Commit Graph

586 Commits

Author SHA1 Message Date
c1093db090 fix(editor): prevent UI redraw conflicts during editor suspend/resume
All checks were successful
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 3m36s
CI Code / Linux (debian) (push) Successful in 4m43s
CI Code / Linux (ubuntu) (push) Successful in 4m54s
CI Code / Linux (arch) (push) Successful in 6m46s
Guard against re-entrant editor launches, abort editor on Ctrl-Z,
and centralize suspend-aware redraws through prof_doupdate() to prevent
terminal corruption when SIGTSTP is received while editor is active.

Removes SIGUSR1 editor escape in favor of standard pkill <editor> recovery.
2026-06-01 12:21:34 +00:00
72f4f186da merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
Steffen Jaeckel
c0da36c48d Rage-cleanup.
While trying to get the unit tests working again I stumbled over all those
things that I thought could be better^TM.

Now we also know "TODO: why does this make the test fail?" - because
the unit tests are brittle AF ... and we have to init the subsystems
we use in the test, otherwise the cleanup will fail...

BTW. you can now also only run a single test ... or a pattern or so ...
you'd have to read how `cmocka_set_test_filter()` works exactly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
72b99ceb6d Some minor improvements
* destroy/free/shutdown/close in reverse order of allocation
* more static/auto_Xfree
* less variables/strlen/GString
* properly `\0`-terminate string of testcase

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
c5a131ee46 Introduce our own shutdown callback mechanism.
Instead of adding stuff to `_shutdown()`, we can now register a shutdown
routine from the respective `init()` function of our modules.

This also has the advantage, that we're sure they're called in reverse
order from how the initialization happened.

I didn't simply use `atexit()` because POSIX says that the number of
possible callbacks is limited (min 32) and I was not sure whether
we will maybe extend this number at one point.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-07 21:09:16 +01:00
Steffen Jaeckel
2696989ce5 Fix a bunch of obvious memory leaks at termination
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-01-28 16:43:13 +01:00
Hanspeter Portner
cb395b7c09 Make muc_nick return a const char* const
In the documentation of the `muc_nick` function we can read:

> The nickname is owned by the chat room and should not be modified or freed

We should reflect that in the return type and `strdup` the value for the
plugin API.

Fixes: https://github.com/profanity-im/profanity/issues/2013
2025-01-26 18:16:14 +01:00
Steffen Jaeckel
dc0f2acb9a Simplify usage of roster_get_display_name()
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:27:11 +01:00
Steffen Jaeckel
c3ed0c3262 Only handle MAM response if window still exists
Before this patch the following scenario lead to a segfault:
1. open a window that sends a MAM request
2. fast enough close that window again before the MAM response was
   processed
Once the MAM response is received we'd call `_mam_rsm_id_handler()`
from the `_iq_handler()` and `window` would point to a non-existant window
which leads to a segfault.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 16:31:42 +01:00
Michael Vetter
a17544d962 Remove not needed check 2023-08-11 15:34:26 +02:00
Martin Dosch
2ed6211cc3 Don't use xscreensaver on wayland.
Fixes #1874.
2023-08-11 13:12:52 +02:00
Michael Vetter
22b1d14b67 Add helper function to create version string
And remove all the duplicate code.

Depending on the situation prof_get_version() will return:
* 0.13.1
* 0.13.1dev
* 0.13.1dev.master.69d8c1f9
2023-07-25 20:58:15 +02:00
John Hernandez
029f1caa52 Cleanup jid_destroy to auto_jid
Remove unused variables
Apply minor cleanups
2023-07-13 17:05:07 +02:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
John Hernandez
4a70f5f513 Cleanup char* to auto_gchar gchar* for prefs_get_string
Necessity explained in #1819
2023-07-03 16:06:27 +02:00
John Hernandez
99c9f150f6 Fix PGP
Fix of PGP and potentially other encryption methods by calling correct function that would initiate them in case if someone writes.
2023-03-31 12:30:51 +02:00
Paul Fertser
e1323655ee Fix race condition on resize
The current code is inherently racy: if screen update takes
considerable time (e.g. when working over network) and a user
performed a series of resizes the final event might get ignored and
the display will be left in inconsistent state.

Fix the race by unsetting the flag first so if the next WINCH signal
is received while display is resizing it'll be processed on the next
iteration.
2022-04-01 10:49:01 +03:00
Michael Vetter
f21595597f Format code correctly 2021-10-05 10:01:27 +02:00
Michael Vetter
6df062b542 Change ui_win_has_attention() logic 2021-05-31 09:51:23 +02:00
DebXWoody
1526a00123 Attention flag - Implemented Alt+m 2021-05-29 20:16:21 +02:00
Michael Vetter
1d8061e89b Have separate settings for intype
Old: `/intype on|of`
Typing information is printed in console and titlebar.

New: `/intype titlebar|console on|off`
Typing information can be configured in more detail.

Regards https://github.com/profanity-im/profanity/issues/1516
2021-05-08 19:38:40 +02:00
Thorben Günther
71236a0d5a Update ui_ask_password to support confirmation
Just prints a different string to console.
Useful for changing passwords or account registration.
2021-03-11 14:40:17 +01:00
Akce
f3e080e268 Draw wintitle using fputs and fprintf instead of /bin/echo. 2021-02-28 07:43:26 +11:00
Michael Vetter
35aecd425f Declare counter var inside loop
We require c99/gnu99 anyways.
2020-11-09 11:33:33 +01:00
nia
52e9be4abc Basic support for building on NetBSD.
- Add NetBSD as a recognized platform without -ldl.
- Allow building with NetBSD libcurses instead of ncurses.
- Portability to NetBSD sh - use POSIX '=' instead of '=='.
2020-09-04 12:55:20 +02:00
Michael Vetter
11d849aa7f Dont hilight console once all messages have been read
If we receive a message we get:
<< room message: eagle@conference.anoxinon.me (win 2)

Same for private chats and regular chats.
And several other kinds of notifications.

If we only receive notifications from a chat window it would be nice to
also clear the hilight on the console window since we already catched up
by reading the actual message in the chat window.

Probably not the best description :-) I hope you get it..

Regards https://github.com/profanity-im/profanity/issues/1399
2020-07-09 15:44:35 +02:00
Michael Vetter
a2726b6a7d Apply coding style 2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa Revert "Apply coding style"
This reverts commit 9b55f2dec0.

Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0 Apply coding style
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
Michael Vetter
e5ac12afa6 Remove prefs_free_string()
It just does a free.
Related to b580b9ef11
2020-07-02 11:34:12 +02:00
Michael Vetter
b2ec6ba4ce ui_room_join() dont get nick twice 2020-04-20 16:01:05 +02:00
Michael Vetter
1f8b1eb740 Allow utf8 symbols as omemo/pgp/otr indicator char
Fix https://github.com/profanity-im/profanity/issues/1264
2020-02-20 23:36:10 +01:00
Michael Vetter
cd80b6cbf2 Change theme handling
So far when loading a theme it also overwrote the preferences the user
set.

Lengthy discussion can be found at
https://github.com/profanity-im/profanity/issues/1077

Now we use `/theme load themename` to load the [colours] part of a
themem only.

`/theme full-load themename` will load the complete theme including
preferences set in there.

Regards https://github.com/profanity-im/profanity/issues/1077
2020-01-29 12:33:55 +01:00
Michael Vetter
3036834ec8 separator: Enable for MUC and PRIVWIN too
Fix https://github.com/profanity-im/profanity/issues/1238
2019-12-13 13:13:02 +01:00
Michael Vetter
14f25992c3 Initial work on last-read-position feature
Print dashes on the position we last left off in a chat window.
So far the number of dashes is hardcoded, and the feature only works in
chat windows.

Regards https://github.com/profanity-im/profanity/issues/1238
2019-12-13 12:05:24 +01:00
Michael Vetter
9bb2d7f95e Dont print error message if a valid setting function is called
This is because the actual command that parses itself (cmd_logging) returns false if it didn't get the expected parameters.
Handing the printing however is done by another function. This function is added to the Command struct as setting_function.
So if this is set, and the actual command returns false. We should just call the setting_function and not print the error message.

Fix https://github.com/profanity-im/profanity/issues/1237
2019-12-12 22:24:09 +01:00
Michael Vetter
46fd7150e5 Add vim modeline 2019-11-13 12:11:05 +01:00
Michael Vetter
d004891a29 Reduce scope of num in ui_print_system_msg_from_recipient() 2019-07-22 13:25:52 +02:00
Paul Fariello
5f015e32b2 Add OMEMO policy
There is 3 policy:

- manual: OMEMO session are only started manually
- automatic: OMEMO session are only started if they have been started
  manually before
- always: OMEMO session are always started unless they have been ended
  manually before

Closes #1040 and fixes #1052
2019-04-17 14:03:14 +02:00
David Baer
a1ec80e194 Fix use after free bug 2019-03-22 09:10:54 -04:00
Michael Vetter
706af9a900 Update copyright to include 2019 2019-01-22 11:31:45 +01:00
Paul Fariello
a952776b89 Rename mucconf wins into conf wins
Configuration windows are now being used by both muc and cmd.
2018-09-05 13:51:00 +02:00
James Booth
4bf67fb35a Use jid prefs in statusbar 2018-03-10 22:41:55 +00:00
James Booth
95b639a21f WIP add self prefs for statusbar 2018-03-10 22:16:52 +00:00
James Booth
59382984c0 Add preferences for tab display 2018-03-09 21:15:27 +00:00
James Booth
119c5650cf Show name in statusbar tabs WIP 2018-03-08 20:01:36 +00:00
James Booth
105c9c2943 Add time to status bar 2018-03-07 21:29:41 +00:00
James Booth
250e972b7a Update copyright 2018-01-21 15:00:02 +00:00
James Booth
68a3daedb9 Update Copyright 2017-01-28 17:24:22 +00:00