Fedora alert FEDORA-2026-0d27571013 (rpki-client)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 43 Update: rpki-client-9.7-1.fc43 | |
| Date: | Thu, 22 Jan 2026 01:08:38 +0000 | |
| Message-ID: | <20260122010838.747ED796B4@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0d27571013 2026-01-22 01:06:41.044223+00:00 -------------------------------------------------------------------------------- Name : rpki-client Product : Fedora 43 Version : 9.7 Release : 1.fc43 URL : https://www.rpki-client.org/ Summary : OpenBSD RPKI validator to support BGP Origin Validation Description : The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisations (ROAs) and finally outputs Validated ROA Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and also as CSV or JSON objects for consumption by other routing stacks. -------------------------------------------------------------------------------- Update Information: rpki-client 9.7 The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-... as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki- client 9.6's .ccr files and vice versa. Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghost...- historic/ Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4. Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 13 2026 Robert Scheck <robert@fedoraproject.org> 9.7-1 - Upgrade to 9.7 (#2429390) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2429390 - rpki-client-9.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=2429390 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0d27571013' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue