Path to this page:
Subject: CVS commit: [pkgsrc-2017Q3] pkgsrc/sysutils/consul
From: S.P.Zeidler
Date: 2017-10-18 19:38:04
Message id: 20171018173804.9801BFBC7@cvs.NetBSD.org
Log Message:
Pullup ticket #5581 - requested by bsiegert
sysutils/consul: security update
Revisions pulled up:
- sysutils/consul/Makefile 1.23
- sysutils/consul/distinfo 1.18
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: fhajny
Date: Tue Oct 17 11:39:57 UTC 2017
Modified Files:
pkgsrc/sysutils/consul: Makefile distinfo
Log Message:
Update sysutils/consul to 1.0.0
SECURITY:
- Fixed an XSS issue with Consul's built-in web UI where node names
were not being properly escaped.
BREAKING CHANGES:
- Raft Protocol Now Defaults to 3
- Config Files Require an Extension
- Deprecated Options Have Been Removed
- `statsite_prefix` Renamed to `metrics_prefix`
- `advertise_addrs` Removed
- Escaping Behavior Changed for go-discover Configs
- HTTP Verbs are Enforced in Many HTTP APIs
- Unauthorized KV Requests Return 403
- Config Section of Agent Self Endpoint has Changed
- Deprecated `configtest` Command Removed
- Undocumented Flags in `validate` Command Removed
- Metric Names Updated
- Checks Validated On Agent Startup
FEATURES:
- Support for HCL Config Files
- Support for Binding to Multiple Addresses
- Support for RFC1434 DNS TXT records
- Support for Running Subproccesses Directly Without a Shell
- Sentinel Integration
IMPROVEMENTS:
- agent: Added support to detect public IPv4 and IPv6 addresses on
AWS.
- agent: Improved /v1/operator/raft/configuration endpoint which
allows Consul to avoid an extra agent RPC call for the `consul
operator raft list-peers` command.
- agent: Improved ACL system for the KV store to support list
permissions. This behavior can be opted in. For more information,
see the ACL Guide].
- agent: Updates miekg/dns library to later version to pick up bug
fixes and improvements.
- agent: Added automatic retries to the RPC path, and a brief RPC
drain time when servers leave. These changes make Consul more robust
during graceful leaves of Consul servers, such as during upgrades, and
help shield applications from "no leader" errors. These are \
configured
with new `performance` options.
- agent: Added a new `discard_check_output` agent-level configuration
option that can be used to trade off write load to the Consul
servers vs. visibility of health check output. This is reloadable so
it can be toggled without fully restarting the agent.
- api: Updated the API client to ride out network errors when
monitoring locks and semaphores.
- build: Updated Go toolchain to version 1.9.1.
- cli: `consul lock` and `consul watch` commands will forward `TERM`
and `KILL` signals to their child subprocess.
- cli: Added support for autocompletion].
- server: Updated BoltDB to final version 1.3.1.
- server: Improved dead member reap algorithm to fix edge cases where
servers could get left behind.
BUG FIXES:
- agent: Fixed an issue where disabling both the http and https
interfaces would cause a watch-related error on agent startup, even
when no watches were defined.
- agent: Added an additional step to kill health check scripts that
timeout on all platforms except Windows, and added a wait so that
it's not possible to run multiple instances of the same health check
script at the same time.
- cli: If the `consul operator raft list-peers` command encounters an
error it will now exit with a non-zero exit code.
- cli: CLI commands will now show help for all of their arguments.
- server: Fixed an issue where the leader server could get into a
state where it was no longer performing the periodic leader loop
duties and unable to serve consistent reads after a barrier timeout
error.
Full (unabridged) changelog:
https://github.com/hashicorp/consul/blob/v1.0.0/CHANGELOG.md
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 pkgsrc/sysutils/consul/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/sysutils/consul/distinfo
Files: