A new reliability fix for OpenBSD 3.7 was released on June 15, 2005:
002: RELIABILITY FIX: June 15, 2005 All architectures
As discovered by Stefan Miltchev calling getsockopt(2) to get ipsec(4) credentials for a socket can result in a kernel panic.
A source code patch exists which remedies this problem.
The patch for 3.6 is available here.
This is the second fix for 3.7, the first one was a security fix:
001: SECURITY FIX: June 7, 2005 All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in cvs(1) . None of these issues are known to be exploitable. CAN-2005-0753.
A source code patch exists which remedies this problem.
Apply the patches by first reading the first lines of the patches.
In fix 001 we find:
Apply by doing:
cd /usr/src
patch -p0 < 001_cvs.patch
And then rebuild and install cvs:
cd gnu/usr.bin/cvs
make -f Makefile.bsd-wrapper obj
make -f Makefile.bsd-wrapper
make -f Makefile.bsd-wrapper install
This one is easy, so just follow the instructions.
Fix 002 says:
Apply by doing:
cd /usr/src
patch -p0 < 002_getsockopt.patch
And then rebuild your kernel.
So after applying the patch rebuild your kernel (from http://www.openbsd.org/faq/faq5.html#BldKernel):
# cd /usr/src/sys/arch/i386/conf
# config GENERIC
# cd ../compile/GENERIC
# make clean && make depend && make
[...lots of output…]
# make install
Of course replace i386 with your output of machine(1).
Note: Apply (and build/install) the patches in order.
Another way to update and patch your machine is to follow the OPENBSD_3_7 CVS tag and then rebuild the world and kernel. You will rebuild much more than necessary but it is much easier if you have to apply several fixes (like after a fresh install).
First checkout the source:
# cd /usr
# export CVSROOT=anoncvs@anoncvs.example.org:/cvs
# cvs -d$CVSROOT checkout -rOPENBSD_3_7 -P src
In future you can use here the cvs update command to update the sources (if you kept /usr/src of course). This will copy only the diffs to your machine.
Then rebuild the kernel like described above. After building the kernel, update the world/userland:
Clear your /usr/obj directory and rebuild symbolic links:
# rm -rf /usr/obj/*
# cd /usr/src
# make obj
Make sure all the appropriate directories are created.
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
Build the system:
# cd /usr/src
# make build
The last command compiles and installs all userland binaries and can take some time on slow machines.
All information on fixes for OpenBSD is available at
http://www.openbsd.org/errata.html.
See the FAQ for further notes.
