|Tags||rpki bgp routing security bird openbgpd|
6.8p112 Nov 2020 20:33 security: Incorporate OpenBSD 6.8 errata 006 of November 10, 2020: rpki-client incorrectly checks the manifest validity interval. Add compat code for the LibreSSL ASN1_time_parse() and ASN1_time_tm_cmp() functions. Those are needed to properly check the validity of MFT files.
6.8p020 Oct 2020 21:07 major feature: Improve how repositories are downloaded: do not fetch symlinks and clean extraneous files in the repositories after download using the cryptographically signed RPKI manifest listings. Fix a bug where rpki-client could hang after calling rsync. Remove the -f option, no longer needed. Improved validation of the trust anchors. Add new option '-s timeout' to make rpki-client automatically terminate after a timeout (default 1 hour). This helps when rpki-client is run via cron to prevent a hanging process to cause problems. Portability improvements: Replace warnc() with warnx() + strerror(), replace b64_pton() with code using the libcrypto EVP_Decode* functionality, adjust for OpenSSL 1.1.x compatible use of the EVP_ENCODE_CTX struct.
6.7p130 Jul 2020 22:54 security: Incorrect use of "EVP_PKEY_cmp" allowed an authentication bypass.
6.7p019 May 2020 00:38 major bugfix: Document the suggested interval for running rpki-client in man page. Always initialize cachedir and outputdir. Print statistics as comments at the top of the output files which can take comments, including the date and time when the files were produced, and runtime statistics when producing them. Improve log messages to clarify what's happening. Fix a bug where rpki-client would not properly wait for exiting rsync processes, causing rpki-client to hang.
Submitted byRobert Scheck
ManageYou can also help out here by:
← Update project
or flagging this entry for moderator attention.