fix/editor-terminal-size
7655 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
1ac58222b8
|
fix(editor): follow live terminal size in external editor
All checks were successful
CI Code / Check spelling (pull_request) Successful in 14s
CI Code / Check coding style (pull_request) Successful in 23s
CI Code / Code Coverage (pull_request) Successful in 3m26s
CI Code / Linux (debian) (pull_request) Successful in 5m19s
CI Code / Linux (ubuntu) (pull_request) Successful in 5m23s
CI Code / Linux (arch) (pull_request) Successful in 7m17s
The compose editor is spawned via fork+execvp and inherits profanity's LINES/COLUMNS, which hold the size captured at startup and are never refreshed on resize. A curses editor (nano, vim, ...) honors them over the real window, so it renders at the launch-time size after a resize. Drop LINES/COLUMNS from the child's environment before forking so its curses falls back to ioctl(TIOCGWINSZ). Assembling the env in the parent lets the child only reassign environ instead of calling unsetenv() between fork and exec, keeping it clear of unsetenv()'s allocator work in the multithreaded fork->exec window. profanity itself is unaffected. |
|||
|
5d7b7bb23d
|
test(ai): align parse_response tests with chat completions API
All checks were successful
CI Code / Check coding style (pull_request) Successful in 29s
CI Code / Check spelling (pull_request) Successful in 15s
CI Code / Code Coverage (pull_request) Successful in 3m37s
CI Code / Linux (debian) (pull_request) Successful in 7m36s
CI Code / Linux (ubuntu) (pull_request) Successful in 7m52s
CI Code / Linux (arch) (pull_request) Successful in 11m26s
CI Code / Check spelling (push) Successful in 15s
CI Code / Check coding style (push) Successful in 28s
CI Code / Code Coverage (push) Successful in 3m30s
CI Code / Linux (debian) (push) Successful in 5m19s
CI Code / Linux (ubuntu) (push) Successful in 5m25s
CI Code / Linux (arch) (push) Successful in 7m11s
The chat-completions refactor removed the legacy Perplexity "text" extraction but left two tests asserting the old behavior, breaking make check on every CI flavor: - test_ai_parse_response_perplexity_text expected the legacy /v1/agent nested format to parse; it now yields NULL — renamed to test_ai_parse_response_legacy_text_format_unsupported. - test_ai_parse_response_text_preferred_over_content expected "text" to win; "content" is authoritative now — renamed to test_ai_parse_response_content_preferred_over_text. Add test_ai_set_provider_setting_reserved_key covering the new reserved-key rejection. |
|||
|
fa6857f4c8
|
fix(ai): harden custom settings payload against invalid JSON and races
Custom setting values were JSON-escaped but emitted unquoted, so any non-numeric value (e.g. "high") produced an invalid JSON payload and failed the whole request; quoting the value manually could not work either, since the escaper turns quotes into \". Emit RFC 8259 scalars (number/true/false/null) bare and everything else as a quoted JSON string. Reserved payload keys (model, messages, stream) would duplicate the fixed fields with parser-dependent precedence; reject them in ai_set_provider_setting (surfaced as an error by /ai set custom) and skip them at payload-build time for settings loaded from hand-edited prefs. provider->settings was mutated on the main thread while the request thread iterates it when building the payload; guard both sides with a new per-provider settings_lock. Also refresh stale docs: ai_parse_response no longer mentions the dropped Perplexity "text" path, the payload docstring says "messages" instead of "input", and the /ai help example uses a realistic scalar setting. |
|||
|
9913344bbf
|
refactor(ai): align AI client with OpenAI chat completions API
Some checks failed
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 29s
CI Code / Linux (debian) (push) Failing after 3m38s
CI Code / Code Coverage (push) Failing after 5m19s
CI Code / Linux (ubuntu) (push) Failing after 6m15s
CI Code / Linux (arch) (push) Failing after 9m31s
Update request endpoint to /v1/chat/completions and switch payload key from input to messages. Remove store flag and legacy Perplexity response parsing to standardize on OpenAI's content extraction. |
|||
|
91631aa91a
|
feat(ai): add suport for /ai set custom parameters
Modify _build_json_payload_from_list to accept an AIProvider parameter and dynamically merge its custom settings into the JSON payload. The settings are serialized as additional key-value pairs alongside the standard model and input fields, enabling per-provider configuration options without hardcoding them. |
|||
|
622054fc6d
|
fix(pgp): prevent plaintext fallback in PGP/OX encryption
All checks were successful
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Code Coverage (pull_request) Successful in 3m41s
CI Code / Linux (debian) (pull_request) Successful in 5m15s
CI Code / Linux (ubuntu) (pull_request) Successful in 5m21s
CI Code / Linux (arch) (pull_request) Successful in 13m55s
CI Code / Check spelling (push) Successful in 1m24s
CI Code / Check coding style (push) Successful in 1m38s
CI Code / Linux (arch) (push) Successful in 7m14s
CI Code / Linux (debian) (push) Successful in 8m27s
CI Code / Linux (ubuntu) (push) Successful in 8m29s
CI Code / Code Coverage (push) Successful in 7m50s
Block all three code paths in message_send_chat_pgp that previously fell back to sending unencrypted messages: encryption failure, missing PGP key, and missing LibGPGME. Each path now shows a specific error in the chat window and returns NULL so the caller skips logging and display. Also replace the generic cons_show for OX signcrypt failure with a win_println on the current window, ensuring the user sees the error even when the chat window is not focused. Improve p_gpg_encrypt error reporting by adding a gchar** err out-parameter. Each failure path now sets a descriptive message (e.g. missing recipient key, missing sender key, GPGME context failure, encryption failure) so the caller can display the exact reason to the user. Fix a memory leak: gpgme_key_unref(receiver_key) was missing from the sender_key failure path. |
|||
|
ca92d29179
|
fix(ui): measure dead pad space from cursor instead of absolute height
All checks were successful
CI Code / Check spelling (push) Successful in 20s
CI Code / Check coding style (push) Successful in 38s
CI Code / Code Coverage (push) Successful in 4m2s
CI Code / Linux (ubuntu) (push) Successful in 5m22s
CI Code / Linux (debian) (push) Successful in 7m21s
CI Code / Linux (arch) (push) Successful in 7m39s
Remove the /autoping warning subcommand and PREF_AUTOPING_WARNING preference entirely. The warning was shown at connect time when autoping was disabled but the server supported XEP-0199 ping. The pad threshold logic previously used an absolute height (PAD_THRESHOLD=12000) which was above the buffer cap and never fired during normal scrolling. Replace with a dead-space measurement (cursor position minus live buffer lines) that only triggers a redraw when dead space exceeds PAD_DEAD_SPACE_LIMIT (2000 lines). Author: jabber.developer2 <jabber.developer2@jabber.space> |
|||
|
72aa603147
|
build: untrack generated src/gitversion.h.in
All checks were successful
CI Code / Check coding style (push) Successful in 1m33s
CI Code / Check spelling (push) Successful in 1m39s
CI Code / Linux (debian) (push) Successful in 5m20s
CI Code / Code Coverage (push) Successful in 4m30s
CI Code / Linux (arch) (push) Successful in 7m4s
CI Code / Linux (ubuntu) (push) Successful in 7m9s
The file is gitignored and regenerated by the build recipe from .git/HEAD/.git/index; it was committed by mistake during the upstream sync. Untrack it so builds no longer dirty the working tree. The version string behaviour is unchanged. |
|||
|
15dfc2bdb4
|
fix(xmpp): guard NULL domain in autoping disco warning gate
Some checks failed
CI Code / Check coding style (pull_request) Successful in 29s
CI Code / Check spelling (pull_request) Successful in 19s
CI Code / Linux (debian) (pull_request) Successful in 5m16s
CI Code / Linux (ubuntu) (pull_request) Successful in 5m25s
CI Code / Linux (arch) (pull_request) Successful in 7m37s
CI Code / Code Coverage (pull_request) Successful in 7m59s
CI Code / Check spelling (push) Successful in 15s
CI Code / Check coding style (push) Successful in 33s
CI Code / Linux (ubuntu) (push) Has been cancelled
CI Code / Code Coverage (push) Has been cancelled
CI Code / Linux (debian) (push) Has been cancelled
CI Code / Linux (arch) (push) Has been cancelled
g_ascii_strcasecmp() is not NULL-safe (unlike the g_strcmp0 it replaced), and connection_get_domain() can be NULL (init NULL, FREE_SET_NULL on teardown). A disco#info response racing a disconnect would dereference NULL. Capture the domain and skip the check when it is NULL. |
|||
|
02e679c277
|
feat(autoping): autoping availability warning
All checks were successful
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 30s
CI Code / Linux (debian) (push) Successful in 5m25s
CI Code / Linux (ubuntu) (push) Successful in 5m33s
CI Code / Code Coverage (push) Successful in 7m54s
CI Code / Linux (arch) (push) Successful in 12m7s
## Introduced change A new warning that notifies users when the connected XMPP server advertises XEP-0199 (urn:xmpp:ping) support but the autoping feature is disabled in settings. The warning can be toggled with `/autoping warning on|off`. The warning fires during the on-connect disco#info exchange, only for responses from the server's own domain — responses from user JIDs or subdomain services (e.g., conference servers) are excluded. ### Capabilities - **On-connect detection**: Warning is emitted automatically when the server's disco#info response indicates `urn:xmpp:ping` support while autoping is disabled and the preference is enabled (default: on) - **`/autoping warning on|off`**: Toggle the warning via the existing autoping command - **Domain-scoped**: Only triggers for disco#info from the bound server domain; user JIDs and subdomain service JIDs are skipped - **Case-insensitive domain matching**: Uses `g_ascii_strcasecmp` instead of `g_strcmp0` to handle case differences between the stanza `from` field and the bound domain - **Display in settings**: Shown in both `/notify` and `/autoping` settings dumps, with consistent alignment and `(/autoping warning)` reference in each line - **Autocomplete**: Dedicated `_autoping_autocomplete` function handles the `warning` subcommand with `on|off` completion ## Reasoning behind the change Users connecting to servers that support XEP-0199 ping but have autoping disabled may experience poorer connection stability. The warning draws attention to this configuration mismatch without requiring users to read documentation or dig into settings. The warning is scoped to the server domain (not user JIDs or subdomain services) because autoping is a connection-level feature — it only makes sense in the context of the server's keepalive capabilities. The warning preference defaults to `on` so users are informed by default, but can be disabled with `/autoping warning off` if they prefer not to see it. ## Implementation details ### Warning logic (`src/xmpp/iq.c`) `_disco_autoping_warning_message()` is called from the on-connect disco#info handler when the `from` field matches the bound domain. It checks three conditions: 1. Server features contain `urn:xmpp:ping` 2. Autoping interval is 0 (disabled) 3. `PREF_AUTOPING_WARNING` is true All three must be true for the warning to display. ### Domain matching `g_ascii_strcasecmp(from, connection_get_domain())` is used instead of `g_strcmp0` to handle case differences. This prevents the warning from silently skipping if a server echoes the `from` field in a different case than the bound domain. ### Command integration (`src/command/cmd_*.c`) - `cmd_defs.c`: Added `/autoping warning on|off` syntax and argument description - `cmd_funcs.c`: Added `warning` subcommand handler that calls `_cmd_set_boolean_preference` with `PREF_AUTOPING_WARNING` - `cmd_ac.c`: Registered dedicated `_autoping_autocomplete` that handles the `warning` subcommand with `on|off` boolean completion ### Preference storage (`src/config/preferences.c`) - Group: `PREF_GROUP_NOTIFICATIONS` - Key: `autoping.warning` - Default: `TRUE` ### Settings display (`src/ui/console.c`) The autoping warning preference is shown in both `cons_notify_setting()` and `cons_autoping_setting()` with consistent column alignment and a `(/autoping warning)` reference in each line. ### Tests (`tests/functionaltests/test_autoping.c`) Six functional tests cover all condition combinations: | Test | Server ping | Autoping | Warning pref | Expected | |---|---|---|---|---| | `autoping_warning_shown_when_disabled` | yes | off | on | warning shown | | `autoping_warning_not_shown_when_server_unsupported` | no | off | on | no warning | | `autoping_warning_not_shown_when_autoping_enabled` | yes | on | on | no warning | | `autoping_warning_not_shown_when_user_disabled` | yes | off | off | no warning | | `autoping_warning_not_shown_for_user_jid` | yes (from user JID) | off | on | no warning | | `autoping_warning_not_shown_for_subdomain_service` | yes (from subdomain) | off | on | no warning | Co-authored-by: Jabber Developer2 <jabber.developer2@jabber.space> |
|||
|
830479cf20
|
fix: OTR/presence/OMEMO correctness, stanza-id disco gate, build hardening
All checks were successful
CI Code / Check spelling (push) Successful in 17s
CI Code / Check coding style (push) Successful in 32s
CI Code / Code Coverage (push) Successful in 3m45s
CI Code / Linux (debian) (push) Successful in 4m42s
CI Code / Linux (ubuntu) (push) Successful in 4m49s
CI Code / Linux (arch) (push) Successful in 6m25s
- OTR: strip the whitespace tag by shifting the full message tail incl. the NUL, not tag_length bytes, so the body is no longer duplicated for messages longer than the tag. - presence: snapshot the resource fields before connection_add_available_resource() takes ownership, removing a use-after-free in the own-presence path. - OMEMO: propagate _omemo_finalize_identity_load() failure on connect (log + cons_show_error + stop) instead of leaving OMEMO silently unavailable. - OMEMO: guard NULL fingerprint decode in _omemo_fingerprint_decode / omemo_is_trusted_identity / omemo_trust and log every decode failure instead of failing silently. - stanza-id: gate XEP-0359 dedup on disco urn:xmpp:sid:0 (the `by` JID or its domain), falling back to no-dedup when caps are unknown; add functional tests for trusted vs untrusted server. - accounts: narrow the group-name sanitizer to the characters GKeyFile forbids in headers ([ ] \n \r), keeping `=` and `#`, so read/write stays symmetric. - build: re-introduce compiler/sanitizer flags in a Pikaur-safe form (opt-in sanitizers, -Wsign-compare) and fix the resulting -Wsign-compare warnings (incl. proftest _mkdir_recursive).fix: OTR/presence/OMEMO correctness, stanza-id disco gate, build hardening Author: jabber.developer2 <jabber.developer2@jabber.space> |
|||
|
2d3d1ced71
|
ref(ui): use MAX utility method for code conciseness and clarity
All checks were successful
CI Code / Check coding style (push) Successful in 1m28s
CI Code / Check spelling (push) Successful in 2m20s
CI Code / Linux (ubuntu) (push) Successful in 5m16s
CI Code / Code Coverage (push) Successful in 3m51s
CI Code / Linux (debian) (push) Successful in 5m52s
CI Code / Check coding style (pull_request) Successful in 35s
CI Code / Check spelling (pull_request) Successful in 23s
CI Code / Linux (arch) (push) Successful in 8m34s
CI Code / Linux (debian) (pull_request) Successful in 4m25s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m35s
CI Code / Code Coverage (pull_request) Successful in 3m30s
CI Code / Linux (arch) (pull_request) Successful in 8m55s
|
|||
|
adb078a3e2
|
fix(ui): reserve pad height per message to prevent multi-line clip and scroll desync
Some checks failed
CI Code / Check spelling (pull_request) Successful in 18s
CI Code / Check coding style (pull_request) Successful in 30s
CI Code / Code Coverage (pull_request) Successful in 3m24s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m54s
CI Code / Linux (debian) (pull_request) Successful in 6m58s
CI Code / Linux (arch) (pull_request) Successful in 7m7s
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 32s
CI Code / Code Coverage (push) Failing after 3m24s
CI Code / Linux (debian) (push) Failing after 5m38s
CI Code / Linux (ubuntu) (push) Failing after 5m51s
CI Code / Linux (arch) (push) Failing after 7m38s
A tall multi-line message printed near the bottom of the ncurses pad was clipped because _win_print_internal grew the pad from the current cursor only (_win_ensure_pad_capacity(getcury)), not the height of the message about to be printed. The clipped message's captured height (e.g. 1 row for a 49-row message) was wrong while win_redraw later rendered it in full; the resulting buffer->lines / y_start_pos mismatch desynced the page-up scroll anchor, producing a ~one-page jump when scrolling past such messages from history.
Estimate the rendered height (hard newlines + soft-wrap over the usable width) and reserve that many rows before printing, so the message is never clipped and its captured height matches the redraw. All print paths go through _win_print_internal, so incoming/outgoing/history are covered.
Regression from the upstream sync (
|
|||
|
5b45b35b3e
|
refactor: rename argument to avoid C++ keyword conflict
All checks were successful
CI Code / Check spelling (pull_request) Successful in 20s
CI Code / Check coding style (pull_request) Successful in 34s
CI Code / Linux (debian) (pull_request) Successful in 4m56s
CI Code / Linux (ubuntu) (pull_request) Successful in 5m4s
CI Code / Code Coverage (pull_request) Successful in 8m13s
CI Code / Linux (arch) (pull_request) Successful in 11m18s
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 31s
CI Code / Linux (ubuntu) (push) Successful in 4m32s
CI Code / Linux (debian) (push) Successful in 6m44s
CI Code / Code Coverage (push) Successful in 8m17s
CI Code / Linux (arch) (push) Successful in 11m11s
The parameter `template` in format_call_external_argv() was renamed to `template_fmt` to avoid collision with the `template` keyword in C++. This improves compatibility when the header is included in C++ code. |
|||
|
57d79ecf9c
|
fix: add missing parameter types to function declarations
Some functions were declared without parameters in header files, despite their implementations specifying arguments. This mismatch is deprecated in all versions of C and is disallowed in C23. This change updates the declarations to match their definitions, ensuring compatibility with C standards, avoiding potential undefined behavior, and improving support in tools and editors. |
|||
|
bfd7064a40
|
build: add missing includes to header files
This change adds necessary `#include` directives that were previously omitted in some header files. Without these includes, compilation could fail or produce undefined behavior when the headers are used in isolation (i.e., before their dependencies are included elsewhere). Ensures better modularity and reliability of header usage. |
|||
|
3f6b8f69fd
|
fix(ui): raise pad redraw threshold above buffer cap to fix history scroll
All checks were successful
CI Code / Check spelling (pull_request) Successful in 19s
CI Code / Check coding style (pull_request) Successful in 30s
CI Code / Code Coverage (pull_request) Successful in 3m21s
CI Code / Linux (debian) (pull_request) Successful in 4m49s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m55s
CI Code / Check coding style (push) Successful in 31s
CI Code / Check spelling (push) Successful in 19s
CI Code / Linux (arch) (pull_request) Successful in 6m39s
CI Code / Linux (debian) (push) Successful in 4m16s
CI Code / Code Coverage (push) Successful in 3m29s
CI Code / Linux (ubuntu) (push) Successful in 4m32s
CI Code / Linux (arch) (push) Successful in 10m51s
PAD_THRESHOLD (3000) sat below the buffer line cap (PAD_SIZE - PAD_SIZE/10 = 9000), so _win_ensure_pad_capacity() fired a full win_redraw() from the hot print path on every message once a chat exceeded 3000 rendered lines. During history paging this turned one redraw per fetch into dozens, corrupting per-entry y_start_pos (offset jumps, dropped/skipped messages) and causing ~10s lag per page. The flat-file backend was byte-identical across the regression; the fault was purely in the UI pad path from the upstream merge. Raise PAD_THRESHOLD to 12000 (above the cap) so the reclaim redraw only fires to drop dead pad space in long append-only sessions, never during scrolling. Also size the pad once to buffer->lines+100 in win_redraw() instead of shrinking to PAD_MIN_HEIGHT and regrowing per entry, removing the residual per-redraw wresize churn. |
|||
|
a04a8948e1
|
fix(chatwin): only fire plugins_post_chat_message_display on incoming
All checks were successful
CI Code / Check coding style (pull_request) Successful in 34s
CI Code / Check spelling (pull_request) Successful in 22s
CI Code / Linux (debian) (pull_request) Successful in 4m38s
CI Code / Code Coverage (pull_request) Successful in 3m12s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m34s
CI Code / Linux (arch) (pull_request) Successful in 6m57s
CI Code / Check spelling (push) Successful in 17s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 3m45s
CI Code / Linux (debian) (push) Successful in 4m38s
CI Code / Linux (ubuntu) (push) Successful in 4m49s
CI Code / Linux (arch) (push) Successful in 6m46s
The trigger was wired into outgoing / outgoing-carbon / history paths too, which made plugins like sounds.py play the "new message" sound when opening a chat (history loads), sending a message yourself, or receiving a carbon of your own sent message from another device. Restrict the call to chatwin_incoming_msg — matches the semantic of "a remote party sent a chat message and it was displayed". |
|||
|
c1093db090
|
fix(editor): prevent UI redraw conflicts during editor suspend/resume
All checks were successful
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 3m36s
CI Code / Linux (debian) (push) Successful in 4m43s
CI Code / Linux (ubuntu) (push) Successful in 4m54s
CI Code / Linux (arch) (push) Successful in 6m46s
Guard against re-entrant editor launches, abort editor on Ctrl-Z, and centralize suspend-aware redraws through prof_doupdate() to prevent terminal corruption when SIGTSTP is received while editor is active. Removes SIGUSR1 editor escape in favor of standard pkill <editor> recovery. |
|||
|
72f4f186da
|
merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.
Major upstream changes incorporated:
Memory management
- Replace malloc+memset with g_new0 throughout codebase
- Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
- Replace free() with g_free() for GAlloc'd memory
Editor rewrite
- Remove pthread-based async editor; use GChildWatch callback API
- New launch_editor(initial_content, callback, user_data) interface
- Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
- ui_suspend()/ui_resume() integration for TTY management
OMEMO improvements
- Dual backend support: libsignal-protocol-c and libomemo-c
- Proper pre-key removal after use (XEP-0384 compliance)
- Automatic pre-key regeneration when store drops below threshold
- New functions: omemo_is_device_active(), omemo_is_jid_trusted()
- omemo_get_jid_untrusted_fingerprints() for better error messages
- Fingerprint notifications on new device identity discovery
- Deterministic pre-key ID generation tracking max_pre_key_id
- omemo_trust_changed() UI updates on trust state changes
JID validation
- RFC 6122-compliant validation in jid_is_valid()
- Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
- Length limits: 1023 per component, 3071 total
- New jid_is_valid_user_jid() for user vs. service JID distinction
Database
- Schema migration v3: UNIQUE constraint on archive_id for deduplication
- Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
- db_history_result_t return type, _truncate_datetime_suffix()
UI / console
- win_warn_needed() / win_warn_sent() warning deduplication hash table
- PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
- Spellcheck integration in input field with Unicode word detection
- cons_spellcheck_setting() for /settings ui output
- /[command]? shortcut for command help
Account config
- Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
- Replace popen() with g_spawn_sync() for eval_password
- TLS policy: add "direct" option alongside legacy
Connection
- Port validation with g_assert (0–65535)
- SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
- "direct" TLS policy alias for legacy SSL
Common utilities
- str_xml_sanitize() for XML 1.0 illegal character removal
- string_matches_one_of() with formatted error messages
- valid_tls_policy_option() helper
- prof_date_time_format_iso8601() utility
- Improved strip_arg_quotes() with backslash unescaping
- prof_occurrences() uses g_slist_prepend + reverse for performance
PGP / OX
- Proper GPGME resource cleanup with goto-cleanup pattern
- g_string_free(xmppuri) leak fix in _ox_key_lookup
CSV export
- Use GString + g_file_set_contents instead of raw write() syscalls
Tests
- Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
- New test_cmd_ac.c for autocompleter unit tests
- Updated stubs for new UI suspend/resume functions
License headers
- Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)
────────────────────────────────────────────────────
cproof-specific preservations:
- XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
- Force encryption: cmd_force_encryption, test_forced_encryption
- CWE-134: format string protection (cons_show("%s", ...))
- y_start_pos-based paging in window.c
- db_history_result_t return type, _truncate_datetime_suffix()
Merge-time fixes:
- common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
- database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
- console.c: implicit size_t → int cast — (int)(maxlen + 1)
- tlscerts.c: %d for size_t — %zu
Build system:
- Kept autotools (Makefile.am, configure.ac); upstream uses Meson
- Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
- Updated Makefile.am test paths for subdirectory structure
- Added test_cmd_ac, test_forced_encryption to test sources
Functional tests:
- Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
- Not yet available in devs/stabber fork
Closes #64
Merge author: jabber.developer2
Commits authors:
Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
|
|||
|
3b673150b4
|
chore(chatlog): disable background message file logging (stage 1)
All checks were successful
CI Code / Check spelling (pull_request) Successful in 16s
CI Code / Check coding style (pull_request) Successful in 30s
CI Code / Code Coverage (pull_request) Successful in 2m39s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m58s
CI Code / Linux (arch) (pull_request) Successful in 5m56s
CI Code / Linux (debian) (pull_request) Successful in 7m2s
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 2m41s
CI Code / Linux (ubuntu) (push) Successful in 5m3s
CI Code / Linux (arch) (push) Successful in 6m2s
CI Code / Linux (debian) (push) Successful in 7m12s
First stage of removing the chatlog subsystem that writes plain-text per-day message logs to $XDG_DATA_HOME/profanity/chatlogs/. These files were never read back by Profanity (history replay reads from the database via log_database_get_previous_chat), so the feature only ever wrote to disk for users to inspect with external tools. This change reduces chatlog.c to no-op stubs, preserving all public signatures so the ~20 call sites in event/, otr/ and profanity.c continue to compile and link unchanged. Subsequent stages will remove the call sites, the related preferences (PREF_CHLOG, PREF_GRLOG and the per-encryption PREF_*_LOG) and the now-dead commands (/logging, /otr log, /pgp log, /omemo log, /ox log). Database-based history (PREF_DBLOG, /history) and the debug log (log.c, /log) are unaffected. |
|||
|
53cdf488b6
|
fix(ai): resolve UAF and require provider argument instead of defaults
All checks were successful
CI Code / Check spelling (pull_request) Successful in 18s
CI Code / Check coding style (pull_request) Successful in 50s
CI Code / Linux (debian) (pull_request) Successful in 4m57s
CI Code / Linux (ubuntu) (pull_request) Successful in 5m12s
CI Code / Code Coverage (pull_request) Successful in 6m48s
CI Code / Linux (arch) (pull_request) Successful in 11m9s
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 33s
CI Code / Code Coverage (push) Successful in 2m41s
CI Code / Linux (debian) (push) Successful in 4m40s
CI Code / Linux (ubuntu) (push) Successful in 4m53s
CI Code / Linux (arch) (push) Successful in 10m41s
This enforces explicit provider specification. Automatic fallback to preferences or "openai" is removed. Users must now pass the provider name explicitly. default provider functionality was improperly removed and implemented (some parts still remain intact), leading to UAF. |
|||
|
4776c1f1ec
|
fix(ai): properly decode \uXXXX JSON escape sequences as UTF-8
Add helper functions to parse hex digits and encode UTF-8 characters. Update buffer allocation to account for UTF-8 expansion and implement full surrogate pair support for characters outside the BMP. Previously, \uXXXX sequences were passed through verbatim; they are now correctly decoded into proper UTF-8 strings. |
|||
|
a3a45ad477
|
fix(ui): preserve messages in non-chat windows while scrolled
All checks were successful
CI Code / Check spelling (push) Successful in 17s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 2m43s
CI Code / Linux (debian) (push) Successful in 4m33s
CI Code / Linux (ubuntu) (push) Successful in 4m48s
CI Code / Linux (arch) (push) Successful in 5m36s
_win_printf dropped buffer append and render for any window in paged state, but only WIN_CHAT can recover lost messages via chatwin_db_history() on scroll-down. WIN_MUC, WIN_PRIVATE and WIN_AI have no such fallback, so incoming and outgoing messages were silently lost when the user was viewing history. Introduce log_database_can_recover_messages() to check whether the DB backend can replay messages (returns FALSE when PREF_DBLOG is "off", "redact", or no backend is active). Gate the WIN_CHAT early return in _win_printf() on this check: when recovery is impossible, fall through and append to the buffer so messages remain visible on scroll-down. Add a buffer-bottom reset in win_page_down() for non-chat windows. WIN_SCROLL_REACHED_BOTTOM is only set on the is_chat DB branch, so non-chat windows never clear paged on their own; reset paged and unread_msg when the last line of the buffer reaches the screen. Add missing scroll rendering for AI windows in the title bar draw function, ensuring AI windows display their scrolled state consistently with other window types. Remove the manual paged/unread_msg reset before printing the user message in cl_ev_send_ai_msg() -- it was a local workaround for the same drop and is no longer needed. |
|||
|
2952466abd
|
feat(history): consolidate logging controls and add dbbackend statusbar indicator
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 33s
CI Code / Code Coverage (push) Successful in 2m42s
CI Code / Linux (debian) (push) Successful in 4m40s
CI Code / Linux (ubuntu) (push) Successful in 4m53s
CI Code / Linux (arch) (push) Successful in 5m38s
Deprecate /logging command in favor of /history for chat logging control.
/history off now stops persistence (sets PREF_DBLOG=off + PREF_CHLOG=false)
in addition to hiding history on open. /history on restores persistence
(re-enabling PREF_DBLOG=on if it was off) and PREF_CHLOG.
statusbar
- PREF_STATUSBAR_SHOW_DBBACKEND (default ON) gates the [sqlite] /
[flatfile] indicator; toggle via "/statusbar show|hide dbbackend"
/history off|on
- "/history off" now stops persistence as well as hiding history on
open: sets PREF_DBLOG=off + PREF_CHLOG=false in addition to
PREF_HISTORY=false
- "/history on" restores persistence (re-enabling PREF_DBLOG=on if
it was off) and PREF_CHLOG, in addition to PREF_HISTORY=true
/logging
- Deprecated /logging command. It now prints a single notice
pointing to /history; CMD_PREAMBLE trimmed (min_args=0, no
setting_func, syntax/args/examples dropped); subcommand 'group'
removed from autocomplete
- All "use '/logging chat on' to enable" hints replaced with
"/history on" across /omemo-log, /pgp-log, /otr-log, and /ox-log
/privacy logging
- Single-pass validation across {on, off, redact, flatfile}
- Backend-switching values (on, flatfile) now take effect
immediately when connected (via log_database_switch_backend),
matching "/history switch" behaviour; off/redact only flip
pref bits and keep the live backend open
/correction off
- win_print_outgoing and win_print_outgoing_with_receipt now gate
_win_correct on PREF_CORRECTION_ALLOW, matching incoming-msg
paths. Previously a peer's correction reflected via XEP-0280
carbons (or the user's own /correct invocation) was applied
in-buffer regardless of the pref
console
- Drop orphaned /logging chat reference from cons_privacy_setting()
- Delete cons_logging_setting() and remove its call from
cons_show_log_prefs()
autocomplete
- Add dbbackend to statusbar_show_ac
- Remove logging_ac entries for chat/group subcommands
- Remove _logging_autocomplete() param handler for chat subcommand
database_flatfile
- Two local g_strndup allocations switched from char* with manual
g_free to auto_gchar gchar* for automatic cleanup
tests
- Update test_cmd_otr.c to expect new /history-on warning messages
@author: jabber.developer2 <jabber.developer2@jabber.space>
|
|||
|
06b80bc89a
|
fix(ai): fix memory leak of local provider in error paths
All checks were successful
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 31s
CI Code / Code Coverage (pull_request) Successful in 2m44s
CI Code / Linux (debian) (pull_request) Successful in 4m42s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m56s
CI Code / Linux (arch) (pull_request) Successful in 5m49s
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 2m42s
CI Code / Linux (debian) (push) Successful in 4m45s
CI Code / Linux (ubuntu) (push) Successful in 4m57s
CI Code / Linux (arch) (push) Successful in 5m50s
Add missing unref calls for local_provider in _ai_request_thread error handling to prevent memory leaks. |
|||
|
f9e0ba9630
|
fix(ai): fix memory leaks in ai session handling
All checks were successful
CI Code / Check spelling (pull_request) Successful in 19s
CI Code / Check coding style (pull_request) Successful in 38s
CI Code / Code Coverage (pull_request) Successful in 2m55s
CI Code / Linux (debian) (pull_request) Successful in 4m39s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m51s
CI Code / Linux (arch) (pull_request) Successful in 5m34s
Add missing `ai_session_unref` calls to prevent memory leaks. - In `_ai_request_thread`, release session on error paths and after successful processing. - In `cmd_ai_start`, release reference after passing ownership to the AI window. |
|||
|
7469f31c78
|
fix(ai): fix memory leaks in _ai_request_thread
All checks were successful
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 34s
CI Code / Code Coverage (pull_request) Successful in 2m43s
CI Code / Linux (debian) (pull_request) Successful in 4m45s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m55s
CI Code / Linux (arch) (pull_request) Successful in 5m45s
Replace manual g_free calls with auto_gchar for local_provider_name, local_model, local_api_key, and response_data to ensure automatic cleanup and prevent memory leaks. |
|||
|
5e329c77e1
|
fix(ai): fix memory leak in AI message stanza ID
All checks were successful
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Code Coverage (pull_request) Successful in 2m43s
CI Code / Linux (debian) (pull_request) Successful in 4m41s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m55s
CI Code / Linux (arch) (pull_request) Successful in 5m44s
Store stanza ID in an auto_gchar variable to ensure automatic memory cleanup. |
|||
|
9e5dfb14f8
|
feat(ai): add AI client with multi-provider chat support
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 29s
CI Code / Code Coverage (push) Successful in 2m44s
CI Code / Linux (debian) (push) Successful in 4m46s
CI Code / Linux (ubuntu) (push) Successful in 4m59s
CI Code / Linux (arch) (push) Successful in 5m56s
Add an AI client module that integrates with OpenAI-compatible API providers (OpenAI, Perplexity, and custom endpoints) to provide AI-assisted chat within CProof. Users can start sessions with /ai start, send prompts, receive responses in a dedicated AI window, switch between providers and models, and manage API keys — all with tab-completion. Providers are configured via /ai set commands with per-provider API keys, endpoints, default models, and custom settings. Two default providers (openai, perplexity) are seeded on first use. Provider state persists in [ai/<name>] sections of the preferences keyfile with automatic migration from the previous flat-key format. The /ai command integrates into the existing command system with 8 subcommands covering provider management, session lifecycle, model fetching, and conversation clearing. Autocomplete uses the standard flat prefix-matching chain for reliable tab-completion at every nesting level. A new ProfAiWin window type is added to the window system. Architecture: Async design: HTTP requests run on a background thread (pthread) to avoid blocking the ncurses UI loop; results are displayed on the main thread via direct function calls Thread safety: AIProvider and AISession use atomic ref-counting and mutex-protected session state; the request thread snapshots all session data before making the HTTP call Window validation: wins_ai_exists() prevents use-after-free when the user closes the AI window during an in-flight HTTP request (~60s) Privacy: store:false is sent with every request to prevent providers from persisting conversations or using them for training Response size limit: 10MB cap with immediate curl abort via CURL_WRITEFUNC_ERROR to prevent OOM JSON parsing uses unified helpers for both chat responses and error envelopes with consistent escape decoding. The response parser tries Perplexity /v1/responses "text" field first, then falls back to OpenAI "content". Error parsing extracts provider error.message from the standard envelope format. Model parsing handles multiple API response formats (OpenAI list, Perplexity, array) including edge cases. Tests include 470+ lines of unit tests covering provider management, session lifecycle, JSON parsing (multiple formats), autocomplete cycling, and error handling, plus functional tests for /ai command dispatch. A stub_ai.c module isolates unit tests from UI dependencies. |
|||
|
1aaa382d5e
|
fix(verify): per-contact context in output, demote duplicate stanza-id to debug
All checks were successful
CI Code / Check spelling (pull_request) Successful in 19s
CI Code / Check coding style (pull_request) Successful in 31s
CI Code / Code Coverage (pull_request) Successful in 2m39s
CI Code / Linux (debian) (pull_request) Successful in 4m39s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m51s
CI Code / Linux (arch) (pull_request) Successful in 5m40s
CI Code / Check spelling (push) Successful in 20s
CI Code / Check coding style (push) Successful in 36s
CI Code / Code Coverage (push) Successful in 2m42s
CI Code / Linux (debian) (push) Successful in 4m43s
CI Code / Linux (ubuntu) (push) Successful in 4m58s
CI Code / Linux (arch) (push) Successful in 5m44s
|
|||
|
3f36c303c2
|
feat(history): flat-file backend with bidirectional SQLite migration
All checks were successful
CI Code / Check spelling (push) Successful in 21s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 2m21s
CI Code / Linux (ubuntu) (push) Successful in 4m30s
CI Code / Linux (debian) (push) Successful in 6m43s
CI Code / Linux (arch) (push) Successful in 10m8s
A flat-file alternative to the SQLite chatlog backend with runtime
switching, full migration tooling, integrity verification, and a
synthetic load harness. SQLite remains the default; both backends share
one dispatch layer (db_backend_t vtable) so callers don't change.
Storage layout
- Per-contact append-only `flatlog/<account>/<contact>/history.log`
under XDG_DATA_HOME, one line per message
- Single-line file header with embedded format-version marker
(FLATFILE_FORMAT_VERSION); reader warns on missing or mismatched
marker, writer and checker stay in sync via preprocessor
stringification
- Deterministic key=value metadata (`id`, `aid`, `corrects`, `to`,
`to_res`, `read`) plus escaped body \u2014 `\|`, `\]`, `\\`, `\n`, `\r`
literals prevent log injection
- Sparse byte-offset index (FF_INDEX_STEP=500) per contact for
O(log n) time-range lookups; rebuilt on inode / size / mtime
change, extended in-place when the file just grew
- Per-contact GHashTable caches for archive_id presence and
stanza_id \u2192 from_jid mapping (O(1) MAM dedup, O(1) LMC sender
validation)
Hardening
- Path-traversal protection: JID directory name normalisation
(`@` \u2192 `_at_`, slashes and `..` rejected at construction); every
per-contact path is anchored under the account's flatlog/
directory and validated before open
- Symlink-attack protection: every fopen / open uses O_NOFOLLOW; on
ELOOP the operation aborts with an error rather than following
- Filesystem permissions: log files created with mode 0600,
directories with mode 0700; both enforced at creation, verified
on each open and reported on drift by `/history verify`
- Atomic crash-safe export: write to a temp file via mkstemp (mode
0600, random suffix, no name collisions between concurrent
exports), fsync, then rename \u2014 partial state never replaces the
live file
- Concurrency: advisory flock(LOCK_EX) held for the duration of
every write, including append from live messages and full rewrite
from export, so two profanity processes can't interleave bytes
on the same log
- DoS / abuse guards:
* FF_MAX_LINE_LEN = 10 MB \u2014 lines longer than this are rejected
at read with a warning; the parser will not allocate
unbounded memory for a single record
* FF_MAX_LMC_DEPTH = 100 \u2014 `corrects:` chain walk stops at this
depth and emits a warning, preventing a malicious correction
cycle from spinning the apply pass
* FF_VERSION_SCAN_MAX = 16 \u2014 header version probe never reads
past 16 leading comment lines, even on garbage input
* Empty / inverted byte-range early-return in page-up read path
so a malformed time filter cannot cause an unbounded scan
* Zero-entry index guard so a file whose every line failed to
parse cannot cause a NULL deref on later page-up
- LMC sender validation: an incoming correction whose sender does
not match the original message's sender is rejected at write
time and surfaced via cons_show_error; a cycle in the apply pass
is broken via a visited-set
- jid_create_from_bare_and_resource treats NULL, empty string, and
the literal "(null)" as no resource and returns a bare jid;
similar normalisation for barejid eliminates the legacy
"user@host/(null)" artefact that leaked into stored fulljids
whenever g_strdup_printf("%s", NULL) ran inside create_fulljid
Commands
- `/history switch sqlite|flatfile` \u2014 runtime backend swap, closes
the old backend and opens the new one without reconnecting
- `/history export [<jid>]` \u2014 SQLite -> flat-file, merging with any
existing flatlog (dedup keyed on a SHA-256 hash mixing stanza_id,
timestamp, from_jid, body \u2014 robust against id reuse by older
clients)
- `/history import [<jid>]` \u2014 flat-file -> SQLite, same merge
semantics, runs inside a single SQLite transaction with rollback
on per-contact failure
- `/history verify [<jid>]` \u2014 integrity check; emits a structured
list of issues (ERROR / WARNING / INFO) per file:
* file-level: missing log, wrong permissions (\u2260 0600), UTF-8
BOM present, CRLF line endings, empty file
* line-level: invalid UTF-8 (with byte offset), embedded
control characters, unparsable lines, timestamps out of
order, duplicate `id:` and `aid:` (tracked separately so a
stanza/archive id collision isn't double-reported)
* cross-line: broken `corrects:` references whose target id is
not present in the file
- `/history backend` \u2014 show currently active backend
- Active backend indicator `[sqlite]` / `[flatfile]` in the status
bar next to the JID
- Roster-JID autocomplete for verify / export / import
- export and import open a SQLite handle on demand when the
flatfile backend is currently active, so migration works
regardless of which backend is live
Tests
- Unit: database_export (parser round-trip, escape/unescape, dedup
key stability, JID normalisation), database_stress (14 cases
exercising rapid writes, large messages, deep LMC chains, MAM
dedup, concurrent contacts)
- Functional: history persistence across reconnects, export /
import round-trip with content equality, MUC migration,
timestamp normalisation across timezones
- Bench harness P1\u2013P5 (synthetic load: bulk insert, time-range
read, page-up scroll, MAM ingest, mixed workload) and failure
modes F1\u2013F17 (page-up cursor and forward-iteration symmetry,
oversized lines, MAM dedup, LMC depth and cycles, BOM/CRLF,
missing log, empty file, mtime+inode flip, broken corrects, etc.)
- All bench tests integrate with the existing make targets and
emit CSV rows for baseline comparison
Author: jabber.developer2 <jabber.developer2@jabber.space>
Reviewed-by: jabber.developer <jabber.developer@jabber.space>
|
|||
|
0feacbc9da
|
ci: simulate Pikaur flag duplication in Arch Linux CI
All checks were successful
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 30s
CI Code / Code Coverage (pull_request) Successful in 3m1s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m31s
CI Code / Linux (debian) (pull_request) Successful in 7m36s
CI Code / Linux (arch) (pull_request) Successful in 9m52s
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 32s
CI Code / Linux (debian) (push) Successful in 4m51s
CI Code / Linux (arch) (push) Successful in 5m35s
CI Code / Linux (ubuntu) (push) Successful in 6m36s
CI Code / Code Coverage (push) Successful in 7m21s
Inject system flags from /etc/makepkg.conf into the CI environment to detect build collisions caused by Pikaur's configuration bug. Pikaur's cascading logic causes flags from /etc/makepkg.conf to be merged into the build environment. This creates collisions with flags defined in the project's Makefile.am (e.g., duplicate -D_FORTIFY_SOURCE definitions), which can cause builds to fail for users. By exporting these flags in the CI environment, we ensure that any code change that is sensitive to flag duplication will trigger a failure in our Arch Linux CI matrix, preventing broken builds from reaching users. Implementation details: - Detects Arch Linux via /etc/os-release. - Uses a sed-based flattener to handle multi-line variables and trailing backslashes in makepkg.conf. - Exports the flags to the shell environment so that 'configure' and 'make' inherit them naturally, maintaining parity with a real Pikaur session. |
|||
|
0722dc9e36
|
build(pikaur): Fix failure due to duplicated flag and warnings
All checks were successful
CI Code / Check spelling (pull_request) Successful in 20s
CI Code / Check coding style (pull_request) Successful in 35s
CI Code / Linux (ubuntu) (pull_request) Successful in 6m42s
CI Code / Linux (debian) (pull_request) Successful in 6m47s
CI Code / Code Coverage (pull_request) Successful in 7m3s
CI Code / Linux (arch) (pull_request) Successful in 9m33s
CI Code / Check spelling (push) Successful in 20s
CI Code / Check coding style (push) Successful in 39s
CI Code / Code Coverage (push) Successful in 2m53s
CI Code / Linux (debian) (push) Successful in 4m8s
CI Code / Linux (ubuntu) (push) Successful in 4m35s
CI Code / Linux (arch) (push) Successful in 10m28s
|
|||
|
f84ed1bf6a
|
perf(functests): speedup — profrc pre-baking, pty-close shutdown, parallel port pools
All checks were successful
CI Code / Check spelling (pull_request) Successful in 18s
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Code Coverage (pull_request) Successful in 2m46s
CI Code / Linux (debian) (pull_request) Successful in 4m30s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m29s
CI Code / Linux (arch) (pull_request) Successful in 4m44s
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 33s
CI Code / Code Coverage (push) Successful in 3m4s
CI Code / Linux (ubuntu) (push) Successful in 4m29s
CI Code / Linux (debian) (push) Successful in 4m33s
CI Code / Linux (arch) (push) Successful in 4m48s
Replace 16 interactive UI setup commands with pre-written profrc file containing [ui] and [notifications] sections (~1800ms saved per test). Replace sleep(1) + blocking waitpid with close(pty fd) → SIGHUP → polling waitpid(WNOHANG) → SIGTERM/SIGKILL fallback chain (~4900ms saved per test). Remove post-stbbr_start() and post-stbbr_stop() sleeps — bind+listen completes synchronously before stbbr_start() returns, and pthread_join() in stbbr_stop() guarantees socket cleanup (~200ms saved). Add PORTS_PER_GROUP=50 isolated port ranges per test group to enable safe parallel execution of 4 groups without port conflicts. |
|||
|
9ec01fa8cc
|
fix: CWE-134 format string audit and compiler hardening
All checks were successful
CI Code / Check spelling (push) Successful in 20s
CI Code / Check coding style (push) Successful in 36s
CI Code / Code Coverage (push) Successful in 5m38s
CI Code / Linux (ubuntu) (push) Successful in 7m1s
CI Code / Linux (debian) (push) Successful in 7m5s
CI Code / Linux (arch) (push) Successful in 7m19s
Security: Fix CWE-134 in iq.c: user-controlled string passed as format argument Add G_GNUC_PRINTF annotations to all variadic printf-like wrappers in ui.h, log.h and http_common.h Compiler flags (configure.ac): Replace basic -Wformat/-Wformat-nonliteral with -Wformat=2 Add -Wextra, -Wnull-dereference, -Wpointer-arith, -Wimplicit-function-declaration, -Wundef, -Wfloat-equal, -Wredundant-decls, -Walloc-zero Add -fstack-protector-strong, -fno-common, -D_FORTIFY_SOURCE=2 Add GCC-specific flags via AC_COMPILE_IFELSE: -Wlogical-op, -Wduplicated-cond, -Wduplicated-branches, -Wstringop-overflow, -Warray-bounds=2 Suppress noisy -Wextra sub-warnings: -Wno-unused-parameter, -Wno-missing-field-initializers, -Wno-sign-compare, -Wno-cast-function-type Remove AM_CFLAGS/CFLAGS duplication Bug fixes found by new warnings: chatlog.c: non-MUCPM redact path passed resourcepart instead of NULL rosterwin.c: merge duplicated if/else branches into single condition omemo.c: redundant else-if in omemo_automatic_start; remove unnecessary scope block and goto, use early return console.c: pointer compared to integer 0 instead of NULL stanza.c: increase pri_str/idle_str buffers from 10 to 12 bytes (INT_MIN = -2147483648 needs 12 bytes including NUL) vcard.c: NULL guard for filename before g_file_set_contents api.c: broken log_warning() calls with extra format argument Format mismatch fixes: chatwin.c: Jid* → char* for %s connection.c: %x → %lx for long flags cmd_funcs.c: %d → %zu for size_t; cast gpointer to char* for %s cmd_defs.c: %d → %u for g_list_length() return (guint) iq.c: barejid → fulljid for from_jid console.c, mucwin.c, privwin.c, account.c, omemo.c, presence.c: gpointer → (char*) casts for %s Const-correctness and cleanup: database.c: const for type, query, sort variables form.c/xmpp.h: const for form_set_value parameter files.c: refactor to early return, eliminating NULL logfile path muc.c/muc.h: remove meaningless top-level const on return type common.c: const for URL string literal Remove stale declarations: cons_show_desktop_prefs (ui.h), connection_set_priority (connection.h), omemo_devicelist_configure_and_request (omemo.h) test_common.c: add currb NULL check to silence -Wnull-dereference Tooling (check-cwe134.sh): Reduce from 5 checks to 2 (checks 1-3 redundant with -Wformat=2) Check 1: verify known wrappers have G_GNUC_PRINTF attribute Check 2: auto-detect unannotated variadic printf-like functions Match both const char* and const gchar* in variadic patterns Author: jabber.developer2 <jabber.developer2@jabber.space> |
|||
|
1508f27e73
|
Merge branch 'ci/separate-build-step'
All checks were successful
CI Code / Check spelling (push) Successful in 21s
CI Code / Check coding style (push) Successful in 37s
CI Code / Code Coverage (push) Successful in 5m35s
CI Code / Linux (debian) (push) Successful in 6m56s
CI Code / Linux (ubuntu) (push) Successful in 7m2s
CI Code / Linux (arch) (push) Successful in 7m24s
|
|||
|
d4254db814
|
CI: Separate build and test steps
All checks were successful
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Check spelling (pull_request) Successful in 24s
CI Code / Code Coverage (pull_request) Successful in 4m46s
CI Code / Linux (debian) (pull_request) Successful in 6m5s
CI Code / Linux (ubuntu) (pull_request) Successful in 6m11s
CI Code / Linux (arch) (pull_request) Successful in 6m25s
|
|||
|
9e1b95a814
|
test(disco): remove disco_items_error_handling test
All checks were successful
CI Code / Check spelling (pull_request) Successful in 22s
CI Code / Check coding style (pull_request) Successful in 40s
CI Code / Linux (debian) (pull_request) Successful in 6m59s
CI Code / Linux (arch) (pull_request) Successful in 7m21s
CI Code / Linux (ubuntu) (pull_request) Successful in 7m13s
CI Code / Code Coverage (pull_request) Successful in 10m59s
CI Code / Check spelling (push) Successful in 20s
CI Code / Check coding style (push) Successful in 36s
CI Code / Code Coverage (push) Successful in 5m43s
CI Code / Linux (ubuntu) (push) Successful in 7m9s
CI Code / Linux (debian) (push) Successful in 10m5s
CI Code / Linux (arch) (push) Successful in 12m0s
This test requires the fix from fix/xep-0030-disco-items-error-handling branch. Moved there along with the source code fix. |
|||
|
24e1dac354
|
test(disco): add comprehensive XEP-0030 functional tests
Add 7 new tests for /disco command: - disco_items_to_jid: query items to specific JID - disco_info_empty_result: handle empty disco#info response - disco_info_multiple_identities: multiple identity elements - disco_info_without_name: identity without optional name attr - disco_items_without_name: items without optional name attr - disco_info_service_unavailable: error handling for info - disco_items_error_handling: error handling for items (XEP-0030 §7) The disco_items_error_handling test documents a bug where disco#items errors are silently ignored (unlike disco#info which handles them). This violates XEP-0030 Section 7 which requires error feedback to user. |
|||
|
f20a4da160
|
Add functional tests for /disco command (XEP-0030)
- Add 8 tests for disco info and disco items commands - Fix XEP-0030 compliance bug: show message for empty disco#items results - Tests cover: identity display, features, server/jid queries, error handling, items display, empty results, and connection requirement |
|||
|
663a959f9c
|
test: add functional tests for autoping (XEP-0199)
- autoping_set_interval: verify /autoping set command - autoping_set_zero_disables: verify disabling autoping - autoping_timeout_set: verify /autoping timeout command - autoping_timeout_zero_disables: verify disabling timeout - autoping_sends_ping_after_interval: verify automatic ping IQ - autoping_server_not_supporting_ping: verify error handling Fast tests (command parsing) in Group 1, slow tests (timer-based) in Group 3. |
|||
|
31538580fb
|
fix arch build
All checks were successful
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 28s
CI Code / Linux (debian) (pull_request) Successful in 6m21s
CI Code / Linux (ubuntu) (pull_request) Successful in 8m59s
CI Code / Code Coverage (pull_request) Successful in 8m25s
CI Code / Linux (arch) (pull_request) Successful in 10m31s
CI Code / Check spelling (push) Successful in 17s
CI Code / Check coding style (push) Successful in 31s
CI Code / Linux (debian) (push) Successful in 6m29s
CI Code / Linux (ubuntu) (push) Successful in 6m33s
CI Code / Code Coverage (push) Successful in 9m3s
CI Code / Linux (arch) (push) Successful in 10m31s
|
|||
|
37ca2de308
|
ci: fix arch build
Some checks failed
CI Code / Check spelling (pull_request) Successful in 20s
CI Code / Check coding style (pull_request) Successful in 34s
CI Code / Linux (debian) (pull_request) Successful in 6m21s
CI Code / Linux (ubuntu) (pull_request) Successful in 6m25s
CI Code / Code Coverage (pull_request) Successful in 13m14s
CI Code / Linux (arch) (pull_request) Successful in 7m26s
CI Code / Check spelling (push) Successful in 19s
CI Code / Check coding style (push) Successful in 30s
CI Code / Linux (debian) (push) Successful in 6m26s
CI Code / Linux (ubuntu) (push) Successful in 6m27s
CI Code / Code Coverage (push) Has been cancelled
CI Code / Linux (arch) (push) Has been cancelled
|
|||
|
4fce333c9a
|
fix(xmpp): show message for empty disco#items results (XEP-0030)
All checks were successful
CI Code / Check spelling (pull_request) Successful in 23s
CI Code / Check coding style (pull_request) Successful in 34s
CI Code / Code Coverage (pull_request) Successful in 4m45s
CI Code / Linux (debian) (pull_request) Successful in 6m10s
CI Code / Linux (ubuntu) (pull_request) Successful in 6m17s
CI Code / Linux (arch) (pull_request) Successful in 6m24s
CI Code / Check spelling (push) Successful in 17s
CI Code / Check coding style (push) Successful in 30s
CI Code / Linux (debian) (push) Successful in 6m16s
CI Code / Linux (ubuntu) (push) Successful in 6m22s
CI Code / Linux (arch) (push) Successful in 6m27s
CI Code / Code Coverage (push) Successful in 9m41s
Per XEP-0030 section 3.1: 'if an entity has no associated items,
it MUST return an empty <query/> element.'
The client should display 'No service discovery items for X' when
receiving an empty result, not silently ignore it.
Previous version introduced in commit
|
|||
|
467222d0ca
|
fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps fix(db): sqlite cleanup on failures, sqlite3_close_v2 fix(xmpp): queued_messages loop, barejid leak perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys refactor(ui): CLAMP macro in _check_subwin_width test: XEP-0012 and XEP-0045 functional tests Author: jabber.developer2 Closes #58, #85 |
|||
|
f8826b7c79
|
ci: improve CI stability with parallel builds and Valgrind
All checks were successful
CI Code / Check spelling (push) Successful in 20s
CI Code / Check coding style (push) Successful in 33s
CI Code / Code Coverage (push) Successful in 4m47s
CI Code / Linux (debian) (push) Successful in 6m9s
CI Code / Linux (ubuntu) (push) Successful in 6m13s
CI Code / Linux (arch) (push) Successful in 6m19s
Major changes: Run 4 build configurations in parallel with Valgrind on Linux Add test failure detection verification (meta-test) Port allocation per build to prevent conflicts in parallel runs Add --coverage-only flag for dedicated coverage builds Code quality: Add TEST_GROUPS constant, CMOCKA patterns, helper functions Organize ci-build.sh into sections |
|||
|
8353a29b4f
|
fix(ci): remove insecure git clone flag, add ca-certificates
All checks were successful
CI Code / Check spelling (pull_request) Successful in 22s
CI Code / Check coding style (pull_request) Successful in 34s
CI Code / Code Coverage (pull_request) Successful in 17m45s
CI Code / Linux (ubuntu) (pull_request) Successful in 18m1s
CI Code / Linux (debian) (pull_request) Successful in 18m17s
CI Code / Linux (arch) (pull_request) Successful in 19m0s
CI Code / Check spelling (push) Successful in 19s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 15m28s
CI Code / Linux (ubuntu) (push) Successful in 18m11s
CI Code / Linux (debian) (push) Successful in 18m22s
CI Code / Linux (arch) (push) Successful in 20m51s
Remove -c http.sslverify=false from all git clones (enables proper TLS verification, closes MITM risk). Explicitly install ca-certificates in every CI Docker image. |
|||
|
85c817ee8c
|
ci: speed up builds 4x with parallel tests, coverage, and ccache
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 15m25s
CI Code / Linux (debian) (push) Successful in 15m57s
CI Code / Linux (ubuntu) (push) Successful in 16m0s
CI Code / Linux (arch) (push) Successful in 16m6s
Split functional tests into 4 parallel groups and add check-functional-parallel target (~3x faster CI runs). Add branch-aware LCOV coverage reporting with new --enable-coverage option and lcov summary in CI pipeline. Enable ccache via -C configure flag for faster recompilations. Install lcov in all Docker images and use --depth 1 git clones + parallel make -j$(nproc) for quicker container builds. Update CONTRIBUTING.md with instructions for parallel test groups and adding new ones. All changes are tightly related CI/performance improvements developed in sequence. No external service uploads (e.g. Codecov skipped due to Gitea incompatibility). |
|||
|
a90eef1cb2
|
docs: update CONTRIBUTING.md to clarify functional test guidelines
All checks were successful
CI Code / Check coding style (pull_request) Successful in 29s
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Linux (debian) (pull_request) Successful in 1h5m29s
CI Code / Check coding style (push) Successful in 31s
CI Code / Check spelling (push) Successful in 17s
CI Code / Linux (arch) (push) Successful in 1h3m52s
CI Code / Linux (ubuntu) (pull_request) Successful in 1h4m41s
CI Code / Linux (arch) (pull_request) Successful in 1h7m14s
CI Code / Linux (debian) (push) Successful in 1h4m50s
CI Code / Linux (ubuntu) (push) Successful in 1h5m37s
|