From owner-freebsd-stable@freebsd.org Tue Mar 30 15:48:18 2021 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A4AD857B1F8 for ; Tue, 30 Mar 2021 15:48:18 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (vogon.madpilot.net [159.69.1.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F8v416krPz4vfB for ; Tue, 30 Mar 2021 15:48:17 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 4F8v404r6hz6dVs for ; Tue, 30 Mar 2021 17:48:16 +0200 (CEST) Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10026) with ESMTP id ia-ymasUF2l1 for ; Tue, 30 Mar 2021 17:48:14 +0200 (CEST) Subject: Re: possibly silly question regarding freebsd-update To: freebsd-stable@freebsd.org References: From: Guido Falsi Message-ID: Date: Tue, 30 Mar 2021 17:48:14 +0200 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4F8v416krPz4vfB X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[159.69.1.99:from]; R_DKIM_ALLOW(-0.20)[madpilot.net:s=bjowvop61wgh]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; MISSING_MIME_VERSION(2.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[159.69.1.99:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[madpilot.net:+]; DMARC_POLICY_ALLOW(-0.50)[madpilot.net,quarantine]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:159.69.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-stable] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2021 15:48:18 -0000 On 30/03/21 17:38, tech-lists wrote: > On Tue, Mar 30, 2021 at 05:22:30PM +0200, Guido Falsi via freebsd-stable > wrote: >> >> No, as you can see in the commit in the official git [1] while for >> current and stable the new upstream version of openssl was imported for >> the release the fix was applied without importing the new release and >> without changing the reported version of the library. >> >> So with 12.2p5 you do get the fix but don't get a new version of the >> library. >> >> >> [1] >> https://cgit.freebsd.org/src/commit/?h=releng/12.2&id=af61348d61f51a88b438d41c3c91b56b2b65ed9b >> > > On this url, near the top, there's this: > > "Fix multiple OpenSSL vulnerabilities. Add UPDATING and bump > version." next to that, we have "releng/12.2". > > So, I'm expecting the version information pertaining to opensslto be > bumped. Is this expectation unreasonable? I'm not a developer. > The "bumping verion" part refers to bumping the FreeBSD version, that's the p4 -> p5 part of the patch, last hunk referring to file sys/conf/newvers.sh -- Guido Falsi