summaryrefslogtreecommitdiff
path: root/chat/libotr
AgeCommit message (Collapse)AuthorFilesLines
2016-03-09Update to 4.1.1.gdt2-7/+7
This is a security release addressing CVE-2016-2851. - Fix an integer overflow bug that can cause a heap buffer overflow (and from there remote code execution) on 64-bit platforms - Fix possible free() of an uninitialized pointer - Be stricter about parsing v3 fragments - Add a testsuite ("make check" to run it), but only on Linux for now, since it uses Linux-specific features such as epoll - Fix a memory leak when reading a malformed instance tag file - Protocol documentation clarifications
2015-11-03Add SHA512 digests for distfiles for chat categoryagc1-1/+2
Problems found with existing distfiles: distfiles/icb-5.0.9.tar.gz distfiles/icb.2.1.4.tar.Z distfiles/zenicb-19981202.tar.gz No changes made to these /distinfo files. Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
2014-10-21Update to 4.1.0.gdt2-7/+10
21 Oct 2014: - Release 4.1.0 - Modernized autoconf build system - Use constant-time comparisons where needed - Use gcrypt secure memory allocation - Correctly reject attempts to fragment a message into too many pieces - Fix a missing opdata when sending message fragments - Don't lose the first user message when REQUIRE_ENCRYPTION is set - Fix some memory leaks - Correctly check for children contexts' state when forgetting a context - API Changes: - Added API functions otrl_context_find_recent_instance and otrl_context_find_recent_secure_instance.
2014-01-01Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump.wiz2-3/+4
2012-11-21Adjustt commentabout avoiding O2/SSP bug.gdt1-3/+1
(No non-comment change.)
2012-10-03Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.asau1-3/+1
2012-09-06Update to 4.0.0.gdt4-10/+31
Note that while the protocol is compatible, the API is not, and hence there will be a pidgin-otr update within minutes. There is an apparent gcc 4.1.3 -O2/SSP bug, which is avoided by disabling SSP in libotr (which libotr finds and turns on). This is temporary pending more fine-grained control and/or a fix. Update to libotr 4.0.0. Note that libotr 4.x is API-incompatible with libotr 3.x; upstream thinks this is ok, so pkgsrc won't try to work around it. 24 Aug 2012: - Release 4.0.0 - Support v3 of the OTR protocol - The main new feature: sensibly handle the case where a user is logged in multiple times to the same IM account - API changes: - instance tags, to support multiple simultaneous logins - support for asynchronous private key generation - the ability to provide an "extra" symmetric key to applications (with forward secrecy) - applications can supply a formation conversion callback if they do not natively use XHTML-style UTF8 markup - error messages formerly provided by libotr are now handled using callbacks to the application, for better i18n support - otrl_message_sending now handles message fragmentation internally
2012-08-14Update to 3.2.1.gdt6-165/+7
(This is a security release, but pkgsrc already had patches from upstream.) This version corrects two heap overflows reported by our users: - A small write overflow, reported by Justin Ferguson - A large read overflow, reported by Ben Hawkes
2012-08-09att patches from upstream to fix buffer overflow in the base64drochner6-3/+161
decoder which can lead to crashes or potentially code injection (CVE-2012-3461) bump PKGREV
2012-05-07Set BUILDLINK_ABI_DEPENDS correctly (with +=, not ?=)dholland1-2/+2
It turns out there were a lot of these.
2011-04-22recursive bump from gettext-lib shlib bump.obache2-2/+4
2009-06-14Remove @dirrm entries from PLISTsjoerg1-2/+1
2009-03-20Simply and speed up buildlink3.mk files and processing.joerg1-13/+6
This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time.
2008-07-14Mark as destdir ready.joerg1-1/+3
2008-06-17Update to 3.2.0.gdt3-8/+8
- Added support for one-way authentication using an explicit question, based on the SOUPS 2008 user study.
2007-11-11libgcrypt is needed for building programs, as reported in PR 37361.rillig1-1/+3
2007-08-30bl3 on gettext-lib, PKGREVISION++gdt1-1/+3
2007-08-02Update to 3.1.0.gdt3-7/+12
Override libtool; otherwise the distfile libtool inexplicably gets the wrong shlib version. Changes since 3.0.0: - Added fragmentation support for large messages - Added new method for buddy authentication which does not require the (explicit) use of fingerprints.
2006-07-08Change the format of BUILDLINK_ORDER to contain depth information as well,jlam1-2/+2
and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto
2006-07-08Track information in a new variable BUILDLINK_ORDER that informs usjlam1-1/+2
of the order in which buildlink3.mk files are (recursively) included by a package Makefile.
2006-04-12Aligned the last line of the buildlink3.mk files with the first line, sorillig1-2/+2
that they look nicer.
2006-04-06Over 1200 files touched but no revisions bumped :)reed1-2/+2
RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
2006-02-13Update to version 3.0.0salo5-63/+12
From Jason White, via PR pkg/32451 Changes: - Support for OTR protocol version 2; will still interoperate with version 1 clients (though with a warning to the user), fixes identity-binding flaw http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.html
2006-02-05Recursive revision bump / recommended bump for gettext ABI change.joerg2-2/+4
2005-09-09remove "BUILDLINK_DEPMETHOD.libotr?= build", because dependinggdt1-2/+1
packages can dynamically link libotr and thus must depend on it. reviewed by wiz@
2005-07-30Added a patch to fix void* arithmetic.rillig2-1/+53
2005-07-27update to 2.0.2:gdt2-6/+6
* src/privkey.c (otrl_privkey_hash_to_human): Avoid writing a NUL one byte past the end of the buffer
2005-04-11Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.tv1-2/+1
2005-03-25I put this package in security, not chat; update the buildlink file tonathanw1-2/+2
match.
2005-03-24Initial import of libotr-2.0.1.nathanw5-0/+86
This is the portable OTR Messaging Library, as well as the toolkit to help you forge messages. Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: Encryption No one else can read your instant messages. Authentication You are assured the correspondent is who you think it is. Deniability The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. Perfect forward secrecy If you lose control of your private keys, no previous conversation is compromised.