From owner-freebsd-stable@freebsd.org  Tue Mar 30 18:23:58 2021
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id DFCF55A834E
 for <freebsd-stable@mailman.nyi.freebsd.org>;
 Tue, 30 Mar 2021 18:23:58 +0000 (UTC)
 (envelope-from dewayne@heuristicsystems.com.au)
Received: from hermes.heuristicsystems.com.au (hermes.heuristicsystems.com.au
 [203.41.22.115])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2560 bits) client-digest SHA256)
 (Client CN "hermes.heuristicsystems.com.au",
 Issuer "Heuristic Systems Type 4 Host CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4F8yWc6BVpz566K
 for <freebsd-stable@freebsd.org>; Tue, 30 Mar 2021 18:23:55 +0000 (UTC)
 (envelope-from dewayne@heuristicsystems.com.au)
Received: from [10.0.5.3] (noddy.hs [10.0.5.3]) (authenticated bits=0)
 by hermes.heuristicsystems.com.au (8.15.2/8.15.2) with ESMTPSA id
 12UIMYiu063222
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
 for <freebsd-stable@freebsd.org>; Wed, 31 Mar 2021 05:22:34 +1100 (AEDT)
 (envelope-from dewayne@heuristicsystems.com.au)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=heuristicsystems.com.au; s=hsa; t=1617128554; x=1617733355;
 bh=iXIGTksEupJ6G6SfBo5OVQl+hkMtDZy6AJTx0ZuOGAE=;
 h=Subject:To:From:Message-ID:Date;
 b=BqUED1uiCdOohqt502pOJI8Fc1h73NghH/XlfX4UI7JetnB4kGBp4I5OePfGYsc4b
 nFEPQ10ZKWSioTk8L2UveEvADHxu+E6vNHzodeKBoTO9IoPGbvKgJSd7XuSvIC203U
 sYiCyfcl+VdyS1VQm8lfBr1Q62zXwUh6XOMkKJ0rdhWUtSOScxq7p
X-Authentication-Warning: b3.hs: Host noddy.hs [10.0.5.3] claimed to be
 [10.0.5.3]
Subject: Re: possibly silly question regarding freebsd-update
To: freebsd-stable@freebsd.org
References: <YGMpE5uWvRy8Xdql@cloud.zyxst.net>
From: Dewayne Geraghty <dewayne@heuristicsystems.com.au>
Message-ID: <124b5ec0-96c5-cbd9-0eaa-4bcdb6ddc6ae@heuristicsystems.com.au>
Date: Wed, 31 Mar 2021 05:21:10 +1100
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:78.0) Gecko/20100101
 Thunderbird/78.8.1
MIME-Version: 1.0
In-Reply-To: <YGMpE5uWvRy8Xdql@cloud.zyxst.net>
Content-Type: text/plain; charset=windows-1252
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4F8yWc6BVpz566K
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=heuristicsystems.com.au header.s=hsa header.b=BqUED1ui;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of dewayne@heuristicsystems.com.au
 designates 203.41.22.115 as permitted sender)
 smtp.mailfrom=dewayne@heuristicsystems.com.au
X-Spamd-Result: default: False [-6.19 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 R_SPF_ALLOW(-0.20)[+mx]; HAS_XAW(0.00)[]; TO_DN_NONE(0.00)[];
 RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
 RCVD_IN_DNSWL_MED(-0.20)[203.41.22.115:from];
 DKIM_TRACE(0.00)[heuristicsystems.com.au:+];
 NEURAL_HAM_SHORT(-0.99)[-0.990]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:1221, ipnet:203.40.0.0/13, country:AU];
 MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[heuristicsystems.com.au:s=hsa];
 FROM_HAS_DN(0.00)[];
 DWL_DNSWL_MED(-2.00)[heuristicsystems.com.au:dkim];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org];
 DMARC_NA(0.00)[heuristicsystems.com.au];
 RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_TWO(0.00)[2];
 RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-stable]
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2021 18:23:58 -0000

On 31/03/2021 12:35 am, tech-lists wrote:
> Hi,
> 
> Recently there was
> https://lists.freebsd.org/pipermail/freebsd-security/2021-March/010380.html
> about openssl. Upgraded to 12.2-p5 with freebsd-update and rebooted.
> 
> What I'm unsure about is the openssl version.
> Up-to-date 12.1-p5 instances report OpenSSL 1.1.1h-freebsd  22 Sep 2020
> 
> Up-to-date stable/13-n245043-7590d7800c4 reports OpenSSL 1.1.1k-freebsd
> 25 Mar 2021
> 
> shouldn't the 12.2-p5 be reporting openssl 1.1.1k-freebsd as well?
> 
> thanks,

I think you'll find your answer by comparing the changes between
release 12.2-p5 and stable 12.2 below:

https://cgit.freebsd.org/src/commit/?h=releng/12.2&id=af61348d61f51a88b438d41c3c91b56b2b65ed9b

with

https://cgit.freebsd.org/src/commit/?h=stable/12&id=18d07050e60ecc738556f0de56e34817303371a4

stable 12.2 has the full upgrade to openssl 1.1.1k, while release
12.2-p5 addresses the specific vulnerability(s).
Regards, Dewayne
PS cgit I'm told is the source of truth :)