It has always been vulnerable to MITM attacks when it is not used with DNSSEC,
and has been removed from XEP-0156 because of that. We have been issued
CVE-2022-26491 for this issue.
More discussion can be found at
https://mail.jabber.org/pipermail/standards/2022-February/038759.html.
Testing Done:
Compiled
Reviewed at https://reviews.imfreedom.org/r/1357/
/**
* @file core.h Startup and shutdown of libpurple
* @defgroup core libpurple
* @see @ref core-signals
*/
/* purple
*
* Purple is the legal property of its developers, whose names are too numerous
* to list here. Please refer to the COPYRIGHT file distributed with this
* source distribution.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
*/
/*! @mainpage Pidgin/Finch/libpurple API Documentation
*
* <a href="group__core.html">libpurple</a> is intended to be the core of an IM
* program. <a href="group__pidgin.html">Pidgin</a> is a GTK+ frontend
* to libpurple, and <a href="group__finch.html">Finch</a> is an ncurses
* frontend built using <a href="group__gnt.html">libgnt</a>
* (GLib Ncurses Toolkit).
*/
#ifndef _PURPLE_CORE_H_
#define _PURPLE_CORE_H_
typedefstructPurpleCorePurpleCore;
/** Callbacks that fire at different points of the initialization and teardown
* of libpurple, along with a hook to return descriptive information about the
* UI.
*/
typedefstruct
{
/** Called just after the preferences subsystem is initialized; the UI
* could use this callback to add some preferences it needs to be in
* place when other subsystems are initialized.
*/
void(*ui_prefs_init)(void);
/** Called just after the debug subsystem is initialized, but before
* just about every other component's initialization. The UI should
* use this hook to call purple_debug_set_ui_ops() so that debugging
* information for other components can be logged during their
* initialization.
*/
void(*debug_ui_init)(void);
/** Called after all of libpurple has been initialized. The UI should
* use this hook to set all other necessary UiOps structures.
*
* @see @ref ui-ops
*/
void(*ui_init)(void);
/** Called after most of libpurple has been uninitialized. */
void(*quit)(void);
/** Called by purple_core_get_ui_info(); should return the information
* documented there.
*/
GHashTable*(*get_ui_info)(void);
void(*_purple_reserved1)(void);
void(*_purple_reserved2)(void);
void(*_purple_reserved3)(void);
}PurpleCoreUiOps;
#ifdef __cplusplus
extern"C"{
#endif
/**
* Initializes the core of purple.
*
* This will setup preferences for all the core subsystems.
*
* @param ui The ID of the UI using the core. This should be a
* unique ID, registered with the purple team.
*
* @return @c TRUE if successful, or @c FALSE otherwise.
*/
gbooleanpurple_core_init(constchar*ui);
/**
* Quits the core of purple, which, depending on the UI, may quit the
* application using the purple core.
*/
voidpurple_core_quit(void);
/**
* <p>
* Calls purple_core_quit(). This can be used as the function
* passed to purple_timeout_add() when you want to shutdown Purple
* in a specified amount of time. When shutting down Purple
* from a plugin, you must use this instead of purple_core_quit();
* for an immediate exit, use a timeout value of 0: