Subject: CVS commit: pkgsrc/sysutils/consul
From: Filip Hajny
Date: 2018-07-31 14:34:55
Message id: 20180731123455.A2945FBEC@cvs.NetBSD.org

Log Message:
sysutils/consul: Update to 1.2.2

## 1.2.2 (July 30, 2018)

SECURITY:
- acl: Fixed an issue where writes operations on the Keyring and
  Operator were being allowed with a default allow policy even when
  explicitly denied in the policy.

FEATURES:

- **Alias Checks:** Alias checks allow a service or node to alias the
  health status of another service or node in the cluster.
- agent: New Cloud Auto-join providers: vSphere and Packet.net.
- cli: Added `-serf-wan-port`, `-serf-lan-port`, and `-server-port`
  flags to CLI for cases where these can't be specified in config
  files and `-hcl` is too cumbersome.
- connect: The TTL of leaf (service) certificates in Connect is now
  configurable.

IMPROVEMENTS:

- proxy: With `-register` flag, heartbeat failures will only log once
  service registration succeeds.
- http: 1.0.3 introduced rejection of non-printable chars in HTTP URLs
  due to a security vulnerability. Some users who had keys written
  with an older version which are now dissallowed were unable to delete
  them. A new config option disable_http_unprintable_char_filter is
  added to allow those users to remove the offending keys. Leaving this
  new option set long term is strongly discouraged as it bypasses
  filtering necessary to prevent some known vulnerabilities.
- agent: Allow for advanced configuration of some gossip related
  parameters.
- agent: Make some Gossip tuneables configurable via the config file
- ui: Included searching on `.Tags` when using the freetext search
  field.
- ui: Service.ID's are now shown in the Service detail page and (only
  if it is different from the service name) the Node Detail >
  [Services] tab.

BUG FIXES:

- acl/connect: Fix an issue that was causing managed proxies not to
  work when ACLs were enabled.
- connect: Fix issue with managed proxies and watches attempting to
  use a client addr that is 0.0.0.0 or ::
- connect: Allow Native and Unmanaged proxy configurations via config
  file
- connect: Fix bug causing 100% CPU on agent when Connect is disabled
  but a proxy is still running
- proxy: Don't restart proxies setup in a config file when Consul
  restarts
- ui: Display the Service.IP address instead of the Node.IP address in
  the Service detail view.
- ui: Watch for trailing slash stripping 301 redirects and forward the
  user to the correct location.
- connect: Fixed an issue in the connect native HTTP client where it
  failed to resolve service names.

## 1.2.1 (July 12, 2018)

IMPROVEMENTS:

- acl: Prevented multiple ACL token refresh operations from occurring
  simultaneously.
- acl: Add async-cache down policy mode to always do ACL token
  refreshes in the background to reduce latency.
- proxy: Pass through HTTP client env vars to managed proxies so that
  they can connect back to Consul over HTTPs when not serving HTTP.
- connect: Persist intermediate CAs on leader change.

BUG FIXES:

- api: Intention APIs parse error response body for error message.
- agent: Intention read endpoint returns a 400 on invalid UUID
- agent: Service registration with "services" does not error on
  Connect upstream configuration.
- dns: Ensure that TXT RRs dont get put in the Answer section for
  A/AAAA queries.
- dns: Ensure that only 1 CNAME is returned when querying for services
  that have non-IP service addresses.
- api: Fixed issue where `Lock` and `Semaphore` would return earlier
  than their requested timeout when unable to acquire the lock.
- watch: Fix issue with HTTPs only agents not executing watches
  properly
- agent: Managed proxies that bind to 0.0.0.0 now get a health check
  on a sane IP
- server: (Consul Enterprise) Fixed an issue causing Consul to panic
  when network areas were used
- license: (Consul Enterprise) Fixed an issue causing the snapshot
  agent to log erroneous licensing errors

Files:
RevisionActionfile
1.35modifypkgsrc/sysutils/consul/Makefile
1.27modifypkgsrc/sysutils/consul/distinfo