3
* src/version.h: Update libotr version number to 3.2.1
7
* src/b64.[ch], src/proto.c, toolkit/parse.c: Clean up the
8
previous b64 patch and apply it to all places where
9
otrl_base64_decode() is called.
13
* src/b64.c: Use ceil instead of floor to compute the size
14
of the data buffer. This prevents a one-byte heap buffer
15
overflow. Thanks to Justin Ferguson <jnferguson@gmail.com>
20
* README: Release version 3.2.0.
24
* UPGRADING: Clarify what was new in 3.1.0, what was changed
29
* UPGRADING: Update documentation.
33
* src/*.[ch]: Update copyright dates to 2004-2008.
35
* src/tlv.h: Add new OTRL_TLV_SMP1Q TLV type to indicate an
36
instance of the first SMP message, with an explicit question.
39
* src/sm.c: More carefully track the progress of the SMP using a
40
new smp_prog_state field. Also keep track of whether Bob
41
received an explicit question from Alice using a new
42
received_question field.
44
* src/message.c: Handle explicit questions for the SMP.
46
* src/message.c: Behave better if an SMP message fails
51
* src/version.h: Update version number to 3.2.0.
56
* src/message.c: ISO C cleanups (no mixing declarations with
59
* src/sm.c: Fixed a 64-bit pointer error
63
* src/message.c: Behave sanely if we receive a totally malformed
70
* src/message.c: Implemented fragmentation of large messages
72
* src/message.h: New callback for fragmentation
75
* src/privkey.c (otrl_privkey_fingerprint_raw): New function to
76
return a raw hash of an account's public key
78
* src/proto.c: Keep track of the API version number passed to
85
* src/sm.c: Implemented the Socialist Millionaires' Protocol for
86
authenticating buddies without using user-visible fingerprints
89
* src/b64.c (decode, otrl_base64_decode): Corrected char vs.
94
* src/version.h: Change version number to 3.1.0
96
* Most files: Update copyright information
101
* src/message.c: Added account_name and account_name_free callbacks
102
to OtrlMessageAppOps to let the application choose how to
103
display the account name in OTR Error Messages. Based on a
104
patch from Evan Schoenberg <evan.s@dreskin.net>.
109
* src/privkey.c: Add routines to read and write privkey and
110
fingerprint data to FILE*s, instead of to filenames.
114
* Protocol-v2.html: Fix a typo, and correct the documentation
115
regarding when MAC keys are revealed.
119
* src/context.h: Change "struct fingerprint" to "struct
120
s_fingerprint" to appease some C++ compilers.
124
* src/auth.c (otrl_auth_handle_v1_key_exchange): Fix
125
uninitialized variable received_pub.
129
* src/message.c: Fix a typo, thanks to Anton Blanchard
134
* src/proto.h: Fix typo in policy #defines.
139
* src/version.h: Release version 3.0.0
143
* Protocol-v2.html: Clarified the uniqueness conditions for the
146
* src/auth.c (otrl_auth_handle_v1_key_exchange): Clear the auth
147
structure when we receive an unexpected v1 Key Exchange Message.
153
* src/message.c: Ensure version 2 AKEs are always done with
154
fresh D-H parameters.
158
* src/message.c: Add a "flags" field to the version 2 Data
159
Message, which can indicate that the Data Message should be
160
ignored if unreadable (as opposed to displaying an error).
164
* toolkit/otr_parse.c:
165
* toolkit/otr_remac.c: Deal with the new kind of Data Message.
167
* src/message.c: Use the gone_secure callback instead of the
168
still_secure callback if the other side changes its fingerprint.
173
* src/context.c: Added protocol_version as an explicit field in
177
* src/message.c: protocol_version no longer needs to be
178
explicitly passed to the gone_secure() and still_secure()
181
* packaging/fedora/libotr.spec: Patches from Paul
183
* src/proto.c (rotate_dh_keys): Avoid potential double
186
* src/tests.c: Regression test for double gcry_cipher_close().
190
* Major overhaul with implementation of version 2 AKE.
194
* toolkit/otr_parse.c (parse): Ignore MACs that are too short,
195
rather than going into an infinite loop.
199
* Protocol: Added section describing fragments.
202
* src/proto.c (otrl_proto_fragment_accumulate):
204
* src/context.c (new_context, otrl_context_force_setup): Keep
205
track of fragments in the ConnContext structure.
207
* src/message.c (otrl_message_receiving): Handle fragments in
210
* src/mem.c: Don't do arithmetic on void pointers.
215
* src/message.c: Move ops to be the first param of
216
new_fingerprint, as it is with all the other callbacks.
219
* src/context.c (otrl_context_set_preshared_secret):
221
* src/dh.c (otrl_dh_session, otrl_dh_cmpctr):
223
* src/message.c (otrl_message_sending, send_or_error, process_kem)
224
(otrl_message_receiving, otrl_message_disconnect):
226
* src/privkey.c (otrl_privkey_hash_to_human):
228
* src/proto.c (otrl_proto_create_data):
230
* src/tlv.c (otrl_tlv_new, otrl_tlv_parse, otrl_tlv_seriallen)
231
(otrl_tlv_serialize): Add missing "const"s. (Closes #1243963)
237
* packaging/fedora/libotr.spec:
238
* src/version.h: Change version to 3.0.0 (but don't yet release)
240
* Protocol: Clarify that, if the user requests to see the secure
241
session id in the middle of the conversation, the value
242
displayed should be the one calculated at the time the private
243
connection was established (the last Key Exchange Message that
244
caused a rekeying), _not_ the DH secure id calculated from DH
245
keys in more recent Data Messages.
247
* libotr.m4: Have the version check require an exact match on
248
the major version, since, for example, source that expects
249
libotr 2.0.0 won't work with libotr 3.0.0.
251
* libotr.m4: Add #include <stdlib.h> to the version test so that
252
it compiles cleanly with -Wall -Werror.
258
* src/context.c: Save the secure session id so that it can be
259
displayed to the user upon request, instead of only when the
260
private session is initially set up.
264
* src/context.c: Allow the app to set a "trust level" for
265
fingerprints. This is an arbitrary string, intended to indicate
266
whether (or possibly by what means) the user has verified that
267
this fingerprint is accurate.
270
* src/context.c: Allow the app to set an arbitrary binary
271
"preshared secret" for the ConnContext. This is currently
272
unused, but in the future it would allow for users to exchange a
273
secret _before_ they generate their fingerprints. [But the
274
protocol would have to be extended to support this.]
277
* src/message.c: Remove the "confirm_fingerprint" callback
278
which requires the user to acknowledge the new fingerprint
279
before it can be used. Replace it with a "new_fingerprint"
280
callback which merely informs the user that a new fingerprint
285
* libotr.m4: Fixed a bug which made configure fail to find the
286
libotr header files if they weren't in the standard place.
290
* src/privkey.c (otrl_privkey_read_fingerprints): Allow fields,
291
particularly accountnames, to contain spaces. Closes #1198379.
297
* packaging/fedora/libotr.spec:
298
* src/version.h: Change version to 2.0.2
300
* packaging/debian: Remove this directory, as Thibaut VARENE
301
<varenet@debian.org> is now responsible for the debian packages.
305
* src/privkey.c (otrl_privkey_hash_to_human): Avoid writing a
306
NUL one byte past the end of the buffer
312
* packaging/debian/changelog:
313
* packaging/fedora/libotr.spec:
314
* src/version.h: Change version to 2.0.1
318
* src/message.c (otrl_message_sending, otrl_message_receiving)
319
(otrl_message_disconnect):
320
* src/proto.c (otrl_proto_accept_key_exchange)
321
(otrl_proto_create_data, otrl_proto_accept_data): Don't send
322
encrypted messages to a buddy who has disconnected his private
325
* src/message.c (otrl_message_sending): Don't show the user the
326
"the last message was resent" notice if the message has never
327
actually been sent before.
331
* src/proto.c (otrl_proto_create_data): Copy the msg before
332
using since, since it may be an alias for context->lastmessage,
333
which we're going to gcry_free().
339
* packaging/debian/changelog:
340
* packaging/fedora/libotr.spec:
341
* src/version.h: Change version to 2.0.0
346
* src/context.c (new_context, otrl_context_force_setup):
347
* src/message.c (otrl_message_sending, otrl_message_receiving):
348
* src/proto.c (otrl_proto_accept_key_exchange): Keep track of
349
whether the last message is eligible for retransmission.
355
* packaging/debian/changelog:
356
* packaging/fedora/libotr.spec:
357
* src/version.h: Change version to 1.99.0
359
* packaging/debian/libotr1.dirs:
360
* packaging/debian/libotr1.install:
361
* packaging/debian/rules: Build and install with the correct mandir
363
* packaging/debian/rules: Install a shlibs file
365
* packaging/debian/control: Add Replaces: to the packages so
366
that dpkg -i will install them.
368
* toolkit/Makefile.am: Create the mandir if it's not yet there
370
* packaging/debian/libotr1-dev.dirs:
371
* packaging/debian/libotr1-dev.install:
372
* packaging/fedora/libotr.spec: Package the libotr.m4 file
374
* Protocol: Added sections on policies and TLVs
380
* toolkit/Makefile.am: Use automake-1.8
386
* src/Makefile.am: add new files tlv.c and tlv.h
388
* src/message.c (otrl_message_sending): Allow you to specify a
389
TLV chain to attach to a message.
391
* src/message.c (otrl_message_receiving): Also return any TLV
392
chain attached to the message, if present.
394
* src/README: Document new TLV parameters to message functions.
396
* src/message.c (otrl_message_receiving): No longer handle
397
messages starting with "?OTR:" specially; that functionality now
400
* src/message.c (otrl_message_disconnect): Send the notice of
401
disconnect as a OTRL_TLV_DISCONNECTED TLV.
405
* README: update documentation for 2.0.0 API
407
* src/message.c (otrl_message_receiving): Only send heartbeats
408
in response to "real" messages.
410
* src/message.c (otrl_message_receiving): If we receive a DATA
411
message whose *plaintext* starts with "?OTR:", display it with
412
display_otr_message if possible.
414
* src/message.c (otrl_message_receiving): Display OTR_ERROR
415
messages without the leading '?' using display_otr_message.
417
* src/message.h (otrl_message_disconnect):
418
* src/message.c (otrl_message_disconnect): new function
420
* src/message.c (otrl_message_receiving): Display the "received
421
unencrypted" warning message if we receive an unencrypted
422
message with policy ALWAYS, even when not CONNECTED.
426
* src/proto.c (otrl_proto_accept_key_exchange):
427
* src/message.c (otrl_message_sending, process_kem): Make the
428
retransmission of an unencrypted message in ALWAYS work.
432
* src/message.h: New callback for checking whether a given user
435
* src/message.c (otrl_message_sending): Notify the user if he
436
attempts to send an unencrypted message with policy ALWAYS.
438
* src/message.h: New callback for fetching OTR policy
439
* src/message.c (otrl_message_sending): Create a ConnContext if
440
we don't have one already. Use it to fetch the OTR policy.
441
Just return if the policy is NEVER. Only append the whitespace
442
tag if the policy is OPPORTUNISTIC or ALWAYS. Don't send
443
unencrypted messages in ALWAYS, but store them for
444
retransmission later.
445
* src/message.c (otrl_message_receiving): Fetch the OTR policy.
446
Just return if the policy is NEVER. Only send a Key Exchange
447
Message in response to an unexpected Data or Error Message in
448
OPPORTUNISTIC and ALWAYS. Only recognize the whitespace tag in
449
OPPORTUNISTIC and ALWAYS.
452
* src/message.c: add accountname/protocol/username parameters to
456
* src/message.c: add display_otr_message callback for displaying
461
* src/privkey.h: #include <gcrypt.h> since we use things from
462
libgcrypt in the .h file
465
* src/proto.c: Make otrl_init take unsigned ints as arguments.
470
* src/proto.c: Keep track of the last message sent, and
471
potentially resend it if sending it the first time triggered a
472
rekey (because the other side had lost its OTR state, for
477
* packaging/debian/control: Changed debian package names to
478
libotr1 and libotr1-dev.
480
* libotr.m4: Added copyright notice, more comments
483
* src/userstate.h: New files
485
* src/Makefile.am: Added -Wall to default CFLAGS
486
* toolkit/Makefile.am: Added -Wall to default CFLAGS
488
* src/context.c (otrl_context_find, otrl_context_forget_all):
489
* src/context.h (otrl_context_find, otrl_context_forget_all):
490
* src/message.c (otrl_message_sending, process_kem)
491
(process_confresp, otrl_message_receiving):
492
* src/message.h (otrl_message_sending, otrl_message_receiving)
493
(OtrlMessageAppOps.confirm_fingerprint):
494
* src/privkey.c (otrl_privkey_fingerprint, otrl_privkey_read)
495
(otrl_privkey_generate, otrl_privkey_read_fingerprints)
496
(otrl_privkey_write_fingerprints, otrl_privkey_find)
497
(otrl_privkey_forget_all):
498
* src/privkey.h (otrl_privkey_fingerprint, otrl_privkey_read)
499
(otrl_privkey_generate, otrl_privkey_read_fingerprints)
500
(otrl_privkey_write_fingerprints, otrl_privkey_find)
501
(otrl_privkey_forget_all):
502
* src/proto.c (otrl_proto_create_key_exchange)
503
(otrl_proto_accept_key_exchange):
504
* src/proto.h (otrl_proto_create_key_exchange)
505
(otrl_proto_accept_key_exchange): Added OtrlUserState parameter
506
to many calls, eliminating global state.
508
* src/privkey.c (otrl_privkey_fingerprint): the buffer is now
509
passed in, and not static
513
* src/version.h: bumped version number to 2.0.0 because API
515
* configure.ac: bumped version number to 2.0.0 because API
518
* src/message.h: added accountname parameter to
519
confirm_fingerprint callback
520
* src/message.c: passed accountname to confirm_fingerprint
523
* libotr.m4: new file
524
* Makefile.am: install (and uninstall) new libotr.m4 file
526
* tools/Makefile.am: clean up manpage symlinks and add an
531
* src/proto.h: moved numeric version defines into version.h
532
* src/version.h: moved numeric version defines into version.h
534
* src/message.c (otrl_message_receiving): Update the context
535
list if we create a new context
541
Initial autoconfiscation, thanks to Greg Troxel <gdt@ir.bbn.com>.
543
* src/message.c: log, but otherwise ignore, unrecognized OTR