From 24f7b338f2539a4232d1c7b2a3cc79b7ad832854 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Sun, 8 Oct 2023 18:46:40 +0000
Subject: [PATCH] heimdal: Disable sqlite3 credential cache (SCC).

SCC is not usable in Heimdal 7.8.0, and this brings a dependency on
libsqlite3 into libkrb5 and therefore libgssapi, which is problematic
downstream applications that have sqlite3 from pkgsrc or statically
built in.

SCC will undergo substantial revision in the next Heimdal version
(https://github.com/heimdal/heimdal/pull/1143).  We can revisit later
how to deal with this -- perhaps by symbol-renaming a copy of sqlite3
in Heimdal as it looks like upstream intends to do.

PR lib/57406

XXX pullup-10
---
 crypto/external/bsd/heimdal/Makefile.inc         | 4 ++--
 crypto/external/bsd/heimdal/include/config.h     | 2 +-
 crypto/external/bsd/heimdal/lib/libhdb/Makefile  | 3 ++-
 crypto/external/bsd/heimdal/lib/libkrb5/Makefile | 1 -
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/crypto/external/bsd/heimdal/Makefile.inc b/crypto/external/bsd/heimdal/Makefile.inc
index 6c5a08cfbe03..795bc8231521 100644
--- a/crypto/external/bsd/heimdal/Makefile.inc
+++ b/crypto/external/bsd/heimdal/Makefile.inc
@@ -22,8 +22,8 @@ DPLIBROKEN=	roken ${HEIMBASE}/lib/libroken
 DPLIBSL=	sl ${HEIMBASE}/lib/libsl
 DPLIBVERS=	vers ${HEIMBASE}/lib/libvers
 DPLIBWIND=	wind ${HEIMBASE}/lib/libwind
-KRB5LDADD=	-lsqlite3 -lcrypto -lcrypt -lm
-KRB5DPADD=	${LIBSQLITE3} ${LIBCRYPTO} ${LIBCRYPT} ${LIBM}
+KRB5LDADD=	-lcrypto -lcrypt -lm
+KRB5DPADD=	${LIBCRYPTO} ${LIBCRYPT} ${LIBM}
 
 .if ${USETOOLS} != "yes"
 COMPILEETOBJ!=     cd ${HEIMBASE}/lib/libcom_err/compile_et && ${PRINTOBJDIR}
diff --git a/crypto/external/bsd/heimdal/include/config.h b/crypto/external/bsd/heimdal/include/config.h
index d72f5ffbddf3..4d2ed1b53643 100644
--- a/crypto/external/bsd/heimdal/include/config.h
+++ b/crypto/external/bsd/heimdal/include/config.h
@@ -754,7 +754,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
 #define HAVE_SA_FAMILY_T 1
 
 /* Define if you want support for cache in sqlite. */
-#define HAVE_SCC 1
+/* #undef HAVE_SCC */
 
 /* Define to 1 if you have the <search.h> header file. */
 #define HAVE_SEARCH_H 1
diff --git a/crypto/external/bsd/heimdal/lib/libhdb/Makefile b/crypto/external/bsd/heimdal/lib/libhdb/Makefile
index bf5be79a52fe..e202f6f35eda 100644
--- a/crypto/external/bsd/heimdal/lib/libhdb/Makefile
+++ b/crypto/external/bsd/heimdal/lib/libhdb/Makefile
@@ -18,7 +18,8 @@ LIBDPLIBS+=	hx509		${HEIMBASE}/lib/libhx509	\
 		com_err		${HEIMBASE}/lib/libcom_err	\
 		roken		${HEIMBASE}/lib/libroken	\
 		wind		${HEIMBASE}/lib/libwind		\
-		heimbase	${HEIMBASE}/lib/libheimbase
+		heimbase	${HEIMBASE}/lib/libheimbase	\
+		sqlite3		${NETBSDSRCDIR}/external/public-domain/sqlite/lib
 
 HEIMSRCS= hdb_err.et hdb.asn1
 ASN1_OPTS.hdb.asn1+= --one-code-file --sequence=HDB-Ext-KeySet --sequence=Keys
diff --git a/crypto/external/bsd/heimdal/lib/libkrb5/Makefile b/crypto/external/bsd/heimdal/lib/libkrb5/Makefile
index 202d65120289..e2b46b550685 100644
--- a/crypto/external/bsd/heimdal/lib/libkrb5/Makefile
+++ b/crypto/external/bsd/heimdal/lib/libkrb5/Makefile
@@ -23,7 +23,6 @@ LIBDPLIBS+=	\
 	roken		${HEIMBASE}/lib/libroken	\
 	wind		${HEIMBASE}/lib/libwind		\
 	heimbase	${HEIMBASE}/lib/libheimbase	\
-	sqlite3		${NETBSDSRCDIR}/external/public-domain/sqlite/lib \
 	crypt		${NETBSDSRCDIR}/lib/libcrypt
 
 HEIMSRCS= krb_err.et krb5_err.et heim_err.et k524_err.et