From owner-freebsd-questions@FreeBSD.ORG Sun Mar 26 03:28:08 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93F9416A423 for ; Sun, 26 Mar 2006 03:28:08 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4263543D49 for ; Sun, 26 Mar 2006 03:28:08 +0000 (GMT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.13.1/8.13.4) id k2Q3S0R0069991; Sat, 25 Mar 2006 21:28:00 -0600 (CST) (envelope-from dan) Date: Sat, 25 Mar 2006 21:28:00 -0600 From: Dan Nelson To: Jonathan Horne Message-ID: <20060326032800.GP42429@dan.emsphone.com> References: <200603251810.k2PIAEPU098632@zeus.int.dfwlp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200603251810.k2PIAEPU098632@zeus.int.dfwlp.com> X-OS: FreeBSD 5.5-PRERELEASE X-message-flag: Outlook Error User-Agent: Mutt/1.5.11 Cc: freebsd-questions@freebsd.org Subject: Re: compiling sendmail to 8.13.6 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Mar 2006 03:28:08 -0000 In the last episode (Mar 25), Jonathan Horne said: > Ok, I just cvsup'd and it did not pull down the sources for sendmail > 8.13.6 ( I might still have misunderstanding of what exactly cvsup > does). Anyway, I took matters into my own hands, and I was wondering > if my procedure would be considered acceptable by my peers. So, this > is what I did: cvsup updates the FreeBSD source tree to whatever the developers have committed. A patch for the issue (not an update to 8.13.6) was applied to most branches. > When the system came back up, the sendmail banner tells me its > running 8.13.6/8.13.4. would this mean im upgraded to the latest and > am now without a shadow of a doubt secure against this latest > sendmail threat? Would that have been an acceptable way to upgrade a > production server (and should I do it again, this time on my > production sendmail server)? Yes, you are now running sendmail 8.13.6. No, this is probably not the best way to patch a production server :) For a small version bump like the sendmail one, you didn't break anything, but in general, replacing part of the base system wholesale could cause problems due to dependencies of other parts of the sytem on a particular version, or different compile-time settings between FreeBSD and the source distribution. Just running cvsup, verifying that you now have the version numbers listed in the security advisory, and rebuilding what the advisory tells you to, would have sufficed. -- Dan Nelson dnelson@allantgroup.com