cleanup: Move chatroom pointer instead of copying it.

Coverity complains about this. It's really minor, but the fix is cheap.

Translations, UI improvements, notifications, and some bugfixes.

This release is bringing several UI improvements and translation fixes thanks to
contributions and suggestions from our users. Also, we've merged with another
fork of qTox and the maintainer of that fork has contributed all their
improvements, making this the most stable version of qTox in years.

There are still many things on our TODO list, most notably we'll be focussing on
adding new group chat support with moderation, roles, and group ownership. As
always, if you find any issues with this release, please let us know by filing
an issue.

Release candidate. We'll write proper release notes in the production…

… release.

This is a security-focussed release that also comes with some bugfixes.

- We've added QOI image support and dropped some image support plugins that we haven't properly vetted.
- We have added fuzzing tests for all the image plugins we do use (and filed some bugs for the ones we don't yet use).
- We've fixed a heap buffer overflow in exif handling. This overflow was not a vulnerability (it was an out of bounds read that would mess up image rotations when receiving broken exif data).
- We've added a setting to disable automatic image previews in chat. If you're very security-conscious and you have friends you don't trust, you may want to disable image previews. In the future, we'll add a per-friend setting for this.
- We've fixed some bugs that caused multi-line messages to be received as a single line. This was caused by our defense-in-depth security measures that were a little too strict.

Getting ready for a release. Here's a release candidate.

A pretty quick turnaround to the next release here, fixing an issue w…

…ith the release builder workflows that caused release builds from v1.18.0 to claim they are unstable and untested.

Besides that, here are some highlights:

- We have significantly increased the translation coverage using Google Translate (and for Lojban, Baidu translate). All but two languages are now fully automatically translated. In many cases, this automated translation is not perfect, so we've also added a link next to the language selector to our Weblate page where you can fix translations you think could be improved.
- Using LLMs, we have finished the Pirate English translation, so: Ahoy! Come aboard the qTox ship, and set sail with this scurvy-free release! We've battened down the hatches and plugged some leaks, so no more unstable builds claimin' to be untested. Shiver me timbers, we've even charted new waters with more translations than ye can shake a parrot at!
- You can now run `qtox --update-check` on the command line to quickly see what the latest version is and what version you are running without starting the GUI. This might be useful for anyone who wants to write scripts around that.

Finally, we have tightened the security of qTox by avoiding any DNS lookups in the Tox bootstrap path. This means qTox will work properly even if you have no DNS server, and importantly, you will not leak access to the Tox network to any DNS servers. The only place where we still do DNS lookups is in the update check (which connects to the GitHub API), but you can disable that.

Release candidate 3.

Release candidate 2. RC1 didn't have binaries because the CI scripts …

…were broken.

Release Candidate 1.

Happy New Year 2025!

It's taken us some time, but we're finally here. We hope you enjoy our new and updated qTox v1.18.0. Many bugs, especially around video calls, have been fixed. We also bring some performance improvements, but most importantly, **the RCE fear is over**.

There have been many rumours about remote code execution attacks on qTox for the past 2 years. Although nobody has ever actually been able to demonstrate any of them working, we've done a deep dive audit on the relevant security aspects of the areas of potential vulnerability and have made a number of changes:

- We've completely rewritten the notification system from scratch. We now use the built-in Qt system tray notifications on all systems. Additionally, on Linux, we use the Freedesktop notification system directly (you can turn this off if it doesn't work or you're afraid we've made a mistake) instead of going through an unaudited third party library.
- We've put additional filtering in place for any incoming text messages from the Tox network, including friend request messages. We now filter out any non-printable characters. This may break certain newer emojis such as a skin-toned handshake emoji (🤝🏾) on older systems (from 2022 or earlier). If you use our provided binaries, it should just work, as we build our binaries with the latest Qt version and dependencies.
- We've hardened some of the low level load/store functions used for settings. There almost certainly wasn't a vulnerability here, but they can no longer be abused directly if there ever will be.

We have, as a side effect, also upgraded the toxcore used in the (windows) release. There are a great number of outdated toxcore nodes still present in the network, holding back new feature adoption such as the new group chats with moderation capabilities.

Check out the release candidates' release notes as well for a full list of changes since the 1.17.6.

As always, report any bugs or issues you find or features you'd like to see to our [issue tracker](https://github.com/TokTok/qTox/issues). We've got a long way to go, but we're come a long way as well. Enjoy the release!