Android-Password-Store/CHANGELOG.md

445 lines
15 KiB
Markdown
Raw Normal View History

2018-12-25 17:33:15 +00:00
# Changelog
2020-06-21 21:13:16 +00:00
2018-12-25 17:33:15 +00:00
All notable changes to this project will be documented in this file.
## [Unreleased]
### Changed
- Accessibility autofill has been removed completely due to being buggy, insecure and lacking in features. Upgrade to Android 8 or preferably later to gain access to our advanced Autofill implementation.
2020-10-23 16:27:28 +00:00
## [1.13.1] - 2020-10-23
### Fixed
2020-10-23 16:27:28 +00:00
- OpenKeychain authentication would fail with `LifecycleOwner com.zeapo.pwdstore.git.GitServerConfigActivity@f578da1 is attempting to register while current state is RESUMED. LifecycleOwners must call register before they are STARTED.`
### Added
2020-10-23 16:27:28 +00:00
- Add support for domain-level autofill in DuckDuckGo's F-Droid builds.
- Support gopass MIME secret encoding
### Changed
2020-10-23 16:27:28 +00:00
- The newly added automatic synchronisation feature has been rolled back due to multiple issues with its implementation.
## [1.13.0] - 2020-10-22
Unwrap root cause for InvalidRemoteException (#1122) * BaseGitActivity: unwrap root cause for InvalidRemoteException as well JGit's InvalidRemoteException, like TransportException, swallows more useful errors as is clear from this (redacted) snippet. ``` D org.eclipse.jgit.api.errors.InvalidRemoteException: Invalid remote: origin D at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:26) D at org.eclipse.jgit.api.PullCommand.call(PullCommand.java:41) D at com.zeapo.pwdstore.git.GitCommandExecutor$execute$2$result$1.invokeSuspend(GitCommandExecutor.kt:2) D at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:3) D at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:15) D at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:1) D at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:13) D Caused by: org.eclipse.jgit.errors.NoRemoteRepositoryException: ssh://msfjarvis@[fe80::dead:beef]:22/pass-repo: fatal: '/pass-repo' does not appear to be a git repository D at org.eclipse.jgit.transport.TransportGitSsh.cleanNotFound(TransportGitSsh.java:14) D at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:20) D at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:1) D at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:1) D at org.eclipse.jgit.transport.Transport.fetch(Transport.java:20) D at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:18) ``` Signed-off-by: Harsh Shandilya <me@msfjarvis.dev> * Add changelog entry Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-09-29 15:41:14 +00:00
### Fixed
2020-10-23 16:27:28 +00:00
- Some classes of errors would be swallowed by an unhelpful 'Invalid remote: origin' message
- Repositories created within APS would contain invalid `.gpg-id` files with no ability to fix them from the app
- Button labels were invisible in Autofill phishing warning screen
- Unsupported authentication modes would appear briefly in the server config screen
### Added
2020-10-23 16:27:28 +00:00
- Add GPG key selection step to onboarding flow
- Allow configuring an app-wide HTTP(S) proxy
- Add option to automatically sync repository on app launch
- Add a quickfix for invalid HTTPS URLs that contain a custom port
Unwrap root cause for InvalidRemoteException (#1122) * BaseGitActivity: unwrap root cause for InvalidRemoteException as well JGit's InvalidRemoteException, like TransportException, swallows more useful errors as is clear from this (redacted) snippet. ``` D org.eclipse.jgit.api.errors.InvalidRemoteException: Invalid remote: origin D at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:26) D at org.eclipse.jgit.api.PullCommand.call(PullCommand.java:41) D at com.zeapo.pwdstore.git.GitCommandExecutor$execute$2$result$1.invokeSuspend(GitCommandExecutor.kt:2) D at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:3) D at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:15) D at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:1) D at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:13) D Caused by: org.eclipse.jgit.errors.NoRemoteRepositoryException: ssh://msfjarvis@[fe80::dead:beef]:22/pass-repo: fatal: '/pass-repo' does not appear to be a git repository D at org.eclipse.jgit.transport.TransportGitSsh.cleanNotFound(TransportGitSsh.java:14) D at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:20) D at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:1) D at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:1) D at org.eclipse.jgit.transport.Transport.fetch(Transport.java:20) D at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:18) ``` Signed-off-by: Harsh Shandilya <me@msfjarvis.dev> * Add changelog entry Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-09-29 15:41:14 +00:00
## [1.12.1] - 2020-10-13
### Fixed
- Certain operations like folder creation with GPG keys would fail with `java.lang.IllegalStateException`.
- ECDSA key exchanges failed resulting in users being unable to clone repositories.
## [1.12.0] - 2020-09-24
### Added
- Allow sorting by recently used
- Add [Bromite](https://www.bromite.org/), [Ungoogled Chromium](https://git.droidware.info/wchen342/ungoogled-chromium-android) and [Kiwi](https://kiwibrowser.com/) to supported browsers list for Autofill
- Add ability to view the Git commit log
- Allow generating ECDSA and ED25519 keys for SSH
- Add support for multiple/fallback authentication methods for SSH
- Add warning when the custom SSH port in a URL could potentially be ignored
### Changed
- A descriptive error message is shown if no username is specified in the Git server settings
- Remove explicit protocol choice from Git server settings, it is now inferred from your URL
- 'Show hidden folders' is now 'Show hidden files and folders'
- Generated SSH keys are now stored in the Android Keystore if available, and encrypted at rest otherwise
- Allow using device's screen lock credentials to secure generated SSH key
- Update onboarding UI
- Update translations
### Fixed
- Git server protocol and authentication mode are only updated when explicitly saved
- Remember HTTPS password during a sync operation
- Unable to use show/hide password option for password/passphrase after first attempt was wrong
- TOTP values shown might some times be stale and considered invalid by sites
- Symlinks are no longer clobbered by the app (only available on Android 8 and above)
- Workaround lack of SSH connection reuse capabilities on some Git hosts like Bitbucket
## [1.11.3] - 2020-08-27
### Fixed
- Delete stored HTTPS password on connection errors (such as failed authentication)
2020-08-24 07:14:16 +00:00
## [1.11.2] - 2020-08-24
### Fixed
- Saving a password after creating it fails to finish commit operation
- HTTPS authentication did not prompt users for password
## [1.11.1] - 2020-08-21
### Fixed
- App failed to start on Android 7 and below
2020-08-18 15:43:37 +00:00
## [1.11.0] - 2020-08-18
### Added
2020-08-18 15:43:37 +00:00
- Allow changing the branch used for Git operations
- Allow setting a subdirectory key when creating folders
- Allow adding digits/symbols in XkPasswd generated passwords using a mask-like value (`dds` gives you two digits and a symbol, and so on)
### Changed
2020-08-18 15:43:37 +00:00
- The Git repository URL can now be specified directly
- Slightly reduce APK size
- Always show the parent path in entries
- Passwords will no longer be copied to the clipboard by default
- Notify user if there was nothing to push
### Fixed
2020-08-18 15:43:37 +00:00
- Allow creating nested directories directly
- I keep saying this but for real: error message for wrong SSH/HTTPS password is properly fixed now
- Fix crash when OpenKeychain is not installed
- Clone operation won't leave user on an empty password list upon failure
- Cloning a new repository to external storage wouldn't work
- UI froze for some people when deleting existing files from the external directory
## [1.10.3] - 2020-07-30
### Fixed
- Worked around a dependency bug that would crash the Autofill service when triggered on an OTP field
2020-07-30 08:58:45 +00:00
## [1.10.2] - 2020-07-30
### Fixed
2020-07-30 08:58:45 +00:00
- Properly handle cases where files contain only TOTP secrets and no password
- Correctly hide TOTP import button when TOTP secret/OTPAUTH URL is already present in extra content
- SMS OTP Autofill no longer crashes when invoked and correctly asks for the required permission on first use
2020-07-23 16:30:46 +00:00
## [1.10.1] - 2020-07-23
### Fixed
- Using long key IDs in .gpg-id no longer leads to a crash
- Long key IDs and fingerprints are now correctly forwarded to OpenKeychain
### Added
- Support for multiple GPG IDs in .gpg-id
- Creating an entry in an empty store now lets you select keys to initialize .gpg-id with
2020-07-22 08:23:16 +00:00
## [1.10.0] - 2020-07-22
### Changed
- A brand new icon to go with our biggest update ever!
- Light theme is now a consistent white across the board with ample contrast
- XkPassword generator is now easier to use with less configuration options
- Edit screen now has better protection and guidance for invalid names
- Improved biometric authentication UX on app start
- Improved password list UI
### Fixed
2020-06-27 20:15:39 +00:00
- Folder names that were very long did not look right
- Error message for wrong SSH/HTTPS password now looks cleaner
- Fix authentication failure with usernames that contain the `@` character
- Text input boxes were illegible on dark theme
- Top-level password names had inconsistent top margin making them look askew
- Password Store no longer ignores the selected OpenKeychain key
- Password export now happens in a separate process, preventing possible freezes
### Added
- TOTP support is reintroduced by popular demand. HOTP continues to be unsupported and heavily discouraged.
- Initial support for detecting and filling OTP fields with Autofill
- OTP codes can be automatically filled from SMS (requires Android P+ and Google Play Services)
- Importing TOTP secrets using QR codes
- Support for ed25519/ECDSA SSH keys
- Navigate into newly created folders and scroll to newly created passwords
- Support per-directory keys
- Full pt-BR localization
2020-06-30 09:32:17 +00:00
## [1.9.2] - 2020-06-30
### Fixed
- App crashes upon launching the app for the first time
2020-06-28 17:06:20 +00:00
## [1.9.1] - 2020-06-28
### Fixed
- Remember passphrase option did not work with old-style keys (generated either before 2019 or by passing `-m PEM` to new versions of OpenSSH)
### Added
- Add GNU IceCatMobile to the list of supported browsers for Autofill
2020-06-21 21:13:16 +00:00
## [1.9.0] - 2020-06-21
### Fixed
2020-06-21 21:13:16 +00:00
- 'Draw over other apps' permission dialog opens when attempting to use Oreo Autofill
- Old app shortcuts are now removed when the local repository is deleted
### Added
2020-06-21 21:13:16 +00:00
- Completely revamped decypted password view
- Add support for better, more secure Keyex's and MACs with a brand new SSH backend
- Allow manually marking domains for subdomain-level association. This will allow you to keep separate passwords for `site1.example.com` and `site2.example.com` and have them show as such in Autofill.
- Provide better messages for OpenKeychain errors
- Rename passwords and categories
### Changed
2020-06-21 21:13:16 +00:00
- **BREAKING**: Remove support for HOTP/TOTP secrets - Please use FIDO keys or a dedicated app like [Aegis](https://github.com/beemdevelopment/Aegis) or [andOTP](https://github.com/andOTP/andOTP)
- Reduce Autofill false positives on username fields by removing "name" from list of heuristic terms
- Reduced app size
- Improve IME experience with server config screen
- Removed edit password option from long-press menu.
- Batch deletion now does not require manually confirming for each password
- Better commit messages on password deletion
## [1.8.1] - 2020-05-24
### Fixed
2020-06-21 21:13:16 +00:00
- Don't strip leading slash from repository paths
## [1.8.0] - 2020-05-23
### Added
2020-06-21 21:13:16 +00:00
- Allow user to abort password move when it is replacing an existing file
- Allow setting a default username for Autofill
- Add no authentication mode for working with public repositories
2020-05-13 20:21:56 +00:00
### Changed
2020-06-21 21:13:16 +00:00
- More UI related tweaks, changes and improvements
- Improved error messages and internal logic for server configuration
### Fixed
2020-06-21 21:13:16 +00:00
- Add the following fields to encrypted username detection: user, account, email, name, handle, id, identity.
- Improved detection of broken or incomplete git repositories
- Better UX flow for storage permissions
## [1.7.2] - 2020-04-29
2020-04-25 15:04:33 +00:00
### Added
2020-06-21 21:13:16 +00:00
- Settings option to enable debug logging
2020-04-25 15:04:33 +00:00
### Changed
2020-06-21 21:13:16 +00:00
- SSH Keygen UI was improved
- Default key length for SSH Keygen is now 4096 bits
- Settings items were rearranged and cleaned up
- Autofill icons in dark mode are now more legible
### Fixed
2020-06-21 21:13:16 +00:00
- Failure to detect if repository was not cloned which broke Git operations
- Search results were inaccurate if root directory's name started with a dot (.)
- Saving git username and email did not provide user-facing confirmation
## [1.7.1] - 2020-04-23
### Fixed
2020-06-21 21:13:16 +00:00
- Autofill message does not show OK button when many browsers are installed
- Autofill message does not get marked as shown when dismissed
- App crashes when using type-independent sort
- Storage permission not requested when using existing external repository
## [1.7.0] - 2020-04-21
### Added
2020-06-21 21:13:16 +00:00
- Oreo Autofill support
- Securely remember HTTPS password/SSH key passphrase
### Fixed
2020-06-21 21:13:16 +00:00
- Text input box theming
- Password repository held in non-hidden storage no longer fails
- Remove ambiguous and confusing URL field in server config menu
and heavily improve UI for ease of use.
## [1.6.0] - 2020-03-20
### Added
2020-06-21 21:13:16 +00:00
- Copy implicit username (password filename) by long pressing
- Create xkpasswd style passwords
- Swipe on password list to synchronize repository
### Fixed
2020-06-21 21:13:16 +00:00
- Resolve memory leaks on password decryption
- Can't delete folders containing a password
## [1.5.0] - 2020-02-21
### Added
2020-06-21 21:13:16 +00:00
- Fast scroller with alphabetic hints
- UI button to create new folders
- Option to directly start searching when opening the app
- Option to always search from root folder regardless of the currently open folder
### Changed
2020-06-21 21:13:16 +00:00
- Logging is now enabled in release builds
- Searching now shows folders as well as the passwords inside them
### Fixed
2020-06-21 21:13:16 +00:00
- OpenKeychain errors cause app crash
## [1.4.0] - 2020-01-24
### Added
2020-06-21 21:13:16 +00:00
- Add save-and-copy button
- Dark theme
- Setting to save OpenKeychain auth id
- Add number of passwords to folders
### Changed
2020-06-21 21:13:16 +00:00
- Updated UI design and iconograph
- Biometric authentication
- Use new OpenKeychain integration library
### Fixed
2020-06-21 21:13:16 +00:00
- Snackbars showing behind keyboards
2018-12-25 17:33:15 +00:00
## [1.3.2] - 2018-12-23
### Changed
2020-06-21 21:13:16 +00:00
- Improve French translation.
2018-12-25 17:33:15 +00:00
### Fixed
2020-06-21 21:13:16 +00:00
- Extra field is multi-line.
2018-12-25 17:33:15 +00:00
## [1.3.1] - 2018-10-18
### Fixed
2020-06-21 21:13:16 +00:00
- Fix default sort order bug.
2018-12-25 17:33:15 +00:00
## [1.3.0] - 2018-10-16
### Added
2020-06-21 21:13:16 +00:00
- Allow app to be installed on external media (SD card).
- Change password sort order.
- Display HOTP code if present.
- Open search view on keyboard press.
2018-12-25 17:33:15 +00:00
### Changed
2020-06-21 21:13:16 +00:00
- Use adaptive icon.
- Password entry is more secure.
- Clean paths on password list view.
- Improve Chinese translation.
- Don't show hidden files and directories.
2018-12-25 17:33:15 +00:00
### Fixed
2020-06-21 21:13:16 +00:00
- Fix clipboard clearing.
- Wrap long passwords.
2018-12-25 17:33:15 +00:00
## 1.2.0.75 - 2018-05-31
### Added
2020-06-21 21:13:16 +00:00
- Add Arabic translation.
- Warn user that remembering SSH passphrase is currently insecure.
2018-12-25 17:33:15 +00:00
### Changed
2020-06-21 21:13:16 +00:00
- Update Japanese assets.
2018-12-25 17:33:15 +00:00
### Fixed
2020-06-21 21:13:16 +00:00
- Fix elements overlapping.
2020-10-23 16:27:28 +00:00
[Unreleased]: https://github.com/android-password-store/Android-Password-Store/compare/1.13.1...HEAD
[1.13.1]: https://github.com/android-password-store/Android-Password-Store/compare/1.13.0...1.13.1
[1.13.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.12.1...v1.13.0
[1.12.1]: https://github.com/android-password-store/Android-Password-Store/compare/v1.12.0...v1.12.1
[1.12.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.11.3...v1.12.0
[1.11.3]: https://github.com/android-password-store/Android-Password-Store/compare/v1.11.2...v1.11.3
2020-08-24 07:14:16 +00:00
[1.11.2]: https://github.com/android-password-store/Android-Password-Store/compare/v1.11.1...v1.11.2
[1.11.1]: https://github.com/android-password-store/Android-Password-Store/compare/v1.11.0...v1.11.1
2020-08-18 15:43:37 +00:00
[1.11.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.10.3...v1.11.0
[1.10.3]: https://github.com/android-password-store/Android-Password-Store/compare/v1.10.2...v1.10.3
2020-07-30 08:58:45 +00:00
[1.10.2]: https://github.com/android-password-store/Android-Password-Store/compare/v1.10.1...v1.10.2
2020-07-23 16:30:46 +00:00
[1.10.1]: https://github.com/android-password-store/Android-Password-Store/compare/v1.10.0...v1.10.1
2020-07-22 08:23:16 +00:00
[1.10.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.9.2...v1.10.0
2020-06-30 09:32:17 +00:00
[1.9.2]: https://github.com/android-password-store/Android-Password-Store/compare/v1.9.1...v1.9.2
2020-06-28 17:06:20 +00:00
[1.9.1]: https://github.com/android-password-store/Android-Password-Store/compare/v1.9.0...v1.9.1
2020-06-21 21:13:16 +00:00
[1.9.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.8.1...v1.9.0
2018-12-25 17:33:15 +00:00
[1.8.1]: https://github.com/android-password-store/Android-Password-Store/compare/v1.8.0..v1.8.1
2020-06-21 21:13:16 +00:00
[1.8.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.7.2..v1.8.0
2020-06-21 21:13:16 +00:00
[1.7.2]: https://github.com/android-password-store/Android-Password-Store/compare/v1.7.1..v1.7.2
2020-06-21 21:13:16 +00:00
[1.7.1]: https://github.com/android-password-store/Android-Password-Store/compare/v1.7.0..v1.7.1
2020-06-21 21:13:16 +00:00
[1.7.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.6.0..v1.7.0
2020-06-21 21:13:16 +00:00
[1.6.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.5.0..v1.6.0
2020-06-21 21:13:16 +00:00
[1.5.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.4.0...v1.5.0
2020-06-21 21:13:16 +00:00
[1.4.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.3.0...v1.4.0
2020-06-21 21:13:16 +00:00
[1.3.2]: https://github.com/android-password-store/Android-Password-Store/compare/v1.3.1...v1.3.2
2020-06-21 21:13:16 +00:00
[1.3.1]: https://github.com/android-password-store/Android-Password-Store/compare/v1.3.0...v1.3.1
2020-06-21 21:13:16 +00:00
[1.3.0]: https://github.com/android-password-store/Android-Password-Store/compare/v1.2.0.75...v1.3.0