# 10.2-RELEASE-p13 (x64) doesn't update the OpenSSL binary



## Swapjim (Mar 10, 2016)

I got the email earlier today but `freebsd-update` says there is nothing to update:


```
root@freebsd:~# freebsd-update fetch
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.2-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 10.2-RELEASE-p13.
```

OpenSSL itself reports this version:


```
1.0.1p-freebsd 9 Jul 2015
```

and the file was last updated in March 3:


```
user@freebsd:~$ stat -x /usr/bin/openssl
  File: "/usr/bin/openssl"
  Size: 513368  FileType: Regular File
  Mode: (0555/-r-xr-xr-x)  Uid: (  0/  root)  Gid: (  0/  wheel)
Device: 0,127  Inode: 2171186  Links: 1
Access: Thu Mar 10 23:11:01 2016
Modify: Thu Mar  3 12:32:50 2016
Change: Thu Mar  3 12:32:50 2016
```

Which was part of the update from 10.2-RELEASE-p12 to 10.2-RELEASE-p13.

Am I missing something? Shouldn't have I gotten an update for OpenSSL?


----------



## Swapjim (Mar 11, 2016)

I just installed the 10.2-RELEASE x64 version in a VM and did:


```
freebsd-update fetch
freebsd-update install
```
and rebooted.

OpenSSL reports *1.0.1p-freebsd 9 Jul 2015*.


----------



## ljboiler (Mar 11, 2016)

The "version" of something (OpenSSL in this case) doesn't always change Just because a security issue is patched.


----------



## Swapjim (Mar 12, 2016)

Yes, I understand that. I can see that the openssl binary in the install CD differs from the current one:

original /usr/bin/openssl from *10.2-RELEASE CD:*


```
size: 513272
SHA512 (/usr/bin/openssl) = 5a6fcb396dfce3abc547fd177c07896e331a4659bb63d7daa089109603e5094ebfcbcaba58be09037a228f1543fcd052321625f122c966659395e6910c8d444a
MD5 (/usr/bin/openssl) = d783e988a4ce15cfb6ab398c7e01ba76
```
current /usr/bin/openssl:


```
size: 513368
SHA512 (/usr/bin/openssl) = 188d93a8c577cc0e0f25d8eead80cffa0f8655e1695d29ee4f28256dd205f91895194b07076574f453098605fcdcf424cb64cb541ae4a85310718a9d1bd5f9e2
MD5 (/usr/bin/openssl) = 9b789fd30245bc4694f5c6469f1f508a
```
But it's still strange that the date on the openssl binary in my system says March 3.


----------



## kpa (Mar 12, 2016)

It says that on the version string because the FreeBSD security team has decided not to update OpenSSL to the latest version on release versions of FreeBSD (such as FreeBSD 10.2) when updates are available but backport the security fixes  to the version that is in the release. OpenSSL is also made of number of components, in this latest update only one of the shared libraries got updated and not the main openssl binary.


----------



## gkontos (Mar 12, 2016)

I believe that the OP reported that the system does not get updated. I noticed the same also:

`freebsd-update fetch`

```
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.2-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 10.2-RELEASE-p13.
```


----------



## Kiiski (Mar 13, 2016)

Swapjim said:


> and the file was last updated in March 3:
> 
> 
> ```
> ...



Are you sure you don't already have 10.2-RELEASE-p13?
What does `freebsd-version -u` say?

According to advisory vulnerabilities where corrected 
2016-03-03 07:30:55 UTC

If times in your post are UTC, those are after that.
What I mean is, when you where updating to 10.2-RELEASE-p12, you actually updated to 10.2-RELEASE-p13.
The update came before announcement.


----------

