Commit Graph

53 Commits

Author SHA1 Message Date
72f4f186da merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
Steffen Jaeckel
0d5123e69a Trampoline Python unref again.
In the past `Py_XDECREF()` was a macro. Preserve compat to ancient Python
versions by having a trampoline which calls `Py_XDECREF()`.

Fixes: #2043
Fixes: c0da36c4 ("Rage-cleanup.")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
(cherry picked from commit 3299dd8fc6)
2025-09-10 14:00:51 +02:00
6871a4d46f Fix memory leak in _handle_string_or_none_result
All checks were successful
CI / Check spelling (pull_request) Successful in 4m23s
CI / Check coding style (pull_request) Successful in 10m37s
CI / Linux (fedora) (pull_request) Successful in 11m27s
CI / Linux (debian) (pull_request) Successful in 12m48s
CI / Linux (arch) (pull_request) Successful in 16m54s
CI / Linux (ubuntu) (pull_request) Successful in 48m55s
The function did not decref the Python object on type error paths,
resulting in a reference count leak. This caused memory to accumulate
over time. Added Py_XDECREF on all early return paths to properly free
the Python object reference and prevent leaks.
2025-07-02 15:05:44 +02:00
Steffen Jaeckel
c0da36c48d Rage-cleanup.
While trying to get the unit tests working again I stumbled over all those
things that I thought could be better^TM.

Now we also know "TODO: why does this make the test fail?" - because
the unit tests are brittle AF ... and we have to init the subsystems
we use in the test, otherwise the cleanup will fail...

BTW. you can now also only run a single test ... or a pattern or so ...
you'd have to read how `cmocka_set_test_filter()` works exactly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
72b99ceb6d Some minor improvements
* destroy/free/shutdown/close in reverse order of allocation
* more static/auto_Xfree
* less variables/strlen/GString
* properly `\0`-terminate string of testcase

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
John Hernandez
db96d13453 Improve string convertion error handling
Before the change, profanity has shown
`TypeError: prof_pre_chat_message_display() missing 3 required positional arguments: 'barejid',
           'resource', and 'message'`
error for received messages with incorrect encoding
instead of proper error handling for string convertion.

That is a temporary fix, correct fix probably would be
passing potentially problematic char* as `bytes` (using `y` instead of `s` format),
but this would require API changes and hence correction of plugins to
handle new input parameters properly (likely with "decode" function).

A bit hard to reproduce. You need to add a plugin with the following code
(or any other plugin with `prof_pre_chat_message_display` present, such as emoticons.py):
```python
def prof_pre_chat_message_display(barejid, resource, message):
    return message
```

and then receive/send message with incorrectly encoded character, it can be any
invalid UTF8 symbol. You'll see error in console, errors don't represent actual
errors in plugins, but rather Profanity's shortcoming, though it make appear so
that the problem is in plugin.

Actual proper handling would likely be using `y` instead of `s` format
(see [reference](https://docs.python.org/3/c-api/arg.html#c.Py_BuildValue))

> s ([str](https://docs.python.org/3/library/stdtypes.html#str) or None) [const char *]
>    Convert a null-terminated C string to a Python [str](https://docs.python.org/3/library/stdtypes.html#str)
object using 'utf-8' encoding. If the C string pointer is NULL, None is used.

to

> y ([bytes](https://docs.python.org/3/library/stdtypes.html#bytes)) [const char *]
>     This converts a C string to a Python [bytes](https://docs.python.org/3/library/stdtypes.html#bytes)
> object. If the C string pointer is NULL, None is returned.

since there is a [problem](https://docs.python.org/3/c-api/arg.html) with `s`:
> s ([str](https://docs.python.org/3/library/stdtypes.html#str)) [const char *]
>    Convert a Unicode object to a C pointer to a character string.
> A pointer to an existing string is stored in the character pointer variable whose address you pass.
> ... Unicode objects are converted to C strings using 'utf-8' encoding.
> **If this conversion fails**, a [UnicodeError](https://docs.python.org/3/library/exceptions.html#UnicodeError) is raised.

In python such problem can be handled using `errors='ignore'` in [bytes.decode](https://docs.python.org/3/library/stdtypes.html#bytes.decode) or in a more sophisticated manner, depending on needs and realization.
2023-11-22 09:29:31 +01:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
John Hernandez
7f3fca2bd0 Cleanup: gchar as gchar instead of char
Use gchar instead of char in most of the cases where gchar is intended.

Reason: improve compatibility and stability. Issue #1819

Minor refactoring.
2023-05-04 16:15:09 +02:00
j.r
5676159aa5 Fix python executed during configure
Previously it relied on AX_PYTHON_DEVEL, which in turn executes
python-config to get the build flags. However this does not work while
cross compiling because we can't execute the python-config build for the
target platform. To circumvent this problem the python build flags are
now queried via pkgconfig, which has the drawback of not having some
extra build flags, but they do not seem to be needed.

I tested this patch with the termux build system and it build without
their existing hack of injecting python after the configure step. I also
tested non cross compile build on Arch Linux and it also still works.

Fixes #851
2022-02-18 19:45:31 +01:00
Michael Vetter
a2726b6a7d Apply coding style 2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa Revert "Apply coding style"
This reverts commit 9b55f2dec0.

Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0 Apply coding style
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
Michael Vetter
46fd7150e5 Add vim modeline 2019-11-13 12:11:05 +01:00
Dmitry Podgorny
69bba3ea4e plugins/python: fix double _XOPEN_SOURCE definition
ncursesw defines _XOPEN_SOURCE macro via command-line. In particular, it
is defined in ncursesw.pc and extracted via pkg-config. From other side,
Python defines the same macro unconditionally in pyconfig.h. Python-3.x
defines the macro with value different than ncursesw does. In turn, this
causes a warning that the macro is redefined. And warnings are treated
as errors.

Since both entities define the mecro unconditionally, we can't simply
reorder headers as Python developers suggest. So, undefine the macro
just before the <Python.h> to fix this silly issue.
2019-10-15 12:30:38 +00:00
Michael Vetter
706af9a900 Update copyright to include 2019 2019-01-22 11:31:45 +01:00
James Booth
250e972b7a Update copyright 2018-01-21 15:00:02 +00:00
James Booth
17b4e45c57 Show Python version on --version
issue #956
2017-08-10 22:17:05 +01:00
James Booth
68a3daedb9 Update Copyright 2017-01-28 17:24:22 +00:00
James Booth
83385cdbc0 Add pre chat and room message blocking 2017-01-22 18:09:04 +00:00
James Booth
a65403c54a Remove disco features added by plugins on unload 2016-08-11 23:20:59 +01:00
James Booth
bb676cc0fc Check return values from python plugin hooks 2016-08-11 00:27:14 +01:00
James Booth
5d6b2d0b04 Add resource to chat message plugin hooks 2016-08-10 21:37:22 +01:00
James Booth
139e53f388 Decrement reference count on python hook args objects 2016-07-25 21:48:00 +01:00
James Booth
a3a73cf003 Move all filepath handling to files.c 2016-07-24 21:49:35 +01:00
James Booth
0a57c4de78 Tidy headers 2016-07-24 15:43:51 +01:00
James Booth
4209b1cf45 Add /plugins python_version command 2016-07-24 02:12:56 +01:00
James Booth
47dfa6c3fc Merge branch 'master' into python3
Conflicts:
	.gitignore
2016-07-24 01:22:29 +01:00
James Booth
e8fc80f5c1 Update GPL link in headers 2016-07-24 01:14:49 +01:00
James Booth
d44472049b Allow str and unicode in python api 2016-07-24 01:09:18 +01:00
James Booth
376811a960 Tidy python3 conditional code 2016-07-19 01:02:33 +01:00
James Booth
71ccfcc09f Add python_init_prof() 2016-07-18 23:24:26 +01:00
James Booth
7d742f704f Fix prof module init for python3 2016-07-18 01:27:23 +01:00
James Booth
ace2715cf7 Added PYTHON3 define 2016-07-14 00:00:46 +01:00
James Booth
d24a0508f4 Store python modules on load 2016-07-09 23:42:09 +01:00
James Booth
7776c1494a Reaload python module if previous loaded on /plugin load 2016-07-09 23:13:36 +01:00
James Booth
99598e7d57 Add plugins on_unload hook 2016-07-05 22:03:14 +01:00
James Booth
c8d09083a8 Remove plugin callbacks in plugin_destroy functions 2016-07-04 22:54:55 +01:00
James Booth
29eb843d56 Revert "WIP - Unload plugin commands"
This reverts commit a01eb5d08e.
2016-06-30 22:37:52 +01:00
James Booth
a01eb5d08e WIP - Unload plugin commands 2016-06-29 23:35:57 +01:00
James Booth
8f009c3c8d Plugins fixed return values for python stanza hooks 2016-04-15 22:37:44 +01:00
James Booth
b3a3351a35 Plugins: Added account_name and fulljid to prof_init hook 2016-04-13 00:10:37 +01:00
James Booth
8ff9fd7091 Execute python string to append plugin path 2016-04-12 02:31:28 +01:00
James Booth
03ab8baf4d Added /plugins load command 2016-04-10 01:15:11 +01:00
James Booth
93672eba9f Plugins: Added on_room_history_message 2016-04-08 00:11:33 +01:00
James Booth
7ca6084657 Plugins: Added on_room_win_focus 2016-04-07 22:15:03 +01:00
James Booth
271278dd20 Plugins: Added on_chat_win_focus 2016-04-07 22:06:14 +01:00
James Booth
759d9ccb8d Added plugins presence hooks 2016-03-30 23:18:12 +01:00
James Booth
d39e48ba18 Use one stanza handler per type (message, iq, presence)
Allows plugins to stop stanza processing
2016-03-28 01:25:48 +01:00
James Booth
8933d59b03 Added basic stanza receive eooks 2016-03-27 21:36:29 +01:00