Date: Mon, 21 Oct 2019 10:12:43 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 241347] security/sssd: Update to 1.16.4 Message-ID: <bug-241347-7788-LXuEOi563k@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-241347-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-241347-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241347 --- Comment #4 from lukas.slebodnik@intrak.sk --- (In reply to Rick from comment #1) > Also, the SSSD project is shipping version 2.2. Are there compelling reas= ons for not updating to the project's most recent version, or at least addi= ng it as a new port, security/sssd2 for example? You would need to follow upstream closer to know the context. There is not any sssd-2.0 or sssd-2.1 branch and thus they cannot bachport fixes there. And there were 2 regressions quite serious regressions between 2.2.0 and 2.2.2=20 Upstream promised to make sssd-1.13 LTS version but reality is different. CVE-2019-3811 (https://pagure.io/SSSD/sssd/issue/3901) was fixed just in ma= ster and sssd-1-16 branch. Sure, we could backport patches ourselves. but it is = more complicated to backport patches from sssd-1.16 branch to sssd-1.13. The sssd-1-13 branch had the latest commit 14 months ago and sssd-1-16 11 d= ays ago. I am not sure whether adding security/sssd2 make a sense. I would rather wait till sssd-2.x stabilize on Linux and then move from sssd-1.16 to sssd-2.x. So far sssd-1-16 is still in "active" state in usptr= eam. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241347-7788-LXuEOi563k>