On 30/03/21 17:38, tech-lists wrote:
On Tue, Mar 30, 2021 at 05:22:30PM +0200, Guido Falsi via freebsd-stable
wrote:
No, as you can see in the commit in the official git [1] while for
current and stable the new upstream version of openssl was imported for
the release the fix was applied without importing the new release and
without changing the reported version of the library.
So with 12.2p5 you do get the fix but don't get a new version of the
library.
[1]
https://cgit.freebsd.org/src/commit/?h=releng/12.2&id=af61348d61f51a88b438d41c3c91b56b2b65ed9b
On this url, near the top, there's this:
"Fix multiple OpenSSL vulnerabilities. Add UPDATING and bump
version." next to that, we have "releng/12.2".
So, I'm expecting the version information pertaining to opensslto be
bumped. Is this expectation unreasonable? I'm not a developer.
The "bumping verion" part refers to bumping the FreeBSD version, that's
the p4 -> p5 part of the patch, last hunk referring to file
sys/conf/newvers.sh
--
Guido Falsi <m...@madpilot.net>
_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
