possibly silly question regarding freebsd-update
Karl Denninger
karl at denninger.net
Tue Mar 30 14:19:37 UTC 2021
On 3/30/2021 10:14, Doug McIntyre wrote:
> Like the patch referenced in the SA.
> https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patch
>
> Again, it seems like confusion over what happens in RELEASE, STABLE and
CURRENT..
>
>
>
> On Tue, Mar 30, 2021 at 04:05:32PM +0200, Ruben via freebsd-stable wrote:
>> Hi,
>>
>> Did you mean 12.1-p5 or 12.2-p5 ? I'm asking because you refer to both
>> 12.1-p5 and 12.2-p5 (typo?).
>>
>> If you meant 12.2-p5: Perhaps the FreeBSD security team did not bump the
>> version, but "only" backported the patches to version 1.1.1h ?
>>
>> Regards,
>>
>> Ruben
>>
>>
>> On 3/30/21 3:35 PM, tech-lists wrote:
>>> Hi,
>>>
>>> Recently there was
>>> https://lists.freebsd.org/pipermail/freebsd-security/2021-March/010380.html
>>> about openssl. Upgraded to 12.2-p5 with freebsd-update and rebooted.
>>>
>>> What I'm unsure about is the openssl version.
>>> Up-to-date 12.1-p5 instances report OpenSSL 1.1.1h-freebsd 22 Sep 2020
>>>
>>> Up-to-date stable/13-n245043-7590d7800c4 reports OpenSSL 1.1.1k-freebsd
>>> 25 Mar 2021
>>>
>>> shouldn't the 12.2-p5 be reporting openssl 1.1.1k-freebsd as well?
>>>
>>> thanks,
>> _
Ok, except....
# uname -v
FreeBSD 12.2-RELEASE-p4 GENERIC
# openssl version
OpenSSL 1.1.1h-freebsd 22 Sep 2020
# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 12.2-RELEASE from update4.freebsd.org...
done.
Fetching metadata index... done.
Fetching 2 metadata patches.. done.
Applying metadata patches... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
No updates needed to update system to 12.2-RELEASE-p5.
So if you're running RELEASE then /security patches /don't get backported?
And you CAN'T upgrade to 12.2-STABLE via freebsd-update:
# freebsd-update -r 12.2-STABLE upgrade
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 12.2-RELEASE from update1.freebsd.org...
done.
Fetching metadata index... done.
Inspecting system... done.
The following components of FreeBSD seem to be installed:
kernel/generic src/src world/base world/doc world/lib32
The following components of FreeBSD do not seem to be installed:
kernel/generic-dbg world/base-dbg world/lib32-dbg
Does this look reasonable (y/n)? y
Fetching metadata signature for 12.2-STABLE from update1.freebsd.org...
failed.
Fetching metadata signature for 12.2-STABLE from update2.freebsd.org...
failed.
Fetching metadata signature for 12.2-STABLE from update4.freebsd.org...
failed.
No mirrors remaining, giving up.
This may be because upgrading from this platform (amd64)
or release (12.2-STABLE) is unsupported by freebsd-update. Only
platforms with Tier 1 support can be upgraded by freebsd-update.
See https://www.freebsd.org/platforms/index.html for more info.
If unsupported, FreeBSD must be upgraded by source.
--
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4897 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20210330/94adef7c/attachment.bin>
More information about the freebsd-stable
mailing list