The challenge-response key buffer is explicitly cleared
before the key transformation if no such key is configured
to ensure one is never injected into the hash even if the
database had a challenge-response key previously.
This patch also adds extensive tests for verifying that a
key change will not add any expired key material to the hash.
Fixes#4146
Added
- Browser: Show UI warning when entering invalid URLs [#3912]
- Browser: Option to use an entry only for HTTP auth [#3927]
Changed
- Disable the user interface when merging or saving the database [#3991]
- Ability to hide protected attribute after reveal [#3877]
- Remove mention of "snaps" in Windows and macOS [#3879]
- CLI: Merge parameter for source database key file (--key-file-from) [#3961]
- Improve GUI tests reliability on Hi-DPI displays [#4075]
- Disable deprecation warnings to allow building with Qt 5.14+ [#4075]
- OPVault: Use 'otp' attribute for TOTP field imports [#4075]
Fixed
- Fix crashes when saving a database to cloud storage [#3991]
- Fix crash when pressing enter twice while opening database [#3885]
- Fix handling of HTML when displayed in the entry preview panel [#3910]
- Fix start minimized to tray on Linux [#3899]
- Fix Auto Open with key file only databases [#4075]
- Fix escape key closing the standalone password generator [#3892]
- macOS: Fix monospace font usage in password field and notes [#4075]
- macOS: Fix building on macOS 10.9 to 10.11 [#3946]
- Fix TOTP setup dialog not closing on database lock [#4075]
- Browser: Fix condition where additional URLs are ignored [#4033]
- Browser: Fix subdomain matching to return only relevant site entries [#3854]
- Secret Service: Fix multiple crashes and incompatibilities [#3871, #4009, #4074]
- Secret Service: Fix searching of entries [#4008, #4036]
- Secret Service: Fix behavior when exposed group is recycled [#3914]
- CLI: Release the database instance before exiting interactive mode [#3889]
- Fix (most) memory leaks in tests [#3922]
* Remove deprecation warnings when not doing a DEV_BUILD. Qt 5.14 introduced several deprecation flags on basic function calls in QList and QSet that would require several #pragma ignores. Assuming this was in preparation to Qt 6.0.
* Remove unnecessary assert in PasswordEditWidget that was hit in macOS debug builds.
- Use proper model for database and session in settings page
- Fix button text (unlock/lock) not changed according to the database locking status
- Fix button icons not present on icon themes other than Breeze
- Fix the disconnect button may got clipped when new session opens
Rename 'k' to 'f' because 'k' is already used to specify the key for the target database of the merge
* Remove short -f option from keepassxc-cli.1
* Remove -f option from keepassxc-cli merge
* Add test cases covering cli options for merge
* Add functional test for merge with keys
This commit reverts #3357.
The previous PR is for the new symbol NSEventMaskKeyDown, which is
introduced in #3347. In #3794, #3347 is reverted, so the workaround
in #3357 is no longer needed. Furthermore, it causes build failures
on 10.11 (#3932) as the header file for type NSEventMask is removed
in #3794, too.
Note that this is not a complete fix. A complete patch can be found
at [1]. In MacPorts, the OS version for building a package is the same
as the OS that installs it, so #ifdef can be used to replace @available.
The latter language feature is not available until Xcode 9.
With the patch mentioned in the previous paragraph, KeePassXC 2.5.1
can be built on Mac OS X 10.9 or newer.
Ref: #2899
[1] de1bb703ad/security/KeePassXC/files/patch-old-mac.diff
This makes most tests run successfully with asan.
The GUI tests still have a bunch of leaks, some from library code, and
some that look real but which I didn't immediately manage to figure out.
* TestOpVaultReader: use QSharedPointer
* Fix#3933 and fix#3857. Interaction with entries and groups is disabled while the database is being reloaded or saved to prevent changes from occurring. Prevent the database from being reloading if an entry or group is currently being edited.
* Fix#3941 - Only notify components when the database file actually changes (determined by checksum). This prevents spurious merge requests when the file is merely touched by another service (e.g., DropBox).
* Fix code format of ElidedLabel.cpp
* Mark the database as clean after fully completing the file save operation INSTEAD of when merely writing the database to a file.
* Stop the modified timer when marking the database as clean, this prevents latent erroneous modified signals from being emitted.
* Do not restart the modified timer after a new change is detected while it is still running.
Adding a new line after the message "Evaluating database entries against HIBP file, this will take a while..." helps
to separate a report and the comment.
Added
- Add programmatic use of the EntrySearcher [#3760]
- Explicitly clear database memory upon locking even if the object is not deleted immediately [#3824]
- macOS: Add ability to perform notarization of built package [#3827]
Changed
- Reduce file hash checking to every 30 seconds to correct performance issues [#3724]
- Correct formatting of notes in entry preview widget [#3727]
- Improve performance and UX of database statistics page [#3780]
- Improve interface for key file selection to discourage use of the database file [#3807]
- Hide Auto-Type sequences column when not needed [#3794]
- macOS: Revert back to using Carbon API for hotkey detection [#3794]
- CLI: Do not show protected fields by default [#3710]
Fixed
- Secret Service: Correct issues interfacing with various applications [#3761]
- Fix building without additional features [#3693]
- Fix handling TOTP secret keys that require padding [#3764]
- Fix database unlock dialog password field focus [#3764]
- Correctly label open databases as locked on launch [#3764]
- Prevent infinite recursion when two databases AutoOpen each other [#3764]
- Browser: Fix incorrect matching of invalid URLs [#3759]
- Properly stylize the application name on Linux [#3775]
- Show application icon on Plasma Wayland sessions [#3777]
- macOS: Check for Auto-Type permissions on use instead of at launch [#3794]
