Created attachment 193457 [details]
- Remove USES=gettext and add USE_KDE=wallet_run.
- Patch the code so kwalletd can be found in LOCALBASE.
- Replace the use of socat with netcat which is in base. Note that netcat is bidirectional. It sends input from stdin over the socket and input from the socket to stdout. After receiving EOF on stdin it keeps polling the socket for input until the other end closes the connection, which in the case of kwalletd never happens because it's also waiting for more data until the other end closes the connection. Call netcat using "nc | :" so its stdout is a pipe of which the far end closes immediately (stdout itself stays open). Without a valid stdout netcat becomes unidirectional. Using "nc >&-" doesn't work because it closes stdout itself and its descriptor will be reused for the socket so netcat thinks it has a valid stdout.
- Add an upstream followup to the CVE patches committed in ports r469032.
- Fix an off-by-one buffer size check.
- Fix a call to bind(2). The third argument should be the size of the sockaddr struct. It contains an extra field besides sun_path and sun_family in BSD so the name of the socket got truncated.
The change to set kde home to '.kde4' looks bogus.
It would be great if you would upstream this, by creating a review on phabricator.kde.org.
(In reply to Tobias C. Berner from comment #1)
The .kde4 change is behind an ifdef and it should probably be behind an additional ifdef __FreeBSD__. It's only there in case someone wants to make a copy of this port that builds pam_kwallet.so for the kde4 kwalletd. I believe .kde was used by KDE3 on FreeBSD.
Dealing with upstream is your job as a maintainer. I don't want to register yet more bugzilla/phabricater/whatever accounts.
One thing I forgot to mention: the patch moves the pam module from lib/security to lib where the other pam modules are (see pam.conf(5) about "module-path").
Sorry, that fell through... could you rebase your patch against the current state?