Commit Graph

51 Commits

Author SHA1 Message Date
72f4f186da merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00
9ec01fa8cc fix: CWE-134 format string audit and compiler hardening
All checks were successful
CI Code / Check spelling (push) Successful in 20s
CI Code / Check coding style (push) Successful in 36s
CI Code / Code Coverage (push) Successful in 5m38s
CI Code / Linux (ubuntu) (push) Successful in 7m1s
CI Code / Linux (debian) (push) Successful in 7m5s
CI Code / Linux (arch) (push) Successful in 7m19s
Security:
Fix CWE-134 in iq.c: user-controlled string passed as format argument
Add G_GNUC_PRINTF annotations to all variadic printf-like wrappers
in ui.h, log.h and http_common.h
Compiler flags (configure.ac):

Replace basic -Wformat/-Wformat-nonliteral with -Wformat=2
Add -Wextra, -Wnull-dereference, -Wpointer-arith,
-Wimplicit-function-declaration, -Wundef, -Wfloat-equal,
-Wredundant-decls, -Walloc-zero
Add -fstack-protector-strong, -fno-common, -D_FORTIFY_SOURCE=2
Add GCC-specific flags via AC_COMPILE_IFELSE: -Wlogical-op,
-Wduplicated-cond, -Wduplicated-branches, -Wstringop-overflow,
-Warray-bounds=2
Suppress noisy -Wextra sub-warnings: -Wno-unused-parameter,
-Wno-missing-field-initializers, -Wno-sign-compare,
-Wno-cast-function-type
Remove AM_CFLAGS/CFLAGS duplication
Bug fixes found by new warnings:

chatlog.c: non-MUCPM redact path passed resourcepart instead of NULL
rosterwin.c: merge duplicated if/else branches into single condition
omemo.c: redundant else-if in omemo_automatic_start; remove
unnecessary scope block and goto, use early return
console.c: pointer compared to integer 0 instead of NULL
stanza.c: increase pri_str/idle_str buffers from 10 to 12 bytes
(INT_MIN = -2147483648 needs 12 bytes including NUL)
vcard.c: NULL guard for filename before g_file_set_contents
api.c: broken log_warning() calls with extra format argument
Format mismatch fixes:

chatwin.c: Jid* → char* for %s
connection.c: %x → %lx for long flags
cmd_funcs.c: %d → %zu for size_t; cast gpointer to char* for %s
cmd_defs.c: %d → %u for g_list_length() return (guint)
iq.c: barejid → fulljid for from_jid
console.c, mucwin.c, privwin.c, account.c, omemo.c, presence.c:
gpointer → (char*) casts for %s
Const-correctness and cleanup:

database.c: const for type, query, sort variables
form.c/xmpp.h: const for form_set_value parameter
files.c: refactor to early return, eliminating NULL logfile path
muc.c/muc.h: remove meaningless top-level const on return type
common.c: const for URL string literal
Remove stale declarations: cons_show_desktop_prefs (ui.h),
connection_set_priority (connection.h),
omemo_devicelist_configure_and_request (omemo.h)
test_common.c: add currb NULL check to silence -Wnull-dereference
Tooling (check-cwe134.sh):

Reduce from 5 checks to 2 (checks 1-3 redundant with -Wformat=2)
Check 1: verify known wrappers have G_GNUC_PRINTF attribute
Check 2: auto-detect unannotated variadic printf-like functions
Match both const char* and const gchar* in variadic patterns

Author: jabber.developer2 <jabber.developer2@jabber.space>
2026-03-07 11:55:50 +01:00
John Hernandez
029f1caa52 Cleanup jid_destroy to auto_jid
Remove unused variables
Apply minor cleanups
2023-07-13 17:05:07 +02:00
John Hernandez
07cc19ce10 Add sessions_alarm
Introduce new feature: sessions_alarm.

Added new account setting: max_connections. On exceeding this number,
user will get an alert. If number is less than 1, no alert will happen.

Tests altered to fit new feature.
2023-04-18 14:28:20 +02:00
John Hernandez
5d3c8ce7c1 Allow setting client identification name/version manually
Add changes allowing user to switch client name and version.

Useful for enhancing user privacy.

Minor cleanup.
2023-04-09 14:17:01 +02:00
Steffen Jaeckel
302d0dd576 let account_new() take ownership of passed values
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-18 20:02:46 +01:00
MarcoPolo-PasTonMolo
e4e53d6e01 Don't forget encryption status for OX and PGP.
Use a pgp.enabled and ox.enabled array the same way that omemo.enabled
is used.

Fixes https://github.com/profanity-im/profanity/issues/1694
Fixes https://github.com/profanity-im/profanity/issues/733
2022-06-17 15:43:54 +03:00
Michael Vetter
057c9ad776 Add config.h in files were it was missing
Related to https://github.com/profanity-im/profanity/issues/1512
2021-03-26 19:54:22 +01:00
William Wennerström
695a1d3c8c Use popen for eval_password (reintroduce old behavior)
Old commit that implemented the old behavior:
bc9e6b79cd
2020-12-15 15:45:16 +01:00
William Wennerström
32cfea4bd2 Refactor call_external 2020-12-11 15:51:01 +01:00
Michael Vetter
a2726b6a7d Apply coding style 2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa Revert "Apply coding style"
This reverts commit 9b55f2dec0.

Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0 Apply coding style
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
William Wennerström
deb0818a1b Log errors from eval_password
All errors were discarded to /dev/null if the error_ptr was set to
NULL.
2020-07-06 11:02:04 +02:00
Michael Vetter
b79d7e8752 Fix NULL terminated list
Regards https://github.com/profanity-im/profanity/issues/1367
2020-06-23 14:42:09 +02:00
Michael Vetter
448f7f0936 Use shell to start eval_password command
Since d92c576aa5
we rely on g_spawn_sync().
Which doesn't do variable/glob expansion.

For our use of call_external() in opening and URL or avatar this is
fine.

For getting the password we want to be able to use ~ for our files.
Let's use a shell here.

Fix https://github.com/profanity-im/profanity/issues/1364
2020-06-19 20:17:20 +02:00
Dmitry Podgorny
ac410445af Add option for legacy authentication
New options:
  /connect <account> [auth default|legacy]
  /account <account> set auth default|legacy

Fixes #1236.
2020-06-05 11:37:51 +03:00
Pierre Mazière
fad77d9d70 Use external_call to get password via eval_password command
Signed-off-by: Pierre Mazière <pierre.maziere@gmx.com>
2020-06-03 13:09:29 +02:00
Michael Vetter
46fd7150e5 Add vim modeline 2019-11-13 12:11:05 +01:00
Michael Vetter
d0c3d3fd6b Null-set account struct
Surpresses the valgrind warning about uninit. values.
2019-10-14 11:35:18 +02:00
Paul Fariello
5f015e32b2 Add OMEMO policy
There is 3 policy:

- manual: OMEMO session are only started manually
- automatic: OMEMO session are only started if they have been started
  manually before
- always: OMEMO session are always started unless they have been ended
  manually before

Closes #1040 and fixes #1052
2019-04-17 14:03:14 +02:00
Michael Vetter
706af9a900 Update copyright to include 2019 2019-01-22 11:31:45 +01:00
Dmitry Podgorny
3fd6f70bd9 Override account options with connect options
With this feature user can configure TLS policy for an account and
override it for a single login with /connect command.

Example:
 /account set <jid> tls force
 /connect <jid> tls trust
The example shows how to trust server's certificate only once.

Fixes #1021.
2018-11-07 15:02:30 +02:00
James Booth
250e972b7a Update copyright 2018-01-21 15:00:02 +00:00
James Booth
68a3daedb9 Update Copyright 2017-01-28 17:24:22 +00:00
James Booth
e043029a50 Allow clearing account resource
issue #880
2016-11-22 00:39:52 +00:00
James Booth
609d05366c Use server features for account muc service
issue #878
2016-11-20 02:09:34 +00:00
James Booth
37742d71b6 Move resource conversions 2016-07-24 16:27:39 +01:00
James Booth
0a57c4de78 Tidy headers 2016-07-24 15:43:51 +01:00
James Booth
1c5efaeb58 Moved jid.c 2016-07-24 14:59:28 +01:00
James Booth
e8fc80f5c1 Update GPL link in headers 2016-07-24 01:14:49 +01:00
James Booth
e53e94f1e2 Updated copyright 2016-02-14 22:54:46 +00:00
James Booth
53fc89f711 Added account theme property 2016-01-22 01:06:28 +00:00
James Booth
13ae9252a7 Applied coding style to account.c 2015-10-25 00:35:39 +01:00
James Booth
6640a0891f Force tls on all connections, add tls policy account property 2015-10-18 03:06:23 +01:00
James Booth
904a5a81cf Add ability to script commands after connect 2015-10-15 01:19:24 +01:00
James Booth
3fd9692aec Merge branch 'master' into pgp 2015-05-04 23:40:58 +01:00
James Booth
47549452f1 Use null check convention in account.c 2015-05-04 22:29:51 +01:00
James Booth
7a44e17141 Merge branch 'master' into pgp
Conflicts:
	src/config/account.h
2015-04-23 23:48:43 +01:00
James Booth
bc9e6b79cd Tidied account login 2015-04-23 21:56:48 +01:00
James Booth
475dfebd97 Added pgpkeyid account setting, send signed presence 2015-03-23 23:38:06 +00:00
James Booth
b3be26a214 Updated copyright 2015-02-10 23:16:09 +00:00
James Booth
a932998fb1 Removed unused include, free eval_password 2015-01-13 00:43:17 +00:00
Peter Vilim
401835f32a Add support for evaluated password 2015-01-06 23:00:02 -06:00
James Booth
f9737251a6 Added license exemption for OpenSSL to source headers 2014-08-24 20:57:39 +01:00
James Booth
b3d49f2a3c Added backwards compatible g_list_free_full for glib < 2.28 2014-05-21 21:39:31 +01:00
James Booth
9dda7036a9 Implemented per contact OTR policy setting 2014-05-11 19:32:07 +01:00
James Booth
95ff13136b Added OTR policy account preference 2014-05-11 14:13:15 +01:00
James Booth
d6e92f62dc Fixed cppcheck warnings 2014-04-26 00:36:36 +01:00
James Booth
26726b207a Updated copyright 2014-03-09 01:18:19 +00:00