bfd7064a40
build: add missing includes to header files
...
This change adds necessary `#include` directives that were previously
omitted in some header files. Without these includes, compilation
could fail or produce undefined behavior when the headers are used
in isolation (i.e., before their dependencies are included elsewhere).
Ensures better modularity and reliability of header usage.
2026-06-16 11:21:11 +00:00
72f4f186da
merge: sync upstream profanity-im/profanity
...
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.
Major upstream changes incorporated:
Memory management
- Replace malloc+memset with g_new0 throughout codebase
- Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
- Replace free() with g_free() for GAlloc'd memory
Editor rewrite
- Remove pthread-based async editor; use GChildWatch callback API
- New launch_editor(initial_content, callback, user_data) interface
- Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
- ui_suspend()/ui_resume() integration for TTY management
OMEMO improvements
- Dual backend support: libsignal-protocol-c and libomemo-c
- Proper pre-key removal after use (XEP-0384 compliance)
- Automatic pre-key regeneration when store drops below threshold
- New functions: omemo_is_device_active(), omemo_is_jid_trusted()
- omemo_get_jid_untrusted_fingerprints() for better error messages
- Fingerprint notifications on new device identity discovery
- Deterministic pre-key ID generation tracking max_pre_key_id
- omemo_trust_changed() UI updates on trust state changes
JID validation
- RFC 6122-compliant validation in jid_is_valid()
- Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
- Length limits: 1023 per component, 3071 total
- New jid_is_valid_user_jid() for user vs. service JID distinction
Database
- Schema migration v3: UNIQUE constraint on archive_id for deduplication
- Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
- db_history_result_t return type, _truncate_datetime_suffix()
UI / console
- win_warn_needed() / win_warn_sent() warning deduplication hash table
- PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
- Spellcheck integration in input field with Unicode word detection
- cons_spellcheck_setting() for /settings ui output
- /[command]? shortcut for command help
Account config
- Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
- Replace popen() with g_spawn_sync() for eval_password
- TLS policy: add "direct" option alongside legacy
Connection
- Port validation with g_assert (0–65535)
- SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
- "direct" TLS policy alias for legacy SSL
Common utilities
- str_xml_sanitize() for XML 1.0 illegal character removal
- string_matches_one_of() with formatted error messages
- valid_tls_policy_option() helper
- prof_date_time_format_iso8601() utility
- Improved strip_arg_quotes() with backslash unescaping
- prof_occurrences() uses g_slist_prepend + reverse for performance
PGP / OX
- Proper GPGME resource cleanup with goto-cleanup pattern
- g_string_free(xmppuri) leak fix in _ox_key_lookup
CSV export
- Use GString + g_file_set_contents instead of raw write() syscalls
Tests
- Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
- New test_cmd_ac.c for autocompleter unit tests
- Updated stubs for new UI suspend/resume functions
License headers
- Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)
────────────────────────────────────────────────────
cproof-specific preservations:
- XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
- Force encryption: cmd_force_encryption, test_forced_encryption
- CWE-134: format string protection (cons_show("%s", ...))
- y_start_pos-based paging in window.c
- db_history_result_t return type, _truncate_datetime_suffix()
Merge-time fixes:
- common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
- database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
- console.c: implicit size_t → int cast — (int)(maxlen + 1)
- tlscerts.c: %d for size_t — %zu
Build system:
- Kept autotools (Makefile.am, configure.ac); upstream uses Meson
- Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
- Updated Makefile.am test paths for subdirectory structure
- Added test_cmd_ac, test_forced_encryption to test sources
Functional tests:
- Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
- Not yet available in devs/stabber fork
Closes #64
Merge author: jabber.developer2
Commits authors:
Michael Vetter <jubalh@iodoru.org >
& Steffen Jaeckel <s@jaeckel.eu >
2026-05-26 17:48:14 +00:00
467222d0ca
fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
...
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests
Author: jabber.developer2
Closes #58 , #85
2026-02-06 19:27:40 +01:00
d07ca9953d
fix: reduce logging
...
CI / Check spelling (push) Successful in 16s
CI / Check coding style (push) Successful in 31s
CI / Linux (ubuntu) (push) Successful in 10m12s
CI / Linux (arch) (push) Successful in 12m3s
CI / Linux (debian) (push) Successful in 12m12s
CI / Linux (fedora) (push) Successful in 17m6s
If we can't debug_log because we couldn't obtain some data, but otherwise the app is working, "warning" level is clearly excessive.
2025-07-05 20:54:06 +02:00
developer1
69238e7e66
Update deprecated email extraction in p_gpg_decrypt
...
CI / Linux (arch) (pull_request) Successful in 12m32s
CI / Linux (debian) (pull_request) Successful in 12m25s
CI / Check spelling (pull_request) Successful in 16s
CI / Linux (fedora) (pull_request) Successful in 15m17s
CI / Linux (ubuntu) (pull_request) Successful in 14m13s
CI / Check coding style (pull_request) Failing after 4m24s
Fixes arch build.
Since gpgme v2 release, https://github.com/gpg/gpgme/blob/master/NEWS , the gpgme_key_get_string_attr as well as GPGME_ATTR_EMAIL are REMOVED.
Fixes #2
Closes #2
2025-06-19 18:20:50 +02:00
Michael Vetter
07dfeec816
Release 0.15.0
2025-03-27 20:06:38 +01:00
Steffen Jaeckel
c5a131ee46
Introduce our own shutdown callback mechanism.
...
Instead of adding stuff to `_shutdown()`, we can now register a shutdown
routine from the respective `init()` function of our modules.
This also has the advantage, that we're sure they're called in reverse
order from how the initialization happened.
I didn't simply use `atexit()` because POSIX says that the number of
possible callbacks is limited (min 32) and I was not sure whether
we will maybe extend this number at one point.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu >
2025-03-07 21:09:16 +01:00
Michael Vetter
0995b1a180
Add NULL check to _gpgme_key_to_ProfPGPKey
...
Fix https://github.com/profanity-im/profanity/issues/1995
Tested-by: Martin Dosch <martin@mdosch.de >
2024-09-07 12:44:42 +02:00
Michael Vetter
569e37f018
Update copyright to 2024
2024-01-22 16:03:48 +01:00
Steffen Jaeckel
ca2df180d8
Introduce a shared implementation for keyfile loading
...
Instead of copy&pasting the same code over again, use a common
implementation.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de >
2023-09-04 09:59:09 +02:00
John Hernandez
865a056315
Cleanup g_strfreev() to auto_gcharv
...
Include some additional minor cleanups
2023-07-13 17:05:07 +02:00
John Hernandez
8304ac86ff
g_free() to auto_gfree, introduce auto_guchar
...
Fix 11 potential mem leaks in theme.c
2023-07-13 17:04:59 +02:00
John Hernandez
e1d137f4e6
Change char->free to auto_char char for autocleanup
...
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain `char` functions/variables to `gchar`
Related to #1819 .
Edited by @jubalh.
2023-07-11 13:26:37 +02:00
John Hernandez
36784738fc
Add optional pgp public key autoimport
...
Refactor `p_gpg_list_keys`
Add `/pgp autoimport` command,
it's not described in XEP-0027, but used in some clients,
such as PSI, Pidgin. It will autoimport keys received with
`/pgp sendpub`, in plain text as a message, or using features,
provided in other clients. It doesn't autoassign them, but shows
command to assign, letting user to decide.
Improve documentation for some preexisting functions
Add contact argument to `/pgp sendpub`
2023-07-02 14:25:55 +02:00
John Hernandez
a59623a007
Add /pgp sendpub command
...
Command allows to share your PGP pub key with ease,
it's not described in XEP-0027, but used in some clients,
such as PSI, Pidgin.
Fix typos
Minor improvements
2023-07-02 14:25:55 +02:00
John Hernandez
899b26b3bc
Cleanup p_ox_gpg_decrypt
...
In OX implementation gpgme's buffer remains untouched, thus not leading to the crash.
But code can be shorter and more concise.
2023-04-13 17:17:25 +02:00
John Hernandez
5e8f1f9c85
Fix memory corruption crash
...
Under certain circumstances setting plain_str[len] to 0 might lead to crash
and it does not follow the best practices as well.
This change allows better handling of buffer copying and prevents crash.
2023-04-13 17:16:55 +02:00
Michael Vetter
e59c401c84
Adapt to g_string_free glib 2.75.3 change
...
glib 2.75.3 changes warning behaviour of `g_string_free()`.
See:
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3219
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3226
Use this opportunity to replace the use of GString with
`g_strdup_printf()` where possible.
Otherwise correctly take the return value of `g_string_free()`
which is nicer anyways.
2023-03-21 10:53:10 +01:00
Michael Vetter
3adc399da0
Update copyright year
2023-01-10 10:37:25 +01:00
Michael Vetter
ca9cc3275a
Remove comment
2022-06-29 09:21:44 +02:00
Michael Vetter
4d215fc33e
Move ox_gpg_public_keys description
2022-06-29 09:20:27 +02:00
Michael Vetter
a40a0f5189
Split ox functions from gpg.c to ox.c
2022-06-29 09:17:15 +02:00
Michael Vetter
e5e661e92d
ox: fix mistakes in p_ox_gpg_decrypt()
...
strcpy() can't work here because the data doesn't have to be
NULL-terminated. So let's use memcpy.
Fix memleak of plain_str.
2022-05-04 11:35:15 +02:00
Michael Vetter
58911926de
ox: print more error messages to UI
2022-05-03 23:39:10 +02:00
Michael Vetter
c3deb5d325
ox: dont require marginal trust level
...
Maybe we can make this configurable later.
So users have the freedom to be more strict.
This commit partly reverts 62018f48c5 .
Example to edit trust level:
```
gpg --edit-key somekeyid
gpg (GnuPG) 2.3.4; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa4096/keyid
created: 2020-06-26 expires: 2022-06-26 usage: SC
trust: unknown validity: full
sub rsa4096/keyid
created: 2020-06-26 expires: 2022-06-26 usage: E
[ full ] (1). xmpp:user@domain.de
gpg> trust
pub rsa4096/keyid
created: 2020-06-26 expires: 2022-06-26 usage: SC
trust: unknown validity: full
sub rsa4096/keyid
created: 2020-06-26 expires: 2022-06-26 usage: E
[ full ] (1). xmpp:user@domain.de
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 3
pub rsa4096/keyid
created: 2020-06-26 expires: 2022-06-26 usage: SC
trust: marginal validity: full
sub rsa4096/keyid
created: 2020-06-26 expires: 2022-06-26 usage: E
[ full ] (1). xmpp:user@domain.de
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> quit
```
2022-05-03 23:11:25 +02:00
Stefan Kropp
62018f48c5
ox_key_is_usable - Logging and owner trust check
...
* Added logging messages (INFO if key can not be used)
* Check owner_trust < GPGME_VALIDITY_MARGINAL
The key can not be used if the owner_trust is less than MARGINAL.
2022-05-03 23:00:11 +02:00
Michael Vetter
024694215d
Merge pull request #1644 from profanity-im/ox-polish
...
Improve OX user experience
2022-03-21 10:08:13 +01:00
Steffen Jaeckel
b8e46552bf
add files_file_in_account_data_path()
...
As all parts of the code invoking the `files_get_account_data_path()`
function did the same afterwards, a function has been added with the same
behavior.
1. create path
2. `mkdir` of that path
3. return final path
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de >
2022-03-13 14:15:02 +01:00
Michael Vetter
423105085a
ox: adjust formatting
2022-02-24 11:11:49 +01:00
Michael Vetter
9705e11527
ox: standardize log output
2022-02-24 11:10:23 +01:00
Steffen Jaeckel
9cf78e59d5
auto-format
...
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de >
2022-02-01 15:01:28 +01:00
Michael Vetter
f21595597f
Format code correctly
2021-10-05 10:01:27 +02:00
DebXWoody
6173e015f5
OX bug fixing
...
* Don't decryption if there is no private key
* Decryption error messages
2021-06-29 20:25:50 +02:00
Michael Vetter
a94378f206
Fix various typos
2020-12-10 09:24:32 +01:00
Michael Vetter
35aecd425f
Declare counter var inside loop
...
We require c99/gnu99 anyways.
2020-11-09 11:33:33 +01:00
Philipp Klaus Krause
6a276e74e3
Since the string from strerror should never be modified, use const.
2020-10-14 09:52:26 +02:00
DebXWoody
0552e50c78
OX: XEP-0373: OpenPGP for XMPP - Version 0.5.0 (2020-06-19)
...
Discovering Public Keys via PEP
* 4.3 Discovering Public Keys of a User
* 4.4 Requesting Public Keys
* Import Public Keys into GnuPG's local keyring.
Issue: #1331
2020-07-10 13:40:00 +02:00
Michael Vetter
a2726b6a7d
Apply coding style
2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa
Revert "Apply coding style"
...
This reverts commit 9b55f2dec0 .
Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0
Apply coding style
...
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
DebXWoody
5a17957253
OX: Announce public key on PEP
...
src/pgp/gpg.c:p_ox_gpg_readkey
Used to read a public key from a file. The function will return the fingerprint
of the file and the base64 encoded key.
src/xmpp/ox.[hc]
ox_announce_public_key(const char* const filename) can be called from the /ox
announce <filename> command. The key within the file will be pushed on PEP and
the Metadata node will be set.
Issue: #1331
2020-07-06 13:19:18 +02:00
Michael Vetter
26d4b00d6d
gpg.c: _ox_key_is_usable() simplify if condition
2020-07-02 15:11:06 +02:00
Michael Vetter
27f5706e77
gpg.c: Format new ox function heads
2020-07-02 15:09:34 +02:00
Michael Vetter
1224aa414e
Use files_get_account_data_path instead of duplicate code
...
We often had a use case where we want the account specific data dir.
Let's create a function for this instead of doing it by hand each time.
2020-07-01 10:05:45 +02:00
DebXWoody
2c94ee5a88
Feature request - XEP-0373: OpenPGP for XMPP (OX)
...
Basic implementation of XEP-0373: OpenPGP for XMPP.
https://xmpp.org/extensions/xep-0373.html
Command /ox
Issue: #1331
2020-06-29 19:05:41 +02:00
Paul Fariello
a52e3ea1d8
Add context to autocomplete_with_func and use it for omemo trust command
...
Fix #1068
2020-01-31 10:07:08 +01:00
Michael Vetter
46fd7150e5
Add vim modeline
2019-11-13 12:11:05 +01:00
Viachaslau Khalikin
289b05ea50
Restoration of correct GPG encryption
...
Fixes https://github.com/boothj5/profanity/issues/997
Proposed as https://github.com/boothj5/profanity/pull/1008
Related to XEP-0027.
Message edited and commit cherry picked by jubalh.
2019-02-20 11:53:40 +01:00
Michael Vetter
706af9a900
Update copyright to include 2019
2019-01-22 11:31:45 +01:00
James Booth
250e972b7a
Update copyright
2018-01-21 15:00:02 +00:00