Index: head/security/heimdal/files/patch-configure
===================================================================
--- head/security/heimdal/files/patch-configure	(revision 528365)
+++ head/security/heimdal/files/patch-configure	(revision 528366)
@@ -1,76 +1,76 @@
---- configure.orig	2019-06-07 15:23:13.000000000 +0900
-+++ configure	2020-03-13 05:46:04.140343000 +0900
-@@ -792,6 +792,8 @@
+--- configure.orig	2019-06-07 06:23:13 UTC
++++ configure
+@@ -792,6 +792,8 @@ CAPNG_CFLAGS
  PKG_CONFIG
  PKINIT_FALSE
  PKINIT_TRUE
 +KX509_FALSE
 +KX509_TRUE
  OPENLDAP_MODULE_FALSE
  OPENLDAP_MODULE_TRUE
  LIB_openldap
-@@ -15041,9 +15043,15 @@
+@@ -15041,9 +15043,15 @@ if test "$enable_kx509" != no ;then
  $as_echo "#define KX509 1" >>confdefs.h
  
  fi
 + if test "$enable_kx509" != no; then
 +  KX509_TRUE=
 +  KX509_FALSE='#'
 +else
 +  KX509_TRUE='#'
 +  KX509_FALSE=
 +fi
  
  
 -
  if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
  	if test -n "$ac_tool_prefix"; then
    # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
-@@ -16103,7 +16111,7 @@
+@@ -16103,7 +16111,7 @@ case "$host" in
      ;;
  *-*-freebsd*)
  	native_pthread_support=yes
 -	PTHREAD_LIBADD="-pthread"
 +	PTHREAD_LIBADD="-lpthread"
  	;;
  *-*-openbsd*)
  	native_pthread_support=yes
-@@ -16339,7 +16347,7 @@
+@@ -16339,7 +16347,7 @@ if ${ac_cv_funclib_db_create+:} false; then :
    $as_echo_n "(cached) " >&6
  else
  
 -if eval "test \"\$ac_cv_func_db_create\" != yes" ; then
 +if eval "test \"\$ac_cv_func_db_create\" = yes" ; then
  	ac_save_LIBS="$LIBS"
  	for ac_lib in "" $dbheader db-5 db5 db4 db3 db; do
  		case "$ac_lib" in
-@@ -16912,6 +16920,9 @@
+@@ -16912,6 +16920,9 @@ esac
  
  $as_echo "#define HAVE_NDBM 1" >>confdefs.h
        have_ndbm=yes
 +      if test "$db_type" = "unknown"; then
 +      db_type=ndbm
 +      fi
      else
  
        $as_unset ac_cv_func_dbm_firstkey
-@@ -28663,7 +28674,7 @@
+@@ -28663,7 +28674,7 @@ fi
  
  krb_cv_compile_et="no"
  krb_cv_com_err_need_r=""
 -krb_cv_compile_et_cross=no
 +krb_cv_compile_et_cross=yes
  if test "${COMPILE_ET}" != "no"; then
  
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compile_et has the features we need" >&5
-@@ -29176,6 +29187,10 @@
+@@ -29176,6 +29187,10 @@ Usually this means the macro was only invoked conditio
  fi
  if test -z "${PKINIT_TRUE}" && test -z "${PKINIT_FALSE}"; then
    as_fn_error $? "conditional \"PKINIT\" was never defined.
 +Usually this means the macro was only invoked conditionally." "$LINENO" 5
 +fi
 +if test -z "${KX509_TRUE}" && test -z "${KX509_FALSE}"; then
 +  as_fn_error $? "conditional \"KX509\" was never defined.
  Usually this means the macro was only invoked conditionally." "$LINENO" 5
  fi
  if test -z "${HAVE_CAPNG_TRUE}" && test -z "${HAVE_CAPNG_FALSE}"; then
Index: head/security/heimdal/files/patch-configure.ac
===================================================================
--- head/security/heimdal/files/patch-configure.ac	(revision 528365)
+++ head/security/heimdal/files/patch-configure.ac	(revision 528366)
@@ -1,10 +1,10 @@
---- configure.ac.orig	2020-03-13 05:39:55.805336000 +0900
-+++ configure.ac	2020-03-13 05:40:40.329535000 +0900
-@@ -153,6 +153,7 @@
+--- configure.ac.orig	2019-06-07 06:21:39 UTC
++++ configure.ac
+@@ -153,6 +153,7 @@ AC_ARG_ENABLE(kx509, 
  if test "$enable_kx509" != no ;then
  	AC_DEFINE([KX509], 1, [Define to enable kx509.])
  fi
 +AM_CONDITIONAL(KX509, test "$enable_kx509" != no)
  
  dnl Need to test if pkg-config exists
  PKG_PROG_PKG_CONFIG
Index: head/security/heimdal/files/patch-kdc-Makefile.am
===================================================================
--- head/security/heimdal/files/patch-kdc-Makefile.am	(revision 528365)
+++ head/security/heimdal/files/patch-kdc-Makefile.am	(revision 528366)
@@ -1,17 +1,17 @@
---- kdc/Makefile.am.orig	2016-12-20 23:23:06.000000000 +0900
-+++ kdc/Makefile.am	2020-03-13 04:31:52.289449000 +0900
-@@ -47,10 +47,13 @@
+--- kdc/Makefile.am.orig	2016-12-20 14:23:06 UTC
++++ kdc/Makefile.am
+@@ -47,10 +47,13 @@ libkdc_la_SOURCES = 		\
  	pkinit-ec.c		\
  	log.c			\
  	misc.c			\
 -	kx509.c			\
 +	$(libkdc_pkinit)	\
  	process.c		\
  	windc.c			\
  	rx.h
 +if KX509
 +libkdc_pkinit = kx509.c
 +endif
  
  KDC_PROTOS = $(srcdir)/kdc-protos.h $(srcdir)/kdc-private.h
  
Index: head/security/heimdal/files/patch-kdc-Makefile.in
===================================================================
--- head/security/heimdal/files/patch-kdc-Makefile.in	(revision 528365)
+++ head/security/heimdal/files/patch-kdc-Makefile.in	(revision 528366)
@@ -1,147 +1,147 @@
---- kdc/Makefile.in.orig	2020-03-13 04:21:16.723517000 +0900
-+++ kdc/Makefile.in	2020-03-13 04:31:33.004672000 +0900
-@@ -199,7 +199,8 @@
+--- kdc/Makefile.in.orig	2020-03-13 17:12:43 UTC
++++ kdc/Makefile.in
+@@ -199,7 +199,8 @@ libkdc_la_DEPENDENCIES = $(LIB_pkinit) \
  	$(am__DEPENDENCIES_1)
  am_libkdc_la_OBJECTS = default_config.lo set_dbinfo.lo digest.lo \
  	fast.lo kerberos5.lo krb5tgs.lo pkinit.lo pkinit-ec.lo log.lo \
 -	misc.lo kx509.lo process.lo windc.lo
 +	misc.lo $(libkdc_la_pkinit) process.lo windc.lo
 +@KX509_TRUE@libkdc_la_pkinit = kx509.lo
  libkdc_la_OBJECTS = $(am_libkdc_la_OBJECTS)
  AM_V_lt = $(am__v_lt_@AM_V@)
  am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-@@ -213,6 +214,8 @@
+@@ -213,6 +214,8 @@ PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noins
  am_digest_service_OBJECTS = digest-service.$(OBJEXT)
  digest_service_OBJECTS = $(am_digest_service_OBJECTS)
  am__DEPENDENCIES_2 = $(top_builddir)/lib/hdb/libhdb.la \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
  	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
  	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@@ -224,6 +227,8 @@
+@@ -224,6 +227,8 @@ digest_service_DEPENDENCIES = libkdc.la \
  am_hprop_OBJECTS = hprop.$(OBJEXT) mit_dump.$(OBJEXT)
  hprop_OBJECTS = $(am_hprop_OBJECTS)
  hprop_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
  	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
  	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@@ -232,6 +237,8 @@
+@@ -232,6 +237,8 @@ hprop_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la
  am_hpropd_OBJECTS = hpropd.$(OBJEXT)
  hpropd_OBJECTS = $(am_hpropd_OBJECTS)
  hpropd_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
  	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
  	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@@ -241,6 +248,8 @@
+@@ -241,6 +248,8 @@ am_kdc_OBJECTS = kdc-connect.$(OBJEXT) kdc-config.$(OB
  	kdc-announce.$(OBJEXT) kdc-main.$(OBJEXT)
  kdc_OBJECTS = $(am_kdc_OBJECTS)
  kdc_DEPENDENCIES = libkdc.la $(am__DEPENDENCIES_2) \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
  kdc_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
  	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(kdc_CFLAGS) $(CFLAGS) \
-@@ -248,23 +257,35 @@
+@@ -248,23 +257,35 @@ kdc_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOL
  kdc_replay_SOURCES = kdc-replay.c
  kdc_replay_OBJECTS = kdc-replay.$(OBJEXT)
  kdc_replay_DEPENDENCIES = libkdc.la $(am__DEPENDENCIES_2) \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(am__DEPENDENCIES_1)
  am_kdc_tester_OBJECTS = config.$(OBJEXT) kdc-tester.$(OBJEXT)
  kdc_tester_OBJECTS = $(am_kdc_tester_OBJECTS)
  kdc_tester_DEPENDENCIES = libkdc.la $(am__DEPENDENCIES_2) \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(am__DEPENDENCIES_1) $(LIB_heimbase)
  am_kstash_OBJECTS = kstash.$(OBJEXT)
  kstash_OBJECTS = $(am_kstash_OBJECTS)
 -kstash_LDADD = $(LDADD)
 +kstash_LDADD = $(LDADD) \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la
  kstash_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
  	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
  	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
  	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
  am_string2key_OBJECTS = string2key.$(OBJEXT)
  string2key_OBJECTS = $(am_string2key_OBJECTS)
 -string2key_LDADD = $(LDADD)
 +string2key_LDADD = $(LDADD) \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la
  string2key_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
  	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
  	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@@ -622,11 +643,13 @@
+@@ -622,11 +643,13 @@ libkdc_la_SOURCES = \
  	pkinit-ec.c		\
  	log.c			\
  	misc.c			\
 -	kx509.c			\
 +	$(libkdc_pkinit)	\
  	process.c		\
  	windc.c			\
  	rx.h
  
 +@KX509_TRUE@libkdc_pkinit = kx509.c
 +
  KDC_PROTOS = $(srcdir)/kdc-protos.h $(srcdir)/kdc-private.h
  ALL_OBJECTS = $(kdc_OBJECTS) $(kdc_replay_OBJECTS) \
  	$(kdc_tester_OBJECTS) $(libkdc_la_OBJECTS) \
-@@ -636,6 +659,8 @@
+@@ -636,6 +659,8 @@ libkdc_la_LDFLAGS = -version-info 2:0:0 $(am__append_1
  hprop_LDADD = \
  	$(top_builddir)/lib/hdb/libhdb.la \
  	$(top_builddir)/lib/krb5/libkrb5.la \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(LIB_kdb)  \
  	$(LIB_hcrypto) \
  	$(top_builddir)/lib/asn1/libasn1.la \
-@@ -645,6 +670,8 @@
+@@ -645,6 +670,8 @@ hprop_LDADD = \
  hpropd_LDADD = \
  	$(top_builddir)/lib/hdb/libhdb.la \
  	$(top_builddir)/lib/krb5/libkrb5.la \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(LIB_kdb)  \
  	$(LIB_hcrypto) \
  	$(top_builddir)/lib/asn1/libasn1.la \
-@@ -671,17 +698,24 @@
+@@ -671,17 +698,24 @@ LDADD = $(top_builddir)/lib/hdb/libhdb.la \
  	$(LIB_roken) \
  	$(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
  
 -kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) $(CAPNG_LIBS)
 +kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) $(CAPNG_LIBS) \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la
  @FRAMEWORK_SECURITY_TRUE@kdc_LDFLAGS = -framework SystemConfiguration -framework CoreFoundation
  kdc_CFLAGS = $(CAPNG_CFLAGS)
  digest_service_LDADD = \
  	libkdc.la \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la \
  	$(top_builddir)/lib/ntlm/libheimntlm.la \
  	$(top_builddir)/lib/ipc/libheim-ipcs.la \
  	$(LDADD) $(LIB_pidfile)
  
 -kdc_replay_LDADD = libkdc.la $(LDADD) $(LIB_pidfile)
 -kdc_tester_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) $(LIB_heimbase)
 +kdc_replay_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) \
 +	$(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la
 +kdc_tester_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) $(LIB_heimbase) \
 +	$(top_builddir)/lib/hx509/libhx509.la
  include_HEADERS = kdc.h $(srcdir)/kdc-protos.h
  noinst_HEADERS = $(srcdir)/kdc-private.h
  krb5dir = $(includedir)/krb5
Index: head/security/heimdal/files/patch-lib-krb5-krb5_locl.h
===================================================================
--- head/security/heimdal/files/patch-lib-krb5-krb5_locl.h	(revision 528365)
+++ head/security/heimdal/files/patch-lib-krb5-krb5_locl.h	(revision 528366)
@@ -1,20 +1,20 @@
---- lib/krb5/krb5_locl.h.orig	2020-03-13 06:00:08.405783000 +0900
-+++ lib/krb5/krb5_locl.h	2020-03-13 13:19:46.263840000 +0900
-@@ -143,7 +143,7 @@
+--- lib/krb5/krb5_locl.h.orig	2019-06-07 06:21:39 UTC
++++ lib/krb5/krb5_locl.h
+@@ -143,7 +143,7 @@ struct _krb5_krb_auth_data;
  #include <krb5.h>
  #include <krb5_err.h>
  #include <asn1_err.h>
 -#ifdef PKINIT
 +#if defined(PKINIT) || defined(KX509)
  #include <hx509.h>
  #endif
  
-@@ -271,7 +271,7 @@
+@@ -271,7 +271,7 @@ typedef struct krb5_context_data {
  #define KRB5_CTX_F_RD_REQ_IGNORE		16
  #define KRB5_CTX_F_FCACHE_STRICT_CHECKING	32
      struct send_to_kdc *send_to_kdc;
 -#ifdef PKINIT
 +#if defined(PKINIT) || defined(KX509)
      hx509_context hx509ctx;
  #endif
      unsigned int num_kdc_requests;