--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/krb5/patches/045-correct_err_code_for_bad_QOP.patch Sat May 14 15:38:32 2016 -0700
@@ -0,0 +1,55 @@
+#
+# This patch fixes krb5_gss_wrap_size_limit return code to comply with
+# RFC 2743.
+#
+# Found by usr/ontest/lib/libgss/gss_api:gss.17.
+#
+# The patch was accepted upstream and will be part of krb5 1.14:
+# https://github.com/krb5/krb5/commit/45ccc1c85f42e4f41f2042df8a51dd7826533029
+# Patch source: in-house
+#
+diff -pur old/src/lib/gssapi/krb5/k5seal.c new/src/lib/gssapi/krb5/k5seal.c
+--- old/src/lib/gssapi/krb5/k5seal.c
++++ new/src/lib/gssapi/krb5/k5seal.c
+@@ -337,7 +337,7 @@ kg_seal(minor_status, context_handle, co
+ them later. */
+ if (qop_req != 0) {
+ *minor_status = (OM_uint32) G_UNKNOWN_QOP;
+- return GSS_S_FAILURE;
++ return GSS_S_BAD_QOP;
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
+diff -pur old/src/lib/gssapi/krb5/k5sealiov.c new/src/lib/gssapi/krb5/k5sealiov.c
+--- old/src/lib/gssapi/krb5/k5sealiov.c
++++ new/src/lib/gssapi/krb5/k5sealiov.c
+@@ -277,7 +277,7 @@ kg_seal_iov(OM_uint32 *minor_status,
+
+ if (qop_req != 0) {
+ *minor_status = (OM_uint32)G_UNKNOWN_QOP;
+- return GSS_S_FAILURE;
++ return GSS_S_BAD_QOP;
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *)context_handle;
+@@ -342,7 +342,7 @@ kg_seal_iov_length(OM_uint32 *minor_stat
+
+ if (qop_req != GSS_C_QOP_DEFAULT) {
+ *minor_status = (OM_uint32)G_UNKNOWN_QOP;
+- return GSS_S_FAILURE;
++ return GSS_S_BAD_QOP;
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *)context_handle;
+diff -pur old/src/lib/gssapi/krb5/wrap_size_limit.c new/src/lib/gssapi/krb5/wrap_size_limit.c
+--- old/src/lib/gssapi/krb5/wrap_size_limit.c
++++ new/src/lib/gssapi/krb5/wrap_size_limit.c
+@@ -91,7 +91,7 @@ krb5_gss_wrap_size_limit(minor_status, c
+ /* only default qop is allowed */
+ if (qop_req != GSS_C_QOP_DEFAULT) {
+ *minor_status = (OM_uint32) G_UNKNOWN_QOP;
+- return(GSS_S_FAILURE);
++ return(GSS_S_BAD_QOP);
+ }
+
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;