freebsd stable - Oct 2006 - HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Everyone,

On October 31st, FreeBSD 5.3 and FreeBSD 5.4 will have reached their
End of Life and will no longer be supported by the FreeBSD Security
Team.  Users of either of those FreeBSD releases are strongly encouraged
to upgrade to FreeBSD 5.5 or FreeBSD 6.1 before that date.

In addition, the FreeBSD 6.0 End of Life is presently scheduled for
November 30th.  Depending upon the progress of the FreeBSD 6.2 release
cycle, this may be delayed until December 31st in order to allow time
for users of FreeBSD 6.0 to upgrade to FreeBSD 6.2.

Users of FreeBSD 4.11 systems are also reminded that that FreeBSD 4.11
will reach its End of Life at the end of January 2007 and that they
should be making plans to upgrade or replace such systems.

The current supported branches and expected EoL dates are:

   +--------------------------------------------------------------------+
   |  Branch   |  Release   |  Type  |  Release date  |  Estimated EoL  |
   |-----------+------------+--------+----------------+-----------------|
   |RELENG_4   |n/a         |n/a     |n/a             |January 31, 2007 |
   |-----------+------------+--------+----------------+-----------------|
   |RELENG_4_11|4.11-RELEASE|Extended|January 25, 2005|January 31, 2007 |
   |-----------+------------+--------+----------------+-----------------|
   |RELENG_5   |n/a         |n/a     |n/a             |May 31, 2008     |
   |-----------+------------+--------+----------------+-----------------|
   |RELENG_5_3 |5.3-RELEASE |Extended|November 6, 2004|October 31, 2006 |
   |-----------+------------+--------+----------------+-----------------|
   |RELENG_5_4 |5.4-RELEASE |Normal  |May 9, 2005     |October 31, 2006 |
   |-----------+------------+--------+----------------+-----------------|
   |RELENG_5_5 |5.5-RELEASE |Extended|May 25, 2006    |May 31, 2008     |
   |-----------+------------+--------+----------------+-----------------|
   |RELENG_6   |n/a         |n/a     |n/a             |last release + 2y|
   |-----------+------------+--------+----------------+-----------------|
   |RELENG_6_0 |6.0-RELEASE |Normal  |November 4, 2005|November 30, 2006|
   |-----------+------------+--------+----------------+-----------------|
   |RELENG_6_1 |6.1-RELEASE |Extended|May 9, 2006     |May 31, 2008     |
   +--------------------------------------------------------------------+

Once it is released, FreeBSD 6.2 will be supported until November 30, 2007.

Colin Percival
FreeBSD Security Officer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQFFH26OFdaIBMps37IRAhJCAJ974ed3hre2jaStlu+u+/N667JHBgCfaQuV
DeeQJXfaKXQmo/pRzbClLv8=29t4
-----END PGP SIGNATURE-----

FreeBSD Security Officer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello Everyone,
Hi,
> On October 31st, FreeBSD 5.3 and FreeBSD 5.4 will have reached their
> End of Life and will no longer be supported by the FreeBSD Security
> Team.  Users of either of those FreeBSD releases are strongly encouraged
> to upgrade to FreeBSD 5.5 or FreeBSD 6.1 before that date.
> 
> In addition, the FreeBSD 6.0 End of Life is presently scheduled for
> November 30th.  Depending upon the progress of the FreeBSD 6.2 release
> cycle, this may be delayed until December 31st in order to allow time
> for users of FreeBSD 6.0 to upgrade to FreeBSD 6.2.
I'm a bit worried about the EoL of FreeBSD 6.0.

In June 2006, I opened a PR (kern/98622) about a regression on CARP
with IPv6 addresses: CARP is not usable with IPv6. Since I tracked
down the culprit commit (see appropriate info in the PR), I can
affirm that this regression appeared before the 6.1-RELEASE.

Some of our main servers provide redundant services (DNS, Webmail,
LDAP) based on CARP, with equivalent functionnality over IPv4 or
IPv6.  Since we cannot degrade IPv6 service, our servers are stick
to 6.0-RELEASE. This problem has been reported to re@, but the TODO
list for 6.2 doesn't mention it (it is still empty, in fact).

As a campus network operator, we are proud to offer bleeding edge
service to our 50K users, and we advocate FreeBSD locally since it
was the ideal OS to run IPv6 service.

In order to continue to provide IPv6 service, do we have to run an
obsolete system (with all security risks involved), or do we have
to choose another system?

Please, either support 6.0-RELEASE longer, or (better) help us
correct this problem!

Thanks in advance,

Philippe Pegon

Hi,

On Sun, Oct 01, 2006 at 12:30:22AM -0700, FreeBSD Security Officer
wrote:
> Users of FreeBSD 4.11 systems are also reminded that that FreeBSD 4.11
> will reach its End of Life at the end of January 2007 and that they
> should be making plans to upgrade or replace such systems.
Though I admit RELENG_4 is getting dusty, it is not rusty.  I believe it
is still used in many places because of its stability and performance.

For instance, according to Julian Elischer's posts, it seems he is still
working on it.

Is it envisageable to extend the RELENG_4's and RELENG_4_11's EoL once
more ?

Thank you.
Regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

On Wednesday, 11 October 2006 at 18:08:02 +0200, Dirk Meyer
wrote:
> Jeremie Le Hen schrieb:,
> 
> > Though I admit RELENG_4 is getting dusty, it is not rusty.  I believe
it
> > is still used in many places because of its stability and performance.
> 
> agreed.
> 
> > Is it envisageable to extend the RELENG_4's and RELENG_4_11's
EoL once
> > more ?
> 
> I second this.
> 
> I know a half dozend installation, that must rum RELENG_4_11,
> because FreeBSD 5.x and 6.x simply don't boot on that servers any more.
> There is alot of hardware where an updated don't run on.
> 
> kind regards Dirk
> 
I don't want to bother somebody, but it would be realy cool if we can
use RELENG_4 with security updates support for the next year.
FreeBSD-4.11 is the best choice for old hardware like our PentiumII
400Mhz router. It's just works. Thats all.

In any case thanks for all security officers for they work.

On Thu, Oct 12, 2006 at 05:43:01PM +0000, Edward B. DREGER
wrote:
> KK> Date: Wed, 11 Oct 2006 18:46:54 -0400
> KK> From: Kris Kennaway
> 
> KK> The 4.x support policy was announced some time ago and may be found
> KK> here:
> 
> "policy" != justification
Yes, and the justification has also been discussed many times.

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20061012/7ea55396/attachment.pgp