From nobody Sun Feb 19 00:04:20 2023 X-Original-To: freebsd-arm@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PK5QB1c17z3s65q for ; Sun, 19 Feb 2023 00:04:34 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic306-21.consmr.mail.gq1.yahoo.com (sonic306-21.consmr.mail.gq1.yahoo.com [98.137.68.84]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PK5Q95TBqz3wtr for ; Sun, 19 Feb 2023 00:04:33 +0000 (UTC) (envelope-from marklmi@yahoo.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1676765072; bh=Bp4LN9I161Zo84dP9Gbj9vv74GTybCZvvb0ekKUkWs0=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From:Subject:Reply-To; b=ldtRHqxcAlIxxz6z8eQkgwn4Z6eGDs+rdeGbdiDMIeVc3lUkezLW7vOMIlkHvsT/iEMw1e2+J426ziM0gN1noLuRQbxV5mGg1wasla9pNDbVXiHGI9hw+sIWC6lChNvYOBVlKrcm5vp/zo1tO06fDgh57C9z/1+CZWzD5dks85FXB9Ic5m+BPUQhyahTdnKMktbW6rZbujKaN4lkiKkORfseIF0eyKylvUXM9f+2QIqXKUas4CAszv+zoauooGX+J+TzfObIP0HNb99vZE/qPC2KHgbIqJcH6vWCaof4OPBMwdYPa8+GG8BhE+sXXUtI3op/yoptLIrhorHWH8+Rrg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1676765072; bh=glFWr3V2zgGZ2itaaUErlFcw18Kew5/ClZg6ApbTkq+=; h=X-Sonic-MF:Subject:From:Date:To:From:Subject; b=Ye2V2kQBzNgfXFIL6xhMCft5eE1mwZOXyUTYrCw5/yHNDjGiWc6cay9PwNKvlLDddIHBtOG1Q3HohWQwWffJg01on9PZlF1X/OV3LfN/CqRrACbaYv8bV01pLV5mDLDapzSiMNnayKhIuo8JO8ui0RngauYPuOXAEFfgm2NF8ilXUgxiJu8SgX+S+LmveuBz4CbP+elr56QkmkER82/KaCHWAGNXoJ7wbaOvXXdWwOHG6o/VO4kDUECX5jdf5AGNuoz5MxORbZ3UWaeqOBbSyGU7ttwQi73r+7RWF/FpTwlMlqHBRigQGScM/ojFrTFPAgl+EzdqlbZBiOAWJwO/ww== X-YMail-OSG: DDt4t0IVM1leHojl4jt.mnsFFN5.v21dpdURKl9GVZIK36OIoS6vCzOLJxFpy2p 6w3pPfVTMnjrRhG__sREKkjFtpdwQb29s7rODCvzPht_lhRjTzFezhdrFkKtnACXH7N0I1P_oOx8 v60EUOc_pAd17gIa8QsIBzQQRqK3EL82g2XWhfDyNcMu3A8cxF6UiFbIZ8slWLwLZ_8VDuTMbDMz brcrBNzDxgQCpslyZWFO8Wpqc0p8dtZoJINQtZ3tk4odL.VnYIm_SnieJCDh9.Tz0COFjZmPoAYw LMXx7rrZcky2ZMMZoiPN8vglsGu1a.InZrPKWnyS8HG46baCzrMT8S6pibHk8D15susok7Fvmyou 750aBbsdKKpi.Wa1vtosB77UFBL2QWH6QTY9Ike7qh5QKji6mKDOakMdesU7Co5jnxbnC_DLwdx8 2rOMetf6d6BNVJwh1bobbgtoasKGFOHlYWp8vKIrlhGalvSCv31pDnD_aDUNWRewPWv_9BGqPkNN EG8hZEAy3iz0Bk1NYDHjkjxQuO_3vOpn.rrUQ27WToQgGhEYdxUMnJP4Hco8NMrCUb.zsprf6sCZ TB9c_7ml5NQRaCUA5pQB._bg1L7_.FMPMtf0ozKfp56o9cSlo08ivr3yFZFIGgGFaJH5gCky2OA7 _0M_KdVHB.aRQKLmPN4CIJLiU3Vq0pY6pfVe4I7WT.Deh9ygvrqcWCscsywKu2FNNfsema1R.1ig eGcQ.FMzrQslOZbIDOK6Dv_oXJWLyZOdK.Hd7ewGqnoKKKK2IpqDRwCc_IgorRtnfvI42Wl.2qVZ .Mt_yLvdT.uoQxNj9PlBycCWh2cYWnFgbrMSyaElkM1.ZoFw.WPqOBOKvkteDEHQldIdSTAvKE5b dfAIi5XW77gKFCpIgvSeU3IHF_OxsdEoR3oHrW6xBbb3z3ipKPkmrT212hFqeQqslZanR5pA0aRA 7bPP9Tepvuq7y9rOqsivl8ofsv8tDjTzAY0XAlNQwhXb_UVM0I.1fdOYItGdqcp1WQwCoJS9ZbNh cPq9LPuGNUT65G9Y7P.IK9ggiH8XO0QDlR3V5_2G07pZ8ld8K8zvc.NVTD0tx8RQt69FIHv5Xj7i 6ozJrRdWgvRDn3Z6SpOPQ1GHRaapQwiOqHobpypkiO.3Dopf1hTK7yJPncg4kZYPvrinCnomOy8x XteHXMA86dUY21JfXtG1HL.n_p7RShII5JJnBNR6shxIgFEpJASJrR9jcChTTP9NbPlLVPuf1s3D G3ocXVWH8rFVRFNbARnUm4PNLrRTIIRL.wKCB2Gjkuhfv9piT9IIJuv1c8mu6KH7W2NkkSvaTiuC DFVa8irW8L8CkR5.iKeqE6DRwzG5Gszu1L1ARIT8BiFCcP_MrCRNsQzOMOJHec6cGFl3FdZAluHm ugx3r9xpdO6VWhNFSSRtkYvn_XGr_P0QMknwVVi7uAFcJRGCEeq6Qoz_hKEiY0FUJAhkwYWLxlRU I6TpVKwZkUbnSFJMxw6T4Iua57oGX5vOCsvDk6c_tYsyXdYWquYTyX.yU3VzP_sV3faK85Eq8xlp GsTFActsuZKn.TC_KU.guxFMCxSdkyZeDUgCXjMQ9ZssqGexItOzGNdVNIuBxlt4nwVjAoErLezq Pj3rQnuNeWAAQmCvtcmpPms3eO4d5JXpBCRpuSyby8VaV3pY8b6zEpoO9GviTox0KvcGRIHZw73Z OOYCWSiyIW3abT1m.8OR_PAyFQcWsZwcJ9iqDifsPyfS74YjfxRY4b3rQ1rFXgubCNPH5JhibLgb NrKj4KzHNqLDGXVcAjr7iufv5VLGBiSqHAbpsAS2W1hA2tnTK499MAvV0DE2EL_XtvPbFscVl3Ca e6oEaalyOqVFumIr.zQlNWR40CXXMs4_F8B1zL9l3HjMURzq1E4HL09fYTBTyS85x705fy_jc.7R u0ULRYFfZTPi7JUE7osxCeYUSBaNoliezt7Cm1jWdks_454eg9JjfOy30NwwWiWq9kUK8vm_MOMy QwK4VbpP0InPULbMs8tsX9Lurxq1.iVEghY_EEe8L_SoHhCVn9jLsgTHQoilT1s.l2WnWA0jyQ9L 3vzTxVSzE3HGfG9ezaO07KpMCD4YfKptkL_pCyqfVIOLWrrTqA..mJocLoDlPgcRKu8c9bwaBzyP hoVfO.e4GVmmgE9dDdwGU3c0BhDSW1rznJmAbOnH_Aiwoh.NS9zLk1hO6aNy3Y5kkXH7VKF6P5c9 J6m52Ha69JRn8fHFAWhHrihk.6H94f2cVPK1KVej4YeRkAo15EoxTwrfK9A9VZYjhg74dTEtWkLw - X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.gq1.yahoo.com with HTTP; Sun, 19 Feb 2023 00:04:32 +0000 Received: by hermes--production-gq1-655ddccc9-nql2v (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID d92c823dad7a4622523c4c3e02524e82; Sun, 19 Feb 2023 00:04:30 +0000 (UTC) Content-Type: text/plain; charset=us-ascii List-Id: Porting FreeBSD to ARM processors List-Archive: https://lists.freebsd.org/archives/freebsd-arm List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arm@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\)) Subject: Re: freebsd-update confusion From: Mark Millard In-Reply-To: Date: Sat, 18 Feb 2023 16:04:20 -0800 Cc: freebsd-arm@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: void X-Mailer: Apple Mail (2.3731.400.51.1.1) X-Rspamd-Queue-Id: 4PK5Q95TBqz3wtr X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36647, ipnet:98.137.64.0/20, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Feb 18, 2023, at 15:06, void wrote: > Hello Herbert, >=20 > On Sat, Feb 18, 2023 at 11:11:50PM +0100, Herbert J. Skuhra wrote: >> On Sat, Feb 18, 2023 at 09:53:56PM +0000, void wrote: >>> In = https://lists.freebsd.org/archives/freebsd-security/2023-February/000146.h= tml >>> there's an SA for openssl. >>>=20 >>> If I upgrade (buildworld etc) on an amd box, it gets: >>>=20 >>> % openssl version >>> OpenSSL 1.1.1t-freebsd 7 Feb 2023 >>>=20 >>> (as expected) >>=20 >> This is either stable/13, releng/13.2 or main where openssl was = updated >> to version OpenSSL 1.1.1t. >>=20 >>> If freebsd-update is run on a 13.1-R arm64 machine, installed = updates then >>> rebooted, it gets: >>>=20 >>> $ openssl version >>> OpenSSL 1.1.1o-freebsd 3 May 2022 >>>=20 >>> ??? >>>=20 >>> The freebsd-update was run about 10 mins ago (feb 18th 1821 UTC) >>=20 >> This is releng/13.1 where openssl is still OpenSSL 1.1.1o; only = security >> fixes were applied.=20 >=20 > This is the bit that was confusing me. I thought 1.1.1t was with the = security fixes. OpenSSL 1.1.1o was patched to remove the problems. That does not produce 1.1.1t as a result. >> You will get OpenSSL 1.1.1t after upgrading to >> 13.2-RELEASE (expected to be released next month). >=20 > = https://lists.freebsd.org/archives/freebsd-security/2023-February/000146.h= tml has this: >=20 > Corrected: 2023-02-07 22:38:40 UTC (stable/13, 13.1-STABLE) > 2023-02-16 17:58:13 UTC (releng/13.1, 13.1-RELEASE-p7) > 2023-02-07 23:09:41 UTC (stable/12, 12.4-STABLE) > 2023-02-16 18:04:12 UTC (releng/12.4, 12.4-RELEASE-p2) > 2023-02-16 18:03:37 UTC (releng/12.3, 12.3-RELEASE-p12) >=20 > So, if I'm understanding you correctly, none of those releases = indicated above > would go to 1.1.1t ? Same point for 13.1-RELEASE-p7 here: OpenSSL 1.1.1o was patched to remove the problems. That does not produce 1.1.1t as a result. >> What's the output of 'freebsd-version -kru'? It will tell you if your >> system is up-to-date. >=20 > % freebsd-version -kru > 13.1-RELEASE-p6 > 13.1-RELEASE-p6 > 13.1-RELEASE-p7 That last indicates that you have the patched OpenSSL 1.1.1o in the world (user space). > It's really kind of opaque (to me) that openssl version is = '1.1.1o-freebsd 3 May 2022' *after* the update has been applied. If it = was something like '1.1.1o-freebsd-p1 16 Feb 2023', I'd feel a bit = better, because as it stands, it looks like, on the face of it, that = openssl hasn't > been patched. Otherwise wouldn't the versioning info change in some = respect, to > indicate that it had? The output of the openssl command likely is just as upstream has defined it, it not being directly a FreeBSD thing. The patches to the openssl source were likely also from upstream. =3D=3D=3D Mark Millard marklmi at yahoo.com