From owner-freebsd-hackers@freebsd.org Thu Nov 14 18:20:16 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F302B1AF9E4 for ; Thu, 14 Nov 2019 18:20:16 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47DVC40r0yz4KSt for ; Thu, 14 Nov 2019 18:20:14 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: by mail-qt1-x829.google.com with SMTP id n4so7854860qte.2 for ; Thu, 14 Nov 2019 10:20:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=tJSNqmG2/HsUnS8Hsu26h8/9tQA1VzBpu7WLLx15FYE=; b=GvfQXEgG3MIqHmBkp8kwHMX36HD/IBpp+R6eJRF2GnlKhVbXtEuxsUDBAz3WVyzEiO B1kEfmSVS87OwOLjh1jBgK4fHouinWk0bb1bqQmiS693uCvxAK7qWm5fCgHfuew2ZJ7h wXZCyHu3M6JlJ/7FWc4fTI4YrEP2qM+4whaHI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=tJSNqmG2/HsUnS8Hsu26h8/9tQA1VzBpu7WLLx15FYE=; b=eP4wQ+m+djhWcEN3b1KpxTdl8hgSbs3rMknPEXQGsarYsakgVzB0FsnU4rNR5ilCZM hMnutloqZhmPlh629fs9L0zFc43fWxl+InrqRVuVedseTnV0ySqjm7UJBvipr+UOjULL lS0rd7+d/NJXvsk+FGg8b+eVPuqp+yLwjNuXdtrJz+nrZnpsoDX23Eym5G4TgvdH9OQl sC0Sqm9GaK0dO0P1wDhKZ5sy5yksUDHG+Jo6vXqW1O4aLinlD/If2tI7GihxnFD2pZ6n QtwOhk03v8gZS9ZSWA0bNSj0ukEzuQ/amgyHX8Y2jtIRyG5pU/GwaKME2sLzo2oKgCP5 x7bg== X-Gm-Message-State: APjAAAUiDcoSzzqkdl6PY7urdRKFN3YhcDjRos6x2vZxCNEXpgdVut/y PHxw31/qM8oolQP0c+wf09QGvoZ3+7/y X-Google-Smtp-Source: APXvYqwUmbYJcGqoRR2T5CBdcuwZVRdEqWxd6LM1D/8ZfHlHSdS7Mv2DdjFpSnlIVC+L4YaKBPj2cg== X-Received: by 2002:ac8:2d19:: with SMTP id n25mr9653294qta.144.1573755613178; Thu, 14 Nov 2019 10:20:13 -0800 (PST) Received: from gmail.com ([2607:fc50:0:7900:0:dead:beef:cafe]) by smtp.gmail.com with ESMTPSA id a137sm2936952qkg.75.2019.11.14.10.20.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Nov 2019 10:20:12 -0800 (PST) Date: Thu, 14 Nov 2019 10:20:10 -0800 From: Gordon Tetlow To: George Mitchell Cc: FreeBSD Hackers Subject: Re: Correct SVN revision for latest security fix Message-ID: <20191114182010.GG6969@gmail.com> References: <7d65fc8f-e9b9-6472-199e-41f5010a8714@m5p.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="UKNXkkdQCYZ6W5l3" Content-Disposition: inline In-Reply-To: <7d65fc8f-e9b9-6472-199e-41f5010a8714@m5p.com> User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47DVC40r0yz4KSt X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tetlows.org header.s=google header.b=GvfQXEgG; dmarc=pass (policy=none) header.from=tetlows.org; spf=pass (mx1.freebsd.org: domain of gordon@tetlows.org designates 2607:f8b0:4864:20::829 as permitted sender) smtp.mailfrom=gordon@tetlows.org X-Spamd-Result: default: False [-7.84 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[tetlows.org:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[freebsd]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[tetlows.org:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[9.2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[tetlows.org,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-2.74)[ip: (-9.33), ipnet: 2607:f8b0::/32(-2.32), asn: 15169(-1.99), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Nov 2019 18:20:17 -0000 --UKNXkkdQCYZ6W5l3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Resending this to the mailing list now that I have sorted my memberships to allow me to post to the list. On Wed, Nov 13, 2019 at 02:56:02PM -0500, George Mitchell wrote: > The attached security-advisories message cites an incorrect SVN revision > number for updating to fix CVE-2018-12207. The revision given is > r354653, but it should be r354654 to include the UPDATING fix and > the newvers.sh change to report the correct "p" level. I sent a > note about this as a reply to the message (so it actually went to > freebsd-security), but I suspect my reply is lost in the moderation > queue. Can someone please fix this? -- George SA's and EN's have always pointed to the actual patch to fix the issue, not the UPDATING/newvers.sh changes. Furthermore, it's not clear what the right order of operations should be when releasing a batch of SA's and EN's. There are 3 possible scenarios. 1. Commit everything in one giant commit. 2. Commit UPDATING/newvers.sh, then commit patches independently. 3. Commit patches independently, then commit UPDATING/newvers.sh. 1 is a non-starter as I don't want to commit everything at once. Downstream users may decide they don't want one particular update in a batch, but need to take everything else. If they are smushed together in a single commit, this is difficult. 2 causes a race condition. It's entirely possible to create a build that lists the patch version as being updated, but the patches haven't yet been pulled into that tree. This is the worst scenario in my book as the user may think they are protected when they haven't actually taken the update. I recognize this is a remote possibility due to timing, but I want to be able to guarantee if a user see -p1, they have the patches that were released as part of -p1. 2 gives a narrow window where we can't give that guarantee. 3 is what we do currently. This has the drawback you cite above. If you checkout the revision cited, the patch level hasn't been revved at this point. What I can say though, if you are running a system that lists -p1, then you are guaranteed to have the patches that were part of -p1. Between the options above, I'll pick option three. Best regards, Gordon Hat: Security Officer --UKNXkkdQCYZ6W5l3 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEuyjUCzYO7pNq7RVv5fe8y6O93fgFAl3NmtpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJC MjhENDBCMzYwRUVFOTM2QUVEMTU2RkU1RjdCQ0NCQTNCRERERjgACgkQ5fe8y6O9 3fiBAQf+MA+Xfll0qGq0bNxdGLGzHVsaoTLpOctAt0P87lAGQwf7Q9j6B74rI1WH NvPErBf8X4Q0s1hdOTERB+1fQdYKgleHQEvOP5vSSG3sBUxn2Pb0/+OQZYrDLA93 G274ffK7WhRGvuTIjbG81XBHNhAqwgjpLv9rpnsm5XkYMYvjKzXV+kY1gn6YbuLU IUcLZLe6DEZiqnzmPHBFrfIfKnZ255Hxev8OKmkmUlznRf2kBl0VRHdActaq1NTe wMzZCkN3y6Tng3pOXzUjSAmBMsHCcMX4jxGV2+oEhAiQNZxgeZQ2MvqKFRbKY/cf hxwQvwXKAR1X7xVVoPg5c/cFooJ2kw== =RwQT -----END PGP SIGNATURE----- --UKNXkkdQCYZ6W5l3--