Releases: NLnetLabs/rpki-rs
0.19.1
0.19.0
Breaking changes
- Updated the format for SLURM v2 to the latest version of [draft-ietf-sidrops-aspa-slurm}(https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-slurm). (#331)
New
-
Implemented
std::error::Error::sourceforxml::decode::Errorandrrdp::ProcessErrorto provide access to underlying error. (#335); -
Implemented updated requirements for signed objects from RFC 9589 making the Signing Time attribute mandatory and the Binary Signing Time attribute illegal. (#340)
-
Added more strict parsing of resource certificates:
- correctly check the bits in the Key Usage extension (#337),
- require the correct value of the critical flag in extensions (#339),
These issues were reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, and Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.
-
Disallow empty issuer and subject names in resource certificates.
This issue was reported by Zhechao Lin, Zizhi Shang, Jiahao Cao, Yangyang Wang, and Mingwei Xu of the Institute for Network Sciences and Cyberspace, Tsinghua University.
-
Added a check for allowed characters in the file names of manifests according to the new rules introduced in section 4.2.2 of RFC 9286. (#342, #343)
Other changes
- Added some basic scaffolding for fuzzing object parsing. (#313)
0.18.6
0.18.5
New
ca::idexchange::Errornow implsstd::error::Error. (#297)- Re-export
bcderasdep::bcderif it is enabled. (#299) - Added
PublisherRequest::set_publisher_handle. (#300) - Added
uri::{Rsync,Https}::path_into_dir(#302) - Added
Ipv4BlockandIpv6BlockandFromIteratorimpls forIpv4BlocksandIpv6Blocks. (#298) - Made
AddressRangepublic and added methods to convert ranges into a set of prefixes. (#306) - Updated the ASPA RTR PDU to conform with version -14 of draft-ietf-sidrops-8210bis. (#309)
- Enable ASPA version 2 in the RTR server. (#318)
- The ASPA
ProviderAsSetnow keeps track of its length and exposes it via the newlenmethod. (#315) - The ASPA Provider AS Set is now limited to 16380 entries when parsing from ASPA objects and creating RTR PDUs. (#316)
- Exposed
ca::idcert::TbsIdCert::validity. (#310); - Protect against maliciously large XML input to the RRDP parser. This will allow re-enabling GZIP support in RRDP clients. (#319)
Bug fixes
- Do not allow backslashes in idexchange handles. (#304)
- Check the content of file names in a manifest during parsing. This fixes a crash when later code assumes that the file names only contain ASCII characters and otherwise panics. (#320)
Other changes
- The minimum supported Rust version is now 1.73. (#319)
0.18.4
0.18.3
0.18.2
0.18.1
Bug fixes
- The RTR server now returns the expected protocol version in the version negotiation error message rather than the requested version. (#280)
- The RTR server does not accept protocol version 2 for now to avoid sending illegal ASPA PDUs. This is a workaround until the final format of the PDU is specified. (#281)
- Fixed protocol version negotiation in the RTR client. It will now error out if the server responds with a version greater than the requested one rather just accepting it. (#282)