Commits
- Commit:
65ae940bfe462efbb8ad587ca2c2c2ca13d2b51a
- From:
- Sergey Bronnikov <sergeyb@tarantool.org>
- Date:
third_party: update libcurl from 8.3.0 to 8.4.0
The patch updates curl module to the version 8.4.0 [1] that brings a
number of functional fixes and security fix of SOCKS5 heap buffer
overflow (CVE-2023-38545), see description in [2] and commit
fb4415d8aee6 ("socks: return error if hostname too long for remote
resolve") in [3].
1. https://curl.se/changes.html#8_4_0
2. https://curl.se/docs/CVE-2023-38545.html
3. https://github.com/curl/curl/commit/fb4415d8aee6c1045be932a34fe6107c2f5ed147
NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump
- Commit:
33e72567dc4f8f745be986190be08db847f423d0
- From:
- Vladimir Davydov <vdavydov@tarantool.org>
- Via:
- Vladimir Davydov <vdavydov.dev@gmail.com>
- Date:
console: forward original URI to net.box when connecting over IPROTO
Tarantool supports two console protocols: text and binary. The binary
protocol is implemented with IPROTO EVAL request so the console module
reuses the net.box module to establish and maintain a binary connection.
Currently, instead of passing the original URI specified by the user to
net.box.connect as is, the console module parses the URI and passes the
host and port. As a result, extra information that may be specified in
URI parameters is lost. This prevents the user from connecting to the
binary console using the SSL transport because to use the SSL transport
the user must specify transport=ssl URI parameter.
Needed for tarantool/tarantool-ee#567
NO_DOC=no visible changes in CE
NO_TEST=no visible changes in CE
NO_CHANGELOG=no visible changes in CE
- Commit:
952d15827b9a299e6a13a8f0e3a0f3b0c36118cc
- From:
- Gleb Kashkin <g.kashkin@tarantool.org>
- Via:
- Alexander Turenko <totktonada.ru@gmail.com>
- Date:
config: update password hashes after auth_type change
User password is stored in a system space is a form of hash when
'chap-sha1' auth type is set, and in a form of hash with salt when
'pap-sha256' is set.
Now, if a user is set inside config, and the current auth type is
different from the type the users password is stored in, the password
hash will be regenerated.
Part of #8967
NO_DOC=documentation request will be filed manually for the whole
credentials
- Commit:
a21c0e6acf9ee1b818150d2f5ce8a40fc861f20d
- From:
- Gleb Kashkin <g.kashkin@tarantool.org>
- Via:
- Alexander Turenko <totktonada.ru@gmail.com>
- Date:
config: add lua_eval, lua_call and sql support to creds
With #8906 the object types mentioned above were introduced. They control
access to code execution over IPROTO.
This patch adds such object types support to credentials applier. Now
'execute' can be granted to a user or role for 'lua_eval', 'lua_call' and
'sql'. Note that similar to 'universe', objects can't be specified in
the config, only 'all' is allowed.
Part of #8967
NO_DOC=documentation request will be filed manually for the whole
credentials
- Commit:
095654451bc9b45f5e9a812f5a4a3dd7aa28310d
- From:
- Vladimir Davydov <vdavydov@tarantool.org>
- Via:
- Vladimir Davydov <vdavydov.dev@gmail.com>
- Date:
config: add audit_spaces and audit_extract_key parameters
The new parameters will be implemented in Tarantool Enterprise Edition.
This commit just adds configuration stubs.
Needed for tarantool/tarantool-ee#502
Needed for tarantool/tarantool-ee#503
NO_DOC=stubs for enterprise edition
NO_CHANGELOG=stubs for enterprise edition