Tags: cortex/ripasso
Tags
Release 0.6.5
Bugfix release for 0.6 series.
Bugs fixed
==========
Update dependencies
-------------------
Update dependencies to latest version to reduce warnings from cargo audit
Release 0.6.4
Bugfix release for 0.6 series.
Bugs fixed
==========
Upgrade tempfile to 3.4.0
-------------------------
to avoid a test-only vulnerability in remove_dir_all
Rework clipboard crates
-----------------------
limit clipboard and wl_clipboard_rs to only be
used/compiled on linux, use cli-clipboard on other platforms.
Release 0.6.3
Bugfix release for 0.6 series.
Bugs fixed
==========
Replace the sha256 crate with sha2
----------------------------------
As sha2 is maintained by the rustcrypto
maintainers and sha256 is just a wrapper around sha2
Correct translation file paths
------------------------------
Use /usr/share/locale/{}/LC_MESSAGES/ripasso-cursive.mo
as a path for the compiled translation files instead of
/usr/share/ripasso
Unbreak the logic around starting the new user wizard
-----------------------------------------------------
The new user wizard didn't start correctly
Release 0.6.2
Bugfix release for 0.6 series.
Bugs fixed
==========
Verify the server id against the ssh known_hosts file
-----------------------------------------------------
The code in ripasso for handling the git2 crate was heavily
influenced by the implementation in Cargo, and thus suffered
from the same flaw as cargo, where the host-id of the git
server wasn't verified against the users known_hosts file.
This resulted in a situation where an attacker that controls
the network between a user and their git server might MITM
the connection and obtain the encrypted password files.
Fix deadlock (thanks QaidVoid)
------------------------------
Fixes a deadlock in the Manage option under the Stores menu.
Fix otpauth URL parsing (thanks QaidVoid)
-----------------------------------------
Fix the end position of otpauth URL string parsing.
Release 0.6.1
Bugfix release for 0.6 series.
Bugs fixed
==========
Unclean index after a password file rename
------------------------------------------
After a rename, the git index was in a dirty state, due to that an write of the index data was missing.
Release 0.6.0 New Features ============ Choosable OpenPGP backend ------------------------- We have implemented support for configuration files. You can now switch between different password directories from the menu. Experimental new OpenPGP backend based on Sequoia ------------------------------------------------- The Sequoia project is a implementation of OpenPGP written in Rust. Since the GPG project have suffered from multiple security problems due to memory corruption lately it's time to start exploring alternative implementations. The Sequoia backend can be enabled per store by adding pgp_implementation = 'sequoia' in your config file. The sequoia implementation doesn't support reading the gpg keyring on the system, so if that one in chosen all public pgp keys must be imported imported into ripasso. But it can talk to the gpg-agent, so it doesn't require that the private key is imported into sequoia. Support for TOTP codes ---------------------- Ripasso now supports otpauth urls, if there is a url on the format otpauth:// then a MFA token can be copied with ctrl-b. Support the wayland copy buffer ------------------------------- If running ripasso in a wayland environment, we now support the wayland copy buffer. Comments in .gpg-id file ------------------------ The Pass project have added support for comments in the .gpg-id file, comments start with a hash character. Download OpenPGP certs from keys.openpgp.org -------------------------------------------- Added support for downloading pgp keys from keys.openpgp.org. Bugs Fixed ========== Compression in gpg ------------------ Disabled compression when encrypting secrets with gpg. Compressing before encrypting can sometimes lead to a compression oracle vulnerability. These kind of vulnerabilities typically require that an attacker can automate the creation of secrets in some way, so we don't think it's applicable here. Copy behaviour between <enter> and <ctrl-y> ------------------------------------------- Enter now copies the first line of the secret, and ctrl-y copies the whole secret.
Release 0.5.2 Bugfix release for 0.5 series. Bugs fixed ========== Compile errors on newer versions of cargo ----------------------------------------- One of ripasso's dependencies couldn't be built with newer cargo versions. Solved by doing a cargo update. Unit test overwrote global git config ------------------------------------- One of the unit tests affected the global git config instead of the local one.
Release 0.5.1 Bugfix release for 0.5 series. Bugs Fixed ========== Relative path confusion on password creation -------------------------------------------- When a new password was created the ripasso library expected the path that was supplied to be relative to the store path. Path traversal in rename function --------------------------------- The rename function didn't guard against path traversal correctly.
Release 0.5.0 After nine long months of development effort, we are proud to present ripasso version 0.5.0. New Features ============ Support multiple password stores -------------------------------- We have implemented support for configuration files. You can now switch between different password directories from the menu. Fuzzing of our dependencies --------------------------- We did a small project where we went over our dependencies with a fuzzer, bugs found: * [panic on unwrap of empty string](jeaye/ncurses-rs#196) * [panic of unwrap() on CString creation](ihalila/pancurses#77) * [byte index 1 is not a char boundary](gyscos/cursive#489) gyscos/cursive * [decoding invalid utf8](hjson/hjson-rust#19) * [subtract with overflow](hjson/hjson-rust#20) * [removal index (is 0) should be < len (is 0)](hjson/hjson-rust#21) * [called Result::unwrap() on an Err](hjson/hjson-rust#22) * [called Option::unwrap() on a None](zonyitoo/rust-ini#75) * [Unrecognized literal: 6E--5458](dtolnay/syn#897) * [shift left with overflow](https://gitlab.com/sequoia-pgp/sequoia/-/issues/514) * [byte index 11 is not a char boundary](https://gitlab.com/sequoia-pgp/sequoia/-/issues/515) * [read empty buffer](https://gitlab.com/sequoia-pgp/sequoia/-/issues/516) * [read empty buffer](https://gitlab.com/sequoia-pgp/sequoia/-/issues/517) Some of them have been closed, some are in optional dependencies that we now have excluded and some are in a package that we want to start using in the future. Password History View --------------------- If you press ctrl-H on a password entry, it will bring up the git history of that file. Copy password file name ----------------------- Copy the file name with ctrl-U, this can be useful if you have your username as the filename. Bugs Fixed ========== Passwords in initial commit causes error ---------------------------------------- If the initial git commit contained files, that caused errors as ripasso didn't consider that snapshot correctly. Not assume that git branch should be named master ------------------------------------------------- A hardcoding of the branch name was removed. Credits ======= * Joakim Lundborg - Developer * Alexander Kjäll - Developer * Silje Enge Kristensen - Norwegian bokmål translation * Camille Victor Prunier - French translation * David Plassmann - German translation Also a big thanks to everyone who contributed with bug reports and patches.
PreviousNext