pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/vault Update security/vault to 0.8.1.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/fc9f441ed1b1
branches:  trunk
changeset: 366762:fc9f441ed1b1
user:      fhajny <fhajny%pkgsrc.org@localhost>
date:      Thu Aug 17 07:58:53 2017 +0000

description:
Update security/vault to 0.8.1.

DEPRECATIONS/CHANGES:

- PKI Root Generation: Calling `pki/root/generate` when a CA cert/key already
  exists will now return a `204` instead of overwriting an existing root. If
  you want to recreate the root, first run a delete operation on `pki/root`
  (requires `sudo` capability), then generate it again.

FEATURES:

- Oracle Secret Backend: There is now an external plugin to support leased
  credentials for Oracle databases (distributed separately).
- GCP IAM Auth Backend: There is now an authentication backend that allows
  using GCP IAM credentials to retrieve Vault tokens. This is available as
  both a plugin and built-in to Vault.
- PingID Push Support for Path-Baased MFA (Enterprise): PingID Push can
  now be used for MFA with the new path-based MFA introduced in Vault
  Enterprise 0.8.
- Permitted DNS Domains Support in PKI: The `pki` backend now supports
  specifying permitted DNS domains for CA certificates, allowing you to
  narrowly scope the set of domains for which a CA can issue or sign child
  certificates.
- Plugin Backend Reload Endpoint: Plugin backends can now be triggered to
  reload using the `sys/plugins/reload/backend` endpoint and providing either
  the plugin name or the mounts to reload.
- Self-Reloading Plugins: The plugin system will now attempt to reload a
  crashed or stopped plugin, once per request.

IMPROVEMENTS:

- auth/approle: Allow array input for policies in addition to comma-delimited
  strings
- auth/aws: Allow using root credentials for IAM authentication
- plugins: Send logs through Vault's logger rather than stdout
- secret/pki: Add `pki/root` delete operation
- secret/pki: Don't overwrite an existing root cert/key when calling generate

BUG FIXES:

- aws: Don't prefer a nil HTTP client over an existing one
- core: If there is an error when checking for create/update existence, return
  500 instead of 400
- secret/database: Avoid creating usernames that are too long for legacy MySQL

diffstat:

 security/vault/Makefile |   4 ++--
 security/vault/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 6518b1443fc7 -r fc9f441ed1b1 security/vault/Makefile
--- a/security/vault/Makefile   Thu Aug 17 07:46:14 2017 +0000
+++ b/security/vault/Makefile   Thu Aug 17 07:58:53 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.14 2017/08/16 12:18:32 fhajny Exp $
+# $NetBSD: Makefile,v 1.15 2017/08/17 07:58:53 fhajny Exp $
 
-DISTNAME=      vault-0.8.0
+DISTNAME=      vault-0.8.1
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=hashicorp/}
 
diff -r 6518b1443fc7 -r fc9f441ed1b1 security/vault/distinfo
--- a/security/vault/distinfo   Thu Aug 17 07:46:14 2017 +0000
+++ b/security/vault/distinfo   Thu Aug 17 07:58:53 2017 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.9 2017/08/16 12:18:32 fhajny Exp $
+$NetBSD: distinfo,v 1.10 2017/08/17 07:58:53 fhajny Exp $
 
-SHA1 (vault-0.8.0.tar.gz) = 13dca1df577d156c584c47530a4f25929a64ab0c
-RMD160 (vault-0.8.0.tar.gz) = 6bedd05b97333e8101ba238fdfe37eda8c337823
-SHA512 (vault-0.8.0.tar.gz) = 2b30927290bb5db089297c857839e2ee3dfa88efb14037245be4965a9053dfaeb889d7c9d8b2c337b4d649842274c97eb10e4cf4e13f1e60bb3efadda50f26ee
-Size (vault-0.8.0.tar.gz) = 6958162 bytes
+SHA1 (vault-0.8.1.tar.gz) = 5c03b57bdae9148fbf15a7ab3b3a7aff6456a2ba
+RMD160 (vault-0.8.1.tar.gz) = 16c31bd2607d9eed9be54c8c40bc312cb960098f
+SHA512 (vault-0.8.1.tar.gz) = d1400a203dc61d76ffb710388913b45cd5287e1215f34d3fe8e85a36c24024b0eb882b8403f44c85c863658b035a9b7f2c19cb5599cdfd21e0a79788b8d1413a
+Size (vault-0.8.1.tar.gz) = 7263861 bytes



Home | Main Index | Thread Index | Old Index