|
|
|
@ -31,9 +31,11 @@ The selabel APIs for looking up the context should be thread-safe (per
|
|
|
|
|
Red Hat #273081), so switching to using them instead of matchpathcon(),
|
|
|
|
|
which we used earlier, is some improvement.
|
|
|
|
|
|
|
|
|
|
--- krb5-1.13.orig/src/aclocal.m4
|
|
|
|
|
+++ krb5-1.13/src/aclocal.m4
|
|
|
|
|
@@ -87,6 +87,7 @@ AC_SUBST_FILE(libnodeps_frag)
|
|
|
|
|
Index: krb5-1.16.1/src/aclocal.m4
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/aclocal.m4
|
|
|
|
|
+++ krb5-1.16.1/src/aclocal.m4
|
|
|
|
|
@@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag)
|
|
|
|
|
dnl
|
|
|
|
|
KRB5_AC_PRAGMA_WEAK_REF
|
|
|
|
|
WITH_LDAP
|
|
|
|
@ -41,7 +43,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
KRB5_LIB_PARAMS
|
|
|
|
|
KRB5_AC_INITFINI
|
|
|
|
|
KRB5_AC_ENABLE_THREADS
|
|
|
|
|
@@ -1738,3 +1739,51 @@ AC_SUBST(PAM_LIBS)
|
|
|
|
|
@@ -1763,3 +1764,51 @@ AC_SUBST(PAM_LIBS)
|
|
|
|
|
AC_SUBST(PAM_MAN)
|
|
|
|
|
AC_SUBST(NON_PAM_MAN)
|
|
|
|
|
])dnl
|
|
|
|
@ -93,9 +95,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
+LIBS="$old_LIBS"
|
|
|
|
|
+AC_SUBST(SELINUX_LIBS)
|
|
|
|
|
+])dnl
|
|
|
|
|
--- krb5-1.13.orig/src/config/pre.in
|
|
|
|
|
+++ krb5-1.13/src/config/pre.in
|
|
|
|
|
@@ -174,6 +174,7 @@ LD = $(PURE) @LD@
|
|
|
|
|
Index: krb5-1.16.1/src/config/pre.in
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/config/pre.in
|
|
|
|
|
+++ krb5-1.16.1/src/config/pre.in
|
|
|
|
|
@@ -177,6 +177,7 @@ LD = $(PURE) @LD@
|
|
|
|
|
KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include
|
|
|
|
|
LDFLAGS = @LDFLAGS@
|
|
|
|
|
LIBS = @LIBS@
|
|
|
|
@ -103,7 +107,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
|
|
|
|
|
INSTALL=@INSTALL@
|
|
|
|
|
INSTALL_STRIP=
|
|
|
|
|
@@ -394,7 +395,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
|
|
|
|
|
@@ -399,7 +400,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
|
|
|
|
|
# HESIOD_LIBS is -lhesiod...
|
|
|
|
|
HESIOD_LIBS = @HESIOD_LIBS@
|
|
|
|
|
|
|
|
|
@ -111,10 +115,12 @@ which we used earlier, is some improvement.
|
|
|
|
|
+KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB)
|
|
|
|
|
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
|
|
|
|
|
GSS_LIBS = $(GSS_KRB5_LIB)
|
|
|
|
|
# needs fixing if ever used on Mac OS X!
|
|
|
|
|
--- krb5-1.13.orig/src/configure.in
|
|
|
|
|
+++ krb5-1.13/src/configure.in
|
|
|
|
|
@@ -1287,6 +1287,8 @@ AC_PATH_PROG(GROFF, groff)
|
|
|
|
|
# needs fixing if ever used on macOS!
|
|
|
|
|
Index: krb5-1.16.1/src/configure.in
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/configure.in
|
|
|
|
|
+++ krb5-1.16.1/src/configure.in
|
|
|
|
|
@@ -1308,6 +1308,8 @@ AC_PATH_PROG(GROFF, groff)
|
|
|
|
|
|
|
|
|
|
KRB5_WITH_PAM
|
|
|
|
|
|
|
|
|
@ -123,9 +129,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
# Make localedir work in autoconf 2.5x.
|
|
|
|
|
if test "${localedir+set}" != set; then
|
|
|
|
|
localedir='$(datadir)/locale'
|
|
|
|
|
--- krb5-1.13.orig/src/include/k5-int.h
|
|
|
|
|
+++ krb5-1.13/src/include/k5-int.h
|
|
|
|
|
@@ -127,6 +127,7 @@ typedef unsigned char u_char;
|
|
|
|
|
Index: krb5-1.16.1/src/include/k5-int.h
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/include/k5-int.h
|
|
|
|
|
+++ krb5-1.16.1/src/include/k5-int.h
|
|
|
|
|
@@ -126,6 +126,7 @@ typedef unsigned char u_char;
|
|
|
|
|
#endif /* HAVE_SYS_TYPES_H */
|
|
|
|
|
#endif /* KRB5_SYSTYPES__ */
|
|
|
|
|
|
|
|
|
@ -133,8 +141,10 @@ which we used earlier, is some improvement.
|
|
|
|
|
|
|
|
|
|
#include "k5-platform.h"
|
|
|
|
|
|
|
|
|
|
Index: krb5-1.16.1/src/include/k5-label.h
|
|
|
|
|
===================================================================
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ krb5-1.13/src/include/k5-label.h
|
|
|
|
|
+++ krb5-1.16.1/src/include/k5-label.h
|
|
|
|
|
@@ -0,0 +1,32 @@
|
|
|
|
|
+#ifndef _KRB5_LABEL_H
|
|
|
|
|
+#define _KRB5_LABEL_H
|
|
|
|
@ -168,8 +178,10 @@ which we used earlier, is some improvement.
|
|
|
|
|
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
|
|
|
|
+#endif
|
|
|
|
|
+#endif
|
|
|
|
|
--- krb5-1.13.orig/src/include/krb5/krb5.hin
|
|
|
|
|
+++ krb5-1.13/src/include/krb5/krb5.hin
|
|
|
|
|
Index: krb5-1.16.1/src/include/krb5/krb5.hin
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/include/krb5/krb5.hin
|
|
|
|
|
+++ krb5-1.16.1/src/include/krb5/krb5.hin
|
|
|
|
|
@@ -87,6 +87,12 @@
|
|
|
|
|
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
|
|
|
|
#endif
|
|
|
|
@ -183,8 +195,10 @@ which we used earlier, is some improvement.
|
|
|
|
|
#define KRB5_OLD_CRYPTO
|
|
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
--- krb5-1.13.orig/src/kadmin/dbutil/dump.c
|
|
|
|
|
+++ krb5-1.13/src/kadmin/dbutil/dump.c
|
|
|
|
|
Index: krb5-1.16.1/src/kadmin/dbutil/dump.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/kadmin/dbutil/dump.c
|
|
|
|
|
+++ krb5-1.16.1/src/kadmin/dbutil/dump.c
|
|
|
|
|
@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname
|
|
|
|
|
{
|
|
|
|
|
int fd = -1;
|
|
|
|
@ -216,8 +230,10 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (*fd == -1) {
|
|
|
|
|
com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
|
|
|
|
|
exit_status++;
|
|
|
|
|
--- krb5-1.13.orig/src/build-tools/krb5-config.in
|
|
|
|
|
+++ krb5-1.13/src/build-tools/krb5-config.in
|
|
|
|
|
Index: krb5-1.16.1/src/build-tools/krb5-config.in
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/build-tools/krb5-config.in
|
|
|
|
|
+++ krb5-1.16.1/src/build-tools/krb5-config.in
|
|
|
|
|
@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@'
|
|
|
|
|
DEFCCNAME='@DEFCCNAME@'
|
|
|
|
|
DEFKTNAME='@DEFKTNAME@'
|
|
|
|
@ -235,9 +251,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
# here.
|
|
|
|
|
|
|
|
|
|
echo $lib_flags
|
|
|
|
|
--- krb5-1.15.orig/src/lib/kadm5/logger.c 2016-12-01 23:31:24.000000000 +0100
|
|
|
|
|
+++ krb5-1.15/src/lib/kadm5/logger.c 2016-12-03 21:08:16.107101435 +0100
|
|
|
|
|
@@ -414,7 +414,7 @@
|
|
|
|
|
Index: krb5-1.16.1/src/lib/kadm5/logger.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/lib/kadm5/logger.c
|
|
|
|
|
+++ krb5-1.16.1/src/lib/kadm5/logger.c
|
|
|
|
|
@@ -414,7 +414,7 @@ krb5_klog_init(krb5_context kcontext, ch
|
|
|
|
|
*/
|
|
|
|
|
append = (cp[4] == ':') ? O_APPEND : 0;
|
|
|
|
|
if (append || cp[4] == '=') {
|
|
|
|
@ -246,7 +264,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
S_IRUSR | S_IWUSR | S_IRGRP);
|
|
|
|
|
if (fd != -1)
|
|
|
|
|
f = fdopen(fd, append ? "a" : "w");
|
|
|
|
|
@@ -918,7 +918,7 @@
|
|
|
|
|
@@ -918,7 +918,7 @@ krb5_klog_reopen(krb5_context kcontext)
|
|
|
|
|
* In case the old logfile did not get moved out of the
|
|
|
|
|
* way, open for append to prevent squashing the old logs.
|
|
|
|
|
*/
|
|
|
|
@ -255,9 +273,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (f) {
|
|
|
|
|
set_cloexec_file(f);
|
|
|
|
|
log_control.log_entries[lindex].lfu_filep = f;
|
|
|
|
|
--- krb5-1.15.orig/src/lib/krb5/keytab/kt_file.c 2016-12-01 23:31:25.000000000 +0100
|
|
|
|
|
+++ krb5-1.15/src/lib/krb5/keytab/kt_file.c 2016-12-03 17:33:05.520679326 +0100
|
|
|
|
|
@@ -1022,14 +1022,14 @@
|
|
|
|
|
Index: krb5-1.16.1/src/lib/krb5/keytab/kt_file.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/lib/krb5/keytab/kt_file.c
|
|
|
|
|
+++ krb5-1.16.1/src/lib/krb5/keytab/kt_file.c
|
|
|
|
|
@@ -1024,14 +1024,14 @@ krb5_ktfileint_open(krb5_context context
|
|
|
|
|
|
|
|
|
|
KTCHECKLOCK(id);
|
|
|
|
|
errno = 0;
|
|
|
|
@ -274,9 +294,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (!KTFILEP(id))
|
|
|
|
|
goto report_errno;
|
|
|
|
|
writevno = 1;
|
|
|
|
|
--- krb5-1.15.orig/src/plugins/kdb/db2/adb_openclose.c 2016-12-01 23:31:25.000000000 +0100
|
|
|
|
|
+++ krb5-1.15/src/plugins/kdb/db2/adb_openclose.c 2016-12-03 17:34:40.565150626 +0100
|
|
|
|
|
@@ -152,7 +152,7 @@
|
|
|
|
|
Index: krb5-1.16.1/src/plugins/kdb/db2/adb_openclose.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/plugins/kdb/db2/adb_openclose.c
|
|
|
|
|
+++ krb5-1.16.1/src/plugins/kdb/db2/adb_openclose.c
|
|
|
|
|
@@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char
|
|
|
|
|
* needs be open read/write so that write locking can work with
|
|
|
|
|
* POSIX systems
|
|
|
|
|
*/
|
|
|
|
@ -285,8 +307,10 @@ which we used earlier, is some improvement.
|
|
|
|
|
/*
|
|
|
|
|
* maybe someone took away write permission so we could only
|
|
|
|
|
* get shared locks?
|
|
|
|
|
--- krb5-1.13.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
|
|
|
|
+++ krb5-1.13/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
|
|
|
|
Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
|
|
|
|
+++ krb5-1.16.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
|
|
|
|
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
@ -304,8 +328,10 @@ which we used earlier, is some improvement.
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
--- krb5-1.13.orig/src/plugins/kdb/db2/libdb2/hash/hash.c
|
|
|
|
|
+++ krb5-1.13/src/plugins/kdb/db2/libdb2/hash/hash.c
|
|
|
|
|
Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/hash/hash.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/plugins/kdb/db2/libdb2/hash/hash.c
|
|
|
|
|
+++ krb5-1.16.1/src/plugins/kdb/db2/libdb2/hash/hash.c
|
|
|
|
|
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
#endif
|
|
|
|
@ -314,7 +340,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
#include "db-int.h"
|
|
|
|
|
#include "hash.h"
|
|
|
|
|
#include "page.h"
|
|
|
|
|
@@ -140,7 +141,7 @@ __kdb2_hash_open(file, flags, mode, info
|
|
|
|
|
@@ -129,7 +130,7 @@ __kdb2_hash_open(file, flags, mode, info
|
|
|
|
|
new_table = 1;
|
|
|
|
|
}
|
|
|
|
|
if (file) {
|
|
|
|
@ -323,9 +349,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
RETURN_ERROR(errno, error0);
|
|
|
|
|
(void)fcntl(hashp->fp, F_SETFD, 1);
|
|
|
|
|
}
|
|
|
|
|
--- krb5-1.13.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
|
|
|
|
+++ krb5-1.13/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
|
|
|
|
@@ -178,7 +178,7 @@ done:
|
|
|
|
|
Index: krb5-1.16.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
|
|
|
|
+++ krb5-1.16.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
|
|
|
|
@@ -203,7 +203,7 @@ kdb5_ldap_stash_service_password(int arg
|
|
|
|
|
|
|
|
|
|
/* set password in the file */
|
|
|
|
|
old_mode = umask(0177);
|
|
|
|
@ -334,7 +362,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (pfile == NULL) {
|
|
|
|
|
com_err(me, errno, _("Failed to open file %s: %s"), file_name,
|
|
|
|
|
strerror (errno));
|
|
|
|
|
@@ -219,6 +219,9 @@ done:
|
|
|
|
|
@@ -244,6 +244,9 @@ kdb5_ldap_stash_service_password(int arg
|
|
|
|
|
* Delete the existing entry and add the new entry
|
|
|
|
|
*/
|
|
|
|
|
FILE *newfile;
|
|
|
|
@ -344,7 +372,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
|
|
|
|
|
mode_t omask;
|
|
|
|
|
|
|
|
|
|
@@ -230,7 +233,13 @@ done:
|
|
|
|
|
@@ -255,7 +258,13 @@ kdb5_ldap_stash_service_password(int arg
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
omask = umask(077);
|
|
|
|
@ -358,9 +386,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
umask (omask);
|
|
|
|
|
if (newfile == NULL) {
|
|
|
|
|
com_err(me, errno, _("Error creating file %s"), tmp_file);
|
|
|
|
|
--- krb5-1.13.orig/src/util/profile/prof_file.c
|
|
|
|
|
+++ krb5-1.13/src/util/profile/prof_file.c
|
|
|
|
|
@@ -30,6 +30,7 @@
|
|
|
|
|
Index: krb5-1.16.1/src/util/profile/prof_file.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/util/profile/prof_file.c
|
|
|
|
|
+++ krb5-1.16.1/src/util/profile/prof_file.c
|
|
|
|
|
@@ -33,6 +33,7 @@
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include "k5-platform.h"
|
|
|
|
@ -368,7 +398,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
|
|
|
|
|
struct global_shared_profile_data {
|
|
|
|
|
/* This is the head of the global list of shared trees */
|
|
|
|
|
@@ -411,7 +412,7 @@ static errcode_t write_data_to_file(prf_
|
|
|
|
|
@@ -423,7 +424,7 @@ static errcode_t write_data_to_file(prf_
|
|
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
|
|
|
|
|
@ -377,9 +407,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (!f) {
|
|
|
|
|
retval = errno;
|
|
|
|
|
if (retval == 0)
|
|
|
|
|
--- krb5-1.13.orig/src/util/support/Makefile.in
|
|
|
|
|
+++ krb5-1.13/src/util/support/Makefile.in
|
|
|
|
|
@@ -59,6 +59,7 @@ IPC_SYMS= \
|
|
|
|
|
Index: krb5-1.16.1/src/util/support/Makefile.in
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/util/support/Makefile.in
|
|
|
|
|
+++ krb5-1.16.1/src/util/support/Makefile.in
|
|
|
|
|
@@ -69,6 +69,7 @@ IPC_SYMS= \
|
|
|
|
|
|
|
|
|
|
STLIBOBJS= \
|
|
|
|
|
threads.o \
|
|
|
|
@ -387,7 +419,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
init-addrinfo.o \
|
|
|
|
|
plugins.o \
|
|
|
|
|
errors.o \
|
|
|
|
|
@@ -131,7 +132,7 @@ SRCS=\
|
|
|
|
|
@@ -149,7 +150,7 @@ SRCS=\
|
|
|
|
|
|
|
|
|
|
SHLIB_EXPDEPS =
|
|
|
|
|
# Add -lm if dumping thread stats, for sqrt.
|
|
|
|
@ -396,8 +428,10 @@ which we used earlier, is some improvement.
|
|
|
|
|
|
|
|
|
|
DEPLIBS=
|
|
|
|
|
|
|
|
|
|
Index: krb5-1.16.1/src/util/support/selinux.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ krb5-1.13/src/util/support/selinux.c
|
|
|
|
|
+++ krb5-1.16.1/src/util/support/selinux.c
|
|
|
|
|
@@ -0,0 +1,381 @@
|
|
|
|
|
+/*
|
|
|
|
|
+ * Copyright 2007,2008,2009,2011,2012,2013 Red Hat, Inc. All Rights Reserved.
|
|
|
|
@ -780,9 +814,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+#endif
|
|
|
|
|
--- krb5-1.13.orig/src/lib/krb5/rcache/rc_dfl.c
|
|
|
|
|
+++ krb5-1.13/src/lib/krb5/rcache/rc_dfl.c
|
|
|
|
|
@@ -794,6 +794,9 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
|
|
|
|
Index: krb5-1.16.1/src/lib/krb5/rcache/rc_dfl.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/lib/krb5/rcache/rc_dfl.c
|
|
|
|
|
+++ krb5-1.16.1/src/lib/krb5/rcache/rc_dfl.c
|
|
|
|
|
@@ -793,6 +793,9 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
|
|
|
|
krb5_error_code retval = 0;
|
|
|
|
|
krb5_rcache tmp;
|
|
|
|
|
krb5_deltat lifespan = t->lifespan; /* save original lifespan */
|
|
|
|
@ -792,7 +828,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
|
|
|
|
|
if (! t->recovering) {
|
|
|
|
|
name = t->name;
|
|
|
|
|
@@ -815,7 +818,17 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
|
|
|
|
@@ -814,7 +817,17 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
|
|
|
|
retval = krb5_rc_resolve(context, tmp, 0);
|
|
|
|
|
if (retval)
|
|
|
|
|
goto cleanup;
|
|
|
|
@ -810,8 +846,10 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (retval)
|
|
|
|
|
goto cleanup;
|
|
|
|
|
for (q = t->a; q; q = q->na) {
|
|
|
|
|
--- krb5-1.13.orig/src/lib/krb5/ccache/cc_dir.c
|
|
|
|
|
+++ krb5-1.13/src/lib/krb5/ccache/cc_dir.c
|
|
|
|
|
Index: krb5-1.16.1/src/lib/krb5/ccache/cc_dir.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/lib/krb5/ccache/cc_dir.c
|
|
|
|
|
+++ krb5-1.16.1/src/lib/krb5/ccache/cc_dir.c
|
|
|
|
|
@@ -183,10 +183,19 @@ write_primary_file(const char *primary_p
|
|
|
|
|
char *newpath = NULL;
|
|
|
|
|
FILE *fp = NULL;
|
|
|
|
@ -858,9 +896,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
k5_setmsg(context, KRB5_FCC_NOFILE,
|
|
|
|
|
_("Credential cache directory %s does not exist"),
|
|
|
|
|
dirname);
|
|
|
|
|
--- krb5-1.13.orig/src/lib/krb5/os/trace.c
|
|
|
|
|
+++ krb5-1.13/src/lib/krb5/os/trace.c
|
|
|
|
|
@@ -397,7 +397,7 @@ krb5_set_trace_filename(krb5_context con
|
|
|
|
|
Index: krb5-1.16.1/src/lib/krb5/os/trace.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/lib/krb5/os/trace.c
|
|
|
|
|
+++ krb5-1.16.1/src/lib/krb5/os/trace.c
|
|
|
|
|
@@ -398,7 +398,7 @@ krb5_set_trace_filename(krb5_context con
|
|
|
|
|
fd = malloc(sizeof(*fd));
|
|
|
|
|
if (fd == NULL)
|
|
|
|
|
return ENOMEM;
|
|
|
|
@ -869,9 +909,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (*fd == -1) {
|
|
|
|
|
free(fd);
|
|
|
|
|
return errno;
|
|
|
|
|
--- krb5-1.13.orig/src/plugins/kdb/db2/kdb_db2.c
|
|
|
|
|
+++ krb5-1.13/src/plugins/kdb/db2/kdb_db2.c
|
|
|
|
|
@@ -695,8 +695,8 @@ ctx_create_db(krb5_context context, krb5
|
|
|
|
|
Index: krb5-1.16.1/src/plugins/kdb/db2/kdb_db2.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/plugins/kdb/db2/kdb_db2.c
|
|
|
|
|
+++ krb5-1.16.1/src/plugins/kdb/db2/kdb_db2.c
|
|
|
|
|
@@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5
|
|
|
|
|
if (retval)
|
|
|
|
|
return retval;
|
|
|
|
|
|
|
|
|
@ -882,8 +924,10 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (dbc->db_lf_file < 0) {
|
|
|
|
|
retval = errno;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
--- krb5-1.13.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
|
|
|
|
+++ krb5-1.13/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
|
|
|
|
Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
|
|
|
|
+++ krb5-1.16.1/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
|
|
|
|
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
@ -902,9 +946,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
|
|
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
|
|
|
|
|
--- krb5-1.13.orig/src/kdc/main.c
|
|
|
|
|
+++ krb5-1.13/src/kdc/main.c
|
|
|
|
|
@@ -847,7 +847,7 @@ write_pid_file(const char *path)
|
|
|
|
|
Index: krb5-1.16.1/src/kdc/main.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/kdc/main.c
|
|
|
|
|
+++ krb5-1.16.1/src/kdc/main.c
|
|
|
|
|
@@ -873,7 +873,7 @@ write_pid_file(const char *path)
|
|
|
|
|
FILE *file;
|
|
|
|
|
unsigned long pid;
|
|
|
|
|
|
|
|
|
@ -913,9 +959,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (file == NULL)
|
|
|
|
|
return errno;
|
|
|
|
|
pid = (unsigned long) getpid();
|
|
|
|
|
--- krb5-1.13.orig/src/lib/kdb/kdb_log.c
|
|
|
|
|
+++ krb5-1.13/src/lib/kdb/kdb_log.c
|
|
|
|
|
@@ -464,7 +464,7 @@ ulog_map(krb5_context context, const cha
|
|
|
|
|
Index: krb5-1.16.1/src/lib/kdb/kdb_log.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/lib/kdb/kdb_log.c
|
|
|
|
|
+++ krb5-1.16.1/src/lib/kdb/kdb_log.c
|
|
|
|
|
@@ -484,7 +484,7 @@ ulog_map(krb5_context context, const cha
|
|
|
|
|
if (extend_file_to(ulogfd, filesize) < 0)
|
|
|
|
|
return errno;
|
|
|
|
|
} else {
|
|
|
|
@ -924,9 +972,11 @@ which we used earlier, is some improvement.
|
|
|
|
|
if (ulogfd == -1)
|
|
|
|
|
return errno;
|
|
|
|
|
}
|
|
|
|
|
--- krb5-1.13.orig/src/slave/kpropd.c
|
|
|
|
|
+++ krb5-1.13/src/slave/kpropd.c
|
|
|
|
|
@@ -460,7 +460,9 @@ doit(int fd)
|
|
|
|
|
Index: krb5-1.16.1/src/slave/kpropd.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- krb5-1.16.1.orig/src/slave/kpropd.c
|
|
|
|
|
+++ krb5-1.16.1/src/slave/kpropd.c
|
|
|
|
|
@@ -488,7 +488,9 @@ doit(int fd)
|
|
|
|
|
krb5_enctype etype;
|
|
|
|
|
int database_fd;
|
|
|
|
|
char host[INET6_ADDRSTRLEN + 1];
|
|
|
|
@ -937,7 +987,7 @@ which we used earlier, is some improvement.
|
|
|
|
|
signal_wrapper(SIGALRM, alarm_handler);
|
|
|
|
|
alarm(params.iprop_resync_timeout);
|
|
|
|
|
fromlen = sizeof(from);
|
|
|
|
|
@@ -516,9 +518,15 @@ doit(int fd)
|
|
|
|
|
@@ -543,9 +545,15 @@ doit(int fd)
|
|
|
|
|
free(name);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|