[Bug 288837] net/krill: Update to version 0.15.0

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 288837] net/krill: Update to version 0.15.0"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 13 Aug 2025 12:11:34 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288837

            Bug ID: 288837
           Summary: net/krill: Update to version 0.15.0
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://nlnetlabs.nl/news/2025/Aug/12/krill-0.15.0-rel
                    eased/
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: jaap@NLnetLabs.nl
 Attachment #262923 maintainer-approval+
             Flags:

Created attachment 262923
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=262923&action=edit
patch to update

0.15.0 ‘But I Digress’


   Breaking Changes

     * Refactored command line options processing for all binaries. As a
result, options for both krillc and krillta have slightly changed. For
       krillc, the --server, --token, --format, and --api options are now
before the first subcommand (since they affect all commands). For krillta,
       those options are now after krillta proxy but before the next
subcommand, while --format is now after krillta signer. (#1228)
     * Removed support for RTA in krillc. Support is currently still present in
the Krill server, though behind a (non-default) feature flag. (#1228)
     * Changed how authorization works with OpenID Connect and configuration
files. Custom profiles have been replaced with a straightforward mapping
       from access permission to roles and assigning roles to users. For
configuration file-based authentication, the file format has slightly changed
       but the current format is still accepted. If you are using OpenID
Connect, you will have to update your configuration. Please, see the manual
       for details. (#1232)
     * Replaced downloading of RISwhois file for ROA analysis with calls to the
Roto API. This can be controlled via new configuration settings
       bgp_api_enabled, bgp_api_uri, and bgp_api_cache_seconds. (#1233, #1266)

   New

     * Added a command to re-initialize the trust anchor signer with different
timing values or TAL URLs. (#1255)
     * Disables the protection against early re-issuance for CA certificates
that have the full resource set, typically TA certificates. (#1281)

   Bug Fixes

     * Fixed a potential infinite recursion in PKCS11 error handling. (#1215)
     * Open ID connect: Re-initialize the connection after 60s to pick up
configuration changes at the provider. (#1226)
     * Fixed the naming of the trust anchor timing configuration. It was
expected to be timing_config for the config used by Krill and ta_timing if
       used by the Krill TA signer. It is now ta_timing in both cases while
timing_config is accepted as an alias in both cases. (#1241)
     * Improve performance by using buffered reading and writing in the store.
(#1300, #1301)

   Other changes

     * Refactored Prometheus metrics generation which resulted in a slightly
different formatting but should still be syntactically correct. (#1249)
     * Upgraded the bundled Krill UI to release 0.9.0. (#1295)
     * Added packaging support for Ubuntu Noble, RHEL 10, Debian Trixie;
removed packaging support for Ubuntu Xenial and Bionic, and Debian Stretch.
       (#1239, #1297, #1308)
     * The minimum supported Rust version is now 1.85. (#1288)

-- 
You are receiving this mail because:
You are the assignee for the bug.