- Added 10 (101 thru 110) upstream patches that fixed things mostly in the

mount and gssd code.

nfs-utils-1.1.2-exportfs-man-typo.patch

@@ -0,0 +1,21 @@
+commit 7ef076fb98233783843d6019b2edbb48e2d18914
+Author: Oren Held <oren@held.org.il>
+Date:   Thu May 8 05:23:10 2008 -0400
+
+    Fixed smail typo in exportfs man page
+    
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/exportfs/exportfs.man b/utils/exportfs/exportfs.man
+index a8fdb05..c7b230a 100644
+--- a/utils/exportfs/exportfs.man
++++ b/utils/exportfs/exportfs.man
+@@ -198,7 +198,7 @@ and pushes the resulting export entries into the kernel:
+ To export the
+ .B /usr/tmp
+ directory to host 
+-.BR djando ,
++.BR django ,
+ allowing asynchronous writes, one would do this:
+ .P
+ .nf

nfs-utils-1.1.2-gssd-creds.patch

@@ -0,0 +1,235 @@
+commit 25cd5f9101b8969f9e1f9d7d486f11c215d0eeb4
+Author: Vince Busam <vbusam@google.com>
+Date:   Wed May 7 15:24:53 2008 -0400
+
+    Kerberos credentials may be stored in multiple places.  Make it
+    possible to search several directories for valid credentials when
+    making NFS requests.
+    
+    Original patch from Vince Busam <vbusam@google.com>
+    
+    Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>.
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
+index bbcad20..e8612a5 100644
+--- a/utils/gssd/gssd.c
++++ b/utils/gssd/gssd.c
+@@ -57,6 +57,7 @@ char pipefs_dir[PATH_MAX] = GSSD_PIPEFS_DIR;
+ char pipefs_nfsdir[PATH_MAX] = GSSD_PIPEFS_DIR;
+ char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE;
+ char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR;
++char *ccachesearch[GSSD_MAX_CCACHE_SEARCH + 1];
+ int  use_memcache = 0;
+ int  root_uses_machine_creds = 1;
+ 
+@@ -93,9 +94,11 @@ main(int argc, char *argv[])
+ 	int verbosity = 0;
+ 	int rpc_verbosity = 0;
+ 	int opt;
++	int i;
+ 	extern char *optarg;
+ 	char *progname;
+ 
++	memset(ccachesearch, 0, sizeof(ccachesearch));
+ 	while ((opt = getopt(argc, argv, "fvrmnMp:k:d:")) != -1) {
+ 		switch (opt) {
+ 			case 'f':
+@@ -136,6 +139,13 @@ main(int argc, char *argv[])
+ 				break;
+ 		}
+ 	}
++
++	i = 0;
++	ccachesearch[i++] = strtok(ccachedir, ":");
++	do {
++		ccachesearch[i++] = strtok(NULL, ":");
++	} while (ccachesearch[i-1] != NULL && i < GSSD_MAX_CCACHE_SEARCH);
++
+ 	snprintf(pipefs_nfsdir, sizeof(pipefs_nfsdir), "%s/%s",
+ 		 pipefs_dir, GSSD_SERVICE_NAME);
+ 	if (pipefs_nfsdir[sizeof(pipefs_nfsdir)-1] != '\0')
+diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
+index 6f14c34..0f9f428 100644
+--- a/utils/gssd/gssd.h
++++ b/utils/gssd/gssd.h
+@@ -50,6 +50,7 @@
+ #define GSSD_DEFAULT_KEYTAB_FILE		"/etc/krb5.keytab"
+ #define GSSD_SERVICE_NAME			"nfs"
+ #define GSSD_SERVICE_NAME_LEN			3
++#define GSSD_MAX_CCACHE_SEARCH			16
+ 
+ /*
+  * The gss mechanisms that we can handle
+@@ -61,7 +62,7 @@ enum {AUTHTYPE_KRB5, AUTHTYPE_SPKM3, AUTHTYPE_LIPKEY};
+ extern char			pipefs_dir[PATH_MAX];
+ extern char			pipefs_nfsdir[PATH_MAX];
+ extern char			keytabfile[PATH_MAX];
+-extern char			ccachedir[PATH_MAX];
++extern char			*ccachesearch[];
+ extern int			use_memcache;
+ extern int			root_uses_machine_creds;
+ 
+diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
+index 2fa749e..8fa4f4a 100644
+--- a/utils/gssd/gssd.man
++++ b/utils/gssd/gssd.man
+@@ -74,7 +74,11 @@ where to look for the rpc_pipefs filesystem.  The default value is
+ .B -d directory
+ Tells
+ .B rpc.gssd
+-where to look for kerberos credential files.  The default value is "/tmp".
++where to look for Kerberos credential files.  The default value is "/tmp".
++This can also be a colon separated list of directories to be searched
++for Kerberos credential files.  Note that if machine credentials are being
++stored in files, then the first directory on this list is where the
++machine credentials are stored.
+ .TP
+ .B -v
+ Increases the verbosity of the output (can be specified multiple times).
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index bac7295..be6f440 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -685,6 +685,7 @@ handle_krb5_upcall(struct clnt_info *clp)
+ 	gss_buffer_desc		token;
+ 	char			**credlist = NULL;
+ 	char			**ccname;
++	char			**dirname;
+ 	int			create_resp = -1;
+ 
+ 	printerr(1, "handling krb5 upcall\n");
+@@ -701,10 +702,14 @@ handle_krb5_upcall(struct clnt_info *clp)
+ 
+ 	if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0)) {
+ 		/* Tell krb5 gss which credentials cache to use */
+-		gssd_setup_krb5_user_gss_ccache(uid, clp->servername);
++		for (dirname = ccachesearch; *dirname != NULL; dirname++) {
++			gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
+ 
+-		create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
+-						     AUTHTYPE_KRB5);
++			create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
++							     AUTHTYPE_KRB5);
++			if (create_resp == 0)
++				break;
++		}
+ 	}
+ 	if (create_resp != 0) {
+ 		if (uid == 0 && root_uses_machine_creds == 1) {
+diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
+index 0589cd8..512c1cf 100644
+--- a/utils/gssd/krb5_util.c
++++ b/utils/gssd/krb5_util.c
+@@ -131,7 +131,8 @@ struct gssd_k5_kt_princ *gssd_k5_kt_princ_list = NULL;
+ /*==========================*/
+ 
+ static int select_krb5_ccache(const struct dirent *d);
+-static int gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d);
++static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
++		struct dirent **d);
+ static int gssd_get_single_krb5_cred(krb5_context context,
+ 		krb5_keytab kt, struct gssd_k5_kt_princ *ple);
+ 
+@@ -159,7 +160,7 @@ select_krb5_ccache(const struct dirent *d)
+ }
+ 
+ /*
+- * Look in the ccachedir for files that look like they
++ * Look in directory "dirname" for files that look like they
+  * are Kerberos Credential Cache files for a given UID.  Return
+  * non-zero and the dirent pointer for the entry most likely to be
+  * what we want. Otherwise, return zero and no dirent pointer.
+@@ -170,7 +171,7 @@ select_krb5_ccache(const struct dirent *d)
+  *	1 => found an existing entry
+  */
+ static int
+-gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
++gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
+ {
+ 	struct dirent **namelist;
+ 	int n;
+@@ -181,9 +182,10 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
+ 
+ 	memset(&best_match_stat, 0, sizeof(best_match_stat));
+ 	*d = NULL;
+-	n = scandir(ccachedir, &namelist, select_krb5_ccache, 0);
++	n = scandir(dirname, &namelist, select_krb5_ccache, 0);
+ 	if (n < 0) {
+-		perror("scandir looking for krb5 credentials caches");
++		printerr(1, "Error doing scandir on directory '%s': %s\n",
++			dirname, strerror(errno));
+ 	}
+ 	else if (n > 0) {
+ 		char statname[1024];
+@@ -191,7 +193,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
+ 			printerr(3, "CC file '%s' being considered\n",
+ 				 namelist[i]->d_name);
+ 			snprintf(statname, sizeof(statname),
+-				 "%s/%s", ccachedir, namelist[i]->d_name);
++				 "%s/%s", dirname, namelist[i]->d_name);
+ 			if (lstat(statname, &tmp_stat)) {
+ 				printerr(0, "Error doing stat on file '%s'\n",
+ 					 statname);
+@@ -291,8 +293,9 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
+ 				    &credh, NULL, NULL);
+ 
+ 	if (maj_stat != GSS_S_COMPLETE) {
+-		pgsserr("gss_acquire_cred",
+-			maj_stat, min_stat, &krb5oid);
++		if (get_verbosity() > 0)
++			pgsserr("gss_acquire_cred",
++				maj_stat, min_stat, &krb5oid);
+ 		return -1;
+ 	}
+ 
+@@ -406,7 +409,7 @@ gssd_get_single_krb5_cred(krb5_context context,
+ 	    cache_type = "FILE";
+ 	snprintf(cc_name, sizeof(cc_name), "%s:%s/%s%s_%s",
+ 		cache_type,
+-		ccachedir, GSSD_DEFAULT_CRED_PREFIX,
++		ccachesearch[0], GSSD_DEFAULT_CRED_PREFIX,
+ 		GSSD_DEFAULT_MACHINE_CRED_SUFFIX, ple->realm);
+ 	ple->endtime = my_creds.times.endtime;
+ 	if (ple->ccname != NULL)
+@@ -894,7 +897,7 @@ out:
+  *	void
+  */
+ void
+-gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername)
++gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname)
+ {
+ 	char			buf[MAX_NETOBJ_SZ];
+ 	struct dirent		*d;
+@@ -902,14 +905,13 @@ gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername)
+ 	printerr(2, "getting credentials for client with uid %u for "
+ 		    "server %s\n", uid, servername);
+ 	memset(buf, 0, sizeof(buf));
+-	if (gssd_find_existing_krb5_ccache(uid, &d)) {
+-		snprintf(buf, sizeof(buf), "FILE:%s/%s",
+-			ccachedir, d->d_name);
++	if (gssd_find_existing_krb5_ccache(uid, dirname, &d)) {
++		snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, d->d_name);
+ 		free(d);
+ 	}
+ 	else
+ 		snprintf(buf, sizeof(buf), "FILE:%s/%s%u",
+-			ccachedir, GSSD_DEFAULT_CRED_PREFIX, uid);
++			dirname, GSSD_DEFAULT_CRED_PREFIX, uid);
+ 	printerr(2, "using %s as credentials cache for client with "
+ 		    "uid %u for server %s\n", buf, uid, servername);
+ 	gssd_set_krb5_ccache_name(buf);
+diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
+index 78ad45c..431fdaf 100644
+--- a/utils/gssd/krb5_util.h
++++ b/utils/gssd/krb5_util.h
+@@ -17,7 +17,8 @@ struct gssd_k5_kt_princ {
+ };
+ 
+ 
+-void gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername);
++void gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername,
++				     char *dirname);
+ int  gssd_get_krb5_machine_cred_list(char ***list);
+ void gssd_free_krb5_machine_cred_list(char **list);
+ void gssd_setup_krb5_machine_gss_ccache(char *servername);

nfs-utils-1.1.2-gssd-des-types.patch

@@ -0,0 +1,25 @@
+commit 313ab396c04afe160ee6764e28b5e61ce19c46d9
+Author: Kevin Coffman <kwc@citi.umich.edu>
+Date:   Wed May 7 14:32:45 2008 -0400
+
+    Add the other two DES encryption types to the default list of
+    Kerberos encryption types that may be negotiated.
+    
+    Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
+index 3cf27ca..0589cd8 100644
+--- a/utils/gssd/krb5_util.c
++++ b/utils/gssd/krb5_util.c
+@@ -277,7 +277,9 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
+ 	u_int maj_stat, min_stat;
+ 	gss_cred_id_t credh;
+ 	gss_OID_set_desc  desired_mechs;
+-	krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC };
++	krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC,
++				    ENCTYPE_DES_CBC_MD5,
++				    ENCTYPE_DES_CBC_MD4 };
+ 	int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
+ 
+ 	/* We only care about getting a krb5 cred */

nfs-utils-1.1.2-gssd-getport.patch

@@ -0,0 +1,84 @@
+commit a04f8b5a3ea94b7a9d96d339b6ccde5f2e67a2d1
+Author: Olga Kornievskaia <aglo@citi.umich.edu>
+Date:   Wed May 7 10:54:51 2008 -0400
+
+    Check the info file nfs/rpc_pipefs/nfs/clnt?/info to
+    see if a port number was supplied. If so, use it rather
+    than the default port number.
+    
+    Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu>
+    Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
+index e17edde..6f14c34 100644
+--- a/utils/gssd/gssd.h
++++ b/utils/gssd/gssd.h
+@@ -80,6 +80,7 @@ struct clnt_info {
+ 	int			krb5_poll_index;
+ 	int			spkm3_fd;
+ 	int			spkm3_poll_index;
++	int			port;
+ };
+ 
+ void init_client_list(void);
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index 6860cc8..bac7295 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -102,7 +102,7 @@ int pollsize;  /* the size of pollaray (in pollfd's) */
+ /* XXX buffer problems: */
+ static int
+ read_service_info(char *info_file_name, char **servicename, char **servername,
+-		  int *prog, int *vers, char **protocol) {
++		  int *prog, int *vers, char **protocol, int *port) {
+ #define INFOBUFLEN 256
+ 	char		buf[INFOBUFLEN];
+ 	static char	dummy[128];
+@@ -112,6 +112,8 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
+ 	char		program[16];
+ 	char		version[16];
+ 	char		protoname[16];
++	char		cb_port[128];
++	char		*p;
+ 	in_addr_t	inaddr;
+ 	int		fd = -1;
+ 	struct hostent	*ent = NULL;
+@@ -143,6 +145,10 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
+ 		goto fail;
+ 	}
+ 
++	cb_port[0] = '\0';
++	if ((p = strstr(buf, "port")) != NULL)
++		sscanf(p, "port: %127s\n", cb_port);
++
+ 	/* check service, program, and version */
+ 	if(memcmp(service, "nfs", 3)) return -1;
+ 	*prog = atoi(program + 1); /* skip open paren */
+@@ -163,6 +169,8 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
+ 	if (!(*servicename = calloc(strlen(buf) + 1, 1)))
+ 		goto fail;
+ 	memcpy(*servicename, buf, strlen(buf));
++	if (cb_port[0] != '\0')
++		*port = atoi(cb_port);
+ 
+ 	if (!(*protocol = strdup(protoname)))
+ 		goto fail;
+@@ -238,7 +246,7 @@ process_clnt_dir_files(struct clnt_info * clp)
+ 	if ((clp->servicename == NULL) &&
+ 	     read_service_info(info_file_name, &clp->servicename,
+ 				&clp->servername, &clp->prog, &clp->vers,
+-				&clp->protocol))
++				&clp->protocol, &clp->port))
+ 		return -1;
+ 	return 0;
+ }
+@@ -587,6 +595,8 @@ int create_auth_rpc_client(struct clnt_info *clp,
+ 			 clp->servername, uid);
+ 		goto out_fail;
+ 	}
++	if (clp->port)
++		((struct sockaddr_in *)a->ai_addr)->sin_port = htons(clp->port);
+ 	if (a->ai_protocol == IPPROTO_TCP) {
+ 		if ((rpc_clnt = clnttcp_create(
+ 					(struct sockaddr_in *) a->ai_addr,

nfs-utils-1.1.2-gssd-getverbose.patch

@@ -0,0 +1,35 @@
+commit 73f9b4402ec6625618967f947c99e6e417322d36
+Author: Kevin Coffman <kwc@citi.umich.edu>
+Date:   Wed May 7 14:38:47 2008 -0400
+
+    Add a new function to retrieve the current verbosity level
+    so that some messages that would otherwise always print may
+    be silenced.
+    
+    Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/gssd/err_util.c b/utils/gssd/err_util.c
+index 5644db6..2583e06 100644
+--- a/utils/gssd/err_util.c
++++ b/utils/gssd/err_util.c
+@@ -60,3 +60,8 @@ void printerr(int priority, char *format, ...)
+ 		xlog_backend(L_ERROR, format, args);
+ 	va_end(args);
+ }
++
++int get_verbosity(void)
++{
++	return verbosity;
++}
+diff --git a/utils/gssd/err_util.h b/utils/gssd/err_util.h
+index 5e5af48..c4df32d 100644
+--- a/utils/gssd/err_util.h
++++ b/utils/gssd/err_util.h
+@@ -33,5 +33,6 @@
+ 
+ void initerr(char *progname, int verbosity, int fg);
+ void printerr(int priority, char *format, ...);
++int get_verbosity(void);
+ 
+ #endif /* _ERR_UTIL_H_ */

nfs-utils-1.1.2-mount-bg-fix.patch

@@ -0,0 +1,42 @@
+commit 281ca299724f24e7b19c1eca04bba03410e2a306
+Author: Jeff Layton <jlaton@redhat.com>
+Date:   Wed May 7 10:35:30 2008 -0400
+
+    The bg option is essentially ignored with nfs4 currently. nfs4mount()
+    will never exit with EX_BG, so the mount will never be backgrounded.
+    Fix it so that when bg is specified that we error out with EX_BG as
+    soon as possible after the first failed mount attempt.
+    
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/mount/nfs4mount.c b/utils/mount/nfs4mount.c
+index af70551..2b0fe2e 100644
+--- a/utils/mount/nfs4mount.c
++++ b/utils/mount/nfs4mount.c
+@@ -188,10 +188,9 @@ int nfs4mount(const char *spec, const char *node, int flags,
+ 	int bg, soft, intr;
+ 	int nocto, noac, unshared;
+ 	int retry;
+-	int retval;
++	int retval = EX_FAIL;
+ 	time_t timeout, t;
+ 
+-	retval = EX_FAIL;
+ 	if (strlen(spec) >= sizeof(hostdir)) {
+ 		nfs_error(_("%s: excessively long host:dir argument\n"),
+ 				progname);
+@@ -443,6 +442,13 @@ int nfs4mount(const char *spec, const char *node, int flags,
+ 			rpc_mount_errors(hostname, 0, bg);
+ 			goto fail;
+ 		}
++
++		if (bg && !running_bg) {
++			if (retry > 0)
++				retval = EX_BG;
++			goto fail;
++		}
++
+ 		t = time(NULL);
+ 		if (t >= timeout) {
+ 			rpc_mount_errors(hostname, 0, bg);

nfs-utils-1.1.2-mount-chk-setuid.patch

@@ -0,0 +1,30 @@
+commit 0930b25ee3a1eb28b957cdc70c9a1958812d895f
+Author: NeilBrown <neilb@suse.de>
+Date:   Thu May 8 05:18:25 2008 -0400
+
+    If mount.nfs is not installed setuid, an attempt to perform a "user"
+    or "users" mount will fail with a fairly obscure error message,
+    typically about getting "permission denied" from the server.
+    
+    This patch gives a more helpful message in that case.
+    
+    Signed-off-by: NeilBrown <neilb@suse.de>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/mount/mount.c b/utils/mount/mount.c
+index 5076468..d7271a1 100644
+--- a/utils/mount/mount.c
++++ b/utils/mount/mount.c
+@@ -539,6 +539,12 @@ int main(int argc, char *argv[])
+ 			mnt_err = EX_USAGE;
+ 			goto out;
+ 		}
++
++		if (geteuid() != 0) {
++			nfs_error(_("%s: not installed setuid - "
++				    "\"user\" NFS mounts not supported."), progname);
++			exit(EX_FAIL);
++		}
+ 	}
+ 
+ 	if (chk_mountpoint(mount_point)) {

nfs-utils-1.1.2-mount-remove-bg-host.patch

@@ -0,0 +1,51 @@
+commit 5fb4042ce4eb4fd5e50e3fb0f78bbd20b4d46e78
+Author: Jeff Layton <jlaton@redhat.com>
+Date:   Wed May 7 10:37:40 2008 -0400
+
+    The prev_bg_host stuff made sense when NFS didn't have its own mount
+    handler. Now though, each mount.nfs invocation is really a one-shot
+    affair, and this check no longer works. It also leaked memory. Remove
+    it.
+    
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/mount/nfsmount.c b/utils/mount/nfsmount.c
+index a9dd917..6a04518 100644
+--- a/utils/mount/nfsmount.c
++++ b/utils/mount/nfsmount.c
+@@ -494,7 +494,6 @@ int
+ nfsmount(const char *spec, const char *node, int flags,
+ 	 char **extra_opts, int fake, int running_bg)
+ {
+-	static char *prev_bg_host;
+ 	char hostdir[1024];
+ 	char *hostname, *dirname, *old_opts, *mounthost = NULL;
+ 	char new_opts[1024], cbuf[1024];
+@@ -628,18 +627,6 @@ nfsmount(const char *spec, const char *node, int flags,
+ 	if (flags & MS_REMOUNT)
+ 		goto out_ok;
+ 
+-	/*
+-	 * If the previous mount operation on the same host was
+-	 * backgrounded, and the "bg" for this mount is also set,
+-	 * give up immediately, to avoid the initial timeout.
+-	 */
+-	if (bg && !running_bg &&
+-	    prev_bg_host && strcmp(hostname, prev_bg_host) == 0) {
+-		if (retry > 0)
+-			retval = EX_BG;
+-		return retval;
+-	}
+-
+ 	/* create mount deamon client */
+ 
+ 	/*
+@@ -708,7 +695,6 @@ nfsmount(const char *spec, const char *node, int flags,
+ 			continue;
+ 		}
+ 		if (!running_bg) {
+-			prev_bg_host = xstrdup(hostname);
+ 			if (retry > 0)
+ 				retval = EX_BG;
+ 			goto fail;

nfs-utils-1.1.2-mount-retry.patch

@@ -0,0 +1,73 @@
+commit 5f7cc524008a7dc548a71f4c7b0d39759371a37a
+Author: Jeff Layton <jlaton@redhat.com>
+Date:   Wed May 7 10:27:53 2008 -0400
+
+    Currently nfs4mount() sets the retry value to 10000 on both fg and bg
+    mounts. It should be 2 for fg and 10000 for bg. nfsmount() sets it
+    properly, but there is a potential corner case. If someone explicitly
+    sets retry=10000 on a fg mount, then it will be reset to 2.
+    
+    Fix this by having retry default to -1 for both flavors, and then reset if
+    needed after the mount options have been parsed.
+    
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/mount/nfs4mount.c b/utils/mount/nfs4mount.c
+index 311e5a0..af70551 100644
+--- a/utils/mount/nfs4mount.c
++++ b/utils/mount/nfs4mount.c
+@@ -238,7 +238,7 @@ int nfs4mount(const char *spec, const char *node, int flags,
+ 	nocto = 0;
+ 	noac = 0;
+ 	unshared = 0;
+-	retry = 10000;		/* 10000 minutes ~ 1 week */
++	retry = -1;
+ 
+ 	/*
+ 	 * NFSv4 specifies that the default port should be 2049
+@@ -332,6 +332,14 @@ int nfs4mount(const char *spec, const char *node, int flags,
+ 		}
+ 	}
+ 
++	/* if retry is still -1, then it wasn't set via an option */
++	if (retry == -1) {
++		if (bg)
++			retry = 10000;	/* 10000 mins == ~1 week */
++		else
++			retry = 2;	/* 2 min default on fg mounts */
++	}
++
+ 	data.flags = (soft ? NFS4_MOUNT_SOFT : 0)
+ 		| (intr ? NFS4_MOUNT_INTR : 0)
+ 		| (nocto ? NFS4_MOUNT_NOCTO : 0)
+diff --git a/utils/mount/nfsmount.c b/utils/mount/nfsmount.c
+index 6c0c365..a9dd917 100644
+--- a/utils/mount/nfsmount.c
++++ b/utils/mount/nfsmount.c
+@@ -571,7 +571,7 @@ nfsmount(const char *spec, const char *node, int flags,
+ #endif
+ 
+ 	bg = 0;
+-	retry = 10000;		/* 10000 minutes ~ 1 week */
++	retry = -1;
+ 
+ 	memset(mnt_pmap, 0, sizeof(*mnt_pmap));
+ 	mnt_pmap->pm_prog = MOUNTPROG;
+@@ -585,9 +585,13 @@ nfsmount(const char *spec, const char *node, int flags,
+ 		goto fail;
+ 	if (!nfsmnt_check_compat(nfs_pmap, mnt_pmap))
+ 		goto fail;
+-	
+-	if (retry == 10000 && !bg)
+-		retry = 2; /* reset for fg mounts */
++
++	if (retry == -1) {
++		if (bg)
++			retry = 10000;	/* 10000 mins == ~1 week*/
++		else
++			retry = 2;	/* 2 min default on fg mounts */
++	}
+ 
+ #ifdef NFS_MOUNT_DEBUG
+ 	printf(_("rsize = %d, wsize = %d, timeo = %d, retrans = %d\n"),

nfs-utils-1.1.2-tcpwrapper-fix.patch

@@ -0,0 +1,28 @@
+commit ad1fc3feae447685a8ec8c7db0ad913fe3c4de5c
+Author: Sten Spans <sten@blinkenlights.nl>
+Date:   Mon May 5 14:04:58 2008 -0400
+
+    Fixed arguments to the hosts_ctl() call in the good_client() routine
+    used in the tcpwrapper support.
+    
+    Signe-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c
+index 0cc9335..e4f453b 100644
+--- a/support/misc/tcpwrapper.c
++++ b/support/misc/tcpwrapper.c
+@@ -125,12 +125,12 @@ struct sockaddr_in *addr;
+ 	   return 0;
+ 
+    /* Check the official name first. */
+-   if (hosts_ctl(daemon, "", hp->h_name, ""))
++   if (hosts_ctl(daemon, hp->h_name, "", ""))
+ 	return 1;
+ 
+    /* Check aliases. */
+    for (sp = hp->h_aliases; *sp ; sp++) {
+-	if (hosts_ctl(daemon, "", *sp, ""))
++	if (hosts_ctl(daemon, *sp, "", ""))
+ 	    return 1;
+    }
+ 

nfs-utils.spec

@@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
 Name: nfs-utils
 URL: http://sourceforge.net/projects/nfs
 Version: 1.1.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 1
 
 # group all 32bit related archs
@@ -32,6 +32,17 @@ Patch06: nfs-utils-1.1.0-exportfs-man-update.patch
 Patch07: nfs-utils-1.1.2-multi-auth-flavours.patch
 Patch08: nfs-utils-1.1.2-mount-eacces.patch
 
+Patch101: nfs-utils-1.1.2-tcpwrapper-fix.patch
+Patch102: nfs-utils-1.1.2-mount-retry.patch
+Patch103: nfs-utils-1.1.2-mount-bg-fix.patch
+Patch104: nfs-utils-1.1.2-mount-remove-bg-host.patch
+Patch105: nfs-utils-1.1.2-gssd-getport.patch
+Patch106: nfs-utils-1.1.2-gssd-des-types.patch
+Patch107: nfs-utils-1.1.2-gssd-getverbose.patch
+Patch108: nfs-utils-1.1.2-gssd-creds.patch
+Patch109: nfs-utils-1.1.2-mount-chk-setuid.patch
+Patch110: nfs-utils-1.1.2-exportfs-man-typo.patch
+
 %if %{enablefscache}
 Patch90: nfs-utils-1.1.0-mount-fsc.patch
 %endif
@@ -91,6 +102,17 @@ This package also contains the mount.nfs and umount.nfs program.
 %patch07 -p1
 %patch08 -p1
 
+%patch101 -p1
+%patch102 -p1
+%patch103 -p1
+%patch104 -p1
+%patch105 -p1
+%patch106 -p1
+%patch107 -p1
+%patch108 -p1
+%patch109 -p1
+%patch110 -p1
+
 %if %{enablefscache}
 %patch90 -p1
 %endif
@@ -257,6 +279,10 @@ fi
 %attr(4755,root,root)   /sbin/umount.nfs4
 
 %changelog
+* Thu May  8 2008 Steve Dickson <steved@redhat.com>  1.1.2-5
+- Added 10 (101 thru 110) upstream patches that fixed
+  things mostly in the mount and gssd code.
+
 * Wed May  7 2008 Steve Dickson <steved@redhat.com>  1.1.2-4
 - Added ppc arch to the all_32bit_archs list (bz 442847)