Didn't receive an announcement via <freebsd-security-notifications> yet... Is it overloaded?The OpenSSL issue got scaled up because there are working exploits active in the wild. We've had our SOC go nuts over it too.
Now it came in (today March 26, 12:00 UTC). IIRC you're a ports(7) maintainer & maybe these are ranked before mere mortals in the mailing list, I'd be fine with that if it's so. Or you've been a subscriber for a long time and thus higher in the list.About SSL? I received an email yesterday afternoon or evening. (EDT, GMT -4), including a patch, or the ability to fix with freesd-update.
Announced: 2021-03-25
freebsd-version
: 12.2-RELEASE-p5
... and here I checked out the latest source codeYes and thanks to the daily check enabled in my crontab(5) I had the fixes already available to install when I checked my e-mail todayfreebsd-version
:12.2-RELEASE-p5
af61348d61f51a88b438d41c3c91b56b2b65ed9b
and rebuilt my system FreeBSD Tuna2 12.2-RELEASE-p5 FreeBSD 12.2-RELEASE-p5 TUNAZ2 amd64
it's never going to happen.
BTW he'll return to the FSF.
For the record, here's the email: http://docs.FreeBSD.org/cgi/mid.cgi?2766233C-3CC7-4B02-95AB-7555A60FFD81JFYI: The release team just announced that RC4 might be delayed further somewhat.
The offending code has been removed before RC3 so this has nothing to do with the additional release candidate.And this one crossed my newsfeed: arstechnica.com
Most certainly not, this code was removed before RC3, and you don't (re-)introduce a new feature during RC phase.I don't know if it is the wg related
Right. I meant if maybe internally there is some sort of audit because of the wg. But that's me thinking out loud, not a statement.Most certainly not, this code was removed before RC3, and you don't (re-)introduce a new feature during RC phase.
either that or you let freebsd-update(8) check for updates periodically, e.g. through crontab(5) or anacrontab(5):regarding the mailing list for security updates, is subscribing to this one https://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications sufficient?
# $Id: anacrontab,v 1.5 2021/03/31 19:32:59 root Exp root $
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
# days make sure the command is executed at least every 'days' days
# delay delay in minutes, before a command starts
# id unique id of a command
#
# REM sysrc anacron_nice=10 @boot from rc.d & in crontab(5) it's nice.
# REM sysrc anacron_flags="-s" serialize jobs, thus delay isn't important.
# days delay id command
1 1 ntpdate csh -c 'ntpdate -4uv {0,1,2}.de.pool.ntp.org'
1 2 freebsd-update freebsd-update cron
[...]
freebsd-update install
them manually.