debian/0000775000000000000000000000000012670274425007201 5ustar debian/control0000664000000000000000000000665112256340574010613 0ustar Source: libotr Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Thibaut VARENE Build-Depends: debhelper (>= 9), libgpg-error-dev (>= 1.0), libgcrypt11-dev (>= 1.2.0), autotools-dev, dh-autoreconf, pkg-config Standards-Version: 3.9.4 Homepage: http://www.cypherpunks.ca/otr/ Package: libotr5 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: libotr5-bin (>= ${binary:Version}) Description: Off-the-Record Messaging library Off-the-Record (OTR) Messaging Library and Toolkit . OTR allows you to have private conversations over IM by providing: - Encryption - No one else can read your instant messages. - Authentication - You are assured the correspondent is who you think it is. - Deniability - The messages you send do _not_ have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, _during_ a conversation, your correspondent is assured the messages he sees are authentic and unmodified. - Perfect forward secrecy - If you lose control of your private keys, no previous conversation is compromised. Package: libotr5-bin Section: misc Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Conflicts: libotr1-bin, libotr2-bin Replaces: libotr1-bin, libotr2-bin Description: toolkit for Off-the-Record Messaging library Off-the-Record (OTR) Messaging Library toolkit . OTR allows you to have private conversations over IM by providing: - Encryption - No one else can read your instant messages. - Authentication - You are assured the correspondent is who you think it is. - Deniability - The messages you send do _not_ have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, _during_ a conversation, your correspondent is assured the messages he sees are authentic and unmodified. - Perfect forward secrecy - If you lose control of your private keys, no previous conversation is compromised. . This package contains the program files for the OTR library. Package: libotr5-dev Section: libdevel Architecture: any Depends: libotr5 (= ${binary:Version}), libgcrypt11-dev, ${shlibs:Depends}, ${misc:Depends} Suggests: pkg-config Conflicts: libotr-dev, libotr1-dev, libotr2-dev Replaces: libotr-dev, libotr0-dev, libotr1-dev, libotr2-dev Description: Off-the-Record Messaging library development files Off-the-Record (OTR) Messaging Library . OTR allows you to have private conversations over IM by providing: - Encryption - No one else can read your instant messages. - Authentication - You are assured the correspondent is who you think it is. - Deniability - The messages you send do _not_ have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, _during_ a conversation, your correspondent is assured the messages he sees are authentic and unmodified. - Perfect forward secrecy - If you lose control of your private keys, no previous conversation is compromised. . This package contains the header files and static libraries needed to develop applications using libotr. debian/libotr5-bin.copyright0000664000000000000000000000202411676123735013261 0ustar This package was debianized by OTR Dev Team on Tue, 18 Jan 2005 16:23:41 -0500. It was downloaded from http://www.cypherpunks.ca/otr/ Copyright (C) 2004-2005 by Nikita Borisov and Ian Goldberg Upstream Authors: OTR Dev Team License: This program is free software; you can redistribute it and/or modify it under the terms of version 2 of the GNU General Public License as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. debian/docs0000664000000000000000000000004212015717342010041 0ustar README Protocol-v3.html UPGRADING debian/changelog0000664000000000000000000001035212670274331011050 0ustar libotr (4.0.0-2.2ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: memory corruption vulnerability - debian/patches/CVE-2016-2851.patch: prevent integer overflow in src/proto.c. - CVE-2016-2851 -- Marc Deslauriers Thu, 10 Mar 2016 08:38:26 -0500 libotr (4.0.0-2.2ubuntu1) trusty; urgency=medium * Use dh-autoreconf to update libtool for ppc64el. -- Dimitri John Ledkov Tue, 24 Dec 2013 17:16:41 +0000 libotr (4.0.0-2.2) unstable; urgency=low * Non-maintainer upload * Upload experimental version to unstable * Bump standards version: no changes -- Micah Anderson Fri, 10 May 2013 21:20:07 -0400 libotr (4.0.0-2.1) experimental; urgency=low * Non-maintainer upload. * Add message_fragment_fix.patch (Closes: #698746) -- Micah Anderson Sat, 09 Mar 2013 13:14:12 -0500 libotr (4.0.0-2) unstable; urgency=low * Remove Conflicts with libotr2 (Closes: #689667) -- Thibaut VARENE Sat, 06 Oct 2012 11:51:03 +0200 libotr (4.0.0-1) unstable; urgency=low * New upstream release, upload to unstable -- Thibaut VARENE Sat, 29 Sep 2012 12:04:49 +0200 libotr (4.0.0~rc3-1) experimental; urgency=low * New upstream pre-release -- Thibaut VARENE Tue, 28 Aug 2012 01:04:46 +0200 libotr (4.0.0~rc1-1) experimental; urgency=low * New upstream pre-release (Closes: #685664) -- Thibaut VARENE Fri, 24 Aug 2012 17:14:22 +0200 libotr (3.2.1-1) unstable; urgency=high * Fix potential buffer overflow in base64 routines (Closes: #684121) -- Thibaut VARENE Tue, 07 Aug 2012 12:24:15 +0200 libotr (3.2.0-4) unstable; urgency=low * lintian cleanup: + remove dh_make template + switch to source format 3.0 quilt + fix missing copyright warning + fix debhelper build-depend versionning + add homepage field -- Thibaut VARENE Mon, 26 Dec 2011 18:33:08 +0100 libotr (3.2.0-3) unstable; urgency=low * Ship libotr.pc (Closes: #590035) -- Thibaut VARENE Mon, 31 Oct 2011 20:44:01 +0100 libotr (3.2.0-2.1) unstable; urgency=low * Non-maintainer upload. * Empty dependency_libs in libtool la file(s). http://wiki.debian.org/ReleaseGoals/LAFileRemoval Closes: #619674 -- Andreas Metzler Sat, 18 Jun 2011 14:39:28 +0200 libotr (3.2.0-2) unstable; urgency=low * Fix outdated config.{sub,guess} (Closes: #529461) -- Thibaut VARENE Wed, 11 Nov 2009 16:47:13 +0100 libotr (3.2.0-1) unstable; urgency=low * New upstream release -- Thibaut VARENE Sun, 22 Jun 2008 22:48:01 +0200 libotr (3.1.0-2) unstable; urgency=low * Closes: #459458: -dev package now depends on libgcrypt11-dev -- Thibaut VARENE Sun, 13 Jan 2008 18:42:33 +0100 libotr (3.1.0-1) unstable; urgency=low * New upstream release -- Thibaut VARENE Mon, 20 Aug 2007 21:24:29 +0200 libotr (3.0.0+cvs20070515-1) unstable; urgency=low * Upstream snapshot to work with pidgin-otr (Closes: #423722) -- Thibaut VARENE Tue, 15 May 2007 18:55:22 +0200 libotr (3.0.0-2) unstable; urgency=low * Fix typo: "malformed messahes" (Closes: #345400) -- Thibaut VARENE Mon, 2 Jan 2006 19:52:18 +0100 libotr (3.0.0-1) unstable; urgency=low * New upstream release (closes: #337851) * Support for OTR protocol version 2 -- Thibaut VARENE Sat, 19 Nov 2005 00:08:41 +0100 libotr (2.0.2-1) unstable; urgency=high * New upstream release * Fixes a potential security issue (buffer overflow in src/privkey.c) -- Thibaut VARENE Mon, 16 May 2005 18:53:59 +0200 libotr (2.0.1-1) unstable; urgency=low * New upstream release * First Debian upload (closes: #291261) -- Thibaut VARENE Wed, 23 Feb 2005 20:20:06 +0100 libotr (2.0.0-1) unstable; urgency=low * New upstream release -- OTR Dev Team Tue, 08 Feb 2005 15:00:13 -0500 libotr (1.99.0-1) unstable; urgency=low * Initial Release. -- OTR Dev Team Wed, 02 Feb 2005 09:37:01 -0500 debian/source/0000775000000000000000000000000011676124320010472 5ustar debian/source/format0000664000000000000000000000001411676124320011700 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000212256340525010372 0ustar 9 debian/patches/0000775000000000000000000000000012670274314010625 5ustar debian/patches/CVE-2016-2851.patch0000664000000000000000000000535612670274265013264 0ustar commit ecfd4f468690af6e66b5bf92315972b86071ac1c Author: Ian Goldberg Date: Thu Mar 3 13:32:41 2016 +0100 Prevent integer overflow on 64-bit architectures when receiving 4GB messages In several places in proto.c, the sizes of portions of incoming messages were stored in variables of type int or unsigned int instead of size_t. If a message arrives with very large sizes (for example unsigned int datalen = UINT_MAX), then constructions like malloc(datalen+1) will turn into malloc(0), which on some architectures returns a non-NULL pointer, but UINT_MAX bytes will get written to that pointer. Ensure all calls to malloc or realloc cannot integer overflow like this. Thanks to Markus Vervier of X41 D-Sec GmbH for the report. Signed-off-by: Ian Goldberg Signed-off-by: David Goulet Index: libotr-4.0.0/src/proto.c =================================================================== --- libotr-4.0.0.orig/src/proto.c 2016-03-10 08:37:12.314965650 -0500 +++ libotr-4.0.0/src/proto.c 2016-03-10 08:37:50.543454383 -0500 @@ -716,7 +716,7 @@ unsigned int sender_keyid, recipient_keyid; gcry_mpi_t sender_next_y = NULL; unsigned char ctr[8]; - unsigned int datalen, reveallen; + size_t datalen, reveallen; unsigned char *data = NULL; unsigned char *nul = NULL; unsigned char givenmac[20]; @@ -916,7 +916,7 @@ if (k > 0 && n > 0 && k <= n && start > 0 && end > 0 && start < end) { if (k == 1) { - int fraglen = end - start - 1; + size_t fraglen = end - start - 1; size_t newsize = fraglen + 1; free(context->context_priv->fragment); context->context_priv->fragment = NULL; @@ -937,7 +937,7 @@ } } else if (n == context->context_priv->fragment_n && k == context->context_priv->fragment_k + 1) { - int fraglen = end - start - 1; + size_t fraglen = end - start - 1; char *newfrag = NULL; size_t newsize = context->context_priv->fragment_len + fraglen + 1; /* Check for overflow */ @@ -989,10 +989,10 @@ char ***fragments, ConnContext *context, const char *message) { char *fragdata; - int fragdatalen = 0; + size_t fragdatalen = 0; unsigned short curfrag = 0; - int index = 0; - int msglen = strlen(message); + size_t index = 0; + size_t msglen = strlen(message); /* Should vary by number of msgs */ int headerlen = context->protocol_version == 3 ? 37 : 19; @@ -1006,7 +1006,7 @@ int i; char *fragmentmsg; - if (msglen - index < mms - headerlen) { + if (msglen - index < (size_t)(mms - headerlen)) { fragdatalen = msglen - index; } else { fragdatalen = mms - headerlen; debian/patches/series0000664000000000000000000000005712670274313012043 0ustar message_fragment_fix.patch CVE-2016-2851.patch debian/patches/message_fragment_fix.patch0000664000000000000000000000071412077654116016030 0ustar Pass opdata when sending message fragment The inject_message callback was missing the opdata when sending message fragments. --- a/src/message.c +++ b/src/message.c @@ -441,7 +441,7 @@ fragment: /* Fragment and send according to policy */ if (!err && messagep && *messagep) { if (context) { - err = fragment_and_send(ops, NULL, context, *messagep, + err = fragment_and_send(ops, opdata, context, *messagep, fragPolicy, messagep); } } debian/libotr5-dev.install0000664000000000000000000000036711676123735012735 0ustar debian/tmp/usr/include/* usr/include debian/tmp/usr/lib/lib*.a usr/lib debian/tmp/usr/lib/lib*.la usr/lib debian/tmp/usr/lib/lib*.so usr/lib debian/tmp/usr/share/aclocal/* usr/share/aclocal debian/tmp/usr/lib/pkgconfig/libotr.pc usr/lib/pkgconfig debian/libotr5-dev.dirs0000664000000000000000000000002211676127712012213 0ustar usr/share/aclocal debian/copyright0000664000000000000000000000211211676123735011132 0ustar This package was debianized by OTR Dev Team on Tue, 18 Jan 2005 16:23:41 -0500. It was downloaded from http://www.cypherpunks.ca/otr/ Copyright (C) 2004-2005 by Nikita Borisov and Ian Goldberg Upstream Authors: OTR Dev Team License: This package is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public Licence as published by the Free Software Foundation; version 2.1 dated February, 1999. This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/LGPL-2.1'. debian/watch0000664000000000000000000000017611676124756010244 0ustar # Site Directory Pattern Version Script version=2 http://www.cypherpunks.ca/otr/ libotr-(.*)\.t(?:ar\.)?gz debian uupdate debian/libotr5-bin.install0000664000000000000000000000010611676123735012716 0ustar debian/tmp/usr/bin/* usr/bin debian/tmp/usr/share/man/* usr/share/man debian/install0000664000000000000000000000004511676123735010573 0ustar debian/tmp/usr/lib/lib*.so.* usr/lib debian/libotr5-dev.copyright0000777000000000000000000000000011676126542015216 2copyrightustar debian/rules0000775000000000000000000000406312256340516010257 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 configure: configure-stamp configure-stamp: dh_testdir dh_autoreconf # Add here commands to configure the package. ./configure --with-pic --prefix=/usr --mandir=/usr/share/man \ $(shell dpkg-buildflags --export=configure) touch configure-stamp build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: configure-stamp dh_testdir # Add here commands to compile the package. $(MAKE) touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp # Add here commands to clean up after the build process. [ ! -f Makefile ] || $(MAKE) distclean dh_autoreconf_clean dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs # Add here commands to install the package $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install find $(CURDIR)/debian/tmp/usr/lib -name "*.la" -exec \ sed -i -e "s,^dependency_libs=.*,dependency_libs=''," {} + dh_install --list-missing # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs ChangeLog dh_installdocs # dh_installexamples # dh_installmenu # dh_installdebconf # dh_installlogrotate # dh_installemacsen # dh_installpam # dh_installmime # dh_installinit # dh_installcron # dh_installinfo # dh_installman # dh_link dh_strip dh_compress dh_fixperms # dh_perl # dh_python dh_makeshlibs -V dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure