NEWS 12.7 KB
Newer Older
Ian Goldberg's avatar
Ian Goldberg committed
1 2 3 4 5 6 7
9 Mar 2016:

- Updated Spanish, German, Norwegian Bokmål translations.
- New Danish translation.
- Fix use-after-free issue during SMP.
- Release 4.0.2

Ian Goldberg's avatar
Ian Goldberg committed
8
21 Oct 2014:
Ian Goldberg's avatar
Ian Goldberg committed
9 10 11 12 13 14 15

- Hardened Windows build
- Fix max message size for Novell Groupwise
- New Czech, Finnish, Brazilian Portuguese, Norwegian Bokmål
  translations.  Updated French, Chinese translations.
- Release 4.0.1

Ian Goldberg's avatar
Ian Goldberg committed
16 17 18 19
24 Aug 2012:

- Release 4.0.0

20 21 22 23 24 25
21 Jun 2012:

- Fixed an issue that happened when enabling the OTR plugin while a
  conversation is open.
- Release 4.0.0-beta2

Rob Smits's avatar
Rob Smits committed
26
7 Jun 2012:
Rob Smits's avatar
Rob Smits committed
27 28 29 30 31 32

- The plugin now supports multiple OTR conversations with the same
  buddy who is logged in at multiple locations. In this case, a new
  OTR menu will appear, which allows you to select which session an
  outgoing message is indended for. Note that concurrent SMP
  authentications with the same buddy who is logged in multiple times
Rob Smits's avatar
Rob Smits committed
33
  is not yet supported (starting a second authentication will end the
Rob Smits's avatar
Rob Smits committed
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
  first).
- During a private conversation with a buddy, an incoming unencrypted
  message will now trigger the regular incoming message notifications.
  In Pidgin this includes showing the message in the top-right
  notification area, if it is normally configured to do so.
- New Italian, Swedish, Polish and Vietnamese translations. Updates to
  the French translation.
- When a private conversation begins, the plugin will indicate whether
  Pidgin is configured to log the conversation.
- By default, OTR conversations will not be logged by Pidgin.
- Fingerprints in the manual authentication dialog are now selectable
- The plugin will no longer delete the OTR menus if a non-foreground
  conversation window is closed.
- Except on WIN32, the plugin will now set the umask to 0077 before
  creating the otr.* files in the purple directory so that they end up
  mode 0600. 
- The menu item now says "Reauthenticate buddy" when the buddy is
  already authenticated.
Rob Smits's avatar
Rob Smits committed
52
- Release 4.0.0-beta1
Rob Smits's avatar
Rob Smits committed
53

cypherpunk's avatar
 
cypherpunk committed
54 55 56 57 58 59 60 61 62 63 64 65 66
28 May 2008:

- The functionality of the OTR button has now moved to a menu.  There's
  an "OTR" menu, as well as an icon showing the current OTR state of
  each active conversation in the window.
- New OTR icons from <cyrus_xiii@yahoo.com>
- OTR icons show up inline in the conversation window when the OTR
  status changes.
- Buddy authentication has been revamped, based on the user study
  published in SOUPS 2008.  The default is now to choose a question and
  an answer only you and the buddy should know.  The question is
  displayed to the buddy, who is prompted for the answer.  The "shared
  secret" and "fingerprint" authentication methods are still available.
67
- Translations for Arabic, German, Russian, Hungarian
cypherpunk's avatar
 
cypherpunk committed
68

cypherpunk's avatar
cypherpunk committed
69 70 71
1 Aug 2007:
- Released 3.1.0

cypherpunk's avatar
 
cypherpunk committed
72 73
31 Jul 2007:
- Translations for English, Dutch, Spanish, French, Slovak
cypherpunk's avatar
cypherpunk committed
74

cypherpunk's avatar
cypherpunk committed
75 76 77 78 79 80 81 82 83 84 85
24 Jul 2007:
- Added option to not log OTR conversations
- Large messages are now fragmented transparently instead of failing
- Removed "view secure session id" and "verify fingerprint" options from
  OTR button menu.  Added "authenticate buddy" option in its place.  This
  new option allows you to authenticate your buddies by entering some
  secret that only the two of you know, rather than by using a long
  user-unfriendly sequence of hex characters.  [The old "verify
  fingerprint" dialog is still available via an "Advanced..." button
  from the new "authenticate buddy" dialog.]

cypherpunk's avatar
 
cypherpunk committed
86 87 88
06 May 2007:
- Ported to Pidgin 2.0.0

cypherpunk's avatar
 
cypherpunk committed
89 90 91
02 Nov 2005:
- Released 3.0.0

cypherpunk's avatar
 
cypherpunk committed
92 93
16 Oct 2005:
- There are now four states a conversation can be in:
cypherpunk's avatar
 
cypherpunk committed
94 95 96 97 98
    * Not Private (not using OTR)
    * Unverified (using OTR, but to a fingerprint that hasn't
		  been verified, so you are subject to a straightforward
		  active attack)
    * Private (using OTR with a verified fingerprint)
cypherpunk's avatar
 
cypherpunk committed
99 100 101 102
    * Finished (the other person has ended his side of the OTR
		conversation, so we won't send any more messages at all
		until we either end our side, or start a new OTR
		conversatrion)
cypherpunk's avatar
 
cypherpunk committed
103
- There are new icons for these states that appear in the OTR button.
cypherpunk's avatar
 
cypherpunk committed
104 105

24 Jun 2005:
cypherpunk's avatar
 
cypherpunk committed
106 107 108 109 110 111 112 113 114 115 116 117 118
- Right-clicking the OTR button now produces an OTR menu, with options
  to start or end the private conversation, verify the fingerprint, view
  the secure session id, or get help.
- The OTR button obeys the user's requested style (text only, pictures
  only, pictures and text, none).  Note that if the user chooses "none",
  there's currently no way to reach the aforementioned menu.
- The "private connection established", "private connection refreshed",
  and "private connection ended" messages no longer pop up dialog boxes.
  Instead, they appear inline in the conversation window.  The session
  id and fingerprint which used to appear in the "private connection
  established" dialog are now viewable via the OTR button right-click
  menu.

cypherpunk's avatar
 
cypherpunk committed
119 120 121 122 123
27 May 2005:
- The OTR button no longer disappears if you change your button style in
  the gaim preferences.
- There is now a right-click context menu on the OTR button.

cypherpunk's avatar
 
cypherpunk committed
124 125 126 127 128 129
19 May 2005:
- OTR doesn't work over IRC (since IRC's maximum message size is too
  small for a Key Exchange Message to fit), so don't even provide the
  OTR Settings buddy-menu option or the OTR conversation window button
  for IRC.

cypherpunk's avatar
 
cypherpunk committed
130
03 May 2005:
cypherpunk's avatar
cypherpunk committed
131 132 133
- Released 2.0.2
- Fix to co-exist more nicely with other encrypting gaim plugins.

cypherpunk's avatar
 
cypherpunk committed
134
01 Mar 2005:
cypherpunk's avatar
cypherpunk committed
135 136 137 138 139 140 141 142 143 144
- Initial autoconfiscation, thanks to Greg Troxel <gdt@ir.bbn.com>. 

23 Feb 2005:
- Released 2.0.1

22 Feb 2005:
- Removed people without fingerprints from the Known Fingerprints list
- The column heads in the Known Fingerprints list cause sorting to
  happen in the expected way.

cypherpunk's avatar
 
cypherpunk committed
145
08 Feb 2005:
cypherpunk's avatar
cypherpunk committed
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216
- Released 2.0.0
- Clicking the OTR button produces a notice in the conversation window
  that it's doing something.

30 Jan 2005:
- Added default and per-buddy policy selection: never use OTR, OTR only
  if manually requested, automatically start OTR if possible, refuse to
  *not* use OTR.
- The OTR: button disappears if a particular buddy is set to never use
  OTR.
- Resend the last message if it caused a re-keying.
- OTR control messages are no longer displayed as if they were received
  as IM messages.
- New multi-page UI
- Send a control message to your buddy if you terminate a private
  conversation with him.

27 Jan 2005:
- Updated gaim-otr to match libotr 2.0.0 API.

23 Jan 2005:
- Separated gtk-specific code from general gaim code, with help from
  Evan Schoenberg <evan.s@dreskin.net>.

18 Jan 2005:
- Released 1.0.3
- Split gaim-otr and libotr into separate packages.

13 Jan 2005:
- Generate private keys automatically, if needed.  Show a Please Wait
  dialog while this is happening.
- We may as well try to use the "tag" method of checking for OTR, even
  when we don't already know a fingerprint for the correspondent.
- Add version checking to the otrl_init() call.

12 Jan 2005:
- Refactored the logic parts of gaim-otr into libotr, so they can be
  shared by other libotr-enabled apps.

21 Dec 2004:
- Released 1.0.2
- If a Man-in-the-Middle steals both Alice's and Bob's DSA private keys,
  he can perform a birthday attack to try to get his session id with
  each end to match.  Since the session id was only 64 bits long, his
  work was only 2^32, which is not enough.  We now make the session id
  the whole SHA-1 hash, instead of truncating it.
- Made otr_sesskeys output the calculated public key as well, for added
  ease of forging messages when you don't know any plaintext.

14 Dec 2004:
- Released 1.0.1
- Added a more sensible error message in the event that we receive our
  own OTR Key Exchange messages.
- If we're about to send a plaintext message to a correspondent for whom
  we've got a fingerprint, append a special (whitespace) OTR tag
  sequence.  The other side (if in fact running OTR) will recognize it
  and start a Key Exchange.

12 Dec 2004:
- Released 1.0.0

11 Dec 2004:
- OTR button now gets sensitized and desensitized along with the other
  buttons in the conversation window when you log in and out of
  accounts.

10 Dec 2004:
- Released 0.9.9rc2
- Heartbeats now only get sent if (1) we have just received a message,
  and (2) we haven't sent one to that user in over a minute.

cypherpunk's avatar
 
cypherpunk committed
217
09 Dec 2004:
cypherpunk's avatar
cypherpunk committed
218 219 220 221 222
- Back out of the sending of heartbeats.  They were causing too many
  problems.  It seems some networks don't let buddies know when you
  log out, and then you get a dialog box "unable to send message" each
  minute.  :-(

cypherpunk's avatar
 
cypherpunk committed
223
08 Dec 2004:
cypherpunk's avatar
cypherpunk committed
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238
- Released 0.9.9rc1
- Removed the 100 private connection limit, by not using a fixed amount
  of secure memory.  Unfortuantely, this means that *no* memory is
  pinned any more, but pinning only ever happened before in the unlikely
  event you ran gaim as root.
- Changed the "Private connection with (username) refreshed" dialog at
  Paul's request so that it's no longer in "scary" "evil" bold, and
  rephrased it so it's less likely to be misread as "refused" instead of
  "refreshed".  ;-)
- We now send heartbeats (OTR Data Messages with an empty message part)
  once a minute, to anyone we're confident is still online.  If both
  sides are doing this, then keys get rotated regularly, even if one
  or both sides aren't actively typing.  This aids perfect forward
  secrecy.

cypherpunk's avatar
 
cypherpunk committed
239
04 Dec 2004:
cypherpunk's avatar
cypherpunk committed
240 241 242 243
- Fixed a bug wherein multi-person chat windows would get the OTR button
  in their button bar if the OTR plugin was enabled when one of them was
  active.

cypherpunk's avatar
 
cypherpunk committed
244
03 Dec 2004:
cypherpunk's avatar
cypherpunk committed
245 246
- Released 0.9.1

cypherpunk's avatar
 
cypherpunk committed
247
02 Dec 2004:
cypherpunk's avatar
cypherpunk committed
248 249 250 251 252 253 254 255 256 257 258
- Clicking "OTR: Private" when you're already private will display an
  info dialog letting you know the connection was refreshed (assuming it
  actually is; if the other side isn't running OTR at all, the dialog
  doesn't show, and if the other side had lost its private connection, a
  new one will be established, with the "new private connection" dialog
  displayed to each side (as before)).
- The toolip for "OTR: Private" is now "Refresh the private connection".
- "make install" now depends on "make all".
- Added man page for OTR toolkit programs
- Log a debug message when we receive and discard a heartbeat

cypherpunk's avatar
 
cypherpunk committed
259
01 Dec 2004:
cypherpunk's avatar
cypherpunk committed
260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330
- Fixed the Makefiles so that "make clean" also removes the binaries
- Fixed the Makefiles so that they install into DESTDIR
- Added packaging/debian

30 Nov 2004:
- Released 0.9.0
- Included the OTR Messaging Toolkit.  See the README for details.

28 Nov 2004:
- Finished the Protocol document
- Changed the name of the plugin binary from "otr-plugin.so" to
  "gaim-otr.so".  *** NOTE: this means you'll have to (1) remove the
  old otr-plugin.so file from your plugins directory, and (2) re-enable
  the Off-the-Record Messaging plugin in the Preferences panel.
- Included MAC keys used to create messages in the revealed MAC section
  of the Data message, in addition to MAC keys used to verify messages.
- Set all exported symbols to start with otrl_ (for the library) or
  otrg_ (for the gaim plugin), in preparation for moving the pieces
  into their own directories.
- If we receive a Data message with no actual message in it, don't
  display it to the user.  This may eventually be useful for doing
  "heartbeat" key rotations.
- Separated libotr and gaim-otr into their own directories.

27 Nov 2004:
- Switched from using gaim_notify_* to a slightly modified version that
  doesn't grab the focus

26 Nov 2004:
- Put all the cipher operations in secure memory.  This makes each
  private connection take 9472 bytes of secure memory, so we up the
  available amount of secure memory to 100 times that.  Eventually,
  we'd like to make this dynamically grow.

25 Nov 2004:
- Released 0.8.3
- Don't put the DSA keys in libgcrypt secure memory, since (a) we read
  them off disk anyway, and (b) we want to avoid running out of secure
  memory.
- Removed the "Do you want to start a private conversation" dialogs when
  one side in encrypted and the other side isn't, and instead just try
  to start one if we know for sure the other side supports it.
- Sped up the DH computations by using a 320-bit exponent.

23 Nov 2004:
- Released 0.8.2
- There was a crash if you received an OTR Query before setting up a
  private key.  Fixed.
- The fingerprint in the UI is now selectable, for cut/paste.
- *** Protocol change.  We're no longer backward compatible.
  - The "revealed MAC keys" moved out of the MAC'd region of the data
    packet.  It's not wrong where it is, but it's more obviously
    correct in the new place.

22 Nov 2004:
- Released 0.8.1
- Jabber wasn't working, for two reasons:
  - it sticks <tags>...</tags> around the message
  - it refers to the same user by multiple names; e.g. "user@jabber.org"
    vs. "user@jabber.org/Gaim"
  Both are now fixed: we look for the OTR message anywhere in the packet
  now, not just at the beginning, and we normalize all usernames.
- Each account now has its own private key / fingerprint
  - This is so you don't automatically leak the information that the
    accounts are owned by the same person
- There's a better indicator of private / not private status in the
  conversation window, which you can click to start the private
  communication.

21 Nov 2004:
- Initial 0.8.0 release