Changed packages:

==== ImageMagick ====
Subpackages: ImageMagick-devel ImageMagick-doc ImageMagick-extra libMagick++-6_Q16-5 libMagickCore-6_Q16-2 libMagickWand-6_Q16-2 perl-PerlMagick

- do not use -march/-mtune [bnc#904545]

==== LibVNCServer-devel ====
Version update (0.9.9 -> 0.9.10)
Subpackages: libvncclient0 libvncserver0

- Update to version 0.9.10
  + Moved the whole project from sourceforge to https://libvnc.github.io/.
  + Cleaned out the autotools build system which now uses autoreconf.
  + Updated noVNC HTML5 client to latest version.
  + Split out x11vnc sources into separate repository at
    https://github.com/LibVNC/x11vnc
  + Split out vncterm sources into separate repository at
    https://github.com/LibVNC/vncterm
  + Split out VisualNaCro sources into separate repository at
    https://github.com/LibVNC/VisualNaCro
  + Merged Debian patches.
  + Fixed some security-related buffer overflow cases.
  + Added compatibility headers to make LibVNCServer/LibVNCClient
    build on native Windows 8.
  + Update LZO to version 2.07, fixing CVE-2014-4607.
  + Merged patches from KDE/krfb.
  + Can now do IPv6 without IPv4.
  + Fixed a use-after-free issue in scale.c.
- Update Url and download source to new project home
- Remove LibVNCServer-0.9.9-no_x11vnc.patch; upstream splited it
  out of main tarball
- Rebase libvncserver-ossl.patch to upstream changes
  > libvncserver-0.9.10-ossl.patch
- Remove linuxvnc subpackage; like x11vnc, it has been splited out
  but is depreciated and unmaintained.

==== Mesa ====
Version update (10.3.3 -> 10.4.0)
Subpackages: Mesa-32bit Mesa-devel Mesa-dri-devel Mesa-libEGL-devel Mesa-libEGL1 Mesa-libEGL1-32bit Mesa-libGL-devel Mesa-libGL1 Mesa-libGL1-32bit Mesa-libGLESv1_CM-devel Mesa-libGLESv1_CM1 Mesa-libGLESv2-2 Mesa-libGLESv2-devel Mesa-libglapi-devel Mesa-libglapi0 Mesa-libglapi0-32bit libOSMesa-devel libOSMesa9 libOSMesa9-32bit libgbm-devel libgbm1 libgbm1-32bit libvdpau_nouveau libvdpau_r600 libvdpau_radeonsi libwayland-egl-devel libwayland-egl1 libxatracker2

- Update to version 10.4.0 (10.4 Final):
- New features:
  + GL_ARB_conditional_render_inverted on nv50
  + GL_ARB_sample_shading on r600
  + GL_ARB_texture_view on nv50, nvc0
  + GL_ARB_clip_control on nv50, nvc0, r300, r600, radeonsi, llvmpipe, softpipe
  + GL_KHR_context_flush_control on all drivers
- Changes:
  + Removed patch17: u_Suppress-any-libGL-.-warnings-when-LIBGL_DEBUG-is-se.patch
    This patch was upstreamed
  + Build without "--enable-gallium-egl"
    This buildoption was removed upstream
  + Add subpackage libvdpau_r300

==== amavisd-new ====
Version update (2.9.1 -> 2.10.1)
Subpackages: amavisd-new-docs

- Update to version 2.10.1
  + fixed a missing import of mail_addr_idn_to_ascii() and idn_to_utf8()
    when SQL is in use
  + void warnings issued by perl 5.21.5:
- Changes from version 2.10
  COMPATIBILITY
- New requirement: perl module Net::LibIDN needs to be installed.
- Uses a perl module File::LibMagic if installed, instead of spawning
  a file(1) utility.
- Support for international email relies heavily on perl to do the
  right thing in its support of Unicode, so using a reasonably recent
  version of perl is recommended. Amavisd was tested with perl 5.18
  and 5.20.1. Versions of perl older than 5.12 may cause problems
  with handling, encoding, and decoding of Unicode characters.
  It is reasonable to expect that versions 5.14 and 5.16 are fine too,
  but have not been tested extensively.
- Default log templates and notification templates have changed
  in details (like in decoding of international e-mail addresses), so
  if locally customized templates are in use these will benefit from
  updating - otherwise expect some mojibake in log and notifications.
- International domain names (IDN) encoded in ASCII-compatible encoding
  found in e-mail addresses and in Message-ID header field will be decoded
  to Unicode for presentation purposes (syslog, JSON structured log,
  notifications). This decoding does not affect a mail message itself.
- Logging via syslog expects that syslogd (or equivalent) will not
  clobber UTF-8 octets. It may be necessary to tell syslogd to accept
  C1 control characters unchanged, e.g. by adding a command line option
  "-8" to syslogd. Failing to do so may leave logged entries (like
  sender and recipient address, From, Subject) in international mail
  garbled or poorly readable in syslog.
  On FreeBSD one should add:  syslogd_flags="-8"  to /etc/rc.conf.
- Third party log parsers may need updating to accept logs with Unicode
  characters in UTF-8 encoding.
- A SMTP response to an EHLO command will now announce SMTPUTF8 capability
  by default.
  BUG FIXES
- releasing a message from an SQL quarantine was broken in version 2.9.1
  due to introduction of parent_mail_id(); patches provided by Stef Simoens
  and Gionatan Danti;
- if checking of a message was aborted prematurely (like due to a timeout
  or some fatal error), JSON log could receive a copy of a previous
  log entry;
- prevent non-ASCII non-UTF-8 octets from reaching a JSON log/report
  (which produced an invalid JSON object and Elasticsearch complaining);
- allow SMTP commands MAIL FROM and RCPT TO to accept options without
  values, as allowed by the RFC 5321 syntax;
- in delivery status notification (DSN) the field Received-From-MTA
  specified 'smtp' as mta-name-type, instead of a 'dns' as prescribed
  in RFC 3464;
- releasing from a quarantine left envelope sender address as '<>'
  instead of using the address found in a Return-Path header field
  of a quarantined message, while also logging a warning:
    Quarantine release $QID: missing X-Envelope-From or Return-Path
  reported by Pascal Volk;
- avoid failure in os_fingerprint or in smtp forwarding in certain cases
  where the $os_fingerprint_method or $forward_method or $notify_method
  uses an asterisk in place of a host IP address or port number.
  The reported error in os_fingerprint (reported by -ben) was:
    os_fingerprint FAILED: Insecure dependency in socket
    while running with -T switch
    at /usr/lib/perl/5.18/IO/Socket.pm line 80
  and in SMTP forwarding or notification (reported by Dennis Boone):
    (!)connect to *:10025 attempt #1:
    Insecure dependency in socket while running with -T switch
    at /usr/lib/perl/5.18/IO/Socket.pm line 80.
- files LDAP.ldif and LDAP.schema: added a missing attribute
  amavisDisclaimerOptions to objectClass; reported by Quanah Gibson-Mount;
  NEW FEATURES
- added support for Internationalized Email:
  * RFC 6530 - Overview and Framework for Internationalized Email
  * RFC 6531 - SMTP Extension for Internationalized Email (SMTPUTF8)
  * RFC 6532 - Internationalized Email Headers
  * RFC 6533 - Internationalized Delivery Status Notifications
  This supports UTF-8 (EAI) in SMTP/LMTP sender addresses, recipient
  addresses, and message header section. Feature parity with Postfix
  version 2.12 (support introduced in development snapshot 20140715).
  The SMTPUTF8 extension is supported by Gmail since 2014-08-05:
    http://googleblog.blogspot.com/2014/08/a-first-step-toward-more-global-email.html
- added support for Internationalized Domain Names (IDN) according
  to IDNA (RFC 5890, RFC 5891; RFC 3490);
  * A-labels in ASCII-compatible encoding of domain names are converted
    to U-labels for presentation/logging purposed;
  * U-labels are converted to A-labels when feeding a mail message
    to an MTA which does not announce support for SMTPUTF8 extension
    (instead of rejecting them as invalid mail address);
  * For lookup purposes an international domain name is converted to
    ASCII-compatible encoding when used as a query key in DNS lookups
    and in lookups into hash, list, SQL and LDAP lookup tables (but not
    in regexp table lookups). These tables are expected to contain domain
    names in their ASCII representation (ACE). For convenience of config
    files subroutines idn_to_ascii() and mail_idn_to_ascii() are available,
    which encode a Unicode domain name to ACE (like ToASCII in RFC 3490);
  * Many configuration settings may have their domain names in UTF-8.
    These will be converted to ACE automatically where necessary
    (e.g. when creating a Received and Authentication-Results header
    fields, DKIM signatures, mail addresses in notifications, ...).
    These settings include:
    $myhostname, $localhost_name, $myauthservid, $mydomain,
    notification sender and recipient mail addresses
    ($mailfrom_notify_*, $hdrfrom_notify_*, @*_admin_maps),
    domain names and selectors in DKIM signing keys (in calls
    to dkim_key() );
- delivery notifications and admin notifications now show the following
  information encoded as UTF-8 (which is a default $bdy_encoding) in the
  plain text part of the message: IDN domain names in sender and recipient
  mail addresses and Message-ID are first decoded to Unicode, Subject and
  author display names are MIME-decoded;
- 'amavisd showkeys' and 'amavisd testkeys' can now deal with IDN
  (international domain names): domain names in DNS zone comments
  end up as UTF-8, DNS labels are in ASCII (A-labels); domain names in
  calls to dkim_key() may be specified either as UTF-8 or in ASCII (ACE);
- new macro 'mail_addr_decode' takes an e-mail address as a string of
  octets, where a local part may be encoded as UTF-8, and the domain part
  may be an international domain name (IDN) consisting either of U-labels
  or A-labels or NR-LDH labels. Decodes A-labels to U-labels in domain
  name. Returns a string of logical characters (Unicode), suitable for
  notification templates. If the mail address is not a valid UTF-8 string,
  it is interpreted as ISO-8859-1 (Latin-1).
- new macro 'mail_addr_decode_octets' is like 'mail_addr_decode', except
  that the result is a string of octets, only valid as UTF-8 if the
  provided address was a valid UTF-8 (garbage-in/garbage-out);
- new macro 'header_field_octets' is like 'header_field', except that
  a result is a string of octets in UTF-8 encoding, suitable for a log
  template;
- new macro 'ip_proto_trace_all' expands into a list of information
  items from a Received header trace; each item consists of a protocol
  name (the WITH clause) and an IP address, optionally followed by a
  source port number if known;
  Example:
    ESMTP://[2001:db8::143:1]:39141 < ESMTP://2001:db8::25 <
    esmtps://203.0.113.172 < ESMTPSA://192.168.9.9
  or:
    UTF8SMTP://[203.0.113.172]:51208 < UTF8SMTPSA://192.168.9.9
- new macro 'ip_proto_trace_public' is like ip_proto_trace_all, except
  that entries with non-public IP address are excluded from the list;
  'Received' trace information in $log_verbose_templ and in notifications
  now include results from this macro call;
- new macro 'protocol' evaluates to a protocol name by which a message
  was received by amavisd, according to RFC 3848 ("Transmission Types
  Registration") and "Mail Transmission Types" / "WITH protocol types"
  IANA registration
    http://www.iana.org/assignments/mail-parameters/mail-parameters.xhtml
  e.g.: SMTP, ESMTP, ESMTPA, ESMTPS, ESMTPSA, LMTP, LMTPA, LMTPS, LMTPSA,
    UTF8SMTP, UTF8SMTPA, UTF8SMTPS, UTF8SMTPSA,
    UTF8LMTP, UTF8LMTPA, UTF8LMTPS, UTF8LMTPSA, ...
- new macro 'client_protocol' expands into a protocol name by which
  a message was received from a client by MTA; the information is passed
  from MTA to amavisd through XFORWARD PROTO SMTP protocol extension or
  through AM.PDP (milter); typical values are 'ESMTP' or 'SMTP';
- use a perl module File::LibMagic when available, instead of spawning
  a file(1) utility for classifying contents of mail parts.
  By using a direct interface to a libmagic library the startup cost
  of spawning an external process is avoided. Benchmarking shows that
  using libmagic is significantly faster especially for checking a small
  number of files - takes 4 ms for checking one file with libmagic
  vs. 27 ms with a spawned file(1); based on a patch by Markus Benning;
  OTHER
- RFC 6533: recognize a MIME type 'message/global' as similar
  to 'message/rfc822', and 'message/global-headers' as similar
  to 'text/rfc822-headers' where appropriate (e.g. in bounce killer);
- header validity check now distinguishes 'non-ASCII and invalid UTF-8'
  from 'non-ASCII but valid UTF-8' characters in a mail header section.
  By default valid UTF-8 strings in a mail header section are not treated
  as error even if mail is not flagged as international mail (SMTPUTF8),
  as these are quite common in practice. To treat non- MIME-encoded UTF-8
  in a header section as error the test can be enabled by:
    $allowed_header_tests{'utf8'} = 1;
- ORCPT attribute in SMTP 'RCPT TO' command now accepts the original
  recipient mail address in any of these encodings: utf-8-address,
  utf-8-addr-unitext, utf-8-addr-xtext, or as a legacy xtext,
  as required by RFC 6533;
- updated do_cabextract (extraction of Microsoft cabinet .cab archives)
  to recognize a slightly changed output of cabextract version 1.2;
  patch by Thomas Jarosch;
- adjusted some timeouts to leave more reserve for later stages of
  mail processing and forwarding;
- prefer sanitizing/protecting control characters as hex code (like \x7F)
  instead of octal (like \177) (e.g. in logging and DSN);
- Use dowload Url as source
- Add a requirement on perl-Net-LibIDN; new upstream dependency

==== bluez ====
Version update (5.25 -> 5.26)
Subpackages: bluez-cups bluez-devel libbluetooth3

- update to version 5.26
  This release is for the most part a bug-fix release with fixes in
  A2DP and OBEX related functionality, but there?s also an added
  features for get/set reports for HID over GATT as well as
  Phonebook Access Profile 1.2 support
  The Bluetooth 4.2 specification went public in early December and
  BlueZ 5.26 is the first release with support for its features.
  Perhaps the most notable one of these is Low Energy Secure
  Connections which will require a 3.19 or newer kernel. This
  feature brings LE pairing to the same level of security as it has
  been for BR/EDR. LE SC also brings along with it so-called
  cross-transport pairing, which means that you only need to pair
  once over LE or BR/EDR to get the necessary keys for both
  transports between two dual-mode devices.

==== libchromaprint0 ====
Version update (0.7 -> 1.1)

- Update to version 1.1
  - Fixed potential DoS attack in fingerprint decompression code. (#6)
  - Fixed invalid memory read with some fingerprinter configurations. (#5)
  - Added support for audio format conversion with libav. (#2, Gordon Pettey)
- Add baselibs.conf
- Update to version 1.0
  - Support for the latest FFmpeg API.
  - Support for reading audio from stdin in fpcalc.
  - Changed fpcalc to return non-zero status on failure.

==== clutter-devel ====
Subpackages: libclutter-1_0-0 typelib-1_0-Clutter-1_0

- Disable wayland on SLE12.

==== cogl-devel ====
Subpackages: libcogl-pango20 libcogl20 typelib-1_0-Cogl-1_0 typelib-1_0-Cogl-2_0 typelib-1_0-CoglPango-1_0 typelib-1_0-CoglPango-2_0

- Disable wayland backend on SLE12.

==== colord ====
Version update (1.2.6 -> 1.2.7)
Subpackages: libcolord2 libcolorhug2

- Update to version 1.2.7:
  + Bugfixes:
  - Don't build the daemon when compiling for MinGW.
  - Use wine to run the client build tools when compiling under
    MinGW.

==== libcolord-gtk1 ====
Version update (0.1.25 -> 0.1.26)

- Update to version 0.1.26:
  + New Features:
  - Actually install the cd-convert utility.
  - Provide an optional Gtk2 version of libcolord-gtk.
  + Bugfixes:
  - Do not link against the unused gio-unix-2.0.
  - Fix cd-convert to work with multiple sensors attached.

==== dhcp ====
Subpackages: dhcp-client dhcp-doc dhcp-relay dhcp-server

- Applied fix by Jiri Slaby to not crash in interface discovery
  when the interface address is NULL, which has been introduced
  by the infiniband support patch (bsc#909189,bsc#870535).
  [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch]
- fix bashisms in dhcprelay script
- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to
  reorder config to add all global options or option declarations
  to the dhcpService object instead to create new service object
  (bsc#886094,ISC-Bugs#37876).
  [+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
- Applied an upstream patch by Thomas Markwalder adding missed
  mapping of SHA TSIG algorithm names to their constants to enable
  hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
  authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
  [+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
- Decline IPv6 addresses on Duplicate Address Detection failure
  and stop client message exchanges on reached MRD rather than
  at some point after it. Applied fedora patches by Jiri Popelka
  and added DAD reporting via exit 3 to the dhclient-script and
  a fix to use correct address variables in the DEPREF6 action
  (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238).
  [+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
  + 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
- Applied backport patch by William Preston avoiding to bind ddns
  socket in the server when ddns-update-style is none (bsc#891655).
  [+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
  fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
  [+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]
- Updated licence statement and FSF address in our scripts.
- Added missed service_add_pre macro calls for dhcrelay services
- No longer perform gpg validation; osc source_validator does it
  implicit:
  + Drop gpg-offline BuildRequires.
  + No longer execute gpg_verify.
- sanitize release line in specfile
- Disabled /sbin/service legacy-action hooks on openSUSE <= 13.1,
  which does not support it and causes build failure (bnc#891961).
- Fixed to require iproute2 in dhcp-client package (bnc#885399)
- Disarmed dhclient-script when wicked is the network service,
  as wicked is using an another dhcp client (runtime conflict),
  NetworkManager an own script and sysconfig-network is gone on
  sles12 and opensuse > 13.1, so it is obsolete and unsupported.
- Fixed /etc/sysconfig/dhcpd fillup in dhcp server post-install.
- Fixed dhcp server start script to use correct libdir (bnc#868250)
- Fixed dhcp server to chown leases to run user at start (bnc#868253)
  [+ 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch]
- Fixed to write missed dhcp-ldap debug level messages (bnc#835818)
  [+ 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch]
- Fixed unsupported dhclient-script used by sysconfig ifup to provide
  a function to calculate netmask. NetworkManager provides an own one.
- added necessary macros for systemd files
- remove gpg-offline dependency (blocks rebuilds) as checking
  is already done by source validator
- Applied fixes for DHCP over IPoIB by Mellanox (bnc#870535)
  [+ 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch,
  + 0018-dhcp-4.2.6-improved-xid.patch]
- Added support for custom for rcdhcpd[6] check-syntax,check-lease
  and syntax-check actions (bnc#868713).
- Initially switched to use systemd service files under systemd
  and enabled Restart=on-abort (fate#315133).
- Update to ISC dhcp-4.2.6 release. See RELNOTES file for the
  complete list of changes -- digest of fixes not in dhcp-4.2.5:
  - Tidy up receive packet processing.
    Thanks to Brad Plank of GTA for reporting the issue and
    suggesting a possible patch. [ISC-Bugs #34447]
  - Fix the socket handling for DHCPv6 clients to allow multiple
    instances of a client on a single machine to work properly.
    Previously only one client would receive the packets.
    Thanks to Jiri Popelka at Red Hat for the bug report and a
    potential patch. [ISC-Bugs #34784]
  - Added support for gentle shutdown after signal is received.
    [ISC-Bugs #32692] [ISC-Bugs 34945]
  - Enhance the DHCPv6 server logging to include the addresses
    that are assigned to the clients.  This can be enabled by
    defining LOG_V6_ADDRESSES in site.h. [ISC-Bugs #26377]
  - Fix an operation in the DDNS code to be a bitwise instead
    of logical or. [ISC-Bugs #35138]
- Merged patches for dhcp-4.2.6 version to apply without fuzzy,
  prepended patch number prefixes to match spec file patch nr,
  added patch markup tags / bug numbers to the spec file.
- Applied contrib-lease-path pach to contrib.tar.gz
  [- contrib-lease-path.diff]
- Changed to require automake and use its config.sub and guess
  files instead of maintaining a patch.
  [- config-guess-sub-update.patch]
- Enabled to log DHCPv6 addresses assigned by server to clients
  [+ 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch]
- Cleaned up documentation, rpmlint adjustments.
- Test if /etc/sysconfig/network/scripts/functions exists before
  sourcing it (fate#316768,bnc#856591).
- Fixed path to systemctl in dhclient-script (bnc#847778).
- Added /etc/bindresvport.blacklist to dhcp server chroot file
  lists as it seems to block its start in some cases (bnc#842360).
- Fixed to reload syslog on hostname changes using systemctl as
  there is no /etc/init.d/syslog script since syslog-service-2.0
  (bnc#830467).
- Added autoreconf -i option to fix build for the new automake
- Install missed bind include files and libraries in dhcp-devel;
  conflicts to bind-devel providing different versions (bnc#805162).
- Use manual patch command for config-guess-sub-update.patch
  again as patch macro does not work on older distributions.
- Update to ISC dhcp-4.2.5-P1 release, which contains updated
  bind-9.8.4-P2 sources with removed regex.h check in configure
  (bnc#811934, CVE-2013-2266).
- Changed spec make the bind export library build output visible.
- Added dhcp6-server service template for SuSEfirewall2 (bnc#783002)
- config-guess-sub-update.patch:
  Update config.guess/sub for aarch64
- Update to ISC dhcp-4.2.5 release. See RELNOTES file for the
  complete list of changes -- digest of fixes not in dhcp-4.2.4-P2:
  - Correct code to calculate rebind timing values in client
    [ISC-Bugs #29062]
  - Fix some issues in the code for parsing and printing options.
    [ISC-Bugs #22625,#27289,#27296,#27314]
  - Update the memory leakage debug code to work with v6.
    [ISC-Bugs #30297]
  - Relax the requirements for deleting an A or AAAA record.
    This relaxation was codified in RFC 4703. [ISC-Bugs #30734]
  - Modify the failover code to handle incorrect peer names better.
    [ISC-Bugs #30320]
  - Fix a set of issues that were discovered via a code inspection
    tool. [ISC-Bugs #23833]
  - Parsing unquoted base64 strings improved. [ISC-Bugs #23048]
  - The client now passes information about the options it requested
    from the server to the script code via environment variables.
    These variables are of the form requested_<option_name>=1 with
    the option name being the same as used in the new_* and old_*
    variables. [ISC-Bugs #29068]
  - Check the status value when trying to read from a connection to
    see if it may have been closed.  If it appears closed don't try
    to read from it again.  This avoids a potential busy-wait like
    loop when the peer names are mismatched. [ISC-Bugs #31231]
  - Remove an unused variable to keep compilers happy.
    [ISC-Bugs #31983]
- Removed obsolete parsing and printing option patch
  [dhcp-4.2.4-parsing-and-printing-options.patch]
- Merged dhcp-4.2.2-dhclient-send-hostname-rml.diff
  [dhcp-4.2.5-dhclient-send-hostname-rml.patch]
- Fixed discovery of interfaces, which have only addresses with
  a label assigned (linux 2.0 "alias interfaces" compatibility)
  by switching to use the getifaddrs() as on BSD (bnc#791289,
  reported upstream as [ISC-Bugs #31992]).
  [dhcp-4.2.4-interface-discovery-using-getifaddrs.patch]
- Applied a patch to ignore SIGPIPE instead to die in socket code
  before the errno==EPIPE checks are reached (bnc#794578, upstream
  report [ISC-Bugs #32222])
  [dhcp-4.2.4-P2-do-not-die-on-sigpipe.patch]
- Updated ldap patch to 4.2.5-ldap-mt01 providing following fixes:
  - Fixed parse buffer handling code to not avoid truncation of
    config > ~8k from bigger ldap objects. Fixed to free the ldap
    config buffer passed to the config parser and append new config,
    while the parser is in saved state (bnc#788787).
  - Fixed subclass name-ref and data quoting/escaping (bnc#788787).
  - Fixed memory leaks on ldap_read_config errors (bnc#788787).
  - Fixed a memleak while subnet range processing, fixed to reset
    bufix variable in ldap_read_function to 0 and to set buflen to
    the complete length (do not discard last character, usually \n).
    This caused a parsing error at further run of the function,
    e.g. while processing the second dhcpService container that the
    dhcpServer object may refer to (bnc#784640).
  [dhcp-4.2.5-ldap-mt01.patch.bz2]
- Fixed dhclient-script to discard MTU lower-equal 576 rather
  than lower-than (bnc#791280).
- Verify GPG source archive signatures.
- Update to ISC dhcp-4.2.4-P2 release, providing a security fix for
  an issue with the use of lease times was found and fixed.  Making
  certain changes to the end time of an IPv6 lease could cause the
  server to abort.  Thanks to Glen Eustace of Massey University,
  New Zealand for finding this issue.
  ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167)
- Update to ISC dhcp-4.2.4-P1 release, providing following security
  fixes (bnc#772924):
  - Previously the server code was relaxed to allow packets with zero
    length client ids to be processed.  Under some situations use of
    zero length client ids can cause the server to go into an infinite
    loop. As such ids are not valid according to RFC 2132 section 9.14
    the server no longer accepts them.  Client ids with a length of 1
    are also invalid but the server still accepts them in order to
    minimize disruption.  The restriction will likely be tightened in
    the future to disallow ids with a length of 1.
    Thanks to Markus Hietava of Codenomicon CROSS project for the
    finding this issue and CERT-FI for vulnerability coordination.
    [ISC-Bugs #29851] CVE: CVE-2012-3571
  - When attempting to convert a DUID from a client id option
    into a hardware address handle unexpected client ids properly.
    Thanks to Markus Hietava of Codenomicon CROSS project for the
    finding this issue and CERT-FI for vulnerability coordination.
    [ISC-Bugs #29852] CVE: CVE-2012-3570
  - A pair of memory leaks were found and fixed.  Thanks to Glen
    Eustace of Massey University, New Zealand for finding this issue.
    [ISC-Bugs #30024] CVE: CVE-2012-3954
- Moved lease file check to a separate action so it is not used in
  restart -- it can fail when the daemon rewrites the lease causing
  a restart failure then (bnc#762108 regression).
- Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to
  netconfig for processing (bnc#770236).
- Removed RFC 4833 TZ options from client requests [unused].
- Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert
  crash while accessing lease on heap (bnc#767661) and providing
  the following fixes:
  - Rotate the lease file when running in v6 mode.
    Thanks to Christoph Moench-Tegeder at Astaro for the
    report and the first version of the patch. [ISC-Bugs #24887]
  - Fixed the code that checks if an address the server is planning
    to hand out is in a reserved range.  This would appear as the
    server being out of addresses in pools with particular ranges.
    [ISC-Bugs #26498]
  - In the DDNS code handle error conditions more gracefully and
    add more logging code. The major change is to handle unexpected
    cancel events from the DNS client code. [ISC-Bugs #26287]
  - Tidy up the receive calls and eliminate the need for found_pkt.
    [ISC-Bugs #25066]
  - Add support for Infiniband over sockets to the server and
    relay code.  We've tested this on Solaris and hope to expand
    support for Infiniband in the future.  This patch also corrects
    some issues we found in the socket code. [ISC-Bugs #24245]
  - Add a compile time check for the presence of the noreturn attribute
    and use it for log_fatal if it's available.  This will help code
    checking programs to eliminate false positives. [ISC-Bugs #27539]
  - Fixed many compilation problems ("set, but not used" warnings) for
    gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
  - Modify the code that determines if an outstanding DDNS request
    should be cancelled.  This patch results in cancelling the
    outstanding request less often.  It fixes the problem caused
    by a client doing a release where  the TXT and PTR records
    weren't removed from the DNS. [ISC-BUGS #27858]
  - Use offsetof() instead of sizeof() to get the sizes for
    dhcpv6_relay_packet and dhcpv6_packet in several more places.
    Thanks to a report from Bruno Verstuyft and Vincent Demaertelaere
    of Excentis. [ISC-Bugs #27941]
  - Remove outdated note in the description of the bootp keyword about
    the option not satisfying the requirement of failover peers for
    denying dynamic bootp clients. [ISC-bugs #28574]
  - Multiple items to clean up IPv6 address processing. When processing
    an IA that we've seen check to see if the addresses are usable
    (not in use by somebody else) before handing it out.
    When reading in leases from the file discard expired addresses.
    When picking an address for a client include the IA ID in
    addition to the client ID to generally pick different addresses
    for different IAs. [ISC-Bugs #23138] [ISC-Bugs #27945]
    [ISC-Bugs #25586] [ISC-Bugs #27684]
  - Remove unnecessary checks in the lease query code and clean up
    several compiler issues (some dereferences of NULL and treating
    an int as a boolean). [ISC-Bugs #26203]
  - Fix the NA and PD allocation code to handle the case where a client
    provides a preference and the server doesn't have any addresses or
    prefixes available.  Previoulsy the server ignored the request with
    this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
    By default the code performs according to the errata of August 2010
    for RFC 3315 section 17.2.2; to enable the previous style see the
    section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h.
    This option may be removed in the future. Thanks to Jiri Popelka at
    Red Hat for the patch. [ISC-Bugs #22676]
  - Fix up some issues found by static analysis. A potential memory leak
    and NULL dereference in omapi. The use of a boolean test instead of
    a bitwise test in dst. [ISC-Bugs #28941]
- Replaced our patches with a complete and upstream verified patch:
  - Fix some issues in the code for parsing and printing options.
    [ISC-Bugs #27314] - properly parse a zero length option from
    a lease file.
    [ISC-Bugs #22796] - properly determine if we parsed a 16 or
    32 bit value in evaluate_numeric_expression (extract-int).
    [ISC-Bugs #22625] - properly print options that have several
    fields followed by an array of something for example "fIa"
    [ISC-Bugs #27289] - properly parse options in declarations
    that have several fields followed by an array of something
    for example "fIa"
  This patch obsoletes the following (bnc#739696) patches:
  - dhclient: parse_option_param: Bad format a
  - zero-length option lease parse error in dhclient6
- Merged ldap and options check patches for the new version
- Fixed dhcp-server init script to check syntax and fail while
  force-reload and restart to avoid stopping of running daemon
  followed by start failure (bnc#762108). Added libgcc_s.so to
  chroot, so the server can report assert/crash line.
- Added RFC 4833 TimeZone PosixString and Name declarations to
  server and client configs [not used yet].
- dhcp-server: fixed to escape all values used in constructed
  ldap filters as a DN may contain e.g. asterisks (bnc#721829,
  [ISC-Bugs #28545]).
- Updated to ISC dhcp-4.2.3-P2 release, providing a DDNS security fix:
  Modify the DDNS handling code. In a previous patch we added logging
  code to the DDNS handling.  This code included a bug that caused it
  to attempt to dereference a NULL pointer and eventually segfault.
  While reviewing the code as we addressed this problem, we determined
  that some of the updates to the lease structures would not work as
  planned since the structures being updated were in the process of
  being freed: these updates were removed.  In addition we removed an
  incorrect call to the DDNS removal function that could cause a failure
  during the removal of DDNS information from the DNS server.
  Thanks to Jasper Jongmans for reporting this issue.
  ([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239)
- Fixed close-on-exec patch to not set it on stderr (bnc#732910)
- Fixed incorrect "a" array type option parsing causing to discard
  e.g. classless static routes from lease file [reported as ISC-Bug
  27289] and zero-length option parsing such as dhcp6.rapid-commit
  in dhclient6 [reported as ISC-Bug 27314] (bnc#739696).
- Fixed dhclient to include its pid number in syslog messages.
- Fixed to use P2 in the spec version, not in the release tag.
- Updated to ISC dhcp-4.2.3-P1 release, providing security fix for
  a DoS due to processing certain regular expressions (bnc#735610)
  and several important DDNS related fixes:
  * Add a check for a null pointer before calling the regexec function.
    Without out this check we could, under some circumstances, pass
    a null pointer to the regexec function causing it to segfault.
    Thanks to a report from BlueCat Networks. [ISC-Bugs #26704]
    CVE-2011-4539.
  * Fix the code that checks for an existing DDNS transaction to
    cancel when removing DDNS information, so that we will continue
    with the processing if we have a lease even if it doesn't have an
    outstanding transaction.  [ISC-Bugs #24682]
  * Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding
    configuration files.  [ISC-Bugs #24107]
  * Add support for passing DDNS information to a DNS server over
    an IPv6 address.  [ISC-Bugs #22647]
  * Enhanced patch for 23595 to handle IPv4 fixed addresses more
    cleanly.  [ISC-Bugs #23595]
- Refreshed ldap patch
- add libtool as buildrequire to make the spec file more reliable
- Commented out all configuration examples in /etc/dhcpd.conf and
  dhcp6.conf (bnc#715473).
- Enabled dhcp6.rapid-commit in /etc/dhclient6.conf config file.
- Removed useless provides/obsoletes from spec file.
- Set the DHCPD_CONF_INCLUDE_FILES and the DHCPD6_CONF_INCLUDE_FILES
  variables to /etc/dhcpd.d and /etc/dhcpd6.d by default, so there
  are well-defined directories expected to contain additional config
  files (bnc#690585).
- Updated to ISC dhcp-4.2.2 release, providing two security fixes
  (CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
  allowed remote attackers to cause a denial of service (a daemon
  exit) via crafted BOOTP packets. Further also DNS update fix to
  detect overlapping pools or misconfigured fixed-address entries,
  that caused a server crash during DNS update and other fixes.
  For a complete list, please see the RELNOTES file provided in
  the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
  patch, xen-checksum, close-on-exec patches and removed obsolete
  in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
  not used and create a link in /var/run, so it can write one
  when started as user without chroot and avoid stop problems
  when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
  avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
  changed to not wipe out iptables connmark when renewing the
  lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
  moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
  to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only
- Correct previous change.
- THis is a long running network daemon, link with
  full RELRO security enhancements.
- remove -fno-strict-aliasing from CFLAGS, no longer needed.
- Import redhat's patch to open all needed FDs  with O_CLOEXEC
  so they dont leak.
- Removed obsolete sles8 compatibility dependencies, fixed
  to avoid non-functional sles_version conditionals.
- Fixed to not introduce separate dhcp-doc package on sles,
  use versioned provides/obsoletes, improved conditionals.
- Fixed dhclient-script typo causing ISC DHCPv6 client to execute
  ifup pre-down scripts also while renew, when the ipv6 address
  did not changed (bnc#690859).
- Implemented optional ldap connect retry loop during the initial
  startup of the dhcp server in cases where the ldap server is not
  yet started. Set the ldap-init-retry <num> option in dhcpd.conf
  to enable it (bnc#627617). Merged in the actual ldap patch.
- Cleaned up init script error reporting, no -TERM for killproc.
- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the
  dhclient pretty escape and string option checks. Merged to use
  relaxed domain-name option check causing a regression, when the
  server is misusing it to provide a domain list (compatibility to
  attic clients) and does not provide it via domain-search option;
  pretty escape semicolon as well (bnc#675052, CVE-2011-0997).
- Discard string options such as host and domain names containing
  disallowed characters or beeing too long. This proctive patch
  limits root-path to a-zA-Z0-9, #%+-_:.,@~/\[]= and a space
  (bnc#675052, CVE-2011-0997).
- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides
  following fixes (digest):
  * Several fixes to OMAPI, cleanup of dereferenced pointers in
    the omapi handle, handling of pipe failures and status code
    in omapi signal handler that may cause connect failure and
    100% CPU use.
  * Handle some DDNS corner cases better
  * Several fixes to lease input and output
  * Corrected side effect of printing all data strings as hex.
  * Host record references leaks causing applying config to all
    innocent clients.
  * Memory leak when parsing a domain name
  * Fixes to configuration parsing including infinite loop.
  * Fixed for unexpected abort caused by a DHCPv6 decline.
  For the complete list see the RELNOTES file, that is available
  also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES.
- Removed obsolete optional-value-infinite-loop, no-libcrypto
  and CVE-2011-0413.bnc667655 patches.
- Merged the dhclient-send-hostname and ldap patches.
- dhclient-script: fixed typo causing that only global settings
  to set hostname and default route were applied for primary
  and never per interface settings (bnc#673792).
- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle
  xen partial UDP checksums (bnc#668194).
- Applied security fix for unexpected abort caused by a DHCPv6
  decline message (CVE-2011-0413, VU#686084, bnc#667655).
- Fixed dhclient.conf to request the domain-search option.
- Updated to ISC DHCP 4.2.0-P2, a security release fixing the
  handling of connection requests on the failover port.
  Previously a connection request from a source that wasn't
  listed as a failover peer would cause the server to become
  non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE:
  CVE-2010-3616, bnc#659059).
- Enable ldap CASA support on SLE only.
- Fixed to use same/correct dhcrelay6 interface variables in the
  sysconfig file and in the dhcrelay6 init script.
- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to
  handle a relay forward message with an unspecified address in the
  link address field. Previously such a message would cause the
  server to crash. Thanks to a report from John Gibbons.
  [ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902)
  The 4.2.0 version is a feature release, implementing asynchronous
  DDNS processing and includes "The LDAP Patch".
  For a complete list of changes from any previous release, please
  consult the RELNOTES file within the source distribution or on
  the ISC website: http://www.isc.org/software/dhcp/420
- Fixed compilation to avoid segfaults as soon as ldap is enabled,
  merged our ldap patches from 4.1.x branch.
- Fixed a dhcrelay segfault while receiving packets on interfaces
  without any IPv4 address assigned (bnc#631305, reported upsteam
  as [ISC-Bugs #22409]).
- Fixed a common infinite loop while parsing options with optional
  parts in the value such as in slp-service-scope option (bnc#643845,
  reported upsteam as [ISC-Bugs #22410]).
- Fixed init scripts to report correct LSB codes in status action,
  when the config file or the binary do not exists (bnc#640336).
- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580)
- Avoid pid check error message in the rcdhcpd[6] (bnc#646875)
- Fixed server lease file path in contrib/listlease and leasestate
  changed to extract contrib and examples using setup macro.
- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf
  to rfc3442-classless-static-routes for compatibility with the
  NetworkManager making use of /etc/dhclient.conf now and adopted
  /sbin/dhclient-script (bnc#625770).
- Fixed ldap option number conflicting with new options (bnc#625358)
- Added a fix for an lpf bind error messages making it easier to
  localize problems (bnc#617795)
- Updated to ISC DHCP 4.1.1-P1 patch release, which contains
  a pair of bug fixes including one for a security related bug
  (bnc#612546, CVE-2010-2156):
  * A bug was fixed that could cause the DHCPv6 server to
    advertise/assign a previously allocated (active) lease to a
    client that has changed subnets, despite being on different
    shared networks. Dynamic prefixes specifically allocated in
    shared networks also now are not offered if the client has
    moved. [ISC-Bugs #21152]
  * Accept a client id of length 0 while hashing. Previously the
    server would exit if it attempted to hash a zero length client
    id, providing attackers with a simple denial of service attack.
    [ISC-Bugs #21253]
- Added rc.dhcrelay6 as source in the spec file
- Fixed dhcprelay scripts to source sysconfig file correctly
- Fixed spec file typo in arping path require, enabled ldap
- Fixed a dhclient option name and new/old ip address check
- Updated to ISC DHCP 4.1.1, the current 4.x series production
  release, providing DHCPv6 client/server/relay implementation.
  The programs act in DHCPv6 mode, when the -6 start option is set.
  We install separate init scripts with a 6 at the end to handle
  them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is
  also a link to the binaries with a 6 at the end, e.g. dhclient6,
  making it visible, that the installed version supports DHCPv6.
- Moved additional documentation to a separate dhcp-doc package.
- Changed to provide config files and scripts as source files
  instead of patches to the ISC scripts.
- Adopted spec file and config/scripts, merged in all patches.
- Implemented RFC 3442 classless static routes support in the
  dhclient-script (bnc#555870).
- Updated to ISC DHCP 3.1-ESV, an extended support version release
  which includes a small number of bug fixes (bnc#592178) over the
  3.1.3 version:
  * Modified the handling of a connection to avoid releasing the
    omapi io object for the connection while it is still in use.
    One symptom from this error was a segfault when a failover
    secondary attempted to connect to the failover primary if
    their clocks were not synchronized.
  * Fix test in dhcp_interface_signal_handler to check that the
    inner handler has a signal_handler before calling it.
  * When using 'ignore client-updates;', the FQDN returned to the
    client is no longer truncated to one octet.
  * Clean up some compiler warnings - ticket 19054.
- Fixed vlan interface check in dhcpd-restart-hook if-up.d script
  (bnc#599702)
- Touch dhclient.leases in post-install script instead to provide
  an empty file, versioned provides/obsoletes (rpmlint warnings).
- Fixed dhclient-script to call ifup -o dhcp and signal "complete"
  to ifup when all configuration is done (bnc#585380,bnc#518219).
- Enable parallel building
- Use large PIE model on all SPARC flavors
- Fixed dhclient-script to use correct sysconfig run dir path
  to not to break the defaultroute/hostname setup (bnc#555095).
- Don't request any specific lease-time by default (bnc#516459).
- Fixed dhclient-script to forward new_domain_search as DNSSEARCH
  to netconfig.
- Updated to dhcp-3.1.3 maintenance release fixing several issues
  (a digest, see RELNOTES for the complete list):
  * Remove infinite loop in token_print_indent_concat().
  * A parser bug was fixed that segfaulted if site-option-space
    was tried to be used interchangeably with vendor-option-space.
  * Two uninitialized stack structures are now memset to zero,
    thanks to patch from David Cantrell at Red Hat.
  * Memory leak in the load_balance_mine() function is fixed. This
    would leak ~20-30 octets per DHCPDISCOVER packet while failover
    was in use and in normal state.
  * Fixed setting hostname in Linux hosts that require hostname
    argument to be double-quoted.  Also allow server-provided
    hostname to override hostnames 'localhost' and '(none)'.
  * Added client support for setting interface MTU and metric,
    thanks to Roy "UberLord" Marples <roy@marples.name>.
  * Fixed failover reconnection retry code to continue to retry to
    reconnect rather than restarting the listener.
  * Fixed a bug where an OMAPI socket disconnection message would
    not result in scheduling a failover reconnection, if the link
    had not negotiated a failover connect yet (e.g.: connection
    refused, asynch socket connect() timeouts).
  * Versions 3.0.x syntax with multiple name->code option
    definitions is now supported.  Note that, similarly to 3.0.x,
    for by-code lookups only the last option definition is used.
  * Fixed a fenceposting bug when a client had two host records
    configured, one using 'uid' and the other using 'hardware
    ethernet'. CVE-2009-1892
- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes.
- Merged dhclient script, removed obsolete CVE-2009-1892 fix.
- Replaced mt-02 ldap patch from old git repository with equivalent
  one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with
  fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/).
- Added dhcpd-restart-hook if-up.d script that restarts dhcp server
  while network restart when a virtual interfaces as bridge, bond
  or vlan goes up again (bnc#517810).
- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).
- Updated to dhcp-3.1.2p1 maintenance release fixing following
  issues:
  * A stack overflow vulnerability was fixed in dhclient that could
    allow remote attackers to execute arbitrary commands as root on
    the system, or simply terminate the client, by providing an
    over-long subnet-mask option.
  * A double-dereference in dhclient transmission of DHCPDECLINEs
    was repaired.
  * Fix handling of -A and -a flags in dhcrelay; it was failing
    to expand packet size as needed to add relay agent options.
  * Corrected list of failover state values in dhcpd man page.
  * Fixed a bug that caused some request types to be logged
    incorrectly.
  * Fixed a coredump when adding a class via OMAPI.
  * Clients that sent a parameter request list containing the
    routers option before the subnet mask option were receiving
    only the latter. Fixed.
  * The server wasn't always sending the FQDN option when it should.
  * A partner-down failover server no longer emits 'peer holds all
    free leases' if it is able to newly-allocate one of the peer's
    leases.
  * A cosmetic bug in DHCPDECLINE processing was fixed which caused
    all successful DHCPDECLINEs to be logged as "not found" rather
    than "abandoned".
  * Some failover debugging #defines have been better defined and
    some high frequency messages moved to a deeper debugging symbol.
  * The CLTT parameter in failover is now only updated by client
    activity, and not by failover binding updates.
  * Failover BNDUPD messages are now discarded if they conflict with
    an update that has been trasnmitted, but not acknowledged.
  * A bug cleaning up unknown-xxx temporary option definitions was
    fixed.
- Removed obsolete dhclient-no-dereference-twice patch
- Improved dhclient-script to apply global dhcp settings, when
  there is no interface config (bnc#480922).
- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1.
- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches
  flying around --  see http://www.suse.de/~mt/git/dhcp-ldap.git
  and the git changelog at the begin of the patch.

==== evolution ====
Version update (3.12.8 -> 3.12.9)

- Update to version 3.12.9:
  + Offer only enabled accounts as meeting organizers.
  + Odd cross line when drawing an ECalendar with multiple
    columns
  + mail_regen_list: Fix a memory leak.
  + Use EClientCache to open calendars in plugins.
  + [Alarm-notify] Do not show "Not supported" error on an alarm
    dismiss.
  + Automatic Contacts can duplicate recipients in the set book.
  + EWebView - Increase minimum zoom level for zoom out.
  + Calendar events/tasks/memos not removed from UI on the source
    removal.
  + Bugs fixed: bgo#739708, bgo#700778, bgo#736947, bgo#736950
    bgo#740197, bgo#740577, bgo#734646, bgo#740244, bgo#734530
    bgo#524365, bgo#706993.
  + Updated translations.
- Add post-release patches from upstream:
  + evolution-no-DTEND-set.patch: Fix calendar issues when DTEND
    is not set
  + evolution-protected-login-PIN.patch: Prompts for login PIN
    with CKF_PROTECTED_AUTHENTICATION_PATH (bgo#741059)
  + evolution-crash-sending-simultaneous-emails.patch: [SMTP] Fix
    crash when sending two messages at once (bgo#740297)
  + evolution-wrong-message-preview.patch: Message preview shows
    a wrong message (bgo#724039).

==== evolution-data-server ====
Version update (3.12.8 -> 3.12.9)
Subpackages: evolution-data-server-devel libcamel-1_2-49 libebackend-1_2-7 libebook-1_2-14 libebook-contacts-1_2-0 libecal-1_2-16 libedata-book-1_2-20 libedata-cal-1_2-23 libedataserver-1_2-18 typelib-1_0-EBook-1_2 typelib-1_0-EBookContacts-1_2 typelib-1_0-EDataServer-1_2

- Update to version 3.12.9:
  + ECalBackendFile: Stops refresh thread too late
  + ECalComponent: Recurrence ID not rescan properly
  + Limit SQLite busy-wait for a lock
  + IMAPx: Speed-up folder cache removal on folder sync
  + IMAPx: Enhance and make work namespace override options
  + IMAPx: Runtime warning on inactivity timeout with IDLE enabled
  + SQLite VFS: Track pending sync requests
  + Bugs fixed: bgo#739904, bgo#678398, bgo#739610, bgo#736011,
    bgo#736947, bgo#732717, bgo#733518, bgo#732018, bgo#740627,
    bgo#701138, bgo#740585, bgo#740843.
  + Updated translations.
- Add post-release fix from upstream:
  + evolution-data-server-fix-use-after-free.patch: Fix errors
    resulting from use-after-free (bgo#695754, bgo#741434).

==== evolution-ews ====
Version update (3.12.8 -> 3.12.9)
Subpackages: evolution-ews-lang libeews-1_2-0 libewsutils0

- Update to version 3.12.9:
  + Set max-width-chars to wrapped GtkLabel-s.
  + Bugs fixed: bgo#738945, bgo#738093, bgo#734747, bgo#740772.
- Add post-release fix from upstream:
  + evolution-ews-reuse-from-EmailSession.patch: Reuse existing
    ESourceRegistry from EMailSession, if possible (bgo#695754).

==== gnome-online-miners ====
Version update (3.14.0 -> 3.14.1)

- Update to version 3.14.1:
  + Wrong author shown for Google albums (bgo#740423).
  + facebook: Don't use the time as a fallback for the title
    (bgo#740869).

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi grub2-x86_64-xen

- Require efibootmgr also on aarch64
- grub2-snapper-plugin.sh: fix use of printf without format string; fix
  quoting
- grub2-arm64-Reduce-timer-event-frequency-by-10.patch: fix periodic timer
  on arm64

==== gstreamer-plugins-bad ====
Subpackages: libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0

- Disable BuildRequires on libchromaprint, fluidsynth and openAL on
  SLE12.

==== gtk3-data ====
Version update (3.14.5 -> 3.14.6)
Subpackages: gtk3-devel gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0

- Update to version 3.14.6:
  + Redraw problems with cairo 1.14.
  + Avoid excessive redraws due to CSD shadows.
  + Bugs fixed: bgo#364566, bgo#461249, bgo#721939, bgo#722781,
    bgo#730232, bgo#739453, bgo#739885, bgo#739977, bgo#740287,
    bgo#740374, bgo#740612, bgo#740613, bgo#740642, bgo#740742,
    bgo#740770, bgo#740896, bgo#741249, bgo#741250, bgo#741251,
    bgo#741252, bgo#741254, bgo#741314.
  + Updated translations.
- Add gtk3-Dont-crash-if-invisible-files-are-deleted.patch: Do not
  crash application using gtk file chooser when deleting file via
  an other app (patch from upstream git).
- Disable wayland on SLE12.

==== hicolor-icon-theme ====
Version update (0.13 -> 0.14)

- Update to version 0.14:
  + Use automake to generate VPATH-compatible makefiles.

==== ispell ====
Subpackages: ispell-american ispell-british

- fix bashism in SuSEconfig.ispell (update) script

==== kernel-firmware ====

- Require coreutils for %pre scripts. In some instances (mainly
  kiwi builds) this package can end up being installed before
  coreutils, having some errors spit in the %pre phase.

==== kopete ====

- remove libmsn-devel from BuildRequires and therefore MSN
  support, service officially shut down October 2014 and MSFT
  blacklisted known clients, as of today, the service remain
  up but requires playing cat & mouse games with application
  UUIDs that has not been banned yet.

==== libcamgm100 ====
Subpackages: perl-camgm

- libcamgm-openssl1.0.1i.patch: adjust the testsuite to match
  the current openssl version (it reports less errors).

==== libcryptui-data ====
Subpackages: libcryptui0 seahorse-daemon

- Inject version 2.1 as acceptable gpg version into configure:
  GPG 2.1 is verified to be compatible and supported.

==== libmnl0 ====

- Remove extra directory pkg, one level is enough.

==== libLLVM ====
Subpackages: libLLVM-32bit

- Conditionalize libcxx{abi} build on build_libcxx variable
- Turn libc++.so into an ldscript so it links to libc++abi
  automatically.

==== mercurial ====
Subpackages: mercurial-lang

- properly replaced previously dropped mercurial-2.8-ssl.diff with cacerts.rc

==== libmutter0 ====
Subpackages: mutter mutter-data typelib-1_0-Meta-3_0

- Disable wayland on SLE12.
- Remove BuildRequires pkgconfig(gbm), not needed unless building
  native backend.
- Add post-release fixes from upstream:
  + mutter-black-screen-during-login.patch: Disable ugly black
    screen during login (bgo#740377).
  + mutter-window-actor-unredirection-when-destroyed.patch:
    window-actor: Do not request unredirection when destroyed
    (bgo#740133).
  + mutter-empty-input-shapes-windows.patch: window-x11: Fix
    windows that set empty input shapes.
  + mutter-left-over-queued-frames.patch: Fix problems resulting
    in left-over queued frames (bgo#738686).
  + mutter-dont-overwrite-send_frame_messages_timer.patch:
    MetaWindowActor: don't overwrite send_frame_messages_timer
    (bgo#738686).

==== libopenssl-devel ====
Version update (1.0.1i -> 1.0.1j)
Subpackages: libopenssl1_0_0 libopenssl1_0_0-32bit openssl

- suse_version 10.1 & 10.2 x86_64 can not enable-ec_nistp_64_gcc_128
- openssl-1.0.1i-noec2m-fix.patch: only report the Elliptic Curves
  we actually support (not the binary ones) (bnc#905037)
- openSUSE < 11.2 doesn't have accept4()
- openSSL 1.0.1j
  * Fix SRTP Memory Leak (CVE-2014-3513)
  * Session Ticket Memory Leak (CVE-2014-3567)
  * Add SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV)
  * Build option no-ssl3 is incomplete (CVE-2014-3568)

==== polkit-default-privs ====

- added firewalld (bnc#907625) polkit actions

==== libpoppler-cpp0 ====
Subpackages: libpoppler-devel libpoppler-glib8 libpoppler47 poppler-tools

- BuildRequire libcurl so the library can operate on remote
  HTTP documents.

==== libpoppler-qt4-4 ====
Subpackages: libpoppler-qt4-devel

- BuildRequire libcurl so the library can operate on remote
  HTTP documents.

==== quilt ====

- Update upstream references.
- hackweek-11-11-setup-alternative-implementation.patch: Delete,
  replaced with new implementation.
- hackweek-11-11-setup-trace-call-first.patch: inspect-wrapper:
  Trace calls earlier.
- hackweek-11-12-setup-alternative-implementation-v2.patch: New
  implementation of "setup --fast" option.
- quilt.spec: Only use Recommends for SUSE targets, as it was not
  supported upstream until very recently so it breaks the build
  on Fedora_18, RHEL_6 and CentOS_6.
- quilt-check-modified-series.patch: Add upstream reference.
- quilt-check-modified-series-rearm.patch: pop: Rearm consistency
  check if needed.
- hackweek-11-01-comment-update.patch: inspect: Comment update.
- hackweek-11-02-cleanups.patch: setup/inspect: Cleanups.
- hackweek-11-03-inspect-list-all-options.patch: inspect: List all
  options in usage text.
- hackweek-11-04-pass-through.patch: inspect: Pass through the
  wrappers when appropriate.
- hackweek-11-05-no-explicit-rm.patch: inspect: Don't explicitly
  delete the temporary data file.
- hackweek-11-06-exclude-from-md5sums.patch: inspect: Exclude more
  files from md5sums.
- hackweek-11-07-normalize-path.patch: setup: Introduce function
  normalize_path.
- hackweek-11-08-inspect-split-wrapper-script.patch: inspect: Split
  the patch/tar/unzip wrapper to a separate script.
- hackweek-11-09-inspect-temporary-data-file.patch:
  inspect-wrapper: Minor code optimization.
- hackweek-11-10-setup-fix-path-to-extra-patches.patch: setup: Fix
  path to extra patches in series file.
- hackweek-11-11-setup-alternative-implementation.patch: setup: Add
  - -fast option.

==== nautilus-extension-seahorse ====

- Inject version 2.1 as acceptable gpg version into configure:
  GPG 2.1 is verified to be compatible and supported.

==== seahorse-sharing ====
Subpackages: seahorse-sharing-lang

- Inject version 2.1 as acceptable gpg version into configure:
  GPG 2.1 is verified to be compatible and supported.

==== libnfsidmap-sss ====
Subpackages: libsss_idmap0 libsss_nss_idmap0 libsss_sudo sssd sssd-32bit sssd-krb5-common sssd-ldap

- fix bashism in postun script

==== vinagre ====
Version update (3.14.2 -> 3.14.3)
Subpackages: vinagre-lang

- Update to version 3.14.3:
  + Fix freeing of RDP events during dispose.
  + Updated translations.

==== virt-install ====
Subpackages: virt-manager virt-manager-common

- bnc#907958 - virt-manager --debug with no screen SIGABRT
  virtman-check-for-valid-display.patch
- bnc#907324 - libvirt: unsupported configuration: native I/O needs
  either no disk cache or directsync cache mode, QEMU will fallback
  to aio=threads
  virtinst-set-cache-mode-unsafe-for-install.patch updated
- bnc#907319 - virt-manager: Unable to complete install: 'local
  variable 'distro_distro' referenced before assignment
  virtinst-detect-suse-distros.patch updated

==== glade-catalog-vte ====
Version update (0.38.2 -> 0.38.3)
Subpackages: gnome-pty-helper libvte-2_91-0 typelib-1_0-Vte-2.91 vte-devel

- Update to version 0.38.3:
  + widget:
  - Fix installing the CJK ambiguous width property.
  - Do not leave behind a zombie child when closing a terminal.
  - Reap only when a child is present.

==== xalan-j2 ====

- Revert last commit, causes cycles.
- Replace java-1_5_0-gcj-compat-devel with javapackages-tools

==== xdm ====

- fix bashisms in /etc/X11/xdm/* scripts
- unset TMPDIR before executing the final user scripts/shell
  (boo#907041)
- start a login shell when using lksh/mksh

==== xf86-input-evdev ====
Version update (2.9.0 -> 2.9.1)

- Update to version 2.9.1:
  This release fixes a couple of bugs with absolute devices that
  have scroll wheels (such as the qemu tablets devices) and avoids
  the "unable to find touch point 0" warnings previously caused by
  a touch starting before the device was enabled.

==== xf86-video-intel ====

- U_uxa-Stub-out-intel_sync_init-fini-when-not-compiled-.patch
  Fix the missing intel_sync_close() w/o DRI3 (bnc#908323)
- U_Disable-DRI3-by-default.patch
  Disable DRI3 (bnc#908323)
- U_sna-gen8-BLT-broken-when-address-has-bit-4-set.patch
  Fix SNA BLT on BDW/CHV (bnc#908326)

==== xkbcomp ====
Version update (1.2.4 -> 1.3.0)

- Update to version 1.3.0:
  + Support for multiple keysyms per level (#25025).
  + Misc fixes and changes all over the place.
  + UNIXOS2 support was dropped.

==== xterm ====

- Split the desktop launcher from the binaries: there are users
  that want to clean up their desktop launchers and also remove
  xterm launchers (but xterm is a deep dependency of xinit, used
  for fallback situations). The package 'xterm' is the 'app
  launcher', which depends on xterm-bin. Installing xterm does, as
  it did in the past, pull a FULL package installation. But the
  user will be free to remove xterm and only keep xterm-bin (once
  the dependencies in xinit are corrected as well) (boo#906598).

==== yast2-installation ====
Version update (3.1.123 -> 3.1.124)

- drop check for Gtk since Gtk UI of YaST is no longer supported
  (bsc#908607)
- 3.1.124




Removed packages:
  bundle-lang-common-sv
  libupnp6
  libmediastreamer_base3
   > libmediastreamer_voip3
  libortp9


Added packages:
  libvdpau_r300
  perl-Net-LibIDN
  xterm-bin