Ok, I just cvsup'd and it did not pull down the sources for sendmail 8.13.6 ( I might still have misunderstanding of what exactly cvsup does). Anyway, I took matters into my own hands, and I was wondering if my procedure would be considered acceptable by my peers. So, this is what I did:
1) pulled down sendmail.8.13.6.tar.gz from sendmail.org. 2) read FREEBSD-upgrade doc from /usr/src/contrib/sendmail, and found this info For the import of sendmail, the following files were removed: Build cf/cf/Build cf/cf/generic-*.cf devtools/* doc/op/op.ps */Build [e-v]*/*.0 sendmail/makesendmail sendmail/sysexits.h The following directories were renamed: sendmail -> src 3) untared sendmail.8.13.6.tar.gz, and made the exact same changes to files/folders listed above. Rename source folder to just 'sendmail' 4) remove /usr/src/contrib/sendmail. Replace with my new sendmail directory that I just downloaded and edited 5) re-compile sendmail as most all howtos dictate: # cd /usr/src/lib/libsm # make obj && make depend && make # cd /usr/src/lib/libsmutil # make obj && make depend && make # cd /usr/src/usr.sbin/sendmail/ # make obj && make depend && make && make install 6) cd /etc/mail/ do a make all install restart 7) reboot. When the system came back up, the sendmail banner tells me its running 8.13.6/8.13.4. would this mean im upgraded to the latest and am now without a shadow of a doubt secure against this latest sendmail threat? Would that have been an acceptable way to upgrade a production server (and should I do it again, this time on my production sendmail server)? Thanks for reading! jonathan _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"