head	1.14;
access;
symbols
	pkgsrc-2026Q1:1.14.0.4
	pkgsrc-2026Q1-base:1.14
	pkgsrc-2025Q4:1.14.0.2
	pkgsrc-2025Q4-base:1.14
	pkgsrc-2025Q3:1.13.0.6
	pkgsrc-2025Q3-base:1.13
	pkgsrc-2025Q2:1.13.0.4
	pkgsrc-2025Q2-base:1.13
	pkgsrc-2025Q1:1.13.0.2
	pkgsrc-2025Q1-base:1.13
	pkgsrc-2024Q4:1.11.0.2
	pkgsrc-2024Q4-base:1.11
	pkgsrc-2024Q3:1.10.0.4
	pkgsrc-2024Q3-base:1.10
	pkgsrc-2024Q2:1.10.0.2
	pkgsrc-2024Q2-base:1.10
	pkgsrc-2024Q1:1.8.0.2
	pkgsrc-2024Q1-base:1.8
	pkgsrc-2023Q4:1.7.0.4
	pkgsrc-2023Q4-base:1.7
	pkgsrc-2023Q3:1.7.0.2
	pkgsrc-2023Q3-base:1.7
	pkgsrc-2023Q2:1.5.0.6
	pkgsrc-2023Q2-base:1.5
	pkgsrc-2023Q1:1.5.0.4
	pkgsrc-2023Q1-base:1.5
	pkgsrc-2022Q4:1.5.0.2
	pkgsrc-2022Q4-base:1.5
	pkgsrc-2022Q3:1.4.0.2
	pkgsrc-2022Q3-base:1.4
	pkgsrc-2022Q2:1.2.0.4
	pkgsrc-2022Q2-base:1.2
	pkgsrc-2022Q1:1.2.0.2
	pkgsrc-2022Q1-base:1.2
	pkgsrc-2021Q4:1.1.0.2
	pkgsrc-2021Q4-base:1.1;
locks; strict;
comment	@# @;


1.14
date	2025.10.07.16.25.44;	author he;	state Exp;
branches;
next	1.13;
commitid	YpM3xo8qugJwKEdG;

1.13
date	2025.01.22.18.55.31;	author he;	state Exp;
branches;
next	1.12;
commitid	MmiyoMf9uGlbSvGF;

1.12
date	2025.01.22.18.44.53;	author he;	state Exp;
branches;
next	1.11;
commitid	yEpxjQoqsi4wOvGF;

1.11
date	2024.12.18.08.26.28;	author wiz;	state Exp;
branches;
next	1.10;
commitid	9DKBwJbS9M9fwXBF;

1.10
date	2024.05.06.13.48.32;	author he;	state Exp;
branches;
next	1.9;
commitid	cfx2YpKKUZuWyW8F;

1.9
date	2024.04.19.11.59.27;	author he;	state Exp;
branches;
next	1.8;
commitid	NdYDlmPJcJxxvK6F;

1.8
date	2024.01.24.14.13.23;	author he;	state Exp;
branches;
next	1.7;
commitid	lHWYCrYkjtOT0IVE;

1.7
date	2023.09.21.17.53.31;	author he;	state Exp;
branches;
next	1.6;
commitid	bVTlLyrbejhufFFE;

1.6
date	2023.09.14.08.43.46;	author he;	state Exp;
branches;
next	1.5;
commitid	Jx73fXnoR3SMqIEE;

1.5
date	2022.11.10.13.03.30;	author he;	state Exp;
branches;
next	1.4;
commitid	CJ35hUfXEq5OL91E;

1.4
date	2022.09.22.12.31.27;	author he;	state Exp;
branches;
next	1.3;
commitid	duSlWN2M1aPAYQUD;

1.3
date	2022.08.12.15.01.42;	author he;	state Exp;
branches;
next	1.2;
commitid	b8S7Sjh8EBoGjBPD;

1.2
date	2022.03.01.13.08.13;	author he;	state Exp;
branches;
next	1.1;
commitid	kLlVFh2UfCJCXvuD;

1.1
date	2021.11.09.18.53.05;	author he;	state Exp;
branches;
next	;
commitid	81lJUfwYoWWUs9gD;


desc
@@


1.14
log
@Upgrade net/routinator to version 0.15.1.

Pkgsrc changes:
 * Version bump + checksum updates.

Upstream changes:

## 0.15.1 "Ain't No Country Club Either"

Released 2025-10-07.

Bug fixes

* Abort the optimistic initial run if there are no stored TA certificates
  for a TAL instead of succeeding with an empty data set. ([#1071])
* Undo `PrivateUsers` restriction in systemd unit files to allow user to run
  Routinator on privileged ports. ([#1068])

[#1068]: https://github.com/NLnetLabs/routinator/pull/1068
[#1071]: https://github.com/NLnetLabs/routinator/pull/1071


## 0.15.0 "This Ain't No Disco"

Released 2025-09-30

There have been no changes since 0.15.0-rc1.

## 0.15.0-rc1

Released 2025-09-18.

Breaking changes

* Removed the `rrdp-keep-responses` feature. We suggest the use of an HTTP
  proxy such as [mitmproxy] instead.

  This once and for all fixes [CVE-2023-39916] which returned again in
  release 0.14.0. ([#1055])
* Messages about issues with repositories and publication points are now
  logged separately and by default are only visible in the status HTTP
  server endpoints. The new `log-repository-issues` option can be used to
  have these messages also written to the log. ([#1054])
* Changed how server mode deals with broken or missing local exception
  files. Previously, Routinator would just stop updating until they are
  fixed, leading to updates being stalled if the operator misses the error
  messages. Now it will log a warning and keep using the previous set of
  local exceptions. When starting, it will exit with an error message if
  there are broken or missing local exception files. ([#1060])
* Changed the RRDP timeouts: introduced a new config variable
  `rrdp-read-timeout` that provides a timeout for individual network
  operations (primarily: read from the server). Its default is 10 seconds.
  This timeout is also used for connecting of no specific value is given,
  significantly speeding up validation runs.

  In addition, the RRDP timeout was increased from 300 to 600 seconds to
  better deal with slow transmission of large snapshots of some
  repositories. ([#1061])

New

* Added a quick initial run after starting the server which only uses
  stored data and aborts if any required data hasn't been requested
  before to deal with configuration changes. This will shorten the wait
  time for an initial data set when restarting Routinator. ([#1057])
* Added support for SLURM v2 as output format which includes ASPA payload.
  ([#1021])
* Changed refresh behaviour to better cope with short-lived objects. By
  default, Routinator will now wait for the time defined by `refresh` even
  if objects expire earlier. The new `min-refresh` option can be used to
  specify a short minimum refresh time if objects expire before the
  refresh time. If this value is set to 0, the old behaviour is restored.
  ([#1027])
* The order in which manifest entries are processed is now randomized.
  ([#1041])
* Reduced the overhead of storing RRDP snapshot downloads, significantly
  improving the snapshot update times. ([#1035])
* The `dump` command now prints the source directories of the data it
  dumps. ([#1045])
* Added a `--update-after` option to the `vrps` subcommand that skips
  updating the local cache if the last successful validation run was known
  to be less than a given number of minutes ago. ([#1049])
* Error responses for API-related HTTP endpoints now contain JSON bodies.
  ([#1050])
* The `/validity` HTTP server endpoint now accepts POST requests with a
  JSON body containing multiple routes to be checked all at once.
  ([#1053])
* Better protect against corrupted stored publication points by double
  checking cached manifest properties against the actual manifest and
  discard the stored publication point if they mismatch.

  This fixes an issue where an accidentally or maliciously manipulated
  locally stored manifest could block update of a legitimate new manifest
  which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang,
  Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC),
  Tsinghua University.

Bug fixes

* Fixed a crash if certain invalid character appear in a manifest file
  name by limiting the name to the rules defined in [RFC9286]. This issue
  was reported by  Niklas Vogel of Goethe University Frankfurt and ATHENE.
  ([rpki-rs#342])
* Re-implemented RRDP client metrics based on the much simpler model used
  by RTRTR to fix recurring errors in the metrics. ([#1039])
* Changed the message logged when an RRDP update times out to actually say
  that. ([#1052])

Other changes

* Improved performance of file system operations on validate subcommand.
  ([#1043] by [@@kawaemon])
* Add package.homepage to Cargo.toml ([#1024])
* Added building packages for RHEL 10 and Debian 13. ([#1034], [#1047])
* Added building packages for ARMv6 and ARM64 for Debian Bookworm.
  ([#1036])
* Added additional restrictions to the systemd unit files used in the
  various binary packages. ([#1056])
* Upgrades various dependencies. ([#1004], [#1005], [#1006])

[#1004]: https://github.com/NLnetLabs/routinator/pull/1004
[#1005]: https://github.com/NLnetLabs/routinator/pull/1005
[#1006]: https://github.com/NLnetLabs/routinator/pull/1006
[#1014]: https://github.com/NLnetLabs/routinator/pull/1014
[#1021]: https://github.com/NLnetLabs/routinator/pull/1021
[#1024]: https://github.com/NLnetLabs/routinator/pull/1024
[#1027]: https://github.com/NLnetLabs/routinator/pull/1027
[#1034]: https://github.com/NLnetLabs/routinator/pull/1034
[#1035]: https://github.com/NLnetLabs/routinator/pull/1035
[#1036]: https://github.com/NLnetLabs/routinator/pull/1036
[#1039]: https://github.com/NLnetLabs/routinator/pull/1039
[#1041]: https://github.com/NLnetLabs/routinator/pull/1041
[#1043]: https://github.com/NLnetLabs/routinator/pull/1043
[#1045]: https://github.com/NLnetLabs/routinator/pull/1045
[#1047]: https://github.com/NLnetLabs/routinator/pull/1047
[#1049]: https://github.com/NLnetLabs/routinator/pull/1049
[#1052]: https://github.com/NLnetLabs/routinator/pull/1052
[#1053]: https://github.com/NLnetLabs/routinator/pull/1053
[#1055]: https://github.com/NLnetLabs/routinator/pull/1055
[#1056]: https://github.com/NLnetLabs/routinator/pull/1056
[#1057]: https://github.com/NLnetLabs/routinator/pull/1057
[#1060]: https://github.com/NLnetLabs/routinator/pull/1060
[#1061]: https://github.com/NLnetLabs/routinator/pull/1061
[rpki-rs#342]: https://github.com/NLnetLabs/rpki-rs/pull/342
[@@kawaemon]: https://github.com/kawaemon
[mitmproxy]: https://www.mitmproxy.org/
[RFC9286]: https://tools.ietf.org/html/rfc9286
[CVE-2023-39916]: https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt

## 0.14.2 "Roll Initiative!"

Released 2025-03-04.

There have been no changes since 0.14.2-rc1.


## 0.14.2-rc1

Released 2025-03-04.

Other changes

* Upgrades the bundled Routinator UI to release [0.4.5][routinator-ui v0.4.5].
  ([#1014])

[#1015]: https://github.com/NLnetLabs/routinator/pull/1015
[routinator-ui v0.4.5]: https://github.com/NLnetLabs/routinator-ui/releases/tag/v0.4.5
@
text
@# $NetBSD: Makefile,v 1.13 2025/01/22 18:55:31 he Exp $

VER=		0.15.1
DISTNAME=	routinator-${VER}
CATEGORIES=	net
MASTER_SITES=	${MASTER_SITE_GITHUB:=NLnetLabs/}
GITHUB_TAG=	v${VER}
GITHUB_PROJECT=	routinator

MAINTAINER=	pkgsrc-users@@NetBSD.org
HOMEPAGE=	https://github.com/NLnetLabs/routinator
COMMENT=	Validate RPKI ROA against routing announcements
LICENSE=	modified-bsd

# 0.13.0 requires minimum this rust version:
RUST_REQ=		1.74.0

# This can reportedly go away in 0.14.0:
ALLOW_NETWORK_ACCESS=	1

.include "cargo-depends.mk"

DOCDIR=		${PREFIX}/share/doc/${PKGBASE}
EGDIR=		${PREFIX}/share/examples/${PKGBASE}

INSTALLATION_DIRS=	bin ${PKGMANDIR}/man1 ${DOCDIR} ${EGDIR}

.include "../../mk/bsd.prefs.mk"

# toolchain/54192, induces rtld issues
.if ${OPSYS} == "NetBSD"
MAKE_JOBS_SAFE=	no
.endif

do-build:
	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} \
		${PREFIX}/bin/cargo \
		build --locked --frozen \
		-j ${_MAKE_JOBS_N}

do-install:
	${INSTALL_PROGRAM} ${WRKSRC}/target/debug/routinator \
		${DESTDIR}${PREFIX}/bin
	${INSTALL_MAN} ${WRKSRC}/doc/routinator.1 \
		${DESTDIR}${PREFIX}/${PKGMANDIR}/man1
	${INSTALL_DATA} ${WRKSRC}/README.md ${DESTDIR}${DOCDIR}
	${INSTALL_DATA} ${WRKSRC}/./etc/routinator.conf.example \
		${DESTDIR}${EGDIR}

.include "../../lang/rust/cargo.mk"
.include "../../mk/bsd.pkg.mk"
@


1.13
log
@net/routinator: now appears no longer BROKEN w/newer rust.

Built OK with rust 1.82.0 on NetBSD/amd64.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.12 2025/01/22 18:44:53 he Exp $
d3 1
a3 1
VER=		0.14.1
@


1.12
log
@net/routinator: upgrade to version 0.14.1.

Pkgsrc changes:
 * Basically only cargo-depends and checksum changes.

Upstream changes:

Version 0.14.1 -- "Black Cats and Voodoo Dolls"
===============================================

This release fixes a crash when the file names listed in a manifest
contain illegal characters. We recommend all users to upgrade to
this version.

New
 * ASPA support is now always compiled in and available if
   enable-aspa is set. The aspa Cargo feature has been removed.
   (#990)
 * If merging mutliple ASPA objects for a single customer ASN
   results in more than 16,380 provider ASNs, the ASPA is dropped.
   (Note that ASPA objects with more than 16,380 provider ASNs
   are already rejected during parsing.) (#996)
 * New archive-stats command that shows some statistics of an RRDP
   archive. (#982)
 * Re-enabled the use of GZIP compression in HTTP request sent by
   the RRDP collector. Measures to deal with exploding data have
   been implemented in rpki-rs#319. (#997)

Bug fixes
 * Fixed an issue with checking the file names in manifests that
   let to a crash when non-ASCII characters are used. (rpki-rs#320,
   reported by Haya Schulmann and Niklas Vogel of Goethe University
   Frankfurt/ATHENE Center and assigned CVE-2025-0638)
 * The validation HTTP endpoints now accept prefixes with non-zero
   host bits. (#987)
 * Removed duplicate rtr_client_reset_queries in HTTP metrics.
   (#992 by @@sleinen)
 * Improved disk space consumption of the new RRDP archives by
   re-using empty space when updating an object and padding all
   objects to a multiple of 256 bytes. (#982)

Other changes
 * The minimum supported Rust version is now 1.74. (#999)
 * Added packaging support for Ubuntu 24.04 and removed support
   for Debian Stretch 9, Ubuntu Xenial 16.04, Ubuntu Bionic 18.04,
   and Centos 7 (#980, #994)
 * Upgraded the bundled routinator-ui to release [ui-0.4.3][0.4.3].

Version 0.14.0 -- "You Must Gather Your Party Before Venturing Forth"
=====================================================================

Breaking changes
 * Keep the content of an RRDP repository in a single file rather
   than as individual files under a directory. (#886)
 * Switched to the all-new version 0.4 of the Routinator UI. This
   also changes the way we import the UI into Routinator by simply
   including the built assets which means downloads are not necessary
   during the build process any more. (#952)
 * Changed the summary output format to have all lines end in a
   semicolon. (#907)
 * Changed the options used for rsync. The options -rtO --delete
   are now always used. The options set in the rsync-args are added
   or, if that is not used, -z and --no-motd, as well as --contimeout=10
   if it is supported by the rsync command, and --max-size if the
   max-object-size option has not been set to 0. (#962)

New
 * The chain_validity value in the jsonext format now considers
   the validity of the manifest's EE certificates. A new stale
   value shows the time when any of the publication points along
   the way will become stale. (#945)
 * If a collected manifest has a lower manifest number or an older
   thisUpdate field than a stored manifest for the same CA, the
   collected manifest is ignored and the stored publication point
   is used instead. This implements a requirement added in RFC
   9286. (#946, #954)
 * The number of delta entries in a RRDP notification file is now
   limited to 500 by default. If there are more entries, the deltas
   are ignored and the snapshot is used. The limit can be changed
   through the new rrdp-max-delta-list-len configuration value.
   (#961)
 * The RRDP collector now falls back to a snapshot update if the
   hash of a delta listed in the notification file has changed from
   the previous update. This implements
   draft-ietf-sidrops-rrdp-desynchronization-00. (#951)
 * The RRDP collector now enforces that all URIs referred to or
   redirected to by an RRDP server have the same origin as the
   rpkiNotify URI in the CA certificate. (#953)
 * The config file used is now printed for some commands. This
   should help with avoiding confusion when running Routinator as
   different users. (#959)

Bug fixes
 * Fixed an issue where the refresh time was calculated as zero
   under certain conditions until the dataset was updated. (#940)
 * Add the current RRDP serial number to the RRDP server metrics
   when a Not Modified response is received so that Prometheus
   shows a constant value.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.11 2024/12/18 08:26:28 wiz Exp $
a14 2
BROKEN=		"Does not support rust>=1.80"

@


1.11
log
@routinator: mark as BROKEN for rust>=1.80
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.10 2024/05/06 13:48:32 he Exp $
d3 2
a4 1
DISTNAME=	routinator-0.13.2
d7 1
a7 1
GITHUB_TAG=	v${PKGVERSION_NOREV}
d18 1
a18 1
RUST_REQ=		1.70.0
@


1.10
log
@net/routinator: allow network access during build.

This can reportedly be reverted once 0.14.0 is released
and packaged.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.9 2024/04/19 11:59:27 he Exp $
d14 2
@


1.9
log
@Upgrade net/routinator to version 0.13.2.

Pkgsrc changes:
 * Version bump + checksum updates.

Upstream changes:

0.13.2 -- "Existential Funk"

Released 2024-01-26.

Bug Fixes

* Fix the RTR listener so that Routinator won't exit if an
  incoming RTR connection is closed again too quickly. ([#937],
  reported by Yohei Nishimura, Atsushi Enomoto, Ruka Miyachi;
  Internet Multifeed Co., Japan.  Assigned [CVE-2024-1622].)

[#937]: https://github.com/NLnetLabs/routinator/pull/937
[CVE-2024-1622]: https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.8 2024/01/24 14:13:23 he Exp $
d17 3
@


1.8
log
@Update net/routinator to version 0.13.1.

Pkgsrc changes:
 * Bump version & re-compute cargo-depends.

Upstream changes:

New

* Added support for private keys marked as "EC PRIVATE KEY" in the
  PEM files for TLS server configuration. ([#921])
* The rsync collector now logs stderr output of the rsync command
  directly instead of collecting it and logging it in one go after
  the commend returned. ([#290])

Bug Fixes

* The `dump` command will now succeed even if certain directories
  or files in the repository cache are missing. ([#916])
* A more meaningful message is now printed when decoding RPKI
  objects fails. It will still not give much detail but at least it
  isn't confusing any more. ([#917])

Other changes

* Updated the `nlnetlabs-testbed` TAL to the current location and
  key. ([#922])

[#916]: https://github.com/NLnetLabs/routinator/pull/916
[#917]: https://github.com/NLnetLabs/routinator/pull/917
[#920]: https://github.com/NLnetLabs/routinator/pull/920
[#921]: https://github.com/NLnetLabs/routinator/pull/921
[#922]: https://github.com/NLnetLabs/routinator/pull/922
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.7 2023/09/21 17:53:31 he Exp $
d3 1
a3 1
DISTNAME=	routinator-0.13.1
@


1.7
log
@Upgrade routinator to version 0.13.0.

Pkgsrc changes:
 * Update cargo-depends.mk, update checksums.

Upstream changes:

Release v0.13.0 -- 'Should Have Started This in a Screen'

New

* Added support for ASPA. Processing needs to be enabled via the
  new option `enable-aspa` which is only available if the `aspa`
  feature is explicitly selected during compilation. This is due to
  the specification still changing. The implementation currently
  conforms with [draft-ietf-sidrops-aspa-profile-15].  ([#847],
  [#873], [#874], [#878])
* Added support for version 2 of the RTR protocol. This primarly
  means support for the ASPA payload type. ([#847])
* Sending SIGUSR2 to Routinator will re-open a log file if logging
  to a file is enabled. ([#859])
* The HTTP server provides a new endpoint `/json-delta/notify` that
  can be used to wait for updated data similar to the RTR Notify PDU.
  ([#863])
* Added support for filtering and adding router keys via local
  exception files. ([#865])
* The `vrps` command and the HTTP payload output endpoints now
  allow excluding specific payload types for output. ([#866])
* Added a new member `payload` to the output of the `/api/v1/status`
  endpoint that gives an overall summary of the produced payload.
  ([#867])
* Added new members `generated` and `generatedTime` to the JSON
  object produced by the `/json-delta` endpoint. ([#868])

Breaking Changes

* A new field `aspa` was added to the jsonext format. See the manual
  page for more information. ([#847])
* A number of ASPA-related fields have been added to all metrics
  and status formats. ([#847])
* Renamed functions and attributes that refer to standalone end
  entity certificates to refer to router certificates so they don't
  get confused with the end entity certificates included with signed
  objects. ([#854])
* Renamed the JSON member in the HTTP status API from `validEECerts`
  to `validRouterCerts`. The old name is still available but may be
  removed in the future. ([#854])
* The regular `json` output format now includes router key and ASPA
  output. Since both are disabled by default, the format will still
  be compatible by default. ([#866])
* The minimal required Rust version has been increased to 1.70.
  ([#847], [#853], [#869], [#879])

Bug Fixes

* Fixed a bug in the RTR server where it would include router key
  PDUs even if the negotiated protocol version was 0. (via [rpki-rs
  #250])
* Restored the ability to parse ASNs in JSON input to the `validity`
  command as string or number. ([#861])
* Update bcder to at least 0.7.3 to fix various decoding issues
  that could lead to a panic when processing invalid RPKI objects.
* Check the request URI when generating a path for storing a copy
  of a RRDP response with the `rrdp-keep-responses` option to avoid
  path traversal. ([#894]. Found by Haya Shulman, Donika Mirdita and
  Niklas Vogel. Assigned CVE-2023-39916.)


Other Changes

* The log message for missing manifest now include the URI of the
  CA certificate for which the manifest is missing. ([#864])
* Binary packages are now also built for Debian _bookworm._ ([#881])

[#847]: https://github.com/NLnetLabs/routinator/pull/847
[#853]: https://github.com/NLnetLabs/routinator/pull/853
[#854]: https://github.com/NLnetLabs/routinator/pull/854
[#859]: https://github.com/NLnetLabs/routinator/pull/859
[#861]: https://github.com/NLnetLabs/routinator/pull/861
[#863]: https://github.com/NLnetLabs/routinator/pull/863
[#864]: https://github.com/NLnetLabs/routinator/pull/864
[#865]: https://github.com/NLnetLabs/routinator/pull/865
[#866]: https://github.com/NLnetLabs/routinator/pull/866
[#867]: https://github.com/NLnetLabs/routinator/pull/867
[#868]: https://github.com/NLnetLabs/routinator/pull/868
[#869]: https://github.com/NLnetLabs/routinator/pull/869
[#873]: https://github.com/NLnetLabs/routinator/pull/873
[#874]: https://github.com/NLnetLabs/routinator/pull/874
[#878]: https://github.com/NLnetLabs/routinator/pull/878
[#879]: https://github.com/NLnetLabs/routinator/pull/879
[#881]: https://github.com/NLnetLabs/routinator/pull/881
[#894]: https://github.com/NLnetLabs/routinator/pull/894
[rpki-rs #250]: https://github.com/NLnetLabs/rpki-rs/pull/250
[draft-ietf-sidrops-aspa-profile-15]: https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-profile/15/
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.6 2023/09/14 08:43:46 he Exp $
d3 1
a3 1
DISTNAME=	routinator-0.13.0
@


1.6
log
@Upgrade routinator to version 0.12.2.

Pkgsrc changes:
 * Update cargo-depends.mk, update checksums.

Upstream changes:

## 0.12.2 "Brutti, sporchi e cattivi"

Release 2023-09-13.

Bug Fixes

* Fixed various decoding issues that could lead to a panic when processing
  invalid RPKI objects. ([#891], via bcder release 0.7.3. Found by
  Haya Shulman, Donika Mirdita and Niklas Vogel. Assigned CVE-2023-39915)
* Check the request URI when generating a path for storing a copy of a RRDP
  response with the `rrdp-keep-responses` option to avoid path traversal.
  ([#892]. Found by Haya Shulman, Donika Mirdita and Niklas Vogel.
  Assigned CVE-2023-39916.)

[#891]: https://github.com/NLnetLabs/routinator/pull/891
[#892]: https://github.com/NLnetLabs/routinator/pull/892


## 0.12.1 "Plan uw reis in de app"

Released 2023-01-04.

There are no changes since 0.12.1-rc2.


## 0.12.1-rc2

Released 2022-12-13.

Bug Fixes

* Allow private keys prefixed both with `BEGIN PRIVATE KEY` and
  `BEGIN RSA PRIVATE KEY` in the files referred to by `http-tls-key` and
  `rtr-tls-key` configuration options. ([#831], [#832])

[#831]: https://github.com/NLnetLabs/routinator/pull/831
[#832]: https://github.com/NLnetLabs/routinator/pull/831


## 0.12.1-rc1

Released 2022-12-05.

Bug Fixes

* Actually use the `extra-tals-dir` config file option. ([#821])
* On Unix, if chroot is requested but no working directory is explicitly
  provided, set the working directory to the chroot directory. ([#823])
* Fixed the error messages printed when the `http-tls-key` or
  `http-tls-cert` options are required but missing. They now refer to HTTP
  and not, as previously, to RTR. ([#824] by [@@SanderDelden])

Other Changes

* Switch the packaging workflow to use [Ploutos]. ([#816])

[#816]: https://github.com/NLnetLabs/routinator/pull/816
[#821]: https://github.com/NLnetLabs/routinator/pull/821
[#823]: https://github.com/NLnetLabs/routinator/pull/823
[#824]: https://github.com/NLnetLabs/routinator/pull/824
[@@SanderDelden]: https://github.com/SanderDelden
[Ploutos]: https://github.com/NLnetLabs/ploutos/
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.5 2022/11/10 13:03:30 he Exp $
d3 1
a3 1
DISTNAME=	routinator-0.12.2
d14 2
a15 2
# 0.12.0 requires minimum this rust version:
RUST_REQ=		1.60.0
@


1.5
log
@Upgrade routinator to version 0.12.0.

Pkgsrc changes:
 * Update cargo-depends.mk, update checksums.

Upstream changes:

## 0.12.0 "Brutalism and Gardening"

Released 2022-11-10.

Bug Fixes

* Remove a stray newline in summary output.


## 0.12.0-rc1

Released 2022-11-02.

Breaking Changes

* Restructured the TAL configuration in response to the dropped requirement
  to opt into the ARIN TAL.

  Routinator will now use the bundled RIR TALs directly unless told otherwise
  by the new `--no-rir-tals` command  line and config option. The additional
  bundled TALs can be added via the new `--tal` command line and config
  option. Additionally, the TAL directory can still be used via the
  `--extra-tals-dir` option. The `tal-dir` option has been removed but will
  still be accepted *and ignored* in the config file only.

  The `init` command has been removed. ([#796])
* Changed the default configuration option for `unsafe-vrps` to `accept`
  and removed all logging or mentioning of unsafe VRPs in this case.
  ([#761])
* Setting the `rsync-timeout` option to 0 now disables the rsync timeout.
  ([#798])
* Refactored error handling. Routinator now logs the reason why an object
  failed verification or was otherwise rejected. ([#755])
* Removed the deprecated `rrdp-disable-gzip` configuration option.
  ([#769])

New

* The new `limit-v4-len` and `limit-v6-len` command line and config file
  options allow limiting the length of IPv4 and IPv6 prefixes,
  respectively, to be included in the VRP data set. ([#810])
* The new `rrdp-fallback` command line and config file option
  allows specifying the circumstances under which a failed RRDP fetch
  should result in using rsync instead. Supported polices are `never` for
  never falling back to using rsync, `stale` for the current behavior of
  falling back when RRDP has failed for some time, and `new` to only fall
  back for repositories where RRDP has never worked before. ([#799])
* In the extended `jsonext` output format, the information for VRPs and
  router keys derived from RPKI data has gained a new member `"tal"` that
  shows the name of the TAL this object was published under. ([#765])
* The log output to files, stderr, and the `/log` HTTP endpoint now
  includes the log level of the message to make it more clear how
  important the message really is. ([#797])
* The RTR client metrics have been extended by three new values allowing
  to track the time since last cache reset and the number of reset and
  serial queries. Like all RTR client metrics, these new values are only
  available if enable explicitly via the `rtr-client-metrics` config option.
  ([#800])
* TCP keepalive is now enabled for RRDP connections. The keepalive
  duration can be configured via the new command line and config file option
  `rrdp-tcp-keepalive`. ([#801])

Bug Fixes

* Fixed an issue in error handling in the RRDP collector that causes
  Routinator to exit if it encountered malformed Base 64 in RRDP snapshot
  and delta files. (Found by Donika Mirdita and Haya Shulman. Assigned
  [CVE-2022-3029].) ([#784])
* Fixed an issue where RRDP snapshots and deltas with a status code other
  than 200 OK were accepted and processed. ([#802])
* Changed how Routinator deals with files in the store that cannot be
  parsed. These will now be ignored and the publication point stored in
  them considered not available. ([#803])
* When piping output from the `vrps` command into something else, a broken
  pipe will not lead to an error message any more. ([#807])
* Fixed various issues with the calculation of RTR metrics. ([#811])

Other Changes

* The minimal required Rust version has been increased to 1.60. ([#792])
* The default Docker image now listens on both port 8323 and 9556 for HTTP
  requests. ([#809])

[#755]: https://github.com/NLnetLabs/routinator/pull/755
[#761]: https://github.com/NLnetLabs/routinator/pull/761
[#765]: https://github.com/NLnetLabs/routinator/pull/765
[#769]: https://github.com/NLnetLabs/routinator/pull/769
[#783]: https://github.com/NLnetLabs/routinator/pull/784
[#792]: https://github.com/NLnetLabs/routinator/pull/792
[#796]: https://github.com/NLnetLabs/routinator/pull/796
[#797]: https://github.com/NLnetLabs/routinator/pull/797
[#798]: https://github.com/NLnetLabs/routinator/pull/798
[#799]: https://github.com/NLnetLabs/routinator/pull/799
[#800]: https://github.com/NLnetLabs/routinator/pull/800
[#801]: https://github.com/NLnetLabs/routinator/pull/801
[#802]: https://github.com/NLnetLabs/routinator/pull/802
[#803]: https://github.com/NLnetLabs/routinator/pull/803
[#807]: https://github.com/NLnetLabs/routinator/pull/807
[#809]: https://github.com/NLnetLabs/routinator/pull/809
[#810]: https://github.com/NLnetLabs/routinator/pull/810
[#811]: https://github.com/NLnetLabs/routinator/pull/811
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.4 2022/09/22 12:31:27 he Exp $
d3 1
a3 1
DISTNAME=	routinator-0.12.0
@


1.4
log
@Upgrade routinator to version 0.11.3.

## 0.11.3
Released 2022-09-13.

Bug Fixes

* Fixes an issue in error handling in the RRDP collector that causes
  Routinator to exit if it encountered malformed Base 64 in RRDP snapshot
  and delta files. (Found by Donika Mirdita and Haya Shulman. Assigned
  [CVE-2022-3029].) ([#781])

[#781]: https://github.com/NLnetLabs/routinator/pull/781
[CVE-2022-3029]: https://nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.3 2022/08/12 15:01:42 he Exp $
d3 1
a3 1
DISTNAME=	routinator-0.11.3
d14 2
a15 2
# 0.11.0 requires minimum this rust version:
RUST_REQ=		1.52.0
@


1.3
log
@Upgrade net/routinator to version 0.11.2.

Pkgsrc changes:
 * Checksum updates.
 * Tidy up GITHUB tag & associated stuff from using 0.11.0-rc1.

Upstream changes:

## 0.11.2

Released 2022-04-20.

Bug Fixes

* Fixes an issue that caused the RTR server to possibly skip over some
  withdrawn VRPs in response to a serial query. (Found by Jay Borkenhagen,
  [#747])

[#747]: https://github.com/NLnetLabs/routinator/pull/747


## 0.11.1

Released 2022-04-07

No changes since 0.11.1-rc1.


## 0.11.1-rc1

Released 2022-04-04.

New

* The `dump` command now also copies the stored trust anchor certificates.
  The certificates are named in the same way as they are internally using
  the hash over their URI. Please consult the [manual][dump-manual] for
  details. ([#740])

Bug Fixes

* The `dump` command now removes the internal header before copying
  the objects retained by the RRDP collector, i.e., the files copied into
  the `rrdp` sub-directory now contain the actual DER encoded data only.
  ([#735])
* Correctly set the idle time for TCP keepalives on incoming RTR
  connections on systems that support it. ([#736])
* Fix an encoding error in the `/delta-json` output. ([#737])
* Truncate the PID file before writing the current PID to it. ([#738])
* Exit with a status of 1 if an error happened. ([#739])

[#735]: https://github.com/NLnetLabs/routinator/pull/735
[#736]: https://github.com/NLnetLabs/routinator/pull/736
[#737]: https://github.com/NLnetLabs/routinator/pull/737
[#738]: https://github.com/NLnetLabs/routinator/pull/738
[#739]: https://github.com/NLnetLabs/routinator/pull/739
[#740]: https://github.com/NLnetLabs/routinator/pull/740
[dump-manual]: https://routinator.docs.nlnetlabs.nl/en/v0.11.1-rc1/dump.html
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.2 2022/03/01 13:08:13 he Exp $
d3 1
a3 1
DISTNAME=	routinator-0.11.2
@


1.2
log
@Upgrade routinator to version 0.11.0.

Breaking Changes

* The minimal supported Rust version is now 1.52. ([#681])

New

* Add TLS support to the RTR and HTTP servers. ([#677])
* Add support for BGPsec router keys. This needs to be explicitly
  enabled via the new `enable-bgpsec` command line and config file
  option.  ([#693])
* Reject so-called premature manifests, i.e., manifests that have
  an issue time before the current time. This is a new requirement
  in [draft-ietf-sidrops-6486bis]. ([#681], [#690])
* Add a new output format `slurm` that produces a JSON file formatted
  according to [RFC 8416] with the validated payload included in the
  locally added assertions. ([#702])
* Make the (standard) JSON payload output available under
  `/api/v1/origins` with the same URL parameters.([#707])
* Add a new URI parameter `include=more-specifics` to all HTTP
  payload output paths to include all route origins for prefixes that
  are more specifics of the selected prefixes. ([#707])
* Add a new option `--more-specifics` to the `vrps` command to
  include all route origins for prefixes that are more specifics of
  the selected prefixes.  ([#714])
* Accept and process HEAD requests for all HTTP paths. ([#707])

Bug Fixes

* Encountering stray files at the top level of the rsync cache
  directory will not cause Routinator to exit any more. Instead, it
  will just delete those files. ([#675])
* Don't exit when a directory to be deleted doesn't exist. In
  particular, this fixes an error in the `dump` command. ([#682])
* Count all valid CRLs for metrics generation during a validation
  run.  ([#683])
* Don't claim filtering of unsafe VRPs when the policy is `warn`.
  (Only the log message was wrong, no VRPs were filtered in this
  case.) ([#699])
* Use a TCP listener socket for the RTR server passed in via systemd
  socket activation if configured. This was already implemented but
  got lost a few versions ago. ([#709])
* Enable TCP keepalive on RTR connections when configured. This,
  too, was already implemented but got lost a few versions ago.
  ([#710])

Other Changes

* Update the NLnet Labs RPKI testbed TAL to the one used by the
  new server. ([#637])

[#637]: https://github.com/NLnetLabs/routinator/pull/637
[#675]: https://github.com/NLnetLabs/routinator/pull/675
[#677]: https://github.com/NLnetLabs/routinator/pull/677
[#681]: https://github.com/NLnetLabs/routinator/pull/681
[#682]: https://github.com/NLnetLabs/routinator/pull/682
[#683]: https://github.com/NLnetLabs/routinator/pull/683
[#690]: https://github.com/NLnetLabs/routinator/pull/690
[#693]: https://github.com/NLnetLabs/routinator/pull/693
[#699]: https://github.com/NLnetLabs/routinator/pull/699
[#702]: https://github.com/NLnetLabs/routinator/pull/702
[#709]: https://github.com/NLnetLabs/routinator/pull/709
[#707]: https://github.com/NLnetLabs/routinator/pull/707
[#710]: https://github.com/NLnetLabs/routinator/pull/710
[#714]: https://github.com/NLnetLabs/routinator/pull/714
[draft-ietf-sidrops-6486bis]: https://datatracker.ietf.org/doc/draft-ietf-sidrops-6486bis/
[RFC 8416]: https://tools.ietf.org/html/rfc8416
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.1 2021/11/09 18:53:05 he Exp $
d3 1
a3 1
DISTNAME=	routinator-0.11.0
d6 1
a6 3
#GITHUB_TAG=	v${PKGVERSION_NOREV}
#GITHUB_TAG=	v0.11.0-rc1
#GITHUB_TAG=	ada9a2d7cd66ffa4eaf5d2f83e41d1468dd285f2
a7 2
GITHUB_TAG=	ada9a2d
GITHUB_TYPE=	tag
a13 2
WRKSRC=		${WRKDIR}/routinator-ada9a2d7cd66ffa4eaf5d2f83e41d1468dd285f2

@


1.1
log
@Add routinator version 0.10.2.

Move this over from pkgsrc-wip.

Introducing `Routinator 3000,' RPKI relying party software written
in Rust. If you have any feedback, we would love to hear from you.
Don't hesitate to create an issue on Github or post a message on
our RPKI mailing list. You can lean more about Routinator and RPKI
technology by reading our documentation on Read the Docs.
@
text
@d1 1
a1 1
# $NetBSD$
d3 1
a3 1
DISTNAME=	routinator-0.10.2
d6 6
a11 1
GITHUB_TAG=	v${PKGVERSION_NOREV}
d18 4
a21 2
# 0.9.0 requires minimum this rust version:
RUST_REQ=		1.47.0
@