- Fix systemd-networkd cache initialization

- Rebuild with ghc 8.10.7 (final second bootstrap)

- Fix build with new gcc versions:
 + Don't mark evacuate_large as inline
- Fix build docs: use modern sphinx syntax for extlinks
- Bootstrap again from version 8.6.4 to 8.10.7

- Initial ALT_Product_License Common default license for products:
 + ALT Workstation
 + ALT Workstation K
 + ALT Education
 + ALT Virtualization Server

- Fixed prepare-vm script dependency to gpasswd.

- Update distro licenses installation process.
- Update license for ALT Server distribution (ALT_Server_License).
- Initial licenses for ALT SP (ALT_SP_License) and Simply Linux
  (ALT_Simply_License) distributions.

- Fix check of mime type for images.

- Initial release

- Update to maintenance release of Samba 4.17:
  + Secure channel faulty since Windows 10/11 update 07/2023 (KB5028166).

- Security fixes (Samba#15418):
  + CVE-2022-2127:  When winbind is used for NTLM authentication, a maliciously
                    crafted request can trigger an out-of-bounds read in winbind
                    and possibly crash it.
                    https://www.samba.org/samba/security/CVE-2022-2127.html

  + CVE-2023-3347:  SMB2 packet signing is not enforced if an admin configured
                    "server signing = required" or for SMB2 connections to Domain
                    Controllers where SMB2 packet signing is mandatory.
                    https://www.samba.org/samba/security/CVE-2023-3347.html

  + CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
                    Spotlight can be triggered by an unauthenticated attacker by
                    issuing a malformed RPC request.
                    https://www.samba.org/samba/security/CVE-2023-34966.html

  + CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
                    Spotlight can be used by an unauthenticated attacker to
                    trigger a process crash in a shared RPC mdssvc worker process.
                    https://www.samba.org/samba/security/CVE-2023-34967.html

  + CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
                    side absolute path of shares and files and directories in
                    search results.
                    https://www.samba.org/samba/security/CVE-2023-34968.html

- Disable build of shared libutil.
- Enable build with static sudoers.

- Sudo now requires a C compiler that conforms to ISO C99 or higher to build.
- Fixed a bug where if the "intercept" or "log_subcmds" sudoers option was
  enabled and a sub-command was run where the first entry of the argument
  vector didn't match the command being run.
- The "intercept_verify" sudoers option is now only applied when the "intercept"
  option is set in sudoers. Previously, it was also applied when "log_subcmds"
  was enabled.
- The sudoers plugin now canonicalizes command path names before matchin.
- Improved command matching when a chroot is specified in sudoers.
- The visudo utility now displays a warning when it ignores a file in an
  include dir such as /etc/sudoers.d.
- When running a command in a pseudo-terminal, sudo will initialize the terminal
  settings even if it is the background process.
- Fixed a bug where only the first two digits of the TSID field being was logged.
- The "log_pty" sudoers option is now enabled by default. To restore the historic
  behavior where a command is run in the user's terminal, add "Defaults !use_pty"
  to the sudoers file.
- Sudo's "-b" option now works when the command is run in a pseudo-terminal.
- When disabling core dumps, sudo now only modifies the soft limit and leaves
  the hard limit as-is. This avoids problems on Linux when sudo does not have
  CAP_SYS_RESOURCE, which may be the case when run inside a container.
- Sudo configuration file paths have been converted to colon-separated lists of
  paths. This makes it possible to have configuration files on a read-only file
  system while still allowing for local modifications in a different (writable)
  directory.
- Fixed a long-standing bug where a sudoers rule without an explicit runas list
  allowed the user to run a command as root and any group instead of just one of
  the groups that root is a member of.
- Fixed a bug where a sudoers rule with an explicit runas list allowed a user to
  run sudo commands as themselves.
- Fixed a bug that prevented the user from specifying a group on the command line
  via "sudo -g" if the rule's Runas_Spec contained a Runas_Alias.
- Fixed regressions in sudo 1.9.13:
 + Fixed a bug that resulted in a missing " ; " separator between environment
   variables and the command in log entries.

- Update to maintenance release of Samba 4.18:
  + smbd_scavenger crashes when service smbd is stopped (Samba#15275).
  + vfs_fruit might cause a failing open for delete (Samba#15378).
  + named crashes on DLZ zone update (Samba#14030).
  + winbind recurses into itself via rpcd_lsad (Samba#15361).
  + cli_list loops 100% CPU against pre-lanman2 servers (Samba#15382).
  + smbclient leaks fds with showacls (Samba#15391).
  + aes256 smb3 encryption algorithms are not allowed in
    smb3_sid_parse() (Samba#15374).
  + winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR (Samba#15413).
  + smbget memory leak if failed to download files recursively (Samba#15403).
- Add check with admx-lint for group policy templates validation.

- Initial build for Sisyphus.

- CMake: Set CMOCKA_LIBRARIES in package config for backwards compatibility

- Fix cmocka >= 1.1.6 find_package()

- Fix cmocka >= 1.1.6 find_package()

- Fix cmocka >= 1.1.6 find_package()

- Fix cmocka >= 1.1.6 find_package()

- Fix cmocka >= 1.1.6 find_package() in CONFIG mode.
- Drop support for Python 2.

- Initial build for Sisyphus.

- Update to maintenance release of Samba 4.18:
  + log flood: smbd_calculate_access_mask_fsp: Access denied: message level
    should be lower (Samba#15302).
  + Floating point exception (FPE) via cli_pull_send at
    source3/libsmb/clireadwrite.c (Samba#15306).
  + Reduce flapping of ridalloc test (Samba#15329).
  + large_ldap test is unreliable (Samba#15351).
  + New filename parser doesn't check veto files smb.conf parameter (Samba#15143).
  + mdssvc may crash when initializing (Samba#15354).
  + Large directory optimization broken for non-lcomp path elements (Samba#15313).
  + streams_depot fails to create streams (Samba#15357).
  + shadow_copy2 and streams_depot don't play well together (Samba#15358).
  + wbinfo -u fails on ad dc with >1000 users (Samba#15366).
  + winbindd idmap child contacts the domain controller without a
    need (Samba#15317).
  + idmap_autorid may fail to map sids of trusted domains for the first
    time (Samba#15318).
  + idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings (Samba#15319).
  + net ads search -P doesn't work against servers in other domains (Samba#15323).
  + DS ACEs might be inherited to unrelated object classes (Samba#15338).
  + Temporary smbXsrv_tcon_global.tdb can't be parsed (Samba#15353).
  + Setting veto files = /.*/ break listing directories (Samba#15360).
  + CVE-2020-25720 [SECURITY] Create Child permission should not
    allow full write to all attributes (additional changes) (Samba#14810).
  + Reduce flapping of ridalloc test (Samba#15329).
  + dsgetdcname: assumes local system uses IPv4 (Samba#15325).

- Update to the 2.6.2 for samba-4.17.7 release

- Update to maintenance release of Samba 4.17 with update libldb to 2.6.2:
  + ldb wildcard matching makes excessive allocations (Samba#15331).

- Security fixes (Samba#15276, Samba#15270, Samba#15315, Samba#14810):
  + CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
                   but otherwise unprivileged users to delete this attribute from
                   any object in the directory.
                   https://www.samba.org/samba/security/CVE-2023-0225.html

  + CVE-2023-0922: The Samba AD DC administration tool, when operating against a
                   remote LDAP server, will by default send new or reset
                   passwords over a signed-only connection.
                   https://www.samba.org/samba/security/CVE-2023-0922.html

  + CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
                   Confidential attribute disclosure via LDAP filters was
                   insufficient and an attacker may be able to obtain
                   confidential BitLocker recovery keys from a Samba AD DC.
                   Installations with such secrets in their Samba AD should
                   assume they have been obtained and need replacing.
                   https://www.samba.org/samba/security/CVE-2023-0614.html

  + CVE-2020-25720 Create Child permission should not allow full write to all
                   attributes (additional changes).

- Fixed getopt for license mode.

- Update to latest stable release with regressions.
- Fixed a bug that could cause sudo to hang when running a command
  in a pseudo-terminal when there is still input buffered after a
  command has exited.
- Fixed regressions in sudo 1.9.13:
 + Fixed a bug introduced in sudo 1.9.13 that caused a syntax error
   when "list" was used as a user or host name (GitHub #246).
 + Fixed "sudo -U otheruser -l command" (GitHub #248).
 + Fixed "sudo -l command args" when matching a command in sudoers
   with command line arguments (GitHub #249).

- Fixed linking issue in tests
- Fixed a memory leak in tests
- Fixed implementation of initgroups()
- Fixed implementation of getgrouplist()
- Avoid dclose(RTLD_NEXT)
- Fixed possible mutex and threading issues

- Skip test_syscall_swrap for arm archicture

- Fix issues with glibc >= 2.34

- Skip test_syscall_swrap for arm archicture

- Indents at selected OU's widget with policies list are minimized.
- Ellipsis for too long names in description bar is added. Label is located to
  the right of the tree with chosen object. Tool tip for that label is added.
  Tool tip contains full object name.
- Attribute groupType display and edit are changed from decimal to hexadecimal.
  Attribute value also contains flag names that were set.
- Error dialog after critical policy selection is removed. Error is displayed
  in log now. Dialog error messages after critical policy deletion attempt are
  clarified.
- Russian language is removed from english logs and vice versa.
- Block inheritance indicator is added to OU's icon from group policy objects.
- Enforced link indicator is added to policy icon from group policy objects.
- Disabled policies appearence changing is added to policies from group policy
  objects. Policy item icon changes appearance (fades) after group policy link
  disabling.
- Policy link indicator is added to policy icon from group policy objects.
  Indicator is located in left bottom policy icon corner.
- Policies that are linked to domain is visible in group policy objects now.
- Group policy objects order is changed. Policies is placed higher than OUs now.

- Add support the openssl security level

- Fixed an implementation of replace action in folder applier
- Improve file cache store() with copy in temporary file before saving
- Added implementation of using executable bit in file copy applier
- Fixed debug messages typos in file copy applier

- Support for pam_winbind (aka NT password) (Closes: #45513)
- Update russian translation, reconvert it to UTF-8

- Fix typos in adml files (closes: 42355, 42365, 42358).

- Update to latest stable release.
- Fix run_time message validation in logsrvd.
- Fixed a potential double-free bug when matching a sudoers rule
  that contains a per-command chroot directive (CHROOT=dir).

- Update to maintenance release of Samba 4.16
- Security fixes:
  + CVE-2022-38023: Samba should refuse RC4 (aka md5) based SChannel on
    NETLOGON (Samba#15240).
- Major fixes:
  + smbc_getxattr() return value is incorrect (Samba#14808).
  + samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when
    there is only an AAAA record for the DC in DNS (Samba#15226).
  + smbd crashes if an FSCTL request is done on a stream handle (Samba#15236).
  + auth3_generate_session_info_pac leaks wbcAuthUserInfo (Samba#15286).
  + Leak in wbcCtxPingDc2 (Samba#15164).
  + irpc_destructor may crash during shutdown (Samba#15280).
- Share enumeration (netshareenum) fixes:
  + %U for include directive doesn't work for share listing (Samba#15243).
  + Shares missing from netshareenum response in samba 4.17.4 (Samba#15266).
  + Access based share enum does not work in Samba 4.16+ (Samba#15265).
  + Crash during share enumeration (Samba#15267).

- Update to latest stable bugfix and security release (closes: 44965).
- Fixed a compilation error on Linux/aarch64 (GitHub#197).
- Fixed a potential crash introduced in the fix for (GitHub#134):
 + If a user's sudoers entry did not have any RunAs user's set, running
   "sudo -U otheruser -l" would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
  a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
- Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
  sudoedit) that could allow a malicious user with sudoedit privileges to edit
  arbitrary files.

- Fix race condition problems with AdInterface.

- Fix property tabs size policy to looks more pretty.
- Enable both user and machine attributes during GPO creating.
- Fix availability of the Ok button when:
 + a policy name is missing in the policy create dialog;
 + group name is missing in the renaming ou dialog;
 + user name is missing in rename user dialog.

- Add support of create and delete symlinks in user home directory for mapped
  network drives in cifs applier
- Fix file copy applier support of delete files with substitution

- Add user policies for drive maps symlinks in home directory.
- Add warning when disabling network manager.
- Fix correction of option name open ldap tls connections in russian.
- Fix typo in cups.service

- Update to maintenance release of Samba 4.16 with fixes of the Samba CVE for
  the Windows Kerberos Elevation of Privilege Vulnerability disclosed by
  Microsoft on Nov 8 2022 (CVE-2022-37967, CVE-2022-37966).
- Security fixes:
  + CVE-2022-37966: A Samba Active Directory DC will issue weak rc4-hmac
                    session keys for use between modern clients and servers
                    despite all modern Kerberos implementations supporting
                    the aes256-cts-hmac-sha1-96 cipher.
                    On Samba Active Directory DCs and members
                    'kerberos encryption types = legacy' would force
                    rc4-hmac as a client even if the server supports
                    aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96
                    (Samba#13135, Samba#15219, Samba#15237).
                     https://www.samba.org/samba/security/CVE-2022-37966.html

  + CVE-2022-37967: A service account with the special constrained
                    delegation permission could forge a more powerful
                    ticket than the one it was presented with (Samba#15231).
                     https://www.samba.org/samba/security/CVE-2022-37967.html

  + CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
                    same algorithms as rc4-hmac cryptography in Kerberos,
                    and so must also be assumed to be weak (Samba#15240).
                     https://www.samba.org/samba/security/CVE-2022-38023.html

- Add control for Yandex Browser group policies mechanism.
- Improve group policies mechanisms display names and help descriptions.

- Update file copy applier with substitution support
- Update translations for several logs

- Action menu: Block inheritance feature is added to organizational
  unit context menu. Also limited group policy tab is returned.
- Console: Bug with empty group policy object crushing is fixed.
- Console: Non-deletable group policy containers dont dissapear
  from GUI after deletion attempt now. Warning message popups instead
  of error log dialog.
- Misc: "Order" column is added to policy organizational unit results.
  Sort is performed with this column by default.
- Console: Fix crash in policy tree after changing properties
  for organizational units.
- Misc: Fix description bar squishing scope pane, when selected
  item's name is too long and description bar needs to display it.
- Toolbar: Fix icons for "create" actions for organizational units,
  users and groups in toolbar.
- Misc: Add trimming to full name autofill.
- Misc: Add trimming to attribute sAMAccountName edit in create
  dialog for computers.
- Misc: Add "find gpo" action to policy tree. It implements group
  policy objects search functional.
- Misc: Improve "Import Query" action. So it's possible to
  import multiple queries at the same time.

- Update text of summary for role-usershares and smb-conf-usershares.
- Update default usershare prefix allow and deny lists:
  + usershare prefix deny list = /etc /dev /sys /proc
  + usershare prefix allow list = /home /srv /mnt /media /var
- Add new controls for samba-usershares:
  + smb-conf-usershare-allow-list
  + smb-conf-usershare-deny-list
  + smb-conf-usershare-owner-only
  + smb-conf-usershare-allow-guests

- Update release with forgotten changes

- Fixed mapped drive maps for user and add support for machine
 + Added label option support
 + Fixed letters collisions and assigning as Windows
- Replaced cifs applier mountpoints into shown gvfs directories:
 + /media/gpupdate/Drive - for system shares
 + /media/gpupdate/.Drive - for system hidden shares
 + /run/media/USERNAME/DriveUser - for user shares
 + /run/media/USERNAME/.DriveUser - for user hidden shares
- Added network shares support for user
- Fixed bug (closes: 44026) for chromium applier
- Added keylist handling when generating firefox settings (closes: 44209)
- Added a check of the need to scroll DC (scrolling DCs disabled by default!)
- Added the ability to generate rules for all polkit actions
- Added applier for Yandex.Browser

- Fix libnss-systemd postinstall scriptlet for compatibility with libnss-role
  conflict in order of modules in group NSS database (closes: #44505).
- Fix postuninstall scriptlets for cleanup systemd and mymachines NSS modules.

- Update to latest release

- Add role-usershares control allow or disallow for group users using of
  samba usershares as privilege.
- Add compatibility support for sambashare group as common privilege assigned
  to usershares group (Closes: #44379).

- Update samba defaults from samba-4.16.6-alt1 release.
- Update restore script with default configuration files actually placed in
  default directory as in the user's system.

- Don't treat a missing include file as an error in handle_include().
  This behavior differs between the source3 and source4 parts of Samba.
  So, it should be the same and just not an error (Closes #44214).

- Update to latest 2.8 major release.
- Important fixes:
  + A regression when running sss_cache when no SSSD domain is enabled would
    produce a syslog critical message was fixed.
  + Several fixes in D-Bus infopipe functions:
    ListByName(), Groups.ListByName() and Groups.ListByDomainAndName().

- Update to latest stable bugfix and security release (fixes: CVE-2022-43995).
- Major improvements from latest Sisyphus release:
 + For ptrace-based intercept mode, sudo will now attempt to verify that the
   command path name, arguments and environment have not changed from the time
   when they were authorized by the security policy. The new intercept_verify
   sudoers setting can be used to control this behavior.
 + Sudo now supports passing the execve(2) system call the NULL pointer for the
   argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer
   like an empty array.
 + Neovim has been added to the list of visudo editors that support passing the
   line number on the command line.
 + Added a new -N (no-update) command line option to sudo which can be used to
   prevent sudo from updating the user's cached credentials.
 + PAM approval modules are no longer invoked when running sub-commands in
   intercept mode unless the intercept_authenticate option is set. There is a
   substantial performance penalty for calling into PAM for each command run.
   PAM approval modules are still called for the initial command.
 + Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2)
   if available.
 + The XDG_CURRENT_DESKTOP environment variable is now preserved by default.
   This makes it possible for graphical applications to choose the correct theme
   when run via sudo.
 + The cvtsudoers manual now documents the JSON and CSV output formats.
 + The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers
   settings can be used to support more fine-grained I/O logging. The sudo
   front-end no longer allocates a pseudo-terminal when running a command if the
   I/O logging plugin requests logging of stdin, stdout, or stderr but not
   terminal input/output.
 + Added the -I option to visudo which only edits the main sudoers file.
   Include files are not edited unless a syntax error is found.

- Initial build for Sisyphus

- Redesign become_user patch to should assign supplementary groups for server
  part of code only (due race condition in krb5_child, for example).

- Update to maintenance release of Samba 4.16 (Samba#15134)
- Security fixes:
  + CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
                   unwrap_des() and unwrap_des3() routines of Heimdal (included
                   in Samba).
                   https://www.samba.org/samba/security/CVE-2022-3437.html
- Add samba-usershares package for support for non-root user shares.
- Default smb.conf simplified - homes, printers and print$ shares enabled by
  default. Original large default example smb.conf replaced to smb.conf.example.

- Fix en_US adml for script execution module for users policy.

- Update installation process for release 104.0.5112.114

- Update to latest release 106.0-5249.119

- Rebuild with ghc 8.10.7

- Bootstrap to version 8.10.7

- Update Policy templates for Firefox 106 and Firefox ESR 102.4
- This release contains some typo fixes and new Russian translations
  thanks to lepata@