Solved freebsd-update

[fjdlr]

Hi
Since the last (yesterday)
freebsd-update
fetch install , I've been experiencing this situation.

11:32 #> freebsd-version -ku
14.3-RELEASE-p3
14.3-RELEASE-p4

#> uname -srv
FreeBSD 14.3-RELEASE-p3 FreeBSD 14.3-RELEASE-p3 GENERIC

I don't really understand.

 

[SirDice]

Use freebsd-version -urk, then compare the version of the running kernel with the installed kernel. If those are different you still need to reboot.

     If several of the above options are specified, freebsd-version will print
     the installed kernel version first, then the running kernel version, next
     the userland version, and finally the userland version of the specified
     jails, on separate lines.  If neither is specified, it will print the
     userland version only.

freebsd-version(8)

Also note that p4 fixes a userland issue only. So the kernel hasn't been updated and would still show the previous patch version.

p4 fixes an OpenSSL issue (not kernel related) and an issue with freebsd-update(8) (also not kernel related).

https://www.freebsd.org/security/advisories/FreeBSD-SA-25:08.openssl.asc

https://www.freebsd.org/security/advisories/FreeBSD-EN-25:18.freebsd-update.asc

 

[gotnull]

Also note that p4 fixes a userland issue only.

Personally I still struggle to know for sure on which level, userland or kernel, a patch is applied.
Is there any hint to determine this?

Errata notice and security advisory say what a patched version should be: Corrected (releng/14.3, 14.3-RELEASE-p4).
This works for a system build from source because both kernel and userland get patched(if I am not wrong), but not for systems not built from source.
An improvement in this regard would be to tell which part of the system is directly affected:kernel, userland, or both.
That should avoid confusion, users would know exactly what to expect from the output of freebsd-version -kru.

 

[SirDice]

Is there any hint to determine this?

Look at the specific SA or EN. You could also tell from the list of files freebsd-update(8) wants to update, if it includes a kernel update you'll see it wants to update /boot/kernel/kernel (and often a bunch of kernel modules in /boot/kernel/ too). After fetching and installing the update, a freebsd-version -urk would show a different version for the installed and running kernel (the first two version strings in the output).

This works for a system build from source because both kernel and userland get patched(if I am not wrong), but not for systems not built from source.

The version is determined at compile time from sys/conf/newvers.sh for both the kernel and userland. As the kernel wasn't rebuild (no need, nothing's changed, the version change is only cosmetic) it wasn't included in the binary update and therefor your installed kernel (with the previous patch version) remained untouched.

 

[gotnull]

Look at the specific SA or EN.

Unfortunately it doesn't help much, unless the kernel is directly involved I think it's hard to determine what is touched by an issue, that's exactly why I put the links in my previous message. I read those several times and still I have no clue.

if it includes a kernel update you'll see it wants to update /boot/kernel/kernel (and often a bunch of kernel modules in /boot/kernel/ too)

Hmm that's a solution and particularly simple, didn't think about that, thank you.

The version is determined at compile time from sys/conf/newvers.sh for both the kernel and userland.

Thanks for the explanation and the link.
Not a big fan of building things from source, but I try to look into it from time to time, it might help.

 

[SirDice]

I think it's hard to determine what is touched by an issue

Right, I get it's not clear what exactly is the issue, or where if you're not familiar with any of the 'technical' details. Alternatively, every SA or EN has a patch file at the bottom, you could look at the paths of the files being patched. Everything under sys/ involves the kernel (or one or more of its modules).

This one for example from SA-25:02: https://www.freebsd.org/security/patches/SA-25:02/fs-14.patch

 

[gotnull]

Everything under sys/ involves the kernel (or one or more of its modules)

Nice, thanks for the tip!
I'll try to remember that, meanwhile the thread is bookmarked

 

[dkh]

I have a 14.3-RELEASE system using pkgbase and there were no updates available after the SA. Today there were but freebsd-version -kru is reporting 14.3-RELEASE-p4 for all three. The systems using freebsd-update are showing p4 for userland only. Its a transition thing I'm sure but it may confuse newer users.