deadsimple BSD Security Advisories and Announcements

OpenBGPD 8.5 released

We have released OpenBGPD 8.5, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Include OpenBSD 7.5 errata 004:
      Repair a withdraw desyncronization problem in bgpd(8).
      Affected are OpenBGPD 8.2, 8.3 and 8.4.

    * Fix Linux TCP MD5 autoconf detection and improve the code to work
      in all cases.

    * Double peer description length to 64 characters.

    * Improve handling of bgpd AFI IPv4 sessions over IPv6 only links.

    * Sessions over IPv6 link-local addresses are now always considered
      to be connected.

    * Allow operators to enforce the presence of certain capabilities.

    * Improve capability negotiation and remove 'announce capabilities'.
      The 'announce capabilities [yes|no]' neighbor config option needs to be
      removed from configuration files. Instead individual capabilities
      need to be disabled.

    * Improve negotiation of the multi-protocol capability and the fallback
      to IPv4 only mode.

    * Mark RTR and IPv6 BGP packets with DSCP CS6 (network control).

    * Increase RTR PDU limit to 48k and limit number of SPAS to 10'000.

    * Convert the remaining session engine parsers to the new ibuf API.

    * Various changes to autoconf and portable headers for NetBSD support.

OpenBGPD-portable is known to compile and run on FreeBSD and the
Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release