Patches for the OpenBSD base system are distributed as unified diffs. Each patch contains usage instructions. All the following patches are also available in one tar.gz file for convenience.
Patches for supported releases are also incorporated into the -stable branch.
Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed
that nothing in the base OS uses this. Apache httpd started using this
in v2.3.3; this is newer than the version in ports.
A source code patch exists which remedies this problem.