Rebuilding 9.3 RELEASE base sendmail causes security gripe

Karl Dunn kdunn at acm.org
Wed Jan 28 02:04:02 UTC 2015 

Newbie question:

Recently, I rebuilt base sendmail from the base source.  I followed the 
procedure in 9.3's handbook section 28.9 to do it, so I could include 
SASLv2.  The system's uname shows:

  --------------------------------------------
  # uname -a
  FreeBSD hfhmc-server 9.3-RELEASE-p5 FreeBSD
  9.3-RELEASE-p5 #0: Mon Nov  3 22:02:57 UTC 2014
  root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
  --------------------------------------------

This system is an upgrade (via freebsd-update) from 9.1 RELEASE.  The most 
recent portsnap/upgrade was right before the rebuild.  The Makefile of the 
/usr/ports/mail/sendmail shows:

  --------------------------------------------
  # $FreeBSD: head/mail/sendmail/Makefile 374459 2014-12-10 14:24:17Z dinoex $

  PORTNAME=       sendmail
  PORTVERSION=    8.15.1
  --------------------------------------------

The result of the rebuild:
  --------------------------------------------
  # sendmail -d0.1
  Version 8.14.9
   Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                  NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2
                  SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
  --------------------------------------------

Since the rebuild of sendmail, nightly security mail says:
  --------------------------------------------
  Date: Mon, 26 Jan 2015 21:28:48 -0600 (CST)
  Subject: hfhmc-server security updates

  Looking up update.FreeBSD.org mirrors... 5 mirrors found.
  Fetching metadata signature for 9.3-RELEASE from update6.freebsd.org...done.
  Fetching metadata index... done.
  Inspecting system... done.
  Preparing to download files... done.

  The following files will be updated as part of updating to 9.3-RELEASE-p8:
  /usr/libexec/sendmail/sendmail
  --------------------------------------------

Why the nightly gripe?  Does it have to do with the port sendmail being 
newer than the base sendmail?  Also why does uname show -p5?  (I did the 
upgrade from 9.1R to 9.3R on 2014-Dec-28, IIRC.)  I am guessing that the 
gripe is coming from freebsd-update cron in root's crontab.

I expect that if I tell freebsd-update to install, I will have to rebuild 
sendmail again, and the gripes will resume.  If I replace sendmail with 
the one from ports, will that fix this?  If so, how do I do that?

There is a nearly identical backup system, upgraded 9.1R -> 9.3R a few 
days before the 9.1->9.3 upgrade of the hfhmc-server, for which I have 
not done a portsnap or freebsd-upgrade since.  No gripes from it.

I can provide whatever other info you want.  If it's big, I can post it in 
whatever form you like on my website.

Karl Dunn
kdunn at acm.org

More information about the freebsd-stable mailing list