skogzort wrote:
Is it necessary to recompile just to apply a security patch?
Hello,
I know nothing/very little about OpenBSD or UNIX. I have been tasked with
updating our OpenBSD DNS server with a security fix (Vulnerability Note
VU#800113- Multiple DNS implementations vulnerable to cache poisoning).
In order to do this it appears that I have to download the source code
re-compile the entire OS. Recompiling the OS seems to involve a lot of steps.
Before I continue to read through them all, I just want to confirm that it is
actually necessary to do all of this, simply to apply a security patch:
Down load the tree..
Pre load the tree..
Build the Kernel..
Build the userland..
Etc.
The only thing we use the server for is DNS. I don"t know what Flavor we are
running, since its on a production server I assume it will be * release or *
stable, either way from what I"ve read so far it looks like in order to apply
this security patch I will have to update it to * stable.
Is it true that the only way to apply this patch is to recompile the entire
OS, and go through all the steps above? I"m only familiar with Windows, where
you just push a button to apply a security patch and you don"t even have to
reboot the server, so I was thinking that I may be misunderstanding what I"m
reading.
Thanks very much for your time and any info
Kyle
Hi Kyle,
the header of the patch available at
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/004_bind.patch
explains:
Apply by doing:
cd /usr/src
patch -p0 < 004_bind.patch
Then rebuild and install bind:
cd usr.sbin/bind
make -f Makefile.bsd-wrapper obj
make -f Makefile.bsd-wrapper
make -f Makefile.bsd-wrapper install
that's all you need to do.
HTH,
Heinrich
