# HG changeset patch
# User Neng Xue <neng.xue@oracle.com>
# Date 1474930735 25200
# Node ID 14cbeb78966a2508e8583b1100b7aa9073bc985e
# Parent  d12ba5c9b5db5869f661a66080a405937a5a05a3
24669827 Update Userland krb5 to MIT 1.14.4

diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/Makefile
--- a/components/krb5/Makefile	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/Makefile	Mon Sep 26 15:58:55 2016 -0700
@@ -31,7 +31,7 @@
 # Encoding rule for MICRO: MIT KerberosV5 x.y[.z] => MICRO $MINOR[.z]
 COMPONENT_MAJOR=	1
 COMPONENT_MINOR=	$(COMPONENT_MAJOR).14
-COMPONENT_MICRO=	$(COMPONENT_MINOR).3
+COMPONENT_MICRO=	$(COMPONENT_MINOR).4
 
 COMPONENT_VERSION=		$(COMPONENT_MICRO)
 IPS_COMPONENT_VERSION=	$(COMPONENT_VERSION).0
@@ -39,12 +39,12 @@
 COMPONENT_PROJECT_URL=	http://web.mit.edu/kerberos/
 COMPONENT_SRC=		krb5-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE_HASH=	\
-	sha256:cd4620d520cf0df0dd8791309912df2bb20fcba76790b9fba4e25c1da08ff2c9
+	sha256:03a61a4280c9161771fb39019085dbe6a57aa602080515ff93b43cd6137e0b95
 COMPONENT_ARCHIVE_URL=	\
 	$(COMPONENT_PROJECT_URL)dist/krb5/$(COMPONENT_MINOR)/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	utility/kerberos
 
-TPNO=		30601
+TPNO=		31744
 
 # Depends on S12-only header file in ON.
 ifeq ($(BUILD_TYPE), evaluation)
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/010-qop.patch
--- a/components/krb5/patches/010-qop.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/010-qop.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # This is a Solaris specific patch not intended for upstream contribution.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/libgssapi_krb5.exports b/src/lib/gssapi/libgssapi_krb5.exports
 --- a/src/lib/gssapi/libgssapi_krb5.exports
 +++ b/src/lib/gssapi/libgssapi_krb5.exports
 @@ -37,6 +37,9 @@ GSS_C_MA_CBINDINGS
@@ -20,7 +19,6 @@
  gss_accept_sec_context
  gss_acquire_cred
  gss_acquire_cred_with_password
-diff --git a/src/lib/gssapi/mechglue/Makefile.in b/src/lib/gssapi/mechglue/Makefile.in
 --- a/src/lib/gssapi/mechglue/Makefile.in
 +++ b/src/lib/gssapi/mechglue/Makefile.in
 @@ -66,6 +66,7 @@ SRCS = \
@@ -47,7 +45,6 @@
  	g_unwrap_aead.o \
  	g_unwrap_iov.o \
  	g_verify.o \
-diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h
 --- a/src/lib/gssapi/mechglue/mglueP.h
 +++ b/src/lib/gssapi/mechglue/mglueP.h
 @@ -65,6 +65,38 @@ typedef struct gss_cred_id_struct {
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/011-libgss_hack.patch
--- a/components/krb5/patches/011-libgss_hack.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/011-libgss_hack.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -9,7 +9,6 @@
 # This patch is not inteded for upstream contribution.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
 --- a/src/lib/gssapi/mechglue/g_initialize.c
 +++ b/src/lib/gssapi/mechglue/g_initialize.c
 @@ -1568,3 +1568,141 @@ addConfigEntry(const char *oidStr, const char *oid, const char *sharedLib,
@@ -154,7 +153,6 @@
 +
 +	return (kmodName);
 +} /* gssint_get_kmodName */
-diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h
 --- a/src/lib/gssapi/mechglue/mglueP.h
 +++ b/src/lib/gssapi/mechglue/mglueP.h
 @@ -824,6 +824,28 @@ OM_uint32 gss_add_mech_name_type
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/012-libgss_filter.patch
--- a/components/krb5/patches/012-libgss_filter.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/012-libgss_filter.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -13,7 +13,6 @@
 # Solaris Kerberos libraries and is not intended for upstream contribution.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/mechglue/Makefile.in b/src/lib/gssapi/mechglue/Makefile.in
 --- a/src/lib/gssapi/mechglue/Makefile.in
 +++ b/src/lib/gssapi/mechglue/Makefile.in
 @@ -72,7 +72,8 @@ SRCS = \
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/014-init_ccache.patch
--- a/components/krb5/patches/014-init_ccache.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/014-init_ccache.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -6,7 +6,6 @@
 # We will try to push the patch upstream.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/krb5/store_cred.c b/src/lib/gssapi/krb5/store_cred.c
 --- a/src/lib/gssapi/krb5/store_cred.c
 +++ b/src/lib/gssapi/krb5/store_cred.c
 @@ -143,6 +143,16 @@ copy_initiator_creds(OM_uint32 *minor_status,
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/016-solaris_paths.patch
--- a/components/krb5/patches/016-solaris_paths.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/016-solaris_paths.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -9,7 +9,6 @@
 # so that may require modification of this patch in a future update.
 # Patch source: in-house
 #
-diff --git a/src/include/osconf.hin b/src/include/osconf.hin
 --- a/src/include/osconf.hin
 +++ b/src/include/osconf.hin
 @@ -40,6 +40,8 @@
@@ -77,7 +76,6 @@
  
  /*
   * GSS mechglue
-diff --git a/src/kadmin/cli/k5srvutil.sh b/src/kadmin/cli/k5srvutil.sh
 --- a/src/kadmin/cli/k5srvutil.sh
 +++ b/src/kadmin/cli/k5srvutil.sh
 @@ -73,7 +73,7 @@ delete_keys() {
@@ -89,7 +87,6 @@
  interactive=0
  keysalts=""
  
-diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
 +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
 @@ -32,7 +32,7 @@
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/018-krb5_keyblock-ABI.patch
--- a/components/krb5/patches/018-krb5_keyblock-ABI.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/018-krb5_keyblock-ABI.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # Patch source: in-house
 #
 
-diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
 --- a/src/include/krb5/krb5.hin
 +++ b/src/include/krb5/krb5.hin
 @@ -353,6 +353,13 @@ typedef struct _krb5_keyblock {
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/019-log-rotation.patch
--- a/components/krb5/patches/019-log-rotation.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/019-log-rotation.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -15,7 +15,6 @@
 # functionality in later MIT kerberos release, 1.14 or later.
 # Patch source: in-house
 #
-diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
 --- a/src/lib/kadm5/logger.c
 +++ b/src/lib/kadm5/logger.c
 @@ -115,6 +115,13 @@ struct log_entry {
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/020-libkrb5-makefile.patch
--- a/components/krb5/patches/020-libkrb5-makefile.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/020-libkrb5-makefile.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -18,7 +18,6 @@
 #    which has not been integrated into current Solaris code yet.
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/Makefile.in b/src/lib/krb5/Makefile.in
 --- a/src/lib/krb5/Makefile.in
 +++ b/src/lib/krb5/Makefile.in
 @@ -1,6 +1,6 @@
@@ -67,7 +66,6 @@
  
  all-windows::
  
-diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in
 --- a/src/lib/krb5/keytab/Makefile.in
 +++ b/src/lib/krb5/keytab/Makefile.in
 @@ -15,7 +15,8 @@ STLIBOBJS= \
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/021-dump-ok.patch
--- a/components/krb5/patches/021-dump-ok.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/021-dump-ok.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -11,7 +11,6 @@
 # customers.
 # Patch source: in-house
 #
-diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
 --- a/src/kadmin/dbutil/kdb5_util.c
 +++ b/src/kadmin/dbutil/kdb5_util.c
 @@ -480,7 +480,14 @@ static int open_db_and_mkey()
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/022-case-ins-compare.patch
--- a/components/krb5/patches/022-case-ins-compare.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/022-case-ins-compare.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -12,7 +12,6 @@
 # 	http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
 --- a/src/lib/krb5/keytab/kt_file.c
 +++ b/src/lib/krb5/keytab/kt_file.c
 @@ -329,7 +329,21 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id,
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/023-mem-rcache.patch
--- a/components/krb5/patches/023-mem-rcache.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/023-mem-rcache.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -28,7 +28,6 @@
 # integrate features that don't require replay caches in the the future.
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c
 --- a/src/lib/krb5/krb/srv_rcache.c
 +++ b/src/lib/krb5/krb/srv_rcache.c
 @@ -39,6 +39,7 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece,
@@ -79,7 +78,6 @@
  
      if (k5_buf_status(&buf) != 0)
          return ENOMEM;
-diff --git a/src/lib/krb5/rcache/Makefile.in b/src/lib/krb5/rcache/Makefile.in
 --- a/src/lib/krb5/rcache/Makefile.in
 +++ b/src/lib/krb5/rcache/Makefile.in
 @@ -13,7 +13,8 @@ STLIBOBJS = \
@@ -112,7 +110,6 @@
  
  ##DOS##LIBOBJS = $(OBJS)
  
-diff --git a/src/lib/krb5/rcache/rc-int.h b/src/lib/krb5/rcache/rc-int.h
 --- a/src/lib/krb5/rcache/rc-int.h
 +++ b/src/lib/krb5/rcache/rc-int.h
 @@ -87,5 +87,6 @@ krb5_error_code krb5_rc_register_type(krb5_context, const krb5_rc_ops *);
@@ -122,7 +119,6 @@
 +extern const krb5_rc_ops krb5_rc_mem_ops;
  
  #endif /* __KRB5_RCACHE_INT_H__ */
-diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c
 --- a/src/lib/krb5/rcache/rc_base.c
 +++ b/src/lib/krb5/rcache/rc_base.c
 @@ -13,19 +13,35 @@
@@ -236,7 +232,6 @@
  }
  
  krb5_error_code
-diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
 --- a/src/lib/krb5/rcache/rc_dfl.c
 +++ b/src/lib/krb5/rcache/rc_dfl.c
 @@ -249,6 +249,9 @@ krb5_rc_dfl_close_no_free(krb5_context context, krb5_rcache id)
@@ -265,7 +260,6 @@
      }
      return retval;
  }
-diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c
 --- a/src/lib/krb5/rcache/rc_io.c
 +++ b/src/lib/krb5/rcache/rc_io.c
 @@ -56,7 +56,10 @@ getdir(void)
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/024-smb-compat.patch
--- a/components/krb5/patches/024-smb-compat.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/024-smb-compat.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -14,7 +14,6 @@
 # environment variable.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
 --- a/src/lib/gssapi/krb5/accept_sec_context.c
 +++ b/src/lib/gssapi/krb5/accept_sec_context.c
 @@ -454,8 +454,6 @@ kg_accept_krb5(minor_status, context_handle,
@@ -26,7 +25,7 @@
      gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
      krb5_gss_cred_id_t deleg_cred = NULL;
      krb5int_access kaccess;
-@@ -1211,6 +1209,8 @@ fail:
+@@ -1214,6 +1212,8 @@ fail:
           major_status == GSS_S_CONTINUE_NEEDED)) {
          unsigned int tmsglen;
          int toktype;
@@ -35,7 +34,7 @@
  
          /*
           * The client is expecting a response, so we can send an
-@@ -1218,6 +1218,31 @@ fail:
+@@ -1221,6 +1221,31 @@ fail:
           */
          memset(&krb_error_data, 0, sizeof(krb_error_data));
  
@@ -67,7 +66,6 @@
          code -= ERROR_TABLE_BASE_krb5;
          if (code < 0 || code > KRB_ERR_MAX)
              code = 60 /* KRB_ERR_GENERIC */;
-diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
 --- a/src/lib/gssapi/spnego/spnego_mech.c
 +++ b/src/lib/gssapi/spnego/spnego_mech.c
 @@ -180,6 +180,13 @@ get_negTokenResp(OM_uint32 *, unsigned char *, unsigned int,
@@ -119,7 +117,7 @@
  	/*
  	 * Select the best match between the list of mechs
  	 * that the initiator requested and the list that
-@@ -3087,6 +3115,7 @@ get_available_mechs(OM_uint32 *minor_status,
+@@ -3084,6 +3112,7 @@ get_available_mechs(OM_uint32 *minor_status,
  	gss_OID_set mechs, goodmechs;
  	gss_OID_set_desc except_attrs;
  	gss_OID_desc attr_oids[2];
@@ -127,7 +125,7 @@
  
  	attr_oids[0] = *GSS_C_MA_DEPRECATED;
  	attr_oids[1] = *GSS_C_MA_NOT_DFLT_MECH;
-@@ -3108,6 +3137,15 @@ get_available_mechs(OM_uint32 *minor_status,
+@@ -3105,6 +3134,15 @@ get_available_mechs(OM_uint32 *minor_status,
  		return (major_status);
  	}
  
@@ -143,7 +141,7 @@
  	for (i = 0; i < mechs->count && major_status == GSS_S_COMPLETE; i++) {
  		if ((mechs->elements[i].length
  		    != spnego_mechanism.mech_type.length) ||
-@@ -3123,6 +3161,25 @@ get_available_mechs(OM_uint32 *minor_status,
+@@ -3120,6 +3158,25 @@ get_available_mechs(OM_uint32 *minor_status,
  		}
  	}
  
@@ -169,7 +167,7 @@
  	/*
  	 * If the caller wanted a list of creds returned,
  	 * trim the list of mechanisms down to only those
-@@ -3698,9 +3755,17 @@ negotiate_mech(gss_OID_set supported, gss_OID_set received,
+@@ -3695,9 +3752,17 @@ negotiate_mech(gss_OID_set supported, gss_OID_set received,
  	for (i = 0; i < received->count; i++) {
  		gss_OID mech_oid = &received->elements[i];
  
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/025-ktwarnd.patch
--- a/components/krb5/patches/025-ktwarnd.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/025-ktwarnd.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # Patch source: in-house
 #
 
-diff --git a/src/clients/kdestroy/Makefile.in b/src/clients/kdestroy/Makefile.in
 --- a/src/clients/kdestroy/Makefile.in
 +++ b/src/clients/kdestroy/Makefile.in
 @@ -19,7 +19,7 @@ all-unix:: kdestroy
@@ -19,7 +18,6 @@
  
  ##WIN32##$(KDESTROY): $(OUTPRE)kdestroy.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) $(EXERES)
  ##WIN32##	link $(EXE_LINKOPTS) -out:$@ $**
-diff --git a/src/clients/kdestroy/kdestroy.c b/src/clients/kdestroy/kdestroy.c
 --- a/src/clients/kdestroy/kdestroy.c
 +++ b/src/clients/kdestroy/kdestroy.c
 @@ -24,6 +24,12 @@
@@ -131,7 +129,6 @@
 +
      return errflg;
  }
-diff --git a/src/clients/kinit/Makefile.in b/src/clients/kinit/Makefile.in
 --- a/src/clients/kinit/Makefile.in
 +++ b/src/clients/kinit/Makefile.in
 @@ -20,7 +20,7 @@ all-unix:: kinit
@@ -143,7 +140,6 @@
  
  ##WIN32##$(KINIT): $(OUTPRE)kinit.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(KLIB) $(CLIB) $(EXERES)
  ##WIN32##	link $(EXE_LINKOPTS) -out:$@ $** advapi32.lib
-diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
 --- a/src/clients/kinit/kinit.c
 +++ b/src/clients/kinit/kinit.c
 @@ -35,6 +35,7 @@
@@ -206,7 +202,6 @@
 +    return;
 +}
 +/* Solaris Kerberos end */
-diff --git a/src/lib/gssapi/Makefile.in b/src/lib/gssapi/Makefile.in
 --- a/src/lib/gssapi/Makefile.in
 +++ b/src/lib/gssapi/Makefile.in
 @@ -27,7 +27,7 @@ STOBJLISTS=OBJS.ST generic/OBJS.ST mechglue/OBJS.ST krb5/OBJS.ST spnego/OBJS.ST
@@ -218,7 +213,6 @@
  RELDIR=gssapi
  
  all-unix:: all-liblinks @MAINT@ verify-calling-conventions-gssapi
-diff --git a/src/lib/gssapi/krb5/store_cred.c b/src/lib/gssapi/krb5/store_cred.c
 --- a/src/lib/gssapi/krb5/store_cred.c
 +++ b/src/lib/gssapi/krb5/store_cred.c
 @@ -26,6 +26,8 @@
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/026-inappropriate_assert.patch
--- a/components/krb5/patches/026-inappropriate_assert.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/026-inappropriate_assert.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -9,7 +9,6 @@
 # upstream contribution.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c
 --- a/src/lib/gssapi/krb5/import_name.c
 +++ b/src/lib/gssapi/krb5/import_name.c
 @@ -288,7 +288,6 @@ krb5_gss_import_name(minor_status, input_name_buffer,
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/027-add_admin_sname_princ.patch
--- a/components/krb5/patches/027-add_admin_sname_princ.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/027-add_admin_sname_princ.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -6,7 +6,6 @@
 # https://github.com/krb5/krb5/pull/333
 # Patch source: in-house
 #
-diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c
 --- a/src/kadmin/dbutil/kadm5_create.c
 +++ b/src/kadmin/dbutil/kadm5_create.c
 @@ -44,8 +44,14 @@
@@ -207,7 +206,6 @@
  
      return OK;
  }
-diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
 --- a/src/lib/kadm5/admin.h
 +++ b/src/lib/kadm5/admin.h
 @@ -64,7 +64,9 @@ KADM5INT_BEGIN_DECLS
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/028-rpc-gss.patch
--- a/components/krb5/patches/028-rpc-gss.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/028-rpc-gss.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -27,7 +27,6 @@
 # In the future MIT might provide support for system native RPC implementation.
 # Patch source: in-house
 #
-diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
 --- a/src/build-tools/krb5-config.in
 +++ b/src/build-tools/krb5-config.in
 @@ -97,9 +97,6 @@ while test $# != 0; do
@@ -66,7 +65,6 @@
      fi
  
      if test $library = 'gssapi'; then
-diff --git a/src/config/pre.in b/src/config/pre.in
 --- a/src/config/pre.in
 +++ b/src/config/pre.in
 @@ -318,7 +318,7 @@ KDB5_PLUGIN_LIBS = @KDB5_PLUGIN_LIBS@
@@ -87,7 +85,6 @@
  KADM_COMM_LIBS	= $(GSSRPC_LIBS)
  # need fixing if ever used on Mac OS X!
  KADMSRV_LIBS	= -lkadm5srv_mit $(HESIOD_LIBS) $(KDB5_LIBS) $(KADM_COMM_LIBS)
-diff --git a/src/include/iprop.h b/src/include/iprop.h
 --- a/src/include/iprop.h
 +++ b/src/include/iprop.h
 @@ -6,8 +6,7 @@
@@ -100,7 +97,6 @@
  
  #ifdef __cplusplus
  extern "C" {
-diff --git a/src/include/k5-int.h b/src/include/k5-int.h
 --- a/src/include/k5-int.h
 +++ b/src/include/k5-int.h
 @@ -218,11 +218,14 @@ typedef unsigned char   u_char;
@@ -118,7 +114,6 @@
  #define KRB5_CONF_K5LOGIN_AUTHORITATIVE        "k5login_authoritative"
  #define KRB5_CONF_K5LOGIN_DIRECTORY            "k5login_directory"
  #define KRB5_CONF_KADMIND_PORT                 "kadmind_port"
-diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c
 --- a/src/kadmin/dbutil/kadm5_create.c
 +++ b/src/kadmin/dbutil/kadm5_create.c
 @@ -158,11 +158,20 @@ static int add_admin_princs(void *handle, krb5_context context, char *realm)
@@ -142,7 +137,6 @@
  
      if ((ret = add_admin_princ(handle, context,
                                 KADM5_CHANGEPW_SERVICE, realm,
-diff --git a/src/kadmin/server/ipropd_svc.c b/src/kadmin/server/ipropd_svc.c
 --- a/src/kadmin/server/ipropd_svc.c
 +++ b/src/kadmin/server/ipropd_svc.c
 @@ -137,6 +137,8 @@ iprop_get_updates_1_svc(kdb_last_t *arg, struct svc_req *rqstp)
@@ -246,7 +240,6 @@
  
      switch (rqstp->rq_proc) {
      case NULLPROC:
-diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c
 --- a/src/kadmin/server/kadm_rpc_svc.c
 +++ b/src/kadmin/server/kadm_rpc_svc.c
 @@ -5,7 +5,7 @@
@@ -282,7 +275,6 @@
       return success;
  }
 +#endif
-diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
 --- a/src/kadmin/server/ovsec_kadmd.c
 +++ b/src/kadmin/server/ovsec_kadmd.c
 @@ -45,10 +45,9 @@
@@ -455,7 +447,6 @@
  
      krb5_klog_close(context);
      krb5_free_context(context);
-diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
 --- a/src/kadmin/server/server_stubs.c
 +++ b/src/kadmin/server/server_stubs.c
 @@ -21,10 +21,10 @@ extern gss_name_t                       gss_changepw_name;
@@ -1411,7 +1402,6 @@
 +    }
 +    return (name);
  }
-diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
 --- a/src/lib/Makefile.in
 +++ b/src/lib/Makefile.in
 @@ -1,5 +1,5 @@
@@ -1421,7 +1411,6 @@
  WINSUBDIRS=crypto krb5 gssapi
  BUILDTOP=$(REL)..
  
-diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
 --- a/src/lib/apputils/net-server.c
 +++ b/src/lib/apputils/net-server.c
 @@ -32,7 +32,7 @@
@@ -1746,7 +1735,6 @@
  }
  
  #if defined(CMSG_SPACE) && defined(HAVE_STRUCT_CMSGHDR) &&      \
-diff --git a/src/lib/kadm5/Makefile.in b/src/lib/kadm5/Makefile.in
 --- a/src/lib/kadm5/Makefile.in
 +++ b/src/lib/kadm5/Makefile.in
 @@ -21,6 +21,7 @@ SRCS =	kadm_err.c \
@@ -1773,7 +1761,6 @@
  	logger.o
  
  HDRDIR=$(BUILDTOP)/include/kadm5
-diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
 --- a/src/lib/kadm5/admin.h
 +++ b/src/lib/kadm5/admin.h
 @@ -42,7 +42,7 @@
@@ -1815,7 +1802,6 @@
  krb5_error_code kadm5_init_krb5_context (krb5_context *);
  
  krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args);
-diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
 --- a/src/lib/kadm5/alt_prof.c
 +++ b/src/lib/kadm5/alt_prof.c
 @@ -746,10 +746,17 @@ krb5_error_code kadm5_get_config_params(krb5_context context,
@@ -1879,7 +1865,6 @@
  
      *params_out = params;
  
-diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in
 --- a/src/lib/kadm5/clnt/Makefile.in
 +++ b/src/lib/kadm5/clnt/Makefile.in
 @@ -7,12 +7,11 @@ LIBMAJOR=10
@@ -1896,7 +1881,6 @@
  RELDIR=kadm5/clnt
  
  ##DOSBUILDTOP = ..\..\..
-diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c
 --- a/src/lib/kadm5/clnt/client_init.c
 +++ b/src/lib/kadm5/clnt/client_init.c
 @@ -44,12 +44,12 @@
@@ -2519,7 +2503,6 @@
  }
  
  kadm5_ret_t
-diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c
 --- a/src/lib/kadm5/clnt/client_principal.c
 +++ b/src/lib/kadm5/clnt/client_principal.c
 @@ -5,7 +5,7 @@
@@ -2531,7 +2514,6 @@
  #include    <kadm5/admin.h>
  #include    <kadm5/kadm_rpc.h>
  #ifdef HAVE_MEMORY_H
-diff --git a/src/lib/kadm5/clnt/client_rpc.c b/src/lib/kadm5/clnt/client_rpc.c
 --- a/src/lib/kadm5/clnt/client_rpc.c
 +++ b/src/lib/kadm5/clnt/client_rpc.c
 @@ -1,5 +1,5 @@
@@ -2541,7 +2523,6 @@
  #include <kadm5/kadm_rpc.h>
  #include <krb5.h>
  #include <kadm5/admin.h>
-diff --git a/src/lib/kadm5/clnt/clnt_policy.c b/src/lib/kadm5/clnt/clnt_policy.c
 --- a/src/lib/kadm5/clnt/clnt_policy.c
 +++ b/src/lib/kadm5/clnt/clnt_policy.c
 @@ -5,7 +5,7 @@
@@ -2553,7 +2534,6 @@
  #include    <kadm5/admin.h>
  #include    <kadm5/kadm_rpc.h>
  #include    "client_internal.h"
-diff --git a/src/lib/kadm5/clnt/clnt_privs.c b/src/lib/kadm5/clnt/clnt_privs.c
 --- a/src/lib/kadm5/clnt/clnt_privs.c
 +++ b/src/lib/kadm5/clnt/clnt_privs.c
 @@ -7,7 +7,7 @@
@@ -2565,7 +2545,6 @@
  #include    <kadm5/admin.h>
  #include    <kadm5/kadm_rpc.h>
  #include    "client_internal.h"
-diff --git a/src/lib/kadm5/deps b/src/lib/kadm5/deps
 --- a/src/lib/kadm5/deps
 +++ b/src/lib/kadm5/deps
 @@ -90,6 +90,20 @@ str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \
@@ -2589,7 +2568,6 @@
  logger.so logger.po $(OUTPRE)logger.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
    $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
-diff --git a/src/lib/kadm5/kadm_rpc.h b/src/lib/kadm5/kadm_rpc.h
 --- a/src/lib/kadm5/kadm_rpc.h
 +++ b/src/lib/kadm5/kadm_rpc.h
 @@ -2,7 +2,7 @@
@@ -2610,7 +2588,6 @@
 +#define	xdr_u_int32 xdr_u_int
  
  #endif /* __KADM_RPC_H__ */
-diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
 --- a/src/lib/kadm5/kadm_rpc_xdr.c
 +++ b/src/lib/kadm5/kadm_rpc_xdr.c
 @@ -3,7 +3,7 @@
@@ -2622,7 +2599,6 @@
  #include <krb5.h>
  #include <errno.h>
  #include <kadm5/admin.h>
-diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h
 --- a/src/lib/kadm5/server_internal.h
 +++ b/src/lib/kadm5/server_internal.h
 @@ -264,4 +264,8 @@ k5_kadm5_hook_rename (krb5_context context,
@@ -2634,7 +2610,6 @@
 +extern caddr_t xdralloc_getdata(XDR *xdrs);
 +
  #endif /* __KADM5_SERVER_INTERNAL_H__ */
-diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in
 --- a/src/lib/kadm5/srv/Makefile.in
 +++ b/src/lib/kadm5/srv/Makefile.in
 @@ -14,13 +14,12 @@ LIBMINOR=0
@@ -2679,7 +2654,6 @@
  	adb_xdr.o
  
  all-unix:: includes
-diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c
 --- a/src/lib/kadm5/srv/adb_xdr.c
 +++ b/src/lib/kadm5/srv/adb_xdr.c
 @@ -7,7 +7,7 @@
@@ -2691,7 +2665,6 @@
  #include	"server_internal.h"
  #include "admin_xdr.h"
  #ifdef HAVE_MEMORY_H
-diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c
 --- a/src/lib/kadm5/srv/server_init.c
 +++ b/src/lib/kadm5/srv/server_init.c
 @@ -233,8 +233,7 @@ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
@@ -2703,8 +2676,7 @@
 +     KADM5_CONFIG_IPROP_LOGFILE)
  
      if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
-         free_db_args(handle);
-diff --git a/src/lib/kdb/Makefile.in b/src/lib/kdb/Makefile.in
+         kadm5_free_config_params(handle->context, &handle->params);
 --- a/src/lib/kdb/Makefile.in
 +++ b/src/lib/kdb/Makefile.in
 @@ -14,9 +14,8 @@ RELDIR=kdb
@@ -2718,7 +2690,6 @@
  
  adb_err.$(OBJEXT): adb_err.c
  adb_err.c adb_err.h: $(srcdir)/adb_err.et
-diff --git a/src/lib/kdb/iprop_xdr.c b/src/lib/kdb/iprop_xdr.c
 --- a/src/lib/kdb/iprop_xdr.c
 +++ b/src/lib/kdb/iprop_xdr.c
 @@ -9,6 +9,7 @@
@@ -2737,7 +2708,6 @@
  
  bool_t
  xdr_utf8str_t (XDR *xdrs, utf8str_t *objp)
-diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
 --- a/src/lib/krb5/os/changepw.c
 +++ b/src/lib/krb5/os/changepw.c
 @@ -57,7 +57,7 @@ struct sendto_callback_context {
@@ -2749,7 +2719,6 @@
  locate_kpasswd(krb5_context context, const krb5_data *realm,
                 struct serverlist *serverlist, krb5_boolean no_udp)
  {
-diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
 --- a/src/lib/krb5/os/locate_kdc.c
 +++ b/src/lib/krb5/os/locate_kdc.c
 @@ -675,6 +675,14 @@ k5_locate_kdc(krb5_context context, const krb5_data *realm,
@@ -2767,7 +2736,6 @@
  krb5_boolean
  k5_kdc_is_master(krb5_context context, const krb5_data *realm,
                   struct server_entry *server)
-diff --git a/src/lib/rpc/xdr_alloc.c b/src/lib/rpc/xdr_alloc.c
 --- a/src/lib/rpc/xdr_alloc.c
 +++ b/src/lib/rpc/xdr_alloc.c
 @@ -35,18 +35,23 @@
@@ -2879,7 +2847,6 @@
 +{
 +     return FALSE;
 +}
-diff --git a/src/plugins/kdb/db2/adb_policy.c b/src/plugins/kdb/db2/adb_policy.c
 --- a/src/plugins/kdb/db2/adb_policy.c
 +++ b/src/plugins/kdb/db2/adb_policy.c
 @@ -28,6 +28,9 @@
@@ -2892,7 +2859,6 @@
  
  /*
   * Function: osa_adb_create_policy
-diff --git a/src/plugins/kdb/db2/pol_xdr.c b/src/plugins/kdb/db2/pol_xdr.c
 --- a/src/plugins/kdb/db2/pol_xdr.c
 +++ b/src/plugins/kdb/db2/pol_xdr.c
 @@ -1,6 +1,6 @@
@@ -2903,7 +2869,6 @@
  #include <kdb.h>
  #include <kadm5/admin_xdr.h>
  #include "policy_db.h"
-diff --git a/src/plugins/kdb/db2/policy_db.h b/src/plugins/kdb/db2/policy_db.h
 --- a/src/plugins/kdb/db2/policy_db.h
 +++ b/src/plugins/kdb/db2/policy_db.h
 @@ -28,8 +28,8 @@
@@ -2917,7 +2882,6 @@
  #include <db.h>
  #include "adb_err.h"
  #include <com_err.h>
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
 --- a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
 @@ -3,6 +3,10 @@
@@ -2931,7 +2895,6 @@
  bool_t
  ldap_xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp)
  {
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h
 --- a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h
 @@ -4,7 +4,7 @@
@@ -2943,7 +2906,6 @@
  
  #ifdef HAVE_MEMORY_H
  #include <memory.h>
-diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
 --- a/src/slave/kpropd.c
 +++ b/src/slave/kpropd.c
 @@ -588,7 +588,7 @@ full_resync(CLIENT *clnt)
@@ -2955,7 +2917,6 @@
                         (caddr_t)&vers, (xdrproc_t)xdr_kdb_fullresync_result_t,
                         (caddr_t)&clnt_res, full_resync_timeout);
      if (status == RPC_PROCUNAVAIL) {
-diff --git a/src/tests/misc/Makefile.in b/src/tests/misc/Makefile.in
 --- a/src/tests/misc/Makefile.in
 +++ b/src/tests/misc/Makefile.in
 @@ -12,18 +12,16 @@ SRCS=\
@@ -2998,7 +2959,6 @@
 -	$(RM) test_getpw test_chpw_message test_cxx_krb5 test_cxx_gss test_cxx_k5int test_cxx_rpc test_cxx_kadm5 *.o
 +	$(RM) test_getpw test_chpw_message test_cxx_krb5 test_cxx_gss test_cxx_k5int test_cxx_kadm5 *.o
  
-diff --git a/src/tests/t_ccache.py b/src/tests/t_ccache.py
 --- a/src/tests/t_ccache.py
 +++ b/src/tests/t_ccache.py
 @@ -51,7 +51,7 @@ realm.kinit(realm.user_princ, password('user'))
@@ -3010,7 +2970,6 @@
  realm.run([klist, '-s'])
  realm.run([kdestroy])
  realm.run([klist, '-s'], expected_code=1)
-diff --git a/src/tests/t_iprop.py b/src/tests/t_iprop.py
 --- a/src/tests/t_iprop.py
 +++ b/src/tests/t_iprop.py
 @@ -1,44 +1,35 @@
@@ -3504,7 +3463,6 @@
  
  success('iprop tests')
 +
-diff --git a/src/tests/t_kadmin_acl.py b/src/tests/t_kadmin_acl.py
 --- a/src/tests/t_kadmin_acl.py
 +++ b/src/tests/t_kadmin_acl.py
 @@ -9,7 +9,7 @@ def make_client(name):
@@ -3516,7 +3474,6 @@
      return ccache
  
  def kadmin_as(client, query, **kwargs):
-diff --git a/src/util/gss-kernel-lib/Makefile.in b/src/util/gss-kernel-lib/Makefile.in
 --- a/src/util/gss-kernel-lib/Makefile.in
 +++ b/src/util/gss-kernel-lib/Makefile.in
 @@ -7,7 +7,7 @@ ALL_CFLAGS=$(CPPFLAGS) $(CFLAGS) $(WARN_CFLAGS) $(DEFS) $(DEFINES) -I. -Igssapi
@@ -3528,7 +3485,6 @@
  
  SRCS= \
  	k5seal.c \
-diff --git a/src/util/k5test.py b/src/util/k5test.py
 --- a/src/util/k5test.py
 +++ b/src/util/k5test.py
 @@ -997,7 +997,7 @@ class K5Realm(object):
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/029-kadmin_disable_anonymity.patch
--- a/components/krb5/patches/029-kadmin_disable_anonymity.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/029-kadmin_disable_anonymity.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -17,7 +17,6 @@
 # This patch is Solaris specific and not intented for upstream contribution.
 # Patch source: in-house
 #
-diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
 --- a/src/kadmin/cli/kadmin.c
 +++ b/src/kadmin/cli/kadmin.c
 @@ -268,7 +268,7 @@ kadmin_startup(int argc, char *argv[], char **request_out, char ***args_out)
@@ -29,7 +28,6 @@
          switch (optchar) {
          case 'x':
              db_args_size++;
-diff --git a/src/man/kadmin.man b/src/man/kadmin.man
 --- a/src/man/kadmin.man
 +++ b/src/man/kadmin.man
 @@ -37,7 +37,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
@@ -63,7 +61,6 @@
  .B \fB\-c\fP \fIcredentials_cache\fP
  Use \fIcredentials_cache\fP as the credentials cache.  The
  cache should contain a service ticket for the \fBkadmin/ADMINHOST\fP
-diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py
 --- a/src/tests/t_pkinit.py
 +++ b/src/tests/t_pkinit.py
 @@ -73,15 +73,16 @@ if '97:' in out:
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/030-force_dns_hostname_canon.patch
--- a/components/krb5/patches/030-force_dns_hostname_canon.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/030-force_dns_hostname_canon.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -8,7 +8,6 @@
 # This patch is not meant for upstream contribution.
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c
 --- a/src/lib/krb5/os/sn2princ.c
 +++ b/src/lib/krb5/os/sn2princ.c
 @@ -39,6 +39,14 @@
@@ -115,7 +114,6 @@
      return (*canonhost_out == NULL) ? ENOMEM : 0;
  }
  
-diff --git a/src/util/k5test.py b/src/util/k5test.py
 --- a/src/util/k5test.py
 +++ b/src/util/k5test.py
 @@ -364,6 +364,7 @@ import string
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/031-kinit-support.patch
--- a/components/krb5/patches/031-kinit-support.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/031-kinit-support.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -11,7 +11,6 @@
 # We will maintain it as patch.
 # Patch source: in-house
 #
-diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
 --- a/src/clients/kinit/kinit.c
 +++ b/src/clients/kinit/kinit.c
 @@ -36,6 +36,7 @@
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/032-pam-krb5.patch
--- a/components/krb5/patches/032-pam-krb5.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/032-pam-krb5.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -13,7 +13,6 @@
 # presented to MIT.
 # Patch source: in-house
 #
-diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c
 --- a/src/lib/kadm5/clnt/client_init.c
 +++ b/src/lib/kadm5/clnt/client_init.c
 @@ -299,7 +299,7 @@ _kadm5_initialize_rpcsec_gss_handle(kadm5_server_handle_t handle,
@@ -151,7 +150,6 @@
                      server_out);
      /* Improved error messages */
      if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD;
-diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
 --- a/src/lib/krb5/krb/gic_pwd.c
 +++ b/src/lib/krb5/krb/gic_pwd.c
 @@ -5,6 +5,17 @@
@@ -217,7 +215,7 @@
      krb5_error_code ret;
      int use_master;
      krb5_kdc_rep *as_reply;
-@@ -503,8 +543,12 @@ cleanup:
+@@ -505,8 +545,12 @@ cleanup:
      memset(pw0array, 0, sizeof(pw0array));
      memset(pw1array, 0, sizeof(pw1array));
      krb5_free_cred_contents(context, &chpw_creds);
@@ -232,7 +230,6 @@
      k5_clear_error(&errsave);
  
      return(ret);
-diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
 --- a/src/slave/kpropd.c
 +++ b/src/slave/kpropd.c
 @@ -644,6 +644,7 @@ do_iprop()
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/033-pkinit-pin.patch
--- a/components/krb5/patches/033-pkinit-pin.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/033-pkinit-pin.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -9,7 +9,6 @@
 # directly or through a utility library.
 # Patch source: in-house
 #
-diff --git a/src/plugins/preauth/pkinit/pkinit.h b/src/plugins/preauth/pkinit/pkinit.h
 --- a/src/plugins/preauth/pkinit/pkinit.h
 +++ b/src/plugins/preauth/pkinit/pkinit.h
 @@ -27,10 +27,14 @@
@@ -44,7 +43,6 @@
  #endif
  } pkinit_identity_opts;
  
-diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c
 +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
 @@ -29,6 +29,10 @@
@@ -69,7 +67,6 @@
      }
      return 0;
  }
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 @@ -29,6 +29,10 @@
@@ -319,7 +316,6 @@
      /* Convert the ascii cert_id string into a binary blob */
      if (idopts->cert_id_string != NULL) {
          BIGNUM *bn = NULL;
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
 +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
 @@ -28,6 +28,10 @@
@@ -341,7 +337,6 @@
      /* These are crypto-specific */
      void *p11_module;
      CK_SESSION_HANDLE session;
-diff --git a/src/plugins/preauth/pkinit/pkinit_identity.c b/src/plugins/preauth/pkinit/pkinit_identity.c
 --- a/src/plugins/preauth/pkinit/pkinit_identity.c
 +++ b/src/plugins/preauth/pkinit/pkinit_identity.c
 @@ -29,6 +29,10 @@
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/034-migrate.patch
--- a/components/krb5/patches/034-migrate.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/034-migrate.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # functionality as this is specific to a 3rd party migration design.
 # Patch source: in-house
 #
-diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in
 --- a/src/kadmin/server/Makefile.in
 +++ b/src/kadmin/server/Makefile.in
 @@ -13,7 +13,7 @@ SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c
@@ -19,7 +18,6 @@
  
  install::
  	$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(SERVER_BINDIR)/$(PROG)
-diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
 --- a/src/kadmin/server/server_stubs.c
 +++ b/src/kadmin/server/server_stubs.c
 @@ -16,6 +16,7 @@
@@ -220,7 +218,6 @@
      }
      free(prime_arg);
  
-diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c
 --- a/src/lib/kadm5/srv/server_acl.c
 +++ b/src/lib/kadm5/srv/server_acl.c
 @@ -24,6 +24,10 @@
@@ -242,7 +239,6 @@
      { 'x',      ACL_ALL_MASK },
      { '*',      ACL_ALL_MASK },
      { '\0',     0 }
-diff --git a/src/lib/kadm5/srv/server_acl.h b/src/lib/kadm5/srv/server_acl.h
 --- a/src/lib/kadm5/srv/server_acl.h
 +++ b/src/lib/kadm5/srv/server_acl.h
 @@ -24,6 +24,10 @@
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/035-multi-master.patch
--- a/components/krb5/patches/035-multi-master.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/035-multi-master.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -8,7 +8,6 @@
 # should look at modifying/deleting this patch.
 # Patch source: in-house
 #
-diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
 --- a/src/kadmin/cli/kadmin.c
 +++ b/src/kadmin/cli/kadmin.c
 @@ -255,7 +255,7 @@ kadmin_startup(int argc, char *argv[], char **request_out, char ***args_out)
@@ -72,7 +71,6 @@
      if (retval) {
          com_err(whoami, retval, _("while initializing %s interface"), whoami);
          if (retval == KADM5_BAD_CLIENT_PARAMS ||
-diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
 --- a/src/lib/kadm5/admin.h
 +++ b/src/lib/kadm5/admin.h
 @@ -345,6 +345,51 @@ kadm5_ret_t    kadm5_init_with_creds(krb5_context context,
@@ -127,7 +125,6 @@
  kadm5_ret_t    kadm5_lock(void *server_handle);
  kadm5_ret_t    kadm5_unlock(void *server_handle);
  kadm5_ret_t    kadm5_flush(void *server_handle);
-diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c
 --- a/src/lib/kadm5/clnt/client_init.c
 +++ b/src/lib/kadm5/clnt/client_init.c
 @@ -55,7 +55,7 @@ enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS, INIT_ANONYMOUS };
@@ -201,7 +198,8 @@
 +    svcnames[0] = service_name;
 +    svcnames[1] = NULL;
 +
-+    return init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL,
+     return init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL,
+-                    service_name, params, struct_version, api_version,
 +                    svcnames, params, struct_version, api_version,
 +                    db_args, server_handle);
 +}
@@ -212,8 +210,7 @@
 +                     krb5_ui_4 struct_version, krb5_ui_4 api_version,
 +                     char **db_args, void **server_handle)
 +{
-     return init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL,
--                    service_name, params, struct_version, api_version,
++    return init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL,
 +                    svcnames, params, struct_version, api_version,
                      db_args, server_handle);
  }
@@ -355,7 +352,17 @@
 +    } else {
 +        svcname_ptr = svcnames_in;
 +    }
-+
+ 
+-	code = kadm5_get_adm_host_srv_names(context, handle->params.realm,
+-	    &kadmin_srv_names);
+-        if (code)
+-            goto error;
+-	svcname = strdup(kadmin_srv_names[0]);
+-	free_srv_names(kadmin_srv_names);
+-	if (svcname == NULL) {
+-	    code = ENOMEM;
+-            goto error;
+-	}
 +    for (i = 0; svcname_ptr[i]; i++) {
 +        /* Get credentials. */
 +        code = get_init_creds(handle, client, init_type, pass, ccache_in,
@@ -369,17 +376,7 @@
 +            } else
 +                goto error;
 +        }
- 
--	code = kadm5_get_adm_host_srv_names(context, handle->params.realm,
--	    &kadmin_srv_names);
--        if (code)
--            goto error;
--	svcname = strdup(kadmin_srv_names[0]);
--	free_srv_names(kadmin_srv_names);
--	if (svcname == NULL) {
--	    code = ENOMEM;
--            goto error;
--	}
++
 +        code = _kadm5_initialize_rpcsec_gss_handle(handle, client_name,
 +                                                   svcname_ptr[i]);
 +        if (code) {
@@ -502,7 +499,6 @@
                      server_out);
      /* Improved error messages */
      if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD;
-diff --git a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
 --- a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
 +++ b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
 @@ -31,6 +31,11 @@ kadm5_init_krb5_context
@@ -517,7 +513,6 @@
  kadm5_lock
  kadm5_modify_policy
  kadm5_modify_principal
-diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c
 --- a/src/lib/kadm5/srv/server_init.c
 +++ b/src/lib/kadm5/srv/server_init.c
 @@ -97,6 +97,29 @@ kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name,
@@ -615,7 +610,6 @@
  kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
                         char *service_name,
                         kadm5_config_params *params_in,
-diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
 --- a/src/slave/kpropd.c
 +++ b/src/slave/kpropd.c
 @@ -613,7 +613,7 @@ do_iprop()
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/036-verify-nofail.patch
--- a/components/krb5/patches/036-verify-nofail.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/036-verify-nofail.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # position on validating a KDC during initial authentication.
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/krb/t_vfy_increds.c b/src/lib/krb5/krb/t_vfy_increds.c
 --- a/src/lib/krb5/krb/t_vfy_increds.c
 +++ b/src/lib/krb5/krb/t_vfy_increds.c
 @@ -59,6 +59,9 @@ main(int argc, char **argv)
@@ -20,7 +19,6 @@
      }
      if (*argv != NULL)
          check(krb5_parse_name(context, *argv, &princ));
-diff --git a/src/lib/krb5/krb/t_vfy_increds.py b/src/lib/krb5/krb/t_vfy_increds.py
 --- a/src/lib/krb5/krb/t_vfy_increds.py
 +++ b/src/lib/krb5/krb/t_vfy_increds.py
 @@ -53,29 +53,31 @@ realm.run(['./t_vfy_increds'])
@@ -71,7 +69,6 @@
  realm.run(['./t_vfy_increds', '-n'], expected_code=1)
  realm.run(['./t_vfy_increds', realm.nfs_princ], expected_code=1)
  realm.run(['./t_vfy_increds', '-n', realm.nfs_princ], expected_code=1)
-diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c
 --- a/src/lib/krb5/krb/vfy_increds.c
 +++ b/src/lib/krb5/krb/vfy_increds.c
 @@ -33,8 +33,8 @@
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/037-getuid-mod.patch
--- a/components/krb5/patches/037-getuid-mod.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/037-getuid-mod.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -13,18 +13,18 @@
 # Patch source: in-house
 #
 
---- krb5-1.14.3-036/src/include/k5-int.h
-+++ krb5-1.14.3-037/src/include/k5-int.h
-@@ -2353,4 +2353,6 @@
+--- a/src/include/k5-int.h
++++ b/src/include/k5-int.h
+@@ -2353,4 +2353,6 @@ void k5_change_error_message_code(krb5_context ctx, krb5_error_code oldcode,
  #define k5_prependmsg krb5_prepend_error_message
  #define k5_wrapmsg krb5_wrap_error_message
  
 +uid_t krb5_getuid();
 +
  #endif /* _KRB5_INT_H */
---- krb5-1.14.3-036/src/lib/krb5/os/Makefile.in
-+++ krb5-1.14.3-037/src/lib/krb5/os/Makefile.in
-@@ -24,6 +24,7 @@
+--- a/src/lib/krb5/os/Makefile.in
++++ b/src/lib/krb5/os/Makefile.in
+@@ -24,6 +24,7 @@ STLIBOBJS= \
  	gen_port.o	\
  	genaddrs.o	\
  	gen_rname.o	\
@@ -32,7 +32,7 @@
  	hostaddr.o	\
  	hostrealm.o	\
  	hostrealm_dns.o \
-@@ -71,6 +72,7 @@
+@@ -71,6 +72,7 @@ OBJS= \
  	$(OUTPRE)gen_port.$(OBJEXT)	\
  	$(OUTPRE)genaddrs.$(OBJEXT)	\
  	$(OUTPRE)gen_rname.$(OBJEXT)	\
@@ -40,7 +40,7 @@
  	$(OUTPRE)hostaddr.$(OBJEXT)	\
  	$(OUTPRE)hostrealm.$(OBJEXT)	\
  	$(OUTPRE)hostrealm_dns.$(OBJEXT) \
-@@ -118,6 +120,7 @@
+@@ -118,6 +120,7 @@ SRCS= \
  	$(srcdir)/gen_port.c	\
  	$(srcdir)/genaddrs.c	\
  	$(srcdir)/gen_rname.c	\
@@ -48,9 +48,9 @@
  	$(srcdir)/hostaddr.c	\
  	$(srcdir)/hostrealm.c	\
  	$(srcdir)/hostrealm_dns.c \
---- krb5-1.14.3-036/src/lib/krb5/os/expand_path.c
-+++ krb5-1.14.3-037/src/lib/krb5/os/expand_path.c
-@@ -291,7 +291,7 @@
+--- a/src/lib/krb5/os/expand_path.c
++++ b/src/lib/krb5/os/expand_path.c
+@@ -291,7 +291,7 @@ static krb5_error_code
  expand_userid(krb5_context context, PTYPE param, const char *postfix,
                char **str)
  {
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/038-krb5-conf.patch
--- a/components/krb5/patches/038-krb5-conf.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/038-krb5-conf.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # through kdc_max_tcp_connections.
 # Patch source: in-house
 #
-diff --git a/src/include/k5-int.h b/src/include/k5-int.h
 --- a/src/include/k5-int.h
 +++ b/src/include/k5-int.h
 @@ -264,6 +264,7 @@ typedef unsigned char   u_char;
@@ -18,7 +17,6 @@
  #define KRB5_CONF_MODULE                       "module"
  #define KRB5_CONF_NOADDRESSES                  "noaddresses"
  #define KRB5_CONF_NO_HOST_REFERRAL             "no_host_referral"
-diff --git a/src/include/net-server.h b/src/include/net-server.h
 --- a/src/include/net-server.h
 +++ b/src/include/net-server.h
 @@ -52,6 +52,7 @@ krb5_error_code loop_setup_network(verto_ctx *ctx, void *handle,
@@ -29,7 +27,6 @@
  
  /* to be supplied by the server application */
  
-diff --git a/src/include/osconf.hin b/src/include/osconf.hin
 --- a/src/include/osconf.hin
 +++ b/src/include/osconf.hin
 @@ -94,6 +94,10 @@
@@ -43,7 +40,6 @@
  /*
   * Defaults for the KADM5 admin system.
   */
-diff --git a/src/kdc/main.c b/src/kdc/main.c
 --- a/src/kdc/main.c
 +++ b/src/kdc/main.c
 @@ -203,7 +203,8 @@ static krb5_error_code
@@ -116,7 +112,6 @@
      /* Handle each realm's ports */
      for (i=0; i< shandle.kdc_numrealms; i++) {
          char *cp = shandle.kdc_realmlist[i]->realm_ports;
-diff --git a/src/kdc/realm_data.h b/src/kdc/realm_data.h
 --- a/src/kdc/realm_data.h
 +++ b/src/kdc/realm_data.h
 @@ -66,6 +66,7 @@ typedef struct __kdc_realm_data {
@@ -127,7 +122,6 @@
      /*
       * Per-realm parameters.
       */
-diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
 --- a/src/lib/apputils/net-server.c
 +++ b/src/lib/apputils/net-server.c
 @@ -348,6 +348,12 @@ loop_add_tcp_port(int port)
@@ -143,7 +137,6 @@
  krb5_error_code
  loop_add_rpc_service(int port, u_long prognum,
                       u_long versnum, void (*dispatchfn)())
-diff --git a/src/lib/krb5/os/localauth.c b/src/lib/krb5/os/localauth.c
 --- a/src/lib/krb5/os/localauth.c
 +++ b/src/lib/krb5/os/localauth.c
 @@ -258,6 +258,49 @@ parse_mapping_value(const char *value, char **type_out, char **residual_out)
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/039-15699628.patch
--- a/components/krb5/patches/039-15699628.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/039-15699628.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -8,7 +8,6 @@
 # contributed upstream.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/krb5/disp_status.c b/src/lib/gssapi/krb5/disp_status.c
 --- a/src/lib/gssapi/krb5/disp_status.c
 +++ b/src/lib/gssapi/krb5/disp_status.c
 @@ -98,6 +98,12 @@ static int save_error_string_nocopy(OM_uint32 minor_code, char *msg)
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/041-move_macros.patch
--- a/components/krb5/patches/041-move_macros.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/041-move_macros.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # This patch is unlikely to be accepted upstream.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h
 --- a/src/lib/gssapi/generic/gssapiP_generic.h
 +++ b/src/lib/gssapi/generic/gssapiP_generic.h
 @@ -49,10 +49,11 @@
@@ -23,7 +22,6 @@
  
  /* this code knows that an int on the wire is 32 bits.  The type of
     num should be at least this big, or the extra shifts may do weird
-diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h
 --- a/src/lib/gssapi/generic/gssapi_ext.h
 +++ b/src/lib/gssapi/generic/gssapi_ext.h
 @@ -43,6 +43,26 @@ gss_pname_to_uid
@@ -53,7 +51,6 @@
  /**
   * Provides a platform-specific name for a GSSAPI name as interpreted by a
   * given mechanism.
-diff --git a/src/lib/gssapi/generic/gssapi_generic.h b/src/lib/gssapi/generic/gssapi_generic.h
 --- a/src/lib/gssapi/generic/gssapi_generic.h
 +++ b/src/lib/gssapi/generic/gssapi_generic.h
 @@ -38,8 +38,10 @@
@@ -67,7 +64,6 @@
  
  GSSAPIGENERIC_BEGIN_DECLS
  
-diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h
 --- a/src/lib/gssapi/mechglue/mglueP.h
 +++ b/src/lib/gssapi/mechglue/mglueP.h
 @@ -14,11 +14,13 @@
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/047-dejagnu.patch
--- a/components/krb5/patches/047-dejagnu.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/047-dejagnu.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # donated.
 # Patch source: in-house
 #
-diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db
 --- a/src/kadmin/testing/scripts/init_db
 +++ b/src/kadmin/testing/scripts/init_db
 @@ -215,7 +215,7 @@ changepw/kerberos@$REALM	cil
@@ -19,7 +18,6 @@
  
  # Create $K5ROOT/setup.csh to make it easy to run other programs against
  # the test db
-diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c
 --- a/src/kadmin/testing/util/tcl_kadm5.c
 +++ b/src/kadmin/testing/util/tcl_kadm5.c
 @@ -13,8 +13,11 @@
@@ -54,7 +52,6 @@
      (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION);
      Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
      (void) sprintf(buf, "%d", KADM5_API_VERSION_2);
-diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in
 --- a/src/lib/kadm5/unit-test/Makefile.in
 +++ b/src/lib/kadm5/unit-test/Makefile.in
 @@ -103,7 +103,7 @@ unit-test-server-setup::
@@ -66,7 +63,6 @@
  	$(ENV_SETUP) $(RUNTEST) --tool api RPC=1 API=$(CLNTTCL) \
  		KINIT=$(BUILDTOP)/clients/kinit/kinit \
  		KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
-diff --git a/src/lib/kadm5/unit-test/api.current/init-v2.exp b/src/lib/kadm5/unit-test/api.current/init-v2.exp
 --- a/src/lib/kadm5/unit-test/api.current/init-v2.exp
 +++ b/src/lib/kadm5/unit-test/api.current/init-v2.exp
 @@ -70,7 +70,7 @@ proc test102 {} {
@@ -106,7 +102,6 @@
      one_line_succeed_test {
  	kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \
  		null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-diff --git a/src/lib/kadm5/unit-test/api.current/init.exp b/src/lib/kadm5/unit-test/api.current/init.exp
 --- a/src/lib/kadm5/unit-test/api.current/init.exp
 +++ b/src/lib/kadm5/unit-test/api.current/init.exp
 @@ -697,8 +697,8 @@ if {$RPC} {
@@ -120,7 +115,6 @@
  }
  
  return ""
-diff --git a/src/lib/kadm5/unit-test/destroy-test.c b/src/lib/kadm5/unit-test/destroy-test.c
 --- a/src/lib/kadm5/unit-test/destroy-test.c
 +++ b/src/lib/kadm5/unit-test/destroy-test.c
 @@ -27,7 +27,7 @@ int main()
@@ -132,7 +126,6 @@
                           KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
                           &server_handle);
          if(ret != KADM5_OK) {
-diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c
 --- a/src/lib/kadm5/unit-test/handle-test.c
 +++ b/src/lib/kadm5/unit-test/handle-test.c
 @@ -30,7 +30,7 @@ int main(int argc, char *argv[])
@@ -144,7 +137,6 @@
                       KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
                       &server_handle);
      if(ret != KADM5_OK) {
-diff --git a/src/lib/kadm5/unit-test/iter-test.c b/src/lib/kadm5/unit-test/iter-test.c
 --- a/src/lib/kadm5/unit-test/iter-test.c
 +++ b/src/lib/kadm5/unit-test/iter-test.c
 @@ -22,7 +22,7 @@ int main(int argc, char **argv)
@@ -156,7 +148,6 @@
                       KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
                       &server_handle);
      if (ret != KADM5_OK) {
-diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c
 --- a/src/lib/kadm5/unit-test/randkey-test.c
 +++ b/src/lib/kadm5/unit-test/randkey-test.c
 @@ -23,7 +23,7 @@ int main()
@@ -168,7 +159,6 @@
                       KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
                       &server_handle);
      if(ret != KADM5_OK) {
-diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c
 --- a/src/lib/kadm5/unit-test/setkey-test.c
 +++ b/src/lib/kadm5/unit-test/setkey-test.c
 @@ -119,7 +119,7 @@ main(int argc, char **argv)
@@ -180,7 +170,6 @@
                       KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
                       &handle);
      if (ret) {
-diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp
 --- a/src/tests/dejagnu/krb-standalone/kadmin.exp
 +++ b/src/tests/dejagnu/krb-standalone/kadmin.exp
 @@ -1050,13 +1050,16 @@ proc kadmin_test { } {
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/048-dns-fix.patch
--- a/components/krb5/patches/048-dns-fix.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/048-dns-fix.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # feature that this patch is not intended to be contributed upstream.
 # Patch source: in-house
 #
-diff --git a/src/lib/kadm5/unit-test/api.current/init-v2.exp b/src/lib/kadm5/unit-test/api.current/init-v2.exp
 --- a/src/lib/kadm5/unit-test/api.current/init-v2.exp
 +++ b/src/lib/kadm5/unit-test/api.current/init-v2.exp
 @@ -14,7 +14,7 @@ proc get_hostname { } {
@@ -19,7 +18,6 @@
      if ![string match "" $exec_output] {
  	send_log "$exec_output\n"
  	verbose $exec_output
-diff --git a/src/lib/kadm5/unit-test/api.current/init.exp b/src/lib/kadm5/unit-test/api.current/init.exp
 --- a/src/lib/kadm5/unit-test/api.current/init.exp
 +++ b/src/lib/kadm5/unit-test/api.current/init.exp
 @@ -9,6 +9,39 @@ load_lib lib.t
@@ -84,7 +82,6 @@
  }
  
  return ""
-diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
 --- a/src/tests/dejagnu/config/default.exp
 +++ b/src/tests/dejagnu/config/default.exp
 @@ -682,7 +682,7 @@ proc get_hostname { } {
@@ -96,7 +93,6 @@
      envstack_pop
      if ![string match "" $exec_output] {
  	verbose -log $exec_output
-diff --git a/src/tests/resolve/Makefile.in b/src/tests/resolve/Makefile.in
 --- a/src/tests/resolve/Makefile.in
 +++ b/src/tests/resolve/Makefile.in
 @@ -8,7 +8,7 @@ SRCS=$(srcdir)/resolve.c $(srcdir)/addrinfo-test.c \
@@ -108,7 +104,6 @@
  
  addrinfo-test: addrinfo-test.o
  	$(CC_LINK) -o $@ addrinfo-test.o $(SUPPORT_LIB) $(LIBS)
-diff --git a/src/tests/resolve/resolve.c b/src/tests/resolve/resolve.c
 --- a/src/tests/resolve/resolve.c
 +++ b/src/tests/resolve/resolve.c
 @@ -73,6 +73,94 @@ char *strchr();
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/049-kpropd_no_retries.patch
--- a/components/krb5/patches/049-kpropd_no_retries.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/049-kpropd_no_retries.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -10,7 +10,6 @@
 # This is a Solaris specific change, it will not be contributed upstream.
 # Patch source: in-house
 #
-diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
 --- a/src/slave/kpropd.c
 +++ b/src/slave/kpropd.c
 @@ -734,18 +734,10 @@ reinit:
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/050-libverto_memleak.patch
--- a/components/krb5/patches/050-libverto_memleak.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/050-libverto_memleak.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -17,7 +17,6 @@
 #    https://fedorahosted.org/libverto/ticket/13
 # Patch source: in-house
 #
-diff --git a/src/util/verto/verto.c b/src/util/verto/verto.c
 --- a/src/util/verto/verto.c
 +++ b/src/util/verto/verto.c
 @@ -132,6 +132,11 @@ vresize(void *mem, size_t size)
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/051-fopenF.patch
--- a/components/krb5/patches/051-fopenF.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/051-fopenF.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # submitted to MIT until this is resolved in ON.
 # Patch source: in-house
 #
-diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c
 --- a/src/appl/gss-sample/gss-server.c
 +++ b/src/appl/gss-sample/gss-server.c
 @@ -709,7 +709,7 @@ main(int argc, char **argv)
@@ -19,7 +18,6 @@
                  display_file = logfile;
                  if (!logfile) {
                      perror(*argv);
-diff --git a/src/clients/ksu/authorization.c b/src/clients/ksu/authorization.c
 --- a/src/clients/ksu/authorization.c
 +++ b/src/clients/ksu/authorization.c
 @@ -100,7 +100,7 @@ krb5_error_code krb5_authorization(context, principal, luser,
@@ -40,7 +38,6 @@
              return 0;
          }
          if ( fowner(users_fp, pwd->pw_uid) == FALSE){
-diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c
 --- a/src/clients/ksu/ccache.c
 +++ b/src/clients/ksu/ccache.c
 @@ -375,7 +375,7 @@ krb5_get_login_princ(luser, princ_list)
@@ -52,7 +49,6 @@
          return 0;
      }
      /*
-diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c
 --- a/src/clients/ksu/heuristic.c
 +++ b/src/clients/ksu/heuristic.c
 @@ -222,7 +222,7 @@ get_authorized_princ_names(luser, cmd, princ_list)
@@ -73,7 +69,6 @@
              return 0;
  
          if ( fowner(users_fp, pwd->pw_uid) == FALSE){
-diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
 --- a/src/kadmin/dbutil/dump.c
 +++ b/src/kadmin/dbutil/dump.c
 @@ -1215,7 +1215,7 @@ current_dump_sno_in_ulog(krb5_context context, const char *ifile)
@@ -85,7 +80,7 @@
      if (f == NULL)
          return 0;              /* aliasing other errors to ENOENT here is OK */
  
-@@ -1537,7 +1537,7 @@ load_db(int argc, char **argv)
+@@ -1540,7 +1540,7 @@ load_db(int argc, char **argv)
  
      /* Open the dumpfile. */
      if (dumpfile != NULL) {
@@ -94,7 +89,6 @@
          if (f == NULL) {
              com_err(progname, errno, _("while opening %s"), dumpfile);
              goto error;
-diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
 --- a/src/kadmin/server/ovsec_kadmd.c
 +++ b/src/kadmin/server/ovsec_kadmd.c
 @@ -126,7 +126,7 @@ write_pid_file(const char *pid_file)
@@ -106,7 +100,6 @@
      if (file == NULL)
          return errno;
      pid = (unsigned long)getpid();
-diff --git a/src/kdc/main.c b/src/kdc/main.c
 --- a/src/kdc/main.c
 +++ b/src/kdc/main.c
 @@ -859,7 +859,7 @@ write_pid_file(const char *path)
@@ -118,7 +111,6 @@
      if (file == NULL)
          return errno;
      pid = (unsigned long) getpid();
-diff --git a/src/lib/gssapi/generic/util_errmap.c b/src/lib/gssapi/generic/util_errmap.c
 --- a/src/lib/gssapi/generic/util_errmap.c
 +++ b/src/lib/gssapi/generic/util_errmap.c
 @@ -176,7 +176,7 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
@@ -130,7 +122,6 @@
      if (f == NULL)
          f = stderr;
  #endif
-diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
 --- a/src/lib/gssapi/mechglue/g_initialize.c
 +++ b/src/lib/gssapi/mechglue/g_initialize.c
 @@ -1218,7 +1218,7 @@ loadConfigFile(const char *fileName)
@@ -142,7 +133,6 @@
  		return;
  	}
  
-diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
 --- a/src/lib/kadm5/logger.c
 +++ b/src/lib/kadm5/logger.c
 @@ -566,7 +566,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
@@ -181,7 +171,6 @@
              if (f) {
                  set_cloexec_file(f);
                  log_control.log_entries[lindex].lfu_filep = f;
-diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c
 --- a/src/lib/kadm5/srv/server_acl.c
 +++ b/src/lib/kadm5/srv/server_acl.c
 @@ -488,7 +488,7 @@ kadm5int_acl_load_acl_file()
@@ -193,7 +182,6 @@
      if (afp) {
          set_cloexec_file(afp);
          alineno = 1;
-diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
 --- a/src/lib/kdb/kdb_default.c
 +++ b/src/lib/kdb/kdb_default.c
 @@ -251,9 +251,9 @@ krb5_db_def_fetch_mkey_stash(krb5_context   context,
@@ -208,7 +196,6 @@
  #endif
              return KRB5_KDB_CANTREAD_STORED;
      set_cloexec_file(kf);
-diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c
 --- a/src/lib/krb5/ccache/cc_dir.c
 +++ b/src/lib/krb5/ccache/cc_dir.c
 @@ -153,7 +153,7 @@ read_primary_file(krb5_context context, const char *primary_path,
@@ -220,7 +207,6 @@
      if (fp == NULL)
          return ENOENT;
      ret = fgets(buf, sizeof(buf), fp);
-diff --git a/src/lib/krb5/ccache/ccselect_k5identity.c b/src/lib/krb5/ccache/ccselect_k5identity.c
 --- a/src/lib/krb5/ccache/ccselect_k5identity.c
 +++ b/src/lib/krb5/ccache/ccselect_k5identity.c
 @@ -168,7 +168,7 @@ k5identity_choose(krb5_context context, krb5_ccselect_moddata data,
@@ -232,7 +218,6 @@
      free(filename);
      if (fp == NULL)
          return KRB5_PLUGIN_NO_HANDLE;
-diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
 --- a/src/lib/krb5/keytab/kt_file.c
 +++ b/src/lib/krb5/keytab/kt_file.c
 @@ -1028,11 +1028,11 @@ typedef krb5_int16  krb5_kt_vno;
@@ -251,7 +236,6 @@
  #endif
  
  static krb5_error_code
-diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c
 --- a/src/lib/krb5/keytab/kt_srvtab.c
 +++ b/src/lib/krb5/keytab/kt_srvtab.c
 @@ -342,9 +342,9 @@ const struct _krb5_kt_ops krb5_kts_ops = {
@@ -266,7 +250,6 @@
  #endif
  
  /* The maximum sizes for V4 aname, realm, sname, and instance +1 */
-diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c
 --- a/src/lib/krb5/os/localaddr.c
 +++ b/src/lib/krb5/os/localaddr.c
 @@ -368,7 +368,7 @@ get_linux_ipv6_addrs ()
@@ -278,7 +261,6 @@
      if (f) {
          char ifname[21];
          unsigned int idx, pfxlen, scope, dadstat;
-diff --git a/src/lib/krb5/os/localauth_k5login.c b/src/lib/krb5/os/localauth_k5login.c
 --- a/src/lib/krb5/os/localauth_k5login.c
 +++ b/src/lib/krb5/os/localauth_k5login.c
 @@ -116,7 +116,7 @@ userok_k5login(krb5_context context, krb5_localauth_moddata data,
@@ -290,7 +272,6 @@
      if (fp == NULL) {
          ret = errno;
          goto cleanup;
-diff --git a/src/lib/krb5/rcache/t_replay.c b/src/lib/krb5/rcache/t_replay.c
 --- a/src/lib/krb5/rcache/t_replay.c
 +++ b/src/lib/krb5/rcache/t_replay.c
 @@ -66,7 +66,7 @@ dump_rcache(const char *filename)
@@ -302,7 +283,6 @@
      if (!fp) {
          fprintf(stderr, "Can't open filename: %s\n", strerror(errno));
          return;
-diff --git a/src/lib/krb5/unicode/ucdata/ucdata.c b/src/lib/krb5/unicode/ucdata/ucdata.c
 --- a/src/lib/krb5/unicode/ucdata/ucdata.c
 +++ b/src/lib/krb5/unicode/ucdata/ucdata.c
 @@ -156,7 +156,7 @@ _ucprop_load(char *paths, int reload)
@@ -368,7 +348,6 @@
        return -1;
  
      /*
-diff --git a/src/lib/krb5/unicode/ucdata/ucgendat.c b/src/lib/krb5/unicode/ucdata/ucgendat.c
 --- a/src/lib/krb5/unicode/ucdata/ucgendat.c
 +++ b/src/lib/krb5/unicode/ucdata/ucgendat.c
 @@ -1296,14 +1296,14 @@ write_cdata(char *opath)
@@ -460,7 +439,6 @@
                fprintf(stderr, "%s: unable to open ctype file %s\n",
                        prog, argv[0]);
              else {
-diff --git a/src/lib/rpc/getrpcent.c b/src/lib/rpc/getrpcent.c
 --- a/src/lib/rpc/getrpcent.c
 +++ b/src/lib/rpc/getrpcent.c
 @@ -121,7 +121,7 @@ SETRPCENT_TYPE setrpcent(int f)
@@ -481,7 +459,6 @@
  		return (NULL);
  	    set_cloexec_file(d->rpcf);
  	}
-diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c
 --- a/src/lib/rpc/svc_auth_gssapi.c
 +++ b/src/lib/rpc/svc_auth_gssapi.c
 @@ -57,7 +57,7 @@ void gssrpcint_printf(const char *format, ...)
@@ -493,7 +470,6 @@
  	if (f) {
  	    vfprintf(f, format, ap);
  	    fflush(f);
-diff --git a/src/plugins/audit/test/au_test.c b/src/plugins/audit/test/au_test.c
 --- a/src/plugins/audit/test/au_test.c
 +++ b/src/plugins/audit/test/au_test.c
 @@ -54,7 +54,7 @@ static k5_mutex_t lock = K5_MUTEX_PARTIAL_INITIALIZER;
@@ -505,13 +481,12 @@
      if (au_fd == NULL)
          return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
      k5_mutex_init(&lock);
-diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c
 --- a/src/plugins/kdb/db2/adb_openclose.c
 +++ b/src/plugins/kdb/db2/adb_openclose.c
-@@ -147,12 +147,12 @@ osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename,
+@@ -152,12 +152,12 @@ osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename,
+          * needs be open read/write so that write locking can work with
           * POSIX systems
           */
-         lockp->lockinfo.filename = strdup(lockfilename);
 -        if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
 +        if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+F")) == NULL) {
              /*
@@ -523,7 +498,6 @@
                  == NULL) {
                  free(db);
                  return OSA_ADB_NOLOCKFILE;
-diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_debug.c b/src/plugins/kdb/db2/libdb2/btree/bt_debug.c
 --- a/src/plugins/kdb/db2/libdb2/btree/bt_debug.c
 +++ b/src/plugins/kdb/db2/libdb2/btree/bt_debug.c
 @@ -66,7 +66,7 @@ __bt_dinit()
@@ -535,7 +509,6 @@
  		return;
  #endif
  	tracefp = stderr;
-diff --git a/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c b/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
 --- a/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
 +++ b/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
 @@ -18,7 +18,7 @@ void main(int argc, char *argv[]) {
@@ -547,7 +520,6 @@
      printf("Unable to open %s\n","data");
      exit(25);
    }
-diff --git a/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c b/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
 --- a/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
 +++ b/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
 @@ -224,7 +224,7 @@ user(db)
@@ -586,7 +558,6 @@
  		(void)fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
  		return;
  	}
-diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
 --- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
 +++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
 @@ -103,7 +103,7 @@ char **argv;
@@ -598,7 +569,6 @@
  		i = 0;
  		while ( fgets(wp1, 8192, fp) &&
  			fgets(wp2, 8192, fp) &&
-diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
 --- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
 +++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
 @@ -106,7 +106,7 @@ char **argv;
@@ -610,7 +580,6 @@
  		i = 0;
  		while ( fgets(wp1, 256, fp) &&
  			fgets(wp2, 8192, fp) &&
-diff --git a/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c b/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
 --- a/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
 +++ b/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
 @@ -19,8 +19,8 @@ main(void)
@@ -657,7 +626,6 @@
  
      db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_BINARY, 0664, DB_HASH, &passwd);
      n = 0;
-diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
 +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
 @@ -178,7 +178,7 @@ done:
@@ -678,7 +646,6 @@
          umask (omask);
          if (newfile == NULL) {
              com_err(me, errno, _("Error creating file %s"), tmp_file);
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
 @@ -87,7 +87,7 @@ krb5_ldap_readpassword(krb5_context context, const char *filename,
@@ -690,7 +657,6 @@
      if (fp == NULL) {
          ret = errno;
          k5_setmsg(context, ret, _("Cannot open LDAP password file '%s': %s"),
-diff --git a/src/plugins/locate/python/py-locate.c b/src/plugins/locate/python/py-locate.c
 --- a/src/plugins/locate/python/py-locate.c
 +++ b/src/plugins/locate/python/py-locate.c
 @@ -98,7 +98,7 @@ my_init(void)
@@ -702,7 +668,6 @@
      if (f == NULL) {
          if (sctx)
              krb5_set_error_message(sctx, -1,
-diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c
 --- a/src/plugins/preauth/otp/otp_state.c
 +++ b/src/plugins/preauth/otp/otp_state.c
 @@ -96,7 +96,7 @@ read_secret_file(const char *secret_file, char **secret)
@@ -714,7 +679,6 @@
      if (file == NULL) {
          retval = errno;
          com_err("otp", retval, "Unable to open secret file '%s'", filename);
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 @@ -4281,7 +4281,7 @@ pkinit_get_certs_pkcs12(krb5_context context,
@@ -726,7 +690,6 @@
      if (fp == NULL) {
          pkiDebug("Failed to open PKCS12 file '%s', error %d\n",
                   idopts->cert_filename, errno);
-diff --git a/src/plugins/preauth/pkinit/pkinit_lib.c b/src/plugins/preauth/pkinit/pkinit_lib.c
 --- a/src/plugins/preauth/pkinit/pkinit_lib.c
 +++ b/src/plugins/preauth/pkinit/pkinit_lib.c
 @@ -365,7 +365,7 @@ print_buffer_bin(unsigned char *buf, unsigned int len, char *filename)
@@ -738,7 +701,6 @@
          return;
  
      set_cloexec_file(f);
-diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
 --- a/src/plugins/tls/k5tls/openssl.c
 +++ b/src/plugins/tls/k5tls/openssl.c
 @@ -348,7 +348,7 @@ load_anchor_file(X509_STORE *store, const char *path)
@@ -750,7 +712,6 @@
      if (fp == NULL)
          return errno;
      sk = PEM_X509_INFO_read(fp, NULL, NULL, NULL);
-diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
 --- a/src/slave/kpropd.c
 +++ b/src/slave/kpropd.c
 @@ -1310,7 +1310,7 @@ authorized_principal(krb5_context context, krb5_principal p,
@@ -762,7 +723,6 @@
      if (acl_file == NULL)
          return FALSE;
  
-diff --git a/src/tests/asn.1/t_trval.c b/src/tests/asn.1/t_trval.c
 --- a/src/tests/asn.1/t_trval.c
 +++ b/src/tests/asn.1/t_trval.c
 @@ -93,7 +93,7 @@ int main(argc, argv)
@@ -774,7 +734,6 @@
                  fprintf(stderr,"trval: unable to open %s\n", *argv);
                  continue;
              }
-diff --git a/src/tests/gss-threads/gss-server.c b/src/tests/gss-threads/gss-server.c
 --- a/src/tests/gss-threads/gss-server.c
 +++ b/src/tests/gss-threads/gss-server.c
 @@ -733,7 +733,7 @@ main(int argc, char **argv)
@@ -786,7 +745,6 @@
                  display_file = logfile;
                  if (!logfile) {
                      perror(*argv);
-diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
 --- a/src/util/profile/prof_file.c
 +++ b/src/util/profile/prof_file.c
 @@ -126,7 +126,7 @@ static int rw_access(const_profile_filespec_t filespec)
@@ -825,7 +783,6 @@
      if (!f) {
          retval = errno;
          if (retval == 0)
-diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
 --- a/src/util/profile/prof_parse.c
 +++ b/src/util/profile/prof_parse.c
 @@ -213,7 +213,7 @@ static errcode_t parse_include_file(const char *filename,
@@ -837,7 +794,6 @@
      if (fp == NULL)
          return PROF_FAIL_INCLUDE_FILE;
      retval = parse_file(fp, &state, NULL);
-diff --git a/src/util/profile/test_parse.c b/src/util/profile/test_parse.c
 --- a/src/util/profile/test_parse.c
 +++ b/src/util/profile/test_parse.c
 @@ -25,7 +25,7 @@ int main(argc, argv)
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/052-krb5-config.patch
--- a/components/krb5/patches/052-krb5-config.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/052-krb5-config.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -25,7 +25,6 @@
 # The patch is not intended for upstream contribution.
 # Patch source: in-house
 #
-diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
 --- a/src/build-tools/krb5-config.in
 +++ b/src/build-tools/krb5-config.in
 @@ -30,10 +30,11 @@ version_string="Kerberos 5 release @KRB5_VERSION@"
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/053-kernel-mech.patch
--- a/components/krb5/patches/053-kernel-mech.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/053-kernel-mech.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -28,7 +28,6 @@
 # therefore should not be considered as an upstream contribution to MIT.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/generic/Makefile.in b/src/lib/gssapi/generic/Makefile.in
 --- a/src/lib/gssapi/generic/Makefile.in
 +++ b/src/lib/gssapi/generic/Makefile.in
 @@ -66,6 +66,7 @@ SRCS = \
@@ -55,7 +54,6 @@
  	util_set.o \
  	util_seqstate.o \
  	util_token.o \
-diff --git a/src/lib/gssapi/generic/deps b/src/lib/gssapi/generic/deps
 --- a/src/lib/gssapi/generic/deps
 +++ b/src/lib/gssapi/generic/deps
 @@ -64,6 +64,13 @@ util_errmap.so util_errmap.po $(OUTPRE)util_errmap.$(OBJEXT): \
@@ -72,7 +70,6 @@
  util_set.so util_set.po $(OUTPRE)util_set.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
    $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
-diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h
 --- a/src/lib/gssapi/generic/gssapiP_generic.h
 +++ b/src/lib/gssapi/generic/gssapiP_generic.h
 @@ -116,6 +116,12 @@
@@ -108,7 +105,6 @@
  char *g_strdup (char *str);
  
  /** declarations of internal name mechanism functions **/
-diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
 --- a/src/lib/gssapi/krb5/accept_sec_context.c
 +++ b/src/lib/gssapi/krb5/accept_sec_context.c
 @@ -435,6 +435,7 @@ kg_accept_krb5(minor_status, context_handle,
@@ -119,15 +115,15 @@
      krb5_gss_cred_id_t cred = 0;
      krb5_data ap_rep, ap_req;
      unsigned int i;
-@@ -698,6 +699,7 @@ kg_accept_krb5(minor_status, context_handle,
-         }
- 
-         gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+@@ -701,6 +702,7 @@ kg_accept_krb5(minor_status, context_handle,
+         gss_flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+         if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED)
+             gss_flags |= GSS_C_MUTUAL_FLAG;
 +	bigend = 0;
      } else {
          /* gss krb5 v1 */
  
-@@ -725,14 +727,22 @@ kg_accept_krb5(minor_status, context_handle,
+@@ -728,14 +730,22 @@ kg_accept_krb5(minor_status, context_handle,
          }
  
          ptr = (unsigned char *) authdat->checksum->contents;
@@ -156,7 +152,7 @@
  
          /*
            The following section of code attempts to implement the
-@@ -773,7 +783,7 @@ kg_accept_krb5(minor_status, context_handle,
+@@ -776,7 +786,7 @@ kg_accept_krb5(minor_status, context_handle,
  
          /* Read the token flags.  Remember if GSS_C_DELEG_FLAG was set, but
           * mask it out until we actually read a delegated credential. */
@@ -165,7 +161,7 @@
          token_deleg_flag = (gss_flags & GSS_C_DELEG_FLAG);
          gss_flags &= ~GSS_C_DELEG_FLAG;
  
-@@ -782,8 +792,8 @@ kg_accept_krb5(minor_status, context_handle,
+@@ -785,8 +795,8 @@ kg_accept_krb5(minor_status, context_handle,
          i = authdat->checksum->length - 24;
          if (i && token_deleg_flag) {
              if (i >= 4) {
@@ -176,7 +172,7 @@
                  i -= 4;
  
                  if (i < option.length) {
-@@ -880,6 +890,7 @@ kg_accept_krb5(minor_status, context_handle,
+@@ -883,6 +893,7 @@ kg_accept_krb5(minor_status, context_handle,
                                        GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
                                        GSS_C_EXTENDED_ERROR_FLAG)));
      ctx->seed_init = 0;
@@ -184,7 +180,6 @@
      ctx->cred_rcache = cred_rcache;
  
      /* XXX move this into gss_name_t */
-diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h
 +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
 @@ -205,6 +205,7 @@ typedef struct _krb5_gss_ctx_id_rec {
@@ -195,7 +190,6 @@
      unsigned int have_acceptor_subkey : 1;
      unsigned int seed_init : 1;  /* XXX tested but never actually set */
      unsigned int terminated : 1;
-diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
 --- a/src/lib/gssapi/krb5/gssapi_krb5.c
 +++ b/src/lib/gssapi/krb5/gssapi_krb5.c
 @@ -1046,6 +1046,7 @@ static int gss_krb5mechglue_init(void)
@@ -206,7 +200,6 @@
      gssint_register_mechinfo(&mech_krb5);
  
      mech_krb5.mechNameStr = "kerberos_v5_old";
-diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c
 --- a/src/lib/gssapi/krb5/import_sec_context.c
 +++ b/src/lib/gssapi/krb5/import_sec_context.c
 @@ -107,7 +107,6 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
@@ -217,7 +210,6 @@
  
      ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
  
-diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c
 --- a/src/lib/gssapi/krb5/ser_sctx.c
 +++ b/src/lib/gssapi/krb5/ser_sctx.c
 @@ -150,6 +150,22 @@ kg_oid_size(kcontext, arg, sizep)
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/054-trailing-comments.patch
--- a/components/krb5/patches/054-trailing-comments.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/054-trailing-comments.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # so this is Solaris only for now.
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
 --- a/src/lib/krb5/os/locate_kdc.c
 +++ b/src/lib/krb5/os/locate_kdc.c
 @@ -270,6 +270,9 @@ locate_srv_conf_1(krb5_context context, const krb5_data *realm,
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/055-register_gsscred.patch
--- a/components/krb5/patches/055-register_gsscred.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/055-register_gsscred.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # This is a Solaris specific patch, it is not meant for upstream contribution.
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/os/localauth.c b/src/lib/krb5/os/localauth.c
 --- a/src/lib/krb5/os/localauth.c
 +++ b/src/lib/krb5/os/localauth.c
 @@ -133,6 +133,10 @@ get_modules(krb5_context context, krb5_plugin_initvt_fn **modules_out)
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/057-des-md5-fix.patch
--- a/components/krb5/patches/057-des-md5-fix.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/057-des-md5-fix.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -6,7 +6,6 @@
 # Patch source: in-house
 #
 
-diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
 --- a/src/kdc/kdc_util.c
 +++ b/src/kdc/kdc_util.c
 @@ -987,16 +987,11 @@ dbentry_supports_enctype(kdc_realm_t *kdc_active_realm, krb5_db_entry *server,
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/058-man-pages.patch
--- a/components/krb5/patches/058-man-pages.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/058-man-pages.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -6,7 +6,6 @@
 # that the associated updates are for Solaris only features.
 # Patch source: in-house
 #
-diff --git a/src/man/kadm5.acl.man b/src/man/kadm5.acl.man
 --- a/src/man/kadm5.acl.man
 +++ b/src/man/kadm5.acl.man
 @@ -131,6 +131,12 @@ T}	T{
@@ -22,7 +21,6 @@
  x
  T}	T{
  Short for admcilsp. All privileges
-diff --git a/src/man/kadmind.man b/src/man/kadmind.man
 --- a/src/man/kadmind.man
 +++ b/src/man/kadmind.man
 @@ -141,4 +141,16 @@ MIT
@@ -42,7 +40,6 @@
 +Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command.
 +.sp
  .
-diff --git a/src/man/kdc.conf.man b/src/man/kdc.conf.man
 --- a/src/man/kdc.conf.man
 +++ b/src/man/kdc.conf.man
 @@ -96,6 +96,8 @@ subsection does not contain a relation for the tag.  See the
@@ -142,7 +139,6 @@
  .ft P
  .fi
  .UNINDENT
-diff --git a/src/man/kpropd.man b/src/man/kpropd.man
 --- a/src/man/kpropd.man
 +++ b/src/man/kpropd.man
 @@ -158,4 +158,16 @@ MIT
@@ -162,7 +158,6 @@
 +Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command.
 +.sp
  .
-diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man
 --- a/src/man/krb5.conf.man
 +++ b/src/man/krb5.conf.man
 @@ -204,6 +204,10 @@ set if backward compatibility requires a specific checksum type.
@@ -238,7 +233,6 @@
  .SS [plugins]
  .INDENT 0.0
  .INDENT 3.5
-diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man
 --- a/src/man/krb5kdc.man
 +++ b/src/man/krb5kdc.man
 @@ -152,4 +152,16 @@ MIT
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/059-man-pages-fix-paths.patch
--- a/components/krb5/patches/059-man-pages-fix-paths.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/059-man-pages-fix-paths.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -7,7 +7,6 @@
 # update.
 # Patch source: in-house
 #
-diff --git a/src/man/kadm5.acl.man b/src/man/kadm5.acl.man
 --- a/src/man/kadm5.acl.man
 +++ b/src/man/kadm5.acl.man
 @@ -38,7 +38,7 @@ For operations that affect principals, the ACL file also controls
@@ -19,7 +18,6 @@
  variable in \fIkdc.conf(5)\fP\&.
  .SH SYNTAX
  .sp
-diff --git a/src/man/kadmind.man b/src/man/kadmind.man
 --- a/src/man/kadmind.man
 +++ b/src/man/kadmind.man
 @@ -67,7 +67,7 @@ settings.
@@ -31,7 +29,6 @@
  .UNINDENT
  .sp
  After the server begins running, it puts itself in the background and
-diff --git a/src/man/kdb5_ldap_util.man b/src/man/kdb5_ldap_util.man
 --- a/src/man/kdb5_ldap_util.man
 +++ b/src/man/kdb5_ldap_util.man
 @@ -325,7 +325,7 @@ to the LDAP server.  Options:
@@ -43,7 +40,6 @@
  .TP
  .B \fIname\fP
  Specifies the name of the object whose password is to be stored.
-diff --git a/src/man/kdc.conf.man b/src/man/kdc.conf.man
 --- a/src/man/kdc.conf.man
 +++ b/src/man/kdc.conf.man
 @@ -39,7 +39,7 @@ KDC programs mentioned, krb5.conf and kdc.conf will be merged into a
@@ -144,7 +140,6 @@
  .SH SEE ALSO
  .sp
  \fIkrb5.conf(5)\fP, \fIkrb5kdc(8)\fP, \fIkadm5.acl(5)\fP
-diff --git a/src/man/kprop.man b/src/man/kprop.man
 --- a/src/man/kprop.man
 +++ b/src/man/kprop.man
 @@ -54,7 +54,7 @@ Specifies the realm of the master server.
@@ -156,7 +151,6 @@
  .TP
  .B \fB\-P\fP \fIport\fP
  Specifies the port to use to contact the \fIkpropd(8)\fP server
-diff --git a/src/man/kpropd.man b/src/man/kpropd.man
 --- a/src/man/kpropd.man
 +++ b/src/man/kpropd.man
 @@ -106,7 +106,7 @@ default, the master admin server is contacted.
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/060-header-files-cleanup.patch
--- a/components/krb5/patches/060-header-files-cleanup.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/060-header-files-cleanup.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -11,7 +11,6 @@
 #       pushed upstream. We will maintain them as patch.
 # Patch source: in-house
 #
-diff --git a/src/lib/gssapi/generic/gssapi.hin b/src/lib/gssapi/generic/gssapi.hin
 --- a/src/lib/gssapi/generic/gssapi.hin
 +++ b/src/lib/gssapi/generic/gssapi.hin
 @@ -55,11 +55,6 @@ extern "C" {
@@ -26,7 +25,6 @@
   * POSIX says that sys/types.h is where size_t is defined.
   */
  #include <sys/types.h>
-diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
 --- a/src/lib/kadm5/admin.h
 +++ b/src/lib/kadm5/admin.h
 @@ -547,6 +547,9 @@ kadm5_ret_t    kadm5_free_strings(void *server_handle,
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/062-ldap-fixes.patch
--- a/components/krb5/patches/062-ldap-fixes.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/062-ldap-fixes.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -27,7 +27,6 @@
 # I think we don't need a ticket for this, since it isn't really a
 # user-visible bug.
 # Patch source: in-house
-diff --git a/src/man/kdc.conf.man b/src/man/kdc.conf.man
 --- a/src/man/kdc.conf.man
 +++ b/src/man/kdc.conf.man
 @@ -533,6 +533,8 @@ passwords (created by \fBkdb5_ldap_util stashsrvpw\fP) for the
@@ -39,7 +38,6 @@
  .TP
  .B \fBunlockiter\fP
  If set to \fBtrue\fP, this DB2\-specific tag causes iteration
-diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
 +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
 @@ -125,7 +125,8 @@ kdb5_ldap_stash_service_password(int argc, char **argv)
@@ -52,7 +50,6 @@
      }
  done:
  
-diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
 +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
 @@ -32,8 +32,6 @@
@@ -64,7 +61,6 @@
  extern int tohex(krb5_data, krb5_data *);
  
  extern void kdb5_ldap_stash_service_password(int argc, char **argv);
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
 @@ -176,6 +176,7 @@ krb5_ldap_cleanup_handles(krb5_ldap_server_info *ldap_server_info)
@@ -75,7 +71,6 @@
          free (ldap_server_handle);
          ldap_server_handle = NULL;
      }
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
 @@ -360,6 +360,17 @@ krb5_ldap_read_server_params(krb5_context context, char *conf_section,
@@ -96,7 +91,6 @@
      }
  
      if (ldap_context->sasl_mech == NULL) {
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
 @@ -36,6 +36,8 @@
@@ -108,7 +102,6 @@
  /* misc functions */
  
  krb5_boolean
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
 @@ -461,7 +461,8 @@ krb5_ldap_iterate_password_policy(krb5_context context, char *match_expr,
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/063-disable-rev-dns-lookup.patch
--- a/components/krb5/patches/063-disable-rev-dns-lookup.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/063-disable-rev-dns-lookup.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -4,7 +4,6 @@
 # Solaris in this regard.  MIT will not take this change upstream.
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c
 --- a/src/lib/krb5/os/sn2princ.c
 +++ b/src/lib/krb5/os/sn2princ.c
 @@ -36,7 +36,7 @@
@@ -16,7 +15,6 @@
  #endif
  
  /*
-diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man
 --- a/src/man/krb5.conf.man
 +++ b/src/man/krb5.conf.man
 @@ -473,7 +473,7 @@ default, if allowed by the KDC.  The default value is false.
@@ -28,7 +26,6 @@
  .TP
  .B \fBrealm_try_domains\fP
  Indicate whether a host\(aqs domain components should be used to
-diff --git a/src/tests/t_sn2princ.py b/src/tests/t_sn2princ.py
 --- a/src/tests/t_sn2princ.py
 +++ b/src/tests/t_sn2princ.py
 @@ -6,10 +6,12 @@ offline = (len(args) > 0 and args[0] != "no")
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/065-no_MD5_in_rcache.patch
--- a/components/krb5/patches/065-no_MD5_in_rcache.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/065-no_MD5_in_rcache.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -15,7 +15,6 @@
 # http://mailman.mit.edu/pipermail/krbdev/2015-December/012508.html
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/rcache/rc_conv.c b/src/lib/krb5/rcache/rc_conv.c
 --- a/src/lib/krb5/rcache/rc_conv.c
 +++ b/src/lib/krb5/rcache/rc_conv.c
 @@ -55,7 +55,7 @@ krb5_rc_hash_message(krb5_context context, const krb5_data *message,
@@ -27,7 +26,6 @@
                                    message, &cksum);
      if (retval)
          return retval;
-diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
 --- a/src/lib/krb5/rcache/rc_dfl.c
 +++ b/src/lib/krb5/rcache/rc_dfl.c
 @@ -391,7 +391,7 @@ parse_counted_string(char **strptr, char **result)
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/068-ldif-format.patch
--- a/components/krb5/patches/068-ldif-format.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/068-ldif-format.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -8,7 +8,6 @@
 #
 # Patch source: in-house
 #
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
 --- a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
 @@ -46,7 +46,7 @@ attributetypes: ( 2.16.840.1.113719.1.301.4.1.1
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/069-k5identity-disable.patch
--- a/components/krb5/patches/069-k5identity-disable.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/069-k5identity-disable.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -16,7 +16,6 @@
 #
 # Patch source: in-house
 #
-diff --git a/src/lib/krb5/ccache/ccselect.c b/src/lib/krb5/ccache/ccselect.c
 --- a/src/lib/krb5/ccache/ccselect.c
 +++ b/src/lib/krb5/ccache/ccselect.c
 @@ -59,12 +59,17 @@ load_modules(krb5_context context)
@@ -39,7 +38,6 @@
  
      ret = k5_plugin_register(context, PLUGIN_INTERFACE_CCSELECT, "realm",
                               ccselect_realm_initvt);
-diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man
 --- a/src/man/krb5.conf.man
 +++ b/src/man/krb5.conf.man
 @@ -943,10 +943,6 @@ dynamic modules, the following built\-in modules exist (and may be
@@ -53,7 +51,6 @@
  .B \fBrealm\fP
  Uses the service realm to guess an appropriate cache from the
  collection
-diff --git a/src/tests/gssapi/t_ccselect.py b/src/tests/gssapi/t_ccselect.py
 --- a/src/tests/gssapi/t_ccselect.py
 +++ b/src/tests/gssapi/t_ccselect.py
 @@ -103,22 +103,24 @@ r1.run(['./t_ccselect', gssserver], expected_code=1)
@@ -98,7 +95,6 @@
 +    "k5identity tests...\n");
  
  success('GSSAPI credential selection tests')
-diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py
 --- a/src/tests/gssapi/t_client_keytab.py
 +++ b/src/tests/gssapi/t_client_keytab.py
 @@ -21,15 +21,17 @@ if realm.user_princ not in out:
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/070-gss_store_cred-fix.patch
--- a/components/krb5/patches/070-gss_store_cred-fix.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/070-gss_store_cred-fix.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -10,7 +10,6 @@
 # Patch source: in-house
 #
 
-diff --git a/src/lib/gssapi/krb5/store_cred.c b/src/lib/gssapi/krb5/store_cred.c
 --- a/src/lib/gssapi/krb5/store_cred.c
 +++ b/src/lib/gssapi/krb5/store_cred.c
 @@ -143,6 +143,15 @@ copy_initiator_creds(OM_uint32 *minor_status,
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/071-t_kdb-slapd.patch
--- a/components/krb5/patches/071-t_kdb-slapd.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/071-t_kdb-slapd.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -6,7 +6,6 @@
 # Patch source: in-house
 #
 
-diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
 --- a/src/tests/t_kdb.py
 +++ b/src/tests/t_kdb.py
 @@ -14,7 +14,10 @@ if (not os.path.exists(os.path.join(plugins, 'kdb', 'kldap.so')) and
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/072-client-keytab-fix.patch
--- a/components/krb5/patches/072-client-keytab-fix.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/072-client-keytab-fix.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -14,7 +14,6 @@
 # Patch source: in-house
 #
 
-diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
 --- a/src/include/k5-trace.h
 +++ b/src/include/k5-trace.h
 @@ -180,6 +180,9 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
@@ -27,7 +26,6 @@
  #define TRACE_ENCTYPE_LIST_UNKNOWN(c, profvar, name)                    \
      TRACE(c, "Unrecognized enctype name in {str}: {str}", profvar, name)
  
-diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
 --- a/src/lib/gssapi/krb5/acquire_cred.c
 +++ b/src/lib/gssapi/krb5/acquire_cred.c
 @@ -348,6 +348,9 @@ can_get_initial_creds(krb5_context context, krb5_gss_cred_id_rec *cred)
@@ -85,7 +83,6 @@
      if (code)
          goto error;
  
-diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
 --- a/src/lib/gssapi/krb5/iakerb.c
 +++ b/src/lib/gssapi/krb5/iakerb.c
 @@ -454,9 +454,11 @@ iakerb_init_creds_ctx(iakerb_ctx_id_t ctx,
@@ -101,7 +98,6 @@
      }
      if (code != 0)
          goto cleanup;
-diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py
 --- a/src/tests/gssapi/t_client_keytab.py
 +++ b/src/tests/gssapi/t_client_keytab.py
 @@ -141,4 +141,14 @@ if 'No credentials cache found' not in out:
diff -r d12ba5c9b5db -r 14cbeb78966a components/krb5/patches/073-root-init-cred-kt.patch
--- a/components/krb5/patches/073-root-init-cred-kt.patch	Fri Sep 23 11:19:39 2016 -0700
+++ b/components/krb5/patches/073-root-init-cred-kt.patch	Mon Sep 26 15:58:55 2016 -0700
@@ -18,7 +18,7 @@
  
  #ifdef USE_LEASH
  #ifdef _WIN64
-@@ -88,6 +89,9 @@
+@@ -88,6 +89,9 @@ static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,
  static HANDLE hLeashDLL = INVALID_HANDLE_VALUE;
  #endif
  
@@ -28,7 +28,7 @@
  #ifndef LEAN_CLIENT
  k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER;
  static char *krb5_gss_keytab = NULL;
-@@ -590,6 +594,151 @@
+@@ -590,6 +594,151 @@ kg_cred_set_initial_refresh(krb5_context context, krb5_gss_cred_id_rec *cred,
      set_refresh_time(context, cred->ccache, refresh);
  }
  
@@ -180,7 +180,7 @@
  /* Get initial credentials using the supplied password or client keytab. */
  static krb5_error_code
  get_initial_cred(krb5_context context, krb5_gss_cred_id_rec *cred)
-@@ -609,8 +758,41 @@
+@@ -609,8 +758,41 @@ get_initial_cred(krb5_context context, krb5_gss_cred_id_rec *cred)
                                              cred->password, NULL, NULL, 0,
                                              NULL, opt);
      } else if (cred->client_keytab != NULL) {
@@ -224,7 +224,7 @@
      } else {
          code = KRB5_KT_NOTFOUND;
      }
-@@ -700,6 +882,23 @@
+@@ -700,6 +882,23 @@ acquire_init_cred(krb5_context context,
              krb5_clear_error_message(context);
              code = 0;
          }
@@ -250,7 +250,7 @@
          goto error;
 --- a/src/lib/krb5/keytab/Makefile.in
 +++ b/src/lib/krb5/keytab/Makefile.in
-@@ -13,6 +13,7 @@
+@@ -13,6 +13,7 @@ STLIBOBJS= \
  	ktremove.o	\
  	ktfns.o		\
  	kt_file.o	\
@@ -258,7 +258,7 @@
  	kt_memory.o	\
  	kt_srvtab.o	\
  	read_servi.o	\
-@@ -26,6 +27,7 @@
+@@ -26,6 +27,7 @@ OBJS=	\
  	$(OUTPRE)ktremove.$(OBJEXT)	\
  	$(OUTPRE)ktfns.$(OBJEXT)	\
  	$(OUTPRE)kt_file.$(OBJEXT)	\
@@ -266,7 +266,7 @@
  	$(OUTPRE)kt_memory.$(OBJEXT)	\
  	$(OUTPRE)kt_srvtab.$(OBJEXT)	\
  	$(OUTPRE)read_servi.$(OBJEXT)	\
-@@ -39,6 +41,7 @@
+@@ -39,6 +41,7 @@ SRCS=	\
  	$(srcdir)/ktremove.c	\
  	$(srcdir)/ktfns.c	\
  	$(srcdir)/kt_file.c	\