atheme-7.2.9-bp150.1.3

- Rename the tools dbverify and ecdsakeygen with an "atheme-"
  prefix. This is possible since they do not appear to get invoked
  by the server, but only by the user.

- Update to new upstream release 7.2.8
  * Close a memory leak that could be exploited by attackers to
    potentially cause a denial of service.
    [CVE-2017-6384, boo#1027614]
- Update to new upstream release 7.2.9
  * Fixing use after free that could potentially be used by an
    attacker already having the privilege to use SASL impersonation
    to cause a denial of service.

- Update to new upstream release 7.2.7
  * NickServ:
  * Make `VHOST` set cloak assigner and timestamp the same way
    HostServ does
  * Make `INFO` call the `user_info_noexist` hook for queries
    that don't match an account
  * Make `REGAIN` log you in if successful.
  * ChanServ:
  * Add a `$server:` exttarget accepting server masks
  * Add `PUBACL` flag which allows the channel access to be public.
  * Don't allow `DEOP` or `KICK` of a services bot.
  * Don't try to expand extbans in various commands.
  * Allow users with +O or +V flags to op/voice themselves, since
    they can regain op/voice by cycling the channel anyway.
- +e added to chanserv{} templates and founder_flags
- Remove 0001-Do-not-copy-more-bytes-than-were-allocated.patch
  and 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch
  (applied upstream)
- Abort installation if user/group cannot be created

- Update to new upstream release 7.2.6
  * avoid potential NULL dereference in language code
  * Add NOPASSWORD criterion to nickserv/list helpfile
  * new nickserv/list criterion VACATION
- Add 0001-Do-not-copy-more-bytes-than-were-allocated.patch
  [CVE-2016-4478]
- Add 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch
  [CVE-2014-9773, boo#978170]
- Add atheme-serno.diff, a build fix

- Update to new upstream release 7.2.5
  * pbkdf2v2: Newer module implementing PBKDF2-HMAC digest scheme

- Update to new upstream release 7.2.1
  * NickServ:
  * Make `VHOST` set cloak assigner and timestamp the same way HostServ does
  * Make `INFO` call the `user_info_noexist` hook for queries that don't match an account
  * Make `REGAIN` log you in if successful.
  * Allow implementing custom filters for `LIST`
  * nickserv/multimark: new module which allows multiple MARK entries per nickname.
  * ChanServ:
  * Add a `$server:` exttarget accepting server masks
  * Add `PUBACL` flag which allows the channel access to be public.
  * Don't allow `DEOP` or `KICK` of a services bot.
  * Don't try to expand extbans in various commands.
  * Allow users with +O or +V flags to op/voice themselves, since they can regain op/voice
  by cycling the channel anyway.
  * chanserv/clear_akicks: new module providing a `CLEAR AKICKS` command.

- Remove atheme-config.diff and provide a fresh minimal config
  instead. Update the config to match charybdis's.

- Update to new upstream release 7.1.0
  * ngircd: New protocol module.
  * nefarious: Add Nefarious 2 SASL support.
  * nefarious: Send account timestamp in svslogin.
  * elemental-ircd: New protocol module.
  * dreamforge: Remove protocol module.
  * inspircd: Add support for server-side MLOCK and TOPICLOCK enforcement
  * inspircd: Add support for matching extbans modifying matching logic
  * inspircd: Add +H to channel modes
  * inspircd: Add +X and +w to list-like mode list
  * ircd-seven: Support charybdis extension cmodes on ircd-seven as well.
  * ts6-generic: Add support for serverinfo::hidden
  * unreal: Add support for extbans.
  * unreal: Add cmode +P for permanent channel.
- Remove 0001-build-resolve-compile-warning-in-servtree.c.patch
  (merged upstream)
- Delete sysvinit support (keeping the `rcatheme` shortcut, though)

- Update to new upstream release 7.0.7
  * saslserv/{dh-aes,dh-blowfish}: avoid possible buffer overflow
  with untrusted input size
  * saslserv/dh-blowfish: generate a new keypair (but not a new
  prime) for each authentication session
  * saslserv/dh-blowfish: avoid generating DH parameters on each
  mech_start().
  * Use hostname for flood klines if IP isn't set, for example on
  auth-spoofed users

- Update to new upstream release 7.0.6
  * chanfix: Restrict registering scored channels
  * memoserv/delete: Only accept numeric indexes
- Add 0001-build-resolve-compile-warning-in-servtree.c.patch

- Update to new upstream release 7.0.5
  * ircd/unreal: fix memory corruption caused by strlcpy() against
  a strshare-managed string
  * ircd/ircd-seven: support charybdis's extension channel modes
  * chanserv/sync: sync a channel on account registration. This
  allows exttargets like $registered to react to new account
  registrations.
  * chanserv/main: send MLOCK after a TS change, otherwise it
  will be lost.
  * chanserv/flags: allow users with +f and +o (+v) to set +/-O and
  +/-V on themselves.
  * chanserv/main: respect founder_flags config setting during
  channel succession
- Add atheme-nodate.diff which removes __DATE__ from source

- Fix useradd invocation: -o is useless without -u and newer
  versions of pwdutils/shadowutils fail on this now.

- Update to new upstream release 7.0.2
  * new "dbverify" utility to perform extensive and complicated
  consistency checks on the object store
  * channel locking updates for inspircd and charybdis
  * SASL support for unrealircd
  * many more changes, see "NEWS" file in the package

- Update to new upstream release 6.0.10
  * ircd/charybdis: send messages to channels even if we're not on it from the bots themselves.
  * ircd/unrealircd: reset +x if a vhost is removed.
  * ircd/inspircd: reset +x if a vhost is removed and track whether or not m_cloaking is loaded.
  * nickserv: ensure certfp resources are released when an account object is destroyed
  * bugs fixed in this release - SRV-148, SRV-160, SRV-166

- Update to new upstream release 6.0.9
  * ircd/inspircd: Fix end-of-burst detection.
  * ircd/ts6: Mark +S services as UF_IMMUNE.
  * ircd/p10: Recognize umode +k as providing kick immunity.
  * ircd/plexus: Fix real hostname showing up as vhost.
  * backend/opensex: Cleanly handle no OpenSEX DB existing on startup

- change license to be in spdx.org format

- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build

- enable LDAP backend
- update to version 6.0.8
  * inspircd: Support for owner, halfops and admin are now dynamically
  enabled by what modes exist instead of being enabled by what
  modules you have loaded in inspircd.
  * support for InspIRCd 1.1, OfficeIRC and UltimateIRCd 3 has been
  removed.
  * opensex is now the required database format. All flatfile will do
  is convert your flatfile database to opensex and exit.
  * converted many modules that use external databases to using
  opensex.
- add Requires for pwdutils

- update to version 5.0.1+4628

- update to 2.2.0
  many fixes see /usr/share/doc/packages/atheme/RELEASE

- Update to release 7.2.12
  * Fix CVE-2022-24976 [boo#1195989]
  * Track SASL login EID

- Redownload atheme-services-v7.2.11.tar.xz
  because they changed it

- Update to release 7.2.11
  * Add a preliminary Turkish translation
  * Add HMAC-MD5 verify-only support to crypto/pbkdf2v2
  * modules/chanserv/akick: fix unload crash with akicks that
    have timeouts
  * modules/nickserv/multimark: use IRC case canonicalisation
    for restored nicks
  * modules/nickserv/multimark: forbid unloading due to the
    potential for data loss
  * CA_ constants: include CA_EXEMPT (+e) where appropriate
- Drop atheme-serno.diff (no longer applies)

- Fix misuse of %_libexecdir for /usr/lib/tmpfiles
  [boo#1174075]

- Update to new upstream release 7.2.10.r2
  * Fix potential NULL dereference in modules/crypto/posix.
  * Bump E-Mail address maximum length to 254 characters.
  * Use flags setter information in modules/chanserv/access &
    modules/chanserv/flags.
  * Fix issue where modules/misc/httpd was not closing its
    listening socket on deinit.
  * Fix GroupServ data loss issue when a group was the founder of
    another group.