Subject: CVS commit: pkgsrc/security/vault
From: Havard Eidnes
Date: 2021-05-30 19:37:53
Message id: 20210530173753.70FF0FA95@cvs.NetBSD.org

Log Message:
Upgrade security/vault to version 1.6.5.

Pkgsrc changes:
 * None

Upstream changes:

v1.6.5:
May 20th, 2021

SECURITY:
 * Non-Expiring Leases: Vault and Vault Enterprise renewed
   nearly-expiring token leases and dynamic secret leases with a
   zero-second TTL, causing them to be treated as non-expiring,
   and never revoked. This issue affects Vault and Vault Enterprise
   versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5,
   and 1.7.2 (CVE-2021-32923).

CHANGES:
 * agent: Update to use IAM Service Account Credentials endpoint
   for signing JWTs when using GCP Auto-Auth method [GH-11473]
 * auth/gcp: Update to v0.8.1 to use IAM Service Account Credentials
   API for signing JWTs [GH-11498]

BUG FIXES:
 * core (enterprise): Fix plugins mounted in namespaces being
   unable to use password policies [GH-11596]
 * core: correct logic for renewal of leases nearing their expiration
   time. [GH-11650]
 * secrets/database: Fix marshalling to allow providing numeric
   arguments to external database plugins. [GH-11451]
 * secrets/database: Fixes issue for V4 database interface where
   SetCredentials wasn't falling back to using RotateRootCredentials
   if SetCredentials is Unimplemented [GH-11585]
 * ui: Fix namespace-bug on login [GH-11182]

v1.6.4:
April 21, 2021
Release vault v1.6.4

v1.6.3
February 25, 2021

SECURITY:
 * Limited Unauthenticated License Read: We addressed a security
   vulnerability that allowed for the unauthenticated reading of
   Vault licenses from DR Secondaries. This vulnerability affects
   Vault and Vault Enterprise and is fixed in 1.6.3 (CVE-2021-27668).

CHANGES:
 * secrets/mongodbatlas: Move from whitelist to access list API [GH-10966]

IMPROVEMENTS:
 * ui: Clarify language on usage metrics page empty state [GH-10951]

BUG FIXES:
 * auth/kubernetes: Cancel API calls to TokenReview endpoint when
   request context is closed [GH-10930]
 * core/identity: Fix deadlock in entity merge endpoint. [GH-10877]
 * quotas: Fix duplicate quotas on performance standby nodes. [GH-10855]
 * quotas/rate-limit: Fix quotas enforcing old rate limit quota paths [GH-10689]
   replication (enterprise): Don't write request count data on DR Secondaries.
 * Fixes DR Secondaries becoming out of sync approximately every 30s. [GH-10970]
 * secrets/azure (enterprise): Forward service principal credential
   creation to the primary cluster if called on a performance
   standby or performance secondary. [GH-10902]

Files:
RevisionActionfile
1.65modifypkgsrc/security/vault/Makefile
1.27modifypkgsrc/security/vault/distinfo