Pkgsrc changes:
* Re-compute & update cargo dependencies.
* Turn off parallel processing on NetBSD for safety against
PR toolchain/54192.
Upstream changes:
Breaking Changes
* Routinator now filters out rsync URIs and RRDP URIs that contain
dubious host names that should not be present in the public RPKI. In
this version they are "localhost," any IP address, and any URI with
the port explicitly specified. This filter can be disabled via the
`--allow-dubious-hosts` command line and config option for test
deployments. ([#293])
* Only CRLs mentioned on the manifest are now considered when checking
any published objects except for the manifest itself. If the hash of
the CRL on the manifest does not match the CRL, it is
rejected. Objects referencing a CRL that is not on a manifest or has
a hash mismatch are rejected. [(#299)]
* The minimal supported Rust version is now 1.39.0.
New
* The new option `--stale` allows selecting a policy for dealing with
stale objects -- i.e., manifests and CRLs that are past their
*next-update* date. The policies are `reject`, `warn`, and
`accept`. The previous hard-coded policy of `warn`, i.e., accept but
log a warning, is the default. ([#288])
* New output formats `bird` and `bird2` which produce a `roa table`
for Bird 1 and a `route table` for Bird 2, respectively. ([#290], by
[@netravnen])
* New output format `csvcompat` which produces CSV output as similar
to that of the RIPE NCC Validator as possible. ([#292])
* The new config file option `tal-labels` allows defining explicit
names to be used when TALs are referenced in output. This way, the
output can be made to be even more similar to that produced by the
RIPE NCC Validator. ([#291])
* The _csvext_ output format is now also available via the HTTP server
at the `/csvext` path. ([#294])
* New metrics for the status of the RTR and HTTP servers. ([#298])
* New metric of the number of stale objects encountered in the last
validation run. ([#298])
Other Changes
* Update to Rust's new asynchronous IO framework for the RTR and HTTP
servers. Repository synchronization and validation remain
synchronous atop a thread pool. ([#282])
* Changed concurrency strategy for repository update and
validation. Previously, each trust anchor was updated and validated
synchronously. Now processing of a CA is deferred if its repository
publication point hasn't been updated yet. Processing is then picked
up by the next available worker thread. This should guarantee that
all worker threads are busy all the time. ([#284)]
* Optimized what information to keep for each ROA, bringing maximum
memory consumption down to about a quarter. ([#293])
* The Docker image now wraps Routinator into [tini] for properly
dealing with signals and child processes. ([#277])