---
- branch: MAIN
  date: Wed May 10 18:21:27 UTC 2017
  files:
  - new: '1.12'
    old: '1.11'
    path: pkgsrc/security/vault/Makefile
    pathrev: pkgsrc/security/vault/Makefile@1.12
    type: modified
  - new: '1.7'
    old: '1.6'
    path: pkgsrc/security/vault/distinfo
    pathrev: pkgsrc/security/vault/distinfo@1.7
    type: modified
  id: 20170510T182127Z.55fe67a4d36c6f6ed80929f42d108ec72779adbe
  log: |
    Update security/vault to 0.7.2.

    0.7.2 (May 8th, 2017)

    BUG FIXES:

    - audit: Fix auditing entries containing certain kinds of time values

    0.7.1 (May 5th, 2017)

    DEPRECATIONS/CHANGES:

    - LDAP Auth Backend: Group membership queries will now run as the
      binddn user when binddn/bindpass are configured, rather than as the
      authenticating user as was the case previously.

    FEATURES:

    - AWS IAM Authentication
    - MSSQL Physical Backend
    - Lease Listing and Lookup
    - TOTP Secret Backend
    - Database Secret Backend & Secure Plugins (Beta)

    IMPROVEMENTS:

    - auth/cert: Support for constraints on subject Common Name and
      DNS/email Subject Alternate Names in certificates
    - auth/ldap: Use the binding credentials to search group membership
      rather than the user credentials
    - cli/revoke: Add -self option to allow revoking the currently active
      token
    - core: Randomize x coordinate in Shamir shares
    - tidy: Improvements to auth/token/tidy and sys/leases/tidy to handle
      more cleanup cases
    - secret/pki: Add no_store option that allows certificates to be
      issued without being stored. This removes the ability to look up
      and/or add to a CRL but helps with scaling to very large numbers of
      certificates.
    - secret/pki: If used with a role parameter, the sign-verbatim/<role>
      endpoint honors the values of generate_lease, no_store, ttl and
      max_ttl from the given role
    - secret/pki: Add role parameter allow_glob_domains that enables
      defining names in allowed_domains containing * glob patterns
    - secret/pki: Update certificate storage to not use characters that
      are not supported on some filesystems
    - storage/etcd3: Add discovery_srv option to query for SRV records to
      find servers
    - storage/s3: Support max_parallel option to limit concurrent
      outstanding requests
    - storage/s3: Use pooled transport for http client
    - storage/swift: Allow domain values for V3 authentication

    BUG FIXES:

    - api: Respect a configured path in Vault's address
    - auth/aws-ec2: New bounds added as criteria to allow role creation
    - auth/ldap: Don't lowercase groups attached to users
    - cli: Don't panic if vault write is used with the force flag but no
      path
    - core: Help operations should request forward since standbys may not
      have appropriate info
    - replication: Fix enabling secondaries when certain mounts already
      existed on the primary
    - secret/mssql: Update mssql driver to support queries with colons
    - secret/pki: Don't lowercase O/OU values in certs
    - secret/pki: Don't attempt to validate IP SANs if none are provided
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/vault'
  unixtime: '1494440487'
  user: fhajny