Date: Tue, 30 Mar 2021 17:48:14 +0200 From: Guido Falsi <mad@madpilot.net> To: freebsd-stable@freebsd.org Subject: Re: possibly silly question regarding freebsd-update Message-ID: <d864c269-92f5-078c-9deb-da029066707a@madpilot.net> In-Reply-To: <YGNGEcgvn2OSyQrG@cloud.zyxst.net> References: <YGMpE5uWvRy8Xdql@cloud.zyxst.net> <aad6ecc5-f6b0-92c5-1acb-e9666760e813@madpilot.net> <YGNGEcgvn2OSyQrG@cloud.zyxst.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30/03/21 17:38, tech-lists wrote: > On Tue, Mar 30, 2021 at 05:22:30PM +0200, Guido Falsi via freebsd-stable > wrote: >> >> No, as you can see in the commit in the official git [1] while for >> current and stable the new upstream version of openssl was imported for >> the release the fix was applied without importing the new release and >> without changing the reported version of the library. >> >> So with 12.2p5 you do get the fix but don't get a new version of the >> library. >> >> >> [1] >> https://cgit.freebsd.org/src/commit/?h=releng/12.2&id=af61348d61f51a88b438d41c3c91b56b2b65ed9b >> > > On this url, near the top, there's this: > > "Fix multiple OpenSSL vulnerabilities. Add UPDATING and bump > version." next to that, we have "releng/12.2". > > So, I'm expecting the version information pertaining to opensslto be > bumped. Is this expectation unreasonable? I'm not a developer. > The "bumping verion" part refers to bumping the FreeBSD version, that's the p4 -> p5 part of the patch, last hunk referring to file sys/conf/newvers.sh -- Guido Falsi <mad@madpilot.net>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d864c269-92f5-078c-9deb-da029066707a>