Index: Makefile.in
--- Makefile.in.orig	2020-01-29 17:42:32.000000000 +0100
+++ Makefile.in	2020-03-12 23:07:35.270076000 +0100
@@ -1941,7 +1941,7 @@
 	p11-kit/p11-kit.c \
 	$(NULL)
 
-p11_kit_p11_kit_LDADD = \
+p11_kit_p11_kit_LDADD = -static \
 	libp11-kit.la \
 	libp11-tool.la \
 	libp11-common.la \
@@ -2147,7 +2147,7 @@
 @WITH_TRUST_MODULE_TRUE@libtrust_testable_la_LIBADD = \
 @WITH_TRUST_MODULE_TRUE@	$(LIBTASN1_LIBS)
 
-@WITH_TRUST_MODULE_TRUE@trust_trust_LDADD = \
+@WITH_TRUST_MODULE_TRUE@trust_trust_LDADD = -static \
 @WITH_TRUST_MODULE_TRUE@	libtrust-data.la \
 @WITH_TRUST_MODULE_TRUE@	libp11-kit.la \
 @WITH_TRUST_MODULE_TRUE@	libp11-common.la \
Index: common/compat.c
--- common/compat.c.orig	2020-01-07 16:15:00.000000000 +0100
+++ common/compat.c	2020-03-12 23:07:35.270277000 +0100
@@ -39,6 +39,9 @@
  * on older pthreads implementations
  */
 #define _XOPEN_SOURCE 700
+#ifdef __FreeBSD__
+#define __BSD_VISIBLE 1
+#endif
 
 #include "compat.h"
 #include "debug.h"
@@ -799,7 +802,7 @@
 #ifndef HAVE_GETAUXVAL
 
 unsigned long
-getauxval (unsigned long type)
+_p11_getauxval (unsigned long type)
 {
 	static unsigned long secure = 0UL;
 	static bool check_secure_initialized = false;
@@ -811,7 +814,7 @@
 	assert (type == AT_SECURE);
 
 	if (!check_secure_initialized) {
-#if defined(HAVE___LIBC_ENABLE_SECURE)
+#if defined(HAVE___LIBC_ENABLE_SECURE) && !defined(__GNU__)
 		extern int __libc_enable_secure;
 		secure = __libc_enable_secure;
 
@@ -848,7 +851,7 @@
 char *
 secure_getenv (const char *name)
 {
-	if (getauxval (AT_SECURE))
+	if (_p11_getauxval (AT_SECURE))
 		return NULL;
 	return getenv (name);
 }
Index: common/compat.h
--- common/compat.h.orig	2020-01-07 16:15:00.000000000 +0100
+++ common/compat.h	2020-03-12 23:07:35.270410000 +0100
@@ -343,10 +343,11 @@
 #ifdef HAVE_GETAUXVAL
 
 #include <sys/auxv.h>
+#define _p11_getauxval(X) getauxval(X)
 
 #else /* !HAVE_GETAUXVAL */
 
-unsigned long     getauxval (unsigned long type);
+unsigned long     _p11_getauxval (unsigned long type);
 
 #define AT_SECURE 23
 
Index: common/frob-getauxval.c
--- common/frob-getauxval.c.orig	2019-10-21 17:59:08.000000000 +0200
+++ common/frob-getauxval.c	2020-03-12 23:07:35.270525000 +0100
@@ -55,7 +55,7 @@
 		abort ();
 	}
 
-	ret = getauxval (type);
+	ret = _p11_getauxval (type);
 	printf ("getauxval(%lu) == %lu\n", type, ret);
 	return (int)ret;
 }
Index: common/path.c
--- common/path.c.orig	2019-10-22 11:21:37.000000000 +0200
+++ common/path.c	2020-03-12 23:07:35.270645000 +0100
@@ -108,7 +108,7 @@
 {
 	const char *env;
 
-	if (getauxval (AT_SECURE)) {
+	if (_p11_getauxval (AT_SECURE)) {
 		errno = EPERM;
 		return NULL;
 	}
Index: common/unix-peer.c
--- common/unix-peer.c.orig	2019-10-21 17:59:08.000000000 +0200
+++ common/unix-peer.c	2020-03-12 23:07:35.270755000 +0100
@@ -47,6 +47,10 @@
 #  include <ucred.h>
 #endif
 
+#if  (!defined(SO_PEERCRED) && !defined(HAVE_GETPEEREID) && !defined(HAVE_GETPEERUCRED) && defined(HAVE_SYS_UCRED_H)) || defined(__FreeBSD__)
+#  include <sys/ucred.h>
+#endif
+
 /* Returns the unix domain socket peer information.
  * Returns zero on success.
  */
@@ -106,6 +110,25 @@
 
 	if (ret)
 		return -1;
+
+#elif (defined(HAVE_SYS_UCRED_H) && defined(LOCAL_PEERCRED) && defined(XUCRED_VERSION)) || defined(__FreeBSD__)
+	struct xucred cr;
+	socklen_t cr_len;
+
+	cr_len = sizeof (cr);
+	ret = getsockopt (cfd, 0, LOCAL_PEERCRED, &cr, &cr_len);
+	if (ret == -1)
+		return -1;
+
+	if (uid)
+		*uid = cr.cr_uid;
+
+	if (gid)
+		*gid = cr.cr_gid;
+
+	/* pid not available */
+	if (pid)
+		*pid = (socklen_t)-1;
 #else
 #error "Unsupported UNIX variant"
 #endif
Index: configure
--- configure.orig	2020-01-29 17:42:31.000000000 +0100
+++ configure	2020-03-12 23:07:57.497302000 +0100
@@ -16178,9 +16178,6 @@
 
 
 
-if test "$enable_static" = "yes"; then
-	as_fn_error $? "p11-kit cannot be used as a static library" "$LINENO" 5
-fi
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for win32" >&5
 $as_echo_n "checking for win32... " >&6; }
Index: p11-kit/conf.c
--- p11-kit/conf.c.orig	2020-01-07 16:15:00.000000000 +0100
+++ p11-kit/conf.c	2020-03-12 23:07:35.270893000 +0100
@@ -229,7 +229,7 @@
 	}
 
 	if (mode != CONF_USER_NONE) {
-		if (getauxval (AT_SECURE)) {
+		if (_p11_getauxval (AT_SECURE)) {
 			p11_debug ("skipping user config in setuid or setgid program");
 			mode = CONF_USER_NONE;
 #ifdef OS_UNIX
Index: p11-kit/frob-setuid.c
--- p11-kit/frob-setuid.c.orig	2019-10-21 17:59:08.000000000 +0200
+++ p11-kit/frob-setuid.c	2020-03-12 23:07:35.271006000 +0100
@@ -70,7 +70,7 @@
 	printf ("'setting' on module 'one': %s\n", field ? field : "(null)");
 
 	assert (field != NULL);
-	if (getauxval (AT_SECURE))
+	if (_p11_getauxval (AT_SECURE))
 		assert (strcmp (field, "system1") == 0);
 	else
 		assert (strcmp (field, "user1") == 0);
Index: p11-kit/modules.c
--- p11-kit/modules.c.orig	2020-01-07 16:15:00.000000000 +0100
+++ p11-kit/modules.c	2020-03-12 23:07:35.271301000 +0100
@@ -69,6 +69,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <limits.h>
 
 /**
  * SECTION:p11-kit
Index: trust/extract-jks.c
--- trust/extract-jks.c.orig	2019-10-21 17:59:08.000000000 +0200
+++ trust/extract-jks.c	2020-03-12 23:07:35.271439000 +0100
@@ -250,9 +250,7 @@
 	 * when this was this certificate was added to the keystore, however
 	 * we don't have that information. Java uses time in milliseconds
 	 */
-	if (_p11_extract_jks_timestamp)
-		now = _p11_extract_jks_timestamp;
-	else {
+	{
 		char *source_date_epoch;
 		source_date_epoch = secure_getenv ("SOURCE_DATE_EPOCH");
 		if (source_date_epoch) {
@@ -278,7 +276,9 @@
 				return false;
 			}
 			now = epoch;
-		} else
+		} else if (_p11_extract_jks_timestamp)
+			now = _p11_extract_jks_timestamp;
+		else
 			now = time (NULL);
 	}