- Disable the select backend, this can be easily done by lying
  to configure. This is done due to:
  * using fd number > 1024 on an fd_set results in a runtime
    fortify source assertion, preventing further doom.
  * select will not be changed to handle fd > 1024.
  * this limit is unreasonable low for this century.

- Drop insserv_prereq and fillup_prereq macros: there are no
  pre-scripts that would justify these dependencies.

- Update to 2.1.12 stable
  * buffer: do not pass NULL to memcpy() from evbuffer_pullup()
  * http: fix undefined-shift in EVUTIL_IS*_ helpers
  * Check error code of evhttp_add_header_internal() in
    evhttp_parse_query_impl()
  * http: fix EVHTTP_CON_AUTOFREE in case of timeout
  * evdns: Add additional validation for values of dns options
  * Fix memory corruption in EV_CLOSURE_EVENT_FINALIZE with debug enabled
  * increase segment refcnt only if evbuffer_add_file_segment() succeeds
  * evdns: fix a crash when evdns_base with waiting requests is freed
  * event_base_once: fix potential null pointer threat
  * http: do not assume body for CONNECT
  * evbuffer_add_file: fix freeing of segment in the error path
  * Fix checking return value of the evdns_base_resolv_conf_parse()
  * Support EV_CLOSED on linux for poll(2)
  * Parse IPv6 scope IDs.
  * evutil_time: detect and use _gmtime64_s()/_gmtime64()
  * bufferevent: allow setting priority on socket and openssl type
  * Fix EV_CLOSED detection/reporting
  * Revert "Warn if forked from the event loop during event_reinit()"

- Add upstream patches with the feature of "prepare" and "check"
  watchers. That feature is needed by envoy-proxy:
  * 0001-evwatch-Add-prepare-and-check-watchers.patch
  * 0002-evwatch-fix-race-condition.patch

- Update to 2.1.11 stable
  * Fix ABI breakage that had been introduced in 2.1.10. Strictly speaking
    this release breaks ABI again to make it compatible with <= 2.1.9.
    + See git commit 18104973 for more details
  * evdns: add new options -- so-rcvbuf/so-sndbuf
  * various autotools and cmake build changes
  * buffer: fix possible NULL dereference in evbuffer_setcb() on ENOMEM
  * Warn if forked from the event loop during event_reinit()
  * evutil: set the have_checked_interfaces in evutil_check_interfaces()
  * https-client: correction error checking

- Use FAT LTO objects in order to provide proper static library.

- Fix name of library package (bsc#1138369)

- Update to 2.1.10 stable
  * evdns: add DNS_OPTION_NAMESERVERS_NO_DEFAULT /
    EVDNS_BASE_NAMESERVERS_NO_DEFAULT
  * Add support for EV_TIMEOUT to event_base_active_by_fd
  * kqueue: Avoid undefined behaviour.
  * Prevent integer overflow in kq_build_changes_list.
  * evdns: fix lock/unlock mismatch in evdns_close_server_port()
  * Protect min_heap_push_ against integer overflow.
  * le-proxy: initiate use of the Winsock DLL
  * Fix leaks in error path of the bufferevent_init_common_()
  * buffer: make evbuffer_prepend() of zero-length array no-op
  * Don't loose top error in SSL
  * Remove needless check for arc4_seeded_ok
  * Cleanup __func__ detection
  * Add convenience macros for user-triggered events
  * Notify event base if there are no more events, so it can exit without
    delay
  * Fix base unlocking in event_del() if event_base_set() runned in another
    thread
  * If precise_time is false, we should not set EVENT_BASE_FLAG_PRECISE_TIMER
  * Fix race in access to ev_res from event loop with event_active()
  * Return from event_del() after the last event callback termination
  * Preserve socket error from listen across closesocket cleanup
  * fix connection retries when there more then one request for connection
  * improve error path for bufferevent_{setfd,enable,disable}()
  * Fix conceivable UAF of the bufferevent in evhttp_connection_free()
  * Fix evhttp_connection_get_addr() fox incomming http connections
  * fix leaks in evhttp_uriencode()
  * CONNECT method only takes an authority
  * Allow bodies for GET/DELETE/OPTIONS/CONNECT
  * Do not crash when evhttp_send_reply_start() is called after a timeout.
  * Fix crashing http server when callback do not reply in place
  * fix handling of close_notify (ssl) in http with openssl bufferevents
  * use *_new_with_arg() to match function prototype
  * avoid NULL dereference on request is not EVHTTP_REQ_POST
  * bufferevent_socket_connect{,_hostname}() missing event callback and use
    ret code
  * don't fail be_null_filter if bytes are copied
  * Call underlying bev ctrl GET_FD on filtered bufferevents
  * be_openssl: avoid leaking of SSL structure
  * Add missing includes into openssl-compat.h
  * Explicitly call SSL_clear when reseting the fd.
  * sample/https-client: use host SSL certificate store by default
  * ipv6only socket bind support
  * evdns: handle NULL filename explicitly
  * Fix assert() condition in evbuffer_drain() for IOCP
  * fix incorrect unlock of the buffer mutex (for deferred callbacks)
  * Fix wrong assert in evbuffer_drain()
  * Port `event_rpcgen.py` and `test/check-dumpevents.py` to Python 3.
- rename python2-shebang.patch -> python3-shebang.patch following port

- Make use of %license macro

- Add devel-static package, which is needed for building Envoy
  (https://www.envoyproxy.io/) and Cilium with Envoy integration
- Fix an error about /usr/bin/env shebang in event_rpcgen.py
  * python2-shebang.patch

- Security fixes:
  * CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705)
  * CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708)
  * CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704)
  * CVE-2026-42010: lib/auth/rsa_psk: fix binary PSK identity lookup (bsc#1263709)
  * CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive (bsc#1263707)
  * CVE-2026-42011: x509/name_constraints: fix intersecting empty constraints (bsc#1263710)
  * CVE-2026-42012: x509/hostname-verify: make URI/SRV SAN preclude CN fallback (bsc#1263711)
  * CVE-2026-42013: x509: prevent fallback on oversized SAN (bsc#1263712)
  * CVE-2026-42014: pkcs11_write: fix UAF and leak in gnutls_pkcs11_token_set_pin (bsc#1263713)
  * CVE-2026-42015: x509/pkcs12_bag: fix off-by-one in bag element bounds check (bsc#1263714)
  * CVE-2026-5260: lib/pkcs11_privkey: guard against overreading on short ciphertexts (bsc#1263715)
  * CVE-2026-5419: gnutls_cipher_decrypt3: make PKCS#7 unpadding branch free (bsc#1263716)
  * Add patches:
    gnutls-CVE-2026-33846.patch gnutls-CVE-2026-42009.patch
    gnutls-CVE-2026-33845.patch gnutls-CVE-2026-42010.patch
    gnutls-CVE-2026-3833.patch  gnutls-CVE-2026-42011.patch
    gnutls-CVE-2026-42012.patch gnutls-CVE-2026-42013.patch
    gnutls-CVE-2026-42014.patch gnutls-CVE-2026-5260.patch
    gnutls-CVE-2026-42015.patch gnutls-CVE-2026-5419.patch

- CVE-2026-4480: Fix Unauthenticated Remote Code Execution;
  (bso#16033); (bsc#1261161).
- CVE-2026-4408: Fix Remote Code Execution in SAMR;(bso#16034);
  (bsc#1261163).
- CVE-2026-3238: Fix unauthenticated udp packet crashes AD DC
  nbt server; (bso#16012); (bsc#1261160).
- CVE-2026-3012: Fix CVE-2026-3012 group policy certificate
  enrollment using http:// without validation;(bso#16003);
  (bsc#1261159).
- CVE-2026-1933: Fix missing access check on reparse point
  operations; (bso#15992); (bsc#1261188).
- CVE-2026-2340: vfs_worm does not block directory modification;
  (bso#15997); (bsc#1261158).

- Fix rpc workers with long living clients from growing server
  memory keytab and increasing memory used by workers;
  (bso#16042); (bsc#1257200).

- Generated dynamic profile based on path to special 'printers'
  share. (bsc#1259441).

- Fix regression "use-kerberos=desired" broken doesn't even try
  to authenticate with kerberos and instead fallsback to NTLM;
  (bsc#1255755); (bso#15789).
- Fix memory leak using cups parsed options and from filename
  allocated when processing end of printing job; (bso#15979);
  (bsc#1257200).
- fix manpage for "net offlinejoin requestodj"; (bso#15964)
- fix "ctdbd socket" documentation in manpage for smb.conf;
  (bso#15977)

- Fix memory leak opening local named pipe; (bso#15979);
  (bsc#1257200).

- Fix buffer overflow in lzma_index_append (bsc#1261280, CVE-2026-34743)
  * CVE-2026-34743.patch
- Change SUSE-Public-Domain license to LicenseRef-SUSE-Public-Domain to
  fix rpmlint errors

- Add python36-certifi provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-idna provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-packaging provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-py provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-six provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- CVE-2026-44431: sensitive information disclosure due to sensitive
  headers being forwarded across origins in proxied low-level redirects
  (bsc#1265267)
  Add patch CVE-2026-44431.patch

- fix regression in CVE-2025-66471.patch when downloading large files
  (bsc#1259829)

- CVE-2026-42304: Prevent resource exhaustion during DNS name decompression
  * Add patch CVE-2026-42304-compressed-name-loop-detection.patch
    (bsc#1265265)