Solved [Solved] Not getting latest version with freebsd-update?

[ag74]

Due to the https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc advisory, I decided to update my 9.2-RELEASE-p4 amd64 system using

freebsd-update fetch
freebsd-update install

This appears to have gone well, but after a reboot uname -a says

FreeBSD aknot 9.2-RELEASE-p10 FreeBSD 9.2-RELEASE-p10 #0: Tue Jul  8 10:48:24 UTC 2014     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

The link suggests 9.2-RELEASE-p11 is the release that fixes this issue. So why am I not getting p11?

EDIT: Let me add - on the initial fetch-install cycle, as well as now if I repeat it, it says it will update to p11:

Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for 9.2-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be updated as part of updating to 9.2-RELEASE-p11:
/boot/kernel/linker.hints

but I still get p10.

 

[Juanitou]

Re: Not getting latest version with freebsd-update?

This is a known issue that explains the appearance of freebsd-version(1) in 10.0-RELEASE.

 

[ag74]

Re: Not getting latest version with freebsd-update?

If I understand this correctly, the kernel is now at patch level -p10 (and not changed in -p11), and that's what uname shows me?

I do have this in /usr/src/sys/conf/newvers.h:

TYPE="FreeBSD"
REVISION="9.2"
BRANCH="RELEASE-p11"

openssl version says OpenSSL 0.9.8y 5 Feb 2013 - can I still trust I got what -p11 is supposed to fix?

 

[Juanitou]

Re: Not getting latest version with freebsd-update?

I’m quite sure, but don’t take my word for granted, I’m not an expert. Search the forums for the thread concerning the precedent OpenSSL update, I recall the same type of question was discussed there.

 

[aupanner]

Re: Not getting latest version with freebsd-update?

I just did the p10 => p11 update and it updated various libs and not the kernel. The GENERIC kernel is still p10 unless you rebuild manually.

/usr/src/sys/conf/newvers.sh has the updated BRANCH value.

 

[phoenix]

Re: Not getting latest version with freebsd-update?

uname(1) displays the version strings stored inside the kernel itself.

freebsd-update(8) only updates the kernel if a patch directly affects the kernel, and requires compiling a new kernel.

p10 required a new kernel, so freebsd-update installed a new kernel and "uname -a" shows -p10 correctly.

p11 doesn't require a new kernel, so freebsd-update doesn't install a new kernel and thus "uname -a" continues to show -p10.

However, freebsd-update does download and install new binaries and libs as needed for p11 if run on a p10 system. And that's your clue and notification that it's updating to p11. And, if running freebsd-update afterward shows no new updates, then you are at the latest patch level. Nothing to worry about.

 

[ag74]

Re: Not getting latest version with freebsd-update?

All good then. Thanks, everyone.