BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBGPD 8.1 released

We have released OpenBGPD 8.1, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Include OpenBSD 7.3 errata 002:
      Avoid fatal errors in bgpd(8) due to incorrect refcounting and
      mishandling of ASPA objects. Fix bgpctl(8) 'show rib in' by renaming
      'invalid' into 'disqualified'.

    * Include OpenBSD 7.3 errata 006:
      Incorrect length handling of path attributes in bgpd(8) can lead to a
      session reset.

    * Include OpenBSD 7.3 errata 009:
      When tracking nexthops over IPv6 multipath routes, or when receiving
      a NOTIFICATION while reaching an internal limit, bgpd(8) could crash.

      When checking the next hop for IPv6 multipath routes, or when receiving
      a NOTIFICATION while reaching an internal limit, bgpd(8) could crash.

    * Add configure options to adjust WWW_USER and wwwrunstatedir.

    * Fix 'ext-community * *' matching which also affects filters removing
      all ext-commuinites.

    * Limit the socket buffer size to 64k for all sessions.
      Limiting the buffer size to a reasonable size ensures that not too many
      updates end up queued in the TCP stack.

OpenBGPD-portable is known to compile and run on FreeBSD and the
Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.