GitLab

Thanks to Daniel Atallah <datallah@pidgin.im> for noticing that it
wasn't working before.

configure checks for the availability of i18n, but if it's not there,
we weren't doing anything sensible.  Now, we just use the English
constant text strings in the code by defining _(x) and N_(x) to be just
(x).

When switching to a conversation tab for which the user has explicitly
disabled OTR, remove the OTR menus from the top menu bar.  Thanks to
Greg Troxel <gdt@ir.bbn.com> for reporting the issue.

It used to say "4.0.0 or newer"; now it says "4.x >= 4.0.0", since 5.0
is *not* acceptable.  Thanks to Jacob Appelbaum <jacob@appelbaum.net>
for pointing it out.

If one of our buddies is/her side of the OTR session, don't
automatically change bel on the OTR button on our side to "Finished",
since may be other sessions for the same buddy still in ENCRYPTED.
This was the last call to dialog_update_label_conv that still had a
hardcoded trust label set, rather than using
otrg_plugin_context_to_trust to get the trust label corresponding to the
currently selected instance.

When we're looking up information from
purple_conversation_get_data(conv, ...), it may happen that the result
is NULL because pidgin has emitted conversation-switched before emitting
conversation-created, so we try to switch to a conversation that the
conversation-created callback hasn't yet filled in the data for.  This
causes a crash.  Be more defensive about this.

We should only free the userstate after all the pidgin stuff is cleaned
up, as some of it may use the context.  Indeed, this fixes a crash bug
when you try to unload the OTR module while a SMP session is in
progress.

The right thing to do is to deallocate things in the reverse order that
you allocated them, which is what we do now.

We had some calls to gtk_box_pack_start() that were trying to pack
already-packed widgets, yielding:

Gtk: gtk_box_pack: assertion `child->parent == NULL' failed

clist_all_unselected() was marking the four buttons in the OTR
"Known fingerprints" configuration as unselectable, but sometimes before
they existed.  Check for existence first.

Ensure "-g -O2" is also in the CFLAGS (in addition to the hardening
options) when building libgpg-error and libgcrypt on win32.

Change all version numbers to remove "-beta2" and turn off the beta
warning dialog.

Add -fno-strict-overflow -Wall -Wextra -Wno-unused-parameter
    -Wno-missing-field-initializers -Wformat-security

Add autoreconf step to the libotr build instructions in INSTALL.mingw

Add -fno-strict-overflow to the build instructions for libgpg-error and
libgcrypt in INSTALL.mingw

Build cleanly with -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wformat-security

Add CC_HARDENING_OPTIONS with the following options:

  -fstack-protector-all -fPIE -Wstack-protector -fwrapv
  --param ssp-buffer-size=1

Add LD_HARDENING_OPTIONS with the following options:

  --dynamicbase --nxcompat -pie

Add linking against libssp for stack-protector-all

These new compiler and linker hardening options may be disabled at
your own peril with the following options to configure:

  --disable-gcc-hardening, disable compiler security checks
  --disable-linker-hardening, disable linker security fixups

Thanks to Ariel Poliak <ariel.p@hostdime.com> for the patch!

Thanks to Paul Wouters <paul@cypherpunks.ca> for the report.

Thanks to Paul Wouters <paul@cypherpunks.ca> for the report.

Thanks to Paul Wouters <paul@cypherpunks.ca> for the report.

Thanks to Paul Wouters <paul@cypherpunks.ca> for the report