rtyler
/
pkgsrc-wip
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

vault: Update to 1.5.3 

1.5.3 August 27th, 2020

BUG FIXES:

* auth/aws: Made header handling for IAM authentication more robust
* secrets/ssh: Fixed a bug with role option for SSH signing algorithm to
  allow more than RSA signing

1.5.2.1 August 21st, 2020 Enterprise Only

NOTE:

* Includes correct license in the HSM binary.

1.5.2 August 20th, 2020

NOTE:

* OSS binaries of 1.5.1, 1.4.4, 1.3.8, and 1.2.5 were built without the
  Vault UI. Enterprise binaries are not affected.

KNOWN ISSUES:

* AWS IAM logins may return an error depending on the headers sent with the
  request. For more details and a workaround, see the 1.5.2 Upgrade Guide
* In versions 1.2.6, 1.3.9, 1.4.5, and 1.5.2, enterprise licenses on the
  HSM build were not incorporated correctly - enterprise customers should use
  1.2.6.1, 1.3.9.1, 1.4.5.1, and 1.5.2.1.

1.5.1 August 20th, 2020

SECURITY:

* When using the IAM AWS Auth Method, under certain circumstances, values
  Vault uses to validate identities and roles can be manipulated and
  bypassed. This vulnerability affects Vault and Vault Enterprise 0.7.1 and
  newer and is fixed in 1.2.5, 1.3.8, 1.4.4, and
  1.5.1 (CVE-2020-16250) (Discovered by Felix Wilhelm of Google Project Zero)
* When using the GCP GCE Auth Method, under certain circumstances, values
  Vault uses to validate GCE VMs can be manipulated and bypassed. This
  vulnerability affects Vault and Vault Enterprise 0.8.3 and newer and is
  fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1 (CVE-2020-16251) (Discovered by
  Felix Wilhelm of Google Project Zero)
* When using Vault Agent with cert auto-auth and caching enabled, under
  certain circumstances, clients without permission to access agent's token
  may retrieve the token without login credentials. This vulnerability
  affects Vault Agent 1.1.0 and newer and is fixed in 1.5.1 (CVE-2020-17455)

KNOWN ISSUES:

* OSS binaries of 1.5.1, 1.4.4, 1.3.8, and 1.2.5 were built without the
  Vault UI. Enterprise binaries are not affected.
* AWS IAM logins may return an error depending on the headers sent with the
  request. For more details and a workaround, see the 1.5.1 Upgrade Guide

CHANGES:

* pki: The tidy operation will now remove revoked certificates if the
  parameter tidy_revoked_certs is set to true. This will result in
  certificate entries being immediately removed, as opposed to awaiting until
  its NotAfter time. Note that this only affects certificates that have been
  already revoked. [GH-9609]

IMPROVEMENTS:

* auth/jwt: Add support for fetching groups and user information from G
  Suite during authentication. [GH-9574]
* pki: Add a allowed_domains_template parameter that enables the use of
  identity templating within the allowed_domains parameter. [GH-8509]
* secret/azure: Use write-ahead-logs to cleanup any orphaned Service
  Principals [GH-9773]
* ui: Wrap TTL option on transit engine export action is updated to a new
  component. [GH-9632]
* ui: Wrap Tool uses newest version of TTL Picker component. [GH-9691]

BUG FIXES:

* secrets/gcp: Ensure that the IAM policy version is appropriately set
  after a roleset's bindings have changed. [GH-9603]
* replication (enterprise): Fix status API output incorrectly stating
  replication is in idle state.
* replication (enterprise): Use PrimaryClusterAddr if it's been set
* core: Fix panic when printing over-long info fields at startup [GH-9681]
* core: Seal migration using the new minimal-downtime strategy didn't work
  properly with performance standbys. [GH-9690]
* core: Vault failed to start when there were non-string values in seal
  configuration [GH-9555]
This commit is contained in:
Iku Iwasa 2020-08-29 19:05:26 +09:00
parent 8589001660
commit 4ca907cc42
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vault/Makefile
View File

@ -1,6 +1,6 @@
# $NetBSD$
DISTNAME= vault-1.5.0
DISTNAME= vault-1.5.3
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GITHUB:=hashicorp/}

8
vault/distinfo
View File

@ -1,9 +1,9 @@
$NetBSD$
SHA1 (vault-1.5.0.tar.gz) = 8128f8ab999db6eafdd02e11bb32973b6f6bb65a
RMD160 (vault-1.5.0.tar.gz) = 628ec25d71fe3e76bdac0f7949388b876e41ec2c
SHA512 (vault-1.5.0.tar.gz) = 245d5ea837f561d6c3832a0cb28d851dabe908fac2be7e53d3fd466689778d67b2cd5d9ea8c297f8daceb003c571a9768254a7e27d1fbeb1a376ac75e3c6edfb
Size (vault-1.5.0.tar.gz) = 34940170 bytes
SHA1 (vault-1.5.3.tar.gz) = ca11b81ffe657004023bd0388665bfe35ffe5962
RMD160 (vault-1.5.3.tar.gz) = ad3b62e2e799c326dea17ea152b1a3b149fc10ea
SHA512 (vault-1.5.3.tar.gz) = 2eaeabf939c20e914319f0038f7b2cea219618a5f830a7d250f4de447b1b7e9fab9fee611752fcd26086b67c3b5e32f403a88d4e7da1d94f34570e1a210bc4f8
Size (vault-1.5.3.tar.gz) = 35123873 bytes
SHA1 (patch-vendor_github.com_docker_docker_client_client__unix.go) = 51a400f6adaa6abe4cd42c31cfba4f037d9d81e5
SHA1 (patch-vendor_github.com_docker_docker_pkg_system_stat__netbsd.go) = 125e35b6f5e9a0cdec8c0a5e0b7c67cc326467ea
SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_system_stat__netbsd.go) = 723ce00bc56771008074e5d77efd465501fda2bb