lxc-2.0.9-bp150.5.6.1

- 0001-utils-add-LXC_PROC_PID_FD_LEN.patch: prerequisite for applying the
  next patch
- 0001-lxc-user-nic-verify-file-descriptor-stable-2.0.patch: fix information
  leak and possible open() side effects accessible to regular users via
  lxc-user-nic (bsc#988348, CVE-2018-6556)

- Add upstream patch to fix container start up problems when AppArmor
  is enabled (boo#1099239)
  * 0001-apparmor-Allow-usr-lib-paths-for-mount-and-pivot_roo.patch

- update to version 2.0.9
  Bugfixes:
  * apparmor: Allow containers to start in AppArmor namespaces
  * apparmor: Drop useless apparmor denies
  * caps: Move ifndef/define to the top
  * cgfsng: Fail when limits fail to apply
  * cgfsng: Log when we defer to cgfsng
  * cgfsng: Only output debug info when we set cgroup data
  * cgroups: Handle hybrid cgroup layouts
  * cgroups: Use tight scoping
  * cgroups: Workaround gcc-7 bug
  * commands: Abstract cmd socket handling + logging
  * commands: Add missing translation
  * commands: Delete meaningless comments
  * commands: Handle EINTR
  * commands: Make state server interface flexible
  * commands: Move lxc_make_abstract_socket_name()
  * commands: Rename to lxc_cmd_add_state_client()
  * commonds: Fix typo
  * conf: Adapt to lxc-user-nic usage
  * conf: Add lxc_get_idmaps()
  * conf: Add userns_exec_full()
  * conf: Allow to clear all config items
  * conf: Allow to get lxc.autodev
  * conf: Allow to get lxc.haltsignal
  * conf: Allow to get lxc.kmsg
  * conf: Allow to get lxc.rebootsignal
  * conf: Allow to get lxc.stopsignal
  * conf: Allow writing uid mappings with euid != 0
  * conf: Avoid double-frees in userns_exec_1()
  * conf: Clear lxc.include
  * conf: Do not check for empty value twice
  * conf: Do not check union on wrong net type
  * conf: Do not deref null pointer
  * conf: Do not free static memory
  * conf: Do not log uninitialized memory
  * conf: Do not write out trailing spaces
  * conf: Don't send ttys when none are configured
  * conf: Dump lxc_get_config_item()
  * conf: Error out on too many mappings
  * conf: Fix bionic builds
  * conf: Fix build without libcap
  * conf: Fix tty creation
  * conf: Fix userns_exec_1()
  * conf: Free netdev->downscript
  * conf: Implement config item clear callback
  * conf: Improve lxc_map_ids()
  * conf: Improve tty shifting function
  * conf: Improve write_id_mapping()
  * conf: Increase lxc-user-nic buffer
  * conf: Log lxc-user-nic output
  * conf: lxc_listconfigs -> lxc_list_config_items
  * conf: Move clearing config items into one place
  * conf: Non-functional changes
  * conf: NOTICE() on mounts on container's /dev
  * conf: Performance tweaks
  * conf: Preserve newlines
  * conf: Properly parse lxc.idmap entries
  * conf: Record idmap that gets written
  * conf: Refactoring of most config parsing code
  * conf: Refactor network deletion
  * conf: Remove dead assignments in parse_idmaps()
  * conf: Remove dead mount code
  * conf: Rework lxc_map_ids()
  * conf: Rework userns_exec_1()
  * conf: Send ttys in batches of 2
  * conf: Switch API to new callback system
  * conf: Use a minimal {g,u}id map
  * conf: Use correct check on char array
  * conf: Use run_command for lxc-usernsexec
  * console: Clean tty state + return 0 on peer exit
  * console: DO NOT add the handles of adjust winsize when the 'stdin' is not a tty
  * console: Fix memory leak of 'lxc_tty_state'
  * console: Remove dead assignments
  * core: Do remount with the MS_REMOUNT flag when mounts with MS_RDONLY
  * core: Fix a format string build failure on x32
  * core: Fix includes for Android
  * core: Fix memory and resource leak
  * core: Fix some cppcheck warnings
  * core: Fix the bug of 'ts->stdoutfd' did not fill with parameters 'stdoutfd'
  * core: Include custom mntent for Android
  * core: Log function called in userns_exec_1()
  * core: Remove the __func__ macro
  * core: Remove the unused macro
  * core: Replace "priority" with "level"
  * core: Revert "Add a prefix to the lxc.pc"
  * core: root -> am_root
  * core: struct bdev -> struct lxc_storage
  * core: Update .gitignore
  * core: Use strerror(errno) instead of %m
  * criu: Add cmp_version()
  * criu: Use correct check initialization check
  * doc: Add CII Best Practices badge to README
  * doc: Add console behavior to Japanese lxc.container.conf(5)
  * doc: Document missing env variables
  * doc: Fix regex-typo in Japanese and Korean lxc-monitor(1)
  * doc: Fix regex-typo in lxc-monitor.sgml.in
  * doc: Reword id mapping restrictions when unpriv
  * doc: Rework README
  * doc: Tweak Japanese lxc.container.conf(5)
  * doc: Tweak lxc.container.conf a little
  * doc: Untabify Japanese lxc.container.conf(5)
  * doc: Update API documentation for get_config_item
  * execute: Enable console & standard /dev symlinks
  * init: Add comment for exclude 32 and 33 signals
  * init: Adjust include statements
  * init: Become session leader
  * init: Move initialization of act to outside of the loop
  * init: Report exec*() failure
  * init: Use lxc-stop to stop systemd service
  * liblxc: Make sure memory is free()ed
  * liblxc: Only spawn monitord on demand
  * liblxc: Remove 5s timeout on error
  * liblxc: Use snprintf()
  * liblxc: Use userns_exec_full()
  * lock: Non-functional changes
  * lock: Return the right error when open lock file failed
  * log: Prevent stack smashing
  * log: Switch to a new lxc_log_init function
  * monitor: Abstract lxc_abstract_unix_{send,recv}_fd for af_unix
  * monitor: Add lxc_cmd_state_server()
  * monitor: Add TRACE()ers
  * monitor: Delete unneccessory include file
  * monitor: Remove dead assignments
  * monitor: Remove the workaround-code for lxc_abstract_unix_connect
  * monitor: Remove unlink operation for af_unix
  * network: Add arg to config clear method
  * network: Add data arg to set callback
  * network: Add ifindex field for host veth device
  * network: Add lxc_log_configured_netdevs()
  * network: Add missing checks for empty links
  * network: Add network counter
  * network: Add warning when ignoring MTU
  * network: Clear ifindeces
  * network: Delete ovs for unprivileged networks
  * network: Document all fields in struct lxc_netdev
  * network: Don't delete net devs we didn't create
  * network: Fix grammar
  * network: Implement lxc_get_netdev_by_idx()
  * network: Log cleanup thread pid for openswitch
  * network: Log ifindex
  * network: Log ifindex for host side veth device
  * network: Log veth_attr.pair and veth_attr.veth1
  * network: Move config_value_empty() to confile_utils
  * network: Perform network validation at creation time
  * network: Remove allocation from lxc_mkifname()
  * network: Remove dead assignments
  * network: Remove netpipe
  * network: Retrieve correct names and ifindices
  * network: Retrieve the host's veth device ifindex
  * network: Rework network creation
  * network: Send ifindex for unpriv networks
  * network: Stop recording saved physical net devices
  * network: Use correct network device name
  * network: Use send()/recv()
  * network: Use single helper to delete networks
  * network: Use static memory for net device names
  * openvswitch: Delete ports intelligently
  * seccomp: Export the seccomp filter after load it into kernel successful
  * seccomp: Print action name in log
  * seccomp: s/n-new-privs/no-new-privs/g
  * seccomp: Update comment for function parse_config
  * start: Add lxc_free_handler()
  * start: Add lxc_init_handler()
  * start: Document all handler fields
  * start: Don't call lxc_map_ids() without id map
  * start: Don't close inherited namespace fds
  * start: Don't let data_sock users close the fd
  * start: Dup std{in,out,err} to pty slave
  * start: Ensure cgroups are cleaned up
  * start: Generalize lxc_check_inherited()
  * start: Log sending and receiving of tty fds
  * start: lxc_setup() after unshare(CLONE_NEWCGROUP)
  * start: Move env setup before container setup
  * start: Pass LXC_LOG_LEVEL to hooks
  * start: Pin rootfs when privileged
  * start: Remove dead variable
  * start: Send state to legacy lxc-monitord state server even if no state clients registered
  * start: Set environment variables correctly
  * start: Switch from SOCK_DGRAM to SOCK_STREAM
  * start: Switch ids at last possible instance
  * start: Use separate socket on daemonized start
  * start: Use userns_exec_full()
  * state: Remove lxc_rmstate declaration
  * storage: Add storage_utils.{c.h}
  * storage: Avoid segfault
  * storage: Default to orig type on identical paths
  * storage: Record output from mkfs.*
  * storage: Rename files "bdev" -> "storage"
  * storage: Use userns_exec_full()
  * storage/dir: Using 'add-required_remount_flags' function to add required flags
  * storage/loop: Detect loop file
  * storage/overlayfs: Fix wrong path
  * storage/overlay: Handle overlay for stable 2.0
  * template: Remove obsolete bind-mounts from userns.conf
  * template: Use "rsync -SHaAX" to copy the cached rootfs into place
  * template/alpine: Add support for ppc64le
  * template/alpine: Change file check to also check file size (-f => -s)
  * template/archlinux: Change locale "en-US.UTF-8" to "en_US.UTF-8"
  * template/centos: Add cronie to the pkg list
  * template/centos: Use altarch mirror for CentOS on arches other than i386 and x86_64
  * template/debian: Add aarch64 -> arm64 mapping
  * template/debian: Add buster as a valid release
  * template/debian: Don't force getty@ configuration
  * template/debian: Use deb.debian.org as the default Debian mirror
  * template/download: Fix syntax error
  * template/download: Sanitize script with shellcheck
  * template/opensuse: Add Tumbleweed as supported release
  * template/opensuse: Fix tumbleweed software selection
  * template/opensuse: getty.target.wants does not always exists
  * template/opensuse: Support leap 42.3
  * template/opensuse: Tumbleweed has no update repo
  * template/plamo: Delete unnecessary process during container shutdown
  * template/ubuntu: Check that there is netplan binary, rather than just just a config directory
  * template/ubuntu: Conditionally move upstart ssh job, as it is now optional
  * template/ubuntu: Support netplan in newer releases by default
  * tests: Adapt lxc-user-nic tests to new syntax
  * tests: Add corner-case tests for lxc_safe_{u}int()
  * tests: Add item clear and config file tests
  * tests: Add test script to test the ro option of lxc.rootfs.options
  * tests: Add unit tests for idmap parser
  * tests: Avoid NULL pointer dereference
  * tests: Compare return value to expected value whenever we can
  * tests: Define a network before checks
  * tests: Don't fail when no processes for the user exist
  * tests: Enforce all methods for config items
  * tests: Remove dead assignments
  * tests: Remove the temp container directory
  * tests: Shortlived daemonized containers
  * tests: Support systemd hybrid cgroups
  * tools: Add additional cgroup checks
  * tools: Print "-devel" when LXC_DEVEL is true
  * tools: Use "which"
  * tools/lxc-attach: Allow for situations without /dev/tty
  * tools/lxc-checkconfig: Add CONFIG_NETFILTER_XT_MATCH_COMMENT
  * tools/lxc-checkconfig: Add probe status checking
  * tools/lxc-execute: Print error message when failed
  * tools/lxc-ls: Return all containers by default
  * tools/lxc-monitord: Exit when receiving a quit command
  * tools/lxc-unshare: Do not pass NULL pointer
  * tools/lxc-user-nic: Add new {create,delete} subcommands
  * tools/lxc-user-nic: Check db before trying to delete
  * tools/lxc-user-nic: Fix adding database entries
  * tools/lxc-user-nic: Fix memleak
  * tools/lxc-user-nic: Free memory and check for error
  * tools/lxc-user-nic: Initialize vars to silence gcc-7
  * tools/lxc-user-nic: Keep lines from other {users,links}
  * tools/lxc-user-nic: Remove delta between master + stable
  * tools/lxc-user-nic: Remove double initialization
  * tools/lxc-user-nic: Rework renaming net devices
  * tools/lxc-user-nic: Simplify logic
  * tools/lxc-user-nic: Test privilege over netns on delete
  * tools/lxc-usernsexec: Remove dead assignments
  * travis: Fix builds
  * utils: Add has_fs_type() + is_fs_type()
  * utils: Add lxc_nic_exists()
  * utils: Add lxc_safe_ulong()
  * utils: Add run_command
  * utils: Close parent end in child process after fork
  * utils: Do not write to 0 sized buffer
  * utils: Duplicate stderr as well in lxc_popen()
  * utils: Fix lxc_mount_proc_if_needed()
  * utils: Fix lxc_popen()/lxc_pclose()
  * utils: Fix mem leak with realpath
  * utils: Fix num parsing functions
  * utils: Fix ppc64le builds
  * utils: Fix the way to detect blocking signal
  * utils: lxc_popen() remove dead assignments
  * utils: Move helpers from cgfsng.c to utils.{c,h}
  * utils: Rework lxc_deslashify()
  * utils: Switch to has_fs_type()
  * utils: Use 1LU otherwise we overflow
  * utils: Use access instead of stat

- removed ldconfig from lxc %post section

- Fix libcap-progs dependency. The 'setcap' binary is located in /sbin
  instead of /usr/sbin but it's best to depend on the actual package
  instead since the location might change in the future.

- removed apparmor-rpm-macros again, as it is not needed for the current %post solution

- removed apparmor-rpm-macros again, as it is not needed for the current %post solution

- added Requires for apparmor-abstractions and BuildRequires for apparmor-rpm-macros to apply the fix for boo#1036360

- added workaround for #bsc1041291 to allow builds on Tumbleweed with gcc7, until this bug in gcc7 is fixed...

- Update to version 2.0.8
  * Security fix for CVE-2017-5985
  * All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users.
  * This may affect some automated environments that were relying on our default (very much insecure) users.
  Bugfixes:
    Make lxc-start-ephemeral Python 3.2-compatible
    Fix typo
    Allow build without sys/capability.h
    lxc-opensuse: fix default value for release code
    util: always malloc for setproctitle
    util: update setproctitle comments
    confile: clear lxc.network..ipv{4,6} when empty
    lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
    Make lxc-net return non-zero on failure
    seccomp: allow x32 guests on amd64 hosts.
    Add HAVE_LIBCAP
    c/r: only supply --ext-mount-map for bind mounts
    Added 'mkdir -p' functionality in create_or_remove_cgroup
    Use LXC_ROOTFS_MOUNT in clonehostname hook
    squeeze is not a supported release anymore, drop the key
    start: dumb down SIGCHLD from WARN() to NOTICE()
    log: fix lxc_unix_epoch_to_utc()
    cgfsng: make trim() safer
    seccomp: set SCMP_FLTATR_ATL_TSKIP if available
    lxc-user-nic: re-order #includes
    lxc-user-nic: improve + bugfix
    lxc-user-nic: delete link on failure
    conf: only try to delete veth when privileged
    Fix lxc-containers to support multiple bridges
    Fix mixed tab/spaces in previous patch
    lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
    lxc-checkconfig: verify new[ug]idmap are setuid-root
    [templates] archlinux: resolve conflicting files
    [templates] archlinux: noneed default_timezone variable
    python3: Deal with potential NULL char*
    lxc-download.in / allow setting keyserver from env
    lxc-download.in / Document keyserver change in help
    Change variable check to match existing style
    tree-wide: include directly
    conf/ile: make sure buffer is large enough
    tree-wide: include directly
    tests: Support running on IPv6 networks
    tests: Kill containers (don't wait for shutdown)
    Fix opening wrong file in suggest_default_idmap
    do not set the root password in the debian template
    do not set insecure passwords
    don't set a default password for altlinux, gentoo, openmandriva and pld
    tools: exit with return code of lxc_execute()
    Keep veth.pair.name on network shutdown
    Makefile: fix static clang init.lxc build
    Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE
    Increased buffer length in print_stats()
    avoid assigning to a variable which is not POSIX shell proof (bug #1498)
    remove obsolete note about api stability
    conf: less error prone pointer access
    conf: lxc_map_ids() non-functional changes
    caps: add lxc_{proc,file}_cap_is_set()
    conf: check for {filecaps,setuid} on new{g,u}idmap
    conf: improve log when mounting rootfs
    ls: simplify the judgment condition when list active containers
    fix typo introduced in #1509
    attach|unshare: fix the wrong comment
    caps: skip file capability checks on android
    autotools: check for cap_get_file
    caps: return false if caps are not supported
    conf: non-functional changes to setup_pts()
    conf: use bind-mount for /dev/ptmx
    conf: non-functional changes
    utils: use loop device helpers from LXD
    create ISSUE_TEMPLATE.md
    cgroups: improve cgfsng debugging
    issue template: fix typo
    conf: close fd in lxc_setup_devpts()
    conf: non-functional changes
    utils: tweak lxc_mount_proc_if_needed()
    Change sshd template to work with Ubuntu 17.04
    conf: order mount options
    conf: add MS_LAZYTIME to mount options
    monitor: report errno on exec() error
    af unix: allow for maximum socket name
    commands: avoid NULL pointer dereference
    commands: non-functional changes
    lxccontainer: avoid NULL pointer dereference
    monitor: simplify abstract socket logic
    precise is not the latest LTS, let's use xenial instead
    fix the wrong exit status
    conf: non-functional changes lxc_fill_autodev()
    conf: remove /dev/console from lxc_fill_autodev()
    conf: non-functional changes lxc_setup()
    conf: non-functional changes to console functions
    conf: improve lxc_setup_dev_console()
    conf: lxc_setup_ttydir_console()
    config: remove /dev/console bind mount
    doc: document console behavior
    utils: add lxc_unstack_mountpoint()
    conf: unstack all mounts atop /dev/console
    console: fail when we cannot allocate peer tty
    start: remove umount2()
    conf: non-functional changes
    utils: handle > 2^31 in lxc_unstack_mountpoint()
    Install systemd units for CentOS
    Merge ubuntu and debiancase
    start: add crucial details about lxc_spawn()
- Deleted patches that have been backported before:
  - 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
  - 0001-tree-wide-include-sys-sysmacros.h-directly.patch
  - 0002-tree-wide-include-sys-sysmacros.h-directly.patch
- added signature verification

- Replace %__cp by cp

- fix for boo#1028264
  added patch 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch

- backported two patches to get the package to build again for Tumbleweed
  (applied only on tumbleweed aka suse_version >1315)
  0001-tree-wide-include-sys-sysmacros.h-directly.patch
  0002-tree-wide-include-sys-sysmacros.h-directly.patch

- all patches (00*.patch) are upstream already, thus deleted; patch lxc-aa_allow_incomplete-default.patch is now reworked and added as a drop-in file in /usr/share/lxc/config/common.conf.d/
  0001-bdev-use-correct-overlay-module-name.patch
  0002-cleanup-tools-remove-name-from-lxc-top-usage-message.patch
  0003-cleanup-whitespaces-in-option-alignment-for-lxc-exec.patch
  0004-Use-full-GPG-fingerprint-instead-of-long-IDs.patch
  0005-tools-move-rcfile-to-the-common-options-list.patch
  0006-tools-set-configfile-after-load_config.patch
  0007-doc-add-rcfile-to-common-opts.patch
  0008-doc-Update-Korean-lxc-attach-1.patch
  0009-doc-Add-rcfile-to-Korean-common-opts.patch
  0010-doc-Add-rcfile-to-Japanese-common-opts.patch
  0011-tools-use-exit-EXIT_-everywhere.patch
  0012-tools-unify-exit-calls-outside-of-main.patch
  0013-utils-Add-mips-signalfd-syscall-numbers.patch
  0014-seccomp-Implement-MIPS-seccomp-handling.patch
  0015-seccomp-Add-mips-and-mips64-entries-to-lxc_config_pa.patch
  0016-seccomp-fix-strerror.patch
  0017-confile-add-more-archs-to-lxc_config_parse_arch.patch
  0018-seccomp-add-support-for-s390x.patch
  0019-seccomp-remove-double-include-and-order-includes.patch
  0020-seccomp-non-functional-changes.patch
  0021-templates-use-fd-9-instead-of-200.patch
  0022-templates-fedora-requires-openssl-binary.patch
  0023-tools-use-boolean-for-ret-in-lxc_device.c.patch
  0024-c-r-use-proc-self-tid-children-instead-of-pidfile.patch
  0025-c-r-Fix-pid_t-on-some-arches.patch
  0026-templates-Add-mips-hostarch-detection-to-debian.patch
  0027-cleanup-replace-tabs-wth-spaces-in-usage-strings.patch
  lxc-aa_allow_incomplete-default.patch
  0001-attach-do-not-send-procfd-to-attached-process.patch

- update to version 2.0.7
  This is the seventh bugfix release for LXC 2.0. The main bugfixes in this release are:
  - attach: Close lsm label file descriptor
  - attach: Non-functional changes
  - attach: Simplify lsm_openat()
  - caps: Add lxc_cap_is_set()
  - conf: attach: Save errno across call to close
  - conf: Clearly report to either use drop or keep
  - conf: criu: Add make_anonymous_mount_file()
  - conf: Fix suggest_default_idmap()
  - configure: Add --enable-gnutls option
  - configure: Check for memfd_create()
  - configure: Check whether gettid() is declared
  - configure: Do not allow variable length arrays
  - configure: Remove -Werror=vla
  - configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
  - conf: Non-functional changes
  - conf: Remove thread-unsafe strsignal + improve log
  - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
  - log: Add lxc_unix_epoch_to_utc()
  - log: Annotate lxc_unix_epoch_to_utc()
  - log: Drop all timezone conversion functions
  - log: Make sure that date is correctly formatted
  - log: Use lxc_unix_epoch_to_utc()
  - log: Use N/A if getpid() != gettid() when threaded
  - log: Use thread-safe localtime_r()
  - lvm: Supress warnings about leaked files
  - lxccontainer: Log failure to send sig to init pid
  - monitor: Add more logging
  - monitor: Close mainloop on exit if we opened it
  - monitor: Improve log + set log level to DEBUG
  - monitor: Log which pipe fd is currently used
  - monitor: Make lxc-monitord async signal safe
  - monitor: Non-functional changes
  - python3-lxc: Fix api_test.py on s390x
  - start: Check for CAP_SETGID before setgroups()
  - start: Fix execute and improve setgroups() calls
  - state: Use async signal safe fun in lxc_wait()
  - templates: lxc-debian: Don't try to get stuff from /usr/lib/systemd on the host
  - templates: lxc-debian: Fix getty service startup
  - templates: lxc-debian: Fix typo in calling dpkg with --print-foreign-architectures option
  - templates: lxc-debian: Handle ppc hostarch -> powerpc
  - templates: lxc-opensuse: Change openSUSE default release to Leap 42.2
  - templates: lxc-opensuse: Remove libgcc_s1
  - templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy
  - templates: lxc-opensuse: Set to be unconfined by AppArmor
  - templates: lxc-opensuse: Update for Leap 42.2
  - tests; Don't cause test failures on cleanup errors
  - tests: Skip unpriv tests on broken overlay module
  - tools: Improve logging
  - tools: lxc-start: Remove c->is_defined(c) check
  - tools: lxc-start: Set configfile after load_config
  - tools: Only check for O_RDONLY
  - tree-wide: Random macro cleanups
  - tree-wide: Remove any variable length arrays
  - tree-wide: Sic semper assertis!
  - utils: Add macro __LXC_NUMSTRLEN
  - utils: Add uid, gid, group convenience wrappers
- commented out the patches, as they no longer apply cleanly

- CVE-2016-8649: lxc: guest escape via ptrace of lxc-attach (bsc#1010933).
  0001-attach-do-not-send-procfd-to-attached-process.patch

- setcap has been moved to /usr/sbin (boo#998326).

- update lxc to 2.0.4
- add 0001-bdev-use-correct-overlay-module-name.patch
- add 0002-cleanup-tools-remove-name-from-lxc-top-usage-message.patch
- add 0003-cleanup-whitespaces-in-option-alignment-for-lxc-exec.patch
- add 0004-Use-full-GPG-fingerprint-instead-of-long-IDs.patch
- add 0005-tools-move-rcfile-to-the-common-options-list.patch
- add 0006-tools-set-configfile-after-load_config.patch
- add 0007-doc-add-rcfile-to-common-opts.patch
- add 0008-doc-Update-Korean-lxc-attach-1.patch
- add 0009-doc-Add-rcfile-to-Korean-common-opts.patch
- add 0010-doc-Add-rcfile-to-Japanese-common-opts.patch
- add 0011-tools-use-exit-EXIT_-everywhere.patch
- add 0012-tools-unify-exit-calls-outside-of-main.patch
- add 0013-utils-Add-mips-signalfd-syscall-numbers.patch
- add 0014-seccomp-Implement-MIPS-seccomp-handling.patch
- add 0015-seccomp-Add-mips-and-mips64-entries-to-lxc_config_pa.patch
- add 0016-seccomp-fix-strerror.patch
- add 0017-confile-add-more-archs-to-lxc_config_parse_arch.patch
- add 0018-seccomp-add-support-for-s390x.patch
- add 0019-seccomp-remove-double-include-and-order-includes.patch
- add 0020-seccomp-non-functional-changes.patch
- add 0021-templates-use-fd-9-instead-of-200.patch
- add 0022-templates-fedora-requires-openssl-binary.patch
- add 0023-tools-use-boolean-for-ret-in-lxc_device.c.patch
- add 0024-c-r-use-proc-self-tid-children-instead-of-pidfile.patch
- add 0025-c-r-Fix-pid_t-on-some-arches.patch
- add 0026-templates-Add-mips-hostarch-detection-to-debian.patch
- add 0027-cleanup-replace-tabs-wth-spaces-in-usage-strings.patch

- Abolish old macro use. Remove ancient %clean section.
  Avoid sh invocation for simple ldconfig calls.

- add lxcfs dependency: lxc relies on lxcfs for a long time now to provide
  container aware /proc files. The /sys/fs/cgroup part is slowly phased out
  because we now have cgroup namespaces.