- Applied security fixes from upstream (Fixes: CVE-2026-0990, CVE-2026-0992, CVE-2026-0989).

- Applied upstream patch (fixes: CVE-2025-13151).

- v5.10.250 (2026-02-11).

- Fix wsrep-API version (ALT #57828)

- Used patches from Fedora (fixes: CVE-2024-25768).

- new version 3.8.5

- Backported new version to c9 branch.

- Update to 1.0.18-FINAL-0-g45b09a60 (2025-12-31). (Fixes: CVE-2025-69277).

- Backport to c9f2.

- Backported CVE fixes (fixes: CVE-2025-4404, CVE-2025-7493).

- Backported upstream fixes (required by freeipa CVE-2025-7493).

- 2.4.65 -> 2.4.66 (Fixes: CVE-2025-66200, CVE-2025-65082, CVE-2025-59775,
			CVE-2025-58098, CVE-2025-55753)
- tightened the default_https vhost by
  adding explicit Directory defaults (closes: #51050)
- updated Summary and Description
- built with pcre2
- enabled brotli support
- added lua and http2 modules in separate subpackages
- explicitly enabled cache_disk and socache_shmcb
- folded the downstream patchset in-tree and consolidated packaging patches
- removed apache1 legacy support
- dropped legacy configs and obsolete build options
- dropped Conflicts/Obsoletes from legacy 1.3/2.2 transitions

- 1.7.5 -> 1.7.6
- install missing apr_common.m4 into /usr/share/apr-1/build/ to enable
  building apache httpd directly from a Git checkout

- Backport to c9.

- Backport latest 2.9 LTM release for c9f2.
- Disable Kerberos localauth an2ln plugin for AD/IPA (fixes: CVE-2025-11561).

- 1.24.2 (Fixes: CVE-2025-11411)

- Security fix for CVE-2025-9300.

- Backport to c9f2 (Fixes: CVE-2025-11230).

- disabled sntp's tests crypto,packetHandling,packetProcessing (ALT #56509)

- Applied upstream patch (fixed CVE-2025-6297).

- Fixes:
  + CVE-2025-9900 Write-what-where condition

- Applied upstream patch (fixed CVE-2024-31047).

- backported upstream security fix (fixes CVE-2025-32911, CVE-2025-32913).

- New version 2.28.10.

- Backported Java recursion limit fixes from p10 (Fixes: CVE-2024-7254),
  but with fixes in UnknownFieldSetLite instead of UnknownFieldSchema and
  without the fixes in ArrayDecoders. (Both things appeared in the source
  later than 3.6.1. However, the corresponding tests have been backported
  in LiteTest: they detect the problem/verify a fix.)
- %check: also run conformance tests (only for C++).

- Implement expiring passwords for ALT.
- Reuse upstream commit f43937f0b462734eb9c76700491c18fe4133c8e1. Fixes:
  + CVE-2024-6174 Change default policy of ds-identify to disallow discovery of datasources.

- Security fix: CVE-2025-48988: Denial of Service

- Backport to c10f2
- Applied security fixes from upstream (Fixes: CVE-2019-6461).

- backport to c9f2 branch

- (Fixes: CVE-2025-6019)

- Security release (fixes: CVE-2025-32462, CVE-2025-32463) (closes: 55007):
 + Sudo's -h (--host) option could be specified when running a command or
   editing a file. This could enable a local privilege escalation attack if the
   sudoers file allows the user to run commands on a different host.
   For more information, see Local Privilege Escalation via host option:
   https://www.sudo.ws/security/advisories/host_any/
 + An attacker can leverage sudo's -R (--chroot) option to run arbitrary
   commands as root, even if they are not listed in the sudoers file. The chroot
   support has been deprecated an will be removed entirely in a future release.
   For more information, see Local Privilege Escalation via chroot option:
   https://www.sudo.ws/security/advisories/chroot_bug/

- 0.13.80

- Backported upstream security fix (fixes CVE-2025-0395).

- Apply libtiff5 patch.

- Backport to c10f2.
- Applied upstream patch (fixed CVE-2025-30472).

- 2.4.6 (Fixes: CVE-2025-23016)

- Applied upstream patch (fixed CVE-2019-17455).

- cherry pick upstream fixes for CVE-2020-14347

- ^ 1.24.2 -> 1.24.3p6
- ! fixed
-  + CVE-2024-8553
-  + CVE-2022-4130

- added optflag -Wno-error=implicit-function-declaration (fixed FTBFS)

- Security fixes:
  + CVE-2021-42260: Fixed infinite loop in TiXmlParsingData::Stamp via crafted XML message (DoS)
  + CVE-2023-34194: Fixed reachable assertion (application exit) in TiXmlDeclaration::Parse via crafted XML document

- Set KillMode=control-group in salt-minion.service.

- New version 0.26.1.

- don't enable NVreg_PreserveVideoMemoryAllocations because suspend problem

- Security update (Fixes: CVE-2025-26519) (ALT#53160).

- 1.26.2 -> 1.26.3 (Fixes: CVE-2025-23419)

- backported to c9f2.

- Build for kernel-image-std-def-5.10.250-alt0.c9f.2.

- Build for kernel-image-un-def-5.10.29-alt2.

- new version

- new version

- new version

- Backport to c9f2 branch (go.mod requires go >= 1.22.6
  (running go 1.21.11)).

- New version 4.9.5 (Fixes: CVE-2024-3727).

- version 1.8.9 (fixes CVE-2024-42353).

- Backported upstream security fixes (fixes CVE-2023-5678, CVE-2024-0727,
  CVE-2024-2511, CVE-2024-4741, CVE-2024-5535, CVE-2024-9143).

- new version 0.9.8 (with rpmrb script)

- new version 3.1.11 (with rpmrb script)

- new version 2.14.1

- checkinstall: Fallback to grep for file4.

- Update to 1.7.6 (2024-10-23).
- Add support for Linux 6.9, 6.10, 6.11 (x86_64).

- Security fix:
  + CVE-2020-15078 Ensure key state is authenticated before sending push reply

- 1.14.53

- backport to c9f2.

- Backport new version to p10 branch.

- removed 3gp format from output video generation
  due to limitations in supported sizes list (closes: #46708)

- Backport to c9f2.
- Applied security fixes from upstream (Fixes: CVE-2024-5171).

- Updated to 0.5.21.1.

- Updated to 2.3.21.1.
- Security fixes:
  + CVE-2024-23184: A large number of address headers in email resulted
    in excessive CPU usage.
  + CVE-2024-23185: Abnormally large email headers are now truncated or
    discarded, with a limit of 10MB on a single header and 50MB for all
    the headers of all the parts of an email.

- new version

- keep GSS API consistent with previous release

- new release

- 27.1.1 (fixes: CVE-2024-41110)

- Backported fix for https://pagure.io/bind-dyndb-ldap/issue/228

- Fix symlink-to-dir file conflict when updating from c9f1.

- New version (fixes CVE-2022-21159, CVE-2022-1302, CVE-2021-45769).

- new version

- Build to branch c9 for update samba to latest supported security release 4.16

- Backport security fixes from Samba 4.17
- Security fixes (Samba#15422, Samba#15424, Samba#15439, Samba#15473, Samba#15474):
 + CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root
                   to existing unix domain sockets on the file system.
                   https://www.samba.org/samba/security/CVE-2023-3961.html

 + CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files
                   with OVERWRITE disposition when using the acl_xattr Samba VFS
                   module with the smb.conf setting
                   "acl_xattr:ignore system acls = yes"
                   https://www.samba.org/samba/security/CVE-2023-4091.html

 + CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
                   attributes, including secrets and passwords.  Additionally,
                   the access check fails open on error conditions.
                   https://www.samba.org/samba/security/CVE-2023-4154.html

 + CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
                   server block for a user-defined amount of time, denying
                   service.
                   https://www.samba.org/samba/security/CVE-2023-42669.html

 + CVE-2023-42670: Samba can be made to start multiple incompatible RPC
                   listeners, disrupting service on the AD DC.
                   https://www.samba.org/samba/security/CVE-2023-42670.htm

- Backport to c9f2.

- Initial build for ALT.

- 0.7.1 -> 0.7.3

- Backport new version to c9 branch

- Build for kernel-image-std-def-5.10.250-alt0.c9f.2.

- Build for kernel-image-un-def-5.10.29-alt2.

- 1.60.0 -> 1.61.0 (Fixes: CVE-2024-28182)

- Fix side-channel in the deterministic ECDSA (fixes: CVE-2024-28834).
- tests: Add test for CVE-2024-28835.
- rsa-psk: minimize branching after decryption (fixes: CVE-2024-0553).
- x509: detect loop in certificate chain (fixes: CVE-2024-0567).

- Backport fixes from 10.1.0 and 10.2.0-rc1 (Fixes: CVE-2024-1441, CVE-2024-2494)

- 1.26.14

- new version

- new version

- new version

- NMU: 2.1.28 (Closes: #49511)

- New version (3.98).
- Certificate Authority Changes:
  + Add CN=D-Trust SBR Root CA 1 2022
  + Add CN=D-Trust SBR Root CA 2 2022
  + Add CN=Telekom Security SMIME ECC Root 2021
  + Add CN=Telekom Security SMIME RSA Root 2023
  + Add CN=Telekom Security TLS ECC Root 2020
  + Add CN=Telekom Security TLS RSA Root 2023

- Fixed different signedness comparison on 32bit systems.
- Dropped obsoleted patches.
- Patches from upstream git:
  + Add missing CHANGELOG entries for 2.90;
  + Fix spurious "resource limit exceeded" messages.
- Updated to 2.90 (fixes: CVE-2023-50387,CVE 2023-50868).

- Autobuild version bump to 1.2.1

- fixed systemd unit (Closes: #49359)

- Add info about CVE to changelog.

- Fixed FTBFS (libssh 0.10.6).

- new version
- update shim-15.8-alt-Bump-grub-SBAT-revocation-to-4 patch
- Fixes:
  + CVE-2023-40546 mok: fix LogError() invocation
  + CVE-2023-40547 - avoid incorrectly trusting HTTP headers
  + CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
  + CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
  + CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
  + CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries