diff --git a/_service b/_service
index 51a44a9..5740ece 100644
--- a/_service
+++ b/_service
@@ -1,9 +1,9 @@
-
+
git
https://github.com/bitwarden/clients.git
- desktop-v2023.12.1
- 2023.12.1
+ desktop-v2024.1.0
+ 2024.1.0
bitwarden
bitwarden_license/*
@@ -11,11 +11,11 @@
apps/web/*
-
+
clients/apps/desktop/desktop_native
false
-
+
clients/apps/desktop/desktop_native
diff --git a/bitwarden-2023.12.1.obscpio b/bitwarden-2023.12.1.obscpio
deleted file mode 100644
index 5e4b35a..0000000
--- a/bitwarden-2023.12.1.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2854e5cdfdcb63437260a2cd54553606ee586ae28a90a204c82bdc93adac5dcd
-size 33565197
diff --git a/bitwarden-2024.1.0.obscpio b/bitwarden-2024.1.0.obscpio
new file mode 100644
index 0000000..6bf99dc
--- /dev/null
+++ b/bitwarden-2024.1.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:24547d8697de13c78c6d9bd02d73ff28eb6ea95335f379d40c10660f10990869
+size 33978381
diff --git a/bitwarden.changes b/bitwarden.changes
index c1c293d..dcca1c6 100644
--- a/bitwarden.changes
+++ b/bitwarden.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Jan 10 18:58:11 UTC 2024 - Bruno Pitrus
+
+- New upstream release 2024.1.0
+ * Added password complexity checks to password protected export
+ * Disallow XXE in import
+ * Bug-fixes for imports
+ * Bug-fix for minimum/maximum values in generator
+ * Bug-fix for screen-readers not announcing stored passkeys
+
-------------------------------------------------------------------
Thu Dec 21 19:46:36 UTC 2023 - Bruno Pitrus
diff --git a/bitwarden.obsinfo b/bitwarden.obsinfo
index 995c662..c764225 100644
--- a/bitwarden.obsinfo
+++ b/bitwarden.obsinfo
@@ -1,4 +1,4 @@
name: bitwarden
-version: 2023.12.1
-mtime: 1703171146
-commit: 2502ac1d41341c795f336c3482b53408c98d2836
+version: 2024.1.0
+mtime: 1704813171
+commit: e8a54a70a5d136d4e0d7ccdb15d5056d681c3f47
diff --git a/bitwarden.spec b/bitwarden.spec
index d21d54d..94cf37e 100644
--- a/bitwarden.spec
+++ b/bitwarden.spec
@@ -18,7 +18,7 @@
#
Name: bitwarden
-Version: 2023.12.1
+Version: 2024.1.0
Release: 0
Summary: A secure and free password manager for all of your devices
Group: Productivity/Security
@@ -45,7 +45,6 @@ Source2: bitwarden.sh
Source3: bitwarden.desktop
Source4: vendor.tar.zst
-Source5: cargo_config
Source99: prepare-node-vendor.sh
@@ -140,8 +139,6 @@ mkdir %{_builddir}/cargo
#Rust config
cd apps/desktop/desktop_native
-mkdir -pv .cargo
-cp -pv %SOURCE5 .cargo/config
tar --zstd -xf %SOURCE4
# Make `node` and `npm` binaries refer to Electron
diff --git a/cargo_config b/cargo_config
deleted file mode 100644
index 97852b5..0000000
--- a/cargo_config
+++ /dev/null
@@ -1,5 +0,0 @@
-[source.crates-io]
-replace-with = "vendored-sources"
-
-[source.vendored-sources]
-directory = "vendor"
diff --git a/do-not-install-font-privately.patch b/do-not-install-font-privately.patch
index 5aecd52..13dc269 100644
--- a/do-not-install-font-privately.patch
+++ b/do-not-install-font-privately.patch
@@ -2,13 +2,14 @@ Fonts in general-purpose formats such as Type1, OpenType TT (TTF) or OpenType CF
--- a/libs/angular/src/scss/bwicons/styles/style.scss
+++ b/libs/angular/src/scss/bwicons/styles/style.scss
-@@ -2,16 +2,6 @@
+@@ -2,17 +2,6 @@ $icomoon-font-family: "bwi-font" !defaul
$icomoon-font-path: "~@bitwarden/angular/src/scss/bwicons/fonts/" !default;
// New font sheet? Update the font-face information below
-@font-face {
- font-family: "#{$icomoon-font-family}";
-- src: url($icomoon-font-path + "bwi-font.svg") format("svg"),
+- src:
+- url($icomoon-font-path + "bwi-font.svg") format("svg"),
- url($icomoon-font-path + "bwi-font.ttf") format("truetype"),
- url($icomoon-font-path + "bwi-font.woff") format("woff"),
- url($icomoon-font-path + "bwi-font.woff2") format("woff2");
diff --git a/node-vendor.tar.zst b/node-vendor.tar.zst
index b78c916..1a7ffd4 100644
--- a/node-vendor.tar.zst
+++ b/node-vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:e5e2f39001c492c6f549af78caa54e328f8e59c8526ca9ecacc1f65ad3bd180c
-size 37749763
+oid sha256:6ba0b5387d9d6e35459aae93fa7478dc1cefc62217d3662fda5e9524ca3d646b
+size 37739132
diff --git a/remove-unnecessary-deps.patch b/remove-unnecessary-deps.patch
index ed828fd..55ad075 100644
--- a/remove-unnecessary-deps.patch
+++ b/remove-unnecessary-deps.patch
@@ -1,5 +1,7 @@
---- clients-web-v2022.9.0/package.json.old 2022-09-06 22:59:02.000000000 +0200
-+++ clients-web-v2022.9.0/package.json 2022-09-07 13:15:21.236397888 +0200
+@types/semver is normally included transitively by storybook which we delete, adding it here explicitely because it is needed for build
+
+--- clients/package.json.orig 2024-01-10 19:25:17.240793950 +0100
++++ clients/package.json 2024-01-10 19:27:21.476208838 +0100
@@ -13,7 +13,6 @@
},
"homepage": "https://bitwarden.com",
@@ -8,7 +10,7 @@
"lint": "eslint . --cache --cache-strategy content && prettier --check .",
"lint:fix": "eslint . --cache --cache-strategy content --fix",
"lint:clear": "rimraf .eslintcache",
-@@ -25,7 +24,7 @@
+@@ -26,7 +25,7 @@
"storybook": "ng run components:storybook",
"build-storybook": "ng run components:build-storybook",
"build-storybook:ci": "ng run components:build-storybook --webpack-stats-json",
@@ -17,34 +19,37 @@
},
"workspaces": [
"apps/*",
-@@ -32,53 +31,18 @@
+@@ -35,119 +34,44 @@
],
"devDependencies": {
- "@angular-devkit/build-angular": "15.2.9",
+ "@angular-devkit/build-angular": "15.2.10",
- "@angular-eslint/eslint-plugin": "15.2.1",
- "@angular-eslint/eslint-plugin-template": "15.2.1",
- "@angular-eslint/template-parser": "15.2.1",
-- "@angular/cli": "15.2.9",
- "@angular/compiler-cli": "15.2.9",
-- "@angular/elements": "15.2.9",
-- "@compodoc/compodoc": "1.1.21",
-- "@electron/notarize": "1.2.4",
-- "@electron/rebuild": "3.2.13",
- "@ngtools/webpack": "15.2.9",
-- "@storybook/addon-a11y": "7.3.0",
-- "@storybook/addon-actions": "7.3.0",
-- "@storybook/addon-designs": "7.0.4",
-- "@storybook/addon-essentials": "7.3.0",
-- "@storybook/addon-links": "7.3.0",
-- "@storybook/angular": "7.3.0",
+- "@angular/cli": "15.2.10",
+ "@angular/compiler-cli": "15.2.10",
+- "@angular/elements": "15.2.10",
+- "@compodoc/compodoc": "1.1.23",
+- "@electron/notarize": "2.2.0",
+- "@electron/rebuild": "3.4.1",
+ "@ngtools/webpack": "15.2.10",
+- "@storybook/addon-a11y": "7.6.4",
+- "@storybook/addon-actions": "7.6.4",
+- "@storybook/addon-designs": "7.0.7",
+- "@storybook/addon-essentials": "7.6.4",
+- "@storybook/addon-links": "7.6.4",
+- "@storybook/angular": "7.6.4",
+- "@storybook/addon-interactions": "7.6.4",
+- "@storybook/jest": "0.2.3",
+- "@storybook/testing-library": "0.2.2",
- "@types/argon2-browser": "1.18.1",
- "@types/chrome": "0.0.243",
"@types/duo_web_sdk": "2.7.1",
- "@types/firefox-webext-browser": "111.0.1",
- "@types/inquirer": "8.2.6",
- "@types/jest": "29.5.3",
-- "@types/jquery": "3.5.16",
-- "@types/jsdom": "21.1.1",
+ "@types/jest": "29.5.11",
+- "@types/jquery": "3.5.29",
+- "@types/jsdom": "21.1.6",
- "@types/koa": "2.13.8",
- "@types/koa__multer": "2.0.4",
- "@types/koa__router": "12.0.0",
@@ -52,114 +57,114 @@
- "@types/koa-json": "2.0.20",
- "@types/lowdb": "1.0.11",
"@types/lunr": "2.3.4",
- "@types/node": "18.17.5",
+ "@types/node": "18.19.2",
- "@types/node-fetch": "2.6.4",
- "@types/node-forge": "1.3.4",
+ "@types/node-forge": "1.3.10",
"@types/node-ipc": "9.2.0",
- "@types/papaparse": "5.3.13",
+ "@types/papaparse": "5.3.14",
- "@types/proper-lockfile": "4.1.2",
-- "@types/react": "16.14.45",
+- "@types/react": "16.14.54",
- "@types/retry": "0.12.2",
- "@types/zxcvbn": "4.4.1",
-- "@typescript-eslint/eslint-plugin": "5.62.0",
-- "@typescript-eslint/parser": "5.62.0",
++ "@types/semver": "^7.3.4",
+ "@types/zxcvbn": "4.4.4",
+- "@typescript-eslint/eslint-plugin": "6.16.0",
+- "@typescript-eslint/parser": "6.16.0",
- "@webcomponents/custom-elements": "1.6.0",
- "autoprefixer": "10.4.15",
+ "autoprefixer": "10.4.16",
- "base64-loader": "1.0.0",
"buffer": "6.0.3",
-- "chromatic": "6.22.0",
+- "chromatic": "10.0.0",
"clean-webpack-plugin": "4.0.0",
- "concurrently": "8.2.0",
+ "concurrently": "8.2.2",
"copy-webpack-plugin": "11.0.0",
-@@ -83,63 +47,25 @@
+ "cross-env": "7.0.3",
"css-loader": "6.8.1",
- "del": "6.1.1",
- "electron": "25.9.1",
+ "electron": "27.2.0",
- "electron-builder": "23.6.0",
- "electron-log": "5.0.0",
+ "electron-log": "5.0.1",
- "electron-reload": "2.0.0-alpha.1",
"electron-store": "8.1.0",
- "electron-updater": "5.3.0",
-- "eslint": "8.47.0",
-- "eslint-config-prettier": "8.10.0",
-- "eslint-import-resolver-typescript": "3.6.0",
-- "eslint-plugin-import": "2.28.0",
+ "electron-updater": "6.1.7",
+- "eslint": "8.56.0",
+- "eslint-config-prettier": "9.1.0",
+- "eslint-import-resolver-typescript": "3.6.1",
+- "eslint-plugin-import": "2.29.1",
- "eslint-plugin-rxjs": "5.0.3",
- "eslint-plugin-rxjs-angular": "2.0.1",
-- "eslint-plugin-storybook": "0.6.13",
+- "eslint-plugin-storybook": "0.6.15",
- "eslint-plugin-tailwindcss": "3.13.0",
- "gulp": "4.0.2",
-- "gulp-filter": "7.0.0",
+- "gulp-filter": "9.0.1",
- "gulp-if": "3.0.0",
-- "gulp-json-editor": "2.5.7",
+- "gulp-json-editor": "2.6.0",
- "gulp-replace": "1.1.4",
-- "gulp-zip": "5.1.0",
+- "gulp-zip": "6.0.0",
"html-loader": "4.2.0",
- "html-webpack-injector": "1.1.4",
- "html-webpack-plugin": "5.5.3",
+ "html-webpack-plugin": "5.5.4",
- "husky": "8.0.3",
- "jest-junit": "16.0.0",
"jest-mock-extended": "3.0.5",
-- "jest-preset-angular": "13.1.1",
-- "lint-staged": "13.3.0",
+- "jest-preset-angular": "13.1.4",
+- "lint-staged": "15.2.0",
"mini-css-extract-plugin": "2.7.6",
"node-ipc": "9.2.1",
- "pkg": "5.8.1",
- "postcss": "8.4.31",
+ "postcss": "8.4.32",
"postcss-loader": "7.3.3",
-- "prettier": "2.8.8",
-- "prettier-plugin-tailwindcss": "0.3.0",
+- "prettier": "3.1.1",
+- "prettier-plugin-tailwindcss": "0.5.10",
- "process": "0.11.10",
- "react": "18.2.0",
- "react-dom": "18.2.0",
"regedit": "^3.0.3",
- "remark-gfm": "3.0.1",
- "rimraf": "5.0.1",
- "sass": "1.65.1",
+ "rimraf": "5.0.5",
+ "sass": "1.69.5",
"sass-loader": "13.3.2",
-- "storybook": "7.3.0",
+- "storybook": "7.6.4",
- "style-loader": "3.3.3",
-- "tailwindcss": "3.3.3",
+- "tailwindcss": "3.3.5",
- "ts-jest": "29.1.1",
- "ts-loader": "9.4.4",
+ "ts-loader": "9.5.1",
"tsconfig-paths-webpack-plugin": "4.1.0",
- "type-fest": "2.19.0",
"typescript": "4.9.5",
-- "url": "0.11.1",
+- "url": "0.11.3",
- "util": "0.12.5",
-- "wait-on": "7.0.1",
- "webpack": "5.88.2",
+- "wait-on": "7.2.0",
+ "webpack": "5.89.0",
- "webpack-cli": "5.1.4",
- "webpack-dev-server": "4.15.1",
- "webpack-node-externals": "3.0.0"
+ "webpack-cli": "5.1.4"
},
"dependencies": {
- "@angular/animations": "15.2.9",
-@@ -148,54 +76,27 @@
- "@angular/platform-browser": "15.2.9",
- "@angular/platform-browser-dynamic": "15.2.9",
- "@angular/router": "15.2.9",
+ "@angular/animations": "15.2.10",
+@@ -159,54 +82,28 @@
+ "@angular/platform-browser": "15.2.10",
+ "@angular/platform-browser-dynamic": "15.2.10",
+ "@angular/router": "15.2.10",
- "@koa/multer": "3.0.2",
- "@koa/router": "12.0.0",
- "@microsoft/signalr": "6.0.21",
- "@microsoft/signalr-protocol-msgpack": "6.0.21",
+ "@microsoft/signalr": "6.0.25",
+ "@microsoft/signalr-protocol-msgpack": "6.0.25",
"@ng-select/ng-select": "10.0.4",
"argon2": "0.31.0",
- "argon2-browser": "1.18.0",
"big-integer": "1.6.51",
- "bootstrap": "4.6.0",
-- "braintree-web-drop-in": "1.40.0",
-- "bufferutil": "4.0.7",
+- "braintree-web-drop-in": "1.41.0",
+- "bufferutil": "4.0.8",
- "chalk": "4.1.2",
"commander": "7.2.0",
-- "core-js": "3.32.0",
+- "core-js": "3.34.0",
"duo_web_sdk": "github:duosecurity/duo_web_sdk",
- "form-data": "4.0.0",
- "https-proxy-agent": "5.0.1",
- "inquirer": "8.2.6",
-- "jquery": "3.7.0",
-- "jsdom": "22.1.0",
+- "jquery": "3.7.1",
+- "jsdom": "23.0.1",
"jszip": "3.10.1",
- "koa": "2.14.2",
- "koa-bodyparser": "4.4.1",
@@ -172,17 +177,17 @@
"node-fetch": "2.6.12",
"node-forge": "1.3.1",
"nord": "0.2.1",
- "oidc-client-ts": "2.3.0",
+ "oidc-client-ts": "2.4.0",
- "open": "8.4.2",
"papaparse": "5.4.1",
-- "patch-package": "6.5.1",
+- "patch-package": "8.0.0",
- "popper.js": "1.16.1",
- "proper-lockfile": "4.1.2",
- "qrious": "4.0.2",
"rxjs": "7.8.1",
- "tabbable": "6.2.0",
- "tldts": "6.0.14",
-- "utf-8-validate": "5.0.10",
+ "tldts": "6.1.1",
+ "utf-8-validate": "6.0.3",
"zone.js": "0.12.0",
"zxcvbn": "4.4.2"
},
diff --git a/use-node-argon2.patch b/use-node-argon2.patch
index 014ae27..5277414 100644
--- a/use-node-argon2.patch
+++ b/use-node-argon2.patch
@@ -75,7 +75,7 @@ Use node-argon2 instead of browser-argon2 as the second needs webassembly/emscri
import * as forge from "node-forge";
import { Utils } from "../../platform/misc/utils";
-@@ -9,13 +9,11 @@
+@@ -10,13 +10,11 @@ import { SymmetricCryptoKey } from "../m
export class WebCryptoFunctionService implements CryptoFunctionService {
private crypto: Crypto;
private subtle: SubtleCrypto;
@@ -89,9 +89,9 @@ Use node-argon2 instead of browser-argon2 as the second needs webassembly/emscri
}
async pbkdf2(
-@@ -52,24 +50,19 @@
+@@ -54,24 +52,19 @@ export class WebCryptoFunctionService im
memory: number,
- parallelism: number
+ parallelism: number,
): Promise {
- if (!this.wasmSupported) {
- throw "Webassembly support is required for the Argon2 KDF feature.";
@@ -124,7 +124,7 @@ Use node-argon2 instead of browser-argon2 as the second needs webassembly/emscri
}
async hkdf(
-@@ -383,20 +377,28 @@
+@@ -435,20 +428,28 @@ export class WebCryptoFunctionService im
return mode === "cbc" ? "AES-CBC" : "AES-ECB";
}
@@ -133,7 +133,7 @@ Use node-argon2 instead of browser-argon2 as the second needs webassembly/emscri
- try {
- if (typeof WebAssembly === "object" && typeof WebAssembly.instantiate === "function") {
- const module = new WebAssembly.Module(
-- Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00)
+- Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00),
- );
- if (module instanceof WebAssembly.Module) {
- return new WebAssembly.Instance(module) instanceof WebAssembly.Instance;
@@ -148,7 +148,8 @@ Use node-argon2 instead of browser-argon2 as the second needs webassembly/emscri
+ nodeValue = value;
+ } else {
+ nodeValue = this.toNodeBuffer(value);
-+ }
+ }
+- return false;
+ return nodeValue;
+ }
+
@@ -162,8 +163,7 @@ Use node-argon2 instead of browser-argon2 as the second needs webassembly/emscri
+ buf = Utils.fromUtf8ToArray(value);
+ } else {
+ buf = value;
- }
-- return false;
++ }
+ return buf;
}
}
diff --git a/vendor.tar.zst b/vendor.tar.zst
index c6c4d1a..3e539e1 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:03166b1d87d34504dc5ca13793b9ab7db8a82f5eae5f03471c32eb9ed4f333a6
-size 23508714
+oid sha256:fb4a0a56f003de3d1140e02588e3c12395f665612c87b01bb51e2485ed9448e5
+size 24496241