Hello community,
here is the log from the commit of package kwallet for openSUSE:Factory checked in at 2014-04-02 17:22:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kwallet (Old)
and /work/SRC/openSUSE:Factory/.kwallet.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kwallet"
Changes:
--------
--- /work/SRC/openSUSE:Factory/kwallet/kwallet.changes 2014-03-10 12:17:53.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.kwallet.new/kwallet.changes 2014-04-02 17:22:40.000000000 +0200
@@ -1,0 +2,10 @@
+Sat Mar 29 19:47:53 UTC 2014 - hrvoje.senjan@gmail.com
+
+- Update to 4.98.0
+ * API improvements and cleanups
+ * Buildsystem fixes
+ * For more details please see:
+ http://www.kde.org/announcements/announce-frameworks5-beta1.php
+- Added libgcrypt-devel >= 1.5.0 BuildRequires
+
+-------------------------------------------------------------------
Old:
----
kwallet-4.97.0.tar.xz
New:
----
kwallet-4.98.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kwallet.spec ++++++
--- /var/tmp/diff_new_pack.QW1Cgc/_old 2014-04-02 17:22:41.000000000 +0200
+++ /var/tmp/diff_new_pack.QW1Cgc/_new 2014-04-02 17:22:41.000000000 +0200
@@ -18,10 +18,10 @@
%define lname libKF5Wallet5
Name: kwallet
-Version: 4.97.0
+Version: 4.98.0
Release: 0
BuildRequires: cmake >= 2.8.12
-BuildRequires: extra-cmake-modules >= 0.0.11
+BuildRequires: extra-cmake-modules >= 0.0.12
BuildRequires: fdupes
BuildRequires: kconfig-devel >= %{_kf5_version}
BuildRequires: kcoreaddons-devel >= %{_kf5_version}
@@ -33,6 +33,7 @@
BuildRequires: kservice-devel >= %{_kf5_version}
BuildRequires: kwidgetsaddons-devel >= %{_kf5_version}
BuildRequires: kwindowsystem-devel >= %{_kf5_version}
+BuildRequires: libgcrypt-devel >= 1.5.0
BuildRequires: pkgconfig(Qt5DBus) >= 5.2.0
BuildRequires: pkgconfig(Qt5Test) >= 5.2.0
BuildRequires: pkgconfig(Qt5Widgets) >= 5.2.0
@@ -120,6 +121,7 @@
%{_kf5_servicesdir}/kwalletd5.desktop
%{_kf5_datadir}/kwalletd/
%{_kf5_datadir}/dbus-1/services/org.kde.kwalletd5.service
+%{_kf5_datadir}/kconf_update/
%files -n %lname
%defattr(-,root,root)
++++++ kwallet-4.97.0.tar.xz -> kwallet-4.98.0.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/.reviewboardrc new/kwallet-4.98.0/.reviewboardrc
--- old/kwallet-4.97.0/.reviewboardrc 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/.reviewboardrc 2014-03-29 08:12:43.000000000 +0100
@@ -1,4 +1,4 @@
REVIEWBOARD_URL = "https://git.reviewboard.kde.org"
-REPOSITORY = 'git://anongit.kde.org/kwallet-framework'
+REPOSITORY = 'git://anongit.kde.org/kwallet'
BRANCH = 'master'
TARGET_GROUPS = 'kdeframeworks'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/CMakeLists.txt new/kwallet-4.98.0/CMakeLists.txt
--- old/kwallet-4.97.0/CMakeLists.txt 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/CMakeLists.txt 2014-03-29 08:12:43.000000000 +0100
@@ -1,23 +1,29 @@
cmake_minimum_required(VERSION 2.8.12)
-find_package(ECM 0.0.11 REQUIRED NO_MODULE)
+find_package(ECM 0.0.12 REQUIRED NO_MODULE)
-set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR})
+set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
set(REQUIRED_QT_VERSION 5.2.0)
find_package(Qt5 ${REQUIRED_QT_VERSION} CONFIG REQUIRED Widgets DBus)
-set(KF5_VERSION "4.97.0")
+set(KF5_VERSION "4.98.0")
include(KDEInstallDirs)
include(KDEFrameworkCompilerSettings)
include(KDECMakeSettings)
+include(FeatureSummary)
option(BUILD_KWALLETD "Build the kwallet daemon" ON)
+find_package(LibGcrypt 1.5.0 REQUIRED QUIET)
+set_package_properties(LibGcrypt PROPERTIES DESCRIPTION "Libgcrypt is a general purpose cryptographic library based on the code from GnuPG."
+ URL "http://www.gnu.org/software/libgcrypt/"
+ TYPE REQUIRED
+ PURPOSE "kwalletd needs libgcrypt to perform PBKDF2-SHA512 hashing"
+ )
+
add_subdirectory(src)
add_subdirectory(autotests)
add_subdirectory(tests)
-if ("${CMAKE_BINARY_DIR}" STREQUAL "${CMAKE_CURRENT_BINARY_DIR}")
- feature_summary(WHAT ALL FATAL_ON_MISSING_REQUIRED_PACKAGES)
-endif()
+feature_summary(WHAT ALL FATAL_ON_MISSING_REQUIRED_PACKAGES)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/cmake/FindLibGcrypt.cmake new/kwallet-4.98.0/cmake/FindLibGcrypt.cmake
--- old/kwallet-4.97.0/cmake/FindLibGcrypt.cmake 1970-01-01 01:00:00.000000000 +0100
+++ new/kwallet-4.98.0/cmake/FindLibGcrypt.cmake 2014-03-29 08:12:43.000000000 +0100
@@ -0,0 +1,61 @@
+
+# - Try to find the Gcrypt library
+# Once run this will define
+#
+# LIBGCRYPT_FOUND - set if the system has the gcrypt library
+# LIBGCRYPT_CFLAGS - the required gcrypt compilation flags
+# LIBGCRYPT_LIBRARIES - the linker libraries needed to use the gcrypt library
+#
+# Copyright (c) 2006 Brad Hards
+#
+# Redistribution and use is allowed according to the terms of the BSD license.
+# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+
+# libgcrypt is moving to pkg-config, but earlier version don't have it
+
+if(NOT LibGcrypt_FIND_VERSION)
+ set(LibGcrypt_FIND_VERSION "1.5.0")
+endif()
+
+#search in typical paths for libgcrypt-config
+FIND_PROGRAM(LIBGCRYPTCONFIG_EXECUTABLE NAMES libgcrypt-config)
+
+#reset variables
+set(LIBGCRYPT_LIBRARIES)
+set(LIBGCRYPT_CFLAGS)
+
+# if libgcrypt-config has been found
+IF(LIBGCRYPTCONFIG_EXECUTABLE)
+
+ # workaround for MinGW/MSYS
+ # CMake can't starts shell scripts on windows so it need to use sh.exe
+ EXECUTE_PROCESS(COMMAND sh ${LIBGCRYPTCONFIG_EXECUTABLE} --libs RESULT_VARIABLE _return_VALUE OUTPUT_VARIABLE LIBGCRYPT_LIBRARIES OUTPUT_STRIP_TRAILING_WHITESPACE)
+ EXECUTE_PROCESS(COMMAND sh ${LIBGCRYPTCONFIG_EXECUTABLE} --cflags RESULT_VARIABLE _return_VALUE OUTPUT_VARIABLE LIBGCRYPT_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
+ EXECUTE_PROCESS(COMMAND sh ${LIBGCRYPTCONFIG_EXECUTABLE} --version RESULT_VARIABLE _return_VALUEVersion OUTPUT_VARIABLE LIBGCRYPT_VERSION OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+ IF(NOT LIBGCRYPT_CFLAGS AND NOT _return_VALUE)
+ SET(LIBGCRYPT_CFLAGS " ")
+ ENDIF(NOT LIBGCRYPT_CFLAGS AND NOT _return_VALUE)
+
+ IF(LIBGCRYPT_LIBRARIES AND LIBGCRYPT_CFLAGS)
+ SET(LIBGCRYPT_FOUND TRUE)
+ ENDIF(LIBGCRYPT_LIBRARIES AND LIBGCRYPT_CFLAGS)
+
+ if(LIBGCRYPT_VERSION VERSION_LESS ${LibGcrypt_FIND_VERSION})
+ message(WARNING "libgcrypt found but version is less than required, Found ${LIBGCRYPT_VERSION} Required ${LibGcrypt_FIND_VERSION}")
+ SET(LIBGCRYPT_FOUND FALSE)
+ endif()
+
+ENDIF(LIBGCRYPTCONFIG_EXECUTABLE)
+
+if (LIBGCRYPT_FOUND)
+ if (NOT LibGcrypt_FIND_QUIETLY)
+ message(STATUS "Found libgcrypt: ${LIBGCRYPT_LIBRARIES}")
+ endif (NOT LibGcrypt_FIND_QUIETLY)
+else (LIBGCRYPT_FOUND)
+ if (LibGcrypt_FIND_REQUIRED)
+ message(WARNING "Could not find libgcrypt libraries")
+ endif (LibGcrypt_FIND_REQUIRED)
+endif (LIBGCRYPT_FOUND)
+
+MARK_AS_ADVANCED(LIBGCRYPT_CFLAGS LIBGCRYPT_LIBRARIES)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/api/KWallet/KF5WalletConfig.cmake.in new/kwallet-4.98.0/src/api/KWallet/KF5WalletConfig.cmake.in
--- old/kwallet-4.97.0/src/api/KWallet/KF5WalletConfig.cmake.in 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/api/KWallet/KF5WalletConfig.cmake.in 2014-03-29 08:12:43.000000000 +0100
@@ -5,6 +5,7 @@
find_dependency(Qt5Core @REQUIRED_QT_VERSION@)
+set(KWALLET_DBUS_INTERFACES_DIR "${PACKAGE_PREFIX_DIR}/@DBUS_INTERFACES_INSTALL_DIR@")
include("${CMAKE_CURRENT_LIST_DIR}/KF5WalletTargets.cmake")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/api/KWallet/kwallet.h new/kwallet-4.98.0/src/api/KWallet/kwallet.h
--- old/kwallet-4.97.0/src/api/KWallet/kwallet.h 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/api/KWallet/kwallet.h 2014-03-29 08:12:43.000000000 +0100
@@ -189,7 +189,7 @@
/**
* Request to the wallet service to change the password of
* the wallet @p name.
- * @param name The the wallet to change the password of.
+ * @param name The wallet to change the password of.
* @param w The window id to associate any dialogs with. You can pass
* 0 if you don't have a window the password dialog should
* associate with.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/CMakeLists.txt new/kwallet-4.98.0/src/runtime/kwalletd/CMakeLists.txt
--- old/kwallet-4.97.0/src/runtime/kwalletd/CMakeLists.txt 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/CMakeLists.txt 2014-03-29 08:12:43.000000000 +0100
@@ -102,4 +102,5 @@
install( FILES kwalletd5.desktop DESTINATION ${SERVICES_INSTALL_DIR} )
install( FILES kwalletd.notifyrc DESTINATION ${DATA_INSTALL_DIR}/kwalletd )
+install( FILES kwallet-4.13.upd DESTINATION ${DATA_INSTALL_DIR}/kconf_update)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/Messages.sh new/kwallet-4.98.0/src/runtime/kwalletd/Messages.sh
--- old/kwallet-4.97.0/src/runtime/kwalletd/Messages.sh 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/Messages.sh 2014-03-29 08:12:43.000000000 +0100
@@ -1,3 +1,3 @@
#! /usr/bin/env bash
$EXTRACTRC `find . -name \*.ui` >> rc.cpp || exit 11
-$XGETTEXT `find . -name "*.cpp" -o -name "*.cc" | grep -v "/tests"` -o $podir/kwalletd.pot
+$XGETTEXT `find . -name "*.cpp" -o -name "*.cc" | grep -v "/tests"` -o $podir/kwalletd5.pot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/backend/CMakeLists.txt new/kwallet-4.98.0/src/runtime/kwalletd/backend/CMakeLists.txt
--- old/kwallet-4.97.0/src/runtime/kwalletd/backend/CMakeLists.txt 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/backend/CMakeLists.txt 2014-03-29 08:12:43.000000000 +0100
@@ -41,7 +41,7 @@
ecm_setup_version(${KF5_VERSION} VARIABLE_PREFIX KWALLETBACKEND SOVERSION 5)
-target_link_libraries(kwalletbackend5 Qt5::Widgets KF5::WidgetsAddons KF5::CoreAddons KF5::Notifications KF5::I18n)
+target_link_libraries(kwalletbackend5 Qt5::Widgets KF5::WidgetsAddons KF5::CoreAddons KF5::Notifications KF5::I18n ${LIBGCRYPT_LIBRARIES})
if(QGPGME_FOUND)
target_link_libraries(kwalletbackend5 ${QGPGME_LIBRARIES} )
endif(QGPGME_FOUND)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/backend/backendpersisthandler.cpp new/kwallet-4.98.0/src/runtime/kwalletd/backend/backendpersisthandler.cpp
--- old/kwallet-4.97.0/src/runtime/kwalletd/backend/backendpersisthandler.cpp 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/backend/backendpersisthandler.cpp 2014-03-29 08:12:43.000000000 +0100
@@ -51,6 +51,7 @@
#define KWALLET_HASH_SHA1 0
#define KWALLET_HASH_MD5 1 // unsupported
+#define KWALLET_HASH_PBKDF2_SHA512 2 // used when using kwallet with pam or since 4.13 version
namespace KWallet {
@@ -169,7 +170,7 @@
BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12])
{
if (magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC &&
- magicBuf[3] == KWALLET_HASH_SHA1) {
+ (magicBuf[3] == KWALLET_HASH_SHA1 || magicBuf[3] == KWALLET_HASH_PBKDF2_SHA512)) {
if (0 == blowfishHandler)
blowfishHandler = new BlowfishPersistHandler;
return blowfishHandler;
@@ -190,7 +191,12 @@
assert(wb->_cipherType == BACKEND_CIPHER_BLOWFISH);
version[2] = KWALLET_CIPHER_BLOWFISH_CBC;
- version[3] = KWALLET_HASH_SHA1;
+ if(!wb->_useNewHash) {
+ version[3] = KWALLET_HASH_SHA1;
+ } else {
+ version[3] = KWALLET_HASH_PBKDF2_SHA512;//Since 4.13 we always use PBKDF2_SHA512
+ }
+
if (sf.write(version) != 4) {
sf.cancelWriting();
return -4; // write error
@@ -497,14 +503,14 @@
qDebug() << "initGpgME returned " << err.code();
KMessageBox::errorWId( w, i18n("<qt>Error when attempting to initialize OpenPGP while attempting to save the wallet <b>%1</b>. Error code is <b>%2</b>. Please fix your system configuration, then try again!</qt>", Qt::escape(wb->_name), err.code()));
sf.cancelWriting();
- return -1;
+ return -5;
}
boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
if (0 == ctx) {
qDebug() << "Cannot setup OpenPGP context!";
KMessageBox::errorWId(w, i18n("<qt>Error when attempting to initialize OpenPGP while attempting to save the wallet <b>%1</b>. Please fix your system configuration, then try again!</qt>"), Qt::escape(wb->_name));
- return -1;
+ return -6;
}
assert(wb->_cipherType == BACKEND_CIPHER_GPG);
@@ -558,7 +564,7 @@
Qt::escape(wb->_name), gpgerr, gpgme_strerror(gpgerr)));
qDebug() << "GpgME encryption error: " << res.error().code();
sf.cancelWriting();
- return -1;
+ return -7;
}
char buffer[4096];
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/backend/kwalletbackend.cc new/kwallet-4.98.0/src/runtime/kwalletd/backend/kwalletbackend.cc
--- old/kwallet-4.97.0/src/runtime/kwalletd/backend/kwalletbackend.cc 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/backend/kwalletbackend.cc 2014-03-29 08:12:43.000000000 +0100
@@ -23,10 +23,10 @@
#include
#include <QSaveFile>
-//#include
#ifdef HAVE_QGPGME
#include
#endif
+#include
#include <KNotification>
#include <KLocalizedString>
@@ -52,8 +52,7 @@
#endif
#define KWALLET_VERSION_MAJOR 0
-#define KWALLET_VERSION_MINOR 0
-
+#define KWALLET_VERSION_MINOR 1
using namespace KWallet;
@@ -68,7 +67,12 @@
// KGlobal::dirs()->addResourceType("kwallet", 0, "share/apps/kwallet");
// }
-Backend::Backend(const QString& name, bool isPath) : d(0), _name(name), _ref(0), _cipherType(KWallet::BACKEND_CIPHER_UNKNOWN) {
+Backend::Backend(const QString& name, bool isPath)
+ : d(0),
+ _name(name),
+ _useNewHash(false),
+ _ref(0),
+ _cipherType(KWallet::BACKEND_CIPHER_UNKNOWN) {
// initKWalletDir();
if (isPath) {
_path = name;
@@ -109,6 +113,34 @@
_cipherType = ct;
}
+static int password2PBKDF2_SHA512(const QByteArray &password, QByteArray& hash, const QByteArray &salt)
+{
+ if (!gcry_check_version("1.5.0")) {
+ printf("libcrypt version is too old \n");
+ return GPG_ERR_USER_2;
+ }
+
+ gcry_error_t error;
+ bool static gcry_secmem_init = false;
+ if (!gcry_secmem_init) {
+ error = gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0);
+ if (error != 0) {
+ qWarning() << "Can't get secure memory:" << error;
+ return error;
+ }
+ gcry_secmem_init = true;
+ }
+
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+
+ error = gcry_kdf_derive(password.constData(), password.size(),
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA512,
+ salt.data(), salt.size(),
+ PBKDF2_SHA512_ITERATIONS, PBKDF2_SHA512_KEYSIZE, hash.data());
+
+ return error;
+}
+
// this should be SHA-512 for release probably
static int password2hash(const QByteArray& password, QByteArray& hash) {
SHA1 sha;
@@ -279,6 +311,9 @@
}
_passhash = passwordHash;
+ _newPassHash = passwordHash;
+ _useNewHash = true;//Only new hash is supported
+
return openInternal();
}
@@ -294,10 +329,8 @@
}
newfile.close();
_open = true;
- if (sync(w)) {
+ if (sync(w) != 0) {
return -2;
- } else {
- return 1; // new file opened, but OK
}
}
@@ -320,9 +353,14 @@
return -4; // unknown version
}
- if (magicBuf[1] != KWALLET_VERSION_MINOR) {
- return -4; // unknown version
- }
+ //0 has been the MINOR version until 4.13, from that point we use it to upgrade the hash
+ if (magicBuf[1] == 1) {
+ qDebug() << "Wallet new enough, using new hash";
+ swapToNewHash();
+ } else if (magicBuf[1] != 0){
+ qDebug() << "Wallet is old, sad panda :(";
+ return -4; // unknown version
+ }
BackendPersistHandler *phandler = BackendPersistHandler::getPersistHandler(magicBuf);
if (0 == phandler){
@@ -331,6 +369,38 @@
return phandler->read(this, db, w);
}
+void Backend::swapToNewHash()
+{
+ //Runtime error happened and we can't use the new hash
+ if (!_useNewHash) {
+ qDebug() << "Runtime error on the new hash";
+ return;
+ }
+ _passhash.fill(0);//Making sure the old passhash is not around in memory
+ _passhash = _newPassHash;//Use the new hash, means the wallet is modern enough
+}
+
+QByteArray Backend::createAndSaveSalt(const QString& path) const
+{
+ QFile saltFile(path);
+ saltFile.remove();
+
+ if (!saltFile.open(QIODevice::WriteOnly)) {
+ return QByteArray();
+ }
+
+ char *randomData = (char*) gcry_random_bytes(PBKDF2_SHA512_SALTSIZE, GCRY_STRONG_RANDOM);
+ QByteArray salt(randomData, PBKDF2_SHA512_SALTSIZE);
+ free(randomData);
+
+ if (saltFile.write(salt) != PBKDF2_SHA512_SALTSIZE) {
+ return QByteArray();
+ }
+
+ saltFile.close();
+
+ return salt;
+}
int Backend::sync(WId w) {
if (!_open) {
@@ -352,7 +422,14 @@
// Write the version number
QByteArray version(4, 0);
version[0] = KWALLET_VERSION_MAJOR;
- version[1] = KWALLET_VERSION_MINOR;
+ if (_useNewHash) {
+ version[1] = KWALLET_VERSION_MINOR;
+ //Use the sync to update the hash to PBKDF2_SHA512
+ swapToNewHash();
+ } else {
+ version[1] = 0; //was KWALLET_VERSION_MINOR before the new hash
+ }
+
BackendPersistHandler *phandler = BackendPersistHandler::getPersistHandler(_cipherType);
if (0 == phandler) {
@@ -389,6 +466,7 @@
// empty the password hash
_passhash.fill(0);
+ _newPassHash.fill(0);
_open = false;
@@ -593,7 +671,27 @@
BlowFish _bf;
CipherBlockChain bf(&_bf);
_passhash.resize(bf.keyLen()/8);
+ _newPassHash.resize(bf.keyLen()/8);
+ _newPassHash.fill(0);
+
password2hash(password, _passhash);
+
+ QByteArray salt;
+ QFile saltFile(getSaveLocation() + QDir::separator() + _name + ".salt");
+ if (!saltFile.exists() || saltFile.size() == 0) {
+ salt = createAndSaveSalt(saltFile.fileName());
+ } else {
+ if (!saltFile.open(QIODevice::ReadOnly)) {
+ salt = createAndSaveSalt(saltFile.fileName());
+ } else {
+ salt = saltFile.readAll();
+ }
+ }
+
+ if (!salt.isEmpty() && password2PBKDF2_SHA512(password, _newPassHash, salt) == 0) {
+ qDebug() << "Setting useNewHash to true";
+ _useNewHash = true;
+ }
}
#ifdef HAVE_QGPGME
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/backend/kwalletbackend.h new/kwallet-4.98.0/src/runtime/kwalletd/backend/kwalletbackend.h
--- old/kwallet-4.97.0/src/runtime/kwalletd/backend/kwalletbackend.h 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/backend/kwalletbackend.h 2014-03-29 08:12:43.000000000 +0100
@@ -33,6 +33,10 @@
#include
#endif // HAVE_QGPGME
+#define PBKDF2_SHA512_KEYSIZE 56
+#define PBKDF2_SHA512_SALTSIZE 56
+#define PBKDF2_SHA512_ITERATIONS 50000
+
namespace KWallet {
/**
@@ -169,6 +173,7 @@
QString _name;
QString _path;
bool _open;
+ bool _useNewHash;
QString _folder;
int _ref;
// Map Folder->Entries
@@ -178,6 +183,7 @@
typedef QMap HashMap;
HashMap _hashes;
QByteArray _passhash; // password hash used for saving the wallet
+ QByteArray _newPassHash; //Modern hash using KWALLET_HASH_PBKDF2_SHA512
BackendCipherType _cipherType; // the kind of encryption used for this wallet
#ifdef HAVE_QGPGME
GpgME::Key _gpgKey;
@@ -188,6 +194,8 @@
// open the wallet with the password already set. This is
// called internally by both open and openPreHashed.
int openInternal(WId w=0);
+ void swapToNewHash();
+ QByteArray createAndSaveSalt(const QString &path) const;
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kbetterthankdialog.cpp new/kwallet-4.98.0/src/runtime/kwalletd/kbetterthankdialog.cpp
--- old/kwallet-4.97.0/src/runtime/kwalletd/kbetterthankdialog.cpp 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/kbetterthankdialog.cpp 2014-03-29 08:12:43.000000000 +0100
@@ -1,19 +1,18 @@
/* This file is part of the KDE libraries
Copyright (C) 2004 George Staikos
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
- This program is distributed in the hope that it will be useful,
+ This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library. If not, see http://www.gnu.org/licenses/.
*/
#include "kbetterthankdialog.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kbetterthankdialog.h new/kwallet-4.98.0/src/runtime/kwalletd/kbetterthankdialog.h
--- old/kwallet-4.97.0/src/runtime/kwalletd/kbetterthankdialog.h 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/kbetterthankdialog.h 2014-03-29 08:12:43.000000000 +0100
@@ -1,19 +1,18 @@
/* This file is part of the KDE libraries
Copyright (C) 2004 George Staikos
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
- This program is distributed in the hope that it will be useful,
+ This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library. If not, see http://www.gnu.org/licenses/.
*/
#ifndef KBETTERTHANKDIALOG_H
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/knewwalletdialog.cpp new/kwallet-4.98.0/src/runtime/kwalletd/knewwalletdialog.cpp
--- old/kwallet-4.97.0/src/runtime/kwalletd/knewwalletdialog.cpp 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/knewwalletdialog.cpp 2014-03-29 08:12:43.000000000 +0100
@@ -143,7 +143,7 @@
GpgME::Key k = _ctx->nextKey(err);
if (err)
break;
- if (!k.isInvalid() && k.canEncrypt()) {
+ if (!k.isInvalid() && k.canEncrypt() && (k.ownerTrust() == GpgME::Key::Ultimate)) {
keys.push_back(k);
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/knewwalletdialoggpg.ui new/kwallet-4.98.0/src/runtime/kwalletd/knewwalletdialoggpg.ui
--- old/kwallet-4.97.0/src/runtime/kwalletd/knewwalletdialoggpg.ui 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/knewwalletdialoggpg.ui 2014-03-29 08:12:43.000000000 +0100
@@ -19,6 +19,13 @@
</widget>
</item>
<item>
+ <widget class="QLabel" name="label_2">
+ <property name="text">
+ <string><html><head/><body><p><span style=" font-weight:600;">NOTE:</span> this list shows only "ultimate-level" trusted keys</p></body></html></string>
+ </property>
+ </widget>
+ </item>
+ <item>
<widget class="QTableWidget" name="listCertificates">
<property name="showDropIndicator" stdset="0">
<bool>false</bool>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwallet-4.13.upd new/kwallet-4.98.0/src/runtime/kwalletd/kwallet-4.13.upd
--- old/kwallet-4.97.0/src/runtime/kwalletd/kwallet-4.13.upd 1970-01-01 01:00:00.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/kwallet-4.13.upd 2014-03-29 08:12:43.000000000 +0100
@@ -0,0 +1,5 @@
+# We changed the default in 4.13
+Id=kde4.13
+File=kwalletrc
+Group=Wallet
+RemoveKey=Launch Manager
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletd.cpp new/kwallet-4.98.0/src/runtime/kwalletd/kwalletd.cpp
--- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletd.cpp 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletd.cpp 2014-03-29 08:12:43.000000000 +0100
@@ -33,6 +33,7 @@
#include
#include
+#include
#include
#include
#include
@@ -1453,7 +1454,7 @@
KConfigGroup walletGroup(&cfg, "Wallet");
_firstUse = walletGroup.readEntry("First Use", true);
_enabled = walletGroup.readEntry("Enabled", true);
- _launchManager = walletGroup.readEntry("Launch Manager", true);
+ _launchManager = walletGroup.readEntry("Launch Manager", false);
_leaveOpen = walletGroup.readEntry("Leave Open", false);
bool idleSave = _closeIdle;
_closeIdle = walletGroup.readEntry("Close When Idle", false);
@@ -1619,50 +1620,59 @@
int KWalletD::pamOpen(const QString &wallet, const QByteArray &passwordHash, int sessionTimeout)
{
- // don't do anything if transactions are already being processed!
- if (_processing) {
- return -1;
- }
-
- // check if the wallet is already open
- QPair walletInfo = findWallet(wallet);
- int rc = walletInfo.first;
- if (rc == -1) {
- if (_wallets.count() > 20) {
- qDebug() << "Too many wallets open.";
- return -1;
- }
-
- if (!QRegExp("^[\\w\\^\\&\\'\\@\\{\\}\\[\\]\\,\\$\\=\\!\\-\\#\\(\\)\\%\\.\\+\\_\\s]+$").exactMatch(wallet) ||
- !KWallet::Backend::exists(wallet)) {
- return -1;
- }
-
- KWallet::Backend *b = new KWallet::Backend(wallet);
- int openrc = b->openPreHashed(passwordHash);
- if (openrc == 0 && b->isOpen()) {
- // opening the wallet was successful
- int handle = generateHandle();
- _wallets.insert(handle, b);
- _syncTimers.addTimer(handle, _syncTime);
-
- // don't reference the wallet or add a session so it
- // can be reclosed easily.
-
- if (sessionTimeout > 0) {
- _closeTimers.addTimer(handle, sessionTimeout);
- } else if (_closeIdle) {
- _closeTimers.addTimer(handle, _idleTime);
- }
- emit walletOpened(wallet);
- if (_wallets.count() == 1 && _launchManager) {
- KToolInvocation::startServiceByDesktopName("kwalletmanager-kwalletd");
- }
- return handle;
- }
- }
+ if (_processing) {
+ return -1;
+ }
+
+ if (!QRegExp("^[\\w\\^\\&\\'\\@\\{\\}\\[\\]\\,\\$\\=\\!\\-\\#\\(\\)\\%\\.\\+\\_\\s]+$").exactMatch(wallet)) {
+ return -1;
+ }
+
+ // check if the wallet is already open
+ QPair walletInfo = findWallet(wallet);
+ int rc = walletInfo.first;
+ if (rc != -1) {
+ return rc;//Wallet already opened, return handle
+ }
+
+ KWallet::Backend *b = 0;
+ //If the wallet we want to open does not exists. create it and set pam hash
+ if (!wallets().contains(wallet)) {
+ b = new KWallet::Backend(wallet);
+ b->setCipherType(KWallet::BACKEND_CIPHER_BLOWFISH);
+ } else {
+ b = new KWallet::Backend(wallet);
+ }
+
+ if (_wallets.count() > 20) {
+ return -1;
+ }
+
+ int openrc = b->openPreHashed(passwordHash);
+ if (openrc != 0 || !b->isOpen()) {
+ return -1;
+ }
+
+ // opening the wallet was successful
+ int handle = generateHandle();
+ _wallets.insert(handle, b);
+ _syncTimers.addTimer(handle, _syncTime);
+
+ // don't reference the wallet or add a session so it
+ // can be reclosed easily.
+
+ if (sessionTimeout > 0) {
+ _closeTimers.addTimer(handle, sessionTimeout);
+ } else if (_closeIdle) {
+ _closeTimers.addTimer(handle, _idleTime);
+ }
+ emit walletOpened(wallet);
+
+ if (_wallets.count() == 1 && _launchManager) {
+ KToolInvocation::startServiceByDesktopName("kwalletmanager-kwalletd");
+ }
- return -1;
+ return handle;
}
#include "kwalletd.moc"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletd.notifyrc new/kwallet-4.98.0/src/runtime/kwalletd/kwalletd.notifyrc
--- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletd.notifyrc 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletd.notifyrc 2014-03-29 08:12:43.000000000 +0100
@@ -306,15 +306,18 @@
Name[hu]=A szinkronizálás meghiúsult
Name[ia]=Il falleva synchronisar
Name[kk]=Қадамдастыру жаңылды
+Name[ko]=동기화 실패
Name[lt]=Sinchronizavimas nepavyko
Name[nb]=Synkronisering mislyktes
Name[nds]=Synkroniseren is fehlslaan
Name[nl]=Synchronisatie mislukt
Name[nn]=Feil ved synkronisering
+Name[pa]=ਸਿੰਕ ਫੇਲ੍ਹ ਹੈ
Name[pl]=Nieudana synchronizacja
Name[pt]=A Sincronização Falhou
Name[pt_BR]=Falha na sincronização
Name[ro]=Sincronizare eșuată
+Name[ru]=Ошибка синхронизации бумажника
Name[sk]=Synchronizácia zlyhala
Name[sl]=Uskladitev spodletela
Name[sr]=Синхронизација пропала
@@ -342,14 +345,17 @@
Comment[hu]=A KDE jelszókezelő rendszer nem tudta szinkronizálni a jelszófájlt a lemezre
Comment[ia]=Le sistema de portafolio de KDE (KDE Wallet System) falleva synchronisar un file de portafolio con le disco
Comment[kk]=KDE әмиян жүйесінің дискідегі әмиян файлымен қадамдастыру жаңылысы
+Comment[ko]=KDE 지갑 시스템에서 지갑 파일을 디스크에 동기화할 수 없음
Comment[nb]=KDE Wallet System klarte ikke å synkronisere en lommebokfil til disk
Comment[nds]=Binnen KDE sien Knippsystem lett sik en Knipp nich mit de Datei op de Fastplaat synkroniseren
Comment[nl]=Het lukte het KDE portefeuillesysteem niet om een portefeuillebestand naar schijf te synchroniseren
Comment[nn]=Lommeboktenesta klarte ikkje synkronisera lommebokfila til disken
+Comment[pa]=ਕੇਡੀਈ ਵਾਲਿਟ ਸਿਸਟਮ ਵਾਲਿਟ ਫਾਇਲ ਨੂੰ ਡਿਸਕ ਉੱਤੇ ਸਿੰਕ ਕਰਨ ਲਈ ਫੇਲ੍ਹ ਹੈ
Comment[pl]=Synchronizacja pliku portfela na dysku przez System portfela KDE zakończyła się niepowodzeniem
Comment[pt]=O sistema da Carteira do KDE não conseguiu sincronizar um ficheiro da carteira para o disco
Comment[pt_BR]=O Sistema da Carteiras do KDE não conseguiu sincronizar um arquivo de carteira com o disco
Comment[ro]=Sistemul de portofele KDE nu a putut sincroniza fișierul unui portofel cu discul
+Comment[ru]=Не удалось сохранить бумажник в соответствующий ему файл на диске
Comment[sk]=Systému KDE peňaženky sa nepodarilo synchronizovať súbor peňaženky na disk
Comment[sl]=Sistem listnic za KDE ni uspel uskladiti datoteke z listnico na disku
Comment[sr]=К‑новчаник не може да синхронизује фајл новчаника на диск
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizard.cpp new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizard.cpp
--- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizard.cpp 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizard.cpp 2014-03-29 08:12:43.000000000 +0100
@@ -1,19 +1,18 @@
/* This file is part of the KDE libraries
Copyright (C) 2004 George Staikos
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
- This program is distributed in the hope that it will be useful,
+ This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library. If not, see http://www.gnu.org/licenses/.
*/
#include "kwalletwizard.h"
@@ -172,7 +171,7 @@
GpgME::Key k = ctx->nextKey(err);
if (err)
break;
- if (!k.isInvalid() && k.canEncrypt()) {
+ if (!k.isInvalid() && k.canEncrypt() && (k.ownerTrust() == GpgME::Key::Ultimate)) {
keys.push_back(k);
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizard.h new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizard.h
--- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizard.h 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizard.h 2014-03-29 08:12:43.000000000 +0100
@@ -1,19 +1,18 @@
/* This file is part of the KDE libraries
Copyright (C) 2004 George Staikos
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
- This program is distributed in the hope that it will be useful,
+ This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library. If not, see http://www.gnu.org/licenses/.
*/
#ifndef KWALLETWIZARD_H
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizardpagegpgkey.ui new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizardpagegpgkey.ui
--- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizardpagegpgkey.ui 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizardpagegpgkey.ui 2014-03-29 08:12:43.000000000 +0100
@@ -21,7 +21,10 @@
<item>
<widget class="QLabel" name="label_3">
<property name="text">
- <string><html><head/><body><p>The GPG-based wallet use a GPG encryption key to securely encrypt data on disk. The key must be available when decrypting is needed or your wallet will not be accessible. For example, if you choose a SmartCard-based encryption key, the GPG system will prompt you to enter it and its associated PIN when attempting to open the wallet.</p></body></html></string>
+ <string><html><head/><body><p>The GPG-based wallet use a GPG encryption key to securely encrypt data on disk. The key must be available when decrypting is needed or your wallet will not be accessible. For example, if you choose a SmartCard-based encryption key, the GPG system will prompt you to enter it and its associated PIN when attempting to open the wallet. <span style=" font-weight:600;">NOTE:</span> this list contains only "ultimate-level" trusted keys.</p></body></html></string>
+ </property>
+ <property name="textFormat">
+ <enum>Qt::AutoText</enum>
</property>
<property name="wordWrap">
<bool>true</bool>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/tests/kwalletd/CMakeLists.txt new/kwallet-4.98.0/tests/kwalletd/CMakeLists.txt
--- old/kwallet-4.97.0/tests/kwalletd/CMakeLists.txt 2014-03-01 12:51:44.000000000 +0100
+++ new/kwallet-4.98.0/tests/kwalletd/CMakeLists.txt 2014-03-29 08:12:43.000000000 +0100
@@ -28,7 +28,7 @@
)
if (QGPGME_FOUND)
- kde4_add_ui_files(kwalletwizardtest_SRCS
+ qt5_wrap_ui(kwalletwizardtest_SRCS
../../src/runtime/kwalletd/kwalletwizardpagepasswordgpg.ui)
endif(QGPGME_FOUND)
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org