Commit Graph

355 Commits

Author SHA1 Message Date
622054fc6d fix(pgp): prevent plaintext fallback in PGP/OX encryption
All checks were successful
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Code Coverage (pull_request) Successful in 3m41s
CI Code / Linux (debian) (pull_request) Successful in 5m15s
CI Code / Linux (ubuntu) (pull_request) Successful in 5m21s
CI Code / Linux (arch) (pull_request) Successful in 13m55s
CI Code / Check spelling (push) Successful in 1m24s
CI Code / Check coding style (push) Successful in 1m38s
CI Code / Linux (arch) (push) Successful in 7m14s
CI Code / Linux (debian) (push) Successful in 8m27s
CI Code / Linux (ubuntu) (push) Successful in 8m29s
CI Code / Code Coverage (push) Successful in 7m50s
Block all three code paths in message_send_chat_pgp that previously
fell back to sending unencrypted messages: encryption failure, missing
PGP key, and missing LibGPGME. Each path now shows a specific error
in the chat window and returns NULL so the caller skips logging and
display.

Also replace the generic cons_show for OX signcrypt failure with a
win_println on the current window, ensuring the user sees the error
even when the chat window is not focused.

Improve p_gpg_encrypt error reporting by adding a gchar** err
out-parameter. Each failure path now sets a descriptive message
(e.g. missing recipient key, missing sender key, GPGME context
failure, encryption failure) so the caller can display the exact
reason to the user.

Fix a memory leak: gpgme_key_unref(receiver_key) was missing from
the sender_key failure path.
2026-06-29 14:08:40 +00:00
830479cf20 fix: OTR/presence/OMEMO correctness, stanza-id disco gate, build hardening
All checks were successful
CI Code / Check spelling (push) Successful in 17s
CI Code / Check coding style (push) Successful in 32s
CI Code / Code Coverage (push) Successful in 3m45s
CI Code / Linux (debian) (push) Successful in 4m42s
CI Code / Linux (ubuntu) (push) Successful in 4m49s
CI Code / Linux (arch) (push) Successful in 6m25s
- OTR: strip the whitespace tag by shifting the full message tail incl. the NUL, not tag_length bytes, so the body is no longer duplicated for messages longer than the tag.
- presence: snapshot the resource fields before connection_add_available_resource() takes ownership, removing a use-after-free in the own-presence path.
- OMEMO: propagate _omemo_finalize_identity_load() failure on connect (log + cons_show_error + stop) instead of leaving OMEMO silently unavailable.
- OMEMO: guard NULL fingerprint decode in _omemo_fingerprint_decode / omemo_is_trusted_identity / omemo_trust and log every decode failure instead of failing silently.
- stanza-id: gate XEP-0359 dedup on disco urn:xmpp:sid:0 (the `by` JID or its domain), falling back to no-dedup when caps are unknown; add functional tests for trusted vs untrusted server.
- accounts: narrow the group-name sanitizer to the characters GKeyFile forbids in headers ([ ] \n \r), keeping `=` and `#`, so read/write stays symmetric.
- build: re-introduce compiler/sanitizer flags in a Pikaur-safe form (opt-in sanitizers, -Wsign-compare) and fix the resulting -Wsign-compare warnings (incl. proftest _mkdir_recursive).fix: OTR/presence/OMEMO correctness, stanza-id disco gate, build hardening

Author: jabber.developer2 <jabber.developer2@jabber.space>
2026-06-20 10:30:23 +00:00
72f4f186da merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00
3f36c303c2 feat(history): flat-file backend with bidirectional SQLite migration
All checks were successful
CI Code / Check spelling (push) Successful in 21s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 2m21s
CI Code / Linux (ubuntu) (push) Successful in 4m30s
CI Code / Linux (debian) (push) Successful in 6m43s
CI Code / Linux (arch) (push) Successful in 10m8s
A flat-file alternative to the SQLite chatlog backend with runtime
switching, full migration tooling, integrity verification, and a
synthetic load harness. SQLite remains the default; both backends share
one dispatch layer (db_backend_t vtable) so callers don't change.

Storage layout
- Per-contact append-only `flatlog/<account>/<contact>/history.log`
  under XDG_DATA_HOME, one line per message
- Single-line file header with embedded format-version marker
  (FLATFILE_FORMAT_VERSION); reader warns on missing or mismatched
  marker, writer and checker stay in sync via preprocessor
  stringification
- Deterministic key=value metadata (`id`, `aid`, `corrects`, `to`,
  `to_res`, `read`) plus escaped body \u2014 `\|`, `\]`, `\\`, `\n`, `\r`
  literals prevent log injection
- Sparse byte-offset index (FF_INDEX_STEP=500) per contact for
  O(log n) time-range lookups; rebuilt on inode / size / mtime
  change, extended in-place when the file just grew
- Per-contact GHashTable caches for archive_id presence and
  stanza_id \u2192 from_jid mapping (O(1) MAM dedup, O(1) LMC sender
  validation)

Hardening
- Path-traversal protection: JID directory name normalisation
  (`@` \u2192 `_at_`, slashes and `..` rejected at construction); every
  per-contact path is anchored under the account's flatlog/
  directory and validated before open
- Symlink-attack protection: every fopen / open uses O_NOFOLLOW; on
  ELOOP the operation aborts with an error rather than following
- Filesystem permissions: log files created with mode 0600,
  directories with mode 0700; both enforced at creation, verified
  on each open and reported on drift by `/history verify`
- Atomic crash-safe export: write to a temp file via mkstemp (mode
  0600, random suffix, no name collisions between concurrent
  exports), fsync, then rename \u2014 partial state never replaces the
  live file
- Concurrency: advisory flock(LOCK_EX) held for the duration of
  every write, including append from live messages and full rewrite
  from export, so two profanity processes can't interleave bytes
  on the same log
- DoS / abuse guards:
    * FF_MAX_LINE_LEN = 10 MB \u2014 lines longer than this are rejected
      at read with a warning; the parser will not allocate
      unbounded memory for a single record
    * FF_MAX_LMC_DEPTH = 100 \u2014 `corrects:` chain walk stops at this
      depth and emits a warning, preventing a malicious correction
      cycle from spinning the apply pass
    * FF_VERSION_SCAN_MAX = 16 \u2014 header version probe never reads
      past 16 leading comment lines, even on garbage input
    * Empty / inverted byte-range early-return in page-up read path
      so a malformed time filter cannot cause an unbounded scan
    * Zero-entry index guard so a file whose every line failed to
      parse cannot cause a NULL deref on later page-up
- LMC sender validation: an incoming correction whose sender does
  not match the original message's sender is rejected at write
  time and surfaced via cons_show_error; a cycle in the apply pass
  is broken via a visited-set
- jid_create_from_bare_and_resource treats NULL, empty string, and
  the literal "(null)" as no resource and returns a bare jid;
  similar normalisation for barejid eliminates the legacy
  "user@host/(null)" artefact that leaked into stored fulljids
  whenever g_strdup_printf("%s", NULL) ran inside create_fulljid

Commands
- `/history switch sqlite|flatfile` \u2014 runtime backend swap, closes
  the old backend and opens the new one without reconnecting
- `/history export [<jid>]` \u2014 SQLite -> flat-file, merging with any
  existing flatlog (dedup keyed on a SHA-256 hash mixing stanza_id,
  timestamp, from_jid, body \u2014 robust against id reuse by older
  clients)
- `/history import [<jid>]` \u2014 flat-file -> SQLite, same merge
  semantics, runs inside a single SQLite transaction with rollback
  on per-contact failure
- `/history verify [<jid>]` \u2014 integrity check; emits a structured
  list of issues (ERROR / WARNING / INFO) per file:
    * file-level: missing log, wrong permissions (\u2260 0600), UTF-8
      BOM present, CRLF line endings, empty file
    * line-level: invalid UTF-8 (with byte offset), embedded
      control characters, unparsable lines, timestamps out of
      order, duplicate `id:` and `aid:` (tracked separately so a
      stanza/archive id collision isn't double-reported)
    * cross-line: broken `corrects:` references whose target id is
      not present in the file
- `/history backend` \u2014 show currently active backend
- Active backend indicator `[sqlite]` / `[flatfile]` in the status
  bar next to the JID
- Roster-JID autocomplete for verify / export / import
- export and import open a SQLite handle on demand when the
  flatfile backend is currently active, so migration works
  regardless of which backend is live

Tests
- Unit: database_export (parser round-trip, escape/unescape, dedup
  key stability, JID normalisation), database_stress (14 cases
  exercising rapid writes, large messages, deep LMC chains, MAM
  dedup, concurrent contacts)
- Functional: history persistence across reconnects, export /
  import round-trip with content equality, MUC migration,
  timestamp normalisation across timezones
- Bench harness P1\u2013P5 (synthetic load: bulk insert, time-range
  read, page-up scroll, MAM ingest, mixed workload) and failure
  modes F1\u2013F17 (page-up cursor and forward-iteration symmetry,
  oversized lines, MAM dedup, LMC depth and cycles, BOM/CRLF,
  missing log, empty file, mtime+inode flip, broken corrects, etc.)
- All bench tests integrate with the existing make targets and
  emit CSV rows for baseline comparison

Author: jabber.developer2 <jabber.developer2@jabber.space>
Reviewed-by: jabber.developer <jabber.developer@jabber.space>
2026-05-05 19:26:07 +00:00
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
Michael Vetter
07dfeec816 Release 0.15.0 2025-03-27 20:06:38 +01:00
Steffen Jaeckel
95c2199ca2 Some more memory improvements
* Less leaks
* Less allocations

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-12 10:09:41 +01:00
Steffen Jaeckel
c0da36c48d Rage-cleanup.
While trying to get the unit tests working again I stumbled over all those
things that I thought could be better^TM.

Now we also know "TODO: why does this make the test fail?" - because
the unit tests are brittle AF ... and we have to init the subsystems
we use in the test, otherwise the cleanup will fail...

BTW. you can now also only run a single test ... or a pattern or so ...
you'd have to read how `cmocka_set_test_filter()` works exactly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
b55bf6e4bd Fix some more memory leaks + an invalid read.
`ProfMessage` was not completely initialized, fix this by using `calloc()`
for the allocation.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
848acdd1fa Improve const correctness
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2024-06-19 16:01:46 +02:00
Michael Vetter
569e37f018 Update copyright to 2024 2024-01-22 16:03:48 +01:00
Steffen Jaeckel
bac24601da Introduce equals_our_barejid()
Instead of always repeating the same pattern, introduce a helper function.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:27:02 +01:00
Steffen Jaeckel
847a86de50 add connection_get_jid()
Use a singleton `Jid` inside the connection instead of always re-creating
a `Jid` from the same string.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:26:21 +01:00
Steffen Jaeckel
64046bcdf3 Fix some things regarding char* vs. gchar*
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-09 15:09:52 +01:00
Michael Vetter
45fe1be58f Merge pull request #1902 from H3rnand3zzz/feature/improved-history
Change DB structure
2023-11-06 22:41:36 +01:00
Steffen Jaeckel
4c26462827 Ensure instances of auto types are initialized
Follow-up of #1913

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-11-06 22:22:35 +01:00
John Hernandez
a671cff964 Improve XEP-0308 compliance
Disallow correcting historical MUC messages, as the XEP-308 requires.

Previous changes introduce problem with
"Illicit LMC attempt from conference@server/user for message from user"

During investigation it was revealed that XEP does not recommend support
of historical MUC messages correction.

```
When used in a Multi-User Chat (XEP-0045) context,
corrections must not be allowed (by the receiver)
for messages received before the sender joined the room -
particularly a full JID leaving the room
then rejoining and correcting a message SHOULD be disallowed,
as the entity behind the full JID in the MUC may have changed.
```
https://xmpp.org/extensions/xep-0308.html#rules

XEP details mentioned by @jubalh
Bug discovered and solution improved by  @jaeckel
2023-11-06 22:04:53 +01:00
Michael Vetter
634cb586d9 Merge pull request #1892 from ike08/improvement/muc-title-behaviour
Improve MUC title behaviour for roster, statusbar, and titlebar
2023-10-09 09:47:03 +02:00
IsaacM88
23c6936398 Improve MUC title behaviour for roster, statusbar, and titlebar
## Abstract

Continuation of https://github.com/profanity-im/profanity/pull/1881

Give all MUC title commands a consistent command structure and appearance.

- `/roster room use name|jid` and `/roster room show|hide server` are now `/roster room title bookmark|jid|localpart|name`
- `/statusbar room room|jid` is now `/statusbar room title bookmark|jid|localpart|name`
- `/statusbar show|hide jid` and `/statusbar show|hide name` are now `/titlebar room title bookmark|jid|localpart|name`

Fix both bugs mentioned in https://github.com/profanity-im/profanity/pull/1881

### src/ui/mucwin.c:mucwin_generate_title

Called by each command to generate a properly formatted title. It checks for "name" first because "name" is the default preference for each command. The last if-statement sets the title to "localpart" for special cases when the title should be "localpart" instead of the user-defined preference.

## Testing

### Preparation

Remove preferences that will interfere with testing.

```
sed -i "/roster.rooms.title=/d" profrc
sed -i "/statusbar.room.title=/d" profrc
sed -i "/titlebar.muc.title=/d" profrc
sed -i "/roster.rooms.use.name=/d" profrc
sed -i "/roster.rooms.server=/d" profrc
sed -i "/statusbar.room=/d" profrc
sed -i "/titlebar.muc.title.jid=/d" profrc
sed -i "/titlebar.muc.title.name=/d" profrc
sed -i "/roster.rooms.by=/d" profrc
```

### Command Definitions

| Test | Window |
| :--- | :--- |
| `/help roster` | - /roster room title bookmark\|jid\|localpart\|name<br>- room title bookmark\|jid\|localpart\|name : Display the bookmark name, JID, JID localpart, or room name as the roster title for MUCs.<br>- *No /roster show\|hide server*<br>- *No /roster room use jid\|name* |
| `/help statusbar` | - /statusbar room title bookmark\|jid\|localpart\|name<br>- room title bookmark\|jid\|localpart\|name : Display the bookmark name, JID, JID localpart, or room name as the title for MUC tabs.<br>- *No /statusbar room jid\|room* |
| `/help titlebar` | - /titlebar room title bookmark\|jid\|localpart\|name<br>- room title bookmark\|jid\|localpart\|name : Display the bookmark name, JID, JID localpart, or room name as the MUC window title.<br>- *No /titlebar show\|hide jid\|name* |

### Autocomplete

| Test | Command line |
| :--- | :--- |
| `/roster room <TAB>` | Autocompletes `title` |
| `/roster room title <TAB>` | Autocompletes `bookmark\|jid\|localpart\|name` |
| `/statusbar room <TAB>` | Autocompletes `title` |
| `/statusbar room title <TAB>` | Autocompletes `bookmark\|jid\|localpart\|name` |
| `/titlebar room <TAB>` | Autocompletes `title` |
| `/titlebar room title <TAB>` | Autocompletes `bookmark\|jid\|localpart\|name` |
| `/roster room <TAB>` | Does not autocomplete `use`, `show`, or `hide` |
| `/roster room use <TAB>` | Does not autocomplete `name` |
| `/roster room show <TAB>` | Does not autocomplete `server` |
| `/roster room hide <TAB>` | Does not autocomplete `server` |
| `/statusbar room <TAB>` | Does not autocomplete `jid` or `room` |
| `/titlebar show <TAB>` | Does not autocomplete `jid` or `name` |
| `/titlebar hide <TAB>` | Does not autocomplete `jid` or `name` |

### Set Preferences

| Test | Window | profrc |
| :--- | :--- | :--- |
| `/roster room title bookmark` | Roster MUCs will display 'bookmark' as their title. | roster.rooms.title=bookmark |
| `/roster room title jid` | Roster MUCs will display 'jid' as their title. | roster.rooms.title=jid |
| `/roster room title localpart` | Roster MUCs will display 'localpart' as their title. | roster.rooms.title=localpart |
| `/roster room title name` | Roster MUCs will display 'name' as their title. | roster.rooms.title=name |
| `/roster room title invalid` | Invalid usage, see '/help roster' for details. | |
| `/statusbar room title bookmark` | Displaying 'bookmark' as the title for MUC tabs. | statusbar.room.title=bookmark |
| `/statusbar room title jid` | Displaying 'jid' as the title for MUC tabs. | statusbar.room.title=jid |
| `/statusbar room title localpart` | Displaying 'localpart' as the title for MUC tabs. | statusbar.room.title=localpart |
| `/statusbar room title name` | Displaying 'name' as the title for MUC tabs. | statusbar.room.title=name |
| `/statusbar room title invalid` | Invalid usage, see '/help statusbar' for details. |  |
| `/titlebar room title bookmark` | MUC windows will display 'bookmark' as the window title. | titlebar.muc.title=bookmark |
| `/titlebar room title jid` | MUC windows will display 'jid' as the window title. | titlebar.muc.title=jid |
| `/titlebar room title localpart` | MUC windows will display 'localpart' as the window title. | titlebar.muc.title=localpart |
| `/titlebar room title name` | MUC windows will display 'name' as the window title. | titlebar.muc.title=name |
| `/titlebar room title invalid` | Invalid usage, see '/help titlebar' for details. |  |
| `/roster room use jid` | Invalid usage, see '/help roster' for details. |  |
| `/roster room use name` | Invalid usage, see '/help roster' for details. |  |
| `/roster room show server` | Invalid usage, see '/help roster' for details. |  |
| `/roster room hide server` | Invalid usage, see '/help roster' for details. |  |
| `/statusbar room jid` | Invalid usage, see '/help statusbar' for details. |  |
| `/statusbar room room` | Invalid usage, see '/help statusbar' for details. |  |
| `/titlebar show jid` | Invalid usage, see '/help titlebar' for details. |  |
| `/titlebar hide jid` | Invalid usage, see '/help titlebar' for details. |  |
| `/titlebar show name` | Invalid usage, see '/help titlebar' for details. |  |
| `/titlebar hide name` | Invalid usage, see '/help titlebar' for details. |  |

### Display Set Preferences

| Test | Window |
| :--- | :--- |
| /prefs ui | - Roster rooms title (/roster) : name<br>- Room tab display (/statusbar) : name<br>- MUC window title (/titlebar) : name |

### Test MUC Window

#### Test: without *name* preference, without *room name* field

```
/join muc@dmn.im
/room config
/field1 ""
/form submit
/quit
```

| Test | Roster | Statusbar | Titlebar |
| :--- | :--- | :--- | :--- |
| `/join muc@dmn.im` | muc<span/>@dmn.im | muc<span/>@dmn.im | muc<span/>@dmn.im |
| `/room config` |  | muc<span/>@dmn.im conf | muc<span/>@dmn.im config |
| `/field2 edit` |  |  | muc<span/>@dmn.im config * |
| `/msg tst` | tst | muc<span/>@dmn.im/tst | muc<span/>@dmn.im/tst |
| `/roster room by service` | muc |  |  |

#### Test: with *name* preference, without *room name* field

```
/roster room title name
/statusbar room title name
/titlebar room title name
/save
/quit
```

| Test | Roster | Statusbar | Titlebar |
| :--- | :--- | :--- | :--- |
| `/join muc@dmn.im` | muc<span/>@dmn.im | muc<span/>@dmn.im | muc<span/>@dmn.im |
| `/room config` |  | muc<span/>@dmn.im conf | muc<span/>@dmn.im config |
| `/field2 edit` |  |  | muc<span/>@dmn.im config * |
| `/msg tst` | tst | muc<span/>@dmn.im/tst | muc<span/>@dmn.im/tst |
| `/roster room by service` | muc |  |  |

#### Test: without *name* preference, with *room name* field

```
sed -i "/roster.rooms.title=/d" profrc
sed -i "/statusbar.room.title=/d" profrc
sed -i "/titlebar.muc.title=/d" profrc
/join muc@dmn.im
/room config
/field1 "my_room"
/form submit
/quit
```

| Test | Roster | Statusbar | Titlebar |
| :--- | :--- | :--- | :--- |
| `/join muc@dmn.im` | my_room | my_room | my_room |
| `/room config` |  | my_room conf | my_room config |
| `/field2 edit` |  |  | my_room config * |
| `/msg tst` | tst | my_room/tst | my_room/tst |
| `/roster room by service` | my_room |  |  |

#### Test: with *name* preference, with *room name* field

```
/quit
/roster room title name
/statusbar room title name
/titlebar room title name
/save
/quit
```

| Test | Roster | Statusbar | Titlebar |
| :--- | :--- | :--- | :--- |
| `/join muc@dmn.im` | my_room | my_room | my_room |
| `/room config` |  | my_room conf | my_room config |
| `/field2 edit` |  |  | my_room config * |
| `/msg tst` | tst | my_room/tst | my_room/tst |
| `/roster room by service` | my_room |  |  |

#### Test: with *localpart* preference

```
/quit
/roster room title localpart
/statusbar room title localpart
/titlebar room title localpart
/save
/quit
```

| Test | Roster | Statusbar | Titlebar |
| :--- | :--- | :--- | :--- |
| `/join muc@dmn.im` | muc | muc | muc |
| `/room config` |  | muc conf | muc config |
| `/field2 edit` |  |  | muc config * |
| `/msg tst` | tst | muc/tst | muc/tst |
| `/roster room by service` | muc |  |  |

#### Test: with *bookmark* preference, without *bookmark name*

```
/quit
/roster room title bookmark
/statusbar room title bookmark
/titlebar room title bookmark
/save
/quit
/bookmark add muc@dmn.im
```

| Test | Roster | Statusbar | Titlebar |
| :--- | :--- | :--- | :--- |
| `/bookmark join muc@dmn.im` | muc<span/>@dmn.im | muc<span/>@dmn.im | muc<span/>@dmn.im |
| `/room config` |  | muc<span/>@dmn.im conf | muc<span/>@dmn.im config |
| `/field2 edit` |  |  | muc<span/>@dmn.im config * |
| `/msg tst` | tst | muc<span/>@dmn.im/tst | muc<span/>@dmn.im/tst |
| `/roster room by service` | muc |  |  |

#### Test: with *bookmark* preference, with *bookmark name*

```
/quit
/bookmark remove muc@dmn.im
/bookmark add muc@dmn.im name "my_bookmark"
```

| Test | Roster | Statusbar | Titlebar |
| :--- | :--- | :--- | :--- |
| `/bookmark join muc@dmn.im` | my_bookmark | my_bookmark | my_bookmark |
| `/room config` |  | my_bookmark conf | my_bookmark config |
| `/field2 edit` |  |  | my_bookmark config * |
| `/msg tst` | tst | my_bookmark/tst | my_bookmark/tst |
| `/roster room by service` | my_bookmark |  |  |

#### Test: with *jid* preference

```
/quit
/roster room title jid
/statusbar room title jid
/titlebar room title jid
/save
/quit
```

| Test | Roster | Statusbar | Titlebar |
| :--- | :--- | :--- | :--- |
| `/join muc@dmn.im` | muc<span/>@dmn.im | muc<span/>@dmn.im | muc<span/>@dmn.im |
| `/room config` |  | muc<span/>@dmn.im conf | muc<span/>@dmn.im config |
| `/field2 edit` |  |  | muc<span/>@dmn.im config * |
| `/msg tst` | tst | muc<span/>@dmn.im/tst | muc<span/>@dmn.im/tst |
| `/roster room by service` | muc |  |  |

### Test Contact Chat Window Title

#### Test: without contact nick

```
/roster add tst@dmn.im
```

| Test | Titlebar |
| :--- | :--- |
| `/msg tst@dmn.im` | tst<span/>@dmn.im |

#### Test: with contact nick

```
/roster add tst@dmn.im my_tst
```

| Test | Titlebar |
| :--- | :--- |
| `/msg my_tst` | my_tst <tst<span/>@ike.snikket.chat> |

### Test Preference Upgrade

#### Test /roster

| Test | profrc |
| :--- | :--- |
| `sed -i '/\[ui\]/a\roster.rooms.use.name=name' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\roster.rooms.use.name=' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\roster.rooms.server=' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\roster.rooms.use.name=jid' profrc` | Original key removed.<br>roster.rooms.title=jid |
| `sed -i '/\[ui\]/a\roster.rooms.use.name=jid' profrc`<br>`sed -i '/\[ui\]/a\roster.rooms.server=false' profrc` | Original keys removed.<br>roster.rooms.title=localpart |
| `sed -i '/\[ui\]/a\roster.rooms.use.name=jid' profrc`<br>`sed -i '/\[ui\]/a\roster.rooms.server=true' profrc` | Original keys removed.<br>roster.rooms.title=jid |
| `sed -i '/\[ui\]/a\roster.rooms.use.name=jid' profrc`<br>`sed -i '/\[ui\]/a\roster.rooms.server=' profrc` | Original keys removed.<br>roster.rooms.title=jid |
| `sed -i '/\[ui\]/a\statusbar.room=' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\statusbar.room=room' profrc` | Original key removed.<br>statusbar.room.title=localpart |
| `sed -i '/\[ui\]/a\statusbar.room=jid' profrc` | Original key removed.<br>statusbar.room.title=jid |
| `sed -i '/\[ui\]/a\titlebar.muc.title.jid=' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\titlebar.muc.title.name=' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\titlebar.muc.title.jid=true' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\titlebar.muc.title.name=true' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\titlebar.muc.title.jid=false' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\titlebar.muc.title.name=false' profrc` | Original key removed. |
| `sed -i '/\[ui\]/a\titlebar.muc.title.jid=true' profrc`<br>`sed -i '/\[ui\]/a\titlebar.muc.title.name=false' profrc` | Original key removed.<br>titlebar.muc.title=jid |
| `sed -i '/\[ui\]/a\titlebar.muc.title.jid=false' profrc`<br>`sed -i '/\[ui\]/a\titlebar.muc.title.name=true' profrc` | Original keys removed. |
| `sed -i '/\[ui\]/a\titlebar.muc.title.jid=true' profrc`<br>`sed -i '/\[ui\]/a\titlebar.muc.title.name=true' profrc` | Original keys removed. |

### Test Valgrind

No memory leaks detected relating to these changes.
2023-10-05 18:16:04 -06:00
Steffen Jaeckel
e668c4f7df Extend autoping timer on each stanza we receive.
Sometimes the server is too busy sending other stanzas or our connection is
saturated because of something else, so the pong arrives too late.
Prevent the autoping disconnect event by extending the timeout
each time a stanza is received.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-10-04 17:02:10 +02:00
Michael Vetter
492efc432c Display headline sender 2023-08-11 15:56:26 +02:00
John Hernandez
8304ac86ff g_free() to auto_gfree, introduce auto_guchar
Fix 11 potential mem leaks in theme.c
2023-07-13 17:04:59 +02:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
John Hernandez
7f3fca2bd0 Cleanup: gchar as gchar instead of char
Use gchar instead of char in most of the cases where gchar is intended.

Reason: improve compatibility and stability. Issue #1819

Minor refactoring.
2023-05-04 16:15:09 +02:00
John Hernandez
407905cfc5 Fix OTR
Fix OTR: carbon in stanza breaks OTR and prevents it from starting and working properly.
2023-03-31 12:30:51 +02:00
the xhr
714add207b Add macro for possible NULL prints and use it on known sports
The macro is effective on OpenBSD and basically a no op on other platforms.
Use it for one existing and the other known debug statements.
2023-01-26 17:42:52 +01:00
Steffen Jaeckel
b535921484 introduce auto_jid and refcounting in Jid
This also fixes a memory leak from within `_handle_groupchat()` in [0].

[0] src/xmpp/message.c

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-19 10:40:25 +01:00
Steffen Jaeckel
1a85448bf2 improve const correctness
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-18 20:11:13 +01:00
Michael Vetter
3adc399da0 Update copyright year 2023-01-10 10:37:25 +01:00
Michael Vetter
449c7ce2ba ox: add helper message in case signcrypt doesnt work
Most likely they didnt trust/sign the key. Which is described in the
profanity-ox-setup man page.
2022-06-29 13:26:15 +02:00
Michael Vetter
a40a0f5189 Split ox functions from gpg.c to ox.c 2022-06-29 09:17:15 +02:00
Michael Vetter
4d6bc1adf8 Merge pull request #1717 from MarcoPolo-PasTonMolo/fix/chat-with-self-duplicate-msgs
Fix duplicate messages in chat with oneself.
2022-06-11 12:33:56 +02:00
MarcoPolo-PasTonMolo
91e8a89b59 Fix duplicate messages in chat with oneself.
Messages would get duplicated when you chat with yourself, worse if you
had omemo enabled the duplicated message would say something along the
lines of "Your client doesn't support OMEMO". The cause was carbons
when the message was sent from another client, whilst it was a sent
and received message when profanity was the one to send it. This commit
ignores the carbon message in the 1st case and ignores the received one
in the 2nd.

Fixes https://github.com/profanity-im/profanity/issues/1595
2022-05-31 15:55:02 +03:00
MarcoPolo-PasTonMolo
4839093a8b Make muc config update after form submit
Muc configuration in profanity used to not update until next login, ie:
make muc non_anonymous and members_only but be unable to start omemo
until next login. Now a disco info request is sent after forrm submit
and chatroom details are changed accordingly.

Fixes https://github.com/profanity-im/profanity/issues/1347
2022-05-27 18:51:35 +03:00
Michael Vetter
1330ad4e1e Update copyright year 2022-05-09 15:43:33 +02:00
Michael Vetter
66eeccf408 ox: only process proper messages
We only want to have the decrypted message or the alternative body in
message->plain.

Also let's print error messages if it makes sense and log other issues.

Partly addresses the commit in the comit mesage of:
2dc0cc489c
2022-05-04 16:11:00 +02:00
Michael Vetter
1eaa2c1529 ox: prefix function _openpgp_signcrypt with ox_
To make the destinction clearer and easier to search.
2022-05-04 14:26:43 +02:00
Stefan Kropp
c9e6a89aea Bugfix OX rpad generation
________________________________________
< No comment - should be much better now >
 ----------------------------------------
 \
  \
   \ >()_
      (__)__ _
2022-05-03 23:00:11 +02:00
Michael Vetter
2dc0cc489c ox: dont print empty body message
Fix https://github.com/profanity-im/profanity/issues/1693

```
@StefanKropp @DebXWoody please check `_handle_ox_chat()` I don't
understand what you are doing there.
1)
First plain is assigned `message->plain =
p_ox_gpg_decrypt(xmpp_stanza_get_text(ox));`
and then in the same if block you overwrite this with `message->plain =
xmpp_stanza_get_text(b);` without freeing the old value as far as I can
see.

2)
Sometimes even doing `message->plain = "OX error: No payload found";`.
Shouldn't there be a `strdup()`? I think later on we try to free the
whole message struct. So we can't mix this static things.
```
2022-04-27 17:00:30 +02:00
Michael Vetter
8ee3a43983 ox: remove comment 2022-04-27 16:36:30 +02:00
Michael Vetter
0293b639c7 Fix typo: paylod -> payload 2022-04-12 20:52:39 +02:00
Michael Vetter
57fb10f0bf Fix typos in comments 2022-02-18 18:59:32 +01:00
Michael Vetter
b67054aa39 Merge branch 'master' into xep/xep0107-user-mood 2021-12-06 13:49:04 +01:00
Michael Vetter
6c3e6a5262 xep-0107: adapting the pubsub/headline code
Like mentioned on the review at
https://github.com/profanity-im/profanity/pull/1605 I don't ge why
@DebXWoody changed the code like he did.

I changed it to something that made more sense to me now.
Instead of looking for headline in two places and checking for pubsub in
a headline place (only).

I didn't check this deeply. And still have a feeling that this is not
the best way to go. But I didn't read the XEP yet.

Added a TODO to the code regarding this too.

A quick skimming through https://xmpp.org/extensions/xep-0107.html
doesn't show me anything regarding headline. So I really don't see why
this needs to go here.

Hopefully @DebXWoody checks this in the future. But since he didn't
react on the PR I decided to make some adjustments myself so we can
merge it.
2021-12-06 13:44:04 +01:00
DebXWoody
23e886ed5e Add xep-0107: User Mood support
Implementation of XEP 0107 - User Mood
2021-12-06 13:32:54 +01:00
Michael Vetter
2f7317cc18 Fix carbons criteria
We came into the carbons checking code when we received `<private
xmlns="urn:xmpp:carbons:2"/>`. Which actually marks a message to _not_
be a carbon.

In this code we also make sure that carbons only come from us.
If not we don't call the message handler code.

So we should actually only check for `<sent xmlns='urn:xmpp:carbons:2'>`
and `<received xmlns='urn:xmpp:carbons:2'>`.

Thanks pukkamustard and Holger.

Fixes https://github.com/profanity-im/profanity/issues/1614
2021-11-25 15:33:49 +01:00
Steffen Jaeckel
ffc0b49ab1 first step to remove libmesode
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-10-27 22:45:44 +02:00
Michael Vetter
3a9cffe013 Merge pull request #1566 from DebXWoody/bugfixing/ox
Bugfixes for OX implementation
2021-07-01 18:26:06 +02:00
DebXWoody
d01ba72535 OX bug fix
* Help / message description
 * C-Code format
2021-07-01 18:08:40 +02:00
Michael Vetter
06482fdaef Add option to only allow messages from jids in roster
`/silence on` will throw away all messages (type: chat, normal) that
come from jids that are not in the roster.

Implement https://github.com/profanity-im/profanity/issues/955
2021-07-01 18:02:03 +02:00