72f4f186da
merge: sync upstream profanity-im/profanity
...
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.
Major upstream changes incorporated:
Memory management
- Replace malloc+memset with g_new0 throughout codebase
- Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
- Replace free() with g_free() for GAlloc'd memory
Editor rewrite
- Remove pthread-based async editor; use GChildWatch callback API
- New launch_editor(initial_content, callback, user_data) interface
- Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
- ui_suspend()/ui_resume() integration for TTY management
OMEMO improvements
- Dual backend support: libsignal-protocol-c and libomemo-c
- Proper pre-key removal after use (XEP-0384 compliance)
- Automatic pre-key regeneration when store drops below threshold
- New functions: omemo_is_device_active(), omemo_is_jid_trusted()
- omemo_get_jid_untrusted_fingerprints() for better error messages
- Fingerprint notifications on new device identity discovery
- Deterministic pre-key ID generation tracking max_pre_key_id
- omemo_trust_changed() UI updates on trust state changes
JID validation
- RFC 6122-compliant validation in jid_is_valid()
- Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
- Length limits: 1023 per component, 3071 total
- New jid_is_valid_user_jid() for user vs. service JID distinction
Database
- Schema migration v3: UNIQUE constraint on archive_id for deduplication
- Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
- db_history_result_t return type, _truncate_datetime_suffix()
UI / console
- win_warn_needed() / win_warn_sent() warning deduplication hash table
- PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
- Spellcheck integration in input field with Unicode word detection
- cons_spellcheck_setting() for /settings ui output
- /[command]? shortcut for command help
Account config
- Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
- Replace popen() with g_spawn_sync() for eval_password
- TLS policy: add "direct" option alongside legacy
Connection
- Port validation with g_assert (0–65535)
- SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
- "direct" TLS policy alias for legacy SSL
Common utilities
- str_xml_sanitize() for XML 1.0 illegal character removal
- string_matches_one_of() with formatted error messages
- valid_tls_policy_option() helper
- prof_date_time_format_iso8601() utility
- Improved strip_arg_quotes() with backslash unescaping
- prof_occurrences() uses g_slist_prepend + reverse for performance
PGP / OX
- Proper GPGME resource cleanup with goto-cleanup pattern
- g_string_free(xmppuri) leak fix in _ox_key_lookup
CSV export
- Use GString + g_file_set_contents instead of raw write() syscalls
Tests
- Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
- New test_cmd_ac.c for autocompleter unit tests
- Updated stubs for new UI suspend/resume functions
License headers
- Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)
────────────────────────────────────────────────────
cproof-specific preservations:
- XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
- Force encryption: cmd_force_encryption, test_forced_encryption
- CWE-134: format string protection (cons_show("%s", ...))
- y_start_pos-based paging in window.c
- db_history_result_t return type, _truncate_datetime_suffix()
Merge-time fixes:
- common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
- database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
- console.c: implicit size_t → int cast — (int)(maxlen + 1)
- tlscerts.c: %d for size_t — %zu
Build system:
- Kept autotools (Makefile.am, configure.ac); upstream uses Meson
- Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
- Updated Makefile.am test paths for subdirectory structure
- Added test_cmd_ac, test_forced_encryption to test sources
Functional tests:
- Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
- Not yet available in devs/stabber fork
Closes #64
Merge author: jabber.developer2
Commits authors:
Michael Vetter <jubalh@iodoru.org >
& Steffen Jaeckel <s@jaeckel.eu >
2026-05-26 17:48:14 +00:00
9ec01fa8cc
fix: CWE-134 format string audit and compiler hardening
...
CI Code / Check spelling (push) Successful in 20s
CI Code / Check coding style (push) Successful in 36s
CI Code / Code Coverage (push) Successful in 5m38s
CI Code / Linux (ubuntu) (push) Successful in 7m1s
CI Code / Linux (debian) (push) Successful in 7m5s
CI Code / Linux (arch) (push) Successful in 7m19s
Security:
Fix CWE-134 in iq.c: user-controlled string passed as format argument
Add G_GNUC_PRINTF annotations to all variadic printf-like wrappers
in ui.h, log.h and http_common.h
Compiler flags (configure.ac):
Replace basic -Wformat/-Wformat-nonliteral with -Wformat=2
Add -Wextra, -Wnull-dereference, -Wpointer-arith,
-Wimplicit-function-declaration, -Wundef, -Wfloat-equal,
-Wredundant-decls, -Walloc-zero
Add -fstack-protector-strong, -fno-common, -D_FORTIFY_SOURCE=2
Add GCC-specific flags via AC_COMPILE_IFELSE: -Wlogical-op,
-Wduplicated-cond, -Wduplicated-branches, -Wstringop-overflow,
-Warray-bounds=2
Suppress noisy -Wextra sub-warnings: -Wno-unused-parameter,
-Wno-missing-field-initializers, -Wno-sign-compare,
-Wno-cast-function-type
Remove AM_CFLAGS/CFLAGS duplication
Bug fixes found by new warnings:
chatlog.c: non-MUCPM redact path passed resourcepart instead of NULL
rosterwin.c: merge duplicated if/else branches into single condition
omemo.c: redundant else-if in omemo_automatic_start; remove
unnecessary scope block and goto, use early return
console.c: pointer compared to integer 0 instead of NULL
stanza.c: increase pri_str/idle_str buffers from 10 to 12 bytes
(INT_MIN = -2147483648 needs 12 bytes including NUL)
vcard.c: NULL guard for filename before g_file_set_contents
api.c: broken log_warning() calls with extra format argument
Format mismatch fixes:
chatwin.c: Jid* → char* for %s
connection.c: %x → %lx for long flags
cmd_funcs.c: %d → %zu for size_t; cast gpointer to char* for %s
cmd_defs.c: %d → %u for g_list_length() return (guint)
iq.c: barejid → fulljid for from_jid
console.c, mucwin.c, privwin.c, account.c, omemo.c, presence.c:
gpointer → (char*) casts for %s
Const-correctness and cleanup:
database.c: const for type, query, sort variables
form.c/xmpp.h: const for form_set_value parameter
files.c: refactor to early return, eliminating NULL logfile path
muc.c/muc.h: remove meaningless top-level const on return type
common.c: const for URL string literal
Remove stale declarations: cons_show_desktop_prefs (ui.h),
connection_set_priority (connection.h),
omemo_devicelist_configure_and_request (omemo.h)
test_common.c: add currb NULL check to silence -Wnull-dereference
Tooling (check-cwe134.sh):
Reduce from 5 checks to 2 (checks 1-3 redundant with -Wformat=2)
Check 1: verify known wrappers have G_GNUC_PRINTF attribute
Check 2: auto-detect unannotated variadic printf-like functions
Match both const char* and const gchar* in variadic patterns
Author: jabber.developer2 <jabber.developer2@jabber.space >
2026-03-07 11:55:50 +01:00
John Hernandez
029f1caa52
Cleanup jid_destroy to auto_jid
...
Remove unused variables
Apply minor cleanups
2023-07-13 17:05:07 +02:00
John Hernandez
07cc19ce10
Add sessions_alarm
...
Introduce new feature: sessions_alarm.
Added new account setting: max_connections. On exceeding this number,
user will get an alert. If number is less than 1, no alert will happen.
Tests altered to fit new feature.
2023-04-18 14:28:20 +02:00
John Hernandez
5d3c8ce7c1
Allow setting client identification name/version manually
...
Add changes allowing user to switch client name and version.
Useful for enhancing user privacy.
Minor cleanup.
2023-04-09 14:17:01 +02:00
Steffen Jaeckel
302d0dd576
let account_new() take ownership of passed values
...
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de >
2023-01-18 20:02:46 +01:00
MarcoPolo-PasTonMolo
e4e53d6e01
Don't forget encryption status for OX and PGP.
...
Use a pgp.enabled and ox.enabled array the same way that omemo.enabled
is used.
Fixes https://github.com/profanity-im/profanity/issues/1694
Fixes https://github.com/profanity-im/profanity/issues/733
2022-06-17 15:43:54 +03:00
Michael Vetter
057c9ad776
Add config.h in files were it was missing
...
Related to https://github.com/profanity-im/profanity/issues/1512
2021-03-26 19:54:22 +01:00
William Wennerström
695a1d3c8c
Use popen for eval_password (reintroduce old behavior)
...
Old commit that implemented the old behavior:
bc9e6b79cd
2020-12-15 15:45:16 +01:00
William Wennerström
32cfea4bd2
Refactor call_external
2020-12-11 15:51:01 +01:00
Michael Vetter
a2726b6a7d
Apply coding style
2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa
Revert "Apply coding style"
...
This reverts commit 9b55f2dec0 .
Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0
Apply coding style
...
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
William Wennerström
deb0818a1b
Log errors from eval_password
...
All errors were discarded to /dev/null if the error_ptr was set to
NULL.
2020-07-06 11:02:04 +02:00
Michael Vetter
b79d7e8752
Fix NULL terminated list
...
Regards https://github.com/profanity-im/profanity/issues/1367
2020-06-23 14:42:09 +02:00
Michael Vetter
448f7f0936
Use shell to start eval_password command
...
Since d92c576aa5
we rely on g_spawn_sync().
Which doesn't do variable/glob expansion.
For our use of call_external() in opening and URL or avatar this is
fine.
For getting the password we want to be able to use ~ for our files.
Let's use a shell here.
Fix https://github.com/profanity-im/profanity/issues/1364
2020-06-19 20:17:20 +02:00
Dmitry Podgorny
ac410445af
Add option for legacy authentication
...
New options:
/connect <account> [auth default|legacy]
/account <account> set auth default|legacy
Fixes #1236 .
2020-06-05 11:37:51 +03:00
Pierre Mazière
fad77d9d70
Use external_call to get password via eval_password command
...
Signed-off-by: Pierre Mazière <pierre.maziere@gmx.com >
2020-06-03 13:09:29 +02:00
Michael Vetter
46fd7150e5
Add vim modeline
2019-11-13 12:11:05 +01:00
Michael Vetter
d0c3d3fd6b
Null-set account struct
...
Surpresses the valgrind warning about uninit. values.
2019-10-14 11:35:18 +02:00
Paul Fariello
5f015e32b2
Add OMEMO policy
...
There is 3 policy:
- manual: OMEMO session are only started manually
- automatic: OMEMO session are only started if they have been started
manually before
- always: OMEMO session are always started unless they have been ended
manually before
Closes #1040 and fixes #1052
2019-04-17 14:03:14 +02:00
Michael Vetter
706af9a900
Update copyright to include 2019
2019-01-22 11:31:45 +01:00
Dmitry Podgorny
3fd6f70bd9
Override account options with connect options
...
With this feature user can configure TLS policy for an account and
override it for a single login with /connect command.
Example:
/account set <jid> tls force
/connect <jid> tls trust
The example shows how to trust server's certificate only once.
Fixes #1021 .
2018-11-07 15:02:30 +02:00
James Booth
250e972b7a
Update copyright
2018-01-21 15:00:02 +00:00
James Booth
68a3daedb9
Update Copyright
2017-01-28 17:24:22 +00:00
James Booth
e043029a50
Allow clearing account resource
...
issue #880
2016-11-22 00:39:52 +00:00
James Booth
609d05366c
Use server features for account muc service
...
issue #878
2016-11-20 02:09:34 +00:00
James Booth
37742d71b6
Move resource conversions
2016-07-24 16:27:39 +01:00
James Booth
0a57c4de78
Tidy headers
2016-07-24 15:43:51 +01:00
James Booth
1c5efaeb58
Moved jid.c
2016-07-24 14:59:28 +01:00
James Booth
e8fc80f5c1
Update GPL link in headers
2016-07-24 01:14:49 +01:00
James Booth
e53e94f1e2
Updated copyright
2016-02-14 22:54:46 +00:00
James Booth
53fc89f711
Added account theme property
2016-01-22 01:06:28 +00:00
James Booth
13ae9252a7
Applied coding style to account.c
2015-10-25 00:35:39 +01:00
James Booth
6640a0891f
Force tls on all connections, add tls policy account property
2015-10-18 03:06:23 +01:00
James Booth
904a5a81cf
Add ability to script commands after connect
2015-10-15 01:19:24 +01:00
James Booth
3fd9692aec
Merge branch 'master' into pgp
2015-05-04 23:40:58 +01:00
James Booth
47549452f1
Use null check convention in account.c
2015-05-04 22:29:51 +01:00
James Booth
7a44e17141
Merge branch 'master' into pgp
...
Conflicts:
src/config/account.h
2015-04-23 23:48:43 +01:00
James Booth
bc9e6b79cd
Tidied account login
2015-04-23 21:56:48 +01:00
James Booth
475dfebd97
Added pgpkeyid account setting, send signed presence
2015-03-23 23:38:06 +00:00
James Booth
b3be26a214
Updated copyright
2015-02-10 23:16:09 +00:00
James Booth
a932998fb1
Removed unused include, free eval_password
2015-01-13 00:43:17 +00:00
Peter Vilim
401835f32a
Add support for evaluated password
2015-01-06 23:00:02 -06:00
James Booth
f9737251a6
Added license exemption for OpenSSL to source headers
2014-08-24 20:57:39 +01:00
James Booth
b3d49f2a3c
Added backwards compatible g_list_free_full for glib < 2.28
2014-05-21 21:39:31 +01:00
James Booth
9dda7036a9
Implemented per contact OTR policy setting
2014-05-11 19:32:07 +01:00
James Booth
95ff13136b
Added OTR policy account preference
2014-05-11 14:13:15 +01:00
James Booth
d6e92f62dc
Fixed cppcheck warnings
2014-04-26 00:36:36 +01:00
James Booth
26726b207a
Updated copyright
2014-03-09 01:18:19 +00:00