Path to this page:
Subject: CVS commit: pkgsrc/security/vault
From: Filip Hajny
Date: 2017-05-10 20:21:27
Message id: 20170510182127.33E78FBE4@cvs.NetBSD.org
Log Message:
Update security/vault to 0.7.2.
0.7.2 (May 8th, 2017)
BUG FIXES:
- audit: Fix auditing entries containing certain kinds of time values
0.7.1 (May 5th, 2017)
DEPRECATIONS/CHANGES:
- LDAP Auth Backend: Group membership queries will now run as the
binddn user when binddn/bindpass are configured, rather than as the
authenticating user as was the case previously.
FEATURES:
- AWS IAM Authentication
- MSSQL Physical Backend
- Lease Listing and Lookup
- TOTP Secret Backend
- Database Secret Backend & Secure Plugins (Beta)
IMPROVEMENTS:
- auth/cert: Support for constraints on subject Common Name and
DNS/email Subject Alternate Names in certificates
- auth/ldap: Use the binding credentials to search group membership
rather than the user credentials
- cli/revoke: Add -self option to allow revoking the currently active
token
- core: Randomize x coordinate in Shamir shares
- tidy: Improvements to auth/token/tidy and sys/leases/tidy to handle
more cleanup cases
- secret/pki: Add no_store option that allows certificates to be
issued without being stored. This removes the ability to look up
and/or add to a CRL but helps with scaling to very large numbers of
certificates.
- secret/pki: If used with a role parameter, the sign-verbatim/<role>
endpoint honors the values of generate_lease, no_store, ttl and
max_ttl from the given role
- secret/pki: Add role parameter allow_glob_domains that enables
defining names in allowed_domains containing * glob patterns
- secret/pki: Update certificate storage to not use characters that
are not supported on some filesystems
- storage/etcd3: Add discovery_srv option to query for SRV records to
find servers
- storage/s3: Support max_parallel option to limit concurrent
outstanding requests
- storage/s3: Use pooled transport for http client
- storage/swift: Allow domain values for V3 authentication
BUG FIXES:
- api: Respect a configured path in Vault's address
- auth/aws-ec2: New bounds added as criteria to allow role creation
- auth/ldap: Don't lowercase groups attached to users
- cli: Don't panic if vault write is used with the force flag but no
path
- core: Help operations should request forward since standbys may not
have appropriate info
- replication: Fix enabling secondaries when certain mounts already
existed on the primary
- secret/mssql: Update mssql driver to support queries with colons
- secret/pki: Don't lowercase O/OU values in certs
- secret/pki: Don't attempt to validate IP SANs if none are provided
Files: