possibly silly question regarding freebsd-update
Guido Falsi
mad at madpilot.net
Tue Mar 30 15:48:18 UTC 2021
On 30/03/21 17:38, tech-lists wrote:
> On Tue, Mar 30, 2021 at 05:22:30PM +0200, Guido Falsi via freebsd-stable
> wrote:
>>
>> No, as you can see in the commit in the official git [1] while for
>> current and stable the new upstream version of openssl was imported for
>> the release the fix was applied without importing the new release and
>> without changing the reported version of the library.
>>
>> So with 12.2p5 you do get the fix but don't get a new version of the
>> library.
>>
>>
>> [1]
>> https://cgit.freebsd.org/src/commit/?h=releng/12.2&id=af61348d61f51a88b438d41c3c91b56b2b65ed9b
>>
>
> On this url, near the top, there's this:
>
> "Fix multiple OpenSSL vulnerabilities. Add UPDATING and bump
> version." next to that, we have "releng/12.2".
>
> So, I'm expecting the version information pertaining to opensslto be
> bumped. Is this expectation unreasonable? I'm not a developer.
>
The "bumping verion" part refers to bumping the FreeBSD version, that's
the p4 -> p5 part of the patch, last hunk referring to file
sys/conf/newvers.sh
--
Guido Falsi <mad at madpilot.net>
More information about the freebsd-stable
mailing list