Commit Graph

31 Commits

Author SHA1 Message Date
72f4f186da merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00
Steffen Jaeckel
fdfe3e2ad9 Rework OMEMO handling on disconnect
* Fix missing destruction of `session_store` and mutex
* Replace `glib_hash_table_free()`
  The glib API `g_hash_table_destroy()` does exactly the same.
* Use the default libsignal `destroy_func` instead of doing that manually
* Set internal state to `0` after everything is cleaned up

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:26:21 +01:00
John Hernandez
7f3fca2bd0 Cleanup: gchar as gchar instead of char
Use gchar instead of char in most of the cases where gchar is intended.

Reason: improve compatibility and stability. Issue #1819

Minor refactoring.
2023-05-04 16:15:09 +02:00
Steffen Jaeckel
698aefa005 fix memory leaks in OMEMO
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-18 20:11:13 +01:00
Michael Vetter
3f8720d70f build: remove support for old libsignal
Remove support for libsignal-protocol-c < 2.3.2.
Debian 10 uses 2.3.2, Debian 11 and 12 use 2.3.3.
openSUSE from 15.2 onward uses 2.3.3.
Fedora since 28 uses 2.3.2.

We should be good.
2022-02-18 14:01:28 +01:00
Michael Vetter
f21595597f Format code correctly 2021-10-05 10:01:27 +02:00
DebXWoody
879a47c71b OMEMO Logging 2021-06-28 20:02:22 +02:00
DebXWoody
de06cd395b Improved OMEMO logging
The most loggings has been set to debug. Just in case of error / problem the
logging should be done with log-level ERROR or WARNING.

We will see later, which loggings should be switched to log-level INFO.

This improvement has been done to find OMEMO bugs.

See also: #1070 #1530 #1538
2021-05-28 17:45:15 +02:00
Michael Vetter
a2726b6a7d Apply coding style 2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa Revert "Apply coding style"
This reverts commit 9b55f2dec0.

Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0 Apply coding style
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
Michael Vetter
46fd7150e5 Add vim modeline 2019-11-13 12:11:05 +01:00
Michael Vetter
1b2e71faac Fix memleak in save_identity()
I don't see a reason for strdupping here.
2019-07-23 08:34:46 +02:00
Michael Vetter
fade378fee Dont use not needed strdup() in save_identity()
I don't see a reason for strdupping here.
2019-07-23 08:34:46 +02:00
Paul Fariello
b110da9a92 Fix various OMEMO memleaks 2019-07-10 17:32:23 +02:00
Paul Fariello
f081766913 Mark messages received from a session as trusted 2019-06-25 18:43:15 +02:00
Paul Fariello
44d16e9141 Add prof_message_t to wrap all message attributes
Probably missing copy of body to plain in carbon and privmessage.
Only covers the incoming message path because goal is OMEMO decryption
of untrusted message.
Cover some of the log functions but not all.
2019-06-20 14:30:42 +02:00
Paul Fariello
a650ecc67d Add trusted state after OMEMO decryption
Use it to print message on red background if not trusted.
2019-06-20 14:29:55 +02:00
Paul Fariello
2604786cb6 Decrypt all incoming OMEMO msg
Trust all key as long as it's for reading. This code isn't multithread
safe.
2019-06-20 14:29:55 +02:00
Michael Vetter
e4b007c9da Add copyright to omemo code 2019-06-17 10:47:56 +02:00
Paul Fariello
5731a7c472 Remove OMEMO session when untrusting a fingerprint
We have to store known_devices in a long term fashion otherwise we might
not be able to delete session if it is remove from device list server
side.
2019-06-07 23:43:40 +02:00
Paul Fariello
ad21021ce7 Fix issue with first encrypted message
When decrypting first message with prekey, libsignal wants to remove
used prekey from storage. Return value on success should be 0.

We used to return number of deleted keys. Thus libsignal was considering
we failed to remove the key and we were ignoring plaintext.
2019-04-10 17:24:56 +02:00
Paul Fariello
25eb138d0b Rework trusted fingerprint storage
Stop using "jid:device_id" keys. And move long term storage to its own
file: trust.txt.
2019-04-10 17:23:46 +02:00
Paul Fariello
5cd2b8dc9d Permanently store pre keys 2019-04-10 17:23:46 +02:00
Paul Fariello
91ee289c77 Add support for disconnect in OMEMO 2019-04-10 17:12:31 +02:00
Paul Fariello
23485eb4e7 Don't trust unknown identity keys
Also add long terme storage of known identity keys.
If a key is stored it means it is trusted.
2019-04-10 17:12:31 +02:00
Paul Fariello
97c661271b Add support for libsignal-protocol-c 2.3.2 2019-04-10 17:12:31 +02:00
Paul Fariello
55407ee15f Add OMEMO session long term storage 2019-04-10 16:31:45 +02:00
Paul Fariello
9b8c1d7d2c Add support for encrypted carbon
Fix {signed,}_pre_key store
2019-04-10 16:31:45 +02:00
Paul Fariello
0fb27dc496 Add OMEMO message encryption and decryption 2019-04-10 16:03:50 +02:00
Paul Fariello
f9216fddb1 Add signal store backend and OMEMO start command 2019-04-10 16:03:50 +02:00