Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kf6-kwallet for openSUSE:Factory checked in at 2026-04-11 22:24:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kf6-kwallet (Old) and /work/SRC/openSUSE:Factory/.kf6-kwallet.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kf6-kwallet" Sat Apr 11 22:24:28 2026 rev:28 rq:1345917 version:6.25.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kf6-kwallet/kf6-kwallet.changes 2026-03-16 14:18:54.933236857 +0100 +++ /work/SRC/openSUSE:Factory/.kf6-kwallet.new.21863/kf6-kwallet.changes 2026-04-11 22:28:52.598531531 +0200 @@ -1,0 +2,14 @@ +Tue Apr 7 19:19:30 UTC 2026 - Christophe Marin <[email protected]> + +- Update to 6.25.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/6/6.25.0 +- Changes since 6.24.0: + * Update dependency version to 6.25.0 + * Fix find_package calls when not building kwalletd and ksecretd + * Hardcode one short DH key instead of brute-forcing one + * ksecretd: fix intermittent Secret Service session key mismatches with libsecret (kde#514194) + * Update version to 6.25.0 + +------------------------------------------------------------------- Old: ---- kwallet-6.24.0.tar.xz kwallet-6.24.0.tar.xz.sig New: ---- kwallet-6.25.0.tar.xz kwallet-6.25.0.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kf6-kwallet.spec ++++++ --- /var/tmp/diff_new_pack.61Tyk4/_old 2026-04-11 22:28:53.202556236 +0200 +++ /var/tmp/diff_new_pack.61Tyk4/_new 2026-04-11 22:28:53.206556399 +0200 @@ -19,11 +19,11 @@ %define qt6_version 6.8.0 %define rname kwallet -# Full KF6 version (e.g. 6.24.0) +# Full KF6 version (e.g. 6.25.0) %{!?_kf6_version: %global _kf6_version %{version}} %bcond_without released Name: kf6-kwallet -Version: 6.24.0 +Version: 6.25.0 Release: 0 Summary: Safe desktop-wide storage for passwords License: LGPL-2.1-or-later ++++++ kwallet-6.24.0.tar.xz -> kwallet-6.25.0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/CMakeLists.txt new/kwallet-6.25.0/CMakeLists.txt --- old/kwallet-6.24.0/CMakeLists.txt 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/CMakeLists.txt 2026-04-03 19:11:57.000000000 +0200 @@ -1,12 +1,12 @@ -cmake_minimum_required(VERSION 3.27) +cmake_minimum_required(VERSION 3.29) -set(KF_VERSION "6.24.0") # handled by release scripts -set(KF_DEP_VERSION "6.24.0") # handled by release scripts +set(KF_VERSION "6.25.0") # handled by release scripts +set(KF_DEP_VERSION "6.25.0") # handled by release scripts project(KWallet VERSION ${KF_VERSION}) set(CMAKE_EXPORT_COMPILE_COMMANDS 1) include(FeatureSummary) -find_package(ECM 6.24.0 NO_MODULE) +find_package(ECM 6.25.0 NO_MODULE) set_package_properties(ECM PROPERTIES TYPE REQUIRED DESCRIPTION "Extra CMake Modules." URL "https://invent.kde.org/frameworks/extra-cmake-modules";) feature_summary(WHAT REQUIRED_PACKAGES_NOT_FOUND FATAL_ON_MISSING_REQUIRED_PACKAGES) @@ -19,7 +19,7 @@ include(KDEGitCommitHooks) include(ECMDeprecationSettings) -set(REQUIRED_QT_VERSION 6.8.0) +set(REQUIRED_QT_VERSION 6.9.0) find_package(Qt6 ${REQUIRED_QT_VERSION} CONFIG REQUIRED Core DBus Gui Widgets) include(ECMGenerateExportHeader) @@ -47,8 +47,12 @@ find_package(KF6Config ${KF_DEP_VERSION} REQUIRED) -if(BUILD_KSECRETD OR BUILD_KWALLETD) - find_package(KF6 ${KF_DEP_VERSION} REQUIRED COMPONENTS CoreAddons I18n WindowSystem) +if(BUILD_KSECRETD) + find_package(KF6 ${KF_DEP_VERSION} REQUIRED COMPONENTS WindowSystem) +endif() + +if(BUILD_KSECRETD OR BUILD_KWALLETD OR BUILD_KWALLET_QUERY) + find_package(KF6 ${KF_DEP_VERSION} REQUIRED COMPONENTS CoreAddons I18n) endif() ecm_set_disabled_deprecation_versions( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/po/bg/kwalletd6.po new/kwallet-6.25.0/po/bg/kwalletd6.po --- old/kwallet-6.24.0/po/bg/kwalletd6.po 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/po/bg/kwalletd6.po 2026-04-03 19:11:57.000000000 +0200 @@ -2,20 +2,20 @@ # This file is distributed under the same license as the PACKAGE package. # # Yasen Pramatarov <[email protected]>, 2009, 2011, 2013. -# SPDX-FileCopyrightText: 2022, 2023, 2024, 2025 Mincho Kondarev <[email protected]> +# SPDX-FileCopyrightText: 2022, 2023, 2024, 2025, 2026 Mincho Kondarev <[email protected]> msgid "" msgstr "" "Project-Id-Version: kwalletd\n" "Report-Msgid-Bugs-To: https://bugs.kde.org\n"; "POT-Creation-Date: 2026-02-18 00:41+0000\n" -"PO-Revision-Date: 2025-04-19 11:31+0200\n" +"PO-Revision-Date: 2026-04-03 02:26+0200\n" "Last-Translator: Mincho Kondarev <[email protected]>\n" "Language-Team: Bulgarian <[email protected]>\n" "Language: bg\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Lokalize 25.07.70\n" +"X-Generator: Lokalize 26.03.70\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" #, kde-format @@ -599,18 +599,19 @@ "wallet <b>%1</b>. Error code is <b>%2</b>. Please fix your system " "configuration, then try again.</qt>" msgstr "" +"<qt>Грешка при опит за инициализиране на OpenPGP при опит за запазване на " +"портфейл <b>%1</b>. Кодът за грешка е <b>%2</b>. Моля, поправете вашата " +"системна конфигурация, след това опитайте отново.</qt>" #: kwalletbackend/backendpersisthandler.cpp:407 -#, fuzzy, kde-format -#| msgid "" -#| "The GpgME library failed to initialize for the OpenPGP protocol. Please " -#| "check your system's configuration then try again." +#, kde-format msgid "" "<qt>Error when attempting to initialize OpenPGP while attempting to save the " "wallet <b>%1</b>. Please fix your system configuration, then try again.</qt>" msgstr "" -"Библиотеката GpgME не успя да се инициализира за протокола OpenPGP. Моля " -"проверете конфигурацията на вашата система, след което опитайте отново." +"<qt>Грешка при опит за инициализиране на OpenPGP при опит за запазване на " +"портфейл <b>%1</b>. Моля, коригирайте конфигурацията на вашата система, след " +"което опитайте отново.</qt>" #: kwalletbackend/backendpersisthandler.cpp:461 #, kde-format @@ -620,6 +621,11 @@ "again. This error may occur if you are not using a full trust GPG key. " "Please ensure you have the secret key for the key you are using.</qt>" msgstr "" +"<qt>Грешка при криптиране при опит за запазване на портфейла <b>%1</b>. " +"Кодът за грешка е <b>%2 (%3)</b>. Моля, коригирайте конфигурацията на вашата " +"система, след това опитайте отново. Тази грешка може да възникне, ако не " +"използвате GPG ключ с пълно доверие.Моля, уверете се, че разполагате с " +"тайния ключ за ключа, който използвате.</qt>" #: kwalletbackend/backendpersisthandler.cpp:478 #, kde-format @@ -627,6 +633,9 @@ "<qt>File handling error while attempting to save the wallet <b>%1</b>. Error " "was <b>%2</b>. Please fix your system configuration, then try again.</qt>" msgstr "" +"<qt>Грешка при обработка на файлове при опит за запазване на портфейла <b>" +"%1</b>. Грешка<b>%2</b>. Моля, коригирайте конфигурацията на вашата система, " +"след което опитайте отново.</qt>" #: kwalletbackend/backendpersisthandler.cpp:500 #, kde-format @@ -635,23 +644,24 @@ "wallet <b>%1</b>. Error code is <b>%2</b>. Please fix your system " "configuration, then try again.</qt>" msgstr "" +"<qt>Грешка при опит за инициализиране на OpenPGP при опит за отваряне на " +"портфейл <b>%1</b>. Кодът за грешка е <b>%2</b>. Моля, поправете вашата " +"системна конфигурация, след това опитайте отново.</qt>" #: kwalletbackend/backendpersisthandler.cpp:522 -#, fuzzy, kde-format -#| msgid "" -#| "The GpgME library failed to initialize for the OpenPGP protocol. Please " -#| "check your system's configuration then try again." +#, kde-format msgid "" "<qt>Error when attempting to initialize OpenPGP while attempting to open the " "wallet <b>%1</b>. Please fix your system configuration, then try again.</qt>" msgstr "" -"Библиотеката GpgME не успя да се инициализира за протокола OpenPGP. Моля " -"проверете конфигурацията на вашата система, след което опитайте отново." +"<qt>Грешка при опит за инициализиране на OpenPGP при опит за отваряне на " +"портфейл <b>%1</b>. Моля, коригирайте конфигурацията на вашата система, след " +"което опитайте отново.</qt>" #: kwalletbackend/backendpersisthandler.cpp:535 #, kde-format msgid "Retry" -msgstr "" +msgstr "Повторен опит" #: kwalletbackend/backendpersisthandler.cpp:540 #, kde-format @@ -660,11 +670,14 @@ "you're using a SmartCard, please ensure it's inserted then try again." "<br><br>GPG error was <b>%2</b></qt>" msgstr "" +"<qt>Грешка при опит за дешифриране на портфейла <b>%1</b> с помощта на GPG. " +"Ако използвате SmartCard, моля, уверете се, че е поставена, след това " +"опитайте отново.<br><br> Грешката в GPG беше <b>%2</b></qt>" #: kwalletbackend/backendpersisthandler.cpp:544 #, kde-format msgid "kwalletd GPG backend" -msgstr "" +msgstr "GPG ядро за kwalletd" #: kwalletbackend/backendpersisthandler.cpp:590 #, kde-format @@ -673,51 +686,54 @@ "encrypted using the GPG Key ID <b>%2</b> but this key was not found on your " "system.</qt>" msgstr "" +"<qt>Грешка при опит за отваряне на портфейла <b>%1</b>. Портфейлът беше " +"криптиран с помощта на идентификатора на GPG ключ <b>%2</b>, но този ключ не " +"е намерен във вашата система.</qt>" #: kwalletbackend/kwalletbackend.cc:272 #, kde-format msgid "Already open." -msgstr "" +msgstr "Вече е отворен." #: kwalletbackend/kwalletbackend.cc:274 #, kde-format msgid "Error opening file." -msgstr "" +msgstr "Грешка при отваряне на файла." #: kwalletbackend/kwalletbackend.cc:276 #, kde-format msgid "Not a wallet file." -msgstr "" +msgstr "Не портфейлен файл." #: kwalletbackend/kwalletbackend.cc:278 #, kde-format msgid "Unsupported file format revision." -msgstr "" +msgstr "Неподдържан формат на файла." #: kwalletbackend/kwalletbackend.cc:282 #, kde-format msgid "Unknown encryption scheme." -msgstr "" +msgstr "Неизвестна схема за шифроване." #: kwalletbackend/kwalletbackend.cc:284 #, kde-format msgid "Corrupt file?" -msgstr "" +msgstr "Вероятно повреден файл" #: kwalletbackend/kwalletbackend.cc:286 #, kde-format msgid "Error validating wallet integrity. Possibly corrupted." -msgstr "" +msgstr "Грешка при проверка цялостта на портфейла. Най-вероятно е повреден." #: kwalletbackend/kwalletbackend.cc:290 #, kde-format msgid "Read error - possibly incorrect password." -msgstr "" +msgstr "Грешка при четене: най-вероятно грешна парола." #: kwalletbackend/kwalletbackend.cc:292 #, kde-format msgid "Decryption error." -msgstr "" +msgstr "Грешки при разшифроване." #: kwalletbackend/kwalletbackend.cc:472 #, kde-format @@ -726,91 +742,94 @@ "RC <b>%2</b>\n" "SF <b>%3</b>. Please file a BUG report using this information to bugs.kde.org" msgstr "" +"Синхронизирането на портфейла <b>%1</b> с диска е неуспешно. Кодовете за " +"грешки са:\n" +"RC <b>%2</b>\n" +"SF <b>%3</b>. Моля, подайте доклад за ГРЕШКА, използвайки тази информация, " +"на bugs.kde.org" #: kwalletd/kwalletd.cpp:119 #, kde-format msgid "Migrating the wallet \"%1\". Please provide the password to unlock." -msgstr "" +msgstr "Мигриране на портфейла „%1“. Моля, въведете паролата за отключване." #: kwalletd/main.cpp:32 -#, fuzzy, kde-format -#| msgid "KWallet" +#, kde-format msgid "kwalletd" -msgstr "KWallet" +msgstr "kwalletd" #: kwalletd/main.cpp:34 #, kde-format msgid "A KWallet compatibility service, wrapping upon Secret Service" -msgstr "" +msgstr "Услуга за съвместимост на KWallet, обхващата Secret Service" #: kwalletd/main.cpp:36 -#, fuzzy, kde-format -#| msgid "(C) 2002-2025, The KDE Developers" +#, kde-format msgid "(C) 2025, The KDE Developers" -msgstr "(C) 2002-2025, Разработчиците на KDE" +msgstr "(C) 2025, Разработчиците на KDE" #: kwalletd/main.cpp:38 #, kde-format msgid "Marco Martin" -msgstr "" +msgstr "Marco Martin" #: kwalletd/main.cpp:38 #, kde-format msgid "Author" -msgstr "" +msgstr "Автор" #: kwalletd/secretserviceclient.cpp:241 #, kde-format msgid "Item not found" -msgstr "" +msgstr "Елементът не е открит" #: kwalletd/secretserviceclient.cpp:261 #, kde-format msgid "Could not connect to Secret Service" -msgstr "" +msgstr "Неуспешна връзка със Secret Service" #: kwalletd/secretserviceclient.cpp:423 #, kde-format msgid "Unable to unlock collectionName %1" -msgstr "" +msgstr "Не може да се отключи collectionName %1" #: kwalletd/secretserviceclient.cpp:515 #, kde-format msgid "No collections" -msgstr "" +msgstr "Няма колекции" #: kwalletd/secretserviceclient.cpp:552 kwalletd/secretserviceclient.cpp:599 #: kwalletd/secretserviceclient.cpp:702 #, kde-format msgid "No entries" -msgstr "" +msgstr "Няма записи" #: kwalletd/secretserviceclient.cpp:617 #, kde-format msgid "Entry not found, key: %1, folder: %2" -msgstr "" +msgstr "Записът не е намерен, ключ: %1, папка: %2" #: kwalletd/secretserviceclient.cpp:726 #, kde-format msgid "Unable to unlock item" -msgstr "" +msgstr "Не може да се отключи елемент" #: kwalletd/secretserviceclient.cpp:769 kwalletd/secretserviceclient.cpp:887 #, kde-format msgid "Entry to rename not found" -msgstr "" +msgstr "Записът за преименуване не е намерен" #: kwalletd/secretserviceclient.cpp:776 #, kde-format msgid "Entry named %1 in folder %2 and wallet %3 already exists." -msgstr "" +msgstr "Запис с име %1 в папка %2 и портфейл %3 вече съществува." #: kwalletd/secretserviceclient.cpp:791 kwalletd/secretserviceclient.cpp:806 #, kde-format msgid "Entry to rename incomplete" -msgstr "" +msgstr "Записът за преименуване е непълен" #: kwalletd/secretserviceclient.cpp:851 #, kde-format msgid "Failed to create SecretValue" -msgstr "" +msgstr "Неуспешно създаване на SecretValue" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/po/cs/kwalletd6.po new/kwallet-6.25.0/po/cs/kwalletd6.po --- old/kwallet-6.24.0/po/cs/kwalletd6.po 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/po/cs/kwalletd6.po 2026-04-03 19:11:57.000000000 +0200 @@ -1,6 +1,6 @@ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. -# SPDX-FileCopyrightText: 2010, 2011, 2013, 2014, 2015, 2016, 2017, 2023, 2024 Vít Pelčák <[email protected]> +# SPDX-FileCopyrightText: 2010, 2011, 2013, 2014, 2015, 2016, 2017, 2023, 2024, 2026 Vít Pelčák <[email protected]> # Tomáš Chvátal <[email protected]>, 2013. # SPDX-FileCopyrightText: 2021, 2023, 2025 Vit Pelcak <[email protected]> # @@ -9,15 +9,15 @@ "Project-Id-Version: kwalletd\n" "Report-Msgid-Bugs-To: https://bugs.kde.org\n"; "POT-Creation-Date: 2026-02-18 00:41+0000\n" -"PO-Revision-Date: 2025-05-16 14:52+0200\n" -"Last-Translator: Vit Pelcak <[email protected]>\n" +"PO-Revision-Date: 2026-03-19 10:07+0100\n" +"Last-Translator: Vít Pelčák <[email protected]>\n" "Language-Team: Czech <[email protected]>\n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" -"X-Generator: Lokalize 25.04.1\n" +"X-Generator: Lokalize 25.12.3\n" #, kde-format msgctxt "NAME OF TRANSLATORS" @@ -732,24 +732,22 @@ #: kwalletd/kwalletd.cpp:119 #, kde-format msgid "Migrating the wallet \"%1\". Please provide the password to unlock." -msgstr "" +msgstr "Migrace úschovny \"%1\". Prosím, zadejte heslo pro odemčení." #: kwalletd/main.cpp:32 -#, fuzzy, kde-format -#| msgid "KWallet" +#, kde-format msgid "kwalletd" -msgstr "KWallet" +msgstr "kwalletd" #: kwalletd/main.cpp:34 #, kde-format msgid "A KWallet compatibility service, wrapping upon Secret Service" -msgstr "" +msgstr "Služba kompatibility KWallet propojující Službu hesel" #: kwalletd/main.cpp:36 -#, fuzzy, kde-format -#| msgid "(C) 2002-2025, The KDE Developers" +#, kde-format msgid "(C) 2025, The KDE Developers" -msgstr "(c) 2002-2025, Vývojáři KDE" +msgstr "(c) 2025, Vývojáři KDE" #: kwalletd/main.cpp:38 #, kde-format @@ -764,55 +762,55 @@ #: kwalletd/secretserviceclient.cpp:241 #, kde-format msgid "Item not found" -msgstr "" +msgstr "Položka nenalezena" #: kwalletd/secretserviceclient.cpp:261 #, kde-format msgid "Could not connect to Secret Service" -msgstr "" +msgstr "Nelze se připojit ke Službě hesel" #: kwalletd/secretserviceclient.cpp:423 #, kde-format msgid "Unable to unlock collectionName %1" -msgstr "" +msgstr "Nelze odemknout collectionName %1" #: kwalletd/secretserviceclient.cpp:515 #, kde-format msgid "No collections" -msgstr "" +msgstr "Žádné sbírky" #: kwalletd/secretserviceclient.cpp:552 kwalletd/secretserviceclient.cpp:599 #: kwalletd/secretserviceclient.cpp:702 #, kde-format msgid "No entries" -msgstr "" +msgstr "Žádné položky" #: kwalletd/secretserviceclient.cpp:617 #, kde-format msgid "Entry not found, key: %1, folder: %2" -msgstr "" +msgstr "Záznam nenalezen. Klíč: %1, složka: %2" #: kwalletd/secretserviceclient.cpp:726 #, kde-format msgid "Unable to unlock item" -msgstr "" +msgstr "Položku nelze odemknout." #: kwalletd/secretserviceclient.cpp:769 kwalletd/secretserviceclient.cpp:887 #, kde-format msgid "Entry to rename not found" -msgstr "" +msgstr "Položka k přejmenování nenalezena" #: kwalletd/secretserviceclient.cpp:776 #, kde-format msgid "Entry named %1 in folder %2 and wallet %3 already exists." -msgstr "" +msgstr "Záznam pojmenovaný %1 ve složce %2 a úschovně %3 již existuje." #: kwalletd/secretserviceclient.cpp:791 kwalletd/secretserviceclient.cpp:806 #, kde-format msgid "Entry to rename incomplete" -msgstr "" +msgstr "Položka k přejmenování není úplná" #: kwalletd/secretserviceclient.cpp:851 #, kde-format msgid "Failed to create SecretValue" -msgstr "" +msgstr "Chyba při vytváření SecretValue" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/po/eu/kwalletd6.po new/kwallet-6.25.0/po/eu/kwalletd6.po --- old/kwallet-6.24.0/po/eu/kwalletd6.po 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/po/eu/kwalletd6.po 2026-04-03 19:11:57.000000000 +0200 @@ -1,24 +1,24 @@ # Translation for kwalletd6.po to Euskara/Basque (eu). -# Copyright (C) 2009-2025 This file is copyright: +# Copyright (C) 2009-2026 This file is copyright: # This file is distributed under the same license as the kwallet package. -# SPDX-FileCopyrightText: 2023, 2025 KDE euskaratzeko proiektuaren arduraduna <[email protected]> +# SPDX-FileCopyrightText: 2023, 2025, 2026 KDE euskaratzeko proiektuaren arduraduna <[email protected]> # # Translators: -# Iñigo Salvador Azurmendi <[email protected]>, 2009, 2010, 2017, 2021, 2023, 2025. +# Iñigo Salvador Azurmendi <[email protected]>, 2009, 2010, 2017, 2021, 2023, 2025, 2026. # marcos <[email protected]>, 2010. msgid "" msgstr "" "Project-Id-Version: kwalletd5\n" "Report-Msgid-Bugs-To: https://bugs.kde.org\n"; "POT-Creation-Date: 2026-02-18 00:41+0000\n" -"PO-Revision-Date: 2025-04-22 11:06+0200\n" +"PO-Revision-Date: 2026-03-07 21:37+0100\n" "Last-Translator: Iñigo Salvador Azurmendi <[email protected]>\n" "Language-Team: Basque <[email protected]>\n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Lokalize 25.04.0\n" +"X-Generator: Lokalize 25.12.3\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #, kde-format @@ -751,6 +751,7 @@ #, kde-format msgid "Migrating the wallet \"%1\". Please provide the password to unlock." msgstr "" +"\"%1\" zorroa migratzen. Mesedez, eman giltzapetik askatzeko pasahitza." #: kwalletd/main.cpp:32 #, kde-format @@ -760,81 +761,78 @@ #: kwalletd/main.cpp:34 #, kde-format msgid "A KWallet compatibility service, wrapping upon Secret Service" -msgstr "" +msgstr "Secret Service-ren gainean KWalleten bateragarritasun zerbitzu bat" #: kwalletd/main.cpp:36 -#, fuzzy, kde-format -#| msgid "(C) 2002-2025, The KDE Developers" +#, kde-format msgid "(C) 2025, The KDE Developers" -msgstr "(C) 2002-2025, KDE garatzaileak" +msgstr "(C) 2025, KDE garatzaileak" #: kwalletd/main.cpp:38 #, kde-format msgid "Marco Martin" -msgstr "" +msgstr "Marco Martin" #: kwalletd/main.cpp:38 #, kde-format msgid "Author" -msgstr "" +msgstr "Egilea" #: kwalletd/secretserviceclient.cpp:241 #, kde-format msgid "Item not found" -msgstr "" +msgstr "Elementua ez da aurkitu" #: kwalletd/secretserviceclient.cpp:261 #, kde-format msgid "Could not connect to Secret Service" -msgstr "" +msgstr "Ezin izan da Secret Service-rekin konektatu" #: kwalletd/secretserviceclient.cpp:423 #, kde-format msgid "Unable to unlock collectionName %1" -msgstr "" +msgstr "Ezin izan da %1 bilduma-izena giltzapetik askatu" #: kwalletd/secretserviceclient.cpp:515 #, kde-format msgid "No collections" -msgstr "" +msgstr "Ez dago bildumarik" #: kwalletd/secretserviceclient.cpp:552 kwalletd/secretserviceclient.cpp:599 #: kwalletd/secretserviceclient.cpp:702 #, kde-format msgid "No entries" -msgstr "" +msgstr "Ez dago sarrerarik" #: kwalletd/secretserviceclient.cpp:617 #, kde-format msgid "Entry not found, key: %1, folder: %2" -msgstr "" +msgstr "Sarrera ez da aurkitu, gakoa: %1, karpeta: %2" #: kwalletd/secretserviceclient.cpp:726 #, kde-format msgid "Unable to unlock item" -msgstr "" +msgstr "Ezin da elementua giltzapetik askatu" #: kwalletd/secretserviceclient.cpp:769 kwalletd/secretserviceclient.cpp:887 #, kde-format msgid "Entry to rename not found" -msgstr "" +msgstr "Berrizendatu beharreko sarrera ez da aurkitu" #: kwalletd/secretserviceclient.cpp:776 -#, fuzzy, kde-format -#| msgid "* SKIPPING entry %1 in folder %2 as it seems already migrated" +#, kde-format msgid "Entry named %1 in folder %2 and wallet %3 already exists." -msgstr "" -"* %2 karpetako %1 sarrera BAZTERTZEN dagoeneko migratu dela dirudielako" +msgstr "%3 zorroko %2 karpetan %1 izeneko sarrera lehendik ere badago." #: kwalletd/secretserviceclient.cpp:791 kwalletd/secretserviceclient.cpp:806 #, kde-format msgid "Entry to rename incomplete" -msgstr "" +msgstr "Berrizendatu beharreko sarrera osatu gabe dago" #: kwalletd/secretserviceclient.cpp:851 #, kde-format msgid "Failed to create SecretValue" -msgstr "" +msgstr "Huts egin du SecretValue sortzean" #~ msgid "Cannot read old wallet list. Aborting." #~ msgstr "Ezin da irakurri zorro zaharren zerrenda. Galarazten." diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/po/is/kwalletd6.po new/kwallet-6.25.0/po/is/kwalletd6.po --- old/kwallet-6.24.0/po/is/kwalletd6.po 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/po/is/kwalletd6.po 2026-04-03 19:11:57.000000000 +0200 @@ -2,14 +2,14 @@ # Copyright (C) 2009 This_file_is_part_of_KDE # This file is distributed under the same license as the PACKAGE package. # -# SPDX-FileCopyrightText: 2009, 2016, 2022, 2023, 2024, 2025 Sveinn í Felli <[email protected]> +# SPDX-FileCopyrightText: 2009, 2016, 2022, 2023, 2024, 2025, 2026 Sveinn í Felli <[email protected]> # SPDX-FileCopyrightText: 2024 Gummi <[email protected]> msgid "" msgstr "" "Project-Id-Version: kwalletd\n" "Report-Msgid-Bugs-To: https://bugs.kde.org\n"; "POT-Creation-Date: 2026-02-18 00:41+0000\n" -"PO-Revision-Date: 2025-10-08 09:25+0000\n" +"PO-Revision-Date: 2026-03-25 13:19+0000\n" "Last-Translator: Sveinn í Felli <[email protected]>\n" "Language-Team: Icelandic\n" "Language: is\n" @@ -229,7 +229,7 @@ "<qt>Error opening the wallet '<b>%1</b>'. Please try again.<br />(Error code " "%2: %3)</qt>" msgstr "" -"<qt>Villa við opnum veskis '<b>%1</b>'. Vinsamlegast reyndu aftur.<br /" +"<qt>Villa við opnum veskis '<b>%1</b>'. Endilega reyndu aftur.<br /" ">(Villuboð %2: %3)</qt>" #: ksecretd/ksecretd.cpp:716 @@ -741,90 +741,88 @@ #: kwalletd/kwalletd.cpp:119 #, kde-format msgid "Migrating the wallet \"%1\". Please provide the password to unlock." -msgstr "" +msgstr "Færi yfir veskið \"%1\". Settu inn lykilorð til að aflæsa." #: kwalletd/main.cpp:32 -#, fuzzy, kde-format -#| msgid "KWallet" +#, kde-format msgid "kwalletd" -msgstr "KWallet" +msgstr "kwalletd" #: kwalletd/main.cpp:34 #, kde-format msgid "A KWallet compatibility service, wrapping upon Secret Service" -msgstr "" +msgstr "KWallet-samhæfniþjónusta, pökkuð utan um Secret Service" #: kwalletd/main.cpp:36 -#, fuzzy, kde-format -#| msgid "(C) 2002-2025, The KDE Developers" +#, kde-format msgid "(C) 2025, The KDE Developers" -msgstr "(C) -2002-2025, KDE-þróunarteymið" +msgstr "(C) 2025, KDE-þróunarteymið" #: kwalletd/main.cpp:38 #, kde-format msgid "Marco Martin" -msgstr "" +msgstr "Marco Martin" #: kwalletd/main.cpp:38 #, kde-format msgid "Author" -msgstr "" +msgstr "Höfundur" #: kwalletd/secretserviceclient.cpp:241 #, kde-format msgid "Item not found" -msgstr "" +msgstr "Atriði fannst ekki" #: kwalletd/secretserviceclient.cpp:261 #, kde-format msgid "Could not connect to Secret Service" -msgstr "" +msgstr "Gat ekki tengst við Secret Service" #: kwalletd/secretserviceclient.cpp:423 #, kde-format msgid "Unable to unlock collectionName %1" -msgstr "" +msgstr "Tókst ekki að aflæsa collectionName %1" #: kwalletd/secretserviceclient.cpp:515 #, kde-format msgid "No collections" -msgstr "" +msgstr "Engin söfn" #: kwalletd/secretserviceclient.cpp:552 kwalletd/secretserviceclient.cpp:599 #: kwalletd/secretserviceclient.cpp:702 #, kde-format msgid "No entries" -msgstr "" +msgstr "Engar færslur" #: kwalletd/secretserviceclient.cpp:617 #, kde-format msgid "Entry not found, key: %1, folder: %2" -msgstr "" +msgstr "Færsla fannst ekki, lykill: %1, mappa: %2" #: kwalletd/secretserviceclient.cpp:726 #, kde-format msgid "Unable to unlock item" -msgstr "" +msgstr "Tókst ekki að aflæsa atriði" #: kwalletd/secretserviceclient.cpp:769 kwalletd/secretserviceclient.cpp:887 #, kde-format msgid "Entry to rename not found" -msgstr "" +msgstr "Færsla til að endurnefna fannst ekki" #: kwalletd/secretserviceclient.cpp:776 #, kde-format msgid "Entry named %1 in folder %2 and wallet %3 already exists." -msgstr "" +msgstr "Færsla með heitinu %1 í möppunni %2 og veskinu %3 er þegar til staðar." #: kwalletd/secretserviceclient.cpp:791 kwalletd/secretserviceclient.cpp:806 #, kde-format msgid "Entry to rename incomplete" -msgstr "" +msgstr "Færsla til að endurnefna er ófullgerð" #: kwalletd/secretserviceclient.cpp:851 #, kde-format msgid "Failed to create SecretValue" -msgstr "" +msgstr "Mistókst að búa til SecretValue" #, fuzzy #~| msgid "KDE Wallet Service" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/po/pl/kwalletd6.po new/kwallet-6.25.0/po/pl/kwalletd6.po --- old/kwallet-6.24.0/po/pl/kwalletd6.po 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/po/pl/kwalletd6.po 2026-04-03 19:11:57.000000000 +0200 @@ -3,14 +3,14 @@ # This file is distributed under the same license as the PACKAGE package. # Michał Smoczyk <[email protected]>, 2008. # Marta Rybczyńska <[email protected]>, 2009, 2010. -# SPDX-FileCopyrightText: 2014, 2015, 2016, 2019, 2020, 2021, 2022, 2023, 2025 Łukasz Wojniłowicz <[email protected]> +# SPDX-FileCopyrightText: 2014, 2015, 2016, 2019, 2020, 2021, 2022, 2023, 2025, 2026 Łukasz Wojniłowicz <[email protected]> # msgid "" msgstr "" "Project-Id-Version: kwalletd\n" "Report-Msgid-Bugs-To: https://bugs.kde.org\n"; "POT-Creation-Date: 2026-02-18 00:41+0000\n" -"PO-Revision-Date: 2025-11-01 10:11+0100\n" +"PO-Revision-Date: 2026-03-21 06:54+0100\n" "Last-Translator: Łukasz Wojniłowicz <[email protected]>\n" "Language-Team: pl\n" "Language: pl\n" @@ -748,7 +748,7 @@ #: kwalletd/kwalletd.cpp:119 #, kde-format msgid "Migrating the wallet \"%1\". Please provide the password to unlock." -msgstr "" +msgstr "Przenoszenie portfela \"%1\". Wpisz hasło, aby go odblokować." #: kwalletd/main.cpp:32 #, kde-format @@ -758,80 +758,78 @@ #: kwalletd/main.cpp:34 #, kde-format msgid "A KWallet compatibility service, wrapping upon Secret Service" -msgstr "" +msgstr "Usługa zgodności Portfela z usługą Secret Service" #: kwalletd/main.cpp:36 -#, fuzzy, kde-format -#| msgid "(C) 2002-2025, The KDE Developers" +#, kde-format msgid "(C) 2025, The KDE Developers" -msgstr "(c) 2002-2015, Programiści KDE" +msgstr "(C) 2015, Programiści KDE" #: kwalletd/main.cpp:38 #, kde-format msgid "Marco Martin" -msgstr "" +msgstr "Marco Martin" #: kwalletd/main.cpp:38 #, kde-format msgid "Author" -msgstr "" +msgstr "Autor" #: kwalletd/secretserviceclient.cpp:241 #, kde-format msgid "Item not found" -msgstr "" +msgstr "Nie znaleziono żadnego elementu" #: kwalletd/secretserviceclient.cpp:261 #, kde-format msgid "Could not connect to Secret Service" -msgstr "" +msgstr "Nie udało się połączyć do Secret Service" #: kwalletd/secretserviceclient.cpp:423 #, kde-format msgid "Unable to unlock collectionName %1" -msgstr "" +msgstr "Nie udało się odblokować nazwy zbioru %1" #: kwalletd/secretserviceclient.cpp:515 #, kde-format msgid "No collections" -msgstr "" +msgstr "Brak zbiorów" #: kwalletd/secretserviceclient.cpp:552 kwalletd/secretserviceclient.cpp:599 #: kwalletd/secretserviceclient.cpp:702 #, kde-format msgid "No entries" -msgstr "" +msgstr "Brak wpisów" #: kwalletd/secretserviceclient.cpp:617 #, kde-format msgid "Entry not found, key: %1, folder: %2" -msgstr "" +msgstr "Nie znaleziono wpisu, klucz: %1, katalog: %2" #: kwalletd/secretserviceclient.cpp:726 #, kde-format msgid "Unable to unlock item" -msgstr "" +msgstr "Nie można odblokować rzeczy" #: kwalletd/secretserviceclient.cpp:769 kwalletd/secretserviceclient.cpp:887 #, kde-format msgid "Entry to rename not found" -msgstr "" +msgstr "Nie znaleziono wpisu do zmiany jego nazwy" #: kwalletd/secretserviceclient.cpp:776 -#, fuzzy, kde-format -#| msgid "* SKIPPING entry %1 in folder %2 as it seems already migrated" +#, kde-format msgid "Entry named %1 in folder %2 and wallet %3 already exists." -msgstr "* POMIJANIE wpisu %1 w katalogu %2, bo wygląda na już przeniesiony" +msgstr "Wpis o nazwie %1 w katalogu %2 i portfelu %3 już istnieje." #: kwalletd/secretserviceclient.cpp:791 kwalletd/secretserviceclient.cpp:806 #, kde-format msgid "Entry to rename incomplete" -msgstr "" +msgstr "Wpisu do zmiany nazwy jest niepełny" #: kwalletd/secretserviceclient.cpp:851 #, kde-format msgid "Failed to create SecretValue" -msgstr "" +msgstr "Nie udało się utworzyć SecretValue" #~ msgid "Cannot read old wallet list. Aborting." #~ msgstr "Nie można odczytać starego spisu portfela. Przerwano." diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/po/ro/kwalletd6.po new/kwallet-6.25.0/po/ro/kwalletd6.po --- old/kwallet-6.24.0/po/ro/kwalletd6.po 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/po/ro/kwalletd6.po 2026-04-03 19:11:57.000000000 +0200 @@ -8,7 +8,7 @@ "Project-Id-Version: kwalletd\n" "Report-Msgid-Bugs-To: https://bugs.kde.org\n"; "POT-Creation-Date: 2026-02-18 00:41+0000\n" -"PO-Revision-Date: 2026-02-04 14:22+0000\n" +"PO-Revision-Date: 2026-03-16 16:28+0000\n" "Last-Translator: Sergiu Bivol <[email protected]>\n" "Language-Team: Romanian <[email protected]>\n" "Language: ro\n" @@ -17,7 +17,7 @@ "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < " "20)) ? 1 : 2;\n" -"X-Generator: Lokalize 25.08.1\n" +"X-Generator: Lokalize 25.12.3\n" #, kde-format msgctxt "NAME OF TRANSLATORS" @@ -753,90 +753,88 @@ #: kwalletd/kwalletd.cpp:119 #, kde-format msgid "Migrating the wallet \"%1\". Please provide the password to unlock." -msgstr "" +msgstr "Se migrează portofelul „%1”. Furnizați parola pentru deblocare." #: kwalletd/main.cpp:32 -#, fuzzy, kde-format -#| msgid "KWallet" +#, kde-format msgid "kwalletd" -msgstr "KWallet" +msgstr "kwalletd" #: kwalletd/main.cpp:34 #, kde-format msgid "A KWallet compatibility service, wrapping upon Secret Service" -msgstr "" +msgstr "Serviciu de compatibilitate cu KWallet, ce înfășoară Secret Service" #: kwalletd/main.cpp:36 -#, fuzzy, kde-format -#| msgid "(C) 2002-2025, The KDE Developers" +#, kde-format msgid "(C) 2025, The KDE Developers" -msgstr "(c) 2002-2025, Programatorii KDE" +msgstr "(C) 2025, Programatorii KDE" #: kwalletd/main.cpp:38 #, kde-format msgid "Marco Martin" -msgstr "" +msgstr "Marco Martin" #: kwalletd/main.cpp:38 #, kde-format msgid "Author" -msgstr "" +msgstr "Autor" #: kwalletd/secretserviceclient.cpp:241 #, kde-format msgid "Item not found" -msgstr "" +msgstr "Elementul nu a fost găsit" #: kwalletd/secretserviceclient.cpp:261 #, kde-format msgid "Could not connect to Secret Service" -msgstr "" +msgstr "Nu s-a putut conecta la Secret Service" #: kwalletd/secretserviceclient.cpp:423 #, kde-format msgid "Unable to unlock collectionName %1" -msgstr "" +msgstr "Nu s-a putut debloca collectionName %1" #: kwalletd/secretserviceclient.cpp:515 #, kde-format msgid "No collections" -msgstr "" +msgstr "Nicio colecție" #: kwalletd/secretserviceclient.cpp:552 kwalletd/secretserviceclient.cpp:599 #: kwalletd/secretserviceclient.cpp:702 #, kde-format msgid "No entries" -msgstr "" +msgstr "Nicio înregistrare" #: kwalletd/secretserviceclient.cpp:617 #, kde-format msgid "Entry not found, key: %1, folder: %2" -msgstr "" +msgstr "Înregistrarea nu a fost găsită, cheie: %1, dosar: %2" #: kwalletd/secretserviceclient.cpp:726 #, kde-format msgid "Unable to unlock item" -msgstr "" +msgstr "Elementul nu poate fi deblocat" #: kwalletd/secretserviceclient.cpp:769 kwalletd/secretserviceclient.cpp:887 #, kde-format msgid "Entry to rename not found" -msgstr "" +msgstr "Înregistrarea de redenumit nu a fost găsită" #: kwalletd/secretserviceclient.cpp:776 #, kde-format msgid "Entry named %1 in folder %2 and wallet %3 already exists." -msgstr "" +msgstr "Înregistrarea numită %1 în dosarul %2 și portofelul %3 există deja." #: kwalletd/secretserviceclient.cpp:791 kwalletd/secretserviceclient.cpp:806 #, kde-format msgid "Entry to rename incomplete" -msgstr "" +msgstr "Înregistrarea de redenumit e incompletă" #: kwalletd/secretserviceclient.cpp:851 #, kde-format msgid "Failed to create SecretValue" -msgstr "" +msgstr "Nu s-a putut crea SecretValue" #, fuzzy #~| msgid "KDE Wallet Service" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/src/runtime/ksecretd/autotests/fdo_secrets_test.cpp new/kwallet-6.25.0/src/runtime/ksecretd/autotests/fdo_secrets_test.cpp --- old/kwallet-6.24.0/src/runtime/ksecretd/autotests/fdo_secrets_test.cpp 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/src/runtime/ksecretd/autotests/fdo_secrets_test.cpp 2026-04-03 19:11:57.000000000 +0200 @@ -5,6 +5,7 @@ SPDX-License-Identifier: LGPL-2.0-or-later */ #include "fdo_secrets_test.h" +#include "../kwalletfreedesktopsession.h" #include "mockkwalletd.cpp" // cannot be in mockkwalletd.cpp, as CMake's automoc does not look there #include "moc_ksecretd.cpp" @@ -128,44 +129,88 @@ struct SetupSessionT { QDBusObjectPath sessionPath; QCA::SymmetricKey symmetricKey; + int commonSecretSize = 0; QByteArray error; }; #define SETUP_SESSION_VERIFY(cond) \ do { \ if (!(cond)) \ - return SetupSessionT{QDBusObjectPath(), QCA::SymmetricKey(), #cond}; \ + return SetupSessionT{QDBusObjectPath(), QCA::SymmetricKey(), 0, #cond}; \ } while (false) -SetupSessionT setupSession(KWalletFreedesktopService *service) +static QCA::SymmetricKey deriveLibsecretStyleSymmetricKey(const QCA::SecureArray &commonSecret) +{ + auto paddedSecret = commonSecret.toByteArray(); + if (paddedSecret.size() < FDO_DH_PUBLIC_KEY_SIZE) { + paddedSecret.prepend(FDO_DH_PUBLIC_KEY_SIZE - paddedSecret.size(), '\0'); + } + + return QCA::HKDF().makeKey(QCA::SecureArray(paddedSecret), {}, {}, FDO_SECRETS_CIPHER_KEY_SIZE); +} + +SetupSessionT setupSession(KWalletFreedesktopService *service, bool requireShortDhSecret = false, bool requireMsbSetClientPublicKey = false) { - SetupSessionT result; QCA::KeyGenerator keygen; auto dlGroup = QCA::DLGroup(keygen.createDLGroup(QCA::IETF_1024)); if (dlGroup.isNull()) { - result.error = "createDLGroup failed, maybe libqca-ossl is missing"; + return SetupSessionT{QDBusObjectPath(), QCA::SymmetricKey(), 0, "createDLGroup failed, maybe libqca-ossl is missing"}; + } + + for (int attempt = 0; attempt < 4096; ++attempt) { + SetupSessionT result; + auto privateKey = QCA::PrivateKey(keygen.createDH(dlGroup)); + auto publicKey = QCA::PublicKey(privateKey); + + auto pubKeyBytes = KWalletFreedesktopSessionAlgorithmDhAes::normalizeUnsignedDhValue(publicKey.toDH().y().toArray().toByteArray()); + if (requireMsbSetClientPublicKey && (static_cast<unsigned char>(pubKeyBytes.front()) & 0x80U) == 0) { + continue; + } + auto sessionPubKeyVariant = service->OpenSession("dh-ietf1024-sha256-aes128-cbc-pkcs7", QDBusVariant(pubKeyBytes), result.sessionPath); + SETUP_SESSION_VERIFY(result.sessionPath.path() != "/"); + SETUP_SESSION_VERIFY(sessionPubKeyVariant.variant().canConvert<QByteArray>()); + + auto servicePublicKeyBytes = sessionPubKeyVariant.variant().toByteArray(); + SETUP_SESSION_VERIFY(!servicePublicKeyBytes.isEmpty()); + + auto servicePublicKey = QCA::DHPublicKey(dlGroup, KWalletFreedesktopSessionAlgorithmDhAes::decodeUnsignedDhValue(servicePublicKeyBytes)); + auto commonSecret = privateKey.deriveKey(servicePublicKey); + result.commonSecretSize = commonSecret.size(); + if (requireShortDhSecret && result.commonSecretSize >= FDO_DH_PUBLIC_KEY_SIZE) { + continue; + } + + result.symmetricKey = deriveLibsecretStyleSymmetricKey(commonSecret); return result; } - auto privateKey = QCA::PrivateKey(keygen.createDH(dlGroup)); - auto publicKey = QCA::PublicKey(privateKey); + return SetupSessionT{QDBusObjectPath(), QCA::SymmetricKey(), 0, ""}; +} - auto connection = QDBusConnection::sessionBus(); - auto message = QDBusMessage::createSignal("dummy", "dummy", "dummy"); +void FdoSecretsTest::sessionAlgorithmStaticFunctions() +{ + const QByteArray shortValue(127, '\x5a'); + const QByteArray fullValue(FDO_DH_PUBLIC_KEY_SIZE, '\x7f'); + const QByteArray highBitValue(FDO_DH_PUBLIC_KEY_SIZE, static_cast<char>(0x80)); + const QByteArray signExtendedHighBitValue = QByteArray(1, '\0') + highBitValue; + + auto normalizedShort = KWalletFreedesktopSessionAlgorithmDhAes::normalizeUnsignedDhValue(shortValue); + QCOMPARE(normalizedShort.size(), FDO_DH_PUBLIC_KEY_SIZE); + QCOMPARE(normalizedShort.front(), '\0'); + QCOMPARE(normalizedShort.mid(1), shortValue); + + QCOMPARE(KWalletFreedesktopSessionAlgorithmDhAes::normalizeUnsignedDhValue(fullValue), fullValue); + QCOMPARE(KWalletFreedesktopSessionAlgorithmDhAes::normalizeUnsignedDhValue(signExtendedHighBitValue), highBitValue); - auto pubKeyBytes = publicKey.toDH().y().toArray().toByteArray(); - auto sessionPubKeyVariant = service->OpenSession("dh-ietf1024-sha256-aes128-cbc-pkcs7", QDBusVariant(pubKeyBytes), result.sessionPath); - SETUP_SESSION_VERIFY(result.sessionPath.path() != "/"); - SETUP_SESSION_VERIFY(sessionPubKeyVariant.variant().canConvert<QByteArray>()); - - auto servicePublicKeyBytes = sessionPubKeyVariant.variant().toByteArray(); - SETUP_SESSION_VERIFY(!servicePublicKeyBytes.isEmpty()); - - auto servicePublicKey = QCA::DHPublicKey(dlGroup, QCA::BigInteger(QCA::SecureArray(servicePublicKeyBytes))); - auto commonSecret = privateKey.deriveKey(servicePublicKey); - result.symmetricKey = QCA::HKDF().makeKey(commonSecret, {}, {}, FDO_SECRETS_CIPHER_KEY_SIZE); + auto decodedHighBit = KWalletFreedesktopSessionAlgorithmDhAes::decodeUnsignedDhValue(highBitValue); + QCOMPARE(KWalletFreedesktopSessionAlgorithmDhAes::normalizeUnsignedDhValue(decodedHighBit.toArray().toByteArray()), highBitValue); +} - return result; +static QByteArray shortDhPublicKey() +{ + // clang-format off + return QByteArray::fromBase64("bt4u/O+RSvVNOTszD/ThOeSNd+Ji7OVENIyRXsY45OzdocCMKZ8hSzxSmpqzwJL57I2yZtB897bBab1ujRK5tat6IIkMdOPf4WgExoU8c54VV1ohbehKraUktN1UzrDPsDrB4hJtm2GwFULMJXoEcdpkYaJSGEGWvjzlhrZZZA=="); + // clang-format on } void FdoSecretsTest::items() @@ -303,8 +348,9 @@ QVERIFY(item1 && item2 && item3); auto message = QDBusMessage::createSignal("dummy", "dummy", "dummy"); - auto [sessionPath, symmetricKey, errorStr] = setupSession(service.get()); + auto [sessionPath, symmetricKey, commonSecretSize, errorStr] = setupSession(service.get()); QVERIFY2(errorStr.isEmpty(), errorStr.constData()); + Q_UNUSED(commonSecretSize); /* Check secrets */ auto secret1 = item1->GetSecret(sessionPath); @@ -439,7 +485,9 @@ std::unique_ptr<KWalletFreedesktopService> service{new KWalletFreedesktopService(kwalletd.get())}; auto message = QDBusMessage::createSignal("dummy", "dummy", "dummy"); - auto [sessionPath, symmetricKey, errorStr] = setupSession(service.get()); + auto [sessionPath, symmetricKey, commonSecretSize, errorStr] = setupSession(service.get()); + QVERIFY2(errorStr.isEmpty(), errorStr.constData()); + Q_UNUSED(commonSecretSize); /* Generate secret */ auto secret = FreedesktopSecret(sessionPath, QByteArray("It's a secret"), "text/plain"); @@ -458,6 +506,64 @@ QCOMPARE(secret.value.toByteArray(), QByteArray("It's a secret")); } +void FdoSecretsTest::sessionWithShortDhSecret() +{ + std::unique_ptr<KSecretD> kwalletd{new KSecretD}; + std::unique_ptr<KWalletFreedesktopService> service{new KWalletFreedesktopService(kwalletd.get())}; + + auto message = QDBusMessage::createSignal("dummy", "dummy", "dummy"); + auto [sessionPath, symmetricKey, commonSecretSize, errorStr] = setupSession(service.get(), true); + QVERIFY2(errorStr.isEmpty(), errorStr.constData()); + QVERIFY(commonSecretSize < FDO_DH_PUBLIC_KEY_SIZE); + + auto secret = FreedesktopSecret(sessionPath, QByteArray("It's a secret"), "text/plain"); + QVERIFY(service->ensecret(message, secret)); + + auto cipher = QCA::Cipher("aes128", QCA::Cipher::CBC, QCA::Cipher::PKCS7, QCA::Decode, symmetricKey, secret.parameters); + QCA::SecureArray result; + result.append(cipher.update(QCA::MemoryRegion(secret.value.toByteArray()))); + result.append(cipher.final()); + + QVERIFY(cipher.ok()); + QCOMPARE(QString::fromUtf8(result.toByteArray()), "It's a secret"); +} + +void FdoSecretsTest::sessionWithShortClientPublicKey() +{ + std::unique_ptr<KSecretD> kwalletd{new KSecretD}; + std::unique_ptr<KWalletFreedesktopService> service{new KWalletFreedesktopService(kwalletd.get())}; + + auto publicKeyBytes = shortDhPublicKey(); + + QDBusObjectPath sessionPath; + auto sessionPubKeyVariant = service->OpenSession("dh-ietf1024-sha256-aes128-cbc-pkcs7", QDBusVariant(publicKeyBytes), sessionPath); + QVERIFY(sessionPath.path() != "/"); + QVERIFY(sessionPubKeyVariant.variant().canConvert<QByteArray>()); + QVERIFY(!sessionPubKeyVariant.variant().toByteArray().isEmpty()); +} + +void FdoSecretsTest::sessionWithMsbSetClientPublicKey() +{ + std::unique_ptr<KSecretD> kwalletd{new KSecretD}; + std::unique_ptr<KWalletFreedesktopService> service{new KWalletFreedesktopService(kwalletd.get())}; + + auto message = QDBusMessage::createSignal("dummy", "dummy", "dummy"); + auto [sessionPath, symmetricKey, commonSecretSize, errorStr] = setupSession(service.get(), false, true); + QVERIFY2(errorStr.isEmpty(), errorStr.constData()); + QVERIFY(commonSecretSize > 0); + + auto secret = FreedesktopSecret(sessionPath, QByteArray("It's a secret"), "text/plain"); + QVERIFY(service->ensecret(message, secret)); + + auto cipher = QCA::Cipher("aes128", QCA::Cipher::CBC, QCA::Cipher::PKCS7, QCA::Decode, symmetricKey, secret.parameters); + QCA::SecureArray result; + result.append(cipher.update(QCA::MemoryRegion(secret.value.toByteArray()))); + result.append(cipher.final()); + + QVERIFY(cipher.ok()); + QCOMPARE(QString::fromUtf8(result.toByteArray()), "It's a secret"); +} + void FdoSecretsTest::attributes() { KWalletFreedesktopAttributes attribs{"test"}; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/src/runtime/ksecretd/autotests/fdo_secrets_test.h new/kwallet-6.25.0/src/runtime/ksecretd/autotests/fdo_secrets_test.h --- old/kwallet-6.24.0/src/runtime/ksecretd/autotests/fdo_secrets_test.h 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/src/runtime/ksecretd/autotests/fdo_secrets_test.h 2026-04-03 19:11:57.000000000 +0200 @@ -21,12 +21,16 @@ void serviceStaticFunctions(); void collectionStaticFunctions(); + void sessionAlgorithmStaticFunctions(); void precreatedWallets(); void aliases(); void createLockUnlockCollection(); void items(); void session(); + void sessionWithShortDhSecret(); + void sessionWithShortClientPublicKey(); + void sessionWithMsbSetClientPublicKey(); void attributes(); void walletNameEncodeDecode(); }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/src/runtime/ksecretd/kwalletfreedesktopservice.cpp new/kwallet-6.25.0/src/runtime/ksecretd/kwalletfreedesktopservice.cpp --- old/kwallet-6.24.0/src/runtime/ksecretd/kwalletfreedesktopservice.cpp 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/src/runtime/ksecretd/kwalletfreedesktopservice.cpp 2026-04-03 19:11:57.000000000 +0200 @@ -56,6 +56,13 @@ return mangled; } + +QCA::SymmetricKey deriveSymmetricKeyFromDhSecret(const QCA::SecureArray &commonSecret) +{ + auto paddedSecret = KWalletFreedesktopSessionAlgorithmDhAes::normalizeUnsignedDhValue(commonSecret.toByteArray()); + + return QCA::HKDF().makeKey(QCA::SecureArray(paddedSecret), {}, {}, FDO_SECRETS_CIPHER_KEY_SIZE); +} } #define LABEL_NUMBER_PREFIX "__" @@ -416,11 +423,6 @@ std::unique_ptr<KWalletFreedesktopSessionAlgorithm> KWalletFreedesktopService::createSessionAlgorithmDhAes(const QByteArray &clientKey) const { - if (clientKey.size() < FDO_DH_PUBLIC_KEY_SIZE) { - sendErrorReply(QDBusError::ErrorType::InvalidArgs, QStringLiteral("Client public key size is invalid")); - return nullptr; - } - QCA::KeyGenerator keygen; const auto dlGroup = QCA::DLGroup(keygen.createDLGroup(QCA::IETF_1024)); if (dlGroup.isNull()) { @@ -430,9 +432,9 @@ auto privateKey = QCA::PrivateKey(keygen.createDH(dlGroup)); const auto publicKey = QCA::PublicKey(privateKey); - const auto clientPublicKey = QCA::DHPublicKey(dlGroup, QCA::BigInteger(QCA::SecureArray(clientKey))); + const auto clientPublicKey = QCA::DHPublicKey(dlGroup, KWalletFreedesktopSessionAlgorithmDhAes::decodeUnsignedDhValue(clientKey)); const auto commonSecret = privateKey.deriveKey(clientPublicKey); - const auto symmetricKey = QCA::HKDF().makeKey(commonSecret, {}, {}, FDO_SECRETS_CIPHER_KEY_SIZE); + const auto symmetricKey = deriveSymmetricKeyFromDhSecret(commonSecret); return std::make_unique<KWalletFreedesktopSessionAlgorithmDhAes>(publicKey, symmetricKey); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/src/runtime/ksecretd/kwalletfreedesktopsession.cpp new/kwallet-6.25.0/src/runtime/ksecretd/kwalletfreedesktopsession.cpp --- old/kwallet-6.24.0/src/runtime/ksecretd/kwalletfreedesktopsession.cpp 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/src/runtime/ksecretd/kwalletfreedesktopsession.cpp 2026-04-03 19:11:57.000000000 +0200 @@ -9,6 +9,28 @@ #include "kwalletfreedesktopsessionadaptor.h" #include <QDBusConnection> +QByteArray KWalletFreedesktopSessionAlgorithmDhAes::normalizeUnsignedDhValue(QByteArray value) +{ + // Secret Service uses unsigned 1024-bit DH public keys on the wire. Normalize to exactly 128 bytes to match. + if (value.size() < FDO_DH_PUBLIC_KEY_SIZE) { + return value.prepend(FDO_DH_PUBLIC_KEY_SIZE - value.size(), '\0'); + } + if (value.size() > FDO_DH_PUBLIC_KEY_SIZE) { + // Keep the 128 least-significant bytes. + return value.last(FDO_DH_PUBLIC_KEY_SIZE); + } + return value; +} + +QCA::BigInteger KWalletFreedesktopSessionAlgorithmDhAes::decodeUnsignedDhValue(const QByteArray &value) +{ + auto normalized = normalizeUnsignedDhValue(value); + if (!normalized.isEmpty() && (static_cast<unsigned char>(normalized.front()) & 0x80U)) { + normalized.prepend('\0'); + } + return QCA::BigInteger(QCA::SecureArray(normalized)); +} + KWalletFreedesktopSession::KWalletFreedesktopSession(KWalletFreedesktopService *service, std::unique_ptr<KWalletFreedesktopSessionAlgorithm> algorithm, QString sessionPath, @@ -104,7 +126,7 @@ QByteArray KWalletFreedesktopSessionAlgorithmDhAes::negotiationOutput() const { - return m_publicKey.toDH().y().toArray().toByteArray(); + return normalizeUnsignedDhValue(m_publicKey.toDH().y().toArray().toByteArray()); } bool KWalletFreedesktopSessionAlgorithmDhAes::encrypt(FreedesktopSecret &secret) const diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-6.24.0/src/runtime/ksecretd/kwalletfreedesktopsession.h new/kwallet-6.25.0/src/runtime/ksecretd/kwalletfreedesktopsession.h --- old/kwallet-6.24.0/src/runtime/ksecretd/kwalletfreedesktopsession.h 2026-03-07 21:33:12.000000000 +0100 +++ new/kwallet-6.25.0/src/runtime/ksecretd/kwalletfreedesktopsession.h 2026-04-03 19:11:57.000000000 +0200 @@ -76,6 +76,9 @@ public: KWalletFreedesktopSessionAlgorithmDhAes(const QCA::PublicKey &publicKey, QCA::SymmetricKey symmetricKey); + static QByteArray normalizeUnsignedDhValue(QByteArray value); + static QCA::BigInteger decodeUnsignedDhValue(const QByteArray &value); + QByteArray negotiationOutput() const override; bool encrypt(FreedesktopSecret &secret) const override; bool decrypt(FreedesktopSecret &secret) const override;
