/libotr, Library for Off-The-Record encrypted messaging
4.1.1, Package name:
libotr-4.1.1, Maintainer: nathanw
This is the portable OTR Messaging Library, as well as the toolkit to
help you forge messages.
Off-the-Record (OTR) Messaging allows you to have private
conversations over instant messaging by providing:
No one else can read your instant messages.
You are assured the correspondent is who you think it is.
The messages you send do not have digital signatures that are
checkable by a third party. Anyone can forge messages after a
conversation to make them look like they came from you. However,
during a conversation, your correspondent is assured the messages
he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation
Required to run:
Master sites: SHA1:
Version history: (Expand)
- (2016-03-10) Updated to version: libotr-4.1.1
- (2014-10-21) Updated to version: libotr-4.1.0
- (2014-01-01) Updated to version: libotr-4.0.0nb1
- (2012-09-06) Updated to version: libotr-4.0.0
- (2012-08-15) Updated to version: libotr-3.2.1
- (2012-08-09) Updated to version: libotr-3.2.0nb2
CVS history: (Expand)
| 2016-03-09 19:04:17 by Greg Troxel | Files touched by this commit (2) | |
Update to 4.1.1.
This is a security release addressing CVE-2016-2851.
- Fix an integer overflow bug that can cause a heap buffer overflow (and
from there remote code execution) on 64-bit platforms
- Fix possible free() of an uninitialized pointer
- Be stricter about parsing v3 fragments
- Add a testsuite ("make check" to run it), but only on Linux for now,
since it uses Linux-specific features such as epoll
- Fix a memory leak when reading a malformed instance tag file
- Protocol documentation clarifications
| 2015-11-03 02:20:26 by Alistair G. Crooks | Files touched by this commit (119) |
Add SHA512 digests for distfiles for chat category
Problems found with existing distfiles:
No changes made to these /distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
| 2014-10-21 13:46:31 by Greg Troxel | Files touched by this commit (2) | |
Update to 4.1.0.
21 Oct 2014:
- Release 4.1.0
- Modernized autoconf build system
- Use constant-time comparisons where needed
- Use gcrypt secure memory allocation
- Correctly reject attempts to fragment a message into too many pieces
- Fix a missing opdata when sending message fragments
- Don't lose the first user message when REQUIRE_ENCRYPTION is set
- Fix some memory leaks
- Correctly check for children contexts' state when forgetting a context
- API Changes:
- Added API functions otrl_context_find_recent_instance and
| 2014-01-01 12:52:43 by Thomas Klausner | Files touched by this commit (776) |
Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump.
| 2012-11-21 02:45:01 by Greg Troxel | Files touched by this commit (1) |
Adjustt commentabout avoiding O2/SSP bug.
(No non-comment change.)
| 2012-10-03 02:02:47 by Aleksej Saushev | Files touched by this commit (131) |
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
| 2012-09-06 02:23:19 by Greg Troxel | Files touched by this commit (4) | |
Update to 4.0.0.
Note that while the protocol is compatible, the API is not, and hence
there will be a pidgin-otr update within minutes.
There is an apparent gcc 4.1.3 -O2/SSP bug, which is avoided by
disabling SSP in libotr (which libotr finds and turns on). This is
temporary pending more fine-grained control and/or a fix.
Update to libotr 4.0.0. Note that libotr 4.x is API-incompatible with
libotr 3.x; upstream thinks this is ok, so pkgsrc won't try to work
24 Aug 2012:
- Release 4.0.0
- Support v3 of the OTR protocol
- The main new feature: sensibly handle the case where a user is logged
in multiple times to the same IM account
- API changes:
- instance tags, to support multiple simultaneous logins
- support for asynchronous private key generation
- the ability to provide an "extra" symmetric key to applications
(with forward secrecy)
- applications can supply a formation conversion callback if they do
not natively use XHTML-style UTF8 markup
- error messages formerly provided by libotr are now handled using
callbacks to the application, for better i18n support
- otrl_message_sending now handles message fragmentation internally
| 2012-08-15 00:08:09 by Greg Troxel | Files touched by this commit (6) | |
Update to 3.2.1.
(This is a security release, but pkgsrc already had patches from
This version corrects two heap overflows reported by our users:
- A small write overflow, reported by Justin Ferguson
- A large read overflow, reported by Ben Hawkes