pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/vault Upgrade security/vault to version 1.6.6.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/aebc18be0c60
branches:  trunk
changeset: 457495:aebc18be0c60
user:      he <he%pkgsrc.org@localhost>
date:      Fri Aug 27 09:24:41 2021 +0000

description:
Upgrade security/vault to version 1.6.6.

Pkgsrc changes:
 * Note that we need go >= 1.15.15.

Upstream changes:

26 August 2021

SECURITY:

 * UI Secret Caching: The Vault UI erroneously cached and exposed
   user-viewed secrets between authenticated sessions in a single
   shared browser, if the browser window / tab was not refreshed or
   closed between logout and a subsequent login. This vulnerability,
   CVE-2021-38554, was fixed in Vault 1.8.0 and will be addressed in
   pending 1.7.4 / 1.6.6 releases.

CHANGES:

 * go: Update go version to 1.15.15 [GH-12423]

IMPROVEMENTS:

 * db/cassandra: Added tls_server_name to specify server name for
   TLS validation [GH-11820]

BUG FIXES:

 * physical/raft: Fix safeio.Rename error when restoring snapshots
   on windows [GH-12377]
 * secret: fix the bug where transit encrypt batch doesn't work
   with key_version [GH-11628]
 * secrets/database: Fixed an issue that prevented external database
   plugin processes from restarting after a shutdown. [GH-12087]
 * ui: Automatically refresh the page when user logs out [GH-12035]
 * ui: Fixes metrics page when read on counter config not allowed [GH-12348]
 * ui: fix oidc login with Safari [GH-11884]

diffstat:

 security/vault/Makefile |   8 ++++----
 security/vault/distinfo |  10 +++++-----
 2 files changed, 9 insertions(+), 9 deletions(-)

diffs (48 lines):

diff -r 16d55c2205e6 -r aebc18be0c60 security/vault/Makefile
--- a/security/vault/Makefile   Fri Aug 27 08:01:08 2021 +0000
+++ b/security/vault/Makefile   Fri Aug 27 09:24:41 2021 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.68 2021/08/11 19:35:07 bsiegert Exp $
+# $NetBSD: Makefile,v 1.69 2021/08/27 09:24:41 he Exp $
 
-DISTNAME=      vault-1.6.5
-PKGREVISION=   3
+DISTNAME=      vault-1.6.6
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=hashicorp/}
 
@@ -11,7 +10,6 @@
 LICENSE=       mpl-2.0
 
 GITHUB_TAG=    v${PKGVERSION_NOREV}
-WORKSRC=       ${PKGNAME}
 
 GO_DIST_BASE=          ${DISTNAME}
 GO_SRCPATH=            github.com/hashicorp/vault
@@ -22,6 +20,8 @@
 
 INSTALLATION_DIRS+=    bin
 
+DEPENDS+=      go>=1.15.15:../../lang/go
+
 # Clumsy workaround for https://github.com/golang/go/issues/22409
 pre-build:
        ${RM} -rf ${WRKSRC}/vault/external_tests
diff -r 16d55c2205e6 -r aebc18be0c60 security/vault/distinfo
--- a/security/vault/distinfo   Fri Aug 27 08:01:08 2021 +0000
+++ b/security/vault/distinfo   Fri Aug 27 09:24:41 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.27 2021/05/30 17:37:53 he Exp $
+$NetBSD: distinfo,v 1.28 2021/08/27 09:24:41 he Exp $
 
-SHA1 (vault-1.6.5.tar.gz) = e9b47cf76c96deea4b466a9d3cc64a39a5d0959b
-RMD160 (vault-1.6.5.tar.gz) = 1b2a7ed3e6c45e31cd18a3314399a512adba4e88
-SHA512 (vault-1.6.5.tar.gz) = 0f5640d376f21d57bf25db0865b4509ef819dd82e950f8c9192188ab3ef1c2477c369049b69a5194e27051b5d8dc523b9760b01eda6568f7348bb782cf6f97c6
-Size (vault-1.6.5.tar.gz) = 39136426 bytes
+SHA1 (vault-1.6.6.tar.gz) = f627772ec519a2e01b142580e5ed8b17cebfd423
+RMD160 (vault-1.6.6.tar.gz) = 33e9b0f0e9c1f29c7cca9ad56343d0d21450d2d4
+SHA512 (vault-1.6.6.tar.gz) = 820ec2f0b71defe6e6920bb4eefec55536d3d06345b676323d4af0c74c837c886871b0951b54f917e27b61bade9b4a8e9f36e3905a82a134b9e5f887ed744534
+Size (vault-1.6.6.tar.gz) = 39139148 bytes
 SHA1 (patch-scripts_gen__openapi.sh) = 1ad66480ef135adec05f58b088440e0bec6b4ab8
 SHA1 (patch-vendor_github.com_docker_docker_client_client__unix.go) = 86d985a6aac6b0eaaf6bdc3b1e4a7e2d17454a6a
 SHA1 (patch-vendor_github.com_docker_docker_pkg_system_stat__netbsd.go) = 09c2f699b37fcb2ea05ca0df270359426a0629b7



Home | Main Index | Thread Index | Old Index