Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] Re: SuSE Security Announcement: sendmail, sendmail-tls (SuSE-SA:2003:040)
  • From: Stefan Seyfried <seife@xxxxxxxxxxxxxxxx>
  • Date: Tue, 23 Sep 2003 12:00:12 +0200
  • Message-id: <20030923100012.GB14493@xxxxxxxxxxxxxxxx>
On Mon, Sep 22, 2003 at 08:21:25PM +0200, PW wrote:
> Can I assume a nice'n & pleasant update experience if I choose to
> utilize the Sendmail RPM Package intended for SuSE Linux 7.2, but in
> effect will patch the Sendmail of a no longer supported SuSE Linux 7.1
> system still residing on our corporate server?
>
> Thanks! - Philippe Wiede

well, what you could also do is the following: take the latest src.rpm you
can get, you have to have one from the last updates on March/April :-)
Install it with rpm -hiv sendmail-INSERT_YOUR_VERSION.src.rpm
copy the patch from sendmail.org to /usr/src/packages/SOURCES/parse8.359.2.8.patch
add the following to /usr/src/packages/SPECS/sendmail.spec:

Patch5: sendmail.8.11.6.security.cr.patch
Patch6: prescan.8.11.patch
+ Patch7: parse8.359.2.8.patch

it might be not Patch7 for you, i did this on a 7.0 system with all updates
since patches are no longer available :-)
---some lines down in sendmail.spec:

%prep
%setup -b 2
%patch -P 5 -p 0
%patch -P 1 -p 0 -b .dif
cd sendmail
%patch -P 6
+ %patch -P 7
cd ..

again, it is possible that this is a little different on your system.

now cd /usr/src/packages/SPECS/
rpm -bc sendmail.spec

if it compiles without errors, lucky you!
mv /usr/sbin/sendmail /usr/sbin/sendmail.original
cp /usr/src/packages/BUILD/sendmail-8.10.2/obj*/sendmail/sendmail /usr/sbin
# the path could be different on your sendmail-version
touch /usr/sbin/sendmail_is_patched_until_20030916

check the file permissions on /usr/sbin/sendmail etc, and restart the daemon.
Everything should work fine

I did not install it with "rpm -bb" or "rpm -ba" because on old SuSE-Version,
don't know until which one, the rpm build was not chrooted, so you could shoot
your whole setup. Since i only needed to replace the sendmail binary, this is
ok for me.

If you are scared by this description, you probably better upgrade your machine
to 8.2 or SLES8, where you are supported and get ready-made packages ;-)

Another possibility (this is what i did with the openssh-stuff a week ago) is to
take the source.rpm from 7.2 and rebuild it with "rpm -bb name.spec" but beware
of overwriting your config on an old system. Backup at least /etc.

Good Luck

Stefan
--
Stefan Seyfried

Senior Consultant community4you GmbH, Chemnitz, Germany.
http://www.community4you.de http://www.open-eis.com

< Previous Next >
Follow Ups
References