how to install kde patch?

B

beesatmsu

I have installed portauditing which says:

Code: 
Affected package: kdebase-workspace-4.3.5_1
Type of problem: KDM -- local privilege escalation vulnerability.
Reference: <http://portaudit.FreeBSD.org/3987c5d1-47a9-11df-a0d5-0016d32f24fb.html>

basically it says a local user can become root by causing a buffer overflow.

I went to the URL, which points to a patch and I downloaded it: file name: kdebase-workspace-4.3.5-CVE-2010-0436.diff. however there is no instructions how to install this file...

it seems to be a c program...the first few lines of it says:

Code: 
--- kdm/ConfigureChecks.cmake
+++ kdm/ConfigureChecks.cmake
@@ -37,6 +37,35 @@ int main()
 }
 " HAVE_SETLOGIN)

+check_c_source_runs("
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+int main()

how do I install this patch? Thanks.
 
In theory, you should be able to put it into the files/ directory of the port, and name it patch-kdm::ConfigureChecks.cmake.

Then run make clean; make patch to test the patch. If you don't get any error messages from patch, you can build the port. And, finally, install it.
 
Very interesting... have also patch issue... mean how to install it :)
will try...

beesatmsu, isn't it better to fetch kdebase-workspace-4.3.5_2 that's in ports already (I believe)?
Code: 
# portsnap fetch update
# pkg_version -vIL= | grep kdebase
# portupgrade kdebase-workspace
otherwise just live "as is" till update arrival with belief that we are not a $$$$$ banks to hack our FreeBSD.
And fortunately not windoze users to be hacked by bots just for fun :)
 
beesatmsu said:
thanks. so I need to learn how to build a port...maybe I should simply get rid of kde...
Click to expand...

No, you don't need to know how to build a port (as in become a port maintainer). You just need to do the simple steps I outlined.
 
You must log in or register to reply here.
Back
Top