Removed rpms
============

 - cyrus-sasl-crammd5-32bit
 - cyrus-sasl-gssapi-32bit
 - cyrus-sasl-plain-32bit
 - glibc-32bit
 - glibc-locale-32bit
 - glibc-locale-base-32bit
 - alsa-plugins-pulse-32bit
 - gettext-runtime-32bit
 - gnome-keyring-pam-32bit
 - libFLAC8-32bit
 - libaudit1-32bit
 - libbrotlicommon1-32bit
 - libcrack2-32bit
 - libcurl4-32bit
 - libdbus-1-3-32bit
 - libdw1-32bit
 - libfontconfig1-32bit
 - libfreetype6-32bit
 - libhogweed6-32bit
 - libjansson4-32bit
 - liblzma5-32bit
 - libmagic1-32bit
 - libnss_usrfiles2-32bit
 - libnuma1-32bit
 - libopenssl1_1-32bit
 - libp11-kit0-32bit
 - libparted0-32bit
 - libpci3-32bit
 - libpng16-16-32bit
 - libpopt0-32bit
 - libsasl2-3-32bit
 - libselinux1-32bit
 - libsndfile1-32bit
 - openslp-32bit
 - systemd-32bit
 - libasound2-32bit
 - libavahi-common3-32bit
 - libbrotlidec1-32bit
 - libcom_err2-32bit
 - libcrypt1-32bit
 - libcups2-32bit
 - libgio-2_0-0-32bit
 - libgnutls30-32bit
 - liblua5_3-5-32bit
 - liblz4-1-32bit
 - libnscd1-32bit
 - libpcre1-32bit
 - libpsl5-32bit
 - libssh4-32bit
 - libtextstyle0-32bit
 - libudev1-32bit
 - libxml2-2-32bit
 - qemu-microvm
 - qemu-vgabios
 - samba-client-32bit

Added rpms
==========

 - alsa-plugins-pulse-32bit
 - gettext-runtime-32bit
 - gnome-keyring-pam-32bit
 - cyrus-sasl-crammd5-32bit
 - cyrus-sasl-gssapi-32bit
 - cyrus-sasl-plain-32bit
 - glibc-32bit
 - glibc-locale-32bit
 - glibc-locale-base-32bit
 - libasound2-32bit
 - libavahi-common3-32bit
 - libbrotlidec1-32bit
 - libcom_err2-32bit
 - libcrypt1-32bit
 - libcups2-32bit
 - libgio-2_0-0-32bit
 - libgnutls30-32bit
 - liblua5_3-5-32bit
 - liblz4-1-32bit
 - libnscd1-32bit
 - libpcre1-32bit
 - libpsl5-32bit
 - libssh4-32bit
 - libtextstyle0-32bit
 - libudev1-32bit
 - libxml2-2-32bit
 - samba-client-32bit
 - qemu-microvm
 - qemu-vgabios
 - libFLAC8-32bit
 - libaudit1-32bit
 - libbrotlicommon1-32bit
 - libcrack2-32bit
 - libcurl4-32bit
 - libdbus-1-3-32bit
 - libdw1-32bit
 - libfontconfig1-32bit
 - libfreetype6-32bit
 - libhogweed6-32bit
 - libjansson4-32bit
 - liblzma5-32bit
 - libmagic1-32bit
 - libnss_usrfiles2-32bit
 - libnuma1-32bit
 - libopenssl1_1-32bit
 - libp11-kit0-32bit
 - libparted0-32bit
 - libpci3-32bit
 - libpng16-16-32bit
 - libpopt0-32bit
 - libsasl2-3-32bit
 - libselinux1-32bit
 - libsndfile1-32bit
 - openslp-32bit
 - systemd-32bit

Package Source Changes
======================

cracklib
+- %check: really test the package [bsc#1191736]
+
+- Update to version 2.9.7:
+  + fix a buffer overflow processing long words.
+- Drop 0003-overflow-processing-gecos.patch and
+  0004-overflow-processing-long-words.patch: fixed upstream.
+- Update source URI.
+- Remove use of translation-update-upstream. It cannot be added to
+  ring 0 on leap, and 2.9.7 has some translation fixes
+  (bsc#1172396).
+
+- Enable translation-update-upstream on leap, to remove the use of
+  is_opensuse (jsc#SLE-12096).
+
+- use /usr/lib instead of %{_libexecdir}, %{_libexecdir} should
+  contain internal binaries, not data
+
+- Use %license (boo#1082318)
+
+- Update to 2.9.6
+  * fix issue with sort and locale
+  * some particularly bad cases to the cracklib small dictionary
+  * updates to cracklib-words (adds a bunch of other dictionary lists)
+  * migration to github
+- run spec-cleaner
+
+- Only buildrequire and call translation-update-upstream on SLE:
+  the package in openSUSE is a dummy and is empty.
+
+- Add patch 0004-overflow-processing-long-words.patch
+  to fix a new buffer overflow identified together with bsc#992966.
+
+- Relabel patches:
+  cracklib-magic.diff -> 0001-cracklib-magic.diff
+  cracklib-2.9.2-visibility.patch -> 0002-cracklib-2.9.2-visibility.patch
+- Add patch 0003-overflow-processing-gecos.patch
+  to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)
+
+- Update to 2.9.5
+  * fix matching against first password in dictionary (Anton Dobkin)
+- Changes for 2.9.4
+  * remove doubled prototype
+- Changes for 2.9.3
+  * expose additional functions externally
+
+- Cleanup spec file with spec-cleaner
+- Remove old ppc provides/obsoletes
+
+- Update to version 2.9.2
+  + support build of python support outside of source tree
+  + fix bug in Python string distance calculation
+  + fix bug #16 / debian bug 724570 - broken optimization with packlib
+    prevblock
+- Adapt patch to upstream changes
+  + cracklib-visibility.patch > cracklib-2.9.2-visibility.patch
+
cyrus-sasl
+- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
+  in plugins/sql.c (bsc#1196036)
+  o add upstream patch:
+    0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
+
+- postfix: sasl authentication with password fails (bsc#1194265)
+  Add config parameter --with-dblib=gdbm
+- Avoid converting of /etc/sasldb2 by every update. Convert
+  /etc/sasldb2 only if it is a Berkeley DB
+
+- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
+  due to insecure tmp file usage. (bsc#1180669)
+  Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
+  files.
+
+- Remove Berkeley DB dependency (JIRA#SLE-12190)
+  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
+  without Berkely DB support. gdbm will be used instead of BDB.
+  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
+  with Berkely DB support.
+- Update to 2.1.27
+  * Added support for OpenSSL 1.1
+  * Added support for lmdb
+  * Lots of build fixes
+  * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
+  * DIGEST-MD5 plugin:
+    Fixed memory leaks
+    Fixed a segfault when looking for non-existent reauth cache
+    Prevent client from going from step 3 back to step 2
+    Allow cmusaslsecretDIGEST-MD5 property to be disabled
+  * GSSAPI plugin:
+    Added support for retrieving negotiated SSF
+    Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
+    Properly compute maxbufsize AFTER security layers have been set
+  * SCRAM plugin:
+    Added support for SCRAM-SHA-256
+  * LOGIN plugin:
+    Don’t prompt client for password until requested by server
+  * NTLM plugin:
+    Fixed crash due to uninitialized HMAC context
+- Replace references to /var/adm/fillup-templates with new
+  %_fillupdir macro (boo#1069468)
+- bsc#983938 `After=syslog.target` left-overs in several unit files
+- added patches:
+  fix_libpq-fe_include.diff  for fixing including libpq-fe.h
+- removed patches obsoleted by upstream changes:
+  * shared_link_on_ppc.patch
+  * cyrus-sasl-2.1.27-openssl-1.1.0.patch
+  * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
+  * 0003-Check-return-error-from-gss_wrap_size_limit.patch
+  * 0004-Add-support-for-retrieving-the-mech_ssf.patch
+  * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
+  * cyrus-sasl-fix-logging-in-gssapi.patch
+
+- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
+  * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
+  * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
+  * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
+- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
+  * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
+
+- added backport-patch cyrus-sasl-bug587.patch which fixes
+  off-by-one error in _sasl_add_string function
+  (see CVE-2019-19906 bsc#1159635)
+
+- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1"
+  By server context the connection will be sent to the log function.
+  Client content does not have log level information. I.e. there is no
+  way to stop DEBUG level logs nece I've removed it.
+  * add cyrus-sasl-fix-logging-in-gssapi.patch
+
+- OpenSSL 1.1 support (bsc#1055463)
+  * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
+
+- added cyrus-sasl-issue-402.patch to fix
+  SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
+  (see https://github.com/cyrusimap/cyrus-sasl/issues/402)
+
+- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
+
+- really use SASLAUTHD_PARAMS variable (bnc#938657)
+
+- bnc#908883 cyrus-sasl-scram refers to wrong RFC
+
+- Make sure /usr/sbin/rcsaslauthd exists
+
flac
+- Fix out of bound write in append_to_verify_fifo_interleaved_
+  (CVE-2021-0561 bsc#1196660):
+  libFlac-Exit-at-EOS-in-verify-mode.patch
+
+- Fix memory leak (CVE-2020-0487 bsc#1180112):
+  stream_decoder.c-Fix-a-memory-leak.patch
+
+- Fix out-of-bounds access (CVE-2020-0499 bsc#1180099):
+  libFLAC-bitreader.c-Fix-out-of-bounds-read.patch
+
+- Fix memory leak in read_metadata_vorbiscomment_() function
+  (CVE-2017-6888, bsc#1091045):
+  flac-CVE-2017-6888.patch
+
+- Update to version 1.3.2
+  * Fix undefined behaviour using GCC/Clang UBSAN (erikd).
+  * General hardening via fuzz testing with AFL (erikd and
+    others).
+  * General code improvements (lvqcl, erikd and others).
+  * Add FLAC in MP4 specification docs (Ralph Giles).
+  * Fix some cppcheck warnings (erikd).
+  * Assume all currently used OSes support SSE2.
+  flac:
+  * Fix potential infinite loop on flac-to-flac conversion
+    (erikd).
+  * Add WAVEFORMATEXTENSIBLE to WAV (as needed) when
+    decoding (lvqcl).
+  * Only write vorbis-comments if they are non-empty.
+  * Error out if decoding RAW with bits != (8|16|24).
+  metaflac:
+  * Add --scan-replay-gain option.
+  libraries:
+  * CPU detection cleanup and fixes (Julian Calaby, erikd
+    and lvqcl).
+  * Fix two stream decoder bugs (Max Kellermann).
+  * Fix a NULL dereference bug (on a malformed file).
+  * Changed the LPC order guess for a slight compression
+    improvement, particularly for classical music
+    (Martijn van Beurden).
+  * Improved encoding speed on older Intel CPUs.
+  * Fixed a seeking bug when decoding certain files
+    (Miroslav Lichvar).
+  * Put an upper bound (32768) on the number of seek
+    points.
+  * Fix potential memory leaks.
+  * Support 64bit brword/bwword allowing
+    FLAC__BYTES_PER_WORD to be set to 8 (disabled by
+    default).
+  * Fix an out-of-bounds heap read.
+- Refreshed flac-cflags.patch
+
+- Drop patch that should be upstreamed first, otherwise we will
+  have to keep it ofrever:
+  * flac-ocloexec.patch
+- Drop wrong patch:
+  * flac-fix-pkgconfig.patch
+    + If using this change you get assert.h include overriden in your
+    project by the one from FLAC/ which is not what upstream desired
+    If packages fail to build they should fix their include
+
+- Build documentation as noarch
+
+- Cleanup spec file with spec-cleaner
+- Update url
+- Remove no longer needed patches
+  * flac-fix-CVE-2014-8962.patch
+  * flac-fix-CVE-2014-9028.patch
+  * 0001-getopt_long-not-broken-here.patch
+- Remove following as benefit of using openssl is small
+  * 0001-Allow-use-of-openSSL.patch
+- Add flac-cflags.patch
+- Use doxygen to build documentation
+- Split documentation to separate package
+- Update to 1.3.1
+  * Improved decoding efficiency of all bit depths but especially
+    so for 24 bits for IA32 architecture (lvqcl and Miroslav Lichvar).
+  * Faster encoding using SSE and AVX (lvqcl).
+  * Fixed bartlett, bartlett_hann and triangle functions.
+  * New apodization functions partial_tukey and punchout_tukey for
+    improved compression (Martijn van Beurden).
+  * Retuned compression presets to incorporate new apodization
+    functions (Martijn van Beurden).
+  * Fix -Wcast-align warnings on armhf architecture (Erik de
+    Castro Lopo).
+  * Help output documentation improvements.
+  * I/O buffering improvements on Windows to reduce disk
+    fragmentation when writing files.
+  * Only write vorbis-comments if they are non-empty.
+  * Fix symbol visibility in XMMS plugin.
+  * Many fixes and improvements across all the build systems.
+  * Fix CVE-2014-9028 (heap write overflow) and CVE-2014-8962
+    (heap read overflow)
+
+- A couple of security fixes:
+  * flac-fix-CVE-2014-8962.patch:
+    arbitrary code execution by a stack overflow (CVE-2014-8962,
+    bnc#906831)
+  * flac-fix-CVE-2014-9028.patch:
+    Heap overflow via specially crafted .flac files (CVE-2014-9028,
+    bnc#907016)
+
+- Update to final upstream release 1.3.0
+  * No user-visible changes
+- More robust make install call
+
freetype2
+- Add CVE-2020-15999.patch to fix a heap buffer overflow has been
+  found  in the handling of embedded PNG bitmaps
+  CVE-2020-15999 bsc#1177914
+
+- Use the compiler default C std, since 2012 gcc defaults
+  have changed, we now only need to get rid of ANSIFLAGS, override
+  that variable instead.
+
+- Update to version 2.10.1
+  * The bytecode hinting of OpenType variation fonts was flawed, since
+    the data in the `CVAR' table wasn't correctly applied.
+  * Auto-hinter support for Mongolian.
+  * The handling of  the default character in PCF fonts as  introduced
+    in version 2.10.0 was partially broken, causing premature abortion
+    of charmap iteration for many fonts.
+  * If  `FT_Set_Named_Instance' was  called  with  the same  arguments
+    twice in a row, the function  returned an incorrect error code the
+    second time.
+  * Direct   rendering   using  FT_RASTER_FLAG_DIRECT   crashed   (bug
+    introduced in version 2.10.0).
+  * Increased  precision  while  computing  OpenType  font   variation
+    instances.
+  * The  flattening  algorithm of  cubic  Bezier  curves was  slightly
+    changed to make  it faster.  This can cause  very subtle rendering
+    changes, which aren't noticeable by the eye, however.
+  * The  auto-hinter  now  disables hinting  if there  are blue  zones
+    defined for a `style' (i.e., a certain combination of a script and
+    its related typographic features) but the font doesn't contain any
+    characters needed to set up at least one blue zone.
+- Add tarball signatures and freetype2.keyring
+
+- Update to version 2.10.0
+  * A bunch of new functions has been added to access and process
+    COLR/CPAL data of OpenType fonts with color-layered glyphs.
+  * As a GSoC 2018 project, Nikhil Ramakrishnan completely
+    overhauled and modernized the API reference.
+  * The logic for computing the global ascender, descender, and
+    height of OpenType fonts has been slightly adjusted for
+    consistency.
+  * `TT_Set_MM_Blend' could fail if called repeatedly with the same
+    arguments.
+  * The precision of handling deltas in Variation Fonts has been
+    increased.The problem did only show up with multidimensional
+    designspaces.
+  * New function `FT_Library_SetLcdGeometry' to set up the geometry
+    of LCD subpixels.
+  * FreeType now uses the `defaultChar' property of PCF fonts to set
+    the  glyph for  the undefined  character  at glyph  index 0  (as
+    FreeType already does for all other supported font formats).  As
+    a consequence, the order of glyphs of a PCF font if accessed
+    with  FreeType can be different now compared to previous
+    versions.
+    This change doesn't affect PCF font access with cmaps.
+  * `FT_Select_Charmap' has been changed to allow  parameter value
+    `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT
+    formats to access built-in cmaps that don't have a predefined
+    `FT_Encoding' value.
+  * A previously reserved field in the `FT_GlyphSlotRec' structure
+    now holds the glyph index.
+  * The usual round of fuzzer bug fixes to better reject malformed
+    fonts.
+  * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have
+    been removed.These two functions were public by oversight only
+    and were never documented.
+  * A new function `FT_Error_String' returns descriptions of error
+    codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is
+    defined.
+  * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new
+    functions limited to Adobe MultiMaster fonts to directly set and
+    get the weight vector.
+
+- Remove old ppc64 parts in spec file
+- Refresh patches:
+  + bugzilla-308961-cmex-workaround.patch
+  + don-t-mark-libpng-as-required-library.patch
+  + enable-long-family-names-by-default.patch
+- Enable subpixel rendering with infinality config:
+  + enable-subpixel-rendering.patch
+  + enable-infinality-subpixel-hinting.patch
+
+- Re-enable freetype-config, there is just too many fallouts.
+
+- Update to version 2.9.1
+  * Type 1 fonts containing flex features were not rendered
+    correctly (bug introduced in version 2.9).
+  * CVE-2018-6942: Older FreeType versions can crash with certain
+    malformed variation fonts.
+  * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.
+  * Emboldening of bitmaps didn't work correctly sometimes, showing
+    various artifacts (bug introduced in version 2.8.1).
+  * The auto-hinter script ranges have  been updated for Unicode 11.
+    No support for new scripts have been added, however,  with the
+    exception of Georgian Mtavruli.
+- freetype-config is now deprecated by upstream and not enabled
+  by default.
+- Drop upstreamed patches:
+  * bnc1079600.patch
+  * psaux-flex.patch
+  * 0001-src-truetype-ttinterp.c-Ins_GETVARIATION-Avoid-NULL-.patch
+  * 0001-truetype-Better-protection-against-invalid-VF-data.patch
+
+- Add bnc1079600.patch: Fix several integer overflow issues in
+  truetype/ttinterp.c (bsc#1079600)
+
+- Refresh spec-file via spec-cleaner.
+- Add shell script freetype2.sh in separate package
+  freetype2-profile-tti35 in order to be able to set TrueType
+  interpreter version 35 (boo#1084085).
+
+- Added patch:
+  * enable-long-family-names-by-default.patch
+    + Define PCF_CONFIG_OPTION_LONG_FAMILY_NAMES to obtain 2.7.1
+    behaviour
+
+- Added patches:
+  * 0001-src-truetype-ttinterp.c-Ins_GETVARIATION-Avoid-NULL-.patch
+    + Upstream fix for bsc#1079603: Avoid NULL reference in
+    src/truetype/ttinterp.c
+  * 0001-truetype-Better-protection-against-invalid-VF-data.patch
+    + Upstream fix for bsc#1079601: Protection against invalid VF
+    data
+
+- Add psaux-flex.patch to fix a regression in Type1 rendering
+
+- Update to version 2.9
+  * Advance width values of variation fonts were often wrong.
+  * More fixes for variation font support; you should update to
+    this version if you want to support them.
+  * As a GSoC project, Ewald Hew extended the new (Adobe) CFF
+    engine to handle Type 1 fonts also, thus greatly improving
+    the rendering of this format. This is the new default.
+  * A new function, `FT_Set_Named_Instance', can be used to set
+    or change the current named instance.
+  * Starting with this FreeType version, resetting variation
+    coordinates will return to the currently selected named
+    instance. Previously, FreeType returned to the base font
+    (i.e., no instance set).
+  * Some fuzzer fixes to better reject malformed fonts.
+
+- Update to version 2.8.1
+  * B/W  hinting   of  TrueType   fonts  didn't  work   properly  if
+    interpreter version 38 or 40 was selected.
+  * Some severe  problems within the handling  of TrueType Variation
+    Fonts were found and fixed.
+  * Function `FT_Set_Var_Design_Coordinates' didn't correctly handle
+    the case with less input coordinates than axes.
+  * By default,  FreeType  now offers  high  quality  LCD-optimized
+    output  without resorting to ClearType techniques of resolution
+    tripling and filtering.  In this method,  called Harmony,  each
+    color channel is generated separately  after shifting the glyph
+    outline,  capitalizing on the fact  that the color grids on LCD
+    panels  are  shifted  by  a third  of  a pixel.  This output is
+    indistinguishable from ClearType with a light 3-tap filter.
+  * Using the  new function `FT_Get_Var_Axis_Flags',  an application
+    can access the `flags' field  of a variation axis (introduced in
+    OpenType version 1.8.2)
+  * FreeType  now synthesizes  a  missing Unicode  cmap for  (older)
+    TrueType fonts also if glyph names are available.
+  * The warping option  has moved  from `light'  to `normal' hinting
+    where  it replaces  the original hinting algorithm.  The `light'
+    mode is now always void of any hinting in x-direction.
+
+- Update to version 2.8
+  * Support for OpenType Variation Fonts is now complete. The last
+    missing part was handling the `VVAR' and `MVAR' tables, which is
+    available with this release.
+  * A new  function `FT_Face_Properties' allows the  control of some
+    module  and   library  properties  per  font.    Currently,  the
+    following properties can be  handled: stem darkening, LCD filter
+    weights, and the random seed for the `random' CFF operator.
+  * The PCF change to show more `colourful' family names (introduced
+    in version 2.7.1) was too radical; it can now be configured with
+    PCF_CONFIG_OPTION_LONG_FAMILY_NAMES   at   compile   time.    If
+    activated, it can  be switched off at run time  with the new pcf
+    property  `no-long-family-names'.  If  the `FREETYPE_PROPERTIES'
+    environment variable is available, you can say
+    FREETYPE_PROPERTIES=pcf:no-long-family-names=1
+  * Support  for  the  following  scripts  has  been  added  to  the
+    auto-hinter.
+    Adlam, Avestan, Bamum, Buhid, Carian, Chakma, Coptic, Cypriot,
+    Deseret, Glagolitic, Gothic, Kayah, Lisu, N'Ko, Ol Chiki, Old
+    Turkic, Osage, Osmanya, Saurashtra, Shavian, Sundanese, Tai
+    Viet, Tifinagh, Unified Canadian Syllabics, Vai
+  * `Light' auto-hinting  mode no  longer uses TrueType  metrics for
+    TrueType  fonts.   This bug  was  introduced  in version  2.4.6,
+    causing   horizontal  scaling   also.    Almost  all   GNU/Linux
+    distributions (with Fedora as  a notable exception) disabled the
+    corresponding patch for good reasons; chances are thus high that
+    you won't notice a difference.
+  * If a TrueType font gets loaded with FT_LOAD_NO_HINTING, FreeType
+    now scales  the font linearly  again (bug introduced  in version
+    2.4.6).
+  * Fixed CVE-2017-8105,  CVE-2017-8287:  Older   FreeType  versions
+    have out-of-bounds  writes  caused  by  heap-based  buffer  overflows
+    related to Type 1 fonts. (boo#1035807, boo#1036457)
+- See https://sourceforge.net/projects/freetype/files/freetype2/2.8/ for
+  the complete changelog.
+
+- Update to version 2.7.1:
+  * IMPORTANT CHANGES
+    + Support for the new CFF2 font format as introduced with
+    OpenType 1.8 has been contributed by Dave Arnolds from Adobe.
+    + Preliminary support for variation fonts as specified in
+    OpenType 1.8 (in addition to the already existing support for
+    Adobe's MM and Apple's GX formats). Dave Arnolds contributed
+    handling of advance width change variation; more will come in
+    the next version.
+  * IMPORTANT BUG FIXES
+    + Handling of raw CID fonts was partially broken (bug introduced
+    in 2.6.4).
+  * MISCELLANEOUS
+    + Some limits for TrueType bytecode execution have been tightened
+    to speed up FreeType's handling of malformed fonts, in
+    particular to quickly abort endless loops.
+    + The number of twilight points can no longer be set to an
+    arbitrarily large value.
+    + The total number of jump opcode instructions (like JMPR) with
+    negative arguments is dynamically restricted; the same holds
+    for the total number of iterations in LOOPCALL opcodes.
+    + The dynamic limits are based on the number of points in a glyph
+    and the number of CVT entries. Please report if you encounter a
+    font where the selected values are not adequate.
+    + PCF family names are made more `colourful'; they now include the
+    foundry and information whether they contain wide characters.
+    For example, you no longer get `Fixed' but rather `Sony Fixed'
+    or `Misc Fixed Wide'.
+    + A new function `FT_Get_Var_Blend_Coordinates' (with its alias
+    name `FT_Get_MM_Blend_Coordinates') to retrieve the normalized
+    blend coordinates of the currently selected variation instance
+    has been added to the Multiple Masters interface.
+    + A new function `FT_Get_Var_Design_Coordinates' to retrieve the
+    design coordinates of the currently selected variation instance
+    has been added to the Multiple Masters interface.
+    + A new load flag `FT_LOAD_BITMAP_METRICS_ONLY' to retrieve bitmap
+    information without loading the (embedded) bitmap itself.
+    + Retrieving advance widths from bitmap strikes (using
+    `FT_Get_Advance' and `FT_Get_Advances') have been sped up.
+    + The usual round of fuzzer fixes to better reject malformed
+    fonts.
+- Drop freetype2-bitmap-foundry.patch, merged upstream.
+
+- update to version 2.7:
+  * IMPORTANT CHANGES
+    + As announced earlier, the 2.7.x series now uses the new subpixel
+    hinting  mode as  the  default, emulating  a  modern version  of
+    ClearType.
+    This change inevitably leads to different rendering results, and
+    you   might   change   the   `TT_CONFIG_OPTION_SUBPIXEL_HINTING'
+    configuration option to  adapt it to your taste (or  use the new
+    `FREETYPE_PROPERTIES'    environment    variable).    See    the
+    corresponding entry  below for  version 2.6.4, which  gives more
+    information.
+    + A new option  `FT_CONFIG_OPTION_ENVIRONMENT_PROPERTIES' has been
+    introduced.   If  set (which  is  the  default), an  environment
+    variable  `FREETYPE_PROPERTIES' can  be used  to control  driver
+    properties.  Example:
+    FREETYPE_PROPERTIES=truetype:interpreter-version=35 \
+    cff:no-stem-darkening=1 \
+    autofitter:warping=1
+    This allows to select, say, the subpixel hinting mode at runtime
+    for a given application.  See file `ftoption.h' for more.
+  * IMPORTANT BUG FIXES
+    + After  loading a  named instance  of  a GX  variation font,  the
+    `face_index'  value  in  the returned  `FT_Face'  structure  now
+    correctly holds the named instance  index in the upper 16bits as
+    documented.
+  * MISCELLANEOUS
+    + A new macro `FT_IS_NAMED_INSTANCE' to  test whether a given face
+    is a named instance.
+    + More fixes to GX font handling.
+    + Apple's   `GETVARIATION'  bytecode   operator  (needed   for  GX
+    variation font support) has been implemented.
+    + Another round  of fuzzer fixes,  mainly to reject  invalid fonts
+    faster.
+    + Handling of raw CID fonts  was broken (bug introduced in version
+    2.6.4).
+    + The smooth rasterizer has been streamlined  to make it faster by
+    approx. 20%.
+    + The `ftgrid'  demo program now  understands command  line option
+    `-d' to give start-up design coordinates.
+    + The `ftdump' demo program has  a new command line option `-p' to
+    dump TrueType bytecode instructions.
+- removed freetype2-subpixel.patch in favor of above
+  FREETYPE_PROPERTIES environment variable
+
+- Update to version 2.6.5:
+  + Compilation works again  on Mac OS X (bug introduced in version
+    2.6.4).
+  + The new  subpixel hinting  mode is now  disabled by  default; it
+    will  be enabled  by default  in the  forthcoming 2.7.x  series.
+    Main reason for reverting this feature is the principle of least
+    surprise: a  sudden change in  appearance of all fonts  (even if
+    the rendering improves  for almost all recent  fonts) should not
+    be expected in a new micro version of a series.
+- Rebase freetype2-subpixel.patch.
+
+- Upadte to version 2.6.4:
+  * A new subpixel hinting mode, which is now the default rendering
+    mode for TrueType fonts. It implements (almost everything of)
+    version 40 of the bytecode engine. The existing code base in
+    FreeType (the `Infinality code') was stripped to the bare
+    minimum and all configurability removed in the name of speed
+    and simplicity. The configurability was mainly aimed at legacy
+    fonts like Arial, Times New Roman, or Courier. [Legacy fonts
+    are fonts that modify vertical stems to achieve clean
+    black-and-white bitmaps.] The new mode focuses on applying a
+    minimal set of rules to all fonts indiscriminately so that
+    modern and web fonts render well while legacy fonts render
+    okay. Activation of the subpixel hinting support can be
+    controlled with the `TT_CONFIG_OPTION_SUBPIXEL_HINTING'
+    configuration option at compile time: If set to value 1, you
+    get the old Infinality mode (which was never the default due to
+    its slowness). Value 2 activates the new subpixel hinting mode,
+    and value 3 activates both. The default is value 2. At run
+    time, you can select the subpixel hinting mode with the
+    `interpreter-version' property (provided you have compiled in
+    the corresponding hinting mode); see `ftttdrv.h' for more.
+  * Support for the following scripts has been added to the
+    auto-hinter: Armenian, Cherokee, Ethiopic, Georgian, Gujarati,
+    Gurmukhi, Malayalam, Sinhala, Tamil.
+- Rebase freetype2-subpixel.patch.
+
+- Update to version 2.6.3
+  * IMPORTANT CHANGES
+  - Khmer,  Myanmar, Bengali,  and Kannada  script support  has been
+    added to the auto-hinter.
+  * MISCELLANEOUS
+  - Better  support of  Indic  scripts like  Devanagari  by using  a
+    top-to-bottom hinting flow.
+  - All  FreeType macros  starting  with two  underscores have  been
+    renamed to  avoid a violation of  both the C and  C++ standards.
+    Example: Header  macros of the  form `__FOO_H__' are  now called
+    `FOO_H_'.  In most cases,  this should be completely transparent
+    to the user.   The exception to this  is `__FTERRORS_H__', which
+    must be  sometimes undefined by  the user to get  FreeType error
+    strings:  Both this  form and  the new  `FTERRORS_H_' macro  are
+    accepted for backwards compatibility.
+  - Minor improvements mainly to the Type 1 driver.
+  - The  new CFF  engine now  supports all  Type 2  operators except
+    `random'.
+  - The macro `_STANDALONE_', used for  compiling the B/W and smooth
+    rasterizers  as   stand-alone  modules,  has  been   renamed  to
+    `STANDALONE_', since macro names starting with an underscore and
+    followed by an uppercase letter are reserved in both C and C++.
+  - Function  `FT_Library_SetLcdFilterWeights'  now  also  activates
+    custom LCD filter weights (instead of just adjusting them).
+  - Support for  `unpatented hinting'  has been  completely removed:
+    Consequently,  the two  functions `FT_Face_CheckTrueTypePatents'
+    and  `FT_Face_SetUnpatentedHinting'  now  return  always  false,
+    doing nothing.
+
+- Update to version 2.6.2
+  * IMPORTANT CHANGES
+  - The auto-hinter now supports stem darkening, to be controlled by
+    the    new   `no-stem-darkening'    and   `darkening-parameters'
+    properties.   This is  an  experimental  feature contributed  by
+    Nikolaus Waxweiler, and  the interface might change  in a future
+    release.
+  - By default, stem darkening is now switched off (for both the CFF
+    engine and the  auto-hinter).  The main reason is  that you need
+    linear  alpha  blending  and  gamma correction  to  get  correct
+    rendering results, and  the latter is not yet  available in most
+    freely  available  rendering  stacks like  X11.   Applying  stem
+    darkening without proper gamma correction  leads to far too dark
+    rendering results.
+  - The   meaning  of   `FT_RENDER_MODE_LIGHT'  has   been  slightly
+    modified.   It  now  essentially  means `no  hinting  along  the
+    horizontal  axis'; in  particular,  no change  of glyph  advance
+    widths.  Consequently, the auto-hinter  is used for all scalable
+    font  formats  except  for  CFF.    It  is  planned  that  other
+    font-specific rendering engines (TrueType, Type 1) will follow.
+  * MISCELLANEOUS
+  - The default  LCD filter  has been changed  to be  normalized and
+    color-balanced.
+  - For    better    compatibility   with    FontConfig,    function
+    `FT_Library_SetLcdFilter'  accepts   a  new   enumeration  value
+    `FT_LCD_FILTER_LEGACY1'   (which  has   the   same  meaning   as
+    `FT_LCD_FILTER_LEGACY').
+  - A large number of bugs have been detected by using the libFuzzer
+    framework,  which should  further  improve  handling of  invalid
+    fonts.  Thanks again to Kostya Serebryany and Bungeman!
+  - `TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES',  a   new  configuration
+    option, controls the maximum number of executed opcodes within a
+    bytecode program.  You don't want to change this except for very
+    special  situations (e.g.,  making a  library fuzzer  spend less
+    time to handle broken fonts).
+  - The smooth renderer has been made faster.
+
+- Update to version 2.6.1
+  * IMPORTANT BUG FIXES
+  - It turned  out that for CFFs  only the advance widths  should be
+    taken from the  `htmx' table, not the side  bearings.  This bug,
+    introduced in  version 2.6.0, makes  it necessary to  upgrade if
+    you are using  CFFs; otherwise, you get cropped  glyphs with GUI
+    interfaces like GTK or Qt.
+  - Accessing Type 42 fonts returned  incorrect results if the glyph
+    order of the embedded TrueType font differs from the glyph order
+    of the Type 42 charstrings table.
+  * IMPORTANT CHANGES
+  - The header  file layout  has been  changed (again),  moving  all
+    header files except `ft2build.h' into a subdirectory tree.
+    Doing so  reduces the  possibility of  header file  name clashes
+    (e.g., FTGL's  `FTGlyph.h' with FreeType's `ftglyph.h')  on case
+    insensitive file systems like Mac OS X or Windows.
+    Applications  that  use  (a)  the  `freetype-config'  script  or
+    FreeType's `freetype2.pc' file for pkg-config to get the include
+    directory  for the  compiler,  and (b)  the  documented way  for
+    header inclusion like
+    [#]include <ft2build.h>
+    [#]include FT_FREETYPE_H
+    ...
+    don't need any change to the source code.
+  - Simple access  to named instances  in GX variation fonts  is now
+    available (in addition to the  previous method via FreeType's MM
+    interface).   In  the `FT_Face'  structure,  bits  16-30 of  the
+    `face_index' field hold the current named instance index for the
+    given face  index, and bits  16-30 of `style_flags'  contain the
+    number of  instances for  the given face  index.  `FT_Open_Face'
+    and friends also understand the  extended bits of the face index
+    parameter.
+    You need to enable  TT_CONFIG_OPTION_GX_VAR_SUPPORT for this new
+    feature.  Otherwise, bits  16-30 of the two fields  are zero (or
+    are ignored).
+  - Lao script support has been added to the auto-hinter.
+  * MISCELLANEOUS
+  - The auto-hinter's Arabic script support has been enhanced.
+  - Superscript-like and  subscript-like glyphs  as used  by various
+    phonetic alphabets like the IPA  are now better supported by the
+    auto-hinter.
+  - The TrueType bytecode interpreter now runs slightly faster.
+  - Improved support for builds with cmake.
+  - The  function  `FT_CeilFix'  now   always  rounds  towards  plus
+    infinity.
+  - The  function  `FT_FloorFix'  now always  rounds  towards  minus
+    infinity.
+  - A  new load  flag `FT_LOAD_COMPUTE_METRICS'  has been  added; it
+    makes FreeType  ignore pre-computed  metrics, as needed  by font
+    validating  or  font  editing  programs.  Right  now,  only  the
+    TrueType  module supports  it  to ignore  data  from the  `hdmx'
+    table.
+  - Another round of bug fixes  to better handle broken fonts, found
+    by Kostya Serebryany <kcc@google.com>.
+- Dropping upstreamed patch Dont-use-hmtx-table-for-LSB.patch.
+
+- Add Dont-use-hmtx-table-for-LSB.patch: Fixes gnu#45520, cut off
+  fonts in gtk and qt. Taken from upstream git.
+
+- Update to version 2.6
+  * Thread safety improvements
+  * Thai script support has been added to the auto-hinter.
+  * Arabic script support has been added to the auto-hinter.
+  * Following OpenType version 1.7,  advance widths and side bearing
+    values in  CFFs (wrapped  in an SFNT  structure) are  now always
+    taken from the `hmtx' table.
+  * Following OpenType  version 1.7, the  PostScript font name  of a
+    CFF font (wrapped in an SFNT structure) is now always taken from
+    the `name'  table.  This is  also true for  OpenType Collections
+    (i.e., TTCs using  CFFs subfonts instead of TTFs),  where it may
+    have a significant difference.
+  * Fonts natively hinted for  ClearType are now supported, properly
+    handling selector index 3 of the INSTCTRL bytecode instruction.
+  * Major improvements to the GX TrueType variation font handling.
+
+- Merge with the version 2.5.5 from openSUSE:Factory
+- Removed patches:
+  * CVE-2014-9656.patch
+  * CVE-2014-9657.patch
+  * CVE-2014-9658.patch
+  * CVE-2014-9659.patch
+  * CVE-2014-9660.patch
+  * CVE-2014-9661.patch
+  * CVE-2014-9662.patch
+  * CVE-2014-9663.patch
+  * CVE-2014-9664.patch
+  * CVE-2014-9665.patch
+  * CVE-2014-9666.patch
+  * CVE-2014-9667.patch
+  * CVE-2014-9668.patch
+  * CVE-2014-9669.patch
+  * CVE-2014-9670.patch
+  * CVE-2014-9671.patch
+  * CVE-2014-9672.patch
+  * CVE-2014-9673.patch
+  * CVE-2014-9674.patch
+  * CVE-2014-9675.patch
+  - Integrated in the 2.5.5 release
+- Modified patches:
+  * don-t-mark-libpng-as-required-library.patch
+  * bugzilla-308961-cmex-workaround.patch
+  * freetype2-subpixel.patch
+  * freetype2-bitmap-foundry.patch
+  * overflow.patch
+  - Adapt to the new version of sources
+
+- Modified patch:
+  * CVE-2014-9671.patch
+  - Adapt the code to correspond to the current git master of
+    freetype2 (fixes bsc#933247)
+
+- Enable the bz2 compression in freetype2
+- Remove patch overflow.patch from freetype2.spec where it is not
+  applied.
+- Run spec-cleaner on the spec file.
+
+- fixed vulnerabilities (bnc#916847, bnc#916856, bnc#916857,
+  bnc#916858, bnc#916859, bnc#916860, bnc#916861, bnc#916862,
+  bnc#916863, bnc#916864, bnc#916865, bnc#916867, bnc#916868,
+  bnc#916870, bnc#916871, bnc#916872, bnc#916873, bnc#916874,
+  bnc#916879, bnc#916881)
+  - CVE-2014-9656.patch
+  - CVE-2014-9657.patch
+  - CVE-2014-9658.patch
+  - CVE-2014-9659.patch
+  - CVE-2014-9660.patch
+  - CVE-2014-9661.patch
+  - CVE-2014-9662.patch
+  - CVE-2014-9663.patch
+  - CVE-2014-9664.patch
+  - CVE-2014-9665.patch
+  - CVE-2014-9666.patch
+  - CVE-2014-9667.patch
+  - CVE-2014-9668.patch
+  - CVE-2014-9669.patch
+  - CVE-2014-9670.patch
+  - CVE-2014-9671.patch
+  - CVE-2014-9672.patch
+  - CVE-2014-9673.patch
+  - CVE-2014-9674.patch
+  - CVE-2014-9675.patch
+
+- Update to version 2.5.5
+  * IMPORTANT BUG FIXES
+  - Handling of  uncompressed PCF files works again (bug
+    introduced in version 2.5.4).
+- Drop freetype2-2.5.3-fix-pcf.patch, merged upstream
+
+- Update to version 2.5.4
+  * IMPORTANT BUG FIXES
+  - A variant of vulnerability CVE-2014-2240 was identified
+    (cf.  http://savannah.nongnu.org/bugs/?43661) and fixed
+    in  the new CFF driver.  All users should upgrade.
+  - The new auto-hinter code using HarfBuzz crashed for some
+    invalid fonts.
+  - Many fixes to better protect against malformed input.
+  * IMPORTANT CHANGES
+  - Full auto-hinter support of the Devanagari script.
+  - Experimental auto-hinter support of the Telugu script.
+  - CFF stem darkening behaviour can now be controlled at
+    build time using the eight macros
+    CFF_CONFIG_OPTION_DARKENING_PARAMETER_{X,Y}{1,2,3,4}    .
+  - Some fields in the `FT_Bitmap'  structure have been changed
+    from signed to unsigned type, which better reflects
+    the actual usage. It is also an additional means to
+    protect against malformed input. This change doesn't break
+    the ABI; however, it might cause compiler warnings.
+  * MISCELLANEOUS
+  - Improvements to  the auto-hinter's algorithm to recognize
+    stems and local extrema.
+  - Function `FT_Get_SubGlyph_Info' always returned an error
+    even in case of success.
+  - Version  2.5.1 introduced major bugs in the cjk part of
+    the auto-hinter, which are now fixed.
+  - The `FT_Sfnt_Tag' enumeration values have been changed to
+    uppercase,  e.g.  `FT_SFNT_HEAD'. The lowercase variants
+    are deprecated. This is for orthogonality with all other
+    enumeration (and enumeration-like) values in FreeType.
+  - `cmake' now supports builds of FreeType as an OS X framework
+    and for iOS.
+  - Improved project files for vc2010,
+    introducing a property file
+  - The documentation generator for the API reference has been
+    updated to produce  better HTML code (with proper  CSS).
+    At the same time, the documentation got a better structure.
+  - The FT_LOAD_BITMAP_CROP flag is obsolete; it is not used
+    by any driver.
+  - The TrueType DELTAP[123] bytecode instructions now work in
+    subpixel hinting mode as described in the ClearType
+    whitepaper (i.e., for touched points in the
+    non-subpixel direction).
+  - Many small improvements to the internal arithmetic routines.
+- Rebase don-t-mark-libpng-as-required-library.patch,
+  bugzilla-308961-cmex-workaround.patch, freetype2-subpixel.patch,
+  freetype2-bitmap-foundry.patch and overflow.patch
+- Add freetype2-2.5.3-fix-pcf.patch from upstream to resolve
+  http://savannah.nongnu.org/bugs/?43774, "Freetype 2.5.4 does not
+  load ungzipped PCF fonts"
+
libpng16
+- security update
+- added patches
+  CVE-2019-7317 [bsc#1124211]
+  + libpng16-CVE-2019-7317.patch
+
+- asan_build: build ASAN included
+- debug_build: build more suitable for debugging, install pngcp
+- usecase example: [bsc#1121624]
+
+- security update:
+  * CVE-2018-13785 [bsc#1100687]
+    + libpng16-CVE-2018-13785.patch
+
+- check with -j1
+
+- Fix SRPM group and grammar issues.
+
+- removed obsoleted Obsoletes
+
+- update to 1.6.34:
+  * Removed contrib/pngsuite/i*.png; some of these were incorrect
+    and caused test failures.
+- includes 1.6.33:
+  * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
+    missing parenthesis in contrib/pngminus/pnm2png.c
+  * Fixed off-by-one error in png_do_check_palette_indexes()
+  * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
+    to fix shortlived oss-fuzz issue 3234.
+  * Compute a larger limit on IDAT because some applications write
+    a deflate buffer for each row
+  * Use current date (DATE) instead of release-date (RDATE) in last
+    changed date of contrib/oss-fuzz files.
+  * Enabled ARM support in CMakeLists.txt
+  * Fixed incorrect typecast of some arguments to png_malloc() and
+    png_calloc() that were png_uint_32 instead of png_alloc_size_t
+  * Use pnglibconf.h.prebuilt when building for ANDROID with cmake
+  * Initialize memory allocated by png_inflate to zero, using
+    memset, to stop an oss-fuzz "use of uninitialized value"
+    detection in png_set_text_2() due to truncated iTXt or zTXt
+    chunk.
+  * Initialize memory allocated by png_read_buffer to zero, using
+    memset, to stop an oss-fuzz "use of uninitialized value"
+    detection in png_icc_check_tag_table() due to truncated iCCP
+    chunk.
+  * Removed redundant tests
+  * Added an interlaced version of each file in contrib/pngsuite.
+  * Relocate new memset() call in pngrutil.c
+  * Add support for loading images with associated alpha in the
+    Simplified API
+  * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32
+    state
+  * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
+  * Add end_info structure and png_read_end() to the libpng fuzzer
+- includes 1.6.32:
+  * Avoid possible NULL dereference in png_handle_eXIf when
+    benign_errors are allowed. Avoid leaking the input buffer
+    "eXIf_buf".
+  * Eliminated png_ptr->num_exif member from pngstruct.h and added
+    num_exif to arguments for png_get_eXIf() and png_set_eXIf().
+  * Added calls to png_handle_eXIf(() in pngread.c and
+    png_write_eXIf() in pngwrite.c, and made various other fixes
+    to png_write_eXIf().
+  * Changed name of png_get_eXIF and png_set_eXIf() to
+    png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid
+    breaking API compatibility with libpng-1.6.31.
+  * Updated contrib/libtests/pngunknown.c with eXIf chunk.
+  * Initialized btoa[] in pngstest.c
+  * Stop memory leak when returning from png_handle_eXIf() with an
+    error
+  * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
+  * Update libpng.3 and libpng-manual.txt about eXIf functions.
+  * Restored png_get_eXIf() and png_set_eXIf() to maintain API
+    compatability.
+  * Removed png_get_eXIf_1() and png_set_eXIf_1().
+  * Check length of all chunks except IDAT against user limit to
+    fix an OSS-fuzz issue (Fixes CVE-2017-12652)
+  * Check length of IDAT against maximum possible IDAT size,
+    accounting for height, rowbytes, interlacing and zlib/deflate
+    overhead.
+  * Restored png_get_eXIf_1() and png_set_eXIf_1(), because
+    strlen(eXIf_buf) does not work (the eXIf chunk data can
+    contain zeroes).
+  * Revised symlink creation, no longer using deprecated cmake
+    LOCATION feature
+  * Fixed five-byte error in the calculation of IDAT maximum
+    possible size.
+  * Moved chunk-length check into a png_check_chunk_length()
+    private function
+  * Moved bad pngs from tests to contrib/libtests/crashers
+  * Moved testing of bad pngs into a separate
+    tests/pngtest-badpngs script
+  * Added the --xfail (expected FAIL) option to pngtest.c. It
+    writes XFAIL in the output but PASS for the libpng test.
+  * Require cmake-3.0.2 in CMakeLists.txt
+  * Fix "const" declaration info_ptr argument to png_get_eXIf_1()
+    and the num_exif argument to png_get_eXIf_1()
+  * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
+  * Added huge_IDAT.png and empty_ancillary_chunks.png to
+    testpngs/crashers.
+  * Make pngtest --strict, --relax, --xfail options imply -m
+    (multiple).
+  * Removed unused chunk_name parameter from png_check_chunk_length().
+  * Relocated setting free_me for eXIf data, to stop an OSS-fuzz'
+    leak.
+  * Initialize profile_header[] in png_handle_iCCP() to fix
+    OSS-fuzz issue.
+  * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix
+    OSS-fuzz UMR.
+  * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
+  * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(),
+    to account for the minimum 'deflate' stream, and relocate the
+    test to a point after the keyword has been read.
+  * Check that the eXIf chunk has at least 2 bytes and begins with
+    "II" or "MM".
+  * Added a set of "huge_xxxx_chunk.png" files to
+    contrib/testpngs/crashers, one for each known chunk type, with
+    length = 2GB-1.
+  * Check for 0 return from png_get_rowbytes() and added some
+    (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity
+    issues (162705, 162706, and 162707).
+  * Renamed chunks in contrib/testpngs/crashers to avoid having
+    files whose names differ only in case; this causes problems with
+    some platforms
+  * Added contrib/oss-fuzz directory which contains files used by
+    the oss-fuzz project
+- cleanup with spec-cleaner
+
+- update to 1.6.31:
+  * Guard the definition of _POSIX_SOURCE in pngpriv.h.
+  * Revised pngpriv.h to work around failure to compile
+    arm/filter_neon.S.
+  * Added "Requires: zlib" to libpng.pc.in.
+  * Added special case for FreeBSD in arm/filter_neon.S.
+  * Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent
+    possible integer overflow.
+  * Added eXIf chunk support.
+- remove upstreamed
+  0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
+
+- Drop png-version-info-only.patch, it has no effect after applying
+  0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
+  Both patches achieve the same, prefer the upstream version
+
+- Add 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
+  Fix build on ARM
+
+- png-version-info-only.patch: fix missing PNG_VERSION_INFO_ONLY check
+
+- update to 1.6.30:
+  Revised documentation of png_get_error_ptr() in the libpng manual.
+  Document need to check for integer overflow when allocating a pixel
+    buffer for multiple rows in contrib/gregbook, contrib/pngminus,
+    example.c, and in the manual (suggested by Jaeseung Choi). This
+    is similar to the bug reported against pngquant in CVE-2016-5735.
+  Check for integer overflow in contrib/visupng and contrib/tools/genpng.
+  Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
+  Avoid writing an empty IDAT when the last IDAT exactly fills the
+    compression buffer (bug report by Brian Baird).  This bug was
+    introduced in libpng-1.6.0.
+  Add a reference to the libpng.download site in README.
+
+- update to 1.6.29:
+  Moved SSE2 optimization code into the main libpng source directory.
+    Configure libpng with "configure --enable-intel-sse" or compile
+    libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
+  Added code for PowerPC VSX optimisation (Vadim Barkov).
+  Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
+
+- update to 1.6.28: fix build issues
+
+- update to 1.6.27: fixes CVE-2016-10087
+
+- update to 1.6.26:
+  Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
+    bugfix by John Bowler).
+  Do not issue a png_error() on read in png_set_pCAL() because
+    png_handle_pCAL has allocated memory that libpng needs to free.
+  Issue a png_benign_error instead of a png_error on ADLER32 mismatch
+    while decoding compressed data chunks.
+  Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
+    pngrutil.c.
+  If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
+    ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
+  Issue png_benign_error() on ADLER32 checksum mismatch instead of
+    png_error().
+  Updated the documentation about CRC and ADLER32 handling.
+  Fixed offsets in contrib/intel/intel_sse.patch
+  Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
+    to avoid a signed/unsigned compare in the preprocessor.
+  Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
+    optionally avoid ADLER32 evaluation.
+
+- update to 1.6.25:
+  Reject oversized iCCP profile immediately.
+  Conditionally compile png_inflate().
+  Don't install pngcp; it conflicts with pngcp in the pngtools package.
+  Added MIPS support (Mandar Sahastrabuddhe <
+
+- update to 1.6.24:
+  Avoid potential overflow of the PNG_IMAGE_SIZE macro.
+  Correct filter heuristic overflow handling.
+  Use a more efficient absolute value calculation on SSE2.
+  Added pngcp.
+  etc. see ANNOUNCE
+
+- Update to new upstream release 1.6.23
+  * Fixes a potential memleak in png_set_tRNS.
+  * Fixed the progressive reader to handle empty first IDAT
+    chunk properly.
+  * Added tests in pngvalid.c to check zero-length IDAT chunks
+    in various positions.
+  * Fixed the sequential reader to handle these more robustly.
+  * Corrected progressive read input buffer in pngvalid.c.
+  * Moved sse2 prototype from pngpriv.h to
+    contrib/intel/intel_sse.patch.
+  * Fixed undefined behavior in png_push_save_buffer().
+    Do not call memcpy() with a null source, even if count is zero.
+  * Fixed bad link to RFC2083 in png.5.
+
+- update to 1.6.22:
+  Added a png_image_write_to_memory() API and a number of assist macros
+    to allow an application that uses the simplified API write to bypass
+    stdio and write directly to memory.
+  Relaxed limit checks on gamma values in pngrtran.c. As suggested in
+    the comments gamma values outside the range currently permitted
+    by png_set_alpha_mode are useful for HDR data encoding.  These values
+    are already permitted by png_set_gamma so it is reasonable caution to
+    extend the png_set_alpha_mode range as HDR imaging systems are starting
+    to emerge.
+  Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
+    were accidentally removed from libpng-1.6.17.
+  Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
+    (Robert C. Seacord).
+  Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
+  SSE filter speed improvements for bpp=3:
+    memcpy-free implementations of load3() / store3().
+  Added PNG_FAST_FILTERS macro (defined as
+    PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
+
+- Update to new upstream release 1.6.21
+  * Widened the 'limit' check on the internally calculated error limits in
+  the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
+  checks) and changed the check to only operate in non-release builds
+  (base build type not RC or RELEASE.)
+  * Fixed undefined behavior in pngvalid.c, undefined because
+  (png_byte) << shift is undefined if it changes the signed bit
+  (because png_byte is promoted to int). The libpng exported functions
+  png_get_uint_32 and png_get_uint_16 handle this.
+
+- update to 1.6.20:
+  Avoid potential pointer overflow/underflow in png_handle_sPLT() and
+    png_handle_pCAL() (Bug report by John Regehr).
+  Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
+    not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
+    vulnerability.
+  Backported tests from libpng-1.7.0beta69.
+  Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
+    American Fuzzy Lop, reported by Brian Carpenter.  inflate() doesn't
+    immediately fault a bad CMINFO field; instead a 'too far back' error
+    happens later (at least some times).  pngfix failed to limit CMINFO to
+    the allowed values but then assumed that window_bits was in range,
+    triggering an assert. The bug is mostly harmless; the PNG file cannot
+    be fixed.
+  In libpng 1.6 zlib initialization was changed to use the window size
+    in the zlib stream, not a fixed value. This causes some invalid images,
+    where CINFO is too large, to display 'correctly' if the rest of the
+    data is valid.  This provides a workaround for zlib versions where the
+    error arises (ones that support the API change to use the window size
+    in the stream).
+
+- update to 1.6.19:
+  Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
+  Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
+  Fixed the recently reported 1's complement security issue.
+  Fixed png_save_int_32 when int is not 2's complement by replacing
+    the value that is illegal in the PNG spec, in both signed and
+    unsigned values, with 0.
+  etc., see ANNOUNCE and CHANGES for details
+- removed: libpng-rgb_to_gray-checks.patch (upstreamed)
+
+- drop unknown configure switch
+
+- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c.
+  + libpng-rgb_to_gray-checks.patch
+
+- updated to 1.6.17:
+  Corrected the width limit calculation in png_check_IHDR().
+  Removed user limits from pngfix. Also pass NULL pointers to
+    png_read_row to skip the unnecessary row de-interlace stuff.
+  Implement previously untested cases of libpng transforms in pngvalid.c
+  Fixed byte order in 2-byte filler, in png_do_read_filler().
+  Made the check for out-of-range values in png_set_tRNS() detect
+    values that are exactly 2^bit_depth, and work on 16-bit platforms.
+  Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
+  Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
+    pngset.c to avoid warnings about dead code.
+  Do not build png_product2() when it is unused.
+  Display user limits in the output from pngtest.
+  Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
+    and 1-million-row default limits in pnglibconf.dfa, that can be reset
+    by the user at build time or run time.  This provides a more robust
+    defense against DOS and as-yet undiscovered overflows.
+  Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
+  Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
+  Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
+    of png.h.
+  Free the unknown_chunks structure even when it contains no data.
+  Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
+    value was wrong.  It's not clear if this affected the final stored
+    value; in the obvious code path the upper and lower 8-bits of the
+    alpha value were identical and the alpha was truncated to 8-bits
+    rather than dividing by 257 (John Bowler).
+
+- build with PNG_SAFE_LIMITS_SUPPORTED [bnc#912076], [bnc#912929]
+
+- updated to 1.6.16:
+  * Restored a test on width that was removed from png.c at libpng-1.6.9
+    (Bug report by Alex Eubanks).
+  * Fixed an overflow in png_combine_row with very wide interlaced images.
+
+- updated to 1.6.15:
+  * Avoid out-of-bounds memory access in png_user_version_check().
+  * Fixed incorrect handling of the iTXt compression.
+  * Free all allocated memory in pngimage.
+  * Fixed array size calculations to avoid warnings.
+  etc. see ANNOUNCE
+
libsndfile
+- Fix heap buffer overflow in flac_buffer_copy (CVE-2021-4156,
+  bsc#1194006):
+  libsndfile-CVE-2021-4156.patch
+
+- Fix heap buffer overflow vulnerability in msadpcm_decode_block
+  (CVE-2021-3246, bsc#1188540):
+  ms_adpcm-Fix-and-extend-size-checks.patch
+
+- Fix segfault in wav conversion due to the invalid loop count
+  (CVE-2018-19758, bsc#1117954):
+  libsndfile-wav-loop-count-fix.patch
+
+- Fix buffer overflow in sndfile-deinterleave, which isn't really a
+  security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
+  CVE-2018-19432):
+  sndfile-deinterlace-channels-check.patch
+
+- Use license file tag
+
+- Fix potential overflow in d2alaw_array() (CVE-2017-17456,
+  bsc#1071777):
+  libsndfile-CVE-2017-17456-alaw-range-check.patch
+- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
+  bsc#1071767):
+  libsndfile-CVE-2017-17457-ulaw-range-check.patch
+
+- Fix VUL-0: divide-by-zero error exists in the function
+  double64_init() in double64.c (CVE-2017-14634, bsc#1059911):
+  0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
+- Tentative fix for VUL-0: out of bounds read in the function
+  d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and
+  VUL-0: out of bounds read in the function d2ulaw_array() in
+  ulaw.c (CVE-2017-14246, bsc#1059913):
+  0031-sfe_copy_data_fp-check-value-of-max-variable.patch
+
+- Fix Heap-based Buffer Overflow in the psf_binheader_writef
+  (CVE-2017-12562, bsc#1052476):
+  0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
+
+- Fix out-of-bounds read memory access in the aiff_read_chanmap()
+  (CVE-2017-6892, bsc#1043978):
+  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
+
+- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363
+  CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946
+  bsc#1036943):
+  0001-FLAC-Fix-a-buffer-read-overrun.patch
+  0002-src-flac.c-Fix-a-buffer-read-overflow.patch
+
+- Update to version 1.0.27:
+  * Fix a seek regression in 1.0.26
+  * Add metadata read/write for CAF and RF64
+  * FIx PAF endian-ness issue
+- Update to version 1.0.28
+  * Fix buffer overruns in FLAC and ID3 handling code
+  (CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
+  * Reduce default header memory requirements
+  * Fix detection of Large File Support for 32 bit systems.
+- Obsoleted patch:
+  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+
+- Fix spec file to enable builds on non opensuse OS
+
+- Update to version 1.0.26:
+  * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
+  * Add ALAC/CAF support. Minor bug fixes and improvements.
+- Refreshed patches:
+  sndfile-ocloexec.patch
+  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+- Removed obsoleted patches:
+  libsndfile-example-fix.diff
+  libsndfile-fix-header-read-CVE-2015-7805.patch
+  libsndfile-paf-zero-division-fix.diff
+  libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
+  libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
+  sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
+  sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
+
+- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516)
+  libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
+  libsndfile-fix-header-read-CVE-2015-7805.patch
+- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519)
+  libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
+- Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro
+
+- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
+  libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
+
+- Cleanup spec file with spec-cleaner
+- Add gpg signature
+- Remove old ppc provides/obsoletes
+
+- VUL-0: two buffer read overflows in sd2_parse_rsrc_fork()
+  (CVE-2014-9496, bnc#911796): backported upstream fix patches
+  sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
+  sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
+
openslp
+- Implement automatic active discovery retries so that DAs do
+  not get dropped if they are not reachable for some time
+  [bnc#1166637] [bnc#1184008]
+  new patch: openslp.unicastactivediscovery.diff
+
+- Add missing group(daemon) prerequires to the openslp-server
+  package [bnc#1165050]
+- Add missing openslp requires to the openslp-server package
+  [bnc#1165121]
+
+- Add missing zlib build dependency, which used to be pulled in
+  by libopenssl-devel. The package fails to build since the openssl
+  upgrade to 1.1.1 (bsc#1149792)
+
+- Use tcp connects to talk with other DAs [bnc#1117969]
+  new patch: openslp.tcpknownda.diff
+- Fix segfault in predicate match if a registered service has
+  a malformed attribute list [bnc#1136136]
+  new patch: openslp.nullattr.diff
+
+- Fix memory corruption when the sendbuf gets reallocated
+  [bnc#1090638] [CVE-2017-17833]
+  new patch: openslp.sendbuf_move.diff
+- Fix out of bounds reads in message parsing
+  new patch: openslp.parseoob.diff
+
+- move systemd notification before the chroot() call, otherwise
+  the notify function cannot reach systend's unix domain socket
+  [bnc#1089097]
+
+- Use %license (boo#1082318)
+- fix slpd using the peer address as local address for TCP
+  connections [bnc#1076035]
+  new patch: openslp.localaddr.diff
+- use tcp connections for unicast requests [bnc#1080964]
+  new patch: openslp.tcpunicast.diff
+
+- add separate source openslp.logrotate.systemd to
+  use systemctl reload for logrotate configuration
+
+- Add support for OpenSSL 1.1. Commit from upstream [bsc#1042665]
+  new patch: openslp.openssl-1.1.diff
+
+- Also update openslp.sd_notify.diff to use the new systemd lib
+
+- Replace pkgconfig(libsystemd-*) with pkgconfig(libsystemd)
+  Nowadays pkgconfig(libsystemd) replaces all libsystemd-* libs, which
+  are obsolete.
+
+- Fix bounds check in SLPFoldWhiteSpace
+  [bnc#1001600] [CVE-2016-7567]
+  new patch: openslp.foldws.diff
+
+- remove convenience code as changes bytes in the message
+  buffer breaking the verification code [bnc#994989]
+  new patch: openslp.noconvenience.diff
+- fix storage handling in predicate code, it clashed with gcc's
+  fortify_source extension [bnc#909195]
+  new patch: openslp.predicatestorage.diff
+- bring back allowDoubleEqualInPredicate option
+  new patch: openslp.doubleequal.diff
+- fix bug in openslp.initda.diff patch
+- fix rcopenslp helper
+- fix _xrealloc not checking the malloc return value
+  [bnc#980722] [CVE-2016-4912]
+  new patch: openslp.xrealloc.diff
+
+- Do not depend on fillup and insserv if the package build with
+  systemd support; the dependencies are not needed in that case
+