Update includedir processing to match upstream

2018-06-07 12:37:24 -04:00 · 2018-06-07 12:37:24 -04:00 · 6dd406494d
commit 6dd406494d
parent 6e3058a9c5
32 changed files with 370 additions and 108 deletions
--- a/Add-ASN.1-encoders-and-decoders-for-SPAKE-types.patch
+++ b/Add-ASN.1-encoders-and-decoders-for-SPAKE-types.patch
@ -1,4 +1,4 @@
-From dd66546bde0bc868a9af2ac702c7466e7494b33b Mon Sep 17 00:00:00 2001
+From dff5177801444307d19071fc4fac7de864fda92a Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Sat, 13 Jun 2015 16:04:53 -0400
 Subject: [PATCH] Add ASN.1 encoders and decoders for SPAKE types
--- a/Add-PKINIT-KDC-support-for-freshness-token.patch
+++ b/Add-PKINIT-KDC-support-for-freshness-token.patch
@ -1,4 +1,4 @@
-From 9f69b78a93de5ae396eb96d2957f36f8b9dc7458 Mon Sep 17 00:00:00 2001
+From c93112a19f73b9a984cabd320129ee8f70cb4823 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 12 Mar 2018 11:31:46 -0400
 Subject: [PATCH] Add PKINIT KDC support for freshness token
--- a/Add-PKINIT-client-support-for-freshness-token.patch
+++ b/Add-PKINIT-client-support-for-freshness-token.patch
@ -1,4 +1,4 @@
-From 0bc035db40c5badae3cc00f452560785a0cb0a44 Mon Sep 17 00:00:00 2001
+From 5edc6de93196b4f07da6695a4b271a067000c84d Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Tue, 31 Jan 2017 17:02:34 -0500
 Subject: [PATCH] Add PKINIT client support for freshness token
--- a/Add-SPAKE-preauth-support.patch
+++ b/Add-SPAKE-preauth-support.patch
@ -1,4 +1,4 @@
-From b054d1d29e676600abd6fdd7a67a283c3c011f95 Mon Sep 17 00:00:00 2001
+From f8f2cff0aba6ea7dd9b5fef89549aaff36ce4fee Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Fri, 25 Sep 2015 17:47:35 -0400
 Subject: [PATCH] Add SPAKE preauth support
--- a/Add-doc-index-entries-for-SPAKE-constants.patch
+++ b/Add-doc-index-entries-for-SPAKE-constants.patch
@ -1,4 +1,4 @@
-From 0ff94a373749e83fb9c2c5c6fa6d5788b2b63460 Mon Sep 17 00:00:00 2001
+From c891e4bc54c8083a1af8d28aa9b12ab1177ebb9a Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Tue, 27 Mar 2018 00:49:43 -0400
 Subject: [PATCH] Add doc index entries for SPAKE constants
--- a/Add-k5_buf_add_vfmt-to-k5buf-interface.patch
+++ b/Add-k5_buf_add_vfmt-to-k5buf-interface.patch
@ -1,4 +1,4 @@
-From f2402ea18c8587dab261cd724ef62fd7f6bcc8ec Mon Sep 17 00:00:00 2001
+From 74e1079df0cc6e8932e487455177a69f782b863a Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Thu, 4 Jan 2018 14:35:12 -0500
 Subject: [PATCH] Add k5_buf_add_vfmt to k5buf interface
--- a/Add-k5_dir_filenames-to-libkrb5support.patch
+++ b/Add-k5_dir_filenames-to-libkrb5support.patch
@ -0,0 +1,222 @@
+From 9010a0dbf59771cb0a9c1e6fd5a18a92a1200ca7 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Tue, 5 Jun 2018 14:01:05 -0400
+Subject: [PATCH] Add k5_dir_filenames() to libkrb5support
+
+Add a support function to get a list of filenames from a directory in
+sorted order.
+
+(cherry picked from commit 27534121eb39089ff4335d8b465027e9ba783682)
+---
+ src/include/k5-platform.h                     |   7 +
+ src/util/support/Makefile.in                  |   3 +
+ src/util/support/dir_filenames.c              | 135 ++++++++++++++++++
+ src/util/support/libkrb5support-fixed.exports |   2 +
+ 4 files changed, 147 insertions(+)
+ create mode 100644 src/util/support/dir_filenames.c
+
+diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h
+index 07ef6a4ca..763408a09 100644
+--- a/src/include/k5-platform.h
+++ b/src/include/k5-platform.h
+@@ -44,6 +44,8 @@
+  * + constant time memory comparison
+  * + path manipulation
+  * + _, N_, dgettext, bindtextdomain (for localization)
+ * + getopt_long
+ * + fetching filenames from a directory
+  */
+ 
+ #ifndef K5_PLATFORM_H
+@@ -1148,4 +1150,9 @@ extern int k5_getopt_long(int nargc, char **nargv, char *options,
+ #define getopt_long k5_getopt_long
+ #endif /* HAVE_GETOPT_LONG */
+ 
+/* Set *fnames_out to a null-terminated list of filenames within dirname,
+ * sorted according to strcmp().  Return 0 on success, or ENOENT/ENOMEM. */
+int k5_dir_filenames(const char *dirname, char ***fnames_out);
+void k5_free_filenames(char **fnames);
+
+ #endif /* K5_PLATFORM_H */
+diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in
+index caaf15822..4715e0391 100644
+--- a/src/util/support/Makefile.in
+++ b/src/util/support/Makefile.in
+@@ -85,6 +85,7 @@ STLIBOBJS= \
+ 	hex.o \
+ 	bcmp.o \
+ 	strerror_r.o \
+	dir_filenames.o \
+ 	$(GETTIMEOFDAY_ST_OBJ) \
+ 	$(IPC_ST_OBJ) \
+ 	$(STRLCPY_ST_OBJ) \
+@@ -111,6 +112,7 @@ LIBOBJS= \
+ 	$(OUTPRE)hex.$(OBJEXT) \
+ 	$(OUTPRE)bcmp.$(OBJEXT) \
+ 	$(OUTPRE)strerror_r.$(OBJEXT) \
+	$(OUTPRE)dir_filenames.$(OBJEXT) \
+ 	$(GETTIMEOFDAY_OBJ) \
+ 	$(IPC_OBJ) \
+ 	$(STRLCPY_OBJ) \
+@@ -147,6 +149,7 @@ SRCS=\
+ 	$(srcdir)/hex.c \
+ 	$(srcdir)/bcmp.c \
+ 	$(srcdir)/strerror_r.c \
+	$(srcdir)/dir_filenames.c \
+ 	$(srcdir)/t_utf8.c \
+ 	$(srcdir)/t_utf16.c \
+ 	$(srcdir)/getopt.c \
+diff --git a/src/util/support/dir_filenames.c b/src/util/support/dir_filenames.c
+new file mode 100644
+index 000000000..9312b0238
+--- /dev/null
+++ b/src/util/support/dir_filenames.c
+@@ -0,0 +1,135 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/dir_filenames.c - fetch filenames in a directory */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-platform.h"
+
+void
+k5_free_filenames(char **fnames)
+{
+    char **fn;
+
+    for (fn = fnames; fn != NULL && *fn != NULL; fn++)
+        free(*fn);
+    free(fnames);
+}
+
+/* Resize the filename list and add a name. */
+static int
+add_filename(char ***fnames, int *n_fnames, const char *name)
+{
+    char **newlist;
+
+    newlist = realloc(*fnames, (*n_fnames + 2) * sizeof(*newlist));
+    if (newlist == NULL)
+        return ENOMEM;
+    *fnames = newlist;
+    newlist[*n_fnames] = strdup(name);
+    if (newlist[*n_fnames] == NULL)
+        return ENOMEM;
+    (*n_fnames)++;
+    newlist[*n_fnames] = NULL;
+    return 0;
+}
+
+static int
+compare_with_strcmp(const void *a, const void *b)
+{
+    return strcmp(*(char **)a, *(char **)b);
+}
+
+#ifdef _WIN32
+
+int
+k5_dir_filenames(const char *dirname, char ***fnames_out)
+{
+    char *wildcard;
+    WIN32_FIND_DATA ffd;
+    HANDLE handle;
+    char **fnames = NULL;
+    int n_fnames = 0;
+
+    *fnames_out = NULL;
+
+    if (asprintf(&wildcard, "%s\\*", dirname) < 0)
+        return ENOMEM;
+    handle = FindFirstFile(wildcard, &ffd);
+    free(wildcard);
+    if (handle == INVALID_HANDLE_VALUE)
+        return ENOENT;
+
+    do {
+        if (add_filename(&fnames, &n_fnames, &ffd.cFileName) != 0) {
+            k5_free_filenames(fnames);
+            FindClose(handle);
+            return ENOMEM;
+        }
+    } while (FindNextFile(handle, &ffd) != 0);
+
+    FindClose(handle);
+    qsort(fnames, n_fnames, sizeof(*fnames), compare_with_strcmp);
+    *fnames_out = fnames;
+    return 0;
+}
+
+#else /* _WIN32 */
+
+#include <dirent.h>
+
+int
+k5_dir_filenames(const char *dirname, char ***fnames_out)
+{
+    DIR *dir;
+    struct dirent *ent;
+    char **fnames = NULL;
+    int n_fnames = 0;
+
+    *fnames_out = NULL;
+
+    dir = opendir(dirname);
+    if (dir == NULL)
+        return ENOENT;
+
+    while ((ent = readdir(dir)) != NULL) {
+        if (add_filename(&fnames, &n_fnames, ent->d_name) != 0) {
+            k5_free_filenames(fnames);
+            closedir(dir);
+            return ENOMEM;
+        }
+    }
+
+    closedir(dir);
+    qsort(fnames, n_fnames, sizeof(*fnames), compare_with_strcmp);
+    *fnames_out = fnames;
+    return 0;
+}
+
+#endif /* not _WIN32 */
+diff --git a/src/util/support/libkrb5support-fixed.exports b/src/util/support/libkrb5support-fixed.exports
+index a5e2ade04..16ed5a6c1 100644
+--- a/src/util/support/libkrb5support-fixed.exports
+++ b/src/util/support/libkrb5support-fixed.exports
+@@ -58,6 +58,8 @@ k5_path_split
+ k5_strerror_r
+ k5_utf8_to_utf16le
+ k5_utf16le_to_utf8
+k5_dir_filenames
+k5_free_filenames
+ krb5int_key_register
+ krb5int_key_delete
+ krb5int_getspecific
--- a/Add-libkrb5support-hex-functions-and-tests.patch
+++ b/Add-libkrb5support-hex-functions-and-tests.patch
@ -1,4 +1,4 @@
-From c8992ad9dc0c7fc4d8bec3b9ecb129fe587d615e Mon Sep 17 00:00:00 2001
+From 507b1aff60fdadc91ca7c56d39711049aeeb1e58 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 19 Feb 2018 00:51:44 -0500
 Subject: [PATCH] Add libkrb5support hex functions and tests
--- a/Add-vector-support-to-k5_sha256.patch
+++ b/Add-vector-support-to-k5_sha256.patch
@ -1,4 +1,4 @@
-From 5ed0331bd6bfd39b9c5ca40ec38d536221118998 Mon Sep 17 00:00:00 2001
+From f8b14b92cc4c82578f8fc56dd1fddebe88120769 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Sat, 3 Feb 2018 20:53:42 -0500
 Subject: [PATCH] Add vector support to k5_sha256()
--- a/Be-more-careful-asking-for-AS-key-in-SPAKE-client.patch
+++ b/Be-more-careful-asking-for-AS-key-in-SPAKE-client.patch
@ -1,4 +1,4 @@
-From c98a6fc929b80dd8d221314e31903a9d5ee56295 Mon Sep 17 00:00:00 2001
+From 2b9e79d58b28196dba5f7d3ff2f32ca577444ddc Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Sat, 31 Mar 2018 10:43:49 -0400
 Subject: [PATCH] Be more careful asking for AS key in SPAKE client
--- a/Exit-with-status-0-from-kadmind.patch
+++ b/Exit-with-status-0-from-kadmind.patch
@ -1,4 +1,4 @@
-From cb8f31e6bbf72e207b428d52c2fd9ed719bbec4f Mon Sep 17 00:00:00 2001
+From 3bfe632c7011c335362d78356232507d9ee26f73 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 14 Mar 2018 14:31:22 -0400
 Subject: [PATCH] Exit with status 0 from kadmind
--- a/Fix-SPAKE-memory-leak.patch
+++ b/Fix-SPAKE-memory-leak.patch
@ -1,4 +1,4 @@
-From 3ea258c813de4c55a8979f019b716422b998e231 Mon Sep 17 00:00:00 2001
+From 390c515e13dffc8c00b44623cba47e27c2f20cf7 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Tue, 27 Mar 2018 10:36:05 -0400
 Subject: [PATCH] Fix SPAKE memory leak
--- a/Fix-hex-conversion-of-PKINIT-certid-strings.patch
+++ b/Fix-hex-conversion-of-PKINIT-certid-strings.patch
@ -1,4 +1,4 @@
-From 6b8f7371e49c3aa636871bb4e2ea2d2e86c743de Mon Sep 17 00:00:00 2001
+From 8b898badbe8051270c6da96f5c15f3bc8b6d974e Mon Sep 17 00:00:00 2001
 From: Sumit Bose <sbose@redhat.com>
 Date: Fri, 26 Jan 2018 11:47:50 -0500
 Subject: [PATCH] Fix hex conversion of PKINIT certid strings
--- a/Fix-read-overflow-in-KDC-sort_pa_data.patch
+++ b/Fix-read-overflow-in-KDC-sort_pa_data.patch
@ -1,4 +1,4 @@
-From 20c25d4a2f78d8ab33d4879e1cf843e1fdb8a20b Mon Sep 17 00:00:00 2001
+From 59a28991e15496e6f9cf867c32dc18e7e1062f59 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Thu, 15 Mar 2018 20:27:30 -0400
 Subject: [PATCH] Fix read overflow in KDC sort_pa_data()
--- a/Fix-securid_sam2-preauth-for-non-default-salt.patch
+++ b/Fix-securid_sam2-preauth-for-non-default-salt.patch
@ -1,4 +1,4 @@
-From 9c9ff189c16b16f848f2e85c1d262f12c6d5e922 Mon Sep 17 00:00:00 2001
+From e405f42b532e377e7e3d654313a07f8c11f48f9a Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Wed, 3 Jan 2018 12:06:08 -0500
 Subject: [PATCH] Fix securid_sam2 preauth for non-default salt
--- a/Fix-segfault-in-finish_dispatch.patch
+++ b/Fix-segfault-in-finish_dispatch.patch
@ -1,4 +1,4 @@
-From d134cd489a6841f510b3efdf4ddcb283493655f0 Mon Sep 17 00:00:00 2001
+From 617d153bb32d0bd7db33ccec21043d1113651f3a Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 18 Apr 2018 14:13:28 -0400
 Subject: [PATCH] Fix segfault in finish_dispatch()
--- a/Implement-k5_buf_init_dynamic_zap.patch
+++ b/Implement-k5_buf_init_dynamic_zap.patch
@ -1,4 +1,4 @@
-From e6945eee571b0ff776270dea52fb051b62aedabd Mon Sep 17 00:00:00 2001
+From 3d651a6e234bed4c4d4865a56c5fa47dab89a5a6 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 26 Mar 2018 11:12:39 -0400
 Subject: [PATCH] Implement k5_buf_init_dynamic_zap
--- a/Include-etype-info-in-for-hardware-preauth-hints.patch
+++ b/Include-etype-info-in-for-hardware-preauth-hints.patch
@ -1,4 +1,4 @@
-From 6f883193ddb63da0f29977e3b95a663321404546 Mon Sep 17 00:00:00 2001
+From bbc68d1657306a61a7646dd7b9690f67705e24be Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Wed, 3 Jan 2018 11:59:14 -0500
 Subject: [PATCH] Include etype-info in for hardware preauth hints
--- a/Include-preauth-name-in-trace-output-if-possible.patch
+++ b/Include-preauth-name-in-trace-output-if-possible.patch
@ -1,4 +1,4 @@
-From 265d00ef6bb5469b2464d7813af8c37581338385 Mon Sep 17 00:00:00 2001
+From b623881ec039bffc758f53906f7e4f9b884f1cf4 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 15 Mar 2018 14:37:28 -0400
 Subject: [PATCH] Include preauth name in trace output if possible
--- a/Log-when-non-root-ksu-authorization-fails.patch
+++ b/Log-when-non-root-ksu-authorization-fails.patch
@ -1,4 +1,4 @@
-From 6b85df6c6f4bb0e61ba0913722317f4e2c3c23fc Mon Sep 17 00:00:00 2001
+From 9dd3a84f324979c29e8ab4b472e98dfa73e6b290 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Mon, 7 May 2018 16:42:59 -0400
 Subject: [PATCH] Log when non-root ksu authorization fails
--- a/Move-zap-definition-to-k5-platform.h.patch
+++ b/Move-zap-definition-to-k5-platform.h.patch
@ -1,4 +1,4 @@
-From 56521276ff20bc05a61c6f070cb4dcab730ff6d6 Mon Sep 17 00:00:00 2001
+From ee941a490268bb045ec7e153bdf229adcd6d2f73 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 26 Mar 2018 10:54:29 -0400
 Subject: [PATCH] Move zap() definition to k5-platform.h
--- a/Process-included-directories-in-alphabetical-order.patch
+++ b/Process-included-directories-in-alphabetical-order.patch
@ -1,78 +0,0 @@
-From 88abb837d8a9ff12b71a848efbeaa9b9a009cc1f Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Mon, 29 Jan 2018 12:10:53 +0100
-Subject: [PATCH] Process included directories in alphabetical order
-
-readdir() and FindFirstFile()/FindNextFile() do not define any
-ordering on the entries they return.  Use sorted scandir() instead on
-Unix-likes.
-
-(cherry picked from commit 4e8518baeedf376ae3e4ce302c9a138263d648df)
---
- src/util/profile/prof_parse.c | 30 ++++++++++++++++++++----------
- 1 file changed, 20 insertions(+), 10 deletions(-)
-
-diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
-index 1baceea9e..309c27d07 100644
--- a/src/util/profile/prof_parse.c
-+++ b/src/util/profile/prof_parse.c
-@@ -241,12 +241,18 @@ static int valid_name(const char *filename)
-     }
-     return 1;
- }
-+#ifndef _WIN32
-+static int valid_name_scandir(const struct dirent *d)
-+{
-+    return valid_name(d->d_name);
-+}
-+#endif
- 
- /*
-  * Include files within dirname.  Only files with names ending in ".conf", or
-  * consisting entirely of alphanumeric characters, dashes, and underscores are
-  * included.  This restriction avoids including editor backup files, .rpmsave
- * files, and the like.
-+ * files, and the like.  Files are processed in alphanumeric order.
-  */
- static errcode_t parse_include_dir(const char *dirname,
-                                    struct profile_node *root_section)
-@@ -287,18 +293,19 @@ cleanup:
- 
- #else /* not _WIN32 */
- 
-    DIR     *dir;
-     char    *pathname;
-     errcode_t retval = 0;
-    struct dirent *ent;
-+    struct dirent **namelist;
-+    int num_ents, i;
- 
-    dir = opendir(dirname);
-    if (dir == NULL)
-+    num_ents = scandir(dirname, &namelist, &valid_name_scandir, &alphasort);
-+    if (num_ents == -1)
-         return PROF_FAIL_INCLUDE_DIR;
-    while ((ent = readdir(dir)) != NULL) {
-        if (!valid_name(ent->d_name))
-            continue;
-        if (asprintf(&pathname, "%s/%s", dirname, ent->d_name) < 0) {
-+
-+    for (i = 0; i < num_ents; i++) {
-+        retval = asprintf(&pathname, "%s/%s", dirname, namelist[i]->d_name);
-+        free(namelist[i]);
-+        if (retval < 0) {
-             retval = ENOMEM;
-             break;
-         }
-@@ -307,7 +314,10 @@ cleanup:
-         if (retval)
-             break;
-     }
-    closedir(dir);
-+    for (i++; i < num_ents; i++)
-+        free(namelist[i]);
-+
-+    free(namelist);
-     return retval;
- #endif /* not _WIN32 */
- }
--- a/Process-profile-includedir-in-sorted-order.patch
+++ b/Process-profile-includedir-in-sorted-order.patch
@ -0,0 +1,114 @@
+From 5d868264bca1771aa16abbc8cc0aefb0e1750a73 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Wed, 6 Jun 2018 17:58:41 -0400
+Subject: [PATCH] Process profile includedir in sorted order
+
+In the profile library, use k5_dir_filenames() so that files within an
+included directory are read in a predictable order (alphanumeric
+within the C locale).
+
+ticket: 8686
+(cherry picked from commit f574eda48740ad192f51e9a382a205e2ea0e60ad)
+---
+ doc/admin/conf_files/krb5_conf.rst |  4 ++-
+ src/util/profile/prof_parse.c      | 56 +++++-------------------------
+ 2 files changed, 12 insertions(+), 48 deletions(-)
+
+diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
+index 2574e5c26..ce545492d 100644
+--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
+@@ -60,7 +60,9 @@ alphanumeric characters, dashes, or underscores.  Starting in release
+ 1.15, files with names ending in ".conf" are also included, unless the
+ name begins with ".".  Included profile files are syntactically
+ independent of their parents, so each included file must begin with a
+-section header.
+section header.  Starting in release 1.17, files are read in
+alphanumeric order; in previous releases, they may be read in any
+order.
+ 
+ The krb5.conf file can specify that configuration should be obtained
+ from a loadable module, rather than the file itself, using the
+diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
+index 1baceea9e..531e4a099 100644
+--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
+@@ -246,59 +246,22 @@ static int valid_name(const char *filename)
+  * Include files within dirname.  Only files with names ending in ".conf", or
+  * consisting entirely of alphanumeric characters, dashes, and underscores are
+  * included.  This restriction avoids including editor backup files, .rpmsave
+- * files, and the like.
+ * files, and the like.  Files are processed in alphanumeric order.
+  */
+ static errcode_t parse_include_dir(const char *dirname,
+                                    struct profile_node *root_section)
+ {
+-#ifdef _WIN32
+-    char *wildcard = NULL, *pathname;
+-    WIN32_FIND_DATA ffd;
+-    HANDLE handle;
+     errcode_t retval = 0;
+    char **fnames, *pathname;
+    int i;
+ 
+-    if (asprintf(&wildcard, "%s\\*", dirname) < 0)
+-        return ENOMEM;
+-
+-    handle = FindFirstFile(wildcard, &ffd);
+-    if (handle == INVALID_HANDLE_VALUE) {
+-        retval = PROF_FAIL_INCLUDE_DIR;
+-        goto cleanup;
+-    }
+-
+-    do {
+-        if (!valid_name(ffd.cFileName))
+-            continue;
+-        if (asprintf(&pathname, "%s\\%s", dirname, ffd.cFileName) < 0) {
+-            retval = ENOMEM;
+-            break;
+-        }
+-        retval = parse_include_file(pathname, root_section);
+-        free(pathname);
+-        if (retval)
+-            break;
+-    } while (FindNextFile(handle, &ffd) != 0);
+-
+-    FindClose(handle);
+-
+-cleanup:
+-    free(wildcard);
+-    return retval;
+-
+-#else /* not _WIN32 */
+-
+-    DIR     *dir;
+-    char    *pathname;
+-    errcode_t retval = 0;
+-    struct dirent *ent;
+-
+-    dir = opendir(dirname);
+-    if (dir == NULL)
+    if (k5_dir_filenames(dirname, &fnames) != 0)
+         return PROF_FAIL_INCLUDE_DIR;
+-    while ((ent = readdir(dir)) != NULL) {
+-        if (!valid_name(ent->d_name))
+
+    for (i = 0; fnames != NULL && fnames[i] != NULL; i++) {
+        if (!valid_name(fnames[i]))
+             continue;
+-        if (asprintf(&pathname, "%s/%s", dirname, ent->d_name) < 0) {
+        if (asprintf(&pathname, "%s/%s", dirname, fnames[i]) < 0) {
+             retval = ENOMEM;
+             break;
+         }
+@@ -307,9 +270,8 @@ cleanup:
+         if (retval)
+             break;
+     }
+-    closedir(dir);
+    k5_free_filenames(fnames);
+     return retval;
+-#endif /* not _WIN32 */
+ }
+ 
+ static errcode_t parse_line(char *line, struct parse_state *state,
--- a/Refactor-KDC-krb5_pa_data-utility-functions.patch
+++ b/Refactor-KDC-krb5_pa_data-utility-functions.patch
@ -1,4 +1,4 @@
-From 276ecd7ba513ce0bfe5e51d6368e00476041a5b4 Mon Sep 17 00:00:00 2001
+From 7c59b7ee063489a4259c34b725728fee7e411c46 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Thu, 21 Dec 2017 11:28:52 -0500
 Subject: [PATCH] Refactor KDC krb5_pa_data utility functions
--- a/Remove-nodes-option-from-make-certs-scripts.patch
+++ b/Remove-nodes-option-from-make-certs-scripts.patch
@ -1,4 +1,4 @@
-From bf6ffd35be7325db3447fec9bf95b626f43b6734 Mon Sep 17 00:00:00 2001
+From 83da5675551dba13fee837adc26ce885a061dbc1 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 3 May 2018 14:40:45 -0400
 Subject: [PATCH] Remove "-nodes" option from make-certs scripts
--- a/Report-extended-errors-in-kinit-k-t-KDB.patch
+++ b/Report-extended-errors-in-kinit-k-t-KDB.patch
@ -1,4 +1,4 @@
-From 177cb167cfc151a1f58fb3e771cd29d0598f462f Mon Sep 17 00:00:00 2001
+From 3b3e31316ae247e18ea22293dffbc8f604338fa7 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Sat, 17 Mar 2018 22:47:34 -0400
 Subject: [PATCH] Report extended errors in kinit -k -t KDB:
--- a/Restrict-pre-authentication-fallback-cases.patch
+++ b/Restrict-pre-authentication-fallback-cases.patch
@ -1,4 +1,4 @@
-From 1e423ec03dbd65845a4aeb8999d130d3d6a0cdd7 Mon Sep 17 00:00:00 2001
+From 70f41a8dafaadfb43aba4918564c22460f812dca Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Thu, 5 Apr 2018 16:23:34 -0400
 Subject: [PATCH] Restrict pre-authentication fallback cases
--- a/Simplify-kdc_preauth.c-systems-table.patch
+++ b/Simplify-kdc_preauth.c-systems-table.patch
@ -1,4 +1,4 @@
-From bd2f01d99b623be070c8bc8d660ca92c337147ae Mon Sep 17 00:00:00 2001
+From 65f078dfc68f5680e87e686a59970291b64ebd95 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Sun, 11 Feb 2018 15:23:35 -0500
 Subject: [PATCH] Simplify kdc_preauth.c systems table
--- a/Use-k5_buf_init_dynamic_zap-where-appropriate.patch
+++ b/Use-k5_buf_init_dynamic_zap-where-appropriate.patch
@ -1,4 +1,4 @@
-From 0c2324e3f88f5ba3dbe7c9053017549f13e1f995 Mon Sep 17 00:00:00 2001
+From c5df16a88027d7f9b6eb53b1c3fa949d6538616b Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 26 Mar 2018 11:24:49 -0400
 Subject: [PATCH] Use k5_buf_init_dynamic_zap where appropriate
--- a/Use-libkrb5support-hex-functions-where-appropriate.patch
+++ b/Use-libkrb5support-hex-functions-where-appropriate.patch
@ -1,4 +1,4 @@
-From c7677e91fb406c7ec55cb115155ed0d4c5943b72 Mon Sep 17 00:00:00 2001
+From 19109505ad04efdfd70df3ee922e22bcf5a294f3 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 19 Feb 2018 00:52:35 -0500
 Subject: [PATCH] Use libkrb5support hex functions where appropriate
--- a/Zap-data-when-freeing-krb5_spake_factor.patch
+++ b/Zap-data-when-freeing-krb5_spake_factor.patch
@ -1,4 +1,4 @@
-From 6f02200464dd484641639f2cb38b775d34af4bcd Mon Sep 17 00:00:00 2001
+From 5d970e16e768a134e65ee7cf367b8f34a80e0980 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Tue, 27 Mar 2018 15:42:28 -0400
 Subject: [PATCH] Zap data when freeing krb5_spake_factor
--- a/krb5.spec
+++ b/krb5.spec
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.16.1
 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 3%{?dist}
+Release: 4%{?dist}

 # lookaside-cached sources; two downloads and a build artifact
 Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@ -60,7 +60,6 @@ Patch33: krb5-1.13-dirsrv-accountlock.patch
 Patch34: krb5-1.9-debuginfo.patch
 Patch35: krb5-1.11-run_user_0.patch
 Patch36: krb5-1.11-kpasswdtest.patch
-Patch37: Process-included-directories-in-alphabetical-order.patch
 Patch40: Fix-hex-conversion-of-PKINIT-certid-strings.patch
 Patch41: Exit-with-status-0-from-kadmind.patch
 Patch42: Include-etype-info-in-for-hardware-preauth-hints.patch
@ -89,6 +88,8 @@ Patch68: Restrict-pre-authentication-fallback-cases.patch
 Patch69: Remove-nodes-option-from-make-certs-scripts.patch
 Patch70: Fix-segfault-in-finish_dispatch.patch
 Patch71: Log-when-non-root-ksu-authorization-fails.patch
+Patch72: Add-k5_dir_filenames-to-libkrb5support.patch
+Patch73: Process-profile-includedir-in-sorted-order.patch

 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@ -740,6 +741,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*

 %changelog
+* Thu Jun 07 2018 Robbie Harwood <rharwood@redhat.com> - 1.16.1-4
+- Update includedir processing to match upstream
+
 * Fri Jun 01 2018 Robbie Harwood <rharwood@redhat.com> - 1.16.1-3
 - Log when non-root ksu authorization fails
 - Resolves: #1575771