consul: Update to 1.6.0

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: consul: Update to 1.6.0
From: Iku Iwasa <iku.iwasa%gmail.com@localhost>
Date: Sat, 31 Aug 2019 01:09:29 +0000
Module Name:	pkgsrc-wip
Committed By:	Iku Iwasa <iku.iwasa%gmail.com@localhost>
Pushed By:	iquiw
Date:		Sat Aug 31 10:09:29 2019 +0900
Changeset:	340101b72f421bf59fd3df3d7233f2475688085b

Modified Files:
	consul/Makefile
	consul/distinfo

Log Message:
consul: Update to 1.6.0

SECURITY:

* Updated to compile with Go 1.12.8 which mitigates CVE-2019-9512 and
  CVE-2019-9514 for the builtin HTTP server [GH-6319]
* Updated the google.golang.org/grpc dependency to v1.23.0 to mitigate
  CVE-2019-9512, CVE-2019-9514, and CVE-2019-9515 for the gRPC
  server. [GH-6320]

BREAKING CHANGES:

* connect: remove deprecated managed proxies and ProxyDestination config [GH-6220]

FEATURES:

* Connect Envoy Supports L7 Routing: Additional configuration entry types
  service-router, service-resolver, and service-splitter, allow for
  configuring Envoy sidecars to enable reliability and deployment patterns at
  L7 such as HTTP path-based routing, traffic shifting, and advanced failover
  capabilities. For more information see the L7 traffic management docs.
* Mesh Gateways: Envoy can now be run as a gateway to route Connect traffic
  across datacenters using SNI headers, allowing connectivty across platforms
  and clouds and other complex network topologies. Read more in the mesh
  gateway docs.
* Intention & CA Replication: In order to enable connecitivty for services
  across datacenters, Connect intentions are now replicated and the Connect
  CA cross-signs from the primary_datacenter. This feature was previously
  part of Consul Enterprise.
* agent: add local-only parameter to operator/keyring list requests to
  force queries to only hit local servers. [GH-6279]
* connect: expose an API endpoint to compile the discovery chain [GH-6248]
* connect: generate the full SNI names for discovery targets in the
  compiler rather than in the xds package [GH-6340]
* connect: introduce ExternalSNI field on service-defaults [GH-6324]
* xds: allow http match criteria to be applied to routes on services using
  grpc protocols [GH-6149]

IMPROVEMENTS:

* agent: Added tagged addressing to services similar to the already present
  Node tagged addressing [GH-5965]
* agent: health checks: change long timeout behavior to use to
  user-configured timeout value [GH-6094]
* api: Display allowed HTTP CIDR information nicely [GH-6029]
* api: Update filtering language to include substring and regular
  expression matching on string values [GH-6190]
* connect: added a new -bind-address cli option for envoy to create a
  mapping of the desired bind addresses to use instead of the default rules
  or tagged addresses [GH-6107]
* connect: allow L7 routers to match on http methods [GH-6164]
* connect: change router syntax for matching query parameters to resemble
  the syntax for matching paths and headers for consistency. [GH-6163]
* connect: detect and prevent circular discovery chain references [GH-6246]
* connect: ensure time.Duration fields retain their human readable forms in
  the API [GH-6348]
* connect: reconcile how upstream configuration works with discovery chains
  [GH-6225]
* connect: rework how the service resolver subset OnlyPassing flag works
  [GH-6173]
* connect: simplify the compiled discovery chain data structures [GH-6242]
* connect: validate and test more of the L7 config entries [GH-6156]
* gossip: increase size of gossip key generated by keygen to 32 bytes and
  document support for AES 256 [GH-6244]
* license (enterprise): Added license endpoint support to the API client
  [GH-6268]
* xds: improve how envoy metrics are emitted [GH-6312]
* xds: Verified integration test suite with Envoy 1.11.1 [GH-6347]

BUG FIXES:

* acl: Fixed a bug that could prevent transition from legacy ACL mode to
  new ACL mode [GH-6332
* agent: blocking central config RPCs iterations should not interfere with
  each other [GH-6316]
* agent: fix an issue that could cause a panic while transferring
  leadership due to replication [GH-6104]
* api: Fix a bug where the service tagged addresses were not being returned
  through the v1/agent/service/:service api. [GH-6299]
* api: un-deprecate api.DecodeConfigEntry [GH-6278]
* auto_encrypt: use server-port [GH-6287]
* autopilot: update to also remove failed nodes from WAN gossip pool
  [GH-6028]
* cli: ensure that the json form of config entries can be submitted with
  'consul config write' [GH-6290]
* cli: Fixed bindable IP detection with the connect envoy
  command. [GH-6238]
* config: Ensure that all config entry writes are transparently forwarded
  to the primary datacneter. [GH-6327]
* connect: allow 'envoy_cluster_json' escape hatch to continue to function
  [GH-6378]
* connect: allow mesh gateways to use central config [GH-6302]
* connect: ensure intention replication continues to work when the
  replication ACL token changes [GH-6288]
* connect: ensure local dc connections do not use the gateway [GH-6085]
* connect: fix bug in service-resolver redirects if the destination uses a
  default resolver [GH-6122]
* connect: Fixed a bug that would prevent CA replication/initializing in a
  secondary DC from working when ACLs were enabled. [GH-6192]
* connect : Fixed a regression that broken xds endpoint generation for
  prepared query upstreams. [GH-6236]
* connect: fix failover through a mesh gateway to a remote datacenter
  [GH-6259]
* connect: resolve issue where MeshGatewayConfig could be returned empty
  [GH-6093]
* connect: updating a service-defaults config entry should leave an unset
  protocol alone [GH-6342]
* connect: validate upstreams and prevent duplicates [GH-6224]
* server: if inserting bootstrap config entries fails don't silence the
  errors [GH-6256]
* snapshot: fix TCP half-close implementation for TLS connections [GH-6216]

KNOWN ISSUES

* auto_encrypt: clients with auto_encrypt enabled won't be able to start
  because of [GH-6391]. There is a fix, but it came too late and we couldn't
  include it in the release. It will be part of 1.6.1 and we recommend that
  if you are using auto_encrypt you postpone the update.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=340101b72f421bf59fd3df3d7233f2475688085b

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 consul/Makefile | 2 +-
 consul/distinfo | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diffs:
diff --git a/consul/Makefile b/consul/Makefile
index f038f883f5..8510fa0020 100644
--- a/consul/Makefile
+++ b/consul/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD$
 
-DISTNAME=	consul-1.5.3
+DISTNAME=	consul-1.6.0
 CATEGORIES=	sysutils
 MASTER_SITES=	${MASTER_SITE_GITHUB:=hashicorp/}
 
diff --git a/consul/distinfo b/consul/distinfo
index e90c425ad3..07ef9e3974 100644
--- a/consul/distinfo
+++ b/consul/distinfo
@@ -1,6 +1,6 @@
 $NetBSD$
 
-SHA1 (consul-1.5.3.tar.gz) = 2c0ddec0f1014dfcbfc8e9852acb5a8028266add
-RMD160 (consul-1.5.3.tar.gz) = a9a61e34653af66e277c4f7d0880a9ef2cff73fa
-SHA512 (consul-1.5.3.tar.gz) = 3f275ec160b9e583b81ba8d463fdb05e9fc9058db2453d9393a56b67337ea04df98a89225323192230938e1abfb48fa60fe0a32b4d8980573b749217b69933e9
-Size (consul-1.5.3.tar.gz) = 21743194 bytes
+SHA1 (consul-1.6.0.tar.gz) = 154d085756ca82988d562e37a082647e3cd9ef97
+RMD160 (consul-1.6.0.tar.gz) = 4ac17d68f25161d2b59fe5344c0d5a6543ce54a0
+SHA512 (consul-1.6.0.tar.gz) = a122892693e3bee0fc0e0b5c0945e4a8dddb890228c091112e0db11a8afd33430611c20ff9bc13d2b3a2ac0d3b560be2d9c4e03a9cc425983fbd8f7edb699658
+Size (consul-1.6.0.tar.gz) = 22465984 bytes
Prev by Date: open-zwave: change PKGPATH to match PKGNAME
Next by Date: iosevka-*: Update to 2.3.0
Previous by Thread: open-zwave: change PKGPATH to match PKGNAME
Next by Thread: iosevka-*: Update to 2.3.0
Indexes:
Home | Main Index | Thread Index | Old Index