- 6.9.4
- fixes:
	* CVE-2019-19012 Integer overflow related to reg->dmax in search_in_range()
	* CVE-2019-19203 heap-buffer-overflow in gb18030_mbc_enc_len()
	* CVE-2019-19204 heap-buffer-overflow in fetch_interval_quantifier()

- Update to autumn security release (closes: 37334)
- Code execution with euid==0 in rare box configurations (fixes: CVE-2019-14287)
- Fix post script for sudowheel control in case of upgrade in not default state

- fixes:
 + CVE-2017-16611 Open files with O_NOFOLLOW

- Port to c8.1 branch due to upgrade of the server side (SPICE);
- (Fixes: CVE-2016-3066).

- Applied upstream security fix (fixes CVE-2019-11500).

- Applied upstream security fix (fixes CVE-2019-11500).

- Sync with Debian 3.20190514.1:
  + New upstream microcode datafile 20190514
  + SECURITY UPDATE
    Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  + New Microcodes:
    sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
    sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
    sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
    sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
  + Updated Microcodes:
    sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
    sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
    sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
    sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
    sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
    sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
    sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
    sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
    sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
    sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
    sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
    sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
    sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
    sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
    sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
    sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
    sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
    sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
    sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
    sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
    sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
    sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
    sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
    sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280

- Update to latest samba-4.6 security release
- Security fixes:
  + CVE-2018-10858 Insufficient input validation on client directory
    listing in libsmbclient
  + CVE-2018-10919 Confidential attribute disclosure from the AD LDAP server

- Update to latest samba-4.6 security release
- Security fixes:
  + CVE-2018-10858 Insufficient input validation on client directory
    listing in libsmbclient
  + CVE-2018-10919 Confidential attribute disclosure from the AD LDAP server

- for c8, soap reenabled
(Fixes: CVE-2017-1000061)

- Fix crash on lease renewals (closes: #36730).
- Updated to 6.11.7 (fixes: CVE-2019-11766).

- 0.14.1 (Fixes: CVE-2018-10873)

- Updated to 3.4.1 (fixes: CVE-2018-16869).

- journald: set a limit on the number of fields once more.
- Backported patches from upstream (fixes: CVE-2018-16864, CVE-2018-16865,
  CVE-2018-16866).

- Upstream git snapshot (nm-1-4 branch) (fixes: CVE-2018-15688).

- fix changelog
- security fixes: CVE-2018-10933

- 10.1.35
- Fixes for the following security vulnerabilities:
  + CVE-2018-3064
  + CVE-2018-3063
  + CVE-2018-3058
  + CVE-2018-3066
- change mode of plugin dir in chroot (ALT #33259)

- Correction for fix for CVE-2018-15473

- New version.
- Fixes:
  + CVE-2017-17742: HTTP response splitting in WEBrick
  + CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
  + CVE-2018-8777: DoS by large request in WEBrick
  + CVE-2018-8778: Buffer under-read in String#unpack
  + CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
  + CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir

- new version 
- fixes: 
  * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write
  * CVE-2018-1000121 LDAP NULL pointer dereference
  * CVE-2018-1000122  RTSP RTP buffer over-read

- v4.4.116  (Fixes: CVE-2017-8824)

- v4.4.116  (Fixes: CVE-2017-8824)

- Backported to c8 branch (fixes CVE-2017-3737, CVE-2017-3738).

- Backported upstream secutiry patches (fixes CVE-2017-15670 CVE-2017-15804).

- new version 2.4.28
- disabled NameVirtualHost directive in ports_all.conf (closes: #32269)
- increased timeout for restarting httpd on SysVinit sytems (closes: #31062)
- increased LOOPSSTART and TimeoutStartSec (closes: #33978)
- fixes:
	* CVE-2017-9798 Corrupted or freed memory access

- (Fixes: CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12183).

- backport to c8
- multiple vulnerabilities (so-called KRACK attack) (Fixes:
  + CVE-2017-13077
  + CVE-2017-13078
  + CVE-2017-13079
  + CVE-2017-13080
  + CVE-2017-13081
  + CVE-2017-13082
  + CVE-2017-13086
  + CVE-2017-13087
  + CVE-2017-13088)

- Backport to C8
 (Fixes: CVE-2009-2288, CVE-2011-1523, CVE-2012-6096, CVE-2013-2214,
 CVE-2013-7108, CVE-2013-7205)

- backport to c8 (Fixes: CVE-2016-2074)

- Updated to 1.5.28 (Fixes: CVE-2016-10087)

- backport to c8
 (Fixes: CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)

- backport to c8 (Fixes: CVE-2016-1567)

- backport to c8 (Fixed: CVE-2017-8779)

- backport to c8 (Fixes: CVE-2016-8649)

- Fixes:
 + CVE-2016-5104 The socket_create function in common/socket.c in libimobiledevice allows remote attackers to bypass intended access restrictions

- Fixes:
  + CVE-2017-7960 denial of service in cr_input_new_from_uri function in cr-input.c

- backport to c8 (Fixes: CVE-2016-8687, CVE-2016-8688, CVE-2016-8689)

- backport to c8 (Fixes: CVE-2012-1148, CVE-2012-6702, CVE-2015-1283,
  CVE-2015-2716, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-9063,
  CVE-2017-11742, CVE-2017-9233)

- backport to c8 (Fixes: CVE-2015-8605, CVE-2016-2774)

- backport to c8 (Fixes: CVE-2016-5180, CVE-2017-1000381)

- port to c8 (Fixes: CVE-2017-7547, CVE-2017-7546, CVE-2017-7547, CVE-2017-7548,
  CVE-2017-7548, CVE-2017-7547, CVE-2017-7546, CVE-2017-7484, CVE-2017-7484,
  CVE-2017-7485, CVE-2017-7486, CVE-2017-7484, CVE-2017-7486, CVE-2017-7485,
  CVE-2017-7484)

- backport to c8 (Fixes: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548,
  CVE-2017-7548, CVE-2017-7547, CVE-2017-7546, CVE-2017-7484, CVE-2017-7484,
  CVE-2017-7485, CVE-2017-7486, CVE-2017-7484, CVE-2017-7486, CVE-2017-7485,
  CVE-2017-7484)

- backport to c8 (Fixes: CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE-2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2380, CVE-2016-4323)

- new version with these security fixes:
     * wnpa-sec-2017-22 Bazaar dissector infinite loop CVE-2017-9352
     * wnpa-sec-2017-23 DOF dissector read overflow CVE-2017-9348
     * wnpa-sec-2017-24 DHCP dissector read overflow CVE-2017-9351
     * wnpa-sec-2017-25 SoulSeek dissector infinite loop CVE-2017-9346
     * wnpa-sec-2017-26 DNS dissector infinite loop CVE-2017-9345
     * wnpa-sec-2017-27 DICOM dissector infinite loop CVE-2017-9349
     * wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350
     * wnpa-sec-2017-29 BT L2CAP dissector divide by zero CVE-2017-9344
     * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343
     * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347
     * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354
     * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343
     * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347
     * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354
     * wnpa-sec-2017-33 IPv6 dissector crash CVE-2017-9353

- new version
- security fixes:
  CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986,
  CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991,
  CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995,
  CVE-2017-2996

- Update to latest release
 + Security CVE-2014-3566 critical to rhc:
   https://blog.openshift.com/poodle-ssl-vulnerability/

- 2.24.31 (CVE-2013-7447)

- New version (CVE-2016-4303)

- really update sources to 2.3.4 fixes (CVE-2012-3478 and CVE-2012-2252)
- add patch for rsync3 compat

- 1.18 (fixes CVE-2016-4971: untrusted filenames when following
  HTTP to FTP redirects)

- new version with fixes for CVE-2016-5118 (closes: #32174)

- Updated to 3.5.19 (inludes fixes for CVE-2016-4553, CVE-2016-4554,
  CVE-2016-4555, CVE-2016-4556).

- 2.4.11 (CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081, CVE-2015-1122,
 CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809, CVE-2015-5928, CVE-2015-3749,
 CVE-2015-3659, CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745, CVE-2015-5822,
 CVE-2015-3658, CVE-2015-3741, CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747,
 CVE-2015-5794, CVE-2015-1127, CVE-2015-1153, CVE-2015-1083)

- 0.8.2
- fixed CVE-2015-4047

- New version: security fixes
- Fix CVE-2015-8378: Canceling XML export operation creates export as ".xml"

- CVE-2015-8370: those who have set up GRUB passwords MUST
  upgrade or find their use of this "protection" inefficient:
  http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
  (closes: #31631)
- added fedora patch to piggyback --unrestricted through CLASS
  thus changing the default for password-protected menuentry items
  to request password only when an attempt to change boot parameters
  is made (but to let the system boot by default); see also
  http://altlinux.org/grub#password
- added upstream texinfo patch to fix FTBFS
- explicit BR: texinfo

- 3.1.11
  + reset to pristine source, effectively reverting all patches
- applied patch series extracted from opensuse 13.1 updates'
  3.1.11-2.3.1 package to fix CVE-2012-2150

- CVE-2015-1782 fixed

- Fixed CVE-2015-3239.
- Added aarch64 architecture support.

- new version
- security fixes: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200

- CVE-2015-1200 fix (patch from debian bug #775306)

- Patch for CVE-2014-5461 applied
- 5.1.4 -> 5.1.5
- lua-5.1.4 patches reverted
- applied official pathes #1/#2 from lua.org/bugs.html

- 0.8.8.5
  + CVE-2013-4233, CVE-2013-4234 fixes

- Updated to 2.08 (fixes CVE-2014-4607).
- Cleaned up specfile.

- updates from linux-3.10.40:
  + KVM: ioapic: fix assignment of ioapic->rtc_status.pending_eoi (CVE-2014-0155)

- Updated to 1.3.1 r1092 (fixes CVE-2013-6629, CVE-2013-6630).

- 0.6.21
- fixed CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836,
  CVE-2012-2837, CVE-2012-2840, CVE-2012-2841, CVE-2012-2845

- Updated to 2.6.22. Security fixes:
  + CVE-2008-4810
  + CVE-2008-4811