Tox

Release notes

This release focuses on hardening, architectural refinement, and better testing capabilities.

On the Hardening front, the ToxAV module has undergone significant security improvements. We have addressed a heap buffer overflow in RTP packet handling and fixed several logic bugs in the bandwidth controller and audio modules that could affect stability.

Architectural Refactoring continues with the internalization of core system dependencies. The system clock, random number generation, and memory management are now accessed through abstract interfaces, further decoupling the core from OS-specific implementations and making the codebase more portable and testable.

Bug Fixes

• Prevent potential integer overflow in group chat handshake. (8b467cc9)
• potential division by zero in toxav and unsafe hex parsing (fc4396ce)
• correct printf format specifiers for unsigned integers (46bfdc2d)
• DHT: Correct node skipping logic timed out nodes. (d5b5e879)
• autotools: add tox_log_level.h to public headers list (b79b7d43)
• group_chats: fix sync packets reverting topics (e206bffa)
• group_moderation: allow validating unsorted sanction list signatures (ece0e898)
• toxav:
  • fix heap buffer overflow in RTP video packet handling (4fbd7c10)
  • harden video processing and fix large frame handling (da1c13a2)
  • fix multiple logic bugs in audio module (47282528)
  • fix multiple bugs in bandwidth controller and add tests (dc963d9a)
  • handle vpx_image_alloc failure (3e22fd5c)
• toxencryptsave: Wipe salt and passkey after usage. (7cefa93c)

Features

• Add a way to look up a file number by ID. (b144e8db)
• Add a way to fetch groups by chat ID. (849281ea)
• Add Event Loop abstraction (Ev). (2f87ac67)

Performance

• Add a timed limit of number of cookie requests. (8f92e710)
• toxav: optimize audio and video intermediate buffers by keeping them around (d68d1d09)