Re: freebsd-update confusion

Reply: Mark Millard : "Re: freebsd-update confusion"
In reply to: Herbert J. Skuhra: "Re: freebsd-update confusion"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: void <void_at_f-m.fm>
Date: Sat, 18 Feb 2023 23:06:20 UTC

Hello Herbert,

On Sat, Feb 18, 2023 at 11:11:50PM +0100, Herbert J. Skuhra wrote:
>On Sat, Feb 18, 2023 at 09:53:56PM +0000, void wrote:
>> In https://lists.freebsd.org/archives/freebsd-security/2023-February/000146.html
>> there's an SA for openssl.
>>
>> If I upgrade (buildworld etc) on an amd box, it gets:
>>
>> % openssl version
>> OpenSSL 1.1.1t-freebsd  7 Feb 2023
>>
>> (as expected)
>
>This is either stable/13, releng/13.2 or main where openssl was updated
>to version OpenSSL 1.1.1t.
>
>> If freebsd-update is run on a 13.1-R arm64 machine, installed updates then
>> rebooted, it gets:
>>
>> $ openssl version
>> OpenSSL 1.1.1o-freebsd  3 May 2022
>>
>> ???
>>
>> The freebsd-update was run about 10 mins ago (feb 18th 1821 UTC)
>
>This is releng/13.1 where openssl is still OpenSSL 1.1.1o; only security
>fixes were applied. 

This is the bit that was confusing me. I thought 1.1.1t was with the security fixes.

>You will get OpenSSL 1.1.1t after upgrading to
>13.2-RELEASE (expected to be released next month).

https://lists.freebsd.org/archives/freebsd-security/2023-February/000146.html has this:

Corrected:      2023-02-07 22:38:40 UTC (stable/13, 13.1-STABLE)
                 2023-02-16 17:58:13 UTC (releng/13.1, 13.1-RELEASE-p7)
                 2023-02-07 23:09:41 UTC (stable/12, 12.4-STABLE)
                 2023-02-16 18:04:12 UTC (releng/12.4, 12.4-RELEASE-p2)
                 2023-02-16 18:03:37 UTC (releng/12.3, 12.3-RELEASE-p12)

So, if I'm understanding you correctly, none of those releases indicated above
would go to 1.1.1t ?

>What's the output of 'freebsd-version -kru'? It will tell you if your
>system is up-to-date.

% freebsd-version -kru
13.1-RELEASE-p6
13.1-RELEASE-p6
13.1-RELEASE-p7

It's really kind of opaque (to me) that openssl version is 
'1.1.1o-freebsd 3 May 2022' *after* the update has been applied. If it was 
something like '1.1.1o-freebsd-p1 16 Feb 2023', I'd feel a bit better, because 
as it stands, it looks like, on the face of it, that openssl hasn't
been patched. Otherwise wouldn't the versioning info change in some respect, to
indicate that it had?

--