deadsimple BSD Security Advisories and Announcements

OpenBGPD 6.7p0 released

We have released OpenBGPD 6.7p0, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This is the first stable release for the 6.7 version. It includes
the following changes:

  * Add initial support for JSON output in bgpctl(8).

  * Allow setting both IPv4 and IPv6 local-addresses at the same
    time in bgpd.conf group blocks.  Introduced 'no local-address'
    to reset a previously set local address.

  * Properly aggregate duplicate bgpd(8) roa table prefix/source-as
    combinations into a single entry with the longest maxlen length.

  * Implemented bgpd.conf(5) max-prefix NUM out to limit the number
    of announced prefixes, avoiding leaks of full tables to upstreams
    and peers.

  * Extended bgpctl(8) 'show neighbor' to include the received and set
    prefix count, as well as the max-prefix out limit if set.

  * Improved reporting of notifications to include the suberror cause.

  * Also report the last received error cause in bgpctl(8) show neighbor

  * Fix softreconfig out handling to also work for neighbors using
    'export default-route'.

  * Mark stale prefixes in the Adj-RIB-Out so that graceful reload
    operates properly.

  * Made it possible to build OpenBGPD-portable with bison. There is
    no longer the need to use byacc on Linux distributions.

  * Support for --runstatedir to specify the location of the bgpctl.sock.

  * Cleaned up configure script for better protability.

OpenBGPD-portable is known to compile and run on FreeBSD 12.x, and
the Linux distributions Debian 9 and Ubuntu 14.04 or later. It is our
hope that packagers take interest and help adapt OpenBGPD-portable to
more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release