Implement database closing question on escape

* Fixes #11831
* Also fixes weird issues like saving backup of a backup due to function reuse

.clang-format

@@ -19,7 +19,7 @@ AlwaysBreakBeforeMultilineStrings: false
 AlwaysBreakTemplateDeclarations: false
 BinPackArguments: false
 BinPackParameters: false
-BraceWrapping:   
+BraceWrapping:
   AfterClass:      true
   AfterFunction:   true
   AfterControlStatement: false
@@ -44,7 +44,7 @@ DerivePointerAlignment: false
 DisableFormat:   false
 ExperimentalAutoDetectBinPacking: false
 ForEachMacros:   [ foreach, Q_FOREACH, BOOST_FOREACH ]
-IncludeCategories: 
+IncludeCategories:
   - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
     Priority:        2
   - Regex:           '^(<|"(gtest|isl|json)/)'
@@ -81,8 +81,7 @@ SpacesInContainerLiterals: true
 SpacesInCStyleCastParentheses: false
 SpacesInParentheses: false
 SpacesInSquareBrackets: false
-Standard:        Cpp11
+Standard:        c++17
 TabWidth:        4
 UseTab:          Never
 ...
-

.gitattributes

@@ -11,3 +11,9 @@ AppImage-Recipe.sh export-ignore
 # github-linguist language hints
 *.h linguist-language=C++
 *.cpp linguist-language=C++
+
+# binary files
+*.ai binary
+
+# Line endings harmony
+* text=auto

.github/CONTRIBUTING.md

@@ -38,7 +38,7 @@ We will accept contributions of good code that we can use from anyone.
  - “contributions”: This means just about anything you wish to contribute to the project, as long as it is good code we can use. The easier you make it for us to accept your contribution, the happier we are, but if it’s good enough, we will do a reasonable amount of work to use it.
  - “of good code”: This means that we will accept contributions that work well and efficiently, that fit in with the goals of the project, that match the project’s coding style, and that do not impose an undue maintenance workload on us going forward. This does not mean just program code, either, but documentation and artistic works as appropriate to the project.
  - “that we can use”: This means that your contribution must be given freely and irrevocably, that you must have the right to contribute it for our unrestricted use, and that your contribution is made under a license that is compatible with the license the project has chosen and that permits us to include, distribute, and modify your work without restriction.
- - “from anyone”: This means exactly that. We don’t care about anything but your code. We don’t care about your race, religion, national origin, biological gender, perceived gender, sexual orientation, lifestyle, political viewpoint, or anything extraneous like that. We will neither reject your contribution nor grant it preferential treatment on any basis except the code itself. We do, however, reserve the right to tell you to go away if you behave too obnoxiously toward us.
+ - “from anyone”: This means exactly that. We don’t care about anything but your code. We don’t care about your race, religion, national origin, biological gender, perceived gender, sexual orientation, lifestyle, political viewpoint, or anything extraneous like that. We will neither reject your contribution nor grant it preferential treatment on any basis except the code itself. We do, however, reserve the right to limit your access to our community if you violate our [Code of Conduct](../CODE-OF-CONDUCT.md).
 
 #### If Your Contribution Is Rejected
 
@@ -63,7 +63,7 @@ Before submitting a bug report, check if the problem has already been reported.
 
 ### Discuss with the team
 
-As with feature requests, you can talk to the KeePassXC team about bugs, new features, other issues and pull requests on the dedicated issue tracker, or in the IRC channel on Freenode (`#keepassxc-dev` on `irc.freenode.net`, or use a [webchat link](https://webchat.freenode.net/?channels=%23keepassxc-dev)).
+As with feature requests, you can talk to the KeePassXC team about bugs, new features, other issues and pull requests on the dedicated issue tracker, on the [Matrix development channel](https://matrix.to/#/!RhJPJPGwQIFVQeXqZa:matrix.org?via=matrix.org), or in the IRC channel on Libera.Chat (`#keepassxc-dev` on `irc.libera.chat`, or use a [webchat link](https://web.libera.chat/#keepassxc-dev)).
 
 ### Your first code contribution
 
@@ -85,16 +85,23 @@ All pull requests must comply with the above requirements and with the [stylegui
 Translations are managed on [Transifex](https://www.transifex.com/keepassxc/keepassxc/) which offers a web interface.
 Please join an existing language team or request a new one if there is none.
 
+If you open a Pull Request with new strings that require translations, you will need to run the following:
+```
+./release-tool i18n lupdate
+```
+This will make the new strings available for translation in Transifex.
+
 ## Styleguides
 
 ### Git branch strategy
 
 The Branch Strategy is based on [git-flow-lite](http://nvie.com/posts/a-successful-git-branching-model/).
 
-* **master** – points to the latest public release
 * **develop** – points to the development of the next release, contains tested and reviewed code
 * **feature/**[name] – points to a branch with a new feature, one which is candidate for merge into develop (subject to rebase)
-* **hotfix/**[name] – points to a branch with a fix for a particular issue ID
+* **fix/**[name] – points to a branch with a fix for a particular issue ID
+
+Note: The **latest** tag is used to point to the most recent stable release.
 
 
 ### Git commit messages
@@ -132,7 +139,7 @@ For **Qt-UI files** (*.ui*): 2 spaces
 
 // Application includes
 #include "core/Config.h"
-#include "core/FilePath.h"
+#include "core/Resources.h"
 
 // Global includes
 #include <QWidget>

.github/FUNDING.yml

@@ -0,0 +1,5 @@
+github: ["droidmonkey", "phoerious"]
+patreon: keepassxc
+open_collective: keepassxc
+liberapay: keepassxc
+custom: ["https://keepassxc.org/donate"]

.github/ISSUE_TEMPLATE/bug-report.md

@@ -1,49 +0,0 @@
----
-name: Bug Report
-about: provide information about a problem
-title: 
-labels: bug
-assignees: ''
-
----
-
-[TIP]:  # ( Provide a general summary of the issue in the title above ^^ )
-[TIP]:  # ( DO NOT include screenshots of your actual database! )
-
-## Expected Behavior
-[NOTE]: # ( Tell us what you expected to happen )
-
-
-## Current Behavior
-[NOTE]: # ( Tell us what actually happens )
-
-
-## Possible Solution
-[NOTE]: # ( Not required, but suggest a fix/reason for the bug )
-
-
-## Steps to Reproduce
-[NOTE]: # ( Provide a link to a live example, or an unambiguous set of steps to )
-[NOTE]: # ( reproduce this bug. Include code to reproduce, if relevant )
-1.
-2.
-3.
-
-## Context
-[NOTE]: # ( How has this issue affected you? What unique circumstances do you have? )
-
-
-## Debug Info
-[NOTE]: # ( Paste debug info from Help → About here )
-KeePassXC - VERSION
-Revision: REVISION
-
-Libraries:
-- LIBS
-
-Operating system: OS
-CPU architecture: ARCH
-Kernel: KERNEL
-
-Enabled extensions:
-- EXTENSIONS

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,83 @@
+name: Bug Report
+description: Provide information about a problem you are experiencing.
+type: Bug
+
+body:
+  - type: checkboxes
+    attributes:
+      label: Have you searched for an existing issue?
+      description: |
+        Use the issue search box to see if one already exists for the bug you encountered.
+        Also take a moment to review our pinned issues.
+      options:
+      - label: Yes, I tried searching and reviewed the pinned issues
+        required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Brief Summary
+      description: |
+        Provide an overview of the problem, include any information that may help us triage this issue.
+        Provide screenshots if possible, but do NOT show sensitive data (use View -> Allow Screen Capture).
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Provide a simple set of steps to reproduce this bug.
+      placeholder: |
+        1. 
+        2. 
+        3. 
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected_vs_actual
+    attributes:
+      label: Expected Versus Actual Behavior
+      description: Tell us what you expected to happen and what actually happened.
+
+  - type: textarea
+    id: debug_info
+    attributes:
+      label: KeePassXC Debug Information
+      placeholder: "Paste the output of: Help -> About -> Debug Info"
+      render: Text
+
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      description: Select your operating system.
+      options:
+        - Windows
+        - Linux
+        - macOS
+        - Other (BSD, Haiku, etc)
+
+  - type: dropdown
+    id: desktop_env
+    attributes:
+      label: Linux Desktop Environment
+      description: If on Linux, please select your desktop environment.
+      options:
+        - Gnome
+        - KDE
+        - XFCE
+        - Mate / Cinnamon
+        - Sway
+        - i3
+        - Other
+
+  - type: dropdown
+    id: window_system
+    attributes:
+      label: Linux Windowing System
+      description: If on Linux, please select your windowing system.
+      options:
+        - X11
+        - Wayland

.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,26 +0,0 @@
----
-name: Feature Request
-about: tell us about a new capability you want to see
-title: 
-labels: new feature
-assignees: ''
-
----
-
-[TIP]:  # ( Provide a general summary of the feature in the title above ^^ )
-[TIP]:  # ( DO NOT include screenshots of your actual database! )
-
-## Summary
-[NOTE]: # ( Provide a brief overview of what the new feature is all about )
-
-
-## Desired Behavior
-[NOTE]: # ( Tell us how the new feature should work, be specific )
-
-
-## Possible Solution
-[NOTE]: # ( Not required, but suggest ideas on how to implement the addition or change )
-
-
-## Context
-[NOTE]: # ( Why does this feature matter to you? What unique circumstances do you have? )

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,34 @@
+name: Feature Request
+description: Tell us about a new feature you want.
+type: Feature
+
+body:
+  - type: checkboxes
+    attributes:
+      label: Have you searched for an existing feature request?
+      description: Use the issue search box to see if one already exists for the feature you want.
+      options:
+      - label: Yes, I tried searching
+        required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Brief Summary
+      description: |
+        Provide an overview of the feature you are interested in adding.
+        Provide screenshots if possible, but do NOT show sensitive data (use View -> Allow Screen Capture).
+    validations:
+      required: true
+
+  - type: textarea
+    id: example
+    attributes:
+      label: Example
+      description: Provide an example of how this feature would be used.
+
+  - type: textarea
+    id: context
+    attributes:
+      label: Context
+      description: Why does this feature matter to you? What unique circumstances do you have?

.github/ISSUE_TEMPLATE/prerelease_bug_report.yml

@@ -0,0 +1,85 @@
+name: Pre-Release Bug Report
+description: Report an issue with pre-release code (e.g. snapshot builds).
+type: Bug
+labels: PRE-RELEASE BUG
+assignees: droidmonkey
+
+body:
+  - type: checkboxes
+    attributes:
+      label: Have you searched for an existing issue?
+      description: |
+        Use the issue search box to see if one already exists for the bug you encountered.
+        Also take a moment to review our pinned issues.
+      options:
+      - label: Yes, I tried searching and reviewed the pinned issues
+        required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Brief Summary
+      description: |
+        Provide an overview of the problem, include any information that may help us triage this issue.
+        Provide screenshots if possible, but do NOT show sensitive data (use View -> Allow Screen Capture).
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Provide a simple set of steps to reproduce this bug.
+      placeholder: |
+        1. 
+        2. 
+        3. 
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected_vs_actual
+    attributes:
+      label: Expected Versus Actual Behavior
+      description: Tell us what you expected to happen and what actually happened.
+
+  - type: textarea
+    id: debug_info
+    attributes:
+      label: KeePassXC Debug Information
+      placeholder: "Paste the output of: Help -> About -> Debug Info"
+      render: Text
+
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      description: Select your operating system.
+      options:
+        - Windows
+        - Linux
+        - macOS
+        - Other (BSD, Haiku, etc)
+
+  - type: dropdown
+    id: desktop_env
+    attributes:
+      label: Linux Desktop Environment
+      description: If on Linux, please select your desktop environment.
+      options:
+        - Gnome
+        - KDE
+        - XFCE
+        - Mate / Cinnamon
+        - Sway
+        - i3
+        - Other
+
+  - type: dropdown
+    id: window_system
+    attributes:
+      label: Linux Windowing System
+      description: If on Linux, please select your windowing system.
+      options:
+        - X11
+        - Wayland

.github/ISSUE_TEMPLATE/release-preview-bug-report.md

@@ -1,49 +0,0 @@
----
-name: Release Preview Bug report
-about: report a bug with a release preview (eg, 2.4.0-beta1)
-title: "[PRE-RELEASE] "
-labels: PRE-RELEASE BUG
-assignees: droidmonkey
-
----
-
-[TIP]:  # ( Provide a general summary of the issue in the title above ^^ )
-[TIP]:  # ( DO NOT include screenshots of your actual database! )
-
-## Expected Behavior
-[NOTE]: # ( Tell us what you expected to happen )
-
-
-## Current Behavior
-[NOTE]: # ( Tell us what actually happens )
-
-
-## Possible Solution
-[NOTE]: # ( Not required, but suggest a fix/reason for the bug )
-
-
-## Steps to Reproduce
-[NOTE]: # ( Provide a link to a live example, or an unambiguous set of steps to )
-[NOTE]: # ( reproduce this bug. Include code to reproduce, if relevant )
-1.
-2.
-3.
-
-## Context
-[NOTE]: # ( How has this issue affected you? What unique circumstances do you have? )
-
-
-## Debug Info
-[NOTE]: # ( Paste debug info from Help → About here )
-KeePassXC - VERSION
-Revision: REVISION
-
-Libraries:
-- LIBS
-
-Operating system: OS
-CPU architecture: ARCH
-Kernel: KERNEL
-
-Enabled extensions:
-- EXTENSIONS

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,36 +1,21 @@
-[TIP]:  # ( Provide a general summary of your changes in the title above ^^ )
-
-## Type of change
-[NOTE]: # ( Please remove all lines which don't apply. )
-- ✅ Bug fix (non-breaking change which fixes an issue)
-- ✅ Refactor (significant modification to existing code)
-- ✅ New feature (non-breaking change which adds functionality)
-- ✅ Breaking change (fix or feature that would cause existing functionality to change)
-- ✅ Documentation (non-code change)
-
-## Description and Context
 [NOTE]: # ( Describe your changes in detail, why is this change required? )
-[NOTE]: # ( Describe the context of your change. Explain large code modifications. )
-[NOTE]: # ( If it fixes an open issue, please add "Fixes #XXX" as necessary )
+[NOTE]: # ( Explain large or complex code modifications. )
+[NOTE]: # ( If it fixes an open issue, please add "Fixes #XXX". )
 
 
 ## Screenshots
-[TIP]:  # ( Do not include screenshots of your actual database! )
-
+[NOTE]: # ( Do not include screenshots of your actual database! )
+[TIP]:  # ( Use View -> Allow Screen Capture )
 
 ## Testing strategy
 [NOTE]: # ( Please describe in detail how you tested your changes. )
-[TIP]:  # ( We expect new code to be covered by unit tests and documented with doc blocks! )
+[TIP]:  # ( We expect new code to be covered by unit tests and include helpful comments. )
 
 
-## Checklist:
-[NOTE]: # ( Please go over all the following points. )
-[NOTE]: # ( Again, remove any lines which don't apply. )
-[NOTE]: # ( Pull Requests that don't fulfill all [REQUIRED] requisites are likely )
-[NOTE]: # ( to be sent back to you for correction or will be rejected.  )
-- ✅ I have read the **CONTRIBUTING** document. **[REQUIRED]**
-- ✅ My code follows the code style of this project. **[REQUIRED]**
-- ✅ All new and existing tests passed. **[REQUIRED]**
-- ✅ I have compiled and verified my code with `-DWITH_ASAN=ON`. **[REQUIRED]**
-- ✅ My change requires a change to the documentation, and I have updated it accordingly.
-- ✅ I have added tests to cover my changes.
+## Type of change
+[NOTE]: # ( Please remove all lines which don't apply. )
+- ✅ Bug fix (non-breaking change that fixes an issue)
+- ✅ New feature (change that adds functionality)
+- ✅ Breaking change (causes existing functionality to change)
+- ✅ Refactor (significant modification to existing code)
+- ✅ Documentation (non-code change)

.github/pull.yml

@@ -0,0 +1,8 @@
+# doc: https://github.com/wei/pull#basic-setup
+# manual trigger: https://pull.git.ci/process/${fork-user}/keepassxc
+# pull from: https://github.com/keepassxreboot/keepassxc
+version: "1"
+rules:
+  - base: develop
+    upstream:  keepassxreboot:develop
+    mergeMethod: rebase

.github/workflows/codeql.yml

@@ -0,0 +1,70 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ 'develop', 'release/2.7.x' ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ 'develop' ]
+  schedule:
+    - cron: '5 16 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - if: matrix.language == 'cpp'
+      name: Install dependencies
+      run: |
+        sudo apt update
+        sudo apt install build-essential cmake g++
+        sudo apt install qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev  libqt5x11extras5-dev
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        queries: security-and-quality
+
+    - if: matrix.language == 'cpp'
+      name: Build C++
+      run: |
+        mkdir build && cd build
+        cmake -DWITH_XC_ALL=ON -DWITH_TESTS=OFF ..
+        make -j $(nproc)
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - if: matrix.language != 'cpp'
+      name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.gitignore

@@ -21,3 +21,13 @@ desktop.ini
 /*.snap
 /*_source.tar.bz2
 
+# MSVC Files
+CMakeSettings.json
+CMakePresets.json
+CMakeUserPresets.json
+.vs/
+out/
+
+# vcpkg
+vcpkg_installed*/
+

.tx/config

@@ -1,8 +1,19 @@
 [main]
 host = https://www.transifex.com
 
-[keepassxc.keepassxc]
-source_file = share/translations/keepassx_en.ts
-file_filter = share/translations/keepassx_<lang>.ts
-source_lang = en
-type = QT
+[o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--develop]
+file_filter            = share/translations/keepassxc_<lang>.ts
+source_file            = share/translations/keepassxc_en.ts
+source_lang            = en
+type                   = QT
+replace_edited_strings = false
+keep_translations      = false
+
+[o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--master]
+file_filter            = share/translations/keepassxc_<lang>.ts
+source_file            = share/translations/keepassxc_en.ts
+source_lang            = en
+type                   = QT
+replace_edited_strings = false
+keep_translations      = false
+

CHANGELOG.md

@@ -1,5 +1,684 @@
 # Changelog
 
+## 2.8.0 (Pending)
+* Placeholder for future release notes
+
+## 2.7.10 (2025-03-02)
+
+### Changes
+* Allow adjusting application font size [#11567]
+* Add Proton Pass importer [#11197]
+* Support KeePass2 TOTP settings [#11229]
+* Add New/Preview Entry Attachments dialog and functionality [#11637, #11699, #11650]
+* Add database name, color, and icon options for unlock view [#10819, #11725]
+* Show entry background color as column [#6798]
+* Use icons for password strength [#9844]
+* Add "Group Full Path" column in entry view [#10278]
+* Passphrase "MIXED case" Type [#11255]
+* Allow deleting extension plugin data from Browser Statistics [#11218]
+* Add --minimized option to keepassxc [#11693]
+* Implement T-CONV and T-REPLACE-RX entry placeholders [#11453]
+* Option to disable opening browser when URL field double-clicked [#11332]
+* Overhaul action states and add icons to toolbar [#11047]
+* Show character count in password generator dialog [#10940]
+* Add ability to expire entries from context menu [#8731]
+* Add copy field shortcuts to Auto-Type select dialog [#11518]
+* Passkeys: Add support for selecting group on creation [#11260]
+* Browser: Refactor Access Control Dialog [#9607]
+* Browser: Add support for URL wildcards and exact URL [#9835, #11752]
+* Browser: Allow groups to restrict by browser integration key [#9852]
+* CLI: Add `-d` dry-run shortcut to merge command [#11192]
+* CLI: HTML export [#11590]
+* macOS: Add option to disable database lock when switching user [#9707]
+* SSH Agent: Implement feature to clear all identities [#10649]
+
+### Fixes
+* Major enhancements to documentation [#11745, #10875]
+* Various UI and style fixes [#11535, #11672, #11511, #11445, #11426, #11273, #11455, #11321, #11594, #11539, #11351, #11354, #10748, #11602, #11303, #11291, #10091, #9417]
+* Various improvements to tags [#11676, #11652, #11625]
+* Reset splitter sizes on database unlock [#11014]
+* Remember sort order in Auto-type popup dialog [#9508]
+* Fix database password clearing when modifying key file / hardware key [#11001]
+* Fix issues with reloading and handling of externally modified db file [#10612]
+* Support passkeys with Bitwarden import [#11401]
+* Fix various quirks with CSV import [#11787]
+* Show Auto-Type select dialog even if window title is empty [#11603]
+* Refactor hardware key code to avoid deadlock [#11703, #10872]
+* Show a clear error if hardware key is found slots are not configured [#11609]
+* Fix signal/slot disconnect when opening import wizard [#11039]
+* Fix setting window title as modified [#11542]
+* Fix assert hit when viewing entry history [#11413]
+* Fix multiple crashes on Linux [#11513]
+* Fix backup file path time substitution [#10834]
+* Prevent long-running threads from deadlocking the program with only 1 CPU [#11155]
+* Hide the menubar when menus lose focus (if toggled off) [#11355, #11605]
+* CLI: Restore the original codepage on windows [#11470]
+* Passkeys: Various fixes [#10934, #10951]
+* Browser: Fix cancel with database unlock dialog [#11435]
+* Browser: Resolve references in Access Confirm dialog [#11055]
+* SSH Agent: Add timeout to streams to prevent deadlock [#11290]
+* macOS: Replace legacy code for screen recording permissions [#11428]
+* macOS: Implement Secure Input Mode [#11623]
+* macOS: Fix showing ambigious name in settings [#11373]
+* macOS: Fix copy-to-clipboard shortcut in entry preview widget [#10966]
+* Linux: Prevent multiple lock requests [#11306]
+* Snap: Prevent need for snap helper script to configure browser extension [#10924]
+* Windows: Detect outdated VC Redist with MSI installer [#11469]
+* Windows: Additional exclusion fields for clipboard [#11521]
+
+## 2.7.9 (2024-06-19)
+
+### Changes
+* Passkeys: Ability to easily remove a passkey from an entry [#10777]
+* Snap: Use new desktop portal for native messaging integration [#10906]
+
+### Fixes
+* Improve entry placeholder/reference feature [#10846]
+* Improve CSV importing when title field isn't specified [#10843]
+* Improve encrypted Bitwarden importing [#10800]
+* Improve database settings UX [#10821]
+* Improve handling of clipboard actions from entry preview [#10810]
+* Improve group/entry view resize behavior and set sensible defaults [#10641]
+* Passkeys: Fix incorrect username fill [#10874]
+* Passkeys: Return additional data to the extension [#10857]
+* Fix password clear timer inconsistency on unlock view [#10708]
+* Fix portability check [#10760]
+* Fix page overflow on HTML exports [#10735]
+* Fix broken builds when using system provided zxcvbn [#10717]
+* Fix copy password button when text is selected [#10853]
+* Fix tab ordering on application settings pages [#10907]
+* SSH Agent: Fix broken decrypt button [#10638]
+* Windows: Fix ALT Auto-Type modifier [#10795]
+* Windows: Fix wrong DACL memory size allocation [#10712]
+* macOS: Fix monospace font sizing [#10739]
+* Flatpak: Fix configuration settings off-by-one error [#10688]
+* BSD: Fix compiling with libusb implementation [#10736]
+
+## 2.7.8 (2024-05-05)
+
+### Changes
+- Add hotkey for showing search help [#10591]
+- Add hotkey for group switching (Ctrl+Shift+PgUp/PgDown) [#10625]
+- Add per-database auto-save delay setting [#9100]
+- Add setting to hide menubar [#10341]
+- Improve Bitwarden 1PUX import and support organization collections [#10499]
+- Show advanced settings checkbox only for settings that have them [#6513]
+- Remove obsolete setting for requiring repeated password entry [#9722]
+- Passkeys: Allow registering Passkeys to existing entries [#10408]
+- Passkeys: Show warning about data being unencrypted before Passkey export [#10411]
+- Passkeys: Support NFC and USB transports [#10402]
+- Passkeys: Pass extension JSON data to browser [#10615]
+- SSH Agent: Do not use entries from recycle bin [#10518]
+- Linux: Change hotkey sequence used for {CLEARFIELD} Auto-Type [#10008]
+- Windows: Improve DACL memory access protection [#10618]
+
+### Fixes
+- Fix crash when deleting history items [#10451]
+- Fix crash on screen lock or computer sleep [#10458]
+- Fix search field not being focused after unlock [#10459]
+- Fix loss of window focus when Auto-Type needs to unlock a database [#10555]
+- Fix inconsistent TOTP visibility on unlock [#10009]
+- Fix CSV import skipping over single-name groups [#10575]
+- Fix key file folder being remembered even if disabled in settings [#10636]
+- Fix issues with entry editing and database locking [#10667]
+- Fix key file text when provided on command line [#10642]
+- Fix issues with hardware key auto detection [#10663]
+- Do not override monospace font size [#10282]
+- Perform group sort only when group view is in focus [#10202]
+- Do not show decimals for attachment sizes in Bytes [#10595]
+- Prevent merging of global custom data when merging databases [#10452]
+- Fix minor translation issues [#10635]
+- Passkeys: Fix StrongBox incompatibility [#10420]
+- Passkeys: Set RP ID to effective domain if unset instead of returning an error [#10384]
+- Passkeys: Various UI fixes and improvements [#10427, #10608, #10609]
+- AppImage: Fix URL opening [#10624]
+- Flatpak: Fix application autostart [#10563]
+- Linux/macOS: Fix button sizes on modal alert popups [#10500]
+- Linux: Fix clipboard clear on Wayland [#10500]
+- Windows: Preserve file-hidden attribute [#10343]
+
+## 2.7.7 (2024-03-09)
+
+### Changes
+- Support USB Hotplug for Hardware Key interface [#10092]
+- Support 1PUX and Bitwarden import [#9815]
+- Browser: Add support for PassKeys [#8825, #9987, #10318]
+- Build System: Move to vcpkg manifest mode [#10088]
+
+### Fixes
+- Fix multiple TOTP issues [#9874]
+- Fix focus loss on save when the editor is not visible anymore [#10075]
+- Fix visual when removing entry from history [#9947]
+- Fix first entry is not selected when a search is performed [#9868]
+- Prevent scrollbars on entry drag/drop [#9747]
+- Prevent duplicate characters in "Also choose from" field of password generator  [#9803]
+- Security: Prevent byte-by-byte and attachment inference side channel attacks [#10266]
+- Browser: Fix raising Update Entry messagebox [#9853]
+- Browser: Fix bugs when returning credentials [#9136]
+- Browser: Fix crash on database open from browser [#9939]
+- Browser: Fix support for referenced URL fields [#8788]
+- MacOS: Fix crash when changing highlight/accent color [#10348]
+- MacOS: Fix TouchID appearing even though lid is closed [#10092]
+- Windows: Fix terminating KeePassXC processes with MSI installer [#9822]
+- FdoSecrets: Fix database merge crash when enabled [#10136]
+
+## 2.7.6 (2023-08-15)
+
+### Changes
+- Significant improvement to visual when drag/drop entries [#9698]
+- Automatically prompt for Quick Unlock when showing unlock dialog [#9697]
+- Improve colorful lock icon and fix file MIME icon on KDE [#9632]
+- Ability to search by entry UUID [#9571]
+- Add challenge-response support for NitroKey 3 [#9631]
+- Auto-Type: Disable entry level Auto-Type when disabled at group/entry [#9672]
+- Browser: Show warning when adding duplicate URL's to entry [#9588][#9635]
+- Browser: Improve error message when proxy cannot be found [#9385]
+
+### Fixes
+- Fix crash on exit on macOS [#9620]
+- Fix crash on search if entry doesn't have a group [#9633]
+- Fix several issues with Quick Unlock [#9697]
+- Enable save button when not auto-saving non-data changes [#9634]
+- Several UI/UX fixes [#9647]
+- Move toolbar back to top of window when disabling movement [#9699]
+- Browser: Fix closing password generator dialog with X button [#9636]
+- Browser: Fix handling of expired credentials [#9595]
+- Windows: Prevent white flicker when launching application [#9637]
+- Linux: Fix warning message about allow screencapture [#9638]
+- FdoSecrets: Fix access confirmation dialog showing even when disabled [#9690]
+
+## 2.7.5 (2023-05-14)
+
+### Changes
+- Add menu option to allow screenshots [#8841]
+- Add support for Botan 3 [#9388]
+- Increase max TOTP step to 24 hours [#9149]
+- Improve HTML export layout [#8987]
+- Turn search reset off by default [#9153]
+- Use QClipboard::clear() instead of setting blank text [#9148]
+- Hide group column header choice when not in search [#9171]
+- Improve look of KeePassXC logo and icons [#9355]
+- Add keyboard shortcuts for app and database settings [#9007]
+- Hide rename button from attachments preview panel [#8842]
+- Linux: Set SingleMainWindow in .desktop file [#7430]
+
+### Fixes
+- Fix crash when search clears while creating new entry [#9230]
+- Fix crash when using Windows Hello in a Remote Desktop session [#9006]
+- Fix crash in Group Edit after enabling Browser Integration [#8778]
+- Fix canceling quick unlock when it is unavailable [#9034]
+- Set password input field font correctly [#8732]
+- Greatly improve performance when rendering entry view [#9398]
+- Fix various accessibility issues [#9138]
+- Fix arrows size when expand/collapse a group [#9096]
+- Select the clone instead of the original after cloning an entry [#9070]
+- Fix bugs with preview widget [#9170]
+- Fix status bar update when switching to other DB [#9073]
+- Fix database settings spin box bug [#9101]
+- Fix Ctrl+Tab shortcut to cycle databases in unlock dialog [#8839]
+- Fix TOTP QR code maintaining square ratio [#9027]
+- Fix Auto-Type configuration page on custom sequence selection [#8752]
+- Fix unexpected behavior of `--lock` when KeePassXC is not running [#8889]
+- Make open folder icon exempt from "Apply group icon to entry" [#9205]
+- Allow setting default file open directory with env var [#9192]
+- SSH Agent: Fix support for AES-256/GCM openssh keys [#8968]
+- Browser: Fix Native Messaging script path with BSD OS's [#8835]
+- MacOS: Fix text selection for Auto-Type clear field [#9066]
+- MacOS: Don't rely on AppleInterfaceStyle for theme switching [#8615]
+- Windows: Remove registry detection of desktop shortcut [#9380]
+
+## 2.7.4 (2022-10-29)
+
+### Changes
+- Add 2 months expiration preset [#8687]
+- CLI: Add Unicode support on Windows [#8618]
+
+### Fixes
+- Fix crash on macOS when unlocking database [#8676]
+- Fix display of passwords in preview panel [#8633]
+- Fix clicking links in entry preview panel [#8644]
+- Prevent expired entries search if no results returned [#8643]
+- Browser: Revert code causing connection problems [#8665]
+- Browser: Fix socket file symbolic link on Linux [#8656]
+- Flatpak: Fix launching browser proxy service [#8680]
+- SSH Agent: Fix pageant support on Windows [#8619]
+
+## 2.7.3 (2022-10-23)
+
+### Changes
+- Enhance Tags Support and Add Saved Searches [#8435, #8607]
+- Significant improvements to entry preview panel [#7993]
+- Add password strength indicator to all password fields [#7885]
+- Limit zxcvbn entropy estimation length to 128 characters [#7748]
+- Try full URL path when fetching favicon [#8565]
+- Hide usernames in preview panel when hidden in entry view [#8608]
+- Enable dark title bar on windows when accent color is not used [#8498]
+- Add option to display passwords in color in preview panel [#7097]
+- Add XML Export option to GUI [#8524]
+- Increase entropy required for a "good" password rating to 75 [#8523]
+- Add shortcut to copy password with TOTP appended [#8443]
+- Show entry count in status bar [#8435]
+- Allow KeePassXC to be built without X11 [#8147]
+- Enable use of VivoKey Apex and Dangerous Things FlexSecure tokens [#8332]
+- Add setting for number of recent files [#8239]
+- Add Ctrl+Tab shortcut to cycle databases in unlock dialog [#8168]
+- Replace offensive words in eff_large.wordlist [#7968]
+- Auto-Type: PICKCHARS can specify attribute and ignore BEEP [#8118]
+- Linux: Add isHardwareKeySupported and refreshHardwareKeys to DBus methods [#8055]
+- Add config variable to specify default database file name [#8042]
+- Support numeric aware sorting on Windows and macOS [#8363]
+- CLI: Add `db-edit` command [#8400]
+- CLI: Add option to display all attributes with `show` command [#8256]
+- CLI: Show UUID and tags with `show` and `clip` commands [#8241]
+- Browser: Move socket into separate directory on Linux [#8030]
+- Browser: Add group setting to omit WWW subdomain when matching URLs [#7988]
+- FdoSecrets: Ask to unlock the database when creating items [#8022, #8028]
+- FdoSecrets: Skip entries in recycle bin when searching [#8021]
+
+### Fixes
+- Fix potential deadlock in UI when saving [#8606]
+- Fix newlines when copying notes from preview panel [#8542]
+- Fix dark mode detection on Linux [#8477]
+- Fix crash when deleting items in recycle bin while searching [#8117]
+- Fix crash when trying to close database during unlock [#8144]
+- Fix tabbing around the interface [#8435, #8520]
+- Fix OPVault import when there are multiple OTP fields [#8436]
+- Fix various Windows Hello bugs [#8354]
+- Fix use of Apple Watch for Quick Unlock [#8311]
+- Better handling of "Lock on Minimize" setting [#8202]
+- Check for write permission before entering portable mode [#8447]
+- Correct regex escape logic to prevent parse errors [#7778]
+- Normalize slashes and file case for last used databases [#7864, #7214]
+- Link ykcore against pthread [#7807]
+- Auto-Type: Fix menu entries in selection dialog on Windows [#7987]
+- Auto-Type: Fix use of modifiers under macOS [#8111]
+- CLI: Fix output when using clip with the -t flag [#8271]
+- Browser: Use asynchronous access confirm dialog [#8273]
+- Browser: Always send database locked/unlocked status [#8114]
+
+## 2.7.1 (2022-04-05)
+
+### Changes
+- Show when tags are changed in entry history [#7638]
+- Improve tags editing and allow spaces in tags [#7708]
+- Improve layout of entry preview panel [#7767]
+- Incorporate patches to support Flatpak distribution [#7728]
+- Add expiration presets for 12 and 24 hours [#7738]
+
+### Fixes
+- Fix crash when building history change list [#7638]
+- Fix hiding password on database unlock [#7725]
+- Fix AES KDF slow transform speed [#7755]
+- Auto-Type: Correct timing issue on macOS and Linux that prevented typing [#7588]
+- Auto-Type: Fix use of Ctrl/Alt/Shift/Win modifiers on Windows [#7629]
+- Auto-Type: Reduce/eliminate delay when searching for entries [#7598]
+- Auto-Type: Map ASCII dead keys on Linux for international keyboards [#7614]
+- CLI: Fix detection of hardware keys (YubiKey) [#7593]
+- CLI: Add missing parameter `-c` to add/edit entries command [#7594]
+- Secret Service: Fix crash when multiple prompts are shown [#7786]
+- SSH Agent: Fix default agent selection on Windows [#7764]
+- Fix database unlock dialog not being the top window on Linux [#7771]
+- Fix drag/drop entries between tabs on Wayland [#7628]
+- Fix compiling with minizip-ng [#7638]
+
+## 2.7.0 (2022-03-21)
+
+### Major Additions
+- Implement KDBX 4.1 [#7114]
+- Add direct write save option for cloud storage and GVFS [#6594]
+- Prevent screen capture on Windows and macOS [#6030]
+- Support quick unlock using Windows Hello [#7384]
+- Support quick unlock using Apple Watch [#5526]
+- Allow specifying database backup paths [#7035]
+- Add tag functionality [#6487][#7436][#7446]
+- Add password rating column to entry view [#4797]
+- Add group clone action [#6124]
+- Show modifications between entry history items [#6789]
+- Ability to bulk-delete and purge unused custom icons [#5970]
+- Support adding custom passphrase wordlists [#6799]
+- Support passphrase wordlists in numbered and PGP-signed formats [#6791]
+- Implement support for hardware keys via wireless NFC [#6895]
+- SSH Agent: Add support for OpenSSH 8.2 FIDO/U2F keys [#6371]
+- CLI: Implement attachment handling [#5538]
+- CLI: Add support for okon in offline HIBP checks [#5478]
+- CLI: Implement `search` command and remove `locate` [#6805]
+- CLI: Add db statistic output to `db-info` command [#7032]
+- CLI: Add -i/--include option to `generate` command. [#7112]
+- CLI: Add a -n (--notes) option to `add` and `edit` commands [#4646]
+- CLI: Add keyfile option to `import` command [#5402]
+- CLI: Adding a best option to clip to copy a password of the best match [#4489]
+- Browser: Add Microsoft Edge support on Linux [#7100]
+- Browser: Support native password generator from the extension [#6529]
+- Browser: Add group settings [#4180]
+- Browser: Add feature to ignore entries for HTTP-Auth Logins [#5394]
+- Browser: Support triggering Auto-Type from browser extension [#6272]
+- Browser: Add delete-entry command to API [#6899]
+- Browser: Add search 'by-path' url to API [#5535]
+- Browser: search for entries by UUID to API [#4763]
+- Browser: Support auto-download of favicon on entry addition [#7179]
+- Auto-Type: Major improvements to Auto-Type [#5864][#7463][#7435][#7391][#7129][#6400][#6364][#6361][#5283][#7507]
+- Auto-Type: Fix typing to virtual machines on Windows [#7366]
+- Auto-Type: Re-implement X11 keysym emulation [#7098]
+- Auto-Type: Support multiple Xkb layouts [#6247]
+- Auto-Type: Abort keystroke if modifiers held on X11 [#6351][#6357]
+- Auto-Type: Add TOTP option to entry level Auto-Type menu [#6675]
+- FdoSecrets: Major Refactor and Code Consolidation [#5747][#5660][#7043][#6915]
+- FdoSecrets: Implement unlock before search [#6943]
+- Reports: Add browser statistics report [#7197]
+
+### Major Changes
+- Port crypto backend to [Botan](https://github.com/randombit/botan) [#6209]
+- Improve attachment handling and security [#6606][#5034][#7083]
+- Allow selecting any open database in unlock dialog [#5427]
+- KeeShare: Remove checking signed container and QuaZip dependency [#7223]
+- Introduce security option to enable copy on double click (default off) [#6433]
+- Add 'delete entry without confirm' functionality [#5812]
+- Improve macOS and Windows platform integration [#5851]
+- Lock only the current database by default [#6652]
+- Show expired entries on DB unlock [#7290]
+- Update D-Bus adaptor interface class name to match definition file [#7523]
+
+### Other Changes and Fixes
+- Add countdown progress bar to TOTP preview [#6930]
+- Enter favicon url directly on icons page [#6614]
+- Set C++17 as standard in the build system [#7180]
+- Internalize ykcore into code base [#6654]
+- Transition to Visual Studio builds on Windows [#5874]
+- Ability to delete entries from health check reports [#6537]
+- Enhance remembering last-used directories [#6711]
+- Implement org.freedesktop.appearance.color-scheme support on Linux [#7422]
+- Support sorting HTML export [#7011]
+- Add display number of characters in passphrases [#5449]
+- Use Alt+Tab on macOS to switch between databases [#5407]
+- Add feature to sort groups using shortcut keys [#6999]
+- Add CTRL+Enter to apply password generator changes [#6414]
+- Display `Database created` timestamp on statistics report [#6876]
+- Browser: Improve best matching credentials setting [#6893]
+- SSH Agent: Use both Pageant and OpenSSH agent simultaneously on Windows [#6288]
+- SSH Agent: Allow using database path to resolve keys [#6365]
+- SSH Agent: Show correct error messages in main window [#7166]
+- Multiple fixes for MSI installer [#6630]
+- Fix tab order for CSV import dialog to match screen order [#7315]
+- Don't mark kdbx:// urls as invalid [#7221]
+- Make selected text copyable instead of copying password [#7209]
+- Detect timestamp resolution for CSV files [#7196]
+- Fix crash while downloading favicon [#7104]
+- Correct naming of newly generated keyx files [#7010]
+- Place the 'Recycle Bin' at the bottom of the list when groups are sorted [#7004]
+- Handle tilde with custom browser paths [#6659]
+- Don't scroll up when deleting an entry [#6833]
+- Set the MIME-Type to text/plain when using wl-copy on wayland [#6832]
+- Fix adaptive icon painting [#5989][#6033]
+- Fix favicon download from URL with non-standard port [#5509]
+- Ignore recycle bin on KeePassHTTP migration [#5481]
+- Fix keepassxc-cr-recovery utility [#7521]
+- Fix Auto-Type not working when audio recording indicator is active on macOS 12.2+ [#7526]
+
+## 2.6.6 (2021-06-12)
+
+### Fixed
+
+- Fix focusing search when pressing hotkey [#6603]
+- Trim whitespace from TOTP key input prior to processing [#6604]
+- Fix building on macOS [#6598]
+- Resolve compiler warnings for unused return values [#6607]
+
+## 2.6.5 (2021-06-08)
+
+### Added
+
+- Show search bar when toolbar is hidden or in overflow [#6279]
+- Show countdown for clipboard clearing in status bar [#6333]
+- Command line option to lock all open databases [#6511]
+- Allow CSV import of bare TOTP secrets [#6211]
+- Retain file creation time when saving database [#6576]
+- Set permissions of saved attachments to be private to the current user [#6363]
+- OPVault: Use Text instead of Name for attribute names [#6334]
+
+### Changed
+
+- Reports: Allow resizing of reports columns [#6435]
+- Reports: Toggle showing expired entries [#6534]
+- Save Always on Top setting [#6236]
+- Password generator can exclude additional lookalike characters (6/G, 8/B) [#6196]
+
+### Fixed
+
+- Allow setting MSI properties in unattended install [#6196]
+- Update MainWindow minimum size to enable smaller verticle space [#6196]
+- Use application font size when setting default or monospace fonts [#6332]
+- Fix notes not clearing in entry preview panel in some cases [#6481]
+- macOS: Correct window activation when restoring from tray [#6575]
+- macOS: Better handling of minimize after unlock when using browser integration [#6338]
+- Linux: Start after the system tray is available on LXQt [#6216]
+- Linux: Allow selection of modal dialogs on X11 in Auto-Type [#6204]
+- KeeShare: prevent crash when file extension is missing [#6174]
+
+## 2.6.4 (2021-01-31)
+
+### Added
+
+- Automatically adapt to light/dark system theme changes (Windows/macOS only) [#6034]
+
+### Changed
+
+- Show window title as tooltip on system tray [#5948]
+- Compress Snap release as LZO for faster initial startup [#5877]
+- Password generator: Set maximum selectable password length to 999 [#5937]
+
+### Fixed
+
+- Fix crash on app close when using SSH agent [#5935]
+- Fix KDF selection showing wrong item when using Argon2id [#5923]
+- Automatically close About dialog on database lock if it is still open [#5947]
+- Linux: Fix automatic launch at system startup with AppImages [#5901]
+- Linux: Fix click-to-move on empty area activating when using menus [#5971]
+- Linux: Try multiple times to show tray icon if tray is not ready yet [#5948]
+- macOS: Fix KeePassXC blocking clean shutdown [#6002]
+
+## 2.6.3 (2021-01-12)
+
+### Added
+
+- Support Argon2id KDF [#5778]
+- Support XMLv2 key files [#5798]
+
+### Changed
+
+- Improve CSV Import/Export, include time fields and TOTP [#5346]
+- Support empty area dragging of the application window [#5860]
+- Display default Auto-Type sequence in preview pane [#5654]
+- Remove strict length limit on generated passwords [#5748]
+- Hide key file path by default when unlocking database [#5779]
+- Document browser extension use with Edge in managed mode [#5692]
+- Windows: Prevent clipboard history and cloud sync [#5853]
+- macOS: Update the application icon to Big Sur styling [#5851]
+
+### Fixed
+
+- Re-select previously selected entry on database unlock [#5559]
+- Properly save special character choice in password generator [#5610]
+- Fix crash in browser integration with multiple similar entries [#5653]
+- Remove offset on username field in classic theme [#5788]
+- Ensure entry history is copied when drag/dropping entries and groups [#5817]
+- Close modal dialogs when database is locked [#5820]
+- Prevent crash when KeeShare modifies an entry that is currently being edited [#5827]
+- Improve preview of entry attributes [#5834]
+- Always activate/focus database open dialog preventing mistype [#5878]
+- Reports: fix calculation of average password length [#5862]
+- Linux: Delay startup on login to correct tray icon issues [#5724]
+
+## 2.6.2 (2020-10-21)
+
+### Added
+
+- Add option to keep window always on top to view menu [#5542]
+- Move show/hide usernames and passwords to view menu [#5542]
+- Add command line options and environment variables for changing the config locations [#5452]
+- Include TOTP settings in CSV import/export and add support for ISO datetimes [#5346]
+
+### Changed
+
+- Mask sensitive information in command execution confirmation prompt [#5542]
+- SSH Agent: Avoid shortcut conflict on macOS by changing "Add key" to Ctrl+H on all platforms [#5484]
+
+### Fixed
+
+- Prevent data loss with drag and drop between databases [#5536]
+- Fix crash when toggling Capslock rapidly [#5545]
+- Don't mark URL references as invalid URL [#5380]
+- Reset entry preview after search [#5483]
+- Set Qt::Dialog flag on database open dialog [#5356]
+- Fix sorting of database report columns [#5426]
+- Fix IfDevice matching logic [#5344]
+- Fix layout issues and a stray scrollbar appearing on top of the entry edit screen [#5424]
+- Fix tabbing into the notes field [#5424]
+- Fix password generator ignoring settings on load [#5340]
+- Restore natural entry sort order on application load [#5438]
+- Fix paperclip and TOTP columns not saving state [#5327]
+- Enforce fixed password font in entry preview [#5454]
+- Add scrollbar when new database wizard exceeds screen size [#5560]
+- Do not mark database as modified when viewing Auto-Type associations [#5542]
+- CLI: Fix two heap-use-after-free crashes [#5368,#5470]
+- Browser: Fix key exchange not working with multiple simultaneous users on Windows [#5485]
+- Browser: Fix entry retrieval when "only best matching" is enabled [#5316]
+- Browser: Ignore recycle bin on KeePassHTTP migration [#5481]
+- KeeShare: Fix import crash [#5542]
+- macOS: Fix toolbar theming and breadcrumb display issues [#5482]
+- macOS: Fix file dialog randomly closing [#5479]
+- macOS: Fix being unable to select OPVault files for import [#5341]
+
+## 2.6.1 (2020-08-19)
+
+### Added
+
+- Add menu entries for auto-typing only username or only password [#4891]
+- Browser: Add command for retrieving current TOTP [#5278]
+- Improve man pages [#5010]
+- Linux: Support Xfce screen lock signals [#4971]
+- Linux: Add OARS metadata to AppStream markup [#5031]
+- SSH Agent: Substitute tilde with %USERPROFILE% on Windows [#5116]
+
+### Changed
+
+- Improve password generator UI and UX [#5129]
+- Do not prompt to restart if switching the theme back and forth [#5084]
+- Change actions for F1, F2, and F3 keys [#5082]
+- Skip referenced passwords in health check report [#5056]
+- Check system-wide Qt translations directory for downstream translations packaging [#5064]
+- macOS: Change password visibility toggle shortcut to Ctrl+H to avoid conflict with system shortcut [#5114]
+- Browser: Only display domain name in browser access confirm dialog to avoid overly wide window sizes [#5214]
+
+### Fixed
+
+- Fix clipboard not being cleared when database is locked while timeout is still active [#5184]
+- Fix list of previous databases not being cleared in some cases [#5123]
+- Fix saving of non-data changes on database lock [#5210]
+- Fix search results banner theming [#5197]
+- Don't enforce theme palette in Classic theme mode and add hover effect for buttons [#5122,#5267]
+- Fix label clipping in settings on high-DPI screens [#5227]
+- Fix excessive memory usage by icons on systems with high-DPI screens [#5266]
+- Fix crash if number of TOTP digits exceeds ten [#5106]
+- Fix slot detection when first YubiKey is configured on the second slot [#5004]
+- Prevent crash if focus widget gets deleted during saving [#5005]
+- Always show buttons for opening or saving attachments [#4956]
+- Update link to Auto-Type help [#5228]
+- Fix build errors with Ninja [#5121]
+- CLI: Fix db-info command wrongly labelled as db-show in usage listing [#5140]
+- Windows: Use Classic theme by default if high-contrast mode is on [#5191]
+- Linux: Add workaround for qt5ct bug, causing icons not to show up [#5011]
+- Linux: Correct high-DPI display by not allowing fractional scaling [#5185]
+- Browser: Consider subdomain and path when requesting only "best-matching credentials" [#4832]
+- SSH Agent: Always forget all keys on lock [#5115]
+
+## 2.6.0 (2020-07-06)
+
+### Added
+
+- Custom Light and Dark themes [#4110, #4769, #4791, #4892, #4915]
+- Compact mode to use classic Group and Entry line height [#4910]
+- New monochrome tray icons [#4796, #4803]
+- View menu to quickly switch themes, compact mode, and toggle UI elements [#4910]
+- Search for groups and scope search to matched groups [#4705]
+- Save Database Backup feature [#4550]
+- Sort entries by "natural order" and move lines up/down [#4357]
+- Option to launch KeePassXC on system startup/login [#4675]
+- Caps Lock warning on password input fields [#3646]
+- Add "Size" column to entry view [#4588]
+- Browser-like tab experience using Ctrl+[Num] (Alt+[Num] on Linux) [#4063, #4305]
+- Password Generator: Define additional characters to choose from [#3876]
+- Reports: Database password health check (offline) [#3993]
+- Reports: HIBP online service to check for breached passwords [#4438]
+- Auto-Type: DateTime placeholders [#4409]
+- Browser: Show group name in results sent to browser extension [#4111]
+- Browser: Ability to define a custom browser location (macOS and Linux only) [#4148]
+- Browser: Ability to change root group UUID and inline edit connection ID [#4315, #4591]
+- CLI: `db-info` command [#4231]
+- CLI: Use wl-clipboard if xclip is not available (Linux) [#4323]
+- CLI: Incorporate xclip into snap builds [#4697]
+- SSH Agent: Key file path env substitution, SSH_AUTH_SOCK override, and connection test [#3769, #3801, #4545]
+- SSH Agent: Context menu actions to add/remove keys [#4290]
+
+### Changed
+
+- Complete replacement of default database icons [#4699]
+- Complete replacement of application icons [#4066, #4161, #4203, #4411]
+- Complete rewrite of documentation and manpages using Asciidoctor [#4937]
+- Complete refactor of config files; separate between local and roaming [#4665]
+- Complete refactor of browser integration and proxy code [#4680]
+- Complete refactor of hardware key integration (YubiKey and OnlyKey) [#4584, #4843]
+- Significantly improve performance when saving and opening databases [#4309, #4833]
+- Remove read-only detection for database files [#4508]
+- Overhaul of password fields and password generator [#4367]
+- Replace instances of "Master Key" with "Database Credentials" [#4929]
+- Change settings checkboxes to positive phrasing for consistency [#4715]
+- Improve UX of using entry actions (focus fix) [#3893]
+- Set expiration time to Now when enabling entry expiration [#4406]
+- Always show "New Entry" in context menu [#4617]
+- Issue warning before adding large attachments [#4651]
+- Improve importing OPVault [#4630]
+- Improve AutoOpen capability [#3901, #4752]
+- Check for updates every 7 days even while still running [#4752]
+- Improve Windows installer UI/UX [#4675]
+- Improve config file handling of portable distribution [#4131, #4752]
+- macOS: Hide dock icon when application is hidden to tray [#4782]
+- Browser: Use unlock dialog to improve UX of opening a locked database [#3698]
+- Browser: Improve database and entry settings experience [#4392, #4591]
+- Browser: Improve confirm access dialog [#2143, #4660]
+- KeeShare: Improve monitoring file changes of shares [#4720]
+- CLI: Rename `create` command to `db-create` [#4231]
+- CLI: Cleanup `db-create` options (`--set-key-file` and `--set-password`) [#4313]
+- CLI: Use stderr for help text and password prompts [#4086, #4623]
+- FdoSecrets: Display existing secret service process [#4128]
+
+### Fixed
+
+- Fix changing focus around the main window using tab key [#4641]
+- Fix search field clearing while still using the application [#4368]
+- Improve search help widget displaying on macOS and Linux [#4236]
+- Return keyboard focus after editing an entry [#4287]
+- Reset database path after failed "Save As" [#4526]
+- Make builds reproducible [#4411]
+- Improve handling of ccache when building [#4104, #4335]
+- Windows: Use correct UI font and size [#4769]
+- macOS: Properly re-hide application window after browser integration and Auto-Type usage [#4909]
+- Linux: Fix version number not embedded in AppImage [#4842]
+- Auto-Type: Fix crash when performing on new entry [#4132]
+- Browser: Send legacy HTTP settings to recycle bin [#4589]
+- Browser: Fix merging browser keys [#4685]
+- CLI: Fix encoding when exporting database [#3921]
+- SSH Agent: Improve reliability and underlying code [#3833, #4256, #4549, #4595]
+- FdoSecrets: Fix crash when editing settings before service is enabled [#4332]
+
+## 2.5.4 (2020-04-09)
+
+### Fixed
+
+- Return keyboard focus after saving database edits [#4287]
+- Windows: Use bare minimum settings in portable version [#4131]
+- Windows: Use SHA256 code signing [#4129]
+- macOS: Fix code signing incompatibility in latest macOS release [#4564]
+
 ## 2.5.3 (2020-01-19)
 
 ### Fixed
@@ -130,8 +809,8 @@
 - Redesign database unlock dialog [ #3287]
 - Rework the entry preview panel [ #3306]
 - Move notes to General tab on Group Preview Panel [#3336]
-- Enable entry actions when editing an entry and cleanup entry context menu  [#3641]
-- Improve detection of external database changes  [#2389]
+- Enable entry actions when editing an entry and cleanup entry context menu [#3641]
+- Improve detection of external database changes [#2389]
 - Warn if user is trying to use a KDBX file as a key file [#3625]
 - Add option to disable KeePassHTTP settings migrations prompt [#3349, #3344]
 - Re-enabled Wayland support (no Auto-Type yet) [#3520, #3341]
@@ -445,7 +1124,7 @@
 - Compare window title to entry URLs #556
 - Implemented inline error messages #162
 - Ignore group expansion and other minor changes when making database "dirty" #464
-- Updated license and copyright information on souce files #632
+- Updated license and copyright information on source files #632
 - Added contributors list to about dialog #629
 
 ## 2.1.4 (2017-04-09)

CMakeLists.txt

@@ -14,9 +14,10 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-cmake_minimum_required(VERSION 3.1.0)
+cmake_minimum_required(VERSION 3.10.0)
 
 project(KeePassXC)
+set(APP_ID "org.keepassxc.${PROJECT_NAME}")
 
 if(NOT CMAKE_BUILD_TYPE)
     set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING
@@ -24,19 +25,16 @@ if(NOT CMAKE_BUILD_TYPE)
             FORCE)
 endif()
 string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
+if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo")
+    set(IS_DEBUG_BUILD TRUE)
+endif()
 
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
 
-# Use the Compiler Cache (ccache) if it is installed
-# (install with: sudo apt get ccache)
-find_program (CCACHE_FOUND ccache)
-if (CCACHE_FOUND)
-    set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ccache)
-endif (CCACHE_FOUND)
-
 # Support Visual Studio Code
 include(CMakeToolsHelpers OPTIONAL)
 include(FeatureSummary)
+include(KPXCMacDeployHelpers)
 
 include(CheckCCompilerFlag)
 include(CheckCXXCompilerFlag)
@@ -48,54 +46,82 @@ option(WITH_DEV_BUILD "Use only for development. Disables/warns about deprecated
 option(WITH_ASAN "Enable address sanitizer checks (Linux / macOS only)" OFF)
 option(WITH_COVERAGE "Use to build with coverage tests (GCC only)." OFF)
 option(WITH_APP_BUNDLE "Enable Application Bundle for macOS" ON)
+option(WITH_CCACHE "Use ccache for build" OFF)
 
 set(WITH_XC_ALL OFF CACHE BOOL "Build in all available plugins")
 
 option(WITH_XC_AUTOTYPE "Include Auto-Type." ON)
 option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website icons)." OFF)
 option(WITH_XC_BROWSER "Include browser integration with keepassxc-browser." OFF)
+option(WITH_XC_BROWSER_PASSKEYS "Passkeys support for browser integration." OFF)
 option(WITH_XC_YUBIKEY "Include YubiKey support." OFF)
 option(WITH_XC_SSHAGENT "Include SSH agent support." OFF)
-option(WITH_XC_KEESHARE "Sharing integration with KeeShare (requires quazip5 for secure containers)" OFF)
+option(WITH_XC_KEESHARE "Sharing integration with KeeShare" OFF)
 option(WITH_XC_UPDATECHECK "Include automatic update checks; disable for controlled distributions" ON)
 if(UNIX AND NOT APPLE)
     option(WITH_XC_FDOSECRETS "Implement freedesktop.org Secret Storage Spec server side API." OFF)
 endif()
+option(WITH_XC_DOCS "Enable building of documentation" ON)
+
+set(WITH_XC_X11 ON CACHE BOOL "Enable building with X11 deps")
+
 if(APPLE)
-    option(WITH_XC_TOUCHID "Include TouchID support for macOS." OFF)
+    # Perform the platform checks before applying the stricter compiler flags.
+    # Otherwise the kSecAccessControlTouchIDCurrentSet deprecation warning will result in an error.
+    try_compile(XC_APPLE_COMPILER_SUPPORT_BIOMETRY
+       ${CMAKE_CURRENT_BINARY_DIR}/tiometry_test/
+       ${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_biometry_support.mm)
+    message(STATUS "Biometry compiler support: ${XC_APPLE_COMPILER_SUPPORT_BIOMETRY}")
+
+    try_compile(XC_APPLE_COMPILER_SUPPORT_TOUCH_ID
+       ${CMAKE_CURRENT_BINARY_DIR}/touch_id_test/
+       ${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_touch_id_support.mm)
+    message(STATUS "Touch ID compiler support: ${XC_APPLE_COMPILER_SUPPORT_TOUCH_ID}")
+
+    try_compile(XC_APPLE_COMPILER_SUPPORT_WATCH
+       ${CMAKE_CURRENT_BINARY_DIR}/tiometry_test/
+       ${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_watch_support.mm)
+    message(STATUS "Apple watch compiler support: ${XC_APPLE_COMPILER_SUPPORT_WATCH}")
+endif()
+
+if(WITH_CCACHE)
+    # Use the Compiler Cache (ccache) program
+    # (install with: sudo apt get ccache)
+    find_program(CCACHE_FOUND ccache)
+    if(NOT CCACHE_FOUND)
+        message(FATAL_ERROR "ccache requested but cannot be found.")
+    endif()
+    set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ${CCACHE_FOUND})
 endif()
 
 if(WITH_XC_ALL)
-    # Enable all options (except update check)
+    # Enable all options (except update check and docs)
     set(WITH_XC_AUTOTYPE ON)
     set(WITH_XC_NETWORKING ON)
     set(WITH_XC_BROWSER ON)
+    set(WITH_XC_BROWSER_PASSKEYS ON)
     set(WITH_XC_YUBIKEY ON)
     set(WITH_XC_SSHAGENT ON)
     set(WITH_XC_KEESHARE ON)
-    if(APPLE)
-        set(WITH_XC_TOUCHID ON)
-    endif()
     if(UNIX AND NOT APPLE)
         set(WITH_XC_FDOSECRETS ON)
     endif()
 endif()
 
-if(WITH_XC_SSHAGENT OR WITH_XC_KEESHARE)
-  set(WITH_XC_CRYPTO_SSH ON)
-else()
-  set(WITH_XC_CRYPTO_SSH OFF)
-endif()
-
 # Prefer WITH_XC_NETWORKING setting over WITH_XC_UPDATECHECK
 if(NOT WITH_XC_NETWORKING AND WITH_XC_UPDATECHECK)
     message(STATUS "Disabling WITH_XC_UPDATECHECK because WITH_XC_NETWORKING is disabled")
     set(WITH_XC_UPDATECHECK OFF)
 endif()
 
+if(UNIX AND NOT APPLE AND NOT WITH_XC_X11)
+    message(STATUS "Disabling WITH_XC_AUTOTYPE because WITH_XC_X11 is disabled")
+    set(WITH_XC_AUTOTYPE OFF)
+endif()
+
 set(KEEPASSXC_VERSION_MAJOR "2")
-set(KEEPASSXC_VERSION_MINOR "5")
-set(KEEPASSXC_VERSION_PATCH "3")
+set(KEEPASSXC_VERSION_MINOR "8")
+set(KEEPASSXC_VERSION_PATCH "0")
 set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION_MAJOR}.${KEEPASSXC_VERSION_MINOR}.${KEEPASSXC_VERSION_PATCH}")
 set(OVERRIDE_VERSION "" CACHE STRING "Override the KeePassXC Version for Snapshot builds")
 
@@ -121,7 +147,8 @@ execute_process(COMMAND git tag --points-at HEAD
         WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
         OUTPUT_VARIABLE GIT_TAG
         ERROR_QUIET)
-if(GIT_TAG)
+string(REGEX REPLACE "latest" "" GIT_TAG "${GIT_TAG}")
+if(GIT_TAG MATCHES "[0-9]+\.[0-9]+\.[0-9]+")
     string(STRIP "${GIT_TAG}" GIT_TAG)
     set(OVERRIDE_VERSION ${GIT_TAG})
 elseif(EXISTS ${CMAKE_SOURCE_DIR}/.version)
@@ -130,14 +157,14 @@ endif()
 
 string(REGEX REPLACE "(\r?\n)+" "" OVERRIDE_VERSION "${OVERRIDE_VERSION}")
 if(OVERRIDE_VERSION)
-    if(OVERRIDE_VERSION MATCHES "^[\\.0-9]+-(alpha|beta)[0-9]+$")
-        set(KEEPASSXC_BUILD_TYPE PreRelease)
+    if(OVERRIDE_VERSION MATCHES "^[\\.0-9]+-beta[0-9]*")
+        set(KEEPASSXC_BUILD_TYPE "PreRelease")
         set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
     elseif(OVERRIDE_VERSION MATCHES "^[\\.0-9]+$")
-        set(KEEPASSXC_BUILD_TYPE Release)
+        set(KEEPASSXC_BUILD_TYPE "Release")
         set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
     else()
-        set(KEEPASSXC_BUILD_TYPE Snapshot)
+        set(KEEPASSXC_BUILD_TYPE "Snapshot")
         set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
     endif()
 else()
@@ -161,15 +188,36 @@ message(STATUS "Setting up build for KeePassXC v${KEEPASSXC_VERSION}\n")
 # Distribution info
 set(KEEPASSXC_DIST ON)
 set(KEEPASSXC_DIST_TYPE "Other" CACHE STRING "KeePassXC Distribution Type")
-set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Other)
+set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Flatpak Other)
 if(KEEPASSXC_DIST_TYPE STREQUAL "Snap")
     set(KEEPASSXC_DIST_SNAP ON)
 elseif(KEEPASSXC_DIST_TYPE STREQUAL "AppImage")
     set(KEEPASSXC_DIST_APPIMAGE ON)
+elseif(KEEPASSXC_DIST_TYPE STREQUAL "Flatpak")
+    set(KEEPASSXC_DIST_FLATPAK ON)
 elseif(KEEPASSXC_DIST_TYPE STREQUAL "Other")
     unset(KEEPASSXC_DIST)
 endif()
 
+if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.14.0")
+    cmake_policy(SET CMP0083 NEW)
+    include(CheckPIESupported)
+    check_pie_supported()
+endif()
+
+# Find Botan early since the version affects subsequent compiler options
+find_package(Botan REQUIRED)
+if(BOTAN_VERSION VERSION_GREATER_EQUAL "3.0.0")
+    set(WITH_XC_BOTAN3 TRUE)
+elseif(BOTAN_VERSION VERSION_LESS "2.11.0")
+    # Check for minimum Botan version
+    message(FATAL_ERROR "Botan 2.11.0 or higher is required")   
+endif()
+include_directories(SYSTEM ${BOTAN_INCLUDE_DIR})
+
+# Create position independent code for shared libraries and executables
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+
 if("${CMAKE_SIZEOF_VOID_P}" EQUAL "4")
     set(IS_32BIT TRUE)
 endif()
@@ -204,31 +252,78 @@ macro(add_gcc_compiler_flags FLAGS)
     add_gcc_compiler_cflags("${FLAGS}")
 endmacro(add_gcc_compiler_flags)
 
+# Copies of above macros that first ensure the compiler understands a given flag
+# Because check_*_compiler_flag() sets -D with name, need to provide "safe" FLAGNAME
+macro(check_add_gcc_compiler_cxxflag FLAG FLAGNAME)
+    check_cxx_compiler_flag("${FLAG}" CXX_HAS${FLAGNAME})
+    if(CXX_HAS${FLAGNAME})
+        add_gcc_compiler_cxxflags("${FLAG}")
+    endif()
+endmacro(check_add_gcc_compiler_cxxflag)
+
+macro(check_add_gcc_compiler_cflag FLAG FLAGNAME)
+    check_c_compiler_flag("${FLAG}" CC_HAS${FLAGNAME})
+    if(CC_HAS${FLAGNAME})
+        add_gcc_compiler_cflags("${FLAG}")
+    endif()
+endmacro(check_add_gcc_compiler_cflag)
+
+# This is the "front-end" for the above macros
+# Optionally takes additional parameter(s) with language to check (currently "C" or "CXX")
+macro(check_add_gcc_compiler_flag FLAG)
+    string(REGEX REPLACE "[-=]" "_" FLAGNAME "${FLAG}")
+    set(check_lang_spec ${ARGN})
+    list(LENGTH check_lang_spec num_extra_args)
+    set(langs C CXX)
+    if(num_extra_args GREATER 0)
+        set(langs "${check_lang_spec}")
+    endif()
+    if("C" IN_LIST langs)
+        check_add_gcc_compiler_cflag("${FLAG}" "${FLAGNAME}")
+    endif()
+    if("CXX" IN_LIST langs)
+        check_add_gcc_compiler_cxxflag("${FLAG}" "${FLAGNAME}")
+    endif()
+endmacro(check_add_gcc_compiler_flag)
+
 add_definitions(-DQT_NO_EXCEPTIONS -DQT_STRICT_ITERATORS -DQT_NO_CAST_TO_ASCII)
+if(NOT IS_DEBUG_BUILD)
+    add_definitions(-DQT_NO_DEBUG_OUTPUT)
+endif()
 
 if(WITH_APP_BUNDLE)
     add_definitions(-DWITH_APP_BUNDLE)
 endif()
 
 add_gcc_compiler_flags("-fno-common")
+find_package(OpenMP)
+if(OpenMP_FOUND)
+    add_gcc_compiler_cflags(${OpenMP_C_FLAGS})
+    add_gcc_compiler_cxxflags(${OpenMP_CXX_FLAGS})
+endif()
 add_gcc_compiler_flags("-Wall -Wextra -Wundef -Wpointer-arith -Wno-long-long")
 add_gcc_compiler_flags("-Wformat=2 -Wmissing-format-attribute")
 add_gcc_compiler_flags("-fvisibility=hidden")
 add_gcc_compiler_cxxflags("-fvisibility-inlines-hidden")
 
 if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug")
+    check_add_gcc_compiler_flag("-Wshadow-compatible-local")
+    check_add_gcc_compiler_flag("-Wshadow-local")
     add_gcc_compiler_flags("-Werror")
+    # This is needed since compiling against Botan3 requires compiling against C++20
+    if(WITH_XC_BOTAN3)
+        add_gcc_compiler_cxxflags("-Wno-error=deprecated-enum-enum-conversion -Wno-error=deprecated")
+    endif()
 endif()
 
 if (NOT HAIKU)
-if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.8.999) OR CMAKE_COMPILER_IS_CLANGXX)
-    add_gcc_compiler_flags("-fstack-protector-strong")
-else()
-    add_gcc_compiler_flags("-fstack-protector --param=ssp-buffer-size=4")
-endif()
+    if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.8.999) OR CMAKE_COMPILER_IS_CLANGXX)
+        add_gcc_compiler_flags("-fstack-protector-strong")
+    else()
+        add_gcc_compiler_flags("-fstack-protector --param=ssp-buffer-size=4")
+    endif()
 endif()
 
-add_gcc_compiler_cxxflags("-fno-exceptions -fno-rtti")
 add_gcc_compiler_cxxflags("-Wnon-virtual-dtor -Wold-style-cast -Woverloaded-virtual")
 add_gcc_compiler_cflags("-Wchar-subscripts -Wwrite-strings")
 
@@ -251,47 +346,37 @@ if(CMAKE_BUILD_TYPE_LOWER MATCHES "(release|relwithdebinfo|minsizerel)")
     add_gcc_compiler_flags("-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2")
 endif()
 
-check_c_compiler_flag("-Werror=format-security -Werror=implicit-function-declaration" WERROR_C_AVAILABLE)
-check_cxx_compiler_flag("-Werror=format-security" WERROR_CXX_AVAILABLE)
-if(WERROR_C_AVAILABLE AND WERROR_CXX_AVAILABLE)
-    add_gcc_compiler_flags("-Werror=format-security")
-    add_gcc_compiler_cflags("-Werror=implicit-function-declaration")
-endif()
+check_add_gcc_compiler_flag("-Werror=format-security")
+check_add_gcc_compiler_flag("-Werror=implicit-function-declaration" C)
+check_add_gcc_compiler_flag("-Wcast-align")
 
-if(CMAKE_COMPILER_IS_GNUCXX)
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wcast-align")
-endif()
-
-if(WITH_COVERAGE AND CMAKE_COMPILER_IS_CLANGXX)
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-instr-generate -fcoverage-mapping")
-  # then:
-  # $ llvm-profdata merge -sparse default.profraw -o default.profdata
-  # $ llvm-cov show ./tests/${the_test_binary} \
-  #      -format=html -instr-profile=default.profdata -output-dir=./coverages \
-  #      `find src -iname '*.h' -or -iname '*.cpp'`
-endif()
-
-if(CMAKE_COMPILER_IS_GNUCC)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wcast-align")
-endif()
-
-if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
-    if(CMAKE_COMPILER_IS_CLANGXX)
-        add_gcc_compiler_flags("-Qunused-arguments")
-    endif()
-    add_gcc_compiler_flags("-pie -fPIE")
-    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--no-add-needed -Wl,--as-needed -Wl,--no-undefined")
-    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro,-z,now")
-    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--no-add-needed -Wl,--as-needed")
+if(UNIX AND NOT APPLE)
+    check_add_gcc_compiler_flag("-Qunused-arguments")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--as-needed -Wl,--no-undefined")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro,-z,now -pie")
+    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--as-needed")
     set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,-z,relro,-z,now")
 endif()
 
-add_gcc_compiler_cflags("-std=c99")
-add_gcc_compiler_cxxflags("-std=c++11")
+set(CMAKE_C_STANDARD 99)
+if(WITH_XC_BOTAN3)
+    set(CMAKE_CXX_STANDARD 20)
+else()
+    set(CMAKE_CXX_STANDARD 17)
+endif()
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
 
-if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.9.99) OR
-    (CMAKE_COMPILER_IS_CLANGXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 3.6.99))
-    add_gcc_compiler_cxxflags("-fsized-deallocation")
+check_cxx_compiler_flag("-fsized-deallocation" CXX_HAS_fsized_deallocation)
+if(CXX_HAS_fsized_deallocation)
+    # Do additional check: the deallocation functions must be there too.
+    set(CMAKE_REQUIRED_FLAGS "-fsized-deallocation")
+    check_cxx_source_compiles("#include <new>
+        int main() { void * ptr = nullptr; std::size_t size = 1; ::operator delete(ptr, size); }"
+        HAVE_DEALLOCATION_FUNCTIONS)
+    if(HAVE_DEALLOCATION_FUNCTIONS)
+        check_add_gcc_compiler_flag("-fsized-deallocation" CXX)
+    endif()
+    unset(CMAKE_REQUIRED_FLAGS)
 endif()
 
 if(APPLE AND CMAKE_COMPILER_IS_CLANGXX)
@@ -299,47 +384,69 @@ if(APPLE AND CMAKE_COMPILER_IS_CLANGXX)
 endif()
 
 if(WITH_DEV_BUILD)
-    add_definitions(-DQT_DEPRECATED_WARNINGS -DGCRYPT_NO_DEPRECATED)
+    add_definitions(-DQT_DEPRECATED_WARNINGS)
 else()
     add_definitions(-DQT_NO_DEPRECATED_WARNINGS)
     add_gcc_compiler_cxxflags("-Wno-deprecated-declarations")
 endif()
 
-if(MINGW)
-    set(CMAKE_RC_COMPILER_INIT windres)
-    enable_language(RC)
-    set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>")
-    if(NOT (CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo"))
-        # Enable DEP and ASLR
-        set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
-        set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
-        # Enable high entropy ASLR for 64-bit builds
-        if(NOT IS_32BIT)
-            set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--high-entropy-va")
-            set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--high-entropy-va")
+# MSVC specific options
+if (MSVC)
+    if(MSVC_TOOLSET_VERSION LESS 141)
+        message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!")
+    endif()
+    add_compile_options(/permissive- /utf-8 /MP)
+    if(IS_DEBUG_BUILD)
+        add_compile_options(/Zf)
+        if(MSVC_TOOLSET_VERSION GREATER 141)
+            add_compile_definitions(/fsanitize=address)
         endif()
     endif()
 endif()
 
-if(APPLE AND WITH_APP_BUNDLE OR MINGW)
+if(WIN32)
+    set(CMAKE_RC_COMPILER_INIT windres)
+    enable_language(RC)
+    if(MINGW)
+        set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>")
+    endif()
+    if(NOT IS_DEBUG_BUILD)
+        if(MSVC)
+            # By default MSVC enables NXCOMPAT
+            add_compile_options(/guard:cf)
+            add_link_options(/DYNAMICBASE /HIGHENTROPYVA /GUARD:CF)
+        else(MINGW)
+            set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
+            set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
+            # Enable high entropy ASLR for 64-bit builds
+            if(NOT IS_32BIT)
+                set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--high-entropy-va")
+                set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--high-entropy-va")
+            endif()
+        endif()
+    endif()
+endif()
+
+if(APPLE AND WITH_APP_BUNDLE OR WIN32)
     set(PROGNAME KeePassXC)
 else()
     set(PROGNAME keepassxc)
 endif()
 
-if(MINGW)
+if(WIN32)
     set(CLI_INSTALL_DIR ".")
     set(PROXY_INSTALL_DIR ".")
     set(BIN_INSTALL_DIR ".")
     set(PLUGIN_INSTALL_DIR ".")
     set(DATA_INSTALL_DIR "share")
 elseif(APPLE AND WITH_APP_BUNDLE)
-    set(CMAKE_INSTALL_MANDIR "${PROGNAME}.app/Contents/Resources/man")
-    set(CLI_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
-    set(PROXY_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
-    set(BIN_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
-    set(PLUGIN_INSTALL_DIR "${PROGNAME}.app/Contents/PlugIns")
-    set(DATA_INSTALL_DIR "${PROGNAME}.app/Contents/Resources")
+    set(BUNDLE_INSTALL_DIR "${PROGNAME}.app/Contents")
+    set(CMAKE_INSTALL_MANDIR "${BUNDLE_INSTALL_DIR}/Resources/man")
+    set(CLI_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
+    set(PROXY_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
+    set(BIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
+    set(PLUGIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/PlugIns")
+    set(DATA_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/Resources")
 else()
     include(GNUInstallDirs)
 
@@ -357,35 +464,63 @@ endif(WITH_TESTS)
 if(WITH_COVERAGE)
     # Include code coverage, use with -DCMAKE_BUILD_TYPE=Debug
     include(CodeCoverage)
-    set(COVERAGE_GCOVR_EXCLUDES
-            "\\(.+/\\)?tests/.\\*"
-            ".\\*/moc_\\[^/\\]+\\.cpp"
-            ".\\*/ui_\\[^/\\]+\\.h"
-            "\\(.+/\\)?zxcvbn/.\\*")
     append_coverage_compiler_flags()
-    setup_target_for_coverage_gcovr_html(
-            NAME coverage
-            EXECUTABLE $(MAKE) && $(MAKE) test
-    )
+
+    set(COVERAGE_EXCLUDES
+            "'^(.+/)?thirdparty/.*'"
+            "'^(.+/)?main\\.cpp$$'"
+            "'^(.+/)?cli/keepassxc-cli\\.cpp$$'"
+            "'^(.+/)?proxy/keepassxc-proxy\\.cpp$$'")
+    if(WITH_COVERAGE AND CMAKE_COMPILER_IS_CLANGXX)
+        set(MAIN_BINARIES
+                "$<TARGET_FILE:${PROGNAME}>"
+                "$<TARGET_FILE:keepassxc-cli>"
+                "$<TARGET_FILE:keepassxc-proxy>")
+        setup_target_for_coverage_llvm(
+                NAME coverage
+                BINARY ${MAIN_BINARIES}
+                SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
+        )
+    else()
+        setup_target_for_coverage_gcovr(
+                NAME coverage
+                SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
+        )
+    endif()
 endif()
 
 include(CLangFormat)
 
 set(QT_COMPONENTS Core Network Concurrent Gui Svg Widgets Test LinguistTools)
 if(UNIX AND NOT APPLE)
+    if(WITH_XC_X11)
+        list(APPEND QT_COMPONENTS X11Extras)
+    endif()
     find_package(Qt5 COMPONENTS ${QT_COMPONENTS} DBus REQUIRED)
 elseif(APPLE)
-    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED HINTS /usr/local/opt/qt/lib/cmake /usr/local/Cellar/qt/*/lib/cmake ENV PATH)
-    find_package(Qt5 COMPONENTS MacExtras HINTS /usr/local/opt/qt/lib/cmake /usr/local/Cellar/qt/*/lib/cmake ENV PATH)
+    find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED HINTS
+            /usr/local/opt/qt@5/lib/cmake
+            /usr/local/Cellar/qt@5/*/lib/cmake
+            /opt/homebrew/opt/qt@5/lib/cmake
+            ENV PATH)
+    find_package(Qt5 COMPONENTS MacExtras HINTS
+            /usr/local/opt/qt@5/lib/cmake
+            /usr/local/Cellar/qt@5/*/lib/cmake
+            /opt/homebrew/opt/qt@5/lib/cmake
+            ENV PATH)
 else()
     find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED)
 endif()
 
-if(Qt5Core_VERSION VERSION_LESS "5.2.0")
-    message(FATAL_ERROR "Qt version 5.2.0 or higher is required")
+if(Qt5Core_VERSION VERSION_LESS "5.12.0")
+    message(FATAL_ERROR "Qt version 5.12.0 or higher is required")
 endif()
 
 get_filename_component(Qt5_PREFIX ${Qt5_DIR}/../../.. REALPATH)
+if(APPLE)
+    # Add includes under Qt5 Prefix in case Qt6 is also installed
+    include_directories(SYSTEM ${Qt5_PREFIX}/include)
+endif()
 
 # Process moc automatically
 set(CMAKE_AUTOMOC ON)
@@ -396,45 +531,48 @@ set(CMAKE_AUTORCC ON)
 
 if(APPLE)
     set(CMAKE_MACOSX_RPATH TRUE)
-    find_program(MACDEPLOYQT_EXE macdeployqt HINTS ${Qt5_PREFIX}/bin ENV PATH)
+    find_program(MACDEPLOYQT_EXE macdeployqt HINTS ${Qt5_PREFIX}/bin ${Qt5_PREFIX}/tools/qt5/bin ENV PATH)
     if(NOT MACDEPLOYQT_EXE)
         message(FATAL_ERROR "macdeployqt is required to build on macOS")
-    else()
-        message(STATUS "Using macdeployqt: ${MACDEPLOYQT_EXE}")
     endif()
-elseif(MINGW)
-    find_program(WINDEPLOYQT_EXE windeployqt HINTS ${Qt5_PREFIX}/bin ENV PATH)
+    message(STATUS "Using macdeployqt: ${MACDEPLOYQT_EXE}")
+    set(MACDEPLOYQT_EXTRA_BINARIES "")
+elseif(WIN32)
+    find_program(WINDEPLOYQT_EXE windeployqt HINTS ${Qt5_PREFIX}/bin ${Qt5_PREFIX}/tools/qt5/bin ENV PATH)
     if(NOT WINDEPLOYQT_EXE)
         message(FATAL_ERROR "windeployqt is required to build on Windows")
-    else()
-        message(STATUS "Using windeployqt: ${WINDEPLOYQT_EXE}")
     endif()
+    message(STATUS "Using windeployqt: ${WINDEPLOYQT_EXE}")
 endif()
 
-# Debian sets the the build type to None for package builds.
+# Debian sets the build type to None for package builds.
 # Make sure we don't enable asserts there.
 set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_NONE QT_NO_DEBUG)
 
-find_package(LibGPGError REQUIRED)
-find_package(Gcrypt 1.7.0 REQUIRED)
-find_package(Argon2 REQUIRED)
+# Find Argon2 -- Botan 2.18 and below does not support threaded Argon2
+find_library(ARGON2_LIBRARIES NAMES argon2)
+find_path(ARGON2_INCLUDE_DIR NAMES argon2.h PATH_SUFFIXES local/include)
+include_directories(SYSTEM ${ARGON2_INCLUDE_DIR})
+
+# Find zlib
 find_package(ZLIB REQUIRED)
-find_package(QREncode REQUIRED)
-find_package(sodium 1.0.12 REQUIRED)
-
-set(CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIR})
-
 if(ZLIB_VERSION_STRING VERSION_LESS "1.2.0")
     message(FATAL_ERROR "zlib 1.2.0 or higher is required to use the gzip format")
 endif()
+include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
 
-include_directories(SYSTEM ${ARGON2_INCLUDE_DIR} ${sodium_INCLUDE_DIR})
+# Find Minizip
+find_package(Minizip REQUIRED)
 
-# Optional
 if(WITH_XC_YUBIKEY)
-    find_package(YubiKey REQUIRED)
+    find_package(PCSC REQUIRED)
+    include_directories(SYSTEM ${PCSC_INCLUDE_DIRS})
 
-    include_directories(SYSTEM ${YUBIKEY_INCLUDE_DIRS})
+    if(UNIX AND NOT APPLE)
+        find_library(LIBUSB_LIBRARIES NAMES usb-1.0 REQUIRED)
+        find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb" REQUIRED)
+        include_directories(SYSTEM ${LIBUSB_INCLUDE_DIR})
+    endif()
 endif()
 
 if(UNIX)
@@ -447,7 +585,7 @@ if(UNIX)
             HAVE_MALLOC_H)
 
     check_cxx_source_compiles("#include <malloc.h>
-    int main() { malloc_usable_size(NULL, 0); return 0; }"
+    int main() { malloc_usable_size(NULL); return 0; }"
             HAVE_MALLOC_USABLE_SIZE)
 
     check_cxx_source_compiles("#include <sys/resource.h>
@@ -467,7 +605,13 @@ if(UNIX)
     endif()
 endif()
 
-include_directories(SYSTEM ${GCRYPT_INCLUDE_DIR} ${ZLIB_INCLUDE_DIR})
+include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
+
+find_library(ZXCVBN_LIBRARIES zxcvbn)
+if(NOT ZXCVBN_LIBRARIES)
+    add_subdirectory(src/thirdparty/zxcvbn)
+    set(ZXCVBN_LIBRARIES zxcvbn)
+endif(NOT ZXCVBN_LIBRARIES)
 
 add_subdirectory(src)
 add_subdirectory(share)
@@ -475,6 +619,10 @@ if(WITH_TESTS)
     add_subdirectory(tests)
 endif(WITH_TESTS)
 
+if(WITH_XC_DOCS)
+    add_subdirectory(docs)
+endif()
+
 if(PRINT_SUMMARY)
     # This will print ENABLED, REQUIRED and DISABLED
     feature_summary(WHAT ALL)

CODE-OF-CONDUCT.md

@@ -0,0 +1,20 @@
+# Contributor Code of Conduct
+
+KeePassXC is an open project that welcomes everybody no matter their ethnicity, sex,
+sexual identity or orientation, age, socio-economic status, nationality, or religion.
+Regardless of what background you come from, feel encouraged to participate in
+the project and express your views as long you are respectful to others.
+
+We value all members of our community and so in order to ensure a harassment-free
+experience for everyone and mutual respect among members of this community, we
+impose the following simple rules:
+
+- No bullying, no insults. Any form of harassment will not be tolerated.
+- No racism, no sexism, no homophobia, no hurtful extremist views of any kind.
+- Be mindful of what you say, be diligent in how you say it.
+- Show respect and, as always, be excellent to each other.
+
+Violations of these rules or any other form of abuse can be reported confidentially
+to conduct AT keepassxc DOT org. Members who do not adhere to our code of conduct
+will be banned either permanently or until they change their ways so as to be
+compatible with a friendly, open, and inclusive community.

COPYING

@@ -1,5 +1,5 @@
 KeePassXC - http://www.keepassxc.org/
-Copyright (C) 2016-2019 KeePassXC Team <team@keepassxc.org>
+Copyright (C) 2016-2023 KeePassXC Team <team@keepassxc.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -27,196 +27,229 @@ Copyright: 2010-2012, Felix Geyer <debfx@fobos.de>
            2000-2008, Tom Sato <VEF00200@nifty.ne.jp>
            2013, Laszlo Papp <lpapp@kde.org>
            2013, David Faure <faure@kde.org>
-           2016-2019, KeePassXC Team <team@keepassxc.org>
+           2016-2023, KeePassXC Team <team@keepassxc.org>
 License: GPL-2 or GPL-3
 
 Comment: The "KeePassXC Team" in every copyright notice is formed by the following people:
            - droidmonkey
            - phoerious
-           - TheZ3ro <io@thezero.org>
+           - varjolintu
+           - hifi
            - louib
-           - weslly
          Every other contributor is listed on https://github.com/keepassxreboot/keepassxc/graphs/contributors
 
-Files: cmake/GNUInstallDirs.cmake
-Copyright: 2011 Nikita Krupen'ko <krnekit@gmail.com>
-           2011 Kitware, Inc.
-License: BSD-3-clause
-
 Files: cmake/CodeCoverage.cmake
 Copyright: 2012 - 2015, Lars Bilke
 License: BSD-3-clause
 
-Files: cmake/FindYubiKey.cmake
-Copyright: 2014 Kyle Manna <kyle@kylemanna.com>
-License: GPL-2 or GPL-3
+Files: cmake/FindBotan.cmake
+Copyright: none
+License: LGPL-2.1
 
 Files: cmake/GenerateProductVersion.cmake
 Copyright: 2015 halex2005 <akharlov@gmail.com>
 License: MIT
 
-Files: share/icons/application/*/apps/keepassxc.png
-       share/icons/application/scalable/apps/keepassxc.svg
-       share/icons/application/*/apps/keepassxc-dark.png
+Files: share/icons/application/scalable/apps/keepassxc.svg
        share/icons/application/scalable/apps/keepassxc-dark.svg
-       share/icons/application/*/apps/keepassxc-locked.png
        share/icons/application/scalable/apps/keepassxc-locked.svg
-       share/icons/application/*/apps/keepassxc-unlocked.png
        share/icons/application/scalable/apps/keepassxc-unlocked.svg
-       share/icons/application/*/mimetypes/application-x-keepassxc.png
        share/icons/application/scalable/mimetypes/application-x-keepassxc.svg
 Copyright: 2016, Lorenzo Stella <lorenzo.stl@gmail.com>
 License: LGPL-2
 
-Files: share/icons/application/*/actions/auto-type.png
-       share/icons/application/*/actions/database-change-key.png
-       share/icons/application/*/actions/entry-clone.png
-       share/icons/application/*/actions/entry-edit.png
-       share/icons/application/*/actions/entry-new.png
-       share/icons/application/*/actions/group-empty-trash.png
-       share/icons/application/*/actions/help-about.png
-       share/icons/application/*/actions/password-generate.png
-       share/icons/database/C00_Password.png
-       share/icons/database/C01_Package_Network.png
-       share/icons/database/C02_MessageBox_Warning.png
-       share/icons/database/C03_Server.png
-       share/icons/database/C04_Klipper.png
-       share/icons/database/C05_Edu_Languages.png
-       share/icons/database/C06_KCMDF.png
-       share/icons/database/C07_Kate.png
-       share/icons/database/C08_Socket.png
-       share/icons/database/C09_Identity.png
-       share/icons/database/C10_Kontact.png
-       share/icons/database/C11_Camera.png
-       share/icons/database/C12_IRKickFlash.png
-       share/icons/database/C13_KGPG_Key3.png
-       share/icons/database/C14_Laptop_Power.png
-       share/icons/database/C15_Scanner.png
-       share/icons/database/C16_Mozilla_Firebird.png
-       share/icons/database/C17_CDROM_Unmount.png
-       share/icons/database/C18_Display.png
-       share/icons/database/C19_Mail_Generic.png
-       share/icons/database/C20_Misc.png
-       share/icons/database/C21_KOrganizer.png
-       share/icons/database/C22_ASCII.png
-       share/icons/database/C23_Icons.png
-       share/icons/database/C24_Connect_Established.png
-       share/icons/database/C25_Folder_Mail.png
-       share/icons/database/C26_FileSave.png
-       share/icons/database/C27_NFS_Unmount.png
-       share/icons/database/C28_QuickTime.png
-       share/icons/database/C29_KGPG_Term.png
-       share/icons/database/C30_Konsole.png
-       share/icons/database/C31_FilePrint.png
-       share/icons/database/C32_FSView.png
-       share/icons/database/C33_Run.png
-       share/icons/database/C34_Configure.png
-       share/icons/database/C35_KRFB.png
-       share/icons/database/C36_Ark.png
-       share/icons/database/C37_KPercentage.png
-       share/icons/database/C38_Samba_Unmount.png
-       share/icons/database/C39_History.png
-       share/icons/database/C40_Mail_Find.png
-       share/icons/database/C41_VectorGfx.png
-       share/icons/database/C42_KCMMemory.png
-       share/icons/database/C43_EditTrash.png
-       share/icons/database/C44_KNotes.png
-       share/icons/database/C45_Cancel.png
-       share/icons/database/C46_Help.png
-       share/icons/database/C47_KPackage.png
-       share/icons/database/C48_Folder.png
-       share/icons/database/C49_Folder_Blue_Open.png
-       share/icons/database/C50_Folder_Tar.png
-       share/icons/database/C51_Decrypted.png
-       share/icons/database/C52_Encrypted.png
-       share/icons/database/C53_Apply.png
-       share/icons/database/C54_Signature.png
-       share/icons/database/C55_Thumbnail.png
-       share/icons/database/C56_KAddressBook.png
-       share/icons/database/C57_View_Text.png
-       share/icons/database/C58_KGPG.png
-       share/icons/database/C59_Package_Development.png
-       share/icons/database/C60_KFM_Home.png
-       share/icons/database/C61_Services.png
-Copyright: 2003-2004, David Vignoni <david@icon-king.com>
-License: LGPL-2.1
-Comment: from Nuvola icon theme
-
-Files: share/icons/application/*/actions/entry-delete.png
-       share/icons/application/*/actions/group-delete.png
-       share/icons/application/*/actions/group-edit.png
-       share/icons/application/*/actions/group-new.png
-Copyright: 2003-2004, David Vignoni <david@icon-king.com>
-           2012, Felix Geyer <debfx@fobos.de>
-License: LGPL-2.1
-Comment: based on Nuvola icon theme
-
-Files: share/icons/application/*/actions/favicon-download.png
-Copyright: 2003-2004, David Vignoni <david@icon-king.com>
-           2018, Kyle Kneitinger <kyle@kneit.in>
-License: LGPL-2.1
-Comment: based on Nuvola icon theme
-
-Files: share/icons/application/*/actions/application-exit.png
-       share/icons/application/*/actions/chronometer.png
-       share/icons/application/*/actions/configure.png
-       share/icons/application/*/actions/database-lock.png
-       share/icons/application/*/actions/dialog-close.png
-       share/icons/application/*/actions/dialog-ok.png
-       share/icons/application/*/actions/document-close.png
-       share/icons/application/*/actions/document-edit.png
-       share/icons/application/*/actions/document-new.png
-       share/icons/application/*/actions/document-open.png
-       share/icons/application/*/actions/document-properties.png
-       share/icons/application/*/actions/document-save.png
-       share/icons/application/*/actions/document-save-as.png
-       share/icons/application/*/actions/edit-clear-locationbar-ltr.png
-       share/icons/application/*/actions/edit-clear-locationbar-rtl.png
-       share/icons/application/*/actions/key-enter.png
-       share/icons/application/*/actions/password-generator.png
-       share/icons/application/*/actions/password-copy.png
-       share/icons/application/*/actions/password-show-*.png
-       share/icons/application/*/actions/system-search.png
-       share/icons/application/*/actions/username-copy.png
-       share/icons/application/*/actions/view-history.png
-       share/icons/application/*/apps/internet-web-browser.png
-       share/icons/application/*/apps/preferences-desktop-icons.png
-       share/icons/application/*/apps/utilities-terminal.png
-       share/icons/application/*/categories/preferences-other.png
-       share/icons/application/*/status/dialog-error.png
-       share/icons/application/*/status/dialog-information.png
-       share/icons/application/*/status/dialog-warning.png
-       share/icons/application/*/status/security-high.png
-       share/icons/svg/*.svg
-Copyright: 2007, Nuno Pinheiro <nuno@oxygen-icons.org>
-           2007, David Vignoni <david@icon-king.com>
-           2007, David Miller <miller@oxygen-icons.org>
-           2007, Johann Ollivier Lapeyre <johann@oxygen-icons.org>
-           2007, Kenneth Wimer <kwwii@bootsplash.org>
-           2007, Riccardo Iaconelli <riccardo@oxygen-icons.org>
-License: LGPL-3+
-Comment: from Oxygen icon theme (http://www.oxygen-icons.org/)
-
-Files: share/icons/database/C62_Tux.png
-       share/icons/database/C63_Feather.png
-       share/icons/database/C64_Apple.png
-       share/icons/database/C67_Certificate.png
-       share/icons/database/C68_BlackBerry.png
-Copyright: Mairin Duffy
-           Sarah Owens
-           James Birkett
-           Dominik Reichl
-License: CC0
-Comment: C62_Tux.png from https://openclipart.org/detail/103855
-         C63_Feather.png from http://openclipart.org/detail/122017
-         C64_Apple.png based on http://openclipart.org/detail/24319
-         C67_Certificate.png based on https://openclipart.org/detail/16729
-         C68_BlackBerry.png from https://openclipart.org/detail/4465
-
-Files: share/icons/database/C65_W.png
-       share/icons/database/C66_Money.png
+Files: share/icons/database/C00_Password.svg
+       share/icons/database/C01_Package_Network.svg
+       share/icons/database/C02_MessageBox_Warning.svg
+       share/icons/database/C03_Server.svg
+       share/icons/database/C04_Klipper.svg
+       share/icons/database/C05_Edu_Languages.svg
+       share/icons/database/C06_KCMDF.svg
+       share/icons/database/C08_Socket.svg
+       share/icons/database/C09_Identity.svg
+       share/icons/database/C10_Kontact.svg
+       share/icons/database/C11_Camera.svg
+       share/icons/database/C12_IRKickFlash.svg
+       share/icons/database/C13_KGPG_Key3.svg
+       share/icons/database/C14_Laptop_Power.svg
+       share/icons/database/C15_Scanner.svg
+       share/icons/database/C16_Mozilla_Firebird.svg
+       share/icons/database/C19_Mail_Generic.svg
+       share/icons/database/C20_Misc.svg
+       share/icons/database/C21_KOrganizer.svg
+       share/icons/database/C22_ASCII.svg
+       share/icons/database/C23_Icons.svg
+       share/icons/database/C24_Connect_Established.svg
+       share/icons/database/C25_Folder_Mail.svg
+       share/icons/database/C28_QuickTime.svg
+       share/icons/database/C29_KGPG_Term.svg
+       share/icons/database/C30_Konsole.svg
+       share/icons/database/C31_FilePrint.svg
+       share/icons/database/C32_FSView.svg
+       share/icons/database/C33_Run.svg
+       share/icons/database/C34_Configure.svg
+       share/icons/database/C36_Ark.svg
+       share/icons/database/C39_History.svg
+       share/icons/database/C40_Mail_Find.svg
+       share/icons/database/C41_VectorGfx.svg
+       share/icons/database/C42_KCMMemory.svg
+       share/icons/database/C43_EditTrash.svg
+       share/icons/database/C47_KPackage.svg
+       share/icons/database/C48_Folder.svg
+       share/icons/database/C49_Folder_Blue_Open.svg
+       share/icons/database/C50_Folder_Tar.svg
+       share/icons/database/C55_Thumbnail.svg
+       share/icons/database/C56_KAddressBook.svg
+       share/icons/database/C57_View_Text.svg
+       share/icons/database/C58_KGPG.svg
+       share/icons/database/C59_Package_Development.svg
+       share/icons/database/C60_KFM_Home.svg
+       share/icons/database/C62_Tux.svg
+       share/icons/database/C63_Feather.svg
+       share/icons/database/C65_W.svg
+       share/icons/database/C67_Certificate.svg
+       share/icons/database/C68_BlackBerry.svg
 Copyright: none
-License: public-domain
+License: MIT
+Comment: Taken from https://github.com/icons8/flat-color-icons
+
+Files: share/icons/badges/0_ShareActive.svg
+       share/icons/badges/1_ShareInactive.svg
+       share/icons/database/C07_Kate.svg
+       share/icons/database/C17_CDROM_Unmount.svg
+       share/icons/database/C18_Display.svg
+       share/icons/database/C26_FileSave.svg
+       share/icons/database/C27_NFS_Unmount.svg
+       share/icons/database/C35_KRFB.svg
+       share/icons/database/C38_Samba_Unmount.svg
+       share/icons/database/C44_KNotes.svg
+       share/icons/database/C51_Decrypted.svg
+       share/icons/database/C52_Encrypted.svg
+       share/icons/database/C54_Signature.svg
+       share/icons/database/C66_Money.svg
+Copyright: none
+License: CC0
+Comment: Taken from https://github.com/paomedia/small-n-flat
+
+Files: share/icons/badges/2_Expired.svg
+       share/icons/database/C37_KPercentage.svg
+       share/icons/database/C45_Cancel.svg
+       share/icons/database/C46_Help.svg
+       share/icons/database/C53_Apply.svg
+       share/icons/database/C61_Services.svg
+       share/icons/application/scalable/actions/proton.svg
+Copyright: 2022 KeePassXC Team <team@keepassxc.org>
+License: MIT
+
+Files: share/icons/application/scalable/actions/application-exit.svg
+       share/icons/application/scalable/actions/arrow-collapse-down.svg
+       share/icons/application/scalable/actions/attributes-copy.svg
+       share/icons/application/scalable/actions/auto-type.svg
+       share/icons/application/scalable/actions/bitwarden.svg
+       share/icons/application/scalable/actions/bugreport.svg
+       share/icons/application/scalable/actions/chevron-double-down.svg
+       share/icons/application/scalable/actions/chevron-double-right.svg
+       share/icons/application/scalable/actions/clipboard-text.svg
+       share/icons/application/scalable/actions/configure.svg
+       share/icons/application/scalable/actions/csv.svg
+       share/icons/application/scalable/actions/database-change-key.svg
+       share/icons/application/scalable/actions/database-lock.svg
+       share/icons/application/scalable/actions/database-lock-all.svg
+       share/icons/application/scalable/actions/database-merge.svg
+       share/icons/application/scalable/actions/database-search.svg
+       share/icons/application/scalable/actions/database-settings.svg
+       share/icons/application/scalable/actions/dialog-close.svg
+       share/icons/application/scalable/actions/dialog-ok.svg
+       share/icons/application/scalable/actions/document-close.svg
+       share/icons/application/scalable/actions/document-edit.svg
+       share/icons/application/scalable/actions/document-export.svg
+       share/icons/application/scalable/actions/document-import.svg
+       share/icons/application/scalable/actions/document-new.svg
+       share/icons/application/scalable/actions/document-open.svg
+       share/icons/application/scalable/actions/document-open-recent.svg
+       share/icons/application/scalable/actions/document-properties.svg
+       share/icons/application/scalable/actions/document-save.svg
+       share/icons/application/scalable/actions/document-save-as.svg
+       share/icons/application/scalable/actions/document-save-copy.svg
+       share/icons/application/scalable/actions/donate.svg
+       share/icons/application/scalable/actions/edit-clear-locationbar-ltr.svg
+       share/icons/application/scalable/actions/edit-clear-locationbar-rtl.svg
+       share/icons/application/scalable/actions/entry-clone.svg
+       share/icons/application/scalable/actions/entry-delete.svg
+       share/icons/application/scalable/actions/entry-restore.svg
+       share/icons/application/scalable/actions/entry-edit.svg
+       share/icons/application/scalable/actions/entry-expire.svg
+       share/icons/application/scalable/actions/entry-new.svg
+       share/icons/application/scalable/actions/favicon-download.svg
+       share/icons/application/scalable/actions/fingerprint.svg
+       share/icons/application/scalable/actions/getting-started.svg
+       share/icons/application/scalable/actions/group-delete.svg
+       share/icons/application/scalable/actions/group-edit.svg
+       share/icons/application/scalable/actions/group-clone.svg
+       share/icons/application/scalable/actions/group-empty-trash.svg
+       share/icons/application/scalable/actions/group-new.svg
+       share/icons/application/scalable/actions/hammer-wrench.svg
+       share/icons/application/scalable/actions/health.svg
+       share/icons/application/scalable/actions/help-about.svg
+       share/icons/application/scalable/actions/lock-question.svg
+       share/icons/application/scalable/actions/keyboard-shortcuts.svg
+       share/icons/application/scalable/actions/message-close.svg
+       share/icons/application/scalable/actions/move-down.svg
+       share/icons/application/scalable/actions/move-up.svg
+       share/icons/application/scalable/actions/object-locked.svg
+       share/icons/application/scalable/actions/object-unlocked.svg
+       share/icons/application/scalable/actions/onepassword.svg
+       share/icons/application/scalable/actions/paperclip.svg
+       share/icons/application/scalable/actions/password-copy.svg
+       share/icons/application/scalable/actions/passkey.svg
+       share/icons/application/scalable/actions/password-generator.svg
+       share/icons/application/scalable/actions/password-show-off.svg
+       share/icons/application/scalable/actions/password-show-on.svg
+       share/icons/application/scalable/actions/qrcode.svg
+       share/icons/application/scalable/actions/refresh.svg
+       share/icons/application/scalable/actions/remote-sync.svg
+       share/icons/application/scalable/actions/reports.svg
+       share/icons/application/scalable/actions/reports-exclude.svg
+       share/icons/application/scalable/actions/sort-alphabetical-ascending.svg
+       share/icons/application/scalable/actions/sort-alphabetical-descending.svg
+       share/icons/application/scalable/actions/statistics.svg
+       share/icons/application/scalable/actions/system-help.svg
+       share/icons/application/scalable/actions/system-search.svg
+       share/icons/application/scalable/actions/system-software-update.svg
+       share/icons/application/scalable/actions/tag.svg
+       share/icons/application/scalable/actions/tag-multiple.svg
+       share/icons/application/scalable/actions/tag-search.svg
+       share/icons/application/scalable/actions/totp.svg
+       share/icons/application/scalable/actions/totp-copy.svg
+       share/icons/application/scalable/actions/totp-copy-password.svg
+       share/icons/application/scalable/actions/totp-edit.svg
+       share/icons/application/scalable/actions/trash.svg
+       share/icons/application/scalable/actions/url-copy.svg
+       share/icons/application/scalable/actions/user-guide.svg
+       share/icons/application/scalable/actions/username-copy.svg
+       share/icons/application/scalable/actions/view-history.svg
+       share/icons/application/scalable/actions/web.svg
+       share/icons/application/scalable/actions/yubikey-refresh.svg
+       share/icons/application/scalable/apps/internet-web-browser.svg
+       share/icons/application/scalable/apps/keepassxc.svg
+       share/icons/application/scalable/apps/keepassxc-dark.svg
+       share/icons/application/scalable/apps/keepassxc-locked.svg
+       share/icons/application/scalable/apps/keepassxc-unlocked.svg
+       share/icons/application/scalable/apps/preferences-desktop-icons.svg
+       share/icons/application/scalable/apps/preferences-system-network-sharing.svg
+       share/icons/application/scalable/apps/utilities-terminal.svg
+       share/icons/application/scalable/categories/preferences-other.svg
+       share/icons/application/scalable/mimetypes/application-x-keepassxc.svg
+       share/icons/application/scalable/status/dialog-error.svg
+       share/icons/application/scalable/status/dialog-information.svg
+       share/icons/application/scalable/status/dialog-warning.svg
+       share/icons/application/scalable/status/security-high.svg
+       share/icons/application/scalable/actions/lock-open-alert.svg
+       share/icons/application/scalable/actions/lock-open.svg
+       share/icons/application/scalable/actions/lock.svg
+Copyright: 2023 Pictogrammers <https://pictogrammers.com/docs/general/about/>
+License: Apache-2.0
+Comment: Some icons are modified to fit KeePassXC design (https://pictogrammers.com/library/mdi/)
 
 Files: src/streams/qtiocompressor.*
        src/streams/QtIOCompressor
@@ -224,11 +257,7 @@ Files: src/streams/qtiocompressor.*
 Copyright: 2009-2012, Nokia Corporation and/or its subsidiary(-ies)
 License: LGPL-2.1 or GPL-3
 
-Files: cmake/GetGitRevisionDescription.cmake*
-Copyright: 2009-2010, Iowa State University
-License: Boost-1.0
-
-Files: src/zxcvbn/zxcvbn.*
+Files: src/thirdparty/zxcvbn/zxcvbn.*
 Copyright: 2015-2017, Tony Evans
 License: MIT
 
@@ -238,7 +267,7 @@ Copyright: 2011 Aurélien Gâteau <agateau@kde.org>
            2014 Dominik Haumann <dhaumann@kde.org>
 License: LGPL-2.1
 
-Files: share/macosx/dmg-background.tiff
+Files: share/macosx/background.tiff
 Copyright: 2008-2014, Andrey Tarantsov
 License: MIT
 
@@ -246,10 +275,13 @@ Files: share/icons/application/scalable/apps/freedesktop.svg
 Copyright: GPL-2+
 Comment: from Freedesktop.org website
 
-Files: share/icons/application/32x32/actions/statistics.png
-Copyright: Icon made by Freepik from https://www.flaticon.com/free-icon/bars-chart_265733
+Files: share/icons/application/scalable/actions/hibp.svg
+       share/icons/database/C64_Apple.svg
+Copyright: GPL-2+
+Comment: from the Simple Icons repo (https://github.com/simple-icons/simple-icons/)
 
-Files: share/icons/application/scalable/actions/object-locked.svg
-       share/icons/application/scalable/actions/object-unlocked.svg
-License: LGPL-3
-Comment: from Breeze icon theme (https://github.com/KDE/breeze-icons)
+Files: src/thirdparty/ykcore/yk*
+       src/thirdparty/ykcore/yubikey.h
+Copyright: 2006-2015, Yubico AB
+License: BSD-2-Clause
+Comment: from the yubikey-personalization repo (https://github.com/Yubico/yubikey-personalization)

INSTALL.md

@@ -2,150 +2,141 @@ Build and Install KeePassXC
 =================
 
 This document will guide you through the steps to build and install KeePassXC from source.
-You can visit the online version of this document at the following link:
+For more information, see also the [_Building KeePassXC_](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC) page on the wiki.
 
-https://github.com/keepassxreboot/keepassx/wiki/Install-Instruction-from-Source
+The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download).
 
-The [KeePassXC QuickStart](./docs/QUICKSTART.md) gets you started using KeePassXC on your
-Windows, Mac, or Linux computer using the pre-built binaries.
-
-Build Dependencies
-==================
-
-The following tools must exist within your PATH:
-
-* make
-* cmake (>= 2.8.12)
-* g++ (>= 4.7) or clang++ (>= 3.0)
-
-The following libraries are required:
-
-* Qt 5 (>= 5.2): qtbase and qttools5
-* libgcrypt (>= 1.6)
-* zlib
-* libmicrohttpd
-* libxi, libxtst, qtx11extras (optional for auto-type on X11)
-* libsodium (>= 1.0.12)
-* libargon2
-* qrencode
-* yubikey ykpers (optional to support YubiKey)
-
-Prepare the Building Environment
+Toolchain and Build Dependencies
 ================================
 
-* [Building Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux)
-* [Building Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
-* [Building Environment on MacOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-OS-X)
+The following build tools must exist within your PATH:
+
+* cmake (>= 3.10.0)
+* make (>= 4.2) or ninja (>= 1.10)
+* g++ (>= 4.9) or clang++ (>= 6.0)
+* asciidoctor (>= 2.0)
+
+* Besides a working C++ toolchain, KeePassXC also has a number of direct build and runtime dependencies. For detailed information about how to install them, please refer to the GitHub wiki:
+
+* [Set up Build Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux)
+* [Set up Build Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
+* [Set up Build Environment on macOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS)
 
 Build Steps
 ===========
 We recommend using the release tool to perform builds, please read up-to-date instructions [on our wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#building-using-the-release-tool).
 
-To compile from source, open a **Terminal (on Linux/MacOS)** or a **MSYS2-MinGW shell (on Windows)**<br/>
-**Note:** on Windows make sure you are using a **MINGW shell** by checking the label before the current path
+To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Command Prompt (Windows)**, or **MSYS2-MinGW shell (Windows)**. For code development on Windows, you can use Visual Studio 2022, Visual Studio Code, or CLion.
 
-First, download the KeePassXC [source tarball](https://keepassxc.org/download#source)
-or check out the latest version from our [Git repository](https://github.com/keepassxreboot/keepassxc).
+1. Download the KeePassXC [source tarball](https://keepassxc.org/download#source) or check out the latest version from our [Git repository](https://github.com/keepassxreboot/keepassxc).
 
-To clone the project from Git, `cd` to a suitable location and run
+   To clone the project from Git, `cd` to a suitable location and run
 
-```bash
-git clone https://github.com/keepassxreboot/keepassxc.git
-```
+   ```
+   git clone https://github.com/keepassxreboot/keepassxc.git
+   ```
 
-This will clone the entire contents of the repository and check out the current `develop` branch.
+   This will clone the entire contents of the repository and check out the current `develop` branch.
 
-To update the project from within the project's folder, you can run the following command:
+   To update the project from within the project's folder, you can run the following command:
 
-```bash
-git pull
-```
+   ```
+   git pull
+   ```
 
-For a stable build, it is recommended to checkout the master branch.
+   For a stable build, it is recommended to check out the `latest` tag.
 
-```bash
-git checkout master
-```
+   ```
+   git checkout latest
+   ```
 
-Navigate to the directory where you have downloaded KeePassXC and type these commands:
+2. Navigate to the directory where you have downloaded KeePassXC and run:
+
+   ```
+   mkdir build
+   cd build
+   cmake -DWITH_XC_ALL=ON ..
+   make
+   ```
+      
+If you have `vcpkg` installed, add `-DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake` to the `cmake` command to automatically download and install all required build and runtime dependencies locally to your build directory before compiling KeePassXC. Using `vcpkg` is the preferred way to install dependencies on macOS and required on Windows if using the MSVC toolchain.
+
+For more detailed build instructions for each platform, please refer to the [GitHub wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
+
+Note: These steps place the compiled KeePassXC binary inside the `./build/src/` directory (`src/KeePassXC.app/Contents/MacOS` on macOS).
+
+## MacOS Build Notes
+
+If you installed Qt@5 via Homebrew and CMake fails to find your Qt installation, you can specify it manually by adding the following parameter:
+
+`-DCMAKE_PREFIX_PATH=$(brew --prefix qt@5)/lib/cmake`
+
+When building with ASAN support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (LSAN is no supported on macOS).
+
+## Windows Build Notes
+
+If you are using MSYS2, you have to add ```-G "MSYS Makefiles"``` at the beginning of the cmake command.
+
+CMake Configuration Options
+==========================
+
+## Recommended CMake Build Parameters
 
 ```
-cd directory-where-sources-live
-mkdir build
-cd build
-cmake -DWITH_XC_ALL=ON ..
-make
+-DCMAKE_VERBOSE_MAKEFILE=ON
+-DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
+-DWITH_GUI_TESTS=ON
 ```
 
-If you are on Windows, you may have to add ```-G "MSYS Makefiles"``` to the beginning of the cmake command. See the [Windows Build Instructions](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#windows) for more information.
+## Additional CMake Parameters
 
-These steps place the compiled KeePassXC binary inside the `./build/src/` directory.
-(Note the cmake notes/options below.)
+KeePassXC comes with a variety of build options that can turn on/off features. Most notably, we allow you to build the application with all TCP/IP networking code disabled. Please note that we still require and link against Qt5's network library in order to use local named pipes on all operating systems. Each of these build options are supplied at the time of calling cmake:
 
-**Cmake Notes:**
+```
+-DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
+-DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
+-DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
+-DWITH_XC_BROWSER_PASSKEYS=[ON|OFF] Enable/Disable Passkeys support for browser integration (default: OFF)
+-DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
+-DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
+-DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)
+-DWITH_XC_KEESHARE=[ON|OFF] Enable/Disable KeeShare group synchronization extension (default: OFF)
+-DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF)
 
-* Common cmake parameters
+-DWITH_XC_UPDATECHECK=[ON|OFF] Enable/Disable automatic updating checking (requires WITH_XC_NETWORKING) (default: ON)
 
-	```
-	-DCMAKE_INSTALL_PREFIX=/usr/local
-	-DCMAKE_VERBOSE_MAKEFILE=ON
-	-DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
-	-DWITH_GUI_TESTS=ON
-	```
+-DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
+-DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
+-DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
+-DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
+-DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
+-DWITH_APP_BUNDLE=[ON|OFF] Enable Application Bundle for macOS (default: ON)
 
-* cmake accepts the following options:
-
-	```
-	  -DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
-	  -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
-	  -DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
-	  -DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
-	  -DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
-	  -DWITH_XC_TOUCHID=[ON|OFF] (macOS Only) Enable/Disable Touch ID unlock (default:OFF)
-	  -DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)
-	  -DWITH_XC_KEESHARE=[ON|OFF] Enable/Disable KeeShare group synchronization extension (default: OFF)
-	  -DWITH_XC_KEESHARE_SECURE=[ON|OFF] Enable/Disable KeeShare signed containers, requires libquazip5 (default: OFF)
-	  -DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF)
-	  
-	  -DWITH_XC_UPDATECHECK=[ON|OFF] Enable/Disable automatic updating checking (requires WITH_XC_NETWORKING) (default: ON)
-
-	  -DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
-	  -DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
-	  -DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
-	  -DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
-	  -DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
-	  -DWITH_APP_BUNDLE=[ON|OFF] Enable Application Bundle for macOS (default: ON)
-
-	  -DKEEPASSXC_BUILD_TYPE=[Snapshot|PreRelease|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
-	  -DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Other] Specify the distribution method (default: "Other")
-	  -DOVERRIDE_VERSION=[X.X.X] Specify a version number when building. Used with snapshot builds (default: "")
-	  -DGIT_HEAD_OVERRIDE=[XXXXXXX] Specify the 7 digit git commit ref for this build. Used with distribution builds (default: "")
-	```
-
-* If you are on MacOS you must add this parameter to **Cmake**, with the Qt version you have installed<br/> `-DCMAKE_PREFIX_PATH=/usr/local/Cellar/qt5/5.6.2/lib/cmake/`
-
-:exclamation: When building with ASan support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (no LSan support in macOS).
+-DKEEPASSXC_BUILD_TYPE=[Snapshot|PreRelease|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
+-DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Other] Specify the distribution method (default: "Other")
+-DOVERRIDE_VERSION=[X.X.X] Specify a version number when building. Used with snapshot builds (default: "")
+-DGIT_HEAD_OVERRIDE=[XXXXXXX] Specify the 7 digit git commit ref for this build. Used with distribution builds (default: "")
+```
 
 Installation
 ============
 
 After you have successfully built KeePassXC, install the binary by executing the following:
 
-```bash
+```
 sudo make install
 ```
 
-You can specify the destination dir with
-```
-DESTDIR=X
-```
-
-
 Packaging
 =========
 
-You can create a package to redistribute KeePassXC (zip, deb, rpm, dmg, etc..). Refer to [keepassxc-packaging](https://github.com/keepassxreboot/keepassxc-packaging)
+You can create a package to redistribute KeePassXC (zip, deb, rpm, dmg, etc..). Refer to [keepassxc-packaging](https://github.com/keepassxreboot/keepassxc-packaging) for packaging scripts.
 
+To package using CMake, run the following command using whichever [generators](https://cmake.org/cmake/help/latest/manual/cpack-generators.7.html) you would like to package with.
+
+```
+cpack -G "ZIP;WIX"
+```
 
 Testing
 =======
@@ -155,7 +146,7 @@ You can perform tests on the built executables with:
 make test ARGS+="--output-on-failure"
 ```
 
-If you are not currently running on an X Server or Wayland, run the tests as follows:
+On Linux, if you are not currently running on an X Server or Wayland, run the tests as follows:
 ```
 make test ARGS+="-E test\(cli\|gui\) --output-on-failure"
 xvfb-run -e errors -a --server-args="-screen 0 1024x768x24" make test ARGS+="-R test\(cli\|gui\) --output-on-failure"

LICENSE.BOOST-1.0

@@ -1,23 +0,0 @@
-Boost Software License - Version 1.0 - August 17th, 2003
-
-Permission is hereby granted, free of charge, to any person or organization
-obtaining a copy of the software and accompanying documentation covered by
-this license (the "Software") to use, reproduce, display, distribute,
-execute, and transmit the Software, and to prepare derivative works of the
-Software, and to permit third-parties to whom the Software is furnished to
-do so, all subject to the following:
-
-The copyright notices in the Software and this entire statement, including
-the above license grant, this restriction and the following disclaimer,
-must be included in all copies of the Software, in whole or in part, and
-all derivative works of the Software, unless such copies or derivative
-works are solely in the form of machine-executable object code generated by
-a source language processor.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
-SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
-FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.

LICENSE.GPL-2

@@ -1,12 +1,12 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
 
  Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
-			    Preamble
+                            Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -56,7 +56,7 @@ patent must be licensed for everyone's free use or not licensed at all.
   The precise terms and conditions for copying, distribution and
 modification follow.
 
-		    GNU GENERAL PUBLIC LICENSE
+                    GNU GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License applies to any program or other work which contains
@@ -255,7 +255,7 @@ make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
 
-			    NO WARRANTY
+                            NO WARRANTY
 
   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
@@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
-		     END OF TERMS AND CONDITIONS
+                     END OF TERMS AND CONDITIONS
 
-	    How to Apply These Terms to Your New Programs
+            How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it

LICENSE.GPL-3

@@ -1,12 +1,11 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
 
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
-			    Preamble
+                            Preamble
 
   The GNU General Public License is a free, copyleft license for
 software and other kinds of works.
@@ -69,7 +68,7 @@ patents cannot be used to render the program non-free.
   The precise terms and conditions for copying, distribution and
 modification follow.
 
-		       TERMS AND CONDITIONS
+                       TERMS AND CONDITIONS
 
   0. Definitions.
 
@@ -77,7 +76,7 @@ modification follow.
 
   "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
- 
+
   "The Program" refers to any copyrightable work licensed under this
 License.  Each licensee is addressed as "you".  "Licensees" and
 "recipients" may be individuals or organizations.
@@ -510,7 +509,7 @@ actual knowledge that, but for the patent license, your conveying the
 covered work in a country, or your recipient's use of the covered work
 in a country, would infringe one or more identifiable patents in that
 country that you have reason to believe are valid.
-  
+
   If, pursuant to or in connection with a single transaction or
 arrangement, you convey, or propagate by procuring conveyance of, a
 covered work, and grant a patent license to some of the parties
@@ -619,9 +618,9 @@ an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
 
-		     END OF TERMS AND CONDITIONS
+                     END OF TERMS AND CONDITIONS
 
-	    How to Apply These Terms to Your New Programs
+            How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@@ -646,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found.
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -665,12 +664,11 @@ might be different; for a GUI interface, you would use an "about box".
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.
 
   The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
-
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

LICENSE.LGPL-2.1

@@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
 that what they have is not the original version, so that the original
 author's reputation will not be affected by problems that might be
 introduced by others.
-
+
   Finally, software patents pose a constant threat to the existence of
 any free program.  We wish to make sure that a company cannot
 effectively restrict the users of a free program by obtaining a
@@ -111,7 +111,7 @@ modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
-
+
                   GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
@@ -158,7 +158,7 @@ Library.
   You may charge a fee for the physical act of transferring a copy,
 and you may at your option offer warranty protection in exchange for a
 fee.
-
+
   2. You may modify your copy or copies of the Library or any portion
 of it, thus forming a work based on the Library, and copy and
 distribute such modifications or work under the terms of Section 1
@@ -216,7 +216,7 @@ instead of to this License.  (If a newer version than version 2 of the
 ordinary GNU General Public License has appeared, then you can specify
 that version instead if you wish.)  Do not make any other change in
 these notices.
-
+
   Once this change is made in a given copy, it is irreversible for
 that copy, so the ordinary GNU General Public License applies to all
 subsequent copies and derivative works made from that copy.
@@ -267,7 +267,7 @@ Library will still fall under Section 6.)
 distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
-
+
   6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
@@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
 accompany the operating system.  Such a contradiction means you cannot
 use both them and the Library together in an executable that you
 distribute.
-
+
   7. You may place library facilities that are a work based on the
 Library side-by-side in a single library together with other library
 facilities not covered by this License, and distribute such a combined
@@ -370,7 +370,7 @@ subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties with
 this License.
-
+
   11. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
@@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
 the Free Software Foundation.  If the Library does not specify a
 license version number, you may choose any version ever published by
 the Free Software Foundation.
-
+
   14. If you wish to incorporate parts of the Library into other free
 programs whose distribution conditions are incompatible with these,
 write to the author to ask for permission.  For software which is
@@ -456,7 +456,7 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
 
                      END OF TERMS AND CONDITIONS
-
+
            How to Apply These Terms to Your New Libraries
 
   If you develop a new library, and you want it to be of the greatest

LICENSE.LGPL-3

@@ -1,7 +1,7 @@
                    GNU LESSER GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 

LICENSE.OFL

@@ -0,0 +1,96 @@
+Copyright (c) 2014, Austin Andrews (http://materialdesignicons.com/),
+with Reserved Font Name Material Design Icons.
+Copyright (c) 2014, Google (http://www.google.com/design/)
+uses the license at https://github.com/google/material-design-icons/blob/master/LICENSE
+
+This Font Software is licensed under the SIL Open Font License, Version 1.1.
+This license is copied below, and is also available with a FAQ at:
+http://scripts.sil.org/OFL
+
+
+-----------------------------------------------------------
+SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
+-----------------------------------------------------------
+
+PREAMBLE
+The goals of the Open Font License (OFL) are to stimulate worldwide
+development of collaborative font projects, to support the font creation
+efforts of academic and linguistic communities, and to provide a free and
+open framework in which fonts may be shared and improved in partnership
+with others.
+
+The OFL allows the licensed fonts to be used, studied, modified and
+redistributed freely as long as they are not sold by themselves. The
+fonts, including any derivative works, can be bundled, embedded, 
+redistributed and/or sold with any software provided that any reserved
+names are not used by derivative works. The fonts and derivatives,
+however, cannot be released under any other type of license. The
+requirement for fonts to remain under this license does not apply
+to any document created using the fonts or their derivatives.
+
+DEFINITIONS
+"Font Software" refers to the set of files released by the Copyright
+Holder(s) under this license and clearly marked as such. This may
+include source files, build scripts and documentation.
+
+"Reserved Font Name" refers to any names specified as such after the
+copyright statement(s).
+
+"Original Version" refers to the collection of Font Software components as
+distributed by the Copyright Holder(s).
+
+"Modified Version" refers to any derivative made by adding to, deleting,
+or substituting -- in part or in whole -- any of the components of the
+Original Version, by changing formats or by porting the Font Software to a
+new environment.
+
+"Author" refers to any designer, engineer, programmer, technical
+writer or other person who contributed to the Font Software.
+
+PERMISSION & CONDITIONS
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of the Font Software, to use, study, copy, merge, embed, modify,
+redistribute, and sell modified and unmodified copies of the Font
+Software, subject to the following conditions:
+
+1) Neither the Font Software nor any of its individual components,
+in Original or Modified Versions, may be sold by itself.
+
+2) Original or Modified Versions of the Font Software may be bundled,
+redistributed and/or sold with any software, provided that each copy
+contains the above copyright notice and this license. These can be
+included either as stand-alone text files, human-readable headers or
+in the appropriate machine-readable metadata fields within text or
+binary files as long as those fields can be easily viewed by the user.
+
+3) No Modified Version of the Font Software may use the Reserved Font
+Name(s) unless explicit written permission is granted by the corresponding
+Copyright Holder. This restriction only applies to the primary font name as
+presented to the users.
+
+4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
+Software shall not be used to promote, endorse or advertise any
+Modified Version, except to acknowledge the contribution(s) of the
+Copyright Holder(s) and the Author(s) or with their explicit written
+permission.
+
+5) The Font Software, modified or unmodified, in part or in whole,
+must be distributed entirely under this license, and must not be
+distributed under any other license. The requirement for fonts to
+remain under this license does not apply to any document created
+using the Font Software.
+
+TERMINATION
+This license becomes null and void if any of the above conditions are
+not met.
+
+DISCLAIMER
+THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
+OTHER DEALINGS IN THE FONT SOFTWARE.

README.md

@@ -1,57 +1,61 @@
-# <img src="https://keepassxc.org/logo.png" width="40" height="40"/> KeePassXC
-[![TeamCity Build Status](https://ci.keepassxc.org/app/rest/builds/buildType:\(project:KeepassXC\)/statusIcon)](https://ci.keepassxc.org/?guest=1) [![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc)
+# <img src="https://keepassxc.org/assets/img/keepassxc.svg" width="40" height="40"/> KeePassXC
+[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6326/badge)](https://bestpractices.coreinfrastructure.org/projects/6326)
+[![TeamCity Build Status](https://ci.keepassxc.org/app/rest/builds/buildType:\(project:KeepassXC\)/statusIcon)](https://ci.keepassxc.org/?guest=1)
+[![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc)
+[![GitHub release](https://img.shields.io/github/release/keepassxreboot/keepassxc)](https://github.com/keepassxreboot/keepassxc/releases/)
 
-## About KeePassXC
-[KeePassXC](https://keepassxc.org) is a cross-platform community fork of
-[KeePassX](https://www.keepassx.org/).
-Our goal is to extend and improve it with new features and bugfixes
-to provide a feature-rich, fully cross-platform and modern
-open-source password manager.
+[![Matrix community channel](https://img.shields.io/matrix/keepassxc:matrix.org?label=Community%20channel)](https://app.element.io/#/room/#keepassxc:mozilla.org)
+[![Matrix development channel](https://img.shields.io/matrix/keepassxc-dev:matrix.org?label=Development%20channel)](https://app.element.io/#/room/#keepassxc-dev:mozilla.org)
 
-## Installation
-The [KeePassXC QuickStart](./docs/QUICKSTART.md) gets you started using
-KeePassXC on your Windows, Mac, or Linux computer using pre-compiled binaries
-from the [downloads page](https://keepassxc.org/download).
+[KeePassXC](https://keepassxc.org) is a modern, secure, and open-source password manager that stores and manages your most sensitive information. You can run KeePassXC on Windows, macOS, and Linux systems. KeePassXC is for people with extremely high demands of secure personal data management. It saves many different types of information, such as usernames, passwords, URLs, attachments, and notes in an offline, encrypted file that can be stored in any location, including private and public cloud solutions. For easy identification and management, user-defined titles and icons can be specified for entries. In addition, entries are sorted into customizable groups. An integrated search function allows you to use advanced patterns to easily find any entry in your database. A customizable, fast, and easy-to-use password generator utility allows you to create passwords with any combination of characters or easy to remember passphrases.
 
-Additionally, individual Linux distributions may ship their own versions,
-so please check out your distribution's package list to see if KeePassXC is available.
+## Quick Start
+The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download). Additionally, individual Linux distributions may ship their own versions, so please check your distribution's package list to see if KeePassXC is available. Detailed documentation is available in the [User Guide](https://keepassxc.org/docs/KeePassXC_UserGuide.html).
 
-## Additional features compared to KeePassX
-- Auto-Type on all three major platforms (Linux, Windows, macOS)
-- Twofish encryption
-- YubiKey challenge-response support
-- TOTP generation
-- CSV import
-- A [Command Line Interface (keepassxc-cli)](./share/docs/man/keepassxc-cli.1)
-- DEP and ASLR hardening
-- Stand-alone password and passphrase generator
-- Password strength meter
-- Using website favicons as entry icons
-- Merging of databases
-- Automatic reload when the database changed on disk
-- Browser integration with KeePassXC-Browser using [native messaging](https://developer.chrome.com/extensions/nativeMessaging) for [Mozilla Firefox](https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/) and [Google Chrome, Chromium, Vivaldi, or Brave](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) and [Microsoft Edge](https://microsoftedge.microsoft.com/addons/detail/pdffhmdngciaglkoonimfcmckehcpafo)
-- Synchronize passwords using KeeShare. See [Using Sharing](./docs/QUICKSTART.md#using-sharing) for more details.
-- Many bug fixes
+## Features List
+KeePassXC has numerous features for novice and power users alike. Our goal is to create an application that can be used by anyone while still offering advanced features to those that need them.
 
-For a full list of features and changes, read the [CHANGELOG](CHANGELOG.md) document.
-For a full list of keyboard shortcuts, see [KEYBINDS](./docs/KEYBINDS.md)
+### Basic
+* Create, open, and save databases in the KDBX format (KeePass-compatible with KDBX4 and KDBX3)
+* Store sensitive information in entries that are organized by groups
+* Search for entries
+* Password generator
+* Auto-Type passwords into applications
+* Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
+* Support for passkeys using the browser integration
+* Entry icon download
+* Import databases from CSV, 1Password, Bitwarden, Proton Pass, and KeePass1 formats
+
+### Advanced
+* Database reports (password health, HIBP, and statistics)
+* Database export to CSV, XML, and HTML formats
+* TOTP storage and generation
+* Field references between entries
+* File attachments and custom attributes
+* Entry history and data restoration
+* YubiKey/OnlyKey challenge-response support
+* Command line interface (keepassxc-cli)
+* Auto-Open databases
+* KeeShare shared databases (import, export, and synchronize)
+* SSH Agent integration
+* FreeDesktop.org Secret Service (replace Gnome keyring, etc.)
+* Additional encryption choices: Twofish and ChaCha20
+
+For a full list of changes, read the [CHANGELOG](CHANGELOG.md) document. \
+For a full list of keyboard shortcuts, see [KeyboardShortcuts.adoc](./docs/topics/KeyboardShortcuts.adoc)
 
 ## Building KeePassXC
 
-Detailed instructions are available in the [Build and Install](./INSTALL.md)
-page or on the [Wiki page](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
+Detailed instructions are available in the [Build and Install](./INSTALL.md) page and in the [Wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
 
 ## Contributing
 
-We are always looking for suggestions how to improve our application.
-If you find any bugs or have an idea for a new feature, please let us know by
-opening a report in our [issue tracker](https://github.com/keepassxreboot/keepassxc/issues)
-on GitHub or join us on IRC on freenode channels #keepassxc or #keepassxc-dev.
+We are always looking for suggestions on how to improve KeePassXC. If you find any bugs or have an idea for a new feature, please let us know by opening a report in the [issue tracker](https://github.com/keepassxreboot/keepassxc/issues) on GitHub, or join us on [Matrix community channel](https://matrix.to/#/!zUxwGnFkUyycpxeHeM:matrix.org?via=matrix.org) or [Matrix development channel](https://matrix.to/#/!RhJPJPGwQIFVQeXqZa:matrix.org?via=matrix.org), or on IRC in [Libera.Chat](https://web.libera.chat/) channels #keepassxc and #keepassxc-dev.
 
-You can of course also directly contribute your own code. We are happy to accept your pull requests.
+You may directly contribute your own code by submitting a pull request. Please read the [CONTRIBUTING](.github/CONTRIBUTING.md) document for further information.
 
-Please read the [CONTRIBUTING document](.github/CONTRIBUTING.md) for further information.
+Contributors are required to adhere to the project's [Code of Conduct](CODE-OF-CONDUCT.md).
 
 ## License
 
-GPL-2 or GPL-3
+KeePassXC code is licensed under GPL-2 or GPL-3. Additional licensing for third-party files is detailed in [COPYING](./COPYING).

SECURITY.md

@@ -0,0 +1,46 @@
+### Reporting Security Issues
+
+The KeePassXC team takes security vulnerabilities very seriously and appreciates your responsible disclosure efforts. We will make every effort to acknowledge your contributions and handle them promptly.
+
+To report a security issue, please use one of the following methods:
+
+- **GitHub Security Advisory:** Use the ["Report a Vulnerability"](https://github.com/keepassxreboot/keepassxc/security/advisories/new) tab on our GitHub repository.
+- **Private Matrix Message:** Contact any of the following KeePassXC team members privately (also encrypted):
+  - [@droidmonkey_kpxc](https://matrix.to/#/@droidmonkey_kpxc:matrix.org)
+  - [@varjolintu](https://matrix.to/#/@varjolintu:matrix.org)
+  - [@phoerious](https://matrix.to/#/@phoerious:matrix.org)
+- **Send an Email:** Send your report to team@keepassxc.org. We recommend encrypting the email if possible.
+
+Please **DO NOT** use public channels (e.g., GitHub issues, Matrix chat channels) for initial reporting of bona fide security vulnerabilities.
+
+Once you report a security issue, our team will respond with the next steps. After our initial reply, we will keep you informed of the progress towards a fix and full announcement. We may ask for additional information or guidance during this process. If we disagree that your report constitutes a genuine security vulnerability, we will inform you and close the report. Your report may be turned into an issue for further tracking.
+
+If you discover vulnerabilities in third-party modules used by KeePassXC, please report them to the maintainers of the respective modules. If the vulnerability impacts KeePassXC directly, we encourage you to notify us using the above methods. We will validate if the vulnerability is exploitable from KeePassXC code; please note that not all vulnerabilities are actually exploitable and do not constitute an immediate concern for the KeePassXC application.
+
+### Example Security Vulnerabilities
+
+When reporting, please ensure the issue falls under what can be considered a genuine security vulnerability for KeePassXC. Some examples include:
+
+- Unauthorized access to sensitive user data (e.g., passwords).
+- Remote code execution or escalation of privileges.
+- Bypassing authentication or encryption mechanisms.
+- Broken or improperly implemented encryption methods. 
+
+### Counter Examples
+
+The following issues are **not** considered security vulnerabilities:
+
+- Bugs caused by locally modifying the application (e.g., injecting DLLs, altering code).
+- Crashes or misbehavior resulting from normal use (report this as a normal issue).
+- Vulnerabilities found in third-party modules (should be reported to the module’s maintainers).
+  
+### CVE Reporting Policy
+
+Please **DO NOT** submit a report to a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) before confirming the security vulnerability with the KeePassXC team. If we do not respond to your report within 30 days, this restriction no longer applies.
+
+
+### Other Communication
+
+For other inquiries (e.g., developer questions, user questions), please use the public channels on Matrix:
+- **User's Channel:** [#keepassxc:mozilla.org](https://matrix.to/#/#keepassxc:mozilla.org)
+- **Developer's Channel:** [#keepassxc-dev:mozilla.org](https://matrix.to/#/#keepassxc-dev:mozilla.org)

cmake/CLangFormat.cmake

@@ -15,50 +15,45 @@
 
 set(EXCLUDED_DIRS
         # third-party directories
-        src/zxcvbn/
+        src/thirdparty
         # objective-c directories
-        src/touchid/
-        src/autotype/mac/
-        src/gui/macutils/)
+        src/quickunlock/touchid
+        src/autotype/mac
+        src/gui/osutils/macutils)
 
 set(EXCLUDED_FILES
         # third-party files
-        streams/qtiocompressor.cpp
-        streams/qtiocompressor.h
-        gui/KMessageWidget.h
-        gui/KMessageWidget.cpp
-        gui/MainWindowAdaptor.h
-        gui/MainWindowAdaptor.cpp
-        crypto/ssh/bcrypt_pbkdf.cpp
-        crypto/ssh/blf.h
-        crypto/ssh/blowfish.c
-        tests/modeltest.cpp
-        tests/modeltest.h
+        src/streams/qtiocompressor.\\*
+        src/gui/KMessageWidget.\\*
+        src/gui/MainWindowAdaptor.\\*
+        src/gui/tag/TagsEdit.\\*
+        tests/modeltest.\\*
         # objective-c files
-        core/ScreenLockListenerMac.h
-        core/ScreenLockListenerMac.cpp)
+        src/core/ScreenLockListenerMac.\\*)
 
-file(GLOB_RECURSE ALL_SOURCE_FILES RELATIVE ${CMAKE_SOURCE_DIR} src/*.cpp src/*.h tests/*.cpp tests/*.h)
-foreach(SOURCE_FILE ${ALL_SOURCE_FILES})
-    foreach(EXCLUDED_DIR ${EXCLUDED_DIRS})
-        string(FIND ${SOURCE_FILE} ${EXCLUDED_DIR} SOURCE_FILE_EXCLUDED)
-        if(NOT ${SOURCE_FILE_EXCLUDED} EQUAL -1)
-            list(REMOVE_ITEM ALL_SOURCE_FILES ${SOURCE_FILE})
-        endif()
-    endforeach()
-    foreach(EXCLUDED_FILE ${EXCLUDED_FILES})
-        if(${SOURCE_FILE} MATCHES ".*${EXCLUDED_FILE}$")
-            list(REMOVE_ITEM ALL_SOURCE_FILES ${SOURCE_FILE})
-        endif()
-    endforeach()
+set(FIND_EXCLUDE_DIR_EXPR "")
+foreach(EXCLUDE ${EXCLUDED_DIRS})
+    list(APPEND FIND_EXCLUDE_DIR_EXPR -o -path "${EXCLUDE}" -prune)
 endforeach()
 
+set(FIND_EXCLUDE_FILE_EXPR "")
+foreach(EXCLUDE ${EXCLUDED_FILES})
+    if(FIND_EXCLUDE_FILE_EXPR)
+        list(APPEND FIND_EXCLUDE_FILE_EXPR -o)
+    endif()
+    list(APPEND FIND_EXCLUDE_FILE_EXPR -path "${EXCLUDE}")
+endforeach()
+if(FIND_EXCLUDE_FILE_EXPR)
+    set(FIND_EXCLUDE_FILE_EXPR -a -not "\\(" ${FIND_EXCLUDE_FILE_EXPR} "\\)")
+endif()
+
 add_custom_target(format)
-foreach(SOURCE_FILE ${ALL_SOURCE_FILES})
-    add_custom_command(
-            TARGET format
-            PRE_BUILD
-            COMMAND echo Formatting ${SOURCE_FILE}
-            COMMAND clang-format -style=file -i \"${SOURCE_FILE}\"
-            WORKING_DIRECTORY ${CMAKE_SOURCE_DIR})
-endforeach()
+
+add_custom_command(
+        TARGET format
+        PRE_BUILD
+        COMMAND find src tests "\\(" -name "\\*.h" -o -name "\\*.cpp" ${FIND_EXCLUDE_DIR_EXPR} "\\)"
+            ${FIND_EXCLUDE_FILE_EXPR} -type f -print0 | xargs -0 -P0 -n10 clang-format -style=file -i
+
+        COMMENT "Formatting source files..."
+        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR})

cmake/CodeCoverage.cmake

@@ -1,4 +1,5 @@
 # Copyright (c) 2012 - 2017, Lars Bilke
+# Copyright (c) 2021 KeePassXC Team
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -25,279 +26,218 @@
 # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-# CHANGES:
-#
-# 2012-01-31, Lars Bilke
-# - Enable Code Coverage
-#
-# 2013-09-17, Joakim Söderberg
-# - Added support for Clang.
-# - Some additional usage instructions.
-#
-# 2016-02-03, Lars Bilke
-# - Refactored functions to use named parameters
-#
-# 2017-06-02, Lars Bilke
-# - Merged with modified version from github.com/ufz/ogs
-#
-#
-# USAGE:
-#
-# 1. Copy this file into your cmake modules path.
-#
-# 2. Add the following line to your CMakeLists.txt:
-#      include(CodeCoverage)
-#
-# 3. Append necessary compiler flags:
-#      APPEND_COVERAGE_COMPILER_FLAGS()
-#
-# 4. If you need to exclude additional directories from the report, specify them
-#    using the COVERAGE_LCOV_EXCLUDES variable before calling SETUP_TARGET_FOR_COVERAGE_LCOV.
-#    Example:
-#      set(COVERAGE_LCOV_EXCLUDES 'dir1/*' 'dir2/*')
-#
-# 5. Use the functions described below to create a custom make target which
-#    runs your test executable and produces a code coverage report.
-#
-# 6. Build a Debug build:
-#      cmake -DCMAKE_BUILD_TYPE=Debug ..
-#      make
-#      make my_coverage_target
-#
 
 include(CMakeParseArguments)
 
 # Check prereqs
-find_program( GCOV_PATH gcov )
-find_program( LCOV_PATH  NAMES lcov lcov.bat lcov.exe lcov.perl)
-find_program( GENHTML_PATH NAMES genhtml genhtml.perl genhtml.bat )
-find_program( GCOVR_PATH gcovr PATHS ${CMAKE_SOURCE_DIR}/scripts/test)
-find_program( SIMPLE_PYTHON_EXECUTABLE python )
+find_program(GCOV_PATH gcov)
+find_program(LLVM_COV_PATH llvm-cov)
+find_program(LLVM_PROFDATA_PATH llvm-profdata)
+find_program(XCRUN_PATH xcrun)
+find_program(GENHTML_PATH NAMES genhtml genhtml.perl genhtml.bat)
+find_program(GCOVR_PATH gcovr PATHS ${CMAKE_SOURCE_DIR}/scripts/test)
 
-if(NOT GCOV_PATH)
-    message(FATAL_ERROR "gcov not found! Aborting...")
-endif() # NOT GCOV_PATH
-
-if("${CMAKE_CXX_COMPILER_ID}" MATCHES "(Apple)?[Cc]lang")
-    if("${CMAKE_CXX_COMPILER_VERSION}" VERSION_LESS 3)
-        message(FATAL_ERROR "Clang version must be 3.0.0 or greater! Aborting...")
-    endif()
-elseif(NOT CMAKE_COMPILER_IS_GNUCXX)
-    message(FATAL_ERROR "Compiler is not GNU gcc! Aborting...")
+set(COVERAGE_COMPILER_FLAGS "-g -O0" CACHE INTERNAL "")
+if(CMAKE_COMPILER_IS_GNUCXX)
+    set(COVERAGE_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} --coverage -fprofile-arcs -ftest-coverage")
+elseif(CMAKE_COMPILER_IS_CLANGXX)
+    set(COVERAGE_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} -fprofile-instr-generate -fcoverage-mapping")
 endif()
 
-set(COVERAGE_COMPILER_FLAGS "-g -O0 --coverage -fprofile-arcs -ftest-coverage"
-    CACHE INTERNAL "")
+set(CMAKE_COVERAGE_FORMAT
+    "html" "xml"
+    CACHE STRING "Coverage report output format.")
+set_property(CACHE CMAKE_COVERAGE_FORMAT PROPERTY STRINGS "html" "txt")
 
 set(CMAKE_CXX_FLAGS_COVERAGE
     ${COVERAGE_COMPILER_FLAGS}
-    CACHE STRING "Flags used by the C++ compiler during coverage builds."
-    FORCE )
+    CACHE STRING "Flags used by the C++ compiler during coverage builds.")
 set(CMAKE_C_FLAGS_COVERAGE
     ${COVERAGE_COMPILER_FLAGS}
-    CACHE STRING "Flags used by the C compiler during coverage builds."
-    FORCE )
+    CACHE STRING "Flags used by the C compiler during coverage builds.")
 set(CMAKE_EXE_LINKER_FLAGS_COVERAGE
     ""
-    CACHE STRING "Flags used for linking binaries during coverage builds."
-    FORCE )
+    CACHE STRING "Flags used for linking binaries during coverage builds.")
 set(CMAKE_SHARED_LINKER_FLAGS_COVERAGE
     ""
-    CACHE STRING "Flags used by the shared libraries linker during coverage builds."
-    FORCE )
+    CACHE STRING "Flags used by the shared libraries linker during coverage builds.")
 mark_as_advanced(
+    CMAKE_COVERAGE_FORMAT
     CMAKE_CXX_FLAGS_COVERAGE
     CMAKE_C_FLAGS_COVERAGE
     CMAKE_EXE_LINKER_FLAGS_COVERAGE
-    CMAKE_SHARED_LINKER_FLAGS_COVERAGE )
+    CMAKE_SHARED_LINKER_FLAGS_COVERAGE)
 
 if(NOT CMAKE_BUILD_TYPE_LOWER STREQUAL "debug")
     message(WARNING "Code coverage results with an optimised (non-Debug) build may be misleading")
 endif() # NOT CMAKE_BUILD_TYPE STREQUAL "Debug"
 
-if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+if(CMAKE_COMPILER_IS_GNUCXX)
+    if(NOT GCOV_PATH)
+        message(FATAL_ERROR "gcov not found! Aborting...")
+    endif() # NOT GCOV_PATH
     link_libraries(gcov)
-else()
-    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} --coverage")
 endif()
 
-# Defines a target for running and collection code coverage information
-# Builds dependencies, runs the given executable and outputs reports.
-# NOTE! The executable should always have a ZERO as exit code otherwise
-# the coverage generation will not complete.
-#
-# SETUP_TARGET_FOR_COVERAGE_LCOV(
-#     NAME testrunner_coverage                    # New target name
-#     EXECUTABLE testrunner -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
-#     DEPENDENCIES testrunner                     # Dependencies to build first
-# )
-function(SETUP_TARGET_FOR_COVERAGE_LCOV)
-
-    set(options NONE)
-    set(oneValueArgs NAME)
-    set(multiValueArgs EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
-    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
-
-    if(NOT LCOV_PATH)
-        message(FATAL_ERROR "lcov not found! Aborting...")
-    endif() # NOT LCOV_PATH
-
-    if(NOT GENHTML_PATH)
-        message(FATAL_ERROR "genhtml not found! Aborting...")
-    endif() # NOT GENHTML_PATH
-
-    # Setup target
-    add_custom_target(${Coverage_NAME}
-
-        # Cleanup lcov
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} -directory . --zerocounters
-        # Create baseline to make sure untouched files show up in the report
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} -c -i -d . -o ${Coverage_NAME}.base
-
-        # Run tests
-        COMMAND ${Coverage_EXECUTABLE}
-
-        # Capturing lcov counters and generating report
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} --directory . --capture --output-file ${Coverage_NAME}.info
-        # add baseline counters
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} -a ${Coverage_NAME}.base -a ${Coverage_NAME}.info --output-file ${Coverage_NAME}.total
-        COMMAND ${LCOV_PATH} --gcov-tool ${GCOV_PATH} --remove ${Coverage_NAME}.total ${COVERAGE_LCOV_EXCLUDES} --output-file ${PROJECT_BINARY_DIR}/${Coverage_NAME}.info.cleaned
-        COMMAND ${GENHTML_PATH} -o ${Coverage_NAME} ${PROJECT_BINARY_DIR}/${Coverage_NAME}.info.cleaned
-        COMMAND ${CMAKE_COMMAND} -E remove ${Coverage_NAME}.base ${Coverage_NAME}.total ${PROJECT_BINARY_DIR}/${Coverage_NAME}.info.cleaned
-
-        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-        DEPENDS ${Coverage_DEPENDENCIES}
-        COMMENT "Resetting code coverage counters to zero.\nProcessing code coverage counters and generating report."
-    )
-
-    # Show where to find the lcov info report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Lcov code coverage info report saved in ${Coverage_NAME}.info."
-    )
-
-    # Show info where to find the report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
-    )
-
-endfunction() # SETUP_TARGET_FOR_COVERAGE_LCOV
 
 # Defines a target for running and collection code coverage information
 # Builds dependencies, runs the given executable and outputs reports.
 # NOTE! The executable should always have a ZERO as exit code otherwise
 # the coverage generation will not complete.
 #
-# SETUP_TARGET_FOR_COVERAGE_GCOVR_XML(
+# SETUP_TARGET_FOR_COVERAGE_GCOVR(
 #     NAME ctest_coverage                    # New target name
 #     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
 #     DEPENDENCIES executable_target         # Dependencies to build first
 # )
-function(SETUP_TARGET_FOR_COVERAGE_GCOVR_XML)
+function(SETUP_TARGET_FOR_COVERAGE_GCOVR)
 
     set(options NONE)
-    set(oneValueArgs NAME)
+    set(oneValueArgs NAME SOURCES_ROOT)
     set(multiValueArgs EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
     cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
 
-    if(NOT SIMPLE_PYTHON_EXECUTABLE)
-        message(FATAL_ERROR "python not found! Aborting...")
-    endif() # NOT SIMPLE_PYTHON_EXECUTABLE
-
     if(NOT GCOVR_PATH)
         message(FATAL_ERROR "gcovr not found! Aborting...")
     endif() # NOT GCOVR_PATH
 
     # Combine excludes to several -e arguments
     set(GCOVR_EXCLUDES "")
-    foreach(EXCLUDE ${COVERAGE_GCOVR_EXCLUDES})
+    foreach(EXCLUDE ${COVERAGE_EXCLUDES})
         list(APPEND GCOVR_EXCLUDES "-e")
         list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
     endforeach()
 
     add_custom_target(${Coverage_NAME}
         # Run tests
-        ${Coverage_EXECUTABLE}
+        COMMAND ctest -C $<CONFIG> $ENV{ARGS} $$ARGS
 
-        # Running gcovr
-        COMMAND ${GCOVR_PATH} --xml
-            -r ${PROJECT_SOURCE_DIR} ${GCOVR_EXCLUDES}
-            --object-directory=${PROJECT_BINARY_DIR}
-            -o ${Coverage_NAME}.xml
         WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
         DEPENDS ${Coverage_DEPENDENCIES}
-        COMMENT "Running gcovr to produce Cobertura code coverage report."
     )
 
-    # Show info where to find the report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Cobertura code coverage report saved in ${Coverage_NAME}.xml."
-    )
+    if("html" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            # Create folder
+            COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/${Coverage_NAME}-html
 
-endfunction() # SETUP_TARGET_FOR_COVERAGE_GCOVR_XML
+            # Running gcovr HTML
+            COMMAND ${GCOVR_PATH} --html --html-details
+                -r ${Coverage_SOURCES_ROOT} ${GCOVR_EXCLUDES}
+                --object-directory=${PROJECT_BINARY_DIR}
+                --exclude-unreachable-branches --exclude-throw-branches
+                -o ${Coverage_NAME}-html/index.html
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running gcovr to produce HTML code coverage report ${Coverage_NAME}-html."
+        )
+    endif()
+
+    if("xml" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            # Running gcovr TXT
+            COMMAND ${GCOVR_PATH} --xml
+                -r ${Coverage_SOURCES_ROOT} ${GCOVR_EXCLUDES}
+                --object-directory=${PROJECT_BINARY_DIR}
+                --exclude-unreachable-branches --exclude-throw-branches
+                -o ${Coverage_NAME}.xml
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running gcovr to produce XML code coverage report ${Coverage_NAME}.xml."
+        )
+    endif()
+
+    if("txt" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            # Running gcovr TXT
+            COMMAND ${GCOVR_PATH}
+                -r ${Coverage_SOURCES_ROOT} ${GCOVR_EXCLUDES}
+                --object-directory=${PROJECT_BINARY_DIR}
+                --exclude-unreachable-branches --exclude-throw-branches
+                -o ${Coverage_NAME}.txt
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running gcovr to produce TXT code coverage report ${Coverage_NAME}.txt."
+        )
+    endif()
+
+endfunction() # SETUP_TARGET_FOR_COVERAGE_GCOVR
 
 # Defines a target for running and collection code coverage information
 # Builds dependencies, runs the given executable and outputs reports.
 # NOTE! The executable should always have a ZERO as exit code otherwise
 # the coverage generation will not complete.
 #
-# SETUP_TARGET_FOR_COVERAGE_GCOVR_HTML(
+# SETUP_TARGET_FOR_COVERAGE_LLVM(
 #     NAME ctest_coverage                    # New target name
 #     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
 #     DEPENDENCIES executable_target         # Dependencies to build first
 # )
-function(SETUP_TARGET_FOR_COVERAGE_GCOVR_HTML)
+function(SETUP_TARGET_FOR_COVERAGE_LLVM)
 
     set(options NONE)
-    set(oneValueArgs NAME)
-    set(multiValueArgs EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
+    set(oneValueArgs NAME SOURCES_ROOT PROF_FILE)
+    set(multiValueArgs EXECUTABLE BINARY EXECUTABLE_ARGS DEPENDENCIES)
     cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
 
-    if(NOT SIMPLE_PYTHON_EXECUTABLE)
-        message(FATAL_ERROR "python not found! Aborting...")
-    endif() # NOT SIMPLE_PYTHON_EXECUTABLE
+    if(XCRUN_PATH)
+        set(LLVM_COV_PATH ${XCRUN_PATH} llvm-cov)
+        set(LLVM_PROFDATA_PATH ${XCRUN_PATH} llvm-profdata)
+    else()
+        if(NOT LLVM_COV_PATH)
+            message(FATAL_ERROR "llvm-cov not found! Aborting...")
+        endif() # NOT LLVM_COV_PATH
+        if(NOT LLVM_PROFDATA_PATH)
+            message(FATAL_ERROR "llvm-profdata not found! Aborting...")
+        endif() # NOT LLVM_PROFDATA_PATH
+    endif() # XCRUN_PATH
 
-    if(NOT GCOVR_PATH)
-        message(FATAL_ERROR "gcovr not found! Aborting...")
-    endif() # NOT GCOVR_PATH
+    set(LLVM_PROFILE_DIR ${PROJECT_BINARY_DIR}/llvm_profile)
+    file(REMOVE_RECURSE ${LLVM_PROFILE_DIR})
 
-    # Combine excludes to several -e arguments
-    set(GCOVR_EXCLUDES "")
-    foreach(EXCLUDE ${COVERAGE_GCOVR_EXCLUDES})
-        list(APPEND GCOVR_EXCLUDES "-e")
-        list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
+    set(COV_EXCLUDES "")
+    foreach(EXCLUDE ${COVERAGE_EXCLUDES})
+        list(APPEND COV_EXCLUDES "-ignore-filename-regex=${EXCLUDE}")
     endforeach()
 
+    list(GET Coverage_BINARY 0 COV_BINARY)
+    if(Coverage_BINARY)
+        list(REMOVE_AT Coverage_BINARY 0)
+        foreach(BIN ${Coverage_BINARY})
+            list(APPEND COV_BINARY -object ${BIN})
+        endforeach()
+    endif()
+
     add_custom_target(${Coverage_NAME}
-        # Run tests
-        ${Coverage_EXECUTABLE}
+        COMMAND ${CMAKE_COMMAND} -E env LLVM_PROFILE_FILE=${LLVM_PROFILE_DIR}/profile-%p.profraw ctest -C $<CONFIG> $$ARGS
 
-        # Create folder
-        COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/${Coverage_NAME}
+        COMMAND ${LLVM_PROFDATA_PATH} merge -sparse ${LLVM_PROFILE_DIR}/* -o coverage.profdata
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            DEPENDS ${Coverage_DEPENDENCIES})
 
-        # Running gcovr
-        COMMAND ${GCOVR_PATH} --html --html-details
-            -r ${PROJECT_SOURCE_DIR} ${GCOVR_EXCLUDES}
-            --object-directory=${PROJECT_BINARY_DIR}
-            -o ${Coverage_NAME}/index.html
-        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-        DEPENDS ${Coverage_DEPENDENCIES}
-        COMMENT "Running gcovr to produce HTML code coverage report."
-    )
+    if("html" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            COMMAND ${LLVM_COV_PATH} show -instr-profile=coverage.profdata ${COV_BINARY}
+                --format=html --output-dir=${Coverage_NAME}-html ${COV_EXCLUDES} ${Coverage_SOURCES_ROOT}
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running llvm-cov to produce HTML code coverage report ${Coverage_NAME}-html")
+    endif()
 
-    # Show info where to find the report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
-    )
+    if("xml" IN_LIST CMAKE_COVERAGE_FORMAT)
+        message(WARNING "XML coverage report format not supported for llvm-cov")
+    endif()
+
+    if("txt" IN_LIST CMAKE_COVERAGE_FORMAT)
+        add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+            COMMAND ${LLVM_COV_PATH} show -instr-profile=coverage.profdata ${COV_BINARY}
+                --format=text ${COV_EXCLUDES} ${Coverage_SOURCES_ROOT} > ${Coverage_NAME}.txt
+
+            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+            COMMENT "Running llvm-cov to produce TXT code coverage report ${Coverage_NAME}.txt.")
+    endif()
+
+endfunction() # SETUP_TARGET_FOR_COVERAGE_LLVM
 
-endfunction() # SETUP_TARGET_FOR_COVERAGE_GCOVR_HTML
 
 function(APPEND_COVERAGE_COMPILER_FLAGS)
+    message(STATUS "Appending code coverage compiler flags: ${COVERAGE_COMPILER_FLAGS}")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
-    message(STATUS "Appending code coverage compiler flags: ${COVERAGE_COMPILER_FLAGS}")
-endfunction() # APPEND_COVERAGE_COMPILER_FLAGS
+endfunction() # APPEND_COVERAGE_COMPILER_FLAGS

cmake/FindArgon2.cmake

@@ -1,36 +0,0 @@
-#  Copyright (C) 2017 KeePassXC Team
-#
-#  This program is free software: you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation, either version 2 or (at your option)
-#  version 3 of the License.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-find_path(ARGON2_INCLUDE_DIR argon2.h)
-if(MINGW)
-    # find static library on Windows, and redefine used symbols to
-    # avoid definition name conflicts with libsodium
-    find_library(ARGON2_SYS_LIBRARIES libargon2.a)
-    message(STATUS "Patching libargon2...\n")
-    execute_process(COMMAND objcopy
-            --redefine-sym argon2_hash=libargon2_argon2_hash
-            --redefine-sym _argon2_hash=_libargon2_argon2_hash
-            --redefine-sym argon2_error_message=libargon2_argon2_error_message
-            --redefine-sym _argon2_error_message=_libargon2_argon2_error_message
-            ${ARGON2_SYS_LIBRARIES} ${CMAKE_BINARY_DIR}/libargon2_patched.a
-            WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
-    find_library(ARGON2_LIBRARIES libargon2_patched.a PATHS ${CMAKE_BINARY_DIR} NO_DEFAULT_PATH)
-else()
-    find_library(ARGON2_LIBRARIES argon2)
-endif()
-mark_as_advanced(ARGON2_LIBRARIES ARGON2_INCLUDE_DIR)
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(Argon2 DEFAULT_MSG ARGON2_LIBRARIES ARGON2_INCLUDE_DIR)

cmake/FindBotan.cmake

@@ -0,0 +1,65 @@
+# - Find botan
+# Find the botan cryptographic library
+#
+# This module defines the following variables:
+#   BOTAN_FOUND  -  True if library and include directory are found
+# If set to TRUE, the following are also defined:
+#   BOTAN_INCLUDE_DIRS  -  The directory where to find the header file
+#   BOTAN_LIBRARIES  -  Where to find the library files
+#
+# This file is in the public domain (https://github.com/vistle/vistle/blob/master/cmake/Modules/FindBOTAN.cmake)
+
+include(FindPackageHandleStandardArgs)
+
+set(BOTAN_VERSIONS botan-3 botan-2)
+set(BOTAN_NAMES botan-3 botan-2 botan)
+set(BOTAN_NAMES_DEBUG botand-3 botand-2 botand botan botan-3)
+
+find_path(
+    BOTAN_INCLUDE_DIR
+    NAMES botan/build.h
+    PATH_SUFFIXES ${BOTAN_VERSIONS}
+    DOC "The Botan include directory")
+if(BOTAN_INCLUDE_DIR)
+    file(READ "${BOTAN_INCLUDE_DIR}/botan/build.h" build)
+    string(REGEX MATCH "BOTAN_VERSION_MAJOR ([0-9]*)" _ ${build})
+    set(BOTAN_VERSION_MAJOR ${CMAKE_MATCH_1})
+    string(REGEX MATCH "BOTAN_VERSION_MINOR ([0-9]*)" _ ${build})
+    set(BOTAN_VERSION_MINOR ${CMAKE_MATCH_1})
+    string(REGEX MATCH "BOTAN_VERSION_PATCH ([0-9]*)" _ ${build})
+    set(BOTAN_VERSION_PATCH ${CMAKE_MATCH_1})
+    set(BOTAN_VERSION "${BOTAN_VERSION_MAJOR}.${BOTAN_VERSION_MINOR}.${BOTAN_VERSION_PATCH}")
+endif()
+
+find_library(
+    BOTAN_LIBRARY
+    NAMES ${BOTAN_NAMES}
+    PATH_SUFFIXES release/lib lib
+    DOC "The Botan (release) library")
+if(MSVC)
+    find_library(
+        BOTAN_LIBRARY_DEBUG
+        NAMES ${BOTAN_NAMES_DEBUG}
+        PATH_SUFFIXES debug/lib lib
+        DOC "The Botan debug library")
+    find_package_handle_standard_args(
+        Botan
+        REQUIRED_VARS BOTAN_LIBRARY BOTAN_LIBRARY_DEBUG BOTAN_INCLUDE_DIR
+        VERSION_VAR BOTAN_VERSION)
+else()
+    find_package_handle_standard_args(
+        Botan
+        REQUIRED_VARS BOTAN_LIBRARY BOTAN_INCLUDE_DIR
+        VERSION_VAR BOTAN_VERSION)
+endif()
+
+if(BOTAN_FOUND)
+    set(BOTAN_INCLUDE_DIRS ${BOTAN_INCLUDE_DIR})
+    if(MSVC)
+        set(BOTAN_LIBRARIES optimized ${BOTAN_LIBRARY} debug ${BOTAN_LIBRARY_DEBUG})
+    else()
+        set(BOTAN_LIBRARIES ${BOTAN_LIBRARY})
+    endif()
+endif()
+
+mark_as_advanced(BOTAN_INCLUDE_DIR BOTAN_LIBRARY BOTAN_LIBRARY_DEBUG)

cmake/FindGcrypt.cmake

@@ -1,31 +0,0 @@
-#  Copyright (C) 2011 Felix Geyer <debfx@fobos.de>
-#
-#  This program is free software: you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation, either version 2 or (at your option)
-#  version 3 of the License.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-find_path(GCRYPT_INCLUDE_DIR gcrypt.h)
-
-find_library(GCRYPT_LIBRARIES gcrypt)
-
-mark_as_advanced(GCRYPT_LIBRARIES GCRYPT_INCLUDE_DIR)
-
-if(GCRYPT_INCLUDE_DIR AND EXISTS "${GCRYPT_INCLUDE_DIR}/gcrypt.h")
-    file(STRINGS "${GCRYPT_INCLUDE_DIR}/gcrypt.h" GCRYPT_H REGEX "^#define GCRYPT_VERSION \"[^\"]*\"$")
-    string(REGEX REPLACE "^.*GCRYPT_VERSION \"([0-9]+).*$" "\\1" GCRYPT_VERSION_MAJOR "${GCRYPT_H}")
-    string(REGEX REPLACE "^.*GCRYPT_VERSION \"[0-9]+\\.([0-9]+).*$" "\\1" GCRYPT_VERSION_MINOR "${GCRYPT_H}")
-    string(REGEX REPLACE "^.*GCRYPT_VERSION \"[0-9]+\\.[0-9]+\\.([0-9]+).*$" "\\1" GCRYPT_VERSION_PATCH "${GCRYPT_H}")
-    set(GCRYPT_VERSION_STRING "${GCRYPT_VERSION_MAJOR}.${GCRYPT_VERSION_MINOR}.${GCRYPT_VERSION_PATCH}")
-endif()
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(Gcrypt DEFAULT_MSG GCRYPT_LIBRARIES GCRYPT_INCLUDE_DIR)

cmake/FindMinizip.cmake

@@ -0,0 +1,9 @@
+# MINIZIP_FOUND                   - Minizip library was found
+# MINIZIP_INCLUDE_DIR             - Path to Minizip include dir
+# MINIZIP_LIBRARIES               - List of Minizip libraries
+
+find_library(MINIZIP_LIBRARIES NAMES minizip libminizip)
+find_path(MINIZIP_INCLUDE_DIR zip.h PATH_SUFFIXES minizip)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Minizip DEFAULT_MSG MINIZIP_LIBRARIES MINIZIP_INCLUDE_DIR)

cmake/FindPCSC.cmake

@@ -0,0 +1,61 @@
+#  Copyright (C) 2021 KeePassXC Team <team@keepassxc.org>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Use pkgconfig on Linux
+if(NOT WIN32)
+   find_package(PkgConfig QUIET)
+   pkg_check_modules(PCSC libpcsclite)
+endif()
+
+if(NOT PCSC_FOUND)
+   # Search for PC/SC headers on Mac and Windows
+
+   # Additional search paths for Windows if not running in Visual Studio environment
+   if (WIN32) 
+      # Resolve the ambiguity of using two names for one architechture
+      if(CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "x64")
+         set(ARCH_DIR "x64")
+      else()
+         set(ARCH_DIR "${CMAKE_SYSTEM_PROCESSOR}")
+      endif()
+
+      # Locate Windows SDK Paths
+      if (CMAKE_WINDOWS_KITS_10_DIR)
+         set(WINSDKROOTC_INCLUDE "${CMAKE_WINDOWS_KITS_10_DIR}/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um")
+         set(WINSDKROOTC_LIB     "${CMAKE_WINDOWS_KITS_10_DIR}/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}")
+      else()
+         set(WINSDKROOTC_INCLUDE "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um")
+         set(WINSDKROOTC_LIB     "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}")
+      endif()
+   endif()
+
+   find_path(PCSC_INCLUDE_DIRS winscard.h
+      HINTS
+         ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES}
+         /usr/include/PCSC
+         ${WINSDKROOTC_INCLUDE}
+      PATH_SUFFIXES PCSC)
+
+   # MAC library is PCSC, Windows library is WinSCard
+   find_library(PCSC_LIBRARIES NAMES pcsclite libpcsclite WinSCard PCSC
+      HINTS   
+         ${CMAKE_C_IMPLICIT_LINK_DIRECTORIES}
+         ${WINSDKROOTC_LIB})
+endif()
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(PCSC DEFAULT_MSG PCSC_LIBRARIES PCSC_INCLUDE_DIRS)
+
+mark_as_advanced(PCSC_LIBRARIES PCSC_INCLUDE_DIRS)

cmake/FindQREncode.cmake

@@ -13,8 +13,15 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-find_path(QRENCODE_INCLUDE_DIR qrencode.h)
-find_library(QRENCODE_LIBRARY qrencode)
+find_path(QRENCODE_INCLUDE_DIR NAMES qrencode.h)
+
+if(WIN32 AND MSVC)
+	find_library(QRENCODE_LIBRARY_RELEASE qrencode)
+	find_library(QRENCODE_LIBRARY_DEBUG qrencoded)
+	set(QRENCODE_LIBRARY optimized ${QRENCODE_LIBRARY_RELEASE} debug ${QRENCODE_LIBRARY_DEBUG})
+else()
+	find_library(QRENCODE_LIBRARY qrencode)
+endif()
 
 mark_as_advanced(QRENCODE_LIBRARY QRENCODE_INCLUDE_DIR)
 

cmake/FindQuaZip.cmake

@@ -1,24 +0,0 @@
-# QUAZIP_FOUND                   - QuaZip library was found
-# QUAZIP_INCLUDE_DIR             - Path to QuaZip include dir
-# QUAZIP_INCLUDE_DIRS            - Path to QuaZip and zlib include dir (combined from QUAZIP_INCLUDE_DIR + ZLIB_INCLUDE_DIR)
-# QUAZIP_LIBRARIES               - List of QuaZip libraries
-# QUAZIP_ZLIB_INCLUDE_DIR        - The include dir of zlib headers
-
-if(MINGW)
-    find_library(QUAZIP_LIBRARIES libquazip5)
-    find_path(QUAZIP_INCLUDE_DIR quazip.h PATH_SUFFIXES quazip5)
-    find_path(QUAZIP_ZLIB_INCLUDE_DIR zlib.h)
-else()
-    find_library(QUAZIP_LIBRARIES
-        NAMES quazip5 quazip
-	PATHS /usr/lib /usr/lib64 /usr/local/lib
-    )
-    find_path(QUAZIP_INCLUDE_DIR quazip.h
-	PATHS /usr/include /usr/local/include
-        PATH_SUFFIXES quazip5 quazip
-    )
-    find_path(QUAZIP_ZLIB_INCLUDE_DIR zlib.h PATHS /usr/include /usr/local/include)
-endif()
-include(FindPackageHandleStandardArgs)
-set(QUAZIP_INCLUDE_DIRS ${QUAZIP_INCLUDE_DIR} ${QUAZIP_ZLIB_INCLUDE_DIR})
-find_package_handle_standard_args(QUAZIP DEFAULT_MSG QUAZIP_LIBRARIES QUAZIP_INCLUDE_DIR QUAZIP_ZLIB_INCLUDE_DIR QUAZIP_INCLUDE_DIRS)

cmake/FindReadline.cmake

@@ -47,4 +47,3 @@ mark_as_advanced(
     Readline_INCLUDE_DIR
     Readline_LIBRARY
 )
-

cmake/FindYubiKey.cmake

@@ -1,27 +0,0 @@
-#  Copyright (C) 2014 Kyle Manna <kyle@kylemanna.com>
-#
-#  This program is free software: you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation, either version 2 or (at your option)
-#  version 3 of the License.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-find_path(YUBIKEY_CORE_INCLUDE_DIR yubikey.h)
-find_path(YUBIKEY_PERS_INCLUDE_DIR ykcore.h PATH_SUFFIXES ykpers-1)
-set(YUBIKEY_INCLUDE_DIRS ${YUBIKEY_CORE_INCLUDE_DIR} ${YUBIKEY_PERS_INCLUDE_DIR})
-
-find_library(YUBIKEY_CORE_LIBRARY NAMES yubikey.dll libyubikey.so yubikey)
-find_library(YUBIKEY_PERS_LIBRARY NAMES ykpers-1.dll libykpers-1.so ykpers-1)
-set(YUBIKEY_LIBRARIES ${YUBIKEY_CORE_LIBRARY} ${YUBIKEY_PERS_LIBRARY})
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(YubiKey DEFAULT_MSG YUBIKEY_LIBRARIES YUBIKEY_INCLUDE_DIRS)
-
-mark_as_advanced(YUBIKEY_LIBRARIES YUBIKEY_INCLUDE_DIRS)

cmake/Findsodium.cmake

@@ -1,267 +0,0 @@
-# Written in 2016 by Henrik Steffen Gaßmann <henrik@gassmann.onl>
-#
-# To the extent possible under law, the author(s) have dedicated all
-# copyright and related and neighboring rights to this software to the
-# public domain worldwide. This software is distributed without any warranty.
-#
-# You should have received a copy of the CC0 Public Domain Dedication
-# along with this software. If not, see
-#
-#     http://creativecommons.org/publicdomain/zero/1.0/
-#
-########################################################################
-# Tries to find the local libsodium installation.
-#
-# On Windows the sodium_DIR environment variable is used as a default
-# hint which can be overridden by setting the corresponding cmake variable.
-#
-# Once done the following variables will be defined:
-#
-#   sodium_FOUND
-#   sodium_INCLUDE_DIR
-#   sodium_LIBRARY_DEBUG
-#   sodium_LIBRARY_RELEASE
-#
-#
-# Furthermore an imported "sodium" target is created.
-#
-
-if (CMAKE_C_COMPILER_ID STREQUAL "GNU"
-    OR CMAKE_C_COMPILER_ID STREQUAL "Clang")
-    set(_GCC_COMPATIBLE 1)
-endif()
-
-# static library option
-option(sodium_USE_STATIC_LIBS "enable to statically link against sodium")
-if(NOT (sodium_USE_STATIC_LIBS EQUAL sodium_USE_STATIC_LIBS_LAST))
-    unset(sodium_LIBRARY CACHE)
-    unset(sodium_LIBRARY_DEBUG CACHE)
-    unset(sodium_LIBRARY_RELEASE CACHE)
-    unset(sodium_DLL_DEBUG CACHE)
-    unset(sodium_DLL_RELEASE CACHE)
-    set(sodium_USE_STATIC_LIBS_LAST ${sodium_USE_STATIC_LIBS} CACHE INTERNAL "internal change tracking variable")
-endif()
-
-
-########################################################################
-# UNIX
-if (UNIX)
-    # import pkg-config
-    find_package(PkgConfig QUIET)
-    if (PKG_CONFIG_FOUND)
-        pkg_check_modules(sodium_PKG QUIET libsodium)
-    endif()
-
-    if(sodium_USE_STATIC_LIBS)
-        set(XPREFIX sodium_PKG_STATIC)
-    else()
-        set(XPREFIX sodium_PKG)
-    endif()
-
-    find_path(sodium_INCLUDE_DIR sodium.h
-        HINTS ${${XPREFIX}_INCLUDE_DIRS}
-    )
-    find_library(sodium_LIBRARY_DEBUG NAMES ${${XPREFIX}_LIBRARIES} sodium
-        HINTS ${${XPREFIX}_LIBRARY_DIRS}
-    )
-    find_library(sodium_LIBRARY_RELEASE NAMES ${${XPREFIX}_LIBRARIES} sodium
-        HINTS ${${XPREFIX}_LIBRARY_DIRS}
-    )
-
-
-########################################################################
-# Windows
-elseif (WIN32)
-    set(sodium_DIR "$ENV{sodium_DIR}" CACHE FILEPATH "sodium install directory")
-    mark_as_advanced(sodium_DIR)
-
-    find_path(sodium_INCLUDE_DIR sodium.h
-        HINTS ${sodium_DIR}
-        PATH_SUFFIXES include
-    )
-
-    if (MSVC)
-        # detect target architecture
-        file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/arch.c" [=[
-            #if defined _M_IX86
-            #error ARCH_VALUE x86_32
-            #elif defined _M_X64
-            #error ARCH_VALUE x86_64
-            #endif
-            #error ARCH_VALUE unknown
-        ]=])
-        try_compile(_UNUSED_VAR "${CMAKE_CURRENT_BINARY_DIR}" "${CMAKE_CURRENT_BINARY_DIR}/arch.c"
-            OUTPUT_VARIABLE _COMPILATION_LOG
-        )
-        string(REGEX REPLACE ".*ARCH_VALUE ([a-zA-Z0-9_]+).*" "\\1" _TARGET_ARCH "${_COMPILATION_LOG}")
-
-        # construct library path
-        if (_TARGET_ARCH STREQUAL "x86_32")
-            string(APPEND _PLATFORM_PATH "Win32")
-        elseif(_TARGET_ARCH STREQUAL "x86_64")
-            string(APPEND _PLATFORM_PATH "x64")
-        else()
-            message(FATAL_ERROR "the ${_TARGET_ARCH} architecture is not supported by Findsodium.cmake.")
-        endif()
-        string(APPEND _PLATFORM_PATH "/$$CONFIG$$")
-
-        if (MSVC_VERSION LESS 1900)
-            math(EXPR _VS_VERSION "${MSVC_VERSION} / 10 - 60")
-        else()
-            math(EXPR _VS_VERSION "${MSVC_VERSION} / 10 - 50")
-        endif()
-        string(APPEND _PLATFORM_PATH "/v${_VS_VERSION}")
-
-        if (sodium_USE_STATIC_LIBS)
-            string(APPEND _PLATFORM_PATH "/static")
-        else()
-            string(APPEND _PLATFORM_PATH "/dynamic")
-        endif()
-
-        string(REPLACE "$$CONFIG$$" "Debug" _DEBUG_PATH_SUFFIX "${_PLATFORM_PATH}")
-        string(REPLACE "$$CONFIG$$" "Release" _RELEASE_PATH_SUFFIX "${_PLATFORM_PATH}")
-
-        find_library(sodium_LIBRARY_DEBUG libsodium.lib
-            HINTS ${sodium_DIR}
-            PATH_SUFFIXES ${_DEBUG_PATH_SUFFIX}
-        )
-        find_library(sodium_LIBRARY_RELEASE libsodium.lib
-            HINTS ${sodium_DIR}
-            PATH_SUFFIXES ${_RELEASE_PATH_SUFFIX}
-        )
-        if (NOT sodium_USE_STATIC_LIBS)
-            set(CMAKE_FIND_LIBRARY_SUFFIXES ".dll")
-            find_library(sodium_DLL_DEBUG libsodium
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES ${_DEBUG_PATH_SUFFIX}
-            )
-            find_library(sodium_DLL_RELEASE libsodium
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES ${_RELEASE_PATH_SUFFIX}
-            )
-        endif()
-
-    elseif(_GCC_COMPATIBLE)
-        if (sodium_USE_STATIC_LIBS)
-            find_library(sodium_LIBRARY_DEBUG libsodium.a
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES lib
-            )
-            find_library(sodium_LIBRARY_RELEASE libsodium.a
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES lib
-            )
-        else()
-            find_library(sodium_LIBRARY_DEBUG libsodium.dll.a
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES lib
-            )
-            find_library(sodium_LIBRARY_RELEASE libsodium.dll.a
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES lib
-            )
-
-            file(GLOB _DLL
-                LIST_DIRECTORIES false
-                RELATIVE "${sodium_DIR}/bin"
-                "${sodium_DIR}/bin/libsodium*.dll"
-            )
-            find_library(sodium_DLL_DEBUG ${_DLL} libsodium
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES bin
-            )
-            find_library(sodium_DLL_RELEASE ${_DLL} libsodium
-                HINTS ${sodium_DIR}
-                PATH_SUFFIXES bin
-            )
-        endif()
-    else()
-        message(FATAL_ERROR "this platform is not supported by FindSodium.cmake")
-    endif()
-
-
-########################################################################
-# unsupported
-else()
-    message(FATAL_ERROR "this platform is not supported by FindSodium.cmake")
-endif()
-
-
-########################################################################
-# common stuff
-
-# extract sodium version
-if (sodium_INCLUDE_DIR)
-    set(_VERSION_HEADER "${_INCLUDE_DIR}/sodium/version.h")
-    if (EXISTS _VERSION_HEADER)
-        file(READ "${_VERSION_HEADER}" _VERSION_HEADER_CONTENT)
-        string(REGEX REPLACE ".*#[ \t]*define[ \t]*SODIUM_VERSION_STRING[ \t]*\"([^\n]*)\".*" "\\1"
-            sodium_VERSION "${_VERSION_HEADER_CONTENT}")
-        set(sodium_VERSION "${sodium_VERSION}" PARENT_SCOPE)
-    endif()
-endif()
-
-# communicate results
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(sodium
-    REQUIRED_VARS
-        sodium_LIBRARY_RELEASE
-        sodium_LIBRARY_DEBUG
-        sodium_INCLUDE_DIR
-    VERSION_VAR
-        sodium_VERSION
-)
-
-# mark file paths as advanced
-mark_as_advanced(sodium_INCLUDE_DIR)
-mark_as_advanced(sodium_LIBRARY_DEBUG)
-mark_as_advanced(sodium_LIBRARY_RELEASE)
-if (WIN32)
-    mark_as_advanced(sodium_DLL_DEBUG)
-    mark_as_advanced(sodium_DLL_RELEASE)
-endif()
-
-# create imported target
-if(sodium_USE_STATIC_LIBS)
-    set(_LIB_TYPE STATIC)
-else()
-    set(_LIB_TYPE SHARED)
-endif()
-add_library(sodium ${_LIB_TYPE} IMPORTED)
-
-set_target_properties(sodium PROPERTIES
-    INTERFACE_INCLUDE_DIRECTORIES "${sodium_INCLUDE_DIR}"
-    IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-)
-
-if (sodium_USE_STATIC_LIBS)
-    set_target_properties(sodium PROPERTIES
-        INTERFACE_COMPILE_DEFINITIONS "SODIUM_STATIC"
-        IMPORTED_LOCATION "${sodium_LIBRARY_RELEASE}"
-        IMPORTED_LOCATION_DEBUG "${sodium_LIBRARY_DEBUG}"
-    )
-else()
-    if (UNIX)
-        set_target_properties(sodium PROPERTIES
-            IMPORTED_LOCATION "${sodium_LIBRARY_RELEASE}"
-            IMPORTED_LOCATION_DEBUG "${sodium_LIBRARY_DEBUG}"
-        )
-    elseif (WIN32)
-        set_target_properties(sodium PROPERTIES
-            IMPORTED_IMPLIB "${sodium_LIBRARY_RELEASE}"
-            IMPORTED_IMPLIB_DEBUG "${sodium_LIBRARY_DEBUG}"
-        )
-        if (NOT (sodium_DLL_DEBUG MATCHES ".*-NOTFOUND"))
-            set_target_properties(sodium PROPERTIES
-                IMPORTED_LOCATION_DEBUG "${sodium_DLL_DEBUG}"
-            )
-        endif()
-        if (NOT (sodium_DLL_RELEASE MATCHES ".*-NOTFOUND"))
-            set_target_properties(sodium PROPERTIES
-                IMPORTED_LOCATION_RELWITHDEBINFO "${sodium_DLL_RELEASE}"
-                IMPORTED_LOCATION_MINSIZEREL "${sodium_DLL_RELEASE}"
-                IMPORTED_LOCATION_RELEASE "${sodium_DLL_RELEASE}"
-            )
-        endif()
-    endif()
-endif()

cmake/KPXCMacDeployHelpers.cmake

@@ -0,0 +1,61 @@
+# Running macdeployqt on a POST_BUILD copied binaries is pointless when using CPack because
+# the copied binaries will be overridden by the corresponding install(TARGETS) commands.
+# That's why we run macdeployqt using install(CODE) on the already installed binaries.
+# The precondition is that all install(TARGETS) calls have to be called before this function is
+# called.
+# macdeloyqt is called only once, but it is given all executables that should be processed.
+function(kpxc_run_macdeployqt_at_install_time)
+    set(NO_VALUE_OPTIONS)
+    set(SINGLE_VALUE_OPTIONS
+        APP_NAME
+    )
+    set(MULTI_VALUE_OPTIONS
+        EXTRA_BINARIES
+    )
+    cmake_parse_arguments(PARSE_ARGV 0 ARG
+        "${NO_VALUE_OPTIONS}" "${SINGLE_VALUE_OPTIONS}" "${MULTI_VALUE_OPTIONS}"
+    )
+
+    set(ESCAPED_PREFIX "\${CMAKE_INSTALL_PREFIX}")
+    set(APP_BUNDLE_NAME "${ARG_APP_NAME}.app")
+    set(APP_BUNDLE_PATH "${ESCAPED_PREFIX}/${APP_BUNDLE_NAME}")
+
+    # Collect extra binaries and plugins that should be handled by macdpeloyqt.
+    set(EXTRA_BINARIES "")
+    foreach(EXTRA_BINARY ${ARG_EXTRA_BINARIES})
+        set(INSTALLED_BINARY_PATH "${ESCAPED_PREFIX}/${EXTRA_BINARY}")
+        list(APPEND EXTRA_BINARIES "-executable=${INSTALLED_BINARY_PATH}")
+    endforeach()
+
+    list(JOIN EXTRA_BINARIES " " EXTRA_BINARIES_STR)
+
+    if(CMAKE_VERSION VERSION_GREATER "3.14")
+        set(COMMAND_ECHO "COMMAND_ECHO STDOUT")
+    else()
+        set(COMMAND_ECHO "")
+    endif()
+
+    set(COMMAND_ARGS
+        ${MACDEPLOYQT_EXE}
+        ${APP_BUNDLE_PATH}
+
+        # Adjusts dependency rpaths of extra binaries
+        ${EXTRA_BINARIES_STR}
+
+        # Silences warnings on subsequent re-installations
+        -always-overwrite
+    )
+
+    install(CODE
+    "
+execute_process(
+    COMMAND ${COMMAND_ARGS}
+    ${COMMAND_ECHO}
+    RESULT_VARIABLE EXIT_CODE
+)
+if(NOT EXIT_CODE EQUAL 0)
+    message(FATAL_ERROR
+        \"Running ${COMMAND_ARGS} failed with exit code \${EXIT_CODE}.\")
+endif()
+")
+endfunction()

cmake/MakePortableZip.cmake

@@ -0,0 +1,3 @@
+if (CMAKE_INSTALL_PREFIX MATCHES "/ZIP/")
+  file(TOUCH "${CMAKE_INSTALL_PREFIX}/.portable")
+endif()

cmake/compiler-checks/macos/control_biometry_support.mm

@@ -0,0 +1,5 @@
+#include <Security/Security.h>
+
+int main() {
+   return static_cast<int>(kSecAccessControlBiometryCurrentSet);
+}

cmake/compiler-checks/macos/control_touch_id_support.mm

@@ -0,0 +1,5 @@
+#include <Security/Security.h>
+
+int main() {
+   return static_cast<int>(kSecAccessControlTouchIDCurrentSet);
+}

cmake/compiler-checks/macos/control_watch_support.mm

@@ -0,0 +1,5 @@
+#include <Security/Security.h>
+
+int main() {
+   return static_cast<int>(kSecAccessControlWatch);
+}

codecov.yaml

@@ -0,0 +1,27 @@
+codecov:
+  require_ci_to_pass: false
+coverage:
+  range: 60..80
+  round: nearest
+  precision: 2
+  status:
+    project:
+      default:
+        target: auto
+        threshold: 0.5%
+        paths:
+          - "src"
+    patch:
+      default:
+        target: 50%
+        threshold: 0%
+        informational: true
+        paths:
+          - "src"
+fixes:
+  - "*/src/::"
+ignore:
+  - "src/gui/styles/**"
+  - "src/thirdparty/**"
+comment:
+  require_changes: true

docs/CMakeLists.txt

@@ -0,0 +1,60 @@
+#  Copyright (C) 2020 KeePassXC Team <team@keepassxc.org>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+find_program(ASCIIDOCTOR_EXE asciidoctor)
+if(NOT ASCIIDOCTOR_EXE)
+    message(FATAL_ERROR "asciidoctor is required to build documentation")
+endif()
+message(STATUS "Using asciidoctor: ${ASCIIDOCTOR_EXE}")
+
+set(DOC_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+set(OUT_DIR ${CMAKE_CURRENT_BINARY_DIR})
+set(REV -a revnumber=${KEEPASSXC_VERSION})
+
+# Build html documentation on all platforms
+# NOTE: Combine into one long command to prevent MSVC from failing to build all docs
+file(GLOB doc_depends ${DOC_DIR}/*.adoc ${DOC_DIR}/topics/* ${DOC_DIR}/styles/* ${DOC_DIR}/images/*)
+add_custom_command(
+    OUTPUT KeePassXC_GettingStarted.html KeePassXC_UserGuide.html KeePassXC_KeyboardShortcuts.html
+    COMMAND
+        ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_GettingStarted.html ${REV} ${DOC_DIR}/GettingStarted.adoc &&
+        ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_UserGuide.html ${REV} ${DOC_DIR}/UserGuide.adoc &&
+        ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -o KeePassXC_KeyboardShortcuts.html ${REV} ${DOC_DIR}/topics/KeyboardShortcuts.adoc
+    DEPENDS ${doc_depends}
+    VERBATIM)
+
+add_custom_target(docs ALL DEPENDS KeePassXC_GettingStarted.html KeePassXC_UserGuide.html KeePassXC_KeyboardShortcuts.html)
+
+install(FILES
+        ${OUT_DIR}/KeePassXC_GettingStarted.html
+        ${OUT_DIR}/KeePassXC_UserGuide.html
+        ${OUT_DIR}/KeePassXC_KeyboardShortcuts.html
+        DESTINATION ${DATA_INSTALL_DIR}/docs)
+
+# Build Man Pages on Linux and macOS
+if(UNIX)
+    add_custom_command(OUTPUT keepassxc.1 keepassxc-cli.1
+        COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -b manpage ${REV} ./man/keepassxc.1.adoc
+        COMMAND ${ASCIIDOCTOR_EXE} -D ${OUT_DIR} -b manpage ${REV} ./man/keepassxc-cli.1.adoc
+        DEPENDS ${DOC_DIR}/man/keepassxc.1.adoc ${DOC_DIR}/man/keepassxc-cli.1.adoc
+        WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+        VERBATIM)
+    add_custom_target(manpages ALL DEPENDS keepassxc.1 keepassxc-cli.1)
+
+    install(FILES
+        ${OUT_DIR}/keepassxc.1
+        ${OUT_DIR}/keepassxc-cli.1
+        DESTINATION ${CMAKE_INSTALL_MANDIR}/man1/)
+endif()

docs/GettingStarted.adoc

@@ -0,0 +1,33 @@
+= KeePassXC: Getting Started Guide
+KeePassXC Team <team@keepassxc.org>
+:data-uri:
+:linkcss!:
+:homepage: https://keepassxc.org
+:icons: font
+:imagesdir: images
+:stylesheet: styles/dark.css
+:toc: left
+ifdef::backend-pdf[]
+:title-page:
+:title-logo-image: {imagesdir}/kpxc_logo.png
+:pdf-theme: styles/pdf_theme.yml
+:compress:
+endif::[]
+
+include::topics/Disclaimers.adoc[]
+
+<<<
+
+// Include various topics, excluding advanced sections
+
+include::topics/Welcome.adoc[tags=*;!advanced]
+
+include::topics/DownloadInstall.adoc[tags=*;!advanced]
+
+include::topics/UserInterface.adoc[tags=*;!advanced]
+
+include::topics/DatabaseOperations.adoc[tags=*;!advanced]
+
+include::topics/PasswordGenerator.adoc[tags=*;!advanced]
+
+include::topics/BrowserIntegration.adoc[tags=*;!advanced]

docs/KEYBINDS.md

@@ -1,35 +0,0 @@
-# List of Keyboard Shortcuts for KeepassXC
-
-Actions                    | Keyboard Shortcuts
----------------------------|----------------------------
-New Database               | Ctrl + Shift + N
-Open Database              | Ctrl + O
-Save Database              | Ctrl + S
-Save Database As           | Ctrl + Shift + S
-Close Database             | Ctrl + W
-Lock Databases             | Ctrl + L
-Quit                       | Ctrl + Q
-New Entry                  | Ctrl + N
-Edit Entry                 | Ctrl + E
-Delete Entry               | Ctrl + D
-Clone Entry                | Ctrl + K
-Show TOTP                  | Ctrl + Shift + T
-Copy TOTP                  | Ctrl + T
-Copy Username              | Ctrl + B
-Copy Password              | Ctrl + C
-Trigger AutoType           | Ctrl + Shift - V
-Open Url                   | Ctrl + Shift - U
-Copy Url                   | Ctrl + U
-Show Minimized             | Ctrl + M
-Hide Window                | Ctrl + Shift - M
-Select Next Database Tab   | Ctrl + Tab *OR* Ctrl + PGDN
-Select Previous Datase Tab | Ctrl + Shift + Tab *OR* Ctrl + PGUP
-Toggle Passwords Hidden    | Ctrl + Shift + C
-Toggle Usernames Hidden    | Ctrl + Shift + B
-Focus Search               | Ctrl + F
-Clear Search               | ESC
-Show Keyboard Shortcuts    | Ctrl + /
-
-
-
-

docs/QUICKSTART.md

@@ -1,137 +0,0 @@
-# Quick Start for KeePassXC
-
-This procedure gets KeePassXC running on your computer with browser integration, using the pre-built binaries available for [download](https://keepassxc.org/download) from [KeePassXC site](https://keepassxc.org).
-
-**TL;DR** KeePassXC saves your passwords securely.
-When you double-click a URL in KeePassXC, it launches your default browser to that URL.
-With browser integration configured, KeePassXC automatically enters username/password credentials into web page fields.
-
-## Installing and Starting KeePassXC
-
-1. [Download the native installer](https://keepassxc.org/download) and install KeePassXC for your  Windows, macOS, or Linux computer in the usual way for your platform.
-1. Open the KeePassXC application.
-1. Create a new database and give it a master key that's used to unlock the database file. 
-This database holds entries (usernames, passwords, account numbers, notes) for all your websites, programs, etc.
-1. Create a few entries - enter the username, password, URL, and optionally notes about the entry.
-1. KeePassXC securely stores those entries in the database.
-
-## Setting up Browser Integration with KeePassXC
-
-1. *Within KeePassXC*, go to **Tools → Settings** (on macOS, go to **KeePassXC → Preferences**).
-1. In **Browser Integration**, check **Enable KeePassXC browser integration**.
-1. Right below that, click the checkbox for the browser(s) you use. 
-Leave the other options at their defaults.
-1. *In your default web browser,* install the KeePassXC Browser extension/add-on. Instructions for [Firefox or Tor Browser](https://addons.mozilla.org/firefox/addon/keepassxc-browser/) or [Chrome or Chromium](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk).
-1. Click the KeePassXC icon in the upper-right corner. You'll see the dialog below.
-1. Click the blue Connect button to make the browser extension connect to the KeePassXC application.
-
-&nbsp;<img src="./KeePassHTTP/KeePassXC-Connect.png" height="200" alt="KeePassXC Connect Dialog">
-
-7. *Switch back to KeePassXC.* You'll see a dialog (below) indicating that a request to connect has arrived.
-7. Give the connection a name (perhaps *Keepass-Browsername*, any unique name will suffice) and click OK to accept it.
-7. This one-time operation connects KeePassXC and your browser.
-
-<img src="./KeePassHTTP/KeePassXC-Accept-Button.png" height="200" alt="KeePassXC Accept Connection Dialog">
-
-## Using Browser Integration
-
-1. *Within KeePassXC,* double-click the URL of an entry, or select it and type Ctrl+U (Cmd+U on macOS).
-1. Your browser opens to that URL.
-1. If there are username/password fields on that page, you will see the dialog below. 
-Click *Allow* to confirm that KeePassXC may access the credentials to auto-fill the fields.
-1. Check *Remember this decision* to allow this each time you visit the page.
-
-<img src="./KeePassHTTP/KeePassXC-Confirm.png" height="200" alt="KeePassCX Confirm Access Dialog">
-
-## Using Sharing
-
-Sharing allows you to share a subset of your credentials with others and vice versa.
-
-### Enable Sharing
-
-To use sharing, you need to enable for the application.
-
-1. Go to Tools &rarr; Settings.
-1. Select the category KeeShare.
-1. Check _Allow import_ if you want to import shared credentials.
-1. Check _Allow export_ if you want to share credentials.
-
-To make sure that your data is valid when imported by another client, please _generate_ (or _import_) a public/private key pair and enter your _signer_ name. This way your client may verify that the imported data is valid. When Importing, you'll see the known sources with names and fingerprint in the list at the bottom. This is the place to _trust_ or _untrust_ signers. It is only possible to trust someone on application level.
-
-<img src="./KeeShare/AppSettings.png" height="600" width="800" alt="KeeShare Application Settings">
-
-### Sharing Credentials
-
-If you checked _Allow export_ in the Sharing settings you now are good to go to share some passwords with others. Sharing always is defined on a group. If you enable sharing on a group, every entry under this group or its children is shared. If you enable sharing on the root node, **every password** inside your database gets shared!
-
-1. Open the edit sheet on a group you want to share.
-1. Select the sharing section.
-1. Choose _Export to path_ as the sharing method.
-1. Choose a path to store the shared credentials to.
-1. Generate a password for this share container.
-
-The export file will not be generated automatically. Instead, each time the database is saved, the file gets written (so please deactivate the autosafe feature). If an old file is present, the old file will be overwritten! The file should be written to a location that is accessible by others. An easy setup is a network share or storing the file inside the cloud.
-
-<img src="./KeeShare/GroupSettings_Export.png" height="600" width="800" alt="KeeShare Group Sharing Settings">
-
-### Using Shared Credentials
-
-Checking _Allow import_ in the Sharing settings of the database enables you to receive credentials from others. KeePass will watch sharing sources and import any changes immediately into your database using the synchronization feature.
-
-1. Create a group for import.
-1. Open the edit sheet on that group.
-1. Select the sharing section.
-1. Choose _Import from path_ as the sharing method.
-1. Choose a share container that is shared with you.
-1. Enter the password for the shared container.
-
-KeeShare observes the container for changes and merges them into your database when necessary. Importing merges in time order, so older data is moved to the history, which should have a sufficient size to prevent loss of needed data.
-
-Please note, that the import currently is not restricted to the configured group. Every entry which was imported and moved outside the import group will be updated regardless of it's location!
-
-<img src="./KeeShare/GroupSettings_Import.png" height="600" width="800" alt="KeeShare Group Import Settings">
-
-### Using Synchronized Credentials
-
-Instead of using different groups for sharing and importing you can use a single group that acts as both. This way you can synchronize a number of credentials easily across many users without a lot of hassle.
-
-1. Open the edit sheet on a group you want to synchronize.
-1. Select the sharing section.
-1. Choose _Synchronize with path_ as the sharing method.
-1. Choose a database that you want to use a synchronization file.
-1. Enter the password for the database.
-
-<img src="./KeeShare/GroupSettings_Sync.png" height="600" width="800" alt="KeeShare Group Synchronization Settings">
-
-### Disable Sharing for Credentials
-
-In case you don't want to share (import or export) some credentials, it is possible to you can 
-* use the application settings and uncheck the options or 
-* instead of selecting _Import from path_, _Export to path_ or _Synchronize with path_ you'll select _Inactive_ while leaving the path and the password untouched.
-
-### Sharing overview
-
-There is a simple overview of shared groups to keep track of your data.
-
-1. Open the Database Settings.
-1. Select the KeeShare category.
-
-<img src="./KeeShare/DatabaseSettings.png" height="600" width="800" alt="KeeShare Group Sharing Ovewview">
-
-## Technical Details and Limitations of Sharing
-
-Sharing relies on the combination of file exports and imports as well as the synchronization mechanism provided by KeePassXC. Since the merge algorithm uses the history of entries to prevent data loss, this history must be enabled and have a sufficient size. Furthermore, the merge algorithm is location independend, therefore it does not matter if entries are moved outside of an import group. These entries will be updated none the less. Moving entries outside of export groups will prevent a further export of the entry, but it will not ensure that the already shared data will be removed from any client.
-
-KeeShare uses a custom certification mechanism to ensure that the source of the data is the expected one. This ensures that the data was exported by the signer but it is not possible to detect if someone replaced the data with an older version from a valid signer. To prevent this, the container could be placed at a location which is only writeable for valid signers.
-
-## Using Auto Open
-
-The Auto Open feature automatically loads and unlocks additional databases when you unlock your main database.
-In order to use this functionnality, do the following:
-
-1. Create a group called **AutoOpen** at the root of your main database.
-1. In this group, create a new entry for each database that should be opened automatically:
-    * Put the *password of the database* in the **Password** field
-    * Put the *path to the database's file* in the **URL** field* (it can be formatted either as **file://**, a **/path/to/the/file** form, or a relative file path.)
-    * If the extra database requires a keyfile to be unlocked, put the *path to the keyfile* in the **Username** field. The path options are the same as for the database's file in the URL field.
-1. The next time you unlock your database these databases will be opened and unlocked automatically.

docs/UserGuide.adoc

@@ -0,0 +1,41 @@
+= KeePassXC: User Guide
+KeePassXC Team <team@keepassxc.org>
+:data-uri:
+:homepage: https://keepassxc.org
+:icons: font
+:imagesdir: images
+:stylesheet: styles/dark.css
+:toc: left
+:sectanchors:
+ifdef::backend-pdf[]
+:title-page:
+:title-logo-image: {imagesdir}/kpxc_logo.png
+:pdf-theme: styles/pdf_theme.yml
+:compress:
+endif::[]
+
+include::topics/Disclaimers.adoc[]
+
+<<<
+
+// Include feature topics and advanced sections
+
+include::topics/UserInterface.adoc[tags=*]
+
+include::topics/DatabaseOperations.adoc[tags=*]
+
+include::topics/PasswordGenerator.adoc[tags=*]
+
+include::topics/ImportExport.adoc[tags=*]
+
+include::topics/KeeShare.adoc[tags=*]
+
+include::topics/BrowserIntegration.adoc[tags=*]
+
+include::topics/Passkeys.adoc[tags=*]
+
+include::topics/AutoType.adoc[tags=*]
+
+include::topics/SSHAgent.adoc[tags=*]
+
+include::topics/Reference.adoc[tags=*]