From owner-freebsd-security Wed Mar 5 4:24:24 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D56737B401 for ; Wed, 5 Mar 2003 04:24:21 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68AA643F3F for ; Wed, 5 Mar 2003 04:24:20 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id FAA00550 for ; Wed, 5 Mar 2003 05:24:16 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305052142.03f04200@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 05:24:12 -0700 To: freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: Does the patching procedure work? In-Reply-To: <4.3.2.7.2.20030305050739.03f078f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 05:10 AM 3/5/2003, Brett Glass wrote: >After following the patching procedure described in the revised Sendmail advisory, I found that executing > >strings sendmail | grep 'Dropped invalid comments from header address' > >(as suggested at http://www.sendmail.org/patchcr.html) does not find the string. Did the patch take? I'm answering my own message here; I've discovered that I was attempting the test from the wrong directory. The patch actually did take on the machine in question. However, I do have another question. On another 4.7 machine, I saw the following when applying the patch: ... |Index: contrib/sendmail/src/headers.c |=================================================================== |RCS file: /home/ncvs/src/contrib/sendmail/src/headers.c,v |retrieving revision 1.4.2.7 |diff -u -r1.4.2.7 headers.c |--- contrib/sendmail/src/headers.c 3 Sep 2002 01:50:17 -0000 1.4.2.7 |+++ contrib/sendmail/src/headers.c 27 Feb 2003 21:42:36 -0000 -------------------------- Patching file contrib/sendmail/src/headers.c using Plan A... Hunk #1 failed at 678. Hunk #2 succeeded at 973 (offset -27 lines). Hunk #3 succeeded at 986 (offset -27 lines). Hunk #4 failed at 999. Hunk #5 failed at 1057. Hunk #6 succeeded at 1087 (offset -27 lines). Hunk #7 succeeded at 1096 (offset -27 lines). Hunk #8 succeeded at 1115 (offset -27 lines). Hunk #9 succeeded at 1133 (offset -27 lines). Hunk #10 succeeded at 1144 (offset -27 lines). Hunk #11 succeeded at 1162 (offset -27 lines). Hunk #12 failed at 1171. Hunk #13 succeeded at 1185 with fuzz 2 (offset -27 lines). Hunk #14 succeeded at 1230 (offset -27 lines). Hunk #15 succeeded at 1258 with fuzz 1 (offset -27 lines). Hunk #16 succeeded at 1308 (offset -27 lines). Hunk #17 succeeded at 1324 (offset -27 lines). Hunk #18 failed at 1332. 5 out of 18 hunks failed--saving rejects to contrib/sendmail/src/headers.c.rej ... Why did the hunks fail? Will the patch work? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message