On 5/1/07, John Huss <[EMAIL PROTECTED]> wrote:
I'm trying to figure out if one (or any) security patches have been applied to an OpenBSD 3.9 host.
There is no command line tool (like patchrev, patchlevel, showpatches, patchinfo, etc.) that tells you reliably, unambigously what patches are applied.
In particular, I've just applied the 015_ssh.patch and ssh -V still gives the same version. I noticed uname -a output changed from '...GENERIC#617' to '...GENERIC#0' though but didn't understand that.
Probably. The ssh patch does not cause major behavioural changes or implement new features, therefore we do not crank the version number. The kernel number is dependent on /sys/arch/$arch/compile/$kernelname/version - the version starts at 0 and gets bumped by 1 every time you build a new kernel. Thus, you went from the 617'th 3.9-ish kernel that Theo built, to the 0th 3.9-ish kernel that you built.
Is this the same with any patch? or is there a different way to tell if it's applied, per patch? Any advice on how to find out if a security patch has been applied would be very appreciated.
Keep a source tree and keep it updated to OPENBSD_X_Y ... that will contain all the patches for the X.Y release. Or if you have a bunch of machines, designate on of them a master build box, keep it patched, and then build stable releases... CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?