Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 6 Apr 2017 10:05:40 +0100
From:      Steve O'Hara-Smith <steve@sohara.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: Security Advisory - release version, user or kernel patch level?
Message-ID:  <20170406100540.9796ed0deb735c2ba1553076@sohara.org>
In-Reply-To: <a3b1b792aec0463256e998d479f8eb06@openmailbox.org>
References:  <a3b1b792aec0463256e998d479f8eb06@openmailbox.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 06 Apr 2017 08:35:01 +0000
zhaghzhagh@openmailbox.org wrote:

> Good morning
> 
> Every now and then I get confused by the version number of security 
> patches.
> 
> For example:
> 
> https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc:
> 
> ...
> Corrected:      2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE)
>                  2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
>                  2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE)
>                  2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p17)
> ...
> 
> [user@domain ~]$ uname -a
> FreeBSD domain.tld 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon Oct 
> 24 18:47:18 UTC 2016     
> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
> 
> Guesses:
> 
> 1. 'uname' - 'p11' = kernel patch level (?)

	Correct.

> 2. '10.3-RELEASE-p17' - 'p17' = user patch level (?)

	Correct - user patch level can be ahead of kernel patch level when
there are updates that don't affect the kernel.

> What if there is a security patch that affects only kernel?

	I don't think that's happened (at the very least it will affect src
as well). I would expect both patch levels to bump if it did happen.

> Is it safe in all times to use 'freebsd-version -u' to decide whether my 
> host needs to be updated, upon a security notification is issued? (Don't 
> want to run 'freebsd-update' unnecessarily.)

	Yes it is - or just run freebsd-update fetch periodically, if it
fetches anything then there are patches for your system then you can check
the advisory to see how urgent installation is.

-- 
Steve O'Hara-Smith <steve@sohara.org>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170406100540.9796ed0deb735c2ba1553076>