mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-05 06:27:37 +00:00
Code Issues Releases Activity

net/routinator: Update to 0.12.2

Browse Source 
Routinator 0.12.2 ‘Brutti, sporchi e cattivi’

This release fixes two issues in Routinator that can be exploited
remotely by rogue RPKI CAs and repositories. We therefore advise all
users of Routinator to upgrade to this release at their earliest
convenience.

The first issue, CVE-2022-39915, can lead to Routinator crashing when
trying to decode certain illegal RPKI objects.

The second issue, CVE-2022-39916, only affects users that have the
rrdp-keep-responses option enabled which allows storing all received
RRDP responses on disk. Because the file name for these responses is
derived from the URI and the path wasn’t checked properly, a RRDP URI
could be constructed that results in the response stored outside the
directory, possibly overwriting existing files.

We would like to thank Haya Shulman, Donika Mirdita and Niklas Vogel
for discovering and reporting these issues.

Changelog: https://nlnetlabs.nl/news/2023/Sep/13/routinator-0.12.2-released/

PR:		273826
MFH:		2023Q3
This commit is contained in:
Jaap Akkerhuis 2023-09-15 14:04:30 +02:00 committed by Robert Clausecker
parent 13279411a2
commit 9e3ed402d0
3 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
net/routinator/Makefile
View File

@ -1,7 +1,6 @@
PORTNAME= routinator
DISTVERSIONPREFIX= v
DISTVERSION= 0.12.1
PORTREVISION= 6
DISTVERSION= 0.12.2
CATEGORIES= net
MASTER_SITES= ${ROUTINATOR_UI_URL}/v${ROUTINATOR_UI_VERSION}/:0
DISTFILES+= routinator-ui-build.tar.gz:0

2
net/routinator/Makefile.crates
View File

@ -3,7 +3,7 @@ CARGO_CRATES= adler-1.0.2 \
arc-swap-1.5.1 \
autocfg-1.1.0 \
base64-0.13.1 \
bcder-0.7.0 \
bcder-0.7.3 \
bitflags-1.3.2 \
bumpalo-3.11.1 \
bytes-1.3.0 \

10
net/routinator/distinfo
View File

@ -1,4 +1,4 @@
TIMESTAMP = 1672860799
TIMESTAMP = 1694695974
SHA256 (routinator-ui-build.tar.gz) = 7079096b3fd986aa01b03cf3e743cf74d37b8441d312844c25e2b065deed8290
SIZE (routinator-ui-build.tar.gz) = 756828
SHA256 (rust/crates/adler-1.0.2.crate) = f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe
@ -11,8 +11,8 @@ SHA256 (rust/crates/autocfg-1.1.0.crate) = d468802bab17cbc0cc575e9b053f41e72aa36
SIZE (rust/crates/autocfg-1.1.0.crate) = 13272
SHA256 (rust/crates/base64-0.13.1.crate) = 9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8
SIZE (rust/crates/base64-0.13.1.crate) = 61002
SHA256 (rust/crates/bcder-0.7.0.crate) = f007d8acfb8ef7d219911c7164c025a6d3504735120fc5df59c3c479ab84ea51
SIZE (rust/crates/bcder-0.7.0.crate) = 61289
SHA256 (rust/crates/bcder-0.7.3.crate) = bf16bec990f8ea25cab661199904ef452fcf11f565c404ce6cffbdf3f8cbbc47
SIZE (rust/crates/bcder-0.7.3.crate) = 63569
SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a
SIZE (rust/crates/bitflags-1.3.2.crate) = 23021
SHA256 (rust/crates/bumpalo-3.11.1.crate) = 572f695136211188308f16ad2ca5c851a712c464060ae6974944458eb83880ba
@ -411,5 +411,5 @@ SHA256 (rust/crates/winreg-0.10.1.crate) = 80d0f4e272c85def139476380b12f9ac60926
SIZE (rust/crates/winreg-0.10.1.crate) = 25725
SHA256 (rust/crates/xattr-0.2.3.crate) = 6d1526bbe5aaeb5eb06885f4d987bcdfa5e23187055de9b83fe00156a821fabc
SIZE (rust/crates/xattr-0.2.3.crate) = 11959
SHA256 (NLnetLabs-routinator-v0.12.1_GH0.tar.gz) = 8150fe544f89205bb2d65bca46388f055cf13971d3163fe17508bf231f9ab8bc
SIZE (NLnetLabs-routinator-v0.12.1_GH0.tar.gz) = 5426830
SHA256 (NLnetLabs-routinator-v0.12.2_GH0.tar.gz) = 5cc9c4aa4524bcde205c97c373e941db812675dc73dc42807c15aeb8bfbde22b
SIZE (NLnetLabs-routinator-v0.12.2_GH0.tar.gz) = 5427788