From nobody Thu Jan 19 12:08:38 2023 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyLxy4gNVz2sl1p for ; Thu, 19 Jan 2023 12:08:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NyLxy2TY1z4QJn for ; Thu, 19 Jan 2023 12:08:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1674130118; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UVQSzkcCi0xAKWWF+Mt3y6ubeSEbXxiTGxkY3Kl4tf8=; b=q4P7Qy/oOW3laoa/Jvk6jDbewQfpTMANdfvj60sUbvbfYGYIbkzYCPj5xibEi1KaNNVG8c HtYZGVtwKT/wnM1H8D8IvhygCx99j5WZZCLsi8aNwqg4nxZ1+QCHW50zR1/IR7E7ZMwIL5 mBxnI0hucOd9hd2XgIxFDq+T+gXF7DrOyA/QjWHxuv0DNP1Qs5AQqoII0mq/arfmZoAK+Y b2wz6Th4SjOzYqPrMNtDpwUqEqoxkjtKgg6Kh0R6M2e7PWbfKVWmZolAz0K5rGOEtJbEa5 Q8JmacXgA/HmkDOR90yenrocuRwWavlQHgP5tqkrgddL+ZEZUBlQ73OHgk8ZJQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674130118; a=rsa-sha256; cv=none; b=yBlm05b0cFosG9zvPpJc72Eyb8CpQ9ZTyaJhay7tEiZpwJh0WboRuKAJRz+swgqIUBn4XS Cji2jFPlTXMHYIR7zXH5dLyZYhp8uZAWfim2lU4885vN8gyjeEySUszl6pqBmGClPSK7iv UPEOUURLbsQlGrZyOQheZH+a4rFqf9MluDs8EedEUXsHqNim+StMT0U5AG8N33sBwIXzzm VsllY/6bV/CJjRtCILfeyE1LqgZzYLttczXXVJqKMXcBRp8qQ3B/9G3CDKoq+z4pqYsGKZ xOm7boi/GRHhNeqQ7iqQHbrGzxRGStqhgDHZFys0PQD8o9DUiSKDWWKRNKvzbQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NyLxy1PxRzqmv for ; Thu, 19 Jan 2023 12:08:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30JC8cah085996 for ; Thu, 19 Jan 2023 12:08:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 30JC8cT9085995 for ports-bugs@FreeBSD.org; Thu, 19 Jan 2023 12:08:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 269050] net/krill: Update to version 0.12.1 Date: Thu, 19 Jan 2023 12:08:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269050 Bug ID: 269050 Summary: net/krill: Update to version 0.12.1 Product: Ports & Packages Version: Latest Hardware: Any URL: https://www.nlnetlabs.nl/news/2023/Jan/17/krill.0.12.1 -released/ OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #239589 maintainer-approval+ Flags: Created attachment 239589 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D239589&action= =3Dedit patch to upgrade Krill 0.12.1 'Safety Belts'. This release introduces two fixes for the Krill Publication Server. If you only use Krill as an RPKI Certificate Authority and publish elsewhere, e.g. in an RPKI Publication Server provided by your RIR or NIR, then there is no need to update to this release. Firstly, this release fixes [CVE-2023-0158](https://nlnetlabs.nl/downloads/routinator/CVE-2023-0158.txt) This CVE describes an exposure where remote attackers could cause Krill to crash if it is used as an RPKI Publication Server and if its "/rrdp" endpoint is accessible over the public internet. Note that servers are not affected if the advice in [our documentation](https://krill.docs.nlnetlabs.nl/en/stable/publication-server= .html#synchronise-repository-data) was followed and a separate web server is used to serve the RRDP data. Secondly, locking was added in this release to ensure that updates to the repository content are always applied sequentially. This fixes a concurrency issue introduced in Krill 0.12.0 that could result in rejecting an update from a publishing CA. In such cases the affected update would not be visible for RPKI validators, until a later publication attempt would be successful. We advise that users upgrade to this version of Krill if they use it as their RPKI Publication Server. We also continue to recommend that a separate web server is used for serving the RRDP data. --=20 You are receiving this mail because: You are the assignee for the bug.=