BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBSD -stable binary packages

The OpenBSD base system has received binary updates for security and
some other important problems in the base OS through syspatch(8) for the
last few releases.

We are pleased to announce that we now also provide selected binary
packages for the most recent release. These are built from the -stable
ports tree which receives security and a few other important fixes:

-release: fixed point in time, no update (6.3, 6.4, 6.5, ...).
-stable:  conservative updates only. For ports, only the most recent
          release is updated (currently 6.5).
-current: main development branch, receives bigger changes.

Initial updates for amd64 are already available at most mirrors (check
for the /pub/OpenBSD/6.5/packages-stable directory). i386 is currently
building and will follow soon. If the mirror you are using is not synced
yet, you will need to wait or use a different one.

pkg_add(1) already had the required heuristic to manage -stable
packages. It will be able to use the /packages-stable/ directory in the
following two cases:

1. you use /etc/installurl and the PKG_PATH environment variable is not
   set (default installation case)
2. you use the PKG_PATH environment variable and it uses %c or %m

The two directories are separate because the "packages" directory holds
the packages built at the release time. They will not be updated.

The packages-stable directory will be empty at the time of a new
release. Its contents will grow during the release life cycle as
security fixes and other fixes are committed to the -stable ports tree.

If pkg_add(1) installs a new package and you meet the conditions for
using the packages-stable directory, detailed above, the version in
packages-stable will be chosen instead of the original supplied at
release time. This also applies when using `pkg_add -u` to upgrade
packages.

This means that, in a default installation, pkg_add will automatically
pick the latest version available to you.

In the case of updating an installed package, this may require
restarting the running binaries to use the new code.

More info on the package system can be found at the following link:
https://www.openbsd.org/faq/faq15.html

Surprisingly, nobody saw the new directory show up on our mirrors, and
then report it on our mailing lists.