From owner-freebsd-current@FreeBSD.ORG Thu Jun 10 13:36:36 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3CFB11065674 for ; Thu, 10 Jun 2010 13:36:36 +0000 (UTC) (envelope-from gtodd@bellanet.org) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id E81F28FC18 for ; Thu, 10 Jun 2010 13:36:35 +0000 (UTC) Received: by iwn7 with SMTP id 7so3857223iwn.13 for ; Thu, 10 Jun 2010 06:36:35 -0700 (PDT) Received: by 10.231.169.9 with SMTP id w9mr165087iby.58.1276176994872; Thu, 10 Jun 2010 06:36:34 -0700 (PDT) Received: from localhost.localdomain (CPE0080c8f208a5-CM001371173cf8.cpe.net.cable.rogers.com [99.246.61.82]) by mx.google.com with ESMTPS id d9sm58279ibl.10.2010.06.10.06.36.31 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 10 Jun 2010 06:36:32 -0700 (PDT) Message-ID: <4C10E9E5.5020503@bellanet.org> Date: Thu, 10 Jun 2010 09:34:29 -0400 From: gtodd@bellanet.org User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100430 Fedora/3.0.4-2.fc12 Thunderbird/3.0.4 MIME-Version: 1.0 To: freebsd-current@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Our aging base system heimdal X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2010 13:36:36 -0000 On 06/06/2010 12:41 PM, b. f. wrote: > Is anybody planning to update the base system heimdal, which has been > largely untouched since May 2008? In addition to the many other > bug-fixes and improvements in the current version 1.3.3 (see, for > example: > > http://www.h5l.org/releases.html > > ), there are patches for heimdal vulnerabilities 2010-05-27 and > 2010-03-21 (CVE-2010-1321), which are described at: > > http://www.h5l.org/advisories.html > > Others have mentioned that they have problems using our base system > heimdal -- problems that cannot be easily circumvented by rebuilding > WITHOUT_KERBEROS, and using security/krb5 (security/heimdal is badly > outdated), because this leaves various dependent base system utilities > behind, if they are not modified. If you adjust distinfo, pkg-list and the port Makefile, the current 1.3.3 release does build in security/heimdal - it even seems to work! YMMV, I did no serious testing, used no LDAP, etc. etc. More to the point, does using/testing as a port help pave the way for an eventual import into base ? Maintaining a port for a RELEASE might help upstream maintainers @ h5l.org stay connected to FreeBSD without having to track CURRENT (which seems somewhat more tricky cf. the utmpx issue). Since there's no active dedicated security/heimdal port maintainer, maybe the h5l.org developers could be cajoled into adding a FreeBSD machine/VM to their builds/tests/releases. With a high profile project like FreeBSD they'd at least get more up to date bug reports :-) Please excuse any ignorance of the mechanics of importing things into base and maintaining software across multiple platforms that the above post may betray ;-) cheers, gtodd