On Tue, Mar 30, 2021 at 12:07:41PM -0400, Karl Denninger wrote:>Ok, that's fair; it DOES show -p5 for the user side. > >$ freebsd-version -ru >12.2-RELEASE-p4 >12.2-RELEASE-p5 > >So that says my userland is -p5 while the kernel, which did not change >(even though if you built from source it would carry the -p5 number) is -p4. > >I can live with that as it allows me to "see" that indeed the revision >is present without having source on the box.it just threw me that the thing-that-was-updated didn't update its version information when queried. Absent sources, how can I tell it was updated (apart from freebsd-version -u) ? -- J. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20210330/96ea31c1/attachment.sig>
On Tue, Mar 30, 2021 at 05:54:03PM +0100, tech-lists wrote:> it just threw me that the thing-that-was-updated didn't update its > version information when queried. Absent sources, how can I tell it > was updated (apart from freebsd-version -u) ?Comparing what the SA patch says it is doing at https://security.freebsd.org/patches/SA-21:07/openssl-12.patch appears to be only update the libcrypto library and not the openssl wrapper itself, you can verify that after the 12.2-p5 patch was installed that the file /lib/libcrypto.so.111 has been touched and is a newer date than what was on the machine prior to the patch. Yes, this takes some knowledge of the specific patch, and what parts contribute to what it is doing. I don't know the specific decisions on when RELEASE backports security patches vs. upgrading whole source trees.