sync with OpenBSD -current

sbin/iked/radius.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radius.c,v 1.10 2024/08/17 03:28:22 yasuoka Exp $	*/
+/*	$OpenBSD: radius.c,v 1.11 2024/09/09 23:38:29 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2024 Internet Initiative Japan Inc.
@@ -748,8 +748,6 @@ iked_radius_acct_request(struct iked *env, struct iked_sa *sa, uint8_t stype)
 
 	switch (stype) {
 	case RADIUS_ACCT_STATUS_TYPE_START:
-		radius_put_uint32_attr(pkt, RADIUS_TYPE_ACCT_STATUS_TYPE,
-		    RADIUS_ACCT_STATUS_TYPE_START);
 		break;
 	case RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE:
 	case RADIUS_ACCT_STATUS_TYPE_STOP:

usr.bin/ssh/ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.401 2024/09/03 06:17:48 jmc Exp $
-.Dd $Mdocdate: September 3 2024 $
+.\" $OpenBSD: ssh_config.5,v 1.402 2024/09/09 14:41:21 naddy Exp $
+.Dd $Mdocdate: September 9 2024 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1288,6 +1288,7 @@ default set.
 The default is:
 .Bd -literal -offset indent
 sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
+mlkem768x25519-sha256,
 curve25519-sha256,curve25519-sha256@libssh.org,
 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
 diffie-hellman-group-exchange-sha256,

usr.bin/ssh/sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.369 2024/08/22 23:11:30 djm Exp $
-.Dd $Mdocdate: August 22 2024 $
+.\" $OpenBSD: sshd_config.5,v 1.370 2024/09/09 14:41:21 naddy Exp $
+.Dd $Mdocdate: September 9 2024 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1051,6 +1051,8 @@ ecdh-sha2-nistp384
 .It
 ecdh-sha2-nistp521
 .It
+mlkem768x25519-sha256
+.It
 sntrup761x25519-sha512
 .It
 sntrup761x25519-sha512@openssh.com
@@ -1059,6 +1061,7 @@ sntrup761x25519-sha512@openssh.com
 The default is:
 .Bd -literal -offset indent
 sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
+mlkem768x25519-sha256,
 curve25519-sha256,curve25519-sha256@libssh.org,
 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
 diffie-hellman-group-exchange-sha256,

usr.sbin/bgpd/rde.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde.c,v 1.630 2024/09/09 12:59:49 claudio Exp $ */
+/*	$OpenBSD: rde.c,v 1.632 2024/09/09 15:00:45 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -1277,8 +1277,6 @@ rde_dispatch_imsg_rtr(struct imsgbuf *imsgbuf)
 		case IMSG_RECONF_ASPA_TAS:
 			if (aspa == NULL)
 				fatalx("unexpected IMSG_RECONF_ASPA_TAS");
-			if (imsg_get_len(&imsg) != aspa->num * sizeof(uint32_t))
-				fatalx("IMSG_RECONF_ASPA_TAS bad len");
 			aspa->tas = reallocarray(NULL, aspa->num,
 			    sizeof(uint32_t));
 			if (aspa->tas == NULL)
@@ -2194,8 +2192,22 @@ rde_attr_parse(struct ibuf *buf, struct rde_peer *peer,
 	case ATTR_CLUSTER_LIST:
 		if (!CHECK_FLAGS(flags, ATTR_OPTIONAL, 0))
 			goto bad_flags;
-		if (ibuf_size(&attrbuf) % 4 != 0)
-			goto bad_len;
+		if (peer->conf.ebgp) {
+			/* As per RFC7606 use "attribute discard" here. */
+			log_peer_warnx(&peer->conf, "bad CLUSTER_LIST, "
+			    "received from external peer, attribute discarded");
+			break;
+		}
+		if (ibuf_size(&attrbuf) % 4 != 0 || ibuf_size(&attrbuf) == 0) {
+			/*
+			 * mark update as bad and withdraw all routes as per
+			 * RFC 7606
+			 */
+			a->flags |= F_ATTR_PARSE_ERR;
+			log_peer_warnx(&peer->conf, "bad CLUSTER_LIST, "
+			    "path invalidated and prefix withdrawn");
+			break;
+		}
 		goto optattr;
 	case ATTR_MP_REACH_NLRI:
 		if (!CHECK_FLAGS(flags, ATTR_OPTIONAL, 0))