Received: by mail.netbsd.org (Postfix, from userid 605) id 0D28084D8A; Tue, 26 Sep 2017 07:41:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 93CF784D28 for ; Tue, 26 Sep 2017 07:41:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id XKVQWa7hB3ge for ; Tue, 26 Sep 2017 07:41:15 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 0004284CE2 for ; Tue, 26 Sep 2017 07:41:14 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id E5907FA9C; Tue, 26 Sep 2017 07:41:14 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1506411674285210" MIME-Version: 1.0 Date: Tue, 26 Sep 2017 07:41:14 +0000 From: "Filip Hajny" Subject: CVS commit: pkgsrc/security/vault To: pkgsrc-changes@NetBSD.org Reply-To: fhajny@netbsd.org X-Mailer: log_accum Message-Id: <20170926074114.E5907FA9C@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1506411674285210 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: fhajny Date: Tue Sep 26 07:41:14 UTC 2017 Modified Files: pkgsrc/security/vault: Makefile distinfo Log Message: Update security/vault to 0.8.3. CHANGES: - Policy input/output standardization: For all built-in authentication backends, policies can now be specified as a comma-delimited string or an array if using JSON as API input; on read, policies will be returned as an array; and the `default` policy will not be forcefully added to policies saved in configurations. Please note that the `default` policy will continue to be added to generated tokens, however, rather than backends adding `default` to the given set of input policies (in some cases, and not in others), the stored set will reflect the user-specified set. - `sign-self-issued` modifies Issuer in generated certificates: In 0.8.2 the endpoint would not modify the Issuer in the generated certificate, leaving the output self-issued. Although theoretically valid, in practice crypto stacks were unhappy validating paths containing such certs. As a result, `sign-self-issued` now encodes the signing CA's Subject DN into the Issuer DN of the generated certificate. - `sys/raw` requires enabling: While the `sys/raw` endpoint can be extremely useful in break-glass or support scenarios, it is also extremely dangerous. As of now, a configuration file option `raw_storage_endpoint` must be set in order to enable this API endpoint. Once set, the available functionality has been enhanced slightly; it now supports listing and decrypting most of Vault's core data structures, except for the encryption keyring itself. - `generic` is now `kv`: To better reflect its actual use, the `generic` backend is now `kv`. Using `generic` will still work for backwards compatibility. FEATURES: - GCE Support for GCP Auth: GCE instances can now authenticate to Vault using machine credentials. - Support for Kubernetes Service Account Auth: Kubernetes Service Accounts can now authenticate to vault using JWT tokens. IMPROVEMENTS: - configuration: Provide a config option to store Vault server's process ID (PID) in a file - mfa (Enterprise): Add the ability to use identity metadata in username format - mfa/okta (Enterprise): Add support for configuring base_url for API calls - secret/pki: `sign-intermediate` will now allow specifying a `ttl` value longer than the signing CA certificate's NotAfter value. - sys/raw: Raw storage access is now disabled by default BUG FIXES: - auth/okta: Fix regression that removed the ability to set base_url - core: Fix panic while loading leases at startup on ARM processors - secret/pki: Fix `sign-self-issued` encoding the wrong subject public key To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/vault/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/vault/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1506411674285210 Content-Disposition: inline Content-Length: 1590 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/vault/Makefile diff -u pkgsrc/security/vault/Makefile:1.17 pkgsrc/security/vault/Makefile:1.18 --- pkgsrc/security/vault/Makefile:1.17 Wed Sep 6 11:44:07 2017 +++ pkgsrc/security/vault/Makefile Tue Sep 26 07:41:14 2017 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.17 2017/09/06 11:44:07 fhajny Exp $ +# $NetBSD: Makefile,v 1.18 2017/09/26 07:41:14 fhajny Exp $ -DISTNAME= vault-0.8.2 +DISTNAME= vault-0.8.3 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GITHUB:=hashicorp/} Index: pkgsrc/security/vault/distinfo diff -u pkgsrc/security/vault/distinfo:1.11 pkgsrc/security/vault/distinfo:1.12 --- pkgsrc/security/vault/distinfo:1.11 Wed Sep 6 11:44:07 2017 +++ pkgsrc/security/vault/distinfo Tue Sep 26 07:41:14 2017 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.11 2017/09/06 11:44:07 fhajny Exp $ +$NetBSD: distinfo,v 1.12 2017/09/26 07:41:14 fhajny Exp $ -SHA1 (vault-0.8.2.tar.gz) = 7f313e711b4e0331b933dfa61fbbfc2b807abc5a -RMD160 (vault-0.8.2.tar.gz) = 88f1b6d8530beb4ec3a9fbdbc138bd6f2931c93a -SHA512 (vault-0.8.2.tar.gz) = 279056211aefbab09b6533ce5b0fea355511a84c3f21cbbae0fa08b0affd2254fcd0a9479a317d07e9b99c5a2bd6d8c9caa5c32f14f73b21d8c4be3f24345669 -Size (vault-0.8.2.tar.gz) = 7293367 bytes +SHA1 (vault-0.8.3.tar.gz) = dc346bdd2a9ee521eb04a6452d5d838736eea0ef +RMD160 (vault-0.8.3.tar.gz) = b8a169e0fa9aa6c4f020d87c739d28b6b50c6d78 +SHA512 (vault-0.8.3.tar.gz) = e2b273ebb761246f6d85fc040d911a3f3a7beb0951fed4adcbe5df4106dd0cb013328b5816ef4153b2c4d363f7f2a14ae1c82bae9baaea74ef707ff0934d6c8d +Size (vault-0.8.3.tar.gz) = 8128509 bytes --_----------=_1506411674285210--