From 5d2358dad00be804025ac39f79cbae0df75c33e7f67a767c4678fbb0bcb79248 Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Fri, 26 Jan 2007 16:41:59 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=4

---
 ...-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif |   21 -
 ...-003-fix-free-of-uninitialized-pointer.dif | 1530 -----------------
 krb5-1.5.1-fix-ftp-var-used-uninitialized.dif |   11 +
 krb5-1.5.1.tar.bz2                            |    3 -
 krb5-1.6-fix-passwd-tcp.dif                   |   18 +
 krb5-1.6-fix-sendto_kdc-memset.dif            |   20 +
 krb5-1.6-post.dif                             |  189 ++
 krb5-1.6.tar.bz2                              |    3 +
 krb5-doc.changes                              |    9 +
 krb5-doc.spec                                 |   24 +-
 krb5-plugins.changes                          |   16 +
 krb5-plugins.spec                             |  220 +++
 krb5.changes                                  |   25 +-
 krb5.spec                                     |   50 +-
 ...rncat-warning.dif => trunk-fix-strncat.dif |    0
 vendor-files.tar.bz2                          |    4 +-
 warning-fix-util-support.dif                  |   71 -
 17 files changed, 561 insertions(+), 1653 deletions(-)
 delete mode 100644 krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
 delete mode 100644 krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
 create mode 100644 krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
 delete mode 100644 krb5-1.5.1.tar.bz2
 create mode 100644 krb5-1.6-fix-passwd-tcp.dif
 create mode 100644 krb5-1.6-fix-sendto_kdc-memset.dif
 create mode 100644 krb5-1.6-post.dif
 create mode 100644 krb5-1.6.tar.bz2
 create mode 100644 krb5-plugins.changes
 create mode 100644 krb5-plugins.spec
 rename krb5-1.5.1-fix-strncat-warning.dif => trunk-fix-strncat.dif (100%)
 delete mode 100644 warning-fix-util-support.dif

diff --git a/krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif b/krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
deleted file mode 100644
index 0a98d4e..0000000
--- a/krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
+++ /dev/null
@@ -1,21 +0,0 @@
---- src/lib/rpc/svc.c
-+++ src/lib/rpc/svc.c	2006/12/05 10:03:35
-@@ -437,6 +437,8 @@
- #endif
- }
- 
-+extern struct svc_auth_ops svc_auth_gss_ops;
-+
- static void
- svc_do_xprt(SVCXPRT *xprt)
- {
-@@ -518,6 +520,9 @@
- 		if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
- 			SVC_DESTROY(xprt);
- 			break;
-+                } else if ((xprt->xp_auth != NULL) &&
-+                           (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
-+                        xprt->xp_auth = NULL;
- 		}
- 	} while (stat == XPRT_MOREREQS);
- 
diff --git a/krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif b/krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
deleted file mode 100644
index 5ec5d90..0000000
--- a/krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
+++ /dev/null
@@ -1,1530 +0,0 @@
---- src/kadmin/server/ovsec_kadmd.c
-+++ src/kadmin/server/ovsec_kadmd.c	2006/12/05 10:48:20
-@@ -990,6 +990,11 @@
-      int i;
-      const char *procname;
- 
-+     client.length = 0;
-+     client.value = NULL;
-+     server.length = 0;
-+     server.value = NULL;
-+
-      (void) gss_display_name(&minor, client_name, &client, &gss_type);
-      (void) gss_display_name(&minor, server_name, &server, &gss_type);
-      if (client.value == NULL)
---- src/lib/gssapi/mechglue/g_accept_sec_context.c
-+++ src/lib/gssapi/mechglue/g_accept_sec_context.c	2006/12/05 11:45:31
-@@ -33,6 +33,58 @@
- #include <string.h>
- #include <errno.h>
- 
-+static OM_uint32
-+val_acc_sec_ctx_args(
-+    OM_uint32 *minor_status,
-+    gss_ctx_id_t *context_handle,
-+    gss_cred_id_t verifier_cred_handle,
-+    gss_buffer_t input_token_buffer,
-+    gss_channel_bindings_t input_chan_bindings,
-+    gss_name_t *src_name,
-+    gss_OID *mech_type,
-+    gss_buffer_t output_token,
-+    OM_uint32 *ret_flags,
-+    OM_uint32 *time_rec,
-+    gss_cred_id_t *d_cred)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (src_name != NULL)
-+      *src_name = GSS_C_NO_NAME;
-+
-+    if (mech_type != NULL)
-+      *mech_type = GSS_C_NO_OID;
-+
-+    if (output_token != GSS_C_NO_BUFFER) {
-+      output_token->length = 0;
-+      output_token->value = NULL;
-+    }
-+
-+    if (d_cred != NULL)
-+      *d_cred = GSS_C_NO_CREDENTIAL;
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (context_handle == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (input_token_buffer == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_READ);
-+
-+    if (output_token == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_accept_sec_context (minor_status,
-                         context_handle,
-@@ -70,25 +122,20 @@
-     gss_OID		token_mech_type = &token_mech_type_desc;
-     gss_mechanism	mech;
-     
--    /* check parameters first */
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
-- 
--    if (context_handle == NULL || output_token == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
-- 
--    /* clear optional fields */
--    output_token->value = NULL;
--    output_token->length = 0;
--    if (src_name)
--	*src_name = NULL;
--
--    if (mech_type)
--	*mech_type = NULL;
-+    status = val_acc_sec_ctx_args(minor_status,
-+                                  context_handle,
-+                                  verifier_cred_handle,
-+                                  input_token_buffer,
-+                                  input_chan_bindings,
-+                                  src_name,
-+                                  mech_type,
-+                                  output_token,
-+                                  ret_flags,
-+                                  time_rec,
-+                                  d_cred);
-+    if (status != GSS_S_COMPLETE)
-+        return (status);
- 
--    if (d_cred)
--	*d_cred = NULL;
-     /*
-      * if context_handle is GSS_C_NO_CONTEXT, allocate a union context
-      * descriptor to hold the mech type information as well as the
---- src/lib/gssapi/mechglue/g_acquire_cred.c
-+++ src/lib/gssapi/mechglue/g_acquire_cred.c	2006/12/05 11:21:11
-@@ -71,6 +71,43 @@
-     return actual_mechs;
- }
- 
-+static OM_uint32
-+val_acq_cred_args(
-+    OM_uint32 *minor_status,
-+    gss_name_t desired_name,
-+    OM_uint32 time_req,
-+    gss_OID_set desired_mechs,
-+    int cred_usage,
-+    gss_cred_id_t *output_cred_handle,
-+    gss_OID_set *actual_mechs,
-+    OM_uint32 *time_rec)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (output_cred_handle != NULL)
-+      *output_cred_handle = GSS_C_NO_CREDENTIAL;
-+
-+    if (actual_mechs != NULL)
-+      *actual_mechs = GSS_C_NULL_OID_SET;
-+
-+    if (time_rec != NULL)
-+      *time_rec = 0;
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (output_cred_handle == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
- 
- OM_uint32 KRB5_CALLCONV
- gss_acquire_cred(minor_status,
-@@ -101,22 +138,19 @@
-     int i;
-     gss_union_cred_t creds;
- 
--    /* start by checking parameters */
--    if (!minor_status)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--    
--    if (!output_cred_handle)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
--
--    *output_cred_handle = GSS_C_NO_CREDENTIAL;
--
--    /* Set output parameters to NULL for now */
--    if (actual_mechs)
--	*actual_mechs = GSS_C_NULL_OID_SET;
-+    major = val_acq_cred_args(minor_status,
-+                             desired_name,
-+                             time_req,
-+                             desired_mechs,
-+                             cred_usage,
-+                             output_cred_handle,
-+                             actual_mechs,
-+                             time_rec);
-+    if (major != GSS_S_COMPLETE)
-+       return (major);
- 
--    if (time_rec)
--	*time_rec = 0;
-+    /* Initial value needed below. */
-+    major = GSS_S_FAILURE;
- 
-     /*
-      * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an
-@@ -208,6 +242,52 @@
-     return (GSS_S_COMPLETE);
- }
- 
-+static OM_uint32
-+val_add_cred_args(
-+    OM_uint32 *minor_status,
-+    gss_cred_id_t input_cred_handle,
-+    gss_name_t desired_name,
-+    gss_OID desired_mech,
-+    gss_cred_usage_t cred_usage,
-+    OM_uint32 initiator_time_req,
-+    OM_uint32 acceptor_time_req,
-+    gss_cred_id_t *output_cred_handle,
-+    gss_OID_set *actual_mechs,
-+    OM_uint32 *initiator_time_rec,
-+    OM_uint32 *acceptor_time_rec)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (output_cred_handle != NULL)
-+      *output_cred_handle = GSS_C_NO_CREDENTIAL;
-+
-+    if (actual_mechs != NULL)
-+      *actual_mechs = GSS_C_NO_OID_SET;
-+
-+    if (acceptor_time_rec != NULL)
-+      *acceptor_time_rec = 0;
-+
-+    if (initiator_time_rec != NULL)
-+      *initiator_time_rec = 0;
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
-+      output_cred_handle == NULL)
-+
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- /* V2 KRB5_CALLCONV */
- OM_uint32 KRB5_CALLCONV
- gss_add_cred(minor_status, input_cred_handle,
-@@ -238,26 +318,19 @@
-     gss_OID		new_mechs_array = NULL;
-     gss_cred_id_t *	new_cred_array = NULL;
- 
--    /* check input parameters */
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--
--    if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
--	output_cred_handle == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
--
--    if (output_cred_handle)
--	*output_cred_handle = GSS_C_NO_CREDENTIAL;
--
--    if (actual_mechs)
--	*actual_mechs = NULL;
--
--    if (acceptor_time_rec)
--	*acceptor_time_rec = 0;
--
--    if (initiator_time_rec)
--	*initiator_time_rec = 0;
-+    status = val_add_cred_args(minor_status,
-+                              input_cred_handle,
-+                              desired_name,
-+                              desired_mech,
-+                              cred_usage,
-+                              initiator_time_req,
-+                              acceptor_time_req,
-+                              output_cred_handle,
-+                              actual_mechs,
-+                              initiator_time_rec,
-+                              acceptor_time_rec);
-+    if (status != GSS_S_COMPLETE)
-+       return (status);
- 
-     mech = gssint_get_mechanism(desired_mech);
-     if (!mech)
---- src/lib/gssapi/mechglue/g_canon_name.c
-+++ src/lib/gssapi/mechglue/g_canon_name.c	2006/12/05 10:59:33
-@@ -25,6 +25,34 @@
- #include <string.h>
- #include <errno.h>
- 
-+static OM_uint32
-+val_canon_name_args(
-+      OM_uint32 *minor_status,
-+      const gss_name_t input_name,
-+      const gss_OID mech_type,
-+      gss_name_t *output_name)
-+{
-+
-+      /* Initialize outputs. */
-+
-+      if (minor_status != NULL)
-+              *minor_status = 0;
-+
-+      if (output_name != NULL)
-+              *output_name = GSS_C_NO_NAME;
-+
-+      /* Validate arguments. */
-+
-+      if (minor_status == NULL)
-+              return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+      if (input_name == GSS_C_NO_NAME || mech_type == GSS_C_NULL_OID)
-+              return (GSS_S_CALL_INACCESSIBLE_READ);
-+
-+      return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_canonicalize_name(minor_status,
- 				input_name,
-@@ -38,17 +66,15 @@
- 	gss_union_name_t in_union, out_union = NULL, dest_union = NULL;
- 	OM_uint32 major_status = GSS_S_FAILURE;
- 
--	if (minor_status == NULL)
--		return (GSS_S_CALL_INACCESSIBLE_WRITE);
--
--	*minor_status = 0;
--
--	if (output_name)
--		*output_name = 0;
-+	major_status = val_canon_name_args(minor_status,
-+					   input_name,
-+					   mech_type,
-+					   output_name);
-+	if (major_status != GSS_S_COMPLETE)
-+		return (major_status);
- 
--	/* check the input parameters */
--	if (input_name == NULL || mech_type == GSS_C_NULL_OID)
--		return (GSS_S_CALL_INACCESSIBLE_READ);
-+	/* Initial value needed below. */
-+	major_status = GSS_S_FAILURE;
- 
- 	in_union = (gss_union_name_t)input_name;
- 	/*
---- src/lib/gssapi/mechglue/g_compare_name.c
-+++ src/lib/gssapi/mechglue/g_compare_name.c	2006/12/05 12:40:50
-@@ -33,6 +33,31 @@
- #endif
- #include <string.h>
- 
-+static OM_uint32
-+val_comp_name_args(
-+    OM_uint32 *minor_status,
-+    gss_name_t name1,
-+    gss_name_t name2,
-+    int *name_equal)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    /* Validate arguments. */
-+
-+    if (name1 == GSS_C_NO_NAME || name2 == GSS_C_NO_NAME)
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
-+
-+    if (name_equal == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_compare_name (minor_status,
-                   name1,
-@@ -50,15 +75,10 @@
-     gss_mechanism	mech;
-     gss_name_t		internal_name;
-     
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--
--    if (name1 == 0 || name2 == 0)
--	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
--
--    if (name_equal == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+    major_status = val_comp_name_args(minor_status,
-+                                      name1, name2, name_equal);
-+    if (major_status != GSS_S_COMPLETE)
-+        return (major_status);
- 
-     union_name1 = (gss_union_name_t) name1;
-     union_name2 = (gss_union_name_t) name2;
---- src/lib/gssapi/mechglue/g_delete_sec_context.c
-+++ src/lib/gssapi/mechglue/g_delete_sec_context.c	2006/12/05 11:49:10
-@@ -32,6 +32,34 @@
- #include <stdlib.h>
- #endif
- 
-+static OM_uint32
-+val_del_sec_ctx_args(
-+    OM_uint32 *minor_status,
-+    gss_ctx_id_t *context_handle,
-+    gss_buffer_t output_token)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (output_token != GSS_C_NO_BUFFER) {
-+      output_token->length = 0;
-+      output_token->value = NULL;
-+    }
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CONTEXT);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
- OM_uint32 KRB5_CALLCONV 
- gss_delete_sec_context (minor_status,
-                         context_handle,
-@@ -46,17 +74,9 @@
-     gss_union_ctx_id_t	ctx;
-     gss_mechanism	mech;
-     
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--
--    if (output_token != GSS_C_NO_BUFFER) {
--	output_token->length = 0;
--	output_token->value = NULL;
--    }
--
--    /* if the context_handle is Null, return NO_CONTEXT error */
--    if(context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
--	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
-+    status = val_del_sec_ctx_args(minor_status, context_handle, output_token);
-+    if (status != GSS_S_COMPLETE)
-+        return (status);
- 
-     /*
-      * select the approprate underlying mechanism routine and
---- src/lib/gssapi/mechglue/g_dsp_name.c
-+++ src/lib/gssapi/mechglue/g_dsp_name.c	2006/12/05 11:22:35
-@@ -34,6 +34,42 @@
- #endif
- #include <string.h>
- 
-+static OM_uint32
-+val_dsp_name_args(
-+    OM_uint32 *minor_status,
-+    gss_name_t input_name,
-+    gss_buffer_t output_name_buffer,
-+    gss_OID *output_name_type)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (output_name_buffer != GSS_C_NO_BUFFER) {
-+      output_name_buffer->length = 0;
-+      output_name_buffer->value = NULL;
-+    }
-+
-+    if (output_name_type != NULL)
-+      *output_name_type = GSS_C_NO_OID;
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (output_name_buffer == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (input_name == GSS_C_NO_NAME)
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_display_name (minor_status,
-                   input_name,
-@@ -49,18 +85,10 @@
-     OM_uint32		major_status;
-     gss_union_name_t	union_name;
-     
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--
--    if (input_name == 0)
--	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
--
--    if (output_name_buffer == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--
--    if (output_name_type)
--	*output_name_type = NULL;
-+    major_status = val_dsp_name_args(minor_status, input_name,
-+                                     output_name_buffer, output_name_type);
-+    if (major_status != GSS_S_COMPLETE)
-+        return (major_status);
- 
-     union_name = (gss_union_name_t) input_name;
- 
---- src/lib/gssapi/mechglue/g_dsp_status.c
-+++ src/lib/gssapi/mechglue/g_dsp_status.c	2006/12/05 11:29:19
-@@ -54,17 +54,19 @@
-     gss_OID		mech_type = (gss_OID) req_mech_type;
-     gss_mechanism	mech;
- 
--    /* check the input parameters */
--    if (!minor_status)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+    if (minor_status != NULL)
-+       *minor_status = 0;
- 
--    *minor_status = 0;
-+    if (status_string != GSS_C_NO_BUFFER) {
-+       status_string->length = 0;
-+       status_string->value = NULL;
-+    }
- 
--    if (!message_context || status_string == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+    if (minor_status == NULL ||
-+        message_context == NULL ||
-+        status_string == GSS_C_NO_BUFFER)
- 
--    status_string->length = 0;
--    status_string->value = NULL;
-+       return (GSS_S_CALL_INACCESSIBLE_WRITE);
- 
-     /* we handle major status codes, and the mechs do the minor */
-     if (status_type == GSS_C_GSS_CODE)
---- src/lib/gssapi/mechglue/g_dup_name.c
-+++ src/lib/gssapi/mechglue/g_dup_name.c	2006/12/05 11:27:38
-@@ -19,6 +19,37 @@
- #include <string.h>
- #include <errno.h>
- 
-+static OM_uint32
-+val_dup_name_args(
-+      OM_uint32 *minor_status,
-+      const gss_name_t src_name,
-+      gss_name_t *dest_name)
-+{
-+
-+      /* Initialize outputs. */
-+
-+      if (minor_status != NULL)
-+              *minor_status = 0;
-+
-+      if (dest_name != NULL)
-+              *dest_name = GSS_C_NO_NAME;
-+
-+      /* Validate arguments. */
-+
-+      if (minor_status == NULL)
-+              return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+      /* if output_name is NULL, simply return */
-+      if (dest_name == NULL)
-+              return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+      if (src_name == GSS_C_NO_NAME)
-+              return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
-+
-+      return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_duplicate_name(minor_status,
- 		src_name,
-@@ -31,19 +62,9 @@
- 		OM_uint32 major_status = GSS_S_FAILURE;
- 
- 
--	if (!minor_status)
--		return (GSS_S_CALL_INACCESSIBLE_WRITE);
--
--	*minor_status = 0;
--
--	/* if output_name is NULL, simply return */
--	if (dest_name == NULL)
--		return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_BAD_NAME);
--
--	*dest_name = 0;
--
--	if (src_name == NULL)
--		return (GSS_S_CALL_INACCESSIBLE_READ);
-+        major_status = val_dup_name_args(minor_status, src_name, dest_name);
-+        if (major_status != GSS_S_COMPLETE)
-+                return (major_status);
- 
- 	src_union = (gss_union_name_t)src_name;
- 
---- src/lib/gssapi/mechglue/g_export_name.c
-+++ src/lib/gssapi/mechglue/g_export_name.c	2006/12/05 11:14:26
-@@ -29,19 +29,22 @@
- {
- 	gss_union_name_t		union_name;
- 
-+	/* Initialize outputs. */
- 
--	if (minor_status)
-+	if (minor_status != NULL)
- 		*minor_status = 0;
- 
--	/* check out parameter */
--	if (!exported_name)
--		return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+	if (exported_name != GSS_C_NO_BUFFER) {
-+		exported_name->value = NULL;
-+		exported_name->length = 0;
-+	}
-+
-+	/* Validate arguments. */
- 
--	exported_name->value = NULL;
--	exported_name->length = 0;
-+	if (minor_status == NULL || exported_name == GSS_C_NO_BUFFER)
-+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
- 
--	/* check input parameter */
--	if (!input_name)
-+	if (input_name == GSS_C_NO_NAME)
- 		return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
- 
- 	union_name = (gss_union_name_t)input_name;
---- src/lib/gssapi/mechglue/g_exp_sec_context.c
-+++ src/lib/gssapi/mechglue/g_exp_sec_context.c	2006/12/05 10:57:19
-@@ -34,6 +34,38 @@
- #endif
- #include <string.h>
- 
-+static OM_uint32
-+val_exp_sec_ctx_args(
-+    OM_uint32 *minor_status,
-+    gss_ctx_id_t *context_handle,
-+    gss_buffer_t interprocess_token)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (interprocess_token != GSS_C_NO_BUFFER) {
-+      interprocess_token->length = 0;
-+      interprocess_token->value = NULL;
-+    }
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
-+
-+    if (interprocess_token == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_export_sec_context(minor_status,
-                        context_handle,
-@@ -51,15 +83,11 @@
-     gss_buffer_desc	token;
-     char		*buf;
-     
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--
--    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
--	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
- 
--    if (interprocess_token == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_READ);
-+     status = val_exp_sec_ctx_args(minor_status,
-+                                 context_handle, interprocess_token);
-+     if (status != GSS_S_COMPLETE)
-+       return (status);
- 
-     /*
-      * select the approprate underlying mechanism routine and
---- src/lib/gssapi/mechglue/g_imp_name.c
-+++ src/lib/gssapi/mechglue/g_imp_name.c	2006/12/05 12:39:46
-@@ -38,6 +38,40 @@
- /* local function to import GSS_C_EXPORT_NAME names */
- static OM_uint32 importExportName(OM_uint32 *, gss_union_name_t);
- 
-+static OM_uint32
-+val_imp_name_args(
-+    OM_uint32 *minor_status,
-+    gss_buffer_t input_name_buffer,
-+    gss_OID input_name_type,
-+    gss_name_t *output_name)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (output_name != NULL)
-+      *output_name = GSS_C_NO_NAME;
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (output_name == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (input_name_buffer == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
-+
-+    if (GSS_EMPTY_BUFFER(input_name_buffer))
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_import_name(minor_status,
-                 input_name_buffer,
-@@ -53,22 +87,11 @@
-     gss_union_name_t	union_name;
-     OM_uint32		tmp, major_status = GSS_S_FAILURE;
- 
--    /* check output parameters */
--    if (!minor_status)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--
--    *minor_status = 0;
--
--    if (output_name == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--
--    *output_name = 0;
--
--    if (input_name_buffer == GSS_C_NO_BUFFER)
--	return (GSS_S_BAD_NAME);
--
--    if (GSS_EMPTY_BUFFER(input_name_buffer))
--	return (GSS_S_BAD_NAME);
-+    major_status = val_imp_name_args(minor_status,
-+                                     input_name_buffer, input_name_type,
-+                                     output_name);
-+    if (major_status != GSS_S_COMPLETE)
-+        return (major_status);
- 
-     /*
-      * First create the union name struct that will hold the external
---- src/lib/gssapi/mechglue/g_imp_sec_context.c
-+++ src/lib/gssapi/mechglue/g_imp_sec_context.c	2006/12/05 11:16:45
-@@ -34,6 +34,38 @@
- #endif
- #include <string.h>
- 
-+static OM_uint32
-+val_imp_sec_ctx_args(
-+    OM_uint32 *minor_status,
-+    gss_buffer_t interprocess_token,
-+    gss_ctx_id_t *context_handle)
-+{
-+
-+    /* Initialize outputs. */
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (context_handle != NULL)
-+      *context_handle = GSS_C_NO_CONTEXT;
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (context_handle == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (interprocess_token == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_DEFECTIVE_TOKEN);
-+
-+    if (GSS_EMPTY_BUFFER(interprocess_token))
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_DEFECTIVE_TOKEN);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_import_sec_context(minor_status,
-                        interprocess_token,
-@@ -51,17 +83,12 @@
-     gss_buffer_desc	token;
-     gss_mechanism	mech;
-     
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--    
--    if (context_handle == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CONTEXT);
--    *context_handle = GSS_C_NO_CONTEXT;
--
--    if (GSS_EMPTY_BUFFER(interprocess_token))
--	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_DEFECTIVE_TOKEN);
-+    status = val_imp_sec_ctx_args(minor_status,
-+                                  interprocess_token, context_handle);
-+    if (status != GSS_S_COMPLETE)
-+       return (status);
- 
-+    /* Initial value needed below. */
-     status = GSS_S_FAILURE;
- 
-     ctx = (gss_union_ctx_id_t) malloc(sizeof(gss_union_ctx_id_desc));
---- src/lib/gssapi/mechglue/g_initialize.c
-+++ src/lib/gssapi/mechglue/g_initialize.c	2006/12/05 11:05:13
-@@ -142,18 +142,21 @@
- 	int i, j;
- 	gss_OID curItem;
- 
--	if (!minorStatus)
--		return (GSS_S_CALL_INACCESSIBLE_WRITE);
--	if (gssint_initialize_library())
--		return GSS_S_FAILURE;
-+	/* Initialize outputs. */
- 
--	*minorStatus = 0;
-+	if (minorStatus != NULL)
-+		*minorStatus = 0;
- 
-+	if (mechSet != NULL)
-+		*mechSet = GSS_C_NO_OID_SET;
- 
--	/* check output parameter */
--	if (mechSet == NULL)
-+	/* Validate arguments. */
-+	if (minorStatus == NULL || mechSet == NULL)
- 		return (GSS_S_CALL_INACCESSIBLE_WRITE);
- 
-+	if (gssint_initialize_library())
-+		return GSS_S_FAILURE;
-+
- 	if (build_mechSet())
- 		return GSS_S_FAILURE;
- 
---- src/lib/gssapi/mechglue/g_init_sec_context.c
-+++ src/lib/gssapi/mechglue/g_init_sec_context.c	2006/12/05 12:37:22
-@@ -33,6 +33,54 @@
- #endif
- #include <string.h>
- 
-+static OM_uint32
-+val_init_sec_ctx_args(
-+    OM_uint32 *minor_status,
-+    gss_cred_id_t claimant_cred_handle,
-+    gss_ctx_id_t *context_handle,
-+    gss_name_t target_name,
-+    gss_OID req_mech_type,
-+    OM_uint32 req_flags,
-+    OM_uint32 time_req,
-+    gss_channel_bindings_t input_chan_bindings,
-+    gss_buffer_t input_token,
-+    gss_OID *actual_mech_type,
-+    gss_buffer_t output_token,
-+    OM_uint32 *ret_flags,
-+    OM_uint32 *time_rec)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (actual_mech_type != NULL)
-+      *actual_mech_type = GSS_C_NO_OID;
-+
-+    if (output_token != GSS_C_NO_BUFFER) {
-+      output_token->length = 0;
-+      output_token->value = NULL;
-+    }
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (context_handle == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CONTEXT);
-+
-+    if (target_name == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
-+
-+    if (output_token == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_init_sec_context (minor_status,
-                       claimant_cred_handle,
-@@ -72,30 +120,21 @@
-     gss_mechanism	mech;
-     gss_cred_id_t	input_cred_handle;
- 
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--    output_token->length = 0;
--    output_token->value = NULL;
--
--    /* clear output values */
--    if (actual_mech_type)
--	*actual_mech_type = NULL;
--
--    if (context_handle == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CONTEXT);
--
--    union_name = (gss_union_name_t) target_name;
--
--    if (target_name == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
--
--    if (output_token == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--
--    output_token->value = NULL;
--    output_token->length = 0;
--
-+    status = val_init_sec_ctx_args(minor_status,
-+                                   claimant_cred_handle,
-+                                   context_handle,
-+                                   target_name,
-+                                   req_mech_type,
-+                                   req_flags,
-+                                   time_req,
-+                                   input_chan_bindings,
-+                                   input_token,
-+                                   actual_mech_type,
-+                                   output_token,
-+                                   ret_flags,
-+                                   time_rec);
-+    if (status != GSS_S_COMPLETE)
-+        return (status);
- 
-     if (req_mech_type)
- 	mech_type = (gss_OID)req_mech_type;
---- src/lib/gssapi/mechglue/g_inq_context.c
-+++ src/lib/gssapi/mechglue/g_inq_context.c	2006/12/05 11:43:43
-@@ -31,6 +31,45 @@
- #include <stdlib.h>
- #endif
- 
-+static OM_uint32
-+val_inq_ctx_args(
-+    OM_uint32 *minor_status,
-+    gss_ctx_id_t context_handle,
-+    gss_name_t *src_name,
-+    gss_name_t *targ_name,
-+    OM_uint32 *lifetime_rec,
-+    gss_OID *mech_type,
-+    OM_uint32 *ctx_flags,
-+    int *locally_initiated,
-+    int *open)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (src_name != NULL)
-+      *src_name = GSS_C_NO_NAME;
-+
-+    if (targ_name != NULL)
-+      *targ_name = GSS_C_NO_NAME;
-+
-+    if (mech_type != NULL)
-+      *mech_type = GSS_C_NO_OID;
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (context_handle == GSS_C_NO_CONTEXT)
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- /* Last argument new for V2 */
- OM_uint32 KRB5_CALLCONV
- gss_inquire_context(
-@@ -61,24 +100,14 @@
-     OM_uint32		status, temp_minor;
-     gss_name_t localTargName = NULL, localSourceName = NULL;
-     
--    if (!minor_status)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--
--    *minor_status = 0;
--    
--    /* if the context_handle is Null, return NO_CONTEXT error */
--    if (context_handle == GSS_C_NO_CONTEXT)
--	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
--
--    /* set all output value to NULL */
--    if (src_name)
--	*src_name = NULL;
--
--    if (targ_name)
--	*targ_name = NULL;
--
--    if (mech_type)
--	*mech_type = NULL;
-+    status = val_inq_ctx_args(minor_status,
-+                              context_handle,
-+                              src_name, targ_name,
-+                              lifetime_rec,
-+                              mech_type, ctx_flags,
-+                              locally_initiated, open);
-+    if (status != GSS_S_COMPLETE)
-+        return (status);
-     
-     /*
-      * select the approprate underlying mechanism routine and
---- src/lib/gssapi/mechglue/g_inq_cred.c
-+++ src/lib/gssapi/mechglue/g_inq_cred.c	2006/12/05 12:38:48
-@@ -56,16 +56,20 @@
-     gss_name_t		internal_name;
-     int			i;
-     
--    /* check parms and set to defaults */
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+        *minor_status = 0;
- 
--    if (name)
--	*name = NULL;
-+    if (name != NULL)
-+        *name = GSS_C_NO_NAME;
- 
--    if (mechanisms)
--	*mechanisms = NULL;
-+    if (mechanisms != NULL)
-+        *mechanisms = GSS_C_NO_OID_SET;
-+
-+    /* Validate arguments. */
-+    if (minor_status == NULL)
-+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
- 
-     if (cred_handle == GSS_C_NO_CREDENTIAL) {
- 	/*
-@@ -216,6 +220,14 @@
-     OM_uint32		status, temp_minor_status;
-     gss_name_t		internal_name;
- 
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (name != NULL)
-+      *name = GSS_C_NO_NAME;
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
- 
-     mech = gssint_get_mechanism (mech_type);
-     if (!mech)
---- src/lib/gssapi/mechglue/g_inq_names.c
-+++ src/lib/gssapi/mechglue/g_inq_names.c	2006/12/05 11:11:27
-@@ -41,10 +41,19 @@
- {
-     OM_uint32		status;
-     gss_mechanism	mech;
-+
-+     /* Initialize outputs. */
-+
-+     if (minor_status != NULL)
-+       *minor_status = 0;
-+
-+     if (name_types != NULL)
-+       *name_types = GSS_C_NO_OID_SET;
-+
-+     /* Validate arguments. */
-     
-     if (minor_status == NULL)
- 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
- 
-     if (name_types == NULL)
- 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
-@@ -72,6 +81,33 @@
-     
-     return (GSS_S_BAD_MECH);
- }
-+
-+static OM_uint32
-+val_inq_mechs4name_args(
-+    OM_uint32 *minor_status,
-+    const gss_name_t input_name,
-+    gss_OID_set *mech_set)
-+{
-+
-+    /* Initialize outputs. */
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (mech_set != NULL)
-+      *mech_set = GSS_C_NO_OID_SET;
-+
-+    /* Validate arguments.e
-+ */
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (input_name == GSS_C_NO_NAME)
-+      return (GSS_S_BAD_NAME);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_inquire_mechs_for_name(minor_status, input_name, mech_set)
- 
-@@ -90,12 +126,9 @@
-     gss_buffer_desc		name_buffer;
-     int			i;
- 
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--
--    if (input_name == NULL)
--	return (GSS_S_BAD_NAME);
-+    status = val_inq_mechs4name_args(minor_status, input_name, mech_set);
-+    if (status != GSS_S_COMPLETE)
-+        return (status);
- 
-     status = gss_create_empty_oid_set(minor_status, mech_set);
-     if (status != GSS_S_COMPLETE)
---- src/lib/gssapi/mechglue/g_process_context.c
-+++ src/lib/gssapi/mechglue/g_process_context.c	2006/12/05 10:48:20
-@@ -49,6 +49,9 @@
-     if (context_handle == GSS_C_NO_CONTEXT)
- 	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
- 
-+    if (token_buffer == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_READ);
-+
-     if (GSS_EMPTY_BUFFER(token_buffer))
- 	return (GSS_S_CALL_INACCESSIBLE_READ);
- 
---- src/lib/gssapi/mechglue/g_seal.c
-+++ src/lib/gssapi/mechglue/g_seal.c	2006/12/05 11:18:00
-@@ -28,6 +28,45 @@
- 
- #include "mglueP.h"
- 
-+static OM_uint32
-+val_seal_args(
-+    OM_uint32 *minor_status,
-+    gss_ctx_id_t context_handle,
-+    int conf_req_flag,
-+    int qop_req,
-+    gss_buffer_t input_message_buffer,
-+    int *conf_state,
-+    gss_buffer_t output_message_buffer)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (output_message_buffer != GSS_C_NO_BUFFER) {
-+      output_message_buffer->length = 0;
-+      output_message_buffer->value = NULL;
-+    }
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (context_handle == GSS_C_NO_CONTEXT)
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
-+
-+    if (input_message_buffer == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_READ);
-+
-+    if (output_message_buffer == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_seal (minor_status,
-           context_handle,
-@@ -51,18 +90,12 @@
-     gss_union_ctx_id_t	ctx;
-     gss_mechanism	mech;
- 
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--
--    if (context_handle == GSS_C_NO_CONTEXT)
--	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
--
--    if (input_message_buffer == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_READ);
--
--    if (output_message_buffer == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+    status = val_seal_args(minor_status, context_handle,
-+                          conf_req_flag, qop_req,
-+                          input_message_buffer, conf_state,
-+                          output_message_buffer);
-+    if (status != GSS_S_COMPLETE)
-+       return (status);
- 
-     /*
-      * select the approprate underlying mechanism routine and
---- src/lib/gssapi/mechglue/g_sign.c
-+++ src/lib/gssapi/mechglue/g_sign.c	2006/12/05 11:46:42
-@@ -28,6 +28,43 @@
- 
- #include "mglueP.h"
- 
-+static OM_uint32
-+val_sign_args(
-+    OM_uint32 *minor_status,
-+    gss_ctx_id_t context_handle,
-+    int qop_req,
-+    gss_buffer_t message_buffer,
-+    gss_buffer_t msg_token)
-+{
-+
-+    /* Initialize outputs. */
-+
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (msg_token != GSS_C_NO_BUFFER) {
-+      msg_token->value = NULL;
-+      msg_token->length = 0;
-+    }
-+
-+    /* Validate arguments. */
-+
-+    if (minor_status == NULL)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    if (context_handle == GSS_C_NO_CONTEXT)
-+      return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
-+
-+    if (message_buffer == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_READ);
-+
-+    if (msg_token == GSS_C_NO_BUFFER)
-+      return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+    return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 KRB5_CALLCONV
- gss_sign (minor_status,
-           context_handle,
-@@ -46,21 +83,11 @@
-     gss_union_ctx_id_t	ctx;
-     gss_mechanism	mech;
- 
--    if (minor_status == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
--
--    if (context_handle == GSS_C_NO_CONTEXT)
--	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
--
--    if (message_buffer == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_READ);
--
--    if (msg_token == NULL)
--	return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+    status = val_sign_args(minor_status, context_handle,
-+                           qop_req, message_buffer, msg_token);
-+    if (status != GSS_S_COMPLETE)
-+        return (status);
- 
--    msg_token->value = NULL;
--    msg_token->length = 0;
-     /*
-      * select the approprate underlying mechanism routine and
-      * call it.
---- src/lib/gssapi/mechglue/g_store_cred.c
-+++ src/lib/gssapi/mechglue/g_store_cred.c	2006/12/05 10:54:48
-@@ -11,6 +11,38 @@
- 
- #include <mglueP.h>
- 
-+static OM_uint32
-+val_store_cred_args(
-+      OM_uint32 *minor_status,
-+      const gss_cred_id_t input_cred_handle,
-+      gss_cred_usage_t cred_usage,
-+      const gss_OID desired_mech,
-+      OM_uint32 overwrite_cred,
-+      OM_uint32 default_cred,
-+      gss_OID_set *elements_stored,
-+      gss_cred_usage_t *cred_usage_stored)
-+{
-+
-+      /* Initialize outputs. */
-+
-+      if (minor_status != NULL)
-+              *minor_status = 0;
-+
-+      if (elements_stored != NULL)
-+              *elements_stored = GSS_C_NULL_OID_SET;
-+
-+      /* Validate arguments. */
-+
-+      if (minor_status == NULL)
-+              return (GSS_S_CALL_INACCESSIBLE_WRITE);
-+
-+      if (input_cred_handle == GSS_C_NO_CREDENTIAL)
-+              return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED);
-+
-+      return (GSS_S_COMPLETE);
-+}
-+
-+
- OM_uint32 gss_store_cred(minor_status,
- 			input_cred_handle,
- 			cred_usage,
-@@ -37,16 +69,19 @@
- 	gss_OID			dmech;
- 	int			i;
- 
--	/* Start by checking parameters */
--	if (minor_status == NULL)
--		return (GSS_S_CALL_INACCESSIBLE_WRITE|GSS_S_NO_CRED);
--	*minor_status = 0;
--
--	if (input_cred_handle == GSS_C_NO_CREDENTIAL)
--		return (GSS_S_CALL_INACCESSIBLE_READ);
-+	major_status = val_store_cred_args(minor_status,
-+                                          input_cred_handle,
-+                                          cred_usage,
-+                                          desired_mech,
-+                                          overwrite_cred,
-+                                          default_cred,
-+                                          elements_stored,
-+                                          cred_usage_stored);
-+	if (major_status != GSS_S_COMPLETE)
-+               return (major_status);
- 
--	if (elements_stored != NULL)
--		*elements_stored = GSS_C_NULL_OID_SET;
-+	/* Initial value needed below. */
-+	major_status = GSS_S_FAILURE;
- 
- 	if (cred_usage_stored != NULL)
- 		*cred_usage_stored = GSS_C_BOTH; /* there's no GSS_C_NEITHER */
---- src/lib/gssapi/mechglue/g_unseal.c
-+++ src/lib/gssapi/mechglue/g_unseal.c	2006/12/05 11:26:17
-@@ -49,22 +49,27 @@
-     gss_union_ctx_id_t	ctx;
-     gss_mechanism	mech;
- 
-+     if (minor_status != NULL)
-+       *minor_status = 0;
-+
-+     if (output_message_buffer != GSS_C_NO_BUFFER) {
-+       output_message_buffer->length = 0;
-+       output_message_buffer->value = NULL;
-+     }
-+
-     if (minor_status == NULL)
- 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
--    *minor_status = 0;
- 
-     if (context_handle == GSS_C_NO_CONTEXT)
- 	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
- 
--    if (GSS_EMPTY_BUFFER(input_message_buffer))
-+    if (input_message_buffer == GSS_C_NO_BUFFER ||
-+        GSS_EMPTY_BUFFER(input_message_buffer))
- 	return (GSS_S_CALL_INACCESSIBLE_READ);
- 
--    if (output_message_buffer == NULL)
-+    if (output_message_buffer == GSS_C_NO_BUFFER)
- 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
- 
--    output_message_buffer->length = 0;
--    output_message_buffer->value = NULL;
--
-     /*
-      * select the approprate underlying mechanism routine and
-      * call it.
---- src/lib/gssapi/mechglue/g_verify.c
-+++ src/lib/gssapi/mechglue/g_verify.c	2006/12/05 11:07:29
-@@ -54,7 +54,8 @@
-     if (context_handle == GSS_C_NO_CONTEXT)
- 	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
- 
--    if ((message_buffer == NULL) || GSS_EMPTY_BUFFER(token_buffer))
-+    if ((message_buffer == GSS_C_NO_BUFFER) ||
-+         GSS_EMPTY_BUFFER(token_buffer))
- 	return (GSS_S_CALL_INACCESSIBLE_READ);
- 
-     /*
---- src/lib/gssapi/mechglue/oid_ops.c
-+++ src/lib/gssapi/mechglue/oid_ops.c	2006/12/05 12:45:33
-@@ -49,7 +49,7 @@
-     if (minor_status)
- 	*minor_status = 0;
- 
--    if (*oid == GSS_C_NO_OID)
-+    if (oid == NULL || *oid == GSS_C_NO_OID)
- 	return(GSS_S_COMPLETE);
- 
-     /*
-@@ -227,12 +227,18 @@
-     unsigned char	*cp;
-     char		*bp;
- 
--    *minor_status = 0;
-+    if (minor_status != NULL)
-+        *minor_status = 0;
-+
-+    if (oid_str != GSS_C_NO_BUFFER) {
-+        oid_str->length = 0;
-+        oid_str->value = NULL;
-+    }
- 
-     if (oid == NULL || oid->length == 0 || oid->elements == NULL)
- 	return (GSS_S_CALL_INACCESSIBLE_READ);
- 
--    if (oid_str == NULL)
-+    if (oid_str == GSS_C_NO_BUFFER)
- 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
- 
-     /* Decoded according to krb5/gssapi_krb5.c */
-@@ -307,7 +313,11 @@
-     int		index;
-     unsigned char *op;
- 
--    *minor_status = 0;
-+    if (minor_status != NULL)
-+      *minor_status = 0;
-+
-+    if (oid != NULL)
-+      *oid = GSS_C_NO_OID;
- 
-     if (GSS_EMPTY_BUFFER(oid_str))
- 	return (GSS_S_CALL_INACCESSIBLE_READ);
-@@ -458,17 +468,18 @@
-     OM_uint32 major = GSS_S_COMPLETE;
-     OM_uint32 index;
- 
--    if (minor_status)
-+    if (minor_status != NULL)
- 	*minor_status = 0;
- 
--    if (oidset == NULL)
-+    if (new_oidset != NULL)
-+        *new_oidset = GSS_C_NO_OID_SET;
-+
-+    if (oidset == GSS_C_NO_OID_SET)
- 	return (GSS_S_CALL_INACCESSIBLE_READ);
- 
-     if (new_oidset == NULL)
- 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
- 
--    *new_oidset = NULL;
--
-     if ((copy = (gss_OID_set_desc *) calloc(1, sizeof (*copy))) == NULL) {
- 	major = GSS_S_FAILURE;
- 	goto done;
diff --git a/krb5-1.5.1-fix-ftp-var-used-uninitialized.dif b/krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
new file mode 100644
index 0000000..30b1120
--- /dev/null
+++ b/krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
@@ -0,0 +1,11 @@
+--- src/appl/gssftp/ftp/ftp.c
++++ src/appl/gssftp/ftp/ftp.c	2007/01/23 11:19:43
+@@ -1983,7 +1983,7 @@
+ 
+ #ifdef GSSAPI
+ 	if (command("AUTH %s", "GSSAPI") == CONTINUE) {
+-	  OM_uint32 maj_stat, min_stat, dummy_stat;
++	  OM_uint32 maj_stat = GSS_S_FAILURE , min_stat, dummy_stat;
+ 	  gss_name_t target_name;
+ 	  gss_buffer_desc send_tok, recv_tok, *token_ptr;
+ 	  char stbuf[FTP_BUFSIZ];
diff --git a/krb5-1.5.1.tar.bz2 b/krb5-1.5.1.tar.bz2
deleted file mode 100644
index 206dbc0..0000000
--- a/krb5-1.5.1.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a33c68ad46d2262481c18e59a14043e53bf692d7d83f7c88f0827f66324fd686
-size 8524127
diff --git a/krb5-1.6-fix-passwd-tcp.dif b/krb5-1.6-fix-passwd-tcp.dif
new file mode 100644
index 0000000..186c79f
--- /dev/null
+++ b/krb5-1.6-fix-passwd-tcp.dif
@@ -0,0 +1,18 @@
+--- src/lib/krb5/os/changepw.c
++++ src/lib/krb5/os/changepw.c	2007/01/18 13:23:37
+@@ -70,12 +70,14 @@
+ 				      locate_service_kadmin, sockType, 0);
+ 	if (!code) {
+ 	    /* Success with admin_server but now we need to change the
+-	       port number to use DEFAULT_KPASSWD_PORT.  */
++	       port number to use DEFAULT_KPASSWD_PORT and the socktype.  */
+ 	    int i;
+ 	    for (i=0; i<addrlist->naddrs; i++) {
+ 		struct addrinfo *a = addrlist->addrs[i].ai;
+ 		if (a->ai_family == AF_INET)
+ 		    sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
++		if (sockType != SOCK_STREAM)
++		    a->ai_socktype = sockType;
+ 	    }
+ 	}
+     }
diff --git a/krb5-1.6-fix-sendto_kdc-memset.dif b/krb5-1.6-fix-sendto_kdc-memset.dif
new file mode 100644
index 0000000..2a07f5d
--- /dev/null
+++ b/krb5-1.6-fix-sendto_kdc-memset.dif
@@ -0,0 +1,20 @@
+--- src/lib/krb5/os/sendto_kdc.c
++++ src/lib/krb5/os/sendto_kdc.c	2007/01/17 14:17:10
+@@ -1100,7 +1100,7 @@
+                 struct sockaddr *remoteaddr, socklen_t *remoteaddrlen,
+ 		int *addr_used)
+ {
+-    int i, pass;
++    int i = 0, pass;
+     int delay_this_pass = 2;
+     krb5_error_code retval;
+     struct conn_state *conns;
+@@ -1135,7 +1135,7 @@
+ 	    return ENOMEM;
+ 	}
+ 
+-	memset(conns, 0, n_conns * sizeof(callback_data[i]));
++	memset(callback_data, 0, n_conns * sizeof(callback_data[i]));
+     }
+ 
+     for (i = 0; i < n_conns; i++) {
diff --git a/krb5-1.6-post.dif b/krb5-1.6-post.dif
new file mode 100644
index 0000000..29fe697
--- /dev/null
+++ b/krb5-1.6-post.dif
@@ -0,0 +1,189 @@
+Index: src/lib/gssapi/krb5/k5sealv3.c
+===================================================================
+--- src/lib/gssapi/krb5/k5sealv3.c	(.../tags/krb5-1-6-final)	(Revision 19102)
++++ src/lib/gssapi/krb5/k5sealv3.c	(.../branches/krb5-1-6)	(Revision 19102)
+@@ -412,10 +412,16 @@
+ 	    if (load_16_be(althdr) != 0x0504
+ 		|| althdr[2] != ptr[2]
+ 		|| althdr[3] != ptr[3]
+-		|| memcmp(althdr+8, ptr+8, 8))
++		|| memcmp(althdr+8, ptr+8, 8)) {
++		free(plain.data);
+ 		goto defective;
++	    }
+ 	    message_buffer->value = plain.data;
+ 	    message_buffer->length = plain.length - ec - 16;
++	    if(message_buffer->length == 0) {
++	      free(message_buffer->value);
++	      message_buffer->value = NULL;
++	    }
+ 	} else {
+ 	    /* no confidentiality */
+ 	    if (conf_state)
+Index: src/lib/krb5/ccache/ccapi/stdcc.c
+===================================================================
+--- src/lib/krb5/ccache/ccapi/stdcc.c	(.../tags/krb5-1-6-final)	(Revision 19102)
++++ src/lib/krb5/ccache/ccapi/stdcc.c	(.../branches/krb5-1-6)	(Revision 19102)
+@@ -56,6 +56,7 @@
+ 
+ #ifdef USE_CCAPI_V3
+ cc_context_t gCntrlBlock = NULL;
++cc_int32 gCCVersion = 0;
+ #else
+ apiCB *gCntrlBlock = NULL;
+ #endif
+@@ -222,13 +223,59 @@
+ 
+ 
+ #ifdef USE_CCAPI_V3
++
++static krb5_error_code stdccv3_get_timeoffset (krb5_context in_context,
++                                               cc_ccache_t  in_ccache)
++{
++    krb5_error_code err = 0;
++    
++    if (gCCVersion >= ccapi_version_5) {
++        krb5_os_context os_ctx = (krb5_os_context) in_context->os_context;
++        cc_time_t time_offset = 0;
++    
++        err = cc_ccache_get_kdc_time_offset (in_ccache, cc_credentials_v5,
++                                             &time_offset);
++    
++        if (!err) {
++            os_ctx->time_offset = time_offset;
++            os_ctx->usec_offset = 0;
++            os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
++                                KRB5_OS_TOFFSET_VALID);
++        }
++        
++        if (err == ccErrTimeOffsetNotSet) {
++            err = 0;  /* okay if there is no time offset */
++        }
++    }
++    
++    return err; /* Don't translate.  Callers will translate for us */
++}
++
++static krb5_error_code stdccv3_set_timeoffset (krb5_context in_context,
++                                               cc_ccache_t  in_ccache)
++{
++    krb5_error_code err = 0;
++    
++    if (gCCVersion >= ccapi_version_5) {
++        krb5_os_context os_ctx = (krb5_os_context) in_context->os_context;
++        
++        if (!err && os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
++            err = cc_ccache_set_kdc_time_offset (in_ccache, 
++                                                 cc_credentials_v5,
++                                                 os_ctx->time_offset);
++        }
++    }
++    
++    return err; /* Don't translate.  Callers will translate for us */
++}
++
+ static krb5_error_code stdccv3_setup (krb5_context context,
+                                       stdccCacheDataPtr ccapi_data)
+ {
+     krb5_error_code err = 0;
+     
+     if (!err && !gCntrlBlock) {
+-        err = cc_initialize (&gCntrlBlock, ccapi_version_max, NULL, NULL);
++        err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL);
+     }
+     
+     if (!err && ccapi_data && !ccapi_data->NamedCache) {
+@@ -237,6 +284,10 @@
+                                       &ccapi_data->NamedCache);
+     }
+     
++    if (!err && ccapi_data && ccapi_data->NamedCache) {
++        err = stdccv3_get_timeoffset (context, ccapi_data->NamedCache);
++    }
++    
+     return err; /* Don't translate.  Callers will translate for us */
+ }
+ 
+@@ -245,6 +296,7 @@
+ {
+     if (gCntrlBlock) { cc_context_release(gCntrlBlock); }
+     gCntrlBlock = NULL;
++    gCCVersion = 0;
+ }
+ 
+ /*
+@@ -278,11 +330,15 @@
+     }
+     
+     if (!err) {
+-        err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, 0L,
++        err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, "",
+                                             &ccache);
+     }
+     
+     if (!err) {
++        err = stdccv3_set_timeoffset (context, ccache);
++    }
++    
++    if (!err) {
+         err = cc_ccache_get_name (ccache, &ccstring);
+     }
+     
+@@ -395,6 +451,7 @@
+     krb5_error_code err = 0;
+     stdccCacheDataPtr ccapi_data = id->data;
+     char *name = NULL;
++    cc_ccache_t ccache = NULL;
+     
+     if (id == NULL) { err = KRB5_CC_NOMEM; }
+     
+@@ -406,23 +463,28 @@
+         err = krb5_unparse_name(context, princ, &name);
+     }
+     
+-    if (!err && ccapi_data->NamedCache) {
+-        err = cc_ccache_release(ccapi_data->NamedCache);
+-        ccapi_data->NamedCache = NULL;
+-    }
+-    
+     if (!err) {
+         err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name, 
+                                         cc_credentials_v5, name,
+-                                        &ccapi_data->NamedCache);
++                                        &ccache);
+     }
+     
+     if (!err) {
+-        cache_changed();
++        err = stdccv3_set_timeoffset (context, ccache);
+     }
+     
+-    if (name) { krb5_free_unparsed_name(context, name); }
++    if (!err) {
++        if (ccapi_data->NamedCache) {
++            err = cc_ccache_release (ccapi_data->NamedCache);
++        }
++        ccapi_data->NamedCache = ccache;
++        ccache = NULL; /* take ownership */
++        cache_changed ();
++    }
+     
++    if (ccache) { cc_ccache_release (ccache); }
++    if (name  ) { krb5_free_unparsed_name(context, name); }
++    
+     return cc_err_xlate(err);
+ }
+ 
+
+Eigenschaftsänderungen: .
+___________________________________________________________________
+Name: svk:merge
+   - 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:19331
+304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339
+dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199
+dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581
+   + 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:19367
+304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339
+dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199
+dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581
+
diff --git a/krb5-1.6.tar.bz2 b/krb5-1.6.tar.bz2
new file mode 100644
index 0000000..67dbda6
--- /dev/null
+++ b/krb5-1.6.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1986a5a7bc529291bab69a989eae43d121d1f9de1796c38dda36f332ba7c1e93
+size 10322183
diff --git a/krb5-doc.changes b/krb5-doc.changes
index 447d6af..9240445 100644
--- a/krb5-doc.changes
+++ b/krb5-doc.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Jan 22 12:21:20 CET 2007 - mc@suse.de
+
+- update to version 1.6
+  * Major changes in 1.6 include
+    * Partial client implementation to handle server name referrals.
+    * Pre-authentication plug-in framework, donated by Red Hat.
+    * LDAP KDB plug-in, donated by Novell.
+
 -------------------------------------------------------------------
 Thu Aug 24 12:53:25 CEST 2006 - mc@suse.de
 
diff --git a/krb5-doc.spec b/krb5-doc.spec
index 7258bfc..19a3e62 100644
--- a/krb5-doc.spec
+++ b/krb5-doc.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package krb5-doc (Version 1.5.1)
+# spec file for package krb5-doc (Version 1.6)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -12,14 +12,14 @@
 
 Name:           krb5-doc
 BuildRequires:  ghostscript-library latex2html te_ams
-Version:        1.5.1
-Release:        39
-%define srcRoot krb5-1.5.1 
+Version:        1.6
+Release:        4
+%define srcRoot krb5-1.6
 Summary:        MIT Kerberos5 Implementation--Documentation
 License:        X11/MIT
 URL:            http://web.mit.edu/kerberos/www/
 Group:          Documentation/Other
-Source:         krb5-1.5.1.tar.bz2
+Source:         krb5-1.6.tar.bz2
 Source1:        README.Source
 Source2:        Makefile.kadm5
 Patch0:         krb5-1.3.5-perlfix.dif
@@ -62,10 +62,10 @@ latex2html -dir ../html/libdes -mkdir libdes.tex
 cd ../implement
 latex2html -dir ../html/implement -mkdir implement.tex
 cd ..
-mv krb5-admin html/
-mv krb5-install html/
-mv krb5-user html/
-mv krb425 html/
+#mv krb5-admin html/
+#mv krb5-install html/
+#mv krb5-user html/
+#mv krb425 html/
 mv *.html html/
 cd ..
 find . -type f -name '*.ps' -exec gzip -9 {} \;
@@ -86,6 +86,12 @@ rm -rf %{buildroot}
 %doc doc/html
 
 %changelog -n krb5-doc
+* Mon Jan 22 2007 - mc@suse.de
+- update to version 1.6
+  * Major changes in 1.6 include
+  * Partial client implementation to handle server name referrals.
+  * Pre-authentication plug-in framework, donated by Red Hat.
+  * LDAP KDB plug-in, donated by Novell.
 * Thu Aug 24 2006 - mc@suse.de
 - update to version 1.5.1
 - remove obsolete patches which are now included upstream
diff --git a/krb5-plugins.changes b/krb5-plugins.changes
new file mode 100644
index 0000000..0aa0fd4
--- /dev/null
+++ b/krb5-plugins.changes
@@ -0,0 +1,16 @@
+-------------------------------------------------------------------
+Tue Jan 23 17:21:53 CET 2007 - mc@suse.de
+
+- fix "local variable used before set" in ftp.c
+  [#237684]
+- use less BuildRequires 
+
+-------------------------------------------------------------------
+Mon Jan 22 12:21:41 CET 2007 - mc@suse.de
+
+- initial release (version 1.6)
+  * Major changes in 1.6 include
+    * Partial client implementation to handle server name referrals.
+    * Pre-authentication plug-in framework, donated by Red Hat.
+    * LDAP KDB plug-in, donated by Novell.
+ 
diff --git a/krb5-plugins.spec b/krb5-plugins.spec
new file mode 100644
index 0000000..5060519
--- /dev/null
+++ b/krb5-plugins.spec
@@ -0,0 +1,220 @@
+#
+# spec file for package krb5-plugins (Version 1.6)
+#
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# This file and all modifications and additions to the pristine
+# package are under the same license as the package itself.
+#
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+# norootforbuild
+
+Name:           krb5-plugins
+Version:        1.6
+Release:        4
+BuildRequires:  krb5-devel openldap2-devel
+%define srcRoot krb5-1.6 
+%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
+%define krb5docdir  %{_defaultdocdir}/krb5
+Requires:       krb5-server
+Summary:        MIT Kerberos5 Implementation--Libraries
+License:        X11/MIT
+URL:            http://web.mit.edu/kerberos/www/
+Group:          Productivity/Networking/Security
+Source:         krb5-1.6.tar.bz2
+Source1:        vendor-files.tar.bz2
+Source2:        README.Source
+Source3:        spx.c
+Source4:        EncryptWithMasterKey.c
+Patch1:         krb5-1.5.1-fix-too-few-arguments.dif
+Patch2:         krb5-1.4-compile_pie.dif
+Patch3:         krb5-1.4-fix-segfault.dif
+Patch4:         krb5-1.6-post.dif 
+Patch6:         trunk-EncryptWithMasterKey.dif
+Patch14:        warning-fix-lib-crypto-des.dif
+Patch15:        warning-fix-lib-crypto-dk.dif
+Patch16:        warning-fix-lib-crypto.dif
+Patch17:        warning-fix-lib-crypto-enc_provider.dif
+Patch18:        warning-fix-lib-crypto-yarrow_arcfour.dif
+Patch20:        kprop-use-mkstemp.dif
+Patch21:        krb5-1.5.1-fix-var-used-before-value-set.dif
+Patch22:        krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
+#Patch23:        trunk-install-preauth-header.dif
+Patch24:        trunk-fix-strncat.dif
+Patch25:        krb5-1.6-fix-passwd-tcp.dif
+Patch26:        krb5-1.6-fix-sendto_kdc-memset.dif
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+Kerberos V5 is a trusted-third-party network authentication system,
+which can improve your network's security by eliminating the insecure
+practice of clear text passwords.
+
+
+
+Authors:
+--------
+    The MIT Kerberos Team
+    Sam Hartman <hartmans@mit.edu>
+    Ken Raeburn <raeburn@mit.edu>
+    Tom Yu <tlyu@mit.edu>
+
+%package -n krb5-plugin-kdb-ldap
+Requires:       krb5-server = %{version}
+Summary:        MIT Kerberos5 Implementation--LDAP Database Plugin
+License:        X11/MIT
+URL:            http://web.mit.edu/kerberos/www/
+Group:          Productivity/Networking/Security
+
+%description -n krb5-plugin-kdb-ldap
+Kerberos V5 is a trusted-third-party network authentication system,
+which can improve your network's security by eliminating the insecure
+practice of clear text passwords. This package contains the LDAP
+database plugin.
+
+
+
+Authors:
+--------
+    The MIT Kerberos Team
+    Sam Hartman <hartmans@mit.edu>
+    Ken Raeburn <raeburn@mit.edu>
+    Tom Yu <tlyu@mit.edu>
+
+%prep
+%setup -q -n %{srcRoot} 
+%setup -a 1 -T -D -n %{srcRoot}
+if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
+then
+ echo "spx.c contains potential legal risks."
+ exit 1;
+else
+ cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
+fi
+%patch1
+%patch2
+%patch3
+%patch4
+%patch6
+cd %{_builddir}/%{srcRoot}/src
+%patch14
+%patch15
+%patch16
+%patch17
+%patch18
+%patch20
+cd -
+%patch21
+%patch22
+#%patch23
+%patch24
+%patch25
+%patch26
+cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
+
+%build
+cd src
+%{?suse_update_config:%{suse_update_config -f}}
+./util/reconf
+CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -I/usr/include -I%{_builddir}/%{srcRoot}/src/lib/ -fno-strict-aliasing -D_GNU_SOURCE " \
+./configure \
+	--prefix=/usr/lib/mit \
+	--sysconfdir=%{_sysconfdir} \
+	--mandir=%{_mandir} \
+	--infodir=%{_infodir} \
+	--libexecdir=/usr/lib/mit/sbin \
+	--libdir=%{_libdir} \
+	--includedir=%{_includedir} \
+        --localstatedir=%{_localstatedir}/lib/kerberos \
+	--enable-shared \
+	--disable-static \
+	--enable-kdc-replay-cache \
+	--enable-dns-for-realm \
+        --with-ldap \
+        --with-system-et \
+        --with-system-ss
+cd util/profile
+make install-headers-unix
+cd ../../include 
+make
+cd ../lib/kadm5
+make includes
+cd ../gssapi/generic
+make gssapi-include
+ln -s %{_libdir}/libgssrpc.so %{_builddir}/%{srcRoot}/src/lib/
+ln -s %{_libdir}/libgssapi_krb5.so %{_builddir}/%{srcRoot}/src/lib/
+ln -s %{_libdir}/libk5crypto.so %{_builddir}/%{srcRoot}/src/lib/
+ln -s %{_libdir}/libkrb5support.so %{_builddir}/%{srcRoot}/src/lib/
+ln -s %{_libdir}/libkrb5.so %{_builddir}/%{srcRoot}/src/lib/
+ln -s %{_libdir}/libkadm5srv.so %{_builddir}/%{srcRoot}/src/lib/
+ln -s %{_libdir}/libkdb5.so %{_builddir}/%{srcRoot}/src/lib/
+ln -s %{_libdir}/libkrb4.so %{_builddir}/%{srcRoot}/src/lib/
+ln -s %{_libdir}/libdes425.so %{_builddir}/%{srcRoot}/src/lib/
+cd ../../../kadmin/cli
+make getdate.o
+cd ../../plugins/kdb/ldap/
+make %{?jobs:-j%jobs}  
+#make check
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb
+mkdir -p %{buildroot}/%{krb5docdir}
+mkdir -p %{buildroot}/usr/lib/mit/sbin/
+mkdir -p %{buildroot}/%{_mandir}/man8/
+cd src/plugins/kdb/ldap/
+make DESTDIR=%{buildroot} install 
+# all libs must have permissions 0755 
+for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
+do 
+  chmod 0755 ${lib} 
+done
+install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{krb5docdir}/kerberos.schema
+install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{krb5docdir}/kerberos.ldif
+# cleanup
+rm -f  %{buildroot}/usr/share/man/man1/tmac.doc*
+rm -f  /usr/share/man/man1/tmac.doc*
+rm -rf /usr/lib/mit/share
+rm -rf %{buildroot}/usr/lib/mit/share
+#####################################################
+# krb5 pre/post/postun
+#####################################################
+
+%post -n krb5-plugin-kdb-ldap
+%run_ldconfig
+
+%postun -n krb5-plugin-kdb-ldap
+%run_ldconfig
+
+%clean
+rm -rf %{buildroot}
+########################################################
+# files sections
+########################################################
+
+%files -n krb5-plugin-kdb-ldap
+%defattr(-,root,root)
+%dir %{_libdir}/krb5
+%dir %{_libdir}/krb5/plugins
+%dir %{_libdir}/krb5/plugins/kdb
+%dir /usr/lib/mit/sbin/
+%dir %{krb5docdir}
+%doc %{krb5docdir}/kerberos.schema
+%doc %{krb5docdir}/kerberos.ldif
+%{_libdir}/krb5/plugins/kdb/*.so
+/usr/lib/mit/sbin/*
+%{_libdir}/libkdb_ldap*
+%{_mandir}/man8/*
+
+%changelog -n krb5-plugins
+* Tue Jan 23 2007 - mc@suse.de
+- fix "local variable used before set" in ftp.c
+  [#237684]
+- use less BuildRequires
+* Mon Jan 22 2007 - mc@suse.de
+- initial release (version 1.6)
+  * Major changes in 1.6 include
+  * Partial client implementation to handle server name referrals.
+  * Pre-authentication plug-in framework, donated by Red Hat.
+  * LDAP KDB plug-in, donated by Novell.
diff --git a/krb5.changes b/krb5.changes
index 12cf5c3..17d2f8c 100644
--- a/krb5.changes
+++ b/krb5.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Tue Jan 23 17:21:12 CET 2007 - mc@suse.de
+
+- fix "local variable used before set" in ftp.c
+  [#237684]
+
+-------------------------------------------------------------------
+Mon Jan 22 16:39:27 CET 2007 - mc@suse.de
+
+- krb5-devel should require keyutils-devel 
+
+-------------------------------------------------------------------
+Mon Jan 22 12:19:49 CET 2007 - mc@suse.de
+
+- update to version 1.6
+  * Major changes in 1.6 include 
+    * Partial client implementation to handle server name referrals. 
+    * Pre-authentication plug-in framework, donated by Red Hat. 
+    * LDAP KDB plug-in, donated by Novell. 
+- remove obsolete patches
+
 -------------------------------------------------------------------
 Wed Jan 10 11:16:30 CET 2007 - mc@suse.de
 
@@ -8,12 +29,12 @@ Wed Jan 10 11:16:30 CET 2007 - mc@suse.de
 - fix for
     kadmind (via GSS-API mechglue) frees uninitialized pointers
     (CVE-2006-6144)(Bug #225992)
-    krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif 
+    krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
 
 -------------------------------------------------------------------
 Tue Jan  2 14:53:33 CET 2007 - mc@suse.de
 
-- Fix Requires in krb5-devel
+- Fix Requires in krb5-devel 
   [Bug #231008]
 
 -------------------------------------------------------------------
diff --git a/krb5.spec b/krb5.spec
index fd6187e..a6ab569 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package krb5 (Version 1.5.1)
+# spec file for package krb5 (Version 1.6)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -11,10 +11,13 @@
 # norootforbuild
 
 Name:           krb5
-Version:        1.5.1
-Release:        28
+Version:        1.6
+Release:        4
 BuildRequires:  libcom_err
-%define srcRoot krb5-1.5.1 
+%if %{suse_version} > 1010
+BuildRequires:  keyutils keyutils-devel
+%endif
+%define srcRoot krb5-1.6 
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
 %define krb5docdir  %{_defaultdocdir}/%{name}
 Provides:       heimdal-lib
@@ -23,7 +26,7 @@ Summary:        MIT Kerberos5 Implementation--Libraries
 License:        X11/MIT
 URL:            http://web.mit.edu/kerberos/www/
 Group:          Productivity/Networking/Security
-Source:         krb5-1.5.1.tar.bz2
+Source:         krb5-1.6.tar.bz2
 Source1:        vendor-files.tar.bz2
 Source2:        README.Source
 Source3:        spx.c
@@ -31,10 +34,8 @@ Source4:        EncryptWithMasterKey.c
 Patch1:         krb5-1.5.1-fix-too-few-arguments.dif
 Patch2:         krb5-1.4-compile_pie.dif
 Patch3:         krb5-1.4-fix-segfault.dif
-Patch4:         krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
-Patch5:         krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
+Patch4:         krb5-1.6-post.dif
 Patch6:         trunk-EncryptWithMasterKey.dif
-Patch12:        warning-fix-util-support.dif
 Patch14:        warning-fix-lib-crypto-des.dif
 Patch15:        warning-fix-lib-crypto-dk.dif
 Patch16:        warning-fix-lib-crypto.dif
@@ -42,7 +43,11 @@ Patch17:        warning-fix-lib-crypto-enc_provider.dif
 Patch18:        warning-fix-lib-crypto-yarrow_arcfour.dif
 Patch20:        kprop-use-mkstemp.dif
 Patch21:        krb5-1.5.1-fix-var-used-before-value-set.dif
-Patch22:        krb5-1.5.1-fix-strncat-warning.dif
+Patch22:        krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
+#Patch23:        trunk-install-preauth-header.dif
+Patch24:        trunk-fix-strncat.dif
+Patch25:        krb5-1.6-fix-passwd-tcp.dif
+Patch26:        krb5-1.6-fix-sendto_kdc-memset.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch 
 
@@ -109,6 +114,9 @@ Summary:        MIT Kerberos5 - Include Files and Libraries
 Group:          Development/Libraries/C and C++
 PreReq:         %{name} = %{version}
 Requires:       libcom_err 
+%if %{suse_version} > 1010
+Requires:       keyutils-devel
+%endif
 Provides:       heimdal-tools-devel, heimdal-devel
 Obsoletes:      heimdal-tools-devel, heimdal-devel
 
@@ -179,10 +187,8 @@ fi
 %patch2
 %patch3
 %patch4
-%patch5
 %patch6
 cd %{_builddir}/%{srcRoot}/src
-%patch12
 %patch14
 %patch15
 %patch16
@@ -192,6 +198,10 @@ cd %{_builddir}/%{srcRoot}/src
 cd -
 %patch21
 %patch22
+#%patch23
+%patch24
+%patch25
+%patch26
 cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
 
 %build
@@ -275,7 +285,6 @@ install -d -m 755 %{buildroot}/%{krb5docdir}
 install -m 644 %{vendorFiles}/README.ConvertHeimdalMIT %{buildroot}/%{krb5docdir}/README.ConvertHeimdalMIT
 install -m 744 %{vendorFiles}/heimdal2mit-DumpConvert.pl %{buildroot}/%{krb5docdir}/heimdal2mit-DumpConvert.pl
 install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README
-install -m 644 %{_builddir}/%{srcRoot}/doc/CHANGES %{buildroot}/%{krb5docdir}/CHANGES
 install -m 744 %{vendorFiles}/simple_convert_krb5conf.pl %{buildroot}/%{krb5docdir}/simple_convert_krb5conf.pl
 # cleanup
 rm -f  %{buildroot}/usr/share/man/man1/tmac.doc*
@@ -338,7 +347,6 @@ rm -rf %{buildroot}
 %dir %{krb5docdir}
 %attr(0700,root,root) %dir /var/log/krb5
 %doc %{krb5docdir}/README 
-%doc %{krb5docdir}/CHANGES 
 %doc %{krb5docdir}/simple_convert_krb5conf.pl
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
 %attr(0644,root,root) %config /etc/profile.d/krb5*
@@ -381,8 +389,6 @@ rm -rf %{buildroot}
 /usr/lib/mit/sbin/EncryptWithMasterKey
 %{_libdir}/krb5/plugins/kdb/*.so
 %{_mandir}/man5/kdc.conf.5*
-%{_mandir}/man5/krb5.conf.5*
-%{_mandir}/man5/.k5login.5*
 %{_mandir}/man8/sserver.8*
 %{_mandir}/man8/kadmind.8*
 %{_mandir}/man8/kadmin.local.8*
@@ -420,6 +426,8 @@ rm -rf %{buildroot}
 %{_mandir}/man1/klist.1*
 %{_mandir}/man1/sclient.1*
 %{_mandir}/man1/kerberos.1*
+%{_mandir}/man5/krb5.conf.5*
+%{_mandir}/man5/.k5login.5*
 %{_mandir}/man8/kadmin.8*
 %{_mandir}/man8/ktutil.8*
 %{_mandir}/man8/k5srvutil.8*
@@ -484,6 +492,18 @@ rm -rf %{buildroot}
 %{_mandir}/man1/krb5-config.1*
 
 %changelog -n krb5
+* Tue Jan 23 2007 - mc@suse.de
+- fix "local variable used before set" in ftp.c
+  [#237684]
+* Mon Jan 22 2007 - mc@suse.de
+- krb5-devel should require keyutils-devel
+* Mon Jan 22 2007 - mc@suse.de
+- update to version 1.6
+  * Major changes in 1.6 include
+  * Partial client implementation to handle server name referrals.
+  * Pre-authentication plug-in framework, donated by Red Hat.
+  * LDAP KDB plug-in, donated by Novell.
+- remove obsolete patches
 * Wed Jan 10 2007 - mc@suse.de
 - fix for
   kadmind (via RPC library) calls uninitialized function pointer
diff --git a/krb5-1.5.1-fix-strncat-warning.dif b/trunk-fix-strncat.dif
similarity index 100%
rename from krb5-1.5.1-fix-strncat-warning.dif
rename to trunk-fix-strncat.dif
diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2
index 7addfc0..6cac8c7 100644
--- a/vendor-files.tar.bz2
+++ b/vendor-files.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:365b0ed6435c553cd505d595c9f2709b676ae15be3acdb419e6e85a0ec6b91c8
-size 185388
+oid sha256:e8ce2440626a516d24a0baf133f3b5e461b384153dc78bfb59705d7001a8ff2e
+size 185933
diff --git a/warning-fix-util-support.dif b/warning-fix-util-support.dif
deleted file mode 100644
index dfb708b..0000000
--- a/warning-fix-util-support.dif
+++ /dev/null
@@ -1,71 +0,0 @@
-# threads.c: In function 'krb5int_thread_support_init':
-# threads.c:456: warning: implicit declaration of function 'krb5int_err_init'
-# errors.c: In function 'krb5int_vset_error':
-# errors.c:52: warning: passing argument 1 of 'free' discards qualifiers from pointer target type
-# errors.c:59: warning: implicit declaration of function 'vasprintf'
-# errors.c: In function 'krb5int_get_error':
-# errors.c:76: warning: assignment discards qualifiers from pointer target type
-# errors.c:80: warning: implicit declaration of function 'krb5int_call_thread_support_init'
-# errors.c:120: warning: assignment discards qualifiers from pointer target type
-# errors.c: In function 'krb5int_clear_error':
-# errors.c:146: warning: passing argument 2 of 'krb5int_free_error' discards qualifiers from pointer target type
-#
---- util/support/errors.c
-+++ util/support/errors.c	2006/06/21 07:36:30
-@@ -31,6 +31,9 @@
- {
-     return k5_mutex_finish_init (&krb5int_error_info_support_mutex);
- }
-+
-+extern int krb5int_call_thread_support_init(void);
-+
- #define initialize()	krb5int_call_thread_support_init()
- #define lock()		k5_mutex_lock(&krb5int_error_info_support_mutex)
- #define unlock()	k5_mutex_unlock(&krb5int_error_info_support_mutex)
-@@ -49,7 +52,7 @@
- 		    const char *fmt, va_list args)
- {
-     if (ep->msg && ep->msg != ep->scratch_buf) {
--	free (ep->msg);
-+	free ((char*)ep->msg);
- 	ep->msg = NULL;
-     }
-     ep->code = code;
-@@ -73,7 +76,7 @@
-     if (code != ep->code)
- 	krb5int_clear_error (ep);
-     if (ep->msg) {
--	r = ep->msg;
-+	r = (char*)ep->msg;
- 	ep->msg = NULL;
- 	return r;
-     }
-@@ -117,7 +120,7 @@
- 	sprintf (ep->scratch_buf, _("error %ld"), code);
- 	return ep->scratch_buf;
-     }
--    r = fptr(code);
-+    r = (char*)fptr(code);
-     if (r == NULL) {
- 	unlock();
- 	goto format_number;
-@@ -143,7 +146,7 @@
- void
- krb5int_clear_error (struct errinfo *ep)
- {
--    krb5int_free_error (ep, ep->msg);
-+    krb5int_free_error (ep, (char*)ep->msg);
-     ep->msg = NULL;
- }
- 
---- util/support/threads.c
-+++ util/support/threads.c	2006/06/21 07:25:22
-@@ -36,6 +36,8 @@
- MAKE_INIT_FUNCTION(krb5int_thread_support_init);
- MAKE_FINI_FUNCTION(krb5int_thread_support_fini);
- 
-+extern int krb5int_err_init(void);
-+
- #ifndef ENABLE_THREADS /* no thread support */
- 
- static void (*destructors[K5_KEY_MAX])(void *);