From owner-freebsd-security Wed Mar 5 9:18:18 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D6D437B401; Wed, 5 Mar 2003 09:18:16 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E647843F3F; Wed, 5 Mar 2003 09:18:14 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA03091; Wed, 5 Mar 2003 10:18:08 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305100150.048518c0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 10:18:03 -0700 To: David Schultz From: Brett Glass Subject: Re: Does the patching procedure work? Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20030305125047.GB45405@HAL9000.homeunix.com> References: <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 05:50 AM 3/5/2003, David Schultz wrote: >It looks like you've applied a patch for the wrong version of >sendmail. (Perhaps these are pre-4.6 sources, for instance.) >The easiest way to recover is probably to fetch fresh patched >sources via anoncvs or cvsup. It turns out that it was 4.5-RELEASE-p4, just a sliver before 4.6. (The system had been patched for later problems rather than upgraded, because it's a production machine.) Quite recent. (You don't want to change point versions constantly on production machines.) I was lucky I noticed the problem. The messages just rolled by, and if I hadn't scrolled back I would not have caught them. I'll bet some folks missed this and are unprotected. (The hunks that are rejected are important, but the message about dropping the comments is in one of the hunks that's accepted, so it looks as if the patch took!) What I have done on that machine is install the 4.6 binary, which seems to run just fine on 4.5 and even 4.4 (though you may need to add the misssing group). Patches should be provided back to 4.4, IMHO. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message