github paolostivanin/OTPClient v5.0.0-beta2
on GitHub

pre-release10 hours ago

Changes since beta1

New features

  • Backup-age banner — reminds you to take periodic backups, with snooze and dismiss-on-export. Snooze shortcut available from the main menu.
  • Empty-state page with Add/Import call-to-action when no tokens are present (CTAs disabled when no database is loaded).
  • Async unlock with spinner — the window no longer freezes during Argon2id key derivation.
  • Scriptable CLI output--output=table|json|csv for --show, --list, and --list-databases.
  • Refreshed manpages and bash/zsh/fish shell completions.
  • Import summary toast and per-format file-picker filters.
  • Paste-to-fill otpauth:// in manual-add dialog.
  • KDF presets — Standard / Strong / Paranoid / Custom.
  • Technical-field tooltips in manual-add and KDF dialogs.
  • AdwToast surfacing for previously silent failures.
  • Search-provider trigger keyword (default otp, configurable) — required prefix to surface OTPs above runner clutter in GNOME Shell / KRunner.

Security

  • Bounds-checked Argon2id parameters on database open.
  • KRunner Match no longer leaks live OTP codes via subtitles.
  • PR_SET_DUMPABLE=0 + RLIMIT_CORE=0 to prevent secret leaks via core dumps.
  • O_NOFOLLOW + fstat on importer paths; refuses symlinks and non-regular files (Aegis, AuthPro, FreeOTP+, 2FAS, CLI --password-file).
  • Backup files (.bak) created with 0600 mode regardless of umask.
  • Signal-safe clipboard wipe on SIGINT / SIGTERM / SIGHUP and shutdown.
  • CLI --password-file refuses group/world-readable files.
  • Hardened Aegis/2FAS import against malformed backups (additional NULL checks on parsed JSON).
  • fsync() failures during database write are now surfaced instead of swallowed.

Bug fixes

  • KDF byte-length bug — passwords with non-ASCII characters now derive the correct key (with one-shot legacy fallback + opportunistic re-encryption).
  • HOTP click no longer triggers a full re-encrypt; debounced flush coalesces bursts.
  • Search-provider monitors are diff-synced across reloads instead of torn down and re-armed.
  • Token move rolls back on partial failure; cross-DB move invalidates the target KDF cache.
  • Import dialog no longer leaks the parsed OTP list on update_db failure.
  • Edit-token dialog JSON refcount leaks fixed.
  • Backup-age banner handles clock skew correctly.
  • Signal-quit explicitly flushes pending HOTP writes.
  • KDF dialog Apply button correctly gated.

Performance

  • KDF-derived key cached across saves; per-save random IV preserves AES-GCM nonce uniqueness.
  • Search filter uses pre-folded labels — one casefold per term per query instead of per-entry.
  • Search-provider cache TTL extended (5s → 60s) with per-DB GFileMonitor invalidation.
  • Pre-warm search-provider cache after bus ownership so first query avoids Argon2id cost.
  • Cross-DB OTP computation is lazy — computed on first row bind rather than upfront.
  • Search-provider drops in-memory OTP cache; labels pre-folded at load.

Build

  • Probes -fcf-protection=full, -fzero-call-used-regs, -fstrict-flex-arrays=2, -ftrivial-auto-var-init=zero.
  • Defaults to Release with LTO when supported.
  • Bash-completion install path stays inside DESTDIR / --prefix.

Docs

  • README: fix digits/period range, add CLI + search-provider sections, modernize build steps.
  • Updated SECURITY.md.
  • 4.99.92 release notes and security-model section in appdata.

sha256: 0504e942fa73a80caa4b0585af464df808e781759027c4f61e9d45ac1b15ba19

Check out latest releases or
releases around paolostivanin/OTPClient v5.0.0-beta2

Don't miss a new OTPClient release

NewReleases is sending notifications on new releases.

Get notifications