# FreeBSD 11.1 End-of-Life Warning



## Mayhem30 (May 2, 2018)

I'm receiving an EOL warning when checking for updates on FreeBSD 11.1 - Is this some sort of error?

I don't see any newer versions available to download.

```
$ sudo freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 11.1-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 11.1-RELEASE-p9.

WARNING: FreeBSD 11.1-RELEASE-p9 is approaching its End-of-Life date.
It is strongly recommended that you upgrade to a newer
release within the next 2 months.
```


----------



## rigoletto@ (May 2, 2018)

Probably some mistake, already happened before (and recently). 11.2R should be out just at the end of June. Then there are 3 months until 11.1R become EOL.


----------



## Mayhem30 (May 2, 2018)

Ok, thank you.


----------



## BSDAppentic3 (May 2, 2018)

lebarondemerde said:


> Probably some mistake, already happened before (and recently). 11.2R should be out just at the end of June. Then there are 3 months until 11.1R become EOL.


3 MONTHS?! WHAT SHOULD I DO THEN?!
I can go to the handbook, but I'll need more help to upgrade my entire system to that version to prevent the EOL.


----------



## BSDAppentic3 (May 2, 2018)

lebarondemerde 
I think I will try with others BSD...I can actualize the system from here to 3 months, but I can't do the same always that a new release come out. I know that 11.1 has some months, but I have to download it to prevent the mistake of use 11.0...it say that I must move to the newer versions as the months pass.
Why this happens?


----------



## Phishfry (May 2, 2018)

BSDAppentic3 said:


> Why this happens?


Security patches for that branch end when a new version comes out or 3 months after.

People want shiney new things like fix for SPECTRE bug and how about the new Intel DRM Video driver for newer unsupported chipsets like Broadwell.


----------



## BSDAppentic3 (May 2, 2018)

Phishfry said:


> Security patches for that branch end when a new version comes out or 3 months after.
> 
> People want shiney new things like fix for SPECTRE bug and how about the new Intel DRM Video driver for newer unsupported chipsets like Broadwell.



Excuse me...Spectre? The "fail" in the processors? I read that it came from more than 1 decade.
And I don't have the idea of what it's a chipset Broadwell. But don't worry: as you tell me what it's, I'll research


----------



## michael_hackson (May 2, 2018)

Phishfry said:


> Security patches for that branch end when a new version comes out or 3 months after.
> 
> People want shiney new things like fix for SPECTRE bug and how about the new Intel DRM Video driver for newer unsupported chipsets like Broadwell.



Speaking of Spectre: Do we know if the update for it will be optional in some way or if it will be mandatory as the new version comes?


----------



## SirDice (May 2, 2018)

BSDAppentic3 said:


> Why this happens?


https://www.freebsd.org/security/#model


BSDAppentic3 said:


> And I don't have the idea of what it's a chipset Broadwell.


https://en.wikipedia.org/wiki/Broadwell_(microarchitecture)
https://en.wikipedia.org/wiki/List_of_Intel_CPU_microarchitectures



michael_hackson said:


> Speaking of Spectre: Do we know if the update for it will be optional in some way or if it will be mandatory as the new version comes?


It's not optional.


----------



## Bobi B. (May 2, 2018)

SirDice said:


> It's not optional.


IIRC both, Meltdown and Spectre V2, fixes can be disabled via /boot/loader.conf:

```
# no CVE-2017-5754 (Meltdown) fix: introduces a performance regression
# Page Table Isolation enabled
vm.pmap.pti="0"
# CVE-2017-5715 (Spectre V2)
# Disable Indirect Branch Restricted Speculation
hw.ibrs_disable="1"
```


----------



## SirDice (May 2, 2018)

Ah, nice, on the fly even. I was thinking of a (compile-time) kernel option.


----------



## rigoletto@ (May 2, 2018)

BSDAppentic3 said:


> 3 MONTHS?! WHAT SHOULD I DO THEN?!
> I can go to the handbook, but I'll need more help to upgrade my entire system to that version to prevent the EOL.



FreeBSD Update


----------



## michael_hackson (May 2, 2018)

Bobi B. said:


> IIRC both, Meltdown and Spectre V2, fixes can be disabled via /boot/loader.conf:
> 
> ```
> # no CVE-2017-5754 (Meltdown) fix: introduces a performance regression
> ...



That is just gold! What I got out of following the threads here is that the fixes are needed at most for servers or when protection of data is important. So for personal desktop computing, if your legacy hardware wants to keep up, the fixes may not be necessary, right?

Thanks and sorry for stepping in on another topic, it felt related to me.


----------



## ralphbsz (May 2, 2018)

A: Measure first.  Never make a decision based on lack of data.  Premature optimization is the root of all (software) evil. Do the fixes for Meltdown and Spectre have a significant performance impact?  Not just a percent or two, but something that would really affect getting your "work" done (which might be just browsing the web, or listening to music, but it might also be serving zillions of web pages or calculating vitally important answers).  If they do not affect performance, then just use them, since the cost / benefit tradeoff comes down to the side of benefit if the cost is zero or irrelevant.

B: Even a machine that is not a vitally important server, and does not contain lots of secret data, is at risk.  Many of the attacks may be coming in via web pages which contain JS or apps which run.  And if you have recently used your bank's web site to check your account, that login data (which is still in memory) might be at risk from a malicious web page.


----------



## michael_hackson (May 2, 2018)

"Premature optimization is the root of all evil" – ralphbsz

Good advice, I will take this with me.


----------



## Deleted member 30996 (May 2, 2018)

ralphbsz said:


> Even a machine that is not a vitally important server, and does not contain lots of secret data, is at risk.  Many of the attacks may be coming in via web pages which contain JS or apps which run.  And if you have recently used your bank's web site to check your account, that login data (which is still in memory) might be at risk from a malicious web page.



Which is exactly why I'm always proselytizing not allowing scripts to run globally when surfing the net.

Some site owners, one of which I am still a registered member of, aren't too picky about who they sell ad space to. For a while you got a red Google warning page when you landed on it and it was rumored in their forums scripted ads were downloading malware. Which is the essence of the warning, I suppose.

What? Me worry?  I disable Google and Mozilla warnings and never saw it or the ads.

NoScript. It's worth the hassle. - Trihexagonal

I'm working on my endorsement package.


----------



## gnath (May 4, 2018)

FreeBSD 11.1-PRERELEASE is available for download & install. But update failed due to signature problem. Am I on wrong foot?

```
# freebsd-update -r 11.2-PRERELEASE upgrade
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 11.1-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/lib32

The following components of FreeBSD do not seem to be installed:
kernel/generic-dbg world/base-dbg world/doc world/lib32-dbg

Does this look reasonable (y/n)? Y
Does this look reasonable (y/n)? y

Fetching metadata signature for 11.2-PRERELEASE from update5.freebsd.org... failed.
Fetching metadata signature for 11.2-PRERELEASE from update6.freebsd.org... failed.
Fetching metadata signature for 11.2-PRERELEASE from update4.freebsd.org... failed.
No mirrors remaining, giving up.
```


----------



## SirDice (May 4, 2018)

I'm guessing you're trying to do this from a 11-STABLE system? 11-STABLE is currently 11.2-PRERELEASE, but that's not a release version yet. And you cannot use freebsd-update(8) to update a -STABLE system.


----------



## gnath (May 4, 2018)

My laptop is for 11.1-RELEASE.

```
$ freebsd-version -uk
11.1-RELEASE-p9
11.1-RELEASE-p9
```


----------



## SirDice (May 4, 2018)

You'll need to wait for the release candidates. 

https://www.freebsd.org/releases/11.2R/schedule.html


----------



## jef (May 4, 2018)

_Edit: As of 2 PM, Pacific Time, the message now "properly" reads_

```
No updates needed to update system to 11.1-RELEASE-p9.
```

Is there a way that the "dire" message from freebsd-update can be quelled at the source?

It left me this morning thinking, "How could I have missed a version update?" and scouring the FreeBSD release information only to find out that this is not something that can be resolved until at least June 28th, if not a bit later.


----------



## kjpetrie (May 4, 2018)

Well, I'm relieved it was a false alarm. I noticed the notice had disappeared from today's e-mail, so it seems a mistake which has already been corrected.

BSDAppentic3, there's no need to worry about point release upgrades; they're usually as painless as the p... updates. The major upgrades are a bit more involved, but they're normally needed once every five years.


----------

