./security/keepassx, Password generator and manager v2 (kdbx support)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.0.3nb1, Package name: keepassx-2.0.3nb1, Maintainer: pkgsrc-users

KeePass is a free/open-source password manager or safe which helps
you to manage your passwords in a secure way. You can put all your
passwords in one database, which is locked with one master key or
a key-disk. So you only have to remember one single master password
or insert the key-disk to unlock the whole database. The databases
are encrypted using the best and most secure encryption algorithms
currently known (AES and Twofish).

This package contains v2.x of the program with KeePass v2 database
format (kdbx) support.

Required to run:
[sysutils/desktop-file-utils] [graphics/hicolor-icon-theme] [security/libgcrypt] [x11/libXtst] [x11/qt4-libs]

Required to build:
[pkgtools/x11-links] [x11/qt4-tools] [x11/fixesproto4] [pkgtools/cwrappers] [x11/xorgproto]

Master sites:

SHA1: 1d255f39a31105ac0a6183ffccba6484fe97d0ef
RMD160: 340c2de991bd9e3bb33940d49c97fada00aa61a3
Filesize: 1504.136 KB

Version history: (Expand)

CVS history: (Expand)

   2018-03-12 12:18:01 by Thomas Klausner | Files touched by this commit (2155)
Log message:
Recursive bumps for fontconfig and libzip dependency changes.
   2017-09-04 16:43:13 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated keepassx to 2.0.3.

2.0.3 (2016-09-04)

- Improved error reporting when reading / writing databases fails. [#450, #462]
- Display an error message when opening a custom icon fails.
- Detect custom icon format based on contents instead of the filename. [#512]
- Keep symlink intact when saving databases. [#442].
- Fix a crash when deleting parent group of recycle bin. [#520]
- Display a confirm dialog before moving an entry to the recycle bin. [#447]
- Repair UUIDs of inconsistent history items. [#130]
- Only include top-level windows in auto-type window list when using gnome-shell.
- Update translations.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-02-05 10:08:56 by NONAKA Kimihiro | Files touched by this commit (2) | Package updated
Log message:
PR/50771: Update security/keepassx to 2.0.2.

- Flush temporary file before opening attachment. [#390]
- Disable password generator when showing entry in history mode. [#422]
- Strip invalid XML chars when writing databases. [#392]
- Add repair function to fix databases with invalid XML chars. [#392]
- Display custom icons scaled. [#322]
- Allow opening databases that have no password and keyfile. [#391]
- Fix crash when importing .kdb files with invalid icon ids. [#425]
- Update translations.

- Fix regression in database writer that caused it to strip certain special
  characters (characters from Unicode plane > 0).
- Fix bug in repair function that caused it to strip non-ASCII characters.
   2015-12-11 14:37:32 by Thomas Klausner | Files touched by this commit (7) | Package updated
Log message:
Update keepassx to 2.0.

KeePassX 2.0 is using the new .kdbx (same as KeePass 2) database
format.  You can import your .kdb database from 0.4 from the Database
> Import KeePass 1 database.  This is a one-way process though.
You canât migrate back to the .kdb format.

New features include:

    Multiple attachments per entry
    Add custom key/value pairs to entries
    Open multiple database in one window

KeePassX 2.0 has been rewritten from scratch so some features (like
showing expired passwords) are still missing.
   2015-12-09 14:54:32 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update keepassx to 0.4.4.

Non-Windows CVE mentioned below was already fixed in pkgsrc.


Two security flaws have been discovered in KeePassX 0.4.3.
Version 2.0 has a different codebase and is not affected.

*   CVE-2015-8359: DLL Preloading vulnerability on Windows
    The version of Qt bundled with KeePassX 0.4.3 is vulnerable to
    a DDL preloading attack.  This vulnerability only affects
    KeePassX on Windows.  If successfully exploited, arbitrary code
    can be executed in the context of KeePassX.  KeePassX 0.4.4
    ships with Qt 4.8.7 and employs additional hardening measures.
    Thanks to Trenton Ivey from SecureWorks for reporting this
    vulnerability to us.
*   CVE-2015-8378: Canceling XML export function creates export as \ 
    When canceling the "Export to > KeePassX XML file" function
    the cleartext passwords were still exported.  In this case the
    password database was exported as the file ".xml" in the current
    working directory (often $HOME or the directory of the database).
    Originally reported as Debian bug #791858

KeePassX 0.4.4 fixes both vulnerabilities.
   2015-12-06 15:20:34 by Thomas Klausner | Files touched by this commit (5) | Package updated
Log message:
Fix CVE-2015-8378 using the patch from Debian.
While here, clean up pkglint.
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.