author Jorg K <>
Sat, 05 Oct 2019 16:18:07 +0200
changeset 35909 9ba6a8a5bcb8611538067db06d4544b1c5bdad36
parent 35648 8c34fc693509a149c5e8d490725c3b82a69acef1
permissions -rw-r--r--
No bug - Pin mozilla-esr68 (FIREFOX_68_1_0esr_RELEASE, THUNDERBIRD_68_VERBRANCH) for release. a=jorgk

9 Mar 2016:
- Release 4.1.1
- Fix an integer overflow bug that can cause a heap buffer overflow (and
  from there remote code execution) on 64-bit platforms
- Fix possible free() of an uninitialized pointer
- Be stricter about parsing v3 fragments
- Add a testsuite ("make check" to run it), but only on Linux for now,
  since it uses Linux-specific features such as epoll
- Fix a memory leak when reading a malformed instance tag file
- Protocol documentation clarifications

21 Oct 2014:
- Release 4.1.0
- Modernized autoconf build system
- Use constant-time comparisons where needed
- Use gcrypt secure memory allocation
- Correctly reject attempts to fragment a message into too many pieces
- Fix a missing opdata when sending message fragments
- Don't lose the first user message when REQUIRE_ENCRYPTION is set
- Fix some memory leaks
- Correctly check for children contexts' state when forgetting a context
- API Changes:
  - Added API functions otrl_context_find_recent_instance and

24 Aug 2012:
- Release 4.0.0
- Support v3 of the OTR protocol
- The main new feature: sensibly handle the case where a user is logged
  in multiple times to the same IM account
- API changes:
  - instance tags, to support multiple simultaneous logins
  - support for asynchronous private key generation
  - the ability to provide an "extra" symmetric key to applications
    (with forward secrecy)
  - applications can supply a formation conversion callback if they do
    not natively use XHTML-style UTF8 markup
  - error messages formerly provided by libotr are now handled using
    callbacks to the application, for better i18n support
  - otrl_message_sending now handles message fragmentation internally

27 May 2008:
- Added support for one-way authentication using an explicit question,
  based on the SOUPS 2008 user study.

1 Aug 2007:
- Released 3.1.0

24 Jul 2007:
- Added fragmentation support for large messages
- Added new method for buddy authentication which does not require the
  (explicit) use of fingerprints.

02 Nov 2005:
- Released 3.0.0

16 Oct 2005:
- Major overhaul with implementation of version 2 of the protocol.

24 Jun 2005:
- Remove the "confirm_fingerprint" callback which requires the user to
  acknowledge the new fingerprint before it can be used.  Replace it
  with a "new_fingerprint" callback which merely informs the user that a
  new fingerprint has been received.
- Allow the app to set a "trust level" for fingerprints.  This is an
  arbitrary string, intended to indicate whether (or possibly by what
  means) the user has verified that this fingerprint is accurate.
- Clarify that, if the user requests to see the secure session id in
  the middle of the conversation, the value displayed should be the one
  calculated at the time the private connection was established (the
  last Key Exchange Message that caused a rekeying), _not_ the DH secure
  id calculated from DH keys in more recent Data Messages.

03 May 2005:
- Released 2.0.2

16 Feb 2005:
- Released 2.0.1
- Don't send encrypted messages to a buddy who has disconnected his
  private connection with us.
- Don't show the user the "the last message was resent" notice if the
  message has never actually been sent before.
- Fix a crash bug that happened when messages were retransmitted under
  certain circumstances.

08 Feb 2005:
- Released 2.0.0
- Keep track of whether a given message is eligible for retransmission

02 Feb 2005:
- Released 1.99.0, the first preview release of 2.0.0

31 Jan 2005:
- Machine-readable records can now be attached to Data Messages inside
  the private channel.

30 Jan 2005:
- New OtrlUserState datatype encapsulates private keys and known
  fingerprints, instead of having a single global list.
- Added libotr.m4 for helping to autoconfiscate packages that use
- Resend the last message if it caused a re-keying.
- New OtrlPolicy datatype allows you to specify a per-connection OTR
  policy: never use OTR, OTR only if manually requested, automatically
  start OTR if possible, refuse to *not* use OTR.
- New callbacks: display_otr_message, policy, is_logged_in

22 Jan 2005:
- Released 1.0.4
- Log, but otherwise ignore, unrecognized OTR messages.
- Initial autoconfiscation, thanks to Greg Troxel <>. 

18 Jan 2005:
- Released 1.0.3
- Split gaim-otr and libotr into separate packages.

13 Jan 2005:
- Generate private keys automatically, if needed.  Show a Please Wait
  dialog while this is happening.
- We may as well try to use the "tag" method of checking for OTR, even
  when we don't already know a fingerprint for the correspondent.
- Add version checking to the otrl_init() call.

12 Jan 2005:
- Refactored the logic parts of gaim-otr into libotr, so they can be
  shared by other libotr-enabled apps.

21 Dec 2004:
- Released 1.0.2
- If a Man-in-the-Middle steals both Alice's and Bob's DSA private keys,
  he can perform a birthday attack to try to get his session id with
  each end to match.  Since the session id was only 64 bits long, his
  work was only 2^32, which is not enough.  We now make the session id
  the whole SHA-1 hash, instead of truncating it.
- Made otr_sesskeys output the calculated public key as well, for added
  ease of forging messages when you don't know any plaintext.

14 Dec 2004:
- Released 1.0.1
- Added a more sensible error message in the event that we receive our
  own OTR Key Exchange messages.
- If we're about to send a plaintext message to a correspondent for whom
  we've got a fingerprint, append a special (whitespace) OTR tag
  sequence.  The other side (if in fact running OTR) will recognize it
  and start a Key Exchange.

12 Dec 2004:
- Released 1.0.0

11 Dec 2004:
- OTR button now gets sensitized and desensitized along with the other
  buttons in the conversation window when you log in and out of

10 Dec 2004:
- Released 0.9.9rc2
- Heartbeats now only get sent if (1) we have just received a message,
  and (2) we haven't sent one to that user in over a minute.

09 Dec 2004:
- Back out of the sending of heartbeats.  They were causing too many
  problems.  It seems some networks don't let buddies know when you
  log out, and then you get a dialog box "unable to send message" each
  minute.  :-(

08 Dec 2004:
- Released 0.9.9rc1
- Removed the 100 private connection limit, by not using a fixed amount
  of secure memory.  Unfortuantely, this means that *no* memory is
  pinned any more, but pinning only ever happened before in the unlikely
  event you ran gaim as root.
- Changed the "Private connection with (username) refreshed" dialog at
  Paul's request so that it's no longer in "scary" "evil" bold, and
  rephrased it so it's less likely to be misread as "refused" instead of
  "refreshed".  ;-)
- We now send heartbeats (OTR Data Messages with an empty message part)
  once a minute, to anyone we're confident is still online.  If both
  sides are doing this, then keys get rotated regularly, even if one
  or both sides aren't actively typing.  This aids perfect forward

04 Dec 2004:
- Fixed a bug wherein multi-person chat windows would get the OTR button
  in their button bar if the OTR plugin was enabled when one of them was

03 Dec 2004:
- Released 0.9.1

02 Dec 2004:
- Clicking "OTR: Private" when you're already private will display an
  info dialog letting you know the connection was refreshed (assuming it
  actually is; if the other side isn't running OTR at all, the dialog
  doesn't show, and if the other side had lost its private connection, a
  new one will be established, with the "new private connection" dialog
  displayed to each side (as before)).
- The toolip for "OTR: Private" is now "Refresh the private connection".
- "make install" now depends on "make all".
- Added man page for OTR toolkit programs
- Log a debug message when we receive and discard a heartbeat

1 Dec 2004:
- Fixed the Makefiles so that "make clean" also removes the binaries
- Fixed the Makefiles so that they install into DESTDIR
- Added packaging/debian

30 Nov 2004:
- Released 0.9.0
- Included the OTR Messaging Toolkit.  See the README for details.

28 Nov 2004:
- Finished the Protocol document
- Changed the name of the plugin binary from "" to
  "".  *** NOTE: this means you'll have to (1) remove the
  old file from your plugins directory, and (2) re-enable
  the Off-the-Record Messaging plugin in the Preferences panel.
- Included MAC keys used to create messages in the revealed MAC section
  of the Data message, in addition to MAC keys used to verify messages.
- Set all exported symbols to start with otrl_ (for the library) or
  otrg_ (for the gaim plugin), in preparation for moving the pieces
  into their own directories.
- If we receive a Data message with no actual message in it, don't
  display it to the user.  This may eventually be useful for doing
  "heartbeat" key rotations.
- Separated libotr and gaim-otr into their own directories.

27 Nov 2004:
- Switched from using gaim_notify_* to a slightly modified version that
  doesn't grab the focus

26 Nov 2004:
- Put all the cipher operations in secure memory.  This makes each
  private connection take 9472 bytes of secure memory, so we up the
  available amount of secure memory to 100 times that.  Eventually,
  we'd like to make this dynamically grow.

25 Nov 2004:
- Released 0.8.3
- Don't put the DSA keys in libgcrypt secure memory, since (a) we read
  them off disk anyway, and (b) we want to avoid running out of secure
- Removed the "Do you want to start a private conversation" dialogs when
  one side in encrypted and the other side isn't, and instead just try
  to start one if we know for sure the other side supports it.
- Sped up the DH computations by using a 320-bit exponent.

23 Nov 2004:
- Released 0.8.2
- There was a crash if you received an OTR Query before setting up a
  private key.  Fixed.
- The fingerprint in the UI is now selectable, for cut/paste.
- *** Protocol change.  We're no longer backward compatible.
  - The "revealed MAC keys" moved out of the MAC'd region of the data
    packet.  It's not wrong where it is, but it's more obviously
    correct in the new place.

22 Nov 2004:
- Released 0.8.1
- Jabber wasn't working, for two reasons:
  - it sticks <tags>...</tags> around the message
  - it refers to the same user by multiple names; e.g. ""
    vs. ""
  Both are now fixed: we look for the OTR message anywhere in the packet
  now, not just at the beginning, and we normalize all usernames.
- Each account now has its own private key / fingerprint
  - This is so you don't automatically leak the information that the
    accounts are owned by the same person
- There's a better indicator of private / not private status in the
  conversation window, which you can click to start the private

21 Nov 2004:
- Initial 0.8.0 release