--- /dev/null
+--- nfs-utils-1.0.6.orig/utils/exportfs/exports.man
++++ nfs-utils-1.0.6/utils/exportfs/exports.man
+@@ -256,6 +256,28 @@
+ then the nominted path must be a mountpoint for the exportpoint to be
+ exported.
+
++.TP
++.IR fsid= num
++This option forces the filesystem identification portion of the file
++handle and file attributes used on the wire to be
++.I num
++instead of a number derived from the major and minor number of the
++block device on which the filesystem is mounted. Any 32 bit number
++can be used, but it must be unique amongst all the exported filesystems.
++
++This can be useful for NFS failover, to ensure that both servers of
++the failover pair use the same NFS file handles for the shared filesystem
++thus avoiding stale file handles after failover.
++
++Some Linux filesystems are not mounted on a block device; exporting
++these via NFS requires the use of the
++.I fsid
++option (although that may still not be enough).
++
++The value 0 has a special meaning when use with NFSv4. NFSv4 has a
++concept of a root of the overall exported filesystem. The export point
++exported with fsid=0 will be used as this root.
++
+ .SS User ID Mapping
+ .PP
+ .I nfsd
+--- nfs-utils-1.0.6.orig/utils/statd/statd.c
++++ nfs-utils-1.0.6/utils/statd/statd.c
+@@ -179,8 +179,10 @@
+ struct stat st;
+
+ if (stat(SM_DIR, &st) == -1 &&
+- stat(DIR_BASE, &st) == -1)
++ stat(DIR_BASE, &st) == -1) {
+ st.st_uid = 0;
++ st.st_gid = 0;
++ }
+
+ if (st.st_uid == 0) {
+ note(N_WARNING, "statd running as root. chown %s to choose different user\n",
+@@ -399,6 +401,11 @@
+ signal (SIGTERM, killer);
+ /* WARNING: the following works on Linux and SysV, but not BSD! */
+ signal(SIGCHLD, SIG_IGN);
++ /*
++ * Ignore SIGPIPE to avoid statd dying when peers close their
++ * TCP connection while we're trying to reply to them.
++ */
++ signal(SIGPIPE, SIG_IGN);
+
+ /* initialize out_port */
+ statd_get_socket(out_port);
+--- nfs-utils-1.0.6.orig/utils/rquotad/rquota_server.c
++++ nfs-utils-1.0.6/utils/rquotad/rquota_server.c
+@@ -76,6 +76,7 @@
+ char *pathname, *qfpathname;
+ int fd, err, id, type;
+ struct stat stm, stn;
++ struct rquota *rquota;
+
+ /*
+ * First check authentication.
+@@ -168,8 +169,16 @@
+ * Make a copy of the info into the last part of the remote quota
+ * struct which is exactly the same.
+ */
+- memcpy((caddr_t *)&result.getquota_rslt_u.gqr_rquota.rq_bhardlimit,
+- (caddr_t *)&dq_dqb, sizeof(struct dqblk));
++
++ rquota = &result.getquota_rslt_u.gqr_rquota;
++ rquota->rq_bhardlimit = dq_dqb.dqb_bhardlimit;
++ rquota->rq_bsoftlimit = dq_dqb.dqb_bsoftlimit;;
++ rquota->rq_curblocks = dq_dqb.dqb_curblocks;
++ rquota->rq_fhardlimit = dq_dqb.dqb_ihardlimit;
++ rquota->rq_fsoftlimit = dq_dqb.dqb_isoftlimit;
++ rquota->rq_curfiles = dq_dqb.dqb_curinodes;
++ rquota->rq_btimeleft = dq_dqb.dqb_btime;
++ rquota->rq_ftimeleft = dq_dqb.dqb_itime;
+
+ return(&result);
+ }
+--- nfs-utils-1.0.6.orig/utils/mountd/cache.c
++++ nfs-utils-1.0.6/utils/mountd/cache.c
+@@ -67,6 +67,8 @@
+ if (inet_aton(ipaddr, &addr)==0)
+ return;
+
++ auth_reload();
++
+ /* addr is a valid, interesting address, find the domain name... */
+ client = client_compose(addr);
+
+@@ -138,6 +140,8 @@
+ break;
+ }
+
++ auth_reload();
++
+ /* Now determine export point for this fsid/domain */
+ for (i=0 ; i < MCL_MAXTYPES; i++) {
+ for (exp = exportlist[i]; exp; exp = exp->m_next) {
+@@ -236,6 +240,8 @@
+ if (qword_get(&cp, path, strlen(lbuf)) <= 0)
+ goto out;
+
++ auth_reload();
++
+ /* now find flags for this export point in this domain */
+ for (i=0 ; i < MCL_MAXTYPES; i++) {
+ for (exp = exportlist[i]; exp; exp = exp->m_next) {
+--- nfs-utils-1.0.6.orig/debian/etc.exports
++++ nfs-utils-1.0.6/debian/etc.exports
+@@ -0,0 +1,2 @@
++# /etc/exports: the access control list for filesystems which may be exported
++# to NFS clients. See exports(5).
+--- nfs-utils-1.0.6.orig/debian/control
++++ nfs-utils-1.0.6/debian/control
+@@ -8,7 +8,7 @@
+ Package: nfs-kernel-server
+ Priority: optional
+ Architecture: any
+-Depends: nfs-common (>= 1:0.3.3-3), debconf (>= 1.0), sysvinit (>= 2.80-1), ${shlibs:Depends}
++Depends: nfs-common (>= 1:0.3.3-3), debconf (>= 1.0), sysvinit (>= 2.80-1), ${shlibs:Depends}, lsb-base (>= 1.3-9ubuntu3)
+ Provides: knfs, nfs-server
+ Conflicts: knfs, nfs-server
+ Replaces: knfs, nfs-server
+@@ -22,7 +22,7 @@
+
+ Package: nfs-common
+ Architecture: any
+-Depends: portmap, debconf (>= 1.0), sysvinit (>= 2.80-1), ${shlibs:Depends}
++Depends: portmap, debconf (>= 1.0), sysvinit (>= 2.80-1), ${shlibs:Depends}, lsb-base (>= 1.3-9ubuntu3)
+ Provides: nfs-client
+ Conflicts: nfs-client
+ Replaces: nfs-client
+--- nfs-utils-1.0.6.orig/debian/rules
++++ nfs-utils-1.0.6/debian/rules
+@@ -13,6 +13,13 @@
+
+ build: build-stamp
+ build-stamp:
++ # Debian source diffs don't reflect removals.
++ # This kludge will suffice until the next upstream version. *sigh*
++ rm -f debian/nfs-common.config \
++ debian/nfs-common.templates \
++ debian/nfs-kernel-server.config \
++ debian/nfs-kernel-server.templates
++
+ dh_testdir
+ # Add here commands to compile the package.
+ $(SETGCC) ./configure \
+@@ -51,7 +58,8 @@
+ done; \
+ rm -f tmp/usr/sbin/*quota*; \
+ rm -f tmp/usr/share/man/man8/*quota*; \
+- rm -rf tmp/var/lib/nfs/*
++ rm -rf tmp/var/lib/nfs/*; \
++ cp --preserve=timestamps etc.exports tmp/etc/exports
+ # Fixups End Here #
+ dh_installdocs -A README
+ dh_installexamples
+--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.conffiles
++++ nfs-utils-1.0.6/debian/nfs-kernel-server.conffiles
+@@ -1,2 +1,3 @@
++/etc/exports
+ /etc/default/nfs-kernel-server
+ /etc/init.d/nfs-kernel-server
+--- nfs-utils-1.0.6.orig/debian/changelog
++++ nfs-utils-1.0.6/debian/changelog
+@@ -1,3 +1,54 @@
++nfs-utils (1:1.0.6-3ubuntu1.1) warty-security; urgency=low
++
++ * SECURITY UPDATE: fix remote Denial of Service, fix buffer overflow on 64
++ bit architectures
++ * utils/statd/statd.c (patch from SGI):
++ - main(): ignore SIGPIPE to continue to run even if a peer prematurely
++ closes his TCP connection
++ - drop_privs(): fix uninitialized st.st_gid value when running as root
++ (not exploitable, but using random group ids might be confusing)
++ - CAN-2004-1014
++ * utils/rquotad/rquota_server.c (Arjan van de Ven):
++ - getquotainfo(): do not use memcpy() to copy
++ values from struct dqblk to struct rquota; on 64 bit architectures time_t
++ is 64 bits wide, but the target fields are only 32 bit, thus causing a
++ buffer overflow
++ - CAN-2004-0946
++ - NOTE: rpc.quotad is not shipped in the debs by default (this is
++ contained in the package "quota" which is not affected by this)
++
++ -- Martin Pitt <martin.pitt@canonical.com> Wed, 1 Dec 2004 14:34:34 +0100
++
++nfs-utils (1:1.0.6-3ubuntu1) warty; urgency=low
++
++ * debian/nfs-common.init,nfs-kernel-server.init: prettified initscripts
++ * debian/control: versioned depend on lsb-base
++
++ -- Nathaniel McCallum <npmccallum@canonical.com> Fri, 10 Sep 2004 13:10:39 -0400
++
++nfs-utils (1:1.0.6-3) unstable; urgency=medium
++
++ * Remove obsolete debconf-related files in debian/rules, because source
++ diffs don't implement removals. (closes: #239331)
++
++ -- Chip Salzenberg <chip@debian.org> Wed, 24 Mar 2004 18:09:21 -0500
++
++nfs-utils (1:1.0.6-2) unstable; urgency=medium
++
++ * Upstream CVS sync.
++ * Urgency "medium" to get debconf fix into testing.
++ * Remove debconf warning notes in favor of nfs-kernel-server.NEWS.
++ (closes: #228365)
++ * Make /etc/exports a conffile. (closes: #224557)
++ * Clean up /var/lib/nfs in postrm.
++ * Test kernel version in init script; all kernels from 2.4 forward
++ have a lockd thread, and don't need rpc.lockd. Probe older kernels
++ by checking for lockd-related symbols. When in doubt, go ahead and
++ run rpc.lockd; if it's not needed, it exits. (closes: #205867)
++ * Don't bother removing nfs-server's init links; it's long dead.
++
++ -- Chip Salzenberg <chip@debian.org> Thu, 18 Mar 2004 17:06:00 -0500
++
+ nfs-utils (1:1.0.6-1) unstable; urgency=low
+
+ * New upstream version:
+--- nfs-utils-1.0.6.orig/debian/nfs-common.postinst
++++ nfs-utils-1.0.6/debian/nfs-common.postinst
+@@ -12,6 +12,13 @@
+ update-rc.d -f nfs-common remove >/dev/null 2>&1 || true
+ fi
+ update-rc.d nfs-common defaults 21 79 >/dev/null
++
++ # Remove obsolete debconf questions
++ if [ -e /usr/share/debconf/confmodule ]; then
++ . /usr/share/debconf/confmodule
++ db_unregister nfs-common/tcpwrappers-statd || true
++ db_stop
++ fi
+ ;;
+ esac
+
+--- nfs-utils-1.0.6.orig/debian/nfs-common.postrm
++++ nfs-utils-1.0.6/debian/nfs-common.postrm
+@@ -5,5 +5,9 @@
+ case "$1" in
+ purge)
+ update-rc.d nfs-common remove >/dev/null
++
++ rm -f /var/lib/nfs/state \
++ /var/lib/nfs/sm/* \
++ /var/lib/nfs/sm.bak/*
+ ;;
+ esac
+--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.postrm
++++ nfs-utils-1.0.6/debian/nfs-kernel-server.postrm
+@@ -5,6 +5,10 @@
+ case "$1" in
+ purge)
+ update-rc.d nfs-kernel-server remove >/dev/null
++
++ rm -f /var/lib/nfs/etab \
++ /var/lib/nfs/rmtab \
++ /var/lib/nfs/xtab
+ ;;
+ esac
+
+--- nfs-utils-1.0.6.orig/debian/nfs-common.init
++++ nfs-utils-1.0.6/debian/nfs-common.init
+@@ -22,16 +22,27 @@
+ . $DEFAULTFILE
+ fi
+
+-# Determine whether lockd is required
++. /lib/lsb/init-functions
++
++# Determine whether lockd daemon is required.
+ case "$NEED_LOCKD" in
+ yes|no) ;;
+-*) # We must be conservative and run lockd,
+- # unless we can prove that it's not required.
+- NEED_LOCKD=yes
+- if test -f /proc/ksyms
+- then
+- grep -q lockdctl /proc/ksyms || NEED_LOCKD=no
+- fi
++*) case `uname -r` in
++ '' | [01].* | 2.[0123].* )
++ # Older kernels may or may not need a lockd daemon.
++ # We must assume they do, unless we can prove otherwise.
++ # (A false positive here results only in a harmless message.)
++ NEED_LOCKD=yes
++ if test -f /proc/ksyms
++ then
++ grep -q lockdctl /proc/ksyms || NEED_LOCKD=no
++ fi
++ ;;
++
++ *) # Modern kernels (>= 2.4) start a lockd thread automatically.
++ NEED_LOCKD=no
++ ;;
++ esac
+ ;;
+ esac
+
+@@ -43,31 +54,27 @@
+ case "$1" in
+ start)
+ cd / # daemons should have root dir as cwd
+- printf "Starting $DESC:"
+- printf " statd"
++ log_begin_msg "Starting $DESC..."
+ start-stop-daemon --start --quiet \
+- --exec $PREFIX/sbin/rpc.statd -- $STATDOPTS
++ --exec $PREFIX/sbin/rpc.statd -- $STATDOPTS || log_end_msg 1
+ if [ "$NEED_LOCKD" = yes ]
+ then
+- printf " lockd"
+ start-stop-daemon --start --quiet \
+ --exec $PREFIX/sbin/rpc.lockd || true
+ fi
+- echo "."
++ log_end_msg 0
+ ;;
+
+ stop)
+- printf "Stopping $DESC:"
++ log_begin_msg "Stopping $DESC..."
+ if [ "$NEED_LOCKD" = yes ]
+ then
+- printf " lockd"
+ start-stop-daemon --stop --oknodo --quiet \
+ --name rpc.lockd --user 0 || true
+ fi
+- printf " statd"
+ start-stop-daemon --stop --oknodo --quiet \
+- --name rpc.statd --user 0
+- echo "."
++ --name rpc.statd --user 0 || log_end_msg 1
++ log_end_msg 0
+ ;;
+
+ restart | force-reload)
+@@ -77,7 +84,7 @@
+ ;;
+
+ *)
+- echo "Usage: nfs-common {start|stop|restart}"
++ log_success_msg "Usage: nfs-common {start|stop|restart}"
+ exit 1
+ ;;
+ esac
+--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.NEWS
++++ nfs-utils-1.0.6/debian/nfs-kernel-server.NEWS
+@@ -0,0 +1,8 @@
++nfs-utils (1:1.0.1-1) unstable; urgency=low
++
++ * Exports default to "sync", that is, synchronous writes.
++ This is safer but MUCH SLOWER than the old default of "async".
++ All exports should be marked as either "sync" or "async" to
++ avoid a warning from exportfs.
++
++ -- Chip Salzenberg <chip@debian.org> Mon, 26 Aug 2002 12:17:57 -0400
+--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.init
++++ nfs-utils-1.0.6/debian/nfs-kernel-server.init
+@@ -29,22 +29,21 @@
+ . $DEFAULTFILE
+ fi
+
++. /lib/lsb/init-functions
++
+ # See how we were called.
+ case "$1" in
+ start)
+ cd / # daemons should have root dir as cwd
+ if grep -q '^/' /etc/exports
+ then
+- printf "Exporting directories for $DESC..."
+- $PREFIX/sbin/exportfs -r
+- echo "done."
++ log_begin_msg "Exporting directories for $DESC..."
++ $PREFIX/sbin/exportfs -r || log_end_msg 1
++ log_end_msg 0
+
+- printf "Starting $DESC:"
+- printf " nfsd"
++ log_begin_msg "Starting $DESC:"
+ start-stop-daemon --start --quiet \
+- --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT
+-
+- printf " mountd"
++ --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT || log_end_msg 1
+
+ # make sure 127.0.0.1 is a valid source for requests
+ ClearAddr=
+@@ -62,31 +61,30 @@
+ [ -z "$ClearAddr" ] || echo "nfsd 127.0.0.1 1" >/proc/net/rpc/auth.unix.ip/channel
+
+ start-stop-daemon --start --quiet \
+- --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS
+- echo "."
++ --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS || log_end_msg 1
++ log_end_msg 0
+ else
+- echo "Not starting $DESC: No exports."
++ log_warning_msg "Not starting $DESC: No exports."
+ fi
+ ;;
+
+ stop)
+- printf "Stopping $DESC: mountd"
++ log_begin_msg "Stopping $DESC..."
+ start-stop-daemon --stop --oknodo --quiet \
+ --name rpc.mountd --user 0
+- printf " nfsd"
+ start-stop-daemon --stop --oknodo --quiet \
+ --name nfsd --user 0 --signal 2
+- echo "."
++ log_end_msg 0
+
+- printf "Unexporting directories for $DESC..."
+- $PREFIX/sbin/exportfs -au
+- echo "done."
++ log_begin_msg "Unexporting directories for $DESC..."
++ $PREFIX/sbin/exportfs -au || log_end_msg 1
++ log_end_msg 0
+ ;;
+
+ reload | force-reload)
+- printf "Re-exporting directories for $DESC..."
+- $PREFIX/sbin/exportfs -r
+- echo "done."
++ log_begin_msg "Re-exporting directories for $DESC..."
++ $PREFIX/sbin/exportfs -r || log_end_msg 1
++ log_begin_msg
+ ;;
+
+ restart)
+@@ -96,7 +94,7 @@
+ ;;
+
+ *)
+- echo "Usage: nfs-kernel-server {start|stop|reload|force-reload|restart}"
++ log_success_msg "Usage: nfs-kernel-server {start|stop|reload|force-reload|restart}"
+ exit 1
+ ;;
+ esac
+--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.postinst
++++ nfs-utils-1.0.6/debian/nfs-kernel-server.postinst
+@@ -2,36 +2,26 @@
+
+ #DEBHELPER#
+
+-. /usr/share/debconf/confmodule
+-
+ case "$1" in
+ configure)
+- db_get nfs-kernel-server/tcpwrappers-mountd || true
++ for f in /var/lib/nfs/etab \
++ /var/lib/nfs/rmtab \
++ /var/lib/nfs/xtab; do
++ [ -e $f ] || touch $f
++ done
+
+- touch /var/lib/nfs/etab \
+- /var/lib/nfs/rmtab \
+- /var/lib/nfs/xtab
++ update-rc.d nfs-kernel-server defaults 20 80 >/dev/null
+
+- if test -s /etc/exports
+- then
+- : do nothing
+- else
+- cat <<EOF >/etc/exports
+-# /etc/exports: the access control list for filesystems which may be exported
+-# to NFS clients. See exports(5).
+-EOF
++ # Remove obsolete debconf questions
++ if [ -e /usr/share/debconf/confmodule ]; then
++ . /usr/share/debconf/confmodule
++ db_unregister nfs-kernel-server/sync-default || true
++ db_unregister nfs-kernel-server/tcpwrappers-mountd || true
++ db_stop
+ fi
+-
+- # The old nfs-server's init script can't tell that it's been
+- # removed, so we have to kill the symlinks to it.
+- update-rc.d -f nfs-server remove >/dev/null
+-
+- update-rc.d nfs-kernel-server defaults 20 80 >/dev/null
+ ;;
+ esac
+
+-db_stop
+-
+ act="restart"
+ [ "$1:$2" = "configure:" ] && act="start"
+ invoke-rc.d nfs-kernel-server $act
+--- nfs-utils-1.0.6.orig/ChangeLog
++++ nfs-utils-1.0.6/ChangeLog
+@@ -1,3 +1,18 @@
++2004-03-18 Chip Salzenberg <chip@pobox.com>
++
++ * debian/changelog: Version 1.0.6-2.
++
++2004-02-24 NeilBrown <neilb@cse.unsw.edu.au>
++ from "J. Bruce Fields" <bfields@fieldses.org>
++
++ * utils/mountd/cache.c: call auth_reload to make sure auth data is
++ current before responding to kernel upcall.
++
++2004-02-24 NeilBrown <neilb@cse.unsw.edu.au>
++ Based on patch from Greg Banks <gnb@melbourne.sgi.com>
++
++ * utils/exportfs/exports.man: Document fsid= option.
++
+ 2003-09-15 NeilBrown <neilb@cse.unsw.edu.au>
+
+ Release 1.0.6
+@@ -8,7 +23,7 @@
+ utils/statd/Makefile: add "predep" rule so that "make dep" works.
+ * Makefile: allow a simple "make" to run ./configure and "make dep"
+ if needed.
+- * configure.in, nfs-utils.spec: Update version to 1.0.4
++ * configure.in, nfs-utils.spec: Update version to 1.0.6
+ * run autoconf
+
+ 2003-09-12 Chip Salzenberg <chip@pobox.com>