BSDSec

OpenBGPD 8.1 released

12 July, 2023 by claudio@openbsd.org | openbsd

We have released OpenBGPD 8.1, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Include OpenBSD 7.3 errata 002:
      Avoid fatal errors in bgpd(8) due to incorrect refcounting and
      mishandling of ASPA objects. Fix bgpctl(8) 'show rib in' by renaming
      'invalid' into 'disqualified'.

    * Include OpenBSD 7.3 errata 006:
      Incorrect length handling of path attributes in bgpd(8) can lead to a
      session reset.

    * Include OpenBSD 7.3 errata 009:
      When tracking nexthops over IPv6 multipath routes, or when receiving
      a NOTIFICATION while reaching an internal limit, bgpd(8) could crash.

      When checking the next hop for IPv6 multipath routes, or when receiving
      a NOTIFICATION while reaching an internal limit, bgpd(8) could crash.

    * Add configure options to adjust WWW_USER and wwwrunstatedir.

    * Fix 'ext-community * *' matching which also affects filters removing
      all ext-commuinites.

    * Limit the socket buffer size to 64k for all sessions.
      Limiting the buffer size to a reasonable size ensures that not too many
      updates end up queued in the TCP stack.

OpenBGPD-portable is known to compile and run on FreeBSD and the
Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.