summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarino <marino@pkgsrc.org>2011-11-28 19:33:13 +0000
committermarino <marino@pkgsrc.org>2011-11-28 19:33:13 +0000
commitacb9ab6be46fc93b7fa724db6fa262819e65a69f (patch)
treeaac10b4a0b86e9121d7380bdf172a767c094ea98
parent3b33120a877b9523e4bb172e833ee1e915517693 (diff)
downloadpkgsrc-acb9ab6be46fc93b7fa724db6fa262819e65a69f.tar.gz
security/kth-krb4: Add DragonFly and FreeBSD support
The majority of these patches were inspired from FreeBSD's ports. FreeBSD, along with at least Debian, have removed Kerberos4 due to secuity concerns. From: http://web.mit.edu/kerberos/krb4-end-of-life.html : "Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos." This end-of-life announcement is dated 19 October 2006. I think it's a good question to ask why this package and the packages that depend on it are still in pkgsrc.
-rw-r--r--security/kth-krb4/Makefile15
-rw-r--r--security/kth-krb4/PLIST14
-rw-r--r--security/kth-krb4/distinfo14
-rw-r--r--security/kth-krb4/patches/patch-aa29
-rw-r--r--security/kth-krb4/patches/patch-appl_ftp_ftpd_ftpcmd.y31
-rw-r--r--security/kth-krb4/patches/patch-appl_ftp_ftpd_pathnames.h14
-rw-r--r--security/kth-krb4/patches/patch-lib_kadm_kadm_cli_wrap.c18
-rw-r--r--security/kth-krb4/patches/patch-lib_krb_krb-protos.h64
-rw-r--r--security/kth-krb4/patches/patch-lib_krb_krb_check_auth.c16
-rw-r--r--security/kth-krb4/patches/patch-lib_krb_mk_priv.c18
-rw-r--r--security/kth-krb4/patches/patch-lib_krb_rd_priv.c18
-rw-r--r--security/kth-krb4/patches/patch-lib_krb_recvauth.c16
-rw-r--r--security/kth-krb4/patches/patch-lib_krb_sendauth.c16
-rw-r--r--security/kth-krb4/patches/patch-lib_krb_solaris_compat.c32
14 files changed, 299 insertions, 16 deletions
diff --git a/security/kth-krb4/Makefile b/security/kth-krb4/Makefile
index 1c7f6ec8d3f..fcc0480ae14 100644
--- a/security/kth-krb4/Makefile
+++ b/security/kth-krb4/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.53 2011/03/24 05:38:01 obache Exp $
+# $NetBSD: Makefile,v 1.54 2011/11/28 19:33:13 marino Exp $
#
DISTNAME= krb4-1.2.2
PKGNAME= kth-krb4-1.2.2
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= security net
MASTER_SITES= ftp://ftp.pdc.kth.se/pub/krb/src/
@@ -66,7 +66,16 @@ CONFIGURE_ARGS+= --with-readline=yes \
.include "../../devel/readline/buildlink3.mk"
.endif
-PLIST_VARS+= glob
+PLIST_VARS+= glob wantdes
+
+.if ${OPSYS} == "DragonFly" || ${OPSYS} == "FreeBSD"
+CPPFLAGS+= -DOPENSSL_DES_LIBDES_COMPATIBILITY
+.if ${MACHINE_ARCH} == "x86_64" || ${MACHINE_ARCH} == "amd64"
+CFLAGS+= -fPIC
+.endif
+.else
+PLIST.wantdes= yes
+.endif
post-install:
${INSTALL_DATA_DIR} ${DESTDIR}${EXAMPLEDIR}
diff --git a/security/kth-krb4/PLIST b/security/kth-krb4/PLIST
index 6a7be75f270..e24928f59e4 100644
--- a/security/kth-krb4/PLIST
+++ b/security/kth-krb4/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.17 2011/03/24 05:38:01 obache Exp $
+@comment $NetBSD: PLIST,v 1.18 2011/11/28 19:33:13 marino Exp $
bin/afslog
bin/compile_et
bin/k4ftp
@@ -51,27 +51,27 @@ include/kerberosIV/krb_db.h
include/kerberosIV/krb_err.h
include/kerberosIV/krb_log.h
include/kerberosIV/ktypes.h
-include/kerberosIV/md4.h
-include/kerberosIV/md5.h
+${PLIST.wantdes}include/kerberosIV/md4.h
+${PLIST.wantdes}include/kerberosIV/md5.h
include/kerberosIV/otp.h
include/kerberosIV/parse_bytes.h
include/kerberosIV/parse_time.h
include/kerberosIV/parse_units.h
include/kerberosIV/prot.h
include/kerberosIV/protos.h
-include/kerberosIV/rc4.h
+${PLIST.wantdes}include/kerberosIV/rc4.h
include/kerberosIV/resolve.h
include/kerberosIV/roken-common.h
include/kerberosIV/roken.h
include/kerberosIV/rtbl.h
-include/kerberosIV/sha.h
+${PLIST.wantdes}include/kerberosIV/sha.h
include/kerberosIV/sl.h
include/kerberosIV/ss/ss.h
include/kerberosIV/xdbm.h
info/kth-krb.info
lib/libacl.la
lib/libcom_err.la
-lib/libdes.la
+${PLIST.wantdes}lib/libdes.la
lib/libeditline.la
lib/libkadm.la
lib/libkafs.la
@@ -125,7 +125,7 @@ man/man1/tenletxr.1
man/man1/xnlock.1
man/man3/acl_check.3
man/man3/arg_printusage.3
-man/man3/des_crypt.3
+${PLIST.wantdes}man/man3/des_crypt.3
man/man3/editline.3
man/man3/getarg.3
man/man3/k_afs_cell_of_file.3
diff --git a/security/kth-krb4/distinfo b/security/kth-krb4/distinfo
index 50fa777f4af..684cd2aff61 100644
--- a/security/kth-krb4/distinfo
+++ b/security/kth-krb4/distinfo
@@ -1,14 +1,24 @@
-$NetBSD: distinfo,v 1.13 2011/03/24 05:38:01 obache Exp $
+$NetBSD: distinfo,v 1.14 2011/11/28 19:33:13 marino Exp $
SHA1 (krb4-1.2.2.tar.gz) = 41379763161d0b94646adb8847b83f92e5c985a4
RMD160 (krb4-1.2.2.tar.gz) = 585f19767c610c31ca5be59d8cf61724739969f1
Size (krb4-1.2.2.tar.gz) = 1876603 bytes
-SHA1 (patch-aa) = 0585d1b3a0242c013dbe09b61c28049cbae0cb92
+SHA1 (patch-aa) = 7e5978bc3e4b5c6d65cb00a092b1fa9f06e062e8
SHA1 (patch-ab) = 94e4abdeeb0263eac7207fac120e10d190fb0f30
SHA1 (patch-ac) = 8e3f1ea92fdb45c1d48c5f1719dcf3eb0ed2a52d
SHA1 (patch-ad) = 48ebf93893662ecc10e56e0653351f80359b12b0
SHA1 (patch-ae) = 654d92268a6c693d566acde1a7c881dc6dea2166
SHA1 (patch-ah) = 5d09fc774b0d35070036aebd1339b32ed38137de
SHA1 (patch-ai) = dc9db52ff819cc08753e8fe98397187df1dd0310
+SHA1 (patch-appl_ftp_ftpd_ftpcmd.y) = bdc54dd4e955b0202afd4fcd45ef6c9a08e8863d
+SHA1 (patch-appl_ftp_ftpd_pathnames.h) = b55d56593aaff44b0ffd5f89fe46eccce53e5f50
SHA1 (patch-cf_Makefile.am.common) = 259477799fd5c473ec6561c1046dd5977eb58cdb
+SHA1 (patch-lib_kadm_kadm_cli_wrap.c) = c99ab4c066e03b7545b36089588ab7b6b3043d9d
+SHA1 (patch-lib_krb_krb-protos.h) = 44721a1a231cc6794b298962cb1e5078fb0c5770
+SHA1 (patch-lib_krb_krb_check_auth.c) = dd8b1724ba8448f0478bb1eee1477deebc985955
+SHA1 (patch-lib_krb_mk_priv.c) = 7e55c4927021850f7f4a59ee18139d54cc9b97a1
+SHA1 (patch-lib_krb_rd_priv.c) = f2d9956089a07ffa74634e0397c71ff099134441
+SHA1 (patch-lib_krb_recvauth.c) = 036dc80a0dd452d3d323b44734b39826c8d8806c
+SHA1 (patch-lib_krb_sendauth.c) = 1beb1514eae8876eae0efd758a38f1e6055942f7
+SHA1 (patch-lib_krb_solaris_compat.c) = a12a1f2338a8cf750945d8295cc2fbdd621d7d4e
SHA1 (patch-lib_roken_Makefile.in) = 2d29e181a45ba5618f409fe41ecd0c1e7e6b895b
diff --git a/security/kth-krb4/patches/patch-aa b/security/kth-krb4/patches/patch-aa
index 0f8dfd21969..c7c4343c0bb 100644
--- a/security/kth-krb4/patches/patch-aa
+++ b/security/kth-krb4/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.6 2006/09/07 08:46:20 wennmach Exp $
+$NetBSD: patch-aa,v 1.7 2011/11/28 19:33:13 marino Exp $
---- appl/bsd/encrypt.c.orig 2001-09-09 22:27:22.000000000 +0200
-+++ appl/bsd/encrypt.c 2006-09-07 10:19:23.000000000 +0200
-@@ -63,7 +63,6 @@
+--- appl/bsd/encrypt.c.orig 2001-09-09 20:27:22.000000000 +0000
++++ appl/bsd/encrypt.c
+@@ -63,12 +63,15 @@ RCSID("$Id: encrypt.c,v 1.6 2001/09/09 2
*((c)++)=(unsigned char)(((l) )&0xff))
/* This has some uglies in it but it works - even over sockets. */
@@ -10,3 +10,24 @@ $NetBSD: patch-aa,v 1.6 2006/09/07 08:46:20 wennmach Exp $
int des_rw_mode=DES_PCBC_MODE;
int LEFT_JUSTIFIED = 0;
+ int
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++bsd_des_enc_read(int fd, char *buf, int len, des_key_schedule sched, des_cblock *iv)
++#else
+ bsd_des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
++#endif
+ {
+ /* data to be unencrypted */
+ int net_num=0;
+@@ -213,7 +216,11 @@ bsd_des_enc_read(int fd, char *buf, int
+ }
+
+ int
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++bsd_des_enc_write(int fd, char *buf, int len, des_key_schedule sched, des_cblock *iv)
++#else
+ bsd_des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
++#endif
+ {
+ long rnum;
+ int i,j,k,outnum;
diff --git a/security/kth-krb4/patches/patch-appl_ftp_ftpd_ftpcmd.y b/security/kth-krb4/patches/patch-appl_ftp_ftpd_ftpcmd.y
new file mode 100644
index 00000000000..be9101d1ab9
--- /dev/null
+++ b/security/kth-krb4/patches/patch-appl_ftp_ftpd_ftpcmd.y
@@ -0,0 +1,31 @@
+$NetBSD: patch-appl_ftp_ftpd_ftpcmd.y,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- appl/ftp/ftpd/ftpcmd.y.orig 2001-08-05 06:39:29.000000000 +0000
++++ appl/ftp/ftpd/ftpcmd.y
+@@ -103,7 +103,7 @@ static int yylex (void);
+ UMASK IDLE CHMOD
+
+ AUTH ADAT PROT PBSZ CCC MIC
+- CONF ENC
++ CNFX ENC
+
+ KAUTH KLIST KDESTROY KRBTKFILE AFSLOG
+ LOCATE URL
+@@ -695,7 +695,7 @@ rcmd
+ mec($3, prot_safe);
+ free($3);
+ }
+- | CONF SP STRING CRLF
++ | CNFX SP STRING CRLF
+ {
+ mec($3, prot_confidential);
+ free($3);
+@@ -984,7 +984,7 @@ struct tab cmdtab[] = { /* In order def
+ { "PROT", PROT, STR1, 1, "<sp> prot-level" },
+ { "CCC", CCC, ARGS, 1, "" },
+ { "MIC", MIC, STR1, 1, "<sp> integrity command" },
+- { "CONF", CONF, STR1, 1, "<sp> confidentiality command" },
++ { "CONF", CNFX, STR1, 1, "<sp> confidentiality command" },
+ { "ENC", ENC, STR1, 1, "<sp> privacy command" },
+
+ /* RFC2389 */
diff --git a/security/kth-krb4/patches/patch-appl_ftp_ftpd_pathnames.h b/security/kth-krb4/patches/patch-appl_ftp_ftpd_pathnames.h
new file mode 100644
index 00000000000..518241cfa54
--- /dev/null
+++ b/security/kth-krb4/patches/patch-appl_ftp_ftpd_pathnames.h
@@ -0,0 +1,14 @@
+$NetBSD: patch-appl_ftp_ftpd_pathnames.h,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- appl/ftp/ftpd/pathnames.h.orig 2002-08-12 15:09:14.000000000 +0000
++++ appl/ftp/ftpd/pathnames.h
+@@ -49,7 +49,9 @@
+ #define _PATH_BSHELL "/bin/sh"
+ #endif
+
++#ifndef _PATH_FTPUSERS
+ #define _PATH_FTPUSERS SYSCONFDIR "/ftpusers"
++#endif
+ #define _PATH_FTPCHROOT SYSCONFDIR "/ftpchroot"
+ #define _PATH_FTPWELCOME SYSCONFDIR "/ftpwelcome"
+ #define _PATH_FTPLOGINMESG SYSCONFDIR "/motd"
diff --git a/security/kth-krb4/patches/patch-lib_kadm_kadm_cli_wrap.c b/security/kth-krb4/patches/patch-lib_kadm_kadm_cli_wrap.c
new file mode 100644
index 00000000000..d452c43e79e
--- /dev/null
+++ b/security/kth-krb4/patches/patch-lib_kadm_kadm_cli_wrap.c
@@ -0,0 +1,18 @@
+$NetBSD: patch-lib_kadm_kadm_cli_wrap.c,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/kadm/kadm_cli_wrap.c.orig 2011-11-28 02:10:03.761978000 +0000
++++ lib/kadm/kadm_cli_wrap.c
+@@ -138,7 +143,12 @@ kadm_cli_conn(void)
+ /* takes in the sess_key and key_schedule and sets them appropriately */
+ static int
+ kadm_cli_keyd(des_cblock (*s_k), /* session key */
+- struct des_ks_struct *s_s) /* session key schedule */
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule s_s
++#else
++ struct des_ks_struct *s_s
++#endif
++) /* session key schedule */
+ {
+ CREDENTIALS cred; /* to get key data */
+ int stat;
diff --git a/security/kth-krb4/patches/patch-lib_krb_krb-protos.h b/security/kth-krb4/patches/patch-lib_krb_krb-protos.h
new file mode 100644
index 00000000000..7230e8dbc8a
--- /dev/null
+++ b/security/kth-krb4/patches/patch-lib_krb_krb-protos.h
@@ -0,0 +1,64 @@
+$NetBSD: patch-lib_krb_krb-protos.h,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/krb/krb-protos.h.orig 2001-08-26 01:46:51.000000000 +0000
++++ lib/krb/krb-protos.h
+@@ -177,7 +177,11 @@ krb_check_auth __P((
+ u_int32_t checksum,
+ MSG_DAT *msg_data,
+ des_cblock *session,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
+ struct des_ks_struct *schedule,
++#endif
+ struct sockaddr_in *laddr,
+ struct sockaddr_in *faddr));
+
+@@ -457,7 +461,11 @@ krb_mk_priv __P((
+ void *in,
+ void *out,
+ u_int32_t length,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
+ struct des_ks_struct *schedule,
++#endif
+ des_cblock *key,
+ struct sockaddr_in *sender,
+ struct sockaddr_in *receiver));
+@@ -540,7 +548,11 @@ int32_t KRB_LIB_FUNCTION
+ krb_rd_priv __P((
+ void *in,
+ u_int32_t in_length,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
+ struct des_ks_struct *schedule,
++#endif
+ des_cblock *key,
+ struct sockaddr_in *sender,
+ struct sockaddr_in *receiver,
+@@ -583,7 +595,11 @@ krb_recvauth __P((
+ struct sockaddr_in *laddr,
+ AUTH_DAT *kdata,
+ char *filename,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
+ struct des_ks_struct *schedule,
++#endif
+ char *version));
+
+ int KRB_LIB_FUNCTION
+@@ -597,7 +613,11 @@ krb_sendauth __P((
+ u_int32_t checksum,
+ MSG_DAT *msg_data,
+ CREDENTIALS *cred,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
+ struct des_ks_struct *schedule,
++#endif
+ struct sockaddr_in *laddr,
+ struct sockaddr_in *faddr,
+ char *version));
diff --git a/security/kth-krb4/patches/patch-lib_krb_krb_check_auth.c b/security/kth-krb4/patches/patch-lib_krb_krb_check_auth.c
new file mode 100644
index 00000000000..6de326a7729
--- /dev/null
+++ b/security/kth-krb4/patches/patch-lib_krb_krb_check_auth.c
@@ -0,0 +1,16 @@
+$NetBSD: patch-lib_krb_krb_check_auth.c,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/krb/krb_check_auth.c.orig 1999-12-02 16:58:42.000000000 +0000
++++ lib/krb/krb_check_auth.c
+@@ -50,7 +50,11 @@ krb_check_auth(KTEXT packet,
+ u_int32_t checksum,
+ MSG_DAT *msg_data,
+ des_cblock *session,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
+ struct des_ks_struct *schedule,
++#endif
+ struct sockaddr_in *laddr,
+ struct sockaddr_in *faddr)
+ {
diff --git a/security/kth-krb4/patches/patch-lib_krb_mk_priv.c b/security/kth-krb4/patches/patch-lib_krb_mk_priv.c
new file mode 100644
index 00000000000..ad90ad41b40
--- /dev/null
+++ b/security/kth-krb4/patches/patch-lib_krb_mk_priv.c
@@ -0,0 +1,18 @@
+$NetBSD: patch-lib_krb_mk_priv.c,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/krb/mk_priv.c.orig 2001-09-16 22:41:58.000000000 +0000
++++ lib/krb/mk_priv.c
+@@ -78,7 +78,12 @@ RCSID("$Id: mk_priv.c,v 1.25 2001/09/16
+
+ int32_t
+ krb_mk_priv(void *in, void *out, u_int32_t length,
+- struct des_ks_struct *schedule, des_cblock *key,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
++ struct des_ks_struct *schedule,
++#endif
++ des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver)
+ {
+ unsigned char *p = (unsigned char*)out;
diff --git a/security/kth-krb4/patches/patch-lib_krb_rd_priv.c b/security/kth-krb4/patches/patch-lib_krb_rd_priv.c
new file mode 100644
index 00000000000..fa9dd1054a9
--- /dev/null
+++ b/security/kth-krb4/patches/patch-lib_krb_rd_priv.c
@@ -0,0 +1,18 @@
+$NetBSD: patch-lib_krb_rd_priv.c,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/krb/rd_priv.c.orig 2001-09-16 22:41:58.000000000 +0000
++++ lib/krb/rd_priv.c
+@@ -57,7 +57,12 @@ RCSID("$Id: rd_priv.c,v 1.30 2001/09/16
+
+ int32_t
+ krb_rd_priv(void *in, u_int32_t in_length,
+- struct des_ks_struct *schedule, des_cblock *key,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
++ struct des_ks_struct *schedule,
++#endif
++ des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver,
+ MSG_DAT *m_data)
+ {
diff --git a/security/kth-krb4/patches/patch-lib_krb_recvauth.c b/security/kth-krb4/patches/patch-lib_krb_recvauth.c
new file mode 100644
index 00000000000..0630df9a906
--- /dev/null
+++ b/security/kth-krb4/patches/patch-lib_krb_recvauth.c
@@ -0,0 +1,16 @@
+$NetBSD: patch-lib_krb_recvauth.c,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/krb/recvauth.c.orig 2001-08-26 02:52:18.000000000 +0000
++++ lib/krb/recvauth.c
+@@ -108,7 +108,11 @@ krb_recvauth(int32_t options, /* bit-pat
+ struct sockaddr_in *laddr, /* local address */
+ AUTH_DAT *kdata, /* kerberos data (returned) */
+ char *filename, /* name of file with service keys */
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
+ struct des_ks_struct *schedule, /* key schedule (return) */
++#endif
+ char *version) /* version string (filled in) */
+ {
+ char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
diff --git a/security/kth-krb4/patches/patch-lib_krb_sendauth.c b/security/kth-krb4/patches/patch-lib_krb_sendauth.c
new file mode 100644
index 00000000000..2d458c2aaf5
--- /dev/null
+++ b/security/kth-krb4/patches/patch-lib_krb_sendauth.c
@@ -0,0 +1,16 @@
+$NetBSD: patch-lib_krb_sendauth.c,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/krb/sendauth.c.orig 1999-09-16 20:41:55.000000000 +0000
++++ lib/krb/sendauth.c
+@@ -103,7 +103,11 @@ krb_sendauth(int32_t options, /* bit-pat
+ u_int32_t checksum, /* checksum to include in request */
+ MSG_DAT *msg_data, /* mutual auth MSG_DAT (return) */
+ CREDENTIALS *cred, /* credentials (return) */
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
+ struct des_ks_struct *schedule, /* key schedule (return) */
++#endif
+ struct sockaddr_in *laddr, /* local address */
+ struct sockaddr_in *faddr, /* address of foreign host on fd */
+ char *version) /* version string */
diff --git a/security/kth-krb4/patches/patch-lib_krb_solaris_compat.c b/security/kth-krb4/patches/patch-lib_krb_solaris_compat.c
new file mode 100644
index 00000000000..6ef3473bec0
--- /dev/null
+++ b/security/kth-krb4/patches/patch-lib_krb_solaris_compat.c
@@ -0,0 +1,32 @@
+$NetBSD: patch-lib_krb_solaris_compat.c,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/krb/solaris_compat.c.orig 1999-12-02 16:58:44.000000000 +0000
++++ lib/krb/solaris_compat.c
+@@ -42,7 +42,12 @@ RCSID("$Id: solaris_compat.c,v 1.4 1999/
+
+ int32_t
+ _C0095C2A(void *in, void *out, u_int32_t length,
+- struct des_ks_struct *schedule, des_cblock *key,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
++ struct des_ks_struct *schedule,
++#endif
++ des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver)
+ {
+ return krb_mk_priv (in, out, length, schedule, key, sender, receiver);
+@@ -50,7 +55,12 @@ _C0095C2A(void *in, void *out, u_int32_t
+
+ int32_t
+ _C0095C2B(void *in, u_int32_t in_length,
+- struct des_ks_struct *schedule, des_cblock *key,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++ des_key_schedule schedule,
++#else
++ struct des_ks_struct *schedule,
++#endif
++ des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver,
+ MSG_DAT *m_data)
+ {