From owner-freebsd-questions@FreeBSD.ORG Thu Jun 15 10:48:12 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A94EE16A474 for ; Thu, 15 Jun 2006 10:48:12 +0000 (UTC) (envelope-from xfb52@dial.pipex.com) Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AB7643D45 for ; Thu, 15 Jun 2006 10:48:11 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from [172.23.170.138] (helo=anti-virus01-09) by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52) id 1FqpOS-0008Dr-Rg; Thu, 15 Jun 2006 11:48:08 +0100 Received: from [82.41.32.90] (helo=[192.168.0.2]) by asmtp-out6.blueyonder.co.uk with esmtp (Exim 4.52) id 1FqpOS-0006KU-52; Thu, 15 Jun 2006 11:48:08 +0100 Message-ID: <44913AE8.1060405@dial.pipex.com> Date: Thu, 15 Jun 2006 11:48:08 +0100 From: Alex Zbyslaw User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.13) Gecko/20060515 X-Accept-Language: en MIME-Version: 1.0 To: Joel Hatton References: <200606150056.k5F0ufOh053199@app.auscert.org.au> In-Reply-To: <200606150056.k5F0ufOh053199@app.auscert.org.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Jonathan Horne , freebsd-questions@freebsd.org Subject: Re: Sendmail patch; brings up a questions about buildworld X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jun 2006 10:48:12 -0000 Joel Hatton wrote: >On Wed, 14 Jun 2006 19:15:14 -0500, Jonathan Horne wrote: > > >The phrase "Upgrade your vulnerable system" implies performing the full >upgrade as per handbook, which means kernel and world. > > No, it doesn't. It means upgrade as much as is necessary to get the sendmail change installed. You *can* do everything, and that is safe, but for a small change to just sendmail it is unnecessary. See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html#Q21.4.14.1. The trailing . is part of the URL. >I would never recommend rebuilding world without kernel, even it appears >to be without risk, for three extremely good reasons: > > Pointless. When you recompile kernel when nothing has changed, you just install the same files you already had. The section of the Handbook about making world is regrettably written in a section about keeping up to date with STABLE/CURRENT. There, lots of stuff will change when you cvsup and you should always recompile world, whenever you recompile kernel. But there is no need to recompile kernel when you recompile world. If you only cvsup when you actually intend to upgrade then you can recompile/reinstall world and kernel completely independently in between. If, when you cvsup, all you get are the changes to sendmail (because you track RELEASE regularly, e.g.) then you can just follow the instructions in the patch section minus the actual patching: # cd /usr/src/lib/libsm # make obj && make depend && make # cd /usr/src/lib/libsmutil # make obj && make depend && make # cd /usr/src/usr.sbin/sendmail # make obj && make depend && make && make install --Alex