For details, see the history as recorded in the git repository.

HEAD
====


v2.16 (2016-09-23)
==================
Enhancements:
* support building with OpenSSL 1.1.0 and test libressl 2.4.2
Changes:
* the sgrp match is now implemented by asking for the user's group list instead
  of asking for the group's user list. (The latter can easily be orders of
  magnitude larger, which is why some LDAP servers may be configured not to
  return the list at all.)


v2.15 (2014-12-01)
==================
Changes:
* util-linux >= 2.20 is required at runtime
  (just mentioning it again; it was already needed for building)
* use the helper= option to get umount.crypt invoked on calling umount
* remove unsupported -p0 mount option
* fix a crash in ehd_log


v2.14 (2013-08-27)
==================
Enhancements:
- pam_mount: add an "allow_discard" option for volumes to enable
  trim support on the block device without enabling it for the filesystem.
- config: regexes can now be used for the <user> and <group> configuration
  options
Fixes:
- fix "feature 1 already set to zero"
- pmt-ehd: avoid miscalculating blockdev size obtained from BLKGETSIZE64
- pam_mount: give more verbose output on "unknown digest/cipher"
- pam_mount: fix crash when an unknown digest/cipher was specified
- pam_mount: correctly mkdir mountpoint if requested
- pam_mount: only remove mountpoint if actually created
- config: restore DOMAIN_USER and DOMAIN_NAME expansion in mount options
Changes:
- Complain louder when EUID is not 0
- Make CIFS mounts work again after util-linux option parser update.
  util-linux has received updates to its option parser in or around
  v2.22, and pam_mount was incorrectly using the "user" moutn option
  to specify a username; the proper option is, of course, "username".
  (as in: <volume fstype="cifs" ... options="username=someoneelse" />)
- Make Winbind user logins (DOMAIN\user) work with cifs-utils > 5.5


v2.13 (2011-12-15)
==================
Fixes:
- pam_mount: restore keyfile support for non-crypto mounts
  (useful for accessing volumes with a different password than the login one)
Changes:
- pam_mount: use libmount for utab/mtab operations
- Move crypto code into a separate library, libcryptmount
  rather than including the .o files in every executable
Enhancements:
- mount.crypt: add support for crypto name mapping (new -o crypto_name= option)


v2.12 (2011-10-06)
==================
Fixes:
- build: make build of pmt-ehd dependent upon HAVE_LIBCRYPTSETUP
- mount.crypt: restore support for files >= 4 GB
Changes:
- config: default to calling umount.crypt directly


v2.11 (2011-08-07)
==================
Fixes:
- mount.crypt: fix a bogus "realpath (null): ..." message when trying to
  umount a non-existing directory
- mount.crypt: make -v option on umount work again
Changes:
- support for old encfs 1.3.x has been removed
- mount.crypt: print the location of cmtab/smtab and its contents
  when an entry was not found
- mount.crypt: add diagnostic to determine how the smtab entry was found
- mount.crypt: do not call lower-level helpers with -n option
  (there are setups where that has no effect anyway)
- mount.crypt: do not call lower-level helpers with -i option
- mount.crypt: use /run directory to store cmtab
- pmvarrun: use /run/pam_mount directory
- pmt-ehd: exclusively create LUKS partitions from now on
Enhancements:
- config: allow specifying CIFS/NCP/NFS <volume>s without a "server" attribute


v2.10 (2011-04-15)
==================
Fixes:
- loop-linux: wait for loop device deallocation to succeed
- crypto: avoid premature attempt of unloading the loop device
- mtab: cope with mtab-less systems in staleness check
Changes:
- mount.crypt: reduce mtab-less message from error to warning


v2.9 (2011-04-06)
=================
Fixes:
- build: fix configure --without-crypt{o,setup}
Changes:
- mount.crypt: warn of unwritable /etc/mtab
Enhancements:
- debug: print /proc/self/mountinfo when available (and avoid df)
- pam_mount: support mounting files with bind/move


v2.8 (2010-12-22)
=================
Fixes:
- config: options need to have a space for mount.fuse
- pam_mount: fix truncation of groups on FUSE mounts
Changes:
- pam_mount: reimplement mkmountpoint
- pam_mount: remove mountpoint early when mount failed


v2.7 (2010-12-01)
=================
Changes:
- conf: %(shell EXPR) is now activated and usable from the global config file


v2.6 (2010-10-30)
=================
Fixes:
- pam_mount: up the refcount once freeconfig is live
Changes:
- remove shipped copy of ofl, use hxtools's original variant
- remove shipped copy of fd0ssh, use hxtools's original variant


v2.5 (2010-08-10)
=================
Changes:
- mount.crypt: fix incorrect processing of binary files in keyfile passthrough
- call mount.crypt by means of mount -t crypt (selinux), same for umount
- reorder the default path to search in /usr/local first, then /usr, /
- config: add missing fd0ssh command to restore volumes using ssh
- ofl is now run as a separate process (selinux policy simplification)


v2.4 (2010-06-26)
=================
Notes:
- see doc/bugs.txt for cryptsetup behavior that impacts
  pam_mount users since version 2.0
- recommending use of device-mapper >= 1.02.48 to avoid a race
Fixes:
- umount.crypt: fix use of a wrong field for smtab/cmtab staleness check
Changes:
- make libcryptsetup truly optional at compile-time
  (it was only claimed in the doc, but not fully realized until now)
- make libcrypto truly optional at compile-time
  (this had once worked in pam_mount 0.x, now it does again)


v2.3 (2010-05-19)
=================
Fixes:
- umount.crypt had erroneously mounted instead of umounted


v2.2 (2010-05-16)
=================
Fixes:
- mount.crypt: fix memory scribble crash when crypto device could
  not be initialized
- mount.crypt: do not fail when unlocking key slot other than #0
- fusermount is now called with supplementary groups initialized
- rdconf: do not warn about missing fskeyhash when no fskey specified
- mount: prefer sysv mount API over bsd
- pmt-ehd: reword help text for -k option
- pmt-ehd: apply default value for -k option
- pmt-ehd: fix fskey generation which was pegged at 256 bits
- pmt-ehd: avoid needless overtruncation/sparsifying
- pmt-ehd: zero LUKS header to avoid setup failure of PLAIN volume
Changes:
- pmt-ehd: speed up writing random data
- pmt-ehd: reword help text for -k option
- mount.crypt: ignore cmtab update errors
- mount.crypt: add support for keyfile passthru using -ofsk_cipher=none
- doc: document mount.crypt's -o hash option
- mount.crypt: warn on ignored options


v2.1 (2010-05-02)
=================
Fixes:
- config: rdconf1 static data had unclosed %(if) tags
- config: rdconf1 static data had extraneous %(OPTIONS) parameter


v2.0 (2010-04-20)
=================
Changes:
- mount.crypt: make use of libcryptsetup
- cmtab is now stored below localstatedir (usually /var/run)
- use HXformat2. This invalidates old constructs like %(before=\"-o\"...),
  which need to be replaced with the new syntax. (See below.)

In general, the old syntax was only used by commands Note to updaters: As the
old syntax %(after=...) %(before=...) %(ifempty=...) %(ifnempty=...)
%(lower=...) %(upper=...) only appeared in commands, and commands are not part
of the default config file anymore since v1.0~15^2~15, there should be little
worry. The configuration options in question are <cifsmount>, <cryptmount>,
<cryptumount>, <fd0ssh>, <fsck>, <fusemount>, <fuseumount>, <lclmount>,
<nfsmount>, <ncpmount>, <ncpumount>, <pmvarrun>, <smbmount>, <smbumount>
<umount> and should normally not be needed in pam_mount.conf.xml.


v1.36 (2010-04-13)
==================
Changes:
- cope better with cryptsetup's assumption that keysize=256
- augment doc/bugs.txt about caveats with cryptsetup create


v1.35 (2010-04-10)
==================
Fixes:
- avoid a mlock(NULL) when there is no auth token
Changes:
- print error code when mkmountpoint failed
- print warning when cmtab is not creatable


v1.34 (2010-04-08)
==================
Changes:
- update for libHX 3.4
Fixes:
- do decrease the login refcount on logout when no volumes are defined


v1.33 (2010-01-10)
==================
Fixes:
- avoid multi-free of auth token when pam_mount is rerun in a PAM stack
- avoid NULL dereference when there is an empty line in mtab


v1.32 (2009-09-21)
==================
Fixes:
- luserconf: fix skipping luser volume mounting
- config: allow arbitrary source paths for tmpfs


v1.31 (2009-09-02)
==================
Fixes:
- pam_mount: fix a potential strlen(NULL) on login


v1.30 (2009-08-27)
==================
Fixes:
- pam_mount: avoid crash in sudo by not calling setenv() with NULL
- pam_mount: unwind krb5 environment info at the right time
- umount.crypt: do not remove entry from /etc/mtab twice
- doc: mount.crypt has no defaults for fsk_cipher and fsk_hash
- doc: pmt-ehd defaults to using SHA1 hash
- doc: mention preferred location of <debug>
Changes:
- config: move <debug> to top
Enhancements:
- luserconf: delayed parsing and mounting of luserconf volumes


v1.27 (2009-07-01)
==================
Changes:
- mounting: stdout from mount programs is now discarded


v1.26 (2009-06-19)
==================
Fixes:
- config: do parse <cryptumount> elements from .xml
Enhancements:
- mount: pass fstype to NFS mount program
- config: map "nfs4" fstype to NFSMOUNT
- pam_mount: PAM function return code audit
- config: warn about ignored "server" attribute in <volume>
- config: print error message on config file syntax error


v1.25 (2009-05-09)
==================
Fixes:
- fix splitting of "NTDOMAIN\username" strings
Enhancements:
- config: broaden variable expansion to resolve a case where it
  did not do expected expansion with AUFS


v1.24 (2009-04-23)
==================
Fixes:
- src: fix one uninitialized value
- mount.crypt: write options, not "defaults" to /etc/mtab
- mount.crypt: keysize truncation must happen later


v1.22 (2009-04-05)
==================
Changes:
- mount.crypt: pass -o ro/rw down to mount program
- mount.crypt: support for -o remount
- mount.crypt: support overriding keysize


v1.21 (2009-05-17)
==================
Fixes:
- mount.crypt: must pass -s option to cryptsetup
  (otherwise its odd default of truncating the key kicks in)
Documentation:
- mount.crypt: add "Deprecated Mount options" section to manpage


v1.20 (2009-03-01)
==================
Fixes:
- pam_mount: fix a double free that can happen when stale entries are in cmtab
- pam_mount: first-time overriding of mntoptions failed to work


v1.19 (2009-02-27)
==================
Fixes:
- pmvarrun: do not segfault when no username is specified (corner-case)
- pmvarrun: recognize internal _PMT_DEBUG_LEVEL env var
- mtab: automatically ignore and remove stale entries from cmtab
- pam_mount: fix unexpected termination after pam_mount ran
- doc: list support contacts in man page


v1.18 (2009-02-07)
==================
Fixes:
- mount.crypt: warn on insecure ciphers/hashes
- pam_mount: fix case-insensitive sgrp matching for <volume>
- pam_mount: additional safety check for NULL 'converse' structs
- doc: add sudo to the Known Bugs list


v1.17 (2009-01-26)
==================
Fixes:
- mount.crypt: resolve valgrind warnings (incapability to umount)
- mount.crypt: correct exit status on mount
- mtab: do not fail if file not found
- pam_mount: look into cmtab when checking for already-mounted volumes

Features:
- ports: FreeBSD loop device (MD) support
- ports: NetBSD loop device (VND) support
- ports: NetBSD crypto device (CGD) support


v1.16 (2009-01-24)
==================
Fixes:
- nucrypt2: resolve compiler warnings
- nucrypt2: avoid NULL deref in pmt_cmtab_add
- mount.crypt: avoid random deref in bogus printf
- mount.crypt: only use mount -i on __linux__
- mount.crypt: avoid umount attemps when not mounted


v1.15 (2009-01-23)
==================
Enhancements:
- mount.crypt: use /etc/cmtab file to keep crypto mount info
Fixes:
- mount.crypt/pmt-ehd: flush tty input queue before prompting for password


v1.10 (2009-01-22)
==================
Fixes:
- crypto: add missing return statements during loop+crypto setup
- pmt-ehd: fix return statements
- ehd: do not feed password's '\0' into openSSL


v1.9 (2009-01-13)
=================
Fixes:
- umount was called on anything but the last session
- ofl: fix per-task fd lookup (again)
- luserconf: re-enforce three-wall option checks
Changes:
- doc: remove old use_first_pass from doc
- doc: add version string and reldate to manpages


v1.8 (2009-01-07)
=================
- doc: add manpage aliases crypt{,o}_LUKS
- mount.crypt: fix return code regression
- logging: <debug> should not turn off errors
- src: traverse non-whitespace properly, check for '\0'
- pam_mount: fix segfault in case of an undefined converse function (e.g. cron)
- mount.crypt: fix segfault when password is NULL
- umount.crypt: fix segfault when path is not mounted
Enhancements:
- ports: pam_mount.so compiles on FreeBSD (7.1)


v1.7 (2009-01-01)
=================
Fixes:
- spawns: correctly interpret return codes when signalled
- pmt-ehd: fix a wrong return value in the error path
- src: close some leaking fds
- src: resolve memory leaks from HXformat use
- mount.crypt: continue on umount errors
- rdconf: silence debug messages if debug turned off
Changes:
- signals: block SIGPIPE during the entire pam_mount run time
- signals: use refcounted SIGCHLD
- src: use libHX 2.2's proc interface


v1.6 (2008-12-27)
=================
- update to libHX 2.0
- block-linux: close a leaking fd
- config: optionally install DTD and instructions for verification
- config: resynchronize DTD with XML
- build: autotools fixes, make `make dist` work
- pam_mount.so now builds on BSD


v1.5 (2008-12-07)
=================
- mount.crypt: support fsck mount option


v1.4 (2008-11-24)
=================
- mount.crypt: fix is_luks detection
- mount.crypt: add warnings for unneeded/unsupported options
- build: supply "crypto_LUKS" fstype symlinks


v1.3 (2008-11-16)
=================
- ofl: fix per-task fd lookup
- mount.crypt: -v takes no argument
- mount.crypt: use original container name as dmdevice name
- mount.crypt: reduce output on wrong password
- mount.crypt: only require -o cipher when really needed
- always proceed with mount even when a password is missing


v1.2 (2008-10-23)
=================
- pmt-ehd: autodetect size for block devices
- config: add missing %(CIPHER) to CMD_CRYPTMOUNT command line
- mount.crypt: allow -v to be set through -o verbose too
  (that way you can enable it per-<volume>)
- mount.crypt: pass -c to cryptsetup also for LUKS
- config: expand placeholders in the <volume options="..."> attribute
- config: make %(GROUP) variable working


v1.1 (2008-10-20)
=================
- config: fix unfortunate inversion in user_in_sgrp
- config: fix unintentional inversion in mntoptions deny processing
- mount.crypt: allow specification of a hash alg
- pmt-ehd: add -D option for debugging
- mount.crypt: propagate -o fstype=x to mount(8)
- pmt-ehd: double-ask for password
- config: remove bogus user check for ncpfs
- pmt-ehd: fix segfault when using -c option
- pmt-ehd: add -h option to pick hash for key derivation
- pmt-ehd: default to using SHA1 for hash
- mount.crypt: do not default to any cipher/hash
- pmt-ehd: print <volume> line after creation
- config: introduce <volume fskeyhash=""> attribute
- config: introduce <volume cipher=""> attribute


v1.0 (2008-10-12)
=================
- convert_pam_mount_conf.pl: ignore unknown commands
- fix leftover assertion in crypto.c
- remove legacy truecrypt 4.x support
- deprecate cryptoloop (unsafe for journalled fs)
- remove BSD mntcheck code
- remove BSD mntagain leftovers
- remove BSD mount_ehd/vnconfig scripts
- remove code that set up a loop device for fsck
  (fsck can operate on normal files)
- new crypto helper: pmt-ehd replaces scripts/mkehd
- new crypto helper: mount.crypt is now a proper program
- add %(GROUP) variable
- remove convert_pam_mount.conf.pl


v0.49 (2008-10-07)
==================
- convert_pam_mount_conf.pl: ignore unknown commands
- fix leftover assertion in crypto.c
- remove legacy truecrypt 4.x support
- deprecate cryptoloop (unsafe for journalled fs)
- revert "mount.crypt: default to aes-cbc-essiv:sha256/sha512"
- fix invalid pointer causing crash on fskey decryption


v0.48 (2008-09-10)
==================
- upgrade for libHX 1.25
  (this fixes a potential crash in the fskey decryption routine)
- move more documentation from pam_mount.conf.xml into pam_mount.conf.5


v0.47 (2008-09-04)
==================
This release incorporates a security fix (item 3 on the list).
All administrators who have enabled <luserconf> in the configuration
file should upgrade. A workaround is to comment out <luserconf>.

- mount.crypt: add missing null command to conform to sh syntax
  (SF bug #2089446)
- conf: fix printing of strings when luser volume options were not ok
- conf: re-add luserconf security checks
- add support for encfs 1.3.x (1.4.x already has been in for long)
- conf: add the "noroot" attribute for <volume> to force mounting with
  the unprivileged user account (required for FUSE filesystems)
- replace fixed-size buffers and arrays with dynamic ones (complete)


v0.45 (2008-08-31)
==================
- fix double-freeing the authentication token
- use ofl instead of lsof/fuser
- kill-on-logout support (terminate processes that would stand in the
  way of unmounting)
- mount.crypt: auto-detect necessity for running losetup
- replace fixed-size buffers with dynamic ones (first part)


v0.44 (2008-08-16)
==================
Bugfixes only.
- mount.crypt: fix option slurping (SF bug #2054323)
- properly handle simple sgrp config items (Debian bug #493497)
- src: correct error check in run_lsof()
- conf: check that slash follows home tilde
- conf: wildcard inadvertently matched root sometimes


v0.43 (2008-07-16)
==================
A few accumulated patches, but no real new glaring features.
- remove davfs support
- pass fsck definition from pam_mount.conf.xml to mount.crypt
- document pam_mount.conf.xml defaults
- do not call fsck from within pam_mount for encrypted devices,
  let mount.crypt do it


v0.41 (2008-06-17)
==================
This is a stable release, no new features, bugfixes only.
Fixes regressions found in 0.39 and 0.40. Most important changes:
- bypass /sbin/mount for mount.crypt
- umount.crypt: fix expression syntax for _PMT_DEBUG_LEVEL
- re-add support for user="*" wildcard
- add missing pgrp/sgrp attribute handling for simple user control
- mount.crypt: handle arbitrary argument order
- correct extended sgrp handling
- manpages: add missing description for <fsck>, and reorder <path>


v0.40 (2008-06-11)
==================
- the documentation in pam_mount.conf.xml has been reworked and
  split off into pam_mount.conf(5).
- extensive user selection for <volume> (revised)
- case-insensitive matching for user, pgrp, sgrp
- fixed segfault when more than one volume was defined


v0.39 (2008-05-28)
==================
- extended user selection for <volume>
- fix an unwanted inversion for handling <options allow=" (nonempty) ">
- store per-volume option list in ordered form --
  essentially fixes the problem of "user" (implies noeexec)
  overriding "exec"


v0.38 (2008-05-18)
==================
- fix null pointer deref (from new UID/GID range support)
- mount.crypt uses normal sleep from coreutils again


v0.37 (2008-05-17)
==================
- truecrypt 5.x is not supported because the truecrypt CLI component
  that pam_mount requires was removed
- <volume> tag in pam_mount.conf.xml supports UID and GID ranges now
- avoid printing a line of garbage into logs


v0.35.1 (2008-04-10)
====================
- fix HAVE_LIBCRYPTO regression;
  crypto was always disabled even if openssl present


v0.35 (2008-04-06)
==================
- mount.crypt: fix loop device detection
- mount.crypt: wait for dm devices to show up
- fixed: mount flag and value were one argument
- pmvarrun: support unprivileged mode
- Support for SSH keyboard-interactive authenticated volumes
- documentation updates


v0.33 (2008-02-22)
==================
- notify about unknown options in /etc/pam.d/*
- support "debug" option for pam_mount in /etc/pam.d/*
- mount.crypt: detect loop devices by major number
- remove trailing comma from mount options


v0.32 (2007-12-06)
==================
- remove unintended zeroing of variable
- rip out mntagain hack


v0.31 (2007-12-01)
==================
Fixed parsing of old-style pam_mount.conf with spaces in group names,
copy-and-paste typos and a missing return value. Added workaround for
CIFS volumes within NFS mounts with "root_squash" option.

- allow --keyfile to be used for non-LUKS too
- add workaround for CIFS mounts within root_squashed NFS
- luksClose is the same as Remove (in umount.crypt)
- fix copy-and-paste error in converter script
- convert "local" fstype entries from old configuration format correctly.
- fixed parsing of old pam_mount.conf with spaces in group names
- fixed: When no volumes were to be mounted, return value
  was not PAM_SUCCESS.


v0.29 (2007-09-27)
==================
An uninitialized array and a copy-and-paste error were corrected in
the recently introduced process spawn code.

- explicitly initialize fd array (spawn.c)
- fix a copy-and-paste typo during dup2() (spawn.c)


v0.28 (2007-09-27)
==================
A hotfix for an incorrect printf format specification in pmvarrun.
Also installs config files by default now.

- install pam_mount.conf.xml by default
- add --with-selinux configure option to install selinux files
- fix crash due to printf arguments in pmvarrun.c


v0.27 (2007-09-26)
==================
This release fixes a crash on logout with su by using a fixed $PATH
to work around broken login programs. MSAD usernames are now accepted
in pmvarrun. The libglib dependency has been dropped.

- add luserconf conversion note to convert_pam_mount_conf.pl
- do not print "mount errors" if there won't be any
- allow MSAD usernames (with spaces and backslash) in pmvarrun
- quick-terminate if there is nothing to do on closing session
- fix crash on logout with su (unsigned loop underflow)
- drop libglib dependency
- always use fixed $PATH


v0.26 (2007-09-20)
==================
Luks argument ordering, mountpoint creation as user, and the
converter script were corrected. The "nullok" and --keyfile options
were added.

- revert r290 which incorrectly changed the luks argument order
- --keyfile option added to mount.crypt
- improved error reporting in the config converter script
- do not literally copy the special-meaning single dashes
  in converter script
- fix mount.crypt inner shell syntax
- add "nullok" option
- fix a missing user identity switch after mkmountpoint'ing


v0.21 (2007-09-17)
==================
Some mount helpers needed a different option passing method.
Stacking of loop devices is now avoided, and pam_mount will not ask
for a password if no volumes are to be mounted. The documentation has
been updated to include PAM module stacking (e.g. when using pam_ldap
with pam_mount).

- silence unwanted error message (fallout from r240)
- add "Known Bugs and Issues" documentation
- more documentation - How to stack PAM modules without pam_stack
- option passing to some mount helpers needs to be different
- avoid stacking of loop devices
- do not ask for password if no volumes found


v0.20 (2007-09-05)
==================
This release adds extra options regarding pam_mount behavior
(messages and mount points).

- do not use absolute paths, search $PATH instead for programs
- add pam_mount.conf to .conf.xml converter
- "sufficient" keyword documentation
- misc cryptmount fix
- pass down readonly flag to luksOpen
- add option to retain automatically created mountpoints
- create mountpoint as user if possible (e.g. if /home/USER
  already exists and your volume is /home/USER/myvol)
- build fixes, making it work OOTB again with FC6 and Autoconf 2.59
- allow changing the password prompt
- add an overview of pam_mount options (options.txt)
- implement the "soft_try_pass" option


v0.19 (2007-07-04)
==================
pam_mount now uses an XML config file, which also has a few new
variables and options. Support for truecrypt was added.

- pam_mount switched to an XML configuration.
- NT domain placeholders
- properly detect loop64 support
- split group matching into multiple attributes
- add an "invert" attribute
- remove pam_mount.la from `make install`ed directory
- partial davfs support
- added truecrypt support


v0.18 (2006-09-07)
==================
A crash on x86_64 has been fixed. pam_mount now changes to the root
directory before attempting to (un)mount.

- change to / before attempting mount
- check return value in xmemdup()
- fix segfault on x64: Do not reuse va_lists (found by Celestar)


v0.17 (2006-08-06)
==================
This release fixes memory corruption issues and improper zeroing.

- use standard allocators
- fix memory corruption issue
- enhance debugging messages with file/line
- fix improper zeroing (deceived as memory corruption)


v0.16 (2006-07-30)
==================
The GDM SIGCHLD workaround handling has been improved, essential
environment variables for FUSE daemons are now set, and configure has
two new options (--slibdir and --sbindir).

- SIGCHLD handling updated
- set important environment variables for fuse daemons
- added new --slibdir and --ssbindir options to configure
- documentation updates


v0.15 (2006-07-26)
==================
- mount.crypt and umount.crypt are installed to /sbin rather
  than /usr/sbin; /bin/mount only looks into /sbin
- KRB5 credentials are now set in the environment
- fix XDM crash, for GCC >= 4.x
- disable debug output by default (confused gksu) [sf bug #1524325]
- do FUSE mounts done unprivileged [sf bug #1489657 and ML]
- fixed: /bin/login sends SIGHUP/SIGTERM to outstanding session
  processes after PAM completed; this killed fuse daemons
- work around XDM crash (symbol clash), for GCC <= 3.x;
  the proper solution would be that XDM be NOT compiled with -rdynamic
- properly truncate /var/run/pam_mount/YOURNAME files [sf bug #1503246]


v0.13 (2006-04-01)
==================
Before SVN, patchsets were used.

[patch 01/11] January 28 2006
- src/readconfig.c, mount.c: mount volumes with user credentials,
  not as root
- src/mount.c: add a swift error message for people using broken distros

[patch 02/11] January 28 2006
- config/pam_mount.conf, readconfig.c: lsof is in /usr/bin

[patch 03/11] February 23 2006
- dry/pam_mount.spec: fixed: forgot to clean out unpackaged files

[patch 04/11] February 27 2006
- config/pam_mount.conf: update some examples

[patch 05/11] Februrary 27 2006
- scripts/mount.crypt: fix SED expression

[patch 06/11] March 04 2006
- src/mount.c: add an extra hint for old distros

[patch 07/11] March 19 2006
- src/*.h: fix position of #include's, they need to be before extern "C".

[patch 08/11] March 19 2006
- config/pam_mount.conf: fix examples for shares with spaces

[patch 09/11] March 19 2006
- src/pam_mount.c: relookup user (for LDAP)

[patch 10/11] April 01 2006
- use own SIGCHLD handler during pam_mount operations (try to fix a
  quirk with GDM)

[patch 11/11] April 01 2006
- configure: enforce straight /lib position for pam_mount Linux


v0.12.2 (2006-01-31)
====================
Mount smbfs and cifs mounts with ownership belonging to the user
rather than root.


v0.12.0 (2006-01-11)
====================
This version fixes an fd leak, expansion problems with @group and a
wrong inversion. The smb/ncp filesystem types have been superseded by
smbfs/ncpfs. Support for secondary "@@groups" was added.


v0.11 (2005-12-28)
==================
- fix some memory leaks, unterminated strings, extra trailing
  slashes, double frees
- fixed: wildcards were not expanded for "@group"s
- account for trailing slashes and path resolution in umount.crypt


v0.10 (2005-11-18)
==================
- support ANY [kernel] filesystem (yes, finally) -- includes tmpfs,
  fuse mounts and --bind operations.
- merged various patches and fixes by Bastian Kleineidam
- handle symlinks better (read: resolve them, so that the result
  matches /bin/mount's resolving behavior)
- implemented group volumes, to be used by "volume @xyz ..."
- cleaned the code up here and there