+Author: Steinar H. Gunderson <sgunderson@bigfoot.com>
+Date: Wed Sep 13 22:23:23 CEST 2006
+
+ Fix -n option to mountd
+
+ The getopt_long() option string in mountd was having a spurious
+ colon after the 'n', leading to the short form of --no-tcp not
+ being usable (expecting a parameter, contrary to the long form
+ and the documentation). Fix.
+
+Author: Steinar H. Gunderson <sgunderson@bigfoot.com>
+Date: Wed Sep 13 22:19:39 CEST 2006
+
+ Document sensitive gids
+
+ The exports(8) man page already mentions that some non-root users,
+ such as bin, might be just as sensitive as root, and that root_squash
+ thus might not be as effective as one could hope for. Update the
+ documentation to also mention that this could be the case for non-root
+ groups, such as staff.
+
+Author: NeilBrown <neilb@cse.unsw.edu.au>
+Date: Mon Aug 7 16:35:03 AEST 2006
+
+ Set version to 1.0.10
+ Note: 1.0.10 should be used in preference to
+ 1.0.9 especially with kernels 2.6.18 and later
+ otherwise 'rpc.nfsd N' won't work to change the
+ number of threads after nfsd has been started.
+
+Author: NeilBrown <neilb@cse.unsw.edu.au>
+Date: Mon Aug 7 16:35:03 AEST 2006
+
+ support/nfs/nfssvc.c: if any ports are already open,
+ don't try to open any more.
+ This means that once nfsd is running
+ rpc.nfsd X
+ will just change the number of threads, not the
+ ports in use.
+
+Author: NeilBrown <neilb@cse.unsw.edu.au>
+Date: Mon Aug 7 14:01:35 AEST 2006
+
+ Remove warning if neither 'sync' or 'async' present.
+ Add warning of neither 'subtree_check' or 'no_subtree_check' present.
+
+commit 7194d7d6320736c14f40d31c3738d40f3119ead5
+Author: Kevin Coffman <kwc@citi.umich.edu>
+Date: Sat Jul 8 10:01:40 2006 +1000
+
+ Use uid/gid of -1 to indicate the export's anonuid/anongid should be used
+
+ Kernel routine nfsd_setuser() in fs/nfsd/auth.c checks for the
+ value -1 and defaults the credential's fsuid/fsgid to the
+ correct anonuid/anongid values for the given export. We should
+ be passing this value (-1) down when a name mapping cannot be found.
+ Thanks to J. Bruce Fields <bfields@fieldses.org> for the reference.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+ Acked-by: J. Bruce Fields <bfields@fieldses.org>
+
+commit b0604c623f7a98c6061dff19988722d3ae848bd7
+Author: Kevin Coffman <kwc@citi.umich.edu>
+Date: Sat Jul 8 09:58:03 2006 +1000
+
+ Change svcgssd_LDFLAGS to match gssd_LDFLAGS
+
+commit 99414bd3eecf93f23c378d3bb3d45bc98f364abc
+Author: Neil Brown <neilb@suse.de>
+Date: Sat Jul 8 09:41:58 2006 +1000
+
+ Disable building/installing mount.nfs by default.
+
+ mount.nfs does not yet support 'user' option and some others.
+ To make it support this we need to make it setuid-root, and
+ some security isses need to be resolved before that can be done
+ safely.
+
+commit b0c3cbfee702c019dab0a22557bbf38e24dfcee1
+Author: Steve Dickson <steved@redhat.com>
+Date: Sat Jul 8 09:35:02 2006 +1000
+
+ Call nfssvc_versbits before nfssvc_setfds
+
+ nfssvc_versbits() has to be called before nfssvc_setfds()
+ for the version processing to work correctly
+
+commit 26fff911b21943f20e3937ae3f2d29a1572d2309
+Author: Neil Brown <neilb@suse.de>
+Date: Thu Jul 6 13:05:11 2006 +1000
+
+ Only use -rpath for Kerberos libs when actually needed.
+
+ Avoid usage of -rpath is generally safer, and is required by Debian policy.
+
+commit 28a7603b719f8d35bf22fd3018b610b489fec78f
+Author: Neil Brown <neilb@suse.de>
+Date: Thu Jul 6 12:28:33 2006 +1000
+
+ Use 65534 instead of -2 in svcgssd_proc.c
+
+ as this is more consistant across achitectures.
+
+commit 904de920ea4da3ad5604c417f0d784fcda83ed2a
+Author: Shankar Anand <shanand@novell.com>
+Date: Tue Jul 4 08:50:56 2006 -0600
+
+ This patch adds code to nfsstat to read /proc/net/rpc/nfsd for nfsv4 server statistics and print them.
+
+ Submitted by: Shankar Anand <shanand@novell.com>
+
+commit 2179c112b9a386ca3d51d0e19390ddfadd745030
+Author: Steinar H. Gunderson <sesse@debian.org>
+Date: Wed Jul 5 15:55:45 2006 +1000
+
+ Fix typos in various man pages.
+
+commit 3419e37500dfd19cb2c246260dbd2bc0ee4704d4
+Author: Steinar H. Gunderson <sesse@debian.org>
+Date: Wed Jul 5 15:51:30 2006 +1000
+
+ Use 65534 for anon uid/gid rather than -2
+
+ This is more consistant across platforms.
+
+commit 65735eef8a9441901245f6047edafc50f2d97c97
+Author: Greg Banks <gnb@chook.melbourne.sgi.com>
+Date: Wed Jul 5 13:37:21 2006 +1000
+
+ Update rpcdebug to know about new 2.6 debug flags. Added
+ a manpage and installed rpcdebug (in sbindir).
+
+commit 23b3a9d0284d78cb6bf96b8cd44e9a4662ff60ae
+Author: Greg Banks <gnb@chook.melbourne.sgi.com>
+Date: Wed Jul 5 12:22:45 2006 +1000
+
+ Ignore new generated files.
+
+commit 89053f3f440b629911cb994a293d5be73bb79bf9
+Author: Greg Banks <gnb@chook.melbourne.sgi.com>
+Date: Wed Jul 5 12:20:20 2006 +1000
+
+ Add rquota.h to BUILT_SOURCES so rquotad builds on the first try.
+
+commit 66f9d8251c92124e46a209c47e5c0f7d3a0c4e6e
+Author: Neil Brown <neilb@suse.de>
+Date: Wed Jul 5 11:06:09 2006 +1000
+
+ Generate rquota_xdr.c and rquota.h from rquota.x
+
+ rquota_svc.c is still by-hand as it contains alot of extras.
+ These should really be moved to rquota_server.c
+
+commit 9f5b40b7a68fe0a2648565ecbd4b08bf60287130
+Author: Neil Brown <neilb@suse.de>
+Date: Wed Jul 5 10:41:03 2006 +1000
+
+ Remove some files that old, unused, unneeded.
+
+ deleted: support/export/keys.c
+ deleted: support/include/rpcdispatch.h
+ deleted: support/include/rpcsec.h
+ deleted: support/include/version.h
+ deleted: support/include/ypupdate.h
+ deleted: support/nfs/clients.c
+ deleted: support/nfs/keytab.c
+ deleted: support/nfs/ypupdate_xdr.c
+ deleted: support/rpc/include/Makefile.am
+ deleted: tools/rpcdebug/neat_idea.c
+ deleted: utils/mountd/mount_xdr.c
+ deleted: utils/rquotad/pathnames.h
+
+commit fbb1602bbd34cbe89dd55ca6eaaa19432237db1d
+Author: Neil Brown <neilb@suse.de>
+Date: Wed Jul 5 10:30:51 2006 +1000
+
+ Avoid error creating an existing symlink
+
+ Just remove the link first.
+
+commit 0bc710a5a2b695039613a917e009dba3552ab1cc
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:33:54 2006 -0400
+
+ Don't depend on Kerberos headers when checking librpcsecgss in configure
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Older versions of MIT Kerberos are missing an OID definition, causing
+ the configure checks for librpcsecgss to fail. We shouldn't be depending
+ on their libraries during the configure.
+
+commit 5bfa10c94c44f082dc211a5fb431e2202ea9bb35
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Tue Jul 4 18:33:56 2006 +1000
+
+ Eliminate warnings from code generated by rpcgen
+
+ - unused variable 'buf'
+ - emit a declaration for `buf' on demand.
+ - unused variable 'i'
+ - declare i immediately before use
+ - unused value from IXDR_PUT_
+ - cast to (void)
+ - type-punned pointer reference
+ - cast to (void*) first :-(
+
+commit acae444246635ec2ca8990d53e685c9062d73091
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:34:43 2006 -0400
+
+ Handle mapping failure from get_ids.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Temporary patch to do default mapping if we get an error while trying to
+ map a gss principal to the appropriate uid/gid. This currently returns
+ hardcoded values. This may be correct, or we may need to try and figure
+ out the correct values to match the anonuid/anongid for the export.
+
+commit 1f1b05a65ef3dc6597c7bc1e2a38f38ae95bf230
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:34:38 2006 -0400
+
+ Properly report errors in readline() function
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Change message priorities for errors and debug messages.
+
+commit ee664fd246d77010af13fb557407c612752a5ea8
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:34:33 2006 -0400
+
+ Change default buffer size increment for readline()
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ The readline routine expects much smaller messages than we are passing.
+ Change the default initial allocation and increment value from 128
+ to 2048. This saves many calls to realloc().
+
+commit 3da69ce5c4fac5677e91aa20e60750ab8de2ab97
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:34:27 2006 -0400
+
+ Clean up the printerr() logging function.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Update the printerr() function to:
+
+ 1) Determine whether we'll print the message before going to all the
+ work of formatting it.
+ 2) Don't just toss away messages that are too long for the buffer.
+ Print what we can and give an indication of the truncation with
+ "..." at the end.
+ 3) Use a single buffer rather than two.
+ 4) Messages either go to syslog (with level ERR) or stderr. Don't
+ send some messages to syslog level DEBUG.
+
+commit 0b2a5b574c7ffd99aa3226d36e1d261826405625
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:34:21 2006 -0400
+
+ Use setfsuid() rather than seteuid() while creating contexts
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ As suggested by Olaf Kirch <okir@suse.de>, use setfsuid() rather than
+ seteuid() when creating a gss context. This prevents users from using
+ credentials that do not belong to them, while also preventing them from
+ doing things like killing, renicing, or changing the priority of the
+ gssd process while it is processing the context creation.
+
+commit 0f899e6d862994ffb437ae73e087c4a21ab59723
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:34:16 2006 -0400
+
+ Limit acquire_cred call to to Kerberos only
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Specify that the acquire_cred call should only be concerned with returning
+ Kerberos credentials since this is Kerberos-only functionality.
+
+commit 3829bb90e764cd72c0009cb32a8b39d0fab89d81
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:34:10 2006 -0400
+
+ Check that the gssapi library is usable early on.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Do a call to determine mechanisms supported by the gssapi library early.
+ This allows us to discover early in case the gssapi library is somehow
+ misconfigured. We can bail out early and give a meaningful message
+ rather than getting errors on each attempt at a context negotiation.
+
+commit 119c3e9aafe84c0f7c2846c46ad5e6f5eeece0da
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:34:05 2006 -0400
+
+ Fix problems with 64-bit big-endian machines
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Correct the definition of mech_used in the gss context to use gss_OID_desc.
+ This fixes problems on 64-bit machines when referencing the OID.
+
+ Also updates write_buffer function to use u_int rather than size_t when
+ doing calculations.
+
+commit c3f05548d7b3d586e7eebbdde9339617e88530f3
+Author: kwc@citi.umich.edu <kwc@citi.umich.edu>
+Date: Mon Jul 3 18:33:59 2006 -0400
+
+ Define CFLAGS for gss_clnt_send_err compile
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Add CFLAGS to make sure we find and use the correct gssapi.h when
+ building gss_clnt_send_err
+
+commit 4e9ed06f8f8a0cd9f34a6830c0ff14344a528042
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Mon Jul 3 15:59:54 2006 +1000
+
+ Use socklen_t some more to avoid warnings.
+
+commit 6c40236820fda8960af891f41aa9d53f8bbe50a2
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Mon Jul 3 15:39:41 2006 +1000
+
+ Fix warning about pointer signedness differing.
+
+commit 3bf702b1a914b3867117b74d519c55fa68f4dc28
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Mon Jul 3 15:17:34 2006 +1000
+
+ Include the right header to get xmalloc() declaration.
+
+commit 940c7c304d4a43c00c27529cdddc7c87db6eef87
+Merge: b90d201... a503848...
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Mon Jul 3 14:21:48 2006 +1000
+
+ Merge branch 'master' of git://linux-nfs.org/nfs-utils
+
+commit b90d201551aaa712c011c3d5de900fad714a26a6
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Tue Jun 27 21:30:18 2006 +1000
+
+ Comment out unused variable.
+
+commit 33beb42d3d2cd13a82ddbbdc4275d2a048030ae3
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Tue Jun 27 21:22:59 2006 +1000
+
+ Comment out the decades-old SCCS id strings from the original Sun
+ distribution. They cause compile warnings, there is no longer any
+ reason to try to build them into the binaries, and gcc seems to be
+ eliding some of them anyway.
+
+commit 3172063ead6b99611d049a59938808a6358f48a4
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Tue Jun 27 20:55:07 2006 +1000
+
+ Detect if glibc provides socklen_t and use that instead
+ of int in those cases which generate compile warnings,
+ e.g. the last argument of recvfrom().
+
+commit a09eeb36c2c45151b9bb89f5015da0c584799716
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Tue Jun 27 20:28:02 2006 +1000
+
+ Replace the deprecated sigblock() with more modern
+ signal functions to avoid compile warnings.
+
+commit 93608a52655abf5ac23404c4b5cc05fe575a9c04
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Thu Jun 22 18:01:10 2006 +1000
+
+ Fix a number of the easier compile warnings: unused variables,
+ unused labels, constness, signedness.
+
+commit a07343ee0da4f0974a23b673ae1b0d482c7426a1
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Thu Jun 22 17:31:24 2006 +1000
+
+ Detect presence of nfs4_set_debug() in libnfsidmap and
+ don't bother calling it if it's missing.
+
+commit dcfcb677b39443b6392db3234fd50498bc158507
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Thu Jun 22 17:19:17 2006 +1000
+
+ Remove useless m4 quoting around args to PKG_CHECK_MODULES().
+
+commit 24d303ffae686192bda0a5996e8590219dcc82e7
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Thu Jun 22 17:16:19 2006 +1000
+
+ Do m4 quoting of AC_MSG_ERROR() and AC_MSG_WARN() as
+ the autoconf people intended. This avoids errors in
+ autoconf on SLES10.
+
+commit 66a699d953727d3a992cc09ed5304b83d661a737
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Thu Jun 22 16:51:44 2006 +1000
+
+ Add a .gitignore file to suppress the files generated
+ during autogen, configure and build.
+commit 49b164d978ee6266df7ba0bd335cb34337e7c381
+Author: Steve Dickson <SteveD@redhat.com>
+Date: Mon Jul 3 09:52:00 2006 +1000
+
+ Allow rpc.nfsd to suppress tcp or udp, and listen on a specific address.
+
+ -T - will suppressing listening for TCP connection.
+ -U - will suppress UDP
+ -H host - will only listen on that local address
+ -p port - will listen on that port.
+
+ This requires kernel patches which will hopefully be in 2.6.19 and possibly some
+ earlier test and vendor kernels.
+
+commit fde2ae7794047a698feeaf17963d690a1e660a80
+Author: Steve Dickson <SteveD@redhat.com>
+Date: Mon Jun 26 15:23:19 2006 +1000
+
+ Add support for suppressing different NFS versions.
+
+ e.g. -N 2
+ means that NFSv2 won't be supported, just v3 and v4 (if the kernel
+ supports them).
+
+commit 0523fd513c6baa8dbf45d1a7afea2044262aeb3d
+Author: Neil Brown <neilb@suse.de>
+Date: Fri Jun 23 17:10:56 2006 +1000
+
+ Further coverity related cleanups.
+
+ Greg Banks suggested some variations, particularly improved
+ use of xmalloc/xstrdup functions. Thanks.
+
+commit 2e075a16da4963f54cd556403ca9e15a68de27fd
+Author: Neil Brown <neilb@suse.de>
+Date: Fri Jun 23 14:38:33 2006 +1000
+
+ Fix various issues discovered by Coverity
+
+ Thanks to Michael Halcrow for finding them.
+
+commit ff42180930a444cea7f19e55e2cd2bfe6d3f108b
+Author: Neil Brown <neilb@suse.de>
+Date: Fri Jun 23 14:06:00 2006 +1000
+
+ Fix comment parsing (again)
+
+ Bruce Fields noticed that I broke comment parsing...
+
+ as xskip() is always called before xgettok(), that is the
+ best place to put xskipcomment and still maintain proper
+ semantics of xskip and xgettok.
+
+commit bec968578d97eabc63ae4a12bdeb2b33f40baec4
+Author: Amit Gud <agud@redhat.com>
+Date: Thu Jun 22 12:51:04 2006 -0400
+
+ Change mount configure option to --enable-mount
+
+ Change the configure option from --with-mount to --enable-mount.
+
+ Signed-off-by: Amit Gud <agud@redhat.com>
+ Signed-off-by: Steve Dickson <steved@redhat.com>
+
+commit ceeffc1f76485b4084b2c61f4ff3c40e4f51c3b8
+Author: Amit Gud <gud@eth.net>
+Date: Thu Jun 22 12:49:24 2006 -0400
+
+ Merge nfsmount.x and mount.x into mount.x
+
+
+ Merge utils/mount/nfsmount.x and support/export/mount.x into support/export/mount.x.
+
+ Signed-off-by: Amit Gud <agud@redhat.com>
+ Signed-off-by: Steve Dickson <steved@redhat.com>
+
+commit c2db41e8abb6ddc9d03a0c91c6db043fa0f85a8f
+Author: Neil Brown <neilb@suse.de>
+Date: Fri Jun 23 13:37:08 2006 +1000
+
+ Try to make sure that clientid used for NFSv4 is reliable.
+
+ We need to give an IP address to identify this client to the
+ server.
+ The current code does a gethostbyname of the hostname. One
+ some systems this returns 127.0.0.1 or similar, which is not useful.
+
+ Instead, use getsockname of the sock used to connect to the server
+ to confirm that the server is working. This gives the address on the
+ interface that was chosen to talk to that server, which is the
+ best address we can find (if there is a NAT in the way, it might
+ still not work, but in that case there is nothing we can do).
+
+commit 11d34d11153df198103a57291937ea9ff8b7356e
+Author: Greg Banks <gnb@melbourne.sgi.com>
+Date: Wed Jun 14 22:48:10 2006 +1000
+
+ multiple threads for mountd
+
+
+ How about the attached patch against nfs-utils tot? It
+ adds a -t option to set the number of forked workers.
+ Default is 1 thread, i.e. the old behaviour.
+
+ I've verified that showmount -e, the Ogata mount client,
+ and a real mount from Linux and IRIX boxes work with and
+ without the new option.
+
+ I've verified that you can manually kill any of the workers
+ without the portmap registration going away, that killing
+ all the workers causes the manager process to wake up and
+ unregister, and killing the manager process causes the
+ workers to be killed and portmap unregistered.
+
+ I've verified that all the workers have file descriptors
+ for the udp socket and the tcp rendezvous socket, that
+ connections are balanced across all the workers if service
+ times are sufficiently long, and that performance is
+ improved by that parallelism, at least for small numbers
+ of threads. For example, with 60 parallel MOUNT calls
+ and a testing patch to make DNS lookups take 100 milliseconds
+ time to perform all mounts (averaged over 5 runs) is:
+
+ num elapsed
+ threads time (sec)
+ ------ ----------
+ 1 13.125
+ 2 6.859
+ 3 4.836
+ 4 3.841
+ 5 3.303
+ 6 3.100
+ 7 3.078
+ 8 3.018
+
+ Greg.
+ --
+ Greg Banks, R&D Software Engineer, SGI Australian Software Group.
+ I don't speak for SGI.
+
+commit db96d056578338dd1bb0371dc84638973c187ec6
+Author: Neil Brown <neilb@suse.de>
+Date: Fri Jun 16 13:16:09 2006 +1000
+
+ Remove some temporary files that shouldn't be in 'git'.
+
+ deleted: compile
+ deleted: config.guess
+ deleted: config.sub
+ deleted: depcomp
+ deleted: install-sh
+ deleted: ltmain.sh
+ deleted: missing
+
+commit 82b53188aaffad0e237461f8f1274794166feb3a
+Author: Neil Brown <neilb@suse.de>
+Date: Fri Jun 16 13:09:26 2006 +1000
+
+ Add support to auto-generate nfsmount* files for new nfs.mount program
+
+commit 4e2bae795e5eaf9922f0b966ab5df64994c836a2
+Author: Amit Gud <agud@redhat.com>
+Date: Mon Jun 12 19:08:27 2006 -0400
+
+ Move NFS mount code from util-linux to nfs-utils - part 2
+
+ Adds the support functions needed for mount and umount. This
+ functionality will someday be available in the form of shared mount
+ library.
+
+ Signed-off-by: Amit Gud <agud@redhat.com>
+ Signed-off-by: Steve Dickson <steved@redhat.com>
+
+commit a0520fa1a41bd33815b331b660b4545f2723495c
+Author: Amit Gud <agud@redhat.com>
+Date: Mon Jun 12 19:06:36 2006 -0400
+
+ Move NFS mount code from util-linux to nfs-utils - part 1
+
+ Adds the mount directory and the code to mount and umount the NFS file system.
+
+ Signed-off-by: Amit Gud <agud@redhat.com>
+ Signed-off-by: Steve Dickson <steved@redhat.com>
+
+2006-06-05 NeilBrown <neilb@suse.de>
+ - Remove debian/ at request of Debian maintainer "Steinar H. Gunderson" <sesse@debian.org>
+ - fix_exportfs_with_multiple_matches.diff: Fixes a problem with exportfs -o
+ and multiple entries of the same type for the same patch that matches
+ a given client. The entire rationale and problem description can be found
+ at http://bugs.debian.org/245449 (fumihiko kakuma <kakmy@mvh.biglobe.ne.jp>)
+ - escape hashes in exports
+ Makes sure any # signs in the printed-out exports file are
+ escaped (as with quotes, spaces, etc.), so they won't be treated
+ as a comment when they're read back in again.
+ "Steinar H. Gunderson" <sesse@debian.org>
+ - Only treat '#' as starting a comment when at the start of a
+ token, otherwise '#' in filenames cannot be read.
+ NeilBrown
+ - document sync option:
+ Document the 'sync' option in the exports(5) man page -- ATM
+ only the 'async' option is documented, which is not very
+ symmetric. :-) "Steinar H. Gunderson" <sesse@debian.org>
+ - mountd state directory:
+ Let the user select (via a new parameter) the path to the NFS
+ state directory for mountd, to match the statd functionality.
+ "Steinar H. Gunderson" <sesse@debian.org>
+ - fix nhfsrun signal:
+ nhfsrun is supposed to be able to be signalled with SIGUSR1, but
+ the signal trapped is number 30, which is something else
+ entirely (SIGPWR). This patch simply changes it to say "USR1",
+ which gets it right no matter what the value is.
+ "Steinar H. Gunderson" <sesse@debian.org>
+ - Minor man page tidy up
+
+2006-04-12 NeilBrown <neilb@suse.de>
+ Remove **/Makefile.in, aclocal.m4, configure, and
+ support/include/config.h.in from source control
+ These are auto autogenerated by
+ aclocal -I aclocal ; autoheader ; automake ; autoconf
+
+2006-04-12 NeilBrown <neilb@suse.de>
+ utils/statd/rmtcall.c: use HAVE_IFADDRS_H to control compilation
+ of code using ifaddrs.h
+ configure.in: test for present of ifaddrs.h
+
+ Old glibc's don't have ifaddrs.h
+
+2006-06-12 Amit Gud <agud@redhat.com>
+ Added the mount functionality from util-linux.
+ Added --without-mount configure option.
+
+2006-04-12 NeilBrown <neilb@suse.de>
+ Set version to 1.0.8,
+ aclocal -I aclocal ; autoheader ; automake ; autoconf
+
+2006-04-10 NeilBrown <neilb@suse.de>
+ Various paranoia checks:
+ gssd_proc.c: pass max_field sizes to sscanf to avoid buffer
+ overflow
+ svcgssd_proc.c: range_check name.length, to ensure name.length+1
+ doesn't wrap
+ idmapd.c(nfsdcb): make sure at least one byte is read before
+ zeroing the last byte that was read, otherwise memory corruption
+ is possible.
+
+ Found by SuSE security audit.
+
+2006-04-10 "Kevin Coffman" <kwc@citi.umich.edu>
+ Check for sufficient version of librpcsecgss and libgssapi
+ in configure.in
+
+2006-04-10 "Kevin Coffman" <kwc@citi.umich.edu>
+ Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and
+ HAVE_TCP_WRAPPERS as appropriate.
+
+2006-04-10 NeilBrown <neilb@suse.de>
+ Add checking for innetgr back to configure.in
+
+2006-04-10 kwc@citi.umich.edu
+ Update calls to gss_export_lucid_sec_context()
+
+ Change the calls to gss_export_lucid_sec_context() to match the corrected
+ interface definition in libgssapi-0.9.
+
+2006-04-10 kwc@citi.umich.edu
+ Plug memory leaks in svcgssd
+
+ Various memory leaks in the svcgssd context processing are eliminated.
+
+2006-04-10 kwc@citi.umich.edu
+ Fix memory leak of the AUTH structure on context negotiations
+
+ Free AUTH structure after completing context negotiation and sending
+ context information to the kernel.
+
+2006-04-10 kwc@citi.umich.edu
+ Fix support/include/config.h.in such as would be done be running autoheader.
+
+2006-03-28 NeilBrown <neilb@suse.de>
+ 1.0.8-pre3, aclocal/autoconf/automake
+
+2006-03-28 kwc@citi.umich.edu
+ Use PKGCONFIG to locate gssapi and rpcsecgss header files
+
+ Instead of having separate copies of the gssapi and rpcsecgss
+ header files, or depending on the Kerberos gssapi header,
+ locate the headers now installed with the libgssapi and librpcsecgss
+ libraries.
+
+ Remove local copies of the gssapi and rpcsecgss header files.
+
+ This depends on the configure_use_autotools patch.
+
+2006-03-28 kwc@citi.umich.edu
+ Add debugging to better detect negotiation of enctype not supported by kernel
+
+ Print debugging message indicating the type of encryption keys being sent
+ down to the kernel. This should make it easier to detect cases where
+ unsupported encryption types are being negotiated.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+
+ Don't close and reopen all pipes on every DNOTIFY signal.
+
+ From: Vince Busam <vbusam@google.com>
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Don't unnecessarily close and re-open all pipes after every DNOTIFY
+ signal. These unnecessary closes were triggering a kernel Oops.
+ Original patch modified to correct segfault when unmounting last
+ NFSv4 mount.
+
+2006-03-28 kwc@citi.umich.edu
+ Add option to specify directory to search for credentials cache files
+
+
+ From: Vince Busam <vbusam@google.com>
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Add command line option to specify which directory should be searched
+ to find credentials caches.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+ Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5
+
+ We need to get access to the internal krb5 context pointer for
+ older (pre-1.4) versions of MIT Kerberos. We get a pointer to
+ the gss glue's context. Get the right pointer before accessing
+ the context information.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+
+ Remove unused groups variable from get_ids() which was causing a compiler warning.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+ Update krb5 code to use glue routine lucid context functions
+
+
+
+ The gssd code should not know about the glue layer's context structure.
+ A previous patch added gss_export_lucid_sec_context() and
+ gss_free_lucid_sec_context() functions to the gssapi glue layer.
+ Use these functions rather than calling directly to the Kerberos
+ gssapi code (which requires the Kerberos context handle rather
+ than the glue's context handle).
+
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+
+ Separate out context handling code for MIT Kerberos and SPKM3
+ into their own file.
+ (Really this time)
+
+2006-03-28 Kevin Coffman <kwc@citi.umich.edu>
+ User-selectable idmapping cache lifetime
+
+ Read and process new configuration option, Cache-Expiration, and use
+ the value to determine how long idmapping entries are cached.
+ (Really this time)
+
+2006-03-27 NeilBrown <neilb@suse.de>
+ 1.0.8-rc3
+
+2006-03-27 kwc@citi.umich.edu
+ Add debugging to better detect negotiation of enctype not supported by kernel
+
+ Print debugging message indicating the type of encryption keys being sent
+ down to the kernel. This should make it easier to detect cases where
+ unsupported encryption types are being negotiated.
+
+2006-03-27
+ Don't close and reopen all pipes on every DNOTIFY signal.
+
+ Don't unnecessarily close and re-open all pipes after every DNOTIFY
+ signal. These unnecessary closes were triggering a kernel Oops.
+ Original patch modified to correct segfault when unmounting last
+ NFSv4 mount.
+
+2006-03-27
+ Add option to specify directory to search for credentials cache files
+
+ Add command line option to specify which directory should be searched
+ to find credentials caches.
+
+2006-03-27 kwc@citi.umich.edu
+ Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5
+
+ We need to get access to the internal krb5 context pointer for
+ older (pre-1.4) versions of MIT Kerberos. We get a pointer to
+ the gss glue's context. Get the right pointer before accessing
+ the context information.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Remove unused variable causing compile warning
+
+ Remove unused groups variable from get_ids() which was causing a compiler warning.
+
+2006-03-27 kwc@citi.umich.edu
+ Update krb5 code to use glue routine lucid context functions
+
+ The gssd code should not know about the glue layer's context structure.
+ A previous patch added gss_export_lucid_sec_context() and
+ gss_free_lucid_sec_context() functions to the gssapi glue layer.
+ Use these functions rather than calling directly to the Kerberos
+ gssapi code (which requires the Kerberos context handle rather
+ than the glue's context handle).
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Separate out context handling code for MIT Kerberos and SPKM3
+ into their own file.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Consolidate gssd and svcgssd since they share much code
+
+ Remove directory svcgssd which was only created because the old
+ build system could not handle building two daemons in the same
+ directory. This eliminates build complications since gssd and
+ svcgssd also share many source files.
+
+ This patch effectively removes the utils/svcgssd directory, moving
+ all its files to the utils/gssd directory. File utils/gssd/Makefile.am
+ is modified with directions to build both gssd and svcgssd.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Use PKGCONFIG to locate gssapi and rpcsecgss header files
+
+ Instead of having separate copies of the gssapi and rpcsecgss
+ header files, or depending on the Kerberos gssapi header,
+ locate the headers now installed with the libgssapi and librpcsecgss
+ libraries.
+
+ Remove local copies of the gssapi and rpcsecgss header files.
+
+ This depends on the configure_use_autotools patch.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ User-selectable idmapping cache lifetime
+
+ Read and process new configuration option, Cache-Expiration, and use
+ the value to determine how long idmapping entries are cached.
+
+2006-03-27 Steve Dickson <steved@redhat.com>
+ Set libnfsidmap library debugging level and logging function.
+
+ This patch adds a call to the new libnfsidmap library function
+ nfs4_set_debug(), which defines the verbosity level libnfsidmap
+ should use as well as the logging function.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Don't close file descriptor until after calling event_del().
+
+ Delete event processing for a file descriptor before closing it.
+ This was causing hangs when used in combination with libevent-1.0b.
+
+2006-03-27 kwc@citi.umich.edu
+ Find krb5-config on SuSE 10
+
+ SuSE 10.0 puts krb5-config in yet another obscure location.
+ Look for it there and use it if found.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Update debian package information.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Install /var/lib/nfs files using DESTDIR and add rpcsec headers to distribution
+
+ Add "$(DESTDIR)" to the paths for the "$(statedir)" files so they are
+ put in the right place when DESTDIR is defined.
+
+ Add the rpcsec header files to EXTRA_DIST list.
+
+2005-12-21 NeilBrown <neilb@suse.de>
+ *utils/rquotad/rquota_server.c: Detect and handle both old-style
+ (2.4) and new-style(2.6) quotactl.
+ *utils/gssd/gss_destroy_cred: remove dependence on "head -1" which
+ might need to be "head -n 1"
+ *utils/nhfsstone/nhfsrun: convert "tail -1" to "tail -n 1"
+
+2005-12-20 Kevin Coffman <kwc@citi.umich.edu> NeilBrown <neilb@suse.de>
+ Substantial Makefile/configure rewrite.
+ Run 'autogen.sh' to create "Makefile.in" etc.
+
+ Also add -D_FILE_OFFSET_BITS=64 to CPP_FLAGS so that mountd can
+ stat and export files larger than 2Gig.
+
+ 1.0.8-rc2 released
+
+2005-12-20 NeilBrown <neilb@suse.de>
+ support/nfs/exports.c(getexportent): is a null host name is given,
+ replace it with '*' so we have a non-empty host name for messages
+ etc.
+ utils/exportfs/exportfs.man: Correct documentation about default
+ export options.
+
+2005-12-20 Kevin Coffman <kwc@citi.umich.edu>
+ utils/gssd/gssd_proc.c(create_auth_rpc_client): Use service
+ portion of clp->servicename rather than hard-coding "nfs".
+
+2005-12-16 NeilBrown <neilb@suse.de>
+ 1.0.8-rc1 released
+
+2005-12-16 Kevin Coffman <kwc@citi.umich.edu>
+ svcgssd needs -lnfs when using new function closeall().
+
+ ---
+ Remove unused argument from nfsdopen()
+
+ After previous changes, the arguement to nfsdopen() has become unused.
+ Remove it.
+
+ ---
+ Fix idmapd error reporting after call to mydaemon()
+
+ After call to mydaemon(), calls to err[x] and warn[x] result
+ in the message going nowhere. Change to using idmapd_*
+ versions of these routines which write to syslog.
+ Original problem reported by Vincent Roqueta <vincent.roqueta@ext.bull.net>
+ with a different patch.
+
+ ---
+ Don't add @domain to names that cannot be mapped.
+
+ Per rfc3530 section 5.8: when unable to map a uid to a name, don't
+ add the @domain to the "nobody" name.
+
+ ---
+ Fix idmapd for systems where sizeof(uid_t)!=4 and sizeof(gid_t)!=4
+
+ Fix conversion cases where uid_t and gid_t are not 32 bits.
+
+ ---
+ Don't segfault because mech wasn't filled in because of an error
+
+ From Kevin Coffman <kwc@citi.umich.edu>
+
+ Initialize mech to null to avoid segfault if an error occurs
+ and mech is never returned from gss_accept_sec_context.
+
+ ---
+ Remove use of static buffer in do_downcall
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Dynamically allocate buffer of the correct length rather
+ than using fixed-length buffer.
+
+ ---
+ Print better error message if rpc routine clnt_create() fails.
+
+ ---
+ Print appropriate error messages after gss calls.
+
+ Print gss error messages after calls to gss functions, even if they
+ are for Kerberos only.
+
+ ---
+ Update gssd and svcgssd to use the new gss mech glue lucid context calls.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Update gssd and svcgssd to use a lucid context from SPKM3 to send down
+ to the kernel.
+ Update gssd and svcgssd to use the new gss mech glue lucid context calls.
+ Add configure check to see if spkm3 support is available.
+
+ ---
+ Add support for CONTINUE_NEEDED return from gss_accept_sec_context.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Add CONTINUE_INIT handling to svcgssd. Store the partially complete spkm
+ context handle in the out_handle of CONTINUE_INIT messages so that it is
+ returned in the in_handle of subsequent messages.
+
+ ---
+ Replace GSS_C_ANON_FLAG with GSS_C_MUTUAL_FLAG.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Specify GSS_C_MUTUAL_FLAG rather than GSS_C_ANON_FLAG for
+ spkm3.
+
+ NOTE: we need a way to pass the appropriate value rather than
+ hard-coding this flag.
+
+ ---
+ Increase size of rpc send/receive buffers
+
+ Change the clnt_create() to use routines which allow us to set the
+ send and receive buffer size. This is needed for larger spkm3
+ exchanges including certificate chains.
+
+ This has the side-effect of skipping the portmap call since
+ we specify the port (by specifying the service) when getting
+ the server's address information.
+
+ ---
+ Define _LINUX_QUOTA_VERSION to 1
+
+ The rquotad code is written against the "old" kernel quota interface.
+ Fedora Core 4 is the only platform known to check for different
+ versions, so this should not have any affect on other platforms
+ and fixes the build for FC4.
+
+ ---
+
+2005-12-12 Usha Ketineni <ketineni@us.ibm.com>, NeilBrown <neilb@suse.de>
+ *support/nfs/rpcmisc.c(rpc_init): is stdin is a socket, but
+ is already connected (as e.g. from ssh), don't assume we
+ were started by inetd.
+
+2005-11-03 Steve Dickson <SteveD@redhat.com> NeilBrown <neilb@suse.de>
+ *utils/idmapd/idmaps.c:
+
+ I've recently updated the nfs-utils in rawhide with the
+ latest patches from the SourceForge CVS tree and the
+ latest CITI patches (1.0.7-4).
+
+ In testing these patches, I notice that when the server was started
+ and a SIGHUP was sent to rpc.idmapd to open the nfs4.nametoid/channel
+ and nfs4.idtoname/channel files, the second open (the nfs4.idtoname one)
+ failed because the path (i.e. ic->ic_path) was NULL.
+
+ Now the reason the ic_path was NULL was because it was never set
+ during the call to nfsdopen(). nfsdopen() looks like:
+ nfsdopen(char *path)
+ {
+ return ((nfsdopenone(&nfsd_ic[IC_NAMEID], IC_NAMEID, path) == 0 &&
+ nfsdopenone(&nfsd_ic[IC_IDNAME], IC_IDNAME, path) == 0) ? 0
+ : -1);
+ }
+
+ Note: the call to nfsdopenone() is how the path is set in each nfsd_ic[]
+ entry and nfsdopen() is only called once.
+
+ So when rpc.idmap comes up and the first call to nfsdopenone() fails
+ (because the server is not running) the path in nfsd_ic[IC_IDNAME] is
+ never filled in because the second nfsdopenone() never happen...
+
+ Now there was a CITI patche (idmapd_revert_fix_reopen_on_sighup.dif)
+ that tried to address this problem but did seem to fix it.. The
+ attached patch fix the problem by initializing both nfsd_ic[IC_IDNAME]
+ and nfsd_ic[IC_NAMEID] structures with the needed info...
+ I figured since there is no way of changing these paths or filenames
+ by command line args, why not just set them during compile time...
+ so that's what this patch does.
+
+ This patch also changes how nfsdreopen_one() handles the
+ case where the event has already been set. Unlike the CITI
+ patch (idmapd_revert_fix_reopen_on_sighup.dif) which just
+ just does not register the second event, my patch deletes
+ the old event and the registers the new one. It just seems like
+ the right thing to do since a SIGHUP means a new server just
+ started so we probably should create a new event as well...
+
+ steved.
+
+2005-10-14 NeilBrown <neilb@suse.de>
+ *utils/mountd/cache.c(nfsd_fh): Understand type 2 and type 3
+ filesystem identifiers, which are used with device numbers
+ That don't fit into 16 bits.
+
+2005-10-07 Olaf Kirch <okir@suse.de>
+ * utils/mountd/mountd.c(get_exportlist): Without this patch,
+ showmount -e would sometimes display host names that should really
+ have been subsumed under a wildcard entry.
+
+ The problem was that the code in get_exportlist would always
+ skip the next group entry after removing one FQDN.
+
+2005-10-06 Steve Dickson <SteveD@redhat.com> NeilBrown <neilb@suse.de>
+ * support/nfs/export.c: don't warn about sync/async for readonly
+ exports
+ * support/nfs/closeall.c: new file with function to close all
+ file descriptors from a give minimum upwards.
+ * nfsd/mountd/statd/idmapd/gsssvcd: use closeall.
+ * utils/mountd/mountd.c: Eliminate 3 syslog message that are
+ logged for successful events.
+ * utils/mountd/mountd.c: make sure the correct hostname is used in
+ the SM_NOTIFY message that is sent from a rebooted server which
+ has multiple network interfaces. (bz 139101)
+
+ Details can be found in:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139101
+
+ *utils/idmapd/idmapd.c:Fixed subscripting problem in idmapd (bz
+ 158188) This fixes the following problem:
+ rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
+
+ Details can be found in:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158188
+
+ *utils/statd/statd.c(drop_privs): clear st_gid as well as st_uid
+ of stat fails.
+ *utils/statd/svc_run.c(my_svc_run): remove usage of undocumented
+ %m format specifier.
+ *utils/statd/montor.c(sm_mon_1_svc): as above
+ *support/nfs/xlog.c(xlog): Changed xlog to use LOG_INFO instead of
+ LOG_DEBUG so debug messages will appear w/out any config changes
+ to syslog.conf.
+
+
+2005-09-02 Mike Frysinger <vapier@gentoo.org>
+ * utils/rquotad/rquota_server.c(getquotainfo): use explicit
+ struture-member copying rather than memcpy, as the element
+ sizes are the same on all architectures.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ Add option to set rpcsec_gss debugging level (if available)
+
+ Changes to allow gssd/svcgssd to build when using Hiemdal Kerberos
+ libraries. Note that there are still run-time issues preventing
+ this from working when shared libraries for libgssapi and librpcsecgss
+ are used.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ Remove the rpcsec_gss code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ *utils/mountd/mountd.c:
+ mountd currently always returns AUTH_NULL and AUTH_SYS as the
+ allowable flavors in mount replies. We want it to also return gss
+ flavors when appropriate. For now as a hack we just have it always
+ return the KRB5 flavors as well.
+
+ *utils/mountd/cache.c:
+
+ When attempting to mount an NFSv4 pseudofilesystem (fsid=0) and the
+ actual exported directory does not exist on the server, rpc.mountd
+ doesn't check the directory exists (when fsidtype=1, i.e. using fsid,
+ but does check for fsidtype=0, i.e. using dev/ino). The non-existent
+ exported directory path with fsid=0 is written to the kernel via
+ /proc/net/rpc/nfsd.export/channel, which leads to path_lookup() to
+ return ENOENT (seems appropriate). Unfortunately, the new_cache
+ approach ignores errors returned when writing via the channel file so
+ that particular error is lost and the mount request is silently ignored.
+
+ Assuming it doesn't make sense to revamp the new_cache/up-call method to
+ not ignore returned errors, it seems appropriate to fix the case where
+ rpc.mountd doesn't check for the existence of an exported directory with
+ fsid= semantics. The following patch does this by moving the stat() up
+ so it is done for both fsidtype's. I'm not certain whether the other
+ tests need to be executed for fsidtype=1, but it doesn't appear to hurt
+ [Not exactly true: the comparison of inode numbers caused problems so
+ now it's kept for fsidtype=0 only].
+
+ Would it be also desirable to log a warning for every error, if any,
+ returned by a write to any of the /proc/net/rpc/*/channel files which
+ would otherwise be ignored (maybe under a debug flag)?
+
+ * gssd/mountd/svcgssd: Changes gssd, svcgssd, and mountd to ignore a
+ SIGHUP rather than dying.
+
+ * many: Remove the gssapi code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ * utils/exportfs/exports.man: Document the "crossmnt" export export option
+ * utils/gssd/krb5_util.c:
+ Add better debugging and partially revert the function
+ check for gss_krb5_ccache_name.
+
+ For MIT Kerberos releases up to and including 1.3.1, we *must*
+ use the routine gss_krb5_ccache_name to get the K5 gssapi code
+ to use a different credentials cache.
+
+ For releases 1.3.2 and on, we want to use the KRB5CCNAME
+ environment variable to tell it what to use.
+ (A problem was reported where 1.3.5 was being used, our
+ code was using gss_krb5_ccache_name, but the underlying
+ code continued to use the first (or default?) credentials
+ cache. Switching to using the env variable fixed the problem.
+ I cannot recreate this problem.
+
+ *utils/gssd/krb5_util.c:
+ Andrew Mahone <andrew.mahone@gmail.com> reported that reiser4
+ always has DT_UNKNOWN. He supplied patch to move the check
+ for regular files after the stat() call to correctly find
+ ccache files in reiser4 filesystem.
+
+ Also change the name comparison so that the wrong file is
+ not selected when the substring comparison is done.
+
+ *utils/gssd/krb5_util.c:
+ Limit the set of encryption types that can be negotiated by
+ the Kerberos library to those that the kernel code currently
+ supports.
+
+ This should eventually query the kernel for the list of
+ supported enctypes.
+
+ *utils/gssd/gss_util.c, utils/svcgssd/svcgssd_main_loop.c:
+ Print more information in error messages to help debugging failures.
+
+ *utils/svcgssd/svcgssd_proc.c: Increase token buffer size and
+ update error handling so that a response is always sent.
+
+ *utils/svcgssd/svcgssd_proc.c: Add support to retrieve
+ supplementary groups.
+
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ * configure.in etc
+ Consolidate some of the Kerberos checking instead of repeating
+ the same things for MIT and Heimdal.
+ Also adds more checks to distinguish 32-bit from 64-bit
+ (mainly for gssapi.h)
+ Fix svcgssd Makefile so make TOP=../../ works correctly there.
+ Enable running a modern autoheader.
+ * utils/gssd/gss_oids.c: Use correct OID value for SPKM-3
+ * utils/gssd/gss_util.c: Fix build with older MIT releases that do not define GSS_C_NT_HOSTBASED_SERVICE
+ * utils/gssd/write_bytes.h, support/include/gssapi/gssapi.h:
+ Length of gss_buffer_desc is a size_t which is 64-bits on a
+ 64-bit machine. Kernel code expects 32-bit integer for length.
+ Coerce length value into a 32-bit value when reading from or
+ writing to the kernel.
+ Change gssapi.h to use datatype size values obtained from
+ configure rather than hard-coded values.
+ * utils/idmapd/idmapd.c: The EV_INIT check here was wrong, and was
+ causing idmapd to become unresponsive to server requests after
+ receiving a sighup.
+ * utils/idmapd/idmapd.c: Idmapd should flush the server id<->name
+ caches when its started.
+
+2005-04-12 G. Allen Morris III <gam3@gam3.net>
+
+ * All Makefile: added TOP as needed for easier compile.
+
+ * utils/nfsstat/nfsstat.c: added NFS V4 support; added the -m
+ option; Added -2, -3, and -4 options; changed -a option to -v
+ option; added long options; changed default output to not
+ show V2 NFS statistics unless used.
+
+ * utils/nfsstat/nfsstat.man: Documented above changes; changed
+ authors email address; added BUGS section.
+
+2005-04-07 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.7-2.
+
+2005-04-06 Chip Salzenberg <chip@pobox.com>
+
+ * config.guess, config.sub: Update.
+
+ * support/rpc/svc_auth_gss.c (_svcauth_gss): Avoid using a cast as
+ an lvalue, as it is non-portable.
+
+ * support/nfs/exports.c (parseopts): Accept "acl" option to mean
+ ~NFSEXP_NOACL, and "no_acl" to mean NFSEXP_NOACL.
+ (putexportent): Report NFSEXP_NOACL as "no_acl", and ~NFSEXP_NOACL
+ as "acl".
+ * utils/exportfs/exportfs.c (dump): Report NFSEXP_NOACL as
+ "no_acl".
+ * utils/exportfs/exports.man: Document "no_acl".
+
+2005-03-14 NeilBrown <neilb@cse.unsw.edu.au>
+ Denis Vlasenko <vda@ilport.com.ua>
+ * support/export/client.c(client_init and client_gettype):
+ treat N.N.N.N as a special case of MCL_SUBNETWORK instead of
+ MCL_FQDN
+
+2005-03-06 G. Allen Morris III <gam3@gam3.net>
+ * support/nfs/cacheio.c(readline): Could not read lines greater
+ than 128 bytes. [1157791]
+ * utils/exportfs/exports.man: Added a SEE ALSO section and
+ fixed 2 typos. [1018450]
+
+2005-02-28 Trond Myklebust <trond.myklebust@fys.uio.no>
+ * utils/statd/rmtcall.c(statd_get_socket): If a port number is
+ explicitly given, make sure to try to bind to that.
+
+2005-01-11 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.7-1.
+ * debian/nfs-common.default (NEED_IDMAPD, NEED_GSSD):
+ Disable by default, on advice of upstream.
+ * debian/nfs-kernel-server.default (NEED_SVCGSSD):
+ Likewise.
+
+ * utils/svcgssd/Makefile (predep): Symbolically link duplicated
+ source files.
+ (distclean): Remove symlinks to duplicated files.
+
+2004-12-17 NeilBrown <neilb@cse.unsw.edu.au>
+ Release 1.0.7
+
+ * config.mk, configure.in: update version number, run autoconf
+ * configure.in: require nfsidmap.h if gss is enabled.
+
+2004-12-10 NeilBrown <neilb@cse.unsw.edu.au>
+ Release 1.0.7-pre2
+
+ * config.mk, configure.in: update version number, run autoconf
+