Bug 280035

Summary: net/krill: Update to version 0.14.5
Product: Ports & Packages Reporter: Jaap Akkerhuis <jaap>
Component: Individual Port(s)Assignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Many People CC: fernape, ports-secteam
Priority: --- Flags: fernape: merge-quarterly?
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://nlnetlabs.nl/news/2024/Jun/27/krill-0.13.2-0.14.5-released/
Attachments:
Description Flags
Patch to update jaap: maintainer-approval+

Description Jaap Akkerhuis 2024-06-28 12:06:43 UTC 
Created attachment 251743 [details]
Patch to update

This fixes an issue that causes Krill to panic if a CA with
multiple parents and children have one of their parents removed, causing
the children to try and revoke their certificates for that parent. This
is relevant for Krill instances under NIC.br that themselves have
children.

In addition, the releases update the HTTP library to avoid a possible
denial-of-service attack described in RUSTSEC-2024-0332. If you are
exposing Krill’s HTTP server directly to the Internet without a reverse
proxy such as Nginx in between, we advise you to update at your earliest
convenience.

Version 0.14.5 in addition fixes an issue with encoding empty CRLs and
empty RRDP deltas as well as a possible freeze when trying to access the
RIS data while it is being downloaded. It also adds support for
overriding the manifest number for trust anchor CAs.

The complete list of changes can be found in the release notes at
https://github.com/NLnetLabs/krill/releases/tag/v0.14.5
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2024-06-28 17:55:05 UTC 
This fixes CVE-2023-0158.

Note to self: Add VuXML entry.
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2024-06-28 18:11:06 UTC 
(In reply to Fernando Apesteguía from comment #1)
OK, already in the database.
Comment 3 Fernando Apesteguía freebsd_committer freebsd_triage 2024-06-29 18:34:17 UTC 
Committed,

Thanks!
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-06-29 18:34:40 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e658a380968d8cafe0d1fa13cde03a5090fcf62f

commit e658a380968d8cafe0d1fa13cde03a5090fcf62f
Author:     Jaap Akkerhuis <jaap@NLnetLabs.nl>
AuthorDate: 2024-06-28 17:54:01 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-06-29 18:33:54 +0000

    net/krill: Update to version 0.14.5

    ChangeLog: https://nlnetlabs.nl/news/2024/Jun/27/krill-0.13.2-0.14.5-released/

    Not merging to quarterly since the branching of the ports tree is very near.

    PR:             280035
    Reported by:    jaap@NLnetLabs.nl (maintainer)

 net/krill/Makefile        |   3 +-
 net/krill/Makefile.crates | 421 ++++++++++++-----------
 net/krill/distinfo        | 850 ++++++++++++++++++++++++----------------------
 3 files changed, 664 insertions(+), 610 deletions(-)