From owner-freebsd-security@FreeBSD.ORG  Fri Mar 20 18:42:25 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4274DC3A
 for <freebsd-security@freebsd.org>; Fri, 20 Mar 2015 18:42:25 +0000 (UTC)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com
 [IPv6:2a00:1450:4010:c03::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B4214782
 for <freebsd-security@freebsd.org>; Fri, 20 Mar 2015 18:42:24 +0000 (UTC)
Received: by labjg1 with SMTP id jg1so93875611lab.2
 for <freebsd-security@freebsd.org>; Fri, 20 Mar 2015 11:42:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=1ndFk7c92oAsuwsqcUBdr/IY6qAwB7C2yPBsb52eJIc=;
 b=aslthGzElj5TVBD3muKOlYmzi5nqthIwA+IU+qMJFvXlURR/QCIlA8ruTP+EvMOMRx
 uJoTUqGU3X36b+5trpRVbtFZiMY+Fw9jT4p1Z5eXM8ypyER3Jrvj67DouQmwpag8xrfa
 2iN3TYKGcNHoT+87u/2+LWjwE23aGyq1kx+zP2MM1SI3+qEWlpSzW4Ig0rx02Ak6Qc2E
 1j56wXXxd55vEo6sYCX/6H/HHhuLVuAiSA/aLbI8g5F1c1cG/wMQZ1/wnWEKiTN2Ym5k
 LZ5QBD0cMI7YHSBX7RkleEX74FMV8Uv9p5+9hvUA1AU5ViHIKQs+yHrcSisDgxtAxdGn
 Glrw==
MIME-Version: 1.0
X-Received: by 10.152.4.39 with SMTP id h7mr75811178lah.58.1426876942684; Fri,
 20 Mar 2015 11:42:22 -0700 (PDT)
Received: by 10.152.18.226 with HTTP; Fri, 20 Mar 2015 11:42:22 -0700 (PDT)
In-Reply-To: <29606747-8C51-4EF3-B507-46A75661E738@vpnc.org>
References: <201503200729.t2K7TipS023432@freefall.freebsd.org>
 <29606747-8C51-4EF3-B507-46A75661E738@vpnc.org>
Date: Fri, 20 Mar 2015 20:42:22 +0200
Message-ID: <CA+7WWSeVimWe7AH+Deos+XYE-dwbJuW=BiMcWWYQm-MZw3d+OQ@mail.gmail.com>
Subject: Re: Failure on 10.0? Re: FreeBSD Security Advisory
 FreeBSD-SA-15:06.openssl [REVISED]
From: Kimmo Paasiala <kpaasial@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset=UTF-8
Cc: freebsd-security <freebsd-security@freebsd.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2015 18:42:25 -0000

On Fri, Mar 20, 2015 at 5:21 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> # sudo freebsd-update fetch
> Looking up update.FreeBSD.org mirrors... 5 mirrors found.
> Fetching metadata signature for 10.0-RELEASE from update6.freebsd.org... done.
> Fetching metadata index... done.
> Inspecting system... done.
> Preparing to download files... done.
>
> The following files will be added as part of updating to 10.0-RELEASE-p18:
> /usr/src/contrib/tzdata/zone1970.tab
> /usr/src/crypto/openssl/crypto/constant_time_locl.h
> /usr/src/crypto/openssl/crypto/constant_time_test.c
> /usr/src/crypto/openssl/doc/apps/c_rehash.pod
> /usr/src/crypto/openssl/doc/crypto/CMS_add1_signer.pod
> /usr/src/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
> /usr/src/crypto/openssl/ssl/heartbeat_test.c
> /usr/src/crypto/openssl/ssl/ssl_utst.c
> /usr/src/crypto/openssl/util/mkbuildinf.pl
> /usr/src/secure/lib/libcrypto/man/CMS_add1_signer.3
> /usr/src/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
> /usr/src/secure/usr.bin/openssl/man/c_rehash.1
>
> WARNING: FreeBSD 10.0-RELEASE-p18 HAS PASSED ITS END-OF-LIFE DATE.
> Any security issues discovered after Sat Feb 28 19:00:00 EST 2015
> will not have been corrected.
>
> # sudo freebsd-update install
> Installing updates...install: ///usr/src/contrib/tzdata/zone1970.tab: No such file or directory
> install: ///usr/src/crypto/openssl/crypto/constant_time_locl.h: No such file or directory
> install: ///usr/src/crypto/openssl/crypto/constant_time_test.c: No such file or directory
> install: ///usr/src/crypto/openssl/doc/apps/c_rehash.pod: No such file or directory
> install: ///usr/src/crypto/openssl/doc/crypto/CMS_add1_signer.pod: No such file or directory
> install: ///usr/src/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod: No such file or directory
> install: ///usr/src/crypto/openssl/ssl/heartbeat_test.c: No such file or directory
> install: ///usr/src/crypto/openssl/ssl/ssl_utst.c: No such file or directory
> install: ///usr/src/crypto/openssl/util/mkbuildinf.pl: No such file or directory
> install: ///usr/src/secure/lib/libcrypto/man/CMS_add1_signer.3: No such file or directory
> install: ///usr/src/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3: No such file or directory
> install: ///usr/src/secure/usr.bin/openssl/man/c_rehash.1: No such file or directory
>  done.
>
> It doesn't look like OpenSSL got updated, and it looks like a bunch of the attempted updates failed. Was this advisory tested on 10.0?
>
> --Paul Hoffman


10.0-RELEASE is not a supported release anymore, upgrade to 10.1.

"WARNING: FreeBSD 10.0-RELEASE-p18 HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Sat Feb 28 19:00:00 EST 2015
will not have been corrected."

https://www.freebsd.org/security/unsupported.html

-Kimmo