On 3/30/2021 10:14, Doug McIntyre wrote:
Like the patch referenced in the SA. https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patchAgain, it seems like confusion over what happens in RELEASE, STABLE and
CURRENT..
On Tue, Mar 30, 2021 at 04:05:32PM +0200, Ruben via freebsd-stable wrote:Hi, Did you mean 12.1-p5 or 12.2-p5 ? I'm asking because you refer to both 12.1-p5 and 12.2-p5 (typo?). If you meant 12.2-p5: Perhaps the FreeBSD security team did not bump the version, but "only" backported the patches to version 1.1.1h ? Regards, Ruben On 3/30/21 3:35 PM, tech-lists wrote:Hi, Recently there was https://lists.freebsd.org/pipermail/freebsd-security/2021-March/010380.html about openssl. Upgraded to 12.2-p5 with freebsd-update and rebooted. What I'm unsure about is the openssl version. Up-to-date 12.1-p5 instances report OpenSSL 1.1.1h-freebsdĀ 22 Sep 2020 Up-to-date stable/13-n245043-7590d7800c4 reports OpenSSL 1.1.1k-freebsd 25 Mar 2021 shouldn't the 12.2-p5 be reporting openssl 1.1.1k-freebsd as well? thanks,_
Ok, except.... # uname -v FreeBSD 12.2-RELEASE-p4 GENERIC # openssl version OpenSSL 1.1.1h-freebsdĀ 22 Sep 2020 # freebsd-update fetch Looking up update.FreeBSD.org mirrors... 3 mirrors found.Fetching metadata signature for 12.2-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done. Fetching 2 metadata patches.. done. Applying metadata patches... done. Fetching 2 metadata files... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 12.2-RELEASE-p5. So if you're running RELEASE then /security patches /don't get backported? And you CAN'T upgrade to 12.2-STABLE via freebsd-update: # freebsd-update -r 12.2-STABLE upgrade Looking up update.FreeBSD.org mirrors... 3 mirrors found.Fetching metadata signature for 12.2-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done. Inspecting system... done. The following components of FreeBSD seem to be installed: kernel/generic src/src world/base world/doc world/lib32 The following components of FreeBSD do not seem to be installed: kernel/generic-dbg world/base-dbg world/lib32-dbg Does this look reasonable (y/n)? yFetching metadata signature for 12.2-STABLE from update1.freebsd.org... failed. Fetching metadata signature for 12.2-STABLE from update2.freebsd.org... failed. Fetching metadata signature for 12.2-STABLE from update4.freebsd.org... failed.
No mirrors remaining, giving up. This may be because upgrading from this platform (amd64) or release (12.2-STABLE) is unsupported by freebsd-update. Only platforms with Tier 1 support can be upgraded by freebsd-update. See https://www.freebsd.org/platforms/index.html for more info. If unsupported, FreeBSD must be upgraded by source. -- Karl Denninger k...@denninger.net <mailto:k...@denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature