Commit Graph

233 Commits

Author SHA1 Message Date
c1093db090 fix(editor): prevent UI redraw conflicts during editor suspend/resume
All checks were successful
CI Code / Check spelling (push) Successful in 16s
CI Code / Check coding style (push) Successful in 31s
CI Code / Code Coverage (push) Successful in 3m36s
CI Code / Linux (debian) (push) Successful in 4m43s
CI Code / Linux (ubuntu) (push) Successful in 4m54s
CI Code / Linux (arch) (push) Successful in 6m46s
Guard against re-entrant editor launches, abort editor on Ctrl-Z,
and centralize suspend-aware redraws through prof_doupdate() to prevent
terminal corruption when SIGTSTP is received while editor is active.

Removes SIGUSR1 editor escape in favor of standard pkill <editor> recovery.
2026-06-01 12:21:34 +00:00
72f4f186da merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
Steffen Jaeckel
75b378cf54 Don't use memchr() on strings potentially shorter than 4 bytes.
When running profanity under Valgrind with slashguard enabled, the
following error could occur:

```
[...]
==4021347== Invalid read of size 1
==4021347==    at 0x4851F49: memchr (vg_replace_strmem.c:986)
==4021347==    by 0x45CEAD: _inp_slashguard_check (inputwin.c:183)
==4021347==    by 0x45CEAD: inp_readline (inputwin.c:225)
==4021347==    by 0x431184: prof_run (profanity.c:121)
==4021347==    by 0x42C609: main (main.c:176)
==4021347==  Address 0xe850883 is 0 bytes after a block of size 3 alloc'd
==4021347==    at 0x48477C4: malloc (vg_replace_malloc.c:446)
[...]
```

`memchr()` requires the complete memory that shall be searched to be
accessible. Using `strchr()` could work for shorter strings, but we only
want to search in the first 4 chars.

Instead of somehow working around those limitations, simply search manually
in the first 4 bytes.

Fixes: 3c56b289 ("Add slashguard feature")
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

(cherry picked from commit 7f48452d84)
2025-09-10 14:16:19 +02:00
Steffen Jaeckel
1a385b8cd2 Refactor slashguard
Fixes #2054
Fixes: 95c2199c ("Some more memory improvements")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
(cherry picked from commit 40aafd06e7)
2025-09-10 14:05:30 +02:00
442bfb6ce1 feat: Add /force-encryption command and update message handling
All checks were successful
CI / Check spelling (pull_request) Successful in 18s
CI / Check coding style (pull_request) Successful in 34s
CI / Linux (ubuntu) (pull_request) Successful in 14m5s
CI / Linux (debian) (pull_request) Successful in 14m5s
CI / Linux (arch) (pull_request) Successful in 14m53s
Implement /force-encryption command to configure forced encryption
settings with on|off and policy resend-to-confirm|block options.

The changes enhance user experience by clarifying encryption requirements
and providing actionable commands. Users can now press Enter again to
confirm unencrypted messages in resend-to-confirm mode.
2025-08-25 21:11:27 +02:00
ad294cdd6d feat(editor): add asynchronous external editor support
Some checks failed
CI / Check spelling (pull_request) Successful in 18s
CI / Check coding style (pull_request) Successful in 31s
CI / Linux (fedora) (pull_request) Failing after 1m14s
CI / Linux (debian) (pull_request) Successful in 10m19s
CI / Linux (ubuntu) (pull_request) Successful in 10m42s
CI / Linux (arch) (pull_request) Successful in 13m2s
The synchronous `get_message_from_editor` blocked the main loop (`prof_run`) while launching an external editor like `vim`, halting network I/O in `session_process_events` and preventing incoming message reception.

Introduced `get_message_from_editor_async` for `cmd_editor` to run the editor asynchronously. It forks and execs the editor in a thread (`editor_thread`), suspending NCurses to free the terminal. The main loop skips `inp_readline` and `ui_update` via a new `background_mode` flag while the editor runs, allowing `session_process_events` to keep the connection alive.

On editor completion, `editor_process` (called per loop iteration) resumes NCurses with `ui_resize`, inserts the result into the readline buffer and clears `background_mode`.

Retained synchronous `get_message_from_editor` for ~20 existing code paths (e.g., `vcard_nickname`) to avoid breaking them.

Tested with `vim` and `nano`: confirms no rendering conflicts, messages received during editing, and seamless resume. Edge cases like editor crashes handled via error logging and seamless resume.
2025-08-07 03:03:43 +02:00
Steffen Jaeckel
95c2199ca2 Some more memory improvements
* Less leaks
* Less allocations

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-12 10:09:41 +01:00
Steffen Jaeckel
c0da36c48d Rage-cleanup.
While trying to get the unit tests working again I stumbled over all those
things that I thought could be better^TM.

Now we also know "TODO: why does this make the test fail?" - because
the unit tests are brittle AF ... and we have to init the subsystems
we use in the test, otherwise the cleanup will fail...

BTW. you can now also only run a single test ... or a pattern or so ...
you'd have to read how `cmocka_set_test_filter()` works exactly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
2696989ce5 Fix a bunch of obvious memory leaks at termination
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-01-28 16:43:13 +01:00
Michael Vetter
88b26cfdb9 Undo gmainloop related changes
Revert "Merge pull request #1943 from H3rnand3zzz/gmainloop

This reverts commit 609fde0998, reversing
changes made to 2ec94064ed.

Revert "Merge pull request #1948 from H3rnand3zzz/fix/rl-less-refreshes"

This reverts commit 11762fd2b0, reversing
changes made to 609fde0998.

We have got several issues, that we don't quite see how to solve, with
the merge of the gmainloop PR.

* Slashguard is broken (#1955) (though #1956 could fix that)
* One person reported problems with copy paste selection via mouse
* Some input buffer seems not to be cleared correctly
  It happened that I was debugging profanity used `/connect` and typed
  the password. I then debugged so long that a time out occurred, so
  profanity disconnected. Then it printed "unknown command: $password".

There was something else that I forgot now.

Bottomline is: so far we didn't get it right so we will undo these
changes until someone proposes a working solution.

We got a slight performance increase (apparently noticable when
alt+mouse scrolling) but got too many issues with this change.
2024-02-19 17:41:06 +01:00
John Hernandez
6b2e1b28b2 Remove unnecessary input win redisplay
The redisplay function in keyboard handling event was introduced by @rodarima
in the following commit:
7eac636fc8

At the point first commit introduction it made sense, but later
the following commit added proper handling of input redisplay.
ccede06a65

This change was overlooked by me and introduced in #1943.

Potential solution for #1947.
2024-01-18 18:15:55 +01:00
John Hernandez
f322639668 Fix chat state updating
Previous commits introduced a problem that chat state
stopped working, this commit resolves it by updating it on each cycle.
2023-12-28 18:09:50 +01:00
Rodrigo Arias
7eac636fc8 Implement keyboard input using GIOChannel 2023-12-28 18:09:50 +01:00
Michael Vetter
bd0aa3eb85 Merge pull request #1824 from H3rnand3zzz/feature/mouse-scroll
Smooth scrolling support (+mouse wheel scrolling in some terminals)
2023-12-05 12:25:41 +01:00
John Hernandez
23692fedff Add ALT+UP/DOWN/mouse wheel scroll support
Before the change, the only way to scroll was usage of page up/down,
it allowed to scroll only by skipping pages, which was not smooth.
2023-11-28 15:04:53 +01:00
John Hernandez
3dcca35f34 Minor inputwin.c refactoring/cleanup
Function `inp_nonblocking` is changed
to fetch the `inpbloc` pref only once.

`inp_win_resize` cleaned up a bit.
2023-11-13 12:09:38 +01:00
John Hernandez
dac6d0c4f8 Handle alt+enter as newline char
Let user print newline character using alt+enter keybind,
it allows great flexibility in communication,
now user will be able to write much better longer messages.
2023-11-13 09:40:04 +01:00
John Hernandez
8304ac86ff g_free() to auto_gfree, introduce auto_guchar
Fix 11 potential mem leaks in theme.c
2023-07-13 17:04:59 +02:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
Steffen Jaeckel
197b839944 Remove VLA & calm Valgrind
`MB_CUR_MAX` looks like a macro, but it's a function call and therefore
creates a VLA. We don't want that.

Also this array being uninitialized created the following Valgrind error

```
==503529== Conditional jump or move depends on uninitialised value(s)
==503529==    at 0x619F15E: waddnstr (lib_addstr.c:67)
==503529==    by 0x1929B7: _inp_write (inputwin.c:353)
==503529==    by 0x1937D5: _inp_redisplay (inputwin.c:619)
==503529==    by 0x61511B1: rl_forced_update_display (display.c:2693)
==503529==    by 0x193F9D: _inp_rl_send_to_editor (inputwin.c:957)
==503529==    by 0x614642F: _rl_dispatch_subseq (readline.c:916)
==503529==    by 0x6146C85: _rl_dispatch_callback (readline.c:823)
==503529==    by 0x616739F: rl_callback_read_char (callback.c:241)
==503529==    by 0x1923DB: inp_readline (inputwin.c:188)
==503529==    by 0x149860: prof_run (profanity.c:117)
==503529==    by 0x2283E8: main (main.c:186)
==503529==  Uninitialised value was created by a stack allocation
==503529==    at 0x1928B1: _inp_write (inputwin.c:334)
```

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-05-12 08:39:23 +02:00
Michael Vetter
f20dbcff09 Fix memleak in _inp_rl_linehandler
Introduced in 59b99fece.
2023-04-18 21:30:05 +02:00
John Hernandez
59b99fece8 Don't add the same command twice to history
Expected behaviour
When you type
/command
/command
it should be just 1 entry in the history.

Behaviour
All the entries were saved.

Behaviour is changed by introducing check. Before adding to history,
entry now is compared to the last history entry.
2023-04-17 11:29:47 +02:00
Michael Vetter
9ef3491228 Let slashguard ignore quoted messages
This let's us whole `/me` messages and other messages starting with `>`.

Fix https://github.com/profanity-im/profanity/issues/1732
2022-07-04 09:15:03 +02:00
Paul Fertser
8e728fee15 Show return symbol for embedded newlines
When editing multi-line messages or comments everything past the first
newline becomes invisible.

This patch fixes it by substituting a Unicode symbol for "return"
instead of printing the newline as is. On locales where it's not
available single backslash is used instead.
2022-04-12 12:17:36 +03:00
Paul Fertser
ccede06a65 Handle input win redisplay via Readline hook
Allow Readline to control when to redisplay the input line. This makes
text entered via /editor visible after editor is closed.
2022-04-12 12:17:36 +03:00
Paul Fertser
026522534b Show Readline prompt in input window
When doing an interactive search the prompt is needed to show the
current state of the search to avoid confusion.
2022-04-12 12:17:32 +03:00
Michael Vetter
ba3d5e8de9 Merge pull request #1664 from paulfertser/tab-completion-cleanup
Tab completion code simplification
2022-04-01 12:52:54 +02:00
Michael Vetter
129886454c Merge pull request #1667 from paulfertser/fix-screen-arrows-bindings
Add Alt/Ctrl-arrows combinations for GNU Screen
2022-04-01 12:50:47 +02:00
Paul Fertser
54c00e206d Make all existing input functions bindable from config 2022-03-30 23:00:14 +03:00
Paul Fertser
4a6f88cc23 Add Alt/Ctrl-arrows combinations for GNU Screen
GNU Screen terminal emulator is modelled after VT100, its key bindings
for "application mode" (which profanity enables on startup) can be
seen with this: info screen "Input Translation".
2022-03-30 21:46:25 +03:00
Paul Fertser
3b40da854d Tab completion code simplification
Factor out common code for Tab and Shift-Tab in a separate function.

No functional change.
2022-03-30 16:36:10 +03:00
Paul Fertser
1e81eea899 Input window: handle invalid multibyte
The current code enters an infinite loop if the input string happens
to get an invalid utf-8 sequence somehow. For me it was reproducible
by running profanity in a Screen session and pressing Alt-т (cyrillic
letter).

Fix it the way borrowed from 0501e49623
where mbrlen is used for the same purposes.
2022-03-29 13:57:07 +03:00
MarcoPolo-PasTonMolo
06ef6842e8 Add quote autocompletion for previous messages
Fixes https://github.com/profanity-im/profanity/issues/1649

Type `>` then press tab or shift tab to autocomplete previous messages,
then type your reply and send message.
Newlines are replaced with newline followed by `> `.
A newline is added at the end so that the user can immediately type a
message without manually adding a new line.
2022-03-21 13:46:50 +02:00
Michael Vetter
963065775b Merge pull request #1646 from MarcoPolo-PasTonMolo/fix/nick-autocomplete
Fix not autocompleting nicks with '/'
2022-03-21 10:06:29 +01:00
MarcoPolo-PasTonMolo
ffeb8c33f1 Reverse priority for nick vs cmd autocomplete 2022-03-21 00:12:12 +02:00
Steffen Jaeckel
07e584734d Alt+e is already bound, use Alt+c
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-03-13 13:21:40 +01:00
MarcoPolo-PasTonMolo
3f78af2591 Move get_message_from_editor to appropriate file and change its keybinding 2022-03-03 12:56:03 +01:00
MarcoPolo-PasTonMolo
0fdaad7cbf Add hotkey for sending readline text to editor 2022-03-03 12:55:57 +01:00
MarcoPolo-PasTonMolo
1afe2aad24 Fix not autocompleting nicks with '/'
Remove check for '/' at the beginning of the line before autocompleting
and make it fallback to command autocompletion if no nicks found.

Fixes https://github.com/profanity-im/profanity/issues/1474
2022-03-03 09:59:21 +02:00
Michael Vetter
f21595597f Format code correctly 2021-10-05 10:01:27 +02:00
Michael Vetter
c397657061 Change attentionflag shortcut to alt+v
alt+f is the default readline shortcut for forward one word.

Regards https://github.com/profanity-im/profanity/issues/1580
2021-08-31 22:25:29 +02:00
DebXWoody
b0a89db1d6 Attention flag message ( enabled, disabled)
When the user enables or disabled the attention flag, a message will be
displayed in the chat window.
2021-05-29 20:44:17 +02:00
DebXWoody
1526a00123 Attention flag - Implemented Alt+m 2021-05-29 20:16:21 +02:00
DebXWoody
6dd11f0fff Attention flag for groupchats
Attention flag for groupchat and display the windows via "/wins attention"
2021-05-29 09:30:13 +02:00
DebXWoody
3520645366 Attention flag for chat windows
User is able to toggle a flag for chat windows. This flag should be used to mark
the window for "Attention".

Use Ctrl+f to mark the window.
2021-05-29 08:05:03 +02:00
kaffeekanne
97dd1cb0c2 Set input window size to max window size
Input window size was one cell off, therefore terminal themes with background color set were rendered incorrectly, fixes #1458
2020-12-11 20:33:01 +01:00
Philipp Klaus Krause
6a276e74e3 Since the string from strerror should never be modified, use const. 2020-10-14 09:52:26 +02:00
nia
ce67753423 Avoid passing NULL pointers to curses functions.
This allows profanity to work without segfaulting from NULL
pointer dereferences when used with NetBSD libcurses.

Basic functionality was tested, there may be more NULL pointer
issues hiding.
2020-09-04 12:59:20 +02:00
nia
52e9be4abc Basic support for building on NetBSD.
- Add NetBSD as a recognized platform without -ldl.
- Allow building with NetBSD libcurses instead of ncurses.
- Portability to NetBSD sh - use POSIX '=' instead of '=='.
2020-09-04 12:55:20 +02:00