# how to install kde patch?



## beesatmsu (May 7, 2010)

I have installed portauditing which says:


```
Affected package: kdebase-workspace-4.3.5_1
Type of problem: KDM -- local privilege escalation vulnerability.
Reference: <http://portaudit.FreeBSD.org/3987c5d1-47a9-11df-a0d5-0016d32f24fb.html>
```

basically it says a local user can become root by causing a buffer overflow. 

I went to the URL, which points to a patch and I downloaded it: file name: kdebase-workspace-4.3.5-CVE-2010-0436.diff. however there is no instructions how to install this file...

it seems to be a c program...the first few lines of it says:


```
--- kdm/ConfigureChecks.cmake
+++ kdm/ConfigureChecks.cmake
@@ -37,6 +37,35 @@ int main()
 }
 " HAVE_SETLOGIN)

+check_c_source_runs("
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+int main()
```

how do I install this patch?   Thanks.


----------



## phoenix (May 7, 2010)

In theory, you should be able to put it into the *files/* directory of the port, and name it patch-kdm::ConfigureChecks.cmake.

Then run *make clean; make patch* to test the patch.  If you don't get any error messages from patch, you can build the port.  And, finally, install it.


----------



## beesatmsu (May 7, 2010)

thanks. so I need to learn how to build a port...maybe I should simply get rid of kde...


----------



## zeiz (May 7, 2010)

Very interesting... have also patch issue... mean how to install it 
will try...

beesatmsu, isn't it better to fetch kdebase-workspace-4.3.5_*2* that's in ports already (I believe)?

```
# portsnap fetch update
# pkg_version -vIL= | grep kdebase
# portupgrade kdebase-workspace
```
otherwise just live "as is" till update arrival with belief that we are not a $$$$$ banks to hack our FreeBSD.
And fortunately not windoze users to be hacked by bots just for fun


----------



## phoenix (May 7, 2010)

beesatmsu said:
			
		

> thanks. so I need to learn how to build a port...maybe I should simply get rid of kde...



No, you don't need to know how to build a port (as in become a port maintainer).  You just need to do the simple steps I outlined.


----------

