Releases: paolostivanin/OTPClient
Releases · paolostivanin/OTPClient
v1.1.0
This release was mostly oriented around hardening the application.
Changelog:
- port from json-glib to jansson. This brings a huge security improvement, because now all json operations are executed in Gcrypt's secure memory
- master password can now be changed
- window size is saved when the app is closed
- force password to be at least 6 chars
- when a wrong password is given, the app won't exit anymore. Instead, the user is asked for the password again
- add a new menu button on the right that contains import, export and change password options
Full diff betwen v1.0.6 and v1.1.0
sha256: cf93aa21db03e821bd987e4471e1f35fae5c846cc8482249c589ba51969cdc30
v1.0.6
- add a label on first start that explains why a password must be chosen
- add more padding between the last entry and the buttons
- add "How To Use" section into the README
sha256: 1f213de12d09c512944a2d13550e9e2439cbe638302b7eb54c75f93bb3451e07
v1.0.5
- remove
filesystem=home
permission from flatpak manifest, so the app has only access to its folder. This means that the database location for flatpak users is fixed to/home/USER/.var/app/com.github.paolostivanin.OTPClient/data
- prevent duplicates to be added on import
- add copy feature. To copy an otp value, just double click on a ticked row. Please note that if you double click on a row that is not ticked, no value will be copied.
- small fixes
sha256: e2cbea52b4c5574ad7cb06100b32a5b12947f6061dbee43177f5ac7802c8f226
v1.0.4
- ask where to save the database on first start
- update flatpak manifest and appdata.xml
- add config file saved under
$HOME/.config/otpclient.cfg
v1.0.3
- add max length to label (128 chars), issuer (128 chars) and secret (64 chars)
- use current OS memlock limit to set max_file_size:
When using Gcrypt's secure memory, the amount of needed memory must be
greater than the current memlock OS limit (ulimit -l
). On some systems,
this value is very low (64 KB), thus causing the software to not even
start. A few possibilities were evaluated:- use setcap on installation phase: easy, but not achievable with flatpak, appimage, and Co.
- force the user to play with ulimit: cumbersome and absolutely not user-friendly
- set the max available secure memory to the current system memlock value. This solution has been implemented. This has a small drawback though because if a user needs to store more than ~130 tokens (I'm talking about the worst case, so using
max_length
for label, account and issuer), then the user won't be able to do that, unless the user does something with either setcap (cap_ipc_lock+ep
) or ulimit.
- use glib to build the file path
- update readme
v1.0.2
- decrease secure memory pool to 256 KiB
- clean up flatpak json
- check mlockall return code
- add "known issues" section to the readme
- improve flatpak support
v1.0.1
Small fixes related to flatpak:
- add appdata file
- change app id
- add missing 'socket' parameter to flatpak json