From owner-freebsd-stable@freebsd.org Tue Mar 30 15:22:41 2021 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C1356579FF1 for ; Tue, 30 Mar 2021 15:22:41 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (vogon.madpilot.net [159.69.1.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F8tVS52b0z4sTD for ; Tue, 30 Mar 2021 15:22:40 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 4F8tVK1jzgz6dV8 for ; Tue, 30 Mar 2021 17:22:33 +0200 (CEST) Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10026) with ESMTP id WOlKcAKzVl8h for ; Tue, 30 Mar 2021 17:22:31 +0200 (CEST) Subject: Re: possibly silly question regarding freebsd-update To: freebsd-stable@freebsd.org References: From: Guido Falsi Message-ID: Date: Tue, 30 Mar 2021 17:22:30 +0200 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4F8tVS52b0z4sTD X-Spamd-Bar: - X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[159.69.1.99:from]; R_DKIM_ALLOW(-0.20)[madpilot.net:s=bjowvop61wgh]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; MISSING_MIME_VERSION(2.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[159.69.1.99:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; DKIM_TRACE(0.00)[madpilot.net:+]; DMARC_POLICY_ALLOW(-0.50)[madpilot.net,quarantine]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:159.69.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-stable] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2021 15:22:41 -0000 On 30/03/21 15:35, tech-lists wrote: > Hi, > > Recently there was > https://lists.freebsd.org/pipermail/freebsd-security/2021-March/010380.html > about openssl. Upgraded to 12.2-p5 with freebsd-update and rebooted. > > What I'm unsure about is the openssl version. > Up-to-date 12.1-p5 instances report OpenSSL 1.1.1h-freebsd  22 Sep 2020 > > Up-to-date stable/13-n245043-7590d7800c4 reports OpenSSL 1.1.1k-freebsd > 25 Mar 2021 > > shouldn't the 12.2-p5 be reporting openssl 1.1.1k-freebsd as well? > No, as you can see in the commit in the official git [1] while for current and stable the new upstream version of openssl was imported for the release the fix was applied without importing the new release and without changing the reported version of the library. So with 12.2p5 you do get the fix but don't get a new version of the library. [1] https://cgit.freebsd.org/src/commit/?h=releng/12.2&id=af61348d61f51a88b438d41c3c91b56b2b65ed9b -- Guido Falsi