update to got-0.123
- make gotsys-write-conf configure clone-urls for all accessible repositories
- ensure visitors see the repository index page after logging into gotwebd
- make 'gotadmin cleanup' run even if HEAD points at a non-existent branch
- gotsys.conf.5 and got.1 wording and markup fixes
- replace obsolete tmppath pledge in got-notify-http with wpath+cpath & unveil
- avoid a malloc/free dance per parsed tree entry in got-read-pack
- stop using the pack delta-cache in got-read-pack, cache-less is faster here
- fix double-free in error path of the 'gotadmin pack' commit coloring phase
- store first-level object_idset hash table entries inline to avoid malloc/free
- avoid doing asprintf/free per tree entry in got_pack_load_tree_entries()
- avoid a per tree-entry memcpy() in got-read-pack enumerate_tree()
- avoid deltifying packed delta-base objects to speed up pack file generation
- cache fewer but larger deltas in delta-cache to speed up got-index-pack
Add a temporary patch to remove tmppath from pledge in favour of
unveil(_PATH_TMP)+pledge("rpath wpath cpath").
This patch is to bridge the time until a new release of dkimsign can be
made.
OK op@ kirill@
Security update to vaultwarden-1.35.4
This release contains security fixes:
- GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to
access a cipher from a different user (fully encrypted) if they
already know its internal UUID.
- GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with
manager-level access within an organization to modify collections they
can access, even if they do not have management permissions for them.
- GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with
manager-level access within an organization to modify collections they
are not assigned. These are private for now, pending CVE assignment.
Changes: https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.4
