10.2-RELEASE-p13 (x64) doesn't update the OpenSSL binary

S

Swapjim

I got the email earlier today but freebsd-update says there is nothing to update:

Code: 
root@freebsd:~# freebsd-update fetch
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.2-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 10.2-RELEASE-p13.

OpenSSL itself reports this version:

Code: 
1.0.1p-freebsd 9 Jul 2015

and the file was last updated in March 3:

Code: 
user@freebsd:~$ stat -x /usr/bin/openssl
  File: "/usr/bin/openssl"
  Size: 513368  FileType: Regular File
  Mode: (0555/-r-xr-xr-x)  Uid: (  0/  root)  Gid: (  0/  wheel)
Device: 0,127  Inode: 2171186  Links: 1
Access: Thu Mar 10 23:11:01 2016
Modify: Thu Mar  3 12:32:50 2016
Change: Thu Mar  3 12:32:50 2016

Which was part of the update from 10.2-RELEASE-p12 to 10.2-RELEASE-p13.

Am I missing something? Shouldn't have I gotten an update for OpenSSL?
 
I just installed the 10.2-RELEASE x64 version in a VM and did:

Code: 
freebsd-update fetch
freebsd-update install
and rebooted.

OpenSSL reports 1.0.1p-freebsd 9 Jul 2015.
 
Yes, I understand that. I can see that the openssl binary in the install CD differs from the current one:

original /usr/bin/openssl from 10.2-RELEASE CD:

Code: 
size: 513272
SHA512 (/usr/bin/openssl) = 5a6fcb396dfce3abc547fd177c07896e331a4659bb63d7daa089109603e5094ebfcbcaba58be09037a228f1543fcd052321625f122c966659395e6910c8d444a
MD5 (/usr/bin/openssl) = d783e988a4ce15cfb6ab398c7e01ba76
current /usr/bin/openssl:

Code: 
size: 513368
SHA512 (/usr/bin/openssl) = 188d93a8c577cc0e0f25d8eead80cffa0f8655e1695d29ee4f28256dd205f91895194b07076574f453098605fcdcf424cb64cb541ae4a85310718a9d1bd5f9e2
MD5 (/usr/bin/openssl) = 9b789fd30245bc4694f5c6469f1f508a
But it's still strange that the date on the openssl binary in my system says March 3.
 
It says that on the version string because the FreeBSD security team has decided not to update OpenSSL to the latest version on release versions of FreeBSD (such as FreeBSD 10.2) when updates are available but backport the security fixes to the version that is in the release. OpenSSL is also made of number of components, in this latest update only one of the shared libraries got updated and not the main openssl binary.
 
I believe that the OP reported that the system does not get updated. I noticed the same also:

freebsd-update fetch
Code: 
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.2-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 10.2-RELEASE-p13.
 
Swapjim said:
and the file was last updated in March 3:

Code: 
user@freebsd:~$ stat -x /usr/bin/openssl
  File: "/usr/bin/openssl"
  Size: 513368  FileType: Regular File
  Mode: (0555/-r-xr-xr-x)  Uid: (  0/  root)  Gid: (  0/  wheel)
Device: 0,127  Inode: 2171186  Links: 1
Access: Thu Mar 10 23:11:01 2016
Modify: Thu Mar  3 12:32:50 2016
Change: Thu Mar  3 12:32:50 2016

Which was part of the update from 10.2-RELEASE-p12 to 10.2-RELEASE-p13.

Am I missing something? Shouldn't have I gotten an update for OpenSSL?
Click to expand...

Are you sure you don't already have 10.2-RELEASE-p13?
What does freebsd-version -u say?

According to advisory vulnerabilities where corrected
2016-03-03 07:30:55 UTC

If times in your post are UTC, those are after that.
What I mean is, when you where updating to 10.2-RELEASE-p12, you actually updated to 10.2-RELEASE-p13.
The update came before announcement.
 
You must log in or register to reply here.
Back
Top