--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/krb5/patches/051-fopenF.patch Wed Feb 24 10:43:57 2016 -0600
@@ -0,0 +1,851 @@
+#
+# Modifies calls to fopen() to add 'F' flag so 32bit binaries can open > 256
+# file descriptors at once.
+#
+# MIT said they would take this patch however there has been talk of modifying
+# fopen() for 32bit apps to extend the number of fds so this patch will not be
+# submitted to MIT until this is resolved in ON.
+# Patch source: in-house
+#
+diff -ur krb5-1.13.2/src/appl/gss-sample/gss-server.c krb5-1.13.2.fopen/src/appl/gss-sample/gss-server.c
+--- krb5-1.13.2/src/appl/gss-sample/gss-server.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/appl/gss-sample/gss-server.c 2015-08-11 13:52:42.455625831 -0500
+@@ -699,7 +699,7 @@
+ if (!strcmp(*argv, "/dev/null")) {
+ logfile = display_file = NULL;
+ } else {
+- logfile = fopen(*argv, "a");
++ logfile = fopen(*argv, "aF");
+ display_file = logfile;
+ if (!logfile) {
+ perror(*argv);
+diff -ur krb5-1.13.2/src/clients/ksu/authorization.c krb5-1.13.2.fopen/src/clients/ksu/authorization.c
+--- krb5-1.13.2/src/clients/ksu/authorization.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/clients/ksu/authorization.c 2015-08-11 13:46:50.985382622 -0500
+@@ -100,7 +100,7 @@
+
+ /* k5login and k5users must be owned by target user or root */
+ if (!k5login_flag){
+- if ((login_fp = fopen(k5login_path, "r")) == NULL)
++ if ((login_fp = fopen(k5login_path, "rF")) == NULL)
+ return 0;
+ if ( fowner(login_fp, pwd->pw_uid) == FALSE) {
+ fclose(login_fp);
+@@ -109,7 +109,7 @@
+ }
+
+ if (!k5users_flag){
+- if ((users_fp = fopen(k5users_path, "r")) == NULL) {
++ if ((users_fp = fopen(k5users_path, "rF")) == NULL) {
+ return 0;
+ }
+ if ( fowner(users_fp, pwd->pw_uid) == FALSE){
+diff -ur krb5-1.13.2/src/clients/ksu/ccache.c krb5-1.13.2.fopen/src/clients/ksu/ccache.c
+--- krb5-1.13.2/src/clients/ksu/ccache.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/clients/ksu/ccache.c 2015-08-11 13:27:17.131920647 -0500
+@@ -375,7 +375,7 @@
+
+
+ /* open ~/.k5login */
+- if ((fp = fopen(pbuf, "r")) == NULL) {
++ if ((fp = fopen(pbuf, "rF")) == NULL) {
+ return 0;
+ }
+ /*
+diff -ur krb5-1.13.2/src/clients/ksu/heuristic.c krb5-1.13.2.fopen/src/clients/ksu/heuristic.c
+--- krb5-1.13.2/src/clients/ksu/heuristic.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/clients/ksu/heuristic.c 2015-08-11 13:53:18.318187882 -0500
+@@ -222,7 +222,7 @@
+ k5users_flag = stat(k5users_path, &tb);
+
+ if (!k5login_flag){
+- if ((login_fp = fopen(k5login_path, "r")) == NULL)
++ if ((login_fp = fopen(k5login_path, "rF")) == NULL)
+ return 0;
+ if ( fowner(login_fp, pwd->pw_uid) == FALSE){
+ close_time(1 /*k5users_flag*/, (FILE *) 0 /*users_fp*/,
+@@ -231,7 +231,7 @@
+ }
+ }
+ if (!k5users_flag){
+- if ((users_fp = fopen(k5users_path, "r")) == NULL)
++ if ((users_fp = fopen(k5users_path, "rF")) == NULL)
+ return 0;
+
+ if ( fowner(users_fp, pwd->pw_uid) == FALSE){
+diff -ur krb5-1.13.2/src/kadmin/dbutil/dump.c krb5-1.13.2.fopen/src/kadmin/dbutil/dump.c
+--- krb5-1.13.2/src/kadmin/dbutil/dump.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/kadmin/dbutil/dump.c 2015-08-11 13:41:07.987791713 -0500
+@@ -1195,7 +1195,7 @@
+ char buf[BUFSIZ];
+ FILE *f;
+
+- f = fopen(ifile, "r");
++ f = fopen(ifile, "rF");
+ if (f == NULL)
+ return 0; /* aliasing other errors to ENOENT here is OK */
+
+@@ -1517,7 +1517,7 @@
+
+ /* Open the dumpfile. */
+ if (dumpfile != NULL) {
+- f = fopen(dumpfile, "r");
++ f = fopen(dumpfile, "rF");
+ if (f == NULL) {
+ com_err(progname, errno, _("while opening %s"), dumpfile);
+ goto error;
+diff -ur krb5-1.13.2/src/kadmin/server/ovsec_kadmd.c krb5-1.13.2.fopen/src/kadmin/server/ovsec_kadmd.c
+--- krb5-1.13.2/src/kadmin/server/ovsec_kadmd.c 2015-08-11 14:09:05.551255648 -0500
++++ krb5-1.13.2.fopen/src/kadmin/server/ovsec_kadmd.c 2015-08-11 13:45:04.700855296 -0500
+@@ -126,7 +126,7 @@
+ unsigned long pid;
+ int st1, st2;
+
+- file = fopen(pid_file, "w");
++ file = fopen(pid_file, "wF");
+ if (file == NULL)
+ return errno;
+ pid = (unsigned long)getpid();
+diff -ur krb5-1.13.2/src/kdc/main.c krb5-1.13.2.fopen/src/kdc/main.c
+--- krb5-1.13.2/src/kdc/main.c 2015-08-11 14:09:05.788213288 -0500
++++ krb5-1.13.2.fopen/src/kdc/main.c 2015-08-11 13:40:50.652078819 -0500
+@@ -859,7 +859,7 @@
+ FILE *file;
+ unsigned long pid;
+
+- file = fopen(path, "w");
++ file = fopen(path, "wF");
+ if (file == NULL)
+ return errno;
+ pid = (unsigned long) getpid();
+diff -ur krb5-1.13.2/src/lib/gssapi/generic/util_errmap.c krb5-1.13.2.fopen/src/lib/gssapi/generic/util_errmap.c
+--- krb5-1.13.2/src/lib/gssapi/generic/util_errmap.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/gssapi/generic/util_errmap.c 2015-08-11 13:44:48.732993167 -0500
+@@ -176,7 +176,7 @@
+
+ #ifdef DEBUG
+ FILE *f;
+- f = fopen("/dev/pts/9", "w+");
++ f = fopen("/dev/pts/9", "w+F");
+ if (f == NULL)
+ f = stderr;
+ #endif
+diff -ur krb5-1.13.2/src/lib/gssapi/mechglue/g_initialize.c krb5-1.13.2.fopen/src/lib/gssapi/mechglue/g_initialize.c
+--- krb5-1.13.2/src/lib/gssapi/mechglue/g_initialize.c 2015-08-11 14:09:05.250949351 -0500
++++ krb5-1.13.2.fopen/src/lib/gssapi/mechglue/g_initialize.c 2015-08-11 13:38:16.832678845 -0500
+@@ -1357,7 +1357,7 @@
+ char buffer[BUFSIZ], *oidStr;
+ FILE *confFile;
+
+- if ((confFile = fopen(fileName, "r")) == NULL) {
++ if ((confFile = fopen(fileName, "rF")) == NULL) {
+ return;
+ }
+
+diff -ur krb5-1.13.2/src/lib/kadm5/logger.c krb5-1.13.2.fopen/src/lib/kadm5/logger.c
+--- krb5-1.13.2/src/lib/kadm5/logger.c 2015-08-11 14:09:05.365604955 -0500
++++ krb5-1.13.2.fopen/src/lib/kadm5/logger.c 2015-08-11 13:50:11.011871109 -0500
+@@ -567,7 +567,7 @@
+ if (cp[4] == ':' || cp[4] == '=') {
+ /* Solaris Kerberos */
+ log_control.log_entries[i].lfu_fopen_mode =
+- (cp[4] == ':') ? "a" : "w";
++ (cp[4] == ':') ? "aF" : "wF";
+ old_umask = umask(077);
+ f = fopen(&cp[5],
+ log_control.log_entries[i].lfu_fopen_mode);
+@@ -802,7 +802,7 @@
+ */
+ else if (!strcasecmp(cp, "CONSOLE")) {
+ log_control.log_entries[i].ldu_filep =
+- CONSOLE_OPEN("a+");
++ CONSOLE_OPEN("a+F");
+ if (log_control.log_entries[i].ldu_filep) {
+ set_cloexec_file(log_control.log_entries[i].ldu_filep);
+ log_control.log_entries[i].log_type = K_LOG_CONSOLE;
+@@ -818,7 +818,7 @@
+ */
+ if (cp[6] == '=') {
+ log_control.log_entries[i].ldu_filep =
+- DEVICE_OPEN(&cp[7], "w");
++ DEVICE_OPEN(&cp[7], "wF");
+ if (log_control.log_entries[i].ldu_filep) {
+ set_cloexec_file(log_control.log_entries[i].ldu_filep);
+ log_control.log_entries[i].log_type = K_LOG_DEVICE;
+@@ -1157,7 +1157,7 @@
+ * In case the old logfile did not get moved out of the
+ * way, open for append to prevent squashing the old logs.
+ */
+- f = fopen(log_control.log_entries[lindex].lfu_fname, "a+");
++ f = fopen(log_control.log_entries[lindex].lfu_fname, "a+F");
+ if (f) {
+ set_cloexec_file(f);
+ log_control.log_entries[lindex].lfu_filep = f;
+diff -ur krb5-1.13.2/src/lib/kadm5/srv/server_acl.c krb5-1.13.2.fopen/src/lib/kadm5/srv/server_acl.c
+--- krb5-1.13.2/src/lib/kadm5/srv/server_acl.c 2015-08-11 14:09:05.702364340 -0500
++++ krb5-1.13.2.fopen/src/lib/kadm5/srv/server_acl.c 2015-08-11 13:38:00.105075682 -0500
+@@ -496,7 +496,7 @@
+
+ DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_load_acl_file()\n"));
+ /* Open the ACL file for read */
+- afp = fopen(acl_acl_file, "r");
++ afp = fopen(acl_acl_file, "rF");
+ if (afp) {
+ set_cloexec_file(afp);
+ alineno = 1;
+diff -ur krb5-1.13.2/src/lib/kdb/kdb_default.c krb5-1.13.2.fopen/src/lib/kdb/kdb_default.c
+--- krb5-1.13.2/src/lib/kdb/kdb_default.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/kdb/kdb_default.c 2015-08-11 13:39:37.134237942 -0500
+@@ -251,9 +251,9 @@
+ FILE *kf = NULL;
+
+ #ifdef ANSI_STDIO
+- if (!(kf = fopen(keyfile, "rb")))
++ if (!(kf = fopen(keyfile, "rbF")))
+ #else
+- if (!(kf = fopen(keyfile, "r")))
++ if (!(kf = fopen(keyfile, "rF")))
+ #endif
+ return KRB5_KDB_CANTREAD_STORED;
+ set_cloexec_file(kf);
+diff -ur krb5-1.13.2/src/lib/krb5/ccache/cc_dir.c krb5-1.13.2.fopen/src/lib/krb5/ccache/cc_dir.c
+--- krb5-1.13.2/src/lib/krb5/ccache/cc_dir.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/krb5/ccache/cc_dir.c 2015-08-11 13:41:24.435225067 -0500
+@@ -153,7 +153,7 @@
+ *residual_out = NULL;
+
+ /* Open the file and read its first line. */
+- fp = fopen(primary_path, "r");
++ fp = fopen(primary_path, "rF");
+ if (fp == NULL)
+ return ENOENT;
+ ret = fgets(buf, sizeof(buf), fp);
+diff -ur krb5-1.13.2/src/lib/krb5/ccache/ccselect_k5identity.c krb5-1.13.2.fopen/src/lib/krb5/ccache/ccselect_k5identity.c
+--- krb5-1.13.2/src/lib/krb5/ccache/ccselect_k5identity.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/krb5/ccache/ccselect_k5identity.c 2015-08-11 13:26:23.773323178 -0500
+@@ -168,7 +168,7 @@
+ free(homedir);
+ if (ret)
+ return ret;
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "rF");
+ free(filename);
+ if (fp == NULL)
+ return KRB5_PLUGIN_NO_HANDLE;
+diff -ur krb5-1.13.2/src/lib/krb5/keytab/kt_file.c krb5-1.13.2.fopen/src/lib/krb5/keytab/kt_file.c
+--- krb5-1.13.2/src/lib/krb5/keytab/kt_file.c 2015-08-11 14:09:05.422898949 -0500
++++ krb5-1.13.2.fopen/src/lib/krb5/keytab/kt_file.c 2015-08-11 13:39:18.503152692 -0500
+@@ -1022,11 +1022,11 @@
+ #define krb5_kt_default_vno ((krb5_kt_vno)KRB5_KT_DEFAULT_VNO)
+
+ #ifdef ANSI_STDIO
+-static char *const fopen_mode_rbplus= "rb+";
+-static char *const fopen_mode_rb = "rb";
++static char *const fopen_mode_rbplus= "rb+F";
++static char *const fopen_mode_rb = "rbF";
+ #else
+-static char *const fopen_mode_rbplus= "r+";
+-static char *const fopen_mode_rb = "r";
++static char *const fopen_mode_rbplus= "r+F";
++static char *const fopen_mode_rb = "rF";
+ #endif
+
+ static krb5_error_code
+diff -ur krb5-1.13.2/src/lib/krb5/keytab/kt_srvtab.c krb5-1.13.2.fopen/src/lib/krb5/keytab/kt_srvtab.c
+--- krb5-1.13.2/src/lib/krb5/keytab/kt_srvtab.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/krb5/keytab/kt_srvtab.c 2015-08-11 13:36:28.107510825 -0500
+@@ -342,9 +342,9 @@
+ #include <stdio.h>
+
+ #ifdef ANSI_STDIO
+-#define READ_MODE "rb"
++#define READ_MODE "rbF"
+ #else
+-#define READ_MODE "r"
++#define READ_MODE "rF"
+ #endif
+
+ /* The maximum sizes for V4 aname, realm, sname, and instance +1 */
+diff -ur krb5-1.13.2/src/lib/krb5/os/localaddr.c krb5-1.13.2.fopen/src/lib/krb5/os/localaddr.c
+--- krb5-1.13.2/src/lib/krb5/os/localaddr.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/krb5/os/localaddr.c 2015-08-11 13:40:00.997639967 -0500
+@@ -368,7 +368,7 @@
+ FILE *f;
+
+ /* _PATH_PROCNET_IFINET6 */
+- f = fopen("/proc/net/if_inet6", "r");
++ f = fopen("/proc/net/if_inet6", "rF");
+ if (f) {
+ char ifname[21];
+ unsigned int idx, pfxlen, scope, dadstat;
+diff -ur krb5-1.13.2/src/lib/krb5/os/localauth_k5login.c krb5-1.13.2.fopen/src/lib/krb5/os/localauth_k5login.c
+--- krb5-1.13.2/src/lib/krb5/os/localauth_k5login.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/krb5/os/localauth_k5login.c 2015-08-11 13:45:18.115959001 -0500
+@@ -116,7 +116,7 @@
+ if (ret)
+ goto cleanup;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "rF");
+ if (fp == NULL) {
+ ret = errno;
+ goto cleanup;
+diff -ur krb5-1.13.2/src/lib/krb5/rcache/t_replay.c krb5-1.13.2.fopen/src/lib/krb5/rcache/t_replay.c
+--- krb5-1.13.2/src/lib/krb5/rcache/t_replay.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/krb5/rcache/t_replay.c 2015-08-11 13:45:29.971685638 -0500
+@@ -66,7 +66,7 @@
+ krb5_int32 usec;
+ krb5_timestamp timestamp;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "rF");
+ if (!fp) {
+ fprintf(stderr, "Can't open filename: %s\n", strerror(errno));
+ return;
+diff -ur krb5-1.13.2/src/lib/krb5/unicode/ucdata/ucdata.c krb5-1.13.2.fopen/src/lib/krb5/unicode/ucdata/ucdata.c
+--- krb5-1.13.2/src/lib/krb5/unicode/ucdata/ucdata.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/krb5/unicode/ucdata/ucdata.c 2015-08-11 13:43:57.692003927 -0500
+@@ -156,7 +156,7 @@
+ _ucprop_size = 0;
+ }
+
+- if ((in = _ucopenfile(paths, "ctype.dat", "rb")) == 0)
++ if ((in = _ucopenfile(paths, "ctype.dat", "rbF")) == 0)
+ return -1;
+
+ /*
+@@ -337,7 +337,7 @@
+ _uccase_size = 0;
+ }
+
+- if ((in = _ucopenfile(paths, "case.dat", "rb")) == 0)
++ if ((in = _ucopenfile(paths, "case.dat", "rbF")) == 0)
+ return -1;
+
+ /*
+@@ -532,7 +532,7 @@
+ _uccomp_size = 0;
+ }
+
+- if ((in = _ucopenfile(paths, "comp.dat", "rb")) == 0)
++ if ((in = _ucopenfile(paths, "comp.dat", "rbF")) == 0)
+ return -1;
+
+ /*
+@@ -730,7 +730,7 @@
+ _ucdcmp_size = 0;
+ }
+
+- if ((in = _ucopenfile(paths, "decomp.dat", "rb")) == 0)
++ if ((in = _ucopenfile(paths, "decomp.dat", "rbF")) == 0)
+ return -1;
+
+ /*
+@@ -785,7 +785,7 @@
+ _uckdcmp_size = 0;
+ }
+
+- if ((in = _ucopenfile(paths, "kdecomp.dat", "rb")) == 0)
++ if ((in = _ucopenfile(paths, "kdecomp.dat", "rbF")) == 0)
+ return -1;
+
+ /*
+@@ -1042,7 +1042,7 @@
+ _uccmcl_size = 0;
+ }
+
+- if ((in = _ucopenfile(paths, "cmbcl.dat", "rb")) == 0)
++ if ((in = _ucopenfile(paths, "cmbcl.dat", "rbF")) == 0)
+ return -1;
+
+ /*
+@@ -1138,7 +1138,7 @@
+ _ucnum_size = 0;
+ }
+
+- if ((in = _ucopenfile(paths, "num.dat", "rb")) == 0)
++ if ((in = _ucopenfile(paths, "num.dat", "rbF")) == 0)
+ return -1;
+
+ /*
+diff -ur krb5-1.13.2/src/lib/krb5/unicode/ucdata/ucgendat.c krb5-1.13.2.fopen/src/lib/krb5/unicode/ucdata/ucgendat.c
+--- krb5-1.13.2/src/lib/krb5/unicode/ucdata/ucgendat.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/krb5/unicode/ucdata/ucgendat.c 2015-08-11 13:51:21.938013410 -0500
+@@ -1296,14 +1296,14 @@
+ * Open the output file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "uctable.h", opath);
+- if ((out = fopen(path, "w")) == 0)
++ if ((out = fopen(path, "wF")) == 0)
+ return;
+ #else
+ /*
+ * Open the ctype.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "ctype.dat", opath);
+- if ((out = fopen(path, "wb")) == 0)
++ if ((out = fopen(path, "wbF")) == 0)
+ return;
+ #endif
+
+@@ -1436,7 +1436,7 @@
+ * Open the case.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "case.dat", opath);
+- if ((out = fopen(path, "wb")) == 0)
++ if ((out = fopen(path, "wbF")) == 0)
+ return;
+
+ /*
+@@ -1513,7 +1513,7 @@
+ * Open the comp.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "comp.dat", opath);
+- if ((out = fopen(path, "wb")) == 0)
++ if ((out = fopen(path, "wbF")) == 0)
+ return;
+
+ /*
+@@ -1589,7 +1589,7 @@
+ * Open the decomp.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "decomp.dat", opath);
+- if ((out = fopen(path, "wb")) == 0)
++ if ((out = fopen(path, "wbF")) == 0)
+ return;
+
+ hdr[1] = decomps_used;
+@@ -1682,7 +1682,7 @@
+ * Open the kdecomp.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "kdecomp.dat", opath);
+- if ((out = fopen(path, "wb")) == 0)
++ if ((out = fopen(path, "wbF")) == 0)
+ return;
+
+ hdr[1] = kdecomps_used;
+@@ -1762,7 +1762,7 @@
+ * Open the cmbcl.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "cmbcl.dat", opath);
+- if ((out = fopen(path, "wb")) == 0)
++ if ((out = fopen(path, "wbF")) == 0)
+ return;
+
+ /*
+@@ -1836,7 +1836,7 @@
+ * Open the num.dat file.
+ */
+ snprintf(path, sizeof path, "%s" LDAP_DIRSEP "num.dat", opath);
+- if ((out = fopen(path, "wb")) == 0)
++ if ((out = fopen(path, "wbF")) == 0)
+ return;
+
+ /*
+@@ -1908,7 +1908,7 @@
+ case 'x':
+ argc--;
+ argv++;
+- if ((in = fopen(argv[0], "r")) == 0)
++ if ((in = fopen(argv[0], "rF")) == 0)
+ fprintf(stderr,
+ "%s: unable to open composition exclusion file %s\n",
+ prog, argv[0]);
+@@ -1924,7 +1924,7 @@
+ } else {
+ if (in != stdin && in != NULL)
+ fclose(in);
+- if ((in = fopen(argv[0], "r")) == 0)
++ if ((in = fopen(argv[0], "rF")) == 0)
+ fprintf(stderr, "%s: unable to open ctype file %s\n",
+ prog, argv[0]);
+ else {
+diff -ur krb5-1.13.2/src/lib/rpc/getrpcent.c krb5-1.13.2.fopen/src/lib/rpc/getrpcent.c
+--- krb5-1.13.2/src/lib/rpc/getrpcent.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/rpc/getrpcent.c 2015-08-11 13:25:58.125779542 -0500
+@@ -121,7 +121,7 @@
+ if (d == 0)
+ return;
+ if (d->rpcf == NULL) {
+- d->rpcf = fopen(RPCDB, "r");
++ d->rpcf = fopen(RPCDB, "rF");
+ if (d->rpcf)
+ set_cloexec_file(d->rpcf);
+ } else
+@@ -160,7 +160,7 @@
+ if (d == 0)
+ return(NULL);
+ if (d->rpcf == NULL) {
+- if ((d->rpcf = fopen(RPCDB, "r")) == NULL)
++ if ((d->rpcf = fopen(RPCDB, "rF")) == NULL)
+ return (NULL);
+ set_cloexec_file(d->rpcf);
+ }
+diff -ur krb5-1.13.2/src/lib/rpc/svc_auth_gssapi.c krb5-1.13.2.fopen/src/lib/rpc/svc_auth_gssapi.c
+--- krb5-1.13.2/src/lib/rpc/svc_auth_gssapi.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/lib/rpc/svc_auth_gssapi.c 2015-08-11 13:52:59.222895641 -0500
+@@ -57,7 +57,7 @@
+ {
+ static FILE *f;
+ if (f == NULL)
+- f = fopen("/dev/pts/4", "a");
++ f = fopen("/dev/pts/4", "aF");
+ if (f) {
+ vfprintf(f, format, ap);
+ fflush(f);
+diff -ur krb5-1.13.2/src/plugins/audit/test/au_test.c krb5-1.13.2.fopen/src/plugins/audit/test/au_test.c
+--- krb5-1.13.2/src/plugins/audit/test/au_test.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/audit/test/au_test.c 2015-08-11 13:41:56.337778968 -0500
+@@ -54,7 +54,7 @@
+ static krb5_error_code
+ open_au(krb5_audit_moddata *auctx)
+ {
+- au_fd = fopen("au.log", "a+");
++ au_fd = fopen("au.log", "a+F");
+ if (au_fd == NULL)
+ return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+ k5_mutex_init(&lock);
+diff -ur krb5-1.13.2/src/plugins/kdb/db2/adb_openclose.c krb5-1.13.2.fopen/src/plugins/kdb/db2/adb_openclose.c
+--- krb5-1.13.2/src/plugins/kdb/db2/adb_openclose.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/kdb/db2/adb_openclose.c 2015-08-11 13:51:43.944888036 -0500
+@@ -147,12 +147,12 @@
+ * POSIX systems
+ */
+ lockp->lockinfo.filename = strdup(lockfilename);
+- if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
++ if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+F")) == NULL) {
+ /*
+ * maybe someone took away write permission so we could only
+ * get shared locks?
+ */
+- if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r"))
++ if ((lockp->lockinfo.lockfile = fopen(lockfilename, "rF"))
+ == NULL) {
+ free(db);
+ return OSA_ADB_NOLOCKFILE;
+diff -ur krb5-1.13.2/src/plugins/kdb/db2/libdb2/btree/bt_debug.c krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/btree/bt_debug.c
+--- krb5-1.13.2/src/plugins/kdb/db2/libdb2/btree/bt_debug.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/btree/bt_debug.c 2015-08-11 13:57:58.472374191 -0500
+@@ -66,7 +66,7 @@
+ first = 0;
+
+ #ifndef TRACE_TO_STDERR
+- if ((tracefp = fopen("/tmp/__bt_debug", "w")) != NULL)
++ if ((tracefp = fopen("/tmp/__bt_debug", "wF")) != NULL)
+ return;
+ #endif
+ tracefp = stderr;
+diff -ur krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
+--- krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c 2015-08-11 13:52:17.919976635 -0500
+@@ -224,7 +224,7 @@
+ int argc, i, last;
+ char *lbuf, *argv[4], buf[512];
+
+- if ((ifp = fopen("/dev/tty", "r")) == NULL) {
++ if ((ifp = fopen("/dev/tty", "rF")) == NULL) {
+ (void)fprintf(stderr,
+ "/dev/tty: %s\n", strerror(errno));
+ exit(1);
+@@ -624,7 +624,7 @@
+ FILE *fp;
+ int status;
+
+- if ((fp = fopen(argv[1], "w")) == NULL) {
++ if ((fp = fopen(argv[1], "wF")) == NULL) {
+ (void)fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
+ return;
+ }
+@@ -649,7 +649,7 @@
+ void *cookie;
+
+ cookie = NULL;
+- if ((fp = fopen(argv[1], "w")) == NULL) {
++ if ((fp = fopen(argv[1], "wF")) == NULL) {
+ (void)fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
+ return;
+ }
+@@ -679,7 +679,7 @@
+ char *lp, buf[16 * 1024];
+
+ BUGdb = db;
+- if ((fp = fopen(argv[1], "r")) == NULL) {
++ if ((fp = fopen(argv[1], "rF")) == NULL) {
+ (void)fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
+ return;
+ }
+diff -ur krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
+--- krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c 2015-08-11 13:58:10.679774122 -0500
+@@ -103,7 +103,7 @@
+ }
+
+ if ( --argc ) {
+- fp = fopen ( argv[0], "r");
++ fp = fopen ( argv[0], "rF");
+ i = 0;
+ while ( fgets(wp1, 8192, fp) &&
+ fgets(wp2, 8192, fp) &&
+diff -ur krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
+--- krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c 2015-08-11 13:37:47.137256617 -0500
+@@ -106,7 +106,7 @@
+ }
+
+ if ( --argc ) {
+- fp = fopen ( argv[0], "r");
++ fp = fopen ( argv[0], "rF");
+ i = 0;
+ while ( fgets(wp1, 256, fp) &&
+ fgets(wp2, 8192, fp) &&
+diff -ur krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
+--- krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c 2015-08-11 13:46:12.282862828 -0500
+@@ -19,8 +19,8 @@
+ val_line = (char *)malloc(300);
+ old = (char *)malloc(300);
+
+- keys = fopen("yp.keys", "rt");
+- vals = fopen("yp.total", "rt");
++ keys = fopen("yp.keys", "rtF");
++ vals = fopen("yp.total", "rtF");
+
+ passwd.bsize = 1024;
+ passwd.cachesize = 1024 * 1024;
+@@ -61,8 +61,8 @@
+
+
+
+- keys = fopen("yp.keys", "rt");
+- vals = fopen("yp.total", "rt");
++ keys = fopen("yp.keys", "rtF");
++ vals = fopen("yp.total", "rtF");
+ get_key = (char *)malloc(100);
+ get_val = (char *)malloc(300);
+
+@@ -120,8 +120,8 @@
+ get_key = (char *)malloc(100);
+ key2 = (char *)malloc(100);
+
+- keys = fopen("yp.keys", "rt");
+- vals = fopen("yp.total", "rt");
++ keys = fopen("yp.keys", "rtF");
++ vals = fopen("yp.total", "rtF");
+
+ db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_BINARY, 0664, DB_HASH, &passwd);
+ n = 0;
+@@ -148,8 +148,8 @@
+ key2 = (char *)malloc(100);
+ get_val = (char *)malloc(300);
+
+- keys = fopen("yp.keys", "rt");
+- vals = fopen("yp.total", "rt");
++ keys = fopen("yp.keys", "rtF");
++ vals = fopen("yp.total", "rtF");
+
+ db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_BINARY, 0664, DB_HASH, &passwd);
+ n = 0;
+diff -ur krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
+--- krb5-1.13.2/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c 2015-08-11 13:35:18.997485992 -0500
+@@ -18,7 +18,7 @@
+ FILE *fopen(), *fin;
+
+ unlink("test.db");
+- if ((fin = fopen("data","r")) == NULL) {
++ if ((fin = fopen("data","rF")) == NULL) {
+ printf("Unable to open %s\n","data");
+ exit(25);
+ }
+diff -ur krb5-1.13.2/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c krb5-1.13.2.fopen/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
+--- krb5-1.13.2/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c 2015-08-11 13:50:27.043180087 -0500
+@@ -178,7 +178,7 @@
+
+ /* set password in the file */
+ old_mode = umask(0177);
+- pfile = fopen(file_name, "a+");
++ pfile = fopen(file_name, "a+F");
+ if (pfile == NULL) {
+ com_err(me, errno, _("Failed to open file %s: %s"), file_name,
+ strerror (errno));
+@@ -230,7 +230,7 @@
+ }
+
+ omask = umask(077);
+- newfile = fopen(tmp_file, "w");
++ newfile = fopen(tmp_file, "wF");
+ umask (omask);
+ if (newfile == NULL) {
+ com_err(me, errno, _("Error creating file %s"), tmp_file);
+diff -ur krb5-1.13.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c krb5-1.13.2.fopen/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
+--- krb5-1.13.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c 2015-08-11 13:38:33.143752493 -0500
+@@ -87,7 +87,7 @@
+
+ *password_out = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "rF");
+ if (fp == NULL) {
+ ret = errno;
+ k5_setmsg(context, ret, _("Cannot open LDAP password file '%s': %s"),
+diff -ur krb5-1.13.2/src/plugins/locate/python/py-locate.c krb5-1.13.2.fopen/src/plugins/locate/python/py-locate.c
+--- krb5-1.13.2/src/plugins/locate/python/py-locate.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/locate/python/py-locate.c 2015-08-11 13:27:01.588118726 -0500
+@@ -98,7 +98,7 @@
+
+ Py_Initialize ();
+ // fprintf(stderr, "trying to load %s\n", SCRIPT_PATH);
+- f = fopen(SCRIPT_PATH, "r");
++ f = fopen(SCRIPT_PATH, "rF");
+ if (f == NULL) {
+ if (sctx)
+ krb5_set_error_message(sctx, -1,
+diff -ur krb5-1.13.2/src/plugins/preauth/otp/otp_state.c krb5-1.13.2.fopen/src/plugins/preauth/otp/otp_state.c
+--- krb5-1.13.2/src/plugins/preauth/otp/otp_state.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/preauth/otp/otp_state.c 2015-08-11 13:45:35.971590182 -0500
+@@ -94,7 +94,7 @@
+ return retval;
+ }
+
+- file = fopen(filename, "r");
++ file = fopen(filename, "rF");
+ if (file == NULL) {
+ retval = errno;
+ com_err("otp", retval, "Unable to open secret file '%s'", filename);
+diff -ur krb5-1.13.2/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c krb5-1.13.2.fopen/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+--- krb5-1.13.2/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2015-08-11 14:09:05.679850166 -0500
++++ krb5-1.13.2.fopen/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2015-08-11 13:47:00.667400771 -0500
+@@ -4256,7 +4256,7 @@
+ goto cleanup;
+ }
+
+- fp = fopen(idopts->cert_filename, "rb");
++ fp = fopen(idopts->cert_filename, "rbF");
+ if (fp == NULL) {
+ pkiDebug("Failed to open PKCS12 file '%s', error %d\n",
+ idopts->cert_filename, errno);
+diff -ur krb5-1.13.2/src/plugins/preauth/pkinit/pkinit_lib.c krb5-1.13.2.fopen/src/plugins/preauth/pkinit/pkinit_lib.c
+--- krb5-1.13.2/src/plugins/preauth/pkinit/pkinit_lib.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/preauth/pkinit/pkinit_lib.c 2015-08-11 13:37:29.585859289 -0500
+@@ -365,7 +365,7 @@
+ if (len <= 0 || filename == NULL)
+ return;
+
+- if ((f = fopen(filename, "w")) == NULL)
++ if ((f = fopen(filename, "wF")) == NULL)
+ return;
+
+ set_cloexec_file(f);
+diff -ur krb5-1.13.2/src/plugins/tls/k5tls/openssl.c krb5-1.13.2.fopen/src/plugins/tls/k5tls/openssl.c
+--- krb5-1.13.2/src/plugins/tls/k5tls/openssl.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/plugins/tls/k5tls/openssl.c 2015-08-11 13:39:50.077659500 -0500
+@@ -348,7 +348,7 @@
+ X509_INFO *xi;
+ int i;
+
+- fp = fopen(path, "r");
++ fp = fopen(path, "rF");
+ if (fp == NULL)
+ return errno;
+ sk = PEM_X509_INFO_read(fp, NULL, NULL, NULL);
+diff -ur krb5-1.13.2/src/slave/kpropd.c krb5-1.13.2.fopen/src/slave/kpropd.c
+--- krb5-1.13.2/src/slave/kpropd.c 2015-08-11 14:09:06.005972821 -0500
++++ krb5-1.13.2.fopen/src/slave/kpropd.c 2015-08-11 13:36:51.675274120 -0500
+@@ -1306,7 +1306,7 @@
+ if (retval)
+ return FALSE;
+
+- acl_file = fopen(acl_file_name, "r");
++ acl_file = fopen(acl_file_name, "rF");
+ if (acl_file == NULL)
+ return FALSE;
+
+diff -ur krb5-1.13.2/src/tests/asn.1/t_trval.c krb5-1.13.2.fopen/src/tests/asn.1/t_trval.c
+--- krb5-1.13.2/src/tests/asn.1/t_trval.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/tests/asn.1/t_trval.c 2015-08-11 13:26:43.068639205 -0500
+@@ -93,7 +93,7 @@
+ }
+ } else {
+ optflg = 0;
+- if ((fp = fopen(*argv,"r")) == NULL) {
++ if ((fp = fopen(*argv,"rF")) == NULL) {
+ fprintf(stderr,"trval: unable to open %s\n", *argv);
+ continue;
+ }
+diff -ur krb5-1.13.2/src/tests/gss-threads/gss-server.c krb5-1.13.2.fopen/src/tests/gss-threads/gss-server.c
+--- krb5-1.13.2/src/tests/gss-threads/gss-server.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/tests/gss-threads/gss-server.c 2015-08-11 13:38:08.680788848 -0500
+@@ -733,7 +733,7 @@
+ if (!strcmp(*argv, "/dev/null")) {
+ logfile = display_file = NULL;
+ } else {
+- logfile = fopen(*argv, "a");
++ logfile = fopen(*argv, "aF");
+ display_file = logfile;
+ if (!logfile) {
+ perror(*argv);
+diff -ur krb5-1.13.2/src/util/profile/prof_file.c krb5-1.13.2.fopen/src/util/profile/prof_file.c
+--- krb5-1.13.2/src/util/profile/prof_file.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/util/profile/prof_file.c 2015-08-11 13:56:49.450805045 -0500
+@@ -123,7 +123,7 @@
+ */
+ FILE *f;
+
+- f = fopen(filespec, "r+");
++ f = fopen(filespec, "r+F");
+ if (f) {
+ fclose(f);
+ return 1;
+@@ -147,7 +147,7 @@
+ */
+ FILE *f;
+
+- f = fopen(filespec, "r");
++ f = fopen(filespec, "rF");
+ if (f) {
+ fclose(f);
+ return 1;
+@@ -346,7 +346,7 @@
+ }
+ #endif
+ errno = 0;
+- f = fopen(data->filespec, "r");
++ f = fopen(data->filespec, "rF");
+ if (f == NULL) {
+ retval = errno;
+ if (retval == 0)
+@@ -411,7 +411,7 @@
+
+ errno = 0;
+
+- f = fopen(new_file, "w");
++ f = fopen(new_file, "wF");
+ if (!f) {
+ retval = errno;
+ if (retval == 0)
+diff -ur krb5-1.13.2/src/util/profile/prof_parse.c krb5-1.13.2.fopen/src/util/profile/prof_parse.c
+--- krb5-1.13.2/src/util/profile/prof_parse.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/util/profile/prof_parse.c 2015-08-11 13:40:28.548611243 -0500
+@@ -212,7 +212,7 @@
+ incstate.root_section = state->root_section;
+ incstate.current_section = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "rF");
+ if (fp == NULL)
+ return PROF_FAIL_INCLUDE_FILE;
+ retval = parse_file(fp, &incstate, NULL);
+diff -ur krb5-1.13.2/src/util/profile/test_parse.c krb5-1.13.2.fopen/src/util/profile/test_parse.c
+--- krb5-1.13.2/src/util/profile/test_parse.c 2015-05-08 18:27:02.000000000 -0500
++++ krb5-1.13.2.fopen/src/util/profile/test_parse.c 2015-08-11 13:41:47.994085591 -0500
+@@ -25,7 +25,7 @@
+ exit(1);
+ }
+
+- f = fopen(argv[1], "r");
++ f = fopen(argv[1], "rF");
+ if (!f) {
+ perror(argv[1]);
+ exit(1);