Hello community, here is the log from the commit of package kwallet for openSUSE:Factory checked in at 2014-04-02 17:22:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kwallet (Old) and /work/SRC/openSUSE:Factory/.kwallet.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kwallet" Changes: -------- --- /work/SRC/openSUSE:Factory/kwallet/kwallet.changes 2014-03-10 12:17:53.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.kwallet.new/kwallet.changes 2014-04-02 17:22:40.000000000 +0200 @@ -1,0 +2,10 @@ +Sat Mar 29 19:47:53 UTC 2014 - hrvoje.sen...@gmail.com + +- Update to 4.98.0 + * API improvements and cleanups + * Buildsystem fixes + * For more details please see: + http://www.kde.org/announcements/announce-frameworks5-beta1.php +- Added libgcrypt-devel >= 1.5.0 BuildRequires + +------------------------------------------------------------------- Old: ---- kwallet-4.97.0.tar.xz New: ---- kwallet-4.98.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kwallet.spec ++++++ --- /var/tmp/diff_new_pack.QW1Cgc/_old 2014-04-02 17:22:41.000000000 +0200 +++ /var/tmp/diff_new_pack.QW1Cgc/_new 2014-04-02 17:22:41.000000000 +0200 @@ -18,10 +18,10 @@ %define lname libKF5Wallet5 Name: kwallet -Version: 4.97.0 +Version: 4.98.0 Release: 0 BuildRequires: cmake >= 2.8.12 -BuildRequires: extra-cmake-modules >= 0.0.11 +BuildRequires: extra-cmake-modules >= 0.0.12 BuildRequires: fdupes BuildRequires: kconfig-devel >= %{_kf5_version} BuildRequires: kcoreaddons-devel >= %{_kf5_version} @@ -33,6 +33,7 @@ BuildRequires: kservice-devel >= %{_kf5_version} BuildRequires: kwidgetsaddons-devel >= %{_kf5_version} BuildRequires: kwindowsystem-devel >= %{_kf5_version} +BuildRequires: libgcrypt-devel >= 1.5.0 BuildRequires: pkgconfig(Qt5DBus) >= 5.2.0 BuildRequires: pkgconfig(Qt5Test) >= 5.2.0 BuildRequires: pkgconfig(Qt5Widgets) >= 5.2.0 @@ -120,6 +121,7 @@ %{_kf5_servicesdir}/kwalletd5.desktop %{_kf5_datadir}/kwalletd/ %{_kf5_datadir}/dbus-1/services/org.kde.kwalletd5.service +%{_kf5_datadir}/kconf_update/ %files -n %lname %defattr(-,root,root) ++++++ kwallet-4.97.0.tar.xz -> kwallet-4.98.0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/.reviewboardrc new/kwallet-4.98.0/.reviewboardrc --- old/kwallet-4.97.0/.reviewboardrc 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/.reviewboardrc 2014-03-29 08:12:43.000000000 +0100 @@ -1,4 +1,4 @@ REVIEWBOARD_URL = "https://git.reviewboard.kde.org"; -REPOSITORY = 'git://anongit.kde.org/kwallet-framework' +REPOSITORY = 'git://anongit.kde.org/kwallet' BRANCH = 'master' TARGET_GROUPS = 'kdeframeworks' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/CMakeLists.txt new/kwallet-4.98.0/CMakeLists.txt --- old/kwallet-4.97.0/CMakeLists.txt 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/CMakeLists.txt 2014-03-29 08:12:43.000000000 +0100 @@ -1,23 +1,29 @@ cmake_minimum_required(VERSION 2.8.12) -find_package(ECM 0.0.11 REQUIRED NO_MODULE) +find_package(ECM 0.0.12 REQUIRED NO_MODULE) -set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR}) +set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/cmake) set(REQUIRED_QT_VERSION 5.2.0) find_package(Qt5 ${REQUIRED_QT_VERSION} CONFIG REQUIRED Widgets DBus) -set(KF5_VERSION "4.97.0") +set(KF5_VERSION "4.98.0") include(KDEInstallDirs) include(KDEFrameworkCompilerSettings) include(KDECMakeSettings) +include(FeatureSummary) option(BUILD_KWALLETD "Build the kwallet daemon" ON) +find_package(LibGcrypt 1.5.0 REQUIRED QUIET) +set_package_properties(LibGcrypt PROPERTIES DESCRIPTION "Libgcrypt is a general purpose cryptographic library based on the code from GnuPG." + URL "http://www.gnu.org/software/libgcrypt/"; + TYPE REQUIRED + PURPOSE "kwalletd needs libgcrypt to perform PBKDF2-SHA512 hashing" + ) + add_subdirectory(src) add_subdirectory(autotests) add_subdirectory(tests) -if ("${CMAKE_BINARY_DIR}" STREQUAL "${CMAKE_CURRENT_BINARY_DIR}") - feature_summary(WHAT ALL FATAL_ON_MISSING_REQUIRED_PACKAGES) -endif() +feature_summary(WHAT ALL FATAL_ON_MISSING_REQUIRED_PACKAGES) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/cmake/FindLibGcrypt.cmake new/kwallet-4.98.0/cmake/FindLibGcrypt.cmake --- old/kwallet-4.97.0/cmake/FindLibGcrypt.cmake 1970-01-01 01:00:00.000000000 +0100 +++ new/kwallet-4.98.0/cmake/FindLibGcrypt.cmake 2014-03-29 08:12:43.000000000 +0100 @@ -0,0 +1,61 @@ + +# - Try to find the Gcrypt library +# Once run this will define +# +# LIBGCRYPT_FOUND - set if the system has the gcrypt library +# LIBGCRYPT_CFLAGS - the required gcrypt compilation flags +# LIBGCRYPT_LIBRARIES - the linker libraries needed to use the gcrypt library +# +# Copyright (c) 2006 Brad Hards <br...@kde.org> +# +# Redistribution and use is allowed according to the terms of the BSD license. +# For details see the accompanying COPYING-CMAKE-SCRIPTS file. + +# libgcrypt is moving to pkg-config, but earlier version don't have it + +if(NOT LibGcrypt_FIND_VERSION) + set(LibGcrypt_FIND_VERSION "1.5.0") +endif() + +#search in typical paths for libgcrypt-config +FIND_PROGRAM(LIBGCRYPTCONFIG_EXECUTABLE NAMES libgcrypt-config) + +#reset variables +set(LIBGCRYPT_LIBRARIES) +set(LIBGCRYPT_CFLAGS) + +# if libgcrypt-config has been found +IF(LIBGCRYPTCONFIG_EXECUTABLE) + + # workaround for MinGW/MSYS + # CMake can't starts shell scripts on windows so it need to use sh.exe + EXECUTE_PROCESS(COMMAND sh ${LIBGCRYPTCONFIG_EXECUTABLE} --libs RESULT_VARIABLE _return_VALUE OUTPUT_VARIABLE LIBGCRYPT_LIBRARIES OUTPUT_STRIP_TRAILING_WHITESPACE) + EXECUTE_PROCESS(COMMAND sh ${LIBGCRYPTCONFIG_EXECUTABLE} --cflags RESULT_VARIABLE _return_VALUE OUTPUT_VARIABLE LIBGCRYPT_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) + EXECUTE_PROCESS(COMMAND sh ${LIBGCRYPTCONFIG_EXECUTABLE} --version RESULT_VARIABLE _return_VALUEVersion OUTPUT_VARIABLE LIBGCRYPT_VERSION OUTPUT_STRIP_TRAILING_WHITESPACE) + + IF(NOT LIBGCRYPT_CFLAGS AND NOT _return_VALUE) + SET(LIBGCRYPT_CFLAGS " ") + ENDIF(NOT LIBGCRYPT_CFLAGS AND NOT _return_VALUE) + + IF(LIBGCRYPT_LIBRARIES AND LIBGCRYPT_CFLAGS) + SET(LIBGCRYPT_FOUND TRUE) + ENDIF(LIBGCRYPT_LIBRARIES AND LIBGCRYPT_CFLAGS) + + if(LIBGCRYPT_VERSION VERSION_LESS ${LibGcrypt_FIND_VERSION}) + message(WARNING "libgcrypt found but version is less than required, Found ${LIBGCRYPT_VERSION} Required ${LibGcrypt_FIND_VERSION}") + SET(LIBGCRYPT_FOUND FALSE) + endif() + +ENDIF(LIBGCRYPTCONFIG_EXECUTABLE) + +if (LIBGCRYPT_FOUND) + if (NOT LibGcrypt_FIND_QUIETLY) + message(STATUS "Found libgcrypt: ${LIBGCRYPT_LIBRARIES}") + endif (NOT LibGcrypt_FIND_QUIETLY) +else (LIBGCRYPT_FOUND) + if (LibGcrypt_FIND_REQUIRED) + message(WARNING "Could not find libgcrypt libraries") + endif (LibGcrypt_FIND_REQUIRED) +endif (LIBGCRYPT_FOUND) + +MARK_AS_ADVANCED(LIBGCRYPT_CFLAGS LIBGCRYPT_LIBRARIES) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/api/KWallet/KF5WalletConfig.cmake.in new/kwallet-4.98.0/src/api/KWallet/KF5WalletConfig.cmake.in --- old/kwallet-4.97.0/src/api/KWallet/KF5WalletConfig.cmake.in 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/api/KWallet/KF5WalletConfig.cmake.in 2014-03-29 08:12:43.000000000 +0100 @@ -5,6 +5,7 @@ find_dependency(Qt5Core @REQUIRED_QT_VERSION@) +set(KWALLET_DBUS_INTERFACES_DIR "${PACKAGE_PREFIX_DIR}/@DBUS_INTERFACES_INSTALL_DIR@") include("${CMAKE_CURRENT_LIST_DIR}/KF5WalletTargets.cmake") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/api/KWallet/kwallet.h new/kwallet-4.98.0/src/api/KWallet/kwallet.h --- old/kwallet-4.97.0/src/api/KWallet/kwallet.h 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/api/KWallet/kwallet.h 2014-03-29 08:12:43.000000000 +0100 @@ -189,7 +189,7 @@ /** * Request to the wallet service to change the password of * the wallet @p name. - * @param name The the wallet to change the password of. + * @param name The wallet to change the password of. * @param w The window id to associate any dialogs with. You can pass * 0 if you don't have a window the password dialog should * associate with. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/CMakeLists.txt new/kwallet-4.98.0/src/runtime/kwalletd/CMakeLists.txt --- old/kwallet-4.97.0/src/runtime/kwalletd/CMakeLists.txt 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/CMakeLists.txt 2014-03-29 08:12:43.000000000 +0100 @@ -102,4 +102,5 @@ install( FILES kwalletd5.desktop DESTINATION ${SERVICES_INSTALL_DIR} ) install( FILES kwalletd.notifyrc DESTINATION ${DATA_INSTALL_DIR}/kwalletd ) +install( FILES kwallet-4.13.upd DESTINATION ${DATA_INSTALL_DIR}/kconf_update) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/Messages.sh new/kwallet-4.98.0/src/runtime/kwalletd/Messages.sh --- old/kwallet-4.97.0/src/runtime/kwalletd/Messages.sh 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/Messages.sh 2014-03-29 08:12:43.000000000 +0100 @@ -1,3 +1,3 @@ #! /usr/bin/env bash $EXTRACTRC `find . -name \*.ui` >> rc.cpp || exit 11 -$XGETTEXT `find . -name "*.cpp" -o -name "*.cc" | grep -v "/tests"` -o $podir/kwalletd.pot +$XGETTEXT `find . -name "*.cpp" -o -name "*.cc" | grep -v "/tests"` -o $podir/kwalletd5.pot diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/backend/CMakeLists.txt new/kwallet-4.98.0/src/runtime/kwalletd/backend/CMakeLists.txt --- old/kwallet-4.97.0/src/runtime/kwalletd/backend/CMakeLists.txt 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/backend/CMakeLists.txt 2014-03-29 08:12:43.000000000 +0100 @@ -41,7 +41,7 @@ ecm_setup_version(${KF5_VERSION} VARIABLE_PREFIX KWALLETBACKEND SOVERSION 5) -target_link_libraries(kwalletbackend5 Qt5::Widgets KF5::WidgetsAddons KF5::CoreAddons KF5::Notifications KF5::I18n) +target_link_libraries(kwalletbackend5 Qt5::Widgets KF5::WidgetsAddons KF5::CoreAddons KF5::Notifications KF5::I18n ${LIBGCRYPT_LIBRARIES}) if(QGPGME_FOUND) target_link_libraries(kwalletbackend5 ${QGPGME_LIBRARIES} ) endif(QGPGME_FOUND) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/backend/backendpersisthandler.cpp new/kwallet-4.98.0/src/runtime/kwalletd/backend/backendpersisthandler.cpp --- old/kwallet-4.97.0/src/runtime/kwalletd/backend/backendpersisthandler.cpp 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/backend/backendpersisthandler.cpp 2014-03-29 08:12:43.000000000 +0100 @@ -51,6 +51,7 @@ #define KWALLET_HASH_SHA1 0 #define KWALLET_HASH_MD5 1 // unsupported +#define KWALLET_HASH_PBKDF2_SHA512 2 // used when using kwallet with pam or since 4.13 version namespace KWallet { @@ -169,7 +170,7 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12]) { if (magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC && - magicBuf[3] == KWALLET_HASH_SHA1) { + (magicBuf[3] == KWALLET_HASH_SHA1 || magicBuf[3] == KWALLET_HASH_PBKDF2_SHA512)) { if (0 == blowfishHandler) blowfishHandler = new BlowfishPersistHandler; return blowfishHandler; @@ -190,7 +191,12 @@ assert(wb->_cipherType == BACKEND_CIPHER_BLOWFISH); version[2] = KWALLET_CIPHER_BLOWFISH_CBC; - version[3] = KWALLET_HASH_SHA1; + if(!wb->_useNewHash) { + version[3] = KWALLET_HASH_SHA1; + } else { + version[3] = KWALLET_HASH_PBKDF2_SHA512;//Since 4.13 we always use PBKDF2_SHA512 + } + if (sf.write(version) != 4) { sf.cancelWriting(); return -4; // write error @@ -497,14 +503,14 @@ qDebug() << "initGpgME returned " << err.code(); KMessageBox::errorWId( w, i18n("<qt>Error when attempting to initialize OpenPGP while attempting to save the wallet <b>%1</b>. Error code is <b>%2</b>. Please fix your system configuration, then try again!</qt>", Qt::escape(wb->_name), err.code())); sf.cancelWriting(); - return -1; + return -5; } boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) ); if (0 == ctx) { qDebug() << "Cannot setup OpenPGP context!"; KMessageBox::errorWId(w, i18n("<qt>Error when attempting to initialize OpenPGP while attempting to save the wallet <b>%1</b>. Please fix your system configuration, then try again!</qt>"), Qt::escape(wb->_name)); - return -1; + return -6; } assert(wb->_cipherType == BACKEND_CIPHER_GPG); @@ -558,7 +564,7 @@ Qt::escape(wb->_name), gpgerr, gpgme_strerror(gpgerr))); qDebug() << "GpgME encryption error: " << res.error().code(); sf.cancelWriting(); - return -1; + return -7; } char buffer[4096]; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/backend/kwalletbackend.cc new/kwallet-4.98.0/src/runtime/kwalletd/backend/kwalletbackend.cc --- old/kwallet-4.97.0/src/runtime/kwalletd/backend/kwalletbackend.cc 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/backend/kwalletbackend.cc 2014-03-29 08:12:43.000000000 +0100 @@ -23,10 +23,10 @@ #include <stdlib.h> #include <QSaveFile> -//#include <kstandarddirs.h> #ifdef HAVE_QGPGME #include <gpgme++/key.h> #endif +#include <gcrypt.h> #include <KNotification> #include <KLocalizedString> @@ -52,8 +52,7 @@ #endif #define KWALLET_VERSION_MAJOR 0 -#define KWALLET_VERSION_MINOR 0 - +#define KWALLET_VERSION_MINOR 1 using namespace KWallet; @@ -68,7 +67,12 @@ // KGlobal::dirs()->addResourceType("kwallet", 0, "share/apps/kwallet"); // } -Backend::Backend(const QString& name, bool isPath) : d(0), _name(name), _ref(0), _cipherType(KWallet::BACKEND_CIPHER_UNKNOWN) { +Backend::Backend(const QString& name, bool isPath) + : d(0), + _name(name), + _useNewHash(false), + _ref(0), + _cipherType(KWallet::BACKEND_CIPHER_UNKNOWN) { // initKWalletDir(); if (isPath) { _path = name; @@ -109,6 +113,34 @@ _cipherType = ct; } +static int password2PBKDF2_SHA512(const QByteArray &password, QByteArray& hash, const QByteArray &salt) +{ + if (!gcry_check_version("1.5.0")) { + printf("libcrypt version is too old \n"); + return GPG_ERR_USER_2; + } + + gcry_error_t error; + bool static gcry_secmem_init = false; + if (!gcry_secmem_init) { + error = gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0); + if (error != 0) { + qWarning() << "Can't get secure memory:" << error; + return error; + } + gcry_secmem_init = true; + } + + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + + error = gcry_kdf_derive(password.constData(), password.size(), + GCRY_KDF_PBKDF2, GCRY_MD_SHA512, + salt.data(), salt.size(), + PBKDF2_SHA512_ITERATIONS, PBKDF2_SHA512_KEYSIZE, hash.data()); + + return error; +} + // this should be SHA-512 for release probably static int password2hash(const QByteArray& password, QByteArray& hash) { SHA1 sha; @@ -279,6 +311,9 @@ } _passhash = passwordHash; + _newPassHash = passwordHash; + _useNewHash = true;//Only new hash is supported + return openInternal(); } @@ -294,10 +329,8 @@ } newfile.close(); _open = true; - if (sync(w)) { + if (sync(w) != 0) { return -2; - } else { - return 1; // new file opened, but OK } } @@ -320,9 +353,14 @@ return -4; // unknown version } - if (magicBuf[1] != KWALLET_VERSION_MINOR) { - return -4; // unknown version - } + //0 has been the MINOR version until 4.13, from that point we use it to upgrade the hash + if (magicBuf[1] == 1) { + qDebug() << "Wallet new enough, using new hash"; + swapToNewHash(); + } else if (magicBuf[1] != 0){ + qDebug() << "Wallet is old, sad panda :("; + return -4; // unknown version + } BackendPersistHandler *phandler = BackendPersistHandler::getPersistHandler(magicBuf); if (0 == phandler){ @@ -331,6 +369,38 @@ return phandler->read(this, db, w); } +void Backend::swapToNewHash() +{ + //Runtime error happened and we can't use the new hash + if (!_useNewHash) { + qDebug() << "Runtime error on the new hash"; + return; + } + _passhash.fill(0);//Making sure the old passhash is not around in memory + _passhash = _newPassHash;//Use the new hash, means the wallet is modern enough +} + +QByteArray Backend::createAndSaveSalt(const QString& path) const +{ + QFile saltFile(path); + saltFile.remove(); + + if (!saltFile.open(QIODevice::WriteOnly)) { + return QByteArray(); + } + + char *randomData = (char*) gcry_random_bytes(PBKDF2_SHA512_SALTSIZE, GCRY_STRONG_RANDOM); + QByteArray salt(randomData, PBKDF2_SHA512_SALTSIZE); + free(randomData); + + if (saltFile.write(salt) != PBKDF2_SHA512_SALTSIZE) { + return QByteArray(); + } + + saltFile.close(); + + return salt; +} int Backend::sync(WId w) { if (!_open) { @@ -352,7 +422,14 @@ // Write the version number QByteArray version(4, 0); version[0] = KWALLET_VERSION_MAJOR; - version[1] = KWALLET_VERSION_MINOR; + if (_useNewHash) { + version[1] = KWALLET_VERSION_MINOR; + //Use the sync to update the hash to PBKDF2_SHA512 + swapToNewHash(); + } else { + version[1] = 0; //was KWALLET_VERSION_MINOR before the new hash + } + BackendPersistHandler *phandler = BackendPersistHandler::getPersistHandler(_cipherType); if (0 == phandler) { @@ -389,6 +466,7 @@ // empty the password hash _passhash.fill(0); + _newPassHash.fill(0); _open = false; @@ -593,7 +671,27 @@ BlowFish _bf; CipherBlockChain bf(&_bf); _passhash.resize(bf.keyLen()/8); + _newPassHash.resize(bf.keyLen()/8); + _newPassHash.fill(0); + password2hash(password, _passhash); + + QByteArray salt; + QFile saltFile(getSaveLocation() + QDir::separator() + _name + ".salt"); + if (!saltFile.exists() || saltFile.size() == 0) { + salt = createAndSaveSalt(saltFile.fileName()); + } else { + if (!saltFile.open(QIODevice::ReadOnly)) { + salt = createAndSaveSalt(saltFile.fileName()); + } else { + salt = saltFile.readAll(); + } + } + + if (!salt.isEmpty() && password2PBKDF2_SHA512(password, _newPassHash, salt) == 0) { + qDebug() << "Setting useNewHash to true"; + _useNewHash = true; + } } #ifdef HAVE_QGPGME diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/backend/kwalletbackend.h new/kwallet-4.98.0/src/runtime/kwalletd/backend/kwalletbackend.h --- old/kwallet-4.97.0/src/runtime/kwalletd/backend/kwalletbackend.h 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/backend/kwalletbackend.h 2014-03-29 08:12:43.000000000 +0100 @@ -33,6 +33,10 @@ #include <gpgme++/key.h> #endif // HAVE_QGPGME +#define PBKDF2_SHA512_KEYSIZE 56 +#define PBKDF2_SHA512_SALTSIZE 56 +#define PBKDF2_SHA512_ITERATIONS 50000 + namespace KWallet { /** @@ -169,6 +173,7 @@ QString _name; QString _path; bool _open; + bool _useNewHash; QString _folder; int _ref; // Map Folder->Entries @@ -178,6 +183,7 @@ typedef QMap<MD5Digest, QList<MD5Digest> > HashMap; HashMap _hashes; QByteArray _passhash; // password hash used for saving the wallet + QByteArray _newPassHash; //Modern hash using KWALLET_HASH_PBKDF2_SHA512 BackendCipherType _cipherType; // the kind of encryption used for this wallet #ifdef HAVE_QGPGME GpgME::Key _gpgKey; @@ -188,6 +194,8 @@ // open the wallet with the password already set. This is // called internally by both open and openPreHashed. int openInternal(WId w=0); + void swapToNewHash(); + QByteArray createAndSaveSalt(const QString &path) const; }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kbetterthankdialog.cpp new/kwallet-4.98.0/src/runtime/kwalletd/kbetterthankdialog.cpp --- old/kwallet-4.97.0/src/runtime/kwalletd/kbetterthankdialog.cpp 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/kbetterthankdialog.cpp 2014-03-29 08:12:43.000000000 +0100 @@ -1,19 +1,18 @@ /* This file is part of the KDE libraries Copyright (C) 2004 George Staikos <stai...@kde.org> - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. - This program is distributed in the hope that it will be useful, + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + You should have received a copy of the GNU Lesser General Public + License along with this library. If not, see <http://www.gnu.org/licenses/>. */ #include "kbetterthankdialog.h" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kbetterthankdialog.h new/kwallet-4.98.0/src/runtime/kwalletd/kbetterthankdialog.h --- old/kwallet-4.97.0/src/runtime/kwalletd/kbetterthankdialog.h 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/kbetterthankdialog.h 2014-03-29 08:12:43.000000000 +0100 @@ -1,19 +1,18 @@ /* This file is part of the KDE libraries Copyright (C) 2004 George Staikos <stai...@kde.org> - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. - This program is distributed in the hope that it will be useful, + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + You should have received a copy of the GNU Lesser General Public + License along with this library. If not, see <http://www.gnu.org/licenses/>. */ #ifndef KBETTERTHANKDIALOG_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/knewwalletdialog.cpp new/kwallet-4.98.0/src/runtime/kwalletd/knewwalletdialog.cpp --- old/kwallet-4.97.0/src/runtime/kwalletd/knewwalletdialog.cpp 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/knewwalletdialog.cpp 2014-03-29 08:12:43.000000000 +0100 @@ -143,7 +143,7 @@ GpgME::Key k = _ctx->nextKey(err); if (err) break; - if (!k.isInvalid() && k.canEncrypt()) { + if (!k.isInvalid() && k.canEncrypt() && (k.ownerTrust() == GpgME::Key::Ultimate)) { keys.push_back(k); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/knewwalletdialoggpg.ui new/kwallet-4.98.0/src/runtime/kwalletd/knewwalletdialoggpg.ui --- old/kwallet-4.97.0/src/runtime/kwalletd/knewwalletdialoggpg.ui 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/knewwalletdialoggpg.ui 2014-03-29 08:12:43.000000000 +0100 @@ -19,6 +19,13 @@ </widget> </item> <item> + <widget class="QLabel" name="label_2"> + <property name="text"> + <string><html><head/><body><p><span style=" font-weight:600;">NOTE:</span> this list shows only &quot;ultimate-level&quot; trusted keys</p></body></html></string> + </property> + </widget> + </item> + <item> <widget class="QTableWidget" name="listCertificates"> <property name="showDropIndicator" stdset="0"> <bool>false</bool> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwallet-4.13.upd new/kwallet-4.98.0/src/runtime/kwalletd/kwallet-4.13.upd --- old/kwallet-4.97.0/src/runtime/kwalletd/kwallet-4.13.upd 1970-01-01 01:00:00.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/kwallet-4.13.upd 2014-03-29 08:12:43.000000000 +0100 @@ -0,0 +1,5 @@ +# We changed the default in 4.13 +Id=kde4.13 +File=kwalletrc +Group=Wallet +RemoveKey=Launch Manager \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletd.cpp new/kwallet-4.98.0/src/runtime/kwalletd/kwalletd.cpp --- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletd.cpp 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletd.cpp 2014-03-29 08:12:43.000000000 +0100 @@ -33,6 +33,7 @@ #include <ktoolinvocation.h> #include <kconfig.h> +#include <ksharedconfig.h> #include <kconfiggroup.h> #include <kdirwatch.h> #include <kmessagebox.h> @@ -1453,7 +1454,7 @@ KConfigGroup walletGroup(&cfg, "Wallet"); _firstUse = walletGroup.readEntry("First Use", true); _enabled = walletGroup.readEntry("Enabled", true); - _launchManager = walletGroup.readEntry("Launch Manager", true); + _launchManager = walletGroup.readEntry("Launch Manager", false); _leaveOpen = walletGroup.readEntry("Leave Open", false); bool idleSave = _closeIdle; _closeIdle = walletGroup.readEntry("Close When Idle", false); @@ -1619,50 +1620,59 @@ int KWalletD::pamOpen(const QString &wallet, const QByteArray &passwordHash, int sessionTimeout) { - // don't do anything if transactions are already being processed! - if (_processing) { - return -1; - } - - // check if the wallet is already open - QPair<int, KWallet::Backend*> walletInfo = findWallet(wallet); - int rc = walletInfo.first; - if (rc == -1) { - if (_wallets.count() > 20) { - qDebug() << "Too many wallets open."; - return -1; - } - - if (!QRegExp("^[\\w\\^\\&\\'\\@\\{\\}\\[\\]\\,\\$\\=\\!\\-\\#\\(\\)\\%\\.\\+\\_\\s]+$").exactMatch(wallet) || - !KWallet::Backend::exists(wallet)) { - return -1; - } - - KWallet::Backend *b = new KWallet::Backend(wallet); - int openrc = b->openPreHashed(passwordHash); - if (openrc == 0 && b->isOpen()) { - // opening the wallet was successful - int handle = generateHandle(); - _wallets.insert(handle, b); - _syncTimers.addTimer(handle, _syncTime); - - // don't reference the wallet or add a session so it - // can be reclosed easily. - - if (sessionTimeout > 0) { - _closeTimers.addTimer(handle, sessionTimeout); - } else if (_closeIdle) { - _closeTimers.addTimer(handle, _idleTime); - } - emit walletOpened(wallet); - if (_wallets.count() == 1 && _launchManager) { - KToolInvocation::startServiceByDesktopName("kwalletmanager-kwalletd"); - } - return handle; - } - } + if (_processing) { + return -1; + } + + if (!QRegExp("^[\\w\\^\\&\\'\\@\\{\\}\\[\\]\\,\\$\\=\\!\\-\\#\\(\\)\\%\\.\\+\\_\\s]+$").exactMatch(wallet)) { + return -1; + } + + // check if the wallet is already open + QPair<int, KWallet::Backend*> walletInfo = findWallet(wallet); + int rc = walletInfo.first; + if (rc != -1) { + return rc;//Wallet already opened, return handle + } + + KWallet::Backend *b = 0; + //If the wallet we want to open does not exists. create it and set pam hash + if (!wallets().contains(wallet)) { + b = new KWallet::Backend(wallet); + b->setCipherType(KWallet::BACKEND_CIPHER_BLOWFISH); + } else { + b = new KWallet::Backend(wallet); + } + + if (_wallets.count() > 20) { + return -1; + } + + int openrc = b->openPreHashed(passwordHash); + if (openrc != 0 || !b->isOpen()) { + return -1; + } + + // opening the wallet was successful + int handle = generateHandle(); + _wallets.insert(handle, b); + _syncTimers.addTimer(handle, _syncTime); + + // don't reference the wallet or add a session so it + // can be reclosed easily. + + if (sessionTimeout > 0) { + _closeTimers.addTimer(handle, sessionTimeout); + } else if (_closeIdle) { + _closeTimers.addTimer(handle, _idleTime); + } + emit walletOpened(wallet); + + if (_wallets.count() == 1 && _launchManager) { + KToolInvocation::startServiceByDesktopName("kwalletmanager-kwalletd"); + } - return -1; + return handle; } #include "kwalletd.moc" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletd.notifyrc new/kwallet-4.98.0/src/runtime/kwalletd/kwalletd.notifyrc --- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletd.notifyrc 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletd.notifyrc 2014-03-29 08:12:43.000000000 +0100 @@ -306,15 +306,18 @@ Name[hu]=A szinkronizálás meghiúsult Name[ia]=Il falleva synchronisar Name[kk]=Қадамдастыру жаңылды +Name[ko]=동기화 실패 Name[lt]=Sinchronizavimas nepavyko Name[nb]=Synkronisering mislyktes Name[nds]=Synkroniseren is fehlslaan Name[nl]=Synchronisatie mislukt Name[nn]=Feil ved synkronisering +Name[pa]=ਸਿੰਕ ਫੇਲ੍ਹ ਹੈ Name[pl]=Nieudana synchronizacja Name[pt]=A Sincronização Falhou Name[pt_BR]=Falha na sincronização Name[ro]=Sincronizare eșuată +Name[ru]=Ошибка синхронизации бумажника Name[sk]=Synchronizácia zlyhala Name[sl]=Uskladitev spodletela Name[sr]=Синхронизација пропала @@ -342,14 +345,17 @@ Comment[hu]=A KDE jelszókezelő rendszer nem tudta szinkronizálni a jelszófájlt a lemezre Comment[ia]=Le sistema de portafolio de KDE (KDE Wallet System) falleva synchronisar un file de portafolio con le disco Comment[kk]=KDE әмиян жүйесінің дискідегі әмиян файлымен қадамдастыру жаңылысы +Comment[ko]=KDE 지갑 시스템에서 지갑 파일을 디스크에 동기화할 수 없음 Comment[nb]=KDE Wallet System klarte ikke å synkronisere en lommebokfil til disk Comment[nds]=Binnen KDE sien Knippsystem lett sik en Knipp nich mit de Datei op de Fastplaat synkroniseren Comment[nl]=Het lukte het KDE portefeuillesysteem niet om een portefeuillebestand naar schijf te synchroniseren Comment[nn]=Lommeboktenesta klarte ikkje synkronisera lommebokfila til disken +Comment[pa]=ਕੇਡੀਈ ਵਾਲਿਟ ਸਿਸਟਮ ਵਾਲਿਟ ਫਾਇਲ ਨੂੰ ਡਿਸਕ ਉੱਤੇ ਸਿੰਕ ਕਰਨ ਲਈ ਫੇਲ੍ਹ ਹੈ Comment[pl]=Synchronizacja pliku portfela na dysku przez System portfela KDE zakończyła się niepowodzeniem Comment[pt]=O sistema da Carteira do KDE não conseguiu sincronizar um ficheiro da carteira para o disco Comment[pt_BR]=O Sistema da Carteiras do KDE não conseguiu sincronizar um arquivo de carteira com o disco Comment[ro]=Sistemul de portofele KDE nu a putut sincroniza fișierul unui portofel cu discul +Comment[ru]=Не удалось сохранить бумажник в соответствующий ему файл на диске Comment[sk]=Systému KDE peňaženky sa nepodarilo synchronizovať súbor peňaženky na disk Comment[sl]=Sistem listnic za KDE ni uspel uskladiti datoteke z listnico na disku Comment[sr]=К‑новчаник не може да синхронизује фајл новчаника на диск diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizard.cpp new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizard.cpp --- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizard.cpp 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizard.cpp 2014-03-29 08:12:43.000000000 +0100 @@ -1,19 +1,18 @@ /* This file is part of the KDE libraries Copyright (C) 2004 George Staikos <stai...@kde.org> - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. - This program is distributed in the hope that it will be useful, + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + You should have received a copy of the GNU Lesser General Public + License along with this library. If not, see <http://www.gnu.org/licenses/>. */ #include "kwalletwizard.h" @@ -172,7 +171,7 @@ GpgME::Key k = ctx->nextKey(err); if (err) break; - if (!k.isInvalid() && k.canEncrypt()) { + if (!k.isInvalid() && k.canEncrypt() && (k.ownerTrust() == GpgME::Key::Ultimate)) { keys.push_back(k); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizard.h new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizard.h --- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizard.h 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizard.h 2014-03-29 08:12:43.000000000 +0100 @@ -1,19 +1,18 @@ /* This file is part of the KDE libraries Copyright (C) 2004 George Staikos <stai...@kde.org> - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. - This program is distributed in the hope that it will be useful, + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + You should have received a copy of the GNU Lesser General Public + License along with this library. If not, see <http://www.gnu.org/licenses/>. */ #ifndef KWALLETWIZARD_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizardpagegpgkey.ui new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizardpagegpgkey.ui --- old/kwallet-4.97.0/src/runtime/kwalletd/kwalletwizardpagegpgkey.ui 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/src/runtime/kwalletd/kwalletwizardpagegpgkey.ui 2014-03-29 08:12:43.000000000 +0100 @@ -21,7 +21,10 @@ <item> <widget class="QLabel" name="label_3"> <property name="text"> - <string><html><head/><body><p>The GPG-based wallet use a GPG encryption key to securely encrypt data on disk. The key must be available when decrypting is needed or your wallet will not be accessible. For example, if you choose a SmartCard-based encryption key, the GPG system will prompt you to enter it and its associated PIN when attempting to open the wallet.</p></body></html></string> + <string><html><head/><body><p>The GPG-based wallet use a GPG encryption key to securely encrypt data on disk. The key must be available when decrypting is needed or your wallet will not be accessible. For example, if you choose a SmartCard-based encryption key, the GPG system will prompt you to enter it and its associated PIN when attempting to open the wallet. <span style=" font-weight:600;">NOTE:</span> this list contains only &quot;ultimate-level&quot; trusted keys.</p></body></html></string> + </property> + <property name="textFormat"> + <enum>Qt::AutoText</enum> </property> <property name="wordWrap"> <bool>true</bool> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-4.97.0/tests/kwalletd/CMakeLists.txt new/kwallet-4.98.0/tests/kwalletd/CMakeLists.txt --- old/kwallet-4.97.0/tests/kwalletd/CMakeLists.txt 2014-03-01 12:51:44.000000000 +0100 +++ new/kwallet-4.98.0/tests/kwalletd/CMakeLists.txt 2014-03-29 08:12:43.000000000 +0100 @@ -28,7 +28,7 @@ ) if (QGPGME_FOUND) - kde4_add_ui_files(kwalletwizardtest_SRCS + qt5_wrap_ui(kwalletwizardtest_SRCS ../../src/runtime/kwalletd/kwalletwizardpagepasswordgpg.ui) endif(QGPGME_FOUND) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
