The following Fedora EPEL 7 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-284c34a6cc
caddy-1.0.5-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-72bc7cd989
apptainer-1.2.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
rpki-client-8.5-1.el7
Details about builds:
================================================================================
rpki-client-8.5-1.el7 (FEDORA-EPEL-2023-a6915cb5c5)
OpenBSD RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:
# rpki-client 8.5 - ASPA support was updated to draft-ietf-sidrops-aspa-
profile-16. As part of supporting AFI-agnostic ASPAs, the JSON syntax for
Validated ASPA Payloads changed in both filemode and normal output. - Support
for gzip and deflate HTTP Content-Encoding compression was added. This allows
web servers to send RRDP XML in compressed form, saving around 50% of bandwidth.
Zlib was added as a dependency. - File modification timestamps of objects
retrieved via RRDP are now deterministically set to prepare the on-disk cache
for seamless failovers from RRDP to RSYNC. See draft-ietf-sidrops-cms-signing-
time for more information. - A 30%-50% performance improvement was achieved
through libcrypto's partial chains certificate validation feature. Already
validated non-inheriting CA certificates are now marked as trusted roots. This
way it can be ensured that a leaf's delegated resources are properly covered,
and at the same time most validation paths are significantly shortened. -
Improved detection of RRDP session desynchronization: a check was added to
compare whether the delta hashes associated to previously seen serials are
different in newly fetched notification files. - Improved handling of RRDP
deltas in which objects are published, withdrawn, and published again. - A check
to disallow duplicate X.509 certificate extensions was added. - A check to
disallow empty sets of IP Addresses or AS numbers in RFC 3779 extensions was
added. - A compliance check for the proper X.509 Certificate version and CRL
version was added. - A warning is printed when the CMS signing-time attribute in
a Signed Object is missing. - Warnings about unrecoverable message digest
mismatches now include the manifestNumber to aid debugging the cause. - A check
was added to disallow multiple RRDP publish elements for the same file in RRDP
snapshots. If this error condition is encountered, the RRDP transfer is failed
and the RP falls back to rsync. - A compliance check was added to ensure CMS
Signed Objects contain SignedData, in accordance to RFC 6488 section 3 checklist
item 1a. - Compliance checks were added for the version, KeyUsage, and
ExtendedKeyUsage of EE certificates in Manifest, TAK, and GBR Signed Objects. -
A CMS signing-time value being after the X.509 notAfter timestamp was downgraded
from an error to a warning. - A bug was fixed in the handling of CA certificates
which inherit IP resources.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 30 2023 Robert Scheck <rob...@fedoraproject.org> 8.5-1
- Upgrade to 8.5 (#2227464)
* Fri Jul 21 2023 Fedora Release Engineering <rel...@fedoraproject.org> - 8.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2227464 - rpki-client-8.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2227464
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
