| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Note that while the protocol is compatible, the API is not, and hence
there will be a pidgin-otr update within minutes.
There is an apparent gcc 4.1.3 -O2/SSP bug, which is avoided by
disabling SSP in libotr (which libotr finds and turns on). This is
temporary pending more fine-grained control and/or a fix.
Update to libotr 4.0.0. Note that libotr 4.x is API-incompatible with
libotr 3.x; upstream thinks this is ok, so pkgsrc won't try to work
around it.
24 Aug 2012:
- Release 4.0.0
- Support v3 of the OTR protocol
- The main new feature: sensibly handle the case where a user is logged
in multiple times to the same IM account
- API changes:
- instance tags, to support multiple simultaneous logins
- support for asynchronous private key generation
- the ability to provide an "extra" symmetric key to applications
(with forward secrecy)
- applications can supply a formation conversion callback if they do
not natively use XHTML-style UTF8 markup
- error messages formerly provided by libotr are now handled using
callbacks to the application, for better i18n support
- otrl_message_sending now handles message fragmentation internally
|
|
(This is a security release, but pkgsrc already had patches from
upstream.)
This version corrects two heap overflows reported by our users:
- A small write overflow, reported by Justin Ferguson
- A large read overflow, reported by Ben Hawkes
|
|
decoder which can lead to crashes or potentially code injection
(CVE-2012-3461)
bump PKGREV
|
|
- Added support for one-way authentication using an explicit question,
based on the SOUPS 2008 user study.
|
|
Override libtool; otherwise the distfile libtool inexplicably gets the
wrong shlib version.
Changes since 3.0.0:
- Added fragmentation support for large messages
- Added new method for buddy authentication which does not require the
(explicit) use of fingerprints.
|
|
From Jason White, via PR pkg/32451
Changes:
- Support for OTR protocol version 2; will still interoperate with version 1
clients (though with a warning to the user), fixes identity-binding flaw
http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.html
|
|
|
|
* src/privkey.c (otrl_privkey_hash_to_human): Avoid writing a
NUL one byte past the end of the buffer
|
|
This is the portable OTR Messaging Library, as well as the toolkit to
help you forge messages.
Off-the-Record (OTR) Messaging allows you to have private
conversations over instant messaging by providing:
Encryption
No one else can read your instant messages.
Authentication
You are assured the correspondent is who you think it is.
Deniability
The messages you send do not have digital signatures that are
checkable by a third party. Anyone can forge messages after a
conversation to make them look like they came from you. However,
during a conversation, your correspondent is assured the messages
he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation
is compromised.
|
