Index: security/plasma5-kwallet-pam/Makefile
===================================================================
--- security/plasma5-kwallet-pam/Makefile	(revision 470013)
+++ security/plasma5-kwallet-pam/Makefile	(working copy)
@@ -2,7 +2,7 @@
 
 PORTNAME=	kwallet-pam
 DISTVERSION=	${KDE_PLASMA_VERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security kde kde-plasma
 
 MAINTAINER=	kde@FreeBSD.org
@@ -11,8 +11,8 @@ COMMENT=	Plasma5 KWallet PAM Integration
 LIB_DEPENDS=	libgcrypt.so:security/libgcrypt \
 		libgpg-error.so:security/libgpg-error
 
-USES=		cmake:outsource cpe gettext kde:5 tar:xz
-USE_KDE=	ecm
+USES=		cmake:outsource cpe kde:5 tar:xz
+USE_KDE=	ecm wallet_run
 USE_QT5=	buildtools_build qmake_build
 
 # The qmake dependency is only needed so that kf5-e-c-m can query qmake for
@@ -21,5 +21,11 @@ USE_QT5=	buildtools_build qmake_build
 # to avoid needlessly depending on qt5-core.
 CMAKE_ARGS=	-DCMAKE_DISABLE_FIND_PACKAGE_Qt5Core=TRUE \
 		-DQMAKE_EXECUTABLE:PATH=${QMAKE}
+
+post-patch:
+	@${REINPLACE_CMD} -e 's,socat,nc,' -e 's,/security,,' \
+		${WRKSRC}/CMakeLists.txt
+	@${REINPLACE_CMD} 's,/usr/bin/kwalletd,${LOCALBASE}/bin/kwalletd,' \
+		${WRKSRC}/pam_kwallet.c
 
 .include <bsd.port.mk>
Index: security/plasma5-kwallet-pam/files/patch-3-8da1a470.diff
===================================================================
--- security/plasma5-kwallet-pam/files/patch-3-8da1a470.diff	(nonexistent)
+++ security/plasma5-kwallet-pam/files/patch-3-8da1a470.diff	(working copy)
@@ -0,0 +1,51 @@
+From 8da1a47035fc92bc1496059583772bc4bd6e8ba6 Mon Sep 17 00:00:00 2001
+From: Maximiliano Curia <maxy@gnuservers.com.ar>
+Date: Fri, 4 May 2018 22:06:06 +0200
+Subject: [PATCH] Avoid giving an stderr to kwallet
+
+Summary:
+The fixes for CVE-2018-10380 introduced a regression for most users not
+using kde, and some for kde sessions. In particular the reorder of the
+close calls and creating a new socket caused that the socket is always
+assigned the file descriptor 2, aka stderr.
+
+BUG: 393856
+
+Test Plan: It works
+
+Reviewers: #plasma, aacid
+
+Reviewed By: aacid
+
+Subscribers: asturmlechner, rdieter, davidedmundson, plasma-devel
+
+Tags: #plasma
+
+Differential Revision: https://phabricator.kde.org/D12702
+---
+ pam_kwallet.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/pam_kwallet.c b/pam_kwallet.c
+index b9c984a..661ed8d 100644
+--- pam_kwallet.c
++++ pam_kwallet.c
+@@ -375,7 +375,8 @@ static int drop_privileges(struct passwd *userInfo)
+ static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toWalletPipe[2], char *fullSocket)
+ {
+     //In the child pam_syslog does not work, using syslog directly
+-    int x = 2;
++    //keep stderr open so socket doesn't returns us that fd
++    int x = 3;
+     //Close fd that are not of interest of kwallet
+     for (; x < 64; ++x) {
+         if (x != toWalletPipe[0]) {
+@@ -424,6 +425,8 @@ static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toW
+         pam_syslog(pamh, LOG_INFO, "%s-kwalletd: Couldn't listen in socket\n", logPrefix);
+         return;
+     }
++    //finally close stderr
++    close(2);
+ 
+     // Fork twice to daemonize kwallet
+     setsid();

Property changes on: security/plasma5-kwallet-pam/files/patch-3-8da1a470.diff
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/plasma5-kwallet-pam/files/patch-pam_kwallet.c
===================================================================
--- security/plasma5-kwallet-pam/files/patch-pam_kwallet.c	(nonexistent)
+++ security/plasma5-kwallet-pam/files/patch-pam_kwallet.c	(working copy)
@@ -0,0 +1,30 @@
+--- pam_kwallet.c.orig	2018-05-01 12:51:31 UTC
++++ pam_kwallet.c
+@@ -118,7 +118,7 @@ static void parseArguments(int argc, const char **argv
+     }
+ #else
+     if (kdehome == NULL) {
+-        kdehome = ".kde";
++        kdehome = ".kde4";
+     }
+     if (kwalletd == NULL) {
+         kwalletd = "/usr/bin/kwalletd";
+@@ -486,7 +486,7 @@ static void start_kwallet(pam_handle_t *pamh, struct p
+     struct sockaddr_un local;
+     local.sun_family = AF_UNIX;
+ 
+-    if (strlen(fullSocket) > sizeof(local.sun_path)) {
++    if (strlen(fullSocket) >= sizeof(local.sun_path)) {
+         pam_syslog(pamh, LOG_ERR, "%s: socket path %s too long to open",
+                    logPrefix, fullSocket);
+         free(fullSocket);
+@@ -499,8 +499,7 @@ static void start_kwallet(pam_handle_t *pamh, struct p
+ 
+     pam_syslog(pamh, LOG_INFO, "%s: final socket path: %s", logPrefix, local.sun_path);
+ 
+-    size_t len = strlen(local.sun_path) + sizeof(local.sun_family);
+-    if (bind(envSocket, (struct sockaddr *)&local, len) == -1) {
++    if (bind(envSocket, (struct sockaddr *)&local, sizeof(local)) == -1) {
+         pam_syslog(pamh, LOG_INFO, "%s-kwalletd: Couldn't bind to local file\n", logPrefix);
+         return;
+     }

Property changes on: security/plasma5-kwallet-pam/files/patch-pam_kwallet.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/plasma5-kwallet-pam/files/patch-pam_kwallet_init
===================================================================
--- security/plasma5-kwallet-pam/files/patch-pam_kwallet_init	(nonexistent)
+++ security/plasma5-kwallet-pam/files/patch-pam_kwallet_init	(working copy)
@@ -0,0 +1,15 @@
+--- pam_kwallet_init.orig	2018-05-01 12:51:31 UTC
++++ pam_kwallet_init
+@@ -1,10 +1,10 @@
+ #!/bin/sh
+ 
+ if test -n "$PAM_KWALLET_LOGIN" ; then
+-    env | socat STDIN UNIX-CONNECT:$PAM_KWALLET_LOGIN
++    env | nc -U "$PAM_KWALLET_LOGIN" | :
+ fi
+ 
+ if test -n "$PAM_KWALLET5_LOGIN" ; then
+-    env | socat STDIN UNIX-CONNECT:$PAM_KWALLET5_LOGIN
++    env | nc -U "$PAM_KWALLET5_LOGIN" | :
+ fi
+ 

Property changes on: security/plasma5-kwallet-pam/files/patch-pam_kwallet_init
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/plasma5-kwallet-pam/pkg-plist
===================================================================
--- security/plasma5-kwallet-pam/pkg-plist	(revision 470013)
+++ security/plasma5-kwallet-pam/pkg-plist	(working copy)
@@ -1,3 +1,3 @@
 etc/xdg/autostart/pam_kwallet_init.desktop
 lib/libexec/pam_kwallet_init
-lib/security/pam_kwallet5.so
+lib/pam_kwallet5.so