Packages changed:
  automake
  bash
  binutils
  bluez (5.43 -> 5.44)
  dbus-1 (1.10.12 -> 1.10.16)
  dbus-1-x11 (1.10.12 -> 1.10.16)
  diffutils (3.5 -> 3.5.15)
  ed (1.14 -> 1.14.2)
  filesystem
  geoclue2
  google-noto-fonts (20151215 -> 20161025)
  gpsd
  grep (2.28 -> 3.0)
  grub2
  installation-images (14.302 -> 14.304)
  kdelibs4
  libX11 (1.6.4 -> 1.6.5)
  libpcap (1.7.3 -> 1.8.1)
  ncurses
  openssh
  os-prober
  patterns-openSUSE
  python-cairo
  python-gobject2
  sed (4.3 -> 4.4)
  sessreg (1.1.0 -> 1.1.1)
  shadow
  systemd-presets-branding-openSUSE
  tcl
  tcpdump (4.7.4 -> 4.9.0)
  yast2-vm (3.1.30 -> 3.2.0)

=== Details ===

==== automake ====

- use vendor suse instead of IBM on s390x

==== bash ====
Subpackages: bash-doc libreadline7 readline-devel readline-doc

- Remove bash-4.0-async-bnc523667.dif as this one is fixed (and
  was disabled and nobody had reported trouble)

==== binutils ====
Subpackages: binutils-devel

- Add binutils-bso21193.diff to fix section alignment on
  .gnu_debuglink.  [bso#21193]

==== bluez ====
Version update (5.43 -> 5.44)
Subpackages: bluez-cups bluez-devel libbluetooth3

- make testsuite run non-parallel (obs seems to have problems with
  parallel checks) and quiet
- update to version 5.44:
  Most fixes are LE (specifically GATT) related, however some other
  areas are affected as well.
  Feature-wise, there?s a new MIDI plugin and support for using
  single-mode (LE-only) controllers that lack a public address.
  E.g. any nRF5x controller running a MyNewt or Zephyr based
  firmware falls into this category.
- packaging: add "--enable-midi", "--enable-deprecated"
  TODO: package deprecated tools into separate package to prepare
  removal some time in the future
- rebase bluez-cups-libexec.patch
- Set the cupsdir directly with patch instead of mv and seds:
  * bluez-cups-libexec.patch
- Replace requirements by the pkgconfig counterparts
  * this should solve out the problem with builcycle on Factory
- Ran over with spec-cleaner

==== dbus-1 ====
Version update (1.10.12 -> 1.10.16)
Subpackages: dbus-1-devel libdbus-1-3 libdbus-1-3-32bit

- Update to 1.10.16
  Fixes:
  * Prevent symlink attacks in the nonce-tcp transport on Unix that could
  allow an attacker to overwrite a file named "nonce", in a directory
  that the user running dbus-daemon can write, with a random value
  known only to the user running dbus-daemon. This is unlikely to be
  exploitable in practice, particularly since the nonce-tcp transport
  is really only useful on Windows.
  (fd.o #99828, Simon McVittie) (bsc#1025950)
  * Avoid symlink attacks in the "embedded tests", which are not enabled
  by default and should never be enabled in production builds of dbus.
  (fd.o #99828, Simon McVittie) (bsc#1025951)
  * Work around an undesired effect of the fix for CVE-2014-3637
  (fd.o #80559), in which processes that frequently send fds, such as
  logind during a flood of new PAM sessions, can get disconnected for
  continuously having at least one fd "in flight" for too long;
  dbus-daemon interprets that as a potential denial of service attack.
  The workaround is to disable that check for uid 0 process such as
  logind, with a message in the system log. The bug remains open while
  we look for a more general solution.
  (fd.o #95263, LP#1591411; Simon McVittie)
  * Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
  was disabled at compile time. That test is not expected to work
  in that configuration. (fd.o #98665, Simon McVittie)
  Enhancements:
  * Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
  stable and Debian testing in addition to the older Ubuntu that is
  the default (fd.o #98889, Simon McVittie)

==== dbus-1-x11 ====
Version update (1.10.12 -> 1.10.16)

- Update to 1.10.16
  Fixes:
  * Prevent symlink attacks in the nonce-tcp transport on Unix that could
  allow an attacker to overwrite a file named "nonce", in a directory
  that the user running dbus-daemon can write, with a random value
  known only to the user running dbus-daemon. This is unlikely to be
  exploitable in practice, particularly since the nonce-tcp transport
  is really only useful on Windows.
  (fd.o #99828, Simon McVittie) (bsc#1025950)
  * Avoid symlink attacks in the "embedded tests", which are not enabled
  by default and should never be enabled in production builds of dbus.
  (fd.o #99828, Simon McVittie) (bsc#1025951)
  * Work around an undesired effect of the fix for CVE-2014-3637
  (fd.o #80559), in which processes that frequently send fds, such as
  logind during a flood of new PAM sessions, can get disconnected for
  continuously having at least one fd "in flight" for too long;
  dbus-daemon interprets that as a potential denial of service attack.
  The workaround is to disable that check for uid 0 process such as
  logind, with a message in the system log. The bug remains open while
  we look for a more general solution.
  (fd.o #95263, LP#1591411; Simon McVittie)
  * Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
  was disabled at compile time. That test is not expected to work
  in that configuration. (fd.o #98665, Simon McVittie)
  Enhancements:
  * Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
  stable and Debian testing in addition to the older Ubuntu that is
  the default (fd.o #98889, Simon McVittie)

==== diffutils ====
Version update (3.5 -> 3.5.15)

- Update to a pre-release version (3.5.15):
  * remove big-file-performance.patch and gnulib-diffseq.patch
  * comment signature source as the release is not officially signed yet

==== ed ====
Version update (1.14 -> 1.14.2)

- Update to version 1.14.2:
  * main.c (show_strerror) Revert to using '!scripted' instead of
  'verbose' to suppress diagnostics.
  * Print counts, messages, '?' and '!' to stdout instead of stderr.
  * buffer.c (append_lines): Fixed current address after empty 'i'.
  * regex.c (set_subst_regex): Treat missing delimiters consistently.
  (extract_replacement): Don't replace 'a' with '%' in 's/a/%'.
  Fixed infinite loop with EOF in the middle of a replacement.
  Don't accept newlines in replacement in a global command.
  Last delimiter can't be omitted if not last in command list.
  (search_and_replace): Set current address to last line modified.
  * main_loop.c (extract_addresses): Fixed address offsets;
  '3 ---- 2' was calculated as -2 instead of 1.
  Accept ranges with the first address omitted.
  (exec_command): Fixed current address after empty replacement
  text in 'c' command.
  Don't clear the modified status after writing the buffer to a
  shell command. (Reported by Jérôme Frgacic).
  (get_command_suffix): Don't allow repeated print suffixes.
  (command_s): Accept suffixes in any order.
  Don't allow multiple count suffixes.
  'sp' now toggles all print suffixes.
  (main_loop): Make EOF on stdin behave as a 'q' command.
  * ed.texi: Fixed the description of commands 'acegijkmqrsuw'.
  Documented that ed allows any combination of print suffixes.
  * testsuite: Improved most tests. Simplified bug reporting.
  * configure: Avoid warning on some shells when testing for gcc.
  * Makefile.in: Detect the existence of install-info.

==== filesystem ====

- Remove /usr/games (finally everything is moved to /usr/bin)

==== geoclue2 ====
Subpackages: typelib-1_0-Geoclue-2_0

- Add geoclue2-permit-Night-Light.patch: Add "Night Light"
  functionality to the whitelist (bgo#779343, fdo#100008).

==== google-noto-fonts ====
Version update (20151215 -> 20161025)
Subpackages: google-noto-fonts-doc noto-sans-cjk-fonts noto-sans-fonts

- update to version 20161025
  - new: Mono Font
  - new: Naskh Arabic Font
  - new: Bengali Sans Serif Font
  - new: Devanagari Sans Serif Font
  - new: Gujarati Sans Serif Font
  - new: Gurmukhi Sans Serif Font
  - new: Kannada Sans Serif Font
  - new: Khmer Sans Serif Font
  - new: Lao Sans Serif Font
  - new: Malayalam Sans Serif Font
  - new: Myanmar Sans Serif Font
  - new: Oriya Sans Serif Font
  - new: Tamil Sans Serif Font
  - new: Telugu Sans Serif Font
  - new: Thai Sans Serif Font
  - new: Sans UI Font
  - new: Bengali Font
  - new: Devanagari Font
  - new: Gujarati Font
  - new: Kannada Font
  - new: Malayalam Font
  - new: Tamil Font
  - new: Telugu Font
- fix generate-specfile.sh:
  - handle UI fonts, that do not start with Sans ot Serif
  - fix description of fonts, that do not start with Sans ot Serif
  - flag sans fonts only, that really deserve it

==== gpsd ====

- Cleanup build/spec file:
  * Use .desktop files and PNG icon from tarball
  * correct flag to disable stripping (nostrip=True)

==== grep ====
Version update (2.28 -> 3.0)

- Update to version 3.0:
  * grep without -F no longer goes awry when given two or more
    patterns that contain no special characters other than '\' and
    also contain a subpattern like '\.' that escapes a character to
    make it ordinary.
  * grep no longer fails to build on PCRE versions before 8.20.
- Cleanup spec file:
  * Drop support for old distributions
  * Create lang subpackage
  * Use fdupes to replace duplicate files with symlinks

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Fix for openQA UEFI USB Boot failure with upstream patch (bsc#1026344)
  * added 0001-efi-strip-off-final-NULL-from-File-Path-in-grub_efi_.patch
  * removed 0001-Revert-efi-properly-terminate-filepath-with-NULL-in-.patch

==== installation-images ====
Version update (14.302 -> 14.304)

- copy the correct modprobe blacklist files to rescue system (bsc#1023023)
- 14.304
- ensure lvm config files are writable
- 14.303
- change tftpboot-installation subpackages to contain product in package name

==== kdelibs4 ====
Subpackages: kdelibs4-core libkde4 libkdecore4 libksuseinstall1

- Add upstream patch to fix kio security issue (boo#1027520)
  * kio-sanitize-url-for-proxy.patch

==== libX11 ====
Version update (1.6.4 -> 1.6.5)
Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1 libX11-xcb1-32bit

- Update to version 1.6.5:
  + Revert "Compose sequences for rouble sign"
  + specs/libX11: More synopsis fixes
  + specs/libX11: Fix paramdef entries listing multiple parameters
  + specs/libX11: Make paramdef spacing more consistent
  + specs/libX11: Add missing parameter types for XGetWindowProperty()
  + specs/libX11: Fix broken synopsis for Data/Data16/Data32
  + specs/libX11: Update Portability Considerations for the 21st century
  + autogen.sh: use quoted string variables
  + Plug a memory leak
  + Fix wrong Xfree in XListFonts failure path
  + Typos in "Xlib - C Language X Interface" document - Chapter 02
  + autogen: add default patch prefix
  + Compose sequences for rouble sign
  + autogen.sh: use exec instead of waiting for configure to finish
  + Revert cs_CZ.UTF-8 XLC_LOCALE to en_US.UTF-8
- supersedes u_nls-fix-handling-of-cs_CZ.UTF8_locale.patch

==== libpcap ====
Version update (1.7.3 -> 1.8.1)
Subpackages: libpcap1 libpcap1-32bit

- Dropped patches not required after review
  * libpcap-1.0.0-pcap-bpf.patch
  * libpcap-1.5.2-filter-fix.patch
- Reference of the pull request for the rest of the patches
  * https://github.com/the-tcpdump-group/libpcap/issues/196
- Changed libpcap-1.0.0-s390.patch to the git formatted one
- Formatted the specs file using spec-cleaner.
- Allow bluetooth monitoring support unconditionally.
- update to 1.8.1
  * Clean up the name-to-DLT mapping table.
  * Add some newer DLT_ values:
  IPMI_HPM_2,ZWAVE_R1_R2,ZWAVE_R3,WATTSTOPPER_DLM,ISO_14443,RDS
  * Fix handling of packet count in the TPACKET_V3 inner loop: GitHub issue
  [#493].
  * Filter out duplicate looped back CAN frames.
  * Fix the handling of loopback filters for IPv6 packets.
  * Add a link-layer header type for RDS (IEC 62106) groups.
  * On Linux, handle all CAN captures with pcap-linux.c, in cooked mode.
  * Removes the need for the "host-endian" link-layer header type.
  * Compile with '-Wused-but-marked-unused' in devel mode if supported
  * Have separate DLTs for big-endian and host-endian SocketCAN headers.
  * Require that version.h be generated: all build procedures we support generate version.h (autoconf, CMake, MSVC)!
  * Properly check for sock_recv() errors.
  * Re-impose some of Winsock's limitations on sock_recv().
  * Replace sprintf() with pcap_snprintf().
  * Fix signature of pcap_stats_ex_remote().
  * Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag.
  * Clean up {DAG, Septel, Myricom SNF}-only builds.
  * pcap_create_interface() needs the interface name on Linux.
  * Clean up hardware time stamp support: the "any" device does not support any time stamp types.
  * Recognize 802.1ad nested VLAN tag in vlan filter.
- dropped libpcap-ocloexec.patch, never upstreamed.
- refreshed libpcap-1.0.0-ppp.patch

==== ncurses ====
Subpackages: libncurses6 libncurses6-32bit ncurses-devel ncurses-utils tack terminfo terminfo-base

- Add ncurses patch 20170218
  + fix several formatting issues with manual pages.
  + correct read of terminfo entry in which all strings are absent or
    explicitly cancelled.  Before this fix, the result was that all were
    treated as only absent.
  + modify infocmp to suppress mixture of absent/cancelled capabilities
    that would only show as "NULL, NULL", unless the -q option is used,
    e.g., to show "-, @" or "@, -".
- Add ncurses patch 20170212
  + build-fixes for PGI compilers (report by Adam J. Stewart)
    + accept whitespace in sed expression for generating expanded.c
    + modify configure check that g++ compiler warnings are not used.
    + add configure check for -fPIC option needed for shared libraries.
  + let configure --disable-ext-funcs override the default for the
  - -enable-sp-funcs option.
  + mark some structs in form/menu/panel libraries as potentially opaque
    without modifying API/ABI.
  + add configure option --enable-opaque-curses for ncurses library and
    similar options for the other libraries.
- Add ncurses patch 20170204
  + trim newlines, tabs and escaped newlines from terminfo "paths" passed
    to db-iterator.
  + ignore zero-length files in db-iterator; these are useful for
    instance to suppress "$HOME/.terminfo" when not wanted.
  + amended "b64:" encoder to work with the terminfo reader.
  + modify terminfo reader to accept "b64:" format using RFC-3548 in
    as well as RFC-4648 url/filename-safe format.
  + modify terminfo reader to accept "hex:" format as generated by
    "infocmp -0qQ1" (cf: 20150905).
  + adjust authors comment to reflect drop below 1% for SV.

==== openssh ====
Subpackages: openssh-helpers

- sshd.service: Set TasksMax=infinity, as there should be
  no limit on the amount of tasks sshd can run.

==== os-prober ====

- Fix btrfs 1.74 regression in detection btrfs, the do_unmount has to be
  skipped for btrfs as it removes tmp mount point of which btrfs is making
  use (bsc#1024196)
  * modify os-prober-btrfs-absolute-subvol.patch
  * rediff os-prober-btrfs-always-detect-default.patch

==== patterns-openSUSE ====
Subpackages: patterns-openSUSE-apparmor patterns-openSUSE-apparmor_opt patterns-openSUSE-base patterns-openSUSE-books patterns-openSUSE-console patterns-openSUSE-devel_C_C++ patterns-openSUSE-devel_basis patterns-openSUSE-devel_ide patterns-openSUSE-devel_kde patterns-openSUSE-devel_kde_frameworks patterns-openSUSE-devel_kernel patterns-openSUSE-devel_osc_build patterns-openSUSE-devel_perl patterns-openSUSE-devel_python patterns-openSUSE-devel_qt5 patterns-openSUSE-devel_rpm_build patterns-openSUSE-devel_ruby patterns-openSUSE-devel_web patterns-openSUSE-dhcp_dns_server patterns-openSUSE-directory_server patterns-openSUSE-enhanced_base patterns-openSUSE-enhanced_base_opt patterns-openSUSE-file_server patterns-openSUSE-fonts patterns-openSUSE-fonts_opt patterns-openSUSE-games patterns-openSUSE-gateway_server patterns-openSUSE-generic_server patterns-openSUSE-gnome patterns-openSUSE-gnome_admin patterns-openSUSE-gnome_basis patterns-openSUSE-gnome_basis_opt patterns-openSUSE-gnome_games patterns-openSUSE-gnome_ide patterns-openSUSE-gnome_imaging patterns-openSUSE-gnome_imaging_opt patterns-openSUSE-gnome_internet patterns-openSUSE-gnome_laptop patterns-openSUSE-gnome_multimedia patterns-openSUSE-gnome_multimedia_opt patterns-openSUSE-gnome_office patterns-openSUSE-gnome_office_opt patterns-openSUSE-gnome_utilities patterns-openSUSE-gnome_yast patterns-openSUSE-imaging patterns-openSUSE-imaging_opt patterns-openSUSE-kde patterns-openSUSE-kde_edutainment patterns-openSUSE-kde_games patterns-openSUSE-kde_ide patterns-openSUSE-kde_imaging patterns-openSUSE-kde_internet patterns-openSUSE-kde_multimedia patterns-openSUSE-kde_office patterns-openSUSE-kde_plasma patterns-openSUSE-kde_telepathy patterns-openSUSE-kde_utilities patterns-openSUSE-kde_utilities_opt patterns-openSUSE-kde_yast patterns-openSUSE-kvm_server patterns-openSUSE-lamp_server patterns-openSUSE-laptop patterns-openSUSE-lxde patterns-openSUSE-lxde_laptop patterns-openSUSE-lxde_office patterns-openSUSE-mail_server patterns-openSUSE-minimal_base patterns-openSUSE-minimal_base-conflicts patterns-openSUSE-misc_server patterns-openSUSE-multimedia patterns-openSUSE-multimedia_opt patterns-openSUSE-network_admin patterns-openSUSE-non_oss patterns-openSUSE-non_oss_opt patterns-openSUSE-office patterns-openSUSE-office_opt patterns-openSUSE-print_server patterns-openSUSE-remote_desktop patterns-openSUSE-rest_dvd patterns-openSUSE-sw_management patterns-openSUSE-sw_management_gnome patterns-openSUSE-sw_management_kde patterns-openSUSE-tabletpc patterns-openSUSE-technical_writing patterns-openSUSE-x11 patterns-openSUSE-x11_opt patterns-openSUSE-x11_yast patterns-openSUSE-xen_server patterns-openSUSE-xfce patterns-openSUSE-xfce_basis patterns-openSUSE-xfce_laptop patterns-openSUSE-xfce_office patterns-openSUSE-yast2_basis patterns-openSUSE-yast2_install_wf

- Replace kwrite with kate
- Replace mozilla-kde4-integration with kmozillahelper

==== python-cairo ====
Subpackages: python-cairo-devel

- Add python2-cairo and python2-cairo-devel provides for
  compatibility with the new multipython spec file macros.

==== python-gobject2 ====
Subpackages: python-gobject2-devel

- Add python2-gobject2 and python2-gobject2-devel provides for
  compatibility with multipython packages.

==== sed ====
Version update (4.3 -> 4.4)

- Update to version 4.4:
  * sed could segfault when invoked with specific combination of
    newlines in the input and regex pattern.

==== sessreg ====
Version update (1.1.0 -> 1.1.1)

- Update to version 1.1.1:
  + Use off_t instead of long to make largefile support work
  + autogen.sh: use quoted string variables
  + autogen: add default patch prefix
  + autogen.sh: use exec instead of waiting for configure to finish
  + Pass -P to the preprocessor when generating filenames for the manpage.
- supersedes patches:
  + U_Pass-P-to-the-preprocessor-when-generating-filenames.patch
  + u_use-off_t-instead-of-long-to-make-largefile-support-work.patch

==== shadow ====

- useradd: call external program "/sbin/pam_tally2" to reset
  failed login counter in "/var/log/tallylog"
  (bsc#980486, useradd-clear-tallylog.patch)

==== systemd-presets-branding-openSUSE ====

- Enable socket/service(s) for lvm2 (bsc#1011053)

==== tcl ====

- Reenable testsuite on %arm
- Disable check for s390x for now

==== tcpdump ====
Version update (4.7.4 -> 4.9.0)

- version update to 4.9.0 bsc#1020940
  * CVE-2016-7922 The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().
  * CVE-2016-7923 The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().
  * CVE-2016-7924 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().
  * CVE-2016-7925 The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
  * CVE-2016-7926 The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
  * CVE-2016-7927 The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().
  * CVE-2016-7928 The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
  * CVE-2016-7929 The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().
  * CVE-2016-7930 The LLC parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
  * CVE-2016-7931 The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
  * CVE-2016-7932 The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
  * CVE-2016-7933 The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
  * CVE-2016-7934 The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().
  * CVE-2016-7935 The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().
  * CVE-2016-7936 The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().
  * CVE-2016-7937 The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().
  * CVE-2016-7938 The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
  * CVE-2016-7939 The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
  * CVE-2016-7940 The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
  * CVE-2016-7973 The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
  * CVE-2016-7974 The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
  * CVE-2016-7975 The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
  * CVE-2016-7983 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
  * CVE-2016-7984 The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
  * CVE-2016-7985 The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
  * CVE-2016-7986 The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.
  * CVE-2016-7992 The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().
  * CVE-2016-7993 A bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).
  * CVE-2016-8574 The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
  * CVE-2016-8575 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().
  * CVE-2017-5202 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
  * CVE-2017-5203 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
  * CVE-2017-5204 The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
  * CVE-2017-5205 The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
  * CVE-2017-5341 The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().
  * CVE-2017-5342 In tcpdump before 4.9.0 a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().
  * CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().
  * CVE-2017-5483 The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
  * CVE-2017-5484 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().
  * CVE-2017-5485 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
  * CVE-2017-5486 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
- fix filelist to fix build on s390/s390x
- correctly reference SOURCE1 during installation for s390x
- tcpdump 4.7.4:
  * PPKI to Router Protocol: Fix Segmentation Faults and other problems
  * RPKI to Router Protocol: print strings with fn_printn()
  * wb: fix some bounds checks
    (previously patched in, removed CVE-2015-3138.patch)
- fix a DoS vulnerability in print-wb.c
  CVE-2015-3138 [boo#927637] adding CVE-2015-3138.patch
- update to 4.7.3
- fixes four security bugs:
  * CVE-2015-0261 - IPv6 mobility printer (bnc#922220)
  * CVE-2015-2153 - tcp printer           (bnc#922221)
  * CVE-2015-2154 - ethernet printer      (bnc#922222)
  * CVE-2015-2155 - force printer         (bnc#922223)
- drop patches with security fixes (upstream):
  * tcpdump-CVE-2014-8767.patch
  * tcpdump-CVE-2014-8768.patch
  * tcpdump-CVE-2014-8769.patch
  * 0001-Clean-up-error-message-printing.patch
- fix CVE-2014-8767 (bnc#905870)
  * denial of service in verbose mode using malformed OLSR payload
  * added tcpdump-CVE-2014-8767.patch
- fix CVE-2014-8768 (bnc#905871)
  * denial of service in verbose mode using malformed Geonet payload
  * added tcpdump-CVE-2014-8768.patch
- fix CVE-2014-8769 (bnc#905872)
  * unreliable output using malformed AOVD payload
  * added tcpdump-CVE-2014-8769.patch
  * added 0001-Clean-up-error-message-printing.patch
- tcpdump 4.6.2:
  * fix out-of-source-tree builds: find libpcap that is out of source
  * better configure check for libsmi
- tcpdump 4.6.1:
  * add a short option '#', same as long option '--number'
- includes changes from 4.6.0:
  * all of tcpdump is now using the new "NDO" code base
  * nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL,
    DHCPv6 enhancements/fixes
  * M3UA decode added.
  * many new test cases: 82 in 4.5.1 to 133 in 4.6.0
  * cleaned up some unnecessary header files
  * Added bittok2str().
  * a number of unaligned access faults fixed
  * -A flag does not consider CR to be printable anymore
  * fx.lebail took over coverity baby sitting
  * default snapshot size increased to 256K for accomodate USB
    captures
- includes changes from 4.5.2:
  * man page fix
- add build and runtime libpcap minimum version
- remove old patches, thus making package patchless:
    tcpdump-4.0.0-prototypes.patch
    tcpdump-4.0.0-aliasing.patch
- run spec cleaner on spec file
- remove gpg-offline, now part of source validator
- remove versioned binary
- run regression tests
- update to 4.5.1
  Version 4.5.0 revised for non-code related edits
  - some NFSv4 fixes for printing
  - fix printing of unknown TCP options, and tcp fast-open
  - fixes for syslog parser
  - some gcc-version-specific flag tuning
  - improvements to babel printing
  - add OpenFlow 1.0 (no SSL) and test cases
  - GeoNet printer.
  - added STBC Rx support
  - improvements to DHCPv6 decoder
  - clarify which autoconf is needed
  - Point users to the the-tcpdump-group repository on GitHub rather
    than the mcr repository
  - Add MSDP printer.
  - Fixed IPv6 check on Solaris and other OSes requiring extra
    networking libraries.
  - Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03),
    and add "vxlan" as an option for -T.
  - Add support for OTV (draft-hasmit-otv-04).
    fixes for DLT_IEEE802_11_RADIO datalink types
  - added MPTCP decoder
- verify source signature
- update to 4.4.0
  - RPKI-RTR (RFC6810) is now official (TCP Port 323)
  - Fix detection of OpenSSL libcrypto.
  - Add DNSSL (RFC6106) support.
  - Add "radius" as an option for -T.
  - Update Action codes for handle_action function according to
    802.11s amendment.
  - Decode DHCPv6 AFTR-Name option (RFC6334).
  - Updates for Babel.
  - Fix printing of infinite lifetime in ICMPv6.
  - Added support for SPB, SPBM Service Identifier, and Unicast
    Address sub-TLV in ISIS.
  - Decode RIPv2 authentication up to RFC4822.
  - Fix RIP Request/full table decoding issues.
  - On Linux systems with cap-ng.h, drop root privileges
    using Linux Capabilities.
  - Add support for reading multiple files.
- remove tcpdump-4.0.0-uninitialized.patch, it's solved differently
- update to 4.3.0
  - fixes for forces: SPARSE data (per RFC 5810)
  - some more test cases added
  - updates to documentation on -l, -U and -w flags.
  - Fix printing of BGP optional headers.
  - Tried to include DLT_PFSYNC support, failed due to headers required.
  - added TIPC support.
  - Fix LLDP Network Policy bit definitions.
  - fixes for IGMPv3's Max Response Time: it is in units of 0.1 second.
  - SIGUSR1 can be used rather than SIGINFO for stats
  - permit -n flag to affect print-ip for protocol numbers
  - ND_OPT_ADVINTERVAL is in milliseconds, not seconds
  - Teach PPPoE parser about RFC 4638
- update to 4.2.1
  - Only build the Babel printer if IPv6 is enabled.
  - Support Babel on port 6696 as well as 6697.
  - Include ppi.h in release tarball.
  - Include all the test files in the release tarball, and don't
    "include" test files that no longer exist.
  - Don't assume we have <rpc/rpc.h> - check for it.
  - Support "-T carp" as a way of dissecting IP protocol 112 as CARP
    rather than VRRP.
  - Support Hilscher NetAnalyzer link-layer header format.
  - Constify some pointers and fix compiler warnings.
  - Get rid of never-true test.
  - Fix an unintended fall-through in a case statement in the ARP
    printer.
  - Fix several cases where sizeof(sizeof(XXX)) was used when just
    sizeof(XXX) was intended.
  - Make stricter sanity checks in the ES-IS printer.
  - Get rid of some GCCisms that caused builds to fail with compilers
    that don't support them.
  - Fix typo in man page.
  - Added length checks to Babel printer.
- drop tcpdump-4.2.0-ppi.patch (upstream)
- update to 4.2.0
  * patch that adds missing ppi.h
  * Summary for 4.2.0
  - merged 802.15.4 decoder from Dmitry Eremin-Solenikov <dbaryshkov
    at gmail dot com>
  - updates to forces for new port numbers
  - Use "-H", not "-h", for the 802.11s option. (-h always help)
  - Better ICMPv6 checksum handling.
  - add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12
  - get rid of uuencoded pcap test files, git can do binary.
  - sFlow changes for 64-bit counters.
  - fixes for PPI packet header handling and printing.
  - Add DCB Exchange protocol (DCBX) version 1.01.
  - Babel dissector, from Juliusz Chroboczek and Grégoire Henry.
  - improvements to radiotap for rate values > 127.
  - Many improvements to ForCES decode, including fix SCTP TML port
  - updated RPL type code to RPL-17 draft
  - Improve printout of DHCPv6 options.
  - added support and test case for QinQ (802.1q VLAN) packets
  - Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4.
  - Build fixes for Sparc and other machines with alignment restrictions.
  - Merged changes from Debian package.
  - PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options.
  - Build fixes for OSX (Snow Leopard and others)
  - Add support for IEEE 802.15.4 packets
  * Summary for 4.1.2 tcpdump release
  - If -U is specified, flush the file after creating it, so it's
    not zero-length
  - Fix TCP flags output description, and some typoes, in the man
    page
  - Add a -h flag, and only attempt to recognize 802.11s mesh
    headers if it's set
  - When printing the link-layer type list, send *all* output to
    stderr
  - Include the CFLAGS setting when configure was run in the
    compiler flags
- update to tcpdump-4.1.1
  * Don't blow up if a zero-length link-layer address is passed to
    linkaddr_string()
  * Fix printing of MAC addresses for VLAN frames with a length
    field
  * Add some additional bounds checks and use the EXTRACT_ macros
    more
  * Add a -b flag to print the AS number in BGP packets in ASDOT
    notation rather than ASPLAIN notation
  * Add ICMPv6 RFC 5006 support
  * Decode the access flags in NFS access requests
  * Handle the new DLT_ for memory-mapped USB captures on Linux
  * Make the default snapshot (-s) the maximum
  * Print name of device (when -L is used)
  * Print new TCP flags
  * Add support for RPL DIO
  * Add support for TCP User Timeout (UTO)
  * Add support for non-standard Ethertypes used by 3com PPPoE gear
  * Add support for 802.11n and 802.11s
  * Add support for Transparent Ethernet Bridge ethertype in GRE
  * Add 4 byte AS support for BGP printer
  * Add support for the MDT SAFI 66 BG printer
  * Add basic IPv6 support to print-olsr
  * Add USB printer
  * Add printer for ForCES
  * Handle frames with an FCS
  * Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames
  * Fix TCP sequence number printing
  * Report 802.2 packets as 802.2 instead of 802.3
- drop tcpdump-4.0.0-autoconf.patch (not needed with new autoconf)
- compile with -fno-strict-aliasing

==== yast2-vm ====
Version update (3.1.30 -> 3.2.0)

- bsc#978225 - yast virtualization menu not updated after install
  KVM and KVM tools
- 3.2.0