From: Alberto Leiva Popper Date: Wed, 5 Feb 2025 22:29:48 +0000 (-0600) Subject: Protocolary updates for release 1.6.6 X-Git-Tag: 1.6.6^0 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f11d67e4de24dd3d38be77841952cfcc9f365f90;p=thirdparty%2FFORT-validator.git Protocolary updates for release 1.6.6 --- diff --git a/configure.ac b/configure.ac index 45810018..4000561a 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ([2.69]) -AC_INIT([fort],[1.6.5],[validadorfort@fortproject.net]) +AC_INIT([fort],[1.6.6],[validadorfort@fortproject.net]) AC_CONFIG_SRCDIR([src/main.c]) AM_INIT_AUTOMAKE([subdir-objects]) diff --git a/docker/Dockerfile b/docker/Dockerfile index 384dcd83..86194103 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,6 +1,6 @@ #--- Alpine build container --- FROM alpine:latest AS builder -ARG FORT_VERSION=1.6.5 +ARG FORT_VERSION=1.6.6 # Install compiler and dependencies RUN apk --update --no-cache add build-base autoconf automake pkgconfig jansson-dev check-dev \ diff --git a/docs/CVE.md b/docs/CVE.md index 8e10af74..ac8b091a 100644 --- a/docs/CVE.md +++ b/docs/CVE.md @@ -94,3 +94,14 @@ Manifest containing empty `fileList` crashes Fort 1.6.3, 1.6.4. | Impact | Crash. (Potential unavailability of Route Origin Validation.) | | Patch | Commit [17f0952](https://github.com/NICMx/FORT-validator/commit/17f095210553182b0e0a28ee6fd41b0d3c8fc1d3), released in Fort 1.6.5. | | Acknowledgments | Niklas Vogel | + +# CVE-____-_____ + +(Awaiting CVE number assignment.) + +CWE-167 in manifest validation in LACNIC FORT-Validator 1.6.5 induces invalidation of legitimate RPKI objects. + +| Description | RFC 9286 (section 6.4) states that all files from an RPKI Manifest need to be present for a given Repository Publication Point (RPP) to be considered valid. To optimize bandwidth usage and minimize cache burnout, FORT 1.6.5 is filtering unknown files during the rsync download step.
If an RPP provides (and lists in the Manifest) a file that is blocked by the rsync filters, and FORT downloads it via rsync, the filtered file will cause the relevant 9286 validation to drop all the other files from the RPP as well.
The rsync filters are necessary to prevent accidental cache pollution and minimize network traffic. Given their missing implementation, unknown objects provide no value to the RPKI validation process.
This vulnerability does not actually require an attacker; it's currently happening in the wild because of the introduction of new RPKI object "ASPA."
The reason why it's a security risk is because it results in the elimination of adjacent RPKI data, which tends to be trusted by some of the Internet's BGP routing infrastructure to make routing decisions. | +| Impact | Partial unavailability of Route Origin Validation. | +| Patch | Commit [7f3094d](https://github.com/NICMx/FORT-validator/commit/7f3094d8d50c32df208ed81e54a1da78e33167d9), released in Fort 1.6.6. | +| Acknowledgements | Frank Hill | diff --git a/docs/_config.yml b/docs/_config.yml index 2f6e0f98..5e9fea3d 100644 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -8,7 +8,7 @@ defaults: layout: "default" image: "/img/logo_validador_og.png" -fort-latest-version: 1.6.5 +fort-latest-version: 1.6.6 plugins: - jekyll-seo-tag - jekyll-sitemap diff --git a/man/fort.8 b/man/fort.8 index a5c104ce..08ee75b5 100644 --- a/man/fort.8 +++ b/man/fort.8 @@ -1,4 +1,4 @@ -.TH fort 8 "2024-12-18" "v1.6.5" "FORT validator" +.TH fort 8 "2025-02-05" "v1.6.6" "FORT validator" .SH NAME fort \- RPKI validator and RTR server @@ -1294,7 +1294,7 @@ well as some dummy Router Keys (BGPsec) info: .P .\".SH COPYRIGHT -.\" FORT-validator 2024 +.\" FORT-validator 2025 .\" MIT License .SH SEE ALSO diff --git a/src/http/http.c b/src/http/http.c index 220563a4..5ab96d55 100644 --- a/src/http/http.c +++ b/src/http/http.c @@ -1,7 +1,5 @@ #include "http/http.h" -#include - #include "cache/local_cache.h" #include "common.h" #include "config.h" diff --git a/test/rrdp_test.c b/test/rrdp_test.c index 71317400..df697b2a 100644 --- a/test/rrdp_test.c +++ b/test/rrdp_test.c @@ -29,6 +29,7 @@ MOCK_ABORT_INT(relax_ng_parse, const char *path, xml_read_cb cb, void *arg) MOCK_ABORT_PTR(state_retrieve, validation, void) __MOCK_ABORT(tal_get_file_name, char const *, NULL, struct tal *tal) __MOCK_ABORT(uri_get_global, char const *, NULL, struct rpki_uri *uri) +__MOCK_ABORT(uri_get_global_len, size_t, 0, struct rpki_uri *uri) __MOCK_ABORT(uri_get_local, char const *, NULL, struct rpki_uri *uri) __MOCK_ABORT(uri_get_rrdp_workspace, char *, NULL, char const *tal, struct rpki_uri *notif)