deadsimple BSD Security Advisories and Announcements

OpenBGPD 6.6p0 released

We have released OpenBGPD 6.6p0, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This is the first stable release for the 6.6 version. It includes
the following changes:

  * Changed the Adj-RIB-Out to a per-peer set of RB trees, improving

  * Rewrote community matching and handling code and improved
    performance for setups using many communities.

  * Ensure that 'network' has precedence over the same
    network announced dynamically via for example 'network inet static'.

  * Made speed improvements when configuring many peers.

  * Implemented bgpctl(8) 'show mrt neighbors', to print the neighbor
    table of MRT TABLE_DUMP_V2 dumps.

  * Added TCP MD5SIG support for Linux systems and moved bgpd pfkey
    socket to the parent process. The refreshing of the keys for
    MD5 and IPSEC is done whenever the session state changes to
    IDLE or ACTIVE, which should behave better when reloading configs
    with auth changes.

  * Fixed reloading of network statements that have no fixed prefix

  * Extended the maximum size of the bgpd(8) shutdown communication
    message to 255 bytes.

  * Fixed reload behaviour of announced networks in the portable

  * Include OpenBSD 6.6 errata 003:
    bgpd(8) can crash on nexthop changes or during startup in certain

OpenBGPD-portable is known to compile and run on FreeBSD 12.x, and
the Linux distributions Debian 9 and Ubuntu 14.04. It is our hope
that packagers take interest and help adapt OpenBGPD-portable to
more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release