in Rust. If you have any feedback, we would love to hear from you.
our RPKI mailing list. You can lean more about Routinator and RPKI
2024-04-19 13:59:28 by Havard Eidnes | Files touched by this commit (3) | |
Log message:
Upgrade net/routinator to version 0.13.2.
Pkgsrc changes:
* Version bump + checksum updates.
Upstream changes:
0.13.2 -- "Existential Funk"
Released 2024-01-26.
Bug Fixes
* Fix the RTR listener so that Routinator won't exit if an
incoming RTR connection is closed again too quickly. ([#937],
reported by Yohei Nishimura, Atsushi Enomoto, Ruka Miyachi;
Internet Multifeed Co., Japan. Assigned [CVE-2024-1622].)
[#937]: https://github.com/NLnetLabs/routinator/pull/937
[CVE-2024-1622]: https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt
|
2024-01-24 15:13:23 by Havard Eidnes | Files touched by this commit (3) |
Log message:
Update net/routinator to version 0.13.1.
Pkgsrc changes:
* Bump version & re-compute cargo-depends.
Upstream changes:
New
* Added support for private keys marked as "EC PRIVATE KEY" in the
PEM files for TLS server configuration. ([#921])
* The rsync collector now logs stderr output of the rsync command
directly instead of collecting it and logging it in one go after
the commend returned. ([#290])
Bug Fixes
* The `dump` command will now succeed even if certain directories
or files in the repository cache are missing. ([#916])
* A more meaningful message is now printed when decoding RPKI
objects fails. It will still not give much detail but at least it
isn't confusing any more. ([#917])
Other changes
* Updated the `nlnetlabs-testbed` TAL to the current location and
key. ([#922])
[#916]: https://github.com/NLnetLabs/routinator/pull/916
[#917]: https://github.com/NLnetLabs/routinator/pull/917
[#920]: https://github.com/NLnetLabs/routinator/pull/920
[#921]: https://github.com/NLnetLabs/routinator/pull/921
[#922]: https://github.com/NLnetLabs/routinator/pull/922
|
2023-09-21 19:53:32 by Havard Eidnes | Files touched by this commit (3) | |
Log message:
Upgrade routinator to version 0.13.0.
Pkgsrc changes:
* Update cargo-depends.mk, update checksums.
Upstream changes:
Release v0.13.0 -- 'Should Have Started This in a Screen'
New
* Added support for ASPA. Processing needs to be enabled via the
new option `enable-aspa` which is only available if the `aspa`
feature is explicitly selected during compilation. This is due to
the specification still changing. The implementation currently
conforms with [draft-ietf-sidrops-aspa-profile-15]. ([#847],
[#873], [#874], [#878])
* Added support for version 2 of the RTR protocol. This primarly
means support for the ASPA payload type. ([#847])
* Sending SIGUSR2 to Routinator will re-open a log file if logging
to a file is enabled. ([#859])
* The HTTP server provides a new endpoint `/json-delta/notify` that
can be used to wait for updated data similar to the RTR Notify PDU.
([#863])
* Added support for filtering and adding router keys via local
exception files. ([#865])
* The `vrps` command and the HTTP payload output endpoints now
allow excluding specific payload types for output. ([#866])
* Added a new member `payload` to the output of the `/api/v1/status`
endpoint that gives an overall summary of the produced payload.
([#867])
* Added new members `generated` and `generatedTime` to the JSON
object produced by the `/json-delta` endpoint. ([#868])
Breaking Changes
* A new field `aspa` was added to the jsonext format. See the manual
page for more information. ([#847])
* A number of ASPA-related fields have been added to all metrics
and status formats. ([#847])
* Renamed functions and attributes that refer to standalone end
entity certificates to refer to router certificates so they don't
get confused with the end entity certificates included with signed
objects. ([#854])
* Renamed the JSON member in the HTTP status API from `validEECerts`
to `validRouterCerts`. The old name is still available but may be
removed in the future. ([#854])
* The regular `json` output format now includes router key and ASPA
output. Since both are disabled by default, the format will still
be compatible by default. ([#866])
* The minimal required Rust version has been increased to 1.70.
([#847], [#853], [#869], [#879])
Bug Fixes
* Fixed a bug in the RTR server where it would include router key
PDUs even if the negotiated protocol version was 0. (via [rpki-rs
#250])
* Restored the ability to parse ASNs in JSON input to the `validity`
command as string or number. ([#861])
* Update bcder to at least 0.7.3 to fix various decoding issues
that could lead to a panic when processing invalid RPKI objects.
* Check the request URI when generating a path for storing a copy
of a RRDP response with the `rrdp-keep-responses` option to avoid
path traversal. ([#894]. Found by Haya Shulman, Donika Mirdita and
Niklas Vogel. Assigned CVE-2023-39916.)
Other Changes
* The log message for missing manifest now include the URI of the
CA certificate for which the manifest is missing. ([#864])
* Binary packages are now also built for Debian _bookworm._ ([#881])
[#847]: https://github.com/NLnetLabs/routinator/pull/847
[#853]: https://github.com/NLnetLabs/routinator/pull/853
[#854]: https://github.com/NLnetLabs/routinator/pull/854
[#859]: https://github.com/NLnetLabs/routinator/pull/859
[#861]: https://github.com/NLnetLabs/routinator/pull/861
[#863]: https://github.com/NLnetLabs/routinator/pull/863
[#864]: https://github.com/NLnetLabs/routinator/pull/864
[#865]: https://github.com/NLnetLabs/routinator/pull/865
[#866]: https://github.com/NLnetLabs/routinator/pull/866
[#867]: https://github.com/NLnetLabs/routinator/pull/867
[#868]: https://github.com/NLnetLabs/routinator/pull/868
[#869]: https://github.com/NLnetLabs/routinator/pull/869
[#873]: https://github.com/NLnetLabs/routinator/pull/873
[#874]: https://github.com/NLnetLabs/routinator/pull/874
[#878]: https://github.com/NLnetLabs/routinator/pull/878
[#879]: https://github.com/NLnetLabs/routinator/pull/879
[#881]: https://github.com/NLnetLabs/routinator/pull/881
[#894]: https://github.com/NLnetLabs/routinator/pull/894
[rpki-rs #250]: https://github.com/NLnetLabs/rpki-rs/pull/250
[draft-ietf-sidrops-aspa-profile-15]: \
https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-profile/15/
|
2023-09-14 10:43:46 by Havard Eidnes | Files touched by this commit (3) | |
Log message:
Upgrade routinator to version 0.12.2.
Pkgsrc changes:
* Update cargo-depends.mk, update checksums.
Upstream changes:
## 0.12.2 "Brutti, sporchi e cattivi"
Release 2023-09-13.
Bug Fixes
* Fixed various decoding issues that could lead to a panic when processing
invalid RPKI objects. ([#891], via bcder release 0.7.3. Found by
Haya Shulman, Donika Mirdita and Niklas Vogel. Assigned CVE-2023-39915)
* Check the request URI when generating a path for storing a copy of a RRDP
response with the `rrdp-keep-responses` option to avoid path traversal.
([#892]. Found by Haya Shulman, Donika Mirdita and Niklas Vogel.
Assigned CVE-2023-39916.)
[#891]: https://github.com/NLnetLabs/routinator/pull/891
[#892]: https://github.com/NLnetLabs/routinator/pull/892
## 0.12.1 "Plan uw reis in de app"
Released 2023-01-04.
There are no changes since 0.12.1-rc2.
## 0.12.1-rc2
Released 2022-12-13.
Bug Fixes
* Allow private keys prefixed both with `BEGIN PRIVATE KEY` and
`BEGIN RSA PRIVATE KEY` in the files referred to by `http-tls-key` and
`rtr-tls-key` configuration options. ([#831], [#832])
[#831]: https://github.com/NLnetLabs/routinator/pull/831
[#832]: https://github.com/NLnetLabs/routinator/pull/831
## 0.12.1-rc1
Released 2022-12-05.
Bug Fixes
* Actually use the `extra-tals-dir` config file option. ([#821])
* On Unix, if chroot is requested but no working directory is explicitly
provided, set the working directory to the chroot directory. ([#823])
* Fixed the error messages printed when the `http-tls-key` or
`http-tls-cert` options are required but missing. They now refer to HTTP
and not, as previously, to RTR. ([#824] by [@SanderDelden])
Other Changes
* Switch the packaging workflow to use [Ploutos]. ([#816])
[#816]: https://github.com/NLnetLabs/routinator/pull/816
[#821]: https://github.com/NLnetLabs/routinator/pull/821
[#823]: https://github.com/NLnetLabs/routinator/pull/823
[#824]: https://github.com/NLnetLabs/routinator/pull/824
[@SanderDelden]: https://github.com/SanderDelden
[Ploutos]: https://github.com/NLnetLabs/ploutos/
|
2022-11-10 14:03:30 by Havard Eidnes | Files touched by this commit (3) | |
Log message:
Upgrade routinator to version 0.12.0.
Pkgsrc changes:
* Update cargo-depends.mk, update checksums.
Upstream changes:
## 0.12.0 "Brutalism and Gardening"
Released 2022-11-10.
Bug Fixes
* Remove a stray newline in summary output.
## 0.12.0-rc1
Released 2022-11-02.
Breaking Changes
* Restructured the TAL configuration in response to the dropped requirement
to opt into the ARIN TAL.
Routinator will now use the bundled RIR TALs directly unless told otherwise
by the new `--no-rir-tals` command line and config option. The additional
bundled TALs can be added via the new `--tal` command line and config
option. Additionally, the TAL directory can still be used via the
`--extra-tals-dir` option. The `tal-dir` option has been removed but will
still be accepted *and ignored* in the config file only.
The `init` command has been removed. ([#796])
* Changed the default configuration option for `unsafe-vrps` to `accept`
and removed all logging or mentioning of unsafe VRPs in this case.
([#761])
* Setting the `rsync-timeout` option to 0 now disables the rsync timeout.
([#798])
* Refactored error handling. Routinator now logs the reason why an object
failed verification or was otherwise rejected. ([#755])
* Removed the deprecated `rrdp-disable-gzip` configuration option.
([#769])
New
* The new `limit-v4-len` and `limit-v6-len` command line and config file
options allow limiting the length of IPv4 and IPv6 prefixes,
respectively, to be included in the VRP data set. ([#810])
* The new `rrdp-fallback` command line and config file option
allows specifying the circumstances under which a failed RRDP fetch
should result in using rsync instead. Supported polices are `never` for
never falling back to using rsync, `stale` for the current behavior of
falling back when RRDP has failed for some time, and `new` to only fall
back for repositories where RRDP has never worked before. ([#799])
* In the extended `jsonext` output format, the information for VRPs and
router keys derived from RPKI data has gained a new member `"tal"` that
shows the name of the TAL this object was published under. ([#765])
* The log output to files, stderr, and the `/log` HTTP endpoint now
includes the log level of the message to make it more clear how
important the message really is. ([#797])
* The RTR client metrics have been extended by three new values allowing
to track the time since last cache reset and the number of reset and
serial queries. Like all RTR client metrics, these new values are only
available if enable explicitly via the `rtr-client-metrics` config option.
([#800])
* TCP keepalive is now enabled for RRDP connections. The keepalive
duration can be configured via the new command line and config file option
`rrdp-tcp-keepalive`. ([#801])
Bug Fixes
* Fixed an issue in error handling in the RRDP collector that causes
Routinator to exit if it encountered malformed Base 64 in RRDP snapshot
and delta files. (Found by Donika Mirdita and Haya Shulman. Assigned
[CVE-2022-3029].) ([#784])
* Fixed an issue where RRDP snapshots and deltas with a status code other
than 200 OK were accepted and processed. ([#802])
* Changed how Routinator deals with files in the store that cannot be
parsed. These will now be ignored and the publication point stored in
them considered not available. ([#803])
* When piping output from the `vrps` command into something else, a broken
pipe will not lead to an error message any more. ([#807])
* Fixed various issues with the calculation of RTR metrics. ([#811])
Other Changes
* The minimal required Rust version has been increased to 1.60. ([#792])
* The default Docker image now listens on both port 8323 and 9556 for HTTP
requests. ([#809])
[#755]: https://github.com/NLnetLabs/routinator/pull/755
[#761]: https://github.com/NLnetLabs/routinator/pull/761
[#765]: https://github.com/NLnetLabs/routinator/pull/765
[#769]: https://github.com/NLnetLabs/routinator/pull/769
[#783]: https://github.com/NLnetLabs/routinator/pull/784
[#792]: https://github.com/NLnetLabs/routinator/pull/792
[#796]: https://github.com/NLnetLabs/routinator/pull/796
[#797]: https://github.com/NLnetLabs/routinator/pull/797
[#798]: https://github.com/NLnetLabs/routinator/pull/798
[#799]: https://github.com/NLnetLabs/routinator/pull/799
[#800]: https://github.com/NLnetLabs/routinator/pull/800
[#801]: https://github.com/NLnetLabs/routinator/pull/801
[#802]: https://github.com/NLnetLabs/routinator/pull/802
[#803]: https://github.com/NLnetLabs/routinator/pull/803
[#807]: https://github.com/NLnetLabs/routinator/pull/807
[#809]: https://github.com/NLnetLabs/routinator/pull/809
[#810]: https://github.com/NLnetLabs/routinator/pull/810
[#811]: https://github.com/NLnetLabs/routinator/pull/811
|
2022-09-22 14:31:27 by Havard Eidnes | Files touched by this commit (2) |
Log message:
Upgrade routinator to version 0.11.3.
## 0.11.3
Released 2022-09-13.
Bug Fixes
* Fixes an issue in error handling in the RRDP collector that causes
Routinator to exit if it encountered malformed Base 64 in RRDP snapshot
and delta files. (Found by Donika Mirdita and Haya Shulman. Assigned
[CVE-2022-3029].) ([#781])
[#781]: https://github.com/NLnetLabs/routinator/pull/781
[CVE-2022-3029]: https://nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt
|
2022-08-12 17:01:42 by Havard Eidnes | Files touched by this commit (3) | |
Log message:
Upgrade net/routinator to version 0.11.2.
Pkgsrc changes:
* Checksum updates.
* Tidy up GITHUB tag & associated stuff from using 0.11.0-rc1.
Upstream changes:
## 0.11.2
Released 2022-04-20.
Bug Fixes
* Fixes an issue that caused the RTR server to possibly skip over some
withdrawn VRPs in response to a serial query. (Found by Jay Borkenhagen,
[#747])
[#747]: https://github.com/NLnetLabs/routinator/pull/747
## 0.11.1
Released 2022-04-07
No changes since 0.11.1-rc1.
## 0.11.1-rc1
Released 2022-04-04.
New
* The `dump` command now also copies the stored trust anchor certificates.
The certificates are named in the same way as they are internally using
the hash over their URI. Please consult the [manual][dump-manual] for
details. ([#740])
Bug Fixes
* The `dump` command now removes the internal header before copying
the objects retained by the RRDP collector, i.e., the files copied into
the `rrdp` sub-directory now contain the actual DER encoded data only.
([#735])
* Correctly set the idle time for TCP keepalives on incoming RTR
connections on systems that support it. ([#736])
* Fix an encoding error in the `/delta-json` output. ([#737])
* Truncate the PID file before writing the current PID to it. ([#738])
* Exit with a status of 1 if an error happened. ([#739])
[#735]: https://github.com/NLnetLabs/routinator/pull/735
[#736]: https://github.com/NLnetLabs/routinator/pull/736
[#737]: https://github.com/NLnetLabs/routinator/pull/737
[#738]: https://github.com/NLnetLabs/routinator/pull/738
[#739]: https://github.com/NLnetLabs/routinator/pull/739
[#740]: https://github.com/NLnetLabs/routinator/pull/740
[dump-manual]: https://routinator.docs.nlnetlabs.nl/en/v0.11.1-rc1/dump.html
|
2022-03-01 14:08:13 by Havard Eidnes | Files touched by this commit (3) |
Log message:
Upgrade routinator to version 0.11.0.
Breaking Changes
* The minimal supported Rust version is now 1.52. ([#681])
New
* Add TLS support to the RTR and HTTP servers. ([#677])
* Add support for BGPsec router keys. This needs to be explicitly
enabled via the new `enable-bgpsec` command line and config file
option. ([#693])
* Reject so-called premature manifests, i.e., manifests that have
an issue time before the current time. This is a new requirement
in [draft-ietf-sidrops-6486bis]. ([#681], [#690])
* Add a new output format `slurm` that produces a JSON file formatted
according to [RFC 8416] with the validated payload included in the
locally added assertions. ([#702])
* Make the (standard) JSON payload output available under
`/api/v1/origins` with the same URL parameters.([#707])
* Add a new URI parameter `include=more-specifics` to all HTTP
payload output paths to include all route origins for prefixes that
are more specifics of the selected prefixes. ([#707])
* Add a new option `--more-specifics` to the `vrps` command to
include all route origins for prefixes that are more specifics of
the selected prefixes. ([#714])
* Accept and process HEAD requests for all HTTP paths. ([#707])
Bug Fixes
* Encountering stray files at the top level of the rsync cache
directory will not cause Routinator to exit any more. Instead, it
will just delete those files. ([#675])
* Don't exit when a directory to be deleted doesn't exist. In
particular, this fixes an error in the `dump` command. ([#682])
* Count all valid CRLs for metrics generation during a validation
run. ([#683])
* Don't claim filtering of unsafe VRPs when the policy is `warn`.
(Only the log message was wrong, no VRPs were filtered in this
case.) ([#699])
* Use a TCP listener socket for the RTR server passed in via systemd
socket activation if configured. This was already implemented but
got lost a few versions ago. ([#709])
* Enable TCP keepalive on RTR connections when configured. This,
too, was already implemented but got lost a few versions ago.
([#710])
Other Changes
* Update the NLnet Labs RPKI testbed TAL to the one used by the
new server. ([#637])
[#637]: https://github.com/NLnetLabs/routinator/pull/637
[#675]: https://github.com/NLnetLabs/routinator/pull/675
[#677]: https://github.com/NLnetLabs/routinator/pull/677
[#681]: https://github.com/NLnetLabs/routinator/pull/681
[#682]: https://github.com/NLnetLabs/routinator/pull/682
[#683]: https://github.com/NLnetLabs/routinator/pull/683
[#690]: https://github.com/NLnetLabs/routinator/pull/690
[#693]: https://github.com/NLnetLabs/routinator/pull/693
[#699]: https://github.com/NLnetLabs/routinator/pull/699
[#702]: https://github.com/NLnetLabs/routinator/pull/702
[#709]: https://github.com/NLnetLabs/routinator/pull/709
[#707]: https://github.com/NLnetLabs/routinator/pull/707
[#710]: https://github.com/NLnetLabs/routinator/pull/710
[#714]: https://github.com/NLnetLabs/routinator/pull/714
[draft-ietf-sidrops-6486bis]: \
https://datatracker.ietf.org/doc/draft-ietf-sidrops-6486bis/
[RFC 8416]: https://tools.ietf.org/html/rfc8416
|