Commit Graph

118 Commits

Author SHA1 Message Date
830479cf20 fix: OTR/presence/OMEMO correctness, stanza-id disco gate, build hardening
All checks were successful
CI Code / Check spelling (push) Successful in 17s
CI Code / Check coding style (push) Successful in 32s
CI Code / Code Coverage (push) Successful in 3m45s
CI Code / Linux (debian) (push) Successful in 4m42s
CI Code / Linux (ubuntu) (push) Successful in 4m49s
CI Code / Linux (arch) (push) Successful in 6m25s
- OTR: strip the whitespace tag by shifting the full message tail incl. the NUL, not tag_length bytes, so the body is no longer duplicated for messages longer than the tag.
- presence: snapshot the resource fields before connection_add_available_resource() takes ownership, removing a use-after-free in the own-presence path.
- OMEMO: propagate _omemo_finalize_identity_load() failure on connect (log + cons_show_error + stop) instead of leaving OMEMO silently unavailable.
- OMEMO: guard NULL fingerprint decode in _omemo_fingerprint_decode / omemo_is_trusted_identity / omemo_trust and log every decode failure instead of failing silently.
- stanza-id: gate XEP-0359 dedup on disco urn:xmpp:sid:0 (the `by` JID or its domain), falling back to no-dedup when caps are unknown; add functional tests for trusted vs untrusted server.
- accounts: narrow the group-name sanitizer to the characters GKeyFile forbids in headers ([ ] \n \r), keeping `=` and `#`, so read/write stays symmetric.
- build: re-introduce compiler/sanitizer flags in a Pikaur-safe form (opt-in sanitizers, -Wsign-compare) and fix the resulting -Wsign-compare warnings (incl. proftest _mkdir_recursive).fix: OTR/presence/OMEMO correctness, stanza-id disco gate, build hardening

Author: jabber.developer2 <jabber.developer2@jabber.space>
2026-06-20 10:30:23 +00:00
72f4f186da merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00
Steffen Jaeckel
95c2199ca2 Some more memory improvements
* Less leaks
* Less allocations

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-12 10:09:41 +01:00
Steffen Jaeckel
b55bf6e4bd Fix some more memory leaks + an invalid read.
`ProfMessage` was not completely initialized, fix this by using `calloc()`
for the allocation.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
c5a131ee46 Introduce our own shutdown callback mechanism.
Instead of adding stuff to `_shutdown()`, we can now register a shutdown
routine from the respective `init()` function of our modules.

This also has the advantage, that we're sure they're called in reverse
order from how the initialization happened.

I didn't simply use `atexit()` because POSIX says that the number of
possible callbacks is limited (min 32) and I was not sure whether
we will maybe extend this number at one point.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-07 21:09:16 +01:00
Steffen Jaeckel
2696989ce5 Fix a bunch of obvious memory leaks at termination
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-01-28 16:43:13 +01:00
Steffen Jaeckel
848acdd1fa Improve const correctness
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2024-06-19 16:01:46 +02:00
John Hernandez
8304ac86ff g_free() to auto_gfree, introduce auto_guchar
Fix 11 potential mem leaks in theme.c
2023-07-13 17:04:59 +02:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
John Hernandez
4a70f5f513 Cleanup char* to auto_gchar gchar* for prefs_get_string
Necessity explained in #1819
2023-07-03 16:06:27 +02:00
Martin Dosch
e1ffc64a65 User proper ellipsis char
As stated in
https://github.com/profanity-im/profanity/pull/1820#issuecomment-1498083383
profanity uses "..." (three dots) in a lot of places instead the proper
ellipsis char "…".
2023-04-09 12:19:18 +02:00
John Hernandez
99c9f150f6 Fix PGP
Fix of PGP and potentially other encryption methods by calling correct function that would initiate them in case if someone writes.
2023-03-31 12:30:51 +02:00
Michael Vetter
e59c401c84 Adapt to g_string_free glib 2.75.3 change
glib 2.75.3 changes warning behaviour of `g_string_free()`.
See:
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3219
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3226

Use this opportunity to replace the use of GString with
`g_strdup_printf()` where possible.
Otherwise correctly take the return value of `g_string_free()`
which is nicer anyways.
2023-03-21 10:53:10 +01:00
Michael Vetter
585f68f4f7 Split log.c into log.c and chatlog.c 2022-06-28 20:08:38 +02:00
Steffen Jaeckel
b8e46552bf add files_file_in_account_data_path()
As all parts of the code invoking the `files_get_account_data_path()`
function did the same afterwards, a function has been added with the same
behavior.

1. create path
2. `mkdir` of that path
3. return final path

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-03-13 14:15:02 +01:00
Steffen Jaeckel
9cf78e59d5 auto-format
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-02-01 15:01:28 +01:00
Michael Vetter
057c9ad776 Add config.h in files were it was missing
Related to https://github.com/profanity-im/profanity/issues/1512
2021-03-26 19:54:22 +01:00
Michael Vetter
a2726b6a7d Apply coding style 2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa Revert "Apply coding style"
This reverts commit 9b55f2dec0.

Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0 Apply coding style
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
Michael Vetter
e5ac12afa6 Remove prefs_free_string()
It just does a free.
Related to b580b9ef11
2020-07-02 11:34:12 +02:00
Michael Vetter
a92942a4b7 otr.c: Simplify freeing
free(NULL) is a noop.
2020-07-01 17:09:03 +02:00
Michael Vetter
b96e25d9c3 Fix overlooking variable
Fix mistake where I overlooked some variables in 1224aa414e.
2020-07-01 17:07:42 +02:00
Michael Vetter
1224aa414e Use files_get_account_data_path instead of duplicate code
We often had a use case where we want the account specific data dir.
Let's create a function for this instead of doing it by hand each time.
2020-07-01 10:05:45 +02:00
Michael Vetter
a0a4fd0426 db: log all incoming and outgoing messages 2020-04-06 10:50:20 +02:00
Michael Vetter
a4b53550ca Rename PROF_MSG_ENC_PLAIN to PROF_MSG_ENC_NONE 2020-04-06 10:50:20 +02:00
Michael Vetter
1f8b1eb740 Allow utf8 symbols as omemo/pgp/otr indicator char
Fix https://github.com/profanity-im/profanity/issues/1264
2020-02-20 23:36:10 +01:00
Michael Vetter
11b6e1bfa0 xep-0308: enable corrections for outgoing encrypted messages 2020-02-12 08:54:12 +01:00
Michael Vetter
b6b7dd5ad4 xep-0308: update the UI upon sending a corrected message
So far we don't do this for encrypted messages. Still needs to be done.
And MUC also needs to be done.
2020-02-11 15:26:58 +01:00
Michael Vetter
46fd7150e5 Add vim modeline 2019-11-13 12:11:05 +01:00
Michael Vetter
8c8c18c6fd Actually log MUC PM messages
If I'm not mistaken MUC PMs have not been logged at all if there was no
other client sending carbons.
This should add MUC PM logging functionality.

We still need to make sure carbons log to the same file.

Regards https://github.com/profanity-im/profanity/issues/1214
2019-10-28 23:36:42 +01:00
Michael Vetter
bb08c7270d Make sure result is always set for otr_get_policy() 2019-07-23 08:03:39 +02:00
Paul Fariello
44d16e9141 Add prof_message_t to wrap all message attributes
Probably missing copy of body to plain in carbon and privmessage.
Only covers the incoming message path because goal is OMEMO decryption
of untrusted message.
Cover some of the log functions but not all.
2019-06-20 14:30:42 +02:00
Michael Vetter
706af9a900 Update copyright to include 2019 2019-01-22 11:31:45 +01:00
James Booth
250e972b7a Update copyright 2018-01-21 15:00:02 +00:00
James Booth
68a3daedb9 Update Copyright 2017-01-28 17:24:22 +00:00
James Booth
8f1d3ab55c Add win_print 2016-10-15 18:29:02 +01:00
James Booth
9d075c9805 Remove ui_win_error_line 2016-10-15 17:07:15 +01:00
James Booth
a978bb12bf Send receipt request only when receiver supports feature
issue #829
2016-08-18 22:53:23 +01:00
James Booth
a3a73cf003 Move all filepath handling to files.c 2016-07-24 21:49:35 +01:00
James Booth
29452f8f1b Move xgd functions 2016-07-24 17:12:09 +01:00
James Booth
ef942bd27a Add config/files.c 2016-07-24 16:22:15 +01:00
James Booth
0a57c4de78 Tidy headers 2016-07-24 15:43:51 +01:00
James Booth
5bc38b6bc2 Moved window_list.c 2016-07-24 15:14:46 +01:00
James Booth
90b9b48ab9 Moved roster_list.c 2016-07-24 15:08:47 +01:00
James Booth
c23506f453 Moved contact.c 2016-07-24 14:55:32 +01:00
James Booth
25a6252a28 Moved chat_session.c 2016-07-24 14:23:55 +01:00
James Booth
e8fc80f5c1 Update GPL link in headers 2016-07-24 01:14:49 +01:00
James Booth
d79364358a Fix memory leaks 2016-06-08 22:23:00 +01:00
James Booth
88f423afea Rename jabber_ functions 2016-05-06 00:53:03 +01:00