Log Message:
net/routinator: upgrade to version 0.14.1.

Pkgsrc changes:
 * Basically only cargo-depends and checksum changes.

Upstream changes:

Version 0.14.1 -- "Black Cats and Voodoo Dolls"
===============================================

This release fixes a crash when the file names listed in a manifest
contain illegal characters. We recommend all users to upgrade to
this version.

New
 * ASPA support is now always compiled in and available if
   enable-aspa is set. The aspa Cargo feature has been removed.
   (#990)
 * If merging mutliple ASPA objects for a single customer ASN
   results in more than 16,380 provider ASNs, the ASPA is dropped.
   (Note that ASPA objects with more than 16,380 provider ASNs
   are already rejected during parsing.) (#996)
 * New archive-stats command that shows some statistics of an RRDP
   archive. (#982)
 * Re-enabled the use of GZIP compression in HTTP request sent by
   the RRDP collector. Measures to deal with exploding data have
   been implemented in rpki-rs#319. (#997)

Bug fixes
 * Fixed an issue with checking the file names in manifests that
   let to a crash when non-ASCII characters are used. (rpki-rs#320,
   reported by Haya Schulmann and Niklas Vogel of Goethe University
   Frankfurt/ATHENE Center and assigned CVE-2025-0638)
 * The validation HTTP endpoints now accept prefixes with non-zero
   host bits. (#987)
 * Removed duplicate rtr_client_reset_queries in HTTP metrics.
   (#992 by @sleinen)
 * Improved disk space consumption of the new RRDP archives by
   re-using empty space when updating an object and padding all
   objects to a multiple of 256 bytes. (#982)

Other changes
 * The minimum supported Rust version is now 1.74. (#999)
 * Added packaging support for Ubuntu 24.04 and removed support
   for Debian Stretch 9, Ubuntu Xenial 16.04, Ubuntu Bionic 18.04,
   and Centos 7 (#980, #994)
 * Upgraded the bundled routinator-ui to release [ui-0.4.3][0.4.3].

Version 0.14.0 -- "You Must Gather Your Party Before Venturing Forth"
=====================================================================

Breaking changes
 * Keep the content of an RRDP repository in a single file rather
   than as individual files under a directory. (#886)
 * Switched to the all-new version 0.4 of the Routinator UI. This
   also changes the way we import the UI into Routinator by simply
   including the built assets which means downloads are not necessary
   during the build process any more. (#952)
 * Changed the summary output format to have all lines end in a
   semicolon. (#907)
 * Changed the options used for rsync. The options -rtO --delete
   are now always used. The options set in the rsync-args are added
   or, if that is not used, -z and --no-motd, as well as --contimeout=10
   if it is supported by the rsync command, and --max-size if the
   max-object-size option has not been set to 0. (#962)

New
 * The chain_validity value in the jsonext format now considers
   the validity of the manifest's EE certificates. A new stale
   value shows the time when any of the publication points along
   the way will become stale. (#945)
 * If a collected manifest has a lower manifest number or an older
   thisUpdate field than a stored manifest for the same CA, the
   collected manifest is ignored and the stored publication point
   is used instead. This implements a requirement added in RFC
   9286. (#946, #954)
 * The number of delta entries in a RRDP notification file is now
   limited to 500 by default. If there are more entries, the deltas
   are ignored and the snapshot is used. The limit can be changed
   through the new rrdp-max-delta-list-len configuration value.
   (#961)
 * The RRDP collector now falls back to a snapshot update if the
   hash of a delta listed in the notification file has changed from
   the previous update. This implements
   draft-ietf-sidrops-rrdp-desynchronization-00. (#951)
 * The RRDP collector now enforces that all URIs referred to or
   redirected to by an RRDP server have the same origin as the
   rpkiNotify URI in the CA certificate. (#953)
 * The config file used is now printed for some commands. This
   should help with avoiding confusion when running Routinator as
   different users. (#959)

Bug fixes
 * Fixed an issue where the refresh time was calculated as zero
   under certain conditions until the dataset was updated. (#940)
 * Add the current RRDP serial number to the RRDP server metrics
   when a Not Modified response is received so that Prometheus
   shows a constant value.