From owner-freebsd-stable@freebsd.org  Tue Mar 30 14:25:11 2021
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D4BBB5C7E3D
 for <freebsd-stable@mailman.nyi.freebsd.org>;
 Tue, 30 Mar 2021 14:25:11 +0000 (UTC)
 (envelope-from brian@brianwhalen.net)
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com
 [IPv6:2607:f8b0:4864:20::42b])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4F8sD712nKz4mx3
 for <freebsd-stable@freebsd.org>; Tue, 30 Mar 2021 14:25:10 +0000 (UTC)
 (envelope-from brian@brianwhalen.net)
Received: by mail-pf1-x42b.google.com with SMTP id 11so12246854pfn.9
 for <freebsd-stable@freebsd.org>; Tue, 30 Mar 2021 07:25:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=brianwhalen-net.20150623.gappssmtp.com; s=20150623;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to:content-transfer-encoding:content-language;
 bh=wabyHmlI+B1F6ej1oB4vjbKs+fcbHb5oH0MBKuT1sMY=;
 b=G3/1MuSrGjNX+zQx7piadZ2rAlPUU0myGC2GR5xhG86S11GAD2JaOFwl+u4nKEPzb/
 Xb3u9jx4q7X1hT0nyxabmQf7l3B7k/eUaIKDmeDz7afNVqwrXscphncGVCsCqL8AhaAI
 KfECY87S+Zm0S54eHmf8ha/b/LhfNwXg5oTju//Uumu1PX75DJiRn5YTV677BSAV7Ukp
 p4qAH2wetHi8THG/VJKypQg5mHh05nuPHkRZuztBkZvg3cFK9f7IEJUvjbWV8ga7Di7M
 vuayf/uzut6XiPPQO7xTdGou5suYK3t3zJFA11rMwhQQ+4yNEsOtXVh0Jjjs38nr0/ZC
 6aCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-transfer-encoding
 :content-language;
 bh=wabyHmlI+B1F6ej1oB4vjbKs+fcbHb5oH0MBKuT1sMY=;
 b=Ut8wwZXK/gRu4YUtlG1K5yZ1BUiprd1Y+AIBAAnhMFNg3KjoQrWf4F9yNYHWRj7yAm
 CDQeUZT54gFQjKmAaVxQ72Hh5pLgsLd21QNEQb6Dulst9FIWm+w9GOcUxIVyRKp+A0se
 DMZ9+sY4+yHWfKEP0cNq5kPjakYDNlKS0nQrgLTBRJOPuuwtaQX5hnnEf2aQ+U4uHht1
 DYagCHzjbgGsYHFf1DqUm10hXg+UQRNoUgZUQDEqpy8BmuUybUg+PQWjX4cEuZ7CxUvu
 pYn5sJhUaIlhtt/OKRbb80y30eEYqCjmNl16/LfQrbPXlUvwLXDJqd/1dX19o7s2yhfO
 xLMA==
X-Gm-Message-State: AOAM533MvMDncYPObanniuKtKJvuSq9M/UoY7uvH/hiJQyZbCDwn2g7g
 LdT+gzT83nK5ZvpfvzLpuHp/CIZ0M4oE+bgsi2o=
X-Google-Smtp-Source: ABdhPJyr2rJfrmbvXSRLwCesDPWK6xgLS4mkiDM+IkXDf1rd0qT2SsMHvWOrUbR293A/CAFmTlXKew==
X-Received: by 2002:a63:2321:: with SMTP id j33mr28631737pgj.120.1617114308767; 
 Tue, 30 Mar 2021 07:25:08 -0700 (PDT)
Received: from [192.168.1.104] (cpe-70-95-138-103.san.res.rr.com.
 [70.95.138.103])
 by smtp.gmail.com with ESMTPSA id k5sm21083517pfg.215.2021.03.30.07.25.08
 for <freebsd-stable@freebsd.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Tue, 30 Mar 2021 07:25:08 -0700 (PDT)
Subject: Re: possibly silly question regarding freebsd-update
To: freebsd-stable@freebsd.org
References: <YGMpE5uWvRy8Xdql@cloud.zyxst.net>
 <6c3da6ff-d102-b2d9-5433-4dac4116d27f@osfux.nl> <YGMyYHETm0FPCyZs@geeks.org>
 <087d6a71-ad83-0769-4b8e-2514416f35b0@denninger.net>
From: Brian <brian@brianwhalen.net>
Message-ID: <5537a65a-fbf6-1355-394f-0f1ac4f19895@brianwhalen.net>
Date: Tue, 30 Mar 2021 07:25:08 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <087d6a71-ad83-0769-4b8e-2514416f35b0@denninger.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Rspamd-Queue-Id: 4F8sD712nKz4mx3
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=brianwhalen-net.20150623.gappssmtp.com header.s=20150623
 header.b=G3/1MuSr; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of brian@brianwhalen.net designates
 2607:f8b0:4864:20::42b as permitted sender)
 smtp.mailfrom=brian@brianwhalen.net
X-Spamd-Result: default: False [-1.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3];
 DKIM_TRACE(0.00)[brianwhalen-net.20150623.gappssmtp.com:+];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::42b:from];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[70.95.138.103:received];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[brianwhalen-net.20150623.gappssmtp.com:s=20150623];
 FREEFALL_USER(0.00)[brian]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org];
 DMARC_NA(0.00)[brianwhalen.net]; RCPT_COUNT_ONE(0.00)[1];
 SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::42b:from:127.0.2.255];
 NEURAL_SPAM_SHORT(1.00)[1.000];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::42b:from];
 RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-stable]
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2021 14:25:11 -0000

freebsd-update fetch and freebsd-update install??

Brian

On 3/30/2021 7:18 AM, Karl Denninger wrote:
>
> On 3/30/2021 10:14, Doug McIntyre wrote:
>> Like the patch referenced in the SA.
>> https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patch
>>
>> Again, it seems like confusion over what happens in RELEASE, STABLE and 
> CURRENT..
>>
>>
>>
>> On Tue, Mar 30, 2021 at 04:05:32PM +0200, Ruben via freebsd-stable 
>> wrote:
>>> Hi,
>>>
>>> Did you mean 12.1-p5 or 12.2-p5 ? I'm asking because you refer to both
>>> 12.1-p5 and 12.2-p5 (typo?).
>>>
>>> If you meant 12.2-p5: Perhaps the FreeBSD security team did not bump 
>>> the
>>> version, but "only" backported the patches to version 1.1.1h ?
>>>
>>> Regards,
>>>
>>> Ruben
>>>
>>>
>>> On 3/30/21 3:35 PM, tech-lists wrote:
>>>> Hi,
>>>>
>>>> Recently there was
>>>> https://lists.freebsd.org/pipermail/freebsd-security/2021-March/010380.html 
>>>>
>>>> about openssl. Upgraded to 12.2-p5 with freebsd-update and rebooted.
>>>>
>>>> What I'm unsure about is the openssl version.
>>>> Up-to-date 12.1-p5 instances report OpenSSL 1.1.1h-freebsd 22 Sep 2020
>>>>
>>>> Up-to-date stable/13-n245043-7590d7800c4 reports OpenSSL 
>>>> 1.1.1k-freebsd
>>>> 25 Mar 2021
>>>>
>>>> shouldn't the 12.2-p5 be reporting openssl 1.1.1k-freebsd as well?
>>>>
>>>> thanks,
>>> _
>
> Ok, except....
>
> # uname -v
> FreeBSD 12.2-RELEASE-p4 GENERIC
>
> # openssl version
> OpenSSL 1.1.1h-freebsd  22 Sep 2020
> # freebsd-update fetch
> Looking up update.FreeBSD.org mirrors... 3 mirrors found.
> Fetching metadata signature for 12.2-RELEASE from 
> update4.freebsd.org... done.
> Fetching metadata index... done.
> Fetching 2 metadata patches.. done.
> Applying metadata patches... done.
> Fetching 2 metadata files... done.
> Inspecting system... done.
> Preparing to download files... done.
>
> No updates needed to update system to 12.2-RELEASE-p5.
>
> So if you're running RELEASE then /security patches /don't get 
> backported?
>
> And you CAN'T upgrade to 12.2-STABLE via freebsd-update:
>
> # freebsd-update -r 12.2-STABLE upgrade
> Looking up update.FreeBSD.org mirrors... 3 mirrors found.
> Fetching metadata signature for 12.2-RELEASE from 
> update1.freebsd.org... done.
> Fetching metadata index... done.
> Inspecting system... done.
>
> The following components of FreeBSD seem to be installed:
> kernel/generic src/src world/base world/doc world/lib32
>
> The following components of FreeBSD do not seem to be installed:
> kernel/generic-dbg world/base-dbg world/lib32-dbg
>
> Does this look reasonable (y/n)? y
>
> Fetching metadata signature for 12.2-STABLE from 
> update1.freebsd.org... failed.
> Fetching metadata signature for 12.2-STABLE from 
> update2.freebsd.org... failed.
> Fetching metadata signature for 12.2-STABLE from 
> update4.freebsd.org... failed.
> No mirrors remaining, giving up.
>
> This may be because upgrading from this platform (amd64)
> or release (12.2-STABLE) is unsupported by freebsd-update. Only
> platforms with Tier 1 support can be upgraded by freebsd-update.
> See https://www.freebsd.org/platforms/index.html for more info.
>
> If unsupported, FreeBSD must be upgraded by source.
>