git: 41f892414e18 - main - security/putty: Fix static GSSAPI solutions,
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 18 Sep 2022 11:35:10 UTC
The branch main has been updated by mandree:
URL: https://cgit.FreeBSD.org/ports/commit/?id=41f892414e181e8938f18ba78ce54a6153d2739c
commit 41f892414e181e8938f18ba78ce54a6153d2739c
Author: Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2022-09-18 11:30:47 +0000
Commit: Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2022-09-18 11:35:04 +0000
security/putty: Fix static GSSAPI solutions,
with a patch received from Simon Tatham, and mask GSSAPI_DYNAMIC
for now, because it is not working. Debugging going on, but let's
get GSSAPI working at all for now, and make GSSAPI_BASE the default.
---
security/putty/Makefile | 40 +++--
...support-krb5-config-as-well-as-pkg-confi.patch} | 18 +-
...-GSSAPI-fix-an-uninitialised-structure-fi.patch | 29 +++
...PI-support-static-linking-against-Heimdal.patch | 197 +++++++++++++++++++++
...don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch | 36 ++++
security/putty/files/patch-network.c | 16 ++
security/putty/files/patch-pageant.c | 11 ++
security/putty/files/patch-ssh_gssc.c | 2 +-
security/putty/files/patch-unix_network.c | 4 +-
security/putty/files/patch-unix_pageant.c | 4 +-
10 files changed, 326 insertions(+), 31 deletions(-)
diff --git a/security/putty/Makefile b/security/putty/Makefile
index 77ec0c8b7e7c..86ede48a8a20 100644
--- a/security/putty/Makefile
+++ b/security/putty/Makefile
@@ -1,9 +1,15 @@
PORTNAME= putty
DISTVERSION= 0.78~pre20220916.e1b73f0
+PORTREVISION= 1
CATEGORIES= security
#MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PORTVERSION}/ \
# ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/
MASTER_SITES= https://tartarus.org/~simon/putty-prerel-snapshots/
+EXTRA_PATCHES+= ${FILESDIR}/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch
+EXTRA_PATCHES+= ${FILESDIR}/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch
+EXTRA_PATCHES+= ${FILESDIR}/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch
+EXTRA_PATCHES+= ${FILESDIR}/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch
+PATCH_STRIP= -p1
MAINTAINER= mandree@FreeBSD.org
COMMENT= Secure shell and telnet client including xterm emulator
@@ -18,11 +24,13 @@ USE_PERL5= build
CONFLICTS_INSTALL?= pssh putty-nogtk
-PLIST_FILES= bin/plink \
+PLIST_FILES= bin/pageant \
+ bin/plink \
bin/pscp \
bin/psftp \
bin/psusan \
bin/puttygen \
+ share/man/man1/pageant.1.gz \
share/man/man1/plink.1.gz \
share/man/man1/pscp.1.gz \
share/man/man1/psftp.1.gz \
@@ -30,14 +38,13 @@ PLIST_FILES= bin/plink \
share/man/man1/puttygen.1.gz
OPTIONS_DEFINE= GTK3
-OPTIONS_DEFAULT= GSSAPI_NONE GTK3
+OPTIONS_DEFAULT= GSSAPI_BASE GTK3
OPTIONS_SINGLE= GSSAPI_SELECT
-OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_DYNAMIC GSSAPI_NONE
-#OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE \
-# GSSAPI_DYNAMIC \
-# GSSAPI_HEIMDAL \
-# GSSAPI_MIT \
-# GSSAPI_NONE
+OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE \
+ GSSAPI_HEIMDAL \
+ GSSAPI_MIT \
+ GSSAPI_NONE \
+ # GSSAPI_DYNAMIC
GSSAPI_DYNAMIC_DESC= EXPERIMENTAL dynamic runtime load of GSS libs
.include <bsd.port.options.mk>
@@ -55,10 +62,8 @@ USES+= gnome
USE_GNOME= cairo gdkpixbuf2 gtk30
CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=3
-PLIST_FILES+= bin/pageant \
- bin/pterm \
+PLIST_FILES+= bin/pterm \
bin/putty \
- share/man/man1/pageant.1.gz \
share/man/man1/pterm.1.gz \
share/man/man1/putty.1.gz \
share/pixmaps/putty.ico
@@ -77,20 +82,17 @@ CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=OFF
CMAKE_ARGS+= -DCMAKE_DISABLE_FIND_PACKAGE_X11:BOOL=TRUE
.endif
-.if ${PORT_OPTIONS:MGSSAPI_HEIMDAL}
-# does not compile currently
-BROKEN= GSSAPI_HEIMDAL does not compile as of putty 0.77 and 0.78~pre20220916.e1b73f0
-USES+= gssapi:heimdal,flags
-CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC
-.elif ${PORT_OPTIONS:MGSSAPI_BASE}
-BROKEN= GSSAPI_BASE does not work as of putty 0.77 and 0.78~pre20220916.e1b73f0
+.if ${PORT_OPTIONS:MGSSAPI_BASE} # Heimdal-like in base system
USES+= gssapi:base,flags
CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC
+.elif ${PORT_OPTIONS:MGSSAPI_HEIMDAL}
+USES+= gssapi:heimdal,flags
+CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC
.elif ${PORT_OPTIONS:MGSSAPI_MIT}
-BROKEN= GSSAPI_MIT does not work as of putty 0.77 and 0.78~pre20220916.e1b73f0
USES+= gssapi:mit,flags
CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC
.elif ${PORT_OPTIONS:MGSSAPI_DYNAMIC}
+BROKEN= GSSAPI_DYNAMIC does not work as of putty 0.78~pre20220916.e1b73f0
CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=DYNAMIC
USES+= gssapi:base,flags
.else
diff --git a/security/putty/files/patch-krb5cfg b/security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch
similarity index 84%
rename from security/putty/files/patch-krb5cfg
rename to security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch
index c0e700a9c1a3..afa8f7539a06 100644
--- a/security/putty/files/patch-krb5cfg
+++ b/security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch
@@ -1,16 +1,20 @@
-From 1992df5d7a1ea0636a62facbdb74d32cb4d5b50d Mon Sep 17 00:00:00 2001
+From b0a61849efb3cbf0f1c0fead0f422341a969458c Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
-Date: Wed, 1 Jun 2022 10:48:14 +0100
-Subject: [PATCH] First attempt at supporting krb5-config.
+Date: Sat, 17 Sep 2022 07:53:43 +0100
+Subject: [PATCH 1/4] Unix GSSAPI: support krb5-config as well as pkg-config.
+On FreeBSD, I'm told, you can't configure Kerberos via pkg-config. So
+we need a fallback. Here's some manual code to run krb5-config and
+pick apart the result, similar to what I already did with gtk-config
+for our (still not dead!) GTK 1 support.
---
cmake/platforms/unix.cmake | 63 +++++++++++++++++++++++++++++++++++++-
1 file changed, 62 insertions(+), 1 deletion(-)
-diff --git ./cmake/platforms/unix.cmake ./cmake/platforms/unix.cmake
+diff --git a/cmake/platforms/unix.cmake b/cmake/platforms/unix.cmake
index 291d1e64..95339f22 100644
---- ./cmake/platforms/unix.cmake~
-+++ ./cmake/platforms/unix.cmake
+--- a/cmake/platforms/unix.cmake
++++ b/cmake/platforms/unix.cmake
@@ -108,16 +108,77 @@ if(PUTTY_GSSAPI STREQUAL DYNAMIC)
endif()
@@ -91,5 +95,5 @@ index 291d1e64..95339f22 100644
set(NO_GSSAPI ON)
endif()
--
-2.34.1
+2.37.3
diff --git a/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch b/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch
new file mode 100644
index 000000000000..c0b7ca5792b9
--- /dev/null
+++ b/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch
@@ -0,0 +1,29 @@
+From 374107eb1e2ae576c10cdd538f45f18918df8c4b Mon Sep 17 00:00:00 2001
+From: Simon Tatham <anakin@pobox.com>
+Date: Sat, 17 Sep 2022 07:09:29 +0100
+Subject: [PATCH 2/4] Unix static GSSAPI: fix an uninitialised structure field.
+
+When linking statically against Kerberos, the setup code in
+ssh_got_ssh_version() was trying to look up want_id==0 in the list of
+one GSSAPI library, but unfortunately, the id field of that record was
+not initialised at all, so if it happened to be nonzero nonsense, the
+loop wouldn't find a library at all and would fail an assertion.
+---
+ unix/gss.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/unix/gss.c b/unix/gss.c
+index cd9971c7..bd599fcc 100644
+--- a/unix/gss.c
++++ b/unix/gss.c
+@@ -140,6 +140,7 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
+ list->libraries = snew(struct ssh_gss_library);
+ list->nlibraries = 1;
+
++ list->libraries[0].id = 0;
+ list->libraries[0].gsslogmsg = "Using statically linked GSSAPI";
+
+ #define BIND_GSS_FN(name) \
+--
+2.37.3
+
diff --git a/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch b/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch
new file mode 100644
index 000000000000..a636197aed46
--- /dev/null
+++ b/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch
@@ -0,0 +1,197 @@
+From 35a87984f67ebc2db3f670cb1431f08991853a5e Mon Sep 17 00:00:00 2001
+From: Simon Tatham <anakin@pobox.com>
+Date: Sat, 17 Sep 2022 07:28:46 +0100
+Subject: [PATCH 3/4] Unix GSSAPI: support static linking against Heimdal.
+
+Heimdal provides its own definitions of OIDs like GSS_C_NT_USER_NAME
+in the form of macros, which conflict with our attempt to redefine
+them as variables - the macro gets expanded into the middle of the
+variable declaration, leaving the poor C compiler trying to parse a
+non-declaration along the lines of
+
+const_gss_OID (&__gss_c_nt_anonymous_oid_desc) = oids+5;
+
+Easily fixed by just not redefining these at all if they're already
+defined as macros. To make that easier, I've broken up the oids[]
+array into individual gss_OID_desc declarations, so I can put each one
+inside the appropriate ifdef.
+
+In the process, I've removed the 'const' from the gss_OID_desc
+declarations. That's on purpose! The problem is that not all
+implementations of the GSSAPI headers make const_gss_OID a pointer to
+a *const* gss_OID_desc; sometimes it's just a plain one and the
+'const' prefix is just a comment to the user. So removing that const
+prevents compiler warnings (or worse) about address-taking a const
+thing and assigning it into a non-const pointer.
+---
+ ssh/pgssapi.c | 106 ++++++++++++++++++++++++++++++++------------------
+ 1 file changed, 68 insertions(+), 38 deletions(-)
+
+diff --git a/ssh/pgssapi.c b/ssh/pgssapi.c
+index 1f54d805..1730444d 100644
+--- a/ssh/pgssapi.c
++++ b/ssh/pgssapi.c
+@@ -9,38 +9,63 @@
+
+ #ifndef NO_LIBDL
+
+-/* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. */
+-static const gss_OID_desc oids[] = {
++/* Reserved static storage for GSS_oids.
++ * Constants of the form GSS_C_NT_* are specified by rfc 2744.
++ * Comments are quotes from RFC 2744 itself.
++ *
++ * These may be #defined to complex expressions by the local header
++ * file, if we're including one in static-GSSAPI mode. (For example,
++ * Heimdal defines them to things like
++ * (&__gss_c_nt_user_name_oid_desc).) So we only define them if
++ * needed. */
++
++#ifndef GSS_C_NT_USER_NAME
++static gss_OID_desc oid_GSS_C_NT_USER_NAME = {
+ /* The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value */
+- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"},
++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01",
+ /* corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
+ * GSS_C_NT_USER_NAME should be initialized to point
+- * to that gss_OID_desc.
++ * to that gss_OID_desc. */
++};
++const_gss_OID GSS_C_NT_USER_NAME = &oid_GSS_C_NT_USER_NAME;
++#endif
+
+- * The implementation must reserve static storage for a
++#ifndef GSS_C_NT_MACHINE_UID_NAME
++static gss_OID_desc oid_GSS_C_NT_MACHINE_UID_NAME = {
++ /* The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value */
+- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"},
++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02",
+ /* corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
+ * The constant GSS_C_NT_MACHINE_UID_NAME should be
+- * initialized to point to that gss_OID_desc.
++ * initialized to point to that gss_OID_desc. */
++};
++const_gss_OID GSS_C_NT_MACHINE_UID_NAME = &oid_GSS_C_NT_MACHINE_UID_NAME;
++#endif
+
+- * The implementation must reserve static storage for a
++#ifndef GSS_C_NT_STRING_UID_NAME
++static gss_OID_desc oid_GSS_C_NT_STRING_UID_NAME = {
++ /* The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value */
+- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"},
++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03",
+ /* corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
+ * The constant GSS_C_NT_STRING_UID_NAME should be
+- * initialized to point to that gss_OID_desc.
+- *
+- * The implementation must reserve static storage for a
++ * initialized to point to that gss_OID_desc. */
++};
++const_gss_OID GSS_C_NT_STRING_UID_NAME = &oid_GSS_C_NT_STRING_UID_NAME;
++#endif
++
++#ifndef GSS_C_NT_HOSTBASED_SERVICE_X
++static gss_OID_desc oid_GSS_C_NT_HOSTBASED_SERVICE_X = {
++ /* The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value */
+- {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
++ 6, "\x2b\x06\x01\x05\x06\x02",
+ /* corresponding to an object-identifier value of
+ * {iso(1) org(3) dod(6) internet(1) security(5)
+ * nametypes(6) gss-host-based-services(2))}. The constant
+@@ -52,29 +77,44 @@ static const gss_OID_desc oids[] = {
+ * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
+ * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
+ * parameter, but should not be emitted by GSS-API
+- * implementations
+- *
+- * The implementation must reserve static storage for a
++ * implementations */
++};
++const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &oid_GSS_C_NT_HOSTBASED_SERVICE_X;
++#endif
++
++#ifndef GSS_C_NT_HOSTBASED_SERVICE
++static gss_OID_desc oid_GSS_C_NT_HOSTBASED_SERVICE = {
++ /* The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value */
+- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"},
++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04",
+ /* corresponding to an object-identifier value of {iso(1)
+ * member-body(2) Unites States(840) mit(113554) infosys(1)
+ * gssapi(2) generic(1) service_name(4)}. The constant
+ * GSS_C_NT_HOSTBASED_SERVICE should be initialized
+- * to point to that gss_OID_desc.
+- *
+- * The implementation must reserve static storage for a
++ * to point to that gss_OID_desc. */
++};
++const_gss_OID GSS_C_NT_HOSTBASED_SERVICE = &oid_GSS_C_NT_HOSTBASED_SERVICE;
++#endif
++
++#ifndef GSS_C_NT_ANONYMOUS
++static gss_OID_desc oid_GSS_C_NT_ANONYMOUS = {
++ /* The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value */
+- {6, (void *)"\x2b\x06\01\x05\x06\x03"},
++ 6, "\x2b\x06\01\x05\x06\x03",
+ /* corresponding to an object identifier value of
+ * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 3(gss-anonymous-name)}. The constant
+ * and GSS_C_NT_ANONYMOUS should be initialized to point
+- * to that gss_OID_desc.
+- *
+- * The implementation must reserve static storage for a
++ * to that gss_OID_desc. */
++};
++const_gss_OID GSS_C_NT_ANONYMOUS = &oid_GSS_C_NT_ANONYMOUS;
++#endif
++
++#ifndef GSS_C_NT_EXPORT_NAME
++static gss_OID_desc oid_GSS_C_NT_EXPORT_NAME = {
++ /* The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value */
+- {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
++ 6, "\x2b\x06\x01\x05\x06\x04",
+ /* corresponding to an object-identifier value of
+ * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 4(gss-api-exported-name)}. The constant
+@@ -82,23 +122,13 @@ static const gss_OID_desc oids[] = {
+ * to that gss_OID_desc.
+ */
+ };
+-
+-/* Here are the constants which point to the static structure above.
+- *
+- * Constants of the form GSS_C_NT_* are specified by rfc 2744.
+- */
+-const_gss_OID GSS_C_NT_USER_NAME = oids+0;
+-const_gss_OID GSS_C_NT_MACHINE_UID_NAME = oids+1;
+-const_gss_OID GSS_C_NT_STRING_UID_NAME = oids+2;
+-const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3;
+-const_gss_OID GSS_C_NT_HOSTBASED_SERVICE = oids+4;
+-const_gss_OID GSS_C_NT_ANONYMOUS = oids+5;
+-const_gss_OID GSS_C_NT_EXPORT_NAME = oids+6;
++const_gss_OID GSS_C_NT_EXPORT_NAME = &oid_GSS_C_NT_EXPORT_NAME;
++#endif
+
+ #endif /* NO_LIBDL */
+
+ static gss_OID_desc gss_mech_krb5_desc =
+-{ 9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
++{ 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
+ /* iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) krb5(2)*/
+ const gss_OID GSS_MECH_KRB5 = &gss_mech_krb5_desc;
+
+--
+2.37.3
+
diff --git a/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch b/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch
new file mode 100644
index 000000000000..a58bbd185458
--- /dev/null
+++ b/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch
@@ -0,0 +1,36 @@
+From a95e38e9b18ce69b542a9a8c0f18ea8f4c7abb3a Mon Sep 17 00:00:00 2001
+From: Simon Tatham <anakin@pobox.com>
+Date: Sat, 17 Sep 2022 07:50:55 +0100
+Subject: [PATCH 4/4] GSSAPI fix: don't pass GSS_C_NO_NAME to
+ inquire_cred_by_mech.
+
+This was pointed out by another compiler warning. The 'name' parameter
+of inquire_cred_by_mech is not a gss_name_t (which is the type of
+GSS_C_NO_NAME); it's a gss_name_t *, because it's an _output_
+parameter. We're not telling the library that we aren't _passing_ a
+name: we're telling it that we don't need it to _return_ us a name. So
+the appropriate null pointer representation is just NULL.
+
+(This was harmless apart from a compiler warning, because gss_name_t
+is a pointer type in turn and GSS_C_NO_NAME expands to a null pointer
+anyway. It was just a wrongly-typed null pointer.)
+---
+ ssh/gssc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ssh/gssc.c b/ssh/gssc.c
+index 0224afe2..d10caf8b 100644
+--- a/ssh/gssc.c
++++ b/ssh/gssc.c
+@@ -75,7 +75,7 @@ static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh_gss_library *lib,
+ gssctx->maj_stat =
+ gss->inquire_cred_by_mech(&gssctx->min_stat, cred,
+ (gss_OID) GSS_MECH_KRB5,
+- GSS_C_NO_NAME,
++ NULL,
+ &time_rec,
+ NULL,
+ NULL);
+--
+2.37.3
+
diff --git a/security/putty/files/patch-network.c b/security/putty/files/patch-network.c
new file mode 100644
index 000000000000..61a5b64dc8ab
--- /dev/null
+++ b/security/putty/files/patch-network.c
@@ -0,0 +1,16 @@
+--- unix/network.c.orig 2022-09-15 23:42:29 UTC
++++ unix/network.c
+@@ -11,8 +11,13 @@
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <sys/ioctl.h>
++#ifdef __FreeBSD__
++#include <netinet/in.h>
+ #include <arpa/inet.h>
++#else
++#include <arpa/inet.h>
+ #include <netinet/in.h>
++#endif
+ #include <netinet/tcp.h>
+ #include <netdb.h>
+ #include <sys/un.h>
diff --git a/security/putty/files/patch-pageant.c b/security/putty/files/patch-pageant.c
new file mode 100644
index 000000000000..e1361c40a7bb
--- /dev/null
+++ b/security/putty/files/patch-pageant.c
@@ -0,0 +1,11 @@
+--- unix/pageant.c.orig 2022-09-15 23:42:29 UTC
++++ unix/pageant.c
+@@ -330,7 +330,7 @@ void pageant_fork_and_print_env(bool retain_tty)
+ /* Get out of our previous process group, to avoid being
+ * blasted by passing signals. But keep our controlling tty,
+ * so we can keep checking to see if we still have one. */
+- setpgrp();
++ setpgrp(0,0);
+ } else {
+ /* Do that, but also leave our entire session and detach from
+ * the controlling tty (if any). */
diff --git a/security/putty/files/patch-ssh_gssc.c b/security/putty/files/patch-ssh_gssc.c
index 91db8b14c57e..1ab63d482f5d 100644
--- a/security/putty/files/patch-ssh_gssc.c
+++ b/security/putty/files/patch-ssh_gssc.c
@@ -1,4 +1,4 @@
---- ssh/gssc.c.orig 2022-05-24 16:56:27 UTC
+--- ./ssh/gssc.c.orig 2022-05-24 16:56:27 UTC
+++ ssh/gssc.c
@@ -75,7 +75,7 @@ static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh
gssctx->maj_stat =
diff --git a/security/putty/files/patch-unix_network.c b/security/putty/files/patch-unix_network.c
index 19e87ca62c99..7557695903f5 100644
--- a/security/putty/files/patch-unix_network.c
+++ b/security/putty/files/patch-unix_network.c
@@ -1,5 +1,5 @@
---- unix/network.c.orig 2022-05-24 16:56:28 UTC
-+++ unix/network.c
+--- ./unix/network.c.orig 2022-05-24 16:56:28 UTC
++++ ./unix/network.c
@@ -11,8 +11,13 @@
#include <sys/types.h>
#include <sys/socket.h>
diff --git a/security/putty/files/patch-unix_pageant.c b/security/putty/files/patch-unix_pageant.c
index acfcf94966be..fbd68b9aba82 100644
--- a/security/putty/files/patch-unix_pageant.c
+++ b/security/putty/files/patch-unix_pageant.c
@@ -1,5 +1,5 @@
---- unix/pageant.c.orig 2022-05-24 16:56:28 UTC
-+++ unix/pageant.c
+--- ./unix/pageant.c.orig 2022-05-24 16:56:28 UTC
++++ ./unix/pageant.c
@@ -330,7 +330,7 @@ void pageant_fork_and_print_env(bool retain_tty)
/* Get out of our previous process group, to avoid being
* blasted by passing signals. But keep our controlling tty,