From owner-freebsd-stable@freebsd.org Wed Feb 24 20:06:25 2021 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C1E5954812C for ; Wed, 24 Feb 2021 20:06:25 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-il1-f182.google.com (mail-il1-f182.google.com [209.85.166.182]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Dm6PY0BNpz4ZhH for ; Wed, 24 Feb 2021 20:06:24 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-il1-f182.google.com with SMTP id f10so2306048ilq.5 for ; Wed, 24 Feb 2021 12:06:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=P9K5m9I8YHMDW9I6ooNYVv+P5haCFU1iiTzF3FXe9RU=; b=s/ENvUiwPf1SM/kyqF1Zw6rw8JgBvAMJ2gi7ULyC7lfd15WNVFbS006yKPoiNhlRPe GdEiVvyNO2hCaNq1ALO2Is5WHYdYFGDWZYJRVyYRNDKzUs2eIQU+eCwIPqawKg2NXjvx DSFaqnYBI9ViS455ALCNwRbHZFE1asL+Euop2boLC0Xgy1pdqtvzy/rCzxl5ic2+b6dX tfiVMTvmE+gdFi/iwqlKguFqzXQiM1kyw7G0pQc74UJvm0urgP7q9gAtaRN95QH+Yi1J Q/OAA0jdjbrk43W2vSvDq1rDlSNGeTFDxeIRrWlRLglEPLUVGHwBryH7BdpOFdDinzPF 9+4Q== X-Gm-Message-State: AOAM533SBKd/whQz9N7H3xvb1iKPePjHHK4EtP0IPJtJTQIw2FmYZbnY r/Noc+a1kt1gy0I0DOoWThC3ctDrQT724tqwojj/Fi1Sgq3EoA== X-Google-Smtp-Source: ABdhPJzEysbiaAFmSzGobbY665hcq2W2xx/JaKkom/OXm60iE/WzzOITiJiqutxvyH8Gi4VbRlX3ck1t32RKiLa5CR0= X-Received: by 2002:a92:d981:: with SMTP id r1mr2762872iln.98.1614197183828; Wed, 24 Feb 2021 12:06:23 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Ed Maste Date: Wed, 24 Feb 2021 15:06:08 -0500 Message-ID: Subject: Re: How do I know if my 13-stable has security patches? To: Kevin Oberman Cc: FreeBSD-STABLE Mailing List Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4Dm6PY0BNpz4ZhH X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.166.182 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[209.85.166.182:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FREEFALL_USER(0.00)[carpeddiem]; R_DKIM_NA(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; SPAMHAUS_ZRD(0.00)[209.85.166.182:from:127.0.2.255]; SUBJECT_ENDS_QUESTION(1.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[209.85.166.182:from]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.166.182:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-stable] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Feb 2021 20:06:25 -0000 On Wed, 24 Feb 2021 at 12:35, Kevin Oberman wrote: > > In the svn days, I could just look at my svn revision to check on whether a > security patch was required. Now I have a git hash. I have no idea how to > tell if my system running 13-STABLE of a few days ago has the patch. Thanks for posting this question. I see some useful information in other replies to this thread and we'll want to make sure that makes its way to appropriate documentation. For future advisories we should also report the commit count associated with the fix; this is a monotonically-increasing number and is reported in the uname. If you build stable/13 right now you would get "stable/13-n244668-4664afc05402", and the fix in 894360bacd42f021551f76518edd445f6d299f2e corresponds to n244572. 244668 being larger than 244572 indicates that the fix is included. These counts are not unique across different branches; you can only compare counts for the same branch.