src/contrib/zooinspector/README.jtoaster | 29 29 + 0 - 0 !
src/contrib/zooinspector/src/java/com/nitido/utils/toaster/Toaster.java | 525 525 + 0 - 0 !
2 files changed, 554 insertions(+)

---

build.xml | 23 3 + 20 - 0 !
src/contrib/build-contrib.xml | 2 1 + 1 - 0 !
src/contrib/zooinspector/build.xml | 5 2 + 3 - 0 !
3 files changed, 6 insertions(+), 24 deletions(-)

 patches to upstream build system to enable the relevant bits of the
 test suite for execution during build.

bin/zkServer.sh | 11 1 + 10 - 0 !
1 file changed, 1 insertion(+), 10 deletions(-)

 disable detection of cygwin under debian installs
 as this is not compatible with the way the environment is 
 managed through alternatives.
 .
 TODO - review alongside use of alternatives for managing 
 configuration.

src/c/src/zookeeper.c | 2 1 + 1 - 0 !
src/c/tests/TestClient.cc | 28 27 + 1 - 0 !
2 files changed, 28 insertions(+), 2 deletions(-)

 slow add_auth calls with multi-threaded client

src/contrib/zktreeutil/src/ZkAdaptor.cc | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 fix a build failure with gcc 4.7

build.xml | 15 0 + 15 - 0 !
1 file changed, 15 deletions(-)

 remove the built-at, built-by and built-on entries in the manifest of the jar files to improve the build reproducibility

build.xml | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 remove the timestamp and set the locale when generating the javadoc to make it reproducible

src/c/configure.ac | 2 1 + 1 - 0 !
src/recipes/lock/src/c/configure.ac | 2 1 + 1 - 0 !
src/recipes/queue/src/c/configure.ac | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

---

src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java | 4 4 + 0 - 0 !
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java | 2 2 + 0 - 0 !
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java | 3 3 + 0 - 0 !
3 files changed, 9 insertions(+)

---

src/java/main/org/apache/yetus/audience/InterfaceAudience.java | 74 74 + 0 - 0 !
src/java/main/org/apache/yetus/audience/InterfaceStability.java | 65 65 + 0 - 0 !
2 files changed, 139 insertions(+)

 adds the yetus annotations (https://yetus.apache.org)

build.xml | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 disables the optional netty based connection factory until it's updated to work with netty 4+

src/c/src/zookeeper.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 address ftbfs with gcc-8 due to format-overflow

build.xml | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 15 javadoc doclet

The missing doclet class causes a javadoc error thus no javadoc will be built
at all.

src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java | 33 30 + 3 - 0 !
src/java/test/org/apache/zookeeper/server/FinalRequestProcessorTest.java | 230 230 + 0 - 0 !
2 files changed, 260 insertions(+), 3 deletions(-)

 prevent acl disclosure when unauthorized (cve-2019-0201)

src/c/src/cli.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 address ftbfs with gcc 9
Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925869

build.xml | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 fixes the compatibility with openjdk 17

src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java | 44 32 + 12 - 0 !
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java | 12 6 + 6 - 0 !
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java | 73 69 + 4 - 0 !
3 files changed, 107 insertions(+), 22 deletions(-)

 [patch] zookeeper-4753: zookeeper-server: improvement: explicit
  handling of DIGEST-MD5 vs GSSAPI in quorum auth

Before this, the SASL-based quorum authorizer did not explicitly
distinguish between the DIGEST-MD5 and GSSAPI mechanisms: it was
simply relying on NameCallback and PasswordCallback for authentication
with the former and examining Kerberos principals in AuthorizeCallback
for the latter.

It turns out that some SASL/DIGEST-MD5 configurations cause
authentication and authorization IDs not to match the expected format,
and the DIGEST-MD5-based portions of the quorum test suite to fail
with obscure errors.  (They can be traced to failures to join the
quorum, but only by looking into detailed logs.)

This patch uses the login module name to determine whether DIGEST-MD5
or GSSAPI is used, and relaxes the authentication ID check for the
former.  As a cleanup, it keeps the password-based credential map
empty when Kerberos principals are expected.  It finally adapts a
test, and adds a new one, ensuring weirdly-shaped credentials only
cause authentication failures in the GSSAPI case.