Releases: bgpsecurity/rpstir
Releases · bgpsecurity/rpstir
v0.13
v0.12
- Fixed a bug where an "evil twin" certificate (maliciously crafted certificate that uses the same public key, SKI, and issuer as another valid certificate) could cause RPSTIR to treat valid objects as invalid.
- Fixed some potentially exploitable buffer overflow bugs.
- Fixed unsafe use of
snprintf(). - Compatibility improvements for MySQL 5.7.
- The undocumented, incomplete, and probably buggy support for LTAM has been removed. (draft-ietf-sidr-ltamgmt has been deprecated in favor of draft-ietf-sidr-slurm.)
- Miscellaneous code clean-up and minor bug fixes.
- Adjusted
READMEto instruct users to build a shared version of OpenSSL. - Bumped copyright year to 2016.
- A compiler with C99 support is now required.
- Build system improvements. Autoconf 2.60 is now required.
- Test suite improvements.
v0.11
- Fix a bug where ROAs with hundreds of
ROAIPAddressesor more would be truncated. - Add support for new-style Trust Anchor Locators (TALs).
- Fix a potential buffer overflow in code that handles untrusted input.
- Fix performance scaling of
rpki-rtr-daemon. Therpki-rtr-daemonpreviously had poor performance with very largertr_incrementalorrtr_fulltables. - Decrease the likelihood of a malformed rsync URI resulting in a successful attack, by passing the
--protect-argsoption torsync. - Improve conformance to RFC6810 by sending a No Data Available PDU instead of a Cache Reset PDU in response to a serial query for which we don't have data yet.
- Fix expired certificates in the test suite.
- Fix a potential infinite loop in one of the self tests.
- Fix a compatibility bug in the test suite, where the tests were failing on several popular systems that use a particular version of netcat.