OpenBSD Journal

OpenBSD 3.4 End Of Life

Contributed by mk/reverse on from the new and improved dept.

Robert Nagy writes on announce@:

Due to the release of OpenBSD 3.6, the 3.4-STABLE branch will be out of regular maintainance starting today. There will be NO MORE fixes commited to this branch nor new patches.

It's release time once again and this means leaving old releases to die. Upgrade appropriately.

(Comments are closed)

  1. By mirabile ( on

    On a side note: the last fix to the 3.4-stable branch _was_
    in fact committed yesterday (depending on the time zone),
    the httpd mod_ssl fix.

    1. By Brad ( brad at comstyle dot com on

      The fix was commited to -current awhile ago so it would have gone in anyway.

      BTW, the 3.4 EOL announcement was sent out prematurely.

  2. By Anonymous Coward ( on

    O living always, always dying!
    O the burials of me past and present,
    O me while I stride ahead, material, visible, imperious as ever;
    O me, what I was for years, now dead, (I lament not, I am content;)
    O to disengage myself from those corpses of me, which I turn and look at where I cast them,
    To pass on, (O living! always living!) and leave the corpses behind.
    -- Walt Whitman, Leaves of Grass

    1. By Anonymous Coward ( on


      1. By knomevol ( on

        this should help your "?".

        im∑pe∑ri∑ous (m-pÓr-s)

        1. Arrogantly domineering or overbearing. See Synonyms at dictatorial.
        2. Urgent; pressing.
        3. Obsolete. Regal; imperial.

  3. By Anonymous Coward ( on

    Awww man, now I have to upgrade a perfectly working firewall. Well, that is of course if I want security updates and stuff. Out with the old, in with the new I guess.

    1. By SiLiZiUMM ( on

      I, too, have a fully working firewall running 3.4. Does anyone know if I can directly upgrade from 3.4 to 3.6, or must I upgrade 3.4 -> 3.5 -> 3.6 (in this case, I'll prefer a clean install...) ?

      1. By mirabile ( on

        It should be possible to just do an (U)pgrade from your 3.6 CD,
        but you ought to wipe all installed packages first, and rebuild
        them completely.

        If you don't want to pkg_delete -f *, and don't worry about
        all the config files etc., just do a
        sudo rm -rf /var/db/pkg /usr/local
        before rebooting in order to upgrade.
        (Before, not after.)

        Merging /etc will not be more difficult than upgrading one
        release at a time, just a bit more time-consuming, but not
        too much I think.

      2. By Anonymous Coward ( on 1st line : Note: Upgrades are only supported from release to release, it is recommended that you NOT skip releases. If everything is properly backuped (a firewall box doesn't contain important data, only config files and logs), a clean install should take only a few minutes.

      3. By Anonymous Coward ( on

        I faced the same situation you did (existing 3.4 firewall, desire to upgrade to 3.6) a couple of weekends ago. I (roughly) did the following:

        Backup ALL files I had modified in /etc and subdirectories (this basically boiled down to fstab, rc.conf.local, sysctl.conf, rc.local, my various hostname.* files, daily.local, pf.conf, /etc/mail/*, /etc/ppp/ppp.conf, /etc/ppp.linkup and a few others)

        Get a list of installed ports and back that up (pkg_info -v > pkg_info)

        Get a copy of the root crontab file and back that up (crontab -l > crontab)

        Backup my slightly modified file (located in /usr/share/sendmail/cf)

        When I say "backup" above, I mean I used scp to copy all of these files to another OBSD machine running on my network.

        I then copied bsd.rd from the 3.6 CD to / on my 3.4 box, and rebooted it using boot bsd.rd at the boot> prompt.

        I then did a complete new install of 3.6.

        After first reboot, I copied my backup copy of my fstab over (no changes to disklabel during the install) rebooted, and then began to manually synch my backup files with the ones provided by the OBSD 3.6 install. Since the number of files in /etc that I modify is small, it's quite workable.

        I synced my modified with the latest, used m4 to generate a new custom and copied that into place in /etc/mail. The I updated aliases and ran newaliases. I did a pkg_add for the appropriate packages that I had previously installed on the 3.4 firewall, based on the pkg_info file I had generated earlier. I then modified root's crontab to match the crontab file I generated earlier.

        I then rebooted, and I was up and running on 3.6.

        About the biggest change was I was able to remove a call to rdate from my crontab, and switched over to using the new ntpd by adding ntp_flags="" to my rc.local.conf file.

        The whole process was in the neighborhood of 3 hours and I wasn't hurrying. If I was in a hurry, I probably could have done it in half that. It was the smoothest upgrade of a firewall on OpenBSD I've ever done. Granted it wasn't an "upgrade" in the sense the OpenBSD installer uses it, but I've always chosen complete reinstalls as opposed to Upgrades. Just a personal preference.

        The only caveat here is that this method of upgrade does not preserve the ssh host keys of the firewall. For me, this is completely not a big deal. In your case you may want to preserve the contents of /etc/ssh and copy in the appropriate ssh_host_* keys after the first reboot.

        Happy 3.6ing!!!

        1. By Anonymous Coward ( on

          Yeah, I like clean installs too. Upgrading over existing installtions is messy. It usually leaves stuff behind. I have to plan to do this sometime soon, but I'm in no hurry.

        2. By Anonymous Coward ( on

          Thanks for taking the time to write all that! Much appreciated!

  4. By Chas ( on

    BSD maintainers love to complain about lack of equipment and funds, but force users into the position of at least yearly upgrades.

    How much might Theo & Co. collect if they picked a release and promised to support it for 5 years for a fee?

    You'll never know until you try.

    1. By Otto Moerbeek ( on

      It is easy telling others what to do with their time and other resources.

      Nothing is stopping you from setting up such a business if you think it is worth the trouble,

    2. By Anonymous Coward ( on

      Then it would be outdated by 5 years, in 5 years. What good is that?

    3. By Anonymous Coward ( on

      Nobody's forcing you to use openbsd. Use another os - you might like it, never know until you try.

  5. By Anonymous Coward ( on

    I'm still running 3.3 as a firewall. I also use it to relay mail to our isp's mail server.

    I don't have any services on the internet side. (not even sshd)

    Since I run qmail, it would be a royal pain in the arse to upgrade.

    1. By Nick Holland ( on

      Here's the story...
      1) Is there a known security reason to upgrade from 3.3? No.
      2) Could there be one tomorrow? Yes.
      3) Could 3.4/3.5/3.6's cool stuff save your butt if there was an issue? very possibly.

      Upgrading from 3.3 to later is a non-trivial process due to the a.out to ELF conversion. Now, ask yourself this: When would you prefer to do a "non-trivial upgrade" -- At your leasure, when you can schedule downtime, or when there is an exploit out in the wild and the upgrade has to be done RIGHT NOW?

      If the machine is critical, you have a warm spare ready to swap in (RIGHT?). If the machine is non-critical, you can afford the down time. Your call. :)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]