[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: netbsd-8 built-in heimdal insufficient?
On 18/03/2020 06:08, John D. Baker wrote:
When I dug into this it was because base heimdal links to libssl from
openssl and the base system openssl is classed as obselete so pkgsrc
insists on installing the supported openssl-1.1.1. The biggest surprise
from that install was ending up with a new su binary in /usr/pkg/ which
always prompted for a kerberos passwords even when suing from root to
another user. I set the option to have the commands prefixed with a k so
that the su in /usr/pkg became ksu.
After updating to pkgsrc-HEAD and rebuilding packages on a NetBSD/amd64
8.1_STABLE system, I discovered that "security/heimdal" had been installed.
So, why is pkgsrc "heimdal" being installed on netbsd-8?
That does leave NetBSD 8 users in a hard place as if a vulnerability is
found in the base openssl they have no way of getting a security patch
for it unless NetBSD can somehow piggyback on the backport work of the
linux distributions like debian and ubuntu. Ubuntu 16 still has openssl
1.0.2 and they are committing to security updates for that until 2024.
OpenSSL themselves have dropped support for it.
Main Index |
Thread Index |