From owner-freebsd-security@freebsd.org Mon Dec 14 17:02:11 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 61A144BE7DE for ; Mon, 14 Dec 2020 17:02:11 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-io1-f41.google.com (mail-io1-f41.google.com [209.85.166.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CvnkB1FJMz3L9N for ; Mon, 14 Dec 2020 17:02:09 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-io1-f41.google.com with SMTP id 81so17511466ioc.13 for ; Mon, 14 Dec 2020 09:02:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Z+2Etee70vfE8BjIv9iD0yOQlNF1yl0KqlDR7MQ2LVU=; b=jUVeBEJssoz5qGsyfJdSbl9ezOKNAZbm2JOLSMN635mQR01PBDPz0eyyNzsM2js9ec nJotgk7AoIv2hKni036ullPUongOdBdIEX2ncfWsOEh1KcDrwWy8uTO+LghvvUI3tgJ5 efWVq4cUb7SmG+ADHKWckCfQjFbIDaOztWNQkYjxizg6mzmLjPhWIethwaU7uLakohXV tYs3e0Vjt1rhSPXF6yZcfQYOpitI/EzbWRkU1KcNNUTDUap2VXnWxUqa7hBDym+cY+kp 0eHFH1jF8k4fuhAITK7qABpWZdhDo91xUE5goieTSK+3JgM5xqyyLxA6CvcYrjlaV+as ZHnQ== X-Gm-Message-State: AOAM532+Th5uaPPW3yUOBXViCRRfzBx+B93kOvAChxsI0R/Z/yid6E9w vn3LrNlFyrdfLanrbmZGVgL2GscSxyb5gQxBJr0= X-Google-Smtp-Source: ABdhPJzll2HaFLhT1im96h2cV5plunthufYtby1TBL60zrfnV/DK6b+EFRr7URdqriKtTE+Pos5uIfwNQdlOlnQkfrk= X-Received: by 2002:a02:9107:: with SMTP id a7mr8547217jag.12.1607965329276; Mon, 14 Dec 2020 09:02:09 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Ed Maste Date: Mon, 14 Dec 2020 12:01:56 -0500 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl To: "Wall, Stephen" Cc: Bob Bishop , "freebsd-security@freebsd.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4CvnkB1FJMz3L9N X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.166.41 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[209.85.166.41:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FREEFALL_USER(0.00)[carpeddiem]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; SPAMHAUS_ZRD(0.00)[209.85.166.41:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[209.85.166.41:from]; R_DKIM_NA(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.166.41:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2020 17:02:11 -0000 On Mon, 14 Dec 2020 at 11:46, Ed Maste wrote: > > On Thu, 10 Dec 2020 at 10:43, Wall, Stephen wro= te: > > > > > A query: am I right that the patch doesn=E2=80=99t bump the OpenSSL v= ersion to 1.1.1.i ? > > > > That is correct. > > Further to that, OpenSSL 1.1.1i includes some additional, minor > changes beyond the vulnerability fix. 1.1.1i is now in HEAD (as of > r368472) and has been merged to stable/12. Oops, I got ahead of myself - it has not yet been merged to stable/12.