Subject: CVS commit: pkgsrc/security/vaultwarden
From: Hauke Fath
Date: 2023-02-22 17:28:37
Message id: 20230222162837.7EBCBFA90@cvs.NetBSD.org
Log Message:
Upgrade security/vaultwarden to v1.27

From upstream's excuse for a changelog:

1.27.0 Latest

New features

Event logs for organizations

With this feature enabled, actions occurring inside an organization
will be recorded in a log, viewable by organization admins and
owners. Check the official documentation to learn more:
https://bitwarden.com/help/event-logs/ (Note that the Public API is
not yet implemented, so the events are only viewable in the Web Vault)

To enable this feature, set ORG_EVENTS_ENABLED=true. By default all
events will be stored indefinitely, if you want to limit that, you can
use the EVENTS_DAYS_RETAIN option. You can also tune the cleanup
schedule with EVENT_CLEANUP_SCHEDULE.  Group support (beta)

Enables the creation and use of groups inside an organization. At the
moment this is in beta because there are some known issues
(#2989). Still, the more this feature is tested, the faster we will be
able to stabilize it.

To enable this feature, set ORG_GROUPS_ENABLED=true, make sure to make
proper backups of your instance before hand.

What's Changed
    Group support | applied .diff by @MFijak in #2846
    Add Organizational event logging feature by @BlackDex in #2868
    Updated web vault to 2022.12.0 by @dani-garcia
    Update diesel to 2.0.2 by @dani-garcia in #2724
    Limit Cipher Note encrypted string size by @BlackDex in #2945
    fix invitations of new users when mail is disabled by @stefan0xC in #2773
    attach images in email by @stefan0xC in #2784
    allow registration without invite link by @stefan0xC in #2799
    Fix master password hint update not working. by @BlackDex in #2834
    Sync global_domains.json by @jjlin in #2840
    verify email on registration by invite by @stefan0xC in #2804
    Take ROCKET_ADDRESS into account in the Docker healthcheck by @jjlin in #2844
    Update github workflows by @BlackDex in #2852
    feat: Bump web-vault to v2022.10.1 by @GeekCornerGH in #2859
    Update Rust version, deps and workflow by @BlackDex in #2888
    Add /devices/knowndevice endpoint by @BlackDex in #2893
    fix: removed a double space by @GeekCornerGH in #2894
    Support Org Export for v2022.11 clients by @BlackDex in #2899
    Use constant size generic parameter for random bytes generation
	by @samueltardieu in #2910
    Update config comment to reflect rfc8314. by @skid9000 in #2911
    Set "Bypass admin page security" as read-only by @BlackDex in #2918
    Fully remove DuckDuckGo email service. by @BlackDex in #2919
    Added missing register endpoint to identity by @BlackDex in #2920
    Prevent DNS leak when icon regex is configured by @BlackDex in #2921
    Update settings description by @karbobc in #2928
    allow managers to set groups of a collection by @stefan0xC in #2933
    Update Vaultwarden Logo's by @BlackDex in #2940
    check if sqlite folder exists by @stefan0xC in #2873
    redirect to admin login page when forward fails by @stefan0xC in #2886
    Cleanups and Fixes for Emergency Access by @BlackDex in #2936
    Update dependencies for Rust and Admin interface. by @BlackDex in #2941
    Fix admin repost warning. by @BlackDex in #2953
    Add dev-only query logging support by @BlackDex in #2954
    Fix managers and groups link by @BlackDex in #2947
    use a custom 404 page by @stefan0xC in #2948
    Increase privacy of masked config by @BlackDex in #2963
    Improve comments by @tessus in #2969
    use black favicon for /admin by @tessus in #2970
    Remove ctrlc crate and some updates by @BlackDex in #2971
    Fix org export (again) by @BlackDex in #2973
    Revert collection queries back to left_join by @BlackDex in #2976
    Fix recover-2fa not working. by @BlackDex in #2994
    Disable groups by default and Some optimizations by @BlackDex in #2995
    Fix a panic during Yubikey register/login by @BlackDex in #3006

1.26.0
What's Changed

    Updated web vault to v2022.10.0
    Fix uploads from mobile clients (and dep updates) by @BlackDex in #2675
    Update deps and Alpine image by @BlackDex in #2665
    Add support for send v2 API endpoints by @BlackDex in #2756
    External Links | Optimize behavior by @Fvbor in #2693
    Add Org user revoke feature by @BlackDex in #2698
    Change the handling of login errors. by @BlackDex in #2729
    Added support for web-vault v2022.9 by @BlackDex in #2732
    add not_found catcher for 404 errors by @stefan0xC in #2768
    Fix issue 2737, unable to create org by @BlackDex in #2738
    Rename/Fix revoke/restore endpoints by @BlackDex in #2739
    Update CSP for DuckDuckGo email forwarding by @jjlin in #2812
    check if data folder is a writable directory by @stefan0xC in #2811
    Update build workflow by @BlackDex in #2744
    fix: tooltip typo by @djbrownbear in #2746
    Update libraries and Rust version by @BlackDex in #2758
    Fix organization vault export by @BlackDex in #2765
    allow the removal of non-confirmed owners by @stefan0xC in #2772
    v2022.9.2 expects a json response while registering by @stefan0xC in #2803
    make invitation expiration time configurable by @stefan0xC in #2805
    return more descriptive JWT validation messages by @stefan0xC in #2806
    Add CreationDate to cipher response JSON by @jjlin in #2813
    fix link of license badge by @stefan0xC in #2816

Thanks to pin@ for the workaround to patch a release crate.
Files:
RevisionActionfile
1.2modifypkgsrc/security/vaultwarden/Makefile
1.2modifypkgsrc/security/vaultwarden/cargo-depends.mk
1.2modifypkgsrc/security/vaultwarden/distinfo
1.1addpkgsrc/security/vaultwarden/patches/patch-.._vendor-multer-2.0.4-src_field.rs
1.1addpkgsrc/security/vaultwarden/patches/patch-Cargo.toml