CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2021/11/09 09:26:38
Modified files:
net/routinator : Tag: OPENBSD_7_0 Makefile crates.inc distinfo
net/routinator/pkg: Tag: OPENBSD_7_0 PLIST
Added files:
net/routinator/patches: Tag: OPENBSD_7_0
patch-modcargo-crates_routinator-ui-0_3_4_build_rs
net/routinator/pkg: Tag: OPENBSD_7_0 MESSAGE
Log message:
update to routinator-0.10.2
The rrdp-timeout configuration setting now correctly limits the maximum
length an RRDP request can take. This prevents a possible issue where
a RRDP repository maliciously or erroneously delays a request and
subsequently a validation run. (#666, CVE-2021-43173)
The new configuration setting max-ca-depth limits the length of a chain
of CAs from a trust anchor. By default it is set to 32. This fixes a
possible vulnerability where a CA creates an infinite chain of CAs.
(#665, CVE-2021-43172)
Support for the gzip transfer encoding for RRDP has been removed because
gzip in combination with XML provides multiple ways to delay validation.
The configuration setting rrdp-disable-gzip is now deprecated and will
be removed in the next breaking release. (#667, CVE-2021-43174)
