From owner-freebsd-stable@FreeBSD.ORG Wed Jan 28 02:04:02 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1B9AA6E0 for ; Wed, 28 Jan 2015 02:04:02 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DAA12F1B for ; Wed, 28 Jan 2015 02:04:01 +0000 (UTC) Received: from fly.hiwaay.net (localhost.localdomain [127.0.0.1]) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id t0S240K5021251 for ; Tue, 27 Jan 2015 20:04:00 -0600 Received: from localhost (kldunn@localhost) by fly.hiwaay.net (8.13.8/8.13.8/fly-submit) with ESMTP id t0S240u4021248 for ; Tue, 27 Jan 2015 20:04:00 -0600 X-Authentication-Warning: fly.hiwaay.net: kldunn owned process doing -bs Date: Tue, 27 Jan 2015 20:03:59 -0600 (CST) From: Karl Dunn X-X-Sender: kldunn@fly.hiwaay.net Reply-To: Karl Dunn To: freebsd-stable@freebsd.org Subject: Rebuilding 9.3 RELEASE base sendmail causes security gripe Message-ID: User-Agent: Alpine 2.03 (LRH 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 02:04:02 -0000 Newbie question: Recently, I rebuilt base sendmail from the base source. I followed the procedure in 9.3's handbook section 28.9 to do it, so I could include SASLv2. The system's uname shows: -------------------------------------------- # uname -a FreeBSD hfhmc-server 9.3-RELEASE-p5 FreeBSD 9.3-RELEASE-p5 #0: Mon Nov 3 22:02:57 UTC 2014 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 -------------------------------------------- This system is an upgrade (via freebsd-update) from 9.1 RELEASE. The most recent portsnap/upgrade was right before the rebuild. The Makefile of the /usr/ports/mail/sendmail shows: -------------------------------------------- # $FreeBSD: head/mail/sendmail/Makefile 374459 2014-12-10 14:24:17Z dinoex $ PORTNAME= sendmail PORTVERSION= 8.15.1 -------------------------------------------- The result of the rebuild: -------------------------------------------- # sendmail -d0.1 Version 8.14.9 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG -------------------------------------------- Since the rebuild of sendmail, nightly security mail says: -------------------------------------------- Date: Mon, 26 Jan 2015 21:28:48 -0600 (CST) Subject: hfhmc-server security updates Looking up update.FreeBSD.org mirrors... 5 mirrors found. Fetching metadata signature for 9.3-RELEASE from update6.freebsd.org...done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. The following files will be updated as part of updating to 9.3-RELEASE-p8: /usr/libexec/sendmail/sendmail -------------------------------------------- Why the nightly gripe? Does it have to do with the port sendmail being newer than the base sendmail? Also why does uname show -p5? (I did the upgrade from 9.1R to 9.3R on 2014-Dec-28, IIRC.) I am guessing that the gripe is coming from freebsd-update cron in root's crontab. I expect that if I tell freebsd-update to install, I will have to rebuild sendmail again, and the gripes will resume. If I replace sendmail with the one from ports, will that fix this? If so, how do I do that? There is a nearly identical backup system, upgraded 9.1R -> 9.3R a few days before the 9.1->9.3 upgrade of the hfhmc-server, for which I have not done a portsnap or freebsd-upgrade since. No gripes from it. I can provide whatever other info you want. If it's big, I can post it in whatever form you like on my website. Karl Dunn kdunn@acm.org