aboutsummaryrefslogtreecommitdiffstats
path: root/security/krb5-appl
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2007-04-24 06:10:09 +0800
committercy <cy@FreeBSD.org>2007-04-24 06:10:09 +0800
commitc7d42529989ded1b4f809eee2699df6f55127d28 (patch)
tree984211fa5fbf4e32256f8ee02ef004cca23a99aa /security/krb5-appl
parentea2eb21b1046b036a2f33f774a4c07ccbf31b23e (diff)
downloadfreebsd-ports-gnome-c7d42529989ded1b4f809eee2699df6f55127d28.tar.gz
freebsd-ports-gnome-c7d42529989ded1b4f809eee2699df6f55127d28.tar.zst
freebsd-ports-gnome-c7d42529989ded1b4f809eee2699df6f55127d28.zip
Update from 1.6 to 1.6.1.
Diffstat (limited to 'security/krb5-appl')
-rw-r--r--security/krb5-appl/Makefile3
-rw-r--r--security/krb5-appl/distinfo6
-rw-r--r--security/krb5-appl/files/patch-appl-telnet-telnetd-state.c12
-rw-r--r--security/krb5-appl/files/patch-appl-telnet-telnetd-sys_term.c40
-rw-r--r--security/krb5-appl/files/patch-kadmin-server-kadm_rpc_svc.c31
-rw-r--r--security/krb5-appl/files/patch-kadmin-server-misc.c15
-rw-r--r--security/krb5-appl/files/patch-kadmin-server-misc.h8
-rw-r--r--security/krb5-appl/files/patch-kadmin-server-ovsec_kadmd.c55
-rw-r--r--security/krb5-appl/files/patch-kadmin-server-schpw.c26
-rw-r--r--security/krb5-appl/files/patch-kadmin-server-server_stubs.c608
-rw-r--r--security/krb5-appl/files/patch-kdc-do_tgs_req.c65
-rw-r--r--security/krb5-appl/files/patch-kdc-kdc_util.c10
-rw-r--r--security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c15
-rw-r--r--security/krb5-appl/files/patch-lib-kadm5-logger.c33
-rw-r--r--security/krb5-appl/files/patch-lib::krb5::os::hst_realm.c14
-rw-r--r--security/krb5-appl/files/patch-lib::krb5::os::locate_kdc.c13
16 files changed, 4 insertions, 950 deletions
diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile
index e67393cb7563..5dd2de586d95 100644
--- a/security/krb5-appl/Makefile
+++ b/security/krb5-appl/Makefile
@@ -6,8 +6,7 @@
#
PORTNAME= krb5
-PORTVERSION= 1.6
-PORTREVISION= 2
+PORTVERSION= 1.6.1
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
DISTNAME= ${PORTNAME}-${PORTVERSION}-signed
diff --git a/security/krb5-appl/distinfo b/security/krb5-appl/distinfo
index 2cbc77bafea1..5bd89228e49b 100644
--- a/security/krb5-appl/distinfo
+++ b/security/krb5-appl/distinfo
@@ -1,3 +1,3 @@
-MD5 (krb5-1.6-signed.tar) = a365e39ff7d39639556c2797a0e1c3f4
-SHA256 (krb5-1.6-signed.tar) = fe3dbb53f22cde38b6bc27ed14e706d2cf4e686a0078d8ae2610283906e26ebb
-SIZE (krb5-1.6-signed.tar) = 12062720
+MD5 (krb5-1.6.1-signed.tar) = 6052c437226ea0a04a37f656f1a079b9
+SHA256 (krb5-1.6.1-signed.tar) = 30a20d1b0a302486011ffba31d53bd6135e1e18b53811670e3f33b8f7ef83259
+SIZE (krb5-1.6.1-signed.tar) = 14643200
diff --git a/security/krb5-appl/files/patch-appl-telnet-telnetd-state.c b/security/krb5-appl/files/patch-appl-telnet-telnetd-state.c
deleted file mode 100644
index 9a9b8f2b5d91..000000000000
--- a/security/krb5-appl/files/patch-appl-telnet-telnetd-state.c
+++ /dev/null
@@ -1,12 +0,0 @@
---- appl/telnet/telnetd/state.c.orig Thu Jun 15 15:42:53 2006
-+++ appl/telnet/telnetd/state.c Wed Apr 4 14:02:18 2007
-@@ -1665,7 +1665,8 @@
- strcmp(varp, "RESOLV_HOST_CONF") && /* linux */
- strcmp(varp, "NLSPATH") && /* locale stuff */
- strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */
-- strcmp(varp, "IFS")) {
-+ strcmp(varp, "IFS") &&
-+ !strchr(varp, '-')) {
- return 1;
- } else {
- syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp);
diff --git a/security/krb5-appl/files/patch-appl-telnet-telnetd-sys_term.c b/security/krb5-appl/files/patch-appl-telnet-telnetd-sys_term.c
deleted file mode 100644
index ec0cf6e41a0e..000000000000
--- a/security/krb5-appl/files/patch-appl-telnet-telnetd-sys_term.c
+++ /dev/null
@@ -1,40 +0,0 @@
---- appl/telnet/telnetd/sys_term.c.orig Fri Nov 15 12:21:51 2002
-+++ appl/telnet/telnetd/sys_term.c Wed Apr 4 14:02:18 2007
-@@ -1287,6 +1287,16 @@
- #endif
- #if defined (AUTHENTICATION)
- if (auth_level >= 0 && autologin == AUTH_VALID) {
-+ if (name[0] == '-') {
-+ /* Authenticated and authorized to log in to an
-+ account starting with '-'? Even if that
-+ unlikely case comes to pass, the current login
-+ program will not parse the resulting command
-+ line properly. */
-+ syslog(LOG_ERR, "user name cannot start with '-'");
-+ fatal(net, "user name cannot start with '-'");
-+ exit(1);
-+ }
- # if !defined(NO_LOGIN_F)
- #if defined(LOGIN_CAP_F)
- argv = addarg(argv, "-F");
-@@ -1377,11 +1387,19 @@
- } else
- #endif
- if (getenv("USER")) {
-- argv = addarg(argv, getenv("USER"));
-+ char *user = getenv("USER");
-+ if (user[0] == '-') {
-+ /* "telnet -l-x ..." */
-+ syslog(LOG_ERR, "user name cannot start with '-'");
-+ fatal(net, "user name cannot start with '-'");
-+ exit(1);
-+ }
-+ argv = addarg(argv, user);
- #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
- {
- register char **cpp;
- for (cpp = environ; *cpp; cpp++)
-+ if ((*cpp)[0] != '-')
- argv = addarg(argv, *cpp);
- }
- #endif
diff --git a/security/krb5-appl/files/patch-kadmin-server-kadm_rpc_svc.c b/security/krb5-appl/files/patch-kadmin-server-kadm_rpc_svc.c
deleted file mode 100644
index 40cc158e5fe3..000000000000
--- a/security/krb5-appl/files/patch-kadmin-server-kadm_rpc_svc.c
+++ /dev/null
@@ -1,31 +0,0 @@
---- kadmin/server/kadm_rpc_svc.c.orig Fri Mar 31 19:08:17 2006
-+++ kadmin/server/kadm_rpc_svc.c Wed Apr 4 13:53:04 2007
-@@ -250,6 +250,8 @@
- krb5_data *c1, *c2, *realm;
- gss_buffer_desc gss_str;
- kadm5_server_handle_t handle;
-+ size_t slen;
-+ char *sdots;
-
- success = 0;
- handle = (kadm5_server_handle_t)global_server_handle;
-@@ -274,6 +276,8 @@
- if (ret == 0)
- goto fail_name;
-
-+ slen = gss_str.length;
-+ trunc_name(&slen, &sdots);
- /*
- * Since we accept with GSS_C_NO_NAME, the client can authenticate
- * against the entire kdb. Therefore, ensure that the service
-@@ -296,8 +300,8 @@
-
- fail_princ:
- if (!success) {
-- krb5_klog_syslog(LOG_ERR, "bad service principal %.*s",
-- gss_str.length, gss_str.value);
-+ krb5_klog_syslog(LOG_ERR, "bad service principal %.*s%s",
-+ slen, gss_str.value, sdots);
- }
- gss_release_buffer(&min_stat, &gss_str);
- krb5_free_principal(kctx, princ);
diff --git a/security/krb5-appl/files/patch-kadmin-server-misc.c b/security/krb5-appl/files/patch-kadmin-server-misc.c
deleted file mode 100644
index ed09a06ac7c6..000000000000
--- a/security/krb5-appl/files/patch-kadmin-server-misc.c
+++ /dev/null
@@ -1,15 +0,0 @@
---- kadmin/server/misc.c.orig Sat Mar 11 14:23:28 2006
-+++ kadmin/server/misc.c Wed Apr 4 13:53:04 2007
-@@ -171,3 +171,12 @@
-
- return kadm5_free_principal_ent(handle->lhandle, &princ);
- }
-+
-+#define MAXPRINCLEN 125
-+
-+void
-+trunc_name(size_t *len, char **dots)
-+{
-+ *dots = *len > MAXPRINCLEN ? "..." : "";
-+ *len = *len > MAXPRINCLEN ? MAXPRINCLEN : *len;
-+}
diff --git a/security/krb5-appl/files/patch-kadmin-server-misc.h b/security/krb5-appl/files/patch-kadmin-server-misc.h
deleted file mode 100644
index bdae6f75806f..000000000000
--- a/security/krb5-appl/files/patch-kadmin-server-misc.h
+++ /dev/null
@@ -1,8 +0,0 @@
---- kadmin/server/misc.h.orig Tue Oct 11 21:09:19 2005
-+++ kadmin/server/misc.h Wed Apr 4 13:53:04 2007
-@@ -45,3 +45,5 @@
- #ifdef SVC_GETARGS
- void kadm_1(struct svc_req *, SVCXPRT *);
- #endif
-+
-+void trunc_name(size_t *len, char **dots);
diff --git a/security/krb5-appl/files/patch-kadmin-server-ovsec_kadmd.c b/security/krb5-appl/files/patch-kadmin-server-ovsec_kadmd.c
deleted file mode 100644
index 461aa2b0b700..000000000000
--- a/security/krb5-appl/files/patch-kadmin-server-ovsec_kadmd.c
+++ /dev/null
@@ -1,55 +0,0 @@
---- kadmin/server/ovsec_kadmd.c.orig Tue Jan 9 12:21:43 2007
-+++ kadmin/server/ovsec_kadmd.c Wed Apr 4 13:53:04 2007
-@@ -992,6 +992,8 @@
- rpcproc_t proc;
- int i;
- const char *procname;
-+ size_t clen, slen;
-+ char *cdots, *sdots;
-
- client.length = 0;
- client.value = NULL;
-@@ -1000,10 +1002,20 @@
-
- (void) gss_display_name(&minor, client_name, &client, &gss_type);
- (void) gss_display_name(&minor, server_name, &server, &gss_type);
-- if (client.value == NULL)
-+ if (client.value == NULL) {
- client.value = "(null)";
-- if (server.value == NULL)
-+ clen = sizeof("(null)") -1;
-+ } else {
-+ clen = client.length;
-+ }
-+ trunc_name(&clen, &cdots);
-+ if (server.value == NULL) {
- server.value = "(null)";
-+ slen = sizeof("(null)") - 1;
-+ } else {
-+ slen = server.length;
-+ }
-+ trunc_name(&slen, &sdots);
- a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
-
- proc = msg->rm_call.cb_proc;
-@@ -1016,14 +1028,14 @@
- }
- if (procname != NULL)
- krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, "
-- "claimed client = %s, server = %s, addr = %s",
-- procname, client.value,
-- server.value, a);
-+ "claimed client = %.*s%s, server = %.*s%s, addr = %s",
-+ procname, clen, client.value, cdots,
-+ slen, server.value, sdots, a);
- else
- krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, "
-- "claimed client = %s, server = %s, addr = %s",
-- proc, client.value,
-- server.value, a);
-+ "claimed client = %.*s%s, server = %.*s%s, addr = %s",
-+ proc, clen, client.value, cdots,
-+ slen, server.value, sdots, a);
-
- (void) gss_release_buffer(&minor, &client);
- (void) gss_release_buffer(&minor, &server);
diff --git a/security/krb5-appl/files/patch-kadmin-server-schpw.c b/security/krb5-appl/files/patch-kadmin-server-schpw.c
deleted file mode 100644
index 673d69b4e937..000000000000
--- a/security/krb5-appl/files/patch-kadmin-server-schpw.c
+++ /dev/null
@@ -1,26 +0,0 @@
---- kadmin/server/schpw.c.orig Thu Apr 13 11:58:56 2006
-+++ kadmin/server/schpw.c Wed Apr 4 13:53:04 2007
-@@ -40,6 +40,8 @@
- int numresult;
- char strresult[1024];
- char *clientstr;
-+ size_t clen;
-+ char *cdots;
-
- ret = 0;
- rep->length = 0;
-@@ -258,9 +260,12 @@
- free(ptr);
- clear.length = 0;
-
-- krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s",
-+ clen = strlen(clientstr);
-+ trunc_name(&clen, &cdots);
-+ krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s",
- inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr),
-- clientstr, ret ? krb5_get_error_message (context, ret) : "success");
-+ clen, clientstr, cdots,
-+ ret ? krb5_get_error_message (context, ret) : "success");
- krb5_free_unparsed_name(context, clientstr);
-
- if (ret) {
diff --git a/security/krb5-appl/files/patch-kadmin-server-server_stubs.c b/security/krb5-appl/files/patch-kadmin-server-server_stubs.c
deleted file mode 100644
index 927cd1900593..000000000000
--- a/security/krb5-appl/files/patch-kadmin-server-server_stubs.c
+++ /dev/null
@@ -1,608 +0,0 @@
---- kadmin/server/server_stubs.c.orig Thu Apr 13 11:58:56 2006
-+++ kadmin/server/server_stubs.c Wed Apr 4 13:53:04 2007
-@@ -14,6 +14,7 @@
- #include <arpa/inet.h> /* inet_ntoa */
- #include <adm_proto.h> /* krb5_klog_syslog */
- #include "misc.h"
-+#include <string.h>
-
- #define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s"
- #define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
-@@ -237,6 +238,61 @@
- return 0;
- }
-
-+static int
-+log_unauth(
-+ char *op,
-+ char *target,
-+ gss_buffer_t client,
-+ gss_buffer_t server,
-+ struct svc_req *rqstp)
-+{
-+ size_t tlen, clen, slen;
-+ char *tdots, *cdots, *sdots;
-+
-+ tlen = strlen(target);
-+ trunc_name(&tlen, &tdots);
-+ clen = client->length;
-+ trunc_name(&clen, &cdots);
-+ slen = server->length;
-+ trunc_name(&slen, &sdots);
-+
-+ return krb5_klog_syslog(LOG_NOTICE,
-+ "Unauthorized request: %s, %.*s%s, "
-+ "client=%.*s%s, service=%.*s%s, addr=%s",
-+ op, tlen, target, tdots,
-+ clen, client->value, cdots,
-+ slen, server->value, sdots,
-+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+}
-+
-+static int
-+log_done(
-+ char *op,
-+ char *target,
-+ char *errmsg,
-+ gss_buffer_t client,
-+ gss_buffer_t server,
-+ struct svc_req *rqstp)
-+{
-+ size_t tlen, clen, slen;
-+ char *tdots, *cdots, *sdots;
-+
-+ tlen = strlen(target);
-+ trunc_name(&tlen, &tdots);
-+ clen = client->length;
-+ trunc_name(&clen, &cdots);
-+ slen = server->length;
-+ trunc_name(&slen, &sdots);
-+
-+ return krb5_klog_syslog(LOG_NOTICE,
-+ "Request: %s, %.*s%s, %s, "
-+ "client=%.*s%s, service=%.*s%s, addr=%s",
-+ op, tlen, target, tdots, errmsg,
-+ clen, client->value, cdots,
-+ slen, server->value, sdots,
-+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+}
-+
- generic_ret *
- create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
- {
-@@ -275,9 +331,8 @@
- || kadm5int_acl_impose_restrictions(handle->context,
- &arg->rec, &arg->mask, rp)) {
- ret.code = KADM5_AUTH_ADD;
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_create_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- } else {
- ret.code = kadm5_create_principal((void *)handle,
- &arg->rec, arg->mask,
-@@ -287,10 +342,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_create_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
-
- /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
- }
-@@ -341,9 +394,8 @@
- || kadm5int_acl_impose_restrictions(handle->context,
- &arg->rec, &arg->mask, rp)) {
- ret.code = KADM5_AUTH_ADD;
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_create_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- } else {
- ret.code = kadm5_create_principal_3((void *)handle,
- &arg->rec, arg->mask,
-@@ -355,10 +407,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_create_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
-
- /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
- }
-@@ -406,9 +456,8 @@
- || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE,
- arg->princ, NULL)) {
- ret.code = KADM5_AUTH_DELETE;
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_delete_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- } else {
- ret.code = kadm5_delete_principal((void *)handle, arg->princ);
- if( ret.code == 0 )
-@@ -416,10 +465,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_delete_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
-
- /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
- }
-@@ -469,9 +516,8 @@
- || kadm5int_acl_impose_restrictions(handle->context,
- &arg->rec, &arg->mask, rp)) {
- ret.code = KADM5_AUTH_MODIFY;
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_modify_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- } else {
- ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
- arg->mask);
-@@ -480,10 +526,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_modify_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
-
- /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
- }
-@@ -546,9 +590,8 @@
- } else
- ret.code = KADM5_AUTH_INSUFFICIENT;
- if (ret.code != KADM5_OK) {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_rename_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- } else {
- ret.code = kadm5_rename_principal((void *)handle, arg->src,
- arg->dest);
-@@ -557,10 +600,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_rename_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
- }
- free_server_handle(handle);
- free(prime_arg1);
-@@ -614,9 +655,8 @@
- arg->princ,
- NULL))) {
- ret.code = KADM5_AUTH_GET;
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth(funcname, prime_arg,
-+ &client_name, &service_name, rqstp);
- } else {
- if (handle->api_version == KADM5_API_VERSION_1) {
- ret.code = kadm5_get_principal_v1((void *)handle,
-@@ -636,11 +676,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-- prime_arg,
-- errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done(funcname, prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
-
- }
- free_server_handle(handle);
-@@ -688,9 +725,8 @@
- NULL,
- NULL)) {
- ret.code = KADM5_AUTH_LIST;
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_get_principals", prime_arg,
-+ &client_name, &service_name, rqstp);
- } else {
- ret.code = kadm5_get_principals((void *)handle,
- arg->exp, &ret.princs,
-@@ -700,11 +736,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals",
-- prime_arg,
-- errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_get_principals", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
-
- }
- free_server_handle(handle);
-@@ -755,9 +788,8 @@
- ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
- arg->pass);
- } else {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_chpass_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- ret.code = KADM5_AUTH_CHANGEPW;
- }
-
-@@ -767,10 +799,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_chpass_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
- }
-
- free_server_handle(handle);
-@@ -828,9 +858,8 @@
- arg->ks_tuple,
- arg->pass);
- } else {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_chpass_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- ret.code = KADM5_AUTH_CHANGEPW;
- }
-
-@@ -840,10 +869,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_chpass_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
- }
-
- free_server_handle(handle);
-@@ -892,9 +919,8 @@
- ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
- arg->keyblock);
- } else {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_setv4key_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- ret.code = KADM5_AUTH_SETKEY;
- }
-
-@@ -904,10 +930,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_setv4key_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
- }
-
- free_server_handle(handle);
-@@ -956,9 +980,8 @@
- ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
- arg->keyblocks, arg->n_keys);
- } else {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_setkey_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- ret.code = KADM5_AUTH_SETKEY;
- }
-
-@@ -968,10 +991,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_setkey_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
- }
-
- free_server_handle(handle);
-@@ -1023,9 +1044,8 @@
- arg->ks_tuple,
- arg->keyblocks, arg->n_keys);
- } else {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_setkey_principal", prime_arg,
-+ &client_name, &service_name, rqstp);
- ret.code = KADM5_AUTH_SETKEY;
- }
-
-@@ -1035,10 +1055,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_setkey_principal", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
- }
-
- free_server_handle(handle);
-@@ -1097,9 +1115,8 @@
- ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
- &k, &nkeys);
- } else {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth(funcname, prime_arg,
-+ &client_name, &service_name, rqstp);
- ret.code = KADM5_AUTH_CHANGEPW;
- }
-
-@@ -1119,10 +1136,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done(funcname, prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
- }
- free_server_handle(handle);
- free(prime_arg);
-@@ -1185,9 +1200,8 @@
- arg->ks_tuple,
- &k, &nkeys);
- } else {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth(funcname, prime_arg,
-+ &client_name, &service_name, rqstp);
- ret.code = KADM5_AUTH_CHANGEPW;
- }
-
-@@ -1207,10 +1221,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-- prime_arg, errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done(funcname, prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
- }
- free_server_handle(handle);
- free(prime_arg);
-@@ -1253,10 +1265,9 @@
- rqst2name(rqstp),
- ACL_ADD, NULL, NULL)) {
- ret.code = KADM5_AUTH_ADD;
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
--
-+ log_unauth("kadm5_create_policy", prime_arg,
-+ &client_name, &service_name, rqstp);
-+
- } else {
- ret.code = kadm5_create_policy((void *)handle, &arg->rec,
- arg->mask);
-@@ -1265,11 +1276,9 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy",
-- ((prime_arg == NULL) ? "(null)" : prime_arg),
-- errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_create_policy",
-+ ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
-+ &client_name, &service_name, rqstp);
- }
- free_server_handle(handle);
- gss_release_buffer(&minor_stat, &client_name);
-@@ -1310,9 +1319,8 @@
- if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
- rqst2name(rqstp),
- ACL_DELETE, NULL, NULL)) {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_delete_policy", prime_arg,
-+ &client_name, &service_name, rqstp);
- ret.code = KADM5_AUTH_DELETE;
- } else {
- ret.code = kadm5_delete_policy((void *)handle, arg->name);
-@@ -1321,11 +1329,9 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy",
-- ((prime_arg == NULL) ? "(null)" : prime_arg),
-- errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_delete_policy",
-+ ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
-+ &client_name, &service_name, rqstp);
- }
- free_server_handle(handle);
- gss_release_buffer(&minor_stat, &client_name);
-@@ -1366,9 +1372,8 @@
- if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
- rqst2name(rqstp),
- ACL_MODIFY, NULL, NULL)) {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_modify_policy", prime_arg,
-+ &client_name, &service_name, rqstp);
- ret.code = KADM5_AUTH_MODIFY;
- } else {
- ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
-@@ -1378,11 +1383,9 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy",
-- ((prime_arg == NULL) ? "(null)" : prime_arg),
-- errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_modify_policy",
-+ ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
-+ &client_name, &service_name, rqstp);
- }
- free_server_handle(handle);
- gss_release_buffer(&minor_stat, &client_name);
-@@ -1464,15 +1467,12 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-- ((prime_arg == NULL) ? "(null)" : prime_arg),
-- errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done(funcname,
-+ ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
-+ &client_name, &service_name, rqstp);
- } else {
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth(funcname, prime_arg,
-+ &client_name, &service_name, rqstp);
- }
- free_server_handle(handle);
- gss_release_buffer(&minor_stat, &client_name);
-@@ -1517,9 +1517,8 @@
- rqst2name(rqstp),
- ACL_LIST, NULL, NULL)) {
- ret.code = KADM5_AUTH_LIST;
-- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies",
-- prime_arg, client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_unauth("kadm5_get_policies", prime_arg,
-+ &client_name, &service_name, rqstp);
- } else {
- ret.code = kadm5_get_policies((void *)handle,
- arg->exp, &ret.pols,
-@@ -1529,11 +1528,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies",
-- prime_arg,
-- errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_get_policies", prime_arg, errmsg,
-+ &client_name, &service_name, rqstp);
- }
- free_server_handle(handle);
- gss_release_buffer(&minor_stat, &client_name);
-@@ -1573,11 +1569,8 @@
- else
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs",
-- client_name.value,
-- errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-+ log_done("kadm5_get_privs", client_name.value, errmsg,
-+ &client_name, &service_name, rqstp);
-
- free_server_handle(handle);
- gss_release_buffer(&minor_stat, &client_name);
-@@ -1594,6 +1587,8 @@
- kadm5_server_handle_t handle;
- OM_uint32 minor_stat;
- char *errmsg = 0;
-+ size_t clen, slen;
-+ char *cdots, *sdots;
-
- xdr_free(xdr_generic_ret, &ret);
-
-@@ -1612,14 +1607,22 @@
-
- if (ret.code != 0)
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-- krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d",
-- (ret.api_version == KADM5_API_VERSION_1 ?
-- "kadm5_init (V1)" : "kadm5_init"),
-- client_name.value,
-- (ret.code == 0) ? "success" : errmsg,
-- client_name.value, service_name.value,
-- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
-- rqstp->rq_cred.oa_flavor);
-+ else
-+ errmsg = "success";
-+
-+ clen = client_name.length;
-+ trunc_name(&clen, &cdots);
-+ slen = service_name.length;
-+ trunc_name(&slen, &sdots);
-+ krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
-+ "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
-+ (ret.api_version == KADM5_API_VERSION_1 ?
-+ "kadm5_init (V1)" : "kadm5_init"),
-+ clen, client_name.value, cdots, errmsg,
-+ clen, client_name.value, cdots,
-+ slen, service_name.value, sdots,
-+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
-+ rqstp->rq_cred.oa_flavor);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
-
diff --git a/security/krb5-appl/files/patch-kdc-do_tgs_req.c b/security/krb5-appl/files/patch-kdc-do_tgs_req.c
deleted file mode 100644
index d6cfa2133209..000000000000
--- a/security/krb5-appl/files/patch-kdc-do_tgs_req.c
+++ /dev/null
@@ -1,65 +0,0 @@
---- kdc/do_tgs_req.c.orig Fri Oct 13 14:08:07 2006
-+++ kdc/do_tgs_req.c Wed Apr 4 13:53:04 2007
-@@ -491,28 +491,38 @@
- newtransited = 1;
- }
- if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) {
-+ unsigned int tlen;
-+ char *tdots;
-+
- errcode = krb5_check_transited_list (kdc_context,
- &enc_tkt_reply.transited.tr_contents,
- krb5_princ_realm (kdc_context, header_ticket->enc_part2->client),
- krb5_princ_realm (kdc_context, request->server));
-+ tlen = enc_tkt_reply.transited.tr_contents.length;
-+ tdots = tlen > 125 ? "..." : "";
-+ tlen = tlen > 125 ? 125 : tlen;
-+
- if (errcode == 0) {
- setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED);
- } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT)
- krb5_klog_syslog (LOG_INFO,
-- "bad realm transit path from '%s' to '%s' via '%.*s'",
-+ "bad realm transit path from '%s' to '%s' "
-+ "via '%.*s%s'",
- cname ? cname : "<unknown client>",
- sname ? sname : "<unknown server>",
-- enc_tkt_reply.transited.tr_contents.length,
-- enc_tkt_reply.transited.tr_contents.data);
-+ tlen,
-+ enc_tkt_reply.transited.tr_contents.data,
-+ tdots);
- else {
- const char *emsg = krb5_get_error_message(kdc_context, errcode);
- krb5_klog_syslog (LOG_ERR,
-- "unexpected error checking transit from '%s' to '%s' via '%.*s': %s",
-+ "unexpected error checking transit from "
-+ "'%s' to '%s' via '%.*s%s': %s",
- cname ? cname : "<unknown client>",
- sname ? sname : "<unknown server>",
-- enc_tkt_reply.transited.tr_contents.length,
-+ tlen,
- enc_tkt_reply.transited.tr_contents.data,
-- emsg);
-+ tdots, emsg);
- krb5_free_error_message(kdc_context, emsg);
- }
- } else
-@@ -542,6 +552,9 @@
- if (!krb5_principal_compare(kdc_context, request->server, client2)) {
- if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp)))
- tmp = 0;
-+ if (tmp != NULL)
-+ limit_string(tmp);
-+
- krb5_klog_syslog(LOG_INFO,
- "TGS_REQ %s: 2ND_TKT_MISMATCH: "
- "authtime %d, %s for %s, 2nd tkt client %s",
-@@ -816,6 +829,7 @@
- krb5_klog_syslog(LOG_INFO,
- "TGS_REQ: issuing alternate <un-unparseable> TGT");
- } else {
-+ limit_string(sname);
- krb5_klog_syslog(LOG_INFO,
- "TGS_REQ: issuing TGT %s", sname);
- free(sname);
diff --git a/security/krb5-appl/files/patch-kdc-kdc_util.c b/security/krb5-appl/files/patch-kdc-kdc_util.c
deleted file mode 100644
index 7ace820c79c0..000000000000
--- a/security/krb5-appl/files/patch-kdc-kdc_util.c
+++ /dev/null
@@ -1,10 +0,0 @@
---- kdc/kdc_util.c.orig Wed Oct 11 17:33:12 2006
-+++ kdc/kdc_util.c Wed Apr 4 13:53:04 2007
-@@ -404,6 +404,7 @@
-
- krb5_db_free_principal(kdc_context, &server, nprincs);
- if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) {
-+ limit_string(sname);
- krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'",
- sname);
- free(sname);
diff --git a/security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c b/security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c
deleted file mode 100644
index 38ae5df836f9..000000000000
--- a/security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c
+++ /dev/null
@@ -1,15 +0,0 @@
---- lib/gssapi/krb5/k5unseal.c.orig Tue May 9 04:31:02 2006
-+++ lib/gssapi/krb5/k5unseal.c Tue Apr 3 18:28:48 2007
-@@ -457,8 +457,11 @@
-
- if ((ctx->initiate && direction != 0xff) ||
- (!ctx->initiate && direction != 0)) {
-- if (toktype == KG_TOK_SEAL_MSG)
-+ if (toktype == KG_TOK_SEAL_MSG) {
- xfree(token.value);
-+ message_buffer->value = NULL;
-+ message_buffer->length = 0;
-+ }
- *minor_status = G_BAD_DIRECTION;
- return(GSS_S_BAD_SIG);
- }
diff --git a/security/krb5-appl/files/patch-lib-kadm5-logger.c b/security/krb5-appl/files/patch-lib-kadm5-logger.c
deleted file mode 100644
index f553a359e4a2..000000000000
--- a/security/krb5-appl/files/patch-lib-kadm5-logger.c
+++ /dev/null
@@ -1,33 +0,0 @@
---- lib/kadm5/logger.c.orig Mon Jun 19 16:33:36 2006
-+++ lib/kadm5/logger.c Wed Apr 4 13:53:04 2007
-@@ -45,7 +45,7 @@
- #include <varargs.h>
- #endif /* HAVE_STDARG_H */
-
--#define KRB5_KLOG_MAX_ERRMSG_SIZE 1024
-+#define KRB5_KLOG_MAX_ERRMSG_SIZE 2048
- #ifndef MAXHOSTNAMELEN
- #define MAXHOSTNAMELEN 256
- #endif /* MAXHOSTNAMELEN */
-@@ -261,7 +261,9 @@
- #endif /* HAVE_SYSLOG */
-
- /* Now format the actual message */
--#if HAVE_VSPRINTF
-+#if HAVE_VSNPRINTF
-+ vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap);
-+#elif HAVE_VSPRINTF
- vsprintf(cp, actual_format, ap);
- #else /* HAVE_VSPRINTF */
- sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1],
-@@ -850,7 +852,9 @@
- syslogp = &outbuf[strlen(outbuf)];
-
- /* Now format the actual message */
--#ifdef HAVE_VSPRINTF
-+#ifdef HAVE_VSNPRINTF
-+ vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist);
-+#elif HAVE_VSPRINTF
- vsprintf(syslogp, format, arglist);
- #else /* HAVE_VSPRINTF */
- sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1],
diff --git a/security/krb5-appl/files/patch-lib::krb5::os::hst_realm.c b/security/krb5-appl/files/patch-lib::krb5::os::hst_realm.c
deleted file mode 100644
index d3caed59fd30..000000000000
--- a/security/krb5-appl/files/patch-lib::krb5::os::hst_realm.c
+++ /dev/null
@@ -1,14 +0,0 @@
---- lib/krb5/os/hst_realm.c.orig Tue Oct 15 15:51:50 2002
-+++ lib/krb5/os/hst_realm.c Sat Jan 24 20:11:05 2004
-@@ -438,9 +438,11 @@
- return EAFNOSUPPORT;
- case EAI_MEMORY:
- return ENOMEM;
-+#ifdef EAI_NODATA
- #if EAI_NODATA != EAI_NONAME
- case EAI_NODATA:
- return KRB5_EAI_NODATA;
-+#endif
- #endif
- case EAI_NONAME:
- return KRB5_EAI_NONAME;
diff --git a/security/krb5-appl/files/patch-lib::krb5::os::locate_kdc.c b/security/krb5-appl/files/patch-lib::krb5::os::locate_kdc.c
deleted file mode 100644
index 5cfbbe3553de..000000000000
--- a/security/krb5-appl/files/patch-lib::krb5::os::locate_kdc.c
+++ /dev/null
@@ -1,13 +0,0 @@
---- lib/krb5/os/locate_kdc.c.orig Mon Jun 9 14:27:56 2003
-+++ lib/krb5/os/locate_kdc.c Sun Jan 25 13:28:01 2004
-@@ -185,8 +185,10 @@
- #ifdef EAI_ADDRFAMILY
- case EAI_ADDRFAMILY:
- #endif
-+#ifdef EAI_NODATA
- #if EAI_NODATA != EAI_NONAME
- case EAI_NODATA:
-+#endif
- #endif
- case EAI_NONAME:
- /* Name not known or no address data, but no error. Do