISC-Bugs #29108].
  * On 64-bit platforms, dhclient now generates the correct value
    for the script environment variable, "/expiry"/, the lease
    expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
  * Common timer logic was modified to cap the maximum timeout
    values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
  * DHCP6 FQDN option unpacking code now correctly handles values
    that contain spaces, special, or non-printable characters.
    [ISC-Bugs #43592]
  * When running in -6 mode, dhclient can enforce the require
    option statement and will discard offered leases that do not
    contain all the required options specified in the client
    configuration [ISC-Bugs #41473].
  * Altered DHCPv4 lease time calculation to avoid roll over
    errors on 64-bit OS systems when using -1 or large values
    for default-lease-time [ISC-Bugs #41976],
  * Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169].
  * The server nows checks both the address and length of a
    prefix delegation when attempting to match it to a prefix
    pool [ISC-Bugs #35378].
  * Modified DDNS support initialization such that DNS related
    ports will only be opened by the server (dhcpd) at startup
    if ddns-update-style is not "/none"/; by dhclient only if and
    when the it first attempts an update; and never by dhcrelay.
    [ISC-Bugs #45290] [ISC-Bugs #33377]
  * Added error logging to two memory allocation failure checks.
    [ISC-Bugs #41185]
  * Corrected a dhclient -6 issue that caused the client to crash
    with an "/Impossible condition"/ error after de-preferencing its
    only IA binding [ISC-Bugs #44373].
  * By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h,
    dhclient will now call the script with reason set to FAIL when
    run with -1 (one try) and there are no server responses.
    [ISC-bugs #18183]
  * The server now detects failover peers that are not referenced
    in at least one pool when run with the command line option for
    test mode, -T [ISC-Bugs #29892].
  * Linux script updated [ISC-bugs #19430] [ISC-bugs #18111].
  * Changed severity of the log message indicating UDP checksum
    errors in the received packets from 'info' to 'debug'.
    [ISC-bugs #41757]
  * Corrected a bug which could cause the server to sporadically
    crash while loading lease files with the lease-id-format is
    set to "/hex"/ [ISC-Bugs #43185].
- Obsoleted patches:
  * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
  * 0019-dhcp-4.2.4-P1-interval.patch
  * 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
  * 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
- Optimized if and when DNS client context and ports
  are initted (bsc#1073935)
- Plugs a socket descriptor leak in OMAPI(bsc#1076119, CVE-2017-3144)
  [ +0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch]
- add PIDFile= setting to dhcrelay.service, without this systemd
  stops the service immediately after starting
- Drop old sysvinit support from the spec file. All the supported
  openSUSE distributions are systemd based so there isn't much point
  in keeping sysvinit support and files around.
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Replace net-tools Requires in dhcp-client with hostname on
  suse_version >= 1330 (CODE15): net-tools does no longer provide
  any tool referenced by dhclient-script, but we require hostname
  (which is also a dependency to net-tools, thus hiding the issue).
- use .gz year instead of current one to make build reproducible
- fixed a typo in nis-servers option name breaking the config file introduced
  in previous change to workaround issues in NetworkManager parser.
- Update to dhcp-4.3.5
  - Corrected a bug which could cause the server to sporadically crash while
    loading lease files with the lease-id-format is set to "/hex"/.  Our thanks
    to Jay Ford, University of Iowa for reporting the issue.
    [ISC-Bugs #43185]
  - Eliminated a noisy, but otherwise harmless debug log statment that may
    appear during server startup when building with --enable-binary-leases
    and configuring multiple pools in a shared network.  Thanks to Fernando
    Soto from BlueCat Networks for reporting the issue and supplying a patch.
    [ISC-Bugs #43262]
  - Fixed util/ error handling.
    [ISC-Bugs #41973]
  - Correct error message in relay to use remote id length instead
    of circuit id length.
    [ISC-Bugs #42556]
  - Add logic to test directory Makefiles to avoid copying Attfile(s)
    when building within the source tree.  This eliminates a noisy but
    otherwise harmless error message when running "/make check"/.
    [ISC-Bugs #41883]
  - Leases are now scrubbed of certain prior use information when pool
    re-balancing reassigns them from one FO peer to the other.  This
    corrects an issue where leases that were offered but not used
    by the client retained the client hostname from the original
    client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
    for reporting the issue.
    [ISC-Bugs #42008]
  - In the LDAP code and schema add some missing '6' characters to use
    the v6 instead of the v4 versions.  Thanks to Denis Taranushin for
    reporting this issue and supplying its patch.
    [ISC-Bugs #42666]
  - Correct how the pick-first-value expression is written to a lease
    file.  Previously it was written as a concat expression due to
    a cut and paste error.
    [ISC-Bugs #42253]
  - Modify the DDNS code to clean up the PTR record even if there
    are issues while cleaning up the A or AAAA records.
    [ISC-Bugs #23954]
  - Added global configuration parameter, abandon-lease-time, which determines
    the amount of time a lease remains abandoned.  The default is 84600 seconds.
    Additionaly, the server now conducts a ping check (if ping checks are
    enabled) prior to offering an abandoned lease to client.  Our thanks to
    David Zych at University of Illinois for reporting the issue and working
    with us to produce a viable solution.
    [ISC-Bugs #41815]
  - Correct handling of interface names during interface discovery. This
    addresses an issue where interface names of 15 characters in length
    could lead to crashes or interface recognition errors during startup
    of dhcpd, dhclient, and dhcrelay.
    [ISC-Bugs #42226]
  - Updates to contrib/ to make it more friendly.
    The updates are: looking for the lease file in more places and skipping
    the "/processing complete"/ output when creating machine readable
    output.  Thanks to Cameron Paine (cbp at null dot net) for the
    [ISC-Bugs #42113]
  - When reusing a lease for dhcp-cache-threshold return the hostname
    to the original lease.  Also if the host pointer, UID or hardware address
    change don't allow reuse of the lease.
    Thanks to Michael Vincent for reporting this and helping us
    verify the problem and fix.
    [ISC-Bugs #42849]
  - Change dmalloc to use a size_t as the length argument to bring it
    in line with the call it will make to malloc().
    [ISC-Bugs #40843]
  - If the failover socket can't be bound, close it.  Otherwise if the
    user configures an incorrect address in the failover stanza the
    server will continue to open new sockets every 90 seconds until
    it runs out.
    [ISC-Bugs #42452]
  - Add DHCPv4-mode, dhcrelay command line options, "/-iu"/ and "/-id"/, that
    allow interfaces to be upstream or downstream respectively.  Upstream
    interfaces will accept and forward only BOOTP replies, while downstream
    interfaces will accept and forward only BOOTP requests.
    [ISC-Bugs #41547]
  - Clean up some memory references in the vendor-class construct.
    [ISC-Bugs #42984]
  * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
  * 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
  * 0016-infiniband-support.patch,
  * 0017-server-no-success-report-before-send.919959.patch]
- Set all requested dhcp options on a single line, so they are
  actually requested (boo#1046969, boo#1047004).
- Relax permission of dhclient-script for libguestfs(bsc#987170)
- Require insserv only if needed
- Fix requires of client subpackage
- Add config file for registering dhcp server in slp (bsc#992072)
- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts.
  /sbin/arping is a symlink to /usr/sbin/arping in order to ease the
  transition for the /usr merge. Newest releases of iputils may only
  install utilities in /usr/* so this dependency will no longer be valid.
  Moreover, we replace the '/sbin/arping' dependency with 'iputils'.
- Update to dhcp-4.3.3-P1 correcting bounds checking when
  receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).
- adjusted interval check.
- Fixed improper lease duration checking. Also added fixes for integer
  overflows in the date and time handling code(bsc#936923, bsc#880984).
- fixed service files to start dhcpd after slapd (bsc#956159)
- dhclient-script: complain in the log about conflicts, added
  a see log messages to the dhclient log message (bsc#960506)
  [* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
- Applied a patch by Jiri Popelka catching dhcp server aborts with
  "/Unable to set up timer: out of range"/ on very long or infinite
  timer intervals / lease lifetimes (bsc#947780)
  [+ 0019-dhcp-4.2.4-P1-interval.patch]
- Corrected patch references in and a missed (bsc#919959) patch
  description in previous changelog entry.
- Update to dhcp-4.3.3 (fate#319067) provinding many bug fixes,
  features and obsoletes several patches we were using before.
  For complete changelog, please read the RELNOTES file shipped
  along with this package or online at:
- Replaced hostname patch with a dhcpv6 and fqdn aware variant:
  [- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch,
  + 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]
- Removed obsolete patches included upstream now:
  [- 0007-dhcp-4.2.6-ldap-mt01.patch,
  - 0009-dhcp-4.2.6-xen-checksum.patch,
  - 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch,
  - 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch,
  - 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch,
  - 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch,
  - 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch,
  - 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch,
  - 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch,
  - 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch,
  - 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Adjusted patch numbers in the spec file:
  [- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
  - 0010-dhcp-4.2.2-dhclient-option-checks.patch,
  - 0011-dhcp-4.2.6-close-on-exec.patch,
  - 0012-dhcp-4.2.2-quiet-dhclient.patch,
  - 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch,
  - 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
  - 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
  + 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
  + 0008-dhcp-4.2.2-dhclient-option-checks.patch,
  + 0009-dhcp-4.2.6-close-on-exec.patch,
  + 0010-dhcp-4.2.2-quiet-dhclient.patch,
  + 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
  + 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
  + 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch]
- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned
  32bit) integers to scripts and properly format timestamps as long
  to not break them on 64bit architectures (bsc#926159).
  [+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch]
- dhclient: expose next-server DHCPv4 option to script (bsc#928390)
  [+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch]
- Replaced infiniband support patch with fixed variant (bsc#910984):
  [- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch,
  - 0018-dhcp-4.2.6-improved-xid.patch,
  - 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch,
  + 0016-infiniband-support.patch]
- Moved dhcp-devel package include files and static libraries
  to /usr/include/dhcp and /usr/lib/dhcp subdirectories.
  DHCP requires a specific bind library version and conflicts
  with the files shipped by bind-devel package, which is not
  source and binary compatible (bsc#910686).
- Corrected changes to provide complete patch file references.
- Fixed server to not report success before send (bsc#919959)
  [+ 0017-server-no-success-report-before-send.919959.patch]
- Fixed dhclient to check pre-init results reported by dhclient-script
  and fail if pre-init fails for a requested interface (bsc#912098).
  [+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
- do not check scripts not in the src.rpm
- Applied fix by Jiri Slaby to not crash in interface discovery
  when the interface address is NULL, which has been introduced
  by the infiniband support patch (bsc#909189,bsc#870535).
  [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch]
- fix bashisms in dhcprelay script
- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to
  reorder config to add all global options or option declarations
  to the dhcpService object instead to create new service object
  [+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
- Applied an upstream patch by Thomas Markwalder adding missed
  mapping of SHA TSIG algorithm names to their constants to enable
  hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
  authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
  [+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
- Decline IPv6 addresses on Duplicate Address Detection failure
  and stop client message exchanges on reached MRD rather than
  at some point after it. Applied fedora patches by Jiri Popelka
  and added DAD reporting via exit 3 to the dhclient-script and
  a fix to use correct address variables in the DEPREF6 action
  [+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
  + 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
- Applied backport patch by William Preston avoiding to bind ddns
  socket in the server when ddns-update-style is none (bsc#891655).
  [+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
  fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
  [+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]
- Updated licence statement and FSF address in our scripts.
- Added missed service_add_pre macro calls for dhcrelay services
- No longer perform gpg validation; osc source_validator does it
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- Add ppc64_disable_failing_test to  disable a sporadically failing
  test for ppc64 and ppc64le builds (boo#1156913)
- Use %license (boo#1082318)
- Update to version 3.6:
  * When one file is a prefix of the other, cmp now appends the
    shorter file's size to the EOF diagnostic.
  * diff's default algorithm has been tweaked to deal better with
    larger files, reversing some of the changes made in
- Define packager and bug reporting url
- Update to a pre-release version (3.5.15):
  * remove big-file-performance.patch and gnulib-diffseq.patch
  * comment signature source as the release is not officially signed yet
- gnulib-diffseq.patch, big-file-performance.patch: Avoid performance
  regression on big files (bsc#1004991)
- Diffutils 3.5:
  * diff3 no longer malfunctions due to use-after-free
    [bug introduced in 3.4]
  * diff --color no longer colorizes when TERM=dumb
- Update to version 3.4
  * diff accepts two new options --color and --palette to generate
    and configure colored output.  --color takes an optional
    argument specifying when to colorize a line: --color=always,
  - -color=auto, --color=never.  --palette is used to configure
    which colors are used.
  * many bugfixes
- New -lang subpackage
- Drop no longer needed gnulib-perl522.patch
- Make building more verbose
- Move info page removal to preun
- Cleanup spec file with spec-cleaner
- Update provides/obsoletes
- add gnulib-perl522.patch from gnulib upstream
- build with PIE
1 recommended fix from upstream:
- dmidecode-missing-commas.patch: Two missing commas in data arrays
  cause off-by-one or mangling during index resolution
Partial support for SMBIOS 3.4.0:
- dmidecode-add-memory-device-types-from-smbios-3.4.0.patch,
  dmidecode-add-system-slot-types-from-smbios-3.4.0.patch: Add
  enumerated values from SMBIOS 3.4.0 (bsc#1174257).
  1 presentation fix from upstream:
- dmidecode-skip-details-of-uninstalled-memory-modules.patch:
  Skip details of uninstalled memory modules (bsc#1174257).
Partial support for SMBIOS 3.3.0:
- dmidecode-add-enumerated-values-from-smbios-3.3.0.patch: Add
  enumerated values from SMBIOS 3.3.0 (bsc#1153533 bsc#1158833
  3 recommended fixes from upstream:
- dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Only
  scan /dev/mem for entry point on x86 (fixes reboot on ARM64).
- dmidecode-fix-formatting-of-tpm-table-output.patch: Fix
  formatting of TPM table output (missing newlines).
- dmidecode-fix-system-slot-information-for-pcie-ssd.patch: Fix
  System Slot Information for PCIe SSD.
- dmidecode-add-logical-non-volatile-device.patch: Add "/Logical
  non-volatile device"/ to the memory device types (bsc#1120149).
- Use %doc directly on files instead of installing them explicitly.
- Don't overwrite the path of license (boo#1121851).
- dmidecode-fix-redfish-hostname-print-length.patch: Fix Redfish
  Hostname print length (bsc#1112755).
- Update to upstream version 3.2 (FATE#326044):
  * [COMPATIBILITY] The UUID is now displayed using lowercase
    letters, per RFC 4122 (#53569). You must ensure that any code
    parsing it is case-insensitive.
  * Support for SMBIOS 3.2.0. This includes new processor names,
    new socket and port connector types, new system slot state and
    property, and support for non-volatile memory (NVDIMM).
  * Support for Redfish management controllers.
  * A new command line option to query a specific structure by its
  * A new command line option to query the system family string.
  * Support for 3 ThinkPad-specific structures (patch #9642).
  * Support for HPE's new company name.
  * Support UEFI on FreeBSD.
  * Important bug fixes:
    Fix firmware version of TPM device
    Fix the HPE UEFI feature flag check
  * (biosdecode) A new command line option to fully decode PIR
    information (support request #109339).
  * Obsoletes dmioem-reflect-hpe-new-company-name.patch,
    dmidecode-fix-tpm-device-firmware-version.patch, and
  * CHANGELOG is gone, package more compact NEWS file instead.
- Reenable signature checking.
- Use %license for LICENSE file.
- dmioem-reflect-hpe-new-company-name.patch: Reflect HPE's new
  company name.
- dmidecode-fix-tpm-device-firmware-version.patch: Fix firmware
  version of TPM device.
- dmioem-fix-hpe-type-219-uefi-flag.patch: Fix the reporting of
  HP/HPE UEFI feature.
- Add missing bug numbers and FATE references in changes file
- Update to upstream version 3.1:
  * Support for SMBIOS 3.1.0 and 3.1.1. This includes new chassis
    types, new processor family names, new processor family upgrade
    names, and new slot types, as well as support of larger BIOS
    ROM sizes and cache sizes, and a new structure type (43, TPM
  * A new command line option to query OEM strings.
  * All error messages are now printed on stderr (#47274, #48158.)
  * Fixes a crash with SIGBUS (#46066.)
  * Various minor fixes, improvements and cleanups.
  * Obsoletes dmidecode-01-add-no-sysfs-option-description-to-h-output.patch,
    dmidecode-06-hide-irrelevant-fixup-message.patch, and
- dmidecode-07-only-decode-one-dmi-table.patch: Only decode one
  DMI table.
- dmidecode-01-add-no-sysfs-option-description-to-h-output.patch:
  Add "/--no-sysfs"/ option description to -h output.
- dmidecode-02-fix-no-smbios-nor-dmi-entry-point-found-on-smbios3.patch:
  Fix 'No SMBIOS nor DMI entry point found' on SMBIOS3.
- dmidecode-03-let-read_file-return-the-actual-data-size.patch:
  Let read_file return the actual data size.
- dmidecode-04-use-read_file-to-read-the-dmi-table-from-sysfs.patch:
  Use read_file() to read the DMI table from sysfs.
- dmidecode-05-use-dword-for-structure-table-maximum-size-in-smbios3.patch:
  Use DWORD for Structure table maximum size in SMBIOS3.
- dmidecode-06-hide-irrelevant-fixup-message.patch:
  Hide irrelevant fixup message.
- Update to upstream version 3.0 (FATE#320746, FATE#320773):
  * Adds support for SMBIOS 3.0. This includes a new (64-bit) entry
    point format and new enumerated values for recent hardware.
  * Adds support for the new kernel interface (as of Linux v4.2) as
    an alternative to relying on /dev/mem to access the entry point
    and DMI table.
  * Adds decoding of Acer-specific DMI type 170 and HP-specific DMI
    types 212, 219 and 233.
  * Obsoletes dmidecode-1.173-drop-cast.patch,
    dmidecode-1.181-decode-CPUID-recent-AMD.patch, and
  * Various minor fixes and clean-ups.
  * Skip the SMBIOS version comparison in quiet mode (bsc#974862).
- dmidecode.keyring was empty, reference the savannah keyring.
  but the tarball is signed by someone unknown without gpg signatures,
  so no keyring for now.
- Cleanup spec file with spec-cleaner
- Add gpg signature
- dmidecode-1.181-decode-CPUID-recent-AMD.patch: Decode the CPUID
  of recent AMD processors (DMI type 4).
- dmidecode-1.182-decode-ddr4-memory-type.patch: Add support for
  DDR4 memory type (DMI type 17) (bsc#955705).
- Update to Docker 20.10.6-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1184768
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Backport upstream fix <> for btrfs
  quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
  + 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Update to Docker 20.10.5-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/ bsc#1182947
- Update runc dependency to 1.0.0~rc93.
- Remove upstreamed patches:
  - cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-i