Commit Graph

108 Commits

Author SHA1 Message Date
bfd7064a40 build: add missing includes to header files
This change adds necessary `#include` directives that were previously
omitted in some header files. Without these includes, compilation
could fail or produce undefined behavior when the headers are used
in isolation (i.e., before their dependencies are included elsewhere).

Ensures better modularity and reliability of header usage.
2026-06-16 11:21:11 +00:00
72f4f186da merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
d07ca9953d fix: reduce logging
All checks were successful
CI / Check spelling (push) Successful in 16s
CI / Check coding style (push) Successful in 31s
CI / Linux (ubuntu) (push) Successful in 10m12s
CI / Linux (arch) (push) Successful in 12m3s
CI / Linux (debian) (push) Successful in 12m12s
CI / Linux (fedora) (push) Successful in 17m6s
If we can't debug_log because we couldn't obtain some data, but otherwise the app is working, "warning" level is clearly excessive.
2025-07-05 20:54:06 +02:00
developer1
69238e7e66 Update deprecated email extraction in p_gpg_decrypt
Some checks failed
CI / Linux (arch) (pull_request) Successful in 12m32s
CI / Linux (debian) (pull_request) Successful in 12m25s
CI / Check spelling (pull_request) Successful in 16s
CI / Linux (fedora) (pull_request) Successful in 15m17s
CI / Linux (ubuntu) (pull_request) Successful in 14m13s
CI / Check coding style (pull_request) Failing after 4m24s
Fixes arch build.

Since gpgme v2 release, https://github.com/gpg/gpgme/blob/master/NEWS, the gpgme_key_get_string_attr as well as GPGME_ATTR_EMAIL are REMOVED.

Fixes #2
Closes #2
2025-06-19 18:20:50 +02:00
Michael Vetter
07dfeec816 Release 0.15.0 2025-03-27 20:06:38 +01:00
Steffen Jaeckel
c5a131ee46 Introduce our own shutdown callback mechanism.
Instead of adding stuff to `_shutdown()`, we can now register a shutdown
routine from the respective `init()` function of our modules.

This also has the advantage, that we're sure they're called in reverse
order from how the initialization happened.

I didn't simply use `atexit()` because POSIX says that the number of
possible callbacks is limited (min 32) and I was not sure whether
we will maybe extend this number at one point.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-07 21:09:16 +01:00
Michael Vetter
0995b1a180 Add NULL check to _gpgme_key_to_ProfPGPKey
Fix https://github.com/profanity-im/profanity/issues/1995

Tested-by: Martin Dosch <martin@mdosch.de>
2024-09-07 12:44:42 +02:00
Michael Vetter
569e37f018 Update copyright to 2024 2024-01-22 16:03:48 +01:00
Steffen Jaeckel
ca2df180d8 Introduce a shared implementation for keyfile loading
Instead of copy&pasting the same code over again, use a common
implementation.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-09-04 09:59:09 +02:00
John Hernandez
865a056315 Cleanup g_strfreev() to auto_gcharv
Include some additional minor cleanups
2023-07-13 17:05:07 +02:00
John Hernandez
8304ac86ff g_free() to auto_gfree, introduce auto_guchar
Fix 11 potential mem leaks in theme.c
2023-07-13 17:04:59 +02:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
John Hernandez
36784738fc Add optional pgp public key autoimport
Refactor `p_gpg_list_keys`
Add `/pgp autoimport` command,
it's not described in XEP-0027, but used in some clients,
such as PSI, Pidgin. It will autoimport keys received with
`/pgp sendpub`, in plain text as a message, or using features,
provided in other clients. It doesn't autoassign them, but shows
command to assign, letting user to decide.
Improve documentation for some preexisting functions
Add contact argument to `/pgp sendpub`
2023-07-02 14:25:55 +02:00
John Hernandez
a59623a007 Add /pgp sendpub command
Command allows to share your PGP pub key with ease,
it's not described in XEP-0027, but used in some clients,
such as PSI, Pidgin.
Fix typos
Minor improvements
2023-07-02 14:25:55 +02:00
John Hernandez
899b26b3bc Cleanup p_ox_gpg_decrypt
In OX implementation gpgme's buffer remains untouched, thus not leading to the crash.

But code can be shorter and more concise.
2023-04-13 17:17:25 +02:00
John Hernandez
5e8f1f9c85 Fix memory corruption crash
Under certain circumstances setting plain_str[len] to 0 might lead to crash
and it does not follow the best practices as well.

This change allows better handling of buffer copying and prevents crash.
2023-04-13 17:16:55 +02:00
Michael Vetter
e59c401c84 Adapt to g_string_free glib 2.75.3 change
glib 2.75.3 changes warning behaviour of `g_string_free()`.
See:
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3219
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3226

Use this opportunity to replace the use of GString with
`g_strdup_printf()` where possible.
Otherwise correctly take the return value of `g_string_free()`
which is nicer anyways.
2023-03-21 10:53:10 +01:00
Michael Vetter
3adc399da0 Update copyright year 2023-01-10 10:37:25 +01:00
Michael Vetter
ca9cc3275a Remove comment 2022-06-29 09:21:44 +02:00
Michael Vetter
4d215fc33e Move ox_gpg_public_keys description 2022-06-29 09:20:27 +02:00
Michael Vetter
a40a0f5189 Split ox functions from gpg.c to ox.c 2022-06-29 09:17:15 +02:00
Michael Vetter
e5e661e92d ox: fix mistakes in p_ox_gpg_decrypt()
strcpy() can't work here because the data doesn't have to be
NULL-terminated. So let's use memcpy.

Fix memleak of plain_str.
2022-05-04 11:35:15 +02:00
Michael Vetter
58911926de ox: print more error messages to UI 2022-05-03 23:39:10 +02:00
Michael Vetter
c3deb5d325 ox: dont require marginal trust level
Maybe we can make this configurable later.
So users have the freedom to be more strict.

This commit partly reverts 62018f48c5.

Example to edit trust level:
```
gpg --edit-key somekeyid
gpg (GnuPG) 2.3.4; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  rsa4096/keyid
     created: 2020-06-26  expires: 2022-06-26  usage: SC
     trust: unknown       validity: full
sub  rsa4096/keyid
     created: 2020-06-26  expires: 2022-06-26  usage: E
[  full  ] (1). xmpp:user@domain.de

gpg> trust
pub  rsa4096/keyid
     created: 2020-06-26  expires: 2022-06-26  usage: SC
     trust: unknown       validity: full
sub  rsa4096/keyid
     created: 2020-06-26  expires: 2022-06-26  usage: E
[  full  ] (1). xmpp:user@domain.de

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 3

pub  rsa4096/keyid
     created: 2020-06-26  expires: 2022-06-26  usage: SC
     trust: marginal      validity: full
sub  rsa4096/keyid
     created: 2020-06-26  expires: 2022-06-26  usage: E
[  full  ] (1). xmpp:user@domain.de
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> quit
```
2022-05-03 23:11:25 +02:00
Stefan Kropp
62018f48c5 ox_key_is_usable - Logging and owner trust check
* Added logging messages (INFO if key can not be used)
 * Check owner_trust < GPGME_VALIDITY_MARGINAL

The key can not be used if the owner_trust is less than MARGINAL.
2022-05-03 23:00:11 +02:00
Michael Vetter
024694215d Merge pull request #1644 from profanity-im/ox-polish
Improve OX user experience
2022-03-21 10:08:13 +01:00
Steffen Jaeckel
b8e46552bf add files_file_in_account_data_path()
As all parts of the code invoking the `files_get_account_data_path()`
function did the same afterwards, a function has been added with the same
behavior.

1. create path
2. `mkdir` of that path
3. return final path

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-03-13 14:15:02 +01:00
Michael Vetter
423105085a ox: adjust formatting 2022-02-24 11:11:49 +01:00
Michael Vetter
9705e11527 ox: standardize log output 2022-02-24 11:10:23 +01:00
Steffen Jaeckel
9cf78e59d5 auto-format
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-02-01 15:01:28 +01:00
Michael Vetter
f21595597f Format code correctly 2021-10-05 10:01:27 +02:00
DebXWoody
6173e015f5 OX bug fixing
* Don't decryption if there is no private key
 * Decryption error messages
2021-06-29 20:25:50 +02:00
Michael Vetter
a94378f206 Fix various typos 2020-12-10 09:24:32 +01:00
Michael Vetter
35aecd425f Declare counter var inside loop
We require c99/gnu99 anyways.
2020-11-09 11:33:33 +01:00
Philipp Klaus Krause
6a276e74e3 Since the string from strerror should never be modified, use const. 2020-10-14 09:52:26 +02:00
DebXWoody
0552e50c78 OX: XEP-0373: OpenPGP for XMPP - Version 0.5.0 (2020-06-19)
Discovering Public Keys via PEP

* 4.3 Discovering Public Keys of a User
* 4.4 Requesting Public Keys

* Import Public Keys into GnuPG's local keyring.

Issue: #1331
2020-07-10 13:40:00 +02:00
Michael Vetter
a2726b6a7d Apply coding style 2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa Revert "Apply coding style"
This reverts commit 9b55f2dec0.

Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0 Apply coding style
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
DebXWoody
5a17957253 OX: Announce public key on PEP
src/pgp/gpg.c:p_ox_gpg_readkey

Used to read a public key from a file. The function will return the fingerprint
of the file and the base64 encoded key.

src/xmpp/ox.[hc]

ox_announce_public_key(const char* const filename) can be called from the /ox
announce <filename> command. The key within the file will be pushed on PEP and
the Metadata node will be set.

Issue: #1331
2020-07-06 13:19:18 +02:00
Michael Vetter
26d4b00d6d gpg.c: _ox_key_is_usable() simplify if condition 2020-07-02 15:11:06 +02:00
Michael Vetter
27f5706e77 gpg.c: Format new ox function heads 2020-07-02 15:09:34 +02:00
Michael Vetter
1224aa414e Use files_get_account_data_path instead of duplicate code
We often had a use case where we want the account specific data dir.
Let's create a function for this instead of doing it by hand each time.
2020-07-01 10:05:45 +02:00
DebXWoody
2c94ee5a88 Feature request - XEP-0373: OpenPGP for XMPP (OX)
Basic implementation of XEP-0373: OpenPGP for XMPP.
https://xmpp.org/extensions/xep-0373.html

Command /ox

Issue: #1331
2020-06-29 19:05:41 +02:00
Paul Fariello
a52e3ea1d8 Add context to autocomplete_with_func and use it for omemo trust command
Fix #1068
2020-01-31 10:07:08 +01:00
Michael Vetter
46fd7150e5 Add vim modeline 2019-11-13 12:11:05 +01:00
Viachaslau Khalikin
289b05ea50 Restoration of correct GPG encryption
Fixes https://github.com/boothj5/profanity/issues/997
Proposed as https://github.com/boothj5/profanity/pull/1008
Related to XEP-0027.

Message edited and commit cherry picked by jubalh.
2019-02-20 11:53:40 +01:00
Michael Vetter
706af9a900 Update copyright to include 2019 2019-01-22 11:31:45 +01:00
James Booth
250e972b7a Update copyright 2018-01-21 15:00:02 +00:00