Chapter 5. Getting Security Updates

Table of Contents

5.1. OpenBSD source code
5.2. Release errata
5.3. Rebuilding the kernel

5.1. OpenBSD source code

OpenBSD's core system updates, including any security updates, are distributed as patches to the source code distribution. Before you can install any security updates, therefore, you will need to install a copy of the system source code tree. Download the files src.tar.gz and sys.tar.gz from the OpenBSD 4.8 directory on your nearest mirror, then extract these files into the /usr/src tree:

# tar -C /usr/src -xzf src.tar.gz
# tar -C /usr/src -xzf sys.tar.gz

Note that if you are using the official OpenBSD 4.8 CD set, there is no sys.tar.gz; on the CD, both these parts of the system source code are contained in the single file src.tar.gz.

5.2. Release errata

The current list of errata for OpenBSD 4.8 is available on the Web at:

Browse through this list and determine which patches are applicable to your hardware architecture and installation options. Follow the instructions provided in each patch to rebuild and install individual system components, then restart the patched software or the entire system as needed.

5.3. Rebuilding the kernel

The solutions to some OpenBSD errata may call on you to rebuild the system's kernel. If so, apply the patch as indicated, then rebuild your kernel as follows:

# cd /usr/src/sys/arch/i386/conf
# /usr/sbin/config GENERIC
# cd ../compile/GENERIC
# make clean && make depend && make

Finally, back up your old kernel and install the new one:

# cp -p /bsd /bsd.old
# make install

Reboot the computer to load the new kernel. You can verify the kernel's updated build date by examining the output of dmesg(8).