Date: Thu, 14 Nov 2019 15:02:44 -0500 From: George Mitchell <george+freebsd@m5p.com> To: freebsd-hackers@freebsd.org Subject: Re: Correct SVN revision for latest security fix Message-ID: <bfab28ce-af82-e339-7f4a-f6a005806836@m5p.com> In-Reply-To: <20191114182010.GG6969@gmail.com> References: <7d65fc8f-e9b9-6472-199e-41f5010a8714@m5p.com> <20191114182010.GG6969@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--VKKByPPEBnxa5UFo6F5ycfo9YntTza4Hc
Content-Type: multipart/mixed; boundary="5CBz8B9Xbtr1u6M7mIUBsj2QfaUtqhkF2";
protected-headers="v1"
From: George Mitchell <george+freebsd@m5p.com>
To: freebsd-hackers@freebsd.org
Message-ID: <bfab28ce-af82-e339-7f4a-f6a005806836@m5p.com>
Subject: Re: Correct SVN revision for latest security fix
References: <7d65fc8f-e9b9-6472-199e-41f5010a8714@m5p.com>
<20191114182010.GG6969@gmail.com>
In-Reply-To: <20191114182010.GG6969@gmail.com>
--5CBz8B9Xbtr1u6M7mIUBsj2QfaUtqhkF2
Content-Type: text/plain; charset=UTF-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
On 2019-11-14 13:20, Gordon Tetlow wrote:
> [... a very good explanation of the final steps of the commit process .=
=2E.]
> 3 is what we do currently. This has the drawback you cite above. If you=
> checkout the revision cited, the patch level hasn't been revved at this=
> point. What I can say though, if you are running a system that lists
> -p1, then you are guaranteed to have the patches that were part of -p1.=
>=20
> Between the options above, I'll pick option three.
>=20
> Best regards,
> Gordon
> Hat: Security Officer
>=20
There's nothing wrong with your process. But these two lines of the
security announcement message seem to me to be contradictory in their
implications. Taking 11.3-RELEASE as an example, the message started
by announcing that the problem is corrected in:
2019-11-12 18:13:04 UTC (releng/11.3, 11.3-RELEASE-p5)
But then near the end, it says:
releng/11.3/ r354653
So I dutifully updated to r354653, recompiled, and reinstalled. Voil=C3=A0=
!
uname -r told me "11.3-RELEASE-p4". On all previous occasions, when I
updated to the SVN revision given in the email announcement, I would
get the version cited in the announcement, so I was surprised by the
discrepancy.
And since newvers.sh was committed at Nov 12 18:13:51 UTC, and the
security announcement was emailed at 12 Nov 2019 19:12:06 UTC, shouldn't
the announcement have referred to revision 354654? When I updated to
that version, recompiled, and reinstalled, sure enough uname -r told me
"11.3-RELEASE-p5" as I expected in the first place.
354654 is also the correct revision for 12.0-RELEASE and 12.1-RELEASE.
I would recommend emailing a corrected security advisory announcement
for consistency with all previous security advisory announcements I've
ever seen. Thank you for your attention. -- George
--5CBz8B9Xbtr1u6M7mIUBsj2QfaUtqhkF2--
--VKKByPPEBnxa5UFo6F5ycfo9YntTza4Hc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENdM4ZHktsJW5kKZXwRES3m+p4fkFAl3NsuoACgkQwRES3m+p
4fnWAw/9FdL5wrSLk1PoKd5c0pmZBjZoiey41ZdBFcDRhKSDc+06ZjmLmZmjOHnU
z5okzRNEhKhTyyQNcU9pyGTrtJF8WOoxEjni6lZ3LSGcwz6FMy7F3N4hCRmpBwpK
ij1DIEmzOzVaMMkmzJ1ROxXWqZOg/t05igZb4/W+zd5LHDutyanARgTxYQYP3Eb+
DucdctStZ+m5XXQf/BC1HGAukCg0ihYzckwy/4rf5ytqXVV8aEeBX7oKEodMkDQg
mb7DSaWA4WTUdc3xu8TaCokxwx5b0e7tmz7I+/7YAnDfAEHo+dvGJEE4ANJJN0kc
xL+XYMijIYrFOa6fnxMRDoV4wcqMx1+/cwWb7mg8gUERi3YERRP3Kb29vOgtBAaB
Osb94kiuR+NrIpYwTQfxZ3U5Ehz6fpgyXSCqb8cD6YL8fU8SM/Ft9w1935UjscYg
BBKNswvYa0hirQIwroXycko0cc9MOEiMfI8HvIGpD4sNDtk9B9ZRKxz2W6i9LnkO
m217sK3z1d6IXJaPvOcp2gXS3e1iHRfnGQIXIXRUUEYeYxyS1FPpvIIUjMzja55w
O9VR/wbfIHDKPlpj6J2J38wqvQb8zI9sot+VgRbcLetCR64w0yUhAwUIGCKshiqN
1EKGihVkqRcZF/9JL6NV7xlaOVfsAXgZI1J5/RUZ9LJQ/hjfZaA=
=p6Pb
-----END PGP SIGNATURE-----
--VKKByPPEBnxa5UFo6F5ycfo9YntTza4Hc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bfab28ce-af82-e339-7f4a-f6a005806836>