-
Notifications
You must be signed in to change notification settings - Fork 5
/
NEWS
330 lines (280 loc) · 12.7 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
9 Mar 2016:
- Updated Spanish, German, Norwegian Bokmål translations.
- New Danish translation.
- Fix use-after-free issue during SMP.
- Release 4.0.2
21 Oct 2014:
- Hardened Windows build
- Fix max message size for Novell Groupwise
- New Czech, Finnish, Brazilian Portuguese, Norwegian Bokmål
translations. Updated French, Chinese translations.
- Release 4.0.1
24 Aug 2012:
- Release 4.0.0
21 Jun 2012:
- Fixed an issue that happened when enabling the OTR plugin while a
conversation is open.
- Release 4.0.0-beta2
7 Jun 2012:
- The plugin now supports multiple OTR conversations with the same
buddy who is logged in at multiple locations. In this case, a new
OTR menu will appear, which allows you to select which session an
outgoing message is indended for. Note that concurrent SMP
authentications with the same buddy who is logged in multiple times
is not yet supported (starting a second authentication will end the
first).
- During a private conversation with a buddy, an incoming unencrypted
message will now trigger the regular incoming message notifications.
In Pidgin this includes showing the message in the top-right
notification area, if it is normally configured to do so.
- New Italian, Swedish, Polish and Vietnamese translations. Updates to
the French translation.
- When a private conversation begins, the plugin will indicate whether
Pidgin is configured to log the conversation.
- By default, OTR conversations will not be logged by Pidgin.
- Fingerprints in the manual authentication dialog are now selectable
- The plugin will no longer delete the OTR menus if a non-foreground
conversation window is closed.
- Except on WIN32, the plugin will now set the umask to 0077 before
creating the otr.* files in the purple directory so that they end up
mode 0600.
- The menu item now says "Reauthenticate buddy" when the buddy is
already authenticated.
- Release 4.0.0-beta1
28 May 2008:
- The functionality of the OTR button has now moved to a menu. There's
an "OTR" menu, as well as an icon showing the current OTR state of
each active conversation in the window.
- New OTR icons from <[email protected]>
- OTR icons show up inline in the conversation window when the OTR
status changes.
- Buddy authentication has been revamped, based on the user study
published in SOUPS 2008. The default is now to choose a question and
an answer only you and the buddy should know. The question is
displayed to the buddy, who is prompted for the answer. The "shared
secret" and "fingerprint" authentication methods are still available.
- Translations for Arabic, German, Russian, Hungarian
1 Aug 2007:
- Released 3.1.0
31 Jul 2007:
- Translations for English, Dutch, Spanish, French, Slovak
24 Jul 2007:
- Added option to not log OTR conversations
- Large messages are now fragmented transparently instead of failing
- Removed "view secure session id" and "verify fingerprint" options from
OTR button menu. Added "authenticate buddy" option in its place. This
new option allows you to authenticate your buddies by entering some
secret that only the two of you know, rather than by using a long
user-unfriendly sequence of hex characters. [The old "verify
fingerprint" dialog is still available via an "Advanced..." button
from the new "authenticate buddy" dialog.]
06 May 2007:
- Ported to Pidgin 2.0.0
02 Nov 2005:
- Released 3.0.0
16 Oct 2005:
- There are now four states a conversation can be in:
* Not Private (not using OTR)
* Unverified (using OTR, but to a fingerprint that hasn't
been verified, so you are subject to a straightforward
active attack)
* Private (using OTR with a verified fingerprint)
* Finished (the other person has ended his side of the OTR
conversation, so we won't send any more messages at all
until we either end our side, or start a new OTR
conversatrion)
- There are new icons for these states that appear in the OTR button.
24 Jun 2005:
- Right-clicking the OTR button now produces an OTR menu, with options
to start or end the private conversation, verify the fingerprint, view
the secure session id, or get help.
- The OTR button obeys the user's requested style (text only, pictures
only, pictures and text, none). Note that if the user chooses "none",
there's currently no way to reach the aforementioned menu.
- The "private connection established", "private connection refreshed",
and "private connection ended" messages no longer pop up dialog boxes.
Instead, they appear inline in the conversation window. The session
id and fingerprint which used to appear in the "private connection
established" dialog are now viewable via the OTR button right-click
menu.
27 May 2005:
- The OTR button no longer disappears if you change your button style in
the gaim preferences.
- There is now a right-click context menu on the OTR button.
19 May 2005:
- OTR doesn't work over IRC (since IRC's maximum message size is too
small for a Key Exchange Message to fit), so don't even provide the
OTR Settings buddy-menu option or the OTR conversation window button
for IRC.
03 May 2005:
- Released 2.0.2
- Fix to co-exist more nicely with other encrypting gaim plugins.
01 Mar 2005:
- Initial autoconfiscation, thanks to Greg Troxel <[email protected]>.
23 Feb 2005:
- Released 2.0.1
22 Feb 2005:
- Removed people without fingerprints from the Known Fingerprints list
- The column heads in the Known Fingerprints list cause sorting to
happen in the expected way.
08 Feb 2005:
- Released 2.0.0
- Clicking the OTR button produces a notice in the conversation window
that it's doing something.
30 Jan 2005:
- Added default and per-buddy policy selection: never use OTR, OTR only
if manually requested, automatically start OTR if possible, refuse to
*not* use OTR.
- The OTR: button disappears if a particular buddy is set to never use
OTR.
- Resend the last message if it caused a re-keying.
- OTR control messages are no longer displayed as if they were received
as IM messages.
- New multi-page UI
- Send a control message to your buddy if you terminate a private
conversation with him.
27 Jan 2005:
- Updated gaim-otr to match libotr 2.0.0 API.
23 Jan 2005:
- Separated gtk-specific code from general gaim code, with help from
Evan Schoenberg <[email protected]>.
18 Jan 2005:
- Released 1.0.3
- Split gaim-otr and libotr into separate packages.
13 Jan 2005:
- Generate private keys automatically, if needed. Show a Please Wait
dialog while this is happening.
- We may as well try to use the "tag" method of checking for OTR, even
when we don't already know a fingerprint for the correspondent.
- Add version checking to the otrl_init() call.
12 Jan 2005:
- Refactored the logic parts of gaim-otr into libotr, so they can be
shared by other libotr-enabled apps.
21 Dec 2004:
- Released 1.0.2
- If a Man-in-the-Middle steals both Alice's and Bob's DSA private keys,
he can perform a birthday attack to try to get his session id with
each end to match. Since the session id was only 64 bits long, his
work was only 2^32, which is not enough. We now make the session id
the whole SHA-1 hash, instead of truncating it.
- Made otr_sesskeys output the calculated public key as well, for added
ease of forging messages when you don't know any plaintext.
14 Dec 2004:
- Released 1.0.1
- Added a more sensible error message in the event that we receive our
own OTR Key Exchange messages.
- If we're about to send a plaintext message to a correspondent for whom
we've got a fingerprint, append a special (whitespace) OTR tag
sequence. The other side (if in fact running OTR) will recognize it
and start a Key Exchange.
12 Dec 2004:
- Released 1.0.0
11 Dec 2004:
- OTR button now gets sensitized and desensitized along with the other
buttons in the conversation window when you log in and out of
accounts.
10 Dec 2004:
- Released 0.9.9rc2
- Heartbeats now only get sent if (1) we have just received a message,
and (2) we haven't sent one to that user in over a minute.
09 Dec 2004:
- Back out of the sending of heartbeats. They were causing too many
problems. It seems some networks don't let buddies know when you
log out, and then you get a dialog box "unable to send message" each
minute. :-(
08 Dec 2004:
- Released 0.9.9rc1
- Removed the 100 private connection limit, by not using a fixed amount
of secure memory. Unfortuantely, this means that *no* memory is
pinned any more, but pinning only ever happened before in the unlikely
event you ran gaim as root.
- Changed the "Private connection with (username) refreshed" dialog at
Paul's request so that it's no longer in "scary" "evil" bold, and
rephrased it so it's less likely to be misread as "refused" instead of
"refreshed". ;-)
- We now send heartbeats (OTR Data Messages with an empty message part)
once a minute, to anyone we're confident is still online. If both
sides are doing this, then keys get rotated regularly, even if one
or both sides aren't actively typing. This aids perfect forward
secrecy.
04 Dec 2004:
- Fixed a bug wherein multi-person chat windows would get the OTR button
in their button bar if the OTR plugin was enabled when one of them was
active.
03 Dec 2004:
- Released 0.9.1
02 Dec 2004:
- Clicking "OTR: Private" when you're already private will display an
info dialog letting you know the connection was refreshed (assuming it
actually is; if the other side isn't running OTR at all, the dialog
doesn't show, and if the other side had lost its private connection, a
new one will be established, with the "new private connection" dialog
displayed to each side (as before)).
- The toolip for "OTR: Private" is now "Refresh the private connection".
- "make install" now depends on "make all".
- Added man page for OTR toolkit programs
- Log a debug message when we receive and discard a heartbeat
01 Dec 2004:
- Fixed the Makefiles so that "make clean" also removes the binaries
- Fixed the Makefiles so that they install into DESTDIR
- Added packaging/debian
30 Nov 2004:
- Released 0.9.0
- Included the OTR Messaging Toolkit. See the README for details.
28 Nov 2004:
- Finished the Protocol document
- Changed the name of the plugin binary from "otr-plugin.so" to
"gaim-otr.so". *** NOTE: this means you'll have to (1) remove the
old otr-plugin.so file from your plugins directory, and (2) re-enable
the Off-the-Record Messaging plugin in the Preferences panel.
- Included MAC keys used to create messages in the revealed MAC section
of the Data message, in addition to MAC keys used to verify messages.
- Set all exported symbols to start with otrl_ (for the library) or
otrg_ (for the gaim plugin), in preparation for moving the pieces
into their own directories.
- If we receive a Data message with no actual message in it, don't
display it to the user. This may eventually be useful for doing
"heartbeat" key rotations.
- Separated libotr and gaim-otr into their own directories.
27 Nov 2004:
- Switched from using gaim_notify_* to a slightly modified version that
doesn't grab the focus
26 Nov 2004:
- Put all the cipher operations in secure memory. This makes each
private connection take 9472 bytes of secure memory, so we up the
available amount of secure memory to 100 times that. Eventually,
we'd like to make this dynamically grow.
25 Nov 2004:
- Released 0.8.3
- Don't put the DSA keys in libgcrypt secure memory, since (a) we read
them off disk anyway, and (b) we want to avoid running out of secure
memory.
- Removed the "Do you want to start a private conversation" dialogs when
one side in encrypted and the other side isn't, and instead just try
to start one if we know for sure the other side supports it.
- Sped up the DH computations by using a 320-bit exponent.
23 Nov 2004:
- Released 0.8.2
- There was a crash if you received an OTR Query before setting up a
private key. Fixed.
- The fingerprint in the UI is now selectable, for cut/paste.
- *** Protocol change. We're no longer backward compatible.
- The "revealed MAC keys" moved out of the MAC'd region of the data
packet. It's not wrong where it is, but it's more obviously
correct in the new place.
22 Nov 2004:
- Released 0.8.1
- Jabber wasn't working, for two reasons:
- it sticks <tags>...</tags> around the message
- it refers to the same user by multiple names; e.g. "[email protected]"
vs. "[email protected]/Gaim"
Both are now fixed: we look for the OTR message anywhere in the packet
now, not just at the beginning, and we normalize all usernames.
- Each account now has its own private key / fingerprint
- This is so you don't automatically leak the information that the
accounts are owned by the same person
- There's a better indicator of private / not private status in the
conversation window, which you can click to start the private
communication.
21 Nov 2004:
- Initial 0.8.0 release