[SCM] Samba Shared Repository - annotated tag samba-4.11.0rc1 created

Karolin Seeger kseeger at samba.org
Tue Jul 9 10:15:14 UTC 2019


The annotated tag, samba-4.11.0rc1 has been created
        at  6682733cb6ab777e41114cb22ef537db40ada774 (tag)
   tagging  2da294048fcbddb60f12a3a42c0cf82fdd861b40 (commit)
  replaces  ldb-1.6.3
 tagged by  Karolin Seeger
        on  Tue Jul 9 12:14:46 2019 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.11.0rc1
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXSRpFgAKCRBvM5FbZWi3
6pwPAJwNEhwOPJ8uqxM74E4Ts7uWgV0qWACeIz27fCj50ALTZ7KYDSwC3xqP8sE=
=5C6c
-----END PGP SIGNATURE-----

Aaron Haslett (44):
      paged_search: perf testing paged search
      ldb: cmocka test for empty attributes bug
      lmdb: iterate_range cmocka testing
      ldb: <= and >= indexed searching
      ldb: activating <= and >= indexing for integers
      ldb: tests for <= and >= integer indexing
      ldb: version 2.0.0
      samdb: test for schemainfo update with relax control
      dsdb:samdb: schemainfo update with relax control
      selftest: tagging tests for new schemaupgrade_dc target
      repl: test for schema object and LA repl across chunks
      selftest: split schemaupgrade testenv out
      ldap: test for empty attributes list
      selftest: correcting empty attribute usage in requests
      ldb: removing alloc from unpack_data
      ldb: perf test for pack format
      ldb: removing msg and dn copying from filter attrs
      ldb: remove unpack only attr list functionality
      ldb: baseinfo pack format check on init
      ldb: push and pull macros for pack format
      ldb: replacing length increments with constants in pack
      ldb: unpack function for new pack format
      ldb: pack function for new pack format
      ldb: Release ldb 2.0.2
      ldb: removing unnecessary module pointer
      ldb: ldb_key_value_test fix
      ldb: ldbdump key and pack format version comments
      ldb: test for parse errors
      sambaundoguididx: renamed to downgradedatabase
      downgradedatabase: blackbox test
      ldb: only used a->syntax->index_format_fn if GUID indexing is enabled
      ldb: binding ordered indexes to GUID indexing
      downgradedatabase: blackbox: check ordered integer removed
      ldb: repack old format database if GUID indexing enabled
      ldb: python test for repack
      downgradedatabase: blackbox: database repacked
      ldb: pack_format_override option
      dsdb: disable ORDERED_INTEGER with MDB pack format v1
      downgradedatabase: adding special case for MDB
      downgradedatabase: blackbox: MDB backend
      ldb: Release ldb 2.0.3
      selftest: specifying 2008_R2 base schema for tests that need it
      schema: changing default base schema to 2012_R2
      selftest: schema version check in provision test

Amit Kumar (1):
      docs: Correct 'net ads dns unregister --help' description

Amitay Isaacs (3):
      ctdb-common: Avoid race between fd and signal events
      ctdb-tests: Add reqid wrapping test
      ctdb-common: Fix memory leak in run_proc

Andreas Schneider (211):
      s3:lib: Increase debug level for messaging_send_buf message
      s3:script: Fix running rsync in fake_snap.pl
      s3:script: Fix running cp in modprinter.pl
      libcli: Use a define for the SMB_SUICIDE_PACKET
      s3:smbd: Make clear that we got a suicide packet
      s3:torture: Move the init of the locking out of the loop
      s3:torture: Improve the debug message output
      s3:waf: Fix the detection of makdev() macro on Linux
      third_party: Update socket_wrapper to version 1.2.3
      selftest: Increase nss_wrapper max host entries handling
      docs: Update smbclient manpage for --max-protocol
      s3:utils: Add 'smbstatus -L --resolve-uids' to show usernames
      selftest: Add smbstatus to testhelper
      s3:tests: Add test for smbstatus and smbstatus --resolve_uids
      s3:libads: Print more information when LDAP fails
      s3:libsmb: Add some useful debug output to cliconnect
      auth:creds: Prefer the principal over DOMAIN/username when using NTLM
      s3:libnet: Use more secure name for the JOIN krb5.conf
      s3:libads: Make sure we can lookup KDCs which are not configured
      lib:util: Add support to keep talloc chunks secret
      lib:util: Add test for talloc_keep_secret()
      lib:util: Include talloc_keep_secret.h in samba_util.h
      autobuild: Build also Samba AD with MIT Kerberos
      s3:modules: Fix size types
      s4:heimdal: Disable format truncation warnings
      bootstrap: Fix dnf commands
      bootstrap: Add missing packages on RPM distributions
      bootstrap: Add missing packages for XFS quota support
      bootstrap: Add glusterfs and cephfs packages
      gitlab-ci: Enable fedora29 and update generated dists
      gitlab-ci: Remove Ubuntu 14.04
      lib:audit_logging: Use C99 initializer for server_id in audit_logging
      s3:lib: Use correct C99 initializer for 'struct flock' in messages_dgm
      s4:dsdb: Use C99 initializer in dsdb util_trusts
      s3:libsmb: Fix C99 initializer in cli_smb2_fnum.c
      wafsamba: Enable warnings for missing field initializer
      gitlab-ci: Install missing krb5-kdc package on Ubuntu/Debian
      bootstrap: Only install required packages on Fedora
      bootstrap: Only install required packages on openSUSE
      gitlab-ci: Update for building new containers
      replace: Add ZERO_ARRAY_LEN() macro
      lib:util: Sync memory.h with replace.h
      waf: Add mandatory requirement for GnuTLS >= 3.2.0
      s3:tls: Remove #ifdef for GnuTLS
      s4:rpc_server: Remove obsolete gcrypt init
      waf: Remove configure steps from source4/lib/tls
      waf: Move gnutls_pkcs7_get_embedded_data_oid to main gnutls file
      waf: Add check for gnutls_x509_crt_set_subject_unique_id()
      waf: Move check for gnutls_aead_cipher_init to main gnutls wscript
      waf: Remove unused GNUTLS defines
      s3:modules: Use GnuTLS SHA256 in vfs_acl_common
      s4:utils: Use gnutls SHA256 in oLschema2ldif
      s4:libcli:smb2: Use GnuTLS SHA256 HMAC for signing
      libcli:auth: Use GnuTLS SHA256 HMAC for credentials
      libcli:auth: Add return code for netlogon_creds_init_hmac_sha256()
      libcli:smb: Use GnuTLS SHA256 HMAC in smb2_key_derivation()
      libcli:smb: Use GnuTLS SHA256 HMAC in smb2_signing_sign_pdu()
      libcli:smb: Use GnuTLS SHA256 HMAC in smb2_signing_check_pdu()
      libcli:smb: Introduce a structure for the smb2_singing_key
      libcli:smb: Use 'struct smb2_signing_key' in smbXcli_base.c
      s3:librpc: Rename the data blobs for keys in smbXsrv.idl
      s3:librpc: Add smb2_signing_key to smbXsrv.idl
      s3:smbd: Start to use the smb2_signing_key structure
      libcli:smb: Add smb2_signing_key_destructor()
      libcli:smb: Use smb2_signing_key for smb2_signing_sign_pdu()
      libcli:smb: Use smb2_signing_key for smb2_signing_check_pdu()
      auth:gensec: Use GnuTLS SHA256 HMAC for schannel
      auth:gensec: Add return code for netsec_do_sign()
      lib:crypto: Remove unused SHA256 and HMAC SHA256
      lib:torture: Fix size type in torture macro
      s4:samdb: Make sure value is initialized with 0
      waf: Also check for gnutls_privkey_export_x509()
      bootstrap: Fix yum commands
      bootstrap: Make sure that the python3 interpreter is installed
      bootstrap: Move to python 3.6 on CentOS
      bootstrap: Install correct python modules on CentOS7
      gitlab-ci: Enable building on CentOS7
      libcli:smb: Use GnuTLS SHA512 in smbXcli_base
      s3:smbd: Use GnuTLS SHA512 in smb2 server
      s3:smbd: Use GnuTLS SHA512 in smb2 session setup
      lib:crypto: Remove unused SHA512
      ctdb: Fix format in db_hash_test
      wafsamba: Enable warnings about format overflows
      wafsamba: Enable warnings about zero-length formats
      s4:auth: Fix debug statement in gensec_gssapi
      s3:rpc_server: Do not free the tdbname before we printed it
      s4:ntvfs: Do not free eadb before we printed an error
      s4:torture: Do not print NULL strings we just checked before
      lib:torture: Fix string comparison macros where we directly pass NULL
      s4:torture: Do not free full_name before we printed it
      ctdb:common: Do not print NULL if we don't get a sockpath
      s3:winbindd: Do not free db_path in idmap_tdb2 before we printed it
      s3:utils: If share is NULL in smbcquotas, don't print it
      s3:utils: If share is NULL in smbcacls, don't print it
      s3:smbspool: Fix regression printing with Kerberos credentials
      gitlab-ci: Install libtasn1-tools on Fedora based distributions
      s3:libsmb: Add missing OOM check in fill_quota_buffer()
      lib:util: Remove unused ALIGN marcos from byteorder.h
      lib:util: Remove PPC big endian asm optimized code in byteorder.h
      lib:util: Move VWV macro to smb_constants.h
      lib:util: Add a test for byteorder.h
      libcli:auth: Use GnuTLS MD5 for E_md5hash() in smbcrypt
      libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()
      libcli:auth: Use GnuTLS MD5 in encode_wkssvc_join_password_buffer()
      libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()
      libcli:auth: Use GnuTLS MD5 in decode_wkssvc_join_password_buffer()
      libcli:auth: Use GnuTLS MD5 HMAC in ntv2_owf_gen()
      libcli:auth: Use GnuTLS MD5 HMAC in SMBOWFencrypt_ntv2()
      libcli:auth: Use GnuTLS MD5 HMAC in SMBsesskeygen_ntv2()
      libcli:auth: Use 'bool ok' in ntv2_owf_gen()
      libcli:auth: Use GnuTLS MD5 and HMAC MD5 in netlogon_creds_init_128bit
      libcli:auth: Add return codes for netlogon_creds_init_128bit()
      libcli:drsuapi: Use GnuTLS MD5 in drsuapi_decrypt_attribute_value()
      libcli:drsuapi: Use GnuTLS MD5 in drsuapi_encrypt_attribute_value()
      libcli:smb: Use GnuTLS MD5 and HMAC MD5 in smb_signing_md5()
      libcli:smb: Use GnuTLS HMAC MD5 in smb_key_derivation()
      libcli:smb: Return NTSTATUS for smb_signing_md5()
      libcli:smb: Return NTSTATUS for smb_signing_sign_pdu()
      libcli:smb: Check return code of smb_signing_md5()
      libcli:smb: Return NTSTATUS for smb_key_derivation()
      auth:ntlmssp: Use GnuTLS HMAC MD5 in ntlmssp client
      auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp server
      auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp sign
      auth:creds: Use GnuTLS MD5 in ntlm creds
      auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()
      auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()
      auth:gensec: Use GnuTLS HMAC MD5 and MD5 in netsec_do_sign()
      auth:gensec: Return NTSTATUS for netsec_do_seq_num()
      s3:smbd: Return NTSTATUS for srv_calculate_sign_mac()
      s3:vfs: Use GnuTLS MD5 in vfs_streams_xattr
      s3:vfs: Use GnuTLS MD5 in vfs_fruit
      s3:profile: Use GnuTLS MD5
      s3:rpc_client: Use GnuTLS MD5 for samr
      s4:dsdb: Use GnuTLS MD5 in password_hash module
      s3:libcli: Use GnuTLS MD5 for smb singing
      s4:libnet: Use GnuTLS MD5 for samr passwords
      s4:ntp_signd: Use GnuTLS MD5 in signd
      s4:rpc_server: Use GnuTLS MD5 for samr password
      s4:messaging: Use GnuTLS MD5 in messaging test
      s3:torture: Use GnuTLS MD5
      s4:torture: Use GnuTLS MD5 and HMAC MD5 in samlogon test
      s4:torture: Use GnuTLS MD5 in ntp_signd test
      s4:torture: Use GnuTLS MD5 in samr password tests
      s4:torture: Use GnuTLS MD5 for samr password
      s4:torture: Use GnuTLS MD5 for samba3rpc
      lib:crypto: Remove obsolete MD5 and HMAC MD5
      s3:smbspool: Add the 'lp' group to the users groups
      s3:smbspool: Print the principal we use to authenticate with
      s3:smbspool: Add debug for finding KRB5CCNAME
      s3:smbspool: Use %u format specifier to print uid
      s3:smbspool: Fallback to default ccache if KRB5CCNAME is not set
      s3:smbspool: Print the filename we failed to open
      s3:smbspool: Always try to authenticate using Kerberos
      s3:smbspool: Add debug messages to kerberos_ccache_is_valid()
      s3:smbspool: Use NTSTATUS return codes
      third_party: Update nss_wrapper to version 1.1.6
      ctdb:tests: Add missing va_end() in ctdb_set_error()
      lib:mscat: Add missing return check for error in dumpsmcat
      s3:utils: Only declare variables if we're gonna use them
      s3:lib: Move up NULL check
      s3:modules: Put debug msg into the if clause checking the strings exists
      third_party: Update waf to version 2.0.17
      libcli:smb: Fix signing with multichannel
      libcli/smb: only fallback to the global smb2 signing key if we should sign
      s3:client: Link smbspool_krb5_wrapper against krb5samba
      gitlab-ci: Add Fedora 30
      libcli:util: Add gnutls_error
      s4:libcli: Use gnutls_error_to_ntstatus() or singing
      libcli:smb: Return NSTATUS for smb2_signing_check_pdu()
      libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_sign_pdu()
      libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_check_pdu()
      auth:gensec: Use gnutls_error_to_ntstatus() in schannel
      libcli:smb: Use gnutls_error_to_ntstatus() in smbXcli_base.c
      s3:smbd: Use gnutls_error_to_ntstatus() in smb2_server
      s3:smbd: Use gnutls_error_to_ntstatus() in smb2_sesssetup
      libcli:auth: Use gnutls_error_to_ntstatus() in credentials
      libcli:smb: Use gnutls_error_to_ntstatus() in smb_signing
      auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_client
      auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_server
      auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_sign
      auth:creds: Use gnutls_error_to_ntstatus() in credentials_ntlm
      s3:libnet: Use gnutls_error_to_ntstatus() in libnet_passwd
      s4:rpc_server: Use gnutls_error_to_ntstatus() in samr_password
      s4:ntp_signd: Use gnutls_error_to_ntstatus() in ntp_signd
      libcli:util: Add gnutls_error_to_werror()
      libcli:auth: Use gnutls_error_to_werror() in smbencrypt
      libcli:drsuapi: Use gnutls_error_to_werror() in repl_decrypt
      libcli:auth: Use GnuTLS RC4 for netlogon credentials
      libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_validation()
      libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_validation()
      libcli:auth: Return NTSTATUS for netlogon_creds_server_step_check()
      libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_logon()
      libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_logon()
      libcli:auth: Return NTSTATUS for netlogon_creds_crypt_samlogon_logon()
      libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt()
      auth:gensec: Use GnuTLS RC4 in netsec_do_seq_num()
      auth:gensec: Use GnuTLS RC4 in netsec_do_seal()
      auth:gensec: Return NTSTATUS for netsec_do_seal()
      auth:ntlmssp: Use GnuTLS RC4 in ntlmssp server
      s3:rpc_client: Use C99 inititializer in dcerpc_samr_chgpasswd_user()
      s4:rpc_server: Use GnuTLS RC4 in lsa endpoint
      s3:utils: Use GnuTLS RC4 in npc_rpc_trust
      s4:rpc_server: Use GnuTLS RC4 in lsa server
      nsswitch: Use GnuTLS RC4 in wbclient test
      s4:tortue: Use GnuTLS RC4 in rpc lsa test
      s4:torture: Use GnuTLS RC4 in rpc forest_trust test
      s3:winbind: Add support for storing KRB5 credential in KCM
      s3:modules: Add hash_inode() function based on SHA1
      s3:modules: Allow SHA1 usage for file IDs in FIPS mode
      s3:modules: Use hash_inode() in vfs_fruit
      s3:modules: Use hash_inode() in vfs_streams_xattr

Andrew Bartlett (139):
      selftest: Correct name of flapping smb2.notify test
      CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact
      CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users
      CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()
      ldb_kv: Skip @ records early in a search full scan
      ldb: Avoid calling talloc_get_type() in ldb_kv_parse_data_unpack()
      ndrdump: change behaviour of flags to operate as flags
      selftest: Move simple-dc-steps.sh to correct folder
      build: Remove build of replacetort
      replace: Fix "make test" to actually test libreplace
      talloc: Follow pattern of ldb and tdb to ensure "make test" depends on a build
      pidl: No longer use Python3 compat define: PyInt_FromLong -> PyLong_FromLong
      pidl: Always call PyLong_FromLongLong() in ndr_PyLong_FromLongLong()
      pidl: Always call PyLong_FromUnsignedLongLong() in ndr_PyLong_FromUnsignedLongLong()
      pidl: Call PyLong_FromLongLong() directly rather than via inline helper
      pidl: Call PyLong_FromUnsignedLongLong directly rather than via inline helper
      build: Remove ndr_PyLong_FromUnsignedLongLong wrapper from NT_STATUS and W_ERROR table generator
      s4-winbindd: Removed unused wb_utils.c
      lib/tls: Remove unused source4/lib/tls/tls.c (tls socket wrapper)
      torture: Remove unused torture_ldap_connection2()
      torture: Remove unused torture_join_server_dn_str()
      torture: Remove unused dsdb_attribute_ldb_to_drsuapi()
      libnet: Remove unused source4/libnet/libnet_samsync_ldb.c
      libnet: Remove unused source4/libnet/libnet_sam{dump,sync}:
      ldb_kv: Remove incorrect reference to LDB_UNPACK_DATA_FLAG_NO_DN
      ldb_kv: Use ldb_msg_add_steal_value() in msg_add_distinguished_name()
      ldb: move ldb_kv's filter into pack code
      ldb: Release ldb 2.0.1
      s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context
      tdb: Do not return errors from tdb_repack() in the tail of tdb_transaction_commit()
      dsdb: Add tests for large LDAP responses
      tdb: Release tdb 1.4.1
      dsdb: Add random values to names in tests for large LDAP responses
      dsdb/partition: Ensure metadata.tdb is opened early in partition_reload_if_required()
      dsdb/partition: Move in_transaction decrement to end of partition_del_trans()
      dsdb/partition: Remove teardown of data->metadata on partition_metadata_set_sequence_number() failure
      dsdb: lock metadata.tdb during lock_read in partitions module
      selftest: Remove gensec.FEATURE_SEAL from samba4.ldap.notification
      ldap_server: Remove success_limit
      ldap_server: Run the ldap_encode() step in ldapsrv_queue_reply()
      ldap_server: Use an array of struct iovec to avoid data_blob_append()
      ldap_server: Add explict repsonse size limit of 256MB
      ldap_server: chunk the writev() calls at 25MB
      ldap_server: Run ldapsrv_queue_reply() in the ldb callback, rather than waiting for the full result
      torture: Address flapping samba4.rpc.altercontext test
      Remove unused auth_get_challenge_not_implemented
      dsdb: Remove unsued dsdb_class_by_cn()
      libcli/auth: Remove des_crypt64() from smbdes
      s4-rpc_server: Remove unused dnsserver_find_partition()
      lib: Remove "tdb based replacement for gettext"
      libcli/security: Remove unused dup_sec_desc_buf()
      libcli/ldap: Remove unsued ldap_transaction()
      ntvfs: Remove unused nbench vfs module
      ntvfs: Remove unused and untested SMB1 -> SMB2 proxy module
      s4-ntvfs: Remove untested stub vfs_print backend
      s4-ntvfs: Remove untested ntvfs_cifsposix backend
      sambaundoguididx: Add flags=ldb.FLG_DONT_CREATE_DB and port to Python3
      Run test for initshutdown
      selftest: Add more testing of wkssvc in source3
      selftest: Remove infinite client/server loop in srvsvc_NetNameValidate test
      selftest: Run samba3.srvsvc tests covering more of the srvsvc server
      ldb: Fix segfault parsing new pack formats
      sambaundoguididx: fix for -s
      sambadowngradedatabase: Add "or later" to warning about using tools from Samba 4.8
      docs: Improve documentation of "lanman auth" and "ntlm auth" connection
      py3: Remove Python2 side of py3compat.h
      py3: Remove unused IS_PY3 macro from py3compat.h
      py3: Remove unused PyStr_CheckExact macro from py3compat.h
      py3: Remove unused PyStr_Concat macro from py3compat.h
      py3: Remove unused PyStr_Format macro from py3compat.h
      py3: Remove unused PyStr_InternInPlace macro from py3compat.h
      py3: Remove unused PyStr_InternFromString macro from py3compat.h
      py3: Remove unused PyStr_Decode macro from py3compat.h
      py3: Remove unused PyStr_AsUTF8String macro from py3compat.h
      py3: Remove unused PY_DESC_PY3_STRING macro from py3compat.h
      py3: Remove unused PyInt_CheckExact macro from py3compat.h
      py3: Remove unused PyInt_FromString macro from py3compat.h
      py3: Remove unused PyInt_FromSsize_t macro from py3compat.h
      py3: Remove unused PyInt_FromSize_t macro from py3compat.h
      py3: Remove unused PyInt_AS_LONG macro from py3compat.h
      py3: Remove unused PyInt_AsUnsignedLongLongMask macro from py3compat.h
      py3: Remove unused PyInt_AsSsize_t macro from py3compat.h
      selftest: Specifically remove files generated by provision
      Revert TestCaseInSubDir parts of "downgradedatabase: blackbox test"
      lib/replace: Remove #undef TCP_NODELAY
      provision: Suggest "minimal-responses yes;" by default
      py3: Remove PyStr_Type() compatability macro
      py3: Remove PyStr_Check() compatability macro
      py3: Remove PyStr_FromString() compatability macro
      py3: Remove PyStr_FromStringAndSize() compatability macro
      py3: Remove PyStr_FromFormat() compatability macro
      py3: Remove PyStr_FromFormatV() compatability macro
      py3: Remove PyStr_AsString() compatability macro
      py3: Remove PyStr_AsUTF8() compatability macro
      py3: Remove PyStr_AsUTF8AndSize() compatability macro
      py3: Remove duplicated PyUnicode_Check() after the py3 compat macros were removed
      ntvfs: Remove now unused functions
      lib/tls: Remove unused header definitions from source4/lib/tls/tls.h (tls socket wrapper)
      s4-torture: Remove unused #include of librpc/gen_ndr/ndr_dcerpc_c.h
      librpc: Do not generate client code for dbgidl.idl
      librpc: Remove unused RPC_NDR_NTLMSSP
      librpc: Remove unused RPC_NDR_DRSBLOBS
      librpc: Remove unused RPC_NDR_XATTR
      librpc: Remove unused RPC_NDR_IDMAP
      librpc: Remove unused RPC_NDR_SMB_ACL
      librpc: Remove unused RPC_NDR_AUDIOSRV
      librpc: Remove unused RPC_NDR_EFS
      librpc: Remove unused RPC_NDR_POLICYAGENT
      librpc: Remove unused RPC_NDR_WINSIF
      librpc: Remove unused RPC_NDR_DSBACKUP
      librpc: Remove unused RPC_NDR_NBT
      librpc: Remove unused RPC_NDR_SERVER_ID
      librpc: Remove unused RPC_NDR_MSGSVC
      librpc: Remove unused RPC_NDR_WZCSVC
      librpc: Remove unused RPC_NDR_SCERPC
      librpc: Remove unused RPC_NDR_TRKWKS
      librpc: Remove unused RPC_NDR_KEYSVC
      librpc: Remove unused RPC_NDR_MDSSVC
      librpc: Remove frsblobs.idl
      librpc: Do not generate extra unused client or python bindings with PIDL
      librpc: No longer generate or build unused client bindings for frsrpc
      pidl: Remove the need to always specify --client with --python
      lib/crypto: move gnutls error wrapper to own subsystem
      libcli/drsuapi: Make drsuapi_decrypt_attribute_value() static
      libcli/drsuapi: Add const to *in parameters to drsuapi_{en,de}crypt_attribute_value()
      libcli/drsuapi: Add expected value unit tests for drsuapi_{en,de}crypt_attribute_value()
      libcli/drsuapi: Correct comment in drsuapi_decrypt_attribute_value()
      lib/crypto: Add GnuTLS helper function samba_gnutls_arcfour_confounded_md5()
      liblic/drsupai: use samba_gnutls_arcfour_confounded_md5() wrapper
      lib/crypto: Use GnuTLS RC4 for samba_gnutls_arcfour_confounded_md5()
      .gitlab-ci.yml: Increase resources for samba-ad-dc-backup job
      provision: If --targetdir has been specified then we must always reset posix:eadb and xattr_tdb:file
      pyldb: Apply flags specified by ldb.Ldb(flags=...) even if the URL is not set
      ldb: Add tests for Ldb.write_ldif() including the FLG_SHOW_BINARY and FLAG_FORCE_NO_BASE64_LDIF
      ldb: Try to explain the confusing overload of the LDB_FLG_MOD_* enumeration and other flags
      ldb: Fix dependency on ldb_key_value_sub_txn_{mdb_}test
      WHATSNEW: add news about Samba AD at 100,000 scale
      WHATSNEW: add news the sad passing of python2 support
      WHATSNEW: entries for gnutls and samba-tool

Anoop C S (3):
      s3/vfs_glusterfs: Dynamically determine NAME_MAX
      s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX
      s3-smbcontrol: Replace && with || to declare variables in do_sleep()

Bjoern Jacke (1):
      vfs_nfs4acl_xattr: fix setting of permissions via NFS

Björn Baumbach (36):
      samba-tool: fix some typos
      doc: add missing samba-tool user edit documentation
      doc: fix typos in samba-tool documentation
      doc: add missing "samba-tool computer" entry
      doc: add missing "samba-tool ou" entry
      s4:rpc_server: add missing newline to error debug message
      s4:torture:fsmo.py: test role transfers of dns partitions
      s4:torture:fsmo.py: remove unused 'net_cmd' variable
      samba-tool: add 'import samba.drs_utils' to fsmo.py
      selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb
      python/ntacls: use correct "state directory" smb.conf option instead of "state dir"
      samba-tool ntacl: consolidate code for getting the local domain sid
      samba-tool: add ntacl changedomsid command
      selftest: add tests for samba-tool ntacl changedomsid
      docs: add documentation for the samba-tool ntacl changedomsid command
      docs: fix typo in "ntlm auth" doc in smb.conf man page
      samba-tool: fix format of command description (help messages)
      samba-tool tests: rename "user edit" test from edit.sh to user_edit.sh
      samba-tool tests: remove probably outdated comment
      samba-tool user edit test: use testit instead of subunit_start_test, pass/failed
      ldb/ldb_ldif: add copy_raw_bytes helper variable to ldb_ldif_write_trace()
      ldb/ldb_ldif: add LDB_FLAG_FORCE_NO_BASE64_LDIF flag
      samba-tool tests: add additional tests for "samba-tool user edit" command
      samba-tool user edit: use ldb methods to create ldif to modify user
      samba-tool user edit: simplify code
      samba-tool tests: add test for 'samba-tool user edit', using LDB_FLAG_FORCE_NO_BASE64_LDIF
      samba-tool user edit: avoid base64 encoded strings in editable ldif if possible
      samba-tool computer: add 'edit' command to edit an AD computer object
      doc: add samba-tool computer command to samba-tool man page
      samba-tool tests: add test for 'samba-tool computer edit' command
      samba-tool group: add 'edit' command to edit an AD group object
      samba-tool tests: add test for 'samba-tool group edit' command
      doc: add samba-tool group command to samba-tool man page
      samba-tool: implement contact management commands
      samba-tool tests: add tests for contact management
      doc: add documentation for "samba-tool" contact management

Björn Jacke (5):
      README: fix samba mailman list address
      torture: fix durable open/alloc-size test
      param: change default of "allocation roundup size" to 0
      docs-xml: deprecate allocation roundup size parameter
      WHATSNEW: changed default/deprecation of allocation roundup size

Christof Schmitt (32):
      memcache: Introduce struct for storing talloc pointer
      memcache: Properly track the size of talloc objects
      memcache: Increase size of default memcache to 512k
      torture: Add test for talloc size accounting in memcache
      vfs_full_audit: Fix logging of get_real_filename output
      nsswitch: Add testcase for checking output of wbinfo --sid-to-name
      winbind: Query domain from msrpc name_to_sid
      winbind: Query domain from winbind rpc name_to_sid
      winbind: Query domain from winbind sam_name_to_sid
      winbind: Return queried domain name from name_to_sid
      winbind: Use domain name from lsa query for sid_to_name cache entry
      nsswitch: Fix usage information of test_wbinfo_name_lookup.sh
      vfs_gpfs: Remove usage of gpfs_prealloc
      vfs_gpfs: Remove gpfs:prealloc from manpage
      gpfswrap: Remove unused gpfs_prealloc wrapper
      vfs_gpfs: Block punchhole calls for non-sparse files
      selftest: Add gid-to-sid lookup to idmap_ad test
      selftest: Use fl2008r2dc for ad_member_idmap_ad
      selftest: Make trusted domain information available for idmap_ad environment
      selftest: Add idmap configuration for trusted domain for idmap_ad
      selftest: Pass trusted domain information to idmap_ad test
      selftest: Add trusted domain tests for idmap_ad
      wscript: Remove checks for shm_open and shmget
      wafsamba: Add compiler check for missing field initializer check
      smbd: Move deadtime default to parameter definition and man page
      selftest: Add test for case-preserving in 'net [rpc] conf showshare'
      net: Return share name in correct case from net rpc conf showshare
      libsmbconf:registry: Return correct case for get_share
      torture: Use two connections in SMB2 sharemode tests
      smbtorture: Add smb2.ioctl.sparse_set_sparse
      smbtorture: Add smb2.ioctl.zero_data
      s3:tests: Add test for manual smbtorture zero-data

David Disseldorp (10):
      vfs_snapper: drop unneeded fstat handler
      build: add explicit cephfs include path for vfs_ceph builds
      vfs_ceph: explicitly enable libcephfs POSIX ACL support
      docs/vfs_ceph: describe new ACL behaviour
      ctdb/build: fix ctdb_mutex_ceph_rados_helper builds
      vfs_ceph: fix cephwrap_flistxattr() debug message
      vfs_ceph: drop fdopendir handler
      vfs: add ceph_snapshots module
      docs: add vfs_ceph_snapshots manpage
      client: enable allinfo and altname tab completion

Douglas Bagnall (106):
      selftest: use test smb.conf in provision
      perf-tests: rename paged search test for regex disambiguation
      spell "recursive"
      dsdb mods/extended_dn_store: used the ldb we already have
      dsdb/modules: minor comment typos in samba_dsdb
      autobuild: attempt authenticated email if environment suggests it
      ldb_kv_search: avoid handling uninitialised dn
      pytest/segfault: segfault with nameless element
      pyldb: avoid segfault when adding an element with no name
      s4/replmd: delete checks flag before laborious search
      s4/replmd delete: optimise attribute preservation with binary search
      dsdb/pytest/ldap: revive commented out test for attr size range
      dsdb/pytest/ldap: use idiomatic 'e' for exceptions
      s4/tests.py: shorten lines with common path
      dsdb pytests: test the effect of reordering modify requests
      pytests: try ldap.modify_order with normal user
      pytests: slightly better errors in Testcase.insta_creds()
      dsdb/modules: a module to count attribute searches and results
      script/attr_count_read: load and correlate all data
      talloc torture: avoid NULL dereference
      rpc/dnsdata: do not crash if message attr missing (CID: 1414773)
      rpc/dnsdata: avoid crash on missing attr (CID: 1414757)
      rpc/dns: leak less on memory failure (CID 1363191)
      rpc/dns: reduce the CID count on temporary variables
      s4/rpc/dns: check for IP address errors at startup
      s4/rpc/drsuapi/writespn: check the actual error code (CID 1034691)
      s4/rpc/dcerpc_roh_channel_out: check ndr_init (CID 1273065)
      s4/rpc/dcerpc_roh_channel_out: check ndr_init (CID 1273062)
      tdbtool: avoid theoretical NULL dereference (CID 1361462)
      lib/texpect: avoid theoretical NULL dereference (CID 1273099)
      s4/auth/sam: silence CID 1435849
      dsdb/modules/acl: avoid deref of missing data (CID 1107200)
      dsdb/modules/dirsync: avoid possible NULL dereference (CID 1034800)
      dsdb/modules/dirsync: remove useless function call
      dsdb/modules/dirsync: ensure attrs exist (CID 1107212)
      dsdb/modules/linked_attrs: remove pointless check (CID 240768)
      auth/creds/guess: avoid segfault with NULL lp (CID 241187)
      auth/creds/torture: add a test showing segfault
      pyrpc: ndr PY_CHECK_TYPE checks for NULL as well as type
      pyrpc: remove crutch for python <= 2.5
      ldb: avoid NULL deref in ldb_dn_from_ldb_val (CID 1034730)
      ldb_ldif: avoid NULL dereference with unexpected arguments (CID 1107195)
      ldb_map: check a return value (CID 241354)
      ldb_mdb: check fcntl return values (CID 1435851)
      ldb modules: paged_search checks control is not NULL (CID 241355)
      librpc/ndr: make push_charset_to_null UTF-16 safe (CID 1399648)
      s4/dnsserver: handle broken zone values in sort (CID 1414763, 1414769)
      s4/dnsserver: delay return when trying to log (CID 1444976)
      s4/dsdb/util_samr: check some return codes (CID 1444977)
      dsdb/mod/count_attrs: set ldb var before using it (CID 1444979)
      s4/ldap_bind: notice backend init failure
      s4/messaging: do not deref NULL state (CID 1437973)
      s4/policy/gp_filesys: avoid SIZE_MAX smbcli write (CID 1034779)
      ldb.h: improve comment for LDB_ATTR_FLAG_INDEXED
      ldb.h: spelling of 'means'
      dsdb/util: spell "equivalence"!
      kdb_kv_search: spell 'linearized'
      ldb: use ldb_msg_new(), not talloc/talloc_zero
      s4: use ldb_msg_new(), not talloc/talloc_zero
      dsdb/mod/extended_dn_out: zero whole fake_msg struct
      dsdb mods/extended_dn_out: remove element using ldb_msg api
      dsdb/replmd: use ldb_msg_remove_element()
      ldb_ldap: trust db_msg_new() to return empty message
      ldb_ldap: use ldb_msg API to add elements
      ldb/tools/ldbtest: initialise msg object
      ldb_kv: use ldb_msg_remove_element()
      ldb_msg: remove_element() checks element array bounds
      dsdb/mod/extended_dn_out: use faster removal filters
      dsdb mod/linked_attributes: fix_link_slow(): clarify a comment.
      s4/lib/policy/gp_ldap: use ldb API to find messages
      util/charset/convert_string: always set length
      util/charset/convert: do not overflow dest len
      util/charset/convert: do not overflow dest len in corner case
      util/charset/convert: when retrying, retry from the start
      util/charset/convert: do not pretend to realloc
      util/charset/torture: ensure each cp850 high bytes is 3 utf8 bytes
      tests/samba-tool: test dns serverinfo/zoneinfo
      samba-tool dns: use bytes for inet_ntop
      CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation
      CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
      CVE-2019-12436 dsdb/paged_results: ignore successful results without messages
      s4/scripting/autoidl: another py3 incompatible except
      script/bisect-test: fix for py3
      wintest: py3 telnet.sendline() doesn't like string with ^Z
      s4/script/rodcdns: str type doesn't need decoding
      s4/tests/dsdb_schema: not usefully executable as script
      pytests/subunitrun: not usefully executable
      s4/scripting/smbstatus: approach py3 compatibility
      net idmap check: correct spelling of --force
      man net: include --json option
      docs/smbclient: document -Tcn
      tests: ensure that most python scripts have usage text
      dns_hub: print usage with too few args
      script/compare_cc_results: print usage on too few args
      s4/scripting/get-descriptors: print usage with insufficient arguments
      s4/scripting/mymachinepw: print usage with bad arguments
      s4/scripting/demodirsync: print usage if no host named
      s4/scripting/samba_dnsupdate: print usage with no arguments
      tests/usage: python scripts --help should be helpful
      tests/usage: generalise to cover non-python scripts
      python/tests: helper function for checking --help consistency
      tests/samba-tool: test --help consistency
      tests/usage: test for --help consistency
      s4/scripting/autoidl: remove it
      s4/torture: remove autoidl
      s4/scripting/smbstatus: begone

Fabrice Fontaine (2):
      test_regfio.c: include stdint.h before cmoka.h
      Fix uClibc build on 64bit platforms by including stdint.h

Garming Sam (19):
      dlz: Add test to ensure there are writable zones
      acl_read: Fix regression caused by db15fcfa899e1fe4d6994f68ceb299921b8aa6f1 for empty lists
      libnet vampire: NULL access bug fix
      lmdb: iterate_range implementation
      ldb_kv_index: Make the edge keys slightly cleaner and generic
      ldb_kv_index: Add a giant comment in regards to index_format_fn
      schema_syntax: Add comments for our index format functions
      ldb: Add ORDERED_INTEGER to the proto-schema handling
      ldb: tests for <= and >= integer indexing with duplicates
      ldb_mdb: Add some warnings about poorly constructed callbacks
      ldb_kv: Remove unnecessary space
      ldb_mdb: Change function declaration as per README.coding
      ldb_kv: Avoid memdup of database records in the case of base searches
      tests/ldb_kv: Add another case for completeness
      selftest: rename schemaupgrade_dc (+pair) to schema_dc
      CID 1363287: Resource leak using str_list_append
      CID 1363286: Resource leak by failing to free tmp_ctx
      ldap: Add a database open after fork to speed-up prefork binds
      WHATSNEW: Add link for >= and <= indexing

Gary Lockyer (98):
      prefork tests: disable restart tests MIT
      flapping tests: Add samba3.smb2.notify
      lib ldb key_value: Remove index cache lazy initialisation
      lib ldb key_value: Pass index cache size
      lib ldb key_value: Add get_size method
      lib ldb key_value: set the cache size for re-indexing
      lib ldb key_value: Set index cache size on open
      python join: Set index transaction cache size.
      lib util debug: Increase format buffer to 4KiB
      s4 heimdal_build: disable leak checks for asn1 compiler
      selftest: Utils.cmd_output returns byte string
      nsswitch pam_winbind: Fix Asan use after free
      s4 dns_server Bind9: Log opertion durations
      s4 lib socket: Ensure address string owned by parent struct
      s4 librpc rpc pyrpc: Ensure tevent_context deleted last
      s3 rpc_client: Fix Asan stack use after scope
      s4 dsdb: fix use after free in samldb_rename_search_base_callback
      selftest: enable undefined behaviour sanitizer
      s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value
      samba_autoconf: fix undefined behaviour sanitizer compile flags
      s4 librpc rpc pyrpc: Fix flapping dcerpc.bare tests
      ldap tests: test scheme for referrals
      ldap server: generate correct referral schemes
      Fix ubsan null pointer passed as argument 2
      s4 lib rpc pyrpc: Fix error message
      tests auth log winbind: Fix flapping test
      tests blackbox ndrdump: Add test for struct printing
      pidl: Allow ndrdump to print public structures
      ndrdump: print public structures
      drsblobs.idl: remove decode functions
      ntlmssp.idl: remove unused decode functions
      dnsp.idl: remove unused decode functions
      cab.idl: remove unused decode functions
      krb5pac.idl: remove unused decode functions
      nbt.idl: remove unused decode functions
      negoex.idl: remove unused decode functions
      preg.idl: remove unused decode functions
      security.idl: remove unused decode functions
      ntp_signd.idl: remove unused decode functions
      sasl_helpers.idl: remove unused decode functions
      winsrepl.idl: remove unused decode functions
      ntprinting.idl: remove decode functions
      tests blackbox ndrdump: Clean up pep8 warnings
      WHATSNEW.txt: reindex performance, Bind9 logging
      auth auth_log: csbuild unused parm unix_username
      auth auth_log: csbuild unused parm transport_protection
      lib audit_logging tests: csbuild unused parms
      lib ldb ldb_key_value: csbuild unused parm module
      lib ldb ldb_key_value: csbuild unused parm module
      lib ldb ldb_key_value: csbuild unused parm ldb_kv
      lib ldb: csbuild add lib/util/attr.h to dist
      lib ldb ldb_key_value: csbuild unused parm ldb_kv_timeout
      lib ldb ldb_key_value: csbuild fix integer comparison
      lib ldb ldb_key_value: csbuild unused parm tdb
      lib ldb ldb_key_value: csbuild unused parm ldb
      lib ldb ldb_key_value: csbuild ldb_kv_index_dn_not unused parms
      lib ldb ldb_key_value: csbuild unused parms ldb_kv, key
      lib ldb ldb_key_value: csbuild fix signed unsigned compare
      lib ldb ldb_key_value: csbuild fix unused parm data
      lib ldb_key_value: csbuild unused parm key
      lib ldb ldb_key_value: csbuild unused parm ldb_kv
      lib ldb tests: Test nested transactions
      lib ldb tests: remove deprecation warning from api.py
      lib ldb key value backends: Add nested txn support
      lib ldb key value: add nested transaction support.
      lib ldb ldb_key_value tests: Add tests for wrapped operations
      lib ldb key value: Remove check_parent from ldb_kv_index_idxptr()
      lib ldb key value: fix index buffering
      lib ldb key value: use TALLOC_FREE() per README.Coding
      lib tdb: memcmp ubsan warning
      provision tests: Add --backend-store-size option.
      python getopt: Add bytes option type
      samba-tool: Make the 'bytes' option type avaiable
      samba-tool domain provision: add lmdb database size option
      lib ldb: save a copy of the options on the context
      ldb: Release ldb 2.0.4
      lib ldb ldb_mdb: Pass the lmdb map size as an ldb option
      provision: Add --backend-store-size option
      domain join tests: Add --backend-store-size option.
      samba-tool domain join: Add --backend-store-size option
      clone-dc-database tests: Add --backend-store-size option
      samba-tool clone-dc-database: Add --backend-store-size option
      samba-tool dcpromo tests: add --backend-store-size option
      samba-tool domain dcpromo: add --backend-store-size option
      join subdomain: changes for --backend-store-size
      samba-tool domain join: remove the subdomain option
      WHATSNEW.txt: samba-tool --backend-size-parameter
      kcc: default to logging to DBGLVL_WARNING
      ldb: Add new internal helper function ldb_options_get()
      s4 samdb: pass ldb options to ldb_module_connect_backend
      ldb key_value: Add batch_mode option
      ldb ldb_key_value: test ldb batch
      ldb: Rework index_transaction_cache_size to allow caller to specify a larger size
      ldb: Release ldb 2.0.5
      domain join: enable ldb batch mode
      domain join: set ldb "transaction_index_cache_size" option
      WHATSNEW: ldb_batch mode and join performance
      dsdb repl_meta_data: Don't print ldif on error

Guenther Deschner (3):
      s3:libnet: Fix debug message in libnet_DomainJoin()
      auth:ntlmssp: Add back CRAP ndr debug output
      s3:ldap: Leave add machine code early for pre-existing accounts

Günther Deschner (14):
      s3-libnet_join: always pass down admin domain to ads layer
      s3-libnet_join: setup libnet join error string when AD connect fails
      s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join
      lib/replace: define NAME_MAX for platforms that don't have it
      s4-torture: include torture/util.h in lease break handler
      s4-torture: add new smb2 multichannel suite skeleton.
      s4-torture: move oplock break handler out of the replay testsuite.
      s4-torture: add test for interface information retrieval for multichannel.
      s4-torture: add torture_block/torture_unblock smb2 transport functions
      Revert "lib/replace: define NAME_MAX for platforms that don't have it"
      Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX"
      Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX"
      s3/vfs_glusterfs: Avoid using NAME_MAX directly
      s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly

Isaac Boukris (5):
      CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum
      CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
      selftest: remote_pac: s/s2u4self/s4u2self/g
      selftest: check for PrimaryGroupId in DC returned group array
      Add PrimaryGroupId to group array in DC response

Jeremy Allison (56):
      CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
      CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
      s3: SMB1: Don't allow recvfile on stream fsp's.
      s3: net: Harden guess_charset() against overflow errors.
      s3: net: Harden act_val_hex() act_val_sz() against errors.
      s3: net: Harden srprs_str() against memcmp overread.
      s3: net: Rewrite of reg_parse_fd() to harden against buffer overwrites.
      s3: net: Test of fuzzer problems with net rpc registry import.
      lib: popen: Prepare to remove sys_popen().
      lib: util: Add file_ploadv().
      s3: lib: util: Add file_lines_ploadv().
      s3: smbd: Convert dfree code to use file_lines_ploadv().
      s3: smbd: Convert print_svid code to use file_lines_ploadv().
      s3: smbd: Convert sysquotas.c code to use file_lines_ploadv().
      s3: lib: Remove file_lines_pload().
      lib: util: Remove file_pload()
      s3: lib: Add file_ploadv_send().
      s3: winbind: Convert idmap to use file_ploadv_send().
      s3: lib: Remove file_pload_send().
      lib: util: Finally remove possibilities of using sys_popen() unsafely.
      docs: dfree command. Correct usage of dfree scripts.
      s3: winbind: Fix crash when invoking winbind idmap scripts.
      s3: smbd: Ensure open for security descriptor access actually opens an fd.
      s3: torture: Fix a debug typo.
      s3: smbd: Update smb_set_posix_acl() to modern coding standards.
      s3: smbd: Update smb_set_posix_acl() argument list to prepare for handle open.
      s3: smbd: Update smb_set_posix_acl() to have only one exit path.
      s3: smbd: Add correct wrap checks to smb_set_posix_acl().
      s3: smbd: Make data offset use clearer in smb_set_posix_acl()
      s3: smbd: Clarify logic with helper variables in smb_set_posix_acl()
      s3: smbd: Add get_posix_fsp() utility function. Not yet used.
      s3: smbd: Update smb_set_posix_acl() to always use an open file handle.
      s3: smbd: Now we always have a handle in smb_set_posix_acl(), use it instead of smb_fname.
      s3: smbd: Factor out code into a separate function smb_query_posix_acl().
      s3: smbd: Fix smb_query_posix_acl() to use modern coding standards.
      s3: smbd: Plumb through struct smb_request *req parameter so it can be used by smb_query_posix_acl().
      s3: smbd: Fix smb_query_posix_acl() to always use fsp handle.
      s3: smbd: Cleanup - make remove_posix_acl() use modern coding standards.
      s3: smbd: Cleanup - make set_unix_posix_acl() use modern coding standards.
      s3: smbd: Cleanup - make remove_posix_acl() return NTSTATUS.
      s3: smbd: Make set_unix_posix_acl() return NTSTATUS.
      s3: smbd: Cleanup - make set_unix_posix_default_acl() use modern coding standards.
      s3: smbd: Change set_unix_posix_default_acl() to return NTSTATUS.
      s3: smbd: Only pass fsp to set_unix_posix_acl(). No longer uses smb_fname.
      s3: smbd: Only pass fsp to remove_posix_acl(). No longer uses smb_fname.
      s3: smbd: Add default ACLS can only be set on directory check to smb_set_posix_acl().
      s3: smbd: Make set_unix_posix_default_acl() take an fsp argument, not smb_fname.
      s3: smbd: If smbd_do_qfilepathinfo() causes an oplock or lease break, we must check for deferred open here.
      s3: modules: Fruit. Now we know we have a handle, always use VFS_FCHMOD instead of VFS_CHMOD.
      s3: smbd: Posix ACLs. Now we know we have a handle, always use VFS_FCHMOD instead of VFS_CHMOD.
      s3: torture: Add POSIX-ACL-OPLOCK test to check interaction of posix ACL operations with an oplocked Windows handle.
      s3: smbd: We also need to open a real directory fd when modifying security.
      s3: torture: Ensure we can always get a POSIX ACL on a directory handle.
      s3: smbd: Make open_directory() always open a fd.
      s3: smbd: SMB1 add range checks to reply_search().
      s3: smbd: SMB1 add range checks to reply_fclose().

Joe Guo (43):
      samba_dnsupdate: small tweaks to make code more pythonic
      bootstrap/config.py: mv locale setup from bootstrap.sh
      bootstrap/config.py: change UTF-8 to utf8 for locale name in Dockerfile ENV
      bootstrap/config.py: adjust package list to align current ci image
      bootstrap/config.py: add missing dev packages
      bootstrap/config.py: rm ENV for ccache since we didn't use it any more
      bootstrap/config.py: add ARG in Dockerfile to allow add sha1sum into docker image
      bootstrap/config.py: link ld to ld.gold when available
      bootstrap/template.py: render locale.sh for each dist and make shell scripts executable
      bootstrap/template.py: add sha1sum support
      bootstrap/.gitlab-ci.yml: add ci file to trigger image auto build
      .gitlab-ci.yml: make use of bootstrap/.gitlab-ci.yml and use the new defined image
      traffic: make code more pythonic
      traffic: define kerberos_state to simplify code
      traffic: load dns query from file and write stats to file
      .gitlab-ci.yml: keep samba-ci-private tag only for private jobs
      bootstrap: add lcov to generate code coverage report
      .gitlab-ci.yml: rm abs path in artifacts
      .gitlab-ci.yml: add docker tag back for private jobs
      samba_dnsupdate: flush dns update cache file after write
      selftest/target/Samba4.pm: increase max_wait from 60s to 120s to avoid timeout failure in samba-ad-dc-backup
      wscript: mv --enable-coverage option to global
      script/autobuild.py: rename sdir to test_source_dir
      script/autobuild.py: mv find_git_root and gitroot to top
      script/autobuild.py: mv optionparse to top
      script/autobuild.py: add --enable-coverage option
      script/autobuild.py: replace more placeholders in cmds for coverage
      script/autobuild.py: add ENABLE_COVERAGE placeholder in configure cmd option
      script/autobuild.py: define LCOV_CMD and run it after each make test
      .gitlab-ci.yml: add var SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE
      .gitlab-ci.yml: add pages job to generate coverage report and publish to gitlab pages
      script/.gitlab-ci.yml: do not run o3 jobs if coverage enabled
      Makefile: add lcov command
      .gitlab-ci.yml: avoid using != to compare variables to support old versions
      script/autobuild.py: fix tasks indent
      script/autobuild.py: rm unused mime type text/plain in tasks
      script/autobuild.py: replace random-sleep.sh with python function
      script/autobuild.py: add helper functions to simplify make test cmd
      script/autobuild.py: improve run_cmd with check_output
      script/autobuild.py: define cwd for builder and avoid chdir
      script/autobuild.py: rm redundant empty str in options
      script/autobuild.py: avoid nested try except block
      script/autobuild.py: make code more pythonic

Juergen Hoetzel (1):
      docs: Fix typo

Karl Lenz (3):
      winexe: Fix translation of the winexesvc binaries to C
      s4 heimdal_build: Fix static heimdal builds with replacement closefrom()
      winexe: Add support for connecting to a host on an alternate port

Karolin Seeger (4):
      docs: Add another dns forwarder in the example.
      packaging: Update READMEs to reflect current status.
      WHATSNEW: Fix typo.
      VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc1 release...

Kristján Valur (5):
      pytalloc: Refactor the pytalloc_reference and pytalloc_steal to use a common method.
      pytalloc: Further refactoring to eliminate duplicate code.
      pytalloc: Handle memory errors when creating pytalloc objects.
      pytalloc: Check for errors during module initialization.
      make some auth functions return an NTSTATUS like other similar functions for better diagnostics.

Lukas Slebodnik (1):
      wafsamba: Use native waf timer

Lutz Justen (2):
      waf: install: Remove installation of PIDL and manpages.
      waf: build: Respect --disable-python for third_party modules

Martin Schwenke (104):
      ctdb-scripts: Reindent some functions prior to making changes
      ctdb-scripts: Rename variable nfslock_service to nfs_lock_service
      ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE
      ctdb-scripts: Factor out nfs_load_config()
      ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out
      ctdb-scripts: Start NFS quota service if defined
      ctdb-scripts: Add systemd services to NFS call-out
      ctdb-tests: Update NFS test infrastructure to support systemd services
      ctdb-scripts: Default to using systemd services in NFS call-out
      ctdb-scripts: Allow load_system_config() to take multiple alternatives
      ctdb-scripts: Update statd-callout to try several configuration files
      ctdb-scripts: Do not "correct" number of nfsd threads when it is 0
      Revert "ctdb-scripts: Do not "correct" number of nfsd threads when it is 0"
      ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"
      ctdb-build: Add check for getrusage()
      ctdb-daemon: Log when ctdbd CPU utilisation exceeds a threshold
      ctdb-tools: Fix ctdb dumpmemory to avoid printing trailing NUL
      ctdb-tests: Extend test to cover ctdb rddumpmemory
      ctdb-scripts: Drop script configuration variable CTDB_MONITOR_SWAP_USAGE
      ctdb-tests: Change sanity_check_output() to internally use $out
      ctdb-tests: Make try_command_on_node less error-prone
      ctdb-tests: Avoid bulk output in $out, prefer $outfile
      ctdb-tests: Wait to allow database attach/detach to take effect
      ctdb-tests: Fix usage message
      ctdb-tests: Don't clean up test var directory in autotest target
      ctdb-daemon: Never use 0 as a client ID
      ctdb-tests: Add dump-logs command for local daemons
      ctdb-tests: Actually restart if cluster doesn't become healthy
      ctdb-tests: Remove old socket wrapper state directory during setup
      ctdb-tests: Capture output in $out on failure as well
      ctdb-tests: Make ctdb reloadips tests more reliable
      ctdb-tests: Fix logic error in simple ctdb reloadips test
      ctdb-recoverd: Fix memory leak
      ctdb-common: Fix memory leak
      ctdb-tools: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-tools: Fix signed/unsigned comparisons by declaring extra variable
      ctdb-tools: Fix signed/unsigned comparisons by casting
      ctdb-tools: Fix signed/unsigned comparison by declaring as unsigned
      ctdb-tools: Fix signed/unsigned comparison by declaring as int
      ctdb-tools: Fix signed/unsigned conversion by declaring as size_t
      ctdb-tools: Fix potentially uninitialised data
      ctdb-common: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-common: Fix signed/unsigned comparisons by casting
      ctdb-common: Use #ifdef to avoid TEST_RB_TREE not defined
      ctdb-common: Avoid warning for potentially uninitialised pointers
      ctdb-common: Avoid unused value warning
      ctdb-client: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-client: Fix potentially uninitialised data
      ctdb-tests: Fix signed/unsigned comparison by using constant
      ctdb-recovery: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-recovery: Fix signed/unsigned comparison by casting
      ctdb-recovery: Avoid -1 as a PNN, use CTDB_UNKNOWN_PNN instead
      ctdb-recovery: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-utils: Avoid warning about unused value
      ctdb-tests: Avoid potentially uninitialised data
      ctdb-ipalloc: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-ipalloc: Avoid -1 as a PNN, use CTDB_UNKNOWN_PNN instead
      ctdb-ipalloc: Fix warning about unused value assigned to srcimbl
      ctdb-cluster: CID 1435726: NULL pointer dereference
      ctdb-daemon: Attempt to silence CID 1357985 (Unchecked return value)
      ctdb-utils: Fix CID 1125558 (Unchecked return value from library)
      util: Fix signed/unsigned comparisons by declaring as size_t
      util: Fix signed/unsigned comparisons by declaring as size_t
      util: Fix signed/unsigned comparisons by casting
      util: Avoid localised underflow
      util: Fix off-by-one error in message about overflow
      ctdb-tools: Drop onnode -o option
      ctdb-tools: Drop no-op stdout-filter from non-parallel case
      ctdb-tools: Drop separate parallel+verbose stdout/stderr filtering
      ctdb-daemon: Make old list_of_nodes() function static
      ctdb-daemon: Make type of list_of_nodes() consistent with callers
      ctdb-daemon: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-daemon: Fix signed/unsigned comparisons by casting
      ctdb-daemon: Fix signed/unsigned comparisons by using constant
      ctdb-daemon: Drop unused values assigned to variable
      ctdb-cluster-mutex: Ensure that the configured command is not empty
      ctdb-tests: Fix signed/unsigned comparison by declaring as unsigned
      ctdb-tests: Declare variable for return value of write(2) as ssize_t
      ctdb-tests: Add a local variable for repeated calculation
      ctdb-tests: Fix signed/unsigned comparisons by casting
      ctdb-tests: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-tests: Fix signed/unsigned comparisons by casting
      ctdb-tests: Don't compare an unsigned value with -1
      ctdb-tests: Avoid warning about NULL dereference
      ctdb-tcp: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-daemon: Replace function ctdb_ip_to_nodeid() with ctdb_ip_to_pnn()
      ctdb-daemon: Don't index by PNN when initialising node flags
      ctdb-protocol: Do not ignore return value of ctdb_g_lock_pull()
      ctdb-protocol: Fix signed/unsigned comparison by declaring as unsigned
      ctdb-protocol: Variable for return value of strlcpy() should be size_t
      ctdb-protocol: Avoid signed/unsigned comparison by casting
      ctdb-daemon: Drop unused function ctdb_vfork_with_logging()
      ctdb-common: Fix signed/unsigned comparisons by casting
      ctdb-common: Fix error handling
      ctdb-common: Fix signed/unsigned comparisons by declaring as unsigned
      ctdb-event: Assign missing return value
      ctdb-database: Fix signed/unsigned comparison by casting
      ctdb-event: Fix signed/unsigned comparisons by casting
      ctdb-common: Mark ctdb_fatal() and ctdb_die() as _NORETURN_
      ctdb-daemon: Don't check if lock_ctx->ctdb_db is NULL
      ctdb-build: Tweak hacking of rpcgen output
      ctdb-tests: Rename local-daemon.sh dump-logs to print-log
      ctdb-tools: CID 1449530 - Negative loop bound
      WHATSNEW: Add CTDB updates for 4.11

Mathieu Parent (6):
      Fix tests whithout lmdb
      Spelling fix s/informations/information/
      Spelling fixes s/overrided/overridden/
      Spelling fixes s/conficts/conflicts/
      Spelling fixes s/verson/version/
      Relax GPGME version check

Michael Adam (2):
      vfs:glusterfs: treat ENOATTR as ENOENT
      vfs:glusterfs_fuse: treat ENOATTR as ENOENT

Michael Hanselmann (8):
      Split oLschema2ldif into library and binary
      Remove ad2oLschema man page
      waf: Simplify condition for undefined symbol detection
      oLschema2ldif: Resolve multiple parsing bugs
      ndrdump: Remove local variables for pipes
      read_smb_length: Use correct function name in debug message
      ldb: Avoid read beyond buffer
      regfio: Return instead of assert for short blocks

Michael Saxl (1):
      s4:dlz make b9_has_soa check dc=@ node

Noel Power (75):
      s4/scripting/bin Remove unecessary scripts
      s3/registry: Fix func cast error (diff in params size_t vs uint32)
      s3/registry: Fix incompatible func casts
      s3/registry: fix various 'cast between incompatible function' warnings
      s3/rpcclient: Fix bad (and illegal) func cast
      python: Create macro to hide ugly function signature cast
      pidl: Call PY_DISCARD_FUNC_SIG in generated code to avoid ugly warning
      s3/smbd: squash 'cast between incompatible function types' warning
      s3/ntvfs: squash 'cast between incompatible function types' warning
      s4/librpc: squash 'cast between incompatible function types' warning
      s3: squash 'cast between incompatible function types' warning
      s4: squash 'cast between incompatible function types' warning
      squash 'cast between incompatible function types' warning
      lib/tdb: squash 'cast between incompatible function types' warning
      lib/tevent: squash 'cast between incompatible function types' warning
      lib/talloc: squash 'cast between incompatible function types' warning
      lib/ldb: squash 'cast between incompatible function types' warning
      lib/ldb: Fix incorrect return type for (setter) func type
      lib/ldb-samba: squash 'cast between incompatible function types' warning
      lib/crypto: squash 'cast between incompatible function types' warning
      lib/util: Fix cppcheck null pointer dereference warning
      s3/libads: cppcheck fix error: shiftTooManyBitsSigned: error
      s3/lib/netapi: Fix 'Possible null pointer dereference' warning
      s3/lib: don't write to buffer (which might be NULL) if bufsize <=0
      s3/printing: cppcheck avoid 'nullPointerArithmetic:' error
      s3/smbd: cppcheck: Fix ctunullpointer error
      s4/ntvfs/cifs: cppcheck: squash nullPointer: Possible null pointer dereference
      s4/rpc_server/dnsserver: cppcheck: Fix Uninitialized variable error.
      s4/rpc_server/dnsserver: clang: fix Value stored to 'status' is never read
      s4/smb_server/smb: cppcheck: Fix uninitvar & uninitStructMember errors
      s4/smdb: cppcheck: fix nullPointer: Possible null pointer dereference warning.
      nsswitch: cppcheck: Fix memleakOnRealloc errors
      s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
      s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
      s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
      s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
      s4/torture/unix: cppcheck: Fix shiftTooManyBitsSigned error
      s3/rpcclient: cppcheck: Fix shiftTooManyBitsSigned error
      lib/pthreadpool: cppcheck: Fix Memory leak
      s3/modules: cppcheck: Fix ctunullpointer error
      s3/winbdind: cppcheck: fix nullPointerArithmetic error
      ctdb/server: cppcheck: fix shiftTooManyBitsSigned error
      lib/util/tests: clang fix Value stored to 'lines' is never read warning
      nsswitch: cppcheck: Fix ctunullpointer error
      s4/torture/rpc: cppcheck: Fix ctunullpointer error
      lib/tevent: clang:
      DLIST_REMOVE: clang: Fix dereference of a null pointer warning
      lib/util: clang: Fix 'Null pointer passed as an argument...' warning
      lib/util/charset: clang: Fix Value stored to 'reason' is never read warning
      lib/util: clang: Fix a dereference of a null pointer warning(s)
      lib/util: clang: Fix dereference of a null pointer warning
      librpc/ndr: clang: Fix Assigned value is garbage or undefined warning
      lib/tdb/common: clang: Fix 'Value stored to 'last_ptr' is never read'
      lib/tdb: clang: Fix warning: Dereference of null pointer
      clang: Fix Null pointer passed as argument warning
      lib/util: clang: Fix Value stored during its initialization is never read
      lib/dbwrap: clang: Fix 'all argument is an uninitialized value'
      lib/dwrap: Fix 'Null pointer passed as an argument to a 'nonnull' parameter '
      librpc/ndr: clang: Fix warning 'Value stored to 'towernum' is never read'
      lib/param: clang: Fix 'dereference of a null pointer' warning
      lib/util: Fix Value stored to 'ret' is never read warning
      lib/tdb/common: Fix warning: Null pointer passed as argument to param
      lib/tdb/common: Fix Array access results in a null pointer dereference
      lib/ldb/common: clang: Fix Value stored to 'ret' is never read warning
      lib/util: clang: Fix warning: Value stored to 'ret' is never read warning
      lib/krb5_wrap: clang: Fix warning: Call to function 'mktemp' is insecure
      lib/krb5_wrap: clang: Fix warning: Null pointer passed as an argument
      lib/krb5_wrap: Fix leaking using mkstemp
      lib/util: clang: Fix 'Null pointer passed as an argument'
      lib/param: clang: Fix Value stored is never read
      s3/lib: Fix Access to field results in dereference of NULL pointer
      s4/dsdb/schema: Fix Access to field results in deference of null pointer
      s4/dsdb/schema: Fix 'Value stored to 'ret' is never read'
      s4/dsdb/schema: clang: Fix Array access results in null pointer deref
      auth/kerberos: clang: Fix same instances of 'Value stored is never read'

Philipp Gesang (3):
      libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response
      provision: use ASCII quotes
      python/samba: ignore encoding errors while reading files

Rafael David Tinoco (1):
      ctdb-config: depend on /etc/ctdb/nodes file

Rafael David Tinoco via samba-technical (1):
      ctdb-scripts: Fix tcp_tw_recycle existence check

Ralf Habacker (1):
      winbind: fix crash in fill_domain_username_talloc() if specified username is NULL

Ralph Boehme (89):
      bootstrap/config.py: add glib2-dev
      bootstrap/config.py: add libicu-dev/libicu-devel
      bootstrap: move flex to common packages
      waf: fix array access out of bounds exception in the check for flex
      s3: build: seperate out check for Gnome Tracker from Spotlight
      s3:wscript: fix flex and bison detection message when not installed
      s3:wscript: fix flex and bison detection
      s3/lib: new tevent_glib_glue subsystem
      s3/lib: add a tevent_glib_glue subsystem test
      s3/lib: tevent-glib-glue test utiltity with Tracker
      s3-mdssvc: add tevent context arg to mds_init_ctx
      s3-mdssvc: call [un]become_authenticated_pipe_user()
      s3-mdssvc: use tevent_glib_glue in mdssvc RPC service
      s3-mdssvc: use default g_main context
      s3-mdssvc: add missing call to g_cancellable_new()
      s3-mdssvc: make mds_ctx_destructor_cb static
      s3-mdssvc: add a comment to mds_init()
      s3:utils: use struct initializer in async-tracker long_options
      waf: only set mandatory to False if not already set by the caller
      s3:smbd: don't use recvfile on streams
      s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork
      s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork
      selftest: run vfs.fruit test against a share that deletes empty resource forks
      vfs_fruit: add a forward declaration for ad_get()
      vfs_fruit: change trigger points of AppleDouble conversion
      s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX.
      registry: add a missing include
      s3:mdssvc: fix flex compilation error
      vfs_fruit: pass handle to ad_fset()
      vfs_fruit: pass handle to ad_set()
      vfs_fruit: pass handle to ad_read()
      vfs_fruit: pass handle to ad_read_meta()
      vfs_fruit: indentation fix
      vfs_fruit: use proper VFS function in ad_read_meta()
      vfs_fruit: pass handle to ad_read_rsrc() and all the way down
      vfs_fruit: indentation fix
      vfs_fruit: pass handle to ad_convert_xattr()
      vfs_fruit: pass handle to ad_convert_blank_rfork()
      vfs_fruit: pass handle to ad_convert_finderinfo()
      vfs_fruit: pass handle to ad_convert_delete_adfile()
      vfs_fruit: finally, remove ad_handle from struct adouble
      vfs_fruit: add and use is_adouble_file()
      vfs_fruit: add a missing else
      vfs_fruit: ignore AppleDouble files in fruit_unlink()
      vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size()
      vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size()
      vfs_fruit: remove now unused AppleDouble code for resource fork in xattr
      vfs_fruit: remove xattr code from the AppleDouble subsystem
      vfs_fruit: pass VFS handle to ad_convert_move_reso()
      vfs_fruit: remove a layer of indirection
      vfs_fruit: only do cross protocol locking on non-internal opens
      vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE()
      vfs_fruit: remove use of mmap() from ad_convert_move_reso()
      vfs_fruit: use fsp and remove mmap in ad_convert_xattr()
      vfs_fruit: add VFS handle to ad_convert_truncate()
      vfs_fruit: use VFS function in ad_convert_truncate()
      vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork()
      vfs_fruit: use VFS functions in ad_read_rsrc_adouble()
      vfs_fruit: remove a now unnecessary include
      s3:auth: add reinit_guest_session_info()
      s3:smbd: call reinit_guest_session_info() in the conf updated handler
      selftest: allow guest login in the ad_member_idmap_rid env
      tests: add a test for guest authentication
      s3:auth: explicitly add BUILTIN\Guests to the guest token
      vfs_catia: pass stat info to synthetic_smb_fname()
      idl: add xattr_DosInfo4 to xattr_DosInfo in xattr.idl
      s3: remove unused st_ex_mask from struct stat_ex
      s3: convert struct stat_ex st_ex_calculated_birthtime bool to flags
      s3: add st_ex_itime to struct stat_ex
      s3: add st_ex_file_id to struct stat_ex
      s3/lib: add update_stat_ex_itime()
      s3/lib: add update_stat_ex_file_id()
      s3/lib: add make_file_index_from_itime()
      s3:smbd: mark itime non-calculated if we created a file or dir
      s3:smbd: parse xattr_DosInfo4 in parse_dos_attribute_blob()
      s3:smbd: use xattr_DosInfo4 in set_ea_dos_attribute()
      s3:smbd: return inode number, not FileIndex for UNIX query info level
      s3:smbd: rename get_FileIndex() to get_fs_file_id()
      s3:vfs: add SMB_VFS_FS_FILE_ID()
      s3:vfs: move get_fs_file_id to vfs_default
      s3:smbd: use stored file_id in SMB_VFS_FS_FILE_ID()
      s3:smbd: set file_id in fetch_dos_mode_done()
      vfs_fruit: move zero file-id to vfs_fruit
      vfs_fruit: make "fruit:zero_file_id" a per share option
      vfs_fruit: change default for "fruit:zero_file_id" to false
      selftest: add a test that itime is not set when setting DOS attrs
      selftest: explicitly set "mangled names = yes"
      docs/xml: change default for "mangled names" to "illegal"
      WHATSNEW.txt: change "mangled names" default to "illegal"

Ralph Wuerthner (5):
      s3-messages: modify msg_pool_usage() to allow enhanced memory reports
      s3-messages: add mallinfo() information to pool-usage report
      s3:debug: use struct initializer
      s3:debug: adjust indention
      s3:debug: enable logging for early startup failures

Richard Sharpe (1):
      s3: smbd: Don't log at WARNING level when exiting the server on error.

Rikard Falkeborn (5):
      lib:util: Fix tfork return value if sigprocmask fails
      vfs_catia: Fix return value in lock functions
      vfs_gpfs: Fix return value if getting data fails
      s3: libsmbclient: Fix return value if cli_open() fails
      s3: torture: Fix return values

Robert Sander (1):
      s3: modules: ceph: use current working directory instead of share path

Sachin Prabhu (14):
      s4-torture: move torture_wait_for_oplock_break() to central oplock handler.
      s4-torture: Add function declarations to lease_break_handler.h
      s4-torture: Add handlers to ignore incoming oplock/lease break requests
      s4-torture: Increase timeout for lease/oplock break handlers
      s4-torture: Add #defines required by the new tests
      s4-torture: Add helper functions to create channels.
      s4-torture: Add handlers to block channels for testing
      s4-torture: Add oplock break retry tests - test1
      s4-torture: Add oplock break retry tests - test2
      s4-torture: Add lease break retry tests - test1
      s4-torture: Add lease break retry tests - test2
      s4-torture: Add lease break retry tests - test3
      s4-torture: Add lease break retry tests - test4
      s4-torture: add test to check for max. number of channels per session.

Samuel Cabrero (16):
      s4:torture: Initialize tm struct
      selftest: Woraround uid wrapper issues when using bash shell
      s4:dsdb: Check errno to determine if crypt or crypt_r succeeded
      selftests:password_hash: Raise SHA256 rounds to 5000
      selftest: Do not include system krb5.conf in s4 test environments
      bootstrap/config.py: Add gzip, which and hostname to base packages
      bootstrap/config.py: Use generic lsb-release package name
      bootstrap/config.py: Fix lmdb-utils package name for RPM family
      bootstrap/config.py: Create the 'samba' group in containers
      bootstrap/config.py: Add openSUSE Leap 15.0
      selftests: Place credential cache file inside environment directory
      credentials: Initialize krb5 client to retrieve creds from ccache
      credentials: Workaround krb5_cc_remove_cred not implemented in MIT kerberos
      .gitlab-ci.yml: Allow overriding the default image using a variable
      s3: net: Consider unprocessed in input buffer
      bootstrap: Add OpenSUSE 15.1 image

Shyamsunder Rathi (2):
      s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary
      s3:notifyd: Handle sigup in notifyd to reparse smb.conf

Stefan Metzmacher (85):
      dbcheck: use the str() value of the "name" attribute
      dbcheck: fix the err_empty_attribute() check
      s4:libcli/raw: don't schedule idle handlers on a dead connection
      s4:libcli/smb2: don't schedule idle handlers on a dead connection
      s4:torture/raw: test_notify_tcp_dis trigger idle event every 0.25s
      s4:torture/smb2: test_notify_tcp_dis trigger idle event every 0.25s
      s3:smb2_write: add missing initialization of state->in_offset
      s3:smbd: fix SAFE_FREE() vs. TALLOC_FREE() in list_sessions()
      s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO
      smb2_ioctl_network_fs: remove unused fsctl_srv_copychunk_state->aapl_copyfile
      smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING
      smb2_sesssetup: avoid STATUS_PENDING responses for session setup
      smb2_tcon: avoid STATUS_PENDING responses for tree connect
      smb2_sesssetup: avoid STATUS_PENDING completely on session logoff
      smb2_tcon: avoid STATUS_PENDING completely on tdis
      vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done()
      vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check
      smb2_server: grant all 8192 credits to clients
      s4:libcli/smb2: fix smb2_getinfo_send() marshalling
      s4:libcli/smb2: calculate the correct credit charge in smb2_getinfo_send()
      s4:libcli/smb2: align struct smb_ioctl.smb2 to [MS-SMB2] names
      s4:libcli/smb2: calculate the correct credit charge in smb2_ioctl_send()
      s4:libcli/smb2: calculate the correct credit charge in smb2_notify_send()
      s4:torture/smb2: add smb2_create_simple_file() and torture_setup_simple_file()
      s4:torture/smb2/notify: make use of torture_setup_simple_file() in test_valid_request()
      s4:torture/smb2: replace torture:cn_max_buffer_size option with the negotiated max trans size
      s3:smbd: fix max_buffer handling of initial notify requests
      drsuapi.idl: add DRSUAPI_ATTID_schemaInfo
      ldapcmp: ignore 'schemaInfo' if two domains are compared
      s4:provision: split out provision_self_join_modify_schema.ldif
      python/provision: use provision and relax controls for schema provision
      dsdb/repl: we need to replicate the whole schema before we can apply it
      .gitlab-ci.yml: remove before_script section of .private_template
      .gitlab-ci.yml: print out /etc/os-release
      .gitlab-ci.yml: print out /proc/swaps
      .gitlab-ci.yml: show the system state also as after_script
      .gitlab-ci.yml: run samba-schemaupgrade on the private runner
      .gitlab-ci.yml: remove outdated comments
      .gitlab-ci.yml: require samba-ci-private tag for our private runners
      bootstrap/config.py: add patch, rsync and tar
      bootstrap/config.py: add a hind how to rebuild generated files
      bootstrap/config.py: generate rendered files into bootstrap/generated-dists/
      bootstrap/template.py: generate Vagrantfile just once
      bootstrap: remove unused docker.py
      bootstrap: add the result of bootstrap/template.py --render
      bootstrap/READMD.md: update the instructions to reflect the current code
      .gitlab-ci.yml: split AUTOBUILD_JOB_NAME from CI_JOB_NAME
      .gitlab-ci.yml: run the samba-o3 job on each working container image
      .gitlab-ci.yml: use the ubuntu1804 image as default
      s4:torture/smb2: add smb2.stream.names3 test
      smbd: allow case insensitive opens of named streams
      s4:libcli/raw: add RAW_FILEINFO_NORMALIZED_NAME_INFORMATION support
      s4:torture/smb2: add smb2.getinfo.normalized test
      smbd: implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling
      lib/util: fix call to dbghdrclass() for DEBUGC()
      lib/util: remove unused prototypes in debug.h
      lib/util: set current_msg_{level,class} also during a DEBUGADD[C]() call
      dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."
      python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL
      dbcheck: fallback to the default tombstoneLifetime of 180 days
      winexe: Use C99 initializer for poptOption in winexe.c
      bootstrap: add mingw packages
      samba-tool: fix replication after dns partition fsmo role transfer
      samba-tool: use only one LDAP modify for dns partition fsmo role transfer
      s4:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
      s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
      s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check()
      ctdb:protocol_util: remove 'const' from allocated strings
      ctdb:takeover: add better debugging when a client connects to a non public address
      libcli/smb: add missing struct smb2_signing_key allocation in smb2cli_session_set_channel_key()
      Revert "libcli/smb: add missing struct smb2_signing_key allocation in smb2cli_session_set_channel_key()"
      Revert "libcli:smb: Fix signing with multichannel"
      libcli/smb: make sure the session->{smb2->,smb2_channel.}signing_key is never NULL!
      s4:torture: force signing in the smb2.session.bind1 test
      libcli/smb: s/smbXcli_session_copy/smbXcli_session_shallow_copy
      libcli/smb: harden smbXcli_session_shallow_copy against nonce reusage
      s4:torture: add local.ndr.dnsp tests
      dnsp.idl: fix dnsp_ip4_array definition
      dnsp.idl: fix the dnsp_dns_addr_array definition
      dnsp.idl: fix payload for DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME
      selftest: explicitly set "server min protocol = LANMAN1"
      docs-xml: change "server min protocol" to SMB2_02
      selftest: explicitly set "client min protocol = CORE"
      docs-xml: change "client min protocol" to SMB2_02
      WHATSNEW.txt: disable SMB1 by default!

Swen Schillig (30):
      ctdb-test: Modify ctdb_io_test test_setup to provide queue reference
      ctdb-test: Adding test case verifying data in buffer move
      ctdb-test: Adding test case to verify queue resizeing
      lib: modify string conversion wrapper to handle invalid strings
      lib: Update error check for new string conversion wrapper
      utils: Update error check for new string conversion wrapper
      modules: Update error check for new string conversion wrapper
      ctdb-protocol: Update error check for new string conversion wrapper
      ctdb-tools: Update error check for new string conversion wrapper
      common-lib: Update error check for new string conversion wrapper
      libcli: Update error check for new string conversion wrapper
      source4: Update error check for new string conversion wrapper
      lib: remove duplicate check
      tests-util: Adding strtoul(l)_err() test leaving errno untouched
      tests-util: Adding test to verify negative "number" detection
      tests-util: Adding test to verify "no-conversion" detection
      lib: Add flag definitions to control the internal string to int conversion routines
      lib: Prepare for strtoul_err(), strtoull_err() API change
      lib: Add check for full string consumption when converting string to int
      lib: Add capability to enable standard glibc behaviour for string to int conversion
      ctdb: Update all consumers of strtoul_err(), strtoull_err() to new API
      lib: Update all consumers of strtoul_err(), strtoull_err() to new API
      libcli: Update all consumers of strtoul_err(), strtoull_err() to new API
      nsswitch: Update all consumers of strtoul_err(), strtoull_err() to new API
      source3: Update all consumers of strtoul_err(), strtoull_err() to new API
      source4: Update all consumers of strtoul_err(), strtoull_err() to new API
      util: cleanup API change for strtoul(l) wrappers
      tests-util: Adding test to verify "allow-negative" flag
      tests-util: Adding test to verify "full-string-conversion" flag
      tests-util: Adding test to verify "allow no conversion" flag

Tim Beale (33):
      selftest: Restore IPs 12-16 for selftest client
      s4/torture: Update winsreplication to only use IPv4 addresses
      tests: Add test for setting min/maxPwdAge
      netcmd: Use python constant for -0x8000000000000000
      netcmd: Add some timestamp conversion helper functions
      netcmd: Fix passwordsettings --max-pwd-age command
      CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten
      CVE-2019-3870 tests: Add test to check file-permissions are correct after provision
      selftest: Add new 2-DC testenv for live schema upgrade
      traffic_replay: Assign users to groups by default
      traffic_replay: Avoid Exception if no packet rate is specified
      selftest: Refactor duplicated code to set ENV vars
      selftest: remove unused variable (@optargs)
      selftest: Move fork cmd args up a level
      selftest: Add helper function to build up s3 daemon cmd
      selftest: Store fork-and-exec daemon info in a hashmap
      selftest: Rework setting env variables for nmbd
      selftest: Rework setting env variables for other forked binaries
      selftest: Add common fork_and_exec() function
      selftest: Use scalar variable for new daemon_ctx hashmap
      selftest: Allow for wider range of terminals (besides xterm)
      selftest: Add helper scripts to run selftest in namespaces
      selftest: Add TESTENV_DIR "env" variable
      selftest: Add linux namespace support (USE_NAMESPACES=1)
      selftest: Add helper scripts for accessing the testenv namespace
      selftest: Add more notes on using selftest with namespaces
      provision: Fallback to assumption root-UID==zero
      selftest: Add check customdc has valid realm/domain
      selftest: Don't use global dirs when parsing customdc realm
      dsdb: Handle DB corner-case where PSO container doesn't exist
      tests: Add getncchanges test for cross-partition links + TGT
      repl_md: Avoid dropping cross-partition links
      s4/libnet: Fix joining a Windows pre-2008R2 DC

Volker Lendecke (220):
      rpc_server: Simplify make_server_pipes_struct
      rpc_server: Fix an error path memleak in make_server_pipes_struct
      rpc_server: Make make_server_pipes_struct API safer
      rpc_server: Favor talloc_move over talloc_steal
      rpc_server: Simplify named_pipe_accept_function
      rpc_server: Avoid casts in DBG statements
      tstream_npa: Avoid an unnecessary ZERO_STRUCTP
      tsocket: Simplify tsocket.h
      librpc: Add a required #include
      rpc_server3: Add a \n to a DEBUG message
      libsmb: Fix cli_smb2_get_reparse_point_fnum_send
      lib: Make fd_load work for non-regular files
      libsmb: Fix valgrind errors in cli_smb2_get_reparse_point
      libsmb: Rename "readlink_state" to "cli_posix_readlink_state"
      libsmb: Don't pass "cli" to cli_posix_readlink_recv
      libsmb: Change cli_posix_readlink to return talloc'ed target
      libsmb: Rename InfoType from [MS-SMB2] according to the spec
      libsmb: Make "struct smb2_lock_element" generally usable
      libsmb: Make cli_posix_chown/chmod proper tevent_req functions
      rpc: Don't crash if npa_accept fails
      auth: Add necessary decoration to auth/auth_util.h
      rpc: Fix a typo
      rpc: Add tstream_u32_read
      rpc: Convert npa_tstream.c to use tstream_u32_read_send
      ctdb: Slightly simplify ctdb_ltdb_lock_fetch_requeue
      ctdb: Fix a typo
      lib: Initialize getline() arguments
      lib: Initialize variables in parse_resolvconf_fp
      smbd: Factor out map_lease_type_to_oplock
      leases_db: Make leases_db_rename atomic
      leases_db: Make leases_db_add use leases_db_do_locked
      leases_db: Make leases_db_del use leases_db_do_locked
      build: Move smbstatus definition to source3/utils/wscript_build
      smbd: Remove some unused includes
      utils: Move conn_tdb.c to utils/
      smbd: Small optimization for break_to_none
      smbd: Introduce a helper variable in delay_for_oplock()
      smbd: Introduce a helper variable in delay_for_oplock()
      smbd: Pass lease parameters explicitly to find_fsp_lease
      leases_db: Add share_mode_lease info to leases.tdb
      leases_db: Add getter/setter for share_mode_lease metadata
      smbd: Use leases_db_set()
      smbd: Add lease key to share_mode_entry
      smbd: Use share_mode_entry's lease data in delay_for_oplock()
      smbd: Use share_mode_entry's lease data in delay_rename_for_lease_break()
      smbd: Use share_mode_entry's lease data in is_same_lease()
      smbd: Use share_mode_entry's lease data in remove_share_mode_lease()
      smbd: Use share_mode_entry's lease data in remove_share_mode_lease()
      smbd: Use share_mode_entry's lease data in vfs_default_durable_reconnect()
      smbd: Use share_mode_entry's lease data in lease_match()
      smbd: Use leases_db in delay_for_oplock()
      smbd: Use leases_db in get_lease_type()
      smbd: Use leases_db in fsp_lease_update()
      utils: Use leases_db in smbstatus
      smbd: Don't pass lease_idx down to set_share_mode()
      smbd: Don't pass up lease_idx from grant_fsp_lease
      smbd: Add update_share_mode_lease_from_db()
      smbd: Split up grant_fsp_lease()
      smbd: Use leases_db in try_lease_upgrade()
      smbd: Use leases_db in downgrade_lease()
      smbd: Use leases_db in vfs_default_durable_reconnect()
      smbd: Use leases_db in process_oplock_break_message()
      smbd: Make find_share_mode_lease() static
      smbd: Use leases_db in lease_match()
      smbd: Add share_mode_forall_leases()
      smbd: Use share_mode_forall_leases in rename_share_filename()
      smbd: Use share_mode_forall_leases in do_break_to_none()
      smbd: Use share_mode_forall_leases in share_mode_cleanup_disconnected()
      smbd: Remove share_mode_lease and the leases array from share_mode_entry
      winbind: Fix overlapping id ranges
      smbd: Use smbd_check_access_rights in reply_setatr()
      smbd: Make "check_access()" static to trans2.c
      smbd: Use a struct initializer
      libcli: Remove an unnecessary #include
      libcli: Align integer types
      smbd: Use "ISDOT" in reply_setatr
      dbwrap: Fix tdb_data_buf()
      dbwrap: Adapt tdb_data_buf's overflow handling to modern conventions
      g_lock: Apply some const
      g_lock: Fix a typo
      smbd: Use a direct struct assignment in reply_setatr()
      smbd: Fix a typo
      smbd: Slightly simplify delay_for_oplock()
      smbd: Remove an obsolete comment from share_conflict()
      smbd: Remove a pointless "continue" statement
      smbd: Use send_break_message() in send_break_to_none()
      smbd: Do oplock break messages in ndr
      smbd: Add file_rename_message in idl
      smbd: Send "share_file_id" with the rename msg
      smbd: Enable "smbd:suicide mode" for smb2
      smbtorture: Add a test to make smbd panic
      smbd: Fix a panic
      smbd: Merge "print_lock_struct" into one DBG
      tdb: Fix typo in README
      smbd: Calculate delay_mask only once in delay_for_oplock
      ctdb: Remove unused ctdb_ltdb_fetch_with_header()
      ctdb: Make TDB_SEQNUM work synchronously with ctdb
      lib: Only compile resolvconftest if fmemopen exists
      lib: Fix CID 1445648 Null pointer dereferences
      smbd: Fix a typo
      brlock: Remove clustering special case
      dbwrap: Use sizeof, not an integer constant
      smbd: Fix a typo
      smbd: Use "fsp->lease" instead of "lease"
      smbd: Simplify fsp_lease_update()
      smbd: Factor out fsps_lease_update()
      smbd: Fix a typo
      smbd: Avoid casts in smbd_do_locking()
      smbd: Use tevent_req_simple_recv_ntstatus() in smbd_smb2_lock_recv()
      smbtorture: Fix a typo
      smbd: Simplify an if-expression in smbd_do_locking()
      smbd: Align integer types in smbd_do_unlocking()
      smbd: Avoid casts in smbd_do_unlocking()
      smbd: Avoid casts in do_unlock()
      smbd: Avoid casts in smbd_smb2_lock_send()
      smbd: Adapt brl_pending_overlap to README.Coding
      autobuild: Fix autobuild for python3
      smbd: Avoid a "?true:false" in smbd_do_locking
      libsmb: Align integer types
      libsmb: Remove unused cli_[un]lock64()
      smbd: Use smb1cli_is_andx_req()
      libsmb: Remove unused is_andx_req
      libsmb: Add async cli_lockingx()
      libsmb: Use cli_lockingx() in cli_oplock_ack()
      libsmb: Use cli_lockingx() in cli_locktype()
      libsmb: Use cli_lockingx() in cli_unlock()
      smbd: Slightly simplify reply_lockingX()
      smbd: Slightly simplify reply_lockingX()
      smbd: Slightly simplify reply_lockingX()
      smbd: Simplify smbd_do_locking()
      smbd: smbd_do_locking() does not use the "type" param anymore
      smbd: Fix a typo
      smbtorture: Match comment with test
      smbd: Avoid casts
      smbd: Align integer types in reply_lockingX
      smbd: Add a explanation for num_aio_requests
      smbd: Slightly simplify smb_set_posix_lock()
      smbd: Deprecate "blocking locks" parameter
      smbd: Only remove locks by mid if necessary
      tevent: Fix a typo
      smbd: Fix a typo
      lib: Fix a typo
      smbd: Avoid casts in reply_unlock()
      smbd: Use NT_STATUS_IS_OK() in reply_unlock()
      smbd: Avoid casts in smb_set_posix_lock()
      smbd: Simplify smb_set_posix_lock()
      smbd: Add "lock_flav" to smbd_do_unlocking()
      smbd: Use smbd_do_unlocking() in smb_set_posix_lock()
      smbd: Use smbd_do_unlocking() in reply_writeunlock()
      smbd: Use smbd_do_unlocking() in reply_unlock()
      torture3: Add a test to block a locking&read
      torture3: Test LOCKINGX_CANCEL without locks
      torture3: Test blocking posix locks
      torture3: Run a blocking lock&x call with a subsequent read
      libsmb: Make cli_lockingx cancellable
      torture3: Test cancelling locking&x with ntcancel
      smbd: Add "blocker_pid" to brl_lock()
      smbd: Add some paranoia against NULL dereference
      smbd: Return "blocker_pid" from do_lock()
      smbd: Slightly simplify smbd_smb2_lock_send()
      smbd: Add smbd_smb1_do_locks_send/recv()
      smbd: Ping dbwrap_watch on locking.tdb for in smbd_do_unlocking()
      smbd: Remove SMB1 special case handling from brlock.c
      smbd: Use smbd_smb1_do_locks_send() in reply_lockread()
      smbd: Use smbd_smb1_do_locks_send() in reply_lock()
      smbd: Use smbd_smb1_do_locks_send() in reply_lockingX()
      smbd: Use smbd_smb1_do_locks_send() in smb_set_posix_lock()
      smbd: Base smb2_lock.c on tevent_req
      smbd: Don't call cancel_pending_lock_requests_by_fid on close
      smbd: Add a clarifying comment on triggering waiters
      smbd: Cancel smbd_smb1_do_locks requests in reply_ntcancel
      smbd: Remove unused brlock code
      vfs: Remove SMB_VFS_BRL_CANCEL_WINDOWS
      smbd: Remove struct blocking_lock_record
      smbd: Fix broken brlock for clustering
      vfs_preopen: Fix for O_NOFOLLOW
      vfs_preopen: Fix an uninitialized variable read
      vfs_preopen: TALLOC_FREE(fde) before closing the underlying fd
      librpc/idl: fix build with --enable-spotlight
      smbd: Ensure initialized vars in do_lock
      smbd: Avoid casts in do_lock()
      smbd: Make do_lock() return NTSTATUS
      smbd: do_lock() never sees blocking locks anymore
      smbd: brl_lock() never sees blocking locks anymore
      vfs: Remove "blocking_lock" from SMB_VFS_BRL_LOCK_WINDOWS
      smbd: Remove unused "blocking_lock" from brl_lock_windows_default()
      smbd: Remove unused "msg_ctx" from brl_lock_posix
      smbd: Remove unused "msg_ctx" from brl_lock()
      smbd: Remove unused "msg_ctx" from do_lock()
      smbd: Remove unused "msg_ctx" from brl_unlock_posix()
      vfs: Remove unused "msg_ctx" from SMB_VFS_BRL_UNLOCK_WINDOWS
      smbd: Remove unused "msg_ctx" from brl_unlock()
      smbd: Remove unused "msg_ctx" from brl_close_fnum()
      smbd: Remove unused "msg_ctx" from do_unlock()
      smbd: Remove unused "msg_ctx" from locking_close_file()
      smbd: Remove unused "msg_ctx" from smbd_do_locks_try()
      smbd: Remove unused "msg_ctx" from smbd_smb1_do_locks_send()
      smbd: Simplify filename_convert_internal()
      tdb: Adapt tdb_rescue() to README.Coding
      tdb: Adapt _tdb_transaction_cancel() to README.Coding
      lib: Fix return of server_id_db_prune_name()
      dbwrap: Rename dbwrap_watched_wakeup()
      dbwrap: Add publically available dbwrap_watch_wakeup()
      smbd: Simplify share_mode_lock.c
      smbd: Introduce static_share_mode_record
      smbd: Add share_mode_do_locked()
      smbd: Send do_lock() through share_mode_do_locked()
      smbd: Add flags to the beginning of share_mode_data
      smbd: Add file_has_read_lease()
      smbd: Set SHARE_MODE_HAS_READ_LEASE when granting a read lease
      smbd: Set SHARE_MODE_HAS_READ_LEASE when downgrading an oplock
      smbd: Use share_mode's flags in contend_level2_oplocks
      smbd: Don't store num_read_oplocks in brlock.tdb
      smbd: Make find_share_mode_entry() static to locking.c
      smbd: Make get_relative_fid_filename() static to open.c
      smbd: Simplify smbd_smb2_setinfo_send()
      smbd: Slightly simplify fsp_lease_update()
      vfs_fruit: Fix a typo
      smbd: Slightly simplify open_mode_check()
      smbd: Move fcb_or_dos_open() out of open_file_ntcreate()

-----------------------------------------------------------------------


-- 
Samba Shared Repository



More information about the samba-cvs mailing list