I've written a patch to add bsd-auth support back to slock 1.4 which I've been using for a while. Tidied the make variable handling a bit as well, no need to patch to use ?=, they can just be overridden with MAKE_FLAGS. OK?
Index: Makefile =================================================================== RCS file: /cvs/ports/x11/slock/Makefile,v retrieving revision 1.17 diff -u -p -r1.17 Makefile --- Makefile 12 Jul 2019 20:51:21 -0000 1.17 +++ Makefile 21 May 2020 10:58:17 -0000 @@ -2,9 +2,7 @@ COMMENT= simple X screen locker -# slock-1.4 drops bsd-auth support; CVE-2016-6866 doesn't affect HAVE_BSD_AUTH -DISTNAME= slock-1.3 -REVISION= 1 +DISTNAME= slock-1.4 CATEGORIES= x11 @@ -19,9 +17,11 @@ WANTLIB= X11 c Xext Xrandr MASTER_SITES= http://dl.suckless.org/tools/ -MAKE_ENV= CC="${CC}" \ - LDFLAGS="${LDFLAGS}" -FAKE_FLAGS= DESTDIR="" +MAKE_FLAGS= CC="${CC}" \ + COPTFLAGS="${CFLAGS}" \ + MANPREFIX=${PREFIX}/man \ + X11INC=${X11BASE}/include \ + X11LIB=${X11BASE}/lib NO_TEST= Yes Index: distinfo =================================================================== RCS file: /cvs/ports/x11/slock/distinfo,v retrieving revision 1.10 diff -u -p -r1.10 distinfo --- distinfo 5 Mar 2016 19:17:01 -0000 1.10 +++ distinfo 21 May 2020 10:58:17 -0000 @@ -1,2 +1,2 @@ -SHA256 (slock-1.3.tar.gz) = urSjrqQEaqD9A2HDZJt5uQylMbxd+uPEpsD+Q2FSvRg= -SIZE (slock-1.3.tar.gz) = 5943 +SHA256 (slock-1.4.tar.gz) = tThJ28YBCamH16SbjaGXMFwpMH/XTBLcGK8NMEQ5Lmo= +SIZE (slock-1.4.tar.gz) = 6889 Index: patches/patch-Makefile =================================================================== RCS file: /cvs/ports/x11/slock/patches/patch-Makefile,v retrieving revision 1.5 diff -u -p -r1.5 patch-Makefile --- patches/patch-Makefile 5 Mar 2016 19:17:01 -0000 1.5 +++ patches/patch-Makefile 21 May 2020 10:58:17 -0000 @@ -1,6 +1,8 @@ -$OpenBSD: patch-Makefile,v 1.5 2016/03/05 19:17:01 jung Exp $ ---- Makefile.orig Fri Feb 12 20:29:02 2016 -+++ Makefile Fri Feb 26 21:06:04 2016 +$OpenBSD$ + +Index: Makefile +--- Makefile.orig ++++ Makefile @@ -15,8 +15,7 @@ options: @echo "CC = ${CC}" @@ -9,7 +11,7 @@ $OpenBSD: patch-Makefile,v 1.5 2016/03/0 - @${CC} -c ${CFLAGS} $< + ${CC} -c ${CFLAGS} $< - ${OBJ}: config.h config.mk + ${OBJ}: config.h config.mk arg.h util.h @@ -25,8 +24,7 @@ config.h: @cp config.def.h $@ Index: patches/patch-config_def_h =================================================================== RCS file: patches/patch-config_def_h diff -N patches/patch-config_def_h --- patches/patch-config_def_h 5 Mar 2016 19:17:01 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,11 +0,0 @@ -$OpenBSD: patch-config_def_h,v 1.2 2016/03/05 19:17:01 jung Exp $ ---- config.def.h.orig Fri Feb 12 20:29:02 2016 -+++ config.def.h Fri Feb 26 20:57:47 2016 -@@ -1,6 +1,6 @@ - static const char *colorname[NUMCOLS] = { - "black", /* after initialization */ -- "#005577", /* during input */ -+ "#404040", /* during input */ - "#CC3333", /* failed/cleared the input */ - }; - static const Bool failonclear = True; Index: patches/patch-config_mk =================================================================== RCS file: /cvs/ports/x11/slock/patches/patch-config_mk,v retrieving revision 1.9 diff -u -p -r1.9 patch-config_mk --- patches/patch-config_mk 13 Aug 2016 14:00:00 -0000 1.9 +++ patches/patch-config_mk 21 May 2020 10:58:17 -0000 @@ -1,44 +1,23 @@ -$OpenBSD: patch-config_mk,v 1.9 2016/08/13 14:00:00 tb Exp $ ---- config.mk.orig Fri Feb 12 20:29:02 2016 -+++ config.mk Sat Aug 13 15:38:13 2016 -@@ -4,28 +4,28 @@ VERSION = 1.3 - # Customize below to fit your system - - # paths --PREFIX = /usr/local --MANPREFIX = ${PREFIX}/share/man -+PREFIX ?= /usr/local -+MANPREFIX = ${PREFIX}/man - --X11INC = /usr/X11R6/include --X11LIB = /usr/X11R6/lib -+X11INC = ${X11BASE}/include -+X11LIB = ${X11BASE}/lib +$OpenBSD$ + +Index: config.mk +--- config.mk.orig ++++ config.mk +@@ -12,12 +12,13 @@ X11LIB = /usr/X11R6/lib # includes and libs --INCS = -I. -I/usr/include -I${X11INC} + INCS = -I. -I/usr/include -I${X11INC} -LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -+INCS = -I${X11INC} -+LIBS = -L${X11LIB} -lX11 -lXext -lXrandr ++LIBS = -L/usr/lib -L${X11LIB} -lX11 -lXext -lXrandr # flags --CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H +-CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H -CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS} -LDFLAGS = -s ${LIBS} -+CPPFLAGS += -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE -+CFLAGS += -std=c99 -pedantic -Wall ${INCS} ${CPPFLAGS} -+LDFLAGS += ${LIBS} ++COPTFLAGS = -Os ++CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_BSD_AUTH -D_BSD_SOURCE ++CFLAGS = -std=c99 -pedantic -Wall ${INCS} ${CPPFLAGS} ${COPTFLAGS} ++LDFLAGS = ${LIBS} + COMPATSRC = explicit_bzero.c - # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH # On OpenBSD and Darwin remove -lcrypt from LIBS - - # compiler and linker --CC = cc -+CC ?= cc - - # Install mode. On BSD systems MODE=2755 and GROUP=auth - # On others MODE=4755 and GROUP=root --#MODE=2755 --#GROUP=auth -+MODE=2755 -+GROUP=auth Index: patches/patch-slock_c =================================================================== RCS file: /cvs/ports/x11/slock/patches/patch-slock_c,v retrieving revision 1.3 diff -u -p -r1.3 patch-slock_c --- patches/patch-slock_c 13 Aug 2016 14:00:00 -0000 1.3 +++ patches/patch-slock_c 21 May 2020 10:58:17 -0000 @@ -1,33 +1,119 @@ -$OpenBSD: patch-slock_c,v 1.3 2016/08/13 14:00:00 tb Exp $ ---- slock.c.orig Fri Feb 12 20:29:02 2016 -+++ slock.c Sat Aug 13 15:37:49 2016 -@@ -47,7 +47,7 @@ static Bool rr; - static int rrevbase; - static int rrerrbase; - --static void -+static void __attribute__((__noreturn__, __format__(printf, 1, 2))) - die(const char *errstr, ...) +$OpenBSD$ + +Add back bsd-auth support, removed in 04143fd68dbc + +Index: slock.c +--- slock.c.orig ++++ slock.c +@@ -19,6 +19,11 @@ + #include <X11/Xlib.h> + #include <X11/Xutil.h> + ++#if HAVE_BSD_AUTH ++#include <login_cap.h> ++#include <bsd_auth.h> ++#endif ++ + #include "arg.h" + #include "util.h" + +@@ -83,6 +88,7 @@ dontkillme(void) + } + #endif + ++#ifndef HAVE_BSD_AUTH + static const char * + gethash(void) { - va_list ap; -@@ -172,10 +172,12 @@ readpw(Display *dpy, const char *pws) - break; - case XK_Escape: - len = 0; -+ explicit_bzero(passwd, sizeof(passwd)); - break; - case XK_BackSpace: - if (len) - --len; -+ explicit_bzero(passwd + len, 1); - break; - default: - if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) { -@@ -185,6 +187,7 @@ readpw(Display *dpy, const char *pws) - break; - } - color = len ? INPUT : (failure || failonclear ? FAILED : INIT); -+ explicit_bzero(buf, sizeof(buf)); - if (running && oldc != color) { - for (screen = 0; screen < nscreens; screen++) { - XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]); +@@ -123,13 +129,21 @@ gethash(void) + + return hash; + } ++#endif /* HAVE_BSD_AUTH */ + + static void ++#ifdef HAVE_BSD_AUTH ++readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens) ++#else + readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens, + const char *hash) ++#endif + { + XRRScreenChangeNotifyEvent *rre; +- char buf[32], passwd[256], *inputhash; ++ char buf[32], passwd[256]; ++#ifndef HAVE_BSD_AUTH ++ char *inputhash; ++#endif + int num, screen, running, failure, oldc; + unsigned int len, color; + KeySym ksym; +@@ -160,10 +174,14 @@ readpw(Display *dpy, struct xrandr *rr, struct lock ** + case XK_Return: + passwd[len] = '\0'; + errno = 0; ++#ifdef HAVE_BSD_AUTH ++ running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd); ++#else + if (!(inputhash = crypt(passwd, hash))) + fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); + else + running = !!strcmp(inputhash, hash); ++#endif + if (running) { + XBell(dpy, 100); + failure = 1; +@@ -303,7 +321,9 @@ main(int argc, char **argv) { + struct group *grp; + uid_t duid; + gid_t dgid; ++#ifndef HAVE_BSD_AUTH + const char *hash; ++#endif + Display *dpy; + int s, nlocks, nscreens; + +@@ -331,14 +351,23 @@ main(int argc, char **argv) { + dontkillme(); + #endif + ++#ifndef HAVE_BSD_AUTH + hash = gethash(); + errno = 0; + if (!crypt("", hash)) + die("slock: crypt: %s\n", strerror(errno)); ++#endif + + if (!(dpy = XOpenDisplay(NULL))) + die("slock: cannot open display\n"); + ++/* ++ * don't drop groups for bsd-auth, slock runs as the user's normal ++ * uid, and requires gid auth from the setgid bit. (without bsd-auth ++ * slock needs to start with uid root or gid _shadow to read spwd.db, ++ * and is unable to use non-password methods) ++ */ ++#ifndef HAVE_BSD_AUTH + /* drop privileges */ + if (setgroups(0, NULL) < 0) + die("slock: setgroups: %s\n", strerror(errno)); +@@ -346,6 +375,7 @@ main(int argc, char **argv) { + die("slock: setgid: %s\n", strerror(errno)); + if (setuid(duid) < 0) + die("slock: setuid: %s\n", strerror(errno)); ++#endif + + /* check for Xrandr support */ + rr.active = XRRQueryExtension(dpy, &rr.evbase, &rr.errbase); +@@ -381,7 +411,11 @@ main(int argc, char **argv) { + } + + /* everything is now blank. Wait for the correct password */ ++#ifdef HAVE_BSD_AUTH ++ readpw(dpy, &rr, locks, nscreens); ++#else + readpw(dpy, &rr, locks, nscreens, hash); ++#endif + + return 0; + }
