From 76843c3ef01a06ba162cf5174009df5ca5e7fb02 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Sep 30 2016 17:38:09 +0000
Subject: Properly close krad sockets


Resolves: #1380836

---

diff --git a/Properly-handle-EOF-condition-on-libkrad-sockets.patch b/Properly-handle-EOF-condition-on-libkrad-sockets.patch
new file mode 100644
index 0000000..7c989d0
--- /dev/null
+++ b/Properly-handle-EOF-condition-on-libkrad-sockets.patch
@@ -0,0 +1,49 @@
+From 9a3a64665819a0e1ee82953bf879f57d6f433358 Mon Sep 17 00:00:00 2001
+From: Nathaniel McCallum <npmccallum@redhat.com>
+Date: Fri, 30 Sep 2016 10:03:33 -0400
+Subject: [PATCH] Properly handle EOF condition on libkrad sockets
+
+In the previous code, when the remote peer performed an orderly shutdown
+on the socket, libkrad would enter a state in which all future requests
+timed out.  Instead, if the peer shuts down its socket, we need to
+attempt to reopen it.
+
+ticket: 8504 (new)
+target_version: 1.14-next
+tags: pullup
+
+(cherry picked from commit 248497427d5a45225817b6c22e9224e8ad969872)
+---
+ src/lib/krad/remote.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c
+index df3de3a..68cd16f 100644
+--- a/src/lib/krad/remote.c
++++ b/src/lib/krad/remote.c
+@@ -329,16 +329,15 @@ on_io_read(krad_remote *rr)
+     /* Read the packet. */
+     i = recv(verto_get_fd(rr->io), rr->buffer.data + rr->buffer.length,
+              pktlen, 0);
+-    if (i < 0) {
+-        /* Should we try again? */
+-        if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
+-            return;
+ 
+-        /* The socket is unrecoverable. */
++    /* On these errors, try again. */
++    if (i < 0 && (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR))
++        return;
++
++    /* On any other errors or on EOF, the socket is unrecoverable. */
++    if (i <= 0) {
+         remote_shutdown(rr);
+         return;
+-    } else if (i == 0) {
+-        remote_del_flags(rr, FLAGS_READ);
+     }
+ 
+     /* If we have a partial read or just the header, try again. */
+-- 
+2.9.3
+
diff --git a/krb5.spec b/krb5.spec
index 10447f9..a3bc7db 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -13,7 +13,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.14.4
-Release: 4%{?dist}
+Release: 5%{?dist}
 # - Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
 # - The sources below are stored in a lookaside cache. Upload with
@@ -68,6 +68,7 @@ Patch20: Don-t-feed-OS-RNG-output-into-the-OS-RNG.patch
 Patch21: Rename-prng_os.c-to-prng_device.c.patch
 Patch22: Add-getrandom-to-k5_get_os_entropy-using-syscall.patch
 Patch23: Add-OS-prng-intended-for-use-with-getrandom.patch
+Patch24: Properly-handle-EOF-condition-on-libkrad-sockets.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -722,6 +723,10 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Fri Sep 30 2016 Robbie Harwood <rharwood@redhat.com> - 1.14.4-5
+- Properly close krad sockets
+- Resolves: #1380836
+
 * Fri Sep 30 2016 Robbie Harwood <rharwood@redhat.com> - 1.14.4-4
 - Fix backward check in kprop.service