From owner-freebsd-security@freebsd.org  Tue Nov 28 08:08:37 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61595DFD243
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Tue, 28 Nov 2017 08:08:37 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from host64.shmhost.net (host64.shmhost.net [213.239.241.64])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 25B077AA61
 for <freebsd-security@freebsd.org>; Tue, 28 Nov 2017 08:08:36 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from [10.41.201.18] (fwext.boll.ch [194.191.86.3])
 by host64.shmhost.net (Postfix) with ESMTPSA id 4704C15FD28;
 Tue, 28 Nov 2017 09:08:28 +0100 (CET)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: freebsd-update EoL "warning" prevents installing latest SAs
From: Franco Fichtner <franco@lastsummer.de>
In-Reply-To: <CAGMYy3trwujcfGEs0dS1W4CiTV5_Qrh-7mz7Q+fA2b-3qc5WdQ@mail.gmail.com>
Date: Tue, 28 Nov 2017 09:08:27 +0100
Cc: User <kitchetech@gmail.com>,
 freebsd-security <freebsd-security@freebsd.org>
Content-Transfer-Encoding: 7bit
Message-Id: <53AFA488-6CD7-4273-BDC9-09137AAB6A91@lastsummer.de>
References: <F7063215-FC2C-4C6D-AF9D-08F9B7CB7877@lastsummer.de>
 <CAD-N7OBnnUCAg-SZ=xxmNa6EftWKLg1a3+9xOSi=3pduxSmSVA@mail.gmail.com>
 <5ACFF7B8-460E-473F-ADA0-D9200587FC55@lastsummer.de>
 <CAGMYy3trwujcfGEs0dS1W4CiTV5_Qrh-7mz7Q+fA2b-3qc5WdQ@mail.gmail.com>
To: Xin LI <delphij@gmail.com>
X-Mailer: Apple Mail (2.3273)
X-Virus-Scanned: clamav-milter 0.99.2 at host64.shmhost.net
X-Virus-Status: Clean
X-Spam-Flag: NO
X-Spam-Score: -1.0
X-Spam-Status: No score=-1.0 tagged_above=10.0 required=10.0
 tests=[ALL_TRUSTED]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 08:08:37 -0000


> On 27. Nov 2017, at 9:42 PM, Xin LI <delphij@gmail.com> wrote:
> 
> We will soon (this Tuesday) issue another SA that would be used as a
> vehicle to deliver a new EoL date to 11.0, but since it's EoL is
> really close, please consider upgrading to 11.1-RELEASE at your
> earliest convenience.

For vendors the model "3 months and move" on is not really an option,
but that is besides the point here.

It's not even that EoL is upon us.  It's that fetching updates for
a system that still has updates but ran into EoL before fetching
those updates will inevitably indicate a failure during fetch:

# freebsd-update fetch && freebsd-update install
# freebsd-update fetch install

This will not work, even though updates are fetched / pending.

In contrast, this works fine:

# freebsd-update fetch; freebsd-update install

I don't know how this is useful for scripting if we are supposed
to check errors, but in this case can't check for errors because
we require available updates to be installed.


Cheers,
Franco