pkgsrc.se | The NetBSD package collection

./chat/libotr, Library for Off-The-Record encrypted messaging

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2015Q4, Version: 4.1.1, Package name: libotr-4.1.1, Maintainer: nathanw

This is the portable OTR Messaging Library, as well as the toolkit to
help you forge messages.

Off-the-Record (OTR) Messaging allows you to have private
conversations over instant messaging by providing:

Encryption
No one else can read your instant messages.
Authentication
You are assured the correspondent is who you think it is.
Deniability
The messages you send do not have digital signatures that are
checkable by a third party. Anyone can forge messages after a
conversation to make them look like they came from you. However,
during a conversation, your correspondent is assured the messages
he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation
is compromised.

Required to run:
[security/libgcrypt]

Master sites:

http://www.cypherpunks.ca/otr/ (Download)

SHA1: 3894b82a6c307ad011681ad342d69b18344933ae
RMD160: 528c5ad4ba89f3225bebf5b5ecadf815239fed88
Filesize: 640.421 KB

Version history: (Expand)

(2016-03-22) Updated to version: libotr-4.1.1
(2016-01-02) Package added to pkgsrc.se, version libotr-4.1.0 (created)

CVS history: (Expand)

2016-03-22 20:04:34 by Benny Siegert | Files touched by this commit (2)

Log message:
Pullup ticket #4954 - requested by gdt
chat/libotr: security fix

Revisions pulled up:
- chat/libotr/Makefile                                          1.18
- chat/libotr/distinfo                                          1.12

---
   Module Name:	pkgsrc
   Committed By:	gdt
   Date:		Wed Mar  9 18:04:17 UTC 2016

   Modified Files:
   	pkgsrc/chat/libotr: Makefile distinfo

   Log message:
   Update to 4.1.1.

   This is a security release addressing CVE-2016-2851.

   - Fix an integer overflow bug that can cause a heap buffer overflow (and
     from there remote code execution) on 64-bit platforms
   - Fix possible free() of an uninitialized pointer
   - Be stricter about parsing v3 fragments
   - Add a testsuite ("make check" to run it), but only on Linux for now,
     since it uses Linux-specific features such as epoll
   - Fix a memory leak when reading a malformed instance tag file
   - Protocol documentation clarifications