From owner-freebsd-security@FreeBSD.ORG Wed May 14 10:47:34 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DA9A5E54 for ; Wed, 14 May 2014 10:47:34 +0000 (UTC) Received: from smtp1.multiplay.co.uk (smtp1.multiplay.co.uk [85.236.96.35]) by mx1.freebsd.org (Postfix) with ESMTP id 9DE5222D0 for ; Wed, 14 May 2014 10:47:34 +0000 (UTC) Received: by smtp1.multiplay.co.uk (Postfix, from userid 65534) id 4087420E7088B; Wed, 14 May 2014 10:47:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.multiplay.co.uk X-Spam-Level: ** X-Spam-Status: No, score=2.0 required=8.0 tests=AWL,BAYES_00,DOS_OE_TO_MX, FSL_HELO_NON_FQDN_1,HELO_NO_DOMAIN,RDNS_DYNAMIC autolearn=no version=3.3.1 Received: from r2d2 (82-69-141-170.dsl.in-addr.zen.co.uk [82.69.141.170]) by smtp1.multiplay.co.uk (Postfix) with ESMTPS id E67C820E70885; Wed, 14 May 2014 10:47:22 +0000 (UTC) Message-ID: From: "Steven Hartland" To: "Mohacsi Janos" , References: <201405140000.s4E0023k029906@freefall.freebsd.org> Subject: Re: freebsd-update on Re: FreeBSD Security Advisory FreeBSD-SA-14:10.openssl Date: Wed, 14 May 2014 11:47:17 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 10:47:34 -0000 ----- Original Message ----- From: "Mohacsi Janos" To: Sent: Wednesday, May 14, 2014 11:43 AM Subject: freebsd-update on Re: FreeBSD Security Advisory FreeBSD-SA-14:10.openssl > Dear All, > The freebsd-update a bit suspicious: > " > root@skye:/usr/home/mohacsi # freebsd-update fetch > Looking up update.FreeBSD.org mirrors... 5 mirrors found. > Fetching metadata signature for 10.0-RELEASE from update3.freebsd.org... > done. > Fetching metadata index... done. > Fetching 2 metadata patches.. done. > Applying metadata patches... done. > Inspecting system... done. > Preparing to download files... done. > Fetching 11 patches.....10 done. > Applying patches... done. > > The following files will be updated as part of updating to > 10.0-RELEASE-p3: > /bin/freebsd-version > /boot/kernel/ciss.ko > /boot/kernel/ciss.ko.symbols > /boot/kernel/kernel > /boot/kernel/kernel.symbols > /usr/lib/libssl.a > /usr/lib/libssl.so.7 > /usr/lib/libssl_p.a > /usr/lib32/libssl.a > /usr/lib32/libssl.so.7 > /usr/lib32/libssl_p.a > " > > It seems to me the ciss(4) also updated. Is it intentional? Is it > harmless? ciss(4) was included in a seperate errata notice this morning which detailed how it could cause corruption, so I would expect that updating it is indeed correct. Regards Steve