diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4

index 0bf35d3..8a0f3e4 100644

--- a/aclocal/kerberos5.m4

+++ b/aclocal/kerberos5.m4

@@ -43,15 +43,6 @@ AC_DEFUN([AC_KERBEROS_V5],[

                    -f $dir/lib/libgssapi_krb5.so \) ; then

          AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])

          KRBDIR="$dir"

-  dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the

-  dnl private function (gss_krb5_ccache_name) to get correct

-  dnl behavior of changing the ccache used by gssapi.

-  dnl Starting in 1.3.2, we *DO NOT* want to use

-  dnl gss_krb5_ccache_name, instead we want to set KRB5CCNAME

-  dnl to get gssapi to use a different ccache

-         if test $K5VERS -le 131; then

-           AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable])

-         fi

          gssapi_lib=gssapi_krb5

          break

       dnl The following ugly hack brought on by the split installation

@@ -92,8 +83,6 @@ AC_DEFUN([AC_KERBEROS_V5],[

     AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)

   AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes,

     AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)

-  AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name,

-    AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)

   AC_CHECK_LIB($gssapi_lib, gss_krb5_free_lucid_sec_context,

     AC_DEFINE(HAVE_GSS_KRB5_FREE_LUCID_SEC_CONTEXT, 1, [Define this if the Kerberos GSS library supports gss_krb5_free_lucid_sec_context]), ,$KRBLIBS)

diff --git a/aclocal/libpthread.m4 b/aclocal/libpthread.m4

new file mode 100644

index 0000000..e87d2a0

--- /dev/null

+++ b/aclocal/libpthread.m4

@@ -0,0 +1,13 @@

+dnl Checks for pthreads library and headers

+dnl

+AC_DEFUN([AC_LIBPTHREAD], [

+

+    dnl Check for library, but do not add -lpthreads to LIBS

+    AC_CHECK_LIB([pthread], [pthread_create], [LIBPTHREAD=-lpthread],

+                 [AC_MSG_ERROR([libpthread not found.])])

+  AC_SUBST(LIBPTHREAD)

+

+  AC_CHECK_HEADERS([pthread.h], ,

+                   [AC_MSG_ERROR([libpthread headers not found.])])

+

+])dnl

diff --git a/aclocal/librpcsecgss.m4 b/aclocal/librpcsecgss.m4

deleted file mode 100644

index e833141..0000000

--- a/aclocal/librpcsecgss.m4

+++ /dev/null

@@ -1,21 +0,0 @@

-dnl Checks for rpcsecgss library and headers

-dnl KRB5LIBS must be set before this function is invoked.

-dnl

-AC_DEFUN([AC_LIBRPCSECGSS], [

-

-  dnl libtirpc provides an rpcsecgss API

-  if test "$enable_tirpc" = no; then

-

-    dnl Check for library, but do not add -lrpcsecgss to LIBS

-    AC_CHECK_LIB([rpcsecgss], [authgss_create_default], [librpcsecgss=1],

-                 [AC_MSG_ERROR([librpcsecgss not found.])])

-

-    AC_CHECK_LIB([rpcsecgss], [authgss_set_debug_level],

-                 [AC_DEFINE([HAVE_AUTHGSS_SET_DEBUG_LEVEL], 1,

-                 [Define to 1 if you have the `authgss_set_debug_level' function.])])

-

-    AC_DEFINE([HAVE_AUTHGSS_FREE_PRIVATE_DATA], 1,

-	      [Define to 1 if your rpcsec library provides authgss_free_private_data,])

-  fi

-

-])dnl

diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4

index b7de636..27368ff 100644

--- a/aclocal/libtirpc.m4

+++ b/aclocal/libtirpc.m4

@@ -20,6 +20,12 @@ AC_DEFUN([AC_LIBTIRPC], [

                                     [Define to 1 if your rpcsec library provides authgss_free_private_data])],,

                          [${LIBS}])])

+     AS_IF([test -n "${LIBTIRPC}"],

+           [AC_CHECK_LIB([tirpc], [libtirpc_set_debug],

+                         [AC_DEFINE([HAVE_LIBTIRPC_SET_DEBUG], [1],

+                                    [Define to 1 if your tirpc library provides libtirpc_set_debug])],,

+                         [${LIBS}])])

+

   AC_SUBST([AM_CPPFLAGS])

   AC_SUBST(LIBTIRPC)

diff --git a/configure.ac b/configure.ac

index 25d2ba4..1daf5b8 100644

--- a/configure.ac

+++ b/configure.ac

@@ -382,8 +382,8 @@ if test "$enable_gss" = yes; then

   dnl Check for Kerberos V5

   AC_KERBEROS_V5

-  dnl Invoked after AC_KERBEROS_V5; AC_LIBRPCSECGSS needs to have KRBLIBS set

-  AC_LIBRPCSECGSS

+  dnl Check for pthreads

+  AC_LIBPTHREAD

   dnl librpcsecgss already has a dependency on libgssapi,

   dnl but we need to make sure we get the right version

diff --git a/support/export/client.c b/support/export/client.c

index 95156f0..2346f99 100644

--- a/support/export/client.c

+++ b/support/export/client.c

@@ -639,7 +639,7 @@ check_netgroup(const nfs_client *clp, const struct addrinfo *ai)

 	const char *netgroup = clp->m_hostname + 1;

 	struct addrinfo *tmp = NULL;

 	struct hostent *hp;

-	char *dot, *hname;

+	char *dot, *hname, *ip;

 	int i, match;

 	match = 0;

@@ -686,6 +686,18 @@ check_netgroup(const nfs_client *clp, const struct addrinfo *ai)

 		}

 	}

+	/* check whether the IP itself is in the netgroup */

+	ip = calloc(INET6_ADDRSTRLEN, 1);

+	if (inet_ntop(ai->ai_family, &(((struct sockaddr_in *)ai->ai_addr)->sin_addr), ip, INET6_ADDRSTRLEN) == ip) {

+		if (innetgr(netgroup, ip, NULL, NULL)) {

+			free(hname);

+			hname = ip;

+			match = 1;

+			goto out;

+		}

+	}

+	free(ip);

+

 	/* Okay, strip off the domain (if we have one) */

 	dot = strchr(hname, '.');

 	if (dot == NULL)

diff --git a/support/export/hostname.c b/support/export/hostname.c

index 169baa5..5c4c824 100644

--- a/support/export/hostname.c

+++ b/support/export/hostname.c

@@ -69,7 +69,7 @@ host_ntop(const struct sockaddr *sap, char *buf, const size_t buflen)

 	memset(buf, 0, buflen);

-	if (sin->sin_family != AF_INET)

+	if (sin->sin_family != AF_INET) {

 		(void)strncpy(buf, "bad family", buflen - 1);

 		return buf;

 	}

@@ -134,12 +134,14 @@ host_pton(const char *paddr)

 			break;

 		}

 		return ai;

+	case EAI_NONAME:

+		break;

 	case EAI_SYSTEM:

-		xlog(D_GENERAL, "%s: failed to convert %s: (%d) %m",

+		xlog(L_WARNING, "%s: failed to convert %s: (%d) %m",

 				__func__, paddr, errno);

 		break;

 	default:

-		xlog(D_GENERAL, "%s: failed to convert %s: %s",

+		xlog(L_WARNING, "%s: failed to convert %s: %s",

 				__func__, paddr, gai_strerror(error));

 		break;

 	}

@@ -228,7 +230,7 @@ host_canonname(const struct sockaddr *sap)

 	default:

 		(void)getnameinfo(sap, salen, buf, (socklen_t)sizeof(buf),

 							NULL, 0, NI_NUMERICHOST);

-		xlog(D_GENERAL, "%s: failed to resolve %s: %s",

+		xlog(D_PARSE, "%s: failed to resolve %s: %s",

 				__func__, buf, gai_strerror(error));

 		return NULL;

 	}

diff --git a/support/include/ha-callout.h b/support/include/ha-callout.h

index 1164336..a454bdb 100644

--- a/support/include/ha-callout.h

+++ b/support/include/ha-callout.h

@@ -47,7 +47,7 @@ ha_callout(char *event, char *arg1, char *arg2, int arg3)

 			      arg3 < 0 ? NULL : buf,

 			      NULL);

 			perror("execl");

-			exit(2);

+			_exit(2);

 		case -1: perror("fork");

 			break;

 		default: pid = waitpid(pid, &ret, 0);

diff --git a/support/include/nfslib.h b/support/include/nfslib.h

index c9a13cb..ddd71ac 100644

--- a/support/include/nfslib.h

+++ b/support/include/nfslib.h

@@ -176,6 +176,9 @@ size_t  strlcpy(char *, const char *, size_t);

 ssize_t atomicio(ssize_t (*f) (int, void*, size_t),

 		 int, void *, size_t);

+#ifdef HAVE_LIBTIRPC_SET_DEBUG

+void  libtirpc_set_debug(char *name, int level, int use_stderr);

+#endif

 #define UNUSED(x) UNUSED_ ## x __attribute__((unused))

diff --git a/support/include/xcommon.h b/support/include/xcommon.h

index d1a4b18..23c9a13 100644

--- a/support/include/xcommon.h

+++ b/support/include/xcommon.h

@@ -17,6 +17,12 @@

 #include <stdlib.h>

 #include <string.h>

+#ifdef MAJOR_IN_MKDEV

+#include <sys/mkdev.h>

+#elif defined(MAJOR_IN_SYSMACROS)

+#include <sys/sysmacros.h>

+#endif

+

 #define streq(s, t)	(strcmp ((s), (t)) == 0)

 /* Functions in sundries.c that are used in mount.c and umount.c  */ 

diff --git a/support/nfs/closeall.c b/support/nfs/closeall.c

index 38fb162..a69bf35 100644

--- a/support/nfs/closeall.c

+++ b/support/nfs/closeall.c

@@ -31,6 +31,7 @@ closeall(int min)

 	} else {

 		int fd = sysconf(_SC_OPEN_MAX);

 		while (--fd >= min)

-			(void) close(fd);

+			if(fd >= 0)

+				(void) close(fd);

 	}

 }

diff --git a/support/nfs/mydaemon.c b/support/nfs/mydaemon.c

index 3391eff..343e80b 100644

--- a/support/nfs/mydaemon.c

+++ b/support/nfs/mydaemon.c

@@ -49,6 +49,7 @@

 #include <stdbool.h>

 #include <stdlib.h>

 #include <string.h>

+#include <syslog.h>

 #include <xlog.h>

 #include "nfslib.h"

@@ -122,6 +123,7 @@ daemon_init(bool fg)

 	dup2(tempfd, 0);

 	dup2(tempfd, 1);

 	dup2(tempfd, 2);

+	closelog();

 	dup2(pipefds[1], 3);

 	pipefds[1] = 3;

 	closeall(4);

diff --git a/support/nfs/nfsexport.c b/support/nfs/nfsexport.c

index afd7c90..4b13265 100644

--- a/support/nfs/nfsexport.c

+++ b/support/nfs/nfsexport.c

@@ -19,6 +19,7 @@

 #include "nfslib.h"

 #include "misc.h"

+#include "xcommon.h"

 	/* if /proc/net/rpc/... exists, then 

 	 * write to it, as that interface is more stable.

diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c

index 2900d18..bdf6d2f 100644

--- a/support/nfs/rpc_socket.c

+++ b/support/nfs/rpc_socket.c

@@ -185,7 +185,7 @@ static int nfs_connect_nb(const int fd, const struct sockaddr *sap,

 	 * use it later.

 	 */

 	ret = connect(fd, sap, salen);

-	if (ret < 0 && errno != EINPROGRESS) {

+	if (ret < 0 && errno != EINPROGRESS && errno != EINTR) {

 		ret = -1;

 		goto done;

 	}

@@ -197,10 +197,16 @@ static int nfs_connect_nb(const int fd, const struct sockaddr *sap,

 	FD_ZERO(&rset);

 	FD_SET(fd, &rset);

-	ret = select(fd + 1, NULL, &rset, NULL, timeout);

-	if (ret <= 0) {

-		if (ret == 0)

-			errno = ETIMEDOUT;

+	while ((ret = select(fd + 1, NULL, &rset, NULL, timeout)) < 0) {

+		if (errno != EINTR) {

+			ret = -1;

+			goto done;

+		} else {

+			continue;

+		}

+	}

+	if (ret == 0) {

+		errno = ETIMEDOUT;

 		ret = -1;

 		goto done;

 	}

diff --git a/support/nfs/svc_create.c b/support/nfs/svc_create.c

index 5cb5ff6..ef7ff05 100644

--- a/support/nfs/svc_create.c

+++ b/support/nfs/svc_create.c

@@ -133,7 +133,7 @@ svc_create_bindaddr(struct netconfig *nconf, const uint16_t port)

 		hint.ai_family = AF_INET6;

 #endif	/* IPV6_SUPPORTED */

 	else {

-		xlog(D_GENERAL, "Unrecognized bind address family: %s",

+		xlog(L_ERROR, "Unrecognized bind address family: %s",

 			nconf->nc_protofmly);

 		return NULL;

 	}

@@ -143,7 +143,7 @@ svc_create_bindaddr(struct netconfig *nconf, const uint16_t port)

 	else if (strcmp(nconf->nc_proto, NC_TCP) == 0)

 		hint.ai_protocol = (int)IPPROTO_TCP;

 	else {

-		xlog(D_GENERAL, "Unrecognized bind address protocol: %s",

+		xlog(L_ERROR, "Unrecognized bind address protocol: %s",

 			nconf->nc_proto);

 		return NULL;

 	}

@@ -275,7 +275,7 @@ svc_create_nconf_rand_port(const char *name, const rpcprog_t program,

 	xprt = svc_tli_create(RPC_ANYFD, nconf, &bindaddr, 0, 0);

 	freeaddrinfo(ai);

 	if (xprt == NULL) {

-		xlog(D_GENERAL, "Failed to create listener xprt "

+		xlog(L_ERROR, "Failed to create listener xprt "

 			"(%s, %u, %s)", name, version, nconf->nc_netid);

 		return 0;

 	}

@@ -286,10 +286,12 @@ svc_create_nconf_rand_port(const char *name, const rpcprog_t program,

 		return 0;

 	}

+	rpc_createerr.cf_stat = rpc_createerr.cf_error.re_errno = 0;

 	if (!svc_reg(xprt, program, version, dispatch, nconf)) {

 		/* svc_reg(3) destroys @xprt in this case */

-		xlog(D_GENERAL, "Failed to register (%s, %u, %s)",

-				name, version, nconf->nc_netid);

+		xlog(L_ERROR, "Failed to register (%s, %u, %s): %s",

+				name, version, nconf->nc_netid, 

+				clnt_spcreateerror("svc_reg() err"));

 		return 0;

 	}

diff --git a/support/nfs/svc_socket.c b/support/nfs/svc_socket.c

index 99321e7..1fa0d15 100644

--- a/support/nfs/svc_socket.c

+++ b/support/nfs/svc_socket.c

@@ -24,6 +24,7 @@

 #include <sys/socket.h>

 #include <sys/fcntl.h>

 #include <errno.h>

+#include "xlog.h"

 #include "config.h"

@@ -99,9 +100,9 @@ svcsock_nonblock(int sock)

 	 * connection.

 	 */

 	if ((flags = fcntl(sock, F_GETFL)) < 0)

-		perror(_("svc_socket: can't get socket flags"));

+		xlog(L_ERROR, "svc_socket: can't get socket flags: %m");

 	else if (fcntl(sock, F_SETFL, flags|O_NONBLOCK) < 0)

-		perror(_("svc_socket: can't set socket flags"));

+		xlog(L_ERROR, "svc_socket: can't set socket flags: %m");

 	else

 		return sock;

@@ -119,7 +120,7 @@ svc_socket (u_long number, int type, int protocol, int reuse)

   if ((sock = __socket (AF_INET, type, protocol)) < 0)

     {

-      perror (_("svc_socket: socket creation problem"));

+      xlog(L_ERROR, "svc_socket: socket creation problem: %m");

       return sock;

     }

@@ -130,7 +131,7 @@ svc_socket (u_long number, int type, int protocol, int reuse)

 			sizeof (ret));

       if (ret < 0)

 	{

-	  perror (_("svc_socket: socket reuse problem"));

+	  xlog(L_ERROR, "svc_socket: socket reuse problem: %m");

 	  return ret;

 	}

     }

@@ -141,7 +142,7 @@ svc_socket (u_long number, int type, int protocol, int reuse)

   if (bind(sock, (struct sockaddr *) &addr, len) < 0)

     {

-      perror (_("svc_socket: bind problem"));

+      xlog(L_ERROR, "svc_socket: bind problem: %m");

       (void) __close(sock);

       sock = -1;

     }

diff --git a/support/nsm/file.c b/support/nsm/file.c

index 4711c2c..7a8b504 100644

--- a/support/nsm/file.c

+++ b/support/nsm/file.c

@@ -536,7 +536,8 @@ nsm_get_state(_Bool update)

 		state++;

 update:

-	(void)close(fd);

+	if(fd >= 0)

+		(void)close(fd);

 	if (update) {

 		state += 2;

diff --git a/systemd/Makefile.am b/systemd/Makefile.am

index 0331926..03f96e9 100644

--- a/systemd/Makefile.am

+++ b/systemd/Makefile.am

@@ -28,9 +28,13 @@ endif

 if CONFIG_GSS

 unit_files += \

     auth-rpcgss-module.service \

-    rpc-gssd.service \

+    rpc-gssd.service

+

+if CONFIG_SVCGSS

+unit_files += \

     rpc-svcgssd.service

 endif

+endif

 EXTRA_DIST = $(unit_files)

diff --git a/systemd/README b/systemd/README

index bbd7790..7c43df8 100644

--- a/systemd/README

+++ b/systemd/README

@@ -53,7 +53,7 @@ client and systemd cannot specify is two-pronged reverse dependency.

 (i.e. stop this unit if none of these units are running)

 Distro specific commandline configuration can be provided by

-installing a script /usr/lib/systemd/scripts/nfs-utils_env.sh

+installing a script /usr/libexec/nfs-utils/nfs-utils_env.sh

 This should write /run/sysconfig/nfs-utils based on configuration

 information such as in /etc/sysconfig/nfs or /etc/defaults/nfs.

 It is run once by nfs-config.service.

diff --git a/systemd/nfs-config.service b/systemd/nfs-config.service

index 7f65305..bd69e84 100644

--- a/systemd/nfs-config.service

+++ b/systemd/nfs-config.service

@@ -5,5 +5,9 @@ DefaultDependencies=no

 [Service]

 Type=oneshot

-RemainAfterExit=yes

-ExecStart=/usr/lib/systemd/scripts/nfs-utils_env.sh

+# This service needs to run any time any nfs service

+# is started, so changes to local config files get

+# incorporated.  Having "RemainAfterExit=no" (the default)

+# ensures this happens.

+RemainAfterExit=no

+ExecStart=/usr/libexec/nfs-utils/nfs-utils_env.sh

diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service

index 12b02f2..2ccdc63 100644

--- a/systemd/nfs-server.service

+++ b/systemd/nfs-server.service

@@ -1,13 +1,14 @@

 [Unit]

 Description=NFS server and services

 DefaultDependencies=no

-Requires= network.target proc-fs-nfsd.mount rpcbind.service

+Requires= network.target proc-fs-nfsd.mount

 Requires= nfs-mountd.service

+Wants=rpcbind.socket

 Wants=rpc-statd.service nfs-idmapd.service

 Wants=rpc-statd-notify.service

 After= local-fs.target

-After= network.target proc-fs-nfsd.mount rpcbind.service nfs-mountd.service

+After= network.target proc-fs-nfsd.mount rpcbind.socket nfs-mountd.service

 After= nfs-idmapd.service rpc-statd.service

 Before= rpc-statd-notify.service

diff --git a/systemd/rpc-statd.service b/systemd/rpc-statd.service

index 14604d7..a02f5c4 100644

--- a/systemd/rpc-statd.service

+++ b/systemd/rpc-statd.service

@@ -2,8 +2,8 @@

 Description=NFS status monitor for NFSv2/3 locking.

 DefaultDependencies=no

 Conflicts=umount.target

-Requires=nss-lookup.target rpcbind.target

-After=network.target nss-lookup.target rpcbind.target

+Requires=nss-lookup.target rpcbind.socket

+After=network.target nss-lookup.target rpcbind.socket

 PartOf=nfs-utils.service

diff --git a/tools/mountstats/mountstats.py b/tools/mountstats/mountstats.py

index 011bb42..4ca4bc4 100644

--- a/tools/mountstats/mountstats.py

+++ b/tools/mountstats/mountstats.py

@@ -150,6 +150,8 @@ Nfsv3ops = [

     'COMMIT'

 ]

+# This list should be kept in-sync with the NFSPROC4_CLNT_* enum in

+# include/linux/nfs4.h in the kernel.

 Nfsv4ops = [

     'NULL',

     'READ',

@@ -204,7 +206,12 @@ Nfsv4ops = [

     'FREE_STATEID',

     'GETDEVICELIST',

     'BIND_CONN_TO_SESSION',

-    'DESTROY_CLIENTID'

+    'DESTROY_CLIENTID',

+    'SEEK',

+    'ALLOCATE',

+    'DEALLOCATE',

+    'LAYOUTSTATS',

+    'CLONE'

 ]

 class DeviceData:

@@ -563,7 +570,10 @@ class DeviceData:

         for the nfsstat command.

         """

         for op in new_stats.__rpc_data['ops']:

-            self.__rpc_data[op] = list(map(add, self.__rpc_data[op], new_stats.__rpc_data[op]))

+            try:

+                self.__rpc_data[op] = list(map(add, self.__rpc_data[op], new_stats.__rpc_data[op]))

+            except KeyError:

+                continue

     def __print_rpc_op_stats(self, op, sample_time):

         """Print generic stats for one RPC op

diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c

index b52afe2..052d582 100644

--- a/utils/blkmapd/device-discovery.c

+++ b/utils/blkmapd/device-discovery.c

@@ -51,6 +51,7 @@

 #include <libdevmapper.h>

 #include "device-discovery.h"

+#include "xcommon.h"

 #define EVENT_SIZE (sizeof(struct inotify_event))

 #define EVENT_BUFSIZE (1024 * EVENT_SIZE)

@@ -427,7 +428,10 @@ void sig_die(int signal)

 	BL_LOG_ERR("exit on signal(%d)\n", signal);

 	exit(1);

 }

-

+static void usage(void)

+{

+	fprintf(stderr, "Usage: blkmapd [-hdf]\n" );

+}

 /* Daemon */

 int main(int argc, char **argv)

 {

@@ -435,7 +439,7 @@ int main(int argc, char **argv)

 	struct stat statbuf;

 	char pidbuf[64];

-	while ((opt = getopt(argc, argv, "df")) != -1) {

+	while ((opt = getopt(argc, argv, "hdf")) != -1) {

 		switch (opt) {

 		case 'd':

 			dflag = 1;

@@ -443,6 +447,13 @@ int main(int argc, char **argv)

 		case 'f':

 			fg = 1;

 			break;

+		case 'h':

+			usage();

+			exit(0);

+		default:

+			usage();

+			exit(1);

+			

 		}

 	}

diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c

index 8758231..5db348b 100644

--- a/utils/exportfs/exportfs.c

+++ b/utils/exportfs/exportfs.c

@@ -108,11 +108,14 @@ main(int argc, char **argv)

 	xlog_stderr(1);

 	xlog_syslog(0);

-	while ((c = getopt(argc, argv, "afhio:ruvs")) != EOF) {

+	while ((c = getopt(argc, argv, "ad:fhio:ruvs")) != EOF) {

 		switch(c) {

 		case 'a':

 			f_all = 1;

 			break;

+		case 'd':

+			xlog_sconfig(optarg, 1);

+			break;

 		case 'f':

 			force_flush = 1;

 			break;

@@ -405,8 +408,17 @@ unexportfs_parsed(char *hname, char *path, int verbose)

 			hname = ai->ai_canonname;

 	}

+	/*

+	 * It's possible the specified path ends with a '/'. But

+	 * the entry from exportlist won't has the trailing '/',

+	 * so need to deal with it.

+	*/

+	size_t nlen = strlen(path);

+	while (path[nlen - 1] == '/')

+		nlen--;

+

 	for (exp = exportlist[htype].p_head; exp; exp = exp->m_next) {

-		if (path && strcmp(path, exp->m_export.e_path))

+		if (path && strncmp(path, exp->m_export.e_path, nlen))

 			continue;

 		if (htype != exp->m_client->m_type)

 			continue;

@@ -499,9 +511,10 @@ unexportfs(char *arg, int verbose)

 static int can_test(void)

 {

-	char buf[1024];

+	char buf[1024] = { 0 };

 	int fd;

 	int n;

+	size_t bufsiz = sizeof(buf);

 	fd = open("/proc/net/rpc/auth.unix.ip/channel", O_WRONLY);

 	if (fd < 0)

@@ -514,9 +527,9 @@ static int can_test(void)

 	 * commit 2f74f972  (sunrpc: prepare NFS for 2038).

 	 */

 	if (time(NULL) > INT_TO_LONG_THRESHOLD_SECS)

-		sprintf(buf, "nfsd 0.0.0.0 %ld -test-client-\n", LONG_MAX);

+		snprintf(buf, bufsiz-1, "nfsd 0.0.0.0 %ld -test-client-\n", LONG_MAX);

 	else

-		sprintf(buf, "nfsd 0.0.0.0 %d -test-client-\n", INT_MAX);

+		snprintf(buf, bufsiz-1, "nfsd 0.0.0.0 %d -test-client-\n", INT_MAX);

 	n = write(fd, buf, strlen(buf));

 	close(fd);

@@ -532,7 +545,8 @@ static int can_test(void)

 static int test_export(char *path, int with_fsid)

 {

-	char buf[1024];

+	/* beside max path, buf size should take protocol str into account */

+	char buf[NFS_MAXPATHLEN+1+64] = { 0 };

 	char *bp = buf;

 	int len = sizeof(buf);

 	int fd, n;

@@ -758,7 +772,8 @@ dumpopt(char c, char *fmt, ...)

 static void

 dump(int verbose, int export_format)

 {

-	char buf[1024];

+	/* buf[] size should >= sizeof(struct exportent->e_path) */

+	char buf[NFS_MAXPATHLEN+1] = { 0 };

 	char *bp;

 	int len;

 	nfs_export	*exp;

@@ -866,6 +881,6 @@ error(nfs_export *exp, int err)

 static void

 usage(const char *progname, int n)

 {

-	fprintf(stderr, "usage: %s [-afhioruvs] [host:/path]\n", progname);

+	fprintf(stderr, "usage: %s [-adfhioruvs] [host:/path]\n", progname);

 	exit(n);

 }

diff --git a/utils/exportfs/exportfs.man b/utils/exportfs/exportfs.man

index 75d952a..fdf9260 100644

--- a/utils/exportfs/exportfs.man

+++ b/utils/exportfs/exportfs.man

@@ -88,6 +88,9 @@ appropriate export entry for the host given in

 to be added to the kernel's export table.

 .SH OPTIONS

 .TP

+.B \-d kind " or " \-\-debug kind

+Turn on debugging. Valid kinds are: all, auth, call, general and parse.

+.TP

 .B -a

 Export or unexport all directories.

 .TP

diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am

index cb040b3..3f5f59a 100644

--- a/utils/gssd/Makefile.am

+++ b/utils/gssd/Makefile.am

@@ -49,7 +49,8 @@ gssd_LDADD = \

 	$(RPCSECGSS_LIBS) \

 	$(KRBLIBS) \

 	$(GSSAPI_LIBS) \

-	$(LIBTIRPC)

+	$(LIBTIRPC) \

+	$(LIBPTHREAD)

 gssd_LDFLAGS = \

 	$(KRBLDFLAGS)

diff --git a/utils/gssd/context_heimdal.c b/utils/gssd/context_heimdal.c

index 1e8738a..d07103b 100644

--- a/utils/gssd/context_heimdal.c

+++ b/utils/gssd/context_heimdal.c

@@ -260,7 +260,7 @@ serialize_krb5_ctx(gss_ctx_id_t *_ctx, gss_buffer_desc *buf, int32_t *endtime)

 	if (write_heimdal_seq_key(&p, end, ctx)) goto out_err;

 	buf->length = p - (char *)buf->value;

-	printerr(2, "serialize_krb5_ctx: returning buffer "

+	printerr(4, "serialize_krb5_ctx: returning buffer "

 		    "with %d bytes\n", buf->length);

 	return 0;

diff --git a/utils/gssd/context_lucid.c b/utils/gssd/context_lucid.c

index badbe88..5d77c21 100644

--- a/utils/gssd/context_lucid.c