The following Fedora EPEL 7 Security updates need testing: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f005e1b879 debmirror-2.35-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-2f9b2cf4af ckeditor-4.16.2-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-d179a438bc libspf2-1.2.11-1.20210922git4915c308.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-37f81a6244 golang-github-prometheus-2.26.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
openbgpd-7.2-1.el7 rpki-client-7.3-1.el7
Details about builds:
================================================================================ openbgpd-7.2-1.el7 (FEDORA-EPEL-2021-d380aed307) OpenBGPD Routing Daemon -------------------------------------------------------------------------------- Update Information:
OpenBGPD 7.2 ============ This release includes the following changes to the previous release: * Support for RFC 9072 - Extended Optional Parameters Length for `BGP OPEN` Message * Support for RFC 8050 - MRT Format with BGP Additional Path Extensions * Implement receive side of RFC 7911 - Advertisement of Multiple Paths in BGP. OpenBGPD is currently not able to send multiple paths out. * Improve checks of VRPs loaded via RTR or from the roa- set table. * Allow to optionally specify an expiry time for `roa-set` entries to mitigate BGP route decision making based on outdated RPKI data. OpenBGPD's companion `rpki-client` produces `roa-set`s with the new `expires` property. -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 23 2021 Robert Scheck robert@fedoraproject.org 7.2-1 - Upgrade to 7.2 (#2007210) * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 7.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2007210 - openbgpd-7.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2007210 --------------------------------------------------------------------------------
================================================================================ rpki-client-7.3-1.el7 (FEDORA-EPEL-2021-dab7665591) RPKI validator to support BGP Origin Validation -------------------------------------------------------------------------------- Update Information:
rpki-client 7.3 =============== * Improve the HTTP client code (status code handling, http proxy support, keep-alive). * In RRDP, do not access URI with userinfo (`@`-sign). * Improve RRDP syncing by considering a notification file serial jumping backwards as synced repository. * Make `-R` (`rsync` only) also apply to the fetching of TA files. * Only sync `*.{cer,crl,gbr,mft,roa}` files via `rsync` and exclude all others. * When producing output for OpenBGPd, make use of the `roa-set expires` attribute to prevent machines from loading outdated `roa-set`s. * In RRDP, limit the number of deltas to 300 per repo. If more deltas exist, downloading a full snapshot is faster. * Limit the validation depth of X509 certificate chains to 12, double the current depth seen in RPKI. -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 23 2021 Robert Scheck robert@fedoraproject.org 7.3-1 - Upgrade to 7.3 (#2007447) * Tue Sep 14 2021 Sahana Prasad sahana@redhat.com - 7.2-2 - Rebuilt with OpenSSL 3.0.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2007447 - rpki-client-7.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2007447 --------------------------------------------------------------------------------