Bug 240708 - security/sssd: Resolve port issues promptly or delete port (insecure, broken and outdated)
Summary: security/sssd: Resolve port issues promptly or delete port (insecure, broken ...
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kubilay Kocak
URL:
Keywords:
Depends on: 217623 220308 231846 239022 241347 238465
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-20 13:36 UTC by Phillip R. Jaenke
Modified: 2019-10-26 21:20 UTC (History)
3 users (show)

See Also:
lukas.slebodnik: maintainer-feedback-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Phillip R. Jaenke 2019-09-20 13:36:38 UTC
security/sssd is still on 1.11 and the maintainer has not updated this port in literal years. The port does not function at all with any supported version of Samba. The last maintainer commit was a URL change in 2017; this version of sssd is from 2015. 
Bugs have been opened requesting updates to 1.13 (LTM), 1.15, and 2.x since, with no action and no success. This version may also contain a vulnerability - CVE-2018-10852 - and is likely to contain unknown vulnerabilities. It also only functions with known vulnerable versions of Samba.
https://www.cvedetails.com/cve/CVE-2018-10852/

All upstream support for sssd 1.11 was ended more than 3 years ago now. Since this port cannot function, and no progress has been made in updating to a supported or functioning version of the port, it should be removed.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2019-09-20 13:53:51 UTC
Take this while I clean up and re-triage existing bugs against security/sssd.
Comment 2 lukas.slebodnik 2019-10-19 22:06:10 UTC
Here you are:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241347