|Brett Glass||Mar 5, 2003 4:10 am|
|Brett Glass||Mar 5, 2003 4:23 am|
|Jacques A. Vidrine||Mar 5, 2003 5:25 am|
|Brett Glass||Mar 5, 2003 9:12 am|
|Brett Glass||Mar 5, 2003 9:17 am|
|Peter C. Lai||Mar 5, 2003 9:55 am|
|Brett Glass||Mar 5, 2003 10:02 am|
|Brett Glass||Mar 5, 2003 10:03 am|
|Brett Glass||Mar 5, 2003 10:51 am|
|Jacques A. Vidrine||Mar 5, 2003 11:09 am|
|Peter Jeremy||Mar 5, 2003 11:10 am|
|Brett Glass||Mar 5, 2003 11:17 am|
|Jacques A. Vidrine||Mar 5, 2003 11:26 am|
|Brett Glass||Mar 5, 2003 11:26 am|
|Brett Glass||Mar 5, 2003 11:34 am|
|John Fulcher||Mar 5, 2003 11:35 am|
|Mark Murray||Mar 5, 2003 11:39 am|
|Brett Glass||Mar 5, 2003 11:46 am|
|Sheldon Hearn||Mar 5, 2003 12:02 pm|
|mar...@FreeBSD.ORG||Mar 5, 2003 12:20 pm|
|Klaus Steden||Mar 5, 2003 1:42 pm|
|Mike Hoskins||Mar 5, 2003 4:47 pm|
|Giorgos Keramidas||Mar 5, 2003 7:20 pm|
|Brett Glass||Mar 6, 2003 10:06 am|
|Brett Glass||Mar 6, 2003 10:09 am|
|Subject:||Re: Does the patching procedure work?|
|From:||Jacques A. Vidrine (nec...@FreeBSD.org)|
|Date:||Mar 5, 2003 11:09:33 am|
On Wed, Mar 05, 2003 at 10:18:03AM -0700, Brett Glass wrote:
It turns out that it was 4.5-RELEASE-p4, just a sliver before 4.6. (The system had been patched for later problems rather than upgraded, because it's a production machine.) Quite recent. (You don't want to change point versions constantly on production machines.)
If this machine had been kept up-to-date (i.e. was 4.5-RELEASE-p22 or more recent, or had the previous sendmail bug patched), then the patch would probably have worked out.
I was lucky I noticed the problem. The messages just rolled by, and if I hadn't scrolled back I would not have caught them. I'll bet some folks missed this and are unprotected. (The hunks that are rejected are important, but the message about dropping the comments is in one of the hunks that's accepted, so it looks as if the patch took!)
Lucky? Hrmpf, a system administrator has to be careful. Actually examining the output of any given command that one runs is pretty much a requirement if you want to know if it succeeded or not... as is checking the exit code.
But here's a tip to make that easier: use the `-s' and `-C' flags with patch. See the man page.
What I have done on that machine is install the 4.6 binary, which seems to run just fine on 4.5 and even 4.4 (though you may need to add the misssing group).
Patches should be provided back to 4.4, IMHO.
Um, in this case, they were provided all the way back to 3.x.
However, in general, the table at <URL: http://www.freebsd.org/security/#adv> is what you can count on.
I will gladly extend the lifetime of one branch one extra year for each US$25,000 I receive.
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message