[Pkg-samba-maint] [samba] annotated tag upstream/4.5.2+dfsg created (now 8227669)

Mathieu Parent sathieu at moszumanska.debian.org
Thu Dec 8 08:56:50 UTC 2016

This is an automated email from the git hooks/post-receive script.

sathieu pushed a change to annotated tag upstream/4.5.2+dfsg
in repository samba.

        at  8227669   (tag)
   tagging  fb5e626875ad09aa809417b7c753d21a0da3b766 (commit)
  replaces  talloc-2.1.6
 tagged by  Mathieu Parent
        on  Thu Dec 8 09:07:13 2016 +0100

- Log -----------------------------------------------------------------
Upstream version 4.5.2+dfsg

Abhidnya Joshi (1):
      Efficient xattr handling for VxFS Signed-off-by: Abhidnya Joshi <Abhidnya.Joshi at veritas.com>

Alexander Bokovoy (4):
      s4-libnet: only build python-dckeytab module for Heimdal in AD DC mode
      s3-smbd: Support systemd 230
      libnet_join: use sitename if it was set by pre-join detection
      Wrap krb5_cc_copy_creds and krb5_cc_copy_cache

Amitay Isaacs (289):
      ctdb-doc: Sort the tunable variables in alphabetical order
      ctdb-tunables: Add missing flags in the initializer
      ctdb-tunables: Mark tunable MaxRedirectCount obsolete
      ctdb-tunables: Mark tunable ReclockPingPeriod obsolete
      ctdb-doc: Update tunables documentation
      ctdb-doc: Add documentation for missing tunables
      ctdb-recovery-helper: Get tunables first, so control timeout can be set
      ctdb-tunables: Fix the implementation of LIST_TUNABLES control
      ctdb-doc: Update ctdb man page
      ctdb-doc: Update ctdb man page
      ctdb-client: Increase the timeout for TRANS3_COMMIT control
      ctdb-protocol: Check header is not null before copying
      ctdb-protocol: Add protocol debug routines
      ctdb-tests: Add a utility to parse ctdb packets
      ctdb-client: Add client API for sending message to multiple nodes
      ctdb-tunables: Add new tunable RecBufferSizeLimit
      ctdb-protocol: Add new data type ctdb_pulldb_ext for new control
      ctdb-protocol: Add new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
      ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
      ctdb-client: Add client API functions for new controls
      ctdb-recovery-helper: Factor out generic recv function
      ctdb-recovery-helper: Pass capabilities to database recovery functions
      ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
      ctdb-recovery-helper: Create accessors for recdb structure fields
      ctdb-protocol: Add file IO functions for ctdb_rec_buffer
      ctdb-recovery-helper: Re-factor function to retain records from recdb
      ctdb-recovery-helper: Write recovery records to a recovery file
      ctdb-protocol: Introduce variable for checking srvid prefix
      ctdb-protocol: Add srvid for messages during recovery
      ctdb-protocol: Add new capability
      ctdb-recovery-helper: Introduce pull database abstraction
      ctdb-recovery-helper: Introduce push database abstraction
      ctdb-tests: Add a test for recovery of large databases
      ctdb-recovery-helper: Improve log message
      ctdb-recovery-helper: Introduce new #define variable
      ctdb-protocol: Add srvid for assigning banning credits
      ctdb-recoverd: Add message handler to assigning banning credits
      ctdb-recovery-helper: Add banning to parallel recovery
      ctdb-system: Add ctdb_parse_connections() function
      ctdb-doc: Add sample LVS configuration
      ctdb-system: Fix typo in ctdb_get_peer_pid
      ctdb-protocol: Remove unused CTDB_SRVID_PREFIX
      ctdb-protocol: Define a range of SRVIDs used by the ctdb tool
      ctdb-daemon: Avoid memory leak
      ctdb-tests: Update tests to include new controls
      ctdb-tests: Fix flakey test complex/18_ctdb_reloadips.sh
      ctdb-tests: Improve code coverage in tests
      ctdb-daemon: Remove unused controls related to server_id
      ctdb-tool: Remove commands related to server_id
      ctdb-client: Remove client functions related to server_id
      ctdb-protocol: Remove data structures for obsolete server_id controls
      ctdb-client: Set control opcode in reply for one-way controls
      ctdb-protocol: Consistency check for opcode in the reply structure
      ctdb-client: Use correct TDB flags for opening database
      ctdb-protocol: Fix marshalling of ctdb_string
      ctdb-protocol: Use ctdb_string marshalling
      ctdb-protocol: Fix marshalling of TDB_DATA
      ctdb-protocol: Use TDB_DATA marshalling
      ctdb-protocol: Fix marshalling of ctdb_req_header
      ctdb-protocol: Use ctdb_req_header marshalling
      ctdb-protocol: Add length routines for protocol elements
      ctdb-protocol: Use length routines for protocol elements
      ctdb-protocol: Fix marshalling of ctdb_reply_control
      ctdb-protocol: Expose function to allocate a packet
      ctdb-protocol: Check arguments in ctdb_allocate_pkt
      ctdb-tests: Make sure the packet length matches the allocated size
      ctdb-protocol: Drop buffer allocation from protocol push functions
      ctdb-protocol: Use consistent names for function arguments
      ctdb-client: Drop unnecessary discard_const
      ctdb-protocol: Return required buffer size in push functions
      ctdb-tests: Get rid of ctdb func tests
      ctdb-lvs: Allow override of CTDB for testing
      ctdb-natgw: Allow override of CTDB for testing
      ctdb-protocol: Add function to compare ctdb_sock_addr
      ctdb-tool: Remove xpnn command and related tests
      ctdb-tests: Remove ctdb reloadips tests
      ctdb-tool: Add test-hooks to enable testing of the tool
      ctdb-tool: All errors should be logged via stderr
      ctdb-tests: Add fake ctdb daemon implementation for testing
      ctdb-tests: Use fake_ctdbd for ctdb tool tests instead of ctdb stub
      ctdb-tests: Remove ctdb tool stub code
      ctdb-tests: Fix output for ctdb getcapabilities test
      ctdb-tests: Fix output for ctdb lvs test
      ctdb-tests: Fix output for ctdb reloadnodes tests
      ctdb-tests: rename tests from stubby.* to ctdb.*
      ctdb-recoverd: Freeze databases whenever the node is INACTIVE
      ctdb-recovery: Update timeout and number of retries during recovery
      lib/util: Avoid splitting tevent-unix-util as public library
      ctdb-packaging: Remove tevent-unix-util public library
      lib/poll_funcs: Build as SAMBA_SUBSYSTEM
      lib/util: Expose few more subsystems for standalone ctdb build
      ctdb-cluster-mutex: Fix #endif decoration
      ctdb-tests: Re-use async accept wrapper from async_req
      ctdb-tests: Re-use set_blocking instead of re-definition
      lib/util: Add a generic definition for set_close_on_exec
      ctdb-daemon: Use lib/util functions instead of redefinitions
      ctdb-system: Remove duplicate functions
      ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
      ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
      ctdb-protocol: Fix marshaling of uint arrays
      ctdb-protocol: Add checks to validate data on wire before unmarshaling
      ctdb-protocol: Add checks to validate data on wire before unmarshaling
      ctdb-tests: Improve ctdb protocol tests
      ctdb-daemon: Do explicit check for integer values
      ctdb-daemon: Explicitly assign boolean values
      ctdb-locking: Conditionally set real-time priority in lock helper
      ctdb-locking: Avoid real-time in lock helper if nosetsched option is set
      ctdb-scripts: Add new configuration variable CTDB_NOSETSCHED
      ctdb-tests: Update local daemons tests to use CTDB_NOSETSCHED
      s3-ctdb: Fail CTDB connection only on INACTIVE state
      ctdb-recovery-helper: Fix a comment
      ctdb-recovery: Terminate if recovery fails without any banning credits
      s3-ctdb: Return an error when unexpected reply is received
      ctdb-recoverd: Improve election win messages
      ctdb-daemon: Improve log message
      ctdb-client: Add sync version of sending multiple messages
      ctdb-client: Fix ctdb_rec_buffer traversal routine
      ctdb-client: Add async version of delete_record
      ctdb-client: Fix implementation of delete_record
      ctdb-client: Use async version of delete_record in g_lock unlock
      ctdb-client: Factor out ctdb_client_get_server_id function
      ctdb-client: If g_lock lock conflicts, try again sooner
      ctdb-client: Fix g_lock implementation
      ctdb-client: Release g_lock lock before retrying
      ctdb-client: Remove commented old g_lock implemention code
      ctdb-client: Release the g_lock record once the update is done
      ctdb-client: During transaction commit fetch seqnum locally
      ctdb-client: Fix implementation of transaction start
      ctdb-client: Fix implementation of transaction commit
      ctdb-client: Add async version of transaction cancel
      ctdb-client: Fix implementation of transaction cancel
      ctdb-client: Add debug messages to client db api
      ctdb-client: Expose ctdb_ltdb_fetch in client API
      ctdb-ib: Include system/wait.h for signal
      ctdb-daemon: Check if method is initialized before calling
      ctdb-pmda: CTDB client code does not require ctdb->methods
      ctdb-daemon: Log ctdb socket in the main daemon
      ctdb-build: Exit if requested feature cannot be built
      swrap: Build socket_wrapper path relative to blddir
      ctdb-tests: Common code to wait for synchronization across cluster
      ctdb-tests: Common code to process commandline options
      ctdb-tests: Add torture test for g_lock functions
      ctdb-tests: Replace ctdb_bench with message_ring using new client API
      ctdb-tests: Replace ctdb_fetch with fetch_ring using new client API
      ctdb-tests: Replace ctdb_fetch_one with fetch_loop using new client API
      ctdb-tests: Replace ctdb_fetch_readonly_once with fetch_readonly using new client API
      ctdb-tests: Replace ctdb_fetch_readonly_loop with fetch_readonly_loop using new client API
      ctdb-tests: Replace ctdb_transaction with transaction_loop using new client API
      ctdb-tests: Replace ctdb_update_record with update_record using new client API
      ctdb-tests: Replace ctdb_update_record_persistent with update_record_persistent
      ctdb-tests: Convert rb_test into a unit test
      ctdb-tests: Rename ctdb_lock_tdb to lock_tdb
      ctdb-tests: Rename ctdb_porting_tests to porting_tests
      ctdb-tests: Remove unused tests code
      ctdb-tests: Add torture test for fetch functions
      ctdb-pcp-pmda: Reimplement using new client API
      ctdb-web: Remove ctdb webpages from source
      ctdb-locking: Drop code for Samba 3.x compatibility
      ctdb-tool: Remove ctdb thaw command
      ctdb-client: Remove functions ctdb_ctrl_thaw_priority() and ctdb_ctrl_thaw()
      ctdb-client: Remove function ctdb_ctrl_thaw() from new client API
      ctdb-protocol: Drop marshalling code for THAW control
      ctdb-client: Reimplement ctdb_ctrl_freeze_priority() using ctdb_control()
      ctdb-client: Drop unused functions ctdb_ctrl_freeze_send/recv
      ctdb-client: Mark ctdb_ctrl_freeze_priority static
      ctdb-vacuum: Do not use freeze_mode outside freeze code
      ctdb-recovery: Remove serial database recovery code
      ctdb-daemon: Drop priorites from freeze/thaw code
      ctdb-freeze: Drop function thaw_priority()
      ctdb-client: Remove ctdb_ctrl_freeze_priority() function
      ctdb-protocol: Remove CTDB_NUM_DB_PRIORITIES
      ctdb-recoverd: Remove code that updates database priorities during recovery
      dbwrap_ctdb: Remove setting of database priority from samba
      ctdb-tool: Remove setdbprio and getdbprio commands
      ctdb-daemon: Remove implementation of SET/GET_DB_PRIORITY
      ctdb-client: Remove client code for set/get_db_priority
      ctdb-client: Remove code to set/get_db_priority from new client code
      ctdb-protocol: Drop marshalling code for set/get_db_priority
      ctdb-protocol: Deprecate controls SET/GET_DB_PRIORITY
      ctdb-daemon: Remove priority field from ctdb_db_context
      ctdb-locking: Remove API for locking all databases
      ctdb-locking: Remove API for locking databases with priority
      ctdb-freeze: Remove ctdb_db_prio_frozen() function
      ctdb-locking: Remove ctdb_db_prio_iterator function
      ctdb-build: Add missing dependency on samba-util
      ctdb-tool: Log a message at INFO level
      ctdb-tests: Drop ctdb tool debug level to NOTICE
      ctdb-tool: Drop arbitrary exit codes
      ctdb-tool: Exit with 1 on failure instead of -1
      ctdb-tool: Fix a log message in "ctdb reloadnodes"
      ctdb-tests: Fix "ctdb status" test
      ctdb-tool: Improve "ctdb uptime" output format
      ctdb-tool: Simplify "ctdb process-exists"
      ctdb-tool: Improve error output in "ctdb setdebug"
      ctdb-tests: Implement GET_DEBUG and SET_DEBUG controls in fake_ctdbd
      ctdb-tests: Implement GET_RUNSTATE control in fake_ctdbd
      ctdb-common: Refactor tunable related functions
      ctdb-daemon: Use refactored tunable code
      ctdb-tests: Implement controls related to tunables in fake_ctdbd
      ctdb-tests: Implement SET_IFACE_LINK_STATE control in fake_ctdbd
      ctdb-tests: Add monitoring related controls in fake_ctdbd
      ctdb-common: Fix CID 1363227 (Resource leak)
      ctdb-tests: Fix CID 1364521 (Argument cannot be negative)
      ctdb-tests: Fix CID 1364522 (Argument cannot be negative)
      ctdb-tests: Fix CID 1364523 (Argument cannot be negative)
      ctdb-tests: Fix CID 1364524 (Argument cannot be negative)
      ctdb-tests: Fix CID 1364525 (Argument cannot be negative)
      ctdb-tests: Fix CID 1364526 (Argument cannot be negative)
      ctdb-doc: Drop documentation for obsolete tunable
      ctdb-daemon: Fix statistics update macro
      ctdb-tests: Clean database before the test
      ctdb-tests: Fix typo
      ctdb-tests: Improve test to match exact output
      ctdb-tests: Add tests for idempotence
      ctdb-tests: Add more tests for ctdb setdbsticky and setdbreadonly
      ctdb-tests: Add machinereadable output tests
      ctdb-common: Fix parsing of debug level
      ctdb-protocol: Add function ctdb_sock_addr_same_ip
      ctdb-daemon: Add QueueBufferSize tunable
      ctdb-daemon: Reduce QueueBufferSize from 16k to 1k
      ctdb-daemon: Use consistent naming for monitoring mode
      ctdb-tool: Remove old ctdb tool
      ctdb-tool: Add replacement ctdb tool using new client API
      ctdb-tests: Adjust unit test output matching new ctdb
      ctdb-daemon: Drop the implementation of THAW control
      ctdb-protocol: Deprecate THAW control
      ctdb-daemon: Drop implementation of global transaction controls
      ctdb-client: Drop client code for global transaction controls
      ctdb-protocol: Drop marshalling for global transaction controls
      ctdb-protocol: Deprecate global transaction controls
      ctdb-packaging: Move ctdb configuration to ctdbd.conf
      WHATSNEW: ctdb updates
      ctdb-tests: Fix valgrind unintialized error
      ctdb-tests: Do not add $VALGRIND to ctdb command
      ctdb-tests: Removing sleep from porting_tests
      ctdb-tests: Add explicit wait to the fork_helper()
      ctdb-tools: Fix CID 1364699 - dereference after null check
      ctdb-tools: Fix CID 1364701 - resource leak
      ctdb-tools: Fix CID 1364702 - resource leak
      ctdb-tools: Fix CID 1364703 - resource leak
      ctdb-tools: Fix CID 1364704 - resource leak
      ctdb-tools: Fix CID 1364705 - resource leak
      ctdb-tools: Fix CID 1364706 - resource leak
      ctdb-tools: Free record if it does not contain valid data
      ctdb-tools: Free tickle list before exiting
      ctdb-tools: Free connection list after processing it
      ctdb-tools: Close tdb database on error
      ctdb-tools: Free temporary memory context before exiting
      ctdb-client: transaction_cancel must free transaction handle
      ctdb-tools: Cancel transaction on error or if commit fails
      dbwrap: Fix structure initialization
      s3-lib: Pass missing argument for format string
      s3-libnet: Add missing format element
      s3-lib: Remove unused function sprintf_append
      talloc: Fix format-nonliteral warning
      tdb: Fix format-nonliteral warning
      lib/util: Fix format-nonliteral warning
      ldb: Fix format-nonliteral warning
      s3-lib: Fix format-nonliteral warning
      s3-include: Fix format-nonliteral warning
      s3-netapi: Fix format-nonliteral warning
      s3-libnet: Fix format-nonliteral warning
      regedit: Fix format-nonliteral warning
      wibindd: Fix format-nonliteral warning
      passdb: Fix format-nonliteral warning
      torture: Fix format-nonliteral warning
      lib/util: Fix format strings and argument data types
      ctdb-common: Fix format-nonliteral warning
      ctdb-daemon: Fix format-nonliteral warning
      ctdb-daemon: Fix format-nonliteral warning
      ctdb-daemon: Fix format-nonliteral warning
      ctdb-recovery-helper: Fix format-nonliteral warning
      ctdb-ib: Fix DEBUG log messages
      ctdb-pmda: Use 1s timeout for fetching statistics
      ctdb-tools: Drop "ctdb rebalanceip"
      ctdb-tools: Drop "ctdb rebalancenode"
      ctdb-tools: Addition of IPs is deferred until the next takeover run
      ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control request
      ctdb-recovery-helper: Add missing initialisation of ban_credits
      ctdb-common: Add routines to manage PID file
      Revert "ctdb-common: Use SCHED_RESET_ON_FORK when setting SCHED_FIFO"
      dlz-bind: Fix preprocessor checks for BIND versions
      dlz-bind: Fix initialization of DLZ_DLOPEN_AGE
      dlz-bind: Set DNS_CLIENTINFO_VERSION based on BIND version
      dlz-bind: Add support for BIND 9.11.x
      provision: Add support for BIND 9.11.x
      ctdb-scripts: Fix calculation of CTDB_BASE
      ctdb-locking: Reset real-time priority in lock helper
      ctdb-recovery: Avoid NULL dereference in failure case

Andreas Schneider (120):
      s3-libads: Pass down the salt principal in smb_krb5_kt_add_entry()
      s3-libads: Call smb_krb5_create_key_from_string() directly
      s3-libads: Use the C99 boolean false
      krb5_wrap: Move smb_krb5_kt_add_entry() to krb5_wrap
      krb5_wrap: Add smb_krb5_open_keytab_relative() function
      s3-libnet: Allow the keytab function to use a relative path
      s4-libnet: Implement export_keytab without HDB
      s4-selftest: Make export keytab test heimdal specific
      krb5-wrap: Use the principal returned by the KDC to create the ccache
      mit_samba: Make mit_samba a shim layer between Samba and KDB
      mit_samba: Directly pass the principal and kflags
      mit_samba: Add ks_is_tgs_principal()
      mit_samba: Add function to change the password
      mit_samba: Add functions to generate random password and salt.
      mit_samba: Add function for handling bad password count
      mit_samba: Setup logging to stdout
      wscript: Build the KDC code if we have the AD DC build enabled
      mit-kdb: Add initial MIT KDB Samba driver
      mit-kdb: Add more ks_is_kadmin* functions.
      mit-kdb: Do not allow to get a kadmin ticket as a client.
      mit-kdb: Add ks_create_principal().
      mit-kdb: Add ks_get_admin_principal() and use it for kadmin users.
      mit-kdb: Implement KDB function to change passwords
      mit-kdb: Add support for bad password count
      mit-kdb: Add support for KDB version 8
      mit-kdb: Fix segfault in krb5kdc dereferencing an invalid pointer
      mit-kdb: Add missing SDB_F_FOR_AS_REQ for AS requests
      lib: Update socket_wrapper to version 1.1.6
      lib: Update uid_wrapper to version 1.2.1
      lib: Update nss_wrapper to version 1.1.3
      s4-libnet: Link dckeytab.so correctly when is AD DC enabled
      pam_winbind: Use the correct type to check the pam_parse() return code
      pam_winbind: Create and use a wbclient context
      util: Add memcmp_const_time()
      libcli:smb2: Use constant time memcmp() to verify the signature
      s4:libcli:smb2: Use constant time memcmp() to verify the signature
      s3-libads: Fix compilation with MIT Kerberos
      s3-net: Convert the key_name to UTF8 during migration
      s3-net: Cleanup the code of printing migration
      swrap: Update to version 1.1.7
      s3-smbspool: Log to stderr
      rwrap: Update resolve_wrapper to version 1.1.4
      torture: Fix trailing whitespaces in krb5 tests
      torture: Add a dummy test for MIT Kerberos case
      sdb: Do not set disallow if we do not have ticket info in the DB
      kdb: Do not allocate memory with size 0
      sdb: Fix NULL pointer deference if we return early
      sdb: Do not create kmod information if we return early
      mit_samba: Return 0 in case of a wrong realm
      mit_samba: Fix flags that we get a referral tickets
      mit_samba: Allow to use SPNs for AS-REQ
      selftest: Set the correct hostname
      s3-script: Install the findsmb script
      s3-libnetapi: Correctly check for lp_realm.
      samba_dnsupdate: Work around a bug in nsupdate
      selftest: Use the correct smb.conf for ldbsearch
      selftest: Remove unneeded sleep before first ldbsearch execution
      selftest: Consistently check for provision return code
      selftest: Fix indentation in wait_for_start()
      selftest: Add newlines for info output
      selftest: Remove nbt wait time
      s4-kdc: Rename heimdal KDC files
      krb5_wrap: Add smb_krb5_mk_error()
      s4-kdc: Use smb_krb5_mk_error() in kdc implemenation
      s4-kdc: Use smb_krb5_mk_error() in kpasswd implementation
      s4-kdc: Put the heimdal kdc config into a private data pointer
      s4-kdc: Use better and simpler names for the kdc_process_ret enum
      s4-kdc: Move definitions to kdc-server.h
      s4-kdc: Move kdc_process_fn_t declaration to kdc-server.h
      s4-kdc: Move KDC socket structs to krb5-server.h
      s4-kdc: Rename proxy-heimdal.c to kdc-proxy.c
      s4-kdc: Create a kdc-proxy.h header file
      s4-kdc: Move KDC packet handling functions to kdc-server.c
      util: Fix a possible null pointer dereference
      librpc: Check for negative return value of socket_get_fd()
      s3-torture: Do some code hygiene in the ldb test
      s4-dsdb: Fix a possible NULL pointer dereference
      s4-ntlm: Fix a NULL pointer dereference in error path
      smbget: Fix a memory leak
      nsswitch: Fix wbclient torture_assert_wbc_ok_goto_fail macro
      nsswitch: Fix memory leak in test_wbc_pingdc()
      nsswitch: Fix memory leak in test_wbc_get_sidaliases()
      nsswitch: Fix memory leak in test_wbc_pingdc2()
      nsswitch: Fix memory leak in test_wbc_domain_info()
      nsswitch: Fix memory leak in test_wbc_users()
      nsswitch: Fix memory leak in test_wbc_groups()
      nsswitch: Fix memory leak in test_wbc_trusts()
      s3-libnet: Add a comment to make cleaŕ we want to fall through
      libutil: Support systemd 230
      selftest: Skip smbtorture_s3 tests against ntvfs
      selftest: Skip the Samba4 rap tests
      selftest: Skip s4 smb2 rename tests
      selftest: Remove samba4 delaywrite tests we skip
      selftest: Remove samba4.smb2.compound tests we skip
      selftest: Skip also s4 base.createx_sharemodes_dir
      selftest: Skip the samba4.raw.eas tests
      s3-winbind: Fix memory leak with each cached credential login
      tsocket: Do not dereference a NULL pointer
      s4-torture: Add torture_check_krb5_error() function
      s4-torture: Add AES and RC4 enctype checks
      s4-dsdb: Add missing header file for write() and close()
      selftest: Do not use the deprecated samba-tool user add
      testprogs: Do not use the deprecated samba-tool user add
      ctdb-waf: Move ctdb tests to libexec directory
      s3-util: Fix asking for username and password in smbget.
      nsswitch: Add missing arguments to wins gethostbyname*
      nsswitch: Also set h_errnop for nss_wins functions
      s3-lib: Fix %G substitution in AD member environment
      s3-utils: Fix loading smb.conf in smbcquotas
      s3-winbind: Do not return NO_MEMORY if we have an empty user list
      s3-printing: Correctly encode CUPS printer URIs
      s3-printing: Allow printer names longer than 16 chars
      s3:spoolss: Add support for COPY_FROM_DIRECTORY in AddPrinterDriverEx
      lib:torture: Make variables const
      s4:torture: Add tortue test for AddPrinterDriverEx with COPY_FROM_DIRECTORY
      s4:torture: Strip trailing whitespaces in session_key.c
      s4:torture: Normalizes names in session_key test
      s4:torture: Fix cleanup of the secrets object in session_key test
      nss_wins: Fix errno values for HOST_NOT_FOUND
      printing: Fix building with CUPS version older than 1.7

Andrew Bartlett (213):
      selftest: Avoid sorting issues on Ubuntu 10.04 vs 14.04
      smbd: Only check dev/inode in open_directory, not the full stat()
      dsdb/repl: Ensure we use the LOCAL attid value, not the remote one
      dsdb: Only re-query dSHeuristics for userPassword support on modifies
      libndr: Add ndr_pull_struct_blob_all_noalloc
      ldb-samba: Use ndr_pull_struct_blob_all_noalloc
      selftest: Print a message when RID allocation fails
      selftest: Wait 60 seconds for a RID alloc
      dsdb: Clarify rename handling as to which record is being renamed
      dsdb: Improve debug messages in operational module
      ldb: Fix error string when renaming to an DN that already exists
      repl_meta_data: Explain why time(NULL) is good enough here
      selftest: Include a few more details in selftest and samba startup.
      join.py: Fetch the remote DC NTDS GUID early
      pidl: Correct string handling to use talloc and be in common
      classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()
      ldb-samba: Add "secret" as a value to hide in LDIF files
      rpc_server/drsuapi: Return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
      getncchanges: Give the correct error when RID_ALLOC fails on an invalid destination_dsa_guid
      getncchanges: Use the talloc_stackframe() for tempory memory
      getncchanges: Fill in ctr6.linked_attributes with a pointer to a zero-length array
      dsdb/subtree_rename: Rename the base before we rename children
      repl_meta_data: Do rename before deleted object cleanup
      dsdb: Use DRSUAPI_ATTID_isDeleted constant in repl_meta_data
      dsdb: Improve syntax clarity
      selftest: Mark LDAPNotificationTest.test_max_search flapping
      samba-tool domain demote: Fix error handling and error messages
      torture: Only walk over objects actually converted in drs.dssync
      repl: Do not consider userPassword differences to matter in rpc.dssync
      build: Build less of Samba when building --without-ntvfs-fileserver
      selftest: Use random OIDs from under the Samba OID arc
      dsdb: Remove incorrect RDN attid check in replmd_replPropertyMetaDataCtr1_verify
      repl: Allow GetNCChanges DRSUAPI_EXOP_REPL_OBJ to succeed against a deleted object
      repl: Pass in the full partition DN to dsdb_replicated_objects_convert()
      dsdb: Only search the provided partition for the object GUID
      samba-tool domain join: Set drsuapi.DRSUAPI_DRS_GET_ANC during initial repl
      selftest: Make replica_sync test pass against Windows 2012R2
      dsdb: Allow "cn" to be missing on schema import
      repl: Remove duplicated delete of sAMAccountType
      selftest: Only mark runtime dbcheck as flapping
      dbcheck: Find and fix a missing Deleted Objects container
      repl: Retry replication of the schema on WERR_DS_DRA_SCHEMA_MISMATCH
      dsdb: Cache our local invocation_id at the start of each request
      dsdb: Move operational below repl_meta_data so we can query parentGUID
      repl: Enforce that we have parent objects for all replicated objects
      dsdb: Clearly fail to replicate objects not NC_HEAD with a all-zero parentGUID
      dsdb: Give more errors in operational module when building the parentGUID
      repl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero parentGUID
      repl_meta_data: Give more information on replication rename behaviour
      dsdb: Split rename case out of replmd_op_possible_conflict_callback
      dsdb: Simplify replmd_op_possible_conflict_callback behaviour
      dsdb: Give the objectGUID ahead of LDIF dump of replicated changes
      selftest: initial version of new repl_move test
      selftest/drs: Show we return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
      repl: Do not report all replication failures at level 0
      selftest: Add another test case to replica_sync test
      selftest: Assert that name, the RDN attribute and actual RDN are in sync
      Remove the try/catch from urgent_replication.py
      samldb: Make checks for schema attributes much more strict
      selftest: Add tests to show that we can not create duplicate schema entries
      selftest: These replication tests are now OK after we fixed all the replication bugs
      selftest: Run the krb5.kdc test on a more selective basis
      selftest: Do not scan the full DB to confirm a specific DN in dbcheck
      dsdb: Add new helper function replmd_replPropertyMetaData1_new_should_be_taken()
      dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_op_possible_conflict_callback()
      dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_handle_rename()
      dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_merge()
      dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_search_callback()
      selftest: Add more tests to cover attribute changes vs DN renames
      dsdb: Show initial replicated modify as well as resolved modify in repl_meta_data
      dsdb: Fix incorrect sorting of replPropertyMetaData with RDN last
      dsdb: Fix rename and RDN handling for replPropertyMetaData
      selftest: Assert replPropertyMetaData values before and after replication
      selftest: Add a reverse variation to ReplicateMoveObject3
      repl: Avoid use-after-free when working with the working_schema
      build: Try to work around strict aliasing rules on Ubuntu 10.04
      build: Address may be used uninitialized in this function on Ubuntu 10.04
      selftest: Rebase DrsBaseTestCase on SambaToolCmdTest
      samba-tool: Improve fsmo handling
      samba-tool domain join: Refuse to re-join a DC with a still-valid password
      s4-samr: Fix samr.QueryUserInfo level 1 primary group
      selftest: Expand tokenGroups test to also build nested groups
      selftest: Expand tokenGroups test to also compare with samr.GetGroupsForUser
      libcli/smb: Fix compiler errors when building with --address-sanitizer
      libgpo: Fix compiler errors when building with --address-sanitizer
      s3-client: Fix compiler errors when building with --address-sanitizer
      s3-libnet: Fix compiler errors when building with --address-sanitizer
      s3-vfs/snapper: Fix compiler errors when building with --address-sanitizer
      s4-kcc: Fix compiler errors when building with --address-sanitizer
      s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
      s4-samr: Rework GetGroupsForUser to use memberOf
      selftest: Add alias membership to the tokengroups test
      selftest: Test that primaryGroupID is first in samr.GetUserGroups() reply
      selftest: Check a user with only primaryGroupID is correct in samr.GetUserGroups() reply
      samba_dnsupdate: Add a mode that calls samba-tool dns, rather than nsupdate
      dns_update_list: Add in NS records
      samba_dnsupdate: Allow admin to force a particular IP into samba_dnsupdate
      samba_dnsupdate: Simplify logic and add more verbose debugging
      samba_dnsupdate: Implement RPC <ZONE> prefix in dns_update_list
      samba_dnsupdate: Give the administrator more detail when DNS lookups fail
      selftest: Ensure we write 127. addresses into DNS
      selftest: Always set up a resolv.conf and use it in samba_dnsupdate
      selftest: confirm samba_dnsupdate works in both nsupdate and samba_tool mode
      selftest: Add a DNS test matching Windows
      selftest: Remove print attribute from getnc_exop test
      repl: Avoid excessive stack use and instead sort the links in the heap
      selftest: Do not run local.ndr 3 times
      lib/ldb-samba: We can confirm a GUID is a GUID by length
      selftest: Avoid running local.nss test against ad_dc_ntvfs
      selftest: Do not run winbind tests against ad_dc_ntvfs
      dsdb: Provide shortcuut for repl_meta_data avoiding search of link targets
      dsdb: Fix use-after-free of parent_dn in operational module
      dsdb: Only fetch changed attributes in replmd_update_rpmd
      librpc: Avoid talloc in GUID_from_data_blob()
      ldb: Allow repl_meta_data to override the O(^2) loop checking for duplciates
      ldb: Do not allocate the extended DN name
      dsdb: Apply linked attribute backlinks as we apply the forward links
      dsdb: Avoid talloc() calls in dsdb_get_extended_dn_*()
      dsdb: Make less talloc() for parsed_dn.guid
      Revert "source4/scripting: add an option to samba_dnsupdate to add ns records."
      lib: talloc: Change __talloc_with_prefix() to return a struct talloc_chunk *.
      lib: talloc: Change __talloc() to return a struct talloc_chunk *.
      lib: talloc: Change _talloc_set_name_const() to _tc_set_name_const()
      lib: talloc: Add _vasprintf_tc() which returns the struct talloc_chunk *, not the talloc'ed pointer.
      lib: talloc: Rename talloc_set_name_v() to tc_set_name_v(). Make it take a struct talloc_chunk *tc as the first argument.
      lib: talloc: Call talloc_chunk_from_ptr() less often in __talloc_with_prefix()
      lib: talloc: Rename the internals of _talloc_free_internal() to _tc_free_internal().
      lib: talloc: As _tc_free_internal() takes a struct talloc_chunk *, add an extra paranoia check against destructor overwrite.
      lib: talloc: As we have a struct talloc_chunk * in _talloc_free_children_internal(), use it to call _tc_free_internal() directly.
      lib: talloc: Add check for destructor protection.
      ldb: Avoid use-after-free when one error message is printed into another
      schema: Make the fetch of the schema version fast
      dsdb: Remove use of schema USN in samldb_add_handle_msDS_IntId
      dsdb: Remove 120 second delay and USN from schema refresh check
      schema: Reorder dsdb_set_schema() to unlink the old schema last
      samba-tool: Add success message to samba-tool drs replicate --local
      samba-tool: Add --local-online mode to samba-tool drs replicate
      selftest: Add more tests for samba-tool drs replicate
      Revert "dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests"
      Revert selftest: Add knownfail entry required to disable tombstone_reanimation
      pyrpc: Allow control of RPC timeout for IRPC
      samba-tool drs replicate: Allow replication call to take as long as required
      dsdb: Avoid search on * in replmd_replicated_apply_next()
      dsdb: Improve debugging during SD recursion failure
      build: Always build eventlog6. This is not a duplicate of eventlog
      param: Correct the defaults for "dcerpc endpoint services"
      Remove unused and untested source4 ntptr and spoolss systems
      repl: Remove check for parentGUID being NULL in dsdb_convert_object_ex()
      ldb: Add better debugging to ldb_wait()
      samba-tool: Put full command and subcommand in informative name when testing samba-tool
      selftest: Make repl_schema more robust by disabling replication before the test
      selftest: Make repl_move more robust by disabling replication before the test
      selftest: Disable replication before doing forced pre-test replicate
      drs: pass the forced-replication flag from DsReplicaSync to GetNCChanges
      selftest: Ensure we can call DRSUAPI_EXOP_REPL_OBJ with replication disabled
      selftest: Disable all replication during most replication tests
      WHATSNEW: Add features added for Samba 4.5
      s4:torture/ndr: Add supplementalCredentials blobs from alpha13 and release_4_1_0rc3
      s4:torture/ndr: Add supplementalCredentials blob from Win2012R2
      torture: Add another sample of a PAC that broke the old PAC_UPN_DNS_INFO handling
      s4:torture/ndr: Add supplementalCredentials blob from Samba with the new SambaGPG blob
      build: Add hints on what libraries to install for gpgme support on failure
      ldb_ldb: Do not re-scan the index list for new DNs
      librpc: Add ndr_push_struct_into_fixed_blob() and use it in GUID_to_ndr_blob()
      lib/ldb-samba: Use ndr_push_struct_into_fixed_blob() in ldif_handlers.c
      lib/ldb-samba: Avoid talloc() in ldif_read_objectSid() by parsing the SID string on the stack
      dsdb: Limit potential stack use when parsing extended DNs
      torture: Add tests for ndr_push_struct_into_fixed_blob()
      ldb: Free empty index lists as talloc_realloc() fails in this case
      ldb: Add ldb_unpack_data_only_attr_list_flags()
      ldb: Prepare for adding flags to ltdb_search_dn1() to control memory allocation
      ldb: Add flags to ltdb_search_dn1() to control memory allocation
      ldb: Use ldb_unpack_data_only_attr_list_flags in re_index()
      selftest: Merge alternate error codes into backupkey from backupkey_heimdal
      s4:dsdb/repl: Improve memory handling in replicated schema code
      s4:dsdb/schema: Remove unused old schema from memory
      s4:dsdb/repl_meta_data: Add more info on which DN we failed to find an attid on
      selftest: Move repl_schema test to a distinct OID prefix
      dsdb: Allow missing a mandatory attribute from a dbcheck fix
      dbcheck: Abandon dbcheck if we get an error during a transaction
      selftest: Correct name of samba4.blackbox.dbcheck.release-4-5-0-pre1
      pydsdb: Raise TypeError for type errors, rather than incorrectly raising an LdbError
      ldb-samba: Add new extended match rule DSDB_MATCH_FOR_EXPUNGE
      kcc: Move kcc/kcc_deleted.c into kcc/garbage_collect_tombstones.c
      dsdb: Rework kcc_deleted() into dsdb_garbage_collect_tombstones()
      dsdb: Rework more KCC service-specific details out of dsdb_garbage_collect_tombstones()
      dsdb: move tombstone lifetime calculation out of dsdb_garbage_collect_tombstones()
      dsdb: Expand garbage_collect_tombstones to expunge links also
      python: Add binding for dsdb_garbage_collect_tombstones()
      samba-tool: Add command-line tool to trigger tombstone expunge
      dsdb: Expose ldb error string to dsdb_garbage_collect_tombstones() callers
      dsdb: Use a date comparison in the search to avoid returning all deleted objects
      selftest: Add test for 'samba-tool tombstones expunge'
      samba-tool: Run samba-tool domain tombstones expunge in a transaction
      dsdb: Add comments to dsdb_garbage_collect_tombstones()
      lib/ldb-samba: Add test for DSDB_MATCH_FOR_EXPUNGE match rule
      dsdb: Do not check isDeleted as a possible link
      build: Fix build with perl on debian sid.
      selftest: Add test for link and deleted link behaviour in dbcheck
      dbcheck: Be more careful with link checks
      dbcheck: Correct message for orphaned backlinks
      selftest: Ensure we catch errors from samba-tool domain tombstones expunge
      dsdb: Add python hooks to allocate a RID set and allocate a RID pool
      dbcheck: Correctly initialise keep_transaction in missing_parent test
      dsdb: Create RID Set as SYSTEM
      dsdb: Rework DSDB code to use WERROR
      dsdb: Catch errors in extended operations (like allocating a RID Set)
      python: create NTSTATUSError, HRESULTError and WERRORError
      pyerrors: Add PyErr_Set{WERROR,HRESULT,NTSTATUS}_and_string()
      python: Add DsExtendedError Exception
      python-libnet: Use new NTSTATUSError, WERRORError and DsExtendedError exceptions

Anoop C S (4):
      packaging: Remove ulimit usage for setting core file size limit
      packaging: Set default limit for core file size in init scripts
      packaging: Set default limit for core file size in service files
      vfs_glusterfs: Fix a memory leak in connect path

Anubhav Rakshit (1):
      torture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay

Aurelien Aptel (29):
      s3/utils/regedit.c: typo
      s4/auth/ntlm/auth_unix.c: add parens
      s4/client/cifsdd.c: typo
      s4/heimdal/lib/gssapi/mech/gss_compare_name.c: typo
      s4/heimdal/lib/krb5/pac.c: typo
      examples/perfcounter/perf_writer.c: fix memset
      s3/client/clitar.c: NULL-check correct variable
      s3/client/clitar.c: always close fd
      pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
      pidl/ws: fix -Wmissing-prototype
      pidl/ws: enhance dissector
      pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
      pidl/ws: fix indent (use 4 tabs) and remove trailing whitespace
      pidl/ws: fix Assigned value is garbage or undefined found by Clang Analyzer
      pidl/ws: Remove #pragma warning (MSVC)
      pidl/ws: Eliminate e_uuid_t in favor of e_guid_t
      pidl: use https urls and update dead msdn link
      pidl/ws: avoid trailing tabs
      pidl/ws: remove any starting _ in WS field names
      pidl/ws: Remove pinfo->private_data from DCERPC dissectors.
      pidl/ws: dereference pointers when passing name param.
      pidl/ws: Add HEADER START/HEADER END in ws dissector
      pidl/ws: whitespace cleanup
      pidl/ws: Document CODE_START and HEADER_START
      pidl/ws: directly use `di` param instead of casting `private_data` member.
      pidl/s4/python: typo in comment
      pidl/ws: fix failing tests
      pidl/ws: fix missing $name when generating MAPI dissector
      s3/winbindd: use == -1 instead of < 0 for error checking uid_t

Björn Baumbach (2):
      idmap_script: add missing "IDTOSID" argument to the script command line.
      s3-printing: fix migrate printer code (bug 8618)

Björn Jacke (1):
      testsuit/manage-ca.sh: specify key size in CSRs

Bob Campbell (18):
      samba_dnsupdate: do not interpret failure count as unix error code
      samba_spnupdate: do not interpret failure count as unix error code
      tdb: avoid many fcntl calls when incrementing seqnum
      selftest: add check password script test
      check_password_script: Add a DEBUG message for timeouts
      password_hash: Make an error message clearer
      provision_fill: move most db accesses into transactions
      provision_fill: move GPO into transaction
      provision: Ignore duplicate attid and governsID check
      getncchanges: Fix some whitespace
      tests/getnc_exop: Ensure we do the fallback if not given a PAS
      tests/getnc_exop: Ensure that attribute list sorting is correct
      getncchanges: Fix some whitespace
      tests/getnc_exop: Ensure we do the fallback if not given a PAS
      tests/getnc_exop: Ensure that attribute list sorting is correct
      dsdb: refactor part of garbage_collect_tombstones into new function
      copyright: Add the missing notices for garbage collect tombstones
      tests/getnc_exop: Improve the ridalloc test by performing an alloc against a new master

Christian Ambach (16):
      s3:smbd/service disable case-sensitivity for SMB2/3 connections
      s3:smbd/service apply some code formatting
      s3:smbd/filename remove smelly code
      selftest: test for case insensitivity over SMB2/SMB3
      s3:smbd remove todo comments
      s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
      s3:rpcclient make --pw-nt-hash option work
      s3:selftest add a test for rpcclient --pw-nt-hash option
      s3:rpcclient add -m option
      s3:modules/vfs_snapper squelch -O3 compile warning
      s4:repl_meta_data: squelch compile warning with -O3
      s4:param add log_level function to retrieve log level in Python code
      tests/param add a test for LoadParm.log_level
      python/drs_utils: do not attempt to parse log level, use parsed value
      python/join: do not attempt to parse log level, use parsed value
      s4:samba_spnupdate: do not attempt to parse log level, use parsed value

Christof Schmitt (23):
      gpfswrap: Add wrapper for gpfs_set_winattrs
      vfs_gpfs: Implement new dos_attributes vfs functions
      vfs_gpfs: Remove xattr functions
      vfs: Add helper to check for missing VFS functions
      vfs_full_audit: Assert that all VFS functions are implemented
      vfs_time_audit: Assert that all VFS functions are implemented
      selftest: Load time_audit and full_audit
      winbindd: Remove unused prototypes for winbindd_group.c
      gensec: Change log level of message when no PAC is found
      smbcacls: Do not read old ACL for 'set' operation
      ctdb/ltdbtool: Fix static declarations
      gensec: Change log level for message when obtaining PAC from gss_get_name_attribute failed
      selftest: Disable full audit logging in selftest
      smbtorture: Add smb2.maxfid
      selftest: Add tunable for smb2.maxfid limit
      smbtorture: Correctly initialize notify request in smb2.notify.tree
      smbd: Allow passing notify filter from inotify and fam
      notify_inotify: Move mapping table to top of file
      notify_inotify: Map inotify mask back to filter
      vfs_gpfs: Retry getacl with DAC capability if necessary
      smbd: Fix snapshot query on shares with DFS enabled
      idmap_ad: Fix retrieving credentials from clustered secrets.tdb
      winbind: Fix passing idmap failure from wb_sids2xids back to callers

Clive Ferreira (4):
      objectclass_attrs: correctly indent a comment
      typo: supprise -> surprise
      objectclass_attrs: Only abort on a missing attribute when an attribute is both MUST and replicated
      dbcheck: confirm RID Set presence and consistency

David Disseldorp (4):
      printing: use housekeeping period that matches cache time
      printing: handle "printcap cache time" change on HUP
      smbd/ioctl: match WS2016 ReFS get compression behaviour
      torture/ioctl: test compression responses when unsupported

Dirk Godau (2):
      drsuapi tests for DsBind with w2k8
      Extend DsBind and DsGetDomainControllerInfo to work with w2k8.

Douglas Bagnall (73):
      util/binsearch: macro for greater than or equal search
      util/tests: add test for BINARY_ARRAY_SEARCH_V macro
      ldb paged_results: quieten a warning.
      ldb controls: better error string for VLV control
      ldap VLV: memdup, not strdup VLV context_id
      vlv: better syntax for parsing greater than or equal strings
      ASN1: use a talloc context in read_contextSimple
      ldb controls: use uint8_t* for contextID binary blob
      asn1: make readContextSimple() add a NUL byte
      ldb_controls: add base64 option to VLV
      Add python server sort tests
      ldb sort: allow sorting on attributes not returned in search
      torture_ldap_sort: avoid segfault
      configure: set HAVE___ATTRIBUTE__ for heimdal
      ldb client controls: avoid talloc_memdup(x, y, (size_t)-1);
      ndr: avoid unnecessary searches of token list
      librpc ndr: add ndr_pull_steal_switch_value()
      ndr: Use ndr_steal to avoid long lists
      ndr: inline search for ndr_token_peek()
      ndrdump: add quiet flag
      Implement Virtual List View (VLV)
      ldb controls: don't ignore memory allocation failure
      ldb sort tests: point out a known fails against Windows
      dsdb sort test: avoid exception with fewer elements
      dsdb python tests: fix several usage strings
      ldb client controls: don't ignore failed memdup
      ldb controls: allow paged_search to use a cookie
      ldb_controls: avoid unnecessary unchecked talloc_asprintf()s
      util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons
      libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
      tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
      s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__
      mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__
      s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
      third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
      VLV: avoid name conflict with string.h's index()
      VLV: initialise struct using names for clarity
      VLV: handle empty results correctly
      VLV: test using restrictive expressions
      .gitignore: don;t accidentally ignore some files
      Fix formatting issue on 32bit with _FILE_OFFSET_BITS == 64
      python/join.py: Avoid unchecked print in error path
      source4/param/pyparam.c: fix strange indentation
      dsdb/common/util: remove some unnecessary str_list_length()s
      dsdb/common/util: be careful about zero length string lists
      dsdb schema_query: reduce calls to str_list_length
      source4/registry/local: avoid str_list_length() to check first element
      pytalloc: avoid double 0x0x in repr strings
      Python pidl: avoid segfault with "del obj->attr"
      tests/dcerpc/array.py: test deletion of arrays
      selftest: Enable samba.tests.dcerpc.array test
      tests/dcerpc: add tests for string allocation and deletion
      gitignore: ignore library bin directories
      python/tests/dns_forwarder: fix for python 2.6
      Remove unused stf directory
      s4/dsdb/repl_meta_data: use local bool version of flag
      replmd_modify_delete: check talloc_new()
      repl_meta_data: free context on error in replmd_modify_la_delete()
      dsdb: add vanish links control
      dsdb tests: add linked attribute tests
      drs tests: querying linked attribute over DRS
      dbcheck: cache linkIDs and reverse attribute names
      dbcheck: check for linked atributes that should not exist
      s4/selftest/provisions/dump.sh: dump to target dir if supplied
      blackbox/dbcheck-oldrelease: more accurate temp filename
      dbcheck linked attribute tests: save environment with bad links
      VLV tests: reduce test duplication hence elapsed time
      VLV tests: comment typo
      VLV: fix handling with show_deleted and similar controls
      VLV tests: add tests with show_deleted control
      VLV tests: remove vestigial pdb stub
      ldb_tdb index: fix whitespace
      KCC: Fix misnamed variable in DSA object

Evgeny Sinelnikov (1):
      rpc_server/drsuapi: Set msDS_IntId as attid for linked attributes if exists

Garming (1):

Garming Sam (153):
      tests: Allow alternative error code for backupkey test
      ldb controls: base64 encode VLV response context strings
      ldap VLV: use correct ASN.1 encoding for requests
      ldap: fix search control rule identifiers ASN.1 type
      ldap VLV: correct ASN1 parsing of VLV requests
      CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
      CVE-2016-0771: tests/dns: prepare script for further testing
      CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows
      CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour
      CVE-2016-0771: tests/dns: restore formerly segfaulting test
      CVE-2016-0771: tests/dns: Correct error code for formerly unrun test
      CVE-2016-0771: tests/dns: Add some more test cases for TXT records
      CVE-2016-0771: tests/dns: modify tests to check via RPC
      CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
      CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
      CVE-2016-0771: tests: rename test getopt to get_opt
      CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
      CVE-2016-0771: tests/dns: Remove dependencies on env variables
      tests: Allow alternative error code for backupkey test
      build: mark explicit dependencies on pytalloc-util
      sort: enable custom behaviour on critical control
      autobuild: Return the last 50 log lines
      rodc: Allow RODC preload to continue with invalid users
      tests/rodc: Check that preload will skip broken users
      tests/dsdb: Verify that only a new ldb affects reads of userPassword
      tests/passwords: fix a typo
      dbcheck: Avoid pathological behaviour in operational module
      dns: remove double talloc for strings
      dnsserver: Remove C++ style comment
      selftest: Remove an early return in the fl2003dc provision
      dns: modify dns forwarder param to be multi-valued
      tests/dns_forwarder: Add testing for DNS forwarding
      tests/dns: Add additional testing of CNAME handling
      tests/dns_forwarder: remove statically defined IPs
      tests/dns_forwarder: Add an extra test for inactive forwarders
      tests/dns_forwarder: Add additional testing for no flag recursive
      autobuild: Return the last 50 log lines
      autobuild: fix typo in autobuild success subject line
      manpages: Markup led to missing space
      typo: mplementation => implementation
      examples/crackcheck: allow compilation with current builds
      samr4: Remove talloc_asprintf leak onto mem_ctx
      drsuapi.idl: Add attid used in testing in idl
      tests/drs: cleanup some whitespace
      samba_dnsupdate: Fix typo in -no-substitutions name
      dns_server: Fix typo in dns_authoritative_for_zone() name.
      flapping: temporarily add samba_dnsupdate test
      tests/drs: extend getnc_exop test to check linked attributes
      tests/drs: make cleanup more robust
      tests/drs: assert sorted identifier GUIDs across getncchanges
      tests/drs: change sort order in tests to match Windows
      getncchanges: remove some whitespace
      getncchanges: sort with precalculated target guid array
      getncchanges: Match Windows on linked attribute sort
      flapping: remove samba_dnsupdate from flapping
      check-password-script: Allow AD to execute these scripts
      param: fix a typo emtpy -> empty
      tevent: typo in documentation
      typo: componemt => component
      typo: mandetory -> mandatory
      kerberos: Return enc data on PREAUTH_FAILED
      schema: Remove unnecessary schema reload code
      schema: raise debug level
      tests/dns_update: Add error message for diagnosis
      tests: Allow alternative error code for backupkey test
      dbcheck: Script swallows input when given a carriage return
      match_rules: Fix a duplicated check
      match_rules: Make cleanup faster and more efficient
      link_attrs: Add tests for one way links (and pseudo one-way)
      extended_dn_out: Force showing of one-way links if they exist
      flapping: Add dbcheck to flapping
      dbcheck: change argument to specify a partial --yes
      tests/dbcheck: One way links are expected to be stale
      dbcheck.sh: Fix the arguments supplied as $@
      dbcheck: Split out valid stale DN links and invalid ones
      dbcheck.sh: Remove all the plausible stale links
      flapping: Remove dbcheck from flapping
      renamedc: Make a more targeted dbcheck
      pytalloc: Add a warning about enable_null_tracking
      join.py: Remove talloc enable_null_tracking
      samba-tool: Speed up all samba-tool commands
      WHATSNEW: Samba-tool speed-up
      drepl: Fix a typo
      kcc: Make debug more scarce
      selftest: Add more information when KCC fails
      kcc: Prevent the KCC from doing work on the RODC
      samba_kcc: match translate connection from old KCC for RODC
      samba_kcc: match translate connection from old KCC for RWDC
      kcc: Make more fault tolerant on DC demotion
      dbcheck: Replica locations can now be leftover
      join.py: Ensure that all expressions are escaped
      join.py: Add Replica-Locations for DomainDNS and ForestDNS
      join.py: Don't add replica locations without the backend
      dbcheck/release-4-1-0rc3: Add a check regarding replica locations
      dbcheck: Add a rule regarding replica locations
      kcc: correct a typo in the debug messages
      samba_kcc: Enable the python samba_kcc
      WHATSNEW: Add the update for the samba kcc
      AddressSanitizer: Initialize for kcc_topology.c
      AddressSanitizer: Initialize for smbd/oplock.c
      AddressSanitizer: Initialize for vfs_fruit.c
      kcc: typo fix tupple => tuple
      kcc: fix a typo
      kcc: Add corresponding methods for repsTo
      kcc: Add a TODO for msDS[-RO]-Replica-Locations
      kcc: Clean up repsTo attribute for old DCs
      replmd: Check dsdb_dn for syntax errors
      valgrind: Avoid a warning about uninitialized memory
      msds_intid: Add test for (non-schema) linked attributes
      replmd: Remove data field on DSDB_CONTROL_REPLICATED_UPDATE_OID
      replmd: Send replicated update OID for forward links
      msds_intid: Add test for schema linked attributes
      getncchanges: Set is_schema_nc when EXOP_OBJ
      rpc_server/drsuapi: Don't set msDS_IntId as attid for linked attributes if schema
      tests/schemainfo: run dsdb schema info tests with proper URI
      replicated_objects: Add missing newline for debug
      drepl_out: Send the prefix map alongside the RODC partial attribute set
      drepl_out: Send the prefix map alongside the global catalog partial attribute set
      tests/getnc_exop: Ensure that all attids are valid in a given PAS
      tests/getnc_exop: Ensure the remote prefixmap is always used (secret attrs)
      tests/getnc_exop: Ensure the remote prefixmap is always used (name attr)
      tests/getnc_exop: PartialAttrSetEx test (passes Windows, fails us)
      getncchanges: Compute the partial attribute set from the remote schema
      tests/schemainfo: run dsdb schema info tests with proper URI
      replicated_objects: Add missing newline for debug
      drepl_out: Send the prefix map alongside the RODC partial attribute set
      drepl_out: Send the prefix map alongside the global catalog partial attribute set
      tests/getnc_exop: Ensure that all attids are valid in a given PAS
      tests/getnc_exop: Ensure the remote prefixmap is always used (secret attrs)
      tests/getnc_exop: Ensure the remote prefixmap is always used (name attr)
      tests/getnc_exop: PartialAttrSetEx test (passes Windows, fails us)
      getncchanges: Compute the partial attribute set from the remote schema
      kcc: Don't check schedule if None
      gc_tombstones: Typo fix
      torture: Remove unnecessary whitespace
      rpmd: Add the ldb error string to a debug
      rpmd: Remove the seq_num check for skipping additional work
      rpmd: Add a TODO regarding the additional work performed
      rpmd: Skip bump of USN when vanishing forward links
      tests: Assert vanishing links doesn't bump USN
      tombstone-expunge: Assert than an expunge does not bump the USN
      dbcheck: Make it clearer about temporary output
      tests: Check that USN bumps when modifying a linked attr
      tests: Skip a test for reveal internals for passing Windows
      dbcheck: assert uSNChanged values in release-4-5-0-pre1
      s4-auth: Don't check for NULL saltPrincipal if it doesn't need it
      doc: Add doxygen for functions in srv_keytab.c
      tombstones-expunge: Add a test for deleting links to recycled objects
      collect_tombstones: Allow links to recycled objects to be deleted
      upgradeprovision: Remove objectCategory from constructed attrs
      tests/getnc_exop: Finish a comment in getnc_exop.py
      tests/ridalloc_exop: Add a new suite of tests for RID allocation
      samba_tool/fsmo: Allocate RID Set when seizing RID manager

Günther Deschner (52):
      auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
      lib/socket/interfaces: Fix some uninitialied bytes.
      Partly revert "s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add"
      s3:libnet:libnet_join: prepare to allow connecting with machine creds.
      s3:libads:ldap: print LDAP error message with log level 10.
      s3:libads:ndr: add ADS_AUTH_USER_CREDS to ndr_print_ads_auth_flags()
      s3:libads:ldap: fix ads_check_ou_dn to deal with account_ou not being initialized
      s3:libnet:libnet_join: always try to create machineaccount via LDAP first.
      s3:librpc:idl:libnet_join: add encryption types to libnet_JoinCtx.
      s3:libnet:libnet_join: define list of desired encryption types only once.
      s3:libnet:libnet_join: fill in output enctypes and only modify when necessary.
      s3:libnet:libnet_join: update msDS-SupportedEncryptionTypes (if required) with machine creds.
      param: add parameter "server multi channel support", defaults to off.
      s3:winbindd:idmap_hash: skip domains that already have their own idmap configuration.
      s3:winbindd:idmap: check loadparm in domain_has_idmap_config() helper as well.
      wscript: detect if we have libkdb5 and kdb.h.
      s4-kdc: Introduce a simple sdb_kdb shim layer
      mit_samba: Use sdb in the mit_samba plugin
      mit_samba: Use talloc_zero in mit_samba_context_init().
      mit-kdb: Do not overwrite the error code in failure case.
      mit-kdb: Use calloc so both authdata elements are zeroed
      mit-kdb: Use calloc to initialize master keylists.
      mit-kdb: Return 0 in kdb_samba_db_put_principal()
      mit-kdb: Restrict admin/changepw principal db_entry with some flags
      s4-smb_server: check for return code of cli_credentials_set_machine_account().
      s3-auth: check for return code of cli_credentials_set_machine_account().
      s3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.
      libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.
      torture:smb2: add test for checking sequence number wrap around.
      lib/torture: add torture_assert_u64_not_equal_goto macro
      s4:torture:smb2:rename.c: Fix file permissions.
      CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
      lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
      s3:librpc:crypto:gse: increase debug level for gse_init_client().
      libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().
      s3:client:smbspool_krb5_wrapper: fix the non clearenv build.
      s3-winbind: Fix schannel connections against trusted domain DCs
      s3-libnet: Print error string even on successfuly completion of libnetjoin.
      s3:libnet: accept empty realm for AD domains when only security=domain is set.
      librpc: add decode_netlogon_samlogon_response_packet for mailslot debugging.
      torture: show the first differing byte and a dump in torture_assert_data_blob_equal().
      s4-torture: rename torture_suite_add_ndr_pullpush_test to torture_suite_add_ndr_pull_validate_test.
      krb5pac: no need for a noprint PAC_BUFFER.
      s4-torture: add ndr krb5pac testsuite.
      s4-torture: add another krb5pac buffer to the ndr test.
      s4-torture: add new torture_assert_krb5_error_equal macro.
      s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.
      s4-torture: test GetPrinterData with server handle and 0 keylength.
      s3-spoolss: fix _spoolss_GetPrinterDataEx by moving the keyname lengthcheck.
      s3-spoolss: fix winreg_printer_ver_to_qword
      spoolss: Use correct values for secdesc and devmode pointers
      s4-torture: add spoolss_SetPrinter ndr test to validate secdesc_ptr

Hemanth Thummala (2):
      Mask general purpose signals for notifyd.
      Fix memory leak in share mode locking.

Herwin Weststrate (1):
      Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth

Ira Cooper (4):
      lib:dlinklist: avoid -Wtautological-compare errors with gcc6
      ldb:dlinklist: avoid -Wtautological-compare errors with gcc6
      source3/wscript: Add support for disabling vfs_cephfs
      buildscripts: Fix the regression with --without-acl-support.

Ivo De Decker (1):
      Add build option for default smbpasswd location

Jeremy Allison (176):
      CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
      CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
      CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
      CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
      CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
      CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
      CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
      CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
      CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
      CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
      CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
      CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
      s3:lib. Add split_stream_filename() Not yet used.
      s3:lib: Rewrite synthetic_smb_fname_split() to use split_stream_filename().
      s3:lib: Remove the const SMB_STRUCT_STAT * parameter from synthetic_smb_fname_split().
      s3:lib: Move internal lp_posix_pathnames() call out of utility function synthetic_smb_fname_split().
      s3: smbd: Simplify logic inside rename_internals_fsp() part 1.
      s3: smbd: Simplify logic inside rename_internals_fsp() part 2
      s3: smbd: Remove the last lp_posix_pathnames() in the rename path.
      s3:smbd: Fix build for vfs_aixacl2.c.
      s3:smbd:vfs: Change smb_get_nt_acl_nfs4() to take a const struct smb_filename *.
      s3:smbd:vfs: Change posix_get_nt_acl() from const char * to const struct smb_filename *.
      s3:vfs: Change smbacl4_GetFileOwner() to take const struct smb_filename * from const char *.
      s3: vfs: vfs_hpuxacl. refuse_symlink() means we can always use STAT here.
      s3: vfs: vfs_solarisacl. refuse_symlink() means we can always use STAT here.
      s3:vfs: vfs_streams_xattr.c - Remove duplicate code. This is exactly vfs_stat_smb_basename().
      s3:vfs: vfs_streams_xattr.c: Change walk_xattr_streams() to const struct smb_filename * from const char *.
      s3: smbd: Reformatting - remove unneeded const char *fname variable.
      s3: smbd: Change canonicalize_ea_name() to take a const smb_filename * parameter from const char *.
      s3:smbd: Change get_ea_list_from_file_path() to take a const smb_filename * parameter from const char *.
      s3:smbd: Change get_ea_names_from_file() to take a const smb_filename * parameter from const char *.
      s3:smbd: Change refuse_symlink() to take a const smb_filename * parameter from const char *.
      s3:vfs: Change get_acl_blob() to take a const smb_filename * parameter from const char *.
      s3: vfs: vfs_xattr_tdb - cleanup. Remove unneeded variable "path".
      nsswitch: linux: Remove use of strcpy().
      examples: Remove all uses of strcpy in examples (except for validchr.c).
      lib:tdb: Remove use of strcpy in tdb test.
      nsswitch: winbind_nss_aix: Remove all uses of strcpy.
      nsswitch: winbind_nss_solaris.c: Remove unused macro containing strcpy.
      s3:smbd: Fix build for vfs_afsacl.c.
      s3: vfs: vfs_afsacl. refuse_symlink() means we can always use STAT here.
      s3:smbd: Move lp_posix_pathnames() out of ea_list_has_invalid_name().
      s3: smbd: Add uint32_t flags field to struct smb_filename.
      s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
      s3: vfs: Remove use of lp_posix_pathnames() below the VFS.
      s3: posix_acls. Always use STAT, not LSTAT here.
      s3: smbd: Remove unneeded lp_posix_pathnames() check in SMB2 create.
      s3: smbd: Remove many common uses of lp_posix_pathnames().
      s3: vfs: recycle. Remove use of vfs_stat_smb_basename().
      s3: vfs: vfs_acl_tdb. Remove use of vfs_stat_smb_basename().
      s3: smbd: Modify vfs_stat_smb_basename() to take a const struct smb_filename * instead of const char *.
      s3: torture. Remove spurious lp_posix_pathnames() included by cut-and-paste error.
      s3: smbd: DFS - Remove the last lp_posix_pathnames() from the SMB2/3 code paths.
      s3: smbd: DFS: Pass uint32_t ucf_flags through into resolve_dfspath_wcard().
      s3: smbd: DFS: Pass uint32_t ucf_flags through into dfs_redirect().
      s3: smbd: DFS: Pass uint32_t ucf_flags through into unix_convert().
      s3: vfs: Use the new VFS functions for setting and getting DOS attributes.
      lib:replace: Missing semicolon on function definition.
      s3: vfs: full_audit. Sort vfs fn list and add comments on missing entries.
      s3: vfs: full_audit. Add missing get_dfs_referrals_fn().
      s3: vfs: full_audit. Add missing fsctl_fn().
      s3: vfs: full_audit. Add audit_file_fn().
      s3: vfs: full_audit. Implement missing durable_XXX functions.
      s3: vfs: Sort vfs function entries in vfs_time_audit.
      s3: vfs: time_audit. Add missing get_dfs_referrals().
      s3: vfs: time_audit. Add missing fsctl().
      s3: vfs: time_audit: Add get/fget/set/fset dos_attributes functions.
      s3: vfs: time_audit. Add missing audit_file().
      s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1.
      CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
      lib: dns: Clean up allocated structure on error exit.
      s3: locking: Rename xxx_windows_lock_ref_count to xxx_lock_ref_count.
      s3: locking: Add some const.
      s3: locking: Add a const struct lock_context * paramter to set_posix_lock_posix_flavour()
      s3: locking: Convert on the wire behavior of POSIX (UNIX extensions) locks from process-associated locks to open file description locks.
      s3: torture: Add POSIX-OFD-LOCK test.
      s3: lib: Add 'int op' parameter to fcntl_getlock().
      s3: VFS: Add bool use_ofd_locks member to struct files_struct.
      s3: lib: util: Add map_process_lock_to_ofd_lock() utility function.
      s3: VFS: Map process-associated lock operation to open file description lock operation.
      s3: wscript: Add checks for open file description locks.
      s3: libsmb: Add sync and async cli_posix_whoami().
      s3: smbclient: Add posix_whoami command.
      s3: docs: Add documentation for posix_whoami command in smbclient.
      s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
      s3: lib: ldap: Use struct sockaddr_storage to cope with IPv6.
      lib: tevent: Use struct sockaddr_storage to cope with IPv6.
      lib: Fix uninitialized read in msghdr_copy
      s3: krb5: keytab - The done label can be jumped to with context == NULL.
      s4: dns: Correctly check for talloc failure.
      s4: libcli: Internal SMB1 pid is already stored as and uses 32-bits. Correct getpid() cast.
      s3: libsmb: Widen the internal client smb1.pid to 32-bits as is used on the wire and in libcli/smb/smb1*.c
      s3: torture: Add test that proves Win2k12 correctly returns pidlow and pidhigh in SMB1 requests.
      s3: smbd: Remove unused 'req' argument from setup_readX_header()
      s3: smbd: Make setup_readX_header() externally accessible
      s3: smbd: Use common function setup_readX_header() in aio read code.
      s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
      s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
      s3: libsmb: Correctly trim a trailing \\ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
      s3: tldap: Remove asynchronous calls to gensec_update_send()/_recv() as for the spnego backend they're synchronous anyway.
      s3: tldap: Make tldap_gensec_bind_send()/tldap_gensec_bind_recv() static.
      s3: tdb: On some platforms pthread_mutex_trylock() returns EBUSY not EDEADLK.
      s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.
      lib: talloc: Rename talloc_XXX() internal functions that take a 'struct talloc_chunk *' to tc_XXX().
      s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.
      s3: torture: Regression test case to specify exactly how UNIX extensions should act on files with streams.
      s4: torture: Don't crash if connections fail and treeXX variables are left as NULL.
      WHATSNEW. Add text for Open File Description (OFD) locks.
      s3: smbd: vfs: Remove any stale xattr values during file/directory create in vfs_xattr_tdb()
      s4: messaging: Remove bool auto_remove parameter from imessaging_init().
      s4: repl: Ensure all error paths in dreplsrv_op_pull_source_get_changes_trigger() are protected with tevent returns.
      smbd: oplock: Fixup debug messages inside remove_oplock().
      smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock().
      s3: oplock: Fix race condition when closing an oplocked file.
      s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss.
      libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path.
      s3: vfs: shadow_copy2: Re-use an existing variable already set to the right value (p - name).
      s3: vfs: shadow_copy2. Remove any trailing slash when stripping @GMT-YYYY... from the end of a path.
      s3: vfs: shadow_copy2: Replace all uses of (p-name) with len_before_gmt.
      s3: vfs: snapper: Add and use len_before_gmt, calculated as (p-name).
      s3: vfs: snapper: Fix snapper_gmt_strip_snapshot() function to strip @GMT token identically to shadow_copy2.c:shadow_copy2_strip_snapshot()
      s3: SMB1: Add missing FLAGS2 definitions from MS-SMB.
      s3: libsmb: Add uint16_t additional_flags2 arg to cli_smb_send().
      s3: libsmb: Add uint16_t addtional_flags2 to cli_trans_send().
      s3: libsmb: Add uint16_t addtional_flags2 to cli_smb_req_create().
      s3: libsmb: Add clistr_is_previous_version_path()
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setpathinfo_send().
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_qpathinfo_send()
      s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rename_send().
      s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntrename_internal_send().
      s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_unlink_send().
      s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_mkdir_send().
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rmdir_send()
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntcreate1_send().
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_nttrans_create_send().
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_openx_create().
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_getatr_send().
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setatr_send().
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_chkpath_send().
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ctemp_send().
      s3: libsmb: Make a comment note that cli_set_ea() needs some internal changes before cli_set_ea_path() can use previous path versions.
      s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_list_trans_send().
      s3: libsmb: Correctly set max_setup_size in FSCTL_GET_SHADOW_COPY_DATA nttrans ioctl.
      s3: libsmb: Do some hardening in the receive processing of cli_shadow_copy_data_recv().
      s3: smbclient: In order to get shadow copy data over SMB1 we must call cli_shadow_copy_data() twice.
      s3: smbclient. Ensure we don't crash by freeing uninitialized *snapshots.
      s3: libsmb: Correctly align create contexts in a create call.
      s3: libsmb: Add return args to clistr_is_previous_version_path().
      s3: libsmb: Add cli_smb2_shadow_copy_data() function that gets shadow copy info over SMB2.
      s3: libsmb: Plumb new SMB2 shadow copy call into cli_shadow_copy_data().
      s3: libsmb: Add the capability to find a @GMT- path in an SMB2 create and transform to a timewarp token.
      s3: vfs: Fix compilation error on Solaris.
      lib/poll_funcs: free contexts in poll_funcs_state_destructor()
      lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.
      s3: winbind: Make WBC_AUTH_USER_LEVEL_PAC prime the name2sid cache.
      s3: auth: Use wbcAuthenticateUserEx to prime the caches.
      s3: winbind: refresh_sequence_number is only ever called with 'false'.
      s3: winbind: Trust name2sid mappings from the PAC.
      s3: winbind: Ensure we store name2sid with the correct cache sequence number.
      s3: nmbd: Add fd, triggered elements to struct socket_attributes.
      s3: nmbd: Ensure attrs array mirrors fd's array for dns.
      s3: nmbd: Now attrs array mirrors fd's array use it in preference.
      s3: nmbd: Add (currently unused) timeout and fd handlers.
      s3: nmbd: Add a talloc_stackframe().
      s3: nmbd: Change over to using tevent functions from direct poll.
      s3: nmbd: Final changeover to stock tevent for nmbd.
      s3: winbind: Remove dump_event_list() calls.
      s3: server: s3_tevent_context_init() -> samba_tevent_context_init()
      s3: events. Move events.c to util_event.c
      s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.
      s3: libsmb: Fix cut and paste error using the wrong structure type.
      s3: torture: vfstest. unlink cmd must be stream aware.
      s3: vfs: Remove files/directories after the streams are deleted.
      s3: selftest: Add test for orphan 'lost-XXX' directories in streams_depot.
      s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
      s3/smbd: fix the last resort check that sets the file type attribute

Jim McDonough (1):
      winbind: honor 'socket options' in winbind

Jorge Schrauwen (1):
      configure: Don't check for inotify on illumos

Jose A. Rivera (11):
      ctdb-scripts: Avoid dividing by zero in memory calculation
      ctdb-scripts: Various small fixes to example nfs-ganesha-callout
      ctdb-scripts: Organize global variables in nfs_ganesha_callout
      ctdb-scripts: Add register action to nfs-ganesha-callout
      ctdb-scripts: Use D-Bus messages to trigger grace in nfs-ganesha-callout
      ctdb-scripts: Cleanup service_check() in nfs-ganesha-callout
      ctdb-scripts: Parametize symlink checking in nfs-ganesha-callout
      ctdb-scripts: Add config options for use by clustered NFS
      ctdb-scripts: Section off GPFS-specific functionality in nfs-ganesha-callout
      ctdb-scripts: Add GlusterFS support to nfs-ganesha-callout
      krb5_wrap: Fix build error when not using heimdal.

Jérémie Courrèges-Anglas (2):
      Fix CHECK_CODE usage in atomics builtin detection
      Provide fallback code for non-portable clearenv(3)

Karolin Seeger (11):
      WHATSNEW: Start release notes for Samba 4.5.0rc2.
      docs: Bump version up to 4.5.
      WHATSNEW: Add changes since rc1.
      VERSION: Disable git snapshots for the 4.5.0rc2 release.
      VERSION: Bump version up to 4.5.0rc3...
      WHATSNEW: Add release notes for Samba 4.5.1.
      VERSION: Disable git snapshots for the 4.5.1 release.
      VERSION: Bump version up to 4.5.2...
      Revert "script/release.sh: use 8 byte gpg key ids"
      WHATSNEW: Add release notes for Samba 4.5.2.
      VERSION: Disable git snapshots for the 4.5.2 release.

Lorinczy Zsigmond (1):
      lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.

Mantas Mikulėnas (1):
      samr4: Use <SID=%s> in GetAliasMembership

Marc Muehlfeld (6):
      man: Wrong option for parameter ldap ssl in smb.conf man page
      WHATSNEW.txt: Added more details about multiple DNS forwarders
      Added Wiki link to replPropertyMetaData Changes section
      Removed upgrading-samba4.txt
      Added Wiki link to replPropertyMetaData Changes section
      Removed upgrading-samba4.txt

Martin Schwenke (377):
      ctdb-tests: Fix description of NFS tickle test
      ctdb-tests: Fix CIFS tickle test
      ctdb-tests: Re-indent and re-format some functions
      ctdb-tests: Allow tcptickle_sniff_wait_show() to filter by MAC address
      ctdb-tests: Add a new NFS tickle test for the releasing node
      ctdb-doc: Drop outdated NEWS file
      ctdb-tools: Drop "ctdb rebalanceip"
      ctdb-tools: Drop "ctdb rebalancenode"
      ctdb-recoverd: Drop use of DeferredRebalanceOnNodeAdd tunable
      ctdb-tunables: Mark tunable DeferredRebalanceOnNodeAdd obsolete
      ctdb-daemon: Validate length of new interface names
      ctdb-daemon: Replace an unsafe strcpy(3) call
      ctdb-util: Move rb_tree.c to ctdb-util
      ctdb-tests: Link ctdb-util instead of including
      ctdb-killtcp: Use the given event context directly
      ctdb-killtcp: Determine the interface as soon as vnn is known
      ctdb-killtcp: Avoid CTDB_NO_MEMORY()
      ctdb-killtcp: Change struct ctdb_tcp_kill to store arbitrary destructor data
      ctdb-killtcp: Factor out ctdb_killtcp()
      ctdb-killtcp: Factor out killtcp code into separate file.
      ctdb-killtcp: Avoid unnecessary dependency on lib/util/time.h
      ctdb-killtcp: Simplify includes by using ctdb_sock_addr_to_string()
      ctdb-killtcp: New helper ctdb_killtcp
      ctdb-scripts: Add interface argument to kill_tcp_connections()
      ctdb-scripts: Use ctdb_killtcp helper to kill connections
      ctdb-tools: Drop "ctdb killtcp" command
      ctdb-client: Drop killtcp client functions
      ctdb-daemon: Remove implementation of CTDB_CONTROL_KILL_TCP
      ctdb-protocol: Drop killtcp protocol support
      ctdb-killtcp: Merge "common" killtcp code into helper
      ctdb-killtcp: Drop check to see if capture socket can be read
      ctdb-killtcp: Drop unnecessary casts
      ctdb-killtcp: Don't send initial tickle ACK during setup
      ctdb-killtcp: Set debug level via environment variable CTDB_DEBUGLEVEL
      ctdb-killtcp: Clarify a debug message
      ctdb-system: Return window size and RST bit when reading TCP packets
      ctdb-killtcp: Filter out sent packets
      ctdb-killtcp: Keep track of number of kill attempts and maximum allowed
      ctdb-killtcp: Don't count attempts for individual connections
      ctdb-killtcp: Store retry interval in killtcp structure
      ctdb-killtcp: Send tickle ACKs in batches
      ctdb-killtcp: Change default retry interval, batch size and attempts
      ctdb-scripts: die() should output to stderr
      ctdb-scripts: Drop hardcoded /sbin and /proc paths in LVS eventscript
      ctdb-scripts: LVS eventscript error redirection improvements
      ctdb-scripts: Drop "recovered" event from 91.lvs
      ctdb-tests: Allow scope to be specified in "ip addr add" stub
      ctdb-tests: Add loopback support for "ip link show" stub
      ctdb-tests: Add 32-bit netmask support to "ip addr show" stub
      ctdb-tests: Add ipvsadm test stub
      ctdb-tests: LVS support for ctdb tool stub
      ctdb-tests: Add unit tests for LVS eventscript
      ctdb-scripts: LVS eventscript cleanups
      ctdb-tools: Add new ctdb_lvs helper
      ctdb-scripts: Move ctdb_get_ip_address() to functions file
      ctdb-scripts: Call out to ctdb_lvs helper from 91.lvs
      ctdb-scripts: Add monitoring of CTDB_LVS_PUBLIC_IFACE
      ctdb-tool: Change ctdb lvs/lvsmaster CLI commands to use ctdb_lvs helper
      ctdb-tools: Change ctdb CLI to have a single "lvs" command
      ctdb-scripts: Simplify "ctdb lvs ..." output
      ctdb-daemon: Drop --single-public-ip option and related code
      ctdb-daemon: Drop --lvs option and support for CTDB_CAP_LVS
      ctdb-daemon: Log a message when fork(2) fails
      ctdb-scripts: Missing NFS thread count file should just produce warning
      ctdb-scripts: Use ss instead of netstat for finding TCP connections
      ctdb-tools: Remove simple uses of strcpy(3)
      ctdb-tools: Fix a dangling reference to the LVS capability
      ctdb-scripts: Improve error messages when using NFS service_check_cmd
      ctdb-daemon: Move port filtering to server side when getting tickles
      ctdb-ipalloc: Do ipreallocated even if no IP addresses can be allocated
      ctdb-scripts: Fix incorrect comment
      ctdb-scripts: Tweak NAT gateway list output format
      ctdb-scripts: Drop node count from "ctdb natgw status" output
      ctdb-tools: Add top-level "ctdb natgw" command
      ctdb-tests: Make ctdb natgw tool tests cover all the desired outputs
      ctdb-tools: Drop "ctdb natgwlist"
      ctdb-tools: Drop onnode node specifications for recmaster/lvs/natgw
      ctdb-build: ctdb-system depends on samba-util for debug
      ctdb-recovery: Rename recovery lock functions and struct
      ctdb-recovery: Use single char ASCII numbers for status from child
      ctdb-recovery: Factor out new function set_recmode_handler()
      ctdb-recovery: Use a configurable handler when testing cluster mutex
      ctdb-recovery: Factor out reclock testing into ctdb_cluster_mutex()
      ctdb-recovery: Add optional timeout argument to ctdb_cluster_mutex()
      ctdb-tools: Simplify "ctdb getreclock" output
      ctdb: Add new helper ctdb_mutex_fcntl_helper
      ctdb-recovery: Switch ctdb_cluster_mutex() to use helper
      ctdb-recovery: Kill cluster mutex helper with a signal that can be caught
      ctdb-recovery: Reimplement ctdb_recovery_lock() using ctdb_cluster_mutex()
      ctdb-recovery: Parse recovery lock setting
      ctdb-recovery: Recovery lock setting can now include helper command
      ctdb_recovery: ctdb_cluster_mutex() now takes an argstring argument
      ctdb-recovery: Factor out setting of cluster mutex handler
      ctdb-cluster-mutex: Factor out cluster mutex code
      ctdb-recovery: Move recovery lock functions to recovery daemon code
      ctdb-recovery: Move recovery lock latency updating to handler
      ctdb-doc: Document cluster mutex helper API
      ctdb-doc: Fix example NFS Ganesha recovery directory maintenance logic
      ctdb-recover: Avoid duplicate deferred attach processing
      ctdb-daemon: Don't use CTDB_SRVID_TAKEOVER_RUN_RESPONSE
      ctdb-protocol: Drop unused CTDB_SRVID_TAKEOVER_RUN_RESPONSE
      ctdb-recoverd: Drop unreachable code
      ctdb-recoverd: Simplify return values when updating local flags
      ctdb-recoverd: Call election when necessary in recovery master validation
      ctdb-recoverd: Check that IP failover is active in IP verification
      ctdb-recoverd: Skip known IP address checking when it is disabled
      ctdb-recoverd: Clean up local IP verification
      ctdb-recoverd: Fold IP allocation house-keeping into IP verification
      ctdb-takeover: Drop ipreallocated fallback code
      ctdb-takeover: PNN can be used to index into node map
      ctdb-takeover: Takeover callback data doesn't need a node map
      ctdb-takeover: New function takeover_callback_data_init()
      ctdb-takeover: Use the takeover_run_fail_callback() in more cases
      ctdb-takeover: Have the takeover fail callback log a message
      ctdb-takeover: Send banning credit messages from fail callback
      ctdb-takeover: Count takeover run failures
      ctdb-takeover: Only apply banning credits to the worst offender
      ctdb-takeover: Recovery daemon no longer passes fail callback
      ctdb-takeover: Do not set node unhealthy when "takeip" fails
      ctdb-recoverd: Drop explicit check to flag takeover run needed
      ctdb-recoverd: Move takeover run checks after recover checks
      ctdb-recoverd: Drop an unnecessary log message
      ctdb-recoverd: Add early return in srvid_requests_reply()
      ctdb-recoverd: Unify takeover run triggering code in main loop
      ctdb-scripts: Support systemctl directly
      ctdb-scripts: Drop unnecessary detect_init_style() call
      ctdb-scripts: New functions ip_block() and ip_unblock()
      ctdb-scripts: Rename get_iface_ip_maskbits_family() to get_iface_ip_maskbits()
      ctdb-tests: Drop no-op functions and add an ip6tables stub
      ctdb-scripts: Simplify ip_maskbits_iface()
      ctdb-tests: Allow local daemons to be run under valgrind
      ctdb-tests: Make sure empty override values are properly quoted
      ctdb-common: Use correct macro for checking Ethernet hardware family
      ctdb-tests: Replace "ctdb setrelock" test with "ctdb getreclock" test
      ctdb-tool: Drop support for "ctdb setreclock" command
      ctdb-recovery: Consistency check reclock in start recovery control
      ctdb-recovery: Don't sync recovery lock across cluster
      ctdb-recovery: Don't update recovery lock from daemon
      ctdb-client: Remove support for SET_RECLOCK
      ctdb-protocol: Drop support for SET_RECLOCK
      ctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete
      ctdb-daemon: Drop function ctdb_set_recovery_lock_file()
      ctdb-daemon: Rename recovery lock file to just recovery lock
      ctdb-recoverd: Don't expose internal cluster mutex status
      ctdb-recoverd: Fix buggy function return on memory allocation failure
      ctdb-cluster-mutex: Don't call the supplied hander more than once
      ctdb-recoverd: No need to reset reclock handler
      ctdb-cluster-mutex: Pass a talloc context to allocate the handle off
      ctdb-recoverd: Recovery lock handle should be in recovery deamon context
      ctdb-recoverd: Simplify reclock handler
      ctdb-recovery: Wrap private data for reclock test callback
      ctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments
      ctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data
      ctdb-cluster-mutex: Register an extra handler for when mutex is lost
      ctdb-recoverd: Add handler for lost recovery lock
      ctdb-recoverd: Release recovery lock on exit
      ctdb-scripts: Move NFS callout-related code to functions file
      ctdb-scripts: Add eventscript 06.nfs
      torture: Add tests for trim_string()
      lib/util: Optimise trim_string() to use a single memmove(3)
      ctdb-tests: Remove unused tests from IP takeover test harness
      ctdb-tests: Simplify read_ctdb_public_ip_info() using new function add_ip()
      ctdb-tests: Don't bother setting all_ips
      ctdb-tests: Drop all_ips argument from read_ctdb_public_ip_info()
      ctdb-tests: Drop CTDB_TEST_MAX_IPS
      ctdb-tests: read_ctdb_public_ip_info() reads all test input
      ctdb-tests: Assign known and available arrays via pointers.
      ctdb-tests: Build a node map instead of a hacky node flags array
      ctdb-tests: Drop CTDB_TEST_MAX_NODES
      ctdb-ipalloc: Move if-statement with broken condition
      ctdb-ipalloc: Drop an unnecessary check
      ctdb-ipalloc: Do not use node count or PNNs from CTDB context
      ctdb-ipalloc: Drop a use of CTDB_NO_MEMORY_NULL()
      ctdb-ipalloc: Drop remote IP verification
      ctdb-recoverd: Drop code to change the IP assignment tree
      ctdb-tools: Don't bother sending CTDB_SRVID_RECD_UPDATE_IP
      ctdb-ipalloc: Drop code to update IP assignment tree
      ctdb-ipalloc: Don't build a global IP tree
      ctdb-ipalloc: Clean up reloading of remote public IPs
      ctdb-ipalloc: Remove function ctdb_reload_remote_public_ips()
      ctdb-ipalloc: New function ipalloc_set_public_ips()
      ctdb-ipalloc: Move create_merged_ip_list() into ipalloc
      ctdb-ipalloc: Drop known public IPs from IP allocation state
      ctdb-ipalloc: New function ipalloc_can_host_ips()
      ctdb-ipalloc: Fix buggy short-circuit when no IPs are available
      ctdb-ipalloc: Make no_ip_failback a boolean
      ctdb-ipalloc: Pass extra data to IP allocation state initialisation
      ctdb-ipalloc: Move ipalloc state initialisation to ipalloc.c
      ctdb-ipalloc: Switch set_ipflags_internal() to use a new-style node map
      ctdb-ipalloc: Move set_ipflags_internal() to ipalloc
      ctdb-ipalloc: ipalloc() returns public IP list
      ctdb-ipalloc: IP allocation state is now an opaque structure
      ctdb-tests: Drop use of CTDB context from takeover test
      ctdb-tests: Allow takeover tests to be run under valgrind
      ctdb-ipalloc: Drop implicit dependency on ctdb-common
      ctdb-tests: Link to ctdb-ipalloc instead of using ctdbd_test.c
      ctdb-scripts: Drop optional argument to nfs_check_services()
      ctdb-scripts: Export CTDB_BASE in functions file
      ctdb-scripts: Update script boilerplate to avoid shellcheck warnings
      ctdb-scripts: Fix incorrect variable reference
      ctdb-scripts: Fix incorrect variable reference
      ctdb-scripts: Use globs instead of ls to list files
      ctdb-scripts: Fix incorrect variable reference
      ctdb-scripts: Quote some variable expansions
      ctdb-client: Fix incorrect variable reference
      ctdb-client: Fix access after free error
      ctdb-tools: Avoid uninitialised memory access
      ctdb-scripts: Fix a bug in counter checking
      ctdb-tests: Add reclock event script tests
      ctdb-tests: Add new vsftpd event script test
      ctdb-tests: Add new httpd event script test
      ctdb-tests: New event script test for corrupt TDB checking
      ctdb-scripts: Drop use of ctdb_standard_event_handler()
      ctdb-scripts: Event script indentation and whitespace cleanups
      ctdb-scripts: Drop use of service_tcp_ports
      ctdb-scripts: Drop use of ctdb_check_counter from httpd event script
      ctdb-scripts: Drop use of ctdb_check_counter from reclock event script
      ctdb-scripts: Drop use of ctdb_check_counter from vsftpd event script
      ctdb-scripts: Drop function ctdb_check_counter()
      ctdb-scripts: Avoid shellcheck warning SC2016 ($ in single quotes)
      ctdb-scripts: Avoid shellcheck warnings SC2030, SC2031 (subshell variables)
      ctdb-scripts: Avoid shellcheck warning SC2004 ($ in arithmetic)
      ctdb-scripts: Avoid shellcheck warning SC2034 (unused variables)
      ctdb-scripts: Avoid shellcheck warnings SC2046, SC2086 (double-quoting)
      ctdb-scripts: Avoid shellcheck warning SC2154 (unassigned variables)
      ctdb-scripts: Avoid shellcheck warning SC1004 (backslash in quotes)
      ctdb-scripts: Avoid shellcheck warning SC2017 (arithmetic precision)
      ctdb-scripts: Avoid shellcheck warning SC2002 (useless cat)
      ctdb-scripts: Avoid shellcheck warnings SC2119, SC2120 (function arguments)
      ctdb-scripts: Avoid shellcheck warning SC2015 (A && B || C)
      ctdb-scripts: Avoid shellcheck warning SC2039 (type command)
      ctdb-scripts: Avoid shellcheck warning SC2039 (echo -n)
      ctdb-scripts: Avoid shellcheck warning SC2094 (read/write same file)
      ctdb-scripts: Avoid shellcheck warning SC2039 (test -nt operator)
      ctdb-scripts: Avoid shellcheck warning SC2039 (non-portable ulimit options)
      ctdb-scripts: Avoid shellcheck warning SC2038 (find without -print0)
      ctdb-scripts: Avoid shellcheck warning SC2012 (ls for file list)
      ctdb-scripts: Avoid chellcheck warning SC2012 (ls for file list)
      ctdb-scripts: Avoid shellcheck warning SC2059 ($ in printf format)
      ctdb-scripts: Avoid shellcheck warning SC2155 (declare, assign)
      ctdb-scripts: Avoid shellcheck warning SC2124 (string=array)
      ctdb-scripts: Avoid shellcheck warning SC2006 (legacy `..`)
      ctdb-tests: Add new test support script for script install paths
      ctdb-tests: Add shellcheck test suite
      ctdb-doc: Drop documentation for "ctdb setmonmode"
      ctdb-doc: Drop documentation for "ctdb xpnn"
      ctdb-doc: Update allowed debug levels to include "ERROR"
      ctdb-doc: Document limitation of "ctdb reloadips"
      ctdb-tests: Require setup_ctdbd() call in tool tests
      ctdb-tests: Clean up temporary files in tool tests
      ctdb-tests: Allow fake_ctdbd and tool to be run under valgrind in tool tests
      ctdb-tests: Allow secondary tool commands to be tested
      ctdb-tests: Have fake_ctdbd log request IDs
      ctdb-tests: Error on invalid destnode in fake_ctdbd
      ctdb-tests: Drop a "ctdb reloadnodes" tool test
      ctdb-tests: Add "ctdb ifaces" tool test
      ctdb-tests: Add "ctdb ping" tool test
      ctdb-tests: Add "ctdb recmaster" tool tests
      ctdb-tests: Add "ctdb uptime" tool test
      ctdb-tests: Add "ctdb process-exists" tool test
      ctdb-tools: Simplify "ctdb getpid" output format
      ctdb-tests: Add "ctdb getpid" tool test
      ctdb-tools: Simplify "ctdb pnn" output format
      ctdb-tests: Add "ctdb pnn" tool test
      ctdb-tools: Simplify "ctdb getdebug" output format
      ctdb-tests: Add "ctdb setdebug" tool tests
      ctdb-tests: Add "ctdb runstate" tool tests
      ctdb-tests: Add "ctdb listvars/getvar/setvar" tool tests
      ctdb-tests: Add "ctdb setifacelink" tool tests
      ctdb-tools: Simplify "ctdb getmonmode" output format
      ctdb-tests: Add "ctdb getmonmode/disablemonitor/enablemonitor" tool tests
      ctdb-tests: Implement GET_RECLOCK_FILE control in fake_ctdbd
      ctdb-tests: Add "ctdb getreclock" tool tests
      ctdb-tests: Implement STOP_NODE and CONTINUE_NODE controls in fake_ctdbd
      ctdb-tests: Implement TAKEOVER_RUN message in fake_ctdbd
      ctdb-tests: Add "ctdb stop/continue" tool tests
      ctdb-tests: Implement SET_BAN_STATE control in fake_ctdbd
      ctdb-tests: Add "ctdb ban/unban" tool tests
      ctdb-tests: Implement MODIFY_FLAGS control in fake_ctdbd
      ctdb-tests: Add "ctdb disable/enable" tool tests
      ctdb-tools: Simplify "ctdb getdbseqnum" output format
      ctdb-tests: Implement database related controls in fake_ctdbd
      ctdb-tests: Add database related tool tests
      WHATSNEW: CTDB updates
      ctdb-doc: Integrate ctdb_diagnostics man page into build
      ctdb-doc: ctdb_diagnostics(1) tweaks and cross-references
      ctdb-ipalloc: Use a cumulative timeout for takeover run stages
      ctdb-daemon: Move CTDB VNN structure to IP takeover code
      ctdb-daemon: Deletion of IPs is deferred until the next takeover run
      ctdb-tests: Avoid division by zero in NFS eventscript unit test
      ctdb-tests: Remove duplicate EOF terminators in some tool unit tests
      ctdb-tests: Avoid portability issue in porting tests
      ctdb-tests: Pretend not to ignore return from fgets()
      ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)
      ctdb-packaging: Move ctdb tests to libexec directory
      ctdb-tests: Stop cross-talk between reclock tests
      ctdb-tests: Add --interactive/-i option to test options parsing code
      ctdb-tests: Implement --interactive/-i option in message_ring
      ctdb-tests: Clean up and rename simple message_ring test
      ctdb-tests: Implement --interactive/-i option in fetch ring
      ctdb-tests: Clean up and rename simple fetch_ring test
      ctdb-tests: Implement --interactive/-i option in transaction_loop
      ctdb-tests: Clean up and rename simple transaction_loop test
      ctdb-tests: Clean up and rename simple transaction_loop recovery test
      ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING)
      ctdb-common: Consistently use strlcpy() on interface names
      ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL)
      ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
      ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
      ctdb-mutex: Fix CID 1359217 Resource leak (RESOURCE_LEAK)
      ctdb-common: Fix CID 1363227 Resource leak (RESOURCE_LEAK)
      ctdb-tests: Fix CID 1361816 Buffer not null terminated (BUFFER_SIZE_WARNING)
      ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL)
      ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL)
      ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL)
      ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
      ctdb-mutex: Avoid corner case where helper is already reparented to init
      ctdb-tools: Add early return for empty connection list
      ctdb-tools: "ctdb tickle" command should run without daemon
      ctdb-doc: Document that "ctdb tickle" can now read from stdin
      ctdb-packaging: Stop RPM from renaming working config to ctdb.rpmsave
      ctdb-daemon: Clean up SET_DB_PRIORITY/GET_DB_PRIORITY deprecation
      ctdb-daemon: Fix CID 1272855 Operands don't affect result
      ctdb-daemon: Fix CID 1125575 Operands don't affect result
      ctdb-daemon: Fix CID 1125574 Operands don't affect result
      ctdb-tests: Update porting test to be more flexible about line numbers
      ctdb-common: Fix CID 1362729 Unchecked return value from library
      ctdb-common: Fix CID 1362728 Unchecked return value from library
      ctdb-tcp: Fix CID 1362727 Unchecked return value from library
      ctdb-tcp: Set file descriptor to -1 after close.
      ctdb-daemon: Fix CID 1362726 Unchecked return value from library
      ctdb-client: Fix CID 1362725 Unchecked return value from library
      ctdb-client: Print error message before next syscall to avoid losing errno
      ctdb-tcp: Fix CID 1362724 Unchecked return value from library
      ctdb-daemon: Fix CID 1362723 Unchecked return value from library
      ctdb-logging: Fix CID 1272823 Unchecked return value from library
      ctdb-tools: Fix CID 1125618 String not null terminated (STRING_NULL)
      ctdb-tools: Consistently use db_name
      ctdb-common: Save errno before closing file to keep debug accurate
      ctdb-daemon: Try to release IP address even if interface is unknown
      ctdb-daemon: Do not update the VNN state on RELEASE_IP failure
      ctdb-daemon: Do not copy address for RELEASE_IP message
      ctdb-daemon: Factor out new function release_ip_post()
      ctdb-daemon: Use release_ip_post() when releasing all IP addresses
      ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state
      ctdb-daemon: When releasing an IP, update PNN in callback
      ctdb-ipalloc: Fix cumulative takeover timeout
      ctdb-tests: Drop function _ctdb_hack_options()
      ctdb-tests: Drop attempts to pass arguments to ctdbd on (re)start
      ctdb-tests: Move local daemon configuration creation into setup_ctdb()
      ctdb-tests: Remove function daemons_start_1()
      ctdb-tests: Reimplement daemons_stop() using ctdbd_wrapper
      ctdb-daemon: Schedule running of callback if there are no event scripts
      ctdb-daemon: Handle failure immediately, do housekeeping later
      ctdb-daemon: Don't steal control structure before synchronous reply
      ctdb-tests: Factor out function config_from_environment()
      ctdb-tests: Conditionally use temporary config file for local daemons
      ctdb-tests: Add a test to ensure that CTDB works with no eventscripts
      ctdb-tools: CID 1125617 String not null terminated (STRING_NULL)
      ctdb-tests: CID 1125635 Dereference null return value (NULL_RETURNS)
      ctdb-ipalloc: Store known public IPs in IP allocation state
      ctdb-ipalloc: Whether IPs can be hosted need not depend on merged IP list
      ctdb-ipalloc: Optimise check to see if IPs can be hosted
      ctdb-ipalloc: Drop known_ips argument from merged IP list creation
      ctdb-ipalloc: Move merged IP list creation to ipalloc()
      ctdb-ipalloc: ipalloc_set_public_ips() can't fail
      ctdb-tests: Factor out new local daemons functions ps_ctdbd
      ctdb-tests: Add new public IP takeover no-op test
      ctdb-packaging: Fix systemd network dependency
      ctdb-daemon: Use PID file abstraction
      ctdb-daemon: Bind to Unix domain socket after PID file creation
      ctdb-daemon: Don't try to reopen TDB files
      ctdb-daemon: Drop attempt to connect to Unix domain socket
      ctdb-daemon: Log when removing stale Unix domain socket
      ctdb-scripts: ctdbd_wrapper should never remove the PID file
      ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/
      ctdb-tests: Add tests for updated Debian style Samba start/stop

Mathieu Parent (4):
      New upstream version 4.5.0+dfsg
      New upstream version 4.5.1+dfsg
      ctdb-scripts: Fix Debian init in samba eventscript
      New upstream version 4.5.2+dfsg

Michael Adam (109):
      smbd:smb2: remove an unnecessary !! cast.
      smbd: enable multi-channel if 'server multi channel support = yes' in the config
      s3:winbindd:idmap: add domain_has_idmap_config() helper function.
      idmap_hash: rename be_init() --> idmap_hash_initialize()
      idmap_hash: only allow the hash module for default idmap config.
      smbd: fix use after free via conn->fsp_fi_cache
      smbd:smb2: add a modify flag to dispatch table
      smbd:smb2: add request_counters_updated to the smbd_smb2_request struct
      smbd:smb2: implement channel sequence checks and request counters in dispatch
      smbd:smb2: update outstanding request counters before sending a reply
      smbd:smb2: add some asserts before decrementing the counters
      torture:smb2: use assert, not warning in error case in durable-open.reopen1a
      torture:smb2: fix crashes in smb2.durable-open.reopen1a test
      torture:smb2: durable-open.reopen1a only needs one io struct
      torture:smb2: for oplocks, durable reconnect works with different client guid
      torture:smb2: add durable-open.reopen1a-lease
      torture:smb2: use assert, not warning in error case in durable-v2-open.reopen1a
      torture:smb2: fix crashes in smb2.durable-v2-open.reopen1a test
      torture:smb2: get rid of supefluous io2 var in durable-v2-open.reopen1a
      torture:smb2: for oplocks, durable reconnect works with different client-guid
      torture:smb2: add durable-v2-open.reopen1a-lease
      tevent:threads: fix -O3 error unused result of write
      tevent:signal: fix -O3 error unused result of write
      tevent:signal: fix -O3 error unused result of read
      tevent:testsuite: fix O3 errors unused result for read
      tevent:testsuite: fix O3 errors unused result of write
      tdb:torture: fix -O3 error unused result code of read
      tdb:torture: fix -O3 error unused result of write
      debug: fix -O3 warning - unused return code of write()
      lib: add sys_read_v - void variant of sys_read
      lib: add sys_write_v - void variant of sys_write
      s4:libcli:resolve: fix O3 error unused result of write
      s4:registry:patchfile: fix O3 error unused result of write
      s4:ntvfs: fix O3 error unused result of asprintf
      s4:ntvfs: fix O3 error unused result of asprintf in svfs_file_utime
      s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_map_fileinfo
      s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_list_unix
      s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_file_utime()
      s4:ntvfs: fix O3 error unused result of write error in nbench_log()
      s4:regshell: fix O3 error unused result of asprintf in reg_complete_key()
      s4:torture:basic: fix O3 error unused result of asprintf
      s4:torture:basic:misc: fix O3 error unused result of asprintf
      s4:torture:basic: fix O3 error unused result of write
      s4:torture:basic:dir: fix O3 error unused result of asprintf
      s4:torture:basic:delete: fix O3 error unused result of asprintf
      s4:torture:rpc:samlogon: fix O3 error unused result of asprintf
      s4:torture:nbench: fix O3 error unused result of asprintf
      s4:client: fix O3 error unused result of of chdir and system
      s3:samlogon_cache: fix O3 error unused result of truncate
      s3:utils:log2pcaphex: fix O3 error unused result of fgets
      s3:utils:log2pcaphex: fix O3 error uninitialized variable
      s3:smbfilter: fix O3 error unused result of system()
      s3:vfs:aio_fork: fix O3 error unused result of write
      s3:vfs:preopen: fix O3 error unused result of write
      examples:smbclient:testacl3: fix O3 error unused result from fgets
      examples:smbclient:notify: fix O3 error unused result from fgets
      examples:smbclient:statvfs: fix O3 error unused result of fgets
      examples:smbclient:fstatvfs: fix O3 error unused result of fgets
      examples:smbclient:read: fix O3 error unused result of fgets
      examples:smbclient:write: fix O3 error unused result of fgets
      autobuild: add a target samba-o3 that is built with -O3
      autobuild: run the samba-o3 target by default
      travis: run the samba-o3 target
      s3:vfs: add 'kernel_share_modes_taken' to files_struct
      smbd:close: only remove kernel share modes if they had been taken at open
      notifyd: prevent NULL deref segfault in notifyd_peer_destructor
      selftest: fix printf in cleanup_child()
      selftest: improve misleading indentation in cleanup_child()
      selftest: improve logic in cleanup_child() with early return
      selftest: systematize formatting of if/elseif/else indentation in cleanup_child
      ctdb:tcp: add missing spaces in debug message in ctdb_tcp_node_connect()
      ctdb:banning: timedout->timed out in dbg messages in ctdb_ban_node_event()
      ctdb:eventscript: timedout->timed out in ctdb_event_script_args()
      ctdb:tests: timedout->timed out in 60.nfs.multi.004 test
      ctdb:banning: Improve a debug message
      ctdb:banning: Improve debug message in ctdb_ban_node_event()
      ctdb: set the path to 'ctdb' in 'functions' in CTDB
      ctdb: make sure scripts using $CTDB called by test find ctdb
      ctdb: use properly configured ctdb in functions
      ctdb: use properly configured ctdb in ctdbd_wrapper
      ctdb: use properly configured ctdb in 00.ctdb
      ctdb: use properly configured ctdb in 01.reclock
      ctdb: use properly configured ctdb in 10.external
      ctdb: use properly configured ctdb in 13.per_ip_routing
      ctdb: use properly configured ctdb in 10.interfaces
      ctdb: use properly configured ctdb in 70.iscsi
      ctdb: use properly configured ctdb in 91.lvs
      ctdb: use properly configured ctdb in 99.timeout
      ctdb: use properly configured ctdb in statd-callout
      ctdb: use properly configured ctdb in debug-hung-script.sh
      libnet: only create local private krb5.conf if joining an AD domain
      ctdb-daemon: make bool assignment more obvious
      Revert "s3:libnet: accept empty realm for AD domains when only security=domain is set."
      libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
      autobuild: Don't compare socket wrapper so_path for xc check
      ctdb: fix autotest with socket-wrapper installed in the system
      libsmb:namequery: fix typo in comment in get_dc_list()
      selftest: check for winbind on 1-second basis
      selftest: check for smbd on a 1-second basis.
      libads: improve debug messages in sitename_fetch()
      rpc_server: add mssing '#pragma GCC diagnostic push'
      tevent: avoid -Wtautological-compare errors with gcc6
      Revert "ldb:dlinklist: avoid -Wtautological-compare errors with gcc6"
      Revert "tevent: avoid -Wtautological-compare errors with gcc6"
      Revert "lib:dlinklist: avoid -Wtautological-compare errors with gcc6"
      build: avoid -Wtautological-compare errors from gcc6+ by disabling it globally
      idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()
      idmap: centrally check that unix IDs returned by the idmap backends are in range
      vfs:glusterfs: preallocate result for glfs_realpath

Nikolai Kondrashov (1):
      tevent: Clarify apparently useless conditions

Noel Power (36):
      s3:libsmb: Fix illegal memory access after memory has been deleted.
      s4:libnet: fix 'Syscall param writev(vector[...])' valgrind error
      s4:torture:rpc: fix valgrind Syscall param writev(vector[...]) error
      s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' error
      s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' valgrind error
      s4:lib:registry: fix 'Conditional jump or move' valgrind error.
      s4:torture:basic fix 'Syscall param writev(vector[...])' valgrind error
      s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error
      s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error
      s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error.
      s4:libcli: fix 'Conditional jump or move' valgrind error
      s4:torture:basic: fix 'Syscall param writev(vector[...])' valgrind error
      s4:torture:basic: fix 'Conditional jump or move ' valgrind error
      s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
      s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
      s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
      s4:torture:raw: fix 'use of uninitialised value of size 8' valgrind errors
      s4:torture:raw: fix 'Conditional jump or move' valgrind error.
      s4:torture:raw: fix 'Invalid read of size 1 & Conditional jump or move' errors.
      s4:torture:smb2: fix Use of 'uninitialised value of size 8' valgrind error.
      s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
      s4:torture:smb2 fix 'Use of uninitialised value of size 8' valgrind error.
      s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
      s4:torture:smb2 fix 'Use of uninitialised value of size 8' valgrind error.
      s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error
      s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
      s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
      s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
      s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
      s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
      s4:torture:libnet: fix 'Conditional jump or move' valgrind error
      s4:torture:libnet: fix 'Syscall param writev(vector[...])' valgrind error
      s4:torture:vfs: fix Invalid read of size 8 valgrind valgrind error (and segv)
      fix Invalid read of size 8
      Add a blackbox tests for id & getent to test domain at realm type credentials
      s3/winbindd: using default domain with user at domain.com format fails

Partha Sarathi (1):
      Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel

Per Forlin (1):
      s3: smbd: Correctly reflect back SMB_PIDHIGH to a client.

Peter C. Kelly (1):
      Improve help wording for samba-tool domain provision as per https://lists.samba.org/archive/samba-technical/2016-April/113740.html

Peter Somogyi (1):
      Add yet another error code when forking an smbd and ctdb is not there. We can see NT_STATUS_CONNECTION_REFUSED in the logs upon such a rare case.

Petr Cech (1):
      LDB: Redudant test on NULL context remove

Raghavendra Talur (1):
      init: set core file size to unlimited by default

Rajesh Joseph (7):
      shadow_copy2: Fix shadow_copy2_posix_gmt_string return type
      shadow_copy2: Add test cases to cover shadow:format
      shadow_copy2: create structure to store module specific information
      shadow_copy2: allow configurable prefix for snapshot name
      shadow_copy2: Add test case for snapprefix and delimiter
      shadow_copy2: update man pages for the newly introduced options
      shadow_copy2: Fix error handling in shadow_copy2_get_shadow_copy_data

Ralph Boehme (92):
      testparm: vfs_fruit checks
      docs: update vfs_fruit manpage
      s3:mdssvc: older glib2 versions require g_type_init()
      tdb: avoid a race condition when checking for robust mutexes
      CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
      CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
      CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
      cleanupd: restart as needed
      krb5_wrap: add enctype arg to smb_krb5_kt_seek_and_delete_old_entries()
      krb5_wrap: fix keep_old_entries logic in smb_krb5_kt_seek_and_delete_old_entries()
      s4/libnet: fix exporting to keytab by SPN
      s4: add a minimal ktutil for selftest
      selftest/samba4.blackbox.export.keytab: use spn based on fqdn
      selftest/samba4.blackbox.export.keytab: check exported keytabs
      s4/heimdal: allow SPNs in AS-REQ
      selftest/samba4.blackbox.export.keytab: check AS-REQ with SPN
      s3/rpc_server: mdssvc: suppress compiler warnings from glib headers
      winbindd: check if dcinfo from genache is expired
      s3/lib: rework get_remote_arch_str() to use an array
      s3/lib: add get_remote_arch_from_str()
      s3/lib: add remote arch caching
      smbd: use remote arch caching
      s3:libnet:libnet_join: add netbios aliases as SPNs
      vfs_fruit: add an option that allows disabling POSIX rename behaviour
      talloc: rename local timeval function copies
      winbindd: log domain name of failures to get trustdoms
      winbindd: prevent log spam when enumerating users
      librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
      librpc/dns: don't compress strings in TKEY and TSIG responses
      librpc/dns: remove original_id from dns_fake_tsig_rec
      s4/dns_server: include request MAC in TSIG response MAC calculation
      s4/dns_server: split out function that does the MAC computation
      s4/dns_server: not finding the key here is a fatal error
      s4/dns_server: ensure we store the key name in error code paths
      s4/dns_server: error codes for failing MAC verification in TSIG requests
      s4/dns_server: don't compute TSIG MAC in TSIG error records
      s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
      s4/dns_server: enable sending of TSIG error records
      selftest: add test for DNS updates with TKEY/TSIG
      selftest: Kerberos auth with netbios alias SPNs
      selftest: make samba3.blackbox.smbclient_tar as flapping
      s3/smbd: add helper func dos_mode_from_name()
      s3/smbd: call dos_mode_from_name after SMB_VFS_GET_DOS_ATTRIBUTES()
      s3/smbd: move check for "hide files" to dos_mode_from_name()
      s3/smbd: only use stored dos attributes for open_match_attributes() check
      s4/torture: add a test for dosmode and hidden files
      winbindd/idmap_rfc2307: fix a crash
      winbindd: in wb_lookupsids return domain name if we have it
      selftest: make autorid the default idmap backend in admember_rfc2307
      selftest: test idmap backend id allocation for unknown SIDS
      smbd/cleanupd: use smbd_reinit_after_fork()
      smbd/notifyd: use smbd_reinit_after_fork()
      s3-rpc_server/mdssd: use smbd_reinit_after_fork()
      ctdbd_conn: split ctdbd_init_connection()
      ctdbd_conn: add ctdbd_reinit_connection()
      s3-messaging/ctdb: split messaging_ctdbd_init()
      s3-messaging/ctdb: add messaging_ctdbd_reinit()
      s3-messaging: use messaging_ctdbd_reinit() in messaging_reinit()
      s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c
      vfs_acl_xattr: objects without NT ACL xattr
      WHATSNEW: SMB 2.1 leases enabled by default
      s3/lib: add smbd_cleanupd.tdb
      s3/smbd: add cleanupd_init_send()/recv()
      s3/cleanupd: use smbd_cleanupd.tdb
      s3/notifyd: add async send/recv functions
      async_req: make async_connect_send() "reentrant"
      smbd: ignore ctdb tombstone records in fetch_share_mode_unlocked_parser()
      s4/torture: add a test for ctdb-tombstrone-record deadlock
      dbwrap_ctdb: treat empty records in ltdb as non-existing
      s3/rpc_server: shared rpc modules directory may not exist
      Revert "vfs_acl_xattr: objects without NT ACL xattr"
      vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
      vfs_acl_common: rename pdesc_next to psd_fs
      vfs_acl_common: remove redundant NULL assignment
      vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
      vfs_acl_common: move the ACL blob validation to a helper function
      vfs_acl_tdb|xattr: use a config handle
      vfs_acl_common: move stat stuff to a helper function
      vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
      vfs_acl_xattr|tdb: add option to control default ACL style
      vfs_acl_common: Windows style default ACL
      s4/torture: tests for vfs_acl_xattr default ACL styles
      vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements
      docs: document vfs_acl_xattr|tdb enforced settings
      vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
      s3/smbd: in call_trans2qfilepathinfo call lstat when dealing with posix pathnames
      s3/smbd: set FILE_ATTRIBUTE_DIRECTORY as necessary

Ralph Wuerthner (1):
      ctdb-conn: add missing variable initialization

Richard Sharpe (10):
      Fix an obvious error where we were converting a UNIX error to an NT STATUS but not returning it.
      s3: vfs: Add VFS functions for setting and getting DOS attributes.
      Fixes an obvious copy-paste error in source3/utils/net_dns.c
      Refactor the dns_open_connection code so that duplicate code is removed and ensure that EINTR is handled in the UDP path.
      selfttest: add common_test_fns.inc
      s3: net: Return an error when no name servers were returned by the lookup so that we see an error in self test.
      s3/net: print returned addresses in dns gethostbyname
      source4/scripting: add an option to samba_dnsupdate to add ns records.
      s4/selftests: test net ads dns register/unregister.
      testprogs/blackbox: Improve the net ads dns register tests.

Robin Hack (7):
      samba3.blackbox.smbclient_auth.plain: Add new regression test case.
      ctdb-tests: Fix CID 1358704 use of "=" where "==" may have been intended
      talloc/testsuite: Fix CID 1291641 - Logically dead code
      lib/http/http_auth: Fix CID 1273428 - Unchecked return value
      dcesrv_backupkey_heimdal: Fix CID 1321647 - Unchecked return value
      ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read
      winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer after free

Robin McCorkell (1):
      Correctly set cli->raw_status for libsmbclient in SMB2 code

Rowland Penny (3):
      Bug 11818 : obvious missing word When trying to demote a dc, 'remove_dc.remove_sysvol_references' is sent 'remote_samdb, dc_name' , it expects 'remote_samdb, logger, dc_name'
      samba-too: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles
      Fix typo in python/samba/provision/__init__.py

Saji VR (1):
      lib:talloc. Fix memory leak when destructors reparent children.

Santiago Vila (1):
      examples/smb.conf.default: Fix typo in comment line: sever -> server

Shyamsunder Rathi (2):
      s3/vfs:stream_depots: Parse substitutions in streams-depot-directory path
      s3:utils/net: Add new option 'unregister' in 'net ads dns' command.

Stefan Metzmacher (609):
      CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
      CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
      CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
      CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
      CVE-2016-0771: dns.idl: make use of dnsp_hinfo
      lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
      lib/util_net: add support for .ipv6-literal.net
      s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
      s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
      epmapper.idl: make epm_twr_t available in python bindings
      dcerpc.idl: make WERROR RPC faults available in ndr_print output
      librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
      s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
      s3:libads: remove unused ads_connect_gc()
      wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
      s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
      s3:librpc/gse: fix debug message in gse_init_client()
      s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
      s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
      s3:librpc/gse: don't log gss_acquire_creds failed at level 0
      s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
      s4:pygensec: make sig_size() and sign/check_packet() available
      auth/gensec: keep a pointer to a possible child/sub gensec_security context
      auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
      auth/gensec: make gensec_security_by_name() public
      s3:auth_generic: add auth_generic_client_start_by_name()
      s3:auth_generic: add auth_generic_client_start_by_sasl()
      auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
      auth/ntlmssp: add gensec_ntlmssp_server_domain()
      s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
      s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
      s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
      s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
      winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
      s3:auth_generic: make use of the top level NTLMSSP client code
      s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
      auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
      auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
      auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
      s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
      winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
      s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
      auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
      auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
      auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
      auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
      auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
      auth/ntlmssp: add ntlmssp_version_blob()
      auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
      auth/ntlmssp: use ntlmssp_version_blob() in the server
      security.idl: add LSAP_TOKEN_INFO_INTEGRITY
      ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
      ntlmssp.idl: make AV_PAIR_LIST public
      librpc/ndr: add ndr_ntlmssp_find_av() helper function
      auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
      auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
      auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
      auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
      s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
      s4:libcli/ldap: fix retry authentication after a bad password
      s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
      s4:selftest: simplify the loops over samba4.ldb.ldap
      s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
      s3:libads: add missing TALLOC_FREE(frame) in error path
      s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
      s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
      s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
      s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
      s3:libads: keep service and hostname separately in ads_service_principal
      s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
      s3:libsmb: make use gensec based SPNEGO/NTLMSSP
      s3:libsmb: unused ntlmssp.c
      s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
      s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
      s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
      s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
      s3:libsmb: remove unused cli_session_setup_kerberos*() functions
      s3:libsmb: remove unused functions in clispnego.c
      s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
      s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
      s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
      s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
      s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
      s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
      s4:rpc_server: dcesrv_generic_session_key should only work on local transports
      s4:dsdb/test/notification: make test_invalid_filter more resilient against ordering races
      s4:dsdb/test/sort: avoid 'from collections import Counter'
      selftest: mark samba4.winbind.struct.domain_info.ad_member as flapping
      s3:winbindd: don't unclude two '\0' at the end of the domain list
      s4:torture/lsa: improve debug message
      s3:wscript: pylibsmb depends on pycredentials
      ldb-samba:wscript: python_samba__ldb depends on pyauth
      selftest: s!addc.samba.example.com!addom.samba.example.com!
      selftest: add some helper scripts to mange a CA
      selftest: add config and script to create a samba.example.com CA
      selftest: add CA-samba.example.com (non-binary) files
      selftest: add CA-samba.example.com binary files (currently unused by Samba)
      selftest: mark commands in manage-CA-samba.example.com.sh as DONE
      selftest: add Samba::prepare_keyblobs() helper function
      selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
      selftest: set tls crlfile if it exist
      selftest: setup information of new samba.example.com CA in the client environment
      s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
      s3:test_rpcclient_samlogon.sh: test samlogon with schannel
      s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
      s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
      s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
      s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
      s4:torture/rpc/schannel: don't use validation level 6 without privacy
      auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
      auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
      s4:rpc_server: require access to the machine account credentials
      s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
      s3:rpc_server/samr: correctly handle session_extract_session_key() failures
      s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
      Revert "autobuild: Return the last 50 log lines"
      selftest/Samba3: use the correct "SELFTEST_WINBINDD_SOCKET_DIR" for "net join"
      tdb: version 1.3.9
      Revert "selftest: dbcheck should not be marked flapping"
      CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
      CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
      CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
      CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
      CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
      CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
      CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
      CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
      CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
      CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
      CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
      CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
      CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
      CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
      CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
      CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
      CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
      CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
      CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
      CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
      CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
      CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
      CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
      CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
      CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
      CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
      CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
      CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
      CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
      CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
      CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
      CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
      CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
      CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
      CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
      CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
      CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
      CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
      CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
      CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
      CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
      CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
      CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
      CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
      CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
      CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
      CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
      CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
      CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
      CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
      CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
      CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
      CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
      CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
      CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
      CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
      CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
      CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
      CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
      CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
      CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
      CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
      CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
      CVE-2016-2113: selftest: use "tls verify peer = no_check"
      CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
      CVE-2016-2114: s4:smb2_server: fix session setup with required signing
      CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
      CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
      CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
      CVE-2016-2115: docs-xml: add "client ipc signing" option
      CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
      CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
      CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
      CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
      CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
      CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
      CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
      CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
      CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
      CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
      CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
      CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
      CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
      CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
      CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
      CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
      CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
      CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
      CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
      CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
      CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
      CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
      CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
      CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
      CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
      CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
      CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
      CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
      CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
      CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
      CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
      CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
      CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
      CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
      CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
      CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
      CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
      CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
      CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
      CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
      CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
      CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
      CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
      CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
      CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
      CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
      CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
      CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
      CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
      CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
      CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
      CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
      CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
      CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
      CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
      CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
      CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
      CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
      CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
      CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
      CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
      CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
      CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
      CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
      CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
      CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
      CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
      CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
      CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
      CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
      CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
      CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
      CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
      CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
      CVE-2015-5370: s4:rpc_server: check frag_length for requests
      CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
      CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
      CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
      CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
      CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
      CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
      CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
      CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
      CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
      CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
      CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
      CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
      CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
      CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
      CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
      CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
      CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
      CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
      CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
      CVE-2015-5370: s3:rpc_server: verify presentation context arrays
      CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
      CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
      CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
      CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
      CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
      CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
      CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
      CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
      CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
      CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
      CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
      CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
      CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
      CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
      CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
      CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
      CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
      CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
      CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
      CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
      CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
      s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
      s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff
      s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff
      auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'
      auth/spnego: handle broken mechListMIC response from Windows 2000
      auth/ntlmssp: don't require any flags in the ccache_resume code
      auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
      s3:libsmb: use password = NULL for anonymous connections
      libcli/smb: add smb1cli_session_set_action() helper function
      libcli/smb: add SMB1 session setup action flags
      libcli/smb: add smbXcli_session_is_guest() helper function
      s3:libsmb: record the session setup action flags
      s3:libsmb: don't finish the gensec handshake for guest logins
      s3:libsmb: use anonymous authentication via spnego if possible
      auth/spnego: only try to verify the mechListMic if signing was negotiated.
      s4:auth_anonymous: anonymous authentication doesn't allow a password
      s3:auth_builtin: anonymous authentication doesn't allow a password
      libcli/security: implement SECURITY_GUEST
      s3:smbd: make use SMB_SETUP_GUEST constant
      s3:smbd: only mark real guest sessions with the GUEST flag
      auth/ntlmssp: do map to guest checking after the authentication
      auth/spnego: add spnego:simulate_w2k option for testing
      auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing
      selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc
      s3:test_smbclient_auth.sh: this script reqiures 5 arguments
      selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes
      selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP
      s3:selftest: add smbclient_ntlm tests
      talloc: version 2.1.7
      libcli/auth: let msrpc_parse() return talloc'ed empty strings
      s3:rpc_server/samr: simplify the logic in get_user_info_18()
      s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
      s3:smbd: fix anonymous authentication if signing is mandatory
      WHATSNEW: Clear release notes for Samba 4.5.0pre1.
      python:samba: move netcmd/time.py to python/samba/netcmd/nettime.py
      Revert "s3:rpcclient add -m option"
      s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
      s3:selftest: run test_smbclient_ntlm also against ad_dc
      selftest: use the default values for "server signing"
      s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
      s4:rpc_server: use a variable for the max total reassembled request payload
      dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
      s4:server_named_pipe: make sure we use lower case pipe name
      s4:rpc_server: context_id fields of presentation contexts are just 16bit
      s4:rpc_server: remove unused '_unused_auth_state'
      s4:rpc_server: remove unused dcesrv_connection_context->assoc_group
      s3:rpc_client: remove unused rpc_pipe_client->max_recv_frag
      s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
      s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
      librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
      librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
      librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
      s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
      python/tests: add auth_pad test for the dcerpc raw_protocol test
      selftest: add save.env.sh helper script.
      librpc/tools: correctly validate relative pointers in ndrdump
      librpc/ndr: add support for NDR_ALIGN* to ndr_push_short_relative_ptr2()
      samba-tool: really deprecate 'samba-tool user add'
      s4:dsdb/tests: make user_account_control.py executable
      s4:dsdb/tests: use ncacn_ip_tcp:server[seal] for samr connections
      s4:dsdb/tests: use GENSEC_SEAL for ldap connections in sam.py
      s4:dsdb/tests: let the user_account_control.py test recover from a previous failure
      s4:dsdb/tests: improve error message in test_new_user_default_attributes()
      s4:dsdb/repl_meta_data: pass now to replmd_add_fix_la
      s4:selftest: run samba4.ldap.password_lockout.python only against ad_dc_ntvfs
      s4:dsdb/tests: use more useful userAccountControl/pwdLastSet values in the urgent_replication test
      s3:pdb_samba_dsdb: fix calucating of dsdb_flags
      s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID
      s4:dsdb/samldb: add DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID when defaulting pwdLastSet=0
      s4:samldb: pass down DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID with changed userAccountControl details
      s4:dsdb/common: add some const to helper functions
      s4:dsdb/password_hash: use full NTTIME resolution for pwdLastSet
      s4:dsdb/password_hash: split out a password_hash_needed() function
      s4:dsdb/password_hash: split out a update_final_msg() function
      s4:dsdb/password_hash: make the variable names in setup_io() more clear
      s4:dsdb/password_hash: leave the current value of pwdLastSet as 0 an add
      s4:dsdb/password_hash: move the check for old passwords into setup_io()
      s4:dsdb/password_hash: call ndr_pull_supplementalCredentialsBlob in setup_io()
      s4:dsdb/password_hash: remember if we need to update the passwords and/or pwdLastSet
      s4:dsdb/password_hash: move ldb_msg_add_empty() calls to update_final_msg()
      s4:dsdb/password_hash: create a shallow copy of the client message for the final update
      s4:dsdb/password_hash: only set pwdLastSet if required
      s4:dsdb/password_hash: make the DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET code path more robust
      s4:dsdb/password_hash: handle the DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET control
      s4:dsdb/password_hash: make it possible to specify pwdLastSet together with a password change
      s4:dsdb/password_hash: allow pwdLastSet only changes
      s4:rpc_server/samr: only set pwdLastSet to "0" or "-1"
      s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"
      s4:dsdb/samldb: fix comment "lockoutTime" reset as per MS-SAMR
      s4:dsdb/samldb: pwdLastSet = -1 requires Unexpire-Password right
      s4:dsdb/tests: add pwdLastSet tests
      auth/auth_sam_reply: add some const to input parameters
      s4:kdc: add some const to samba_get_logon_info_pac_blob()
      krb5pac.idl: add PAC_CREDENTIAL related structures
      s4:auth/sam: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
      s4:rpc_server/samr: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
      s4:kdc: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
      s4:dsdb/common: remove unused samdb_result_force_password_change()
      s3:winbindd: pass 'interactive' down through winbindd_dual_auth_passdb()
      s4:auth_sam: don't allow interactive logons with UF_SMARTCARD_REQUIRED
      s4:kdc: don't allow interactive password logons with UF_SMARTCARD_REQUIRED
      samdb.py: add smartcard_required option to newuser()
      samba-tool: add --smartcard-required option to 'samba-tool user create'
      samba-tool: do a password retype validation check for 'samba-tool user setpassword'
      samba-tool: add 'samba-tool user setpassword --smartcard-required/--clear-smartcard-required'
      test_pkinit_heimdal.sh: add a helper VARIABLE to store the certificate paths
      test_pkinit_heimdal.sh: add a FILE: prefix to the KRB5CCNAME variable
      s4:dsdb: add some const to {samdb_result,dsdb}_effective_badPwdCount()
      s4:auth/sam: only reset badPwdCount when the effetive value is not 0 already
      s4:auth/sam: don't update lastLogon just because it's 0 currently
      s4:auth/sam: update the logonCount for interactive logons
      s4:dsdb/tests: let password_lockout.py reduce the values for lockoutDuration and lockOutObservationWindow
      s4:dsdb/tests: let password_lockout.py cross-check the lastLogon value with samr
      s4:dsdb/tests: let password_lockout.py make the LDAP error string checks more useful
      s4:dsdb/tests: let password_lockout.py add a _readd_user() helper function
      s4:dsdb/tests: let password_lockout.py make use of the _readd_user() helper function
      s4:dsdb/tests: let password_lockout.py let _readd_user() return the ldb connection as user
      s4:dsdb/tests: let password_lockout.py pass username,userpass optionally to insta_creds()
      s4:dsdb/tests: let password_lockout.py use user{name,pass,dn} variables in _readd_user()
      s4:dsdb/tests: let password_lockout.py pass creds as argument to _readd_user()
      s4:dsdb/tests: let password_lockout.py use _readd_user() for testuser3 too
      s4:dsdb/tests: let password_lockout.py make use of self.addCleanup() to cleanup objects
      s4:dsdb/tests: let password_lockout.py use userdn variables in all functions
      s4:dsdb/tests: let password_lockout.py use other_ldb variables instead of self.ldb3
      s4:dsdb/tests: let password_lockout.py use userpass variables in all functions
      s4:dsdb/tests: let password_lockout.py use creds and other_ldb as function arguments
      s4:dsdb/tests: let password_lockout.py copy user{name,pass} from the template in insta_creds()
      s4:dsdb/tests: let password_lockout.py verify more fields in _readd_user()
      s4:dsdb/tests: let password_lockout.py test with all combinations of krb5, ntlmssp and lockOutObservationWindow
      s4:dsdb/tests: let password_lockout.py validate the lastLogon and lastLogonTimestamp interaction
      s4:dsdb/tests: let password_lockout.py verify the logonCount values
      lib/param: add lpcfg_sam_dnsname() helper function
      auth.idl: add user_principal_* and dns_domain_name to auth_user_info
      s4:auth: make use of lpcfg_sam_name() in authsam_get_user_info_dc_principal()
      s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc()
      s4:auth/kerberos: improve error message in kerberos_pac_to_user_info_dc()
      auth/auth_sam_reply: let make_user_info_dc_netlogon_validation() correctly handle level 6
      auth/wbc_auth_util: fill in base.logon_domain in wbcAuthUserInfo_to_netr_SamInfo3()
      auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6
      auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo6() and implement level 3 as wrapper
      auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo2() helper function
      auth/auth_sam_reply: do a real copy of strings in auth_convert_user_info_dc_sambaseinfo()
      s4:rpc_server/netlogon: initialize pointer to NULL in dcesrv_netr_LogonSamLogon_base()
      s4:rpc_server/netlogon: make use of auth_convert_user_info_dc_saminfo{2,6}()
      auth/auth_sam_reply: make auth_convert_user_info_dc_sambaseinfo() a private helper
      netlogon.idl: make netr_SidAttr public
      krb5pac.idl: introduce PAC_DOMAIN_GROUP_MEMBERSHIP to handle the resource groups
      security.idl: add SID_NT_NFS S-1-5-88* sids
      libcli/auth: remove unused variable in msrpc_parse()
      s3:libsmb/clirap: remove unused cli_get_server_*() functions
      CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
      CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
      CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
      s4:dsdb/samdb: add DSDB_FLAG_INTERNAL_FORCE_META_DATA
      s4:samba_dsdb: add "dsdb_flags_ignore" module
      tests:samba3sam: make use of the dsdb_flags_ignore module
      selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping
      s4:dsdb/common: add a replication metadata stamp for an empty logonHours attribute
      s4:dsdb/password_hash: force replication meta data for empty password attributes
      Revert "selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping"
      s4:torture/drs: verify the whole metadata array to be the same in the repl_move tests
      drsuapi.idl: add DRSUAPI_ATTID_operatorCount and DRSUAPI_ATTID_adminCount
      s4:dsdb/samdb: add const to dsdb_make_object_category()
      s4:password_hash: correctly update pwdLastSet on deleted objects.
      s4:dsdb/repl_meta_data: sort preserved_attrs and add "msDS-PortLDAP"
      s4:dsdb/repl_meta_data: remove secret attributes on delete
      s4:dsdb/common: prepare dsdb_user_obj_set_defaults() for tombstone reanimation
      s4:dsdb/tombstone_reanimate: restructure the module logic
      s4:dsdb/tests: make use assertAttributesEqual() in RestoreUserObjectTestCase()
      s4:dsdb/tests: make tombstone_reanimation.py executable
      s4:dsdb/tests: improve tombstone_reanimation varifications
      s4:dsdb/tests: improve the RestoreUserObjectTestCase test
      s4:dsdb/tests: add RestoreUserPwdObjectTestCase test
      libads: ensure the right ccache is used during gssapi bind
      libads: ensure the right ccache is used during spnego bind
      python/remove_dc: handle dnsNode objects without dnsRecord attribute
      s4:kdc: ignore empty supplementalCredentialsBlob structures
      s3:libnet_dssync_keytab: ignore empty supplementalCredentialsBlob structures
      s4:dsdb/password_hash: explicitly set SUPPLEMENTAL_CREDENTIALS_SIGNATURE
      drsblobs.idl: mark supplementalCredentialsSubBlob as nopull,nopush
      drsblobs.idl: supplementalCredentialsSubBlob make it possible to parse strange blobs
      s4:torture/ndr: add validation checks for strange supplementalCredentials blobs
      krb5pac: fix push/pull of subcontexts in PAC_BUFFER
      krb5pac.idl: implement PAC_UPN_DNS_INFO correct
      krb5pac/netlogon: add a comment regarding PAC_LOGON_INFO unique pointers on push
      krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
      s4:torture/ndr: make use of torture_suite_add_ndr_pull_validate_test() in krb5pac when possible
      s4:torture/ndr: add more krb5pac tests with PAC blobs from pkinit
      s3:ntlm_auth: call fault_setup() in order to get usefull backtraces
      s3:tests: add 'as user' to the test names in test_smbclient_auth.sh
      s3:selftest: run smbclient_auth with a few more combinations
      selftest: set "ntlm auth = yes" for now as a lot of tests rely on it
      docs-xml:smbdotconf: default "ntlm auth" to "no"
      selftest: don't allow ntlmv1 for 'nt4_member' and 'ad_member'
      WHATNEW: the default for "ntlm auth" is "no"
      pycredentials: add {get,set}_old_password()
      pycredentials: add set_utf16_[old_]password()
      samba-tool: add 'user getpassword' command
      python:samba/tests: add simple 'samba-tool user getpassword' test
      python:samba/tests: verify the packages order in supplementalCredentials
      docs-xml:samba-tool.8: document "user getpassword" command
      samba-tool: add 'user syncpasswords' command
      python:samba/tests: add simple 'samba-tool user syncpasswords' test
      docs-xml:samba-tool.8: document "user syncpasswords" command
      docs-xml/smbdotconf: reference "unix password sync" with "samba-tool user syncpasswords"
      .travis.yml: install libgpgme11-dev python[3]-gpgme
      docs-xml/smbdotconf: add "password hash gpg key ids" option
      docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids"
      s4:dsdb/samdb: add configure checks for libgpgme
      drsblobs.idl: add package_PrimarySambaGPGBlob
      s4:dsdb/samdb: optionally store package_PrimarySambaGPGBlob in supplementalCredentials
      samba-tool: add --decrypt-samba-gpg support to 'user getpasswords' and 'user syncpasswords'
      selftest:gnupg: add a gpg key for Samba Selftest <selftest at samba.example.com>
      s4:selftest: run samba.tests.samba_tool.user also against ad_dc:local
      selftest:Samba4: configure "password hash gpg key ids" for ad_dc (if available)
      python:samba/tests: use 'samba-tool user {getpassword,syncpasswords}' with --decrypt-samba-gpg
      WHATSNEW: add 'Password sync as active directory domain controller'
      WHATSNEW: recomment python-crypto and python-m2crypto
      auth/credentials: also do a shallow copy of the krb5_ccache.
      s4:torture/remote_pac: verify the order of PAC elements
      HEIMDAL:lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign()
      HEIMDAL:kdc: reset e_text after successful pre-auth verification
      HEIMDAL:kdc: add krb5plugin_windc_pac_pk_generate() hook
      s4:kdc: hook into heimdal's windc.pac_pk_generate hook
      s4:kdc: correctly update the PAC in samba_wdc_reget_pac()
      s4:kdc: provide a PAC_CREDENTIAL_INFO element for PKINIT logons
      s4:dsdb/password_hash: add the UF_SMARTCARD_REQUIRED password reset magic
      s4:dsdb/tests: add UF_SMARTCARD_REQUIRED tests
      selftest/Samba: remove compat admincert* files
      selftest/manage-ca: add certificates for pkinit@[addom.]samba.example.com
      selftest/manage-ca: update manage-CA-samba.example.com.sh
      selftest/Samba: copy pkinit@$DOMAIN certificates to the environment
      test_pkinit_heimdal.sh: add some more tests regarding the UF_SMARTCARD_REQUIRED behavior
      testprogs/blackbox: add test_pkinit_pac_heimdal.sh
      s4:selftest: run test_pkinit_pac_heimdal.sh test
      s4:selftest: run the pkinit test in the ad_dc and ad_dc_ntvfs environment
      WHATSNEW: add SmartCard/PKINIT improvements
      auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()
      s4:kdc: provide a PAC_UPN_DNS_INFO element for logons
      s4:dsdb/repl_meta_data: remember originating updates when applying replicated changes
      s4:dsdb/replicated_objects: don't skip notifications on resolved conflicts
      tdb: version 1.3.10
      talloc: version 2.1.8
      tevent: version 0.9.28
      s4:pyrpc: correctly implement .request_timeout
      samba-tool: use a timeout of 5 minutes in 'samba-tool drs replicate'
      samba-tool: add --async-rep option to 'samba-tool drs replicate'
      tests:samba_tool_drs: test samba-tool drs replicate with implicit machine credentials
      tests:samba_tool_drs: test samba-tool drs replicate with --async-op
      WHATSNEW: document new samba-tool drs replicate options
      ldb: fix compiler warnings on ldb_unpack_data() arguments
      ldb: version 1.1.27
      WHATSNEW: add shadow:snapprefix and shadow:delimiter
      VERSION: Set version to 4.5.0rc1...
      VERSION: Bump version up to 4.5.0rc2...
      samba-tool/ldapcmp: ignore differences of whenChanged
      tests:samba_tool: pass stdout and stderr to assertCmdSuccess()
      tests:samba_tool: make use of assertCmdFail() in gpo.py
      script/autobuild.py: check for AUTOBUILD_SKIP_SAMBA_O3 environment variable
      tests:blackbox: let samba_dnsupdate.py provide more details
      s4:dsdb/schema: don't change schema->schema_info on originating schema changes.
      s4:dsdb/repl: avoid recursion after fetching schema changes.
      s4:dsdb/schema: store struct dsdb_schema_info instead of a hexstring
      s4:dsdb/schema: don't treat an older remote schema as SCHEMA_MISMATCH
      s4:dsdb/schema: make dsdb_schema_pfm_add_entry() public and more useful
      s4:dsdb/repl: make sure the working_schema prefix map is populated with the remote prefix map
      s4:dsdb/objectclass_attrs: call dsdb_attribute_from_ldb() without a prefixmap
      s4:dsdb/schema: avoid an implicit prefix map creation in lookup functions
      s4:dsdb/schema: don't update the in memory schema->prefixmap without reloading the schema!
      s4:dsdb/schema: split out a dsdb_attribute_drsuapi_remote_to_local() function
      s4:dsdb/schema: move messages for unknown attids to higher debug levels during resolving
      s4:dsdb/repl: set working_schema->resolving_in_progress during schema creation
      s4:dsdb/repl: let dsdb_replicated_objects_convert() change remote to local attid for linked attributes
      selftest/flapping: add some samba3.blackbox.smbclient_s3 tests
      script/autobuild.py: include the branch name in the output
      WHATSNEW: Release notes for Samba 4.5.0rc3.
      VERSION: Disable git snapshots for the 4.5.0rc3 release.
      WHATSNEW: Release notes for Samba 4.5.0rc3.
      VERSION: Disable git snapshots for the 4.5.0rc3 release.
      VERSION: Bump version up to 4.5.0rc4...
      WHATSNEW: Start release notes for Samba 4.5.0rc4.
      script/release.sh: use 8 byte gpg key ids
      Merge tag 'samba-4.5.0rc3' into v4-5-test
      gensec/spnego: work around missing server mechListMIC in SMB servers
      WHATSNEW: Add release notes for Samba 4.5.0.
      VERSION: Set version to 4.5.0...
      VERSION: Bump version up to 4.5.1...
      s3:nmbd: fix talloc_zero_array() check in nmbd_packets.c
      HEIMDAL:lib/krb5: destroy a memory ccache on reinit
      s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
      s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
      Merge tag 'samba-4.5.1' into v4-5-test
      s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file

Tom Mortensen (2):
      nss_wins: ip_pton expects the raw IP address
      nss_wins: Fix the hostent setup

Uri Simchoni (74):
      selftest: run net ads join test in a private client env
      selftest: add some test cases to net ads join
      build: fix disk-free quota support on Solaris 10
      build: improve comments in tests/oldquotas.c
      smbd: remove quota support for some ancient OSs
      build: fix build when --without-quota specified
      vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set
      seltest: add test for "ignore system acls" in vfs_acl_xattr.
      lib/util: fix function comment
      s3-profile: reduce dependencies of smbprofile.h
      s3-profile: add PROFILE_TIMESTAMP macro
      asys: call clock_gettime_mono() only on profile-enabled build
      vfs_aio_linux: call clock_gettime_mono() only on profile-enabled build
      vfs_aio_fork: call clock_gettime_mono() only on profile-enabled build
      vfs_glusterfs: call clock_gettime_mono() only on profile-enabled build
      nt-quotas: vfs_get_ntquota() return NTSTATUS
      nt-quotas: return 0 as indication of no quota
      ntquotas - skip entry if the quota is zero
      sys-quotas: do not fail if user has no quota
      xfs-quota: do not fail if user has no quota
      nfs-quota: do not fail on ECONNREFUSED
      smbd: do not cover up VFS failures to get quota
      smbcquotas: print "NO LIMIT" only if returned quota value is 0.
      tdb: rework cleanup logic in tdb_runtime_check_for_robust_mutexes()
      libads: record session expiry for spnego sasl binds
      nt-quotas: fixup failure case for TRANSACT_GET_USER_QUOTA_FOR_SID
      xfs quotas - fix case of no quota for user
      Reset WHATSNEW.txt for 4.5.x series
      smbd: remove "only user" and "username" parameters
      WHATSNEW: Document "only user" removal
      heimdal: encode/decode kvno as signed integer
      s3-quotas: fix sysquotas_4B quota fetching for BSD
      heimdal make kvno unisgned internally
      s3-sysquotas-linux: remove support for old interfaces
      s3-sysquotas-linux: remove check for EDQUOT on getting user quota
      s3-sysquotas-linux - cleanup
      vfs_fake_dfq: add more mocking options
      selftest: add disk-free quota tests
      smbd: dfree - ignore quota if not enforced
      s3-sysquotas-linux: do not check for EDQUOT
      selftest: remove test for EDQUOT returned from quota backend
      vfs_fake_dfq - remove support for generating EDQUOT
      s3-sysquotas: remove special handling of EDQUOT
      s3-dfree-quota: remove special handling of EDQUOT
      selftest: Add test for domain join + kerberos-only auth
      s3-libads: fix a memory leak in ads_sasl_spnego_bind()
      auth: fix a memory leak in gssapi_get_session_key()
      quotas: small cleanup
      smbd: get a valid file stat to disk_quotas
      smbd: use owner uid for free disk calculation if owner is inherited
      selftest: refactor test_dfree_quota.sh - add share parameter
      selftest: add tests for dfree with inherit owner enabled
      s4-smbtorture: use standard macros in smb2.read test
      s4-selftest: add functions which create with desired access
      s4-selftest: add test for read access check
      seltest: implicit FILE_READ_DATA non-reporting
      seltest: allow opening files with arbitrary rights in smb2.ioctl tests
      s4-smbtorture: pin copychunk exec right behavior
      smbd: look only at handle readability for COPYCHUNK dest
      smbd: allow reading files based on FILE_EXECUTE access right
      s2-selftest: run shadow_copy2 test both in NT1 and SMB3 modes
      selftest: add content to files created during shadow_copy2 test
      selftest: check file readability in shadow_copy2 test
      selftest: test listing directories inside snapshots
      vfs_shadow_copy: handle non-existant files and wildcards
      s3-sysquotas: correctly restore path when finding mount point
      s3-cliquota: correctly handle no-more-entries
      smbcquotas: fix error message listing quotas
      cliquota: fix param count when setting fs quota
      smbd: free talloc context if no quota records are available
      ntquotas: support "freeing" an empty quota list
      selftest: test NTLM user at realm authentication
      winbindd: do not modify credentials in NTLM passthrough
      smbd: in ntlm auth, do not map empty domain in case of \user at realm

Volker Lendecke (143):
      vfs_united_media: Fix CID 1355492 Uninitialized scalar variable
      smbd: Avoid an "else"
      smbd: Prevent a crash
      libads: Fix CID 1356316 Uninitialized pointer read
      crypto: Fix CID 1356314 Resource leak
      lib: Fix CID 1356315 Dereference before null check
      ctdb: Fix CID 1356313 Explicit null dereferenced
      libsmb: Fix CID 1356312 Explicit null dereferenced
      winbind: Fix CID 1357100 Unchecked return value
      torture: Fix the O3 developer build
      idmap: Factor out lp_scan_idmap_domains()
      winbind: Introduce id_map_ptrs_init
      winbind: Do per-domain xids2sids calls
      winbind: Add idmap_backend_unixids_to_sids
      winbind: Pass down the domain name to xids2sids
      winbind: Use plural xids2sids in _wbint_UnixIDs2Sids
      winbind: Remove unused idmap_[ug]id_to_sid
      winbind: Remove unused idmap_backends_unixid_to_sid
      winbind: Fix a typo in a wrong comment...
      pam_winbind: Avoid a use of sprintf
      docs: build idmap_script.8 by default
      docs: Mention _NO_WINBINDD in idmap_script.8
      nwrap: Fix the build on Solaris
      vfs_catia: Align loop index with terminator
      vfs_catia: Fix bug 11827, memleak
      tdb mutex check: Fix CID 1358473 Uninitialized scalar variable
      idmap_ad: Separate out the nss functions
      tldap: Add tldap_get/set_stream
      tldap: Add tldap_gensec_bind
      winbind: Add wb_dsgetdcname_gencache_[gs]et
      winbind: handle DC_NOT_FOUND in wb_sids2xids
      winbind: handle DC_NOT_FOUND in wb_xids2sids
      winbind: Base idmap_ad on tldap
      pdb_ldap: Don't use autofree if "mods" still changes
      ctdbd_conn: Adapt loop counter's type to the loop limit
      ctdbd_conn: Use sys_poll_intr
      ctdbd_conn: Use ctdbd_init_connection in ctdbd_probe
      ctdbd_conn: Make ctdbd_init_connection public
      lib: Use ctdbd_init_connection in messaging_ctdbd_init
      ctdbd_conn: Remove unused ctdbd_messaging_connection
      lib: Move ctdbd_init_connection out of ctdbd_traverse()
      lib: serverid.h references struct server_id
      ctdbd_conn: Avoid "includes.h"
      ctdbd_conn: Use ctdbd_control_local where possible
      ctdbd: Use talloc_memdup where appropriate
      ctdbd_conn: Add some more debug info
      ctdbd_conn: Make "cstatus" int32_t
      dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND
      smbd: Avoid large reads beyond EOF
      docs: Fix an outdated remark, tdbsam is default
      lib: The base64 chars are by definition single-byte :-)
      lib: =0 and |= is equivalent to =
      lib: Make callers of base64_encode_data_blob check for success
      lib: Remove SMB_ASSERT from base64_encode_data_blob
      lib: Give base64.c its own .h
      lib: Avoid includes.h in base64.c
      smbd: Remove an unused #define
      smbd: Fix an assert
      ctdb: Improve debug in case of set_runstate failure
      ctdb: Fix the O3 developer build
      lib: Fix a signed/unsigned mixup
      lib: Fix some whitespace
      torture: Remove a use of get_my_vnn()
      ctdbd_conn: remove ctdb_processes_exist
      ctdbd_conn: Simplify two DEBUGs
      ctdbd_conn: "sockname" is not needed anymore
      ctdbd_conn: Expose ctdb socket readability handler
      lib: Move async message handling out of ctdbd_conn
      dbwrap_ctdb: Align loop index with terminator
      dbwrap_ctdb: Add "conn" to db_ctdb_ctx
      dbwrap_ctdb: Pass in ctdbd_connection
      dbwrap: Add "msg_ctx" to db_open_ctdb
      ctdbd_conn: Remove messages.h dependency
      dbwrap_ctdb: Fix some 32-bit hickups
      dbwrap_ctdb: Remove get_my_vnn dependency
      ctdb: Fix CID 1361817 Dereference after null check
      ctdb: Fix CID 1327222 Copy into fixed size buffer
      vfs_fileid: Fix a signed/unsigned mixup
      vfs_fruit: Fix a few signed/unsigned mixups
      samdb: Improve debugging in acl_validate_spn_value()
      drsuapi: Improve debug in DsWriteAccountSpn
      dsdb: Simplify acl_validate_spn_value
      lib: Move msghdr to lib/util/
      lib: Move poll_funcs to lib/
      lib: Add accept_send/recv
      lib: Fix CID 1362566 Dereference null return value
      rpc_server: Fix CID 1362565 Improper use of negative value
      libsmb: Fix two CIDs for NULL dereference
      lib: Fix a signed/unsigned mixup
      libreplace: Add a closefrom() implementation
      lib: Add a little closefrom() test
      smbd: Fix a signed/unsigned hickup
      smbd: Fix a valgrind error
      libnet: Fix CID 1362934: CHECKED_RETURN
      ldb: Fix CID 1362935: CHECKED_RETURN
      dsdb: Fix CID 1363810: Null pointer dereferences
      lib: Print own pid in messaging_init
      lib: Avoid a "procid_is_local" call
      lib: Allow NULL blob for messaging_send()
      tdb: Don't malloc for every record in traverse
      lib: Add server_id_watch_send
      dbwrap: Add "blocker" to record_watch_send
      g_lock: Use "blocker" argument to dbwrap_record_watch_send
      dbwrap: Add overflow protection to dbwrap_record_watchers_key()
      dbwrap: Add an alternative implementation of dbwrap_watch_record_send
      lib: Convert g_lock to new dbwrap_watch
      smbd: Convert locking.tdb to new dbwrap_watch
      smbd: Convert smbXsrv_open_global.tdb to new dbwrap_watch
      smbd: Remove a reference to dbwrap_watch_db()
      dbwrap: Remove dbwrap_watchers.tdb based code
      lib: Fix a signed/unsigned mixup
      smbd: Don't stop sending to children when one send fails
      smbd: sconn->sys_notify_ctx is not used
      smbd: Factor out notify_init
      smbd: Add fsp_fullbasepath
      smbd: Avoid a talloc_asprintf
      smbd: Add "path" to notify_remove
      smbd: "path" is no longer needed in notify_list
      smbd: Make notify_callback() public
      smbd: There's only one notify_callback
      smbd: Pass "sconn" via notify to notify_callback()
      smbd: Protect notify_callback from stray pointers
      smbd: Remove "listel" from notify_msg
      notify_msg: Deregister handler upon talloc_free
      smbd: Remember notifyd's serverid
      smbd: Log which notifyd was found
      smbd: Store notify filters in fsp->notify
      smbd: Restart notifyd
      smbd: Re-register notify requests
      notifyd: Move BlockSignals calls to server.c
      smbd: Enable leases by default
      tevent: Save 32 bytes of .text in tevent_req_create
      tevent: Save 140 bytes of .text in tevent_req_create
      tevent: Add overflow protection to tevent_req_create
      dsdb: Fix CID 1364520 Incorrect expression (EVALUATION_ORDER)
      lib: Move "message_send_all" to serverid.c
      fss_agent: Fix a signed/unsigned mixup
      smbd: Reset O_NONBLOCK on open files
      gencache: Bail out of stabilize if we can not get the allrecord lock
      glusterfs: Avoid tevent_internal.h
      spoolss: Fix caching of printername->sharename
      lib: Fix bug 12291
      kcc: Fix a -Werror,-Wformat-security error

Yan, Zheng (2):
      s3: vfs: generalize functions that set/get posix acl through xattr
      s3: vfs: ceph: Add posix acl support

martijn van brummelen (1):
      ctdb-doc: Add ctdb_diagnostics man page


No new revisions were added by this update.

Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git

More information about the Pkg-samba-maint mailing list