Security update to vaultwarden-1.35.4
This release contains security fixes:
- GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to
access a cipher from a different user (fully encrypted) if they
already know its internal UUID.
- GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with
manager-level access within an organization to modify collections they
can access, even if they do not have management permissions for them.
- GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with
manager-level access within an organization to modify collections they
are not assigned. These are private for now, pending CVE assignment.
Changes: https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.4
OK kirill@
update to freerdp-2.11.8
remove PORTROACH marker, this is the last 2.x release (updating is
blocked, 3.x needs a more complete posix timers implementation)
Fix build with newer versions of gradle by setting LC_CTYPE="en_US.UTF-8"
in the env. Also be more verbose when building. No change to package so
no bump. From Mikolaj Kucharski.
Removing databases/puppetdb, sysutils/ruby-facter, sysutils/puppetserver,
sysutils/ruby-puppet, sysutils/ruby-puppetserver-ca.
openvox equivalents will take over.
OK kn@
Add @pkgpath and @conflict to openvoxdb, openvox-server, i
ruby-openvoxserver-ca, ruby-openvox, ruby-openfact and package renamings i
from puppet -> openvox equivalents to provide a working upgrade path.
OK kn@