Our aging base system heimdal

gtodd at bellanet.org gtodd at bellanet.org
Thu Jun 10 13:36:36 UTC 2010

On 06/06/2010 12:41 PM, b. f. wrote:
> Is anybody planning to update the base system heimdal, which has been
> largely untouched since May 2008?  In addition to the many other
> bug-fixes and improvements in the current version 1.3.3 (see, for
> example:
> http://www.h5l.org/releases.html
> ), there are patches for heimdal vulnerabilities 2010-05-27 and
> 2010-03-21 (CVE-2010-1321), which are described at:
> http://www.h5l.org/advisories.html
> Others have mentioned that they have problems using our base system
> heimdal -- problems that cannot be easily circumvented by rebuilding
> WITHOUT_KERBEROS, and using security/krb5 (security/heimdal is badly
> outdated), because this leaves various dependent base system utilities
> behind, if they are not modified.

If you adjust distinfo, pkg-list and the port Makefile, the current
1.3.3 release does build in security/heimdal - it even seems to work!
YMMV, I did no serious testing, used no LDAP, etc. etc.

More to the point, does using/testing as a port help pave the way for an
eventual import into base ?  Maintaining a port for a RELEASE might help
upstream maintainers @ h5l.org stay connected to FreeBSD without having
to track CURRENT (which seems somewhat more tricky cf. the utmpx issue).

Since there's no active dedicated security/heimdal port maintainer,
maybe the h5l.org developers could be cajoled into adding a FreeBSD
machine/VM to their builds/tests/releases. With a high profile project
like FreeBSD they'd at least get more up to date bug reports :-)

Please excuse any ignorance of the mechanics of importing things into
base and maintaining software across multiple platforms that the above
post may betray ;-)



More information about the freebsd-current mailing list