22:37 feld 

security/libotr: Update to 4.1.1

Changes:
* Fix an integer overflow bug that can cause a heap buffer overflow (and
from there remote code execution) on 64-bit platforms
* Fix possible free() of an uninitialized pointer
* Be stricter about parsing v3 fragments
* Add a testsuite ("make check" to run it), but only on Linux for now,
since it uses Linux-specific features such as epoll
* Fix a memory leak when reading a malformed instance tag file
* Protocol documentation clarifications

MFH:		2016Q1
Security:	CVE-2016-2851

 

22:44 cs 

- Update to 4.1.0
- Use striping
- Please portlint
- Bump PORTREVISION

 

07:03 dougb 

Update libotr and pidgin-otr to 4.0.0

The main new features in 4.0.0:

* Support v3 of the OTR protocol

* The plugin now supports multiple OTR conversations with the same buddy
  who is logged in at multiple locations. In this case, a new OTR menu
  will appear, which allows you to select which session an outgoing
  message is indended for. Note that concurrent SMP authentications with
  the same buddy who is logged in multiple times is not yet supported
  (starting a second authentication will end the first).

* During a private conversation with a buddy, an incoming unencrypted
  message will now trigger the regular incoming message notifications.
  In Pidgin this includes showing the message in the top-right
  notification area, if it is normally configured to do so.

* When a private conversation begins, the plugin will indicate whether
  Pidgin is configured to log the conversation.

* By default, OTR conversations will not be logged by Pidgin.

* New translations.

* libotr API changes:

  - instance tags, to support multiple simultaneous logins

  - support for asynchronous private key generation

  - the ability to provide an "extra" symmetric key to applications
    (with forward secrecy)

  - applications can supply a formation conversion callback if they do
    not natively use XHTML-style UTF8 markup

  - error messages formerly provided by libotr are now handled using
    callbacks to the application, for better i18n support

  - otrl_message_sending now handles message fragmentation internally

 

08:39 dougb 

14 August 2012 libotr version 3.2.1 released

Versions 3.2.0 and earlier of libotr contain a small heap write overrun
(thanks to Justin Ferguson for the report), and a large heap read overrun
(thanks to Ben Hawkes for the report).

Add a vuxml entry, and tune up the notes about adding a new entry.

19:42 dougb 

Join the party, remove MD5 from the last of my ports

05:49 dougb 

Update to version 3.2.0, released June 15th. The configuration and
"OTR button" functionality have been moved to a menu. Also, "Buddy
authentication has been revamped, based on the user study published
in SOUPS 2008." The old authentication methods are still allowed.

In this version support for pkgconfig has been added, and the
shared library version number has been bumped.

This port has 3 consumers, net-im/climm, security/kopete-otr, and
security/pidgin-otr. Maintainers of the first two have confirmed
that this update works for them. An update for pidgin-otr is next.

This has been tested against pidgin 2.4.2 and 2.4.3.

Finally, I'm taking over maintainership per agreement with the
current maintainer.

20:57 dougb 

1. Update to version 3.1.0
2. Add a verify target for the PGP signature, and download the signature

Approved by:    maintainer

PR:             ports/115664 (pkg-plist fix)
Submitted by:   Matthias Andree <matthias.andree@gmx.de>

12:09 mnag 

Update to 3.0.0

PR:             92357
Submitted by:   Conor McDermottroe <ports@mcdermottroe.com> (maintainer)

01:03 edwin 

SHA256ify

Approved by: krion@

09:14 danfe 

Add libotr 2.0.1, the portable OTR Messaging Library and toolkit.

PR:             ports/79100
Submitted by:   Conor McDermottroe <ports(at)mcdermottroe.com>