It has always been vulnerable to MITM attacks when it is not used with DNSSEC,
and has been removed from XEP-0156 because of that. We have been issued
CVE-2022-26491 for this issue.
More discussion can be found at
https://mail.jabber.org/pipermail/standards/2022-February/038759.html.
Testing Done:
Compiled
Reviewed at https://reviews.imfreedom.org/r/1357/
#
# Makefile.mingw
#
# Description: Makefile for win32 (mingw) version of libpurple
#
PIDGIN_TREE_TOP:=..
include $(PIDGIN_TREE_TOP)/libpurple/win32/global.mak
TARGET=libpurple
NEEDED_DLLS=$(LIBXML2_TOP)/bin/libxml2-2.dll
# gcc 4.8 on windows moved to dynamically linking libgcc. So if we're building
# under msys2 we assume we're using gcc >= 4.8 and need to copy libgcc and
# libwinpthread from the system into our install bundle.
#
# See https://gcc.gnu.org/gcc-4.8/changes.html#windows for more info.