summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2020-01-21 21:23:01 +0000
committer Eric Hameleers <alien@slackware.com>2020-01-21 23:32:58 +0100
commitf6348b0bc1f332196f8a8c73fa6ba48ee3cb9310 (patch)
treeacd350c3910603b17ce1ba77027df00a4e761eb4
parentad9f88ee031d17270554ccca814496cf55f25bc5 (diff)
downloadcurrent-f6348b0bc1f332196f8a8c73fa6ba48ee3cb9310.tar.gz
current-f6348b0bc1f332196f8a8c73fa6ba48ee3cb9310.tar.xz
Tue Jan 21 21:23:01 UTC 202020200121212301
a/aaa_elflibs-15.0-x86_64-19.txz: Rebuilt. Upgraded: libcap.so.2.31, libgmp.so.10.4.0, libgmpxx.so.4.6.0. Added: libgssapi_krb5.so.2.2, libk5crypto.so.3.1, libkrb5.so.3.3, libkrb5support.so.0.1. a/util-linux-2.35-x86_64-1.txz: Upgraded. d/python-pip-20.0.1-x86_64-1.txz: Upgraded. l/Mako-1.1.1-x86_64-1.txz: Upgraded. l/keyutils-1.6.1-x86_64-1.txz: Upgraded. n/krb5-1.17-x86_64-1.txz: Added. Nothing links to this yet, but we'll need it soon enough. :-) n/php-7.4.2-x86_64-1.txz: Upgraded. This update fixes bugs and security issues: Standard: OOB read in php_strip_tags_ex Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar' For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060 (* Security fix *) n/samba-4.11.5-x86_64-1.txz: Upgraded. This update fixes the following security issues: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. Crash after failed character conversion at log level 3 or above. Use after free during DNS zone scavenging in Samba AD DC. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344 (* Security fix *) xap/gparted-1.1.0-x86_64-1.txz: Upgraded.
-rw-r--r--ChangeLog.rss44
-rw-r--r--ChangeLog.txt32
-rw-r--r--FILELIST.TXT247
-rwxr-xr-xrecompress.sh13
-rw-r--r--slackware64/n/maketag5
-rw-r--r--slackware64/n/maketag.ez5
-rw-r--r--slackware64/n/tagfile1
-rwxr-xr-xsource/a/aaa_elflibs/aaa_elflibs.SlackBuild2
-rw-r--r--source/a/aaa_elflibs/symlinks-to-tracked-libs4
-rw-r--r--source/a/util-linux/slack-desc2
-rwxr-xr-xsource/a/util-linux/util-linux.SlackBuild4
-rwxr-xr-xsource/d/python-pip/python-pip.SlackBuild2
-rwxr-xr-xsource/l/Mako/Mako.SlackBuild2
-rwxr-xr-xsource/l/keyutils/keyutils.SlackBuild2
-rw-r--r--source/n/krb5/conf/kadmind2
-rw-r--r--source/n/krb5/conf/kdc.conf.example35
-rw-r--r--source/n/krb5/conf/kpropd2
-rw-r--r--source/n/krb5/conf/krb5.conf.example29
-rw-r--r--source/n/krb5/conf/krb5kdc2
-rw-r--r--source/n/krb5/conf/rc.kadmind40
-rw-r--r--source/n/krb5/conf/rc.kpropd41
-rw-r--r--source/n/krb5/conf/rc.krb5kdc41
-rw-r--r--source/n/krb5/doinst.sh30
-rwxr-xr-xsource/n/krb5/krb5.SlackBuild221
-rw-r--r--source/n/krb5/krb5.url1
-rw-r--r--source/n/krb5/patches/Build-with-Werror-implicit-int-where-supported.patch23
-rw-r--r--source/n/krb5/patches/krb5-1.11-kpasswdtest.patch21
-rw-r--r--source/n/krb5/patches/krb5-1.11-run_user_0.patch44
-rw-r--r--source/n/krb5/patches/krb5-1.12-api.patch37
-rw-r--r--source/n/krb5/patches/krb5-1.12-ksu-path.patch22
-rw-r--r--source/n/krb5/patches/krb5-1.12-ktany.patch366
-rw-r--r--source/n/krb5/patches/krb5-1.12.1-pam.patch770
-rw-r--r--source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch75
-rw-r--r--source/n/krb5/patches/krb5-1.15-beta1-buildconf.patch70
-rw-r--r--source/n/krb5/patches/krb5-1.15-beta1-selinux-label.patch1065
-rw-r--r--source/n/krb5/patches/krb5-1.3.1-dns.patch22
-rw-r--r--source/n/krb5/patches/krb5-1.9-debuginfo.patch39
-rw-r--r--source/n/krb5/slack-desc19
-rwxr-xr-xsource/n/php/fetch-php.sh4
-rwxr-xr-xsource/n/samba/samba.SlackBuild2
-rw-r--r--source/n/samba/samba.url4
41 files changed, 3266 insertions, 126 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index 903b9110..205d2a34 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,50 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Mon, 20 Jan 2020 22:37:58 GMT</pubDate>
- <lastBuildDate>Tue, 21 Jan 2020 07:59:42 GMT</lastBuildDate>
+ <pubDate>Tue, 21 Jan 2020 21:23:01 GMT</pubDate>
+ <lastBuildDate>Tue, 21 Jan 2020 22:32:49 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.11</generator>
<item>
+ <title>Tue, 21 Jan 2020 21:23:01 GMT</title>
+ <pubDate>Tue, 21 Jan 2020 21:23:01 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20200121212301</link>
+ <guid isPermaLink="false">20200121212301</guid>
+ <description>
+ <![CDATA[<pre>
+a/aaa_elflibs-15.0-x86_64-19.txz: Rebuilt.
+ Upgraded: libcap.so.2.31, libgmp.so.10.4.0, libgmpxx.so.4.6.0.
+ Added: libgssapi_krb5.so.2.2, libk5crypto.so.3.1, libkrb5.so.3.3,
+ libkrb5support.so.0.1.
+a/util-linux-2.35-x86_64-1.txz: Upgraded.
+d/python-pip-20.0.1-x86_64-1.txz: Upgraded.
+l/Mako-1.1.1-x86_64-1.txz: Upgraded.
+l/keyutils-1.6.1-x86_64-1.txz: Upgraded.
+n/krb5-1.17-x86_64-1.txz: Added.
+ Nothing links to this yet, but we'll need it soon enough. :-)
+n/php-7.4.2-x86_64-1.txz: Upgraded.
+ This update fixes bugs and security issues:
+ Standard: OOB read in php_strip_tags_ex
+ Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
+ (* Security fix *)
+n/samba-4.11.5-x86_64-1.txz: Upgraded.
+ This update fixes the following security issues:
+ Replication of ACLs set to inherit down a subtree on AD Directory
+ not automatic.
+ Crash after failed character conversion at log level 3 or above.
+ Use after free during DNS zone scavenging in Samba AD DC.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344
+ (* Security fix *)
+xap/gparted-1.1.0-x86_64-1.txz: Upgraded.
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Mon, 20 Jan 2020 22:37:58 GMT</title>
<pubDate>Mon, 20 Jan 2020 22:37:58 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20200120223758</link>
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 1eebb4cd..ab245e99 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,35 @@
+Tue Jan 21 21:23:01 UTC 2020
+a/aaa_elflibs-15.0-x86_64-19.txz: Rebuilt.
+ Upgraded: libcap.so.2.31, libgmp.so.10.4.0, libgmpxx.so.4.6.0.
+ Added: libgssapi_krb5.so.2.2, libk5crypto.so.3.1, libkrb5.so.3.3,
+ libkrb5support.so.0.1.
+a/util-linux-2.35-x86_64-1.txz: Upgraded.
+d/python-pip-20.0.1-x86_64-1.txz: Upgraded.
+l/Mako-1.1.1-x86_64-1.txz: Upgraded.
+l/keyutils-1.6.1-x86_64-1.txz: Upgraded.
+n/krb5-1.17-x86_64-1.txz: Added.
+ Nothing links to this yet, but we'll need it soon enough. :-)
+n/php-7.4.2-x86_64-1.txz: Upgraded.
+ This update fixes bugs and security issues:
+ Standard: OOB read in php_strip_tags_ex
+ Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
+ (* Security fix *)
+n/samba-4.11.5-x86_64-1.txz: Upgraded.
+ This update fixes the following security issues:
+ Replication of ACLs set to inherit down a subtree on AD Directory
+ not automatic.
+ Crash after failed character conversion at log level 3 or above.
+ Use after free during DNS zone scavenging in Samba AD DC.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344
+ (* Security fix *)
+xap/gparted-1.1.0-x86_64-1.txz: Upgraded.
++--------------------------+
Mon Jan 20 22:37:58 UTC 2020
a/aaa_terminfo-6.1_20200118-x86_64-1.txz: Upgraded.
d/make-4.3-x86_64-1.txz: Upgraded.
diff --git a/FILELIST.TXT b/FILELIST.TXT
index 4fe10b17..ba9942fc 100644
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@@ -1,20 +1,20 @@
-Mon Jan 20 22:53:31 UTC 2020
+Tue Jan 21 21:35:13 UTC 2020
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
-drwxr-xr-x 12 root root 4096 2020-01-20 22:37 .
+drwxr-xr-x 12 root root 4096 2020-01-21 21:23 .
-rw-r--r-- 1 root root 10064 2016-06-30 18:39 ./ANNOUNCE.14_2
-rw-r--r-- 1 root root 14866 2020-01-13 18:53 ./CHANGES_AND_HINTS.TXT
--rw-r--r-- 1 root root 930984 2020-01-19 19:42 ./CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2020-01-19 19:42 ./CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 930647 2020-01-20 22:54 ./CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2020-01-20 22:54 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r-- 1 root root 782206 2020-01-20 22:37 ./ChangeLog.txt
+-rw-r--r-- 1 root root 783699 2020-01-21 21:23 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2020-01-18 05:12 ./EFI/BOOT
-rw-r--r-- 1 root root 1417216 2019-07-05 18:54 ./EFI/BOOT/bootx64.efi
@@ -25,9 +25,9 @@ drwxr-xr-x 2 root root 4096 2020-01-18 05:12 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r-- 1 root root 1223844 2020-01-19 19:42 ./FILELIST.TXT
+-rw-r--r-- 1 root root 1223439 2020-01-20 22:53 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
--rw-r--r-- 1 root root 734599 2020-01-20 22:51 ./PACKAGES.TXT
+-rw-r--r-- 1 root root 735064 2020-01-21 21:33 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8564 2016-06-28 21:33 ./README.TXT
-rw-r--r-- 1 root root 3629 2020-01-18 04:47 ./README.initrd
-rw-r--r-- 1 root root 34412 2017-12-01 17:44 ./README_CRYPT.TXT
@@ -830,19 +830,19 @@ drwxr-xr-x 2 root root 4096 2012-09-20 18:06 ./patches
-rw-r--r-- 1 root root 575 2012-09-20 18:06 ./patches/FILE_LIST
-rw-r--r-- 1 root root 14 2012-09-20 18:06 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 224 2012-09-20 18:06 ./patches/PACKAGES.TXT
-drwxr-xr-x 18 root root 4096 2020-01-20 22:52 ./slackware64
--rw-r--r-- 1 root root 291208 2020-01-20 22:52 ./slackware64/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2020-01-20 22:52 ./slackware64/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 362724 2020-01-20 22:49 ./slackware64/FILE_LIST
--rw-r--r-- 1 root root 3693334 2020-01-20 22:50 ./slackware64/MANIFEST.bz2
+drwxr-xr-x 18 root root 4096 2020-01-21 21:33 ./slackware64
+-rw-r--r-- 1 root root 291401 2020-01-21 21:33 ./slackware64/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2020-01-21 21:33 ./slackware64/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 362962 2020-01-21 21:31 ./slackware64/FILE_LIST
+-rw-r--r-- 1 root root 3693801 2020-01-21 21:31 ./slackware64/MANIFEST.bz2
lrwxrwxrwx 1 root root 15 2009-08-23 23:34 ./slackware64/PACKAGES.TXT -> ../PACKAGES.TXT
-drwxr-xr-x 2 root root 28672 2020-01-20 22:49 ./slackware64/a
+drwxr-xr-x 2 root root 28672 2020-01-21 21:30 ./slackware64/a
-rw-r--r-- 1 root root 327 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txt
-rw-r--r-- 1 root root 10820 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txz
-rw-r--r-- 1 root root 163 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txz.asc
--rw-r--r-- 1 root root 471 2020-01-11 21:13 ./slackware64/a/aaa_elflibs-15.0-x86_64-18.txt
--rw-r--r-- 1 root root 8062532 2020-01-11 21:13 ./slackware64/a/aaa_elflibs-15.0-x86_64-18.txz
--rw-r--r-- 1 root root 163 2020-01-11 21:13 ./slackware64/a/aaa_elflibs-15.0-x86_64-18.txz.asc
+-rw-r--r-- 1 root root 471 2020-01-21 18:54 ./slackware64/a/aaa_elflibs-15.0-x86_64-19.txt
+-rw-r--r-- 1 root root 8492444 2020-01-21 18:54 ./slackware64/a/aaa_elflibs-15.0-x86_64-19.txz
+-rw-r--r-- 1 root root 163 2020-01-21 18:54 ./slackware64/a/aaa_elflibs-15.0-x86_64-19.txz.asc
-rw-r--r-- 1 root root 503 2020-01-20 22:36 ./slackware64/a/aaa_terminfo-6.1_20200118-x86_64-1.txt
-rw-r--r-- 1 root root 49360 2020-01-20 22:36 ./slackware64/a/aaa_terminfo-6.1_20200118-x86_64-1.txz
-rw-r--r-- 1 root root 163 2020-01-20 22:36 ./slackware64/a/aaa_terminfo-6.1_20200118-x86_64-1.txz.asc
@@ -1172,9 +1172,9 @@ drwxr-xr-x 2 root root 28672 2020-01-20 22:49 ./slackware64/a
-rw-r--r-- 1 root root 350 2018-04-13 13:13 ./slackware64/a/utempter-1.1.6-x86_64-3.txt
-rw-r--r-- 1 root root 15656 2018-04-13 13:13 ./slackware64/a/utempter-1.1.6-x86_64-3.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:13 ./slackware64/a/utempter-1.1.6-x86_64-3.txz.asc
--rw-r--r-- 1 root root 344 2019-12-30 01:02 ./slackware64/a/util-linux-2.34-x86_64-2.txt
--rw-r--r-- 1 root root 2528416 2019-12-30 01:02 ./slackware64/a/util-linux-2.34-x86_64-2.txz
--rw-r--r-- 1 root root 163 2019-12-30 01:02 ./slackware64/a/util-linux-2.34-x86_64-2.txz.asc
+-rw-r--r-- 1 root root 354 2020-01-21 18:11 ./slackware64/a/util-linux-2.35-x86_64-1.txt
+-rw-r--r-- 1 root root 2611916 2020-01-21 18:11 ./slackware64/a/util-linux-2.35-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2020-01-21 18:11 ./slackware64/a/util-linux-2.35-x86_64-1.txz.asc
-rw-r--r-- 1 root root 579 2018-04-13 13:14 ./slackware64/a/which-2.21-x86_64-2.txt
-rw-r--r-- 1 root root 29812 2018-04-13 13:14 ./slackware64/a/which-2.21-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:14 ./slackware64/a/which-2.21-x86_64-2.txz.asc
@@ -1433,7 +1433,7 @@ drwxr-xr-x 2 root root 20480 2020-01-19 19:38 ./slackware64/ap
-rw-r--r-- 1 root root 506 2020-01-07 20:18 ./slackware64/ap/zsh-5.7.1-x86_64-2.txt
-rw-r--r-- 1 root root 3000108 2020-01-07 20:18 ./slackware64/ap/zsh-5.7.1-x86_64-2.txz
-rw-r--r-- 1 root root 163 2020-01-07 20:18 ./slackware64/ap/zsh-5.7.1-x86_64-2.txz.asc
-drwxr-xr-x 2 root root 20480 2020-01-20 22:49 ./slackware64/d
+drwxr-xr-x 2 root root 20480 2020-01-21 21:30 ./slackware64/d
-rw-r--r-- 1 root root 360 2019-12-30 00:49 ./slackware64/d/Cython-0.29.14-x86_64-2.txt
-rw-r--r-- 1 root root 3295652 2019-12-30 00:49 ./slackware64/d/Cython-0.29.14-x86_64-2.txz
-rw-r--r-- 1 root root 163 2019-12-30 00:49 ./slackware64/d/Cython-0.29.14-x86_64-2.txz.asc
@@ -1591,9 +1591,9 @@ drwxr-xr-x 2 root root 20480 2020-01-20 22:49 ./slackware64/d
-rw-r--r-- 1 root root 436 2019-12-20 19:53 ./slackware64/d/python-2.7.17-x86_64-2.txt
-rw-r--r-- 1 root root 13030944 2019-12-20 19:53 ./slackware64/d/python-2.7.17-x86_64-2.txz
-rw-r--r-- 1 root root 163 2019-12-20 19:53 ./slackware64/d/python-2.7.17-x86_64-2.txz.asc
--rw-r--r-- 1 root root 270 2019-12-30 00:49 ./slackware64/d/python-pip-19.3.1-x86_64-2.txt
--rw-r--r-- 1 root root 2209780 2019-12-30 00:49 ./slackware64/d/python-pip-19.3.1-x86_64-2.txz
--rw-r--r-- 1 root root 163 2019-12-30 00:49 ./slackware64/d/python-pip-19.3.1-x86_64-2.txz.asc
+-rw-r--r-- 1 root root 270 2020-01-21 17:57 ./slackware64/d/python-pip-20.0.1-x86_64-1.txt
+-rw-r--r-- 1 root root 2245164 2020-01-21 17:57 ./slackware64/d/python-pip-20.0.1-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2020-01-21 17:57 ./slackware64/d/python-pip-20.0.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 562 2020-01-20 19:35 ./slackware64/d/python-setuptools-45.1.0-x86_64-1.txt
-rw-r--r-- 1 root root 688028 2020-01-20 19:35 ./slackware64/d/python-setuptools-45.1.0-x86_64-1.txz
-rw-r--r-- 1 root root 163 2020-01-20 19:35 ./slackware64/d/python-setuptools-45.1.0-x86_64-1.txz.asc
@@ -2504,7 +2504,7 @@ drwxr-xr-x 2 root root 20480 2016-03-10 03:11 ./slackware64/kdei
-rw-r--r-- 1 root root 7544 2018-03-01 07:54 ./slackware64/kdei/maketag
-rw-r--r-- 1 root root 7544 2018-03-01 07:54 ./slackware64/kdei/maketag.ez
-rw-r--r-- 1 root root 1500 2018-03-01 07:54 ./slackware64/kdei/tagfile
-drwxr-xr-x 2 root root 69632 2020-01-20 22:49 ./slackware64/l
+drwxr-xr-x 2 root root 69632 2020-01-21 21:30 ./slackware64/l
-rw-r--r-- 1 root root 338 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txt
-rw-r--r-- 1 root root 149752 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txz
-rw-r--r-- 1 root root 163 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txz.asc
@@ -2517,9 +2517,9 @@ drwxr-xr-x 2 root root 69632 2020-01-20 22:49 ./slackware64/l
-rw-r--r-- 1 root root 569 2019-07-12 18:38 ./slackware64/l/M2Crypto-0.35.2-x86_64-2.txt
-rw-r--r-- 1 root root 731408 2019-07-12 18:38 ./slackware64/l/M2Crypto-0.35.2-x86_64-2.txz
-rw-r--r-- 1 root root 163 2019-07-12 18:38 ./slackware64/l/M2Crypto-0.35.2-x86_64-2.txz.asc
--rw-r--r-- 1 root root 477 2019-12-30 01:02 ./slackware64/l/Mako-1.1.0-x86_64-2.txt
--rw-r--r-- 1 root root 160748 2019-12-30 01:02 ./slackware64/l/Mako-1.1.0-x86_64-2.txz
--rw-r--r-- 1 root root 163 2019-12-30 01:02 ./slackware64/l/Mako-1.1.0-x86_64-2.txz.asc
+-rw-r--r-- 1 root root 477 2020-01-21 17:56 ./slackware64/l/Mako-1.1.1-x86_64-1.txt
+-rw-r--r-- 1 root root 160896 2020-01-21 17:56 ./slackware64/l/Mako-1.1.1-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2020-01-21 17:56 ./slackware64/l/Mako-1.1.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 268 2019-12-30 01:12 ./slackware64/l/PyQt-4.12.3-x86_64-2.txt
-rw-r--r-- 1 root root 10053004 2019-12-30 01:12 ./slackware64/l/PyQt-4.12.3-x86_64-2.txz
-rw-r--r-- 1 root root 163 2019-12-30 01:12 ./slackware64/l/PyQt-4.12.3-x86_64-2.txz.asc
@@ -2867,9 +2867,9 @@ drwxr-xr-x 2 root root 69632 2020-01-20 22:49 ./slackware64/l
-rw-r--r-- 1 root root 340 2018-04-13 14:53 ./slackware64/l/keybinder-0.3.1-x86_64-2.txt
-rw-r--r-- 1 root root 34060 2018-04-13 14:53 ./slackware64/l/keybinder-0.3.1-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 14:53 ./slackware64/l/keybinder-0.3.1-x86_64-2.txz.asc
--rw-r--r-- 1 root root 412 2019-11-25 18:33 ./slackware64/l/keyutils-1.6-x86_64-2.txt
--rw-r--r-- 1 root root 79976 2019-11-25 18:33 ./slackware64/l/keyutils-1.6-x86_64-2.txz
--rw-r--r-- 1 root root 163 2019-11-25 18:33 ./slackware64/l/keyutils-1.6-x86_64-2.txz.asc
+-rw-r--r-- 1 root root 412 2020-01-21 17:44 ./slackware64/l/keyutils-1.6.1-x86_64-1.txt
+-rw-r--r-- 1 root root 83984 2020-01-21 17:44 ./slackware64/l/keyutils-1.6.1-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2020-01-21 17:44 ./slackware64/l/keyutils-1.6.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 317 2018-04-13 14:53 ./slackware64/l/lame-3.100-x86_64-2.txt
-rw-r--r-- 1 root root 270272 2018-04-13 14:53 ./slackware64/l/lame-3.100-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 14:53 ./slackware64/l/lame-3.100-x86_64-2.txz.asc
@@ -3476,7 +3476,7 @@ drwxr-xr-x 2 root root 69632 2020-01-20 22:49 ./slackware64/l
-rw-r--r-- 1 root root 463 2019-12-29 18:55 ./slackware64/l/zstd-1.4.4-x86_64-2.txt
-rw-r--r-- 1 root root 405812 2019-12-29 18:55 ./slackware64/l/zstd-1.4.4-x86_64-2.txz
-rw-r--r-- 1 root root 163 2019-12-29 18:55 ./slackware64/l/zstd-1.4.4-x86_64-2.txz.asc
-drwxr-xr-x 2 root root 36864 2020-01-20 22:49 ./slackware64/n
+drwxr-xr-x 2 root root 36864 2020-01-21 21:31 ./slackware64/n
-rw-r--r-- 1 root root 357 2020-01-14 18:18 ./slackware64/n/ModemManager-1.12.4-x86_64-1.txt
-rw-r--r-- 1 root root 1766548 2020-01-14 18:18 ./slackware64/n/ModemManager-1.12.4-x86_64-1.txz
-rw-r--r-- 1 root root 163 2020-01-14 18:18 ./slackware64/n/ModemManager-1.12.4-x86_64-1.txz.asc
@@ -3617,6 +3617,9 @@ drwxr-xr-x 2 root root 36864 2020-01-20 22:49 ./slackware64/n
-rw-r--r-- 1 root root 422 2019-12-05 17:56 ./slackware64/n/iw-5.4-x86_64-1.txt
-rw-r--r-- 1 root root 81100 2019-12-05 17:56 ./slackware64/n/iw-5.4-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-12-05 17:56 ./slackware64/n/iw-5.4-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 304 2020-01-21 18:51 ./slackware64/n/krb5-1.17-x86_64-1.txt
+-rw-r--r-- 1 root root 1211536 2020-01-21 18:51 ./slackware64/n/krb5-1.17-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2020-01-21 18:51 ./slackware64/n/krb5-1.17-x86_64-1.txz.asc
-rw-r--r-- 1 root root 546 2020-01-16 17:46 ./slackware64/n/lftp-4.9.1-x86_64-1.txt
-rw-r--r-- 1 root root 903664 2020-01-16 17:46 ./slackware64/n/lftp-4.9.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2020-01-16 17:46 ./slackware64/n/lftp-4.9.1-x86_64-1.txz.asc
@@ -3680,8 +3683,8 @@ drwxr-xr-x 2 root root 36864 2020-01-20 22:49 ./slackware64/n
-rw-r--r-- 1 root root 495 2018-11-02 19:41 ./slackware64/n/lynx-2.8.9rel.1-x86_64-1.txt
-rw-r--r-- 1 root root 1739904 2018-11-02 19:41 ./slackware64/n/lynx-2.8.9rel.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-11-02 19:41 ./slackware64/n/lynx-2.8.9rel.1-x86_64-1.txz.asc
--rw-r--r-- 1 root root 11108 2018-11-24 20:17 ./slackware64/n/maketag
--rw-r--r-- 1 root root 11108 2018-11-24 20:17 ./slackware64/n/maketag.ez
+-rw-r--r-- 1 root root 11166 2020-01-21 19:31 ./slackware64/n/maketag
+-rw-r--r-- 1 root root 11166 2020-01-21 19:31 ./slackware64/n/maketag.ez
-rw-r--r-- 1 root root 416 2018-10-24 20:45 ./slackware64/n/mcabber-1.1.0-x86_64-1.txt
-rw-r--r-- 1 root root 245444 2018-10-24 20:45 ./slackware64/n/mcabber-1.1.0-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-10-24 20:45 ./slackware64/n/mcabber-1.1.0-x86_64-1.txz.asc
@@ -3808,9 +3811,9 @@ drwxr-xr-x 2 root root 36864 2020-01-20 22:49 ./slackware64/n
-rw-r--r-- 1 root root 485 2019-12-20 19:31 ./slackware64/n/p11-kit-0.23.18.1-x86_64-2.txt
-rw-r--r-- 1 root root 441360 2019-12-20 19:31 ./slackware64/n/p11-kit-0.23.18.1-x86_64-2.txz
-rw-r--r-- 1 root root 163 2019-12-20 19:31 ./slackware64/n/p11-kit-0.23.18.1-x86_64-2.txz.asc
--rw-r--r-- 1 root root 374 2019-12-19 00:30 ./slackware64/n/php-7.4.1-x86_64-1.txt
--rw-r--r-- 1 root root 5700044 2019-12-19 00:30 ./slackware64/n/php-7.4.1-x86_64-1.txz
--rw-r--r-- 1 root root 163 2019-12-19 00:30 ./slackware64/n/php-7.4.1-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 374 2020-01-21 17:57 ./slackware64/n/php-7.4.2-x86_64-1.txt
+-rw-r--r-- 1 root root 5698524 2020-01-21 17:57 ./slackware64/n/php-7.4.2-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2020-01-21 17:57 ./slackware64/n/php-7.4.2-x86_64-1.txz.asc
-rw-r--r-- 1 root root 576 2018-05-08 04:25 ./slackware64/n/pidentd-3.0.19-x86_64-4.txt
-rw-r--r-- 1 root root 43000 2018-05-08 04:25 ./slackware64/n/pidentd-3.0.19-x86_64-4.txz
-rw-r--r-- 1 root root 163 2018-05-08 04:25 ./slackware64/n/pidentd-3.0.19-x86_64-4.txz.asc
@@ -3850,9 +3853,9 @@ drwxr-xr-x 2 root root 36864 2020-01-20 22:49 ./slackware64/n
-rw-r--r-- 1 root root 443 2019-12-30 20:02 ./slackware64/n/s-nail-14.9.16-x86_64-1.txt
-rw-r--r-- 1 root root 535976 2019-12-30 20:02 ./slackware64/n/s-nail-14.9.16-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-12-30 20:02 ./slackware64/n/s-nail-14.9.16-x86_64-1.txz.asc
--rw-r--r-- 1 root root 507 2019-12-30 07:09 ./slackware64/n/samba-4.11.4-x86_64-2.txt
--rw-r--r-- 1 root root 12731752 2019-12-30 07:09 ./slackware64/n/samba-4.11.4-x86_64-2.txz
--rw-r--r-- 1 root root 163 2019-12-30 07:09 ./slackware64/n/samba-4.11.4-x86_64-2.txz.asc
+-rw-r--r-- 1 root root 507 2020-01-21 18:10 ./slackware64/n/samba-4.11.5-x86_64-1.txt
+-rw-r--r-- 1 root root 12733984 2020-01-21 18:10 ./slackware64/n/samba-4.11.5-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2020-01-21 18:10 ./slackware64/n/samba-4.11.5-x86_64-1.txz.asc
-rw-r--r-- 1 root root 346 2018-11-08 00:52 ./slackware64/n/slrn-1.0.3a-x86_64-1.txt
-rw-r--r-- 1 root root 470008 2018-11-08 00:52 ./slackware64/n/slrn-1.0.3a-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-11-08 00:52 ./slackware64/n/slrn-1.0.3a-x86_64-1.txz.asc
@@ -3865,7 +3868,7 @@ drwxr-xr-x 2 root root 36864 2020-01-20 22:49 ./slackware64/n
-rw-r--r-- 1 root root 510 2019-11-24 21:00 ./slackware64/n/stunnel-5.56-x86_64-1.txt
-rw-r--r-- 1 root root 185648 2019-11-24 21:00 ./slackware64/n/stunnel-5.56-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-11-24 21:00 ./slackware64/n/stunnel-5.56-x86_64-1.txz.asc
--rw-r--r-- 1 root root 1896 2018-11-24 20:17 ./slackware64/n/tagfile
+-rw-r--r-- 1 root root 1905 2020-01-21 19:31 ./slackware64/n/tagfile
-rw-r--r-- 1 root root 648 2018-04-13 15:54 ./slackware64/n/tcp_wrappers-7.6-x86_64-2.txt
-rw-r--r-- 1 root root 77684 2018-04-13 15:54 ./slackware64/n/tcp_wrappers-7.6-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 15:54 ./slackware64/n/tcp_wrappers-7.6-x86_64-2.txz.asc
@@ -4817,7 +4820,7 @@ drwxr-xr-x 2 root root 65536 2020-01-19 19:38 ./slackware64/x
-rw-r--r-- 1 root root 213 2018-04-13 06:10 ./slackware64/x/xwud-1.0.5-x86_64-2.txt
-rw-r--r-- 1 root root 25288 2018-04-13 06:10 ./slackware64/x/xwud-1.0.5-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 06:10 ./slackware64/x/xwud-1.0.5-x86_64-2.txz.asc
-drwxr-xr-x 2 root root 12288 2020-01-20 22:49 ./slackware64/xap
+drwxr-xr-x 2 root root 12288 2020-01-21 21:30 ./slackware64/xap
-rw-r--r-- 1 root root 625 2020-01-03 18:37 ./slackware64/xap/MPlayer-20200103-x86_64-1.txt
-rw-r--r-- 1 root root 2730320 2020-01-03 18:37 ./slackware64/xap/MPlayer-20200103-x86_64-1.txz
-rw-r--r-- 1 root root 163 2020-01-03 18:37 ./slackware64/xap/MPlayer-20200103-x86_64-1.txz.asc
@@ -4869,9 +4872,9 @@ drwxr-xr-x 2 root root 12288 2020-01-20 22:49 ./slackware64/xap
-rw-r--r-- 1 root root 644 2019-12-02 20:32 ./slackware64/xap/gnuplot-5.2.8-x86_64-1.txt
-rw-r--r-- 1 root root 1406640 2019-12-02 20:32 ./slackware64/xap/gnuplot-5.2.8-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-12-02 20:32 ./slackware64/xap/gnuplot-5.2.8-x86_64-1.txz.asc
--rw-r--r-- 1 root root 377 2019-05-30 18:47 ./slackware64/xap/gparted-1.0.0-x86_64-1.txt
--rw-r--r-- 1 root root 853344 2019-05-30 18:47 ./slackware64/xap/gparted-1.0.0-x86_64-1.txz
--rw-r--r-- 1 root root 163 2019-05-30 18:47 ./slackware64/xap/gparted-1.0.0-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 377 2020-01-21 17:43 ./slackware64/xap/gparted-1.1.0-x86_64-1.txt
+-rw-r--r-- 1 root root 862784 2020-01-21 17:43 ./slackware64/xap/gparted-1.1.0-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2020-01-21 17:43 ./slackware64/xap/gparted-1.1.0-x86_64-1.txz.asc
-rw-r--r-- 1 root root 209 2019-03-13 17:40 ./slackware64/xap/gucharmap-12.0.1-x86_64-1.txt
-rw-r--r-- 1 root root 2200864 2019-03-13 17:40 ./slackware64/xap/gucharmap-12.0.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-03-13 17:40 ./slackware64/xap/gucharmap-12.0.1-x86_64-1.txz.asc
@@ -5054,11 +5057,11 @@ drwxr-xr-x 2 root root 4096 2019-02-17 23:51 ./slackware64/y
-rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag
-rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag.ez
-rw-r--r-- 1 root root 14 2018-03-01 07:55 ./slackware64/y/tagfile
-drwxr-xr-x 19 root root 4096 2020-01-20 22:53 ./source
--rw-r--r-- 1 root root 475082 2020-01-20 22:53 ./source/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2020-01-20 22:53 ./source/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 669879 2020-01-20 22:53 ./source/FILE_LIST
--rw-r--r-- 1 root root 18292075 2020-01-20 22:53 ./source/MANIFEST.bz2
+drwxr-xr-x 19 root root 4096 2020-01-21 21:35 ./source
+-rw-r--r-- 1 root root 476833 2020-01-21 21:35 ./source/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2020-01-21 21:35 ./source/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 672276 2020-01-21 21:34 ./source/FILE_LIST
+-rw-r--r-- 1 root root 18325900 2020-01-21 21:34 ./source/MANIFEST.bz2
-rw-r--r-- 1 root root 1314 2006-10-02 04:40 ./source/README.TXT
drwxr-xr-x 111 root root 4096 2020-01-12 22:42 ./source/a
-rw-r--r-- 1 root root 1034 2019-05-04 17:56 ./source/a/FTBFSlog
@@ -5070,10 +5073,10 @@ drwxr-xr-x 2 root root 4096 2018-06-24 18:43 ./source/a/aaa_base
-rw-r--r-- 1 root root 783 2018-02-27 06:13 ./source/a/aaa_base/slack-desc
-rw-r--r-- 1 root root 15 2015-12-28 19:27 ./source/a/aaa_base/slackware-version
drwxr-xr-x 2 root root 4096 2019-12-21 00:21 ./source/a/aaa_elflibs
--rwxr-xr-x 1 root root 4266 2020-01-11 21:13 ./source/a/aaa_elflibs/aaa_elflibs.SlackBuild
+-rwxr-xr-x 1 root root 4266 2020-01-21 18:54 ./source/a/aaa_elflibs/aaa_elflibs.SlackBuild
-rwxr-xr-x 1 root root 1630 2015-04-20 04:39 ./source/a/aaa_elflibs/display_orphans.sh
-rw-r--r-- 1 root root 930 2018-02-27 06:13 ./source/a/aaa_elflibs/slack-desc
--rw-r--r-- 1 root root 1895 2019-12-21 00:20 ./source/a/aaa_elflibs/symlinks-to-tracked-libs
+-rw-r--r-- 1 root root 1985 2020-01-21 18:54 ./source/a/aaa_elflibs/symlinks-to-tracked-libs
-rw-r--r-- 1 root root 782 2019-12-21 00:21 ./source/a/aaa_elflibs/symlinks-to-tracked-libs-tmp
-rw-r--r-- 1 root root 312 2020-01-11 21:13 ./source/a/aaa_elflibs/tracked-files
-rw-r--r-- 1 root root 213 2015-04-20 04:40 ./source/a/aaa_elflibs/tracked-files-tmp
@@ -5634,9 +5637,9 @@ drwxr-xr-x 2 root root 4096 2019-12-15 18:10 ./source/a/mkinitrd
-rw-r--r-- 1 root root 983 2018-02-27 06:13 ./source/a/mkinitrd/slack-desc
drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/a/mlocate
-rw-r--r-- 1 root root 388 2017-03-16 18:04 ./source/a/mlocate/doinst.sh.gz
--rw-rw-r-- 1 root root 359204 2012-09-22 02:54 ./source/a/mlocate/mlocate-0.26.tar.xz
--rw-r--r-- 1 root root 138 2017-03-17 06:51 ./source/a/mlocate/mlocate-run-updatedb
--rwxr-xr-x 1 root root 5342 2019-09-29 23:48 ./source/a/mlocate/mlocate.SlackBuild
+-rw-rw-r-- 1 root root 359204 2012-09-22 02:54 ./source/a/mlocate/mlocate-0.26.tar.xz
+-rw-r--r-- 1 root root 138 2017-03-17 06:51 ./source/a/mlocate/mlocate-run-updatedb
+-rwxr-xr-x 1 root root 5342 2019-09-29 23:48 ./source/a/mlocate/mlocate.SlackBuild
-rw-r--r-- 1 root root 66 2017-03-17 07:02 ./source/a/mlocate/mlocate.cron
-rw-r--r-- 1 root root 1123 2018-02-27 06:13 ./source/a/mlocate/slack-desc
-rw-r--r-- 1 root root 546 2017-03-17 06:56 ./source/a/mlocate/updatedb.conf.new
@@ -5966,7 +5969,7 @@ drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/a/utempter
-rw-r--r-- 1 root root 198 2010-11-04 14:14 ./source/a/utempter/libutempter-1.1.6.tar.bz2.asc
-rw-r--r-- 1 root root 806 2018-02-27 06:13 ./source/a/utempter/slack-desc
-rwxr-xr-x 1 root root 4159 2019-09-29 23:48 ./source/a/utempter/utempter.SlackBuild
-drwxr-xr-x 2 root root 4096 2019-12-29 19:15 ./source/a/util-linux
+drwxr-xr-x 2 root root 4096 2020-01-21 18:04 ./source/a/util-linux
-rw-r--r-- 1 root root 53236 2011-07-12 20:47 ./source/a/util-linux/adjtimex_1.29-2.2.diff.gz
-rw-r--r-- 1 root root 85551 2010-04-17 03:32 ./source/a/util-linux/adjtimex_1.29.orig.tar.gz
-rw-r--r-- 1 root root 434 2014-10-30 15:31 ./source/a/util-linux/bsdstrings-util-linux_overflow.diff.gz
@@ -5979,10 +5982,10 @@ drwxr-xr-x 2 root root 4096 2019-12-29 19:15 ./source/a/util-linux
-rw-r--r-- 1 root root 52437 2009-05-30 01:25 ./source/a/util-linux/setserial-2.17.tar.gz
-rw-r--r-- 1 root root 729 2009-05-30 01:25 ./source/a/util-linux/setserial-rc.serial.diff.gz
-rw-r--r-- 1 root root 376 2010-03-30 04:06 ./source/a/util-linux/setserial-undef_TIOCGHAYESESP.diff.gz
--rw-r--r-- 1 root root 796 2018-02-27 06:13 ./source/a/util-linux/slack-desc
--rw-r--r-- 1 root root 833 2019-06-14 10:46 ./source/a/util-linux/util-linux-2.34.tar.sign
--rw-r--r-- 1 root root 4974812 2019-06-14 10:46 ./source/a/util-linux/util-linux-2.34.tar.xz
--rwxr-xr-x 1 root root 10570 2019-12-29 19:15 ./source/a/util-linux/util-linux.SlackBuild
+-rw-r--r-- 1 root root 806 2020-01-21 18:04 ./source/a/util-linux/slack-desc
+-rw-r--r-- 1 root root 833 2020-01-21 10:50 ./source/a/util-linux/util-linux-2.35.tar.sign
+-rw-r--r-- 1 root root 5137796 2020-01-21 10:50 ./source/a/util-linux/util-linux-2.35.tar.xz
+-rwxr-xr-x 1 root root 10576 2020-01-21 18:05 ./source/a/util-linux/util-linux.SlackBuild
-rw-r--r-- 1 root root 275 2019-01-02 21:53 ./source/a/util-linux/util-linux.do.not.list.ram.devices.diff.gz
-rw-r--r-- 1 root root 335 2014-07-03 08:34 ./source/a/util-linux/util-linux.fdisk-no-solaris.diff.gz
-rw-r--r-- 1 root root 10292 2009-05-30 01:25 ./source/a/util-linux/ziptool-1.4.0.tar.xz
@@ -6862,10 +6865,10 @@ drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/d/pmake
-rw-r--r-- 1 root root 26675 2005-07-07 09:32 ./source/d/pmake/pmake_1.111-1.diff.gz
-rw-r--r-- 1 root root 790 2018-02-27 06:49 ./source/d/pmake/slack-desc
drwxr-xr-x 2 root root 4096 2019-12-20 19:34 ./source/d/python
-drwxr-xr-x 2 root root 4096 2019-12-29 19:15 ./source/d/python-pip
--rw-r--r-- 1 root root 999996 2019-10-18 08:21 ./source/d/python-pip/pip-19.3.1.tar.lz
+drwxr-xr-x 2 root root 4096 2020-01-21 17:57 ./source/d/python-pip
+-rw-r--r-- 1 root root 1023091 2020-01-21 12:43 ./source/d/python-pip/pip-20.0.1.tar.lz
-rw-r--r-- 1 root root 33 2018-03-29 06:10 ./source/d/python-pip/pip.url
--rwxr-xr-x 1 root root 3066 2019-12-29 19:15 ./source/d/python-pip/python-pip.SlackBuild
+-rwxr-xr-x 1 root root 3066 2020-01-21 17:57 ./source/d/python-pip/python-pip.SlackBuild
-rw-r--r-- 1 root root 760 2018-02-27 06:13 ./source/d/python-pip/slack-desc
drwxr-xr-x 2 root root 4096 2020-01-20 19:35 ./source/d/python-setuptools
-rwxr-xr-x 1 root root 3414 2020-01-01 19:30 ./source/d/python-setuptools/python-setuptools.SlackBuild
@@ -8217,9 +8220,9 @@ drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/l/M2Crypto
-rw-r--r-- 1 root root 1024 2018-02-27 06:12 ./source/l/M2Crypto/slack-desc
-rw-r--r-- 1 root root 46760 2019-06-19 22:31 ./source/l/M2Crypto/typing-3.7.4.tar.xz
-rw-r--r-- 1 root root 36 2018-09-24 19:28 ./source/l/M2Crypto/typing.url
-drwxr-xr-x 2 root root 4096 2019-12-29 19:15 ./source/l/Mako
--rw-r--r-- 1 root root 335303 2019-08-01 16:28 ./source/l/Mako/Mako-1.1.0.tar.lz
--rwxr-xr-x 1 root root 2905 2019-12-29 19:15 ./source/l/Mako/Mako.SlackBuild
+drwxr-xr-x 2 root root 4096 2020-01-21 17:56 ./source/l/Mako
+-rw-r--r-- 1 root root 339384 2020-01-20 21:15 ./source/l/Mako/Mako-1.1.1.tar.lz
+-rwxr-xr-x 1 root root 2905 2020-01-21 17:56 ./source/l/Mako/Mako.SlackBuild
-rw-r--r-- 1 root root 33 2018-11-26 21:01 ./source/l/Mako/Mako.url
-rw-r--r-- 1 root root 961 2018-02-27 06:12 ./source/l/Mako/slack-desc
drwxr-xr-x 2 root root 4096 2019-12-29 19:15 ./source/l/PyQt
@@ -8863,9 +8866,9 @@ drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/l/keybinder
-rw-r--r-- 1 root root 239176 2015-11-06 15:32 ./source/l/keybinder/keybinder-3.0-0.3.1.tar.xz
-rwxr-xr-x 1 root root 4838 2019-09-29 23:48 ./source/l/keybinder/keybinder.SlackBuild
-rw-r--r-- 1 root root 829 2018-02-27 06:12 ./source/l/keybinder/slack-desc
-drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/l/keyutils
--rw-r--r-- 1 root root 91583 2018-11-14 17:49 ./source/l/keyutils/keyutils-1.6.tar.lz
--rwxr-xr-x 1 root root 4644 2019-11-25 05:17 ./source/l/keyutils/keyutils.SlackBuild
+drwxr-xr-x 2 root root 4096 2020-01-21 17:44 ./source/l/keyutils
+-rw-r--r-- 1 root root 94987 2019-11-26 00:28 ./source/l/keyutils/keyutils-1.6.1.tar.lz
+-rwxr-xr-x 1 root root 4644 2020-01-21 17:44 ./source/l/keyutils/keyutils.SlackBuild
-rw-r--r-- 1 root root 868 2018-02-27 06:12 ./source/l/keyutils/slack-desc
drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/l/lame
-rw-r--r-- 1 root root 1031744 2017-10-13 20:33 ./source/l/lame/lame-3.100.tar.xz
@@ -9984,7 +9987,7 @@ drwxr-xr-x 2 root root 4096 2019-12-29 18:53 ./source/l/zstd
-rw-r--r-- 1 root root 325 2018-12-30 04:38 ./source/l/zstd/zstd.dont.link.pzstd.to.static.libzstd.a.diff.gz
-rw-r--r-- 1 root root 33 2018-11-08 01:06 ./source/l/zstd/zstd.url
-rwxr-xr-x 1 root root 14025 2018-11-20 03:08 ./source/make_world.sh
-drwxr-xr-x 147 root root 4096 2019-12-01 19:14 ./source/n
+drwxr-xr-x 148 root root 4096 2020-01-21 18:45 ./source/n
-rw-r--r-- 1 root root 1086 2020-01-14 04:36 ./source/n/FTBFSlog
drwxr-xr-x 2 root root 4096 2020-01-14 18:16 ./source/n/ModemManager
-rw-r--r-- 1 root root 2145600 2020-01-13 16:40 ./source/n/ModemManager/ModemManager-1.12.4.tar.xz
@@ -10317,6 +10320,34 @@ drwxr-xr-x 2 root root 4096 2019-12-05 17:56 ./source/n/iw
-rwxr-xr-x 1 root root 3643 2019-09-29 23:48 ./source/n/iw/iw.SlackBuild
-rw-r--r-- 1 root root 47 2019-02-02 03:29 ./source/n/iw/iw.url
-rw-r--r-- 1 root root 876 2018-02-27 06:13 ./source/n/iw/slack-desc
+drwxr-xr-x 4 root root 4096 2020-01-21 18:39 ./source/n/krb5
+drwxr-xr-x 2 root root 4096 2020-01-21 18:39 ./source/n/krb5/conf
+-rw-r--r-- 1 root root 92 2019-12-10 20:45 ./source/n/krb5/conf/kadmind
+-rw-r--r-- 1 root root 1164 2019-12-10 21:03 ./source/n/krb5/conf/kdc.conf.example
+-rw-r--r-- 1 root root 90 2019-12-10 20:48 ./source/n/krb5/conf/kpropd
+-rw-r--r-- 1 root root 628 2019-12-10 21:00 ./source/n/krb5/conf/krb5.conf.example
+-rw-r--r-- 1 root root 92 2019-12-10 20:49 ./source/n/krb5/conf/krb5kdc
+-rw-r--r-- 1 root root 797 2019-12-12 21:24 ./source/n/krb5/conf/rc.kadmind
+-rw-r--r-- 1 root root 857 2019-12-12 21:25 ./source/n/krb5/conf/rc.kpropd
+-rw-r--r-- 1 root root 842 2019-12-12 21:24 ./source/n/krb5/conf/rc.krb5kdc
+-rw-r--r-- 1 root root 357 2019-12-10 20:54 ./source/n/krb5/doinst.sh.gz
+-rw-r--r-- 1 root root 6053923 2019-01-08 16:14 ./source/n/krb5/krb5-1.17.tar.lz
+-rwxr-xr-x 1 root root 7876 2020-01-21 19:09 ./source/n/krb5/krb5.SlackBuild
+-rw-r--r-- 1 root root 39 2017-09-30 20:08 ./source/n/krb5/krb5.url
+drwxr-xr-x 2 root root 4096 2018-06-11 20:34 ./source/n/krb5/patches
+-rw-r--r-- 1 root root 786 2017-05-20 06:32 ./source/n/krb5/patches/Build-with-Werror-implicit-int-where-supported.patch.gz
+-rw-r--r-- 1 root root 428 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.11-kpasswdtest.patch.gz
+-rw-r--r-- 1 root root 730 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.11-run_user_0.patch.gz
+-rw-r--r-- 1 root root 708 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.12-api.patch.gz
+-rw-r--r-- 1 root root 512 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.12-ksu-path.patch.gz
+-rw-r--r-- 1 root root 2956 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.12-ktany.patch.gz
+-rw-r--r-- 1 root root 6301 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.12.1-pam.patch.gz
+-rw-r--r-- 1 root root 1387 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch.gz
+-rw-r--r-- 1 root root 1492 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.15-beta1-buildconf.patch.gz
+-rw-r--r-- 1 root root 9919 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.15-beta1-selinux-label.patch.gz
+-rw-r--r-- 1 root root 501 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.3.1-dns.patch.gz
+-rw-r--r-- 1 root root 807 2017-05-20 06:32 ./source/n/krb5/patches/krb5-1.9-debuginfo.patch.gz
+-rw-r--r-- 1 root root 756 2020-01-21 18:49 ./source/n/krb5/slack-desc
drwxr-xr-x 2 root root 4096 2020-01-16 17:44 ./source/n/lftp
-rw-r--r-- 1 root root 263 2009-05-31 06:11 ./source/n/lftp/doinst.sh.gz
-rw-r--r-- 1 root root 1648564 2020-01-15 20:01 ./source/n/lftp/lftp-4.9.1.tar.xz
@@ -10738,12 +10769,12 @@ drwxr-xr-x 2 root root 4096 2019-12-20 19:30 ./source/n/p11-kit
-rwxr-xr-x 1 root root 3627 2019-12-20 19:30 ./source/n/p11-kit/p11-kit.SlackBuild
-rw-r--r-- 1 root root 45 2018-05-28 18:06 ./source/n/p11-kit/p11-kit.url
-rw-r--r-- 1 root root 972 2018-02-27 06:13 ./source/n/p11-kit/slack-desc
-drwxr-xr-x 2 root root 4096 2019-12-19 00:26 ./source/n/php
+drwxr-xr-x 2 root root 4096 2020-01-21 17:51 ./source/n/php
-rw-r--r-- 1 root root 425 2017-12-08 01:53 ./source/n/php/doinst.sh.gz
--rwxr-xr-x 1 root root 118 2019-12-19 00:26 ./source/n/php/fetch-php.sh
+-rwxr-xr-x 1 root root 118 2020-01-21 17:51 ./source/n/php/fetch-php.sh
-rw-r--r-- 1 root root 1022 2017-11-28 18:32 ./source/n/php/mod_php.conf.example
--rw-r--r-- 1 root root 10245600 2019-12-18 01:10 ./source/n/php/php-7.4.1.tar.xz
--rw-r--r-- 1 root root 833 2019-12-18 01:10 ./source/n/php/php-7.4.1.tar.xz.asc
+-rw-r--r-- 1 root root 10252304 2020-01-21 11:20 ./source/n/php/php-7.4.2.tar.xz
+-rw-r--r-- 1 root root 833 2020-01-21 11:20 ./source/n/php/php-7.4.2.tar.xz.asc
-rw-r--r-- 1 root root 387 2017-11-28 02:08 ./source/n/php/php-fpm.conf.diff.gz
-rwxr-xr-x 1 root root 9347 2020-01-20 19:33 ./source/n/php/php.SlackBuild
-rw-r--r-- 1 root root 799 2019-12-01 19:12 ./source/n/php/php.ini-development.diff.gz
@@ -10869,14 +10900,14 @@ drwxr-xr-x 2 root root 4096 2019-12-30 20:01 ./source/n/s-nail
-rwxr-xr-x 1 root root 4204 2019-12-30 20:02 ./source/n/s-nail/s-nail.SlackBuild
-rw-r--r-- 1 root root 92 2019-12-30 19:59 ./source/n/s-nail/s-nail.url
-rw-r--r-- 1 root root 930 2018-11-24 18:35 ./source/n/s-nail/slack-desc
-drwxr-xr-x 2 root root 4096 2019-12-30 05:30 ./source/n/samba
+drwxr-xr-x 2 root root 4096 2020-01-21 21:19 ./source/n/samba
-rw-r--r-- 1 root root 703 2016-06-13 04:19 ./source/n/samba/doinst.sh.gz
-rw-r--r-- 1 root root 940 2016-06-04 17:50 ./source/n/samba/rc.samba
--rw-r--r-- 1 root root 224 2019-12-16 15:02 ./source/n/samba/samba-4.11.4.tar.asc
--rw-r--r-- 1 root root 11565542 2019-12-16 15:02 ./source/n/samba/samba-4.11.4.tar.lz
--rwxr-xr-x 1 root root 7263 2019-12-30 05:30 ./source/n/samba/samba.SlackBuild
+-rw-r--r-- 1 root root 224 2020-01-14 08:53 ./source/n/samba/samba-4.11.5.tar.asc
+-rw-r--r-- 1 root root 11568165 2020-01-14 08:53 ./source/n/samba/samba-4.11.5.tar.lz
+-rwxr-xr-x 1 root root 7263 2020-01-21 17:59 ./source/n/samba/samba.SlackBuild
-rw-r--r-- 1 root root 227 2019-02-06 20:36 ./source/n/samba/samba.libsmbclient.h.ffmpeg.compat.diff.gz
--rw-r--r-- 1 root root 129 2019-12-16 17:40 ./source/n/samba/samba.url
+-rw-r--r-- 1 root root 129 2020-01-21 17:59 ./source/n/samba/samba.url
-rw-r--r-- 1 root root 960 2018-02-27 06:13 ./source/n/samba/slack-desc
-rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./source/n/samba/smb.conf.default
-rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./source/n/samba/smb.conf.default.orig
@@ -12358,34 +12389,34 @@ drwxr-xr-x 2 root root 4096 2019-12-13 20:03 ./source/x/x11/src/lib
-rw-r--r-- 1 root root 565164 2015-05-01 05:18 ./source/x/x11/src/lib/libXaw-1.0.13.tar.xz
-rw-r--r-- 1 root root 475672 2018-06-19 05:01 ./source/x/x11/src/lib/libXaw3d-1.6.3.tar.xz
-rw-r--r-- 1 root root 259212 2019-03-11 00:29 ./source/x/x11/src/lib/libXcomposite-0.4.5.tar.xz
--rw-r--r-- 1 root root 275100 2019-03-11 00:38 ./source/x/x11/src/lib/libXcursor-1.2.0.tar.xz
--rw-r--r-- 1 root root 250040 2019-03-11 01:09 ./source/x/x11/src/lib/libXdamage-1.1.5.tar.xz
--rw-r--r-- 1 root root 288292 2019-03-16 16:22 ./source/x/x11/src/lib/libXdmcp-1.1.3.tar.xz
--rw-r--r-- 1 root root 212200 2010-10-31 16:46 ./source/x/x11/src/lib/libXevie-1.0.3.tar.xz
--rw-r--r-- 1 root root 331984 2019-03-16 17:43 ./source/x/x11/src/lib/libXext-1.3.4.tar.xz
--rw-r--r-- 1 root root 243620 2016-10-04 20:22 ./source/x/x11/src/lib/libXfixes-5.0.3.tar.xz
--rw-r--r-- 1 root root 437676 2019-09-14 18:42 ./source/x/x11/src/lib/libXfont2-2.0.4.tar.xz
--rw-r--r-- 1 root root 189140 2009-10-13 20:47 ./source/x/x11/src/lib/libXfontcache-1.0.5.tar.xz
--rw-r--r-- 1 root root 289472 2019-03-16 18:13 ./source/x/x11/src/lib/libXft-2.3.3.tar.xz
--rw-r--r-- 1 root root 400272 2019-06-19 16:44 ./source/x/x11/src/lib/libXi-1.7.10.tar.xz
--rw-r--r-- 1 root root 254948 2018-07-05 15:43 ./source/x/x11/src/lib/libXinerama-1.1.4.tar.xz
--rw-r--r-- 1 root root 337980 2019-03-16 18:43 ./source/x/x11/src/lib/libXmu-1.1.3.tar.xz
--rw-r--r-- 1 root root 259376 2015-02-21 22:05 ./source/x/x11/src/lib/libXp-1.0.3.tar.xz
--rw-r--r-- 1 root root 380848 2019-12-13 04:52 ./source/x/x11/src/lib/libXpm-3.5.13.tar.xz
--rw-r--r-- 1 root root 235464 2015-04-17 18:42 ./source/x/x11/src/lib/libXpresent-1.0.0.tar.xz
--rw-r--r-- 1 root root 275120 2019-03-16 20:58 ./source/x/x11/src/lib/libXrandr-1.5.2.tar.xz
--rw-r--r-- 1 root root 255432 2016-10-04 20:24 ./source/x/x11/src/lib/libXrender-0.9.10.tar.xz
--rw-r--r-- 1 root root 254692 2017-10-11 15:13 ./source/x/x11/src/lib/libXres-1.2.0.tar.xz
--rw-r--r-- 1 root root 679996 2019-06-21 23:32 ./source/x/x11/src/lib/libXt-1.2.0.tar.xz
--rw-r--r-- 1 root root 267468 2016-10-04 20:25 ./source/x/x11/src/lib/libXtst-1.2.3.tar.xz
--rw-r--r-- 1 root root 257292 2016-10-04 20:25 ./source/x/x11/src/lib/libXv-1.0.11.tar.xz
--rw-r--r-- 1 root root 270188 2019-09-24 16:55 ./source/x/x11/src/lib/libXvMC-1.0.12.tar.xz
--rw-r--r-- 1 root root 262516 2019-03-16 22:21 ./source/x/x11/src/lib/libXxf86dga-1.1.5.tar.xz
--rw-r--r-- 1 root root 251004 2018-07-05 16:49 ./source/x/x11/src/lib/libXxf86misc-1.0.4.tar.xz
--rw-r--r-- 1 root root 244964 2015-02-24 07:04 ./source/x/x11/src/lib/libXxf86vm-1.1.4.tar.xz
--rw-r--r-- 1 root root 259316 2018-05-14 00:45 ./source/x/x11/src/lib/libdmx-1.1.4.tar.xz
--rw-r--r-- 1 root root 263112 2019-02-20 01:33 ./source/x/x11/src/lib/libfontenc-1.1.4.tar.xz
--rw-r--r-- 1 root root 320072 2019-07-17 16:25 ./source/x/x11/src/lib/libpciaccess-0.16.tar.xz
+-rw-r--r-- 1 root root 275100 2019-03-11 00:38 ./source/x/x11/src/lib/libXcursor-1.2.0.tar.xz
+-rw-r--r-- 1 root root 250040 2019-03-11 01:09 ./source/x/x11/src/lib/libXdamage-1.1.5.tar.xz
+-rw-r--r-- 1 root root 288292 2019-03-16 16:22 ./source/x/x11/src/lib/libXdmcp-1.1.3.tar.xz
+-rw-r--r-- 1 root root 212200 2010-10-31 16:46 ./source/x/x11/src/lib/libXevie-1.0.3.tar.xz
+-rw-r--r-- 1 root root 331984 2019-03-16 17:43 ./source/x/x11/src/lib/libXext-1.3.4.tar.xz
+-rw-r--r-- 1 root root 243620 2016-10-04 20:22 ./source/x/x11/src/lib/libXfixes-5.0.3.tar.xz
+-rw-r--r-- 1 root root 437676 2019-09-14 18:42 ./source/x/x11/src/lib/libXfont2-2.0.4.tar.xz
+-rw-r--r-- 1 root root 189140 2009-10-13 20:47 ./source/x/x11/src/lib/libXfontcache-1.0.5.tar.xz
+-rw-r--r-- 1 root root 289472 2019-03-16 18:13 ./source/x/x11/src/lib/libXft-2.3.3.tar.xz
+-rw-r--r-- 1 root root 400272 2019-06-19 16:44 ./source/x/x11/src/lib/libXi-1.7.10.tar.xz
+-rw-r--r-- 1 root root 254948 2018-07-05 15:43 ./source/x/x11/src/lib/libXinerama-1.1.4.tar.xz
+-rw-r--r-- 1 root root 337980 2019-03-16 18:43 ./source/x/x11/src/lib/libXmu-1.1.3.tar.xz
+-rw-r--r-- 1 root root 259376 2015-02-21 22:05 ./source/x/x11/src/lib/libXp-1.0.3.tar.xz
+-rw-r--r-- 1 root root 380848 2019-12-13 04:52 ./source/x/x11/src/lib/libXpm-3.5.13.tar.xz
+-rw-r--r-- 1 root root 235464 2015-04-17 18:42 ./source/x/x11/src/lib/libXpresent-1.0.0.tar.xz
+-rw-r--r-- 1 root root 275120 2019-03-16 20:58 ./source/x/x11/src/lib/libXrandr-1.5.2.tar.xz
+-rw-r--r-- 1 root root 255432 2016-10-04 20:24 ./source/x/x11/src/lib/libXrender-0.9.10.tar.xz
+-rw-r--r-- 1 root root 254692 2017-10-11 15:13 ./source/x/x11/src/lib/libXres-1.2.0.tar.xz
+-rw-r--r-- 1 root root 679996 2019-06-21 23:32 ./source/x/x11/src/lib/libXt-1.2.0.tar.xz
+-rw-r--r-- 1 root root 267468 2016-10-04 20:25 ./source/x/x11/src/lib/libXtst-1.2.3.tar.xz
+-rw-r--r-- 1 root root 257292 2016-10-04 20:25 ./source/x/x11/src/lib/libXv-1.0.11.tar.xz
+-rw-r--r-- 1 root root 270188 2019-09-24 16:55 ./source/x/x11/src/lib/libXvMC-1.0.12.tar.xz
+-rw-r--r-- 1 root root 262516 2019-03-16 22:21 ./source/x/x11/src/lib/libXxf86dga-1.1.5.tar.xz
+-rw-r--r-- 1 root root 251004 2018-07-05 16:49 ./source/x/x11/src/lib/libXxf86misc-1.0.4.tar.xz
+-rw-r--r-- 1 root root 244964 2015-02-24 07:04 ./source/x/x11/src/lib/libXxf86vm-1.1.4.tar.xz
+-rw-r--r-- 1 root root 259316 2018-05-14 00:45 ./source/x/x11/src/lib/libdmx-1.1.4.tar.xz
+-rw-r--r-- 1 root root 263112 2019-02-20 01:33 ./source/x/x11/src/lib/libfontenc-1.1.4.tar.xz
+-rw-r--r-- 1 root root 320072 2019-07-17 16:25 ./source/x/x11/src/lib/libpciaccess-0.16.tar.xz
-rw-r--r-- 1 root root 302836 2019-03-16 18:36 ./source/x/x11/src/lib/libxkbfile-1.1.0.tar.xz
-rw-r--r-- 1 root root 250612 2018-02-26 17:27 ./source/x/x11/src/lib/libxshmfence-1.3.tar.xz
-rw-r--r-- 1 root root 624168 2019-04-10 17:22 ./source/x/x11/src/lib/pixman-0.38.4.tar.xz
@@ -12560,9 +12591,9 @@ drwxr-xr-x 2 root root 4096 2019-12-02 20:31 ./source/xap/gnuplot
-rw-r--r-- 1 root root 232 2017-09-30 18:21 ./source/xap/gnuplot/gnuplot.fix.info.generation.diff.gz
-rw-r--r-- 1 root root 24 2018-06-05 04:25 ./source/xap/gnuplot/gnuplot.url
-rw-r--r-- 1 root root 1099 2018-02-27 06:13 ./source/xap/gnuplot/slack-desc
-drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/xap/gparted
+drwxr-xr-x 2 root root 4096 2020-01-21 17:42 ./source/xap/gparted
-rw-r--r-- 1 root root 121 2016-02-03 19:48 ./source/xap/gparted/doinst.sh.gz
--rw-r--r-- 1 root root 2283660 2019-05-29 16:18 ./source/xap/gparted/gparted-1.0.0.tar.lz
+-rw-r--r-- 1 root root 2321233 2020-01-20 17:30 ./source/xap/gparted/gparted-1.1.0.tar.lz
-rwxr-xr-x 1 root root 4124 2019-09-29 23:48 ./source/xap/gparted/gparted.SlackBuild
-rw-r--r-- 1 root root 864 2018-02-27 06:13 ./source/xap/gparted/slack-desc
drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/xap/gucharmap
diff --git a/recompress.sh b/recompress.sh
index 27f439c7..efd52a69 100755
--- a/recompress.sh
+++ b/recompress.sh
@@ -506,6 +506,19 @@ gzip ./source/n/popa3d/popa3d.diff
gzip ./source/n/ca-certificates/fixup_update-ca-certificates.diff
gzip ./source/n/ca-certificates/doinst.sh
gzip ./source/n/ca-certificates/update-ca-certificates.c_rehash.diff
+gzip ./source/n/krb5/patches/krb5-1.12-ktany.patch
+gzip ./source/n/krb5/patches/krb5-1.15-beta1-selinux-label.patch
+gzip ./source/n/krb5/patches/krb5-1.12-api.patch
+gzip ./source/n/krb5/patches/Build-with-Werror-implicit-int-where-supported.patch
+gzip ./source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch
+gzip ./source/n/krb5/patches/krb5-1.9-debuginfo.patch
+gzip ./source/n/krb5/patches/krb5-1.15-beta1-buildconf.patch
+gzip ./source/n/krb5/patches/krb5-1.12.1-pam.patch
+gzip ./source/n/krb5/patches/krb5-1.12-ksu-path.patch
+gzip ./source/n/krb5/patches/krb5-1.3.1-dns.patch
+gzip ./source/n/krb5/patches/krb5-1.11-kpasswdtest.patch
+gzip ./source/n/krb5/patches/krb5-1.11-run_user_0.patch
+gzip ./source/n/krb5/doinst.sh
gzip ./source/n/bootp/bootp_2.4.3-15.diff
gzip ./source/n/bootp/bootptab
gzip ./source/n/lftp/doinst.sh
diff --git a/slackware64/n/maketag b/slackware64/n/maketag
index a4d25eb7..c273b5d8 100644
--- a/slackware64/n/maketag
+++ b/slackware64/n/maketag
@@ -57,6 +57,7 @@ Press ENTER when you are done." \
"ipw2200-fw" "Firmware for Intel ipw2200 wireless." "on" \
"irssi" "IRSSI Internet Relay Chat (IRC) client" "on" \
"iw" "Utility for mac80211 based wireless devices" "on" \
+"krb5" "Network authentication protocol" "on" \
"lftp" "Shell-like FTP and HTTP transfer program" "on" \
"libassuan" "Interprocess Communication Library for GPG" "on" \
"libgcrypt" "General purpose crypto library" "on" \
@@ -161,7 +162,7 @@ if [ $? = 1 -o $? = 255 ]; then
rm -f $TMP/SeTpkgs
> $TMP/SeTnewtag
for pkg in \
-ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware bootp bridge-utils bsd-finger ca-certificates cifs-utils conntrack-tools crda curl cyrus-sasl dhcp dhcpcd dnsmasq dovecot ebtables elm epic5 ethtool fetchmail getmail gnupg gnupg2 gnutls gpa gpgme htdig httpd icmpinfo iftop inetd iproute2 ipset iptables iptraf-ng iputils ipw2100-fw ipw2200-fw irssi iw lftp libassuan libgcrypt libgpg-error libksba libmbim libmilter libmnl libndp libnetfilter_acct libnetfilter_conntrack libnetfilter_cthelper libnetfilter_cttimeout libnetfilter_log libnetfilter_queue libnfnetlink libnftnl libqmi libtirpc links lynx mcabber metamail mobile-broadband-provider-info mtr mutt nc ncftp net-snmp net-tools netatalk netdate netkit-bootparamd netkit-ftp netkit-ntalk netkit-routed netkit-rsh netkit-rusers netkit-rwall netkit-rwho netkit-timed netpipes nettle netwatch network-scripts netwrite newspost nfacct nfs-utils nftables nghttp2 nmap nn npth ntp obexftp openldap-client openobex openssh openssl openssl10 openvpn p11-kit php pidentd pinentry popa3d postfix ppp procmail proftpd pssh rdist rp-pppoe rpcbind rsync s-nail samba slrn snownews sshfs stunnel tcp_wrappers tcpdump telnet tftp-hpa tin traceroute ulogd uucp vlan vsftpd wget whois wireless_tools wpa_supplicant yptools ytalk zd1211-firmware \
+ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware bootp bridge-utils bsd-finger ca-certificates cifs-utils conntrack-tools crda curl cyrus-sasl dhcp dhcpcd dnsmasq dovecot ebtables elm epic5 ethtool fetchmail getmail gnupg gnupg2 gnutls gpa gpgme htdig httpd icmpinfo iftop inetd iproute2 ipset iptables iptraf-ng iputils ipw2100-fw ipw2200-fw irssi iw krb5 lftp libassuan libgcrypt libgpg-error libksba libmbim libmilter libmnl libndp libnetfilter_acct libnetfilter_conntrack libnetfilter_cthelper libnetfilter_cttimeout libnetfilter_log libnetfilter_queue libnfnetlink libnftnl libqmi libtirpc links lynx mcabber metamail mobile-broadband-provider-info mtr mutt nc ncftp net-snmp net-tools netatalk netdate netkit-bootparamd netkit-ftp netkit-ntalk netkit-routed netkit-rsh netkit-rusers netkit-rwall netkit-rwho netkit-timed netpipes nettle netwatch network-scripts netwrite newspost nfacct nfs-utils nftables nghttp2 nmap nn npth ntp obexftp openldap-client openobex openssh openssl openssl10 openvpn p11-kit php pidentd pinentry popa3d postfix ppp procmail proftpd pssh rdist rp-pppoe rpcbind rsync s-nail samba slrn snownews sshfs stunnel tcp_wrappers tcpdump telnet tftp-hpa tin traceroute ulogd uucp vlan vsftpd wget whois wireless_tools wpa_supplicant yptools ytalk zd1211-firmware \
; do
echo "$pkg: SKP" >> $TMP/SeTnewtag
done
@@ -169,7 +170,7 @@ ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware
fi
cat /dev/null > $TMP/SeTnewtag
for PACKAGE in \
-ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware bootp bridge-utils bsd-finger ca-certificates cifs-utils conntrack-tools crda curl cyrus-sasl dhcp dhcpcd dnsmasq dovecot ebtables elm epic5 ethtool fetchmail getmail gnupg gnupg2 gnutls gpa gpgme htdig httpd icmpinfo iftop inetd iproute2 ipset iptables iptraf-ng iputils ipw2100-fw ipw2200-fw irssi iw lftp libassuan libgcrypt libgpg-error libksba libmbim libmilter libmnl libndp libnetfilter_acct libnetfilter_conntrack libnetfilter_cthelper libnetfilter_cttimeout libnetfilter_log libnetfilter_queue libnfnetlink libnftnl libqmi libtirpc links lynx mcabber metamail mobile-broadband-provider-info mtr mutt nc ncftp net-snmp net-tools netatalk netdate netkit-bootparamd netkit-ftp netkit-ntalk netkit-routed netkit-rsh netkit-rusers netkit-rwall netkit-rwho netkit-timed netpipes nettle netwatch network-scripts netwrite newspost nfacct nfs-utils nftables nghttp2 nmap nn npth ntp obexftp openldap-client openobex openssh openssl openssl10 openvpn p11-kit php pidentd pinentry popa3d postfix ppp procmail proftpd pssh rdist rp-pppoe rpcbind rsync s-nail samba slrn snownews sshfs stunnel tcp_wrappers tcpdump telnet tftp-hpa tin traceroute ulogd uucp vlan vsftpd wget whois wireless_tools wpa_supplicant yptools ytalk zd1211-firmware \
+ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware bootp bridge-utils bsd-finger ca-certificates cifs-utils conntrack-tools crda curl cyrus-sasl dhcp dhcpcd dnsmasq dovecot ebtables elm epic5 ethtool fetchmail getmail gnupg gnupg2 gnutls gpa gpgme htdig httpd icmpinfo iftop inetd iproute2 ipset iptables iptraf-ng iputils ipw2100-fw ipw2200-fw irssi iw krb5 lftp libassuan libgcrypt libgpg-error libksba libmbim libmilter libmnl libndp libnetfilter_acct libnetfilter_conntrack libnetfilter_cthelper libnetfilter_cttimeout libnetfilter_log libnetfilter_queue libnfnetlink libnftnl libqmi libtirpc links lynx mcabber metamail mobile-broadband-provider-info mtr mutt nc ncftp net-snmp net-tools netatalk netdate netkit-bootparamd netkit-ftp netkit-ntalk netkit-routed netkit-rsh netkit-rusers netkit-rwall netkit-rwho netkit-timed netpipes nettle netwatch network-scripts netwrite newspost nfacct nfs-utils nftables nghttp2 nmap nn npth ntp obexftp openldap-client openobex openssh openssl openssl10 openvpn p11-kit php pidentd pinentry popa3d postfix ppp procmail proftpd pssh rdist rp-pppoe rpcbind rsync s-nail samba slrn snownews sshfs stunnel tcp_wrappers tcpdump telnet tftp-hpa tin traceroute ulogd uucp vlan vsftpd wget whois wireless_tools wpa_supplicant yptools ytalk zd1211-firmware \
; do
if grep "\(^\| \)$PACKAGE\( \|$\)" $TMP/SeTpkgs 1> /dev/null 2> /dev/null ; then
echo "$PACKAGE: ADD" >> $TMP/SeTnewtag
diff --git a/slackware64/n/maketag.ez b/slackware64/n/maketag.ez
index a4d25eb7..c273b5d8 100644
--- a/slackware64/n/maketag.ez
+++ b/slackware64/n/maketag.ez
@@ -57,6 +57,7 @@ Press ENTER when you are done." \
"ipw2200-fw" "Firmware for Intel ipw2200 wireless." "on" \
"irssi" "IRSSI Internet Relay Chat (IRC) client" "on" \
"iw" "Utility for mac80211 based wireless devices" "on" \
+"krb5" "Network authentication protocol" "on" \
"lftp" "Shell-like FTP and HTTP transfer program" "on" \
"libassuan" "Interprocess Communication Library for GPG" "on" \
"libgcrypt" "General purpose crypto library" "on" \
@@ -161,7 +162,7 @@ if [ $? = 1 -o $? = 255 ]; then
rm -f $TMP/SeTpkgs
> $TMP/SeTnewtag
for pkg in \
-ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware bootp bridge-utils bsd-finger ca-certificates cifs-utils conntrack-tools crda curl cyrus-sasl dhcp dhcpcd dnsmasq dovecot ebtables elm epic5 ethtool fetchmail getmail gnupg gnupg2 gnutls gpa gpgme htdig httpd icmpinfo iftop inetd iproute2 ipset iptables iptraf-ng iputils ipw2100-fw ipw2200-fw irssi iw lftp libassuan libgcrypt libgpg-error libksba libmbim libmilter libmnl libndp libnetfilter_acct libnetfilter_conntrack libnetfilter_cthelper libnetfilter_cttimeout libnetfilter_log libnetfilter_queue libnfnetlink libnftnl libqmi libtirpc links lynx mcabber metamail mobile-broadband-provider-info mtr mutt nc ncftp net-snmp net-tools netatalk netdate netkit-bootparamd netkit-ftp netkit-ntalk netkit-routed netkit-rsh netkit-rusers netkit-rwall netkit-rwho netkit-timed netpipes nettle netwatch network-scripts netwrite newspost nfacct nfs-utils nftables nghttp2 nmap nn npth ntp obexftp openldap-client openobex openssh openssl openssl10 openvpn p11-kit php pidentd pinentry popa3d postfix ppp procmail proftpd pssh rdist rp-pppoe rpcbind rsync s-nail samba slrn snownews sshfs stunnel tcp_wrappers tcpdump telnet tftp-hpa tin traceroute ulogd uucp vlan vsftpd wget whois wireless_tools wpa_supplicant yptools ytalk zd1211-firmware \
+ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware bootp bridge-utils bsd-finger ca-certificates cifs-utils conntrack-tools crda curl cyrus-sasl dhcp dhcpcd dnsmasq dovecot ebtables elm epic5 ethtool fetchmail getmail gnupg gnupg2 gnutls gpa gpgme htdig httpd icmpinfo iftop inetd iproute2 ipset iptables iptraf-ng iputils ipw2100-fw ipw2200-fw irssi iw krb5 lftp libassuan libgcrypt libgpg-error libksba libmbim libmilter libmnl libndp libnetfilter_acct libnetfilter_conntrack libnetfilter_cthelper libnetfilter_cttimeout libnetfilter_log libnetfilter_queue libnfnetlink libnftnl libqmi libtirpc links lynx mcabber metamail mobile-broadband-provider-info mtr mutt nc ncftp net-snmp net-tools netatalk netdate netkit-bootparamd netkit-ftp netkit-ntalk netkit-routed netkit-rsh netkit-rusers netkit-rwall netkit-rwho netkit-timed netpipes nettle netwatch network-scripts netwrite newspost nfacct nfs-utils nftables nghttp2 nmap nn npth ntp obexftp openldap-client openobex openssh openssl openssl10 openvpn p11-kit php pidentd pinentry popa3d postfix ppp procmail proftpd pssh rdist rp-pppoe rpcbind rsync s-nail samba slrn snownews sshfs stunnel tcp_wrappers tcpdump telnet tftp-hpa tin traceroute ulogd uucp vlan vsftpd wget whois wireless_tools wpa_supplicant yptools ytalk zd1211-firmware \
; do
echo "$pkg: SKP" >> $TMP/SeTnewtag
done
@@ -169,7 +170,7 @@ ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware
fi
cat /dev/null > $TMP/SeTnewtag
for PACKAGE in \
-ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware bootp bridge-utils bsd-finger ca-certificates cifs-utils conntrack-tools crda curl cyrus-sasl dhcp dhcpcd dnsmasq dovecot ebtables elm epic5 ethtool fetchmail getmail gnupg gnupg2 gnutls gpa gpgme htdig httpd icmpinfo iftop inetd iproute2 ipset iptables iptraf-ng iputils ipw2100-fw ipw2200-fw irssi iw lftp libassuan libgcrypt libgpg-error libksba libmbim libmilter libmnl libndp libnetfilter_acct libnetfilter_conntrack libnetfilter_cthelper libnetfilter_cttimeout libnetfilter_log libnetfilter_queue libnfnetlink libnftnl libqmi libtirpc links lynx mcabber metamail mobile-broadband-provider-info mtr mutt nc ncftp net-snmp net-tools netatalk netdate netkit-bootparamd netkit-ftp netkit-ntalk netkit-routed netkit-rsh netkit-rusers netkit-rwall netkit-rwho netkit-timed netpipes nettle netwatch network-scripts netwrite newspost nfacct nfs-utils nftables nghttp2 nmap nn npth ntp obexftp openldap-client openobex openssh openssl openssl10 openvpn p11-kit php pidentd pinentry popa3d postfix ppp procmail proftpd pssh rdist rp-pppoe rpcbind rsync s-nail samba slrn snownews sshfs stunnel tcp_wrappers tcpdump telnet tftp-hpa tin traceroute ulogd uucp vlan vsftpd wget whois wireless_tools wpa_supplicant yptools ytalk zd1211-firmware \
+ModemManager NetworkManager alpine autofs biff+comsat bind bluez bluez-firmware bootp bridge-utils bsd-finger ca-certificates cifs-utils conntrack-tools crda curl cyrus-sasl dhcp dhcpcd dnsmasq dovecot ebtables elm epic5 ethtool fetchmail getmail gnupg gnupg2 gnutls gpa gpgme htdig httpd icmpinfo iftop inetd iproute2 ipset iptables iptraf-ng iputils ipw2100-fw ipw2200-fw irssi iw krb5 lftp libassuan libgcrypt libgpg-error libksba libmbim libmilter libmnl libndp libnetfilter_acct libnetfilter_conntrack libnetfilter_cthelper libnetfilter_cttimeout libnetfilter_log libnetfilter_queue libnfnetlink libnftnl libqmi libtirpc links lynx mcabber metamail mobile-broadband-provider-info mtr mutt nc ncftp net-snmp net-tools netatalk netdate netkit-bootparamd netkit-ftp netkit-ntalk netkit-routed netkit-rsh netkit-rusers netkit-rwall netkit-rwho netkit-timed netpipes nettle netwatch network-scripts netwrite newspost nfacct nfs-utils nftables nghttp2 nmap nn npth ntp obexftp openldap-client openobex openssh openssl openssl10 openvpn p11-kit php pidentd pinentry popa3d postfix ppp procmail proftpd pssh rdist rp-pppoe rpcbind rsync s-nail samba slrn snownews sshfs stunnel tcp_wrappers tcpdump telnet tftp-hpa tin traceroute ulogd uucp vlan vsftpd wget whois wireless_tools wpa_supplicant yptools ytalk zd1211-firmware \
; do
if grep "\(^\| \)$PACKAGE\( \|$\)" $TMP/SeTpkgs 1> /dev/null 2> /dev/null ; then
echo "$PACKAGE: ADD" >> $TMP/SeTnewtag
diff --git a/slackware64/n/tagfile b/slackware64/n/tagfile
index d6902313..4929fd82 100644
--- a/slackware64/n/tagfile
+++ b/slackware64/n/tagfile
@@ -44,6 +44,7 @@ ipw2100-fw:ADD
ipw2200-fw:ADD
irssi:OPT
iw:REC
+krb5:REC
lftp:OPT
libassuan:REC
libgcrypt:REC
diff --git a/source/a/aaa_elflibs/aaa_elflibs.SlackBuild b/source/a/aaa_elflibs/aaa_elflibs.SlackBuild
index 31f53700..22a28378 100755
--- a/source/a/aaa_elflibs/aaa_elflibs.SlackBuild
+++ b/source/a/aaa_elflibs/aaa_elflibs.SlackBuild
@@ -23,7 +23,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=aaa_elflibs
VERSION=${VERSION:-15.0}
-BUILD=${BUILD:-18}
+BUILD=${BUILD:-19}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/a/aaa_elflibs/symlinks-to-tracked-libs b/source/a/aaa_elflibs/symlinks-to-tracked-libs
index f2267dbe..b8960c76 100644
--- a/source/a/aaa_elflibs/symlinks-to-tracked-libs
+++ b/source/a/aaa_elflibs/symlinks-to-tracked-libs
@@ -11,6 +11,10 @@
/lib/libelf.so.1
/lib/libfuse.so.2
/lib/libgpm.so.2
+/lib/libkrb5support.so.0
+/lib/libkrb5.so.3
+/lib/libk5crypto.so.3
+/lib/libgssapi_krb5.so.2
/lib/liblzma.so.5
/lib/libncurses.so.5
/lib/libncurses.so.6
diff --git a/source/a/util-linux/slack-desc b/source/a/util-linux/slack-desc
index 5495296e..2ddf3513 100644
--- a/source/a/util-linux/slack-desc
+++ b/source/a/util-linux/slack-desc
@@ -11,7 +11,7 @@ util-linux:
util-linux: The util-linux package is a huge collection of random utilities
util-linux: that are essential to run a Linux system.
util-linux:
-util-linux: https://www.kernel.org/pub/linux/utils/util-linux/
+util-linux: Homepage: https://www.kernel.org/pub/linux/utils/util-linux/
util-linux:
util-linux:
util-linux:
diff --git a/source/a/util-linux/util-linux.SlackBuild b/source/a/util-linux/util-linux.SlackBuild
index f6660959..8d6ff21c 100755
--- a/source/a/util-linux/util-linux.SlackBuild
+++ b/source/a/util-linux/util-linux.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2017, 2018 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2017, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=util-linux
VERSION=${VERSION:-$(echo util-linux*.tar.xz | cut -d - -f 3 | rev | cut -f 3- -d . | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
ADJTIMEXVERS=1.29
SETSERIALVERS=2.17
diff --git a/source/d/python-pip/python-pip.SlackBuild b/source/d/python-pip/python-pip.SlackBuild
index 6fea8a66..c4171e8b 100755
--- a/source/d/python-pip/python-pip.SlackBuild
+++ b/source/d/python-pip/python-pip.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=python-pip
VERSION=${VERSION:-$(echo pip-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
SRCNAM=pip
diff --git a/source/l/Mako/Mako.SlackBuild b/source/l/Mako/Mako.SlackBuild
index ff955e04..82e42f2e 100755
--- a/source/l/Mako/Mako.SlackBuild
+++ b/source/l/Mako/Mako.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=Mako
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
diff --git a/source/l/keyutils/keyutils.SlackBuild b/source/l/keyutils/keyutils.SlackBuild
index 6a12d7c3..1359e279 100755
--- a/source/l/keyutils/keyutils.SlackBuild
+++ b/source/l/keyutils/keyutils.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=keyutils
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/krb5/conf/kadmind b/source/n/krb5/conf/kadmind
new file mode 100644
index 00000000..5913ac12
--- /dev/null
+++ b/source/n/krb5/conf/kadmind
@@ -0,0 +1,2 @@
+# To set additional options for kadmind, add them in the variable below:
+KADMIND_OPTIONS=""
diff --git a/source/n/krb5/conf/kdc.conf.example b/source/n/krb5/conf/kdc.conf.example
new file mode 100644
index 00000000..1c7cc3a9
--- /dev/null
+++ b/source/n/krb5/conf/kdc.conf.example
@@ -0,0 +1,35 @@
+[kdcdefaults]
+ kdc_listen = 88
+ kdc_tcp_listen = 88
+
+[realms]
+ ATHENA.MIT.EDU = {
+ kadmind_port = 749
+ max_life = 12h 0m 0s
+ max_renewable_life = 7d 0h 0m 0s
+ master_key_type = aes256-cts-hmac-sha1-96
+ supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal
+ database_module = openldap_ldapconf
+ }
+
+[logging]
+ kdc = FILE:/var/kerberos/krb5kdc/kdc.log
+ admin_server = FILE:/var/kerberos/krb5kdc/kadmin.log
+
+[dbdefaults]
+ ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu
+
+[dbmodules]
+ openldap_ldapconf = {
+ db_library = kldap
+ disable_last_success = true
+ ldap_kdc_dn = "cn=krbadmin,dc=mit,dc=edu"
+ # this object needs to have read rights on
+ # the realm container and principal subtrees
+ ldap_kadmind_dn = "cn=krbadmin,dc=mit,dc=edu"
+ # this object needs to have read and write rights on
+ # the realm container and principal subtrees
+ ldap_service_password_file = /etc/kerberos/service.keyfile
+ ldap_servers = ldaps://kerberos.mit.edu
+ ldap_conns_per_server = 5
+ }
diff --git a/source/n/krb5/conf/kpropd b/source/n/krb5/conf/kpropd
new file mode 100644
index 00000000..cc65d10b
--- /dev/null
+++ b/source/n/krb5/conf/kpropd
@@ -0,0 +1,2 @@
+# To set additional options for kpropd, add them in the variable below:
+KPROPD_OPTIONS=""
diff --git a/source/n/krb5/conf/krb5.conf.example b/source/n/krb5/conf/krb5.conf.example
new file mode 100644
index 00000000..705e7cf3
--- /dev/null
+++ b/source/n/krb5/conf/krb5.conf.example
@@ -0,0 +1,29 @@
+[libdefaults]
+ default_realm = ATHENA.MIT.EDU
+ dns_lookup_kdc = true
+ dns_lookup_realm = false
+
+[realms]
+ ATHENA.MIT.EDU = {
+ kdc = kerberos.mit.edu
+ kdc = kerberos-1.mit.edu
+ kdc = kerberos-2.mit.edu
+ admin_server = kerberos.mit.edu
+ master_kdc = kerberos.mit.edu
+ }
+ EXAMPLE.COM = {
+ kdc = kerberos.example.com
+ kdc = kerberos-1.example.com
+ admin_server = kerberos.example.com
+ }
+
+[domain_realm]
+ mit.edu = ATHENA.MIT.EDU
+
+[capaths]
+ ATHENA.MIT.EDU = {
+ EXAMPLE.COM = .
+ }
+ EXAMPLE.COM = {
+ ATHENA.MIT.EDU = .
+ }
diff --git a/source/n/krb5/conf/krb5kdc b/source/n/krb5/conf/krb5kdc
new file mode 100644
index 00000000..6679d1b8
--- /dev/null
+++ b/source/n/krb5/conf/krb5kdc
@@ -0,0 +1,2 @@
+# To set additional options for krb5kdc, add them in the variable below:
+KRB5KDC_OPTIONS=""
diff --git a/source/n/krb5/conf/rc.kadmind b/source/n/krb5/conf/rc.kadmind
new file mode 100644
index 00000000..2f838a7c
--- /dev/null
+++ b/source/n/krb5/conf/rc.kadmind
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Start the Kerberos administration server. This typically runs on the
+# master Kerberos server, which stores the KDC database.
+
+# To change the default options, edit /etc/default/kadmind.
+if [ -r /etc/default/kadmind ]; then
+ . /etc/default/kadmind
+fi
+
+start_atd() {
+ if ! /usr/bin/pgrep --ns $$ --euid root -f "^/usr/sbin/kadmind" 1> /dev/null 2> /dev/null ; then
+ echo "Starting kadmind: /usr/sbin/kadmind $KADMIND_OPTIONS"
+ /usr/sbin/kadmind $KADMIND_OPTIONS
+ fi
+}
+
+stop_atd() {
+ echo "Stopping kadmind."
+ /usr/bin/pkill --ns $$ --euid root -f "^/usr/sbin/kadmind" 2> /dev/null
+}
+
+restart_atd() {
+ stop_atd
+ sleep 1
+ start_atd
+}
+
+case "$1" in
+'start')
+ start_atd
+ ;;
+'stop')
+ stop_atd
+ ;;
+'restart')
+ restart_atd
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/source/n/krb5/conf/rc.kpropd b/source/n/krb5/conf/rc.kpropd
new file mode 100644
index 00000000..8dde85d8
--- /dev/null
+++ b/source/n/krb5/conf/rc.kpropd
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Start the Kerberos V5 slave KDC update server. This runs on a slave
+# (secondary) KDC server. It allows the master Kerberos server to use
+# kprop(8) to propagate its database to the slave servers.
+
+# To change the default options, edit /etc/default/kpropd.
+if [ -r /etc/default/kpropd ]; then
+ . /etc/default/kpropd
+fi
+
+start_atd() {
+ if ! /usr/bin/pgrep --ns $$ --euid root -f "^/usr/sbin/kpropd" 1> /dev/null 2> /dev/null ; then
+ echo "Starting kpropd: /usr/sbin/kpropd $KPROPD_OPTIONS"
+ /usr/sbin/kpropd $KPROPD_OPTIONS
+ fi
+}
+
+stop_atd() {
+ echo "Stopping kpropd."
+ /usr/bin/pkill --ns $$ --euid root -f "^/usr/sbin/kpropd" 2> /dev/null
+}
+
+restart_atd() {
+ stop_atd
+ sleep 1
+ start_atd
+}
+
+case "$1" in
+'start')
+ start_atd
+ ;;
+'stop')
+ stop_atd
+ ;;
+'restart')
+ restart_atd
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/source/n/krb5/conf/rc.krb5kdc b/source/n/krb5/conf/rc.krb5kdc
new file mode 100644
index 00000000..5e9baef1
--- /dev/null
+++ b/source/n/krb5/conf/rc.krb5kdc
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Start krb5kdc, which is the Kerberos version 5 Authentication Service
+# and Key Distribution Center (AS/KDC). This needs to run first on both
+# master and secondary KDCs.
+
+# To change the default options, edit /etc/default/krb5kdc.
+if [ -r /etc/default/krb5kdc ]; then
+ . /etc/default/krb5kdc
+fi
+
+start_atd() {
+ if ! /usr/bin/pgrep --ns $$ --euid root -f "^/usr/sbin/krb5kdc" 1> /dev/null 2> /dev/null ; then
+ echo "Starting krb5kdc: /usr/sbin/krb5kdc $KRB5KDC_OPTIONS"
+ /usr/sbin/krb5kdc $KRB5KDC_OPTIONS
+ fi
+}
+
+stop_atd() {
+ echo "Stopping krb5kdc."
+ /usr/bin/pkill --ns $$ --euid root -f "^/usr/sbin/krb5kdc" 2> /dev/null
+}
+
+restart_atd() {
+ stop_atd
+ sleep 1
+ start_atd
+}
+
+case "$1" in
+'start')
+ start_atd
+ ;;
+'stop')
+ stop_atd
+ ;;
+'restart')
+ restart_atd
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/source/n/krb5/doinst.sh b/source/n/krb5/doinst.sh
new file mode 100644
index 00000000..8c0fa65e
--- /dev/null
+++ b/source/n/krb5/doinst.sh
@@ -0,0 +1,30 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ if [ -e $OLD ]; then
+ cp -a $OLD ${NEW}.incoming
+ cat $NEW > ${NEW}.incoming
+ mv ${NEW}.incoming $NEW
+ fi
+ config $NEW
+}
+
+preserve_perms etc/rc.d/rc.kadmind.new
+preserve_perms etc/rc.d/rc.kpropd.new
+preserve_perms etc/rc.d/rc.krb5kdc.new
+config etc/default/kadmind.new
+config etc/default/kpropd.new
+config etc/default/krb5kdc.new
diff --git a/source/n/krb5/krb5.SlackBuild b/source/n/krb5/krb5.SlackBuild
new file mode 100755
index 00000000..05b5f721
--- /dev/null
+++ b/source/n/krb5/krb5.SlackBuild
@@ -0,0 +1,221 @@
+#!/bin/sh
+
+# Copyright 2009 Tom Canich, State College, Pennsylvania, USA
+# Copyright 2015-2017 Willy Sudiarto Raharjo <willysr@slackbuilds.org>
+# Copyright 2017, 2018, 2019, 2020 Patrick J. Volkerding, Sebeka, MN, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=krb5
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i586 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+NUMJOBS=${NUMJOBS:-" -j7 "}
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+sed -i "/KRB5ROOT=/s/\/local//" src/util/ac_check_krb5.m4
+
+# Not listed in ./configure --help, does this actually do anything?
+# --with-pam
+# NOTE: It appears that the krb5-1.12.1-pam.patch.gz patch introduces this
+# option, which would then pamify ksu. We'll not worry about it now.
+
+## NOTE: I'm not applying any of these until it's shown that we actually need
+## to hack up krb5 this much. Initially we'll ship without any of them, and
+## if all goes well the plan is to drop them from the source directory and
+## this script. If it turns out some or all of them are needed, we'll look
+## into it when the time comes. As always, input from those who know more about
+## it than I do is always welcomed.
+## Add some patches from Fedora (via Phantom X) for compatibility:
+#zcat $CWD/patches/krb5-1.12.1-pam.patch.gz | patch -p1 --verbose || exit 1
+## Below patch fails without selinux:
+##zcat $CWD/patches/krb5-1.15-beta1-selinux-label.patch.gz | patch -p1 --verbose || exit 1
+#zcat $CWD/patches/krb5-1.12-ksu-path.patch.gz | patch -p1 --verbose || exit 1
+#zcat $CWD/patches/krb5-1.12-ktany.patch.gz | patch -p1 --verbose || exit 1
+#zcat $CWD/patches/krb5-1.15-beta1-buildconf.patch.gz | patch -p1 --verbose || exit 1
+#zcat $CWD/patches/krb5-1.3.1-dns.patch.gz | patch -p1 --verbose || exit 1
+#zcat $CWD/patches/krb5-1.12-api.patch.gz | patch -p1 --verbose || exit 1
+#zcat $CWD/patches/krb5-1.13-dirsrv-accountlock.patch.gz | patch -p1 --verbose || exit 1
+#zcat $CWD/patches/krb5-1.9-debuginfo.patch.gz | patch -p1 --verbose || exit 1
+## Below patch fails without selinux patch:
+##zcat $CWD/patches/krb5-1.11-run_user_0.patch.gz | patch -p1 --verbose || exit 1
+#zcat $CWD/patches/krb5-1.11-kpasswdtest.patch.gz | patch -p1 --verbose || exit 1
+#zcat $CWD/patches/Build-with-Werror-implicit-int-where-supported.patch.gz | patch -p1 --verbose || exit 1
+
+cd src
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+CPPFLAGS+=" -I/usr/include/et" \
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var/kerberos \
+ --runstatedir=/var/run \
+ --mandir=/usr/man \
+ --enable-dns-for-realm \
+ --with-ldap \
+ --with-system-et \
+ --with-system-ss \
+ --enable-pkinit \
+ --with-tls-impl=openssl \
+ --with-system-verto=no \
+ --with-prng-alg=os \
+ --build=$ARCH-slackware-linux || exit 1
+
+# Build:
+make $NUMJOBS || make || exit 1
+
+# Double check for proper runstatedir setting:
+if ! grep -q /var/run/krb5kdc include/osconf.h ; then
+ echo "FATAL: runstatedir not set properly: $(grep KDC_RUN_DIR include/osconf.h)"
+ exit 1
+fi
+
+# Install:
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+# Fix perms on shared objects:
+find $PKG/usr/lib${LIBDIRSUFFIX} -name "*.so*" -exec chmod 755 "{}" \+
+
+# Install init scripts:
+mkdir -p $PKG/etc/rc.d
+cp -a $CWD/conf/rc.kadmind $PKG/etc/rc.d/rc.kadmind.new
+cp -a $CWD/conf/rc.kpropd $PKG/etc/rc.d/rc.kpropd.new
+cp -a $CWD/conf/rc.krb5kdc $PKG/etc/rc.d/rc.krb5kdc.new
+chown root:root $PKG/etc/rc.d/*
+chmod 644 $PKG/etc/rc.d/*
+
+# Install default options:
+mkdir -p $PKG/etc/default
+cp -a $CWD/conf/kadmind $PKG/etc/default/kadmind.new
+cp -a $CWD/conf/kpropd $PKG/etc/default/kpropd.new
+cp -a $CWD/conf/krb5kdc $PKG/etc/default/krb5kdc.new
+chown root:root $PKG/etc/default/*
+chmod 644 $PKG/etc/default/*
+
+# Install example config files:
+mkdir -p $PKG/etc
+cp -a $CWD/conf/krb5.conf.example $PKG/etc/krb5.conf.example
+chown root:root $PKG/etc/krb5.conf.example
+chmod 644 $PKG/etc/krb5.conf.example
+mkdir -p /var/kerberos/krb5kdc
+cp -a $CWD/conf/kdc.conf.example $PKG/var/kerberos/krb5kdc/kdc.conf.example
+chown root:root $PKG/var/kerberos/krb5kdc/kdc.conf.example
+chmod 644 $PKG/var/kerberos/krb5kdc/kdc.conf.example
+
+# Move examples to the documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-${VERSION}/examples
+mv $PKG/usr/share/examples/krb5/* $PKG/usr/doc/${PKGNAM}-${VERSION}/examples
+rmdir $PKG/usr/share/examples/krb5 $PKG/usr/share/examples 2> /dev/null
+
+# Move some libraries to $PKG/lib${LIBDIRSUFFIX}:
+mkdir -p $PKG/lib${LIBDIRSUFFIX}
+( cd $PKG/usr/lib${LIBDIRSUFFIX}
+ for lib in libgssapi_krb5 libkrb5 libk5crypto libkrb5support ; do
+ mv ${lib}.so.?.* ../../lib${LIBDIRSUFFIX}
+ ln -sf ../../lib${LIBDIRSUFFIX}/${lib}.so.?.* .
+ cp -a ${lib}.so.? ../../lib${LIBDIRSUFFIX}
+ done
+)
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+rm -rf $PKG/usr/man/cat{1,5,8}
+
+# Compress and link manpages, if any:
+if [ -d $PKG/usr/man ]; then
+ ( cd $PKG/usr/man
+ for manpagedir in $(find . -type d -name "man*") ; do
+ ( cd $manpagedir
+ for eachpage in $( find . -type l -maxdepth 1 | grep -v '\.gz$') ; do
+ ln -s $( readlink $eachpage ).gz $eachpage.gz
+ rm $eachpage
+ done
+ gzip -9 *.?
+ )
+ done
+ )
+fi
+
+# krb5 ships with a ton of docs, but for now we'll just include these:
+mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
+ cp -a \
+ ../NOTICE* ../README* \
+ $PKG/usr/doc/$PKGNAM-$VERSION
+
+mkdir -p $PKG/install
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
diff --git a/source/n/krb5/krb5.url b/source/n/krb5/krb5.url
new file mode 100644
index 00000000..8f5e8ff8
--- /dev/null
+++ b/source/n/krb5/krb5.url
@@ -0,0 +1 @@
+http://web.mit.edu/kerberos/dist/krb5/
diff --git a/source/n/krb5/patches/Build-with-Werror-implicit-int-where-supported.patch b/source/n/krb5/patches/Build-with-Werror-implicit-int-where-supported.patch
new file mode 100644
index 00000000..4244dcee
--- /dev/null
+++ b/source/n/krb5/patches/Build-with-Werror-implicit-int-where-supported.patch
@@ -0,0 +1,23 @@
+From 6c5c66b807cabaf71a56d1a630ea3b47344f81b4 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 10 Nov 2016 13:20:49 -0500
+Subject: [PATCH] Build with -Werror-implicit-int where supported
+
+(cherry picked from commit 873d864230c9c64c65ff12a24199bac3adf3bc2f)
+---
+ src/aclocal.m4 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/aclocal.m4 b/src/aclocal.m4
+index 2bfb994..da1d6d8 100644
+--- a/src/aclocal.m4
++++ b/src/aclocal.m4
+@@ -529,7 +529,7 @@ if test "$GCC" = yes ; then
+ TRY_WARN_CC_FLAG(-Wno-format-zero-length)
+ # Other flags here may not be supported on some versions of
+ # gcc that people want to use.
+- for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof error=uninitialized error=pointer-arith error=int-conversion error=incompatible-pointer-types error=discarded-qualifiers ; do
++ for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof error=uninitialized error=pointer-arith error=int-conversion error=incompatible-pointer-types error=discarded-qualifiers error=implicit-int ; do
+ TRY_WARN_CC_FLAG(-W$flag)
+ done
+ # old-style-definition? generates many, many warnings
diff --git a/source/n/krb5/patches/krb5-1.11-kpasswdtest.patch b/source/n/krb5/patches/krb5-1.11-kpasswdtest.patch
new file mode 100644
index 00000000..8419cdf2
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.11-kpasswdtest.patch
@@ -0,0 +1,21 @@
+From 0fb88f451f25c4bf923248c9e13dd79f658c743a Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:52:01 -0400
+Subject: [PATCH] krb5-1.11-kpasswdtest.patch
+
+---
+ src/kadmin/testing/proto/krb5.conf.proto | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto
+index 00c4429..9c4bc1d 100644
+--- a/src/kadmin/testing/proto/krb5.conf.proto
++++ b/src/kadmin/testing/proto/krb5.conf.proto
+@@ -9,6 +9,7 @@
+ __REALM__ = {
+ kdc = __KDCHOST__:1750
+ admin_server = __KDCHOST__:1751
++ kpasswd_server = __KDCHOST__:1752
+ database_module = foobar_db2_module_blah
+ }
+
diff --git a/source/n/krb5/patches/krb5-1.11-run_user_0.patch b/source/n/krb5/patches/krb5-1.11-run_user_0.patch
new file mode 100644
index 00000000..10af564b
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.11-run_user_0.patch
@@ -0,0 +1,44 @@
+From 308f3826d44ab9ee114fc7d1c4fb61e9005025ad Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:49:57 -0400
+Subject: [PATCH] krb5-1.11-run_user_0.patch
+
+A hack: if we're looking at creating a ccache directory directly below
+the /run/user/0 directory, and /run/user/0 doesn't exist, try to create
+it, too.
+---
+ src/lib/krb5/ccache/cc_dir.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c
+index 73f0fe6..4850c0d 100644
+--- a/src/lib/krb5/ccache/cc_dir.c
++++ b/src/lib/krb5/ccache/cc_dir.c
+@@ -61,6 +61,8 @@
+
+ #include <dirent.h>
+
++#define ROOT_SPECIAL_DCC_PARENT "/run/user/0"
++
+ extern const krb5_cc_ops krb5_dcc_ops;
+ extern const krb5_cc_ops krb5_fcc_ops;
+
+@@ -237,6 +239,18 @@ verify_dir(krb5_context context, const char *dirname)
+
+ if (stat(dirname, &st) < 0) {
+ if (errno == ENOENT) {
++ if (strncmp(dirname, ROOT_SPECIAL_DCC_PARENT "/",
++ sizeof(ROOT_SPECIAL_DCC_PARENT)) == 0 &&
++ stat(ROOT_SPECIAL_DCC_PARENT, &st) < 0 &&
++ errno == ENOENT) {
++#ifdef USE_SELINUX
++ selabel = krb5int_push_fscreatecon_for(ROOT_SPECIAL_DCC_PARENT);
++#endif
++ status = mkdir(ROOT_SPECIAL_DCC_PARENT, S_IRWXU);
++#ifdef USE_SELINUX
++ krb5int_pop_fscreatecon(selabel);
++#endif
++ }
+ #ifdef USE_SELINUX
+ selabel = krb5int_push_fscreatecon_for(dirname);
+ #endif
diff --git a/source/n/krb5/patches/krb5-1.12-api.patch b/source/n/krb5/patches/krb5-1.12-api.patch
new file mode 100644
index 00000000..3bf695e7
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.12-api.patch
@@ -0,0 +1,37 @@
+From e08681c1315628c8202d103de09325ed4881d1a5 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:47:00 -0400
+Subject: [PATCH] krb5-1.12-api.patch
+
+Reference docs don't define what happens if you call krb5_realm_compare() with
+malformed krb5_principal structures. Define a behavior which keeps it from
+crashing if applications don't check ahead of time.
+---
+ src/lib/krb5/krb/princ_comp.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c
+index a693610..0ed7883 100644
+--- a/src/lib/krb5/krb/princ_comp.c
++++ b/src/lib/krb5/krb/princ_comp.c
+@@ -36,6 +36,10 @@ realm_compare_flags(krb5_context context,
+ const krb5_data *realm1 = &princ1->realm;
+ const krb5_data *realm2 = &princ2->realm;
+
++ if (princ1 == NULL || princ2 == NULL)
++ return FALSE;
++ if (realm1 == NULL || realm2 == NULL)
++ return FALSE;
+ if (realm1->length != realm2->length)
+ return FALSE;
+ if (realm1->length == 0)
+@@ -88,6 +92,9 @@ krb5_principal_compare_flags(krb5_context context,
+ krb5_principal upn2 = NULL;
+ krb5_boolean ret = FALSE;
+
++ if (princ1 == NULL || princ2 == NULL)
++ return FALSE;
++
+ if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) {
+ /* Treat UPNs as if they were real principals */
+ if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
diff --git a/source/n/krb5/patches/krb5-1.12-ksu-path.patch b/source/n/krb5/patches/krb5-1.12-ksu-path.patch
new file mode 100644
index 00000000..a2ef1868
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.12-ksu-path.patch
@@ -0,0 +1,22 @@
+From 13918214c30b97aaef5d816a3d266be0ec13147e Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:32:09 -0400
+Subject: [PATCH] krb5-1.12-ksu-path.patch
+
+Set the default PATH to the one set by login.
+---
+ src/clients/ksu/Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in
+index 5755bb5..9d58f29 100644
+--- a/src/clients/ksu/Makefile.in
++++ b/src/clients/ksu/Makefile.in
+@@ -1,6 +1,6 @@
+ mydir=clients$(S)ksu
+ BUILDTOP=$(REL)..$(S)..
+-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
++DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"'
+
+ KSU_LIBS=@KSU_LIBS@
+ PAM_LIBS=@PAM_LIBS@
diff --git a/source/n/krb5/patches/krb5-1.12-ktany.patch b/source/n/krb5/patches/krb5-1.12-ktany.patch
new file mode 100644
index 00000000..6bd6bd8a
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.12-ktany.patch
@@ -0,0 +1,366 @@
+From e2f52b93c6a6257a76ac37d3c7d63ea3099dd89c Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:33:53 -0400
+Subject: [PATCH] krb5-1.12-ktany.patch
+
+Adds an "ANY" keytab type which is a list of other keytab locations to search
+when searching for a specific entry. When iterated through, it only presents
+the contents of the first keytab.
+---
+ src/lib/krb5/keytab/Makefile.in | 3 +
+ src/lib/krb5/keytab/kt_any.c | 292 ++++++++++++++++++++++++++++++++++++++++
+ src/lib/krb5/keytab/ktbase.c | 7 +-
+ 3 files changed, 301 insertions(+), 1 deletion(-)
+ create mode 100644 src/lib/krb5/keytab/kt_any.c
+
+diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in
+index 2a8fceb..ffd179f 100644
+--- a/src/lib/krb5/keytab/Makefile.in
++++ b/src/lib/krb5/keytab/Makefile.in
+@@ -12,6 +12,7 @@ STLIBOBJS= \
+ ktfr_entry.o \
+ ktremove.o \
+ ktfns.o \
++ kt_any.o \
+ kt_file.o \
+ kt_memory.o \
+ kt_srvtab.o \
+@@ -24,6 +25,7 @@ OBJS= \
+ $(OUTPRE)ktfr_entry.$(OBJEXT) \
+ $(OUTPRE)ktremove.$(OBJEXT) \
+ $(OUTPRE)ktfns.$(OBJEXT) \
++ $(OUTPRE)kt_any.$(OBJEXT) \
+ $(OUTPRE)kt_file.$(OBJEXT) \
+ $(OUTPRE)kt_memory.$(OBJEXT) \
+ $(OUTPRE)kt_srvtab.$(OBJEXT) \
+@@ -36,6 +38,7 @@ SRCS= \
+ $(srcdir)/ktfr_entry.c \
+ $(srcdir)/ktremove.c \
+ $(srcdir)/ktfns.c \
++ $(srcdir)/kt_any.c \
+ $(srcdir)/kt_file.c \
+ $(srcdir)/kt_memory.c \
+ $(srcdir)/kt_srvtab.c \
+diff --git a/src/lib/krb5/keytab/kt_any.c b/src/lib/krb5/keytab/kt_any.c
+new file mode 100644
+index 0000000..1b9b776
+--- /dev/null
++++ b/src/lib/krb5/keytab/kt_any.c
+@@ -0,0 +1,292 @@
++/*
++ * lib/krb5/keytab/kt_any.c
++ *
++ * Copyright 1998, 1999 by the Massachusetts Institute of Technology.
++ * All Rights Reserved.
++ *
++ * Export of this software from the United States of America may
++ * require a specific license from the United States Government.
++ * It is the responsibility of any person or organization contemplating
++ * export to obtain such a license before exporting.
++ *
++ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
++ * distribute this software and its documentation for any purpose and
++ * without fee is hereby granted, provided that the above copyright
++ * notice appear in all copies and that both that copyright notice and
++ * this permission notice appear in supporting documentation, and that
++ * the name of M.I.T. not be used in advertising or publicity pertaining
++ * to distribution of the software without specific, written prior
++ * permission. M.I.T. makes no representations about the suitability of
++ * this software for any purpose. It is provided "as is" without express
++ * or implied warranty.
++ *
++ *
++ * krb5_kta_ops
++ */
++
++#include "k5-int.h"
++
++typedef struct _krb5_ktany_data {
++ char *name;
++ krb5_keytab *choices;
++ int nchoices;
++} krb5_ktany_data;
++
++typedef struct _krb5_ktany_cursor_data {
++ int which;
++ krb5_kt_cursor cursor;
++} krb5_ktany_cursor_data;
++
++static krb5_error_code krb5_ktany_resolve
++ (krb5_context,
++ const char *,
++ krb5_keytab *);
++static krb5_error_code krb5_ktany_get_name
++ (krb5_context context,
++ krb5_keytab id,
++ char *name,
++ unsigned int len);
++static krb5_error_code krb5_ktany_close
++ (krb5_context context,
++ krb5_keytab id);
++static krb5_error_code krb5_ktany_get_entry
++ (krb5_context context,
++ krb5_keytab id,
++ krb5_const_principal principal,
++ krb5_kvno kvno,
++ krb5_enctype enctype,
++ krb5_keytab_entry *entry);
++static krb5_error_code krb5_ktany_start_seq_get
++ (krb5_context context,
++ krb5_keytab id,
++ krb5_kt_cursor *cursorp);
++static krb5_error_code krb5_ktany_next_entry
++ (krb5_context context,
++ krb5_keytab id,
++ krb5_keytab_entry *entry,
++ krb5_kt_cursor *cursor);
++static krb5_error_code krb5_ktany_end_seq_get
++ (krb5_context context,
++ krb5_keytab id,
++ krb5_kt_cursor *cursor);
++static void cleanup
++ (krb5_context context,
++ krb5_ktany_data *data,
++ int nchoices);
++
++struct _krb5_kt_ops krb5_kta_ops = {
++ 0,
++ "ANY", /* Prefix -- this string should not appear anywhere else! */
++ krb5_ktany_resolve,
++ krb5_ktany_get_name,
++ krb5_ktany_close,
++ krb5_ktany_get_entry,
++ krb5_ktany_start_seq_get,
++ krb5_ktany_next_entry,
++ krb5_ktany_end_seq_get,
++ NULL,
++ NULL,
++ NULL,
++};
++
++static krb5_error_code
++krb5_ktany_resolve(context, name, id)
++ krb5_context context;
++ const char *name;
++ krb5_keytab *id;
++{
++ const char *p, *q;
++ char *copy;
++ krb5_error_code kerror;
++ krb5_ktany_data *data;
++ int i;
++
++ /* Allocate space for our data and remember a copy of the name. */
++ if ((data = (krb5_ktany_data *)malloc(sizeof(krb5_ktany_data))) == NULL)
++ return(ENOMEM);
++ if ((data->name = (char *)malloc(strlen(name) + 1)) == NULL) {
++ free(data);
++ return(ENOMEM);
++ }
++ strcpy(data->name, name);
++
++ /* Count the number of choices and allocate memory for them. */
++ data->nchoices = 1;
++ for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1)
++ data->nchoices++;
++ if ((data->choices = (krb5_keytab *)
++ malloc(data->nchoices * sizeof(krb5_keytab))) == NULL) {
++ free(data->name);
++ free(data);
++ return(ENOMEM);
++ }
++
++ /* Resolve each of the choices. */
++ i = 0;
++ for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1) {
++ /* Make a copy of the choice name so we can terminate it. */
++ if ((copy = (char *)malloc(q - p + 1)) == NULL) {
++ cleanup(context, data, i);
++ return(ENOMEM);
++ }
++ memcpy(copy, p, q - p);
++ copy[q - p] = 0;
++
++ /* Try resolving the choice name. */
++ kerror = krb5_kt_resolve(context, copy, &data->choices[i]);
++ free(copy);
++ if (kerror) {
++ cleanup(context, data, i);
++ return(kerror);
++ }
++ i++;
++ }
++ if ((kerror = krb5_kt_resolve(context, p, &data->choices[i]))) {
++ cleanup(context, data, i);
++ return(kerror);
++ }
++
++ /* Allocate and fill in an ID for the caller. */
++ if ((*id = (krb5_keytab)malloc(sizeof(**id))) == NULL) {
++ cleanup(context, data, i);
++ return(ENOMEM);
++ }
++ (*id)->ops = &krb5_kta_ops;
++ (*id)->data = (krb5_pointer)data;
++ (*id)->magic = KV5M_KEYTAB;
++
++ return(0);
++}
++
++static krb5_error_code
++krb5_ktany_get_name(context, id, name, len)
++ krb5_context context;
++ krb5_keytab id;
++ char *name;
++ unsigned int len;
++{
++ krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++
++ if (len < strlen(data->name) + 1)
++ return(KRB5_KT_NAME_TOOLONG);
++ strcpy(name, data->name);
++ return(0);
++}
++
++static krb5_error_code
++krb5_ktany_close(context, id)
++ krb5_context context;
++ krb5_keytab id;
++{
++ krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++
++ cleanup(context, data, data->nchoices);
++ id->ops = 0;
++ free(id);
++ return(0);
++}
++
++static krb5_error_code
++krb5_ktany_get_entry(context, id, principal, kvno, enctype, entry)
++ krb5_context context;
++ krb5_keytab id;
++ krb5_const_principal principal;
++ krb5_kvno kvno;
++ krb5_enctype enctype;
++ krb5_keytab_entry *entry;
++{
++ krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++ krb5_error_code kerror = KRB5_KT_NOTFOUND;
++ int i;
++
++ for (i = 0; i < data->nchoices; i++) {
++ if ((kerror = krb5_kt_get_entry(context, data->choices[i], principal,
++ kvno, enctype, entry)) != ENOENT)
++ return kerror;
++ }
++ return kerror;
++}
++
++static krb5_error_code
++krb5_ktany_start_seq_get(context, id, cursorp)
++ krb5_context context;
++ krb5_keytab id;
++ krb5_kt_cursor *cursorp;
++{
++ krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++ krb5_ktany_cursor_data *cdata;
++ krb5_error_code kerror = ENOENT;
++ int i;
++
++ if ((cdata = (krb5_ktany_cursor_data *)
++ malloc(sizeof(krb5_ktany_cursor_data))) == NULL)
++ return(ENOMEM);
++
++ /* Find a choice which can handle the serialization request. */
++ for (i = 0; i < data->nchoices; i++) {
++ if ((kerror = krb5_kt_start_seq_get(context, data->choices[i],
++ &cdata->cursor)) == 0)
++ break;
++ else if (kerror != ENOENT) {
++ free(cdata);
++ return(kerror);
++ }
++ }
++
++ if (i == data->nchoices) {
++ /* Everyone returned ENOENT, so no go. */
++ free(cdata);
++ return(kerror);
++ }
++
++ cdata->which = i;
++ *cursorp = (krb5_kt_cursor)cdata;
++ return(0);
++}
++
++static krb5_error_code
++krb5_ktany_next_entry(context, id, entry, cursor)
++ krb5_context context;
++ krb5_keytab id;
++ krb5_keytab_entry *entry;
++ krb5_kt_cursor *cursor;
++{
++ krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++ krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor;
++ krb5_keytab choice_id;
++
++ choice_id = data->choices[cdata->which];
++ return(krb5_kt_next_entry(context, choice_id, entry, &cdata->cursor));
++}
++
++static krb5_error_code
++krb5_ktany_end_seq_get(context, id, cursor)
++ krb5_context context;
++ krb5_keytab id;
++ krb5_kt_cursor *cursor;
++{
++ krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++ krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor;
++ krb5_keytab choice_id;
++ krb5_error_code kerror;
++
++ choice_id = data->choices[cdata->which];
++ kerror = krb5_kt_end_seq_get(context, choice_id, &cdata->cursor);
++ free(cdata);
++ return(kerror);
++}
++
++static void
++cleanup(context, data, nchoices)
++ krb5_context context;
++ krb5_ktany_data *data;
++ int nchoices;
++{
++ int i;
++
++ free(data->name);
++ for (i = 0; i < nchoices; i++)
++ krb5_kt_close(context, data->choices[i]);
++ free(data->choices);
++ free(data);
++}
+diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c
+index 0d39b29..6534d7c 100644
+--- a/src/lib/krb5/keytab/ktbase.c
++++ b/src/lib/krb5/keytab/ktbase.c
+@@ -57,14 +57,19 @@ extern const krb5_kt_ops krb5_ktf_ops;
+ extern const krb5_kt_ops krb5_ktf_writable_ops;
+ extern const krb5_kt_ops krb5_kts_ops;
+ extern const krb5_kt_ops krb5_mkt_ops;
++extern const krb5_kt_ops krb5_kta_ops;
+
+ struct krb5_kt_typelist {
+ const krb5_kt_ops *ops;
+ const struct krb5_kt_typelist *next;
+ };
++static struct krb5_kt_typelist krb5_kt_typelist_any = {
++ &krb5_kta_ops,
++ NULL
++};
+ const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = {
+ &krb5_kts_ops,
+- NULL
++ &krb5_kt_typelist_any
+ };
+ const static struct krb5_kt_typelist krb5_kt_typelist_memory = {
+ &krb5_mkt_ops,
diff --git a/source/n/krb5/patches/krb5-1.12.1-pam.patch b/source/n/krb5/patches/krb5-1.12.1-pam.patch
new file mode 100644
index 00000000..17d29b0d
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.12.1-pam.patch
@@ -0,0 +1,770 @@
+From 977d51ce9a5bb37255e87db37353f0d70d6b293d Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:29:58 -0400
+Subject: [PATCH] krb5-1.12.1-pam.patch
+
+Modify ksu so that it performs account and session management on behalf of
+the target user account, mimicking the action of regular su. The default
+service name is "ksu", because on Fedora at least the configuration used
+is determined by whether or not a login shell is being opened, and so
+this may need to vary, too. At run-time, ksu's behavior can be reset to
+the earlier, non-PAM behavior by setting "use_pam" to false in the [ksu]
+section of /etc/krb5.conf.
+
+When enabled, ksu gains a dependency on libpam.
+
+Originally RT#5939, though it's changed since then to perform the account
+and session management before dropping privileges, and to apply on top of
+changes we're proposing for how it handles cache collections.
+---
+ src/aclocal.m4 | 67 ++++++++
+ src/clients/ksu/Makefile.in | 8 +-
+ src/clients/ksu/main.c | 88 +++++++++-
+ src/clients/ksu/pam.c | 389 ++++++++++++++++++++++++++++++++++++++++++++
+ src/clients/ksu/pam.h | 57 +++++++
+ src/configure.in | 2 +
+ 6 files changed, 608 insertions(+), 3 deletions(-)
+ create mode 100644 src/clients/ksu/pam.c
+ create mode 100644 src/clients/ksu/pam.h
+
+diff --git a/src/aclocal.m4 b/src/aclocal.m4
+index 9c46da4..508e5fe 100644
+--- a/src/aclocal.m4
++++ b/src/aclocal.m4
+@@ -1675,3 +1675,70 @@ AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[
+ ]))
+ ])dnl
+ dnl
++dnl
++dnl Use PAM instead of local crypt() compare for checking local passwords,
++dnl and perform PAM account, session management, and password-changing where
++dnl appropriate.
++dnl
++AC_DEFUN(KRB5_WITH_PAM,[
++AC_ARG_WITH(pam,[AC_HELP_STRING(--with-pam,[compile with PAM support])],
++ withpam="$withval",withpam=auto)
++AC_ARG_WITH(pam-ksu-service,[AC_HELP_STRING(--with-ksu-service,[PAM service name for ksu ["ksu"]])],
++ withksupamservice="$withval",withksupamservice=ksu)
++old_LIBS="$LIBS"
++if test "$withpam" != no ; then
++ AC_MSG_RESULT([checking for PAM...])
++ PAM_LIBS=
++
++ AC_CHECK_HEADERS(security/pam_appl.h)
++ if test "x$ac_cv_header_security_pam_appl_h" != xyes ; then
++ if test "$withpam" = auto ; then
++ AC_MSG_RESULT([Unable to locate security/pam_appl.h.])
++ withpam=no
++ else
++ AC_MSG_ERROR([Unable to locate security/pam_appl.h.])
++ fi
++ fi
++
++ LIBS=
++ unset ac_cv_func_pam_start
++ AC_CHECK_FUNCS(putenv pam_start)
++ if test "x$ac_cv_func_pam_start" = xno ; then
++ unset ac_cv_func_pam_start
++ AC_CHECK_LIB(dl,dlopen)
++ AC_CHECK_FUNCS(pam_start)
++ if test "x$ac_cv_func_pam_start" = xno ; then
++ AC_CHECK_LIB(pam,pam_start)
++ unset ac_cv_func_pam_start
++ unset ac_cv_func_pam_getenvlist
++ AC_CHECK_FUNCS(pam_start pam_getenvlist)
++ if test "x$ac_cv_func_pam_start" = xyes ; then
++ PAM_LIBS="$LIBS"
++ else
++ if test "$withpam" = auto ; then
++ AC_MSG_RESULT([Unable to locate libpam.])
++ withpam=no
++ else
++ AC_MSG_ERROR([Unable to locate libpam.])
++ fi
++ fi
++ fi
++ fi
++ if test "$withpam" != no ; then
++ AC_MSG_NOTICE([building with PAM support])
++ AC_DEFINE(USE_PAM,1,[Define if Kerberos-aware tools should support PAM])
++ AC_DEFINE_UNQUOTED(KSU_PAM_SERVICE,"$withksupamservice",
++ [Define to the name of the PAM service name to be used by ksu.])
++ PAM_LIBS="$LIBS"
++ NON_PAM_MAN=".\\\" "
++ PAM_MAN=
++ else
++ PAM_MAN=".\\\" "
++ NON_PAM_MAN=
++ fi
++fi
++LIBS="$old_LIBS"
++AC_SUBST(PAM_LIBS)
++AC_SUBST(PAM_MAN)
++AC_SUBST(NON_PAM_MAN)
++])dnl
+diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in
+index b2fcbf2..5755bb5 100644
+--- a/src/clients/ksu/Makefile.in
++++ b/src/clients/ksu/Makefile.in
+@@ -3,12 +3,14 @@ BUILDTOP=$(REL)..$(S)..
+ DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
+
+ KSU_LIBS=@KSU_LIBS@
++PAM_LIBS=@PAM_LIBS@
+
+ SRCS = \
+ $(srcdir)/krb_auth_su.c \
+ $(srcdir)/ccache.c \
+ $(srcdir)/authorization.c \
+ $(srcdir)/main.c \
++ $(srcdir)/pam.c \
+ $(srcdir)/heuristic.c \
+ $(srcdir)/xmalloc.c \
+ $(srcdir)/setenv.c
+@@ -17,13 +19,17 @@ OBJS = \
+ ccache.o \
+ authorization.o \
+ main.o \
++ pam.o \
+ heuristic.o \
+ xmalloc.o @SETENVOBJ@
+
+ all: ksu
+
+ ksu: $(OBJS) $(KRB5_BASE_DEPLIBS)
+- $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS)
++ $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(PAM_LIBS)
++
++pam.o: pam.c
++ $(CC) $(ALL_CFLAGS) -c $<
+
+ clean:
+ $(RM) ksu
+diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
+index 28342c2..cab0c18 100644
+--- a/src/clients/ksu/main.c
++++ b/src/clients/ksu/main.c
+@@ -26,6 +26,7 @@
+ * KSU was writen by: Ari Medvinsky, ari@isi.edu
+ */
+
++#include "autoconf.h"
+ #include "ksu.h"
+ #include "adm_proto.h"
+ #include <sys/types.h>
+@@ -33,6 +34,10 @@
+ #include <signal.h>
+ #include <grp.h>
+
++#ifdef USE_PAM
++#include "pam.h"
++#endif
++
+ /* globals */
+ char * prog_name;
+ int auth_debug =0;
+@@ -40,6 +45,7 @@ char k5login_path[MAXPATHLEN];
+ char k5users_path[MAXPATHLEN];
+ char * gb_err = NULL;
+ int quiet = 0;
++int force_fork = 0;
+ /***********/
+
+ #define KS_TEMPORARY_CACHE "MEMORY:_ksu"
+@@ -515,6 +521,23 @@ main (argc, argv)
+ prog_name,target_user,client_name,
+ source_user,ontty());
+
++#ifdef USE_PAM
++ if (appl_pam_enabled(ksu_context, "ksu")) {
++ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL,
++ NULL, source_user,
++ ttyname(STDERR_FILENO)) != 0) {
++ fprintf(stderr, "Access denied for %s.\n", target_user);
++ exit(1);
++ }
++ if (appl_pam_requires_chauthtok()) {
++ fprintf(stderr, "Password change required for %s.\n",
++ target_user);
++ exit(1);
++ }
++ force_fork++;
++ }
++#endif
++
+ /* Run authorization as target.*/
+ if (krb5_seteuid(target_uid)) {
+ com_err(prog_name, errno, _("while switching to target for "
+@@ -575,6 +598,24 @@ main (argc, argv)
+
+ exit(1);
+ }
++#ifdef USE_PAM
++ } else {
++ /* we always do PAM account management, even for root */
++ if (appl_pam_enabled(ksu_context, "ksu")) {
++ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL,
++ NULL, source_user,
++ ttyname(STDERR_FILENO)) != 0) {
++ fprintf(stderr, "Access denied for %s.\n", target_user);
++ exit(1);
++ }
++ if (appl_pam_requires_chauthtok()) {
++ fprintf(stderr, "Password change required for %s.\n",
++ target_user);
++ exit(1);
++ }
++ force_fork++;
++ }
++#endif
+ }
+
+ if( some_rest_copy){
+@@ -632,6 +673,30 @@ main (argc, argv)
+ exit(1);
+ }
+
++#ifdef USE_PAM
++ if (appl_pam_enabled(ksu_context, "ksu")) {
++ if (appl_pam_session_open() != 0) {
++ fprintf(stderr, "Error opening session for %s.\n", target_user);
++ exit(1);
++ }
++#ifdef DEBUG
++ if (auth_debug){
++ printf(" Opened PAM session.\n");
++ }
++#endif
++ if (appl_pam_cred_init()) {
++ fprintf(stderr, "Error initializing credentials for %s.\n",
++ target_user);
++ exit(1);
++ }
++#ifdef DEBUG
++ if (auth_debug){
++ printf(" Initialized PAM credentials.\n");
++ }
++#endif
++ }
++#endif
++
+ /* set permissions */
+ if (setgid(target_pwd->pw_gid) < 0) {
+ perror("ksu: setgid");
+@@ -729,7 +794,7 @@ main (argc, argv)
+ fprintf(stderr, "program to be execed %s\n",params[0]);
+ }
+
+- if( keep_target_cache ) {
++ if( keep_target_cache && !force_fork ) {
+ execv(params[0], params);
+ com_err(prog_name, errno, _("while trying to execv %s"), params[0]);
+ sweep_up(ksu_context, cc_target);
+@@ -759,16 +824,35 @@ main (argc, argv)
+ if (ret_pid == -1) {
+ com_err(prog_name, errno, _("while calling waitpid"));
+ }
+- sweep_up(ksu_context, cc_target);
++ if( !keep_target_cache ) {
++ sweep_up(ksu_context, cc_target);
++ }
+ exit (statusp);
+ case -1:
+ com_err(prog_name, errno, _("while trying to fork."));
+ sweep_up(ksu_context, cc_target);
+ exit (1);
+ case 0:
++#ifdef USE_PAM
++ if (appl_pam_enabled(ksu_context, "ksu")) {
++ if (appl_pam_setenv() != 0) {
++ fprintf(stderr, "Error setting up environment for %s.\n",
++ target_user);
++ exit (1);
++ }
++#ifdef DEBUG
++ if (auth_debug){
++ printf(" Set up PAM environment.\n");
++ }
++#endif
++ }
++#endif
+ execv(params[0], params);
+ com_err(prog_name, errno, _("while trying to execv %s"),
+ params[0]);
++ if( keep_target_cache ) {
++ sweep_up(ksu_context, cc_target);
++ }
+ exit (1);
+ }
+ }
+diff --git a/src/clients/ksu/pam.c b/src/clients/ksu/pam.c
+new file mode 100644
+index 0000000..cbfe487
+--- /dev/null
++++ b/src/clients/ksu/pam.c
+@@ -0,0 +1,389 @@
++/*
++ * src/clients/ksu/pam.c
++ *
++ * Copyright 2007,2009,2010 Red Hat, Inc.
++ *
++ * All Rights Reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this
++ * list of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice,
++ * this list of conditions and the following disclaimer in the documentation
++ * and/or other materials provided with the distribution.
++ *
++ * Neither the name of Red Hat, Inc. nor the names of its contributors may be
++ * used to endorse or promote products derived from this software without
++ * specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ *
++ * Convenience wrappers for using PAM.
++ */
++
++#include "autoconf.h"
++#ifdef USE_PAM
++#include <sys/types.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include "k5-int.h"
++#include "pam.h"
++
++#ifndef MAXPWSIZE
++#define MAXPWSIZE 128
++#endif
++
++static int appl_pam_started;
++static pid_t appl_pam_starter = -1;
++static int appl_pam_session_opened;
++static int appl_pam_creds_initialized;
++static int appl_pam_pwchange_required;
++static pam_handle_t *appl_pamh;
++static struct pam_conv appl_pam_conv;
++static char *appl_pam_user;
++struct appl_pam_non_interactive_args {
++ const char *user;
++ const char *password;
++};
++
++int
++appl_pam_enabled(krb5_context context, const char *section)
++{
++ int enabled = 1;
++ if ((context != NULL) && (context->profile != NULL)) {
++ if (profile_get_boolean(context->profile,
++ section,
++ USE_PAM_CONFIGURATION_KEYWORD,
++ NULL,
++ enabled, &enabled) != 0) {
++ enabled = 1;
++ }
++ }
++ return enabled;
++}
++
++void
++appl_pam_cleanup(void)
++{
++ if (getpid() != appl_pam_starter) {
++ return;
++ }
++#ifdef DEBUG
++ printf("Called to clean up PAM.\n");
++#endif
++ if (appl_pam_creds_initialized) {
++#ifdef DEBUG
++ printf("Deleting PAM credentials.\n");
++#endif
++ pam_setcred(appl_pamh, PAM_DELETE_CRED);
++ appl_pam_creds_initialized = 0;
++ }
++ if (appl_pam_session_opened) {
++#ifdef DEBUG
++ printf("Closing PAM session.\n");
++#endif
++ pam_close_session(appl_pamh, 0);
++ appl_pam_session_opened = 0;
++ }
++ appl_pam_pwchange_required = 0;
++ if (appl_pam_started) {
++#ifdef DEBUG
++ printf("Shutting down PAM.\n");
++#endif
++ pam_end(appl_pamh, 0);
++ appl_pam_started = 0;
++ appl_pam_starter = -1;
++ free(appl_pam_user);
++ appl_pam_user = NULL;
++ }
++}
++static int
++appl_pam_interactive_converse(int num_msg, const struct pam_message **msg,
++ struct pam_response **presp, void *appdata_ptr)
++{
++ const struct pam_message *message;
++ struct pam_response *resp;
++ int i, code;
++ char *pwstring, pwbuf[MAXPWSIZE];
++ unsigned int pwsize;
++ resp = malloc(sizeof(struct pam_response) * num_msg);
++ if (resp == NULL) {
++ return PAM_BUF_ERR;
++ }
++ memset(resp, 0, sizeof(struct pam_response) * num_msg);
++ code = PAM_SUCCESS;
++ for (i = 0; i < num_msg; i++) {
++ message = &(msg[0][i]); /* XXX */
++ message = msg[i]; /* XXX */
++ pwstring = NULL;
++ switch (message->msg_style) {
++ case PAM_TEXT_INFO:
++ case PAM_ERROR_MSG:
++ printf("[%s]\n", message->msg ? message->msg : "");
++ fflush(stdout);
++ resp[i].resp = NULL;
++ resp[i].resp_retcode = PAM_SUCCESS;
++ break;
++ case PAM_PROMPT_ECHO_ON:
++ case PAM_PROMPT_ECHO_OFF:
++ if (message->msg_style == PAM_PROMPT_ECHO_ON) {
++ if (fgets(pwbuf, sizeof(pwbuf),
++ stdin) != NULL) {
++ pwbuf[strcspn(pwbuf, "\r\n")] = '\0';
++ pwstring = pwbuf;
++ }
++ } else {
++ pwstring = getpass(message->msg ?
++ message->msg :
++ "");
++ }
++ if ((pwstring != NULL) && (pwstring[0] != '\0')) {
++ pwsize = strlen(pwstring);
++ resp[i].resp = malloc(pwsize + 1);
++ if (resp[i].resp == NULL) {
++ resp[i].resp_retcode = PAM_BUF_ERR;
++ } else {
++ memcpy(resp[i].resp, pwstring, pwsize);
++ resp[i].resp[pwsize] = '\0';
++ resp[i].resp_retcode = PAM_SUCCESS;
++ }
++ } else {
++ resp[i].resp_retcode = PAM_CONV_ERR;
++ code = PAM_CONV_ERR;
++ }
++ break;
++ default:
++ break;
++ }
++ }
++ *presp = resp;
++ return code;
++}
++static int
++appl_pam_non_interactive_converse(int num_msg,
++ const struct pam_message **msg,
++ struct pam_response **presp,
++ void *appdata_ptr)
++{
++ const struct pam_message *message;
++ struct pam_response *resp;
++ int i, code;
++ unsigned int pwsize;
++ struct appl_pam_non_interactive_args *args;
++ const char *pwstring;
++ resp = malloc(sizeof(struct pam_response) * num_msg);
++ if (resp == NULL) {
++ return PAM_BUF_ERR;
++ }
++ args = appdata_ptr;
++ memset(resp, 0, sizeof(struct pam_response) * num_msg);
++ code = PAM_SUCCESS;
++ for (i = 0; i < num_msg; i++) {
++ message = &((*msg)[i]);
++ message = msg[i];
++ pwstring = NULL;
++ switch (message->msg_style) {
++ case PAM_TEXT_INFO:
++ case PAM_ERROR_MSG:
++ break;
++ case PAM_PROMPT_ECHO_ON:
++ case PAM_PROMPT_ECHO_OFF:
++ if (message->msg_style == PAM_PROMPT_ECHO_ON) {
++ /* assume "user" */
++ pwstring = args->user;
++ } else {
++ /* assume "password" */
++ pwstring = args->password;
++ }
++ if ((pwstring != NULL) && (pwstring[0] != '\0')) {
++ pwsize = strlen(pwstring);
++ resp[i].resp = malloc(pwsize + 1);
++ if (resp[i].resp == NULL) {
++ resp[i].resp_retcode = PAM_BUF_ERR;
++ } else {
++ memcpy(resp[i].resp, pwstring, pwsize);
++ resp[i].resp[pwsize] = '\0';
++ resp[i].resp_retcode = PAM_SUCCESS;
++ }
++ } else {
++ resp[i].resp_retcode = PAM_CONV_ERR;
++ code = PAM_CONV_ERR;
++ }
++ break;
++ default:
++ break;
++ }
++ }
++ *presp = resp;
++ return code;
++}
++static int
++appl_pam_start(const char *service, int interactive,
++ const char *login_username,
++ const char *non_interactive_password,
++ const char *hostname,
++ const char *ruser,
++ const char *tty)
++{
++ static int exit_handler_registered;
++ static struct appl_pam_non_interactive_args args;
++ int ret = 0;
++ if (appl_pam_started &&
++ (strcmp(login_username, appl_pam_user) != 0)) {
++ appl_pam_cleanup();
++ appl_pam_user = NULL;
++ }
++ if (!appl_pam_started) {
++#ifdef DEBUG
++ printf("Starting PAM up (service=\"%s\",user=\"%s\").\n",
++ service, login_username);
++#endif
++ memset(&appl_pam_conv, 0, sizeof(appl_pam_conv));
++ appl_pam_conv.conv = interactive ?
++ &appl_pam_interactive_converse :
++ &appl_pam_non_interactive_converse;
++ memset(&args, 0, sizeof(args));
++ args.user = strdup(login_username);
++ args.password = non_interactive_password ?
++ strdup(non_interactive_password) :
++ NULL;
++ appl_pam_conv.appdata_ptr = &args;
++ ret = pam_start(service, login_username,
++ &appl_pam_conv, &appl_pamh);
++ if (ret == 0) {
++ if (hostname != NULL) {
++#ifdef DEBUG
++ printf("Setting PAM_RHOST to \"%s\".\n", hostname);
++#endif
++ pam_set_item(appl_pamh, PAM_RHOST, hostname);
++ }
++ if (ruser != NULL) {
++#ifdef DEBUG
++ printf("Setting PAM_RUSER to \"%s\".\n", ruser);
++#endif
++ pam_set_item(appl_pamh, PAM_RUSER, ruser);
++ }
++ if (tty != NULL) {
++#ifdef DEBUG
++ printf("Setting PAM_TTY to \"%s\".\n", tty);
++#endif
++ pam_set_item(appl_pamh, PAM_TTY, tty);
++ }
++ if (!exit_handler_registered &&
++ (atexit(appl_pam_cleanup) != 0)) {
++ pam_end(appl_pamh, 0);
++ appl_pamh = NULL;
++ ret = -1;
++ } else {
++ appl_pam_started = 1;
++ appl_pam_starter = getpid();
++ appl_pam_user = strdup(login_username);
++ exit_handler_registered = 1;
++ }
++ }
++ }
++ return ret;
++}
++int
++appl_pam_acct_mgmt(const char *service, int interactive,
++ const char *login_username,
++ const char *non_interactive_password,
++ const char *hostname,
++ const char *ruser,
++ const char *tty)
++{
++ int ret;
++ appl_pam_pwchange_required = 0;
++ ret = appl_pam_start(service, interactive, login_username,
++ non_interactive_password, hostname, ruser, tty);
++ if (ret == 0) {
++#ifdef DEBUG
++ printf("Calling pam_acct_mgmt().\n");
++#endif
++ ret = pam_acct_mgmt(appl_pamh, 0);
++ switch (ret) {
++ case PAM_IGNORE:
++ ret = 0;
++ break;
++ case PAM_NEW_AUTHTOK_REQD:
++ appl_pam_pwchange_required = 1;
++ ret = 0;
++ break;
++ default:
++ break;
++ }
++ }
++ return ret;
++}
++int
++appl_pam_requires_chauthtok(void)
++{
++ return appl_pam_pwchange_required;
++}
++int
++appl_pam_session_open(void)
++{
++ int ret = 0;
++ if (appl_pam_started) {
++#ifdef DEBUG
++ printf("Opening PAM session.\n");
++#endif
++ ret = pam_open_session(appl_pamh, 0);
++ if (ret == 0) {
++ appl_pam_session_opened = 1;
++ }
++ }
++ return ret;
++}
++int
++appl_pam_setenv(void)
++{
++ int ret = 0;
++#ifdef HAVE_PAM_GETENVLIST
++#ifdef HAVE_PUTENV
++ int i;
++ char **list;
++ if (appl_pam_started) {
++ list = pam_getenvlist(appl_pamh);
++ for (i = 0; ((list != NULL) && (list[i] != NULL)); i++) {
++#ifdef DEBUG
++ printf("Setting \"%s\" in environment.\n", list[i]);
++#endif
++ putenv(list[i]);
++ }
++ }
++#endif
++#endif
++ return ret;
++}
++int
++appl_pam_cred_init(void)
++{
++ int ret = 0;
++ if (appl_pam_started) {
++#ifdef DEBUG
++ printf("Initializing PAM credentials.\n");
++#endif
++ ret = pam_setcred(appl_pamh, PAM_ESTABLISH_CRED);
++ if (ret == 0) {
++ appl_pam_creds_initialized = 1;
++ }
++ }
++ return ret;
++}
++#endif
+diff --git a/src/clients/ksu/pam.h b/src/clients/ksu/pam.h
+new file mode 100644
+index 0000000..0ab7656
+--- /dev/null
++++ b/src/clients/ksu/pam.h
+@@ -0,0 +1,57 @@
++/*
++ * src/clients/ksu/pam.h
++ *
++ * Copyright 2007,2009,2010 Red Hat, Inc.
++ *
++ * All Rights Reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this
++ * list of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice,
++ * this list of conditions and the following disclaimer in the documentation
++ * and/or other materials provided with the distribution.
++ *
++ * Neither the name of Red Hat, Inc. nor the names of its contributors may be
++ * used to endorse or promote products derived from this software without
++ * specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ *
++ * Convenience wrappers for using PAM.
++ */
++
++#include <krb5.h>
++#ifdef HAVE_SECURITY_PAM_APPL_H
++#include <security/pam_appl.h>
++#endif
++
++#define USE_PAM_CONFIGURATION_KEYWORD "use_pam"
++
++#ifdef USE_PAM
++int appl_pam_enabled(krb5_context context, const char *section);
++int appl_pam_acct_mgmt(const char *service, int interactive,
++ const char *local_username,
++ const char *non_interactive_password,
++ const char *hostname,
++ const char *ruser,
++ const char *tty);
++int appl_pam_requires_chauthtok(void);
++int appl_pam_session_open(void);
++int appl_pam_setenv(void);
++int appl_pam_cred_init(void);
++void appl_pam_cleanup(void);
++#endif
+diff --git a/src/configure.in b/src/configure.in
+index 037c9f3..daabd12 100644
+--- a/src/configure.in
++++ b/src/configure.in
+@@ -1336,6 +1336,8 @@ AC_SUBST([VERTO_VERSION])
+
+ AC_PATH_PROG(GROFF, groff)
+
++KRB5_WITH_PAM
++
+ # Make localedir work in autoconf 2.5x.
+ if test "${localedir+set}" != set; then
+ localedir='$(datadir)/locale'
diff --git a/source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch b/source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch
new file mode 100644
index 00000000..168b9ba0
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch
@@ -0,0 +1,75 @@
+From 0a33cb5ff8f80c62a652bc60860fad375ee58a85 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:47:44 -0400
+Subject: [PATCH] krb5-1.13-dirsrv-accountlock.patch
+
+Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. Updated from
+original version filed as RT#5891.
+---
+ src/aclocal.m4 | 9 +++++++++
+ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 17 +++++++++++++++++
+ src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 3 +++
+ 3 files changed, 29 insertions(+)
+
+diff --git a/src/aclocal.m4 b/src/aclocal.m4
+index f5667c3..2bfb994 100644
+--- a/src/aclocal.m4
++++ b/src/aclocal.m4
+@@ -1656,6 +1656,15 @@ if test "$with_ldap" = yes; then
+ AC_MSG_NOTICE(enabling OpenLDAP database backend module support)
+ OPENLDAP_PLUGIN=yes
+ fi
++AC_ARG_WITH([dirsrv-account-locking],
++[ --with-dirsrv-account-locking compile 389/Red Hat/Fedora/Netscape Directory Server database backend module],
++[case "$withval" in
++ yes | no) ;;
++ *) AC_MSG_ERROR(Invalid option value --with-dirsrv-account-locking="$withval") ;;
++esac], with_dirsrv_account_locking=no)
++if test $with_dirsrv_account_locking = yes; then
++ AC_DEFINE(HAVE_DIRSRV_ACCOUNT_LOCKING,1,[Define if LDAP KDB interface should heed 389 DS's nsAccountLock attribute.])
++fi
+ ])dnl
+ dnl
+ dnl If libkeyutils exists (on Linux) include it and use keyring ccache
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+index 32efc4f..af8b2db 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+@@ -1674,6 +1674,23 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
+ ret = krb5_dbe_update_tl_data(context, entry, &userinfo_tl_data);
+ if (ret)
+ goto cleanup;
++#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING
++ {
++ krb5_timestamp expiretime=0;
++ char *is_login_disabled=NULL;
++
++ /* LOGIN DISABLED */
++ ret = krb5_ldap_get_string(ld, ent, "nsAccountLock", &is_login_disabled,
++ &attr_present);
++ if (ret)
++ goto cleanup;
++ if (attr_present == TRUE) {
++ if (strcasecmp(is_login_disabled, "TRUE")== 0)
++ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
++ free (is_login_disabled);
++ }
++ }
++#endif
+
+ ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname);
+ if (ret)
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+index d722dbf..5e8e9a8 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+@@ -54,6 +54,9 @@ char *principal_attributes[] = { "krbprincipalname",
+ "krbLastFailedAuth",
+ "krbLoginFailedCount",
+ "krbLastSuccessfulAuth",
++#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING
++ "nsAccountLock",
++#endif
+ "krbLastPwdChange",
+ "krbLastAdminUnlock",
+ "krbPrincipalAuthInd",
diff --git a/source/n/krb5/patches/krb5-1.15-beta1-buildconf.patch b/source/n/krb5/patches/krb5-1.15-beta1-buildconf.patch
new file mode 100644
index 00000000..d5737508
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.15-beta1-buildconf.patch
@@ -0,0 +1,70 @@
+From 302fdf788fe4d3895a9dcc0e86f98c09a34ea82a Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:45:26 -0400
+Subject: [PATCH] krb5-1.15-beta1-buildconf.patch
+
+Build binaries in this package as RELRO PIEs, libraries as partial RELRO,
+and install shared libraries with the execute bit set on them. Prune out
+the -L/usr/lib* and PIE flags where they might leak out and affect
+apps which just want to link with the libraries. FIXME: needs to check and
+not just assume that the compiler supports using these flags.
+---
+ src/build-tools/krb5-config.in | 7 +++++++
+ src/config/pre.in | 2 +-
+ src/config/shlib.conf | 5 +++--
+ 3 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
+index c17cb5e..1891dea 100755
+--- a/src/build-tools/krb5-config.in
++++ b/src/build-tools/krb5-config.in
+@@ -226,6 +226,13 @@ if test -n "$do_libs"; then
+ -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
+ -e 's#\$(CFLAGS)##'`
+
++ if test `dirname $libdir` = /usr ; then
++ lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"`
++ fi
++ lib_flags=`echo $lib_flags | sed -e "s#-fPIE##g" -e "s#-pie##g"`
++ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro##g"`
++ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,now##g"`
++
+ if test $library = 'kdb'; then
+ lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
+ library=krb5
+diff --git a/src/config/pre.in b/src/config/pre.in
+index fcea229..d961b56 100644
+--- a/src/config/pre.in
++++ b/src/config/pre.in
+@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
+ INSTALL_SCRIPT=@INSTALL_PROGRAM@
+ INSTALL_DATA=@INSTALL_DATA@
+ INSTALL_SHLIB=@INSTALL_SHLIB@
+-INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
++INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755
+ ## This is needed because autoconf will sometimes define @exec_prefix@ to be
+ ## ${prefix}.
+ prefix=@prefix@
+diff --git a/src/config/shlib.conf b/src/config/shlib.conf
+index 3e4af6c..2b20c3f 100644
+--- a/src/config/shlib.conf
++++ b/src/config/shlib.conf
+@@ -423,7 +423,7 @@ mips-*-netbsd*)
+ # Linux ld doesn't default to stuffing the SONAME field...
+ # Use objdump -x to examine the fields of the library
+ # UNDEF_CHECK is suppressed by --enable-asan
+- LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)'
++ LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK) -Wl,-z,relro -Wl,--warn-shared-textrel'
+ UNDEF_CHECK='-Wl,--no-undefined'
+ # $(EXPORT_CHECK) runs export-check.pl when in maintainer mode.
+ LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)'
+@@ -435,7 +435,8 @@ mips-*-netbsd*)
+ SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+ PROFFLAGS=-pg
+ PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
++ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)'
++ INSTALL_SHLIB='${INSTALL} -m755'
+ CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+ CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+ CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
diff --git a/source/n/krb5/patches/krb5-1.15-beta1-selinux-label.patch b/source/n/krb5/patches/krb5-1.15-beta1-selinux-label.patch
new file mode 100644
index 00000000..d743c3be
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.15-beta1-selinux-label.patch
@@ -0,0 +1,1065 @@
+From a2e0aed3d390ded3a7724fa223a3dc1102ec6221 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:30:53 -0400
+Subject: [PATCH] krb5-1.15-beta1-selinux-label.patch
+
+SELinux bases access to files on the domain of the requesting process,
+the operation being performed, and the context applied to the file.
+
+In many cases, applications needn't be SELinux aware to work properly,
+because SELinux can apply a default label to a file based on the label
+of the directory in which it's created.
+
+In the case of files such as /etc/krb5.keytab, however, this isn't
+sufficient, as /etc/krb5.keytab will almost always need to be given a
+label which differs from that of /etc/issue or /etc/resolv.conf. The
+the kdb stash file needs a different label than the database for which
+it's holding a master key, even though both typically live in the same
+directory.
+
+To give the file the correct label, we can either force a "restorecon"
+call to fix a file's label after it's created, or create the file with
+the right label, as we attempt to do here. We lean on THREEPARAMOPEN
+and define a similar macro named WRITABLEFOPEN with which we replace
+several uses of fopen().
+
+The file creation context that we're manipulating here is a process-wide
+attribute. While for the most part, applications which need to label
+files when they're created have tended to be single-threaded, there's
+not much we can do to avoid interfering with an application that
+manipulates the creation context directly. Right now we're mediating
+access using a library-local mutex, but that can only work for consumers
+that are part of this package -- an unsuspecting application will still
+stomp all over us.
+
+The selabel APIs for looking up the context should be thread-safe (per
+Red Hat #273081), so switching to using them instead of matchpathcon(),
+which we used earlier, is some improvement.
+---
+ src/aclocal.m4 | 49 +++
+ src/build-tools/krb5-config.in | 3 +-
+ src/config/pre.in | 3 +-
+ src/configure.in | 2 +
+ src/include/k5-int.h | 1 +
+ src/include/k5-label.h | 32 ++
+ src/include/krb5/krb5.hin | 6 +
+ src/kadmin/dbutil/dump.c | 11 +-
+ src/kdc/main.c | 2 +-
+ src/lib/kadm5/logger.c | 4 +-
+ src/lib/kdb/kdb_log.c | 2 +-
+ src/lib/krb5/ccache/cc_dir.c | 26 +-
+ src/lib/krb5/keytab/kt_file.c | 4 +-
+ src/lib/krb5/os/trace.c | 2 +-
+ src/lib/krb5/rcache/rc_dfl.c | 13 +
+ src/plugins/kdb/db2/adb_openclose.c | 2 +-
+ src/plugins/kdb/db2/kdb_db2.c | 4 +-
+ src/plugins/kdb/db2/libdb2/btree/bt_open.c | 3 +-
+ src/plugins/kdb/db2/libdb2/hash/hash.c | 3 +-
+ src/plugins/kdb/db2/libdb2/recno/rec_open.c | 4 +-
+ .../kdb/ldap/ldap_util/kdb5_ldap_services.c | 11 +-
+ src/slave/kpropd.c | 9 +
+ src/util/profile/prof_file.c | 3 +-
+ src/util/support/Makefile.in | 3 +-
+ src/util/support/selinux.c | 406 +++++++++++++++++++++
+ 25 files changed, 587 insertions(+), 21 deletions(-)
+ create mode 100644 src/include/k5-label.h
+ create mode 100644 src/util/support/selinux.c
+
+diff --git a/src/aclocal.m4 b/src/aclocal.m4
+index 508e5fe..607859f 100644
+--- a/src/aclocal.m4
++++ b/src/aclocal.m4
+@@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag)
+ dnl
+ KRB5_AC_PRAGMA_WEAK_REF
+ WITH_LDAP
++KRB5_WITH_SELINUX
+ KRB5_LIB_PARAMS
+ KRB5_AC_INITFINI
+ KRB5_AC_ENABLE_THREADS
+@@ -1742,3 +1743,51 @@ AC_SUBST(PAM_LIBS)
+ AC_SUBST(PAM_MAN)
+ AC_SUBST(NON_PAM_MAN)
+ ])dnl
++dnl
++dnl Use libselinux to set file contexts on newly-created files.
++dnl
++AC_DEFUN(KRB5_WITH_SELINUX,[
++AC_ARG_WITH(selinux,[AC_HELP_STRING(--with-selinux,[compile with SELinux labeling support])],
++ withselinux="$withval",withselinux=auto)
++old_LIBS="$LIBS"
++if test "$withselinux" != no ; then
++ AC_MSG_RESULT([checking for libselinux...])
++ SELINUX_LIBS=
++ AC_CHECK_HEADERS(selinux/selinux.h selinux/label.h)
++ if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then
++ if test "$withselinux" = auto ; then
++ AC_MSG_RESULT([Unable to locate selinux/selinux.h.])
++ withselinux=no
++ else
++ AC_MSG_ERROR([Unable to locate selinux/selinux.h.])
++ fi
++ fi
++
++ LIBS=
++ unset ac_cv_func_setfscreatecon
++ AC_CHECK_FUNCS(setfscreatecon selabel_open)
++ if test "x$ac_cv_func_setfscreatecon" = xno ; then
++ AC_CHECK_LIB(selinux,setfscreatecon)
++ unset ac_cv_func_setfscreatecon
++ AC_CHECK_FUNCS(setfscreatecon selabel_open)
++ if test "x$ac_cv_func_setfscreatecon" = xyes ; then
++ SELINUX_LIBS="$LIBS"
++ else
++ if test "$withselinux" = auto ; then
++ AC_MSG_RESULT([Unable to locate libselinux.])
++ withselinux=no
++ else
++ AC_MSG_ERROR([Unable to locate libselinux.])
++ fi
++ fi
++ fi
++ if test "$withselinux" != no ; then
++ AC_MSG_NOTICE([building with SELinux labeling support])
++ AC_DEFINE(USE_SELINUX,1,[Define if Kerberos-aware tools should set SELinux file contexts when creating files.])
++ SELINUX_LIBS="$LIBS"
++ EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon"
++ fi
++fi
++LIBS="$old_LIBS"
++AC_SUBST(SELINUX_LIBS)
++])dnl
+diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
+index f6184da..c17cb5e 100755
+--- a/src/build-tools/krb5-config.in
++++ b/src/build-tools/krb5-config.in
+@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@'
+ DEFCCNAME='@DEFCCNAME@'
+ DEFKTNAME='@DEFKTNAME@'
+ DEFCKTNAME='@DEFCKTNAME@'
++SELINUX_LIBS='@SELINUX_LIBS@'
+
+ LIBS='@LIBS@'
+ GEN_LIB=@GEN_LIB@
+@@ -255,7 +256,7 @@ if test -n "$do_libs"; then
+ fi
+
+ # If we ever support a flag to generate output suitable for static
+- # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
++ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB"
+ # here.
+
+ echo $lib_flags
+diff --git a/src/config/pre.in b/src/config/pre.in
+index e062632..fcea229 100644
+--- a/src/config/pre.in
++++ b/src/config/pre.in
+@@ -177,6 +177,7 @@ LD = $(PURE) @LD@
+ KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include
+ LDFLAGS = @LDFLAGS@
+ LIBS = @LIBS@
++SELINUX_LIBS=@SELINUX_LIBS@
+
+ INSTALL=@INSTALL@
+ INSTALL_STRIP=
+@@ -399,7 +400,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
+ # HESIOD_LIBS is -lhesiod...
+ HESIOD_LIBS = @HESIOD_LIBS@
+
+-KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB)
++KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB)
+ KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
+ GSS_LIBS = $(GSS_KRB5_LIB)
+ # needs fixing if ever used on Mac OS X!
+diff --git a/src/configure.in b/src/configure.in
+index daabd12..acf3a45 100644
+--- a/src/configure.in
++++ b/src/configure.in
+@@ -1338,6 +1338,8 @@ AC_PATH_PROG(GROFF, groff)
+
+ KRB5_WITH_PAM
+
++KRB5_WITH_SELINUX
++
+ # Make localedir work in autoconf 2.5x.
+ if test "${localedir+set}" != set; then
+ localedir='$(datadir)/locale'
+diff --git a/src/include/k5-int.h b/src/include/k5-int.h
+index 6499173..173cb02 100644
+--- a/src/include/k5-int.h
++++ b/src/include/k5-int.h
+@@ -128,6 +128,7 @@ typedef unsigned char u_char;
+
+
+ #include "k5-platform.h"
++#include "k5-label.h"
+
+ #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */
+ #define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */
+diff --git a/src/include/k5-label.h b/src/include/k5-label.h
+new file mode 100644
+index 0000000..dfaaa84
+--- /dev/null
++++ b/src/include/k5-label.h
+@@ -0,0 +1,32 @@
++#ifndef _KRB5_LABEL_H
++#define _KRB5_LABEL_H
++
++#ifdef THREEPARAMOPEN
++#undef THREEPARAMOPEN
++#endif
++#ifdef WRITABLEFOPEN
++#undef WRITABLEFOPEN
++#endif
++
++/* Wrapper functions which help us create files and directories with the right
++ * context labels. */
++#ifdef USE_SELINUX
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
++#include <stdio.h>
++#include <unistd.h>
++FILE *krb5int_labeled_fopen(const char *path, const char *mode);
++int krb5int_labeled_creat(const char *path, mode_t mode);
++int krb5int_labeled_open(const char *path, int flags, ...);
++int krb5int_labeled_mkdir(const char *path, mode_t mode);
++int krb5int_labeled_mknod(const char *path, mode_t mode, dev_t device);
++#define THREEPARAMOPEN(x,y,z) krb5int_labeled_open(x,y,z)
++#define WRITABLEFOPEN(x,y) krb5int_labeled_fopen(x,y)
++void *krb5int_push_fscreatecon_for(const char *pathname);
++void krb5int_pop_fscreatecon(void *previous);
++#else
++#define WRITABLEFOPEN(x,y) fopen(x,y)
++#define THREEPARAMOPEN(x,y,z) open(x,y,z)
++#endif
++#endif
+diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
+index ac22f4c..cf60d6c 100644
+--- a/src/include/krb5/krb5.hin
++++ b/src/include/krb5/krb5.hin
+@@ -87,6 +87,12 @@
+ #define THREEPARAMOPEN(x,y,z) open(x,y,z)
+ #endif
+
++#if KRB5_PRIVATE
++#ifndef WRITABLEFOPEN
++#define WRITABLEFOPEN(x,y) fopen(x,y)
++#endif
++#endif
++
+ #define KRB5_OLD_CRYPTO
+
+ #include <stdlib.h>
+diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
+index f7889bd..cad53cf 100644
+--- a/src/kadmin/dbutil/dump.c
++++ b/src/kadmin/dbutil/dump.c
+@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname)
+ {
+ int fd = -1;
+ FILE *f;
++#ifdef USE_SELINUX
++ void *selabel;
++#endif
+
+ *tmpname = NULL;
+ if (asprintf(tmpname, "%s-XXXXXX", ofile) < 0)
+ goto error;
+
++#ifdef USE_SELINUX
++ selabel = krb5int_push_fscreatecon_for(ofile);
++#endif
+ fd = mkstemp(*tmpname);
++#ifdef USE_SELINUX
++ krb5int_pop_fscreatecon(selabel);
++#endif
+ if (fd == -1)
+ goto error;
+
+@@ -194,7 +203,7 @@ prep_ok_file(krb5_context context, char *file_name, int *fd)
+ return 0;
+ }
+
+- *fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
++ *fd = THREEPARAMOPEN(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+ if (*fd == -1) {
+ com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
+ exit_status++;
+diff --git a/src/kdc/main.c b/src/kdc/main.c
+index ebc852b..a4dffb2 100644
+--- a/src/kdc/main.c
++++ b/src/kdc/main.c
+@@ -872,7 +872,7 @@ write_pid_file(const char *path)
+ FILE *file;
+ unsigned long pid;
+
+- file = fopen(path, "w");
++ file = WRITABLEFOPEN(path, "w");
+ if (file == NULL)
+ return errno;
+ pid = (unsigned long) getpid();
+diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
+index ce79fab..c53a574 100644
+--- a/src/lib/kadm5/logger.c
++++ b/src/lib/kadm5/logger.c
+@@ -414,7 +414,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
+ */
+ append = (cp[4] == ':') ? O_APPEND : 0;
+ if (append || cp[4] == '=') {
+- fd = open(&cp[5], O_CREAT | O_WRONLY | append,
++ fd = THREEPARAMOPEN(&cp[5], O_CREAT | O_WRONLY | append,
+ S_IRUSR | S_IWUSR | S_IRGRP);
+ if (fd != -1)
+ f = fdopen(fd, append ? "a" : "w");
+@@ -918,7 +918,7 @@ krb5_klog_reopen(krb5_context kcontext)
+ * In case the old logfile did not get moved out of the
+ * way, open for append to prevent squashing the old logs.
+ */
+- f = fopen(log_control.log_entries[lindex].lfu_fname, "a+");
++ f = WRITABLEFOPEN(log_control.log_entries[lindex].lfu_fname, "a+");
+ if (f) {
+ set_cloexec_file(f);
+ log_control.log_entries[lindex].lfu_filep = f;
+diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c
+index 766d300..6466417 100644
+--- a/src/lib/kdb/kdb_log.c
++++ b/src/lib/kdb/kdb_log.c
+@@ -476,7 +476,7 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries)
+ int ulogfd = -1;
+
+ if (stat(logname, &st) == -1) {
+- ulogfd = open(logname, O_RDWR | O_CREAT, 0600);
++ ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600);
+ if (ulogfd == -1)
+ return errno;
+
+diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c
+index bba64e5..73f0fe6 100644
+--- a/src/lib/krb5/ccache/cc_dir.c
++++ b/src/lib/krb5/ccache/cc_dir.c
+@@ -183,10 +183,19 @@ write_primary_file(const char *primary_path, const char *contents)
+ char *newpath = NULL;
+ FILE *fp = NULL;
+ int fd = -1, status;
++#ifdef USE_SELINUX
++ void *selabel;
++#endif
+
+ if (asprintf(&newpath, "%s.XXXXXX", primary_path) < 0)
+ return ENOMEM;
++#ifdef USE_SELINUX
++ selabel = krb5int_push_fscreatecon_for(primary_path);
++#endif
+ fd = mkstemp(newpath);
++#ifdef USE_SELINUX
++ krb5int_pop_fscreatecon(selabel);
++#endif
+ if (fd < 0)
+ goto cleanup;
+ #ifdef HAVE_CHMOD
+@@ -221,10 +230,23 @@ static krb5_error_code
+ verify_dir(krb5_context context, const char *dirname)
+ {
+ struct stat st;
++ int status;
++#ifdef USE_SELINUX
++ void *selabel;
++#endif
+
+ if (stat(dirname, &st) < 0) {
+- if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0)
+- return 0;
++ if (errno == ENOENT) {
++#ifdef USE_SELINUX
++ selabel = krb5int_push_fscreatecon_for(dirname);
++#endif
++ status = mkdir(dirname, S_IRWXU);
++#ifdef USE_SELINUX
++ krb5int_pop_fscreatecon(selabel);
++#endif
++ if (status == 0)
++ return 0;
++ }
+ k5_setmsg(context, KRB5_FCC_NOFILE,
+ _("Credential cache directory %s does not exist"),
+ dirname);
+diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
+index 6a42f26..674d88b 100644
+--- a/src/lib/krb5/keytab/kt_file.c
++++ b/src/lib/krb5/keytab/kt_file.c
+@@ -1022,14 +1022,14 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode)
+
+ KTCHECKLOCK(id);
+ errno = 0;
+- KTFILEP(id) = fopen(KTFILENAME(id),
++ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id),
+ (mode == KRB5_LOCKMODE_EXCLUSIVE) ? "rb+" : "rb");
+ if (!KTFILEP(id)) {
+ if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) {
+ /* try making it first time around */
+ k5_create_secure_file(context, KTFILENAME(id));
+ errno = 0;
+- KTFILEP(id) = fopen(KTFILENAME(id), "rb+");
++ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), "rb+");
+ if (!KTFILEP(id))
+ goto report_errno;
+ writevno = 1;
+diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
+index 83c8d4d..a192461 100644
+--- a/src/lib/krb5/os/trace.c
++++ b/src/lib/krb5/os/trace.c
+@@ -397,7 +397,7 @@ krb5_set_trace_filename(krb5_context context, const char *filename)
+ fd = malloc(sizeof(*fd));
+ if (fd == NULL)
+ return ENOMEM;
+- *fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
++ *fd = THREEPARAMOPEN(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
+ if (*fd == -1) {
+ free(fd);
+ return errno;
+diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
+index c4d2c74..c0f12ed 100644
+--- a/src/lib/krb5/rcache/rc_dfl.c
++++ b/src/lib/krb5/rcache/rc_dfl.c
+@@ -794,6 +794,9 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id)
+ krb5_error_code retval = 0;
+ krb5_rcache tmp;
+ krb5_deltat lifespan = t->lifespan; /* save original lifespan */
++#ifdef USE_SELINUX
++ void *selabel;
++#endif
+
+ if (! t->recovering) {
+ name = t->name;
+@@ -815,7 +818,17 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id)
+ retval = krb5_rc_resolve(context, tmp, 0);
+ if (retval)
+ goto cleanup;
++#ifdef USE_SELINUX
++ if (t->d.fn != NULL)
++ selabel = krb5int_push_fscreatecon_for(t->d.fn);
++ else
++ selabel = NULL;
++#endif
+ retval = krb5_rc_initialize(context, tmp, lifespan);
++#ifdef USE_SELINUX
++ if (selabel != NULL)
++ krb5int_pop_fscreatecon(selabel);
++#endif
+ if (retval)
+ goto cleanup;
+ for (q = t->a; q; q = q->na) {
+diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c
+index 7db30a3..2b9d019 100644
+--- a/src/plugins/kdb/db2/adb_openclose.c
++++ b/src/plugins/kdb/db2/adb_openclose.c
+@@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename,
+ * needs be open read/write so that write locking can work with
+ * POSIX systems
+ */
+- if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
++ if ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL) {
+ /*
+ * maybe someone took away write permission so we could only
+ * get shared locks?
+diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
+index 4c4036e..d90bdea 100644
+--- a/src/plugins/kdb/db2/kdb_db2.c
++++ b/src/plugins/kdb/db2/kdb_db2.c
+@@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5_db2_context *dbc)
+ if (retval)
+ return retval;
+
+- dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC,
+- 0600);
++ dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name,
++ O_CREAT | O_RDWR | O_TRUNC, 0600);
+ if (dbc->db_lf_file < 0) {
+ retval = errno;
+ goto cleanup;
+diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c
+index 2977b17..d5809a5 100644
+--- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c
++++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c
+@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.11 (Berkeley) 11/2/95";
+ #include <string.h>
+ #include <unistd.h>
+
++#include "k5-int.h"
+ #include "db-int.h"
+ #include "btree.h"
+
+@@ -203,7 +204,7 @@ __bt_open(fname, flags, mode, openinfo, dflags)
+ goto einval;
+ }
+
+- if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0)
++ if ((t->bt_fd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
+ goto err;
+
+ } else {
+diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c
+index 76f5d47..1fa8b83 100644
+--- a/src/plugins/kdb/db2/libdb2/hash/hash.c
++++ b/src/plugins/kdb/db2/libdb2/hash/hash.c
+@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 (Berkeley) 11/7/95";
+ #include <assert.h>
+ #endif
+
++#include "k5-int.h"
+ #include "db-int.h"
+ #include "hash.h"
+ #include "page.h"
+@@ -140,7 +141,7 @@ __kdb2_hash_open(file, flags, mode, info, dflags)
+ new_table = 1;
+ }
+ if (file) {
+- if ((hashp->fp = open(file, flags|O_BINARY, mode)) == -1)
++ if ((hashp->fp = THREEPARAMOPEN(file, flags|O_BINARY, mode)) == -1)
+ RETURN_ERROR(errno, error0);
+ (void)fcntl(hashp->fp, F_SETFD, 1);
+ }
+diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c
+index d8b26e7..b0daa7c 100644
+--- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c
++++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c
+@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8.12 (Berkeley) 11/18/94";
+ #include <stdio.h>
+ #include <unistd.h>
+
++#include "k5-int.h"
+ #include "db-int.h"
+ #include "recno.h"
+
+@@ -68,7 +69,8 @@ __rec_open(fname, flags, mode, openinfo, dflags)
+ int rfd = -1, sverrno;
+
+ /* Open the user's file -- if this fails, we're done. */
+- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
++ if (fname != NULL &&
++ (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
+ return (NULL);
+
+ if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
+diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
+index 022156a..3d6994c 100644
+--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
++++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
+@@ -203,7 +203,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv)
+
+ /* set password in the file */
+ old_mode = umask(0177);
+- pfile = fopen(file_name, "a+");
++ pfile = WRITABLEFOPEN(file_name, "a+");
+ if (pfile == NULL) {
+ com_err(me, errno, _("Failed to open file %s: %s"), file_name,
+ strerror (errno));
+@@ -244,6 +244,9 @@ kdb5_ldap_stash_service_password(int argc, char **argv)
+ * Delete the existing entry and add the new entry
+ */
+ FILE *newfile;
++#ifdef USE_SELINUX
++ void *selabel;
++#endif
+
+ mode_t omask;
+
+@@ -255,7 +258,13 @@ kdb5_ldap_stash_service_password(int argc, char **argv)
+ }
+
+ omask = umask(077);
++#ifdef USE_SELINUX
++ selabel = krb5int_push_fscreatecon_for(file_name);
++#endif
+ newfile = fopen(tmp_file, "w");
++#ifdef USE_SELINUX
++ krb5int_pop_fscreatecon(selabel);
++#endif
+ umask (omask);
+ if (newfile == NULL) {
+ com_err(me, errno, _("Error creating file %s"), tmp_file);
+diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
+index 056c31a..b78c3d9 100644
+--- a/src/slave/kpropd.c
++++ b/src/slave/kpropd.c
+@@ -464,6 +464,9 @@ doit(int fd)
+ krb5_enctype etype;
+ int database_fd;
+ char host[INET6_ADDRSTRLEN + 1];
++#ifdef USE_SELINUX
++ void *selabel;
++#endif
+
+ signal_wrapper(SIGALRM, alarm_handler);
+ alarm(params.iprop_resync_timeout);
+@@ -520,9 +523,15 @@ doit(int fd)
+ free(name);
+ exit(1);
+ }
++#ifdef USE_SELINUX
++ selabel = krb5int_push_fscreatecon_for(file);
++#endif
+ omask = umask(077);
+ lock_fd = open(temp_file_name, O_RDWR | O_CREAT, 0600);
+ (void)umask(omask);
++#ifdef USE_SELINUX
++ krb5int_pop_fscreatecon(selabel);
++#endif
+ retval = krb5_lock_file(kpropd_context, lock_fd,
+ KRB5_LOCKMODE_EXCLUSIVE | KRB5_LOCKMODE_DONTBLOCK);
+ if (retval) {
+diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
+index 907c119..0f5462a 100644
+--- a/src/util/profile/prof_file.c
++++ b/src/util/profile/prof_file.c
+@@ -33,6 +33,7 @@
+ #endif
+
+ #include "k5-platform.h"
++#include "k5-label.h"
+
+ struct global_shared_profile_data {
+ /* This is the head of the global list of shared trees */
+@@ -423,7 +424,7 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile,
+
+ errno = 0;
+
+- f = fopen(new_file, "w");
++ f = WRITABLEFOPEN(new_file, "w");
+ if (!f) {
+ retval = errno;
+ if (retval == 0)
+diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in
+index 6239e41..17bcd2a 100644
+--- a/src/util/support/Makefile.in
++++ b/src/util/support/Makefile.in
+@@ -69,6 +69,7 @@ IPC_SYMS= \
+
+ STLIBOBJS= \
+ threads.o \
++ selinux.o \
+ init-addrinfo.o \
+ plugins.o \
+ errors.o \
+@@ -148,7 +149,7 @@ SRCS=\
+
+ SHLIB_EXPDEPS =
+ # Add -lm if dumping thread stats, for sqrt.
+-SHLIB_EXPLIBS= $(LIBS) $(DL_LIB)
++SHLIB_EXPLIBS= $(LIBS) $(SELINUX_LIBS) $(DL_LIB)
+
+ DEPLIBS=
+
+diff --git a/src/util/support/selinux.c b/src/util/support/selinux.c
+new file mode 100644
+index 0000000..2302634
+--- /dev/null
++++ b/src/util/support/selinux.c
+@@ -0,0 +1,406 @@
++/*
++ * Copyright 2007,2008,2009,2011,2012,2013,2016 Red Hat, Inc. All Rights Reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this
++ * list of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice,
++ * this list of conditions and the following disclaimer in the documentation
++ * and/or other materials provided with the distribution.
++ *
++ * Neither the name of Red Hat, Inc. nor the names of its contributors may be
++ * used to endorse or promote products derived from this software without
++ * specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ *
++ * File-opening wrappers for creating correctly-labeled files. So far, we can
++ * assume that this is Linux-specific, so we make many simplifying assumptions.
++ */
++
++#include "../../include/autoconf.h"
++
++#ifdef USE_SELINUX
++
++#include <k5-label.h>
++#include <k5-platform.h>
++
++#include <sys/types.h>
++#include <sys/stat.h>
++
++#include <errno.h>
++#include <fcntl.h>
++#include <limits.h>
++#include <pthread.h>
++#include <stdarg.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++
++#include <selinux/selinux.h>
++#include <selinux/context.h>
++#include <selinux/label.h>
++
++/* #define DEBUG 1 */
++static void
++debug_log(const char *fmt, ...)
++{
++#ifdef DEBUG
++ va_list ap;
++ va_start(ap, str);
++ if (isatty(fileno(stderr))) {
++ vfprintf(stderr, fmt, ap);
++ }
++ va_end(ap);
++#endif
++
++ return;
++}
++
++/* Mutex used to serialize use of the process-global file creation context. */
++k5_mutex_t labeled_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
++
++/* Make sure we finish initializing that mutex before attempting to use it. */
++k5_once_t labeled_once = K5_ONCE_INIT;
++static void
++label_mutex_init(void)
++{
++ k5_mutex_finish_init(&labeled_mutex);
++}
++
++static struct selabel_handle *selabel_ctx;
++static time_t selabel_last_changed;
++
++MAKE_FINI_FUNCTION(cleanup_fscreatecon);
++
++static void
++cleanup_fscreatecon(void)
++{
++ if (selabel_ctx != NULL) {
++ selabel_close(selabel_ctx);
++ selabel_ctx = NULL;
++ }
++}
++
++static security_context_t
++push_fscreatecon(const char *pathname, mode_t mode)
++{
++ security_context_t previous, configuredsc, currentsc, derivedsc;
++ context_t current, derived;
++ const char *fullpath, *currentuser;
++ char *genpath;
++
++ previous = configuredsc = currentsc = derivedsc = NULL;
++ current = derived = NULL;
++ genpath = NULL;
++
++ fullpath = pathname;
++
++ if (!is_selinux_enabled()) {
++ goto fail;
++ }
++
++ if (getfscreatecon(&previous) != 0) {
++ goto fail;
++ }
++
++ /* Canonicalize pathname */
++ if (pathname[0] != '/') {
++ char *wd;
++ size_t len;
++ len = 0;
++
++ wd = getcwd(NULL, len);
++ if (wd == NULL) {
++ goto fail;
++ }
++
++ len = strlen(wd) + 1 + strlen(pathname) + 1;
++ genpath = malloc(len);
++ if (genpath == NULL) {
++ free(wd);
++ goto fail;
++ }
++
++ sprintf(genpath, "%s/%s", wd, pathname);
++ free(wd);
++ fullpath = genpath;
++ }
++
++ debug_log("Looking up context for \"%s\"(%05o).\n", fullpath, mode);
++
++ /* Check whether context file has changed under us */
++ if (selabel_ctx != NULL || selabel_last_changed == 0) {
++ const char *cpath;
++ struct stat st;
++ int i = -1;
++
++ cpath = selinux_file_context_path();
++ if (cpath == NULL || (i = stat(cpath, &st)) != 0 ||
++ st.st_mtime != selabel_last_changed) {
++ cleanup_fscreatecon();
++
++ selabel_last_changed = i ? time(NULL) : st.st_mtime;
++ }
++ }
++
++ if (selabel_ctx == NULL) {
++ selabel_ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
++ }
++
++ if (selabel_ctx != NULL &&
++ selabel_lookup(selabel_ctx, &configuredsc, fullpath, mode) != 0) {
++ goto fail;
++ }
++
++ if (genpath != NULL) {
++ free(genpath);
++ genpath = NULL;
++ }
++
++ if (configuredsc == NULL) {
++ goto fail;
++ }
++
++ getcon(&currentsc);
++
++ /* AAAAAAAA */
++ if (currentsc != NULL) {
++ derived = context_new(configuredsc);
++
++ if (derived != NULL) {
++ current = context_new(currentsc);
++
++ if (current != NULL) {
++ currentuser = context_user_get(current);
++
++ if (currentuser != NULL) {
++ if (context_user_set(derived,
++ currentuser) == 0) {
++ derivedsc = context_str(derived);
++
++ if (derivedsc != NULL) {
++ freecon(configuredsc);
++ configuredsc = strdup(derivedsc);
++ }
++ }
++ }
++
++ context_free(current);
++ }
++
++ context_free(derived);
++ }
++
++ freecon(currentsc);
++ }
++
++ debug_log("Setting file creation context to \"%s\".\n", configuredsc);
++ if (setfscreatecon(configuredsc) != 0) {
++ debug_log("Unable to determine current context.\n");
++ goto fail;
++ }
++
++ freecon(configuredsc);
++ return previous;
++
++fail:
++ if (previous != NULL) {
++ freecon(previous);
++ }
++ if (genpath != NULL) {
++ free(genpath);
++ }
++ if (configuredsc != NULL) {
++ freecon(configuredsc);
++ }
++
++ cleanup_fscreatecon();
++ return NULL;
++}
++
++static void
++pop_fscreatecon(security_context_t previous)
++{
++ if (!is_selinux_enabled()) {
++ return;
++ }
++
++ if (previous != NULL) {
++ debug_log("Resetting file creation context to \"%s\".\n", previous);
++ } else {
++ debug_log("Resetting file creation context to default.\n");
++ }
++
++ /* NULL resets to default */
++ setfscreatecon(previous);
++
++ if (previous != NULL) {
++ freecon(previous);
++ }
++
++ /* Need to clean this up here otherwise it leaks */
++ cleanup_fscreatecon();
++}
++
++void *
++krb5int_push_fscreatecon_for(const char *pathname)
++{
++ struct stat st;
++ void *retval;
++
++ k5_once(&labeled_once, label_mutex_init);
++ k5_mutex_lock(&labeled_mutex);
++
++ if (stat(pathname, &st) != 0) {
++ st.st_mode = S_IRUSR | S_IWUSR;
++ }
++
++ retval = push_fscreatecon(pathname, st.st_mode);
++ return retval ? retval : (void *) -1;
++}
++
++void
++krb5int_pop_fscreatecon(void *con)
++{
++ if (con != NULL) {
++ pop_fscreatecon((con == (void *) -1) ? NULL : con);
++ k5_mutex_unlock(&labeled_mutex);
++ }
++}
++
++FILE *
++krb5int_labeled_fopen(const char *path, const char *mode)
++{
++ FILE *fp;
++ int errno_save;
++ security_context_t ctx;
++
++ if ((strcmp(mode, "r") == 0) ||
++ (strcmp(mode, "rb") == 0)) {
++ return fopen(path, mode);
++ }
++
++ k5_once(&labeled_once, label_mutex_init);
++ k5_mutex_lock(&labeled_mutex);
++ ctx = push_fscreatecon(path, 0);
++
++ fp = fopen(path, mode);
++ errno_save = errno;
++
++ pop_fscreatecon(ctx);
++ k5_mutex_unlock(&labeled_mutex);
++
++ errno = errno_save;
++ return fp;
++}
++
++int
++krb5int_labeled_creat(const char *path, mode_t mode)
++{
++ int fd;
++ int errno_save;
++ security_context_t ctx;
++
++ k5_once(&labeled_once, label_mutex_init);
++ k5_mutex_lock(&labeled_mutex);
++ ctx = push_fscreatecon(path, 0);
++
++ fd = creat(path, mode);
++ errno_save = errno;
++
++ pop_fscreatecon(ctx);
++ k5_mutex_unlock(&labeled_mutex);
++
++ errno = errno_save;
++ return fd;
++}
++
++int
++krb5int_labeled_mknod(const char *path, mode_t mode, dev_t dev)
++{
++ int ret;
++ int errno_save;
++ security_context_t ctx;
++
++ k5_once(&labeled_once, label_mutex_init);
++ k5_mutex_lock(&labeled_mutex);
++ ctx = push_fscreatecon(path, mode);
++
++ ret = mknod(path, mode, dev);
++ errno_save = errno;
++
++ pop_fscreatecon(ctx);
++ k5_mutex_unlock(&labeled_mutex);
++
++ errno = errno_save;
++ return ret;
++}
++
++int
++krb5int_labeled_mkdir(const char *path, mode_t mode)
++{
++ int ret;
++ int errno_save;
++ security_context_t ctx;
++
++ k5_once(&labeled_once, label_mutex_init);
++ k5_mutex_lock(&labeled_mutex);
++ ctx = push_fscreatecon(path, S_IFDIR);
++
++ ret = mkdir(path, mode);
++ errno_save = errno;
++
++ pop_fscreatecon(ctx);
++ k5_mutex_unlock(&labeled_mutex);
++
++ errno = errno_save;
++ return ret;
++}
++
++int
++krb5int_labeled_open(const char *path, int flags, ...)
++{
++ int fd;
++ int errno_save;
++ security_context_t ctx;
++ mode_t mode;
++ va_list ap;
++
++ if ((flags & O_CREAT) == 0) {
++ return open(path, flags);
++ }
++
++ k5_once(&labeled_once, label_mutex_init);
++ k5_mutex_lock(&labeled_mutex);
++ ctx = push_fscreatecon(path, 0);
++
++ va_start(ap, flags);
++ mode = va_arg(ap, mode_t);
++ fd = open(path, flags, mode);
++ va_end(ap);
++
++ errno_save = errno;
++
++ pop_fscreatecon(ctx);
++ k5_mutex_unlock(&labeled_mutex);
++
++ errno = errno_save;
++ return fd;
++}
++
++#endif /* USE_SELINUX */
diff --git a/source/n/krb5/patches/krb5-1.3.1-dns.patch b/source/n/krb5/patches/krb5-1.3.1-dns.patch
new file mode 100644
index 00000000..211e6614
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.3.1-dns.patch
@@ -0,0 +1,22 @@
+From 285e023d996ed1a9dbe77239967b3f56ed2c8075 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:46:21 -0400
+Subject: [PATCH] krb5-1.3.1-dns.patch
+
+We want to be able to use --with-netlib and --enable-dns at the same time.
+---
+ src/aclocal.m4 | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/aclocal.m4 b/src/aclocal.m4
+index 607859f..f5667c3 100644
+--- a/src/aclocal.m4
++++ b/src/aclocal.m4
+@@ -703,6 +703,7 @@ AC_HELP_STRING([--with-netlib=LIBS], use user defined resolver library),
+ LIBS="$LIBS $withval"
+ AC_MSG_RESULT("netlib will use \'$withval\'")
+ fi
++ KRB5_AC_ENABLE_DNS
+ ],dnl
+ [AC_LIBRARY_NET]
+ )])dnl
diff --git a/source/n/krb5/patches/krb5-1.9-debuginfo.patch b/source/n/krb5/patches/krb5-1.9-debuginfo.patch
new file mode 100644
index 00000000..a67ecd34
--- /dev/null
+++ b/source/n/krb5/patches/krb5-1.9-debuginfo.patch
@@ -0,0 +1,39 @@
+From 792c6e3ce90f8cb374df41abbf3da1631d64045f Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2016 16:49:25 -0400
+Subject: [PATCH] krb5-1.9-debuginfo.patch
+
+We want to keep these y.tab.c files around because the debuginfo points to
+them. It would be more elegant at the end to use symbolic links, but that
+could mess up people working in the tree on other things.
+---
+ src/kadmin/cli/Makefile.in | 5 +++++
+ src/plugins/kdb/ldap/ldap_util/Makefile.in | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in
+index adfea6e..d1327e4 100644
+--- a/src/kadmin/cli/Makefile.in
++++ b/src/kadmin/cli/Makefile.in
+@@ -37,3 +37,8 @@ clean-unix::
+ # CC_LINK is not meant for compilation and this use may break in the future.
+ datetest: getdate.c
+ $(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c
++
++%.c: %.y
++ $(RM) y.tab.c $@
++ $(YACC.y) $<
++ $(CP) y.tab.c $@
+diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in
+index 8669c24..a22f23c 100644
+--- a/src/plugins/kdb/ldap/ldap_util/Makefile.in
++++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in
+@@ -20,7 +20,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE)
+ getdate.c: $(GETDATE)
+ $(RM) getdate.c y.tab.c
+ $(YACC) $(GETDATE)
+- $(MV) y.tab.c getdate.c
++ $(CP) y.tab.c getdate.c
+
+ install:
+ $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
diff --git a/source/n/krb5/slack-desc b/source/n/krb5/slack-desc
new file mode 100644
index 00000000..6a41cbc3
--- /dev/null
+++ b/source/n/krb5/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+krb5: krb5 (Network authentication protocol)
+krb5:
+krb5: Kerberos is a network authentication protocol. It is designed to
+krb5: provide strong authentication for client/server applications by using
+krb5: secret-key cryptography.
+krb5:
+krb5: Homepage: http://web.mit.edu/kerberos/
+krb5:
+krb5:
+krb5:
+krb5:
diff --git a/source/n/php/fetch-php.sh b/source/n/php/fetch-php.sh
index 6aa0ef11..1704a8cc 100755
--- a/source/n/php/fetch-php.sh
+++ b/source/n/php/fetch-php.sh
@@ -1,2 +1,2 @@
-lftpget http://us.php.net/distributions/php-7.4.1.tar.xz.asc
-lftpget http://us.php.net/distributions/php-7.4.1.tar.xz
+lftpget http://us.php.net/distributions/php-7.4.2.tar.xz.asc
+lftpget http://us.php.net/distributions/php-7.4.2.tar.xz
diff --git a/source/n/samba/samba.SlackBuild b/source/n/samba/samba.SlackBuild
index e3883df2..76bc3c47 100755
--- a/source/n/samba/samba.SlackBuild
+++ b/source/n/samba/samba.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=samba
VERSION=${VERSION:-$(echo samba-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
if [ -e $CWD/machine.conf ]; then
. $CWD/machine.conf ]
diff --git a/source/n/samba/samba.url b/source/n/samba/samba.url
index 89890af2..3f588b19 100644
--- a/source/n/samba/samba.url
+++ b/source/n/samba/samba.url
@@ -1,2 +1,2 @@
-https://download.samba.org/pub/samba/stable/samba-4.11.4.tar.gz
-https://download.samba.org/pub/samba/stable/samba-4.11.4.tar.asc
+https://download.samba.org/pub/samba/stable/samba-4.11.5.tar.gz
+https://download.samba.org/pub/samba/stable/samba-4.11.5.tar.asc