vault: Update to 1.4.2

SECURITY:

* core: Proxy environment variables are now redacted before being logged,
  in case the URLs include a username:password. This vulnerability,
  CVE-2020-13223, is fixed in 1.3.6 and 1.4.2, but affects 1.4.0 and 1.4.1,
  as well as older versions of Vault [GH-9022]
* secrets/gcp: Fix a regression in 1.4.0 where the system TTLs were being
  used instead of the configured backend TTLs for dynamic service
  accounts. This vulnerability is CVE-2020-12757. [GH-85]

IMPROVEMENTS:

* storage/raft: The storage stanza now accepts leader_ca_cert_file,
  leader_client_cert_file, and leader_client_key_file parameters to read and
  parse TLS certificate information from paths on disk. Existing non-path
  based parameters will continue to work, but their values will need to be
  provided as a single-line string with newlines delimited by \n. [GH-8894]
* storage/raft: The vault status CLI command and the sys/leader API now
  contain the committed and applied raft indexes. [GH-9011]

BUG FIXES:

* auth/aws: Fix token renewal issues caused by the metadata changes in
  1.4.1 [GH-8991]
* auth/ldap: Fix 1.4.0 regression that could result in auth failures when
  LDAP auth config includes upndomain. [GH-9041]
* secrets/ad: Forward rotation requests from standbys to active clusters
  [GH-66]
* secrets/database: Prevent generation of usernames that are not allowed by
  the MongoDB Atlas API [GH-9]
* secrets/database: Return an error if a manual rotation of static account
  credentials fails [GH-9035]
* secrets/openldap: Forward all rotation requests from standbys to active
  clusters [GH-9028]
* secrets/transform (enterprise): Fix panic that could occur when accessing
  cached template entries, such as a requests that accessed templates
  directly or indirectly from a performance standby node.
* serviceregistration: Fix a regression for Consul service registration
  that ignored using the listener address as the redirect address unless
  api_addr was provided. It now properly uses the same redirect address as
  the one used by Vault's Core object. [GH-8976]
* storage/raft: Advertise the configured cluster address to the rest of the
  nodes in the raft cluster. This fixes an issue where a node advertising
  0.0.0.0 is not using a unique hostname. [GH-9008]
* storage/raft: Fix panic when multiple nodes attempt to join the cluster
  at once. [GH-9008]
* sys: The path provided in sys/internal/ui/mounts/:path is now
  namespace-aware. This fixes an issue with vault kv subcommands that had
  namespaces provided in the path returning permission denied all the
  time. [GH-8962]
* ui: Fix snowman that appears when namespaces have more than one period
  [GH-8910]

vault/Makefile

@@ -1,6 +1,6 @@
 # $NetBSD$
 
-DISTNAME=	vault-1.4.1
+DISTNAME=	vault-1.4.2
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GITHUB:=hashicorp/}
 

vault/distinfo

@@ -1,8 +1,8 @@
 $NetBSD$
 
-SHA1 (vault-1.4.1.tar.gz) = 20fbc32df2ead528e9f2029758a643c559516e2f
-RMD160 (vault-1.4.1.tar.gz) = 0548c4e32c3c51c8025f3706fcfa7d1eef81d145
-SHA512 (vault-1.4.1.tar.gz) = 25df993d08ebbb8f9829113cd808b5d332808a0f24ebff8acf17caaab6932ad46bfb5e551593cefa50228701daa9b32dfda4405d3d35fb106e2fd0ea1bd8b903
-Size (vault-1.4.1.tar.gz) = 33149331 bytes
+SHA1 (vault-1.4.2.tar.gz) = 1fa6ef69a56719bda1022b0503766bbcce74f019
+RMD160 (vault-1.4.2.tar.gz) = c2c8d1ce32c9c511f55693a0dfb280f7a1c74641
+SHA512 (vault-1.4.2.tar.gz) = d4f2a426a4c0531cca0d3812c2e29ebc5ebbd6da2897d3ee57fe57d4dfde0395f30713cfe21600b4dd51fdc90bf2a10527957b04c8215bd185bd502267f93503
+Size (vault-1.4.2.tar.gz) = 33158384 bytes
 SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_system_stat__netbsd.go) = 723ce00bc56771008074e5d77efd465501fda2bb
 SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_term_termios__bsd.go) = 9696daf0158de14d8756748b0dc5398be9ff64f4