+2006-04-12 NeilBrown <neilb@suse.de>
+ Set version to 1.0.8,
+ aclocal -I aclocal ; autoheader ; automake ; autoconf
+
+2006-04-10 NeilBrown <neilb@suse.de>
+ Various paranoia checks:
+ gssd_proc.c: pass max_field sizes to sscanf to avoid buffer
+ overflow
+ svcgssd_proc.c: range_check name.length, to ensure name.length+1
+ doesn't wrap
+ idmapd.c(nfsdcb): make sure at least one byte is read before
+ zeroing the last byte that was read, otherwise memory corruption
+ is possible.
+
+ Found by SuSE security audit.
+
+2006-04-10 "Kevin Coffman" <kwc@citi.umich.edu>
+ Check for sufficient version of librpcsecgss and libgssapi
+ in configure.in
+
+2006-04-10 "Kevin Coffman" <kwc@citi.umich.edu>
+ Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and
+ HAVE_TCP_WRAPPERS as appropriate.
+
+2006-04-10 NeilBrown <neilb@suse.de>
+ Add checking for innetgr back to configure.in
+
+2006-04-10 kwc@citi.umich.edu
+ Update calls to gss_export_lucid_sec_context()
+
+ Change the calls to gss_export_lucid_sec_context() to match the corrected
+ interface definition in libgssapi-0.9.
+
+2006-04-10 kwc@citi.umich.edu
+ Plug memory leaks in svcgssd
+
+ Various memory leaks in the svcgssd context processing are eliminated.
+
+2006-04-10 kwc@citi.umich.edu
+ Fix memory leak of the AUTH structure on context negotiations
+
+ Free AUTH structure after completing context negotiation and sending
+ context information to the kernel.
+
+2006-04-10 kwc@citi.umich.edu
+ Fix support/include/config.h.in such as would be done be running autoheader.
+
+2006-03-28 NeilBrown <neilb@suse.de>
+ 1.0.8-pre3, aclocal/autoconf/automake
+
+2006-03-28 kwc@citi.umich.edu
+ Use PKGCONFIG to locate gssapi and rpcsecgss header files
+
+ Instead of having separate copies of the gssapi and rpcsecgss
+ header files, or depending on the Kerberos gssapi header,
+ locate the headers now installed with the libgssapi and librpcsecgss
+ libraries.
+
+ Remove local copies of the gssapi and rpcsecgss header files.
+
+ This depends on the configure_use_autotools patch.
+
+2006-03-28 kwc@citi.umich.edu
+ Add debugging to better detect negotiation of enctype not supported by kernel
+
+ Print debugging message indicating the type of encryption keys being sent
+ down to the kernel. This should make it easier to detect cases where
+ unsupported encryption types are being negotiated.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+
+ Don't close and reopen all pipes on every DNOTIFY signal.
+
+ From: Vince Busam <vbusam@google.com>
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Don't unnecessarily close and re-open all pipes after every DNOTIFY
+ signal. These unnecessary closes were triggering a kernel Oops.
+ Original patch modified to correct segfault when unmounting last
+ NFSv4 mount.
+
+2006-03-28 kwc@citi.umich.edu
+ Add option to specify directory to search for credentials cache files
+
+
+ From: Vince Busam <vbusam@google.com>
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Add command line option to specify which directory should be searched
+ to find credentials caches.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+ Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5
+
+ We need to get access to the internal krb5 context pointer for
+ older (pre-1.4) versions of MIT Kerberos. We get a pointer to
+ the gss glue's context. Get the right pointer before accessing
+ the context information.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+
+ Remove unused groups variable from get_ids() which was causing a compiler warning.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+ Update krb5 code to use glue routine lucid context functions
+
+
+
+ The gssd code should not know about the glue layer's context structure.
+ A previous patch added gss_export_lucid_sec_context() and
+ gss_free_lucid_sec_context() functions to the gssapi glue layer.
+ Use these functions rather than calling directly to the Kerberos
+ gssapi code (which requires the Kerberos context handle rather
+ than the glue's context handle).
+
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+
+ Separate out context handling code for MIT Kerberos and SPKM3
+ into their own file.
+ (Really this time)
+
+2006-03-28 Kevin Coffman <kwc@citi.umich.edu>
+ User-selectable idmapping cache lifetime
+
+ Read and process new configuration option, Cache-Expiration, and use
+ the value to determine how long idmapping entries are cached.
+ (Really this time)
+
2006-03-27 NeilBrown <neilb@suse.de>
1.0.8-rc3