Date: Thu, 10 Jun 2010 09:34:29 -0400 From: gtodd@bellanet.org To: freebsd-current@freebsd.org Subject: Re: Our aging base system heimdal Message-ID: <4C10E9E5.5020503@bellanet.org> In-Reply-To: <AANLkTik213g_8W2ocr3mCCb2EED8RBXsYBavdYll1PI_@mail.gmail.com> References: <AANLkTik213g_8W2ocr3mCCb2EED8RBXsYBavdYll1PI_@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/06/2010 12:41 PM, b. f. wrote: > Is anybody planning to update the base system heimdal, which has been > largely untouched since May 2008? In addition to the many other > bug-fixes and improvements in the current version 1.3.3 (see, for > example: > > http://www.h5l.org/releases.html > > ), there are patches for heimdal vulnerabilities 2010-05-27 and > 2010-03-21 (CVE-2010-1321), which are described at: > > http://www.h5l.org/advisories.html > > Others have mentioned that they have problems using our base system > heimdal -- problems that cannot be easily circumvented by rebuilding > WITHOUT_KERBEROS, and using security/krb5 (security/heimdal is badly > outdated), because this leaves various dependent base system utilities > behind, if they are not modified. If you adjust distinfo, pkg-list and the port Makefile, the current 1.3.3 release does build in security/heimdal - it even seems to work! YMMV, I did no serious testing, used no LDAP, etc. etc. More to the point, does using/testing as a port help pave the way for an eventual import into base ? Maintaining a port for a RELEASE might help upstream maintainers @ h5l.org stay connected to FreeBSD without having to track CURRENT (which seems somewhat more tricky cf. the utmpx issue). Since there's no active dedicated security/heimdal port maintainer, maybe the h5l.org developers could be cajoled into adding a FreeBSD machine/VM to their builds/tests/releases. With a high profile project like FreeBSD they'd at least get more up to date bug reports :-) Please excuse any ignorance of the mechanics of importing things into base and maintaining software across multiple platforms that the above post may betray ;-) cheers, gtodd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C10E9E5.5020503>