Fedora 44 rpki-client 9.8 Security Advisory 2026-879659f6c2

The OpenBSD rpki-client is a free, easy-to-use implementation of the

Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to

facilitate validation of the Route Origin of a BGP announcement. The

program queries the RPKI repository system, downloads and validates

Route Origin Authorisations (ROAs) and finally outputs Validated ROA

Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and

also as CSV or JSON objects for consumption by other routing stacks.

rpki-client 9.8 Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. Fixed an accounting issue in HTTP gzip compression detection. Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings. Added a check for canonical encoding of ASPA eContent in alignment with draft- ietf-sidrops-aspa-profile-22. Ensure that a repository timeout correctly stops repository processing. Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa. Fixed an issue in the parser for the locally configured constraints. A malicious RRDP Publication Server can cause a NULL dereference. A malicious RPKI Publication Server can cause an incorrect error exit.