-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-a668ef2cf1 2023-12-31 02:26:36.418806 --------------------------------------------------------------------------------
Name : rpki-client Product : Fedora 39 Version : 8.7 Release : 1.fc39 URL : https://www.rpki-client.org/ Summary : OpenBSD RPKI validator to support BGP Origin Validation Description : The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisations (ROAs) and finally outputs Validated ROA Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and also as CSV or JSON objects for consumption by other routing stacks.
-------------------------------------------------------------------------------- Update Information:
# rpki-client 8.7 - Add ability to constrain an RPKI Trust Anchor's effective signing authority to a limited set of Internet numbers. This allows Relying Parties to enjoy the potential benefits of assuming trust, but within a bounded scope. This distribution includes curated constraints files. More information: https://datatracker.ietf.org/doc/html/draft-snijders-constraining-rpki-trust... anchors - Following a 'failed fetch' (described in RFC 9286), emit a warning and continue with a previously cached Manifest file, if present and still valid. - Emit a warning when the same `manifestNumber` is re-used across multiple issuances. - Emit a warning when the remote repository presents a Manifest with an unexpected `manifestNumber`. Purported new manifests are expected to have a higher `manifestNumber` than previously validated manifests. Otherwise fall back to the previously cached manifest, if it is still valid. This warning can be indicative of manifest replays or of out-of-order publishing. - Require RPKI object files to be of a minimum of 100 bytes in both the RRDP and RSYNC transports. - No longer synchronize directory modtimes in the local cache to align with remote RSYNC repository sources. - Improved CRL extension checking. - Experimental support for the P-256 signature algorithm. - Various refactoring work. -------------------------------------------------------------------------------- ChangeLog:
* Fri Dec 22 2023 Robert Scheck robert@fedoraproject.org 8.7-1 - Upgrade to 8.7 (#2255458) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2255458 - rpki-client-8.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=2255458 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a668ef2cf1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org