On 3/30/2021 10:40, tech-lists wrote:
On Tue, Mar 30, 2021 at 09:14:56AM -0500, Doug McIntyre wrote:Like the patch referenced in the SA. https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patchAgain, it seems like confusion over what happens in RELEASE, STABLE and CURRENT..Hi, I'm not sure what you mean by this. Inhttps://lists.freebsd.org/pipermail/freebsd-security/2021-March/010380.htmlit says1) To update your vulnerable system via a binary patch:Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:# freebsd-update fetch # freebsd-update install # <restart any daemons that use the library>which I did. If openssl updated, would it not be logical to expect openssl version information to indicate it had in fact been updated? If not, then how am I able to tell that it has updated? On an un-upgraded 12.2-p4 system *and* on an upgraded one, openssl version reports 1.1.1h-freebsd
It is not updating; as I noted it appears this security patch was NOT backported and thus 12.2-RELEASE does not "see" it.
You cannot go to "-STABLE" via freebsd-update; to run -STABLE you must be doing buildworld/buildkernel from source. I can confirm that 12.2-STABLE *does* have the patch as I checked it recently.
From a system I cross-build for an updated yesterday: $ uname -v FreeBSD 12.2-STABLE stable/12-n232909-4fd5354e85e KSD-SMP $ openssl version OpenSSL 1.1.1k-freebsd 25 Mar 2021 -- Karl Denninger k...@denninger.net <mailto:k...@denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
