git: c046dbb1e7a0 - 2023Q3 - net/routinator: Update to 0.12.2

From: Robert Clausecker <fuz_at_FreeBSD.org>
Date: Sun, 17 Sep 2023 15:31:27 UTC 
The branch 2023Q3 has been updated by fuz:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c046dbb1e7a025768c870cdd3f50cdc3d7cdc45e

commit c046dbb1e7a025768c870cdd3f50cdc3d7cdc45e
Author:     Jaap Akkerhuis <jaap@NLnetLabs.nl>
AuthorDate: 2023-09-15 12:04:30 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-09-17 15:31:04 +0000

    net/routinator: Update to 0.12.2
    
    Routinator 0.12.2 ‘Brutti, sporchi e cattivi’
    
    This release fixes two issues in Routinator that can be exploited
    remotely by rogue RPKI CAs and repositories. We therefore advise all
    users of Routinator to upgrade to this release at their earliest
    convenience.
    
    The first issue, CVE-2022-39915, can lead to Routinator crashing when
    trying to decode certain illegal RPKI objects.
    
    The second issue, CVE-2022-39916, only affects users that have the
    rrdp-keep-responses option enabled which allows storing all received
    RRDP responses on disk. Because the file name for these responses is
    derived from the URI and the path wasn’t checked properly, a RRDP URI
    could be constructed that results in the response stored outside the
    directory, possibly overwriting existing files.
    
    We would like to thank Haya Shulman, Donika Mirdita and Niklas Vogel
    for discovering and reporting these issues.
    
    Changelog: https://nlnetlabs.nl/news/2023/Sep/13/routinator-0.12.2-released/
    
    PR:             273826
    MFH:            2023Q3
    (cherry picked from commit 9e3ed402d025438539f648e7e46a1ad1131e374f)
---
 net/routinator/Makefile        |  3 +--
 net/routinator/Makefile.crates |  2 +-
 net/routinator/distinfo        | 10 +++++-----
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/net/routinator/Makefile b/net/routinator/Makefile
index 25d32c0484e3..01d7cfe1ff19 100644
--- a/net/routinator/Makefile
+++ b/net/routinator/Makefile
@@ -1,7 +1,6 @@
 PORTNAME=	routinator
 DISTVERSIONPREFIX=	v
-DISTVERSION=	0.12.1
-PORTREVISION=	4
+DISTVERSION=	0.12.2
 CATEGORIES=	net
 MASTER_SITES=	${ROUTINATOR_UI_URL}/v${ROUTINATOR_UI_VERSION}/:0
 DISTFILES+=	routinator-ui-build.tar.gz:0
diff --git a/net/routinator/Makefile.crates b/net/routinator/Makefile.crates
index 49af910810a7..4c6d452859a1 100644
--- a/net/routinator/Makefile.crates
+++ b/net/routinator/Makefile.crates
@@ -3,7 +3,7 @@ CARGO_CRATES=	adler-1.0.2 \
 		arc-swap-1.5.1 \
 		autocfg-1.1.0 \
 		base64-0.13.1 \
-		bcder-0.7.0 \
+		bcder-0.7.3 \
 		bitflags-1.3.2 \
 		bumpalo-3.11.1 \
 		bytes-1.3.0 \
diff --git a/net/routinator/distinfo b/net/routinator/distinfo
index c6163855a8a9..e0b9a2a228ff 100644
--- a/net/routinator/distinfo
+++ b/net/routinator/distinfo
@@ -1,4 +1,4 @@
-TIMESTAMP = 1672860799
+TIMESTAMP = 1694695974
 SHA256 (routinator-ui-build.tar.gz) = 7079096b3fd986aa01b03cf3e743cf74d37b8441d312844c25e2b065deed8290
 SIZE (routinator-ui-build.tar.gz) = 756828
 SHA256 (rust/crates/adler-1.0.2.crate) = f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe
@@ -11,8 +11,8 @@ SHA256 (rust/crates/autocfg-1.1.0.crate) = d468802bab17cbc0cc575e9b053f41e72aa36
 SIZE (rust/crates/autocfg-1.1.0.crate) = 13272
 SHA256 (rust/crates/base64-0.13.1.crate) = 9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8
 SIZE (rust/crates/base64-0.13.1.crate) = 61002
-SHA256 (rust/crates/bcder-0.7.0.crate) = f007d8acfb8ef7d219911c7164c025a6d3504735120fc5df59c3c479ab84ea51
-SIZE (rust/crates/bcder-0.7.0.crate) = 61289
+SHA256 (rust/crates/bcder-0.7.3.crate) = bf16bec990f8ea25cab661199904ef452fcf11f565c404ce6cffbdf3f8cbbc47
+SIZE (rust/crates/bcder-0.7.3.crate) = 63569
 SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a
 SIZE (rust/crates/bitflags-1.3.2.crate) = 23021
 SHA256 (rust/crates/bumpalo-3.11.1.crate) = 572f695136211188308f16ad2ca5c851a712c464060ae6974944458eb83880ba
@@ -411,5 +411,5 @@ SHA256 (rust/crates/winreg-0.10.1.crate) = 80d0f4e272c85def139476380b12f9ac60926
 SIZE (rust/crates/winreg-0.10.1.crate) = 25725
 SHA256 (rust/crates/xattr-0.2.3.crate) = 6d1526bbe5aaeb5eb06885f4d987bcdfa5e23187055de9b83fe00156a821fabc
 SIZE (rust/crates/xattr-0.2.3.crate) = 11959
-SHA256 (NLnetLabs-routinator-v0.12.1_GH0.tar.gz) = 8150fe544f89205bb2d65bca46388f055cf13971d3163fe17508bf231f9ab8bc
-SIZE (NLnetLabs-routinator-v0.12.1_GH0.tar.gz) = 5426830
+SHA256 (NLnetLabs-routinator-v0.12.2_GH0.tar.gz) = 5cc9c4aa4524bcde205c97c373e941db812675dc73dc42807c15aeb8bfbde22b
+SIZE (NLnetLabs-routinator-v0.12.2_GH0.tar.gz) = 5427788