Updates

Security Updates

There are no regular updates for a specific OpenBSD release. However, sometimes when a critical bug is found, updates are released as so-called binary patches.

Syspatch

For supported versions of OpenBSD, the easiest way to get the latest security patches is to use the syspatch utility. By default, a cron will be run executing the syspatch -c command which will retrieve a list of available patches. The list will be mailed to the root user.

# syspatch -c
004_net80211
005_sysupgrade
006_ifioctl

To apply the patches, rerun the command but without the -c option.

syspatch

# syspatch
Get/Verify syspatch66-004_net8021... 100% |*****************************************************| 64839       00:00
Installing patch 004_net80211
Get/Verify syspatch66-005_sysupgr... 100% |*****************************************************|  3023       00:00
Installing patch 005_sysupgrade
Get/Verify syspatch66-006_ifioctl... 100% |*****************************************************|   381 KB    00:00
Installing patch 006_ifioctl
Relinking to create unique kernel... done; reboot to load the new kernel
Errata can be reviewed under /var/syspatch

In case the kernel has been patched, the system needs to be rebooted in order to make the changes active. As visible in the above example, if this is the case, you’ll be notified as above.

pkg_add

In order to update packages outside of Base, so often that would be packages in the ports collection, you can use the pkg_add tool.

The following command will update all packages that have a newer version in ports.

pkg_add -u

It’s also possible to add a specific package name to the command.

pkg_add -u nginx