Does openssl Fix Bump The Version Number?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Does openssl Fix Bump The Version Number?

Tim Daneliuk
I did a source tree update to  264294 and then a build world/kernel followed
by install/reboot.  But I still see this:


[root] fuzzball ~>openssl version
OpenSSL 1.0.1e-freebsd 11 Feb 2013


So ... it the version number supposed to be getting bumped or am I simply
not really patched ... and why....

Thanks,

----------------------------------------------------------------------------
Tim Daneliuk     [hidden email]
PGP Key:         http://www.tundraware.com/PGP/

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Tim Daneliuk
On 04/09/2014 08:45 AM, Tim Daneliuk wrote:

> I did a source tree update to  264294 and then a build world/kernel followed
> by install/reboot.  But I still see this:
>
>
> [root] fuzzball ~>openssl version
> OpenSSL 1.0.1e-freebsd 11 Feb 2013
>
>
> So ... it the version number supposed to be getting bumped or am I simply
> not really patched ... and why....
>

I should  mention this is 10-STABLE amd64


--
----------------------------------------------------------------------------
Tim Daneliuk     [hidden email]
PGP Key:         http://www.tundraware.com/PGP/

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Jakub Lach
I'm on FreeBSD 10.0-STABLE #0 r264302, binary version is freshly built
judging from date, albeit version reported is the same - not bumped.
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Thomas Hoffmann
In reply to this post by Tim Daneliuk
On Wed, Apr 9, 2014 at 9:46 AM, Tim Daneliuk <[hidden email]> wrote:

> On 04/09/2014 08:45 AM, Tim Daneliuk wrote:
>
>> I did a source tree update to  264294 and then a build world/kernel
>> followed
>> by install/reboot.  But I still see this:
>>
>>
>> [root] fuzzball ~>openssl version
>> OpenSSL 1.0.1e-freebsd 11 Feb 2013
>>
>>
>> So ... it the version number supposed to be getting bumped or am I simply
>> not really patched ... and why....
>>
>>
> I should  mention this is 10-STABLE amd64


From what I can see, the patch has not been MFC'd to 10-STABLE, since on a
freshly checked out working copy r264302 I see in
/usr/src/crypto/openssl/CHANGES:
Changes between 1.0.1d and 1.0.1e [11 Feb 2013]

whereas in my -CURRENT r264289 amd64 I see:
Changes between 1.0.1f and 1.0.1g [7 Apr 2014]

and as expected I get:
# openssl version
OpenSSL 1.0.1g-freebsd 7 Apr 2014

-Tom
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Jakub Lach
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Pierre-Luc Drouin
I have the same issue as well. I have a freshly updated 10.0-stable system
from SVN...


On Wed, Apr 9, 2014 at 2:32 PM, Jakub Lach <[hidden email]> wrote:

> Huh?
>
> http://svnweb.freebsd.org/base?view=revision&sortby=date&revision=264266
>
>
>
> --
> View this message in context:
> http://freebsd.1045724.n5.nabble.com/Does-openssl-Fix-Bump-The-Version-Number-tp5901973p5902066.html
> Sent from the freebsd-questions mailing list archive at Nabble.com.
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> [hidden email]"
>
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Jakub Lach
May I rephrase, what is "the same issue"? There was a fix for 10-STABLE (I've
linked it), albeit there was no version bump.
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Pierre-Luc Drouin
I meant that the SVN revision of my src tree is r264303, and "openssl
version" returns:
OpenSSL 1.0.1e-freebsd 11 Feb 2013

so I am not sure if the patch was applied or not...


On Wed, Apr 9, 2014 at 2:36 PM, Jakub Lach <[hidden email]> wrote:

> May I rephrase, what is "the same issue"? There was a fix for 10-STABLE
> (I've
> linked it), albeit there was no version bump.
>
>
>
> --
> View this message in context:
> http://freebsd.1045724.n5.nabble.com/Does-openssl-Fix-Bump-The-Version-Number-tp5901973p5902068.html
> Sent from the freebsd-questions mailing list archive at Nabble.com.
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> [hidden email]"
>
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Jakub Lach
Check the date of the produced binary or test for vulnerability
on your own hand if paranoid. I've linked relevant changes in
source code.
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Thomas Hoffmann
On Wed, Apr 9, 2014 at 2:44 PM, Jakub Lach <[hidden email]> wrote:

> Check the date of the produced binary or test for vulnerability
> on your own hand if paranoid. I've linked relevant changes in
> source code.
>

Have a look at this thread:
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=9476970+0+current/svn-src-head

-Tom
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Does openssl Fix Bump The Version Number?

Tim Daneliuk
On 04/09/2014 01:53 PM, Thomas Hoffmann wrote:

> On Wed, Apr 9, 2014 at 2:44 PM, Jakub Lach <[hidden email]> wrote:
>
>> Check the date of the produced binary or test for vulnerability
>> on your own hand if paranoid. I've linked relevant changes in
>> source code.
>>
>
> Have a look at this thread:
> http://docs.freebsd.org/cgi/getmsg.cgi?fetch=9476970+0+current/svn-src-head
>


To steal from our Python colleagues:  Explicit is better than implicit.
A patched piece of infrastructure of this importance should be obviously
so to anyone who cares.  In the course of my work I deal with many hundreds
of servers (well over 1000 at this point) and having to figure out what
REALLY is going on across Cent, FBSD, RHEL, SLES, AIX, Solaris ....
is very painful and time consuming.

I appreciate the fact that the FreeBSD maintainers are volunteers and
I'm not diminishing their hard work here, but we do position FreeBSD
as an enterprise server class environment .... 'just sayin' ...


--
----------------------------------------------------------------------------
Tim Daneliuk     [hidden email]
PGP Key:         http://www.tundraware.com/PGP/

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"