From owner-freebsd-security@FreeBSD.ORG Tue Apr 8 22:47:32 2014 Return-Path: Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7E889BB8; Tue, 8 Apr 2014 22:47:32 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5BBCB108A; Tue, 8 Apr 2014 22:47:32 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id D980313B57; Tue, 8 Apr 2014 15:47:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1396997251; bh=FMsnNTrucBu81hgwG01B9sZo53ZwgxrCm9z+2z0ZwUc=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=z1HDcJvIKyKIvOuA4imrQuM63AUw2dQXF4Hpv8UGOcKOZ4wtgexwmn8flxUy1ug8c pjzf4UdARCYtYtsbK/fLqaxYb2TTScxuNQboQI1R8cEsCdJRT2XpvJ3E3olI48V4pu VIxpe9s5P9IQVKsWWGqEjQSoAqcHBEXVghVNH1CU= Message-ID: <53447C81.6040106@delphij.net> Date: Tue, 08 Apr 2014 15:47:29 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Thierry Thomas , freebsd-security@FreeBSD.ORG Subject: Re: Heartbleed / r264266 / openssl version References: <20140408212917.GA9914@graf.pompo.net> In-Reply-To: <20140408212917.GA9914@graf.pompo.net> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Ben Laurie , Bryan Drewery X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 22:47:32 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 (Adding Bryan who asked this and Ben who is the maintainer as they might have some saying here; moving to public list as there is no sensitive information in this discussion). On 04/08/14 14:29, Thierry Thomas wrote: > Hello, > > I've just rebuilt a 10-STABLE server, and now: > > $ openssl version OpenSSL 1.0.1e-freebsd 11 Feb 2013 > > Actually, delphij's commit did'nt change the VERSION string in > crypto/openssl/Makefile. > > This is not very important, but it may be confusing for users. Bryan have brought this up on IRC as well. As far as I know, for the last decade we never bump the version number when making updates, unless it's a "wholesale" upgrade of certain components in very special circumstances. I have done a quick check on Linux systems and found they don't carry a patchlevel for "openssl" either however they do provide a way to tell the patchlevel because it's a package. However, they do bump the date as part of the update. What would be the preferable way of representing the patchlevel? We can do it as part of a EN batch at later time. (Note though, even without this the user or an application can still use freebsd-version(1) on FreeBSD 10.0-RELEASE and up to find out the patchlevel for userland). Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTRHyBAAoJEJW2GBstM+nspTsP/RucGMxAU6c7Bn9N0zGGWGBp mjlfTa5wlTYC+04VHX0q/LwFng+bUfPRqY3WC89VOuQkpgDgz/V/PwaZSG+92ib1 h6yQVzojOkV4vvVv2OBcfaaVUuAyIq8HGGT0gMh5wlnpoEt2k8d3GsilPU+R6jUz LQMhc07GAtUfDN7AErZ4TAsouaSQh7Z28tl7F5usel/V502jAzoA8B3qo+otRHnI DLYVSHmOAHrtCJoahC1eLm6zYdJWydyEtzUhDzNhWvGyptnQTw+KP48DoetJiVk7 06l/lODsJB9qh+A9u0ac8MAj/Zx8MTHB1cbP5yXyzr27dTzRe+pLbqqgmrKYA5Xj oQY3wumS8rAclfj7KHgZeE6ZGzp4at8pfrmuxlO/Pf8Si102kXakSoEwtUx9WU/I hgX/t6IPLhxLG7IoU/pJlETE8pAB81STOQs1QrPigK28UYhk3tc9H26TzkcfZvFz 5o86blfV0E6xdkuRUMT3i5sPj2DpHW75MTXzeM/ADdeRgdZBMW5GvDQAhtQCMQGN 1baTZjz46a3ZfJ3lJKbYGRAtGONH5QmeqfX2WlPKOf9ZrX3GMk3OSevcEEJ7QE9f ihccNQzuFMzTkFiE8WBrP5xr9YKXQdM9Uqdx/cDC/PNTnguzAon69bU9m1AJLsPv Xr3LKX5wWT83jO5WW1RX =t1w7 -----END PGP SIGNATURE-----