On 06/06/2010 12:41 PM, b. f. wrote: > Is anybody planning to update the base system heimdal, which has been > largely untouched since May 2008? In addition to the many other > bug-fixes and improvements in the current version 1.3.3 (see, for > example: > > http://www.h5l.org/releases.html > > ), there are patches for heimdal vulnerabilities 2010-05-27 and > 2010-03-21 (CVE-2010-1321), which are described at: > > http://www.h5l.org/advisories.html > > Others have mentioned that they have problems using our base system > heimdal -- problems that cannot be easily circumvented by rebuilding > WITHOUT_KERBEROS, and using security/krb5 (security/heimdal is badly > outdated), because this leaves various dependent base system utilities > behind, if they are not modified. If you adjust distinfo, pkg-list and the port Makefile, the current 1.3.3 release does build in security/heimdal - it even seems to work! YMMV, I did no serious testing, used no LDAP, etc. etc. More to the point, does using/testing as a port help pave the way for an eventual import into base ? Maintaining a port for a RELEASE might help upstream maintainers _at_ h5l.org stay connected to FreeBSD without having to track CURRENT (which seems somewhat more tricky cf. the utmpx issue). Since there's no active dedicated security/heimdal port maintainer, maybe the h5l.org developers could be cajoled into adding a FreeBSD machine/VM to their builds/tests/releases. With a high profile project like FreeBSD they'd at least get more up to date bug reports :-) Please excuse any ignorance of the mechanics of importing things into base and maintaining software across multiple platforms that the above post may betray ;-) cheers, gtoddReceived on Thu Jun 10 2010 - 11:36:36 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:04 UTC