Re: Sendmail patch; brings up a questions about buildworld
Joel Hatton wrote: On Wed, 14 Jun 2006 19:15:14 -0500, Jonathan Horne wrote: The phrase Upgrade your vulnerable system implies performing the full upgrade as per handbook, which means kernel and world. No, it doesn't. It means upgrade as much as is necessary to get the sendmail change installed. You *can* do everything, and that is safe, but for a small change to just sendmail it is unnecessary. See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html#Q21.4.14.1. The trailing . is part of the URL. I would never recommend rebuilding world without kernel, even it appears to be without risk, for three extremely good reasons: Pointless. When you recompile kernel when nothing has changed, you just install the same files you already had. The section of the Handbook about making world is regrettably written in a section about keeping up to date with STABLE/CURRENT. There, lots of stuff will change when you cvsup and you should always recompile world, whenever you recompile kernel. But there is no need to recompile kernel when you recompile world. If you only cvsup when you actually intend to upgrade then you can recompile/reinstall world and kernel completely independently in between. If, when you cvsup, all you get are the changes to sendmail (because you track RELEASE regularly, e.g.) then you can just follow the instructions in the patch section minus the actual patching: # cd /usr/src/lib/libsm # make obj make depend make # cd /usr/src/lib/libsmutil # make obj make depend make # cd /usr/src/usr.sbin/sendmail # make obj make depend make make install --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail patch; brings up a questions about buildworld
On Wed, 14 Jun 2006 19:15:14 -0500, Jonathan Horne [EMAIL PROTECTED] wrote: with the sendmail patch that came out today, i ask this: when in installed this machine as 6.1-RELEASE, i did a buildworld and buildkernel and updated to 6.1-STABLE. question: if i choose Patch Solution 1 from http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc, do i need to build a new kernel to go with this, or can i just build the world and be done with it? You don't need to rebuild everything for Sendmail. If you still have your /usr/obj tree around, something like the following should build all the Sendmail parts in order: % [EMAIL PROTECTED]:/root# cat -n ~build/rebuild-sendmail.sh % 1 #!/bin/sh % 2 % 3 DIRS= % 4 DIRS=${DIRS} ./lib/libmilter % 5 DIRS=${DIRS} ./lib/libsm % 6 DIRS=${DIRS} ./lib/libsmdb % 7 DIRS=${DIRS} ./lib/libsmutil % 8 DIRS=${DIRS} ./libexec/mail.local % 9 DIRS=${DIRS} ./libexec/smrsh % 10 DIRS=${DIRS} ./bin/rmail % 11 DIRS=${DIRS} ./usr.bin/vacation % 12 DIRS=${DIRS} ./usr.sbin/editmap % 13 DIRS=${DIRS} ./usr.sbin/mailstats % 14 DIRS=${DIRS} ./usr.sbin/makemap % 15 DIRS=${DIRS} ./usr.sbin/praliases % 16 DIRS=${DIRS} ./usr.sbin/sendmail % 17 % 18 export MAKEOBJDIRPREFIX=/home/build/obj % 19 % 20 for dname in ${DIRS} ; do % 21 ( cd ${dname} make clean make make install ) % 22 if test $? -ne 0 ; then % 23 echo % 24 echo FAILED while rebuilding ${dname} % 25 exit 1 % 26 fi % 27 done % [EMAIL PROTECTED]:/root# Note that you may have to tweak the paths of this script (especially the `MAKEOBJDIRPREFIX' part) and run it from `/usr/src' instead of my local `/home/build/src' tree. - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail patch; brings up a questions about buildworld
On Wed, 14 Jun 2006 19:15:14 -0500, Jonathan Horne wrote: question: if i choose Patch Solution 1 from http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc, do i need to build a new kernel to go with this, or can i just build the world and be done with it? The phrase Upgrade your vulnerable system implies performing the full upgrade as per handbook, which means kernel and world. I would never recommend rebuilding world without kernel, even it appears to be without risk, for three extremely good reasons: o the handbook says not to, and explains why o so that you will never fall into the habit of just building world and get caught out one day when it bites you o so that the correct version of your system will be reflected in the output of 'uname -a' eg: 5.3-RELEASE-p32 and hence you will be able to track the patchlevel of your system That said, I wouldn't discourage you from patching sendmail immediately to correct the vulnerability as per procedure 2) if time is critical but I would certainly encourage following through with a system update as per 1) as soon as possible. cheers, joel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail patch; brings up a questions about buildworld
On Wednesday 14 June 2006 19:56, Joel Hatton wrote: On Wed, 14 Jun 2006 19:15:14 -0500, Jonathan Horne wrote: question: if i choose Patch Solution 1 from http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc, do i need to build a new kernel to go with this, or can i just build the world and be done with it? The phrase Upgrade your vulnerable system implies performing the full upgrade as per handbook, which means kernel and world. I would never recommend rebuilding world without kernel, even it appears to be without risk, for three extremely good reasons: o the handbook says not to, and explains why o so that you will never fall into the habit of just building world and get caught out one day when it bites you o so that the correct version of your system will be reflected in the output of 'uname -a' eg: 5.3-RELEASE-p32 and hence you will be able to track the patchlevel of your system That said, I wouldn't discourage you from patching sendmail immediately to correct the vulnerability as per procedure 2) if time is critical but I would certainly encourage following through with a system update as per 1) as soon as possible. cheers, joel ___ good enough for me... i was just wondering if it was ever done (as common practice) without the kernel. thanks, jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]