From faa9a865a99057924fda8734c53365f6c335adca Mon Sep 17 00:00:00 2001 From: Iku Iwasa Date: Sat, 30 May 2020 14:41:02 +0900 Subject: [PATCH] vault: Update to 1.4.2 SECURITY: * core: Proxy environment variables are now redacted before being logged, in case the URLs include a username:password. This vulnerability, CVE-2020-13223, is fixed in 1.3.6 and 1.4.2, but affects 1.4.0 and 1.4.1, as well as older versions of Vault [GH-9022] * secrets/gcp: Fix a regression in 1.4.0 where the system TTLs were being used instead of the configured backend TTLs for dynamic service accounts. This vulnerability is CVE-2020-12757. [GH-85] IMPROVEMENTS: * storage/raft: The storage stanza now accepts leader_ca_cert_file, leader_client_cert_file, and leader_client_key_file parameters to read and parse TLS certificate information from paths on disk. Existing non-path based parameters will continue to work, but their values will need to be provided as a single-line string with newlines delimited by \n. [GH-8894] * storage/raft: The vault status CLI command and the sys/leader API now contain the committed and applied raft indexes. [GH-9011] BUG FIXES: * auth/aws: Fix token renewal issues caused by the metadata changes in 1.4.1 [GH-8991] * auth/ldap: Fix 1.4.0 regression that could result in auth failures when LDAP auth config includes upndomain. [GH-9041] * secrets/ad: Forward rotation requests from standbys to active clusters [GH-66] * secrets/database: Prevent generation of usernames that are not allowed by the MongoDB Atlas API [GH-9] * secrets/database: Return an error if a manual rotation of static account credentials fails [GH-9035] * secrets/openldap: Forward all rotation requests from standbys to active clusters [GH-9028] * secrets/transform (enterprise): Fix panic that could occur when accessing cached template entries, such as a requests that accessed templates directly or indirectly from a performance standby node. * serviceregistration: Fix a regression for Consul service registration that ignored using the listener address as the redirect address unless api_addr was provided. It now properly uses the same redirect address as the one used by Vault's Core object. [GH-8976] * storage/raft: Advertise the configured cluster address to the rest of the nodes in the raft cluster. This fixes an issue where a node advertising 0.0.0.0 is not using a unique hostname. [GH-9008] * storage/raft: Fix panic when multiple nodes attempt to join the cluster at once. [GH-9008] * sys: The path provided in sys/internal/ui/mounts/:path is now namespace-aware. This fixes an issue with vault kv subcommands that had namespaces provided in the path returning permission denied all the time. [GH-8962] * ui: Fix snowman that appears when namespaces have more than one period [GH-8910] --- vault/Makefile | 2 +- vault/distinfo | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/vault/Makefile b/vault/Makefile index adc6d06617..c999c57f99 100644 --- a/vault/Makefile +++ b/vault/Makefile @@ -1,6 +1,6 @@ # $NetBSD$ -DISTNAME= vault-1.4.1 +DISTNAME= vault-1.4.2 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GITHUB:=hashicorp/} diff --git a/vault/distinfo b/vault/distinfo index 45c370b58e..a1a6b1d9a1 100644 --- a/vault/distinfo +++ b/vault/distinfo @@ -1,8 +1,8 @@ $NetBSD$ -SHA1 (vault-1.4.1.tar.gz) = 20fbc32df2ead528e9f2029758a643c559516e2f -RMD160 (vault-1.4.1.tar.gz) = 0548c4e32c3c51c8025f3706fcfa7d1eef81d145 -SHA512 (vault-1.4.1.tar.gz) = 25df993d08ebbb8f9829113cd808b5d332808a0f24ebff8acf17caaab6932ad46bfb5e551593cefa50228701daa9b32dfda4405d3d35fb106e2fd0ea1bd8b903 -Size (vault-1.4.1.tar.gz) = 33149331 bytes +SHA1 (vault-1.4.2.tar.gz) = 1fa6ef69a56719bda1022b0503766bbcce74f019 +RMD160 (vault-1.4.2.tar.gz) = c2c8d1ce32c9c511f55693a0dfb280f7a1c74641 +SHA512 (vault-1.4.2.tar.gz) = d4f2a426a4c0531cca0d3812c2e29ebc5ebbd6da2897d3ee57fe57d4dfde0395f30713cfe21600b4dd51fdc90bf2a10527957b04c8215bd185bd502267f93503 +Size (vault-1.4.2.tar.gz) = 33158384 bytes SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_system_stat__netbsd.go) = 723ce00bc56771008074e5d77efd465501fda2bb SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_term_termios__bsd.go) = 9696daf0158de14d8756748b0dc5398be9ff64f4