From owner-freebsd-questions@FreeBSD.ORG Thu Jun 15 19:31:02 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C50316A47A for ; Thu, 15 Jun 2006 19:31:02 +0000 (UTC) (envelope-from ggroth@gregs-garage.com) Received: from mail.gregs-garage.com (h-64-105-8-34.chcgilgm.covad.net [64.105.8.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D51943D4C for ; Thu, 15 Jun 2006 19:31:01 +0000 (GMT) (envelope-from ggroth@gregs-garage.com) Received: from [10.10.10.124] (localhost.gregs-garage.com [127.0.0.1]) (authenticated bits=0) by mail.gregs-garage.com (8.13.4/8.13.4) with ESMTP id k5FJTwPI048058 for ; Thu, 15 Jun 2006 14:29:58 -0500 (CDT) (envelope-from ggroth@gregs-garage.com) Message-ID: <4491B615.1080704@gregs-garage.com> Date: Thu, 15 Jun 2006 14:33:41 -0500 From: Greg Groth User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: clarification of cvsup process. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jun 2006 19:31:02 -0000 I have a FreeBSD 6.0 server that I manage that is used as a DNS / mail server. In the wake of the recent sendmail security announcement, I'd like to make sure I'm keeping the thing up to date. I tried to run the patch as listed in the announcement, but the patch just seemed to hang, so I killed the process and decided to go the cvsup route. now I understand the whole cvsup process, as well as updating ports, but the whole release tag thing still has me confused. If possible could someone tell me if I'm doing this right or not, or have someone tell me what I'm doing wrong. I'm only interested in updating the system when a security need arises, and have no desire to live on the "cutting edge". I handle the ports through portaudit/portsnap/portmanager, and am looking to only update the case system with cvsup. Here is the list of commands I run to update the system. # cvsup /usr/local/greg/cvsupfile Contents of cvsupfile: *default host=cvsup6.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_6_0 *default delete use-rel-suffix src-all *default tag=. # cd /usr/src # make buildworld # make buildkernel # make installkernel # reboot After rebooting into single user mode: # fsck -p # mount -u / # mount -a -t ufs # swapon -a # adjkerntz -i # mergemaster -p # make installworld # mergemaster # reboot After rebooting: # cd /etc/mail # make all # make install # make restart And that's it. I do the stuff in /etc/mail since I'm not sure running make buildworld will update the cf files. The last patch that came out, I did the same thing I outlined above, but I did not notice a change in the version number of Sendmail when telnetting to it. I did a search through the security notice, and took a look at all of the source files on my machine that were updated. Although I could not find a version number anywhere, I noticed that the timestamp for all of the affected files had changed to the date listed in the announcement. I'm not sure if Sendmail reports it's version from something hardcoded in the binary, or if it comes from the cf file. So does this look right? Or am I missing something obviously stupid? Is my cvsupfile correct for what I want it to do? TIA Greg Groth