Home > SUSE > openSUSE 11.4 has reached end of Evergreen support

openSUSE 11.4 has reached end of Evergreen support

September 27th, 2014

I have posted the following to the openSUSE lists a few moments ago:

as you probably know our initial commitment to support 11.4 within
Evergreen was until July 2014.
http://en.opensuse.org/openSUSE:Evergreen

While I was hoping that we can keep 11.4 alive for some time longer this
is currently not possible from what I would call the "core team" which
is Stefan and myself. We are too busy nowadays to be able to scan and
patch every issue we get aware of.

Thanks to you all who contributed to the success of Evergreen/11.4!

The important message is:

   openSUSE 11.4 Evergreen is not actively maintained anymore!

So if you can, we recommend to switch to openSUSE 13.1 as soon as
possible which is still planned to be an Evergreen release.


Some more details below:
The repository already got and will most likely get more updates from
package maintainers who care about 11.4 and/or their packages though.
You noticed that with recent releases of patches for the bash and NSS
issues already, BUT this is _no_ guarantee that every security issue
will be fixed.
We will accept contributions from anyone though and I will try to take
care about "my" packages.

Some numbers from 11.4 Evergreen (as far as I was able to get them easily):

Evergreen lifetime: 21 months
11.4 overall lifetime (incl. Evergreen): 41 months / 3 years 5 months

Evergreen lifetime numbers (w/o official maintenance period):
Released update source packages: 804
Unique touched source packages:  177
rough number of patches (based on incident counter): 320

Let me also quote Marcus' numbers from official maintenance lifetime:

Total updates: 723
	Security:    416
	Recommended: 306
	Optional:      1
Share

Categories: SUSE Tags:
  1. Stephan van den Akker
    September 29th, 2014 at 11:37 | #1

    Thanks for your excellent work during the past years maintaining 11.4 Evergreen. Your evergreen support made it possible for me to use openSUSE at my work and introduce colleagues to the advantages of linux on the desktop.

    I have switched to 13.1 a couple of months ago. Looking forward to 13.1 Evergreen!

  2. Stewart Howell
    October 1st, 2014 at 04:01 | #2

    Hi Wolfgang,

    Given the extraordinary nature and impact of shellshock, can I humbly request just one more update for 11.4’s evergreen please? I would like a fix for CVE-2014-7186. This wasn’t included in patch openSUSE-2014-09. I’m thinking openSUSE-2014-564 or openSUSE-2014-567 would do the trick?

    Thanks for your consideration.
    -Stew

  3. October 2nd, 2014 at 08:53 | #3

    @Stewart Howell

    bash is already updated on 11.4:

    openSUSE-SU-2014:1248-1

    This update for bash completely disables the importing of shell functions
    from the environment and thereby remove the exposure of the parser from
    untrusted/harmful environment.

  4. Stewart Howell
    October 7th, 2014 at 01:26 | #4

    Hi Wolfgang,
    Thanks for your prompt reply. Here’s the output of applying openSUSE-SU-2014:1248-1 to an 11.4 system and then testing for CVE-2014-7186. Am I doing anything wrong?
    Thanks
    Stew

    ——————-
    trn:~ # zypper in -t patch 2014-90
    Loading repository data…
    Warning: Repository ‘11.4’ appears to outdated. Consider using a different mirror or server.
    Reading installed packages…
    Resolving package dependencies…

    The following NEW patch is going to be installed:
    2014-90

    The following packages are going to be upgraded:
    bash-doc libreadline6 readline-devel readline-doc

    4 packages to upgrade.
    Overall download size: 707.0 KiB. No additional space will be used or freed after the operation.
    Continue? [y/n/?] (y): y
    Retrieving package readline-doc-6.1-18.35.1.noarch (1/4), 144.0 KiB (607.0 KiB unpacked)
    Retrieving: readline-doc-6.1-18.35.1.noarch.rpm [done (47.3 KiB/s)]
    Retrieving package libreadline6-6.1-18.35.1.x86_64 (2/4), 114.0 KiB (312.0 KiB unpacked)
    Retrieving: libreadline6-6.1-18.35.1.x86_64.rpm [done (0 B/s)]
    Retrieving package bash-doc-4.1-18.35.1.noarch (3/4), 406.0 KiB (1.4 MiB unpacked)
    Retrieving: bash-doc-4.1-18.35.1.noarch.rpm [done (217.4 KiB/s)]
    Retrieving package readline-devel-6.1-18.35.1.x86_64 (4/4), 43.0 KiB (75.0 KiB unpacked)
    Retrieving: readline-devel-6.1-18.35.1.x86_64.rpm [done]
    Installing: readline-doc-6.1-18.35.1 [done]
    Installing: libreadline6-6.1-18.35.1 [done]
    Installing: bash-doc-4.1-18.35.1 [done]
    Installing: readline-devel-6.1-18.35.1 [done]
    There are some running programs that use files deleted by recent upgrade. You may wish to restart some of them. Run ‘zypper ps’ to list these programs.
    trn:~ # zypper ps
    The following running processes use deleted files:

    PID | PPID | UID | Login | Command | Service | Files
    ——+——-+——+——-+———+———+————————–
    20840 | 20838 | 1003 | ecom | bash | | /lib64/libreadline.so.6.1
    20867 | 20840 | 1003 | ecom | bash | | /lib64/libreadline.so.6.1
    24095 | 24093 | 1003 | ecom | bash | | /lib64/libreadline.so.6.1
    24497 | 24495 | 0 | root | bash | | /lib64/libreadline.so.6.1

    You may wish to restart these processes.
    See ‘man zypper’ for information about the meaning of values in the above table.
    trn:~ # exit
    logout
    ecom@trn:~> exit
    logout
    Connection to trn.******* closed.
    NaCl plugin exited with status code 0.
    (R)econnect, (C)hoose another connection, or E(x)it?

    Connecting to ecom@trn.********…
    Loading NaCl plugin… done.
    Password:
    Last login: Tue Oct 7 10:01:31 2014 from *****

    Server: trn
    OS: openSUSE 11.4 (x86_64)
    Load Average: 0.97 0.54 0.41 1/142 25091
    Uptime: 183 days 16 hours, 41 minutes

    Online users:
    ecom pts/0 2014-10-07 10:13 (*****)
    ________________________________________________________

    ecom@trn:~> bash -c ‘true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <

  5. Stewart Howell
    October 7th, 2014 at 01:28 | #5

    Sorry the above comment got truncated. Here’s the rest.
    – – – –

    ecom@trn:~> bash -c ‘true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <

  6. Stewart Howell
    October 7th, 2014 at 01:30 | #6

    try again… (omitting pipe pipe which form is choking on)
    – – – –
    echo “CVE-2014-7186 vulnerable, redir_stack”
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)
    Segmentation fault
    CVE-2014-7186 vulnerable, redir_stack

    ecom@trn:~>

Comments are closed.