Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Mar 2003 15:11:25 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Mike Loiterman <mike@ascendency.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Sendmail patch questions...
Message-ID:  <20030304151125.GD14952@happy-idiot-talk.infracaninophi>
In-Reply-To: <005f01c2e247$aa08e420$0301a8c0@mike>
References:  <20030304082026.GB6551@happy-idiot-talk.infracaninophi> <005f01c2e247$aa08e420$0301a8c0@mike>

next in thread | previous in thread | raw e-mail | index | archive | help

--8NvZYKFJsRX2Djef
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 04, 2003 at 06:14:49AM -0600, Mike Loiterman wrote:
> =20
> On Tuesday, March 04, 2003 2:20 AM Matthew Seaman <mailto:m.seaman@infrac=
aninophile.co.uk> wrote:
>=20
> > On Tue, Mar 04, 2003 at 04:22:49AM +0200, Giorgos Keramidas wrote:
> >=20
> >> PS: You can always upgrade to RELENG_4.  Gregory Neil Shapiro, the
> >> maintainer of Sendmail on FreeBSD, has already merged the latest
> >> Sendmail version (8.12.8) to the RELENG_4 branch.
> >=20
> > Actually, according to what I can see in a quick trawl through cvsweb,
> > he's MFC'd sendmail patches on all RELENG_x and RELENG_x_y branches
> > back to and including RELENG_3:
> >=20
> >   =20
> > http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/sendmail/src/?sortby=
=3Ddate&only_with_tag=3DRELENG_3
> >=20
> > However, it seems that his modifications don't constitute a complete
> > upgrade to sendmail-8.12.8 except on RELENG_4 and HEAD.  Hence the
> > confusion over the binary updates given in the original security
> > alert.  Your sendmail binary will be immune to this attack if you've
> > built it out of a recently cvsup'd source tree or installed one of the
> > binary patches so that:
> >=20
> >     -- you're running sendmail-8.12.8 or better
> >=20
> >     or
> >=20
> >     -- the string 'Dropped invalid comments from header address'
> >        appears in the sendmail binary.
> >=20
> > Thanks to Claus Assmann for pointing out the second test.
> >=20
> > 	Cheers,
> >=20
> > 	Matthew
>=20
> Thanks Matt.  Few questions though:
>=20
> 1.  What is `BP'?

If you're talking about CVS tags that stands for "Branch Point" --
ie. RELENG_4_7_BP marks the state of the sources at the point that the
RELENG_4_7 branch was created out of the RELENG_4 sources.  It's not a
particularly rewarding place to look for a fixed version of sendmail
though.

> 2.  I appllied the patch and now I'm building world with my exsisting 4.4=
 sources.  Is this not `safe' as cvsuping and then buidling world?  I'm not=
 sure I understand the implications of not cvsuping, especially since the p=
atch has been applied to 8.11.6 in the 4.4 branch.

There's different interpretations of "safe".  If you're running
production services on your machine and you can't afford the time to
run through regression tests and the like which you should do when
upgrading to a new OS version, then a conservative upgrade, like
applying the patches from the advisory or cvsup'ing to the latest
RELENG_4_4 sources sounds like a good idea.

On the other hand, if this is a personal machine and you can cope with
the sort of fallout you may encounter by doing a wholesale upgrade[*]
then generally, running the latest available 4.x version will give you
maximum benefit of all the development that's gone into the system
over the last year or so with minimum teething problems due to untried
code.

	Cheers,

	Matthew

[*] Not that FreeBSD upgrades tend to generate that much in terms of
fallout anyhow.  I can't remember the last time I broke a system or a
software package by attempting to upgrade.


--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--8NvZYKFJsRX2Djef
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+ZMIddtESqEQa7a0RApGlAJ9r/iqy/fFR6nzo2iePBtdKGthfpwCeN7HA
l3wpWLjqWqc4/SUC9rsZ2VI=
=5NiT
-----END PGP SIGNATURE-----

--8NvZYKFJsRX2Djef--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030304151125.GD14952>