Protocolary updates for release 1.6.6

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.69])
-AC_INIT([fort],[1.6.5],[validadorfort@fortproject.net])
+AC_INIT([fort],[1.6.6],[validadorfort@fortproject.net])
 AC_CONFIG_SRCDIR([src/main.c])
 AM_INIT_AUTOMAKE([subdir-objects])
 

docker/Dockerfile

@@ -1,6 +1,6 @@
 #--- Alpine build container ---
 FROM alpine:latest AS builder
-ARG FORT_VERSION=1.6.5
+ARG FORT_VERSION=1.6.6
 
 # Install compiler and dependencies
 RUN apk --update --no-cache add build-base autoconf automake pkgconfig jansson-dev check-dev \

docs/CVE.md

@@ -94,3 +94,14 @@ Manifest containing empty `fileList` crashes Fort 1.6.3, 1.6.4.
 | Impact | Crash. (Potential unavailability of Route Origin Validation.) |
 | Patch | Commit [17f0952](https://github.com/NICMx/FORT-validator/commit/17f095210553182b0e0a28ee6fd41b0d3c8fc1d3), released in Fort 1.6.5. |
 | Acknowledgments | Niklas Vogel |
+
+# CVE-____-_____
+
+(Awaiting CVE number assignment.)
+
+CWE-167 in manifest validation in LACNIC FORT-Validator 1.6.5 induces invalidation of legitimate RPKI objects.
+
+| Description | RFC 9286 (section 6.4) states that all files from an RPKI Manifest need to be present for a given Repository Publication Point (RPP) to be considered valid. To optimize bandwidth usage and minimize cache burnout, FORT 1.6.5 is filtering unknown files during the rsync download step.<br>If an RPP provides (and lists in the Manifest) a file that is blocked by the rsync filters, and FORT downloads it via rsync, the filtered file will cause the relevant 9286 validation to drop all the other files from the RPP as well.<br>The rsync filters are necessary to prevent accidental cache pollution and minimize network traffic. Given their missing implementation, unknown objects provide no value to the RPKI validation process.<br>This vulnerability does not actually require an attacker; it's currently happening in the wild because of the introduction of new RPKI object "ASPA."<br>The reason why it's a security risk is because it results in the elimination of adjacent RPKI data, which tends to be trusted by some of the Internet's BGP routing infrastructure to make routing decisions. |
+| Impact | Partial unavailability of Route Origin Validation. |
+| Patch | Commit [7f3094d](https://github.com/NICMx/FORT-validator/commit/7f3094d8d50c32df208ed81e54a1da78e33167d9), released in Fort 1.6.6. |
+| Acknowledgements | Frank Hill |

docs/_config.yml

@@ -8,7 +8,7 @@ defaults:
       layout: "default"
       image: "/img/logo_validador_og.png"
 
-fort-latest-version: 1.6.5
+fort-latest-version: 1.6.6
 plugins:
   - jekyll-seo-tag
   - jekyll-sitemap

man/fort.8

@@ -1,4 +1,4 @@
-.TH fort 8 "2024-12-18" "v1.6.5" "FORT validator"
+.TH fort 8 "2025-02-05" "v1.6.6" "FORT validator"
 
 .SH NAME
 fort \- RPKI validator and RTR server
@@ -1294,7 +1294,7 @@ well as some dummy Router Keys (BGPsec) info:
 .P
 
 .\".SH COPYRIGHT
-.\" FORT-validator 2024
+.\" FORT-validator 2025
 .\" MIT License
 
 .SH SEE ALSO

src/http/http.c

@@ -1,7 +1,5 @@
 #include "http/http.h"
 
-#include <curl/curl.h>
-
 #include "cache/local_cache.h"
 #include "common.h"
 #include "config.h"

test/rrdp_test.c

@@ -29,6 +29,7 @@ MOCK_ABORT_INT(relax_ng_parse, const char *path, xml_read_cb cb, void *arg)
 MOCK_ABORT_PTR(state_retrieve, validation, void)
 __MOCK_ABORT(tal_get_file_name, char const *, NULL, struct tal *tal)
 __MOCK_ABORT(uri_get_global, char const *, NULL, struct rpki_uri *uri)
+__MOCK_ABORT(uri_get_global_len, size_t, 0, struct rpki_uri *uri)
 __MOCK_ABORT(uri_get_local, char const *, NULL, struct rpki_uri *uri)
 __MOCK_ABORT(uri_get_rrdp_workspace, char *, NULL, char const *tal,
     struct rpki_uri *notif)