- mdb_util: enable compact while copying due it deadlock in offline backup.

- fix: rename obsolete systeminfo-license-viewer to
  alterator-application-license
- feat: add componentctl helper script for check, copy and move

- feat: add fallback to legacy license directory for current edition.

- fix: clean unused or absent gnome components
- fix: update typos in component names

- Fixed errors in some components (thx Sergey Savelev).

- Build with special alt-components-base version.

- Complete refactoring: all in one for all products.

- Complete refactoring: update tree to refactored alt-components-base-0.3.0.

- Add static license ALT_Server_License/11.0 synced with latest
  branding-alt-server-notes-11.0-alt12

- Update enum with needed desktops in schemas
- Fix properties definition in object schema

- Replace /usr/share/userpasswd/loop to /usr/bin as default behaviour
- Replace userpasswd-keyring icon to common subpackage

- Rename fusermount to fusermount2 using in control (thx Korney Gedert).

- Added the ability to select the fusermount2/fuserumount2 version using
  alternatives-manual (thx Korney Gedert).

- added the ability to select the fusermount3/fuserumount3 version using
  alternatives by default (thx Korney Gedert) (fixes: 52316).

- Fix: domain edition: component disks renamed to disks-utilities-other.
- Update sections: rename Edition components to Main components.

- Update to maintenance release of Samba 4.20
- Major fixes from upstream (Samba#15780, Samba#15771, Samba#15765, Samba#15778):
  + Increasing slowness of sharesec performance with high number of
    registry shares.
  + Memory leak wbcCtxLookupSid (in samba-4.21.2).
  + Fix heap-user-after-free with association groups.
  + Kerberos referral tickets are generated for principals in our domain if we
    have a trust to a top level domain.

- Build with oldest rpm-build-pyproject and python3-module-pyproject-installer
  (which not support of using default pyproject.toml if it not found).
- Avoid of using special release for python3-module-alterator-entry.

- Rename to alt-components-base (this is common part of alt descriptions).

- Add support distr profile layer
- Add service specific system profile template
- Update obsoletes default user profile during upgrade

- Added support for saving VARIANT and VARIANT_ID identifiers.

- gse_krb5: gain root privilege during get server keytab (thx Ivan Volchenko).
  Fix PAM Winbind kerberos auth requires user access to keytab (Samba#12491).

- Update to latest stable bugfix release:
 + Sudo now passes the terminal device number to the policy plugin even if it
   cannot resolve it to a path name (GitHub#421).
 + On Linux systems, sudo will now attempt to use the symbolic links in
   /proc/self/fd/{0,1,2} when resolving the terminal device number.
 + Fixed the date used by the exit record in sudo-format log files.
   This was a regression introduced in sudo 1.9.16 and only affected
   file-based logs, not syslog (GitHub#405).
 + When a duplicate alias is found in the sudoers file, the warning message now
   includes the file and line number of the previous definition.
 + Sudo no longer sends mail when a user runs "sudo -nv" or "sudo -nl", even
   if "mail_badpass" or "mail_always" are set.

- ALT_Workstation_License: symlink alias to ALT_Product_License

- add support license search in distro-licenses by /etc/os-release

- Fix typo in sss_ec_get_key() for OpenSSL older than 3.0.

- Add postponed restart of sssd services (closes: 52364).

- auth: Don't fallback to NTLMv1 in anonymous connections (thx Ivan Volchenko).
  Disable "not doing NTLM2 without a password" in function
  cli_credentials_get_ntlm_response().

- Update to the 2.9.2 for samba-4.20.6 and later releases

- Update to maintenance release of Samba 4.20
- Major fixes from upstream (Samba#15590, Samba#15692):
  + libldb: performance issue with indexes (ldb 2.9.2 is already released).
  + Missing conversion for msDS-UserTGTLifetime, msDS-ComputerTGTLifetime and
    msDS-ServiceTGTLifetime on "samba-tool domain auth policy modify".
- Error handling fixes (Samba#15624, Samba#15732, Samba#14356, Samba#15280,
                        Samba#15425, Samba#15649, Samba#15651, Samba#15708,
                        Samba#15740, Samba#15749, Samba#15730, Samba#15706).

- Update to latest 2.9 LTM release (fixes: CVE-2023-3758) (closes: 51860).
- Add sssd-dbus to Requires for sssd-tools (due the InfoPipe responder using).
- Major fixes from upstream (GitHub#5708, GitHub#7109, GitHub#7152, GitHub#7173,
                             GitHub#7197, GitHub#7250, GitHub#7319, GitHub#7375)
  + SSSD incorrectly works with AD GPO during user login (fixed a race
    condition flaw in GPO policy application).
  + gdm smartcard login fails with "system error 4" in case of multiple
    identities.
  + passkey cannot fall back to password, when both of user authentication
    types configured for IPA user even when user intends to do so.
  + AD users are unable to log in due to case sensitivity of user because the
    domain is found as an alias to the email address.
  + Errors in krb5_child.log every time a user authenticates:
    "Pre-authentication failed: No pkinit_anchors supplied".
  + SSSD is not fully registering the domains if the cache is empty (refresh
    root domain when read directly).
  + PAC and PAM responders can crash if backend takes too long time to process
    getDomains() (use proper context if client disconnects before request is
    completed).
  + Add option 'failover_primary_timeout' to configure timeout to reconnect to
    primary servers: minimum and default value in seconds is 31.

- Major backported fixes from upstream (GitHub#7451, GitHub#7404, GitHub#7007,
                                        GitHub#5418, GitHub#7456, GitHub#7462,
                                        GitHub#5861, GitHub#7532, GitHub#7590,
                                        GitHub#7590, GitHub#7642)
  + sysdb: do not fail to add non-posix user to MPG domain (e.g. cause issues
    during GPO evaluation when adding a host account).
  + enhance 'soft_crl' option (revoked certificate will now be rejected if the
    CRL is expired even if 'soft_crl' is set).
  + pam_sss: fix passthrow of old authtok from another pam modules (issue in
    case of using 'use_first_pass' parameter when we need to get old password
    from another module) at PAM_PRELIM_CHECK.
  + krb5_child: do not try passwords during two-factor authentication.
    It should use use the dedicated OTP auth types SSS_AUTHTOK_TYPE_2FA and
    SSS_AUTHTOK_TYPE_2FA_SINGLE exclusively and should not try password or other
    types.
  + Expose flat_name (file.file palceholder) for use in homedir path also for AD
    subdomains.
  + cert util: replace deprecated OpenSSL calls (replaces them if OpenSSL 3.0 or
    newer is used).
  + pam: only set SYSDB_LOCAL_SMARTCARD_AUTH to 'true' but never to 'false'.
  + sdap: allow to provide user_map when looking up group memberships of other
    objects similar to user objects but with different attribute mappings, e.g.
    host objects in AD.
  + ad: use default user_map when looking of host groups for GPO (to determine
    the group memberships of a host for GPO evaluation).
  + ad: honor ad_use_ldaps setting with ad_machine_pw_renewal passed as
    '--use-ldaps' argument to the adcli update command which handles the
    automatic renewal of AD machine account password.
  + Add missing 'dns_update_per_family' option (whether DNS update of A and AAAA
    record should be performed in one update or in two separate updates).

- Updated to 14 version (fixes: CVE-2023-50967)

- Update to latest stable release:
 + Added the cmddenial_message sudoers option to provide additional information
   to the user when a command is denied by the sudoers policy.
   The default message is still displayed.
 + The time stamp used for file-based logs is now more consistent with the time
   stamp produced by syslog (GitHub#327).
 + Sudo will now warn the user if it can detect the user's terminal but cannot
   determine the path to the terminal device. The sudoers time stamp file will
   now use the terminal device number directly (GitHub #329).
 + Added a json_compact value for the sudoers log_format option which can be
   used when logging to a file (GitHub#357).
 + new pam_silent sudoers option has been added which may be negated to avoid
   suppressing output from PAM authentication modules (GitHub#216).
 + Fixed several cvtsudoers JSON output problems (GitHub#369, GitHub#370,
   GitHub#371, GitHub#373, GitHub#381).
 + When sudo runs a command in a pseudo-terminal and the user's terminal is
   revoked, the pseudo-terminal's foreground process group will now receive
   SIGHUP before the terminal is revoked. This emulates the behavior of the
   session leader exiting and is consistent with what happens when, for example,
   an ssh session is closed (GitHub#367).
 + Paths specified via a Chdir_Spec or Chroot_Spec in sudoers may now be
   double-quoted.
 + The default sudoers file now enables the secure_path option by default
   and preserves the EDITOR, VISUAL, and SUDO_EDITOR environment variables
   when running visudo (GitHub#387).

- Updated to 0.9.33.
- Major fixes from upstream:
  + mdb_page_search: fix error code when DBI record is missing (ITS#9037);
  + Fix meta page usage by read only tools (ITS#10212).

- Build for kernel-image-6.11-6.11.5-alt1.

- Build for kernel-image-6.11-6.11.5-alt1.

- Build for kernel-image-6.6-6.6.57-alt1.

- Build for kernel-image-6.6-6.6.57-alt1.

- Added pam_canonicalize_user.so to system-auth-common (closes: #47426).
- Added pam_canonicalize_user control (closes: #47713).
- Disabled legacy pam_propperpwnam.so in system-auth-common during upgrade.

- Update to latest stable release supported latest kernel 6.11.
- Major fixes from upstream:
  + LDAP Ping capability (to find the closest site);
  + smbinfo adds gettconinfo command (allowed dumping session and tcon id);
  + Various improvements to man pages.
- Backport bash completion support for smbinfo (with filestreaminfo, keys,
  gettconinfo) from Fedora.

- Update to maintenance release of Samba 4.20
- Major fixes from upstream (Samba#15695, Samba#15699, Samba#15698, Samba#15696,
                             Samba#15686, Samba#15700, Samba#15677)
  + "inherit permissions = yes" triggers assert() in vfs_default.
  + Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated.
  + samba-tool can not load the default configuration file (upstream update).
  + Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for
    all requests, confuses MacOSX clients.
  + Add vfs_ceph_new module (based on low level API).
  + Crash when readlinkat fails.
  + ntlm_auth make logs more consistent with length check.

- Fix control support with various role module using.
- Fix not standart setup of libnss-role during upgrade (closes #50704).

- Fixed problem with local users definition (difference with previous
  release - fixed path to /etc/tcb/ is removed, which allows to work
  with nsswitch.conf) (thx Maria Alexeeva) (ALT#47499).

- Initial build for Sisyphus

- Initial build for Sisyphus

- rename acc as acc-legacy for execution via alternatives

- add support for execution with acc-legacy

- initial first build for Sisyphus

- Update to stable release of Samba 4.20 (Samba#15673):
  + Due --version-* options are still not ergonomic, and they reject tilde
    characters, so, revert the commit changed the script for generating the ABI
    symbol version broken the ABI by changing all dots to underscores.
    This reverts the commit partially to preserve the dots in the version part.
- Replace some common private libraries to common-libs (for libsmclient):
  + libreplace-private-samba.so
  + libcli-smb-common-private-samba.so
  + libgse-private-samba.so
  + liblibsmb-private-samba.so

- Fix disabling libnss-role by control during upgrade (closes #50704).

- Added additional methods on the bus for forced downloading of gpt (thx greh@)

- Update to stable release of Samba 4.20
- Major fixes from upstream (Samba#15683, Samba#15655, Samba#15685, Samba#15603,
                             Samba#15621)
  + Running samba-bgqd as a standalone systemd service does not work.
  + When claims enabled with heimdal kerberos, unable to log on to a
    Windows computer when user account need to change their own password.
  + Samba does not parse SDDL found in defaultSecurityDescriptor in
    AD_DS_Classes_Windows_Server_v1903.ldf
  + Heimdal ignores _gsskrb5_decapsulate errors in init_sec_context/repl_mutual.
  + s4:ldap_server: does not support tls channel bindings for sasl binds.

- Fixed compatibility with Cryptography 43 (closes: #51063).
- Backported upstream patches for known issue:
  + https://pagure.io/freeipa/issue/9641
- Backported replacment python module netifaces with ifaddr:
  + https://pagure.io/freeipa/issue/9555
- Fix compatibility with modern versions of netaddr:
  + https://pagure.io/freeipa/issue/9645

- new version 1.1.7
- Fixes from upstream:
  + Fix installation of python module
  + Improve config dir creation if we have pam_start_confdir()
  + Fixed PAM_WRAPPER_DISABLE_DEEPBIND
  + Directly fail if we can't create the config dir

- initial build for Sisyphus

- New option 'idmap reverse cache update' to control reverse name to sid cache
  behaviour that Winbind's idmap interface additionally saved to namemap cache,
  when found unknown sid during sid to name query. This option solves the
  compatibility problem of foreign SIDs getting stuck in trust relationships
  from the SIDHistory attribute.
  By default, this option is disabled (so, compatibility behaviour is enabled).

- Update to the 2.9.1 for samba-4.20.2 and later releases

- Update to stable release of Samba 4.20
- Replace winbind_krb5_locator.so and async_dns_krb5_locator.so
  to mutually exclusive alterantives placed into libkrb5 plugins directory as
  symlink named winbind_krb5_locator.so.
- Major fixes from upstream (Samba#15662, Samba#15569, Samba#15625, Samba#15654,
                             Samba#13019, Samba#14981, Samba#15412, Samba#15573,
                             Samba#15620, Samba#15642, Samba#15659, Samba#15664,
                             Samba#15666, Samba#15435, Samba#15633, Samba#15653)
  + Regression DFS not working with widelinks = true.
  + vfs_widelinks with DFS shares breaks case insensitivity.
  + ldb qsort might r/w out of bounds with an intransitive compare function.
  + Many qsort() comparison functions are non-transitive, which can lead to
    out-of-bounds access in some circumstances.
  + New options --vendor-name and --vendor-patch-revision arguments allows
    distributions and packagers to put their name in the Samba version string.
  + Dynamic DNS updates with the internal DNS are not working.
  + netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0.
  + Anonymous smb3 signing/encryption should be allowed (similar to
    Windows Server 2022).
  + Panic in dreplsrv_op_pull_source_apply_changes_trigger.
  + s4:nbt_server: does not provide unexpected handling, so winbindd can't use
    nmb requests instead cldap.
  + winbindd, net ads join and other things don't work on an ipv6 only host.
  + Segmentation fault when deleting files in vfs_recycle.
  * Panic in vfs_offload_token_db_fetch_fsp().
  + "client use kerberos" and --use-kerberos is ignored for the machine account.
  + samba-gpupdate - Invalid NtVer in netlogon_samlogon_response.
  + idmap_ad creates an incorrect local krb5.conf in case of trusted domain lookups.

- Updated to new version 1.1.16 (released 2024-07-05)
- Fixes from upstream:
  + Fixed copy&paste error in the destructor
  + Fixed thread sanitizer on modern Linux Kernels
  + Fixed building with newer cmocka versions