non port: net/routinator/Makefile.crates |
Number of commits found: 5 |
Saturday, 10 Feb 2024
|
19:06 Muhammad Moinur Rahman (bofh) Author: Jaap Akkerhuis
net/routinator: Update version 0.13.0=>0.13.1
Changelog: https://github.com/NLnetLabs/routinator/releases/tag/v0.13.1
PR: 276892
Approved by: submitter is maintainer
d4c518f |
Thursday, 28 Sep 2023
|
08:42 Fernando Apesteguía (fernape) Author: Jaap Akkerhuis
net/routinator: Update to 0.13.0
ChangeLog: https://nlnetlabs.nl/news/2023/Sep/21/routinator-0.13.0-released/
New
* Added support for ASPA. Processing needs to be enabled via the new option
enable-aspa which is only available if the aspa feature is explicitly
selected during compilation. This is due to the specification still
changing. The implementation currently conforms with
draft-ietf-sidrops-aspa-profile-15.
* Added support for version 2 of the RTR protocol. This primarly means support
for the ASPA payload type.
* Sending SIGUSR2 to Routinator will re-open a log file if logging to a file is
enabled.
* The HTTP server provides a new endpoint /json-delta/notify that can be used
to wait for updated data similar to the RTR Notify PDU.
* Added support for filtering and adding router keys via local exception files.
* The vrps command and the HTTP payload output endpoints now allow excluding
specific payload types for output.
* Added a new member payload to the output of the /api/v1/status endpoint that
gives an overall summary of the produced payload.
* Added new members generated and generatedTime to the JSON object produced by
the /json-delta endpoint.
Breaking Changes
* A new field aspa was added to the jsonext format. See the manual page for
more information.
* A number of ASPA-related fields have been added to all metrics and status
formats.
* Renamed functions and attributes that refer to standalone end entity
certificates to refer to router certificates so they don’t get confused
with
the end entity certificates included with signed objects.
* Renamed the JSON member in the HTTP status API from validEECerts to
validRouterCerts. The old name is still available but may be removed in the
future.
* The regular json output format now includes router key and ASPA output. Since
both are disabled by default, the format will still be compatible by default.
* The minimal required Rust version has been increased to 1.70.
Bug Fixes
* Fixed a bug in the RTR server where it would include router key PDUs even if
the negotiated protocol version was 0.
* Restored the ability to parse ASNs in JSON input to the validity command as
string or number.
* Update bcder to at least 0.7.3 to fix various decoding issues that could lead
to a panic when processing invalid RPKI objects.
* Check the request URI when generating a path for storing a copy of a RRDP
response with the rrdp-keep-responses option to avoid path traversal.
Found by Haya Shulman, Donika Mirdita and Niklas Vogel. Assigned
CVE-2023-39916
Other Changes
* The log message for missing manifest now include the URI of the CA
certificate for which the manifest is missing. (#864)
* Binary packages are now also built for Debian bookworm. (#881)
PR: 274105
Reported by: jaap@NLnetLabs.nl (maintainer)
Security: CVE-2023-39916
9b65e59 |
Sunday, 17 Sep 2023
|
15:23 Robert Clausecker (fuz) Author: Jaap Akkerhuis
net/routinator: Update to 0.12.2
Routinator 0.12.2 ‘Brutti, sporchi e cattivi’
This release fixes two issues in Routinator that can be exploited
remotely by rogue RPKI CAs and repositories. We therefore advise all
users of Routinator to upgrade to this release at their earliest
convenience.
The first issue, CVE-2022-39915, can lead to Routinator crashing when
trying to decode certain illegal RPKI objects.
The second issue, CVE-2022-39916, only affects users that have the
rrdp-keep-responses option enabled which allows storing all received
RRDP responses on disk. Because the file name for these responses is
derived from the URI and the path wasn’t checked properly, a RRDP URI
could be constructed that results in the response stored outside the
directory, possibly overwriting existing files.
We would like to thank Haya Shulman, Donika Mirdita and Niklas Vogel
for discovering and reporting these issues.
Changelog: https://nlnetlabs.nl/news/2023/Sep/13/routinator-0.12.2-released/
PR: 273826
MFH: 2023Q3
9e3ed40 |
Saturday, 14 Jan 2023
|
17:16 Fernando Apesteguía (fernape) Author: Jaap Akkerhuis
net/routinator: Update to 0.12.1
ChangeLog: https://www.nlnetlabs.nl/news/2023/Jan/04/routinator-0.12.1-released/
Minor bugfixes.
* Actually use the extra-tals-dir config file option.
* Allow private keys prefixed both with BEGIN PRIVATE KEY and BEGIN RSA
PRIVATE KEY in the files referred to by http-tls-key and rtr-tls-key
configuration options.
* On Unix, if chroot is requested but no working directory is explicitly
provided, set the working directory to the chroot directory.
* Fixed the error messages printed when the http-tls-key or http-tls-cert
options are required but missing. They now refer to HTTP and not, as
previously, to RTR.
PR: 268906
Reported by: jaap@NLnetLabs.nl (maintainer)
6199ca0 |
Tuesday, 22 Nov 2022
|
23:38 Guangyuan Yang (ygy) Author: Jaap Akkerhuis
net/routinator: Update to 0.12.0
Changelog: https://www.nlnetlabs.nl/news/2022/Nov/10/routinator-0.12.0-released/
PR: 267891
b37598f |
Number of commits found: 5 |