Skip to content

Commit

Permalink
Release 2.6.4
Browse files Browse the repository at this point in the history
Added

- Automatically adapt to light/dark system theme changes (Windows/macOS only) [#6034]

Changed

- Show window title as tooltip on system tray [#5948]
- Compress Snap release as LZO for faster initial startup [#5877]
- Password generator: Set maximum selectable password length to 999 [#5937]

Fixed

- Fix crash on app close when using SSH agent [#5935]
- Fix KDF selection showing wrong item when using Argon2id [#5923]
- Automatically close About dialog on database lock if it is still open [#5947]
- Linux: Fix automatic launch at system startup with AppImages [#5901]
- Linux: Fix click-to-move on empty area activating when using menus [#5971]
- Linux: Try multiple times to show tray icon if tray is not ready yet [#5948]
- macOS: Fix KeePassXC blocking clean shutdown [#6002]
  • Loading branch information
phoerious committed Jan 31, 2021
2 parents beae186 + 3e8a195 commit 34a78f0
Show file tree
Hide file tree
Showing 70 changed files with 13,412 additions and 4,472 deletions.
3 changes: 3 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,6 @@ AppImage-Recipe.sh export-ignore
# github-linguist language hints
*.h linguist-language=C++
*.cpp linguist-language=C++

# binary files
*.ai binary
24 changes: 23 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,28 @@
# Changelog

## 2.6.3 (2020-01-12)
## 2.6.4 (2021-01-31)

### Added

- Automatically adapt to light/dark system theme changes (Windows/macOS only) [#6034]

### Changed

- Show window title as tooltip on system tray [#5948]
- Compress Snap release as LZO for faster initial startup [#5877]
- Password generator: Set maximum selectable password length to 999 [#5937]

### Fixed

- Fix crash on app close when using SSH agent [#5935]
- Fix KDF selection showing wrong item when using Argon2id [#5923]
- Automatically close About dialog on database lock if it is still open [#5947]
- Linux: Fix automatic launch at system startup with AppImages [#5901]
- Linux: Fix click-to-move on empty area activating when using menus [#5971]
- Linux: Try multiple times to show tray icon if tray is not ready yet [#5948]
- macOS: Fix KeePassXC blocking clean shutdown [#6002]

## 2.6.3 (2021-01-12)

### Added

Expand Down
2 changes: 1 addition & 1 deletion CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ endif()

set(KEEPASSXC_VERSION_MAJOR "2")
set(KEEPASSXC_VERSION_MINOR "6")
set(KEEPASSXC_VERSION_PATCH "3")
set(KEEPASSXC_VERSION_PATCH "4")
set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION_MAJOR}.${KEEPASSXC_VERSION_MINOR}.${KEEPASSXC_VERSION_PATCH}")
set(OVERRIDE_VERSION "" CACHE STRING "Override the KeePassXC Version for Snapshot builds")

Expand Down
23 changes: 21 additions & 2 deletions docs/topics/DatabaseOperations.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ NOTE: You can disable the recycle bin within the Database Settings. If the recyc
Creating a clone of an entry provides you a ready-to-use template for creating new entries with similar details of a master entry.

To create a clone of an existing entry, perform the following steps:

1. Right-click on the entry for which you want to create a clone and select _Clone Entry_. Alternatively, select the desired entry and press `Ctrl+K`.
+
.Clone entry from context menu
Expand All @@ -127,7 +127,7 @@ image::clone_entry_references.png[]
Where `<UUID>` is the Unique Identifier of the entry to pull data from and `<ShortCode>` is from the following:
+
* T - Title
* U - Username
* U - Username
* P - Password
* A - URL
* N - Notes
Expand Down Expand Up @@ -288,6 +288,8 @@ image::database_security.png[]
.Database credentials
image::database_security_credentials.png[]

WARNING: Consider creating a backup of your YubiKey. Please refer to <<Creating a YubiKey backup>>

5. Encryption settings allows you to change the average time it takes to encrypt and decrypt the database. The longer time that is chosen, the harder it will be to brute force attack your database. *We recommend a setting of one second.*
+
.Database encryption
Expand All @@ -305,6 +307,23 @@ The following key derivation functions are supported:
* AES-KDF (KDBX 4 and KDBX 3.1): This key derivation function is based on iterating AES. Users can change the number of iterations. The more iterations, the harder are dictionary and guessing attacks, but also database loading/saving takes more time (linearly). KDBX 3.1 only supports AES-KDF; any other key derivation function, like for instance Argon2, requires KDBX 4.

* Argon2 (KDBX 4 - recommended): KDBX 4, the Argon2 key derivation function can be used for transforming the composite master key (as protection against dictionary attacks). The main advantage of Argon2 over AES-KDF is that it provides a better resistance against GPU/ASIC attacks (due to being a memory-hard function). The number of iterations scales linearly with the required time. By increasing the memory parameter, GPU/ASIC attacks become harder (and the required time increases). The parallelism parameter can be used to specify how many threads should be used.

=== Creating a YubiKey backup
It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown:

1. Create a 20 byte HMAC key:
+
```
dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40
```

2. Write the HMAC key to slot 2 _(Set through the first switch. Out of the box the YubiKey OTP resides in slot 1)_:
+
```
ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update
```

You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat both steps for your second YubiKey. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key.
// end::advanced[]

== Storing a Database File
Expand Down
13 changes: 12 additions & 1 deletion release-tool
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ ORIG_BRANCH=""
ORIG_CWD="$(pwd)"
MACOSX_DEPLOYMENT_TARGET=10.12
GREP="grep"
TIMESTAMP_SERVER="http://timestamp.sectigo.com"

# -----------------------------------------------------------------------
# helper functions
Expand Down Expand Up @@ -113,6 +114,7 @@ Options:
--appimage Build a Linux AppImage after compilation.
If this option is set, --install-prefix has no effect
--appsign Perform platform specific App Signing before packaging
--timestamp Explicitly set the timestamp server to use for appsign (default: '${TIMESTAMP_SERVER}')
-k, --key Specify the App Signing Key/Identity
-c, --cmake-options Additional CMake options for compiling the sources
--compiler Compiler to use (default: '${COMPILER}')
Expand Down Expand Up @@ -144,6 +146,7 @@ Options:
-f, --files Files to sign (required)
-k, --key, -i, --identity
Signing Key or Apple Developer ID (required)
--timestamp Explicitly set the timestamp server to use for appsign (default: '${TIMESTAMP_SERVER}')
-u, --username Apple username for notarization (required on macOS)
-c, --keychain Apple keychain entry name storing the notarization
app password (default: 'AC_PASSWORD')
Expand Down Expand Up @@ -484,6 +487,10 @@ merge() {
GPG_GIT_KEY="$2"
shift ;;

--timestamp)
TIMESTAMP_SERVER="$2"
shift ;;

-r|--release-branch)
SOURCE_BRANCH="$2"
shift ;;
Expand Down Expand Up @@ -800,6 +807,10 @@ build() {
--appsign)
build_appsign=true ;;

--timestamp)
TIMESTAMP_SERVER="$2"
shift ;;

-k|--key)
build_key="$2"
shift ;;
Expand Down Expand Up @@ -1301,7 +1312,7 @@ appsign() {
# osslsigncode does not succeed at signing MSI files at this time...
logInfo "Signing file '${f}' using Microsoft signtool..."
signtool sign -f "${key}" -p "${password}" -d "KeePassXC" -td sha256 \
-fd sha256 -tr "http://timestamp.comodoca.com/authenticode" "${f}"
-fd sha256 -tr "${TIMESTAMP_SERVER}" "${f}"

if [ 0 -ne $? ]; then
exitError "Signing failed!"
Expand Down
17 changes: 17 additions & 0 deletions share/linux/org.keepassxc.KeePassXC.appdata.xml
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,23 @@
</screenshots>

<releases>
<release version="2.6.4" date="2021-01-31">
<description>
<ul>
<li>Automatically adapt to light/dark system theme changes (Windows/macOS only) [#6034]</li>
<li>Show window title as tooltip on system tray [#5948]</li>
<li>Compress Snap release as LZO for faster initial startup [#5877]</li>
<li>Password generator: Set maximum selectable password length to 999 [#5937]</li>
<li>Fix crash on app close when using SSH agent [#5935]</li>
<li>Fix KDF selection showing wrong item when using Argon2id [#5923]</li>
<li>Automatically close About dialog on database lock if it is still open [#5947]</li>
<li>Linux: Fix automatic launch at system startup with AppImages [#5901]</li>
<li>Linux: Fix click-to-move on empty area activating when using menus [#5971]</li>
<li>Linux: Try multiple times to show tray icon if tray is not ready yet [#5948]</li>
<li>macOS: Fix KeePassXC blocking clean shutdown [#6002]</li>
</ul>
</description>
</release>
<release version="2.6.3" date="2021-01-12">
<description>
<ul>
Expand Down
Loading

0 comments on commit 34a78f0

Please sign in to comment.