Site Navigation

Date:      Tue, 30 Mar 2021 11:55:24 -0400
From:      Karl Denninger <karl@denninger.net>
To:        freebsd-stable@freebsd.org
Subject:   Re: possibly silly question regarding freebsd-update
Message-ID:  <7e96f815-2955-cfd2-cf6d-16187bc5a233@denninger.net>
In-Reply-To: <aad6ecc5-f6b0-92c5-1acb-e9666760e813@madpilot.net>
References:  <YGMpE5uWvRy8Xdql@cloud.zyxst.net> <aad6ecc5-f6b0-92c5-1acb-e9666760e813@madpilot.net>

---

index | next in thread | previous in thread | raw e-mail

---

[-- Attachment #1 --]

On 3/30/2021 11:22, Guido Falsi via freebsd-stable wrote:
> On 30/03/21 15:35, tech-lists wrote:
>> Hi,
>>
>> Recently there was
>> https://lists.freebsd.org/pipermail/freebsd-security/2021-March/010380.html 
>>
>> about openssl. Upgraded to 12.2-p5 with freebsd-update and rebooted.
>>
>> What I'm unsure about is the openssl version.
>> Up-to-date 12.1-p5 instances report OpenSSL 1.1.1h-freebsd� 22 Sep 2020
>>
>> Up-to-date stable/13-n245043-7590d7800c4 reports OpenSSL 1.1.1k-freebsd
>> 25 Mar 2021
>>
>> shouldn't the 12.2-p5 be reporting openssl 1.1.1k-freebsd as well?
>>
>
> No, as you can see in the commit in the official git [1] while for 
> current and stable the new upstream version of openssl was imported 
> for the release the fix was applied without importing the new release 
> and without changing the reported version of the library.
>
> So with 12.2p5 you do get the fix but don't get a new version of the 
> library.
>
>
> [1] 
> https://cgit.freebsd.org/src/commit/?h=releng/12.2&id=af61348d61f51a88b438d41c3c91b56b2b65ed9b
>
>
Excuse me....

$ uname -v
FreeBSD 12.2-RELEASE-p4 GENERIC
$ sudo sh
# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 12.2-RELEASE from update4.freebsd.org... 
done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 12.2-RELEASE-p5.

I am running 12.2-RELEASE-p4, so says uname -v

IMHO it is an *extraordinarily* bad practice to change a library that in 
fact will result in a revision change while leaving the revision number 
alone.

How do I *know*, without source to go look at, whether or not the fix is 
present on a binary system?

If newvers.sh gets bumped then a build and -p5 release should have 
resulted from that, and in turn a fetch/install (and reboot of course 
since it's in the kernel) should result in uname -v returning "-p5"

Most of my deployed "stuff" is on -STABLE but I do have a handful of 
machines on cloud infrastructure that are binary-only and on which I 
rely on freebsd-update and pkg to keep current with security-related items.

-- 
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/

[-- Attachment #2 --]
0�	*�H��

��0�

10
	`�H
e0�	*�H��


��
�0��0���
�H���^��Ōc!5�
�H0
	*�H��


0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA0
170817164217Z
270815164217Z0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0�"0
	*�H��



�0�
�
�h�-5B>[���;��o���l�Ӵ��0~͎O9}�9�Y��e������*�������$��g��!uk�vʶ�LzN�`jL�>��MD'7
U4����5C�B�+�kY`bd����~b*�c3�N��y-�78j�u�]9H�e��uέ�sӬD��ؽ�m��gw�ER�?�&U�UR�j����'�}�9n�WD i�`XcbG��z�\g������G=��u�%���\�O�i1���3���ߝ4�
�K4�4p�YQr]�Ie�/r�0+��eEޝݖ0��C15�M��ݚ@J�SZ(zȏ�N�Ta�(2��5�D�D5���.l�<g[[Za��r�Q�Q%�Bu�ȴ
����~~`���I�oh�R�b����ʳ��ڟ���u�2���M�S��8E�dF��UC���l�CM�aѳ����!����}ș�+�2��k
��/�bų�E,��n�当ꖛ\�(8�WV�8	d]�b�	�������y�X��w	܊�:I�39

��

0�
0U]�^§������Q�\ӎ�0��U#��0�����T0�3���9�N0b������0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA�	�@�U��i0U

�0

�
0U

�
�0
	*�H��


�
��:P U!>v�����J�ni��o�-����#�ן�]Wyu�j���ǑR̀��Q�
�nƇ�!GѦF��g\�yLx�g�w=�O�P��yceh�f[���}�ܷ�['4�ڝ�\[p6\o.
��B&�JF���"�ZC{;�*o�*�mc��Cc�LY߾�`
�t�*�S!����񫶭�(���`�]D�HP�5���A~/�N���Pp�����6�=�m��h�k�밣'd���oA$�86hm����5���Ӛ��S@�j���ެE���gl��
�)�0JG���`%�k�3�5��P��a��C?���σ
׳HE�t
}!�P���㏏%*���B�xb��Q�waKG����$6h�¦��M�v��e;��[o��-�Iی��&
���I,��T��c�ߎ#t �wPA�@��l0�P�+�KXB��պT	z���G�v;N��c��I3��&��JĬ���UP�N��a��?�/�%�W��6G۟N�0�00��
��k���#X��d��\�=0
	*�H��


0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0
170817212120Z
220816212120Z0W10	UUS10UFlorida10U
Cuda Systems LLC10Ukarl@denninger.net0�"0
	*�H��



�0�
�
�T��[I�-ΆϏdn;�Å�@שy���.u�s�~_�Z�G%<��M��Y��d�\g��v�f��n�s�a��1'6����E�gyjs�"C� [�{��~��_���K���Pn+<�*�pv���#Q�����+��H���/���7[-v��qD��V^U>�f��%�GX�)��H.��|l`�M(C�r�>е͇6����#�o��dc"Y�ljҦ�ln8�@�5S�A�0���&ۖ"���OGj?��U��DWZ5	��dDB7k-)�9�����I�zs��-�JA���v
��J��6L���$�Ն����1Sm�Y.��Lqw*��SH;E��F'�D�Ħ��H��]��M��O��������g���Q���Q�|M�ٙ��ג2Z��9y��@���y�]}6ٽe��Y9��Y2�xˆ�$T�=�e�CǺ��ǵb�n֛�{��j��|��@�LL�t�1�[D�k5:$=�	`�	�M

��
�0�
�0<+


00.0,+
0
� http://ocsp.cudasystems.net:88880	U00	`�H
��B

�0U

��0U%0+
+
03	`�H
��B

&$OpenSSL Generated Client Certificate0U�%�՞V
=���؁�;�bzQ0��U#��0���]�^§������Q�\ӎϡ�����0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA��H���^��Ōc!5�
�H0U0�karl@denninger.net0
	*�H��


�
�۠�A0�-j%-�-$%���g2#ޡ��1�^��>���{K+�u��GE���v1���ş7Af&b�&O�;.��;A5���*U��)N��D2bF��|\=�]<�sˋL!��wrw���٧>��Y���M���Ä���3\mW�R�� h�Sv���!�_�zv�����l�?� ��3_�� �xU%�\�^����#���O*���Gk̍�YI_�&�Fꊛ�����@&�1�n������”�}� ͬ:��{�hT�P3��B.�;���bU�8:Z��=^���Gw�8���!k-��@���x�E��@�i�,+'�Iᐚ:f��hz�tX7/�(h�Y`��� O�.������1}a`�%�RW��^�a�k������ǂp�C�Au�fgDix�UT��Щ/�7��}�%=j��nVZvcF����<�M=
�2^G�KH5魉
�_���O�4ެ�Byʈ�
��y��S��k�w=5�@h�.0�z�>�
W�1�0�

0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	`�H
e��E0	*�H��

	1	*�H��


0	*�H��

	1
210330155524Z0O	*�H��

	1B@*(+Y�:�"((B�^uR'�*Y�%�Q��B���T��eM��Z�2I*��W+_�}a�fc�AP�9*U0l	*�H��

	1_0]0	`�H
e
*0	`�H
e
0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0��	+

�71��0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0��*�H��

	1�����0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	*�H��



�h�t6l� ���8#����(�.��~`�͂�4.f�}å���0|��gc���M`2-�Y�{���7�'�'��h]W��������������ܜ���a�c����B��d��3r�ɰ�X4�f^p�k�%C���D4�pO���B�<��%�ۃF�0�8/�D��3��(�G��S�{���W��M���<��Av#�	��j+�����o��`��Z��mQmɨ�9��t�/���[�6qk��[�N01��Y��b?��;���ޣ�y�ڞ�9Q��us��<gU�!P}�
�
��_o���ꦒ��3+2KdG�2���q�I	�1W|y���o
���B;��"����]q3L`/�9)9��Օ}(Qy�ov:����\���W��Z�(�(F΋P��ɖ��'�	!͞�x���Y���������Z%���ۿݏ1���y;��15�Fާݔ��~f�^
Kl�G�7�t�r�\$-"nD��x���(,w%�]��P�n�	�

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7e96f815-2955-cfd2-cf6d-16187bc5a233>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact