From owner-freebsd-security Sun Nov 17 22:17:09 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id WAA14700 for security-outgoing; Sun, 17 Nov 1996 22:17:09 -0800 (PST) Received: from GndRsh.aac.dev.com (GndRsh.aac.dev.com [198.145.92.241]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id WAA14643; Sun, 17 Nov 1996 22:16:36 -0800 (PST) Received: (from rgrimes@localhost) by GndRsh.aac.dev.com (8.7.5/8.7.3) id WAA05595; Sun, 17 Nov 1996 22:15:47 -0800 (PST) From: "Rodney W. Grimes" Message-Id: <199611180615.WAA05595@GndRsh.aac.dev.com> Subject: Re: New sendmail bug... In-Reply-To: from S at "Nov 17, 96 09:39:11 pm" To: spork@super-g.com (S) Date: Sun, 17 Nov 1996 22:15:46 -0800 (PST) Cc: eric@sendmail.org, igor@alecto.physics.uiuc.edu, roberto@keltia.freenix.fr, freebsd-security@freebsd.org, freebsd-hackers@freebsd.org X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > But if one does have to run 8.7.6 until they have time to breath, does > anyone know if the error that Igor and I are seeing compiling 8.7.6 from > -stable can be avoided? I first patched with the 2 line setgid, setuid > patch I saw on the list, then I grabbed what was in the current -stable > source and got the same error as Igor. It compiled after deleting the > line in main.c that I saw in the errors, and it seems to work, but > reckless deletion scares me. I wonder what the line was for.... > > Anyhow, any help is appreciated. Someone (who shall remain nameless) has commited a bad patch into the RELENG_2_1_0 branch. What is in there does not compile, I get the exact same error that this person has reported, and this is on a prestine RELENG_2_1_0 compile engine.... this error occured during a ``make world'', so if _vendor_daemon_setup is suppose to be defined someplace else we have a build cycle problem, if sendmail is suppose to have source code for this, someone missed a piece of the patch :-(. PLEASE FIX ASAP, as all -Stable users trying to update via the normal mechanisms to fix the sendmail security problem are going to have builds that blow up in there face. > Thanks, > > Charles > > On Sun, 17 Nov 1996, Eric Allman wrote: > > > This patch is against 8.8.2, not 8.7.6. You need to upgrade to 8.8; > > 8.7.x is no long supported. > > > > eric > > > > > > ============= In Reply To: =========================================== > > : From: igor@alecto.physics.uiuc.edu (Igor Roshchin) > > : Subject: Re: New sendmail bug... > > : Date: Sun, 17 Nov 1996 21:12:33 -0600 (CST) > > > > : Hello! > > : > > : May be I am missing something, > > : but I was not able to compile the patched version > > : of the sendmail 8.7.6.4, > > : as it appears in FreeBSD distribution (sup.freebsd.org). > > : > > : main.o: Undefined symbol `_vendor_daemon_setup' referenced from text segment > > : *** Error code 1 Yepp... the source tree is muffed up :-(. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD