4 files changed, 180 insertions, 4 deletions

diff --git a/security/audit/Makefile b/security/audit/Makefile
index 68b8978b9e12..32c7a600884a 100644
--- a/security/audit/Makefile
+++ b/security/audit/Makefile
@@ -61,10 +61,6 @@ LIBVERSION=	1
 
 .include <bsd.port.pre.mk>
 
-.if ${OSVERSION} >= 700042
-BROKEN=		Broken with gcc 4.2
-.endif
-
 post-patch:
 	${REINPLACE_CMD} -e "s@Linux@FreeBSD@g" ${WRKSRC}/configure
 	(${FIND} ${WRKSRC}/src/modules -name Makefile.in -exec \
diff --git a/security/audit/files/patch-src_lib_packet.c b/security/audit/files/patch-src_lib_packet.c
new file mode 100644
index 000000000000..1907180ccf69
--- /dev/null
+++ b/security/audit/files/patch-src_lib_packet.c
@@ -0,0 +1,41 @@
+--- src/lib/packet.c.orig	2007-10-17 08:15:35.000000000 +0200
++++ src/lib/packet.c	2007-10-17 08:04:21.000000000 +0200
+@@ -546,16 +546,16 @@ void
+ packet_put_raw(PACKET *p, const void *_data, ssize_t size)
+ {
+ 	ssize_t	 written;
+-	void	*data;
++	char	*data;
+ 
+ 	if (p == NULL || _data == NULL || size <= 0)
+ 		return;
+ 
+-	data = (void *) _data;
++	data = (char *) _data;
+ 	while (size) {
+ 		written = buf_put_raw(p->pkt_wbuf, data, size);
+ 		size -= written;
+-		(char *) data += written;
++		data += written;
+ 		if (size)
+ 			_packet_write(p);
+ 	}
+@@ -604,14 +604,16 @@ void
+ packet_get_raw(PACKET *p, void *data, ssize_t size)
+ {
+ 	ssize_t readed;
++	char	*cdata;
+ 
+ 	if (p == NULL || data == NULL || size <= 0)
+ 		return;
+ 
++	cdata = (char *)data;
+ 	while (size) {
+-		readed = buf_get_raw(p->pkt_rbuf, data, size);
++		readed = buf_get_raw(p->pkt_rbuf, cdata, size);
+ 		size -= readed;
+-		(char *) data += readed;
++		cdata += readed;
+ 		if (size)
+ 			_packet_read(p);
+ 	}
diff --git a/security/audit/files/patch-src_modules_auth_srp_auth_srp.c b/security/audit/files/patch-src_modules_auth_srp_auth_srp.c
new file mode 100644
index 000000000000..6e836e71617d
--- /dev/null
+++ b/security/audit/files/patch-src_modules_auth_srp_auth_srp.c
@@ -0,0 +1,138 @@
+--- src/modules/auth/srp/auth_srp.c.orig	2007-10-17 08:09:07.000000000 +0200
++++ src/modules/auth/srp/auth_srp.c	2007-10-17 08:09:09.000000000 +0200
+@@ -445,7 +445,7 @@ _auth_srvr(AUTHCON *ct)
+ 			 USER_M1[SHA1_DIGESTSIZE],
+ 			 bs[NBYTES];
+ 	BIGNUM		 A, B, S, b, u, v, s, tmp;
+-	BN_CTX		 bnctx;
++	BN_CTX		*bnctx = BN_CTX_new();
+ 	void		*buffer;
+ 	size_t		 bufsiz;
+ 	char		 hostname[MAXHOSTNAMELEN]; /* XXX: move to engine */
+@@ -468,7 +468,7 @@ _auth_srvr(AUTHCON *ct)
+ 	BN_init(&u);
+ 	BN_init(&v);
+ 	BN_init(&tmp);
+-	BN_CTX_init(&bnctx);
++	BN_CTX_init(bnctx);
+ 
+ 	clnt_st = LOGIN_FAILED;
+ 
+@@ -493,7 +493,7 @@ _auth_srvr(AUTHCON *ct)
+ 	 */
+ 	_rand_bn(&b);
+ 	_rand_bn(&u);
+-	if (!BN_mod_exp(&tmp, &g, &b, &n, &bnctx) || !BN_add(&B, &tmp, &v))
++	if (!BN_mod_exp(&tmp, &g, &b, &n, bnctx) || !BN_add(&B, &tmp, &v))
+ 		_fatal_bn("srvr_auth()");
+ 
+ 	/* Receive A, send B and u */
+@@ -507,9 +507,9 @@ _auth_srvr(AUTHCON *ct)
+ 	 *	K  = HASH(S)
+ 	 *	M1 = HASH(A, B, K)
+ 	 */
+-	if (!BN_mod_exp(&S, &v, &u, &n, &bnctx) ||
+-	    !BN_mul(&tmp, &A, &S, &bnctx) ||
+-	    !BN_mod_exp(&S, &tmp, &b, &n, &bnctx))
++	if (!BN_mod_exp(&S, &v, &u, &n, bnctx) ||
++	    !BN_mul(&tmp, &A, &S, bnctx) ||
++	    !BN_mod_exp(&S, &tmp, &b, &n, bnctx))
+ 		_fatal_bn("srvr_auth()");
+ 	_hash_bn(K, &S, &buffer, &bufsiz);
+ 	_auth_digest1(M1, &A, &B, K, &buffer, &bufsiz);
+@@ -560,7 +560,7 @@ _auth_srvr(AUTHCON *ct)
+ 	BN_clear_free(&u);
+ 	BN_clear_free(&v);
+ 	BN_clear_free(&tmp);
+-	BN_CTX_free(&bnctx);
++	BN_CTX_free(bnctx);
+ 	free(buffer);
+ 
+ 	/* Init encryption */
+@@ -603,7 +603,7 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
+ 			 M2[SHA1_DIGESTSIZE],
+ 			 SERVER_M2[SHA1_DIGESTSIZE];
+ 	BIGNUM		 a, u, x, A, B, S, tmp1, tmp2;
+-	BN_CTX		 bnctx;
++	BN_CTX		*bnctx = BN_CTX_new();
+ 	SHA1_CTX	 sha1_ctx;
+ 	void		*buffer;
+ 	size_t		 bufsiz;
+@@ -621,7 +621,7 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
+ 	BN_init(&S);
+ 	BN_init(&tmp1);
+ 	BN_init(&tmp2);
+-	BN_CTX_init(&bnctx);
++	BN_CTX_init(bnctx);
+ 
+ 	srvr_st = clnt_st = LOGIN_FAILED;
+ 
+@@ -663,7 +663,7 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
+ 	 *	A = g exp a
+ 	 */
+ 	_rand_bn(&a);
+-	if (!BN_mod_exp(&A, &g, &a, &n, &bnctx))
++	if (!BN_mod_exp(&A, &g, &a, &n, bnctx))
+ 		_fatal_bn("_auth_clnt()");
+ 
+ 	/* Send A, receive B and u */
+@@ -675,11 +675,11 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
+ 	 * Calculate:
+ 	 *	S = ( (B - g exp x) exp (a + u * x) ) % n
+ 	 */
+-	if (!BN_mul(&S, &u, &x, &bnctx) ||
++	if (!BN_mul(&S, &u, &x, bnctx) ||
+ 	    !BN_add(&tmp1, &S, &a) ||
+-	    !BN_mod_exp(&S, &g, &x, &n, &bnctx) ||
++	    !BN_mod_exp(&S, &g, &x, &n, bnctx) ||
+ 	    !BN_sub(&tmp2, &B, &S) ||
+-	    !BN_mod_exp(&S, &tmp2, &tmp1, &n, &bnctx))
++	    !BN_mod_exp(&S, &tmp2, &tmp1, &n, bnctx))
+ 		_fatal_bn("_auth_clnt()");
+ 
+ 	/*
+@@ -717,7 +717,7 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
+ 	BN_clear_free(&S);
+ 	BN_clear_free(&tmp1);
+ 	BN_clear_free(&tmp2);
+-	BN_CTX_free(&bnctx);
++	BN_CTX_free(bnctx);
+ 	free(buffer);
+ 
+ 	/* Init encryption */
+@@ -744,7 +744,7 @@ static int
+ _filter_resource(AUTHCON *ct, struct autharg_filter *args)
+ {
+ 	SHA1_CTX	sha1_ctx;
+-	BN_CTX		bnctx;
++	BN_CTX	       *bnctx = BN_CTX_new();
+ 	BIGNUM		salt, verifier, x;
+ 	unsigned char	bsalt[NBYTES], xdigest[SHA1_DIGESTSIZE];
+ 
+@@ -756,7 +756,7 @@ _filter_resource(AUTHCON *ct, struct aut
+ 	/* Just filter srp passwords */
+ 	if (!strcmp(args->rname, SRP_PASS_RNAME)) {
+ 
+-		BN_CTX_init(&bnctx);
++		BN_CTX_init(bnctx);
+ 		BN_init(&salt);
+ 		BN_init(&x);
+ 		BN_init(&verifier);
+@@ -774,7 +774,7 @@ _filter_resource(AUTHCON *ct, struct aut
+ 		SHA1Update(&sha1_ctx, args->value, args->vsize);
+ 		SHA1Final(xdigest, &sha1_ctx);
+ 		if (BN_bin2bn(xdigest, sizeof(xdigest), &x) == NULL ||
+-		    !BN_mod_exp(&verifier, &g, &x, &n, &bnctx))
++		    !BN_mod_exp(&verifier, &g, &x, &n, bnctx))
+ 			_fatal_bn("_filter_resource()");
+ 
+ 		/* Get memory for the filtered value */
+@@ -793,7 +793,7 @@ _filter_resource(AUTHCON *ct, struct aut
+ 		BN_clear_free(&verifier);
+ 		BN_clear_free(&x);
+ 		BN_clear_free(&salt);
+-		BN_CTX_free(&bnctx);
++		BN_CTX_free(bnctx);
+ 
+ 		if (args->fvalue == NULL)
+ 			return (-1);
diff --git a/security/audit/pkg-plist b/security/audit/pkg-plist
index 0b74e0fa0be4..bc7129def4b3 100644
--- a/security/audit/pkg-plist
+++ b/security/audit/pkg-plist
@@ -7,6 +7,7 @@ lib/alat/libattr_peo.so.1
 lib/alat/libattr_regex.so.1
 lib/alat/libattr_tcp.so.1
 lib/alat/libauth_raw.so.1
+lib/alat/libauth_srp.so.1
 lib/alat/libia_syslog.so.1
 lib/alat/libres_local.so.1
 sbin/auditd