Tags

version 1.6.5-1

Improvements since 1.6.4:

- #154: Fix crash on empty manifest fileList
- #148: Fix `make -j check`

version 1.6.4+20240930-1_bpo12+1

version 1.6.4+20240930-1

version 1.6.4+20240930

Improvements since 1.6.3:

- #74, #147: Add `--rsync.transfer-timeout`
- #144: Improve compliance with RFC 9589
- #146: Set default HTTP transfer timeout to 900
- df66990: Improve Key Usage validation more

Thanks to Koen van Hove for reporting #74, and @job for
pull-requesting #144, #146 and #147.

version 1.6.3-1_bpo12+1

version 1.6.3-1

Improvements since 1.6.2:

1.  780b9f7e092fe673: Update links to APNIC TALs
2.  #137: Update API usage for libxml2 2.12+
3.  #138: Add self-signed certificate signature validation
4.  #139, #141: Shuffle Manifest entries to complicate attacks relying
    on traversal order
5.  #143: Use HTTP compressed encoding when available
6.  5689dea5e878fed2: Prevent crash on malformed subjectPublicKey
7.  939d988551d17996: Prevent crash on malformed Key Usage
8.  b1eb3c507ae92085: Prevent crash on missing Authority Key Identifier
9.  4dafbd9de64a5a06: Prevent crash on missing signedAttrs
10. 942f921ba7244cdc: Prevent crash on missing eContent
11. 521b1a0db5041258: Prevent crash on BER-encoded signedAttrs

Thanks to @antecrescent for contributing 2, @job for 3-5, and @niklbird
and Haya Schulmann for researching and reporting 6-11.

version 1.6.2-1

Improvements since 1.6.2:

- #106: Fix header version for Code 4 Error PDUs.
- 202e0fe34dc3c8dcb1a0ad12faa7f4d5a7c91b2d: Bind all --server.address
  addresses, not just the first that succeeds. (And also a few other
  tweaks to the bind algorithm.)
	- This changed --server.address's default value: [0]
- 7846f008a288c3913d7c30f22781544cde84b0b3: Fix bad date management
  in the cache, which caused files to expire at incorrect timings.
- Add `--mode=print`, an operation mode that Jsonifies an RPKI file into
  standard output: [1]
- #111: Add rtrlib to the docker image.
- #133: Restore the "now you can connect your routers" warning (for the
  time being).

Also, the documentation now includes a roadmap: [2]

Minor bugfixes:

- 22785583f07a874e5a6dace27ca13b2d56e02e54,
  1165270e73508b9fb3dfdc0294a5926d56679c75,
  cc17e139ab30cc1fcbcd3c06f5e32813027b1159,
  17250cb7b77d443d5a8ce3957a280a2b230beedf: Improve libcrypto API usage
- 6d7985b72fa3462d311aa9421e1342fcaa2deef6: Fix really bad usage of
  standard library function `strtol()`.

[0] https://nicmx.github.io/FORT-validator/usage.html#--serveraddress
[1] https://nicmx.github.io/FORT-validator/mode-print.html
[2] https://nicmx.github.io/FORT-validator/intro-fort.html#roadmap

version 1.6.1-1_bpo12+2

version 1.6.1-1_bpo12+1

version 1.6.1-1

Improvements since 1.6.0:

- #101:
    - Enhance portability of unit tests.
    - Disable misleading unit test error messages.
- #102: Upgrade `autogen.sh` so the `configure` script can also be
  easily generated in OpenBSD and FreeBSD.
- #103:
    - Remove useless logging messages during startup.
    - Stop printing logging severity (`INF`, `WRN`, `ERR`) in syslog.
    - 31414cd2ab6634c53a5ca31531674a82bf778d1c: Rephrase HTTP GET logs.
    - Remove false alarm error message at the end of validation cycle
      logs:

> Cannot generate [rsync URL]'s cage. I'm probably going to end up
> deleting it from the cache.

- #104: Add `CACHEDIR.TAG` file to cache, to hint backup software not to
  synchronize it. (See https://bford.info/cachedir/)
- ec918adeb0e641d41ee2571fd717cad139d939ad: Remove bug-induced Cache
  Resets during RTR communication.
- 161c2af306d1e2ea87cfe540f1b69770ff84bd8d: Automatically clean up cache
  whenever Fort's version changes.

We are happy to announce the most significant upgrade in a while.
Version 1.6.0 is an internal overhaul that improves overall stability
and will allow us to implement new features more quickly.

This version is a big step in the new direction that we want to take the
project, one where we aim for a high standard of quality and security.
Version 1.6.0 fixes several bugs, including some of high severity, so we
recommend updating.

Finally, we have redoubled our efforts with the FORT project, so we plan
to release more frequently and implement the features that the community
needs.

Bug fixes:

- #40: Induce crash on memory allocation failures, to prevent Fort from
  accidentally advertising incomplete information.
- #71: Implement HTTP redirects.
- #76: Reset `FILE` handle during retries, to prevent HTTP code from
  dumping unparseable garbage into the local cache.
- #77: Treat HTTP response 304 as download success.
- #78: Provide a dedicated namespace for each RRDP notification, to
  prevent malicious RRDP sources from overriding each other's files.
- #79: Stop caching RRDP sessions and serials on RAM; extract them from
  actual cached notification files. (This prevents all RRDP from being
  considered outdated during startup.)
- #80: Deprecate and no-op `rsync.strategy`. (Only `root`
  synchronizations are supported now.)
- #94: Merge `ASID.h` and `ASId.h` into a single module. (Likely used to
  cause issues cloning the code into case-insensitive filesystems.)
- #98: Reduce severity of some RTR disconnection error messages.
- #100: Overhaul of default rsync command argument list.
- Remove ARIN's RPA confirmation from `--init-tals`, since it's no
  longer required.
- Purge old deprecated configuration options:
	- `init-locations`
	- `sync-strategy`
	- `rrdp.enabled`
	- `rrdp.priority`
	- `rrdp.retry.count`
	- `rrdp.retry.interval`
	- `http.idle-timeout`
- Deprecate (and no-op) several configuration options:
	- `shuffle-uris` (It was a seemingly pointless function.)
	- `stale-repository-period` (The relevant warning no longer
	  exists.)
	- `rsync.strategy` (See #80 above.)
	- `rsync.arguments-flat` (Flat rsyncs are no longer employed.)
	- `thread-pool.validation.max` (It's best if Fort computes this
	  value on its own.)
- Remove deprecated `fort_setup.sh` script.
- 2b2f7c3cea147796ed92cc25aade90701221c210: Remove `SO_REUSEPORT` (a
  portability liability) from the RTR socket bind.
- 6d8081c992da9d677e3bd9cdf21bb63e604f0b4d: Change RRDP serials from
  `long`s to `BIGNUM`s.
  (The RFCs define these as "unbounded," which made Fort's old
  implementation incorrect.)
- Rudimentary startup for automatic cache cleanup.
- 63e71946db91119417b94bd09ea6829d8f11f84a: Allow some `null`s in the
  configuration JSON.

In case you're parsing Fort's output, please be aware that several
logging messages changed. In particular, the functionality that used to
print the following message in the operation logs was removed:

> The following repositories URIs couldn't be fetched (it can be a local
> issue or a server issue), please review previous log messages related
> to such URIs/servers:

Please complain if this affects you.

In addition to all this, the review revealed several instances of unsafe
code that yielded undefined behavior that might have caused some of the
crashes people have observed over the years. (#46, #65, #83, #89, #99.)

The directory layout of Fort 1.6.0's cache is incompatible with the one
from previous versions. To save some disk space, you might want to empty
your existing cache during the upgrade.

version 1.5.4-1_bpo11+1

version 1.5.4-1

Improvements since 1.5.3:

- #62: Upgrade HTTP and rsync request logs to INFO
- #64: Patch compilation warnings in clang
- 5464579f5950a70c4c19dd0ab359a2b413ccadfe: Handle HTTP 304 more
  gracefully
- #86: Patch crash during x509_name_equals() (Tentative fix)
- #88: Improve CA/EE certificate identification code
- 3412087fee1903c58013c8cd8706d52320331569: Fix deprecation warnings
  from newer versions of libcrypto
- b027fb4421c0abf2851d3e5551ddd9f944197f24: Remove lots of unnecessary
  stack traces

I'm sorry, but because of time constraints, I've decided to stop
publishing RPM packages during releases, at least until project
development resumes in full. (And assuming people asks for them.)

version 1.5.3-1_deb11u1