- New version 3.2.19.
- Fixes for the following security vulnerabilities:
  + CVE-2023-31047 Potential bypass of validation when uploading multiple files using one form field

- 3.5.9 (Fixes: CVE-2023-32082).

- New version 0.9.6 (Fixes: CVE-2023-1017, CVE-2023-1018).

- 2.29.0 -> 2.31.0 (fixes: CVE-2023-32681).

- Update to maintenance release of Samba 4.18:
  + log flood: smbd_calculate_access_mask_fsp: Access denied: message level
    should be lower (Samba#15302).
  + Floating point exception (FPE) via cli_pull_send at
    source3/libsmb/clireadwrite.c (Samba#15306).
  + Reduce flapping of ridalloc test (Samba#15329).
  + large_ldap test is unreliable (Samba#15351).
  + New filename parser doesn't check veto files smb.conf parameter (Samba#15143).
  + mdssvc may crash when initializing (Samba#15354).
  + Large directory optimization broken for non-lcomp path elements (Samba#15313).
  + streams_depot fails to create streams (Samba#15357).
  + shadow_copy2 and streams_depot don't play well together (Samba#15358).
  + wbinfo -u fails on ad dc with >1000 users (Samba#15366).
  + winbindd idmap child contacts the domain controller without a
    need (Samba#15317).
  + idmap_autorid may fail to map sids of trusted domains for the first
    time (Samba#15318).
  + idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings (Samba#15319).
  + net ads search -P doesn't work against servers in other domains (Samba#15323).
  + DS ACEs might be inherited to unrelated object classes (Samba#15338).
  + Temporary smbXsrv_tcon_global.tdb can't be parsed (Samba#15353).
  + Setting veto files = /.*/ break listing directories (Samba#15360).
  + CVE-2020-25720 [SECURITY] Create Child permission should not
    allow full write to all attributes (additional changes) (Samba#14810).
  + Reduce flapping of ridalloc test (Samba#15329).
  + dsgetdcname: assumes local system uses IPv4 (Samba#15325).

- 8.0.1 -> 8.1.0
- descreased the number of tests: apache2-* was removed from BuildRequires to
  avoid circular dependencies curl -> apache2-mods -> libcurl
- Fixes:
   * CVE-2023-28319 UAF in SSH sha256 fingerprint check
   * CVE-2023-28320 siglongjmp race condition
   * CVE-2023-28321 IDN wildcard match
   * CVE-2023-28322 more POST-after-PUT confusion

- 4.0.5
- Fixes:
    * CVE-2023-1994 GQUIC dissector crash.
    * CVE-2023-1993 LISP dissector large loop.
    * CVE-2023-1992 RPCoRDMA dissector crash.
    * CVE-2023-1161 ISO 15765 and ISO 10681 dissector crash.

- 2.17.6 (Fixes: CVE-2021-3905, CVE-2023-1668, CVE-2022-4337, CVE-2022-4338)

- New version (1.20.4) (Fixes: CVE-2023-24539, CVE-2023-24540, CVE-2023-29400)

- 2.10.4 (Fixes: CVE-2023-29469, CVE-2023-28484)

- 2.33.7 -> 2.33.8 (fixes: CVE-2023-25652, CVE-2023-25815, CVE-2023-29007).

- Autobuild version bump to 10.01.1
- (Fixes: CVE-2023-28879)

- Fixed arbitrary command execution via a tag file with
  a crafted filename (fixes CVE-2022-4515).

- 1.10.3.
- switch to meson.
- Security fixes for CVE-2020-11721, CVE-2020-19668.

- 0.9.76 released (fixes: CVE-2023-27371)

- 1.1.4 (Fixes CVE-2023-27478)
- Change URL to new upstream project
- Use CMAKE

- Added patches from upstream git:
  + Avoid undefined behaviour with the ctype(3) functions
  + Fix --rev-server option
  + Fix possible SEGV when no servers defined
  + Set the default maximum DNS UDP packet size to 1232
    (fixes: CVE-2023-28450)
  + Fix DHCPv6 "use multicast" response which previously failed

- 0.9.68 -> 0.9.72 (Fixes: CVE-2022-31214)

- 1.14.4 (fixed CVE-2023-28100, CVE-2023-28101)

- new version 16.19.1 (with rpmrb script)
- CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA environment variable (Low)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
- set openssl >= 1.1.1s
- set npm >= 8.19.3

- 0.103.8 (CVE-2023-20032, CVE-2023-20052)

- 5.9.3
- Fixes: CVE-2022-44792, CVE-2022-44793
- Add patches from fedora.
- Drop libucd-snmp and libucd-snmp-devel packages.
- Drop net-snmp-config package and move script net-snmp-config to devel.
- Add libnet-snmp-agent package and move agent library.

- 4.0.1 (Fixes: CVE-2023-22745)

- Updated to 3.7.9 (fixes: CVE-2023-0361).

- (Fixes: CVE-2022-3534, CVE-2022-3606).

- 8.0.27 -> 8.0.28 (Fixes: CVE-2023-0567, CVE-2023-0568, CVE-2023-0662)

- (Fixes: CVE-2022-47016).

- 3.5.15 (fixes: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883)

- New version
- Security fixes:
  + CVE-2022-24736: server crash by a specially crafted Lua script
  + CVE-2022-24735: overcome ACL rules via Lua scripts manipulation

- 251.10 (Fixes: CVE-2022-4415)

- Fixed libssl knob.
- Fixed License tag.
- Added Vcs tag.
- Patch from upstream:
  + Fixed crash when st_info_list is NULL (fixes: CVE-2022-4121).

- security (fixes: CVE-2022-36227)

- 7.1.0 (Fixes: CVE-2020-14394, CVE-2022-0216).

- Backported upstream commit "mpz/inp_raw.c: Avoid bit size overflows"
  (thx Marco Bodrato) (fixes CVE-2021-43618).

- Fixes (CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785,
  CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789,
  CVE-2022-40284)

- 0.42.2 (fixed CVE-2022-44638)

- rename patch lib-DBD-File.pm-fix-CVE-2014-10401.patch
- fixes changelog

- Updated to 2.5.0 (fixes: CVE-2022-43680 Fix heap use-after-free after
  overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate
  in out-of-memory situations, DoS or potentially ACE).

- security (fixes: CVE-2020-29260)

- Fixes patch CVE-2015-0557-security-traversal-dir (ALT #44143).

- Add support LDAP add/mod operation to set/change password:
 + fix unable to join to active directory after KB5008380/CVE-2021-42287 with
   option '--ldap-passwd';
 + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27
- Add support fall back to LDAPS if CLDAP ping was not successful
 + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp
   port adcli will try to send the request to the LDAPS port 636/tcp.
- Fix write SID before secret to Samba's db looks like 'net changesecretpw'
- Add passwd-user sub-command for (re)set a user password.
- Add dont-expire-password option for computer.

- fixes CVE-2019-25051

- fixes CVE-2018-10195.

- fixes CVE-2021-4217

- Updated to 4.4.3-P1 (fixes: CVE-2022-2928,CVE-2022-2929).

- Update to stable release 6.15 (Samba#15025, Samba#15026)
- mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239)
- mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)

- Secutiry update (fixed: CVE-2015-20107).
- Fixed Url field.

- Version bump
- Many bugfixes, including security, including:
  Fixes: CVE-2022-24106, CVE-2022-27135

- Autobuild version bump to 6.1.7
- Fixes: CVE-2022-30333

- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988, 
  CVE-2018-20846, CVE-2018-16376, CVE-2021-29338)

- New version.
- Security fixes:
  + CVE-2021-28544 Subversion servers reveal copyfrom paths that should be hidden according to configured path-based authorization (authz) rules.
  + CVE-2022-24070 mod_dav_svn is prone to a use-after-free vulnerability when looking up path-based authorization rules, which can result in denial of service (crash of HTTPD worker handling the request).

- gzip: v1.10-31-g34db0a2 -> v1.12-3-g83c65d1 (fixes: CVE-2022-1271).

- upplied upstream fix for CVE-2021-4115 (GHSL-2021-077)

- 2.4.3 (Fixes: CVE-2021-4122).

- Applied SUSE combchar.diff to prevent DoS via crafted UTF-8 character
  sequence (fixes CVE-2021-26937).

- 0.2.5 (fixed CVE-2021-39358)

- New version (Fixes: CVE-2020-15158).

- 3.2.8 (fixes: CVE-2021-33582)

- new version
- security (fixes: CVE-2021-3634)

- ^ 3.0.4 -> 3.2.19
- ! CVE-2020-36327, CVE-2021-24105

- avoid infinite-loop in avahi-daemon (closes: #39357) (fixes: CVE-2021-3468)

- Updated to upstream version 3.6.0 (Fixes: CVE-2020-26276).

- Updated to upstream version 0.32.3 (Fixes: CVE-2017-5208,
  CVE-2017-5331, CVE-2017-5332, CVE-2017-5333).

- Applied security patch from Gentoo (Fixes: CVE-2017-9430).

- Applied security fix from upstream (Fixes: CVE-2019-14495).

- Updated to upstream version 1.2.2 (Fixes: CVE-2019-13045, CVE-2019-15717).

- Applied security patch from Fedora (Fixes: CVE-2019-19917, CVE-2019-19918)

- Updated to upstream version 0.19 (Fixes: CVE-2016-9601, CVE-2020-12268).

- Switched to CVE-2008-4935 fix from Debian.
- Added -Werror=implicit-function-declaration compiler flag.

- Updated to version 1.76 from Debian (Fixes: CVE-2009-1382, CVE-2009-2459).

- Cleaned up sources by importing sources from Debian.
- Forced using system build flags.
- Updated fix for CVE-2015-2063.

- Applied patches from Debian (Fixes: CVE-2013-4420).

- Applied patches from Debian (Fixes: CVE-2014-8123).

- Applied patches from Gentoo (Fixes: CVE-2015-8836, CVE-2015-8837).

- Updated to upstream version 1.2.2 (Fixes: CVE-2017-15953, CVE-2017-15954, CVE-2017-15955).

- Updated to upstream version 2.0.29 (Fixes: CVE-2019-20917, CVE-2020-25269).

- Applied patches from Debian (Fixes: CVE-2005-3178).

- Applied security fix from Gentoo (Fixes: CVE-2017-8364)

- Secutity (Fixes: CVE-2015-0848, CVE-2015-4588, CVE-2015-4695,
  CVE-2015-4696, CVE-2016-9011)

- CVE-2015-1200 fix (patch from debian bug #775306)