Accepting request 1194950 from Base:System

- add 0001-gssd-revert-commit-a5f3b7ccb01c.patch,
  0002-gssd-revert-commit-513630d720bd.patch,
  0003-gssd-switch-to-using-rpc_gss_seccreate.patch,
  0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch,
  0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch,
  0006-configure-check-for-rpc_gss_seccreate.patch: fixes for
  libtirpc 1.3.5

- drop reenable-nfsv2.patch (poo#106679)
  Fix crash when rpc-gssd run with -v.
- Replace references to /var/adm/fillup-templates with new
  options.
- do not strip the binaries
- mkinitrd-boot.sh: allow other mkinitrd-setup
- nfs-utils-eperm-fallback.patch:  mount.nfs
  Includes new config file: /etc/nfsmount.conf and
- Kill processes on NFS mounts when unmounting
  bnc#442490
  * fix typo in handling of "init.d/nfs status"
- nfs.init:
  * unmount rpc_pipefs
- fix sysconfig filename for changed fillup call
   services (gssd and idmpad have been rolled in to nfs/nfsserver).
- remove svcinfo.d dir as it is provided now by filesystem
- update to version 1.1.2
- uses libgssglue instead of libgssapi
- add rpcbind support [fate#300607]
- added gssapi to buildrequires
  (#116355)
  showmount has been removed there (#309782)

OBS-URL: https://build.opensuse.org/request/show/1194950
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nfs-utils?expand=0&rev=182

0001-gssd-revert-commit-a5f3b7ccb01c.patch

@@ -0,0 +1,99 @@
+From 20c0797937e9ec43a78a2f5475d4296897f8c537 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Mon, 11 Dec 2023 08:46:35 -0500
+Subject: [PATCH 1/6] gssd: revert commit a5f3b7ccb01c
+
+In preparation for using rpc_gss_seccreate() function, revert commit
+a5f3b7ccb01c "gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
+credentials"
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/gssd/gssd_proc.c |  2 --
+ utils/gssd/krb5_util.c | 42 ------------------------------------------
+ utils/gssd/krb5_util.h |  1 -
+ 3 files changed, 45 deletions(-)
+
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index a96647df..e5cc1d98 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -419,8 +419,6 @@ create_auth_rpc_client(struct clnt_info *clp,
+ 			if (cred == GSS_C_NO_CREDENTIAL)
+ 				retval = gssd_refresh_krb5_machine_credential(clp->servername,
+ 					"*", NULL, 1);
+-			else
+-				retval = gssd_k5_remove_bad_service_cred(clp->servername);
+ 			if (!retval) {
+ 				auth = authgss_create_default(rpc_clnt, tgtname,
+ 						&sec);
+diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
+index 6f66ef4f..f6ce1fec 100644
+--- a/utils/gssd/krb5_util.c
++++ b/utils/gssd/krb5_util.c
+@@ -1553,48 +1553,6 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
+ 	return ret;
+ }
+ 
+-/* Removed a service ticket for nfs/<name> from the ticket cache
+- */
+-int
+-gssd_k5_remove_bad_service_cred(char *name)
+-{
+-        krb5_creds in_creds, out_creds;
+-        krb5_error_code ret;
+-        krb5_context context;
+-        krb5_ccache cache;
+-        krb5_principal principal;
+-        int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
+-        char srvname[1024];
+-
+-        ret = krb5_init_context(&context);
+-        if (ret)
+-                goto out_cred;
+-        ret = krb5_cc_default(context, &cache);
+-        if (ret)
+-                goto out_free_context;
+-        ret = krb5_cc_get_principal(context, cache, &principal);
+-        if (ret)
+-                goto out_close_cache;
+-        memset(&in_creds, 0, sizeof(in_creds));
+-        in_creds.client = principal;
+-        sprintf(srvname, "nfs/%s", name);
+-        ret = krb5_parse_name(context, srvname, &in_creds.server);
+-        if (ret)
+-                goto out_free_principal;
+-        ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
+-        if (ret)
+-                goto out_free_principal;
+-        ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
+-out_free_principal:
+-        krb5_free_principal(context, principal);
+-out_close_cache:
+-        krb5_cc_close(context, cache);
+-out_free_context:
+-        krb5_free_context(context);
+-out_cred:
+-        return ret;
+-}
+-
+ #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+ /*
+  * this routine obtains a credentials handle via gss_acquire_cred()
+diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
+index 7ef87018..62c91a0e 100644
+--- a/utils/gssd/krb5_util.h
++++ b/utils/gssd/krb5_util.h
+@@ -22,7 +22,6 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
+ void gssd_k5_get_default_realm(char **def_realm);
+ 
+ int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
+-int gssd_k5_remove_bad_service_cred(char *srvname);
+ 
+ #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+ extern int limit_to_legacy_enctypes;
+-- 
+2.46.0
+

0002-gssd-revert-commit-513630d720bd.patch

@@ -0,0 +1,51 @@
+From f05af7d9924b5e455f4e750c1e8985c560784fce Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Mon, 11 Dec 2023 08:50:57 -0500
+Subject: [PATCH 2/6] gssd: revert commit 513630d720bd
+
+In preparation for using rpc_gss_seccreate(), revert commit 513630d720bd
+"gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials"
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/gssd/gssd_proc.c | 16 +---------------
+ 1 file changed, 1 insertion(+), 15 deletions(-)
+
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index e5cc1d98..4fb6b72d 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -412,27 +412,13 @@ create_auth_rpc_client(struct clnt_info *clp,
+ 		tid, tgtname);
+ 	auth = authgss_create_default(rpc_clnt, tgtname, &sec);
+ 	if (!auth) {
+-		if (sec.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+-			printerr(2, "WARNING: server=%s failed context "
+-				 "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
+-				 clp->servername);
+-			if (cred == GSS_C_NO_CREDENTIAL)
+-				retval = gssd_refresh_krb5_machine_credential(clp->servername,
+-					"*", NULL, 1);
+-			if (!retval) {
+-				auth = authgss_create_default(rpc_clnt, tgtname,
+-						&sec);
+-				if (auth)
+-					goto success;
+-			}
+-		}
+ 		/* Our caller should print appropriate message */
+ 		printerr(2, "WARNING: Failed to create krb5 context for "
+ 			    "user with uid %d for server %s\n",
+ 			 uid, tgtname);
+ 		goto out_fail;
+ 	}
+-success:
++
+ 	/* Success !!! */
+ 	rpc_clnt->cl_auth = auth;
+ 	*clnt_return = rpc_clnt;
+-- 
+2.46.0
+

0003-gssd-switch-to-using-rpc_gss_seccreate.patch

@@ -0,0 +1,60 @@
+From 3abf6b5223af0ccf07d217d71978ee7987acce88 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Mon, 11 Dec 2023 08:52:47 -0500
+Subject: [PATCH 3/6] gssd: switch to using rpc_gss_seccreate()
+
+If available from the libtirpc library, switch to using
+rpc_gss_seccreate() instead of authgss_create_default() which does not
+expose gss error codes.
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/gssd/gssd_proc.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index 4fb6b72d..99761157 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -70,6 +70,9 @@
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <syscall.h>
++#ifdef HAVE_TIRPC_GSS_SECCREATE
++#include <rpc/rpcsec_gss.h>
++#endif
+ 
+ #include "gssd.h"
+ #include "err_util.h"
+@@ -330,6 +333,11 @@ create_auth_rpc_client(struct clnt_info *clp,
+ 	struct timeval	timeout;
+ 	struct sockaddr		*addr = (struct sockaddr *) &clp->addr;
+ 	socklen_t		salen;
++#ifdef HAVE_TIRPC_GSS_SECCREATE
++	rpc_gss_options_req_t	req;
++	rpc_gss_options_ret_t	ret;
++	char			mechanism[] = "kerberos_v5";
++#endif
+ 	pthread_t tid = pthread_self();
+ 
+ 	sec.qop = GSS_C_QOP_DEFAULT;
+@@ -410,7 +418,14 @@ create_auth_rpc_client(struct clnt_info *clp,
+ 
+ 	printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n", 
+ 		tid, tgtname);
++#ifdef HAVE_TIRPC_GSS_SECCREATE
++	memset(&req, 0, sizeof(req));
++	req.my_cred = sec.cred;
++	auth = rpc_gss_seccreate(rpc_clnt, tgtname, mechanism,
++			rpcsec_gss_svc_none, NULL, &req, &ret);
++#else
+ 	auth = authgss_create_default(rpc_clnt, tgtname, &sec);
++#endif
+ 	if (!auth) {
+ 		/* Our caller should print appropriate message */
+ 		printerr(2, "WARNING: Failed to create krb5 context for "
+-- 
+2.46.0
+

0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch

@@ -0,0 +1,62 @@
+From 2bfb59c6f50eb86c21f8e0c33bbf32ec53480fb8 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Mon, 11 Dec 2023 08:55:35 -0500
+Subject: [PATCH 4/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine
+ credentials
+
+During context establishment, when the client received
+KRB5_AP_ERR_BAD_INTEGRITY error, it might be due to the server
+updating its key material. To handle such error, get a new
+service ticket and re-try the AP_REQ.
+
+This functionality relies on the new API in libtirpc that
+exposes the gss errors.
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/gssd/gssd_proc.c | 21 ++++++++++++++++++++-
+ 1 file changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index 99761157..29600a3f 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -427,13 +427,32 @@ create_auth_rpc_client(struct clnt_info *clp,
+ 	auth = authgss_create_default(rpc_clnt, tgtname, &sec);
+ #endif
+ 	if (!auth) {
++#ifdef HAVE_TIRPC_GSS_SECCREATE
++		if (ret.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
++			printerr(2, "WARNING: server=%s failed context "
++				 "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
++				 clp->servername);
++			if (cred == GSS_C_NO_CREDENTIAL)
++				retval = gssd_refresh_krb5_machine_credential(clp->servername,
++					"*", NULL, 1);
++			if (!retval) {
++				auth = rpc_gss_seccreate(rpc_clnt, tgtname,
++						mechanism, rpcsec_gss_svc_none,
++						NULL, &req, &ret);
++				if (auth)
++					goto success;
++			}
++		}
++#endif
+ 		/* Our caller should print appropriate message */
+ 		printerr(2, "WARNING: Failed to create krb5 context for "
+ 			    "user with uid %d for server %s\n",
+ 			 uid, tgtname);
+ 		goto out_fail;
+ 	}
+-
++#ifdef HAVE_TIRPC_GSS_SECCREATE
++success:
++#endif
+ 	/* Success !!! */
+ 	rpc_clnt->cl_auth = auth;
+ 	*clnt_return = rpc_clnt;
+-- 
+2.46.0
+

0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch

@@ -0,0 +1,101 @@
+From 15cd566633b1546f0808d0694ede094b4c99752d Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Mon, 11 Dec 2023 08:57:28 -0500
+Subject: [PATCH 5/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
+ credentials
+
+Unlike the machine credential case, we can't throw away the ticket
+cache and use the keytab to renew the credentials. Instead, we
+need to remove the service ticket for the server that returned
+KRB5_AP_ERR_BAD_INTEGRITY and try again.
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/gssd/gssd_proc.c |  2 ++
+ utils/gssd/krb5_util.c | 42 ++++++++++++++++++++++++++++++++++++++++++
+ utils/gssd/krb5_util.h |  1 +
+ 3 files changed, 45 insertions(+)
+
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index 29600a3f..7629de0b 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -435,6 +435,8 @@ create_auth_rpc_client(struct clnt_info *clp,
+ 			if (cred == GSS_C_NO_CREDENTIAL)
+ 				retval = gssd_refresh_krb5_machine_credential(clp->servername,
+ 					"*", NULL, 1);
++			else
++				retval = gssd_k5_remove_bad_service_cred(clp->servername);
+ 			if (!retval) {
+ 				auth = rpc_gss_seccreate(rpc_clnt, tgtname,
+ 						mechanism, rpcsec_gss_svc_none,
+diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
+index f6ce1fec..6f66ef4f 100644
+--- a/utils/gssd/krb5_util.c
++++ b/utils/gssd/krb5_util.c
+@@ -1553,6 +1553,48 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
+ 	return ret;
+ }
+ 
++/* Removed a service ticket for nfs/<name> from the ticket cache
++ */
++int
++gssd_k5_remove_bad_service_cred(char *name)
++{
++        krb5_creds in_creds, out_creds;
++        krb5_error_code ret;
++        krb5_context context;
++        krb5_ccache cache;
++        krb5_principal principal;
++        int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
++        char srvname[1024];
++
++        ret = krb5_init_context(&context);
++        if (ret)
++                goto out_cred;
++        ret = krb5_cc_default(context, &cache);
++        if (ret)
++                goto out_free_context;
++        ret = krb5_cc_get_principal(context, cache, &principal);
++        if (ret)
++                goto out_close_cache;
++        memset(&in_creds, 0, sizeof(in_creds));
++        in_creds.client = principal;
++        sprintf(srvname, "nfs/%s", name);
++        ret = krb5_parse_name(context, srvname, &in_creds.server);
++        if (ret)
++                goto out_free_principal;
++        ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
++        if (ret)
++                goto out_free_principal;
++        ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
++out_free_principal:
++        krb5_free_principal(context, principal);
++out_close_cache:
++        krb5_cc_close(context, cache);
++out_free_context:
++        krb5_free_context(context);
++out_cred:
++        return ret;
++}
++
+ #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+ /*
+  * this routine obtains a credentials handle via gss_acquire_cred()
+diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
+index 62c91a0e..7ef87018 100644
+--- a/utils/gssd/krb5_util.h
++++ b/utils/gssd/krb5_util.h
+@@ -22,6 +22,7 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
+ void gssd_k5_get_default_realm(char **def_realm);
+ 
+ int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
++int gssd_k5_remove_bad_service_cred(char *srvname);
+ 
+ #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+ extern int limit_to_legacy_enctypes;
+-- 
+2.46.0
+

0006-configure-check-for-rpc_gss_seccreate.patch

@@ -0,0 +1,35 @@
+From 49567e7d03a5605c590be2135a24d4de8345fa3c Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Mon, 11 Dec 2023 08:59:43 -0500
+Subject: [PATCH 6/6] configure: check for rpc_gss_seccreate
+
+If we have rpc_gss_sccreate in tirpc library define
+HAVE_TIRPC_GSS_SECCREATE, which would allow us to handle bad_integrity
+errors.
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ aclocal/libtirpc.m4 | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4
+index bddae022..ef48a2ae 100644
+--- a/aclocal/libtirpc.m4
++++ b/aclocal/libtirpc.m4
+@@ -26,6 +26,11 @@ AC_DEFUN([AC_LIBTIRPC], [
+                                     [Define to 1 if your tirpc library provides libtirpc_set_debug])],,
+                          [${LIBS}])])
+ 
++     AS_IF([test -n "${LIBTIRPC}"],
++           [AC_CHECK_LIB([tirpc], [rpc_gss_seccreate],
++                         [AC_DEFINE([HAVE_TIRPC_GSS_SECCREATE], [1],
++                                    [Define to 1 if your tirpc library provides rpc_gss_seccreate])],,
++                         [${LIBS}])])
+   AC_SUBST([AM_CPPFLAGS])
+   AC_SUBST(LIBTIRPC)
+ 
+-- 
+2.46.0
+

nfs-utils.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Aug 20 20:21:14 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- add 0001-gssd-revert-commit-a5f3b7ccb01c.patch,
+  0002-gssd-revert-commit-513630d720bd.patch,
+  0003-gssd-switch-to-using-rpc_gss_seccreate.patch,
+  0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch,
+  0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch,
+  0006-configure-check-for-rpc_gss_seccreate.patch: fixes for
+  libtirpc 1.3.5
+
 -------------------------------------------------------------------
 Mon Apr 22 02:56:13 UTC 2024 - Neil Brown <nfbrown@suse.com>
 
@@ -144,7 +155,7 @@ Sat May  7 12:17:24 UTC 2022 - Marcus Meissner <meissner@suse.com>
 -------------------------------------------------------------------
 Mon Mar 21 14:50:21 UTC 2022 - Dirk Müller <dmueller@suse.com>
 
-- drop reenable-nfsv2.patch (poo#106679) 
+- drop reenable-nfsv2.patch (poo#106679)
 
 -------------------------------------------------------------------
 Tue Mar  8 20:58:54 UTC 2022 - Dirk Müller <dmueller@suse.com>
@@ -186,7 +197,7 @@ Mon Oct 25 23:53:37 UTC 2021 - Neil Brown <nfbrown@suse.com>
 Thu Sep  9 23:35:04 UTC 2021 - Neil Brown <nfbrown@suse.com>
 
 - Add 0001-gssd-fix-crash-in-debug-message.patch
-  Fix crash when rpc-gssd run with -v. 
+  Fix crash when rpc-gssd run with -v.
   (boo#1190144)
 
 -------------------------------------------------------------------
@@ -366,7 +377,7 @@ Mon Feb 10 18:58:59 UTC 2020 - Petr Vorel <pvorel@suse.cz>
    Dropped patches (upstream used different solution):
    - 0009-Allow-compilation-to-succeed-with-fno-common.patch (btw this used
 	 Patch0: instead of Patch10:) (boo#1160405)
-   
+
    Add nfsdcld - NFSv4 Client Tracking Daemon, add nfsdcld.service and enable it
    for nfs-kernel-server, add man page
    Add clddb-tool - tool for downgrading the nfsdcld sqlite database schema,
@@ -515,7 +526,7 @@ Fri Jul  6 15:02:49 CEST 2018 - kukuk@suse.de
 -------------------------------------------------------------------
 Thu Nov 23 13:40:51 UTC 2017 - rbrown@suse.com
 
-- Replace references to /var/adm/fillup-templates with new 
+- Replace references to /var/adm/fillup-templates with new
   %_fillupdir macro (boo#1069468)
 
 -------------------------------------------------------------------
@@ -1020,7 +1031,7 @@ Mon May 13 15:32:55 UTC 2013 - coolo@suse.com
 Wed Mar  6 20:04:55 UTC 2013 - darin@darins.net
 
 - nfsserver.init,sysconfig.nfs - Add support for setting rpc.mountd
-  options. 
+  options.
 
 -------------------------------------------------------------------
 Wed Nov 28 00:08:55 UTC 2012 - nfbrown@suse.com
@@ -1085,7 +1096,7 @@ Sun Nov 20 06:47:14 UTC 2011 - coolo@suse.com
 -------------------------------------------------------------------
 Sun Nov  6 11:43:39 UTC 2011 - puzel@suse.com
 
-- do not strip the binaries 
+- do not strip the binaries
 
 -------------------------------------------------------------------
 Wed Oct 12 05:18:17 UTC 2011 - nfbrown@suse.com
@@ -1261,7 +1272,7 @@ Sun May  9 23:07:24 UTC 2010 - nfbrown@novell.com
 -------------------------------------------------------------------
 Mon Apr 19 23:43:45 UTC 2010 - nfbrown@novell.com
 
-- mkinitrd-boot.sh: allow other mkinitrd-setup 
+- mkinitrd-boot.sh: allow other mkinitrd-setup
   scripts to request the inclusion of nfs support
   by setting need_nfs to 1.  (bnc#572207)
 
@@ -1294,7 +1305,7 @@ Tue Feb 23 22:15:18 UTC 2010 - nfbrown@novell.com
 -------------------------------------------------------------------
 Sun Nov 29 22:03:26 UTC 2009 - nfbrown@novell.com
 
-- nfs-utils-eperm-fallback.patch:  mount.nfs 
+- nfs-utils-eperm-fallback.patch:  mount.nfs
   tries a v3 mount after a v4 mount fails with ENOENT.
   Older linux nfsd servers return EPERM, so fall
   back in that case too.  bnc#557138
@@ -1303,7 +1314,7 @@ Sun Nov 29 22:03:26 UTC 2009 - nfbrown@novell.com
 Thu Nov  5 03:16:22 UTC 2009 - nfbrown@novell.com
 
 - New upsteam release - 1.2.1
-  Includes new config file: /etc/nfsmount.conf and 
+  Includes new config file: /etc/nfsmount.conf and
   man page.
 - nfs.init
   * implement try-restart in a more gentle fashion
@@ -1320,7 +1331,7 @@ Thu Nov  5 03:16:22 UTC 2009 - nfbrown@novell.com
 -------------------------------------------------------------------
 Fri Oct 30 05:43:32 CET 2009 - nfbrown@suse.de
 
-- Kill processes on NFS mounts when unmounting 
+- Kill processes on NFS mounts when unmounting
   for shutdown.  This allows any 'sync' to happen
   before we turn off the network.
   (bnc#503640)
@@ -1361,7 +1372,7 @@ Sun Dec  7 22:20:05 CET 2008 - nfbrown@suse.de
 - gssd-mem-leak
   * set better expiry date for cached auth info
   so kernel does not run out of memory
-  bnc#442490  
+  bnc#442490
 
 -------------------------------------------------------------------
 Fri Dec  5 02:43:20 CET 2008 - nfbrown@suse.de
@@ -1389,7 +1400,7 @@ Tue Dec  2 03:15:50 CET 2008 - nfbrown@suse.de
 - nfsserver.init
   * set lockd sysctls before starting lockd.
     (bnc#443118)
- 
+
 
 -------------------------------------------------------------------
 Tue Nov 25 06:10:31 CET 2008 - nfbrown@suse.de
@@ -1412,7 +1423,7 @@ Mon Nov 24 00:01:51 CET 2008 - nfbrown@suse.de
   * Don't use 'system' to run start-statd
   as this looses our setuid bit.
   bnc#447812
- 
+
 -------------------------------------------------------------------
 Fri Nov 21 11:45:58 CET 2008 - hare@suse.de
 
@@ -1457,21 +1468,21 @@ Fri Nov 14 03:19:34 CET 2008 - nfbrown@suse.de
 Fri Nov  7 04:32:51 CET 2008 - nfbrown@suse.de
 
 - nfs.init
-  * fix typo in handling of "init.d/nfs status"  
+  * fix typo in handling of "init.d/nfs status"
       $status should have been $state
 
 -------------------------------------------------------------------
 Mon Oct 13 17:58:34 CEST 2008 - mkoenig@suse.de
 
-- nfs.init: 
+- nfs.init:
   * ensure all daemons get killed on stop (including rpc.statd)
-  * unmount rpc_pipefs 
+  * unmount rpc_pipefs
   * let close_usr do the work before the NFS filesystems get unmounted
 
 -------------------------------------------------------------------
 Mon Oct 13 10:35:13 CEST 2008 - ro@suse.de
 
-- fix sysconfig filename for changed fillup call 
+- fix sysconfig filename for changed fillup call
 
 -------------------------------------------------------------------
 Mon Oct  6 14:37:33 CEST 2008 - kukuk@suse.de
@@ -1586,7 +1597,7 @@ Fri May  2 05:22:19 CEST 2008 - nfbrown@suse.de
 - Added SM_NOTIFY_OPTIONS sysconfig - (bnc #379806)
 - Removed needless rc_status/rc_exit games in nfsserver.init (bnc #380156)
 - Fixed some sysconfig entries that asked to restart non-existent
-   services (gssd and idmpad have been rolled in to nfs/nfsserver). 
+   services (gssd and idmpad have been rolled in to nfs/nfsserver).
 
 -------------------------------------------------------------------
 Fri Apr 11 12:08:38 CEST 2008 - jsrain@suse.cz
@@ -1602,25 +1613,25 @@ Wed Apr  9 12:06:23 CEST 2008 - jsrain@suse.cz
 Tue Apr  1 16:12:22 CEST 2008 - mkoenig@suse.de
 
 - fix path srvinfo.d -> svcinfo.d
-- remove svcinfo.d dir as it is provided now by filesystem  
+- remove svcinfo.d dir as it is provided now by filesystem
 
 -------------------------------------------------------------------
 Thu Mar 27 13:53:20 CET 2008 - mkoenig@suse.de
 
-- update to version 1.1.2 
-- uses libgssglue instead of libgssapi 
+- update to version 1.1.2
+- uses libgssglue instead of libgssapi
 - remove patch
   nfs-utils-o_create-mode
 
 -------------------------------------------------------------------
 Wed Mar 26 17:11:33 CET 2008 - mkoenig@suse.de
 
-- add rpcbind support [fate#300607] 
+- add rpcbind support [fate#300607]
 
 -------------------------------------------------------------------
 Thu Feb 28 18:42:52 CET 2008 - ro@suse.de
 
-- added gssapi to buildrequires 
+- added gssapi to buildrequires
 
 -------------------------------------------------------------------
 Wed Feb 13 21:04:46 CET 2008 - jeffm@suse.com
@@ -1645,7 +1656,7 @@ Mon Dec 17 02:29:08 CET 2007 - nfbrown@suse.de
 Mon Nov 12 12:58:01 CET 2007 - ro@suse.de
 
 - use navigation icons from latex2html in nfs-utils-doc package
-  (#116355) 
+  (#116355)
 
 -------------------------------------------------------------------
 Fri Sep 14 12:22:08 CEST 2007 - ro@suse.de
@@ -1657,12 +1668,12 @@ Fri Sep 14 12:22:08 CEST 2007 - ro@suse.de
 Wed Sep 12 15:36:34 CEST 2007 - ro@suse.de
 
 - drop conflicts with nfs-server (userspace) in nfs-client package
-  showmount has been removed there (#309782) 
+  showmount has been removed there (#309782)
 
 -------------------------------------------------------------------
 Thu Jul 19 16:40:38 CEST 2007 - ro@suse.de
 
-- added README.NFSv4 (#182775) 
+- added README.NFSv4 (#182775)
 
 -------------------------------------------------------------------
 Tue Jul 17 13:32:25 CEST 2007 - meissner@suse.de
@@ -1704,7 +1715,7 @@ Tue Feb 27 08:52:29 CET 2007 - ro@suse.de
   - Fix -n option to mountd
   - Document sensitive gids
 - upstreamed patches deleted:
-  nfs-utils-anon-uid32.patch 
+  nfs-utils-anon-uid32.patch
 - added e2fsprogs-devel (for libblkid)
 - nhfsXXX binaries and manpages have been removed upstream
 
@@ -1722,7 +1733,7 @@ Mon Jan  8 18:23:44 CET 2007 - ro@suse.de
 -------------------------------------------------------------------
 Mon Dec 18 18:40:03 CET 2006 - ro@suse.de
 
-- added nfsserver.xml to /etc/omc/srvinfo.d (fate#301835) 
+- added nfsserver.xml to /etc/omc/srvinfo.d (fate#301835)
 
 -------------------------------------------------------------------
 Tue Aug  8 17:49:47 CEST 2006 - ro@suse.de
@@ -1743,7 +1754,7 @@ Tue Aug  8 17:49:47 CEST 2006 - ro@suse.de
   - nfs-utils-1.0.7-strip.patch
   - nfs-utils-64bigendian.patch
   - nfs-utils-1.0.6-quota.patch (upstream different)
-  
+
   partly upstreamed patches:
   - nfs-utils-1.0.6-anon-uid32.patch
   - nfs-utils-1.0.7-gssd-select-ccache.patch
@@ -1760,17 +1771,17 @@ Thu Jul 13 14:33:24 CEST 2006 - aj@suse.de
 -------------------------------------------------------------------
 Fri Jun 23 15:20:54 CEST 2006 - ro@suse.de
 
-- find kerberos ticket files even if /tmp on reiser (#187775) 
+- find kerberos ticket files even if /tmp on reiser (#187775)
 
 -------------------------------------------------------------------
 Wed Jun 21 12:13:00 CEST 2006 - ro@suse.de
 
-- fix /etc/gssapi_mech.conf for lib64 platforms (#186954) 
+- fix /etc/gssapi_mech.conf for lib64 platforms (#186954)
 
 -------------------------------------------------------------------
 Mon Jun 12 15:26:54 CEST 2006 - ro@suse.de
 
-- added support for type 3 filehandles to mountd (#182552) 
+- added support for type 3 filehandles to mountd (#182552)
 
 -------------------------------------------------------------------
 Fri Jun  2 12:39:10 CEST 2006 - ro@suse.de
@@ -1781,7 +1792,7 @@ Fri Jun  2 12:39:10 CEST 2006 - ro@suse.de
 -------------------------------------------------------------------
 Fri Jun  2 12:17:25 CEST 2006 - ro@suse.de
 
-- added fix for 64bit bigendian platforms in gssd (#172605) 
+- added fix for 64bit bigendian platforms in gssd (#172605)
 
 -------------------------------------------------------------------
 Tue May  2 09:39:42 CEST 2006 - okir@suse.de
@@ -1792,7 +1803,7 @@ Tue May  2 09:39:42 CEST 2006 - okir@suse.de
 Mon Apr 24 14:05:16 CEST 2006 - ro@suse.de
 
 - nfs-server rc-script: make force-reload do as reload does
-  (#167152) 
+  (#167152)
 - nfs-server rc-script: reload idmapd if NFSV4 is on (#167016)
 
 -------------------------------------------------------------------
@@ -1817,7 +1828,7 @@ Fri Jan 27 02:14:16 CET 2006 - mls@suse.de
 -------------------------------------------------------------------
 Wed Jan 25 16:20:23 CET 2006 - ro@suse.de
 
-- nfsserver rcscript: only mount nfsdfs if not mounted already 
+- nfsserver rcscript: only mount nfsdfs if not mounted already
 
 -------------------------------------------------------------------
 Tue Jan 17 00:32:02 CET 2006 - schwab@suse.de
@@ -1833,12 +1844,12 @@ Mon Dec 19 14:56:53 CET 2005 - mmj@suse.de
 Mon Nov 28 16:29:12 CET 2005 - ro@suse.de
 
 - fix init scripts: in the stop case, a not running service
-  is not an error (#134904) 
+  is not an error (#134904)
 
 -------------------------------------------------------------------
 Mon Nov 14 13:11:15 CET 2005 - ro@suse.de
 
-- packaging /var/lib/nfs/v4recovery directory (#133502) 
+- packaging /var/lib/nfs/v4recovery directory (#133502)
 
 -------------------------------------------------------------------
 Thu Sep  1 11:09:56 CEST 2005 - okir@suse.de
@@ -1861,7 +1872,7 @@ Fri Aug 19 14:23:23 CEST 2005 - okir@suse.de
 -------------------------------------------------------------------
 Mon Jun 20 15:48:17 CEST 2005 - ro@suse.de
 
-- fix in init-script (do not try unmount if not mounted) (#91460) 
+- fix in init-script (do not try unmount if not mounted) (#91460)
 
 -------------------------------------------------------------------
 Mon Jun  6 17:28:03 CEST 2005 - schwab@suse.de
@@ -1881,12 +1892,12 @@ Tue May 31 13:16:12 CEST 2005 - okir@suse.de
 -------------------------------------------------------------------
 Tue Apr 19 14:25:48 CEST 2005 - ro@suse.de
 
-- do not warn about sync/async for readonly exports (#78369) 
+- do not warn about sync/async for readonly exports (#78369)
 
 -------------------------------------------------------------------
 Mon Apr  4 01:57:06 CEST 2005 - ro@suse.de
 
-- make it build with gcc4 
+- make it build with gcc4
 
 -------------------------------------------------------------------
 Sat Feb  5 12:54:14 CET 2005 - schwab@suse.de
@@ -1898,7 +1909,7 @@ Sat Feb  5 12:54:14 CET 2005 - schwab@suse.de
 -------------------------------------------------------------------
 Mon Dec 13 14:00:35 CET 2004 - ro@suse.de
 
-- update to 1.0.7-pre2 (use 1.0.6.2 as package version) 
+- update to 1.0.7-pre2 (use 1.0.6.2 as package version)
 - disable gss and nfsv4 for now
 
 -------------------------------------------------------------------
@@ -1938,7 +1949,7 @@ Thu Jun 24 12:58:14 CEST 2004 - ro@suse.de
 Tue Jun 22 14:23:11 CEST 2004 - ro@suse.de
 
 - remove nfslock start script
-- remove nfslock dependency 
+- remove nfslock dependency
 
 -------------------------------------------------------------------
 Thu Jun 17 23:11:31 CEST 2004 - ro@suse.de
@@ -1981,34 +1992,34 @@ Mon Sep 15 09:12:00 CEST 2003 - ro@suse.de
 -------------------------------------------------------------------
 Fri Aug 29 18:47:29 CEST 2003 - ro@suse.de
 
-- fix hed/tail calling syntax (#29644) 
+- fix hed/tail calling syntax (#29644)
 
 -------------------------------------------------------------------
 Mon Aug 25 11:41:31 CEST 2003 - ro@suse.de
 
-- add restart_on_update/stop_on_removal macros 
+- add restart_on_update/stop_on_removal macros
 
 -------------------------------------------------------------------
 Fri Aug 15 15:04:43 CEST 2003 - ro@suse.de
 
-- added sysconfig metadata (#28908) 
+- added sysconfig metadata (#28908)
 
 -------------------------------------------------------------------
 Tue Aug  5 01:38:42 CEST 2003 - ro@suse.de
 
-- fix compile for rquotad (unused anyway 
+- fix compile for rquotad (unused anyway
 
 -------------------------------------------------------------------
 Thu Jul 31 14:15:43 CEST 2003 - ro@suse.de
 
-- add support for STATD_HOSTNAME (#28201) 
+- add support for STATD_HOSTNAME (#28201)
 
 -------------------------------------------------------------------
 Mon Jul 28 14:20:00 CEST 2003 - ro@suse.de
 
 - update to 1.0.5 and adapt patches
 - overflow patch already included
-- part of acl patch already included 
+- part of acl patch already included
 
 -------------------------------------------------------------------
 Mon Jul 21 17:04:00 CEST 2003 - agruen@suse.de
@@ -2035,7 +2046,7 @@ Thu Jun 12 07:19:59 CEST 2003 - kukuk@suse.de
 -------------------------------------------------------------------
 Tue May 13 00:34:35 CEST 2003 - ro@suse.de
 
-- fix file list 
+- fix file list
 
 -------------------------------------------------------------------
 Fri Mar 28 01:42:47 CET 2003 - ro@suse.de
@@ -2045,12 +2056,12 @@ Fri Mar 28 01:42:47 CET 2003 - ro@suse.de
 -------------------------------------------------------------------
 Wed Jan  8 12:56:27 CET 2003 - ro@suse.de
 
-- added sysconfig metadata (#22663) 
+- added sysconfig metadata (#22663)
 
 -------------------------------------------------------------------
 Fri Sep  6 15:07:56 CEST 2002 - ro@suse.de
 
-- rcnfsserver: moved ypbind to should-start (#18952) 
+- rcnfsserver: moved ypbind to should-start (#18952)
 - rcnfslock: fixed typo killing daemons on "status" (#19046)
 
 -------------------------------------------------------------------
@@ -2067,7 +2078,7 @@ Mon Aug 26 11:47:10 CEST 2002 - okir@suse.de
 -------------------------------------------------------------------
 Thu Aug 22 11:18:32 CEST 2002 - ro@suse.de
 
-- fixed symlink rcnfslock (#18171) 
+- fixed symlink rcnfslock (#18171)
 
 -------------------------------------------------------------------
 Wed Aug  7 17:14:21 CEST 2002 - ro@suse.de
@@ -2078,7 +2089,7 @@ Wed Aug  7 17:14:21 CEST 2002 - ro@suse.de
 Thu Aug  1 16:47:34 CEST 2002 - ro@suse.de
 
 - update to 1.0.1
-- added prereqs 
+- added prereqs
 
 -------------------------------------------------------------------
 Thu Jul 25 10:16:28 CEST 2002 - okir@suse.de
@@ -2102,7 +2113,7 @@ Tue Jul 16 18:41:22 CEST 2002 - kukuk@suse.de
 Fri Jun 14 01:55:23 CEST 2002 - ro@suse.de
 
 - run suse_update_config
- 
+
 -------------------------------------------------------------------
 Tue Feb 26 17:06:41 CET 2002 - ro@suse.de
 
@@ -2111,31 +2122,31 @@ Tue Feb 26 17:06:41 CET 2002 - ro@suse.de
 -------------------------------------------------------------------
 Wed Feb  6 14:07:06 CET 2002 - ro@suse.de
 
-- ignore returncodes from killing statd and lockd (#13072) 
+- ignore returncodes from killing statd and lockd (#13072)
 
 -------------------------------------------------------------------
 Wed Feb  6 13:33:08 CET 2002 - ro@suse.de
 
-- sysconfig/nfs-server -> sysconfig/nfs 
+- sysconfig/nfs-server -> sysconfig/nfs
 
 -------------------------------------------------------------------
 Wed Jan  9 11:44:08 CET 2002 - ro@suse.de
 
 - removed variable NFS_SERVER (#12742)
-- moved USE_KERNEL_NFSD_NUMBER to /etc/sysconfig/nfs-server 
+- moved USE_KERNEL_NFSD_NUMBER to /etc/sysconfig/nfs-server
 
 -------------------------------------------------------------------
 Wed Sep 26 15:36:25 CEST 2001 - ro@suse.de
 
 - up to 0.3.3
-  many fixes to canonicalize hostnames in exports 
+  many fixes to canonicalize hostnames in exports
 
 -------------------------------------------------------------------
 Fri Aug 24 15:31:29 CEST 2001 - ro@suse.de
 
 - removed nfs-version 3 detection in start-script, all kernels
   that have kernel nfsd support usually do have nfsd-v3 support
-  and detection would require at least a 5 sec wait in the script 
+  and detection would require at least a 5 sec wait in the script
 
 -------------------------------------------------------------------
 Tue Jul 31 09:53:20 CEST 2001 - kukuk@suse.de
@@ -2147,26 +2158,26 @@ Tue Jul 31 09:53:20 CEST 2001 - kukuk@suse.de
 -------------------------------------------------------------------
 Wed Apr 11 18:39:20 CEST 2001 - ro@suse.de
 
-- lockd only started for 2.2 kernels instead of ignoring error 
+- lockd only started for 2.2 kernels instead of ignoring error
 - completed rpc.statd to /sbin move in startscript
 
 -------------------------------------------------------------------
 Mon Mar 12 16:30:48 CET 2001 - ro@suse.de
 
-- move rpc.lockd, rpc.statd to /sbin 
+- move rpc.lockd, rpc.statd to /sbin
 
 -------------------------------------------------------------------
 Mon Mar 12 01:39:10 CET 2001 - ro@suse.de
 
 - update to 0.3.1
 - ignore lockd error messages
-- dump filedescriptors before starting kernel threads 
+- dump filedescriptors before starting kernel threads
 
 -------------------------------------------------------------------
 Tue Feb  6 12:33:46 CET 2001 - ro@suse.de
 
 - renamed package to nfs-utils
-- Obsoletes and Provides nfsutils 
+- Obsoletes and Provides nfsutils
 
 -------------------------------------------------------------------
 Fri Jan 12 01:47:05 CET 2001 - ro@suse.de
@@ -2176,7 +2187,7 @@ Fri Jan 12 01:47:05 CET 2001 - ro@suse.de
 -------------------------------------------------------------------
 Thu Jan 11 23:09:27 CET 2001 - ro@suse.de
 
-- don't fail if lockd can't be started 
+- don't fail if lockd can't be started
 
 -------------------------------------------------------------------
 Wed Dec  6 00:44:49 PST 2000 - bk@suse.de
@@ -2192,24 +2203,24 @@ Tue Nov 28 10:30:00 CET 2000 - kukuk@suse.de
 Thu Oct 12 18:13:48 CEST 2000 - ro@suse.de
 
 - exports.4 should be exports.5
-- removed k-prefix 
+- removed k-prefix
 
 -------------------------------------------------------------------
 Thu Oct 12 15:43:43 CEST 2000 - ro@suse.de
 
-- added exports.4 man-page 
+- added exports.4 man-page
 - up to 0.2.1
 
 -------------------------------------------------------------------
 Wed Sep 27 11:44:11 CEST 2000 - ro@suse.de
 
 - update to 0.2
-- fix for nfsserver.init (check for v3) 
+- fix for nfsserver.init (check for v3)
 
 -------------------------------------------------------------------
 Thu Aug 17 15:04:11 CEST 2000 - ro@suse.de
 
-- ugraded from knfsd to successor package nfs-utils (v.0.1.9.1) 
+- ugraded from knfsd to successor package nfs-utils (v.0.1.9.1)
 
 -------------------------------------------------------------------
 Fri Jul 28 18:31:24 CEST 2000 - bjacke@suse.de
@@ -2246,18 +2257,18 @@ Sat Apr 15 16:22:26 CEST 2000 - kukuk@suse.de
 Wed Feb 16 17:31:37 CET 2000 - kukuk@suse.de
 
 - Fill out Copyright and Group field
-- Remove rquotad from file list, it is already in the quota 
+- Remove rquotad from file list, it is already in the quota
   package [Bug 1571]
 
 -------------------------------------------------------------------
 Tue Jan 25 15:11:24 CET 2000 - ro@suse.de
 
-- manpages to /usr/share using macro 
+- manpages to /usr/share using macro
 
 -------------------------------------------------------------------
 Thu Oct 21 00:26:42 CEST 1999 - ro@suse.de
 
-- renamed package from linuxnfs to knfsd 
+- renamed package from linuxnfs to knfsd
 
 -------------------------------------------------------------------
 Tue Oct 12 17:56:24 CEST 1999 - garloff@suse.de
@@ -2293,7 +2304,7 @@ Mon Jun 14 10:27:36 MEST 1999 - kukuk@suse.de
 -------------------------------------------------------------------
 Sun Jun  6 15:51:15 MEST 1999 - kukuk@suse.de
 
-- update to version 1.3.3b 
+- update to version 1.3.3b
 
 -------------------------------------------------------------------
 Tue Mar 16 13:14:54 MET 1999 - ro@suse.de

nfs-utils.spec

@@ -46,6 +46,13 @@ Patch1:         0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch
 Patch2:         0002-conffile-don-t-report-error-from-conf_init_file.patch
 Patch3:         0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch
 Patch4:         0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch
+# PATCH-FIX-UPSTREAM: fix build against libtirpc 1.3.5
+Patch5:         0001-gssd-revert-commit-a5f3b7ccb01c.patch
+Patch6:         0002-gssd-revert-commit-513630d720bd.patch
+Patch7:         0003-gssd-switch-to-using-rpc_gss_seccreate.patch
+Patch8:         0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch
+Patch9:         0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch
+Patch10:        0006-configure-check-for-rpc_gss_seccreate.patch
 BuildRequires:  e2fsprogs-devel
 BuildRequires:  gcc-c++
 BuildRequires:  libtool