Fedora Security Advisories

kryoptic-1.5.2-2.fc45 mir-2.28.0-2.fc45 rust-ashpd-0.13.12-2.fc45 rust-busd-0.5.0-3.fc45 rust-gtk4-macros-0.11.4-3.fc45 rust-inferno-0.12.6-3.fc45 rust-quick-xml-0.41.0-1.fc45 rust-reqsign-aws-v4-3.0.1-4.fc45 rust-wayland-scanner-0.31.10-5.fc45 sandogasa…

9 hours 32 minutes ago
FEDORA-2026-bc3a541ebd Packages in this update:
  • kryoptic-1.5.2-2.fc45
  • mir-2.28.0-2.fc45
  • rust-ashpd-0.13.12-2.fc45
  • rust-busd-0.5.0-3.fc45
  • rust-gtk4-macros-0.11.4-3.fc45
  • rust-inferno-0.12.6-3.fc45
  • rust-quick-xml-0.41.0-1.fc45
  • rust-reqsign-aws-v4-3.0.1-4.fc45
  • rust-wayland-scanner-0.31.10-5.fc45
  • sandogasa-0.15.3-2.fc45
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

rust-quick-xml-0.41.0-1.el9 rust-wayland-scanner-0.31.10-3.el9 sandogasa-0.15.3-2.el9

9 hours 32 minutes ago
FEDORA-EPEL-2026-8bec43f801 Packages in this update:
  • rust-quick-xml-0.41.0-1.el9
  • rust-wayland-scanner-0.31.10-3.el9
  • sandogasa-0.15.3-2.el9
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

rust-quick-xml-0.41.0-1.el10_3 rust-reqsign-aws-v4-3.0.1-2.el10_3 rust-wayland-scanner-0.31.10-3.el10_3 sandogasa-0.15.3-2.el10_3

9 hours 33 minutes ago
FEDORA-EPEL-2026-6df36818d4 Packages in this update:
  • rust-quick-xml-0.41.0-1.el10_3
  • rust-reqsign-aws-v4-3.0.1-2.el10_3
  • rust-wayland-scanner-0.31.10-3.el10_3
  • sandogasa-0.15.3-2.el10_3
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

rust-busd-0.5.0-3.fc43 rust-inferno-0.12.6-3.fc43 rust-quick-xml-0.41.0-1.fc43 rust-reqsign-aws-v4-3.0.1-2.fc43 rust-wayland-scanner-0.31.10-3.fc43 sandogasa-0.15.3-2.fc43

9 hours 33 minutes ago
FEDORA-2026-ffaebbf2f0 Packages in this update:
  • rust-busd-0.5.0-3.fc43
  • rust-inferno-0.12.6-3.fc43
  • rust-quick-xml-0.41.0-1.fc43
  • rust-reqsign-aws-v4-3.0.1-2.fc43
  • rust-wayland-scanner-0.31.10-3.fc43
  • sandogasa-0.15.3-2.fc43
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

mir-2.26.0-2.fc44 rust-ashpd-0.13.12-2.fc44 rust-busd-0.5.0-3.fc44 rust-gtk4-macros-0.11.4-2.fc44 rust-inferno-0.12.6-3.fc44 rust-quick-xml-0.41.0-1.fc44 rust-reqsign-aws-v4-3.0.1-2.fc44 rust-wayland-scanner-0.31.10-3.fc44 sandogasa-0.15.3-2.fc44

9 hours 34 minutes ago
FEDORA-2026-b25dca4806 Packages in this update:
  • mir-2.26.0-2.fc44
  • rust-ashpd-0.13.12-2.fc44
  • rust-busd-0.5.0-3.fc44
  • rust-gtk4-macros-0.11.4-2.fc44
  • rust-inferno-0.12.6-3.fc44
  • rust-quick-xml-0.41.0-1.fc44
  • rust-reqsign-aws-v4-3.0.1-2.fc44
  • rust-wayland-scanner-0.31.10-3.fc44
  • sandogasa-0.15.3-2.fc44
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

perl-Crypt-DSA-1.17-31.el8

23 hours 31 minutes ago
FEDORA-EPEL-2026-b426ab1b56 Packages in this update:
  • perl-Crypt-DSA-1.17-31.el8
Update description:

This update adds two improvements backported from Crypt-DSA 1.22:

  • Hardening: Use a fresh, independent CSPRNG witness every round
  • Security fix: Modulo bias in key generation (CVE-2026-14570); an attack with hundreds of signatures could lead to full private-key compromise; keys should be considered compromised and new keys should be generated

perl-Crypt-DSA-1.17-31.el9

23 hours 31 minutes ago
FEDORA-EPEL-2026-432fddaa41 Packages in this update:
  • perl-Crypt-DSA-1.17-31.el9
Update description:

This update adds two improvements backported from Crypt-DSA 1.22:

  • Hardening: Use a fresh, independent CSPRNG witness every round
  • Security fix: Modulo bias in key generation (CVE-2026-14570); an attack with hundreds of signatures could lead to full private-key compromise; keys should be considered compromised and new keys should be generated

perl-Crypt-DSA-1.22-1.el10_3

1 day ago
FEDORA-EPEL-2026-49e427dec0 Packages in this update:
  • perl-Crypt-DSA-1.22-1.el10_3
Update description:

This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-1457) .

perl-Crypt-DSA-1.22-1.fc43

1 day ago
FEDORA-2026-b77b9c5f04 Packages in this update:
  • perl-Crypt-DSA-1.22-1.fc43
Update description:

This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-1457) .

perl-Crypt-DSA-1.22-1.fc44

1 day ago
FEDORA-2026-fcfc08d46c Packages in this update:
  • perl-Crypt-DSA-1.22-1.fc44
Update description:

This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-1457) .

perl-Crypt-DSA-1.22-1.el10_2

1 day ago
FEDORA-EPEL-2026-121cfa24e8 Packages in this update:
  • perl-Crypt-DSA-1.22-1.el10_2
Update description:

This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-1457) .

python-tornado-6.5.7-1.fc45

1 day 2 hours ago
FEDORA-2026-672e8e4169 Packages in this update:
  • python-tornado-6.5.7-1.fc45
Update description:

Automatic update for python-tornado-6.5.7-1.fc45.

Changelog * Mon Jun 22 2026 Peter Robinson <pbrobinson@gmail.com> - 6.5.7-1 - Update to 6.5.7 - CVE-2026-35536 (rhbz#2457335), CVE-2026-31958 (rhbz#2451660)

rust-fern-0.7.1-6.fc45 rust-ifcfg-devname-1.1.1-5.fc45 rust-routinator-0.15.2-1.fc45 rust-rpki-0.19.3-1.fc45 rust-syslog-7.0.0-2.fc45

1 day 5 hours ago
FEDORA-2026-188f731254 Packages in this update:
  • rust-fern-0.7.1-6.fc45
  • rust-ifcfg-devname-1.1.1-5.fc45
  • rust-routinator-0.15.2-1.fc45
  • rust-rpki-0.19.3-1.fc45
  • rust-syslog-7.0.0-2.fc45
Update description:

Update routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.

v0.15.2

This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.

We advise all users to upgrade at their earliest convenience.

Security fixes
  • Changed how transient errors when accepting incoming HTTP and RTR connections are handled: instead of exiting, a warning is printed and the error is ignored. ([#1099])

This issue was assigned CVE-2026-49232.

  • Extended the check for illegal path components in rsync URIs to also include the authority and module parts. (via rpki-rs#370)

This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.

  • Fixed a panic when parsing certain AS numbers from strings. (via rpki-rs#373)

This fixes a vulnerability that has been assigned CVE-2026-49234.

  • Upgraded quick-xml to at least 0.39.4 to fix a regression in XML parsing that may lead a panic on certain crated XML files. (via rpki-rs#372)

This fixes a vulnerability that has been assigned CVE-2026-49235.

Improvements
  • Restricted trust anchor certificates downloaded via HTTP to the size given via the max_object_size config option. (#1090)
  • The -e and --rsh options will now be rejected in the rsync-args config option. Similarly, Routinator will not start if the equivalent evironment variable RSYNC_RSH is set. (#1091)
Bug fixes
  • Set an RTR listener socket received via systemd to non-blocking. This fixes a panic in Tokio. (#1081 by @MaxHearnden)
  • Fixed the --rrdp-tcp-keepalive to be a command line option rather than a command line argument. ([1085])
Other changes
  • Support for Ubuntu Resolute Raccoon (26.04). (#1095)
v0.15.1 Bug fixes
  • Abort the optimistic initial run if there are no stored TA certificates for a TAL instead of succeeding with an empty data set. (#1071)
  • Undo PrivateUsers restriction in systemd unit files to allow user to run Routinator on privileged ports. (#1068)
v0.15.0 Breaking changes
  • Removed the rrdp-keep-responses feature. We suggest the use of an HTTP proxy such as mitmproxy instead.

This once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.

In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)

New
  • Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn’t been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. (#1057)
  • Added support for SLURM v2 as output format which includes ASPA payload. (#1021)
  • Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by refresh even if objects expire earlier. The new min-refresh option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. (#1027)
  • The order in which manifest entries are processed is now randomized. (#1041)
  • Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. (#1035)
  • The dump command now prints the source directories of the data it dumps. (#1045)
  • Added a --update-after option to the vrps subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. (#1049)
  • Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050])
  • The /validity HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. (#1053)
  • Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch.

This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.

Bug fixes
  • Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in RFC9286. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. (rpki-rs#342)
  • Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. (#1039)
  • Changed the message logged when an RRDP update times out to actually say that. (#1052)
Other changes
  • Improved performance of file system operations on validate subcommand. (#1043 by @kawaemon)
  • Add package.homepage to Cargo.toml (#1024)
  • Added building packages for RHEL 10 and Debian 13. (#1034, #1047)
  • Added building packages for ARMv6 and ARM64 for Debian Bookworm. (#1036)
  • Added additional restrictions to the systemd unit files used in the various binary packages. (#1056)
  • Upgrades various dependencies. (#1004, #1005, #1006)

rust-fern-0.7.1-6.el9 rust-routinator-0.15.2-1.el9 rust-rpki-0.19.3-1.el9 rust-syslog-7.0.0-2.el9

1 day 5 hours ago
FEDORA-EPEL-2026-bd078a3227 Packages in this update:
  • rust-fern-0.7.1-6.el9
  • rust-routinator-0.15.2-1.el9
  • rust-rpki-0.19.3-1.el9
  • rust-syslog-7.0.0-2.el9
Update description:

Update routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.

v0.15.2

This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.

We advise all users to upgrade at their earliest convenience.

Security fixes
  • Changed how transient errors when accepting incoming HTTP and RTR connections are handled: instead of exiting, a warning is printed and the error is ignored. ([#1099])

This issue was assigned CVE-2026-49232.

  • Extended the check for illegal path components in rsync URIs to also include the authority and module parts. (via rpki-rs#370)

This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.

  • Fixed a panic when parsing certain AS numbers from strings. (via rpki-rs#373)

This fixes a vulnerability that has been assigned CVE-2026-49234.

  • Upgraded quick-xml to at least 0.39.4 to fix a regression in XML parsing that may lead a panic on certain crated XML files. (via rpki-rs#372)

This fixes a vulnerability that has been assigned CVE-2026-49235.

Improvements
  • Restricted trust anchor certificates downloaded via HTTP to the size given via the max_object_size config option. (#1090)
  • The -e and --rsh options will now be rejected in the rsync-args config option. Similarly, Routinator will not start if the equivalent evironment variable RSYNC_RSH is set. (#1091)
Bug fixes
  • Set an RTR listener socket received via systemd to non-blocking. This fixes a panic in Tokio. (#1081 by @MaxHearnden)
  • Fixed the --rrdp-tcp-keepalive to be a command line option rather than a command line argument. ([1085])
Other changes
  • Support for Ubuntu Resolute Raccoon (26.04). (#1095)
v0.15.1 Bug fixes
  • Abort the optimistic initial run if there are no stored TA certificates for a TAL instead of succeeding with an empty data set. (#1071)
  • Undo PrivateUsers restriction in systemd unit files to allow user to run Routinator on privileged ports. (#1068)
v0.15.0 Breaking changes
  • Removed the rrdp-keep-responses feature. We suggest the use of an HTTP proxy such as mitmproxy instead.

This once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.

In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)

New
  • Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn’t been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. (#1057)
  • Added support for SLURM v2 as output format which includes ASPA payload. (#1021)
  • Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by refresh even if objects expire earlier. The new min-refresh option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. (#1027)
  • The order in which manifest entries are processed is now randomized. (#1041)
  • Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. (#1035)
  • The dump command now prints the source directories of the data it dumps. (#1045)
  • Added a --update-after option to the vrps subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. (#1049)
  • Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050])
  • The /validity HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. (#1053)
  • Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch.

This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.

Bug fixes
  • Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in RFC9286. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. (rpki-rs#342)
  • Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. (#1039)
  • Changed the message logged when an RRDP update times out to actually say that. (#1052)
Other changes
  • Improved performance of file system operations on validate subcommand. (#1043 by @kawaemon)
  • Add package.homepage to Cargo.toml (#1024)
  • Added building packages for RHEL 10 and Debian 13. (#1034, #1047)
  • Added building packages for ARMv6 and ARM64 for Debian Bookworm. (#1036)
  • Added additional restrictions to the systemd unit files used in the various binary packages. (#1056)
  • Upgrades various dependencies. (#1004, #1005, #1006)

rust-fern-0.7.1-6.el10_3 rust-routinator-0.15.2-1.el10_3 rust-rpki-0.19.3-1.el10_3 rust-syslog-7.0.0-2.el10_3

1 day 5 hours ago
FEDORA-EPEL-2026-cc5650cf72 Packages in this update:
  • rust-fern-0.7.1-6.el10_3
  • rust-routinator-0.15.2-1.el10_3
  • rust-rpki-0.19.3-1.el10_3
  • rust-syslog-7.0.0-2.el10_3
Update description:

Update routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.

v0.15.2

This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.

We advise all users to upgrade at their earliest convenience.

Security fixes
  • Changed how transient errors when accepting incoming HTTP and RTR connections are handled: instead of exiting, a warning is printed and the error is ignored. ([#1099])

This issue was assigned CVE-2026-49232.

  • Extended the check for illegal path components in rsync URIs to also include the authority and module parts. (via rpki-rs#370)

This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.

  • Fixed a panic when parsing certain AS numbers from strings. (via rpki-rs#373)

This fixes a vulnerability that has been assigned CVE-2026-49234.

  • Upgraded quick-xml to at least 0.39.4 to fix a regression in XML parsing that may lead a panic on certain crated XML files. (via rpki-rs#372)

This fixes a vulnerability that has been assigned CVE-2026-49235.

Improvements
  • Restricted trust anchor certificates downloaded via HTTP to the size given via the max_object_size config option. (#1090)
  • The -e and --rsh options will now be rejected in the rsync-args config option. Similarly, Routinator will not start if the equivalent evironment variable RSYNC_RSH is set. (#1091)
Bug fixes
  • Set an RTR listener socket received via systemd to non-blocking. This fixes a panic in Tokio. (#1081 by @MaxHearnden)
  • Fixed the --rrdp-tcp-keepalive to be a command line option rather than a command line argument. ([1085])
Other changes
  • Support for Ubuntu Resolute Raccoon (26.04). (#1095)
v0.15.1 Bug fixes
  • Abort the optimistic initial run if there are no stored TA certificates for a TAL instead of succeeding with an empty data set. (#1071)
  • Undo PrivateUsers restriction in systemd unit files to allow user to run Routinator on privileged ports. (#1068)
v0.15.0 Breaking changes
  • Removed the rrdp-keep-responses feature. We suggest the use of an HTTP proxy such as mitmproxy instead.

This once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.

In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)

New
  • Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn’t been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. (#1057)
  • Added support for SLURM v2 as output format which includes ASPA payload. (#1021)
  • Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by refresh even if objects expire earlier. The new min-refresh option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. (#1027)
  • The order in which manifest entries are processed is now randomized. (#1041)
  • Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. (#1035)
  • The dump command now prints the source directories of the data it dumps. (#1045)
  • Added a --update-after option to the vrps subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. (#1049)
  • Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050])
  • The /validity HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. (#1053)
  • Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch.

This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.

Bug fixes
  • Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in RFC9286. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. (rpki-rs#342)
  • Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. (#1039)
  • Changed the message logged when an RRDP update times out to actually say that. (#1052)
Other changes
  • Improved performance of file system operations on validate subcommand. (#1043 by @kawaemon)
  • Add package.homepage to Cargo.toml (#1024)
  • Added building packages for RHEL 10 and Debian 13. (#1034, #1047)
  • Added building packages for ARMv6 and ARM64 for Debian Bookworm. (#1036)
  • Added additional restrictions to the systemd unit files used in the various binary packages. (#1056)
  • Upgrades various dependencies. (#1004, #1005, #1006)

rust-fern-0.7.1-6.fc43 rust-routinator-0.15.2-1.fc43 rust-rpki-0.19.3-1.fc43 rust-syslog-7.0.0-2.fc43

1 day 5 hours ago
FEDORA-2026-659cb50390 Packages in this update:
  • rust-fern-0.7.1-6.fc43
  • rust-routinator-0.15.2-1.fc43
  • rust-rpki-0.19.3-1.fc43
  • rust-syslog-7.0.0-2.fc43
Update description:

Update routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.

v0.15.2

This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.

We advise all users to upgrade at their earliest convenience.

Security fixes
  • Changed how transient errors when accepting incoming HTTP and RTR connections are handled: instead of exiting, a warning is printed and the error is ignored. ([#1099])

This issue was assigned CVE-2026-49232.

  • Extended the check for illegal path components in rsync URIs to also include the authority and module parts. (via rpki-rs#370)

This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.

  • Fixed a panic when parsing certain AS numbers from strings. (via rpki-rs#373)

This fixes a vulnerability that has been assigned CVE-2026-49234.

  • Upgraded quick-xml to at least 0.39.4 to fix a regression in XML parsing that may lead a panic on certain crated XML files. (via rpki-rs#372)

This fixes a vulnerability that has been assigned CVE-2026-49235.

Improvements
  • Restricted trust anchor certificates downloaded via HTTP to the size given via the max_object_size config option. (#1090)
  • The -e and --rsh options will now be rejected in the rsync-args config option. Similarly, Routinator will not start if the equivalent evironment variable RSYNC_RSH is set. (#1091)
Bug fixes
  • Set an RTR listener socket received via systemd to non-blocking. This fixes a panic in Tokio. (#1081 by @MaxHearnden)
  • Fixed the --rrdp-tcp-keepalive to be a command line option rather than a command line argument. ([1085])
Other changes
  • Support for Ubuntu Resolute Raccoon (26.04). (#1095)
v0.15.1 Bug fixes
  • Abort the optimistic initial run if there are no stored TA certificates for a TAL instead of succeeding with an empty data set. (#1071)
  • Undo PrivateUsers restriction in systemd unit files to allow user to run Routinator on privileged ports. (#1068)
v0.15.0 Breaking changes
  • Removed the rrdp-keep-responses feature. We suggest the use of an HTTP proxy such as mitmproxy instead.

This once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.

In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)

New
  • Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn’t been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. (#1057)
  • Added support for SLURM v2 as output format which includes ASPA payload. (#1021)
  • Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by refresh even if objects expire earlier. The new min-refresh option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. (#1027)
  • The order in which manifest entries are processed is now randomized. (#1041)
  • Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. (#1035)
  • The dump command now prints the source directories of the data it dumps. (#1045)
  • Added a --update-after option to the vrps subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. (#1049)
  • Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050])
  • The /validity HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. (#1053)
  • Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch.

This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.

Bug fixes
  • Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in RFC9286. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. (rpki-rs#342)
  • Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. (#1039)
  • Changed the message logged when an RRDP update times out to actually say that. (#1052)
Other changes
  • Improved performance of file system operations on validate subcommand. (#1043 by @kawaemon)
  • Add package.homepage to Cargo.toml (#1024)
  • Added building packages for RHEL 10 and Debian 13. (#1034, #1047)
  • Added building packages for ARMv6 and ARM64 for Debian Bookworm. (#1036)
  • Added additional restrictions to the systemd unit files used in the various binary packages. (#1056)
  • Upgrades various dependencies. (#1004, #1005, #1006)

rust-fern-0.7.1-6.fc44 rust-ifcfg-devname-1.1.1-5.fc44 rust-routinator-0.15.2-1.fc44 rust-rpki-0.19.3-1.fc44 rust-syslog-7.0.0-2.fc44

1 day 5 hours ago
FEDORA-2026-ec9f1ca21a Packages in this update:
  • rust-fern-0.7.1-6.fc44
  • rust-ifcfg-devname-1.1.1-5.fc44
  • rust-routinator-0.15.2-1.fc44
  • rust-rpki-0.19.3-1.fc44
  • rust-syslog-7.0.0-2.fc44
Update description:

Update routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.

v0.15.2

This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.

We advise all users to upgrade at their earliest convenience.

Security fixes
  • Changed how transient errors when accepting incoming HTTP and RTR connections are handled: instead of exiting, a warning is printed and the error is ignored. ([#1099])

This issue was assigned CVE-2026-49232.

  • Extended the check for illegal path components in rsync URIs to also include the authority and module parts. (via rpki-rs#370)

This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.

  • Fixed a panic when parsing certain AS numbers from strings. (via rpki-rs#373)

This fixes a vulnerability that has been assigned CVE-2026-49234.

  • Upgraded quick-xml to at least 0.39.4 to fix a regression in XML parsing that may lead a panic on certain crated XML files. (via rpki-rs#372)

This fixes a vulnerability that has been assigned CVE-2026-49235.

Improvements
  • Restricted trust anchor certificates downloaded via HTTP to the size given via the max_object_size config option. (#1090)
  • The -e and --rsh options will now be rejected in the rsync-args config option. Similarly, Routinator will not start if the equivalent evironment variable RSYNC_RSH is set. (#1091)
Bug fixes
  • Set an RTR listener socket received via systemd to non-blocking. This fixes a panic in Tokio. (#1081 by @MaxHearnden)
  • Fixed the --rrdp-tcp-keepalive to be a command line option rather than a command line argument. ([1085])
Other changes
  • Support for Ubuntu Resolute Raccoon (26.04). (#1095)
v0.15.1 Bug fixes
  • Abort the optimistic initial run if there are no stored TA certificates for a TAL instead of succeeding with an empty data set. (#1071)
  • Undo PrivateUsers restriction in systemd unit files to allow user to run Routinator on privileged ports. (#1068)
v0.15.0 Breaking changes
  • Removed the rrdp-keep-responses feature. We suggest the use of an HTTP proxy such as mitmproxy instead.

This once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.

In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)

New
  • Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn’t been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. (#1057)
  • Added support for SLURM v2 as output format which includes ASPA payload. (#1021)
  • Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by refresh even if objects expire earlier. The new min-refresh option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. (#1027)
  • The order in which manifest entries are processed is now randomized. (#1041)
  • Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. (#1035)
  • The dump command now prints the source directories of the data it dumps. (#1045)
  • Added a --update-after option to the vrps subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. (#1049)
  • Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050])
  • The /validity HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. (#1053)
  • Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch.

This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.

Bug fixes
  • Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in RFC9286. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. (rpki-rs#342)
  • Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. (#1039)
  • Changed the message logged when an RRDP update times out to actually say that. (#1052)
Other changes
  • Improved performance of file system operations on validate subcommand. (#1043 by @kawaemon)
  • Add package.homepage to Cargo.toml (#1024)
  • Added building packages for RHEL 10 and Debian 13. (#1034, #1047)
  • Added building packages for ARMv6 and ARM64 for Debian Bookworm. (#1036)
  • Added additional restrictions to the systemd unit files used in the various binary packages. (#1056)
  • Upgrades various dependencies. (#1004, #1005, #1006)
Checked
50 minutes 14 seconds ago