PhxBUG - Phoenix BSD User Group

This FAQ addresses the general process for updating OpenBSD. Note that ports are not strictly part of OpenBSD and updates to ports is not covered here.

An update in OpenBSD is defined as applying code updates within the same release version. In other words, an update to OpenBSD 3.9 would still be OpenBSD 3.9.

Updates to OpenBSD can occur in a couple of different ways.

• Errata patches
• Following the CVS patch branch
• Applying binary patches (unofficial, not supported)

Each of these methods is explained below.

Errata patches

Errata are updates to a release which are released as soon as a critical need is identified. Errata are commonly released to address security vulnerabilities or serious stability issues which have been discovered in the base OS. The general process for tracking and applying errata patches is as follows:

1. Make sure you have the kernel and OS sources installed on your system. They will be found under /usr/src/ (kernel sources under /usr/src/sys/.) If you don't have the source code installed, install it.
2. Identify an patch for your version of OpenBSD from the errata page.
3. Download the patch to your system.
4. Read the instructions outlined in the header of the patch to identify how to apply the patch to the system. Steps may differ depending on the kind of patch being applied and what is being fixed. The instructions generally go something like this:
   1. Apply patch.
   2. Rebuild binaries/libraries.
   3. Install binaries/libraries.
5. Remember that sometimes you will need to restart a daemon in order for the patch to take effect, or in other cases (such as with a kernel update) you will need to reboot the system to realize the effect of the patch.

Following the CVS patch branch

The CVS patch branch is generally referred to as the stable branch. The stable branch is useful if you want to track OpenBSD development and allow your system to pick up the important errata patches (described above) as well as certain other changes which are considered important enough to include in stable, but not critical enough to release an official errata for. The OpenBSD developers attempt to keep any changes that would introduce breakage or major fluctuations in the operating system out of the stable branch, meaning no serious API changes or impactive changes to library versions, etc. The patch branch provides changes which should be low risk and suitable for applying in a production environment.

For full, official documentation on how to follow the OpenBSD patch branch, see http://www.openbsd.org/stable.html. The process is outlined at a high level as follows:

1. Using AnonCVS, update your system sources.
2. Build and install an updated kernel.
3. Build and install an updated userland.

Because this method requires rebuilding and updating the entire operating system as a whole, it is slower to apply a patch than the errata method described above. It can however provide a simple and repeatable way of keeping somewhat current with OpenBSD development and getting more (sometimes non-critical) fixes on your system as they are made available.

Binary patches (unofficial)

This method is only mentioned as being available, although it should be emphasized that binary patching is not supported by the OpenBSD project. Also, the project has made it clear at this time that there is no official plans to put together a binary patching method in the foreseeable future. This subject is indeed a dead horse which has been beaten to a bloody pulp, so please don't harp on the mailing list any more about it.

One project which has put together a framwork for binary patches is at http://openbsdbinpatch.sourceforge.net/.