From nobody Thu Dec 07 15:53:31 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SmJhs4XNDz53BkW; Thu, 7 Dec 2023 15:53:33 +0000 (UTC) (envelope-from felix@palmen-it.de) Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SmJhs3cZ8z4Qk9; Thu, 7 Dec 2023 15:53:33 +0000 (UTC) (envelope-from felix@palmen-it.de) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palmen-it.de; s=20200414; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=6Nr5/eAy9Zn2kopCHmupB8Kx+FlXnzH7TUPRfNEpRgA=; b=Y6QOb/V0u35m39+9TUhsFRXpHC Pu5OUxVrFDsN3n7B6z/0E+Aoa/dXzcVadOx+OWvIEqM2N22p2NbLEkhA4EIBc0koIFI9KJalKrz8A DbvYLCICp5lQrxeHwv4uB1hMLTbCJtnQ2fZVST0mk3gJqbGY3PXdUo6oi51R7NtRMeRIq+d02tzQt /C3fr4iI5NzhYKaF2/iquMsnegT90BFM8fBCDdDCk+K3dwExEgnEaBIOR57c6r3+r04ubcy9QqEZ0 QnCOr79dlo7TjCaQkmOWkpUCn4rCB/0Xw1rcJK6I1HGQe+MkFzZLwnj0wCWeZ8O3NaXE0zT57mAkt ehUeE75A==; Received: from [192.168.71.101] (helo=mail.home.palmen-it.de) by stef.palmen-it.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rBGgu-005MMD-0t; Thu, 07 Dec 2023 16:53:32 +0100 Received: from nexus.home.palmen-it.de ([192.168.99.2]) by mail.home.palmen-it.de with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.97 (FreeBSD)) (envelope-from ) id 1rBGgu-000000002Zr-0JYE; Thu, 07 Dec 2023 15:53:32 +0000 Date: Thu, 7 Dec 2023 16:53:31 +0100 From: Felix Palmen To: Philip Paeps Cc: Dan Langille , ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05 Message-ID: Mail-Followup-To: Philip Paeps , Dan Langille , ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJCa'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R( Organization: FreeBSD.org References: <202312052304.3B5N4IOf078862@gitrepo.freebsd.org> <4c967ca4-bfa1-4e30-b330-feb94d6c765b@app.fastmail.com> <38DAC2D1-58B0-43C5-9F1E-97281068AFD5@freebsd.org> <01372e6b-0e2d-4249-9f36-fdb24b380c71@app.fastmail.com> <1A46BB39-EBBA-4E02-97A4-860DD9608000@freebsd.org> List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7svcvpoh6eaikkd2" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20231103 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] X-Spamd-Bar: ---- X-Rspamd-Queue-Id: 4SmJhs3cZ8z4Qk9 --7svcvpoh6eaikkd2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Philip Paeps [20231207 23:44]: > > I strongly assume the full freebsd-upgrade procedure will also upgrade > > the kernel to -p7. If it doesn't, there's a more troubling issue > > somewhere... >=20 > This assumption is wrong. freebsd-update builds only build what has > changed. If a security patch does not affect the kernel, the kernel is n= ot > rebuilt. I'm pretty sure it isn't. As soon as there *is* a change to the kernel, a new kernel is built and it will have the same version as the userland. "Diverging" versions of kernel and userland are only possible as long as there are no changes to the kernel. But these latest patches affected the kernel. > We've had this conversation before. I believe the conclusion at the time > was that there are no good answers and we can't have nice things. >=20 > Tracking userland versions in vuxml breaks things for people running > freebsd-update. Tracking kernel versions hides vulnerabilities for people > upgrading from source. >=20 > We (security team) won't push kernel updates (and require users to reboot) > for vulnerabilities that only affect userland, only to show a higher numb= er. > That would be silly. Of course not. But this time, the kernel is affected? Cheers, Felix --=20 Felix Palmen {private} felix@palmen-it.de -- ports committer -- {web} http://palmen-it.de {pgp public key} http://palmen-it.de/pub.txt {pgp fingerprint} 6936 13D5 5BBF 4837 B212 3ACC 54AD E006 9879 F231 --7svcvpoh6eaikkd2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZXHqe18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny MaKqAPsGeAJF0u+NLiOhOnO5t84MLnA0Y8VzY2nf7TJwZt9H1AEAxPgiKeZDu/jI JgCiGOKQdJY8uIrkBMsNfg0B/lvBhQU= =l8bD -----END PGP SIGNATURE----- --7svcvpoh6eaikkd2--