From owner-freebsd-hackers@freebsd.org Thu Nov 14 20:03:05 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C536E1B1DF1 for ; Thu, 14 Nov 2019 20:03:05 +0000 (UTC) (envelope-from george+freebsd@m5p.com) Received: from mailhost.m5p.com (mailhost.m5p.com [74.104.188.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "m5p.com", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47DXTh5ggLz3GT5 for ; Thu, 14 Nov 2019 20:03:04 +0000 (UTC) (envelope-from george+freebsd@m5p.com) Received: from [IPv6:2001:470:1f07:15ff::26] (court.m5p.com [IPv6:2001:470:1f07:15ff:0:0:0:26]) (authenticated bits=0) by mailhost.m5p.com (8.15.2/8.15.2) with ESMTPSA id xAEK2oll017824 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Thu, 14 Nov 2019 15:02:57 -0500 (EST) (envelope-from george+freebsd@m5p.com) To: freebsd-hackers@freebsd.org References: <7d65fc8f-e9b9-6472-199e-41f5010a8714@m5p.com> <20191114182010.GG6969@gmail.com> From: George Mitchell Autocrypt: addr=george+freebsd@m5p.com; prefer-encrypt=mutual; keydata= mQINBFgnLnwBEADAJDiBKQX77LFRz9wZW8mz3KvaQol2nIremcws0F1mz/zgFlk6uhQVtwnL wb4XL5LdFwcNE1+QZzPLcbYWoWQlz0lBw1bMuKAgr0S6V2e0+I0DqhKeslVFctcTwtvT6pnK VLZXO/7ZGAaLzG4K5vSPzgoevU+YI/pxNsVCH2UO/c3jQW63uEt25mIZbCF1Pu4jgp4RhIgF ujn877r/j6OwBwjzRUu3E6ADp+U825d+5YCuQMEH0wIPnn9GTpXvfdKdbwOIl2akqXqs4cnk iATWfK3r6D4mvDEj1OPHlTvJYcfic7aOIiAwmx1C1v78GjXOdOOA0SGffNix3C2/8oZUO1+V Aet4MKpUKkduWSvULhIkHNZ5Nu8SIJOqge8pmtHxuNXAMfMrAjMdjPwwBFLsYg3Xa2E2oJwg ehTauwd/EDJFcVCyDCyCAYOi/BH/+XQyxzgDlY9N9qj9tHqhVPI6XK7t8UVffGiZUq4rHp5J RdOToqiTNC6eCJBczhMIW+DuFvWU9e6W708T1dz0Accn6Lrgk4eRIn3GFPBG+TxnpjAqHsbW 607dcnD3YKAqY4e+khczL4EObhe7dC1v2fmZiAC6Ds3WHR11IfqoUgCkIwJ590Ej+ElygJFF XxI82wtEz9hkeLLvItpyEJNVjppViRW+Dgl/U7ypHB3qDgYjgwARAQABtChHZW9yZ2UgTWl0 Y2hlbGwgPGdlb3JnZStmcmVlYnNkQG01cC5jb20+iQJUBBMBCAA+FiEENdM4ZHktsJW5kKZX wRES3m+p4fkFAlhZcR0CGyMFCQlmAYAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQwRES 3m+p4flqmw/9Emr/ydTG2n9o/IX1yVCNcHVFenVrcOY0L+DGQYZRO/XpLvsGYcuSIQId1w7h l4HZKI89ri2fF2ks6upMqBajLf8s7a8PnYrbw5bPaoOFyNTjv57GLZVsYw95kmMUpK6siuAA fXvHfKUpC/sThbwSv/1CLryVG74+5vdI8j7cQeDM436FThxlVfHKrILIiL34D4WThFB3hV/Y 2A+mQwXmdLcuQXXeAazqsFJL8sgEKSC7GMcExDkVpGc5Rh2hu97a4Sa7qWX9G/YdZOrcDacJ XxfvePn3m3WfRtXN/r0lUfiVXiqkFfbvqSaZQ0I4UvZXNGd/gH4jKHtX9RTH9G96UZeHNoMo tPw9U0fx8Ceh72nUL9qzqnmok/ryWm+6gt4Q1eRP7QAosOa1g/RgUdS1Z9IuCmbXMDp5kbNw L4ZoDMF5U3mmh8/IOKkhGopNLbNv0mwUgC59pnCptiOVx8DyckXWC4L2r6PKbWGrcGIzsUER 9smfL10gpp5H5agjwwPZI6/kzJ0R5nBzQWAlwqI73YAy6JI0HTD6lvxW7yWm2fGjEfmyaBOU 8OLUin7auoFSn+QmD5yNCUn5Ls77qHARkT1ZGocAnQkvZBGTwXpvyJixygXsm+vSUFDYBOSn cR54vdXOEMqrJk6SGau5YI9V7EhQVveE1BUp8ofWf2oo4RG5Ag0EWCcufAEQALuTOxmqMFE+ ieev/rcL3wVJrcuKS+pBbKCY9IIL0OwVf98HQJJcgdOsdDhruVd19nJNlwZ3Fc34wLw7y2GO 9WrpZiYKnI4n9urhLE5r1ydBInlI/1UKZWgM3/dPjJtcXMsC3vnqR9DmOxW4/SbqJDjP3XzO FleT4yip3AaNhPGwEPTZrubVp5hp/JojaZn690TLRwOFXg8NcjpOEs0Bq9M+OLpmsF0flrgs yDfS7y+SQ17R4Iq9T7RxZvZVAh510yGGIZIETYO/4Dh417VVm+gaksOVh2egetpUUvYYc0Ub KaP+5F/WGNrmRb1F6SKypvLlKkYAHCsUUSzsAGl9gbQhEEpuOMbUKp1979HoRMkW+8046kIo 8BZ6ph8izG/g4dZOaEqKGEhqdhYIB7UwMtFFuPtSs5Nl6JrZYni/nzFtTmtVCgcj9PNqrzqt fNFYhNznD6St6wxp3TOm9D3TQF0dzwBM1jZpb8WvmK3k6oy8hbpjiBzxn3kyRA9Vzy+PdbN/ G5a1k0rpZu/ivpBuLCDVGljUmgQigXg6xkk5UxBoHp7MPvG9prZ5jqdEa2r1KgnGjaq+VJsu Uqrw10dVgeG1NulDU1+sQl+/mwtflbkimhjDDjxsVgfrv7uvV/9be+gGm1KATuqdgCboSb1s QAo5ARfwFfChrnh+fTfPpPKHABEBAAGJAiQEGAEIAA8FAlgnLnwCGwwFCQlmAYAACgkQwRES 3m+p4fno9w/4m+swztkzxSWdutjgSv2mw+PdrKWVGFAUD2HoY1Qpi5LNLE6s9pP3qzwpQYwK viOufVJYWZ540ss6BImZBGJwyHouacqrpZjpRo5+ftj07rY1SNd8QjcHDggPfpgJ1D4Il3Xi vRg5/gzkXnRu8dXeVvMP1Ndk/F5wcoLZlQwFtPfu2xyRYIsveXMoyypAvAFSaAGXU0hRzuDJ fGI3LFvpI9UXU2C4MMzjfyZyD2NJEDKOACTo85QQzxgheTDQaDocXW00wknXFMwEItiXp8dO 2zEml/3Kj4efDfjqGpjNefjK0cnj02Byt7y6GozWXyIylrXu0SN9qWRzUVZH3+q+ijA4q3Gm 9uWzLdpjN4QWAiiaEvMhLPohp9DdLsy3kAWWrA3+pAfHSTZXrobMMbSeBkE9E4/WxdKl0nM7 TNslAWcxkTd/7Ly9cxwT8wFdHuQB1hgCmIQxDNXHL1N1ANTeUYum1w9nUg6e1M0UWu+nk3Cw qL7oL2KZe13mQnU/CFwlhbf+i//j3SXrQLlIVQv9Fn805bxIcVo9yqUZyoiV7EUpvOsxDCZh ej3mNYF5nRCf6trEJQVk0aLC26zJAYExykdUlRqc4I13XPhlt+aFSMMkoL/thYO6e9oNFK6Q aJEKXomzxxqpceJVmPH6zvqJbOboAdE/mOD0PoS1M6saIQ== Subject: Re: Correct SVN revision for latest security fix Message-ID: Date: Thu, 14 Nov 2019 15:02:44 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.1.2 MIME-Version: 1.0 In-Reply-To: <20191114182010.GG6969@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="VKKByPPEBnxa5UFo6F5ycfo9YntTza4Hc" X-Spam-Status: No, score=0.7 required=10.0 tests=HELO_MISC_IP,HELO_NO_DOMAIN autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mattapan.m5p.com X-Rspamd-Queue-Id: 47DXTh5ggLz3GT5 X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of george@m5p.com designates 74.104.188.4 as permitted sender) smtp.mailfrom=george@m5p.com X-Spamd-Result: default: False [-7.20 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_NONE(0.00)[]; IP_SCORE(-2.80)[ip: (-9.86), ipnet: 74.104.0.0/16(-4.93), asn: 701(0.86), country: US(-0.05)]; DMARC_NA(0.00)[m5p.com]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; ASN(0.00)[asn:701, ipnet:74.104.0.0/16, country:US]; TAGGED_FROM(0.00)[freebsd]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Nov 2019 20:03:05 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --VKKByPPEBnxa5UFo6F5ycfo9YntTza4Hc Content-Type: multipart/mixed; boundary="5CBz8B9Xbtr1u6M7mIUBsj2QfaUtqhkF2"; protected-headers="v1" From: George Mitchell To: freebsd-hackers@freebsd.org Message-ID: Subject: Re: Correct SVN revision for latest security fix References: <7d65fc8f-e9b9-6472-199e-41f5010a8714@m5p.com> <20191114182010.GG6969@gmail.com> In-Reply-To: <20191114182010.GG6969@gmail.com> --5CBz8B9Xbtr1u6M7mIUBsj2QfaUtqhkF2 Content-Type: text/plain; charset=UTF-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2019-11-14 13:20, Gordon Tetlow wrote: > [... a very good explanation of the final steps of the commit process .= =2E.] > 3 is what we do currently. This has the drawback you cite above. If you= > checkout the revision cited, the patch level hasn't been revved at this= > point. What I can say though, if you are running a system that lists > -p1, then you are guaranteed to have the patches that were part of -p1.= >=20 > Between the options above, I'll pick option three. >=20 > Best regards, > Gordon > Hat: Security Officer >=20 There's nothing wrong with your process. But these two lines of the security announcement message seem to me to be contradictory in their implications. Taking 11.3-RELEASE as an example, the message started by announcing that the problem is corrected in: 2019-11-12 18:13:04 UTC (releng/11.3, 11.3-RELEASE-p5) But then near the end, it says: releng/11.3/ r354653 So I dutifully updated to r354653, recompiled, and reinstalled. Voil=C3=A0= ! uname -r told me "11.3-RELEASE-p4". On all previous occasions, when I updated to the SVN revision given in the email announcement, I would get the version cited in the announcement, so I was surprised by the discrepancy. And since newvers.sh was committed at Nov 12 18:13:51 UTC, and the security announcement was emailed at 12 Nov 2019 19:12:06 UTC, shouldn't the announcement have referred to revision 354654? When I updated to that version, recompiled, and reinstalled, sure enough uname -r told me "11.3-RELEASE-p5" as I expected in the first place. 354654 is also the correct revision for 12.0-RELEASE and 12.1-RELEASE. I would recommend emailing a corrected security advisory announcement for consistency with all previous security advisory announcements I've ever seen. Thank you for your attention. -- George --5CBz8B9Xbtr1u6M7mIUBsj2QfaUtqhkF2-- --VKKByPPEBnxa5UFo6F5ycfo9YntTza4Hc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENdM4ZHktsJW5kKZXwRES3m+p4fkFAl3NsuoACgkQwRES3m+p 4fnWAw/9FdL5wrSLk1PoKd5c0pmZBjZoiey41ZdBFcDRhKSDc+06ZjmLmZmjOHnU z5okzRNEhKhTyyQNcU9pyGTrtJF8WOoxEjni6lZ3LSGcwz6FMy7F3N4hCRmpBwpK ij1DIEmzOzVaMMkmzJ1ROxXWqZOg/t05igZb4/W+zd5LHDutyanARgTxYQYP3Eb+ DucdctStZ+m5XXQf/BC1HGAukCg0ihYzckwy/4rf5ytqXVV8aEeBX7oKEodMkDQg mb7DSaWA4WTUdc3xu8TaCokxwx5b0e7tmz7I+/7YAnDfAEHo+dvGJEE4ANJJN0kc xL+XYMijIYrFOa6fnxMRDoV4wcqMx1+/cwWb7mg8gUERi3YERRP3Kb29vOgtBAaB Osb94kiuR+NrIpYwTQfxZ3U5Ehz6fpgyXSCqb8cD6YL8fU8SM/Ft9w1935UjscYg BBKNswvYa0hirQIwroXycko0cc9MOEiMfI8HvIGpD4sNDtk9B9ZRKxz2W6i9LnkO m217sK3z1d6IXJaPvOcp2gXS3e1iHRfnGQIXIXRUUEYeYxyS1FPpvIIUjMzja55w O9VR/wbfIHDKPlpj6J2J38wqvQb8zI9sot+VgRbcLetCR64w0yUhAwUIGCKshiqN 1EKGihVkqRcZF/9JL6NV7xlaOVfsAXgZI1J5/RUZ9LJQ/hjfZaA= =p6Pb -----END PGP SIGNATURE----- --VKKByPPEBnxa5UFo6F5ycfo9YntTza4Hc--