From 81e2db717063ceed6148652b16e2e9625c713796 Mon Sep 17 00:00:00 2001 From: Jonathan White Date: Tue, 27 Feb 2018 21:34:54 -0500 Subject: [PATCH 1/6] Properly rename argon2 symbols on Win32 builds --- cmake/FindArgon2.cmake | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmake/FindArgon2.cmake b/cmake/FindArgon2.cmake index c0fb53b41..bb2f5811d 100644 --- a/cmake/FindArgon2.cmake +++ b/cmake/FindArgon2.cmake @@ -21,7 +21,9 @@ if (MINGW) message(STATUS "Patching libargon2...\n") execute_process(COMMAND objcopy --redefine-sym argon2_hash=libargon2_argon2_hash + --redefine-sym _argon2_hash=_libargon2_argon2_hash --redefine-sym argon2_error_message=libargon2_argon2_error_message + --redefine-sym _argon2_error_message=_libargon2_argon2_error_message ${ARGON2_SYS_LIBRARIES} ${CMAKE_BINARY_DIR}/libargon2_patched.a WORKING_DIRECTORY ${CMAKE_BINARY_DIR}) find_library(ARGON2_LIBRARIES libargon2_patched.a PATHS ${CMAKE_BINARY_DIR} NO_DEFAULT_PATH) From 8be53e68ee3997e034372f5b5ffcc6706c9ef909 Mon Sep 17 00:00:00 2001 From: Jonathan White Date: Tue, 27 Feb 2018 21:42:57 -0500 Subject: [PATCH 2/6] Force snapcraft builds to be release builds --- snapcraft.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/snapcraft.yaml b/snapcraft.yaml index f4b906619..701174182 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -28,6 +28,7 @@ parts: - -DCMAKE_BUILD_TYPE=Release - -DCMAKE_INSTALL_PREFIX=/usr - -DKEEPASSXC_DIST_TYPE=Snap + - -DKEEPASSXC_BUILD_TYPE=Release - -DWITH_TESTS=OFF - -DWITH_XC_ALL=ON build-packages: From fae89794631803a27b28c1b44e49e35a94199a2d Mon Sep 17 00:00:00 2001 From: Thomas Klausner Date: Wed, 28 Feb 2018 16:31:21 +0100 Subject: [PATCH 3/6] Fix build on NetBSD. (#1557) * Fix build on NetBSD. --- src/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 69526967c..f7616dce6 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -175,7 +175,7 @@ if(APPLE) core/MacPasteboard.cpp ) endif() -if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux" OR ${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD") +if(UNIX AND NOT APPLE) set(keepassx_SOURCES ${keepassx_SOURCES} core/ScreenLockListenerDBus.h core/ScreenLockListenerDBus.cpp From 923d24b44874c0246e9a1f6901b60a79008b5b73 Mon Sep 17 00:00:00 2001 From: thez3ro Date: Thu, 1 Mar 2018 14:39:22 +0100 Subject: [PATCH 4/6] release build when checking out a git-tag --- CMakeLists.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7410b4e04..8684cc519 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -80,7 +80,9 @@ set_property(CACHE KEEPASSXC_BUILD_TYPE PROPERTY STRINGS Snapshot Release PreRel execute_process(COMMAND git tag --points-at HEAD WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} OUTPUT_VARIABLE GIT_TAG) -if(NOT GIT_TAG AND EXISTS ${CMAKE_SOURCE_DIR}/.version) +if(GIT_TAG) + set(OVERRIDE_VERSION ${GIT_TAG}) +elseif(EXISTS ${CMAKE_SOURCE_DIR}/.version) file(READ ${CMAKE_SOURCE_DIR}/.version OVERRIDE_VERSION) endif() From 0d4aff55bc3f778e673e3f8185a69366ee11d407 Mon Sep 17 00:00:00 2001 From: Janek Bevendorff Date: Wed, 28 Feb 2018 23:02:45 +0100 Subject: [PATCH 5/6] Don't upgrade to KDBX 4 when CustomData are present only in meta data section, resolves #1565 --- src/format/KdbxXmlWriter.cpp | 4 +--- src/format/KeePass2Writer.cpp | 44 ++++++++++++++++++++++++----------- src/format/KeePass2Writer.h | 1 + tests/TestKdbx4.cpp | 4 +++- 4 files changed, 36 insertions(+), 17 deletions(-) diff --git a/src/format/KdbxXmlWriter.cpp b/src/format/KdbxXmlWriter.cpp index 8f405aca0..a546f3171 100644 --- a/src/format/KdbxXmlWriter.cpp +++ b/src/format/KdbxXmlWriter.cpp @@ -129,9 +129,7 @@ void KdbxXmlWriter::writeMetadata() if (m_kdbxVersion < KeePass2::FILE_VERSION_4) { writeBinaries(); } - if (m_kdbxVersion >= KeePass2::FILE_VERSION_4) { - writeCustomData(m_meta->customData()); - } + writeCustomData(m_meta->customData()); m_xml.writeEndElement(); } diff --git a/src/format/KeePass2Writer.cpp b/src/format/KeePass2Writer.cpp index 68cf3af99..7d5f470df 100644 --- a/src/format/KeePass2Writer.cpp +++ b/src/format/KeePass2Writer.cpp @@ -43,6 +43,36 @@ bool KeePass2Writer::writeDatabase(const QString& filename, Database* db) return writeDatabase(&file, db); } +/** + * @return true if the database should upgrade to KDBX4. + */ +bool KeePass2Writer::implicitUpgradeNeeded(Database const* db) const +{ + if (!db->publicCustomData().isEmpty()) { + return true; + } + + for (const auto& group: db->rootGroup()->groupsRecursive(true)) { + if (group->customData() && !group->customData()->isEmpty()) { + return true; + } + + for (const auto& entry: group->entries()) { + if (entry->customData() && !entry->customData()->isEmpty()) { + return true; + } + + for (const auto& historyItem: entry->historyItems()) { + if (historyItem->customData() && !historyItem->customData()->isEmpty()) { + return true; + } + } + } + } + + return false; +} + /** * Write a database to a device in KDBX format. * @@ -55,19 +85,7 @@ bool KeePass2Writer::writeDatabase(QIODevice* device, Database* db) { m_error = false; m_errorStr.clear(); - // determine KDBX3 vs KDBX4 - bool hasCustomData = !db->publicCustomData().isEmpty() || (db->metadata()->customData() && !db->metadata()->customData()->isEmpty()); - if (!hasCustomData) { - for (const auto& entry: db->rootGroup()->entriesRecursive(true)) { - if ((entry->customData() && !entry->customData()->isEmpty()) || - (entry->group() && entry->group()->customData() && !entry->group()->customData()->isEmpty())) { - hasCustomData = true; - break; - } - } - } - - if (db->kdf()->uuid() == KeePass2::KDF_AES_KDBX3 && !hasCustomData) { + if (db->kdf()->uuid() == KeePass2::KDF_AES_KDBX3 && !implicitUpgradeNeeded(db)) { m_version = KeePass2::FILE_VERSION_3_1; m_writer.reset(new Kdbx3Writer()); } else { diff --git a/src/format/KeePass2Writer.h b/src/format/KeePass2Writer.h index 98daed5e3..f024d4a83 100644 --- a/src/format/KeePass2Writer.h +++ b/src/format/KeePass2Writer.h @@ -42,6 +42,7 @@ public: private: void raiseError(const QString& errorMessage); + bool implicitUpgradeNeeded(Database const* db) const; bool m_error = false; QString m_errorStr = ""; diff --git a/tests/TestKdbx4.cpp b/tests/TestKdbx4.cpp index 24a07aa63..08b24c47f 100644 --- a/tests/TestKdbx4.cpp +++ b/tests/TestKdbx4.cpp @@ -149,8 +149,10 @@ void TestKdbx4::testFormat400Upgrade() sourceDb->changeKdf(KeePass2::uuidToKdf(kdfUuid)); sourceDb->setCipher(cipherUuid); + // CustomData in meta should not cause any version change + sourceDb->metadata()->customData()->set("CustomPublicData", "Hey look, I turned myself into a pickle!"); if (addCustomData) { - sourceDb->metadata()->customData()->set("CustomPublicData", "Hey look, I turned myself into a pickle!"); + // this, however, should sourceDb->rootGroup()->customData()->set("CustomGroupData", "I just killed my family! I don't care who they were!"); } From 6f6a63f5e9d2449d0186c5c7633e31885c65d488 Mon Sep 17 00:00:00 2001 From: Janek Bevendorff Date: Thu, 1 Mar 2018 16:58:21 +0100 Subject: [PATCH 6/6] Re-transform key on implicit KDBX 4 upgrade to avoid losing challenge-response, resolves #1584 --- src/format/KeePass2Writer.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/format/KeePass2Writer.cpp b/src/format/KeePass2Writer.cpp index 7d5f470df..325986a33 100644 --- a/src/format/KeePass2Writer.cpp +++ b/src/format/KeePass2Writer.cpp @@ -85,7 +85,15 @@ bool KeePass2Writer::writeDatabase(QIODevice* device, Database* db) { m_error = false; m_errorStr.clear(); - if (db->kdf()->uuid() == KeePass2::KDF_AES_KDBX3 && !implicitUpgradeNeeded(db)) { + bool upgradeNeeded = implicitUpgradeNeeded(db); + if (upgradeNeeded) { + // We MUST re-transform the key, because challenge-response hashing has changed in KDBX 4. + // If we forget to re-transform, the database will be saved WITHOUT a challenge-response key component! + db->changeKdf(KeePass2::uuidToKdf(KeePass2::KDF_AES_KDBX4)); + } + + if (db->kdf()->uuid() == KeePass2::KDF_AES_KDBX3) { + Q_ASSERT(!upgradeNeeded); m_version = KeePass2::FILE_VERSION_3_1; m_writer.reset(new Kdbx3Writer()); } else {