news/tin tweaks:
- add hidden dep on uriparser, found by Hugo Villeneuve
- switch from pcre to pcre2
- remove some bogus SITES entries, add an https to the top of the list
Adjust the doorbell write functions to prepare for notification queues
used by newer hardware. No functional change for the already
supported generations.
also tested by stsp@ as part of a larger diff
ok dlg@
Do not write before buffer when parsing empty clipboard or palette
replies, or try to allocate zero bytes with an empty clipboard sequence.
Reported by DongHan Kim.
www/nginx: drop patch merged upstream in 1.28.1
should have been removed in the 1.28.2 backport, my bad
reported by Steven Surdock via robert@, thanks !
Security update to vaultwarden-1.35.3
GHSA-h265-g7rm-h337 (Publication in process, waiting for CVE
assignment). This vulnerability would allow an authenticated attacker
that is part of an organization to access items from collections to
which the attacker does not belong.
Changes:
https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.3
Patched Cargo.toml to allow building with Rust 1.90.0.
Security update to vaultwarden-1.35.3
GHSA-h265-g7rm-h337 (Publication in process, waiting for CVE
assignment). This vulnerability would allow an authenticated attacker
that is part of an organization to access items from collections to
which the attacker does not belong.
Changes:
https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.3
pfr_attach_table() needs wait flag.
Calling pool_get() without wait flag is not allowed. pf(4) ioctl
has to use PR_WAITOK in pf_sourcelim_add().
Reported-by: syzbot+45ec6dfe5d4c3a0dd374 at syzkaller.appspotmail.com
OK dlg@