-------------------------------------------------------------------------------
v1.02: January 18th, 2006

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        None.

General Enhancements:
        None.

-------------------------------------------------------------------------------
v1.02rc1: January 6th, 2006

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        * ENCRYPT_FILE and DECRYPT_FILE now create output files atomicly.
	This fix is not a vulnerability in the module because it is the
	caller's responsibility to avoid using deterministic output filenames
	in world-writeable directories.  However, if the caller is brain-dead
	enough to do this, O_EXCL is now used to gracefully fail out.

General Enhancements:
        * libgcrypt v1.2.1 or later now required due to the GCRY_FAST_POLL
	requirement.
	* Now logs version of module, API version, and libgcrypt version.
	* File transfers now work between big- and small-endian machines,
	thanks to XXX.

-------------------------------------------------------------------------------
v1.01: December 30th, 2005

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        None.

General Enhancements:
        * Fixed compile warnings.
	* Buddy wipes now trigger a BUDDY_RESET message.

-------------------------------------------------------------------------------
v1.00: October 17th, 2005

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        None.

General Enhancements:
        * Changed name to 'scatterchat-module'.
	* Switched from AES CTR mode back to ECB mode to eliminate message
	dropping while communicating in full duplex.

-------------------------------------------------------------------------------
v0.98 BETA: September 11th, 2005

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        None.

General Enhancements:
        * Fixed crash on shutdown.

-------------------------------------------------------------------------------
v0.97 BETA: August 21st, 2005

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        None.

General Enhancements:
        * Added experimental shared object support.
	* Fixed memory leaks with dmalloc.
	* Log files are now appended to instead of truncated.  Timestamps now
	included.

-------------------------------------------------------------------------------
v0.96 BETA: June 26th, 2005

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        None.

General Enhancements:
        * If user ID loading fails due to invalid password, state is reset so
	IS_USER_SELECTED query returns 'NO' like it should.

-------------------------------------------------------------------------------
v0.95 BETA: May 29th, 2005

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        None.

General Enhancements:
        * Fixed crashes when attempting certain operations without setting
	load/save directory.
	* Added logging support based on presence of 'enable_debugging' file in
	load/save directory.

-------------------------------------------------------------------------------
v0.94 BETA: May 22nd, 2005

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        Added notifications to upper layer when communications channel is
	immune to replay attacks.

General Enhancements:
        Fixed crash on reset/exit.
	Added support for auto-encrypt preference.

-------------------------------------------------------------------------------
v0.93 BETA: May 1st, 2005

SECURITY FIXES:
        None.

PROACTIVE SECURITY ENHANCEMENTS:
        None.

General Enhancements:
        Key rejections now trigger a state change like they should.

-------------------------------------------------------------------------------
v0.91 BETA: April 3rd, 2005
 
SECURITY FIXES:
        None.
 
PROACTIVE SECURITY ENHANCEMENTS:
        None.
 
General Enhancements:
        Added file encryption support.
 
-------------------------------------------------------------------------------
v0.10 BETA: October 17th, 2004
 
SECURITY FIXES:
        None that I can recall.  =\
 
PROACTIVE SECURITY ENHANCEMENTS:
        Hmm...
 
General Enhancements:
        Split code away from Gaim.
 
-------------------------------------------------------------------------------
NOTE:  version numbers below refer to its existence as a Gaim-only plugin.
-------------------------------------------------------------------------------
v0.85 Beta: March 25th, 2004

SECURITY FIXES:
	* Fixed a null-pointer dereference that occurs when receiving an
	invalid key.  This results in a simple denial-of-service, and NOT
	in a compromise of key or connection integrity.

PROACTIVE SECURITY ENHANCEMENTS:
	* Added a warning when the user changes profile information that it
	will NOT be encrypted because its public.
	* Disabled IM images since these are not yet encrypted.
	* Partially completed a second major security review.
	
General Enhancements:
	* Fixed Gaim bug that prevented user from chatting with multiple UM
	users concurrently.
	* Added right-click menu option to buddy that allows manual connection
	reset.

-------------------------------------------------------------------------------
v0.82 Beta: January 27th, 2004

SECURITY FIXES:
	Fixed two more vulnerabilities in Gaim's code that v0.81 missed.
	Again, these vulnerabilities DO NOT allow a third party to
	break encrypted messages or spoof messages.  See Ultramagnetic
	Advisory #002 for more details:
	    http://ultramagnetic.sourceforge.net/advisories.html

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	None.

-------------------------------------------------------------------------------
v0.81 Beta: January 26th, 2004

SECURITY FIXES:
	Fixed multiple vulnerabilities in Gaim's code.  Note that the
	integrity of Ultramagnetic-specific encryption code has NOT been
	compromised.  See Ultramagnetic Advisory #001 for more details:
	    http://ultramagnetic.sourceforge.net/advisories.html

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	None.

-------------------------------------------------------------------------------
v0.80 Beta: January 24th, 2004

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	* Switched from ECB mode to CTR mode!  Yay!
	* Implemented Perfect Forward Secrecy for session keys.
	* Added nonces to protocol handshake to prevent replay attacks.

General Enhancements:
	* Upgraded from libgcrypt v1.1.12 to v1.1.91.
	* Merged code tree with Gaim v0.74.
	* Switched from using message signatures to message HMACs.

-------------------------------------------------------------------------------
v0.70 Beta: October 31st, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Added warnings to away message windows.
	* Implemented Ultramagnetic IDs!
	* Initialization Vectors and HMAC keys are now exchanged in handshake.

-------------------------------------------------------------------------------
v0.65 Beta: October 1st, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Merged with Gaim v0.68 sources.
	* Fixed typing notification (disabled).
	* Added 'UM Setup' button to main window.
	* Added custom splash graphic!  Yay!

-------------------------------------------------------------------------------
v0.60 Beta: September 7th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Completed UI database editing.
	* Fixed screen name consistency bugs.
	* Fixed unexplainable random hanging... somehow...

-------------------------------------------------------------------------------
v0.55 Beta: August 19th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Continued code audit.
	* Added encryption state timeouts.
	* pending_message array expanded into list of pending messages.
	* Encryption initialization window now loads and displays the key
	database (but it is not editable yet).

-------------------------------------------------------------------------------
v0.50 Beta: August 12th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	* Finished changing strncpy's/strncat's to g_strlcpy's/g_strlcat's.

General Enhancements:
	* Six/Four support for AIM (oscar) crash landed.
	* Compile system improved: got rid of annoying corrupt libtool script
	problem.
	* An absolute path to '64hosts.lst' in Six/Four's '64.cfg' file no
	longer required.
	* Table view added to encryption initialization window (though it is
	non-functional as of yet).

-------------------------------------------------------------------------------
v0.40 Beta: July 28th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	* Changed all strncpy's and strncats to g_strlcpy's and g_strlcat's.
	* Added all kinds of proactive measures to parse_directory_string that
	guard against theoretical attacks which probably only exist up in my
	head.
	* Modified sign buffer length calculation to guard against off-by-one
	buffer overflows (um_encryption.c:698).
	* Changed incorrect size parameter in g_strlcat (um_encryption:710).

General Enhancements:
	* Added LOTS of comments to UM-specific source code.
	* Split moved encryption & encryption ui support into
	'um_encryption.c' & 'um_encryption_ui.c'
	* Key generation is now done in a separate thread.  User can now
	watch a pretty progress bar bounce back and forth too.
	* New Key Fingerprint window now has more accept options:  Temporary
	and Permanent.
	
-------------------------------------------------------------------------------
v0.20 Beta: July 13th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Many UI quirk fixes.
	* Fixed screenname display bug when initializing encryption.
	* Added Win32 build system.
	* Changed dual-license back to GPL-only.  =(

-------------------------------------------------------------------------------
v0.10 Beta: July 4th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	* Changed stat() calls to lstat() to guard against symlink attacks.

General Enhancements:
	* Implemented public key fingerprint checking/caching.
	* Added help dialogs to encryption windows.
	* Buddies can now sign on & sign off, and encryption states will
	  be updated.

-------------------------------------------------------------------------------
v0.03 Preview Alpha Release 3: June 28th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Added minimal support for the Six/Four protocol.
	* Integrated source directly with Gaim tree.
	* Added ./configure support.
	* Encryption support is now statically linked.

-------------------------------------------------------------------------------
v0.02 Preview Alpha Release 2: April 13th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Removed/fixed deprecated GTK functions.
	* Readied code for Gaim v0.6x series.

-------------------------------------------------------------------------------
v0.01 Preview Alpha Release 1: March 16th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	None.

-------------------------------------------------------------------------------
