From owner-freebsd-security Wed Mar 5 11:40:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFD3B37B401; Wed, 5 Mar 2003 11:40:44 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE38043FB1; Wed, 5 Mar 2003 11:40:43 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.7/8.12.7) with ESMTP id h25JegdE017771; Wed, 5 Mar 2003 19:40:42 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost) by storm.FreeBSD.org.uk (8.12.7/8.12.7/Submit) with UUCP id h25Jeg90017770; Wed, 5 Mar 2003 19:40:42 GMT X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.7/8.12.7) with ESMTP id h25JeKIg068723; Wed, 5 Mar 2003 19:40:20 GMT (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200303051940.h25JeKIg068723@grimreaper.grondar.org> To: "Jacques A. Vidrine" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? In-Reply-To: Your message of "Wed, 05 Mar 2003 13:09:55 CST." <20030305190955.GA17065@madman.celabo.org> Date: Wed, 05 Mar 2003 19:40:20 +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi This thread is going well off-topic. How to use patch(1) is a questions@ problem. Please take this off-line. The patch lifetime part is OK. M "Jacques A. Vidrine" writes: > On Wed, Mar 05, 2003 at 10:18:03AM -0700, Brett Glass wrote: > > It turns out that it was 4.5-RELEASE-p4, just a sliver before > > 4.6. (The system had been patched for later problems rather > > than upgraded, because it's a production machine.) Quite recent. > > (You don't want to change point versions constantly on > > production machines.) > > If this machine had been kept up-to-date (i.e. was 4.5-RELEASE-p22 or > more recent, or had the previous sendmail bug patched), then the patch > would probably have worked out. > > > I was lucky I noticed the problem. The messages just rolled > > by, and if I hadn't scrolled back I would not have caught > > them. I'll bet some folks missed this and are unprotected. > > (The hunks that are rejected are important, but the message > > about dropping the comments is in one of the hunks that's > > accepted, so it looks as if the patch took!) > > Lucky? Hrmpf, a system administrator has to be careful. Actually > examining the output of any given command that one runs is pretty much > a requirement if you want to know if it succeeded or not... as is > checking the exit code. > > But here's a tip to make that easier: use the `-s' and `-C' flags with > patch. See the man page. > > > What I have done on that machine is install the 4.6 binary, > > which seems to run just fine on 4.5 and even 4.4 (though > > you may need to add the misssing group). > > Cool. > > > Patches should be provided back to 4.4, IMHO. > > Um, in this case, they were provided all the way back to 3.x. > > However, in general, the table at > > is what you can count on. > > I will gladly extend the lifetime of one branch one extra year for > each US$25,000 I receive. > > Cheers, > -- > Jacques A. Vidrine http://www.celabo.org/ > NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message