diff --git a/sbin/iked/radius.c b/sbin/iked/radius.c index 5847795a1..4327ec9a4 100644 --- a/sbin/iked/radius.c +++ b/sbin/iked/radius.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius.c,v 1.10 2024/08/17 03:28:22 yasuoka Exp $ */ +/* $OpenBSD: radius.c,v 1.11 2024/09/09 23:38:29 yasuoka Exp $ */ /* * Copyright (c) 2024 Internet Initiative Japan Inc. @@ -748,8 +748,6 @@ iked_radius_acct_request(struct iked *env, struct iked_sa *sa, uint8_t stype) switch (stype) { case RADIUS_ACCT_STATUS_TYPE_START: - radius_put_uint32_attr(pkt, RADIUS_TYPE_ACCT_STATUS_TYPE, - RADIUS_ACCT_STATUS_TYPE_START); break; case RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE: case RADIUS_ACCT_STATUS_TYPE_STOP: diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 77b5c6e04..f3fef23ab 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.401 2024/09/03 06:17:48 jmc Exp $ -.Dd $Mdocdate: September 3 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.402 2024/09/09 14:41:21 naddy Exp $ +.Dd $Mdocdate: September 9 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1288,6 +1288,7 @@ default set. The default is: .Bd -literal -offset indent sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com, +mlkem768x25519-sha256, curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index d42ca0ead..41675a123 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.369 2024/08/22 23:11:30 djm Exp $ -.Dd $Mdocdate: August 22 2024 $ +.\" $OpenBSD: sshd_config.5,v 1.370 2024/09/09 14:41:21 naddy Exp $ +.Dd $Mdocdate: September 9 2024 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1051,6 +1051,8 @@ ecdh-sha2-nistp384 .It ecdh-sha2-nistp521 .It +mlkem768x25519-sha256 +.It sntrup761x25519-sha512 .It sntrup761x25519-sha512@openssh.com @@ -1059,6 +1061,7 @@ sntrup761x25519-sha512@openssh.com The default is: .Bd -literal -offset indent sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com, +mlkem768x25519-sha256, curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c index 4a284720a..fb58c5ec5 100644 --- a/usr.sbin/bgpd/rde.c +++ b/usr.sbin/bgpd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.630 2024/09/09 12:59:49 claudio Exp $ */ +/* $OpenBSD: rde.c,v 1.632 2024/09/09 15:00:45 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -1277,8 +1277,6 @@ rde_dispatch_imsg_rtr(struct imsgbuf *imsgbuf) case IMSG_RECONF_ASPA_TAS: if (aspa == NULL) fatalx("unexpected IMSG_RECONF_ASPA_TAS"); - if (imsg_get_len(&imsg) != aspa->num * sizeof(uint32_t)) - fatalx("IMSG_RECONF_ASPA_TAS bad len"); aspa->tas = reallocarray(NULL, aspa->num, sizeof(uint32_t)); if (aspa->tas == NULL) @@ -2194,8 +2192,22 @@ rde_attr_parse(struct ibuf *buf, struct rde_peer *peer, case ATTR_CLUSTER_LIST: if (!CHECK_FLAGS(flags, ATTR_OPTIONAL, 0)) goto bad_flags; - if (ibuf_size(&attrbuf) % 4 != 0) - goto bad_len; + if (peer->conf.ebgp) { + /* As per RFC7606 use "attribute discard" here. */ + log_peer_warnx(&peer->conf, "bad CLUSTER_LIST, " + "received from external peer, attribute discarded"); + break; + } + if (ibuf_size(&attrbuf) % 4 != 0 || ibuf_size(&attrbuf) == 0) { + /* + * mark update as bad and withdraw all routes as per + * RFC 7606 + */ + a->flags |= F_ATTR_PARSE_ERR; + log_peer_warnx(&peer->conf, "bad CLUSTER_LIST, " + "path invalidated and prefix withdrawn"); + break; + } goto optattr; case ATTR_MP_REACH_NLRI: if (!CHECK_FLAGS(flags, ATTR_OPTIONAL, 0))