Mel P <[email protected]> writes: > I can see that /boot/kernel/ipfw_pmod.ko changed between the running > BE and the -p7 snapshot, so I'm confident I did get the update. > > Does pkg-audit-base have a bug such that it also must consider the > userland version when checking for kernel vulns; or did the kernel > version bump get missed?
The scripts we use to generate binary patches discard the kernel version bump if nothing else in the kernel itself has changed, which is the case here since the advisory only affected a kernel module. Whether or not this is a bug is debatable. It has certainly caused a lot of confusion over the years. On the other hand, we don't want to force a reboot when users could in theory simply reload the module. On the gripping hand, some modules can't be reloaded (or at least, as is the case with ipfw, can't safely be reloaded remotely). Either way, it is unlikely to get fixed, since we don't expect to continue using freebsd-update much longer. DES -- Dag-Erling Smørgrav - [email protected]
