diff --git a/SOURCES/samba-4.10-redhat.patch b/SOURCES/samba-4.10-redhat.patch
index 548e410..9fcade9 100644
--- a/SOURCES/samba-4.10-redhat.patch
+++ b/SOURCES/samba-4.10-redhat.patch
@@ -1,7 +1,7 @@
From 9aa816f5017bd38cbb9af2af5a7c385647e4f76d Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Tue, 7 Jan 2020 19:25:53 +0200
-Subject: [PATCH 01/38] s3-rpcserver: fix security level check for
+Subject: [PATCH 01/45] s3-rpcserver: fix security level check for
DsRGetForestTrustInformation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
@@ -80,13 +80,13 @@ index d799ba4feef..87613b99fde 100644
}
--
-2.28.0
+2.29.2
From e71fddb9ad5275a222d96bdcee06571a9a8c73c8 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 16:50:45 +0200
-Subject: [PATCH 02/38] Add a test to check dNSHostName with netbios aliases
+Subject: [PATCH 02/45] Add a test to check dNSHostName with netbios aliases
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -132,13 +132,13 @@ index 95c0cf76f90..6073ea972f9 100755
# Test createcomputer option of 'net ads join'
#
--
-2.28.0
+2.29.2
From e80e373485818eb7faebf5c9aae10d82fbc4e2e2 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 15:52:46 +0200
-Subject: [PATCH 03/38] Fix accidental overwrite of dnsHostName by the last
+Subject: [PATCH 03/45] Fix accidental overwrite of dnsHostName by the last
netbios alias
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -186,13 +186,13 @@ index 9d4f656ffec..a31011b0ff8 100644
status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
goto done;
--
-2.28.0
+2.29.2
From 7ca5f9b2956ec41777837a7e14800a4345505ed6 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 24 Oct 2019 19:04:51 +0300
-Subject: [PATCH 04/38] Refactor ads_keytab_add_entry() to make it iterable
+Subject: [PATCH 04/45] Refactor ads_keytab_add_entry() to make it iterable
so we can more easily add msDS-AdditionalDnsHostName entries.
@@ -453,13 +453,13 @@ index 97d5535041c..0f450a09df5 100644
out:
SAFE_FREE(salt_princ_s);
--
-2.28.0
+2.29.2
From 087d6dd4c4f25860643ab5920a1b2c0c70e5551b Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 17:55:12 +0200
-Subject: [PATCH 05/38] Add a test for msDS-AdditionalDnsHostName entries in
+Subject: [PATCH 05/45] Add a test for msDS-AdditionalDnsHostName entries in
keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -501,13 +501,13 @@ index 6073ea972f9..a40b477a173 100755
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
--
-2.28.0
+2.29.2
From 1ae32dddad89cdb75ae2c8fb3e7378ce6f5ad6af Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 15:36:28 +0200
-Subject: [PATCH 06/38] Add msDS-AdditionalDnsHostName entries to the keytab
+Subject: [PATCH 06/45] Add msDS-AdditionalDnsHostName entries to the keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -648,13 +648,13 @@ index db2b72ab1b5..02a628ee0e6 100644
{
LDAPMessage *res = NULL;
--
-2.28.0
+2.29.2
From 939b9265a533393189ef3c513e77b2cb009a51d5 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 15:54:12 +0200
-Subject: [PATCH 07/38] Add net-ads-join dnshostname=fqdn option
+Subject: [PATCH 07/45] Add net-ads-join dnshostname=fqdn option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -794,13 +794,13 @@ index a40b477a173..85257f445d8 100755
exit $failed
--
-2.28.0
+2.29.2
From 25a6679a5260dafde7a7d2aed9bfe43eaf083b1c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 16:04:57 +0200
-Subject: [PATCH 08/38] CVE-2020-1472(ZeroLogon): libcli/auth: add
+Subject: [PATCH 08/45] CVE-2020-1472(ZeroLogon): libcli/auth: add
netlogon_creds_random_challenge()
It's good to have just a single isolated function that will generate
@@ -851,13 +851,13 @@ index 82febe74440..82797d453ed 100644
void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);
--
-2.28.0
+2.29.2
From 1e8ad7efe35d8b79fef387ff709d6a499565c39a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 16:07:30 +0200
-Subject: [PATCH 09/38] CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of
+Subject: [PATCH 09/45] CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of
netlogon_creds_random_challenge()
This will avoid getting flakey tests once our server starts to
@@ -1007,13 +1007,13 @@ index 026d86d50e4..e11014922f8 100644
torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
"ServerReqChallenge");
--
-2.28.0
+2.29.2
From 74ee204ad4647d0d7a2097124652cbcd43406c7d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 16:08:38 +0200
-Subject: [PATCH 10/38] CVE-2020-1472(ZeroLogon): libcli/auth: make use of
+Subject: [PATCH 10/45] CVE-2020-1472(ZeroLogon): libcli/auth: make use of
netlogon_creds_random_challenge() in netlogon_creds_cli.c
This will avoid getting rejected by the server if we generate
@@ -1041,13 +1041,13 @@ index 817d2cd041a..0f6ca11ff96 100644
subreq = dcerpc_netr_ServerReqChallenge_send(state, state->ev,
state->binding_handle,
--
-2.28.0
+2.29.2
From 10196846d019d0e2ccef51f32ddd39fc17ca60aa Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 16:10:53 +0200
-Subject: [PATCH 11/38] CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make
+Subject: [PATCH 11/45] CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make
use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
@@ -1074,13 +1074,13 @@ index 87613b99fde..86b2f343e82 100644
*r->out.return_credentials = pipe_state->server_challenge;
--
-2.28.0
+2.29.2
From 215aca6d11b900ee3cf11568d27bce77e0567653 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 16:10:53 +0200
-Subject: [PATCH 12/38] CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make
+Subject: [PATCH 12/45] CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make
use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
@@ -1107,13 +1107,13 @@ index 023adfd99e9..de260d8051d 100644
*r->out.return_credentials = pipe_state->server_challenge;
--
-2.28.0
+2.29.2
From 4551bf623426e8c543b287807d447feb69bb0f09 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 16:15:26 +0200
-Subject: [PATCH 13/38] CVE-2020-1472(ZeroLogon): libcli/auth: add
+Subject: [PATCH 13/45] CVE-2020-1472(ZeroLogon): libcli/auth: add
netlogon_creds_is_random_challenge() to avoid weak values
This is the check Windows is using, so we won't generate challenges,
@@ -1177,13 +1177,13 @@ index 82797d453ed..ad768682b9f 100644
void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
--
-2.28.0
+2.29.2
From f7e09421ace8fe60c0110770d909800d21ae6c8e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 16:17:29 +0200
-Subject: [PATCH 14/38] CVE-2020-1472(ZeroLogon): libcli/auth: reject weak
+Subject: [PATCH 14/45] CVE-2020-1472(ZeroLogon): libcli/auth: reject weak
client challenges in netlogon_creds_server_init()
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:
@@ -1262,13 +1262,13 @@ index d319d9b879e..394505d166d 100644
)
--
-2.28.0
+2.29.2
From 6bc86fb69bf50c89a334fd2dcbce6999a2360fb7 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 19:20:25 +0200
-Subject: [PATCH 15/38] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon:
+Subject: [PATCH 15/45] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon:
protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
@@ -1357,13 +1357,13 @@ index de260d8051d..acbf077c6c7 100644
ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
--
-2.28.0
+2.29.2
From 1f8dec1cbb37f3406d999425590f8a923586ccac Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 16 Sep 2020 12:53:50 -0700
-Subject: [PATCH 16/38] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon:
+Subject: [PATCH 16/45] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon:
protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
@@ -1502,13 +1502,13 @@ index 86b2f343e82..fd9127b386f 100644
p->session_info,
p->msg_ctx,
--
-2.28.0
+2.29.2
From 2ad269be74481789ded62a3dcb538709c6d6e291 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 10:18:45 +0200
-Subject: [PATCH 17/38] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon:
+Subject: [PATCH 17/45] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon:
refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
@@ -1585,13 +1585,13 @@ index acbf077c6c7..b4326a4ecaa 100644
/*
--
-2.28.0
+2.29.2
From 57941290adb9a2fd4be9aa4a70f879a684b38dfd Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2020 10:56:53 +0200
-Subject: [PATCH 18/38] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon:
+Subject: [PATCH 18/45] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon:
support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
@@ -1632,13 +1632,13 @@ index b4326a4ecaa..e7bafb31e83 100644
*creds_out = creds;
return NT_STATUS_OK;
--
-2.28.0
+2.29.2
From 779b37e825fe406892ff77be18c098d314cd387d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 17 Sep 2020 13:37:26 +0200
-Subject: [PATCH 19/38] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log
+Subject: [PATCH 19/45] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log
warnings about unsecure configurations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
@@ -1759,13 +1759,13 @@ index e7bafb31e83..7668a9eb923 100644
return NT_STATUS_OK;
}
--
-2.28.0
+2.29.2
From 60b83fbda31c53c592a02f0ed43356a912021021 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 17 Sep 2020 14:57:22 +0200
-Subject: [PATCH 20/38] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon:
+Subject: [PATCH 20/45] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon:
refactor dcesrv_netr_creds_server_step_check()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
@@ -1860,13 +1860,13 @@ index fd9127b386f..8541571b459 100644
--
-2.28.0
+2.29.2
From c0a188b2696edb8f3ae9f7f56a820b11358bad98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 17 Sep 2020 14:23:16 +0200
-Subject: [PATCH 21/38] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon:
+Subject: [PATCH 21/45] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon:
support "server require schannel:WORKSTATION$ = no"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
@@ -1911,13 +1911,13 @@ index 8541571b459..f9b10103bd5 100644
*creds_out = creds;
return NT_STATUS_OK;
--
-2.28.0
+2.29.2
From c9550b81b55316cf5d667502885fc248a5999fb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 17 Sep 2020 14:42:52 +0200
-Subject: [PATCH 22/38] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log
+Subject: [PATCH 22/45] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log
warnings about unsecure configurations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
@@ -2039,13 +2039,13 @@ index f9b10103bd5..7f6704adbda 100644
return NT_STATUS_OK;
}
--
-2.28.0
+2.29.2
From 63f03e2e29e81f890a5d88c726cced6d3e7bbf5d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 17 Sep 2020 17:27:54 +0200
-Subject: [PATCH 23/38] CVE-2020-1472(ZeroLogon): docs-xml: document 'server
+Subject: [PATCH 23/45] CVE-2020-1472(ZeroLogon): docs-xml: document 'server
require schannel:COMPUTERACCOUNT'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
@@ -2141,13 +2141,13 @@ index 489492d79b1..b682d086f76 100644
+
</samba:parameter>
--
-2.28.0
+2.29.2
From 8a40da45b7f4e7a9110daf010383c4fce30bd9b6 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Fri, 18 Sep 2020 12:39:54 +1200
-Subject: [PATCH 24/38] CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty
+Subject: [PATCH 24/45] CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty
machine acct pwd
Ensure that an empty machine account password can't be set by
@@ -2240,13 +2240,13 @@ index e11014922f8..0ba45f0c1da 100644
/* now try a random password */
password = generate_random_password(tctx, 8, 255);
--
-2.28.0
+2.29.2
From 341a448cb69557410fa79dbb8a3d4adbab79d5b6 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Fri, 18 Sep 2020 15:57:34 +1200
-Subject: [PATCH 25/38] CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated
+Subject: [PATCH 25/45] CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated
bytes in client challenge
Ensure that client challenges with the first 5 bytes identical are
@@ -2615,13 +2615,13 @@ index 0ba45f0c1da..97c16688bc9 100644
}
--
-2.28.0
+2.29.2
From 268303632f79d7395b452172c06b25ad68fe35fb Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 10 Jul 2020 15:09:33 -0700
-Subject: [PATCH 26/38] s4: torture: Add smb2.notify.handle-permissions test.
+Subject: [PATCH 26/45] s4: torture: Add smb2.notify.handle-permissions test.
Add knownfail entry.
@@ -2744,13 +2744,13 @@ index ebb4f8a4f8e..b017491c8fb 100644
suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests");
--
-2.28.0
+2.29.2
From 448d4e99f8883a07589264cfca474c3dff8b5942 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 7 Jul 2020 18:25:23 -0700
-Subject: [PATCH 27/38] s3: smbd: Ensure change notifies can't get set unless
+Subject: [PATCH 27/45] s3: smbd: Ensure change notifies can't get set unless
the directory handle is open for SEC_DIR_LIST.
Remove knownfail entry.
@@ -2795,13 +2795,13 @@ index 44c0b09432e..d23c03bce41 100644
DEBUG(1, ("change_notify_create: fsp->notify != NULL, "
"fname = %s\n", fsp->fsp_name->base_name));
--
-2.28.0
+2.29.2
From 041c86926999594f13b884522b1d9fcc65f92a52 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 9 Jul 2020 21:49:25 +0200
-Subject: [PATCH 28/38] CVE-2020-14323 winbind: Fix invalid lookupsids DoS
+Subject: [PATCH 28/45] CVE-2020-14323 winbind: Fix invalid lookupsids DoS
A lookupsids request without extra_data will lead to "state->domain==NULL",
which makes winbindd_lookupsids_recv trying to dereference it.
@@ -2829,13 +2829,13 @@ index d28b5fa9f01..a289fd86f0f 100644
}
if (request->extra_data.data[request->extra_len-1] != '\0') {
--
-2.28.0
+2.29.2
From e6e77a3a503f9223ecbc2d32a1d24e20f834659f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 9 Jul 2020 21:48:57 +0200
-Subject: [PATCH 29/38] CVE-2020-14323 torture4: Add a simple test for invalid
+Subject: [PATCH 29/45] CVE-2020-14323 torture4: Add a simple test for invalid
lookup_sids winbind call
We can't add this test before the fix, add it to knownfail and have the fix
@@ -2897,13 +2897,13 @@ index 9745b621ca9..71f248c0d61 100644
suite->description = talloc_strdup(suite, "WINBIND - struct based protocol tests");
--
-2.28.0
+2.29.2
From 2b4763940d1826a2b4e5eaa1e2df338004cd9af0 Mon Sep 17 00:00:00 2001
From: Laurent Menase <laurent.menase@hpe.com>
Date: Wed, 20 May 2020 12:31:53 +0200
-Subject: [PATCH 30/38] winbind: Fix a memleak
+Subject: [PATCH 30/45] winbind: Fix a memleak
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14388
Signed-off-by: Laurent Menase <laurent.menase@hpe.com>
@@ -2931,13 +2931,13 @@ index 556b4523866..325ba1abd82 100644
}
--
-2.28.0
+2.29.2
From accc423a4eb9170ab0dbe4b2ba90ce83790e7a16 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 17 Aug 2020 13:39:58 +0200
-Subject: [PATCH 31/38] s3:tests: Add test for 'valid users = DOMAIN\%U'
+Subject: [PATCH 31/45] s3:tests: Add test for 'valid users = DOMAIN\%U'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
@@ -2989,13 +2989,13 @@ index 1a46f11c85d..c813a8f9def 100755
+
exit $failed
--
-2.28.0
+2.29.2
From 1c594e3734e3ffd2dfc615897ac95792878f2df4 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 17 Aug 2020 14:12:48 +0200
-Subject: [PATCH 32/38] s3:smbd: Fix %U substitutions if it contains a domain
+Subject: [PATCH 32/45] s3:smbd: Fix %U substitutions if it contains a domain
name
'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer
@@ -3050,13 +3050,13 @@ index 3cbf7f318a2..0705e197975 100644
if (sharename != NULL) {
name = talloc_string_sub(mem_ctx, name, "%S", sharename);
--
-2.28.0
+2.29.2
From d93ddae23e1b378f771134e93d1b15e61e2278af Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 9 Jul 2020 11:48:26 +0200
-Subject: [PATCH 33/38] docs: Fix documentation for require_membership_of of
+Subject: [PATCH 33/45] docs: Fix documentation for require_membership_of of
pam_winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
@@ -3088,13 +3088,13 @@ index a9a227f1647..a61fb2d58e5 100644
<para>
--
-2.28.0
+2.29.2
From c9aea952eb3f8d83701abd6db4d48c8d93a8517a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 17 Jul 2020 12:14:16 +0200
-Subject: [PATCH 34/38] docs: Fix documentation for require_membership_of of
+Subject: [PATCH 34/45] docs: Fix documentation for require_membership_of of
pam_winbind.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
@@ -3127,13 +3127,13 @@ index fcac1ee7036..d81a0bd6eba 100644
<para>This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key-based login).</para>
</listitem>
--
-2.28.0
+2.29.2
From b04be6ffd3a1c9eda1f1dc78d60ad7b3a9b7471d Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 11 Jun 2020 21:05:07 +0300
-Subject: [PATCH 35/38] Fix a typo in recent net man page changes
+Subject: [PATCH 35/45] Fix a typo in recent net man page changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
@@ -3158,13 +3158,13 @@ index 69e18df8b6c..9b1d4458acc 100644
</para>
--
-2.28.0
+2.29.2
From a5a7dac759c2570861732c68efefb62371a29565 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Tue, 16 Jun 2020 22:01:49 +0300
-Subject: [PATCH 36/38] selftest: add tests for binary
+Subject: [PATCH 36/45] selftest: add tests for binary
msDS-AdditionalDnsHostName
Like the short names added implicitly by Windows DC.
@@ -3236,13 +3236,13 @@ index 85257f445d8..eef4a31a6a7 100755
rm -f $dedicated_keytab_file
--
-2.28.0
+2.29.2
From 2769976aaa13474d2b5ee7b58ee17d5824dfa5a2 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 11 Jun 2020 16:51:27 +0300
-Subject: [PATCH 37/38] Properly handle msDS-AdditionalDnsHostName returned
+Subject: [PATCH 37/45] Properly handle msDS-AdditionalDnsHostName returned
from Windows DC
Windows DC adds short names for each specified msDS-AdditionalDnsHostName
@@ -3330,13 +3330,13 @@ index 02a628ee0e6..2684bba63ec 100644
DEBUG(1, ("Host account for %s does not have msDS-AdditionalDnsHostName.\n",
machine_name));
--
-2.28.0
+2.29.2
From 9727953d482a3849d4ac1f40486bc567f6b77067 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 20 Jun 2020 17:17:33 +0200
-Subject: [PATCH 38/38] Fix usage of ldap_get_values_len for
+Subject: [PATCH 38/45] Fix usage of ldap_get_values_len for
msDS-AdditionalDnsHostName
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
@@ -3372,5 +3372,565 @@ index 2684bba63ec..d1ce9cee2f0 100644
return NULL;
}
--
-2.28.0
+2.29.2
+
+
+From ec4cfe786d8c3cb67bb0e9224ae1822902c672d3 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris@gmail.com>
+Date: Tue, 15 Dec 2020 15:17:04 +0100
+Subject: [PATCH 39/45] HACK:s3:winbind: Rely on the domain child for online
+ check
+
+---
+ source3/winbindd/winbindd_cm.c | 9 +++++++++
+ source3/winbindd/winbindd_dual.c | 3 +++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
+index 4bd03ed8b7a..502331f7260 100644
+--- a/source3/winbindd/winbindd_cm.c
++++ b/source3/winbindd/winbindd_cm.c
+@@ -89,6 +89,8 @@
+ #undef DBGC_CLASS
+ #define DBGC_CLASS DBGC_WINBIND
+
++extern bool wb_idmap_child;
++
+ struct dc_name_ip {
+ fstring name;
+ struct sockaddr_storage ss;
+@@ -176,6 +178,13 @@ static void msg_try_to_go_online(struct messaging_context *msg,
+ continue;
+ }
+
++ if (wb_child_domain() == NULL && !wb_idmap_child) {
++ DEBUG(5,("msg_try_to_go_online: domain %s "
++ "NOT CONNECTING IN MAIN PROCESS.\n", domainname));
++ domain->online = true;
++ continue;
++ }
++
+ /* This call takes care of setting the online
+ flag to true if we connected, or re-adding
+ the offline handler if false. Bypasses online
+diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
+index 6e3277e5529..35b76a367aa 100644
+--- a/source3/winbindd/winbindd_dual.c
++++ b/source3/winbindd/winbindd_dual.c
+@@ -1612,6 +1612,8 @@ static void child_handler(struct tevent_context *ev, struct tevent_fd *fde,
+ }
+ }
+
++bool wb_idmap_child;
++
+ static bool fork_domain_child(struct winbindd_child *child)
+ {
+ int fdpair[2];
+@@ -1715,6 +1717,7 @@ static bool fork_domain_child(struct winbindd_child *child)
+ setproctitle("domain child [%s]", child_domain->name);
+ } else if (child == idmap_child()) {
+ setproctitle("idmap child");
++ wb_idmap_child = true;
+ }
+
+ /* Handle online/offline messages. */
+--
+2.29.2
+
+
+From 958bed1a1e5c9f334a1859bef14f4fe1657c3e49 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 9 Sep 2020 16:00:52 +0200
+Subject: [PATCH 40/45] s3:smbd: Use fsp al the talloc memory context
+
+Somehow the lck pointer gets freed before we call TALLOC_FREE().
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Guenther Deschner <gd@samba.org>
+Reviewed-by: Alexander Bokovoy <ab@samba.org>
+---
+ source3/smbd/open.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/smbd/open.c b/source3/smbd/open.c
+index de557f53a20..9a24e331ab1 100644
+--- a/source3/smbd/open.c
++++ b/source3/smbd/open.c
+@@ -4239,7 +4239,7 @@ static NTSTATUS open_directory(connection_struct *conn,
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+- lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
++ lck = get_share_mode_lock(fsp, fsp->file_id,
+ conn->connectpath, smb_dname,
+ &mtimespec);
+
+--
+2.29.2
+
+
+From 2591ae5d6a1dbd71391801b7bdf20bd37c8e8375 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 3 Feb 2021 12:58:31 +0100
+Subject: [PATCH 41/45] Revert "s3:smbd: Use fsp al the talloc memory context"
+
+This reverts commit 958bed1a1e5c9f334a1859bef14f4fe1657c3e49.
+---
+ source3/smbd/open.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/smbd/open.c b/source3/smbd/open.c
+index 9a24e331ab1..de557f53a20 100644
+--- a/source3/smbd/open.c
++++ b/source3/smbd/open.c
+@@ -4239,7 +4239,7 @@ static NTSTATUS open_directory(connection_struct *conn,
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+- lck = get_share_mode_lock(fsp, fsp->file_id,
++ lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
+ conn->connectpath, smb_dname,
+ &mtimespec);
+
+--
+2.29.2
+
+
+From 2438619ec7ef18816f6b92c87a094851223d2bb1 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 22 Jul 2020 22:42:09 -0700
+Subject: [PATCH 42/45] nsswitch/nsstest.c: Avoid nss function conflicts with
+ glibc nss.h
+
+glibc 2.32 will define these varibles [1] which results in conflicts
+with these static function names, therefore prefix these function names
+with samba_ to avoid it
+
+[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Noel Power <npower@samba.org>
+
+Autobuild-User(master): Noel Power <npower@samba.org>
+Autobuild-Date(master): Tue Jul 28 10:52:00 UTC 2020 on sn-devel-184
+
+(cherry picked from commit 6e496aa3635557b59792e469f7c7f8eccd822322)
+---
+ nsswitch/nsstest.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c
+index 6d92806cffc..46f96795f39 100644
+--- a/nsswitch/nsstest.c
++++ b/nsswitch/nsstest.c
+@@ -137,7 +137,7 @@ static struct passwd *nss_getpwuid(uid_t uid)
+ return &pwd;
+ }
+
+-static void nss_setpwent(void)
++static void samba_nss_setpwent(void)
+ {
+ NSS_STATUS (*_nss_setpwent)(void) =
+ (NSS_STATUS(*)(void))find_fn("setpwent");
+@@ -152,7 +152,7 @@ static void nss_setpwent(void)
+ }
+ }
+
+-static void nss_endpwent(void)
++static void samba_nss_endpwent(void)
+ {
+ NSS_STATUS (*_nss_endpwent)(void) =
+ (NSS_STATUS (*)(void))find_fn("endpwent");
+@@ -284,7 +284,7 @@ again:
+ return &grp;
+ }
+
+-static void nss_setgrent(void)
++static void samba_nss_setgrent(void)
+ {
+ NSS_STATUS (*_nss_setgrent)(void) =
+ (NSS_STATUS (*)(void))find_fn("setgrent");
+@@ -299,7 +299,7 @@ static void nss_setgrent(void)
+ }
+ }
+
+-static void nss_endgrent(void)
++static void samba_nss_endgrent(void)
+ {
+ NSS_STATUS (*_nss_endgrent)(void) =
+ (NSS_STATUS (*)(void))find_fn("endgrent");
+@@ -396,7 +396,7 @@ static void nss_test_users(void)
+ {
+ struct passwd *pwd;
+
+- nss_setpwent();
++ samba_nss_setpwent();
+ /* loop over all users */
+ while ((pwd = nss_getpwent())) {
+ printf("Testing user %s\n", pwd->pw_name);
+@@ -418,14 +418,14 @@ static void nss_test_users(void)
+ printf("initgroups: "); nss_test_initgroups(pwd->pw_name, pwd->pw_gid);
+ printf("\n");
+ }
+- nss_endpwent();
++ samba_nss_endpwent();
+ }
+
+ static void nss_test_groups(void)
+ {
+ struct group *grp;
+
+- nss_setgrent();
++ samba_nss_setgrent();
+ /* loop over all groups */
+ while ((grp = nss_getgrent())) {
+ printf("Testing group %s\n", grp->gr_name);
+@@ -446,7 +446,7 @@ static void nss_test_groups(void)
+ printf("getgrgid: "); print_group(grp);
+ printf("\n");
+ }
+- nss_endgrent();
++ samba_nss_endgrent();
+ }
+
+ static void nss_test_errors(void)
+--
+2.29.2
+
+
+From d5410b038bb3b1d31783c0d825dc933497f6eeaa Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 3 Feb 2021 10:30:08 +0100
+Subject: [PATCH 43/45] lib:util: Add basic memcache unit test
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+(cherry picked from commit bebbf621d6052f797c5cf19a2a9bbc13e699d3f0)
+---
+ lib/util/tests/test_memcache.c | 122 +++++++++++++++++++++++++++++++++
+ lib/util/wscript_build | 6 ++
+ selftest/tests.py | 2 +
+ 3 files changed, 130 insertions(+)
+ create mode 100644 lib/util/tests/test_memcache.c
+
+diff --git a/lib/util/tests/test_memcache.c b/lib/util/tests/test_memcache.c
+new file mode 100644
+index 00000000000..8ea5e5b042e
+--- /dev/null
++++ b/lib/util/tests/test_memcache.c
+@@ -0,0 +1,122 @@
++/*
++ * Unix SMB/CIFS implementation.
++ *
++ * Copyright (C) 2021 Andreas Schneider <asn@samba.org>
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program. If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <stdarg.h>
++#include <stddef.h>
++#include <stdint.h>
++#include <setjmp.h>
++#include <cmocka.h>
++
++#include "lib/replace/replace.h"
++#include "lib/util/talloc_stack.h"
++#include "lib/util/memcache.h"
++
++static int setup_talloc_context(void **state)
++{
++ TALLOC_CTX *frame = talloc_stackframe();
++
++ *state = frame;
++ return 0;
++}
++
++static int teardown_talloc_context(void **state)
++{
++ TALLOC_CTX *frame = *state;
++ TALLOC_FREE(frame);
++ return 0;
++}
++
++static void torture_memcache_init(void **state)
++{
++ TALLOC_CTX *mem_ctx = *state;
++ struct memcache *cache = NULL;
++
++ cache = memcache_init(mem_ctx, 0);
++ assert_non_null(cache);
++
++ TALLOC_FREE(cache);
++
++ cache = memcache_init(mem_ctx, 10);
++ assert_non_null(cache);
++
++ TALLOC_FREE(cache);
++}
++
++static void torture_memcache_add_lookup_delete(void **state)
++{
++ TALLOC_CTX *mem_ctx = *state;
++ struct memcache *cache = NULL;
++ DATA_BLOB key1, key2;
++ char *path1 = NULL, *path2 = NULL;
++
++ cache = memcache_init(mem_ctx, 0);
++ assert_non_null(cache);
++
++ key1 = data_blob_const("key1", 4);
++ path1 = talloc_strdup(mem_ctx, "/tmp/one");
++ assert_non_null(path1);
++
++ key2 = data_blob_const("key2", 4);
++ path2 = talloc_strdup(mem_ctx, "/tmp/two");
++ assert_non_null(path1);
++
++ memcache_add_talloc(cache, GETWD_CACHE, key1, &path1);
++ assert_null(path1);
++
++ memcache_add_talloc(cache, GETWD_CACHE, key2, &path2);
++ assert_null(path2);
++
++ path1 = memcache_lookup_talloc(cache, GETWD_CACHE, key1);
++ assert_non_null(path1);
++ assert_string_equal(path1, "/tmp/one");
++
++ path2 = memcache_lookup_talloc(cache, GETWD_CACHE, key2);
++ assert_non_null(path2);
++ assert_string_equal(path2, "/tmp/two");
++
++ memcache_delete(cache, GETWD_CACHE, key1);
++ path1 = memcache_lookup_talloc(cache, GETWD_CACHE, key1);
++ assert_null(path1);
++
++ memcache_flush(cache, GETWD_CACHE);
++ path2 = memcache_lookup_talloc(cache, GETWD_CACHE, key2);
++ assert_null(path2);
++
++ TALLOC_FREE(cache);
++}
++
++int main(int argc, char *argv[])
++{
++ int rc;
++ const struct CMUnitTest tests[] = {
++ cmocka_unit_test(torture_memcache_init),
++ cmocka_unit_test(torture_memcache_add_lookup_delete),
++ };
++
++ if (argc == 2) {
++ cmocka_set_test_filter(argv[1]);
++ }
++ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
++
++ rc = cmocka_run_group_tests(tests,
++ setup_talloc_context,
++ teardown_talloc_context);
++
++ return rc;
++}
+diff --git a/lib/util/wscript_build b/lib/util/wscript_build
+index fd3027eff77..229dbd5ef6a 100644
+--- a/lib/util/wscript_build
++++ b/lib/util/wscript_build
+@@ -256,3 +256,9 @@ else:
+ deps='cmocka replace talloc samba-util',
+ local_include=False,
+ install=False)
++
++ bld.SAMBA_BINARY('test_memcache',
++ source='tests/test_memcache.c',
++ deps='cmocka replace talloc samba-util',
++ local_include=False,
++ install=False)
+diff --git a/selftest/tests.py b/selftest/tests.py
+index e7639c4da27..e3f7d9acb4a 100644
+--- a/selftest/tests.py
++++ b/selftest/tests.py
+@@ -254,6 +254,8 @@ plantestsuite("samba.unittests.ms_fnmatch", "none",
+ [os.path.join(bindir(), "default/lib/util/test_ms_fnmatch")])
+ plantestsuite("samba.unittests.util_paths", "none",
+ [os.path.join(bindir(), "default/lib/util/test_util_paths")])
++plantestsuite("samba.unittests.memcache", "none",
++ [os.path.join(bindir(), "default/lib/util/test_memcache")])
+ plantestsuite("samba.unittests.ntlm_check", "none",
+ [os.path.join(bindir(), "default/libcli/auth/test_ntlm_check")])
+ plantestsuite("samba.unittests.test_registry_regfio", "none",
+--
+2.29.2
+
+
+From 7f6661b3c60319073d7fd58906b9a3728f421fed Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 3 Feb 2021 10:37:12 +0100
+Subject: [PATCH 44/45] lib:util: Add cache oversize test for memcache
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+(cherry picked from commit 00543ab3b29e3fbfe8314e51919629803e14ede6)
+---
+ lib/util/tests/test_memcache.c | 39 ++++++++++++++++++++++++++++++++++
+ selftest/knownfail.d/memcache | 1 +
+ 2 files changed, 40 insertions(+)
+ create mode 100644 selftest/knownfail.d/memcache
+
+diff --git a/lib/util/tests/test_memcache.c b/lib/util/tests/test_memcache.c
+index 8ea5e5b042e..8a3997817c1 100644
+--- a/lib/util/tests/test_memcache.c
++++ b/lib/util/tests/test_memcache.c
+@@ -98,6 +98,44 @@ static void torture_memcache_add_lookup_delete(void **state)
+ path2 = memcache_lookup_talloc(cache, GETWD_CACHE, key2);
+ assert_null(path2);
+
++ TALLOC_FREE(path1);
++ TALLOC_FREE(path2);
++ TALLOC_FREE(cache);
++}
++
++static void torture_memcache_add_oversize(void **state)
++{
++ TALLOC_CTX *mem_ctx = *state;
++ struct memcache *cache = NULL;
++ DATA_BLOB key1, key2;
++ char *path1 = NULL, *path2 = NULL;
++
++ cache = memcache_init(mem_ctx, 10);
++ assert_non_null(cache);
++
++ key1 = data_blob_const("key1", 4);
++ path1 = talloc_strdup(mem_ctx, "/tmp/one");
++ assert_non_null(path1);
++
++ key2 = data_blob_const("key2", 4);
++ path2 = talloc_strdup(mem_ctx, "/tmp/two");
++ assert_non_null(path1);
++
++ memcache_add_talloc(cache, GETWD_CACHE, key1, &path1);
++ assert_null(path1);
++
++ memcache_add_talloc(cache, GETWD_CACHE, key2, &path2);
++ assert_null(path2);
++
++ path1 = memcache_lookup_talloc(cache, GETWD_CACHE, key1);
++ assert_null(path1);
++
++ path2 = memcache_lookup_talloc(cache, GETWD_CACHE, key2);
++ assert_non_null(path2);
++ assert_string_equal(path2, "/tmp/two");
++
++ TALLOC_FREE(path1);
++ TALLOC_FREE(path2);
+ TALLOC_FREE(cache);
+ }
+
+@@ -107,6 +145,7 @@ int main(int argc, char *argv[])
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(torture_memcache_init),
+ cmocka_unit_test(torture_memcache_add_lookup_delete),
++ cmocka_unit_test(torture_memcache_add_oversize),
+ };
+
+ if (argc == 2) {
+diff --git a/selftest/knownfail.d/memcache b/selftest/knownfail.d/memcache
+new file mode 100644
+index 00000000000..0a74ace3003
+--- /dev/null
++++ b/selftest/knownfail.d/memcache
+@@ -0,0 +1 @@
++^samba.unittests.memcache.torture_memcache_add_oversize
+--
+2.29.2
+
+
+From 53c7f00510556aea15b640254934e514c1d88c25 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 2 Feb 2021 18:10:38 +0100
+Subject: [PATCH 45/45] lib:util: Avoid free'ing our own pointer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+
+Autobuild-User(master): Ralph Böhme <slow@samba.org>
+Autobuild-Date(master): Wed Feb 3 10:57:01 UTC 2021 on sn-devel-184
+
+(cherry picked from commit 0bdbe50fac680be3fe21043246b8c75005611351)
+---
+ lib/util/memcache.c | 19 +++++++++++++++----
+ selftest/knownfail.d/memcache | 1 -
+ 2 files changed, 15 insertions(+), 5 deletions(-)
+ delete mode 100644 selftest/knownfail.d/memcache
+
+diff --git a/lib/util/memcache.c b/lib/util/memcache.c
+index 1e616bd0e9a..7b0b27eaddb 100644
+--- a/lib/util/memcache.c
++++ b/lib/util/memcache.c
+@@ -223,14 +223,25 @@ static void memcache_delete_element(struct memcache *cache,
+ TALLOC_FREE(e);
+ }
+
+-static void memcache_trim(struct memcache *cache)
++static void memcache_trim(struct memcache *cache, struct memcache_element *e)
+ {
++ struct memcache_element *tail = NULL;
++
+ if (cache->max_size == 0) {
+ return;
+ }
+
+- while ((cache->size > cache->max_size) && DLIST_TAIL(cache->mru)) {
+- memcache_delete_element(cache, DLIST_TAIL(cache->mru));
++ for (tail = DLIST_TAIL(cache->mru);
++ (cache->size > cache->max_size) && (tail != NULL);
++ tail = DLIST_TAIL(cache->mru))
++ {
++ if (tail == e) {
++ tail = DLIST_PREV(tail);
++ if (tail == NULL) {
++ break;
++ }
++ }
++ memcache_delete_element(cache, tail);
+ }
+ }
+
+@@ -351,7 +362,7 @@ void memcache_add(struct memcache *cache, enum memcache_number n,
+ memcpy(&mtv, cache_value.data, sizeof(mtv));
+ cache->size += mtv.len;
+ }
+- memcache_trim(cache);
++ memcache_trim(cache, e);
+ }
+
+ void memcache_add_talloc(struct memcache *cache, enum memcache_number n,
+diff --git a/selftest/knownfail.d/memcache b/selftest/knownfail.d/memcache
+deleted file mode 100644
+index 0a74ace3003..00000000000
+--- a/selftest/knownfail.d/memcache
++++ /dev/null
+@@ -1 +0,0 @@
+-^samba.unittests.memcache.torture_memcache_add_oversize
+--
+2.29.2
diff --git a/SPECS/samba.spec b/SPECS/samba.spec
index 1def443..ef3458a 100644
--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@@ -6,7 +6,7 @@
# ctdb is enabled by default, you can disable it with: --without clustering
%bcond_without clustering
-%define main_release 9
+%define main_release 13
%define samba_version 4.10.16
%define talloc_version 2.1.16
@@ -3299,6 +3299,15 @@ rm -rf %{buildroot}
%endif # with_clustering_support
%changelog
+* Wed Feb 03 2021 Andreas Schneider <asn@redhat.com> - 4.10.17-13
+- related: #1876839 - Fix double crash when requesting share mode lock
+
+* Wed Jan 20 2021 Andreas Schneider <asn@redhat.com> - 4.10.17-11
+- resolves: #1876839 - Fix double crash when requesting share mode lock
+
+* Tue Dec 22 2020 Andreas Schneider <asn@redhat.com> - 4.10.17-10
+- resolves: #1868327 - Fix winbind in trust scenaries with connection issues
+
* Fri Nov 06 2020 Andreas Schneider <asn@redhat.com> - 4.10.17-9
- related: #1853272 - Add back missing patch hunks