Commit Graph

167 Commits

Author SHA1 Message Date
830479cf20 fix: OTR/presence/OMEMO correctness, stanza-id disco gate, build hardening
All checks were successful
CI Code / Check spelling (push) Successful in 17s
CI Code / Check coding style (push) Successful in 32s
CI Code / Code Coverage (push) Successful in 3m45s
CI Code / Linux (debian) (push) Successful in 4m42s
CI Code / Linux (ubuntu) (push) Successful in 4m49s
CI Code / Linux (arch) (push) Successful in 6m25s
- OTR: strip the whitespace tag by shifting the full message tail incl. the NUL, not tag_length bytes, so the body is no longer duplicated for messages longer than the tag.
- presence: snapshot the resource fields before connection_add_available_resource() takes ownership, removing a use-after-free in the own-presence path.
- OMEMO: propagate _omemo_finalize_identity_load() failure on connect (log + cons_show_error + stop) instead of leaving OMEMO silently unavailable.
- OMEMO: guard NULL fingerprint decode in _omemo_fingerprint_decode / omemo_is_trusted_identity / omemo_trust and log every decode failure instead of failing silently.
- stanza-id: gate XEP-0359 dedup on disco urn:xmpp:sid:0 (the `by` JID or its domain), falling back to no-dedup when caps are unknown; add functional tests for trusted vs untrusted server.
- accounts: narrow the group-name sanitizer to the characters GKeyFile forbids in headers ([ ] \n \r), keeping `=` and `#`, so read/write stays symmetric.
- build: re-introduce compiler/sanitizer flags in a Pikaur-safe form (opt-in sanitizers, -Wsign-compare) and fix the resulting -Wsign-compare warnings (incl. proftest _mkdir_recursive).fix: OTR/presence/OMEMO correctness, stanza-id disco gate, build hardening

Author: jabber.developer2 <jabber.developer2@jabber.space>
2026-06-20 10:30:23 +00:00
72f4f186da merge: sync upstream profanity-im/profanity
All checks were successful
CI Code / Check spelling (push) Successful in 18s
CI Code / Check coding style (push) Successful in 34s
CI Code / Code Coverage (push) Successful in 2m36s
CI Code / Linux (debian) (push) Successful in 4m41s
CI Code / Linux (ubuntu) (push) Successful in 4m52s
CI Code / Linux (arch) (push) Successful in 5m40s
Sync with upstream profanity-im/profanity.

Major upstream changes incorporated:

Memory management
  - Replace malloc+memset with g_new0 throughout codebase
  - Adopt auto_gchar / auto_gcharv / auto_gerror / auto_jid cleanup macros
  - Replace free() with g_free() for GAlloc'd memory

Editor rewrite
  - Remove pthread-based async editor; use GChildWatch callback API
  - New launch_editor(initial_content, callback, user_data) interface
  - Proper signal handling (SIGINT, SIGTSTP, SIGPIPE reset in child)
  - ui_suspend()/ui_resume() integration for TTY management

OMEMO improvements
  - Dual backend support: libsignal-protocol-c and libomemo-c
  - Proper pre-key removal after use (XEP-0384 compliance)
  - Automatic pre-key regeneration when store drops below threshold
  - New functions: omemo_is_device_active(), omemo_is_jid_trusted()
  - omemo_get_jid_untrusted_fingerprints() for better error messages
  - Fingerprint notifications on new device identity discovery
  - Deterministic pre-key ID generation tracking max_pre_key_id
  - omemo_trust_changed() UI updates on trust state changes

JID validation
  - RFC 6122-compliant validation in jid_is_valid()
  - Character-level checks (RFC 6122 forbidden chars: & ' / : < > @)
  - Length limits: 1023 per component, 3071 total
  - New jid_is_valid_user_jid() for user vs. service JID distinction

Database
  - Schema migration v3: UNIQUE constraint on archive_id for deduplication
  - Triggers for corrected message tracking (replaces_db_id / replaced_by_db_id)
  - db_history_result_t return type, _truncate_datetime_suffix()

UI / console
  - win_warn_needed() / win_warn_sent() warning deduplication hash table
  - PAD_MIN_HEIGHT dynamic pad sizing with PAD_THRESHOLD auto-cleanup
  - Spellcheck integration in input field with Unicode word detection
  - cons_spellcheck_setting() for /settings ui output
  - /[command]? shortcut for command help

Account config
  - Account name sanitization for GKeyFile special chars ([ ] = # \n \r)
  - Replace popen() with g_spawn_sync() for eval_password
  - TLS policy: add "direct" option alongside legacy

Connection
  - Port validation with g_assert (0–65535)
  - SHA-256 certificate fingerprint support (XMPP_CERT_PUBKEY_FINGERPRINT_SHA256)
  - "direct" TLS policy alias for legacy SSL

Common utilities
  - str_xml_sanitize() for XML 1.0 illegal character removal
  - string_matches_one_of() with formatted error messages
  - valid_tls_policy_option() helper
  - prof_date_time_format_iso8601() utility
  - Improved strip_arg_quotes() with backslash unescaping
  - prof_occurrences() uses g_slist_prepend + reverse for performance

PGP / OX
  - Proper GPGME resource cleanup with goto-cleanup pattern
  - g_string_free(xmppuri) leak fix in _ox_key_lookup

CSV export
  - Use GString + g_file_set_contents instead of raw write() syscalls

Tests
  - Restructured into subdirectories: command/, config/, xmpp/, ui/, omemo/, otr/, pgp/
  - New test_cmd_ac.c for autocompleter unit tests
  - Updated stubs for new UI suspend/resume functions

License headers
  - Migrate to SPDX-3.0 identifiers (GPL-3.0-or-later WITH OpenSSL-exception)

────────────────────────────────────────────────────
cproof-specific preservations:

  - XEP-0308 LMC: replace_id ?: id logic in message/stanza/omemo
  - Force encryption: cmd_force_encryption, test_forced_encryption
  - CWE-134: format string protection (cons_show("%s", ...))
  - y_start_pos-based paging in window.c
  - db_history_result_t return type, _truncate_datetime_suffix()

Merge-time fixes:

  - common.c: format-security (-Werror) — cons_show(errmsg) → cons_show("%s", errmsg)
  - database.c: null-deref guard — !msg->timestamp → msg && !msg->timestamp
  - console.c: implicit size_t → int cast — (int)(maxlen + 1)
  - tlscerts.c: %d for size_t — %zu

Build system:
  - Kept autotools (Makefile.am, configure.ac); upstream uses Meson
  - Restored deleted files: bootstrap.sh, autogen.sh, ax_valgrind_check.m4, configure-debug
  - Updated Makefile.am test paths for subdirectory structure
  - Added test_cmd_ac, test_forced_encryption to test sources

Functional tests:
  - Use cproof version; upstream requires stbbr_for_xmlns from updated stabber
  - Not yet available in devs/stabber fork

Closes #64

Merge author: jabber.developer2
Commits authors:
 Michael Vetter <jubalh@iodoru.org>
& Steffen Jaeckel <s@jaeckel.eu>
2026-05-26 17:48:14 +00:00
9ec01fa8cc fix: CWE-134 format string audit and compiler hardening
All checks were successful
CI Code / Check spelling (push) Successful in 20s
CI Code / Check coding style (push) Successful in 36s
CI Code / Code Coverage (push) Successful in 5m38s
CI Code / Linux (ubuntu) (push) Successful in 7m1s
CI Code / Linux (debian) (push) Successful in 7m5s
CI Code / Linux (arch) (push) Successful in 7m19s
Security:
Fix CWE-134 in iq.c: user-controlled string passed as format argument
Add G_GNUC_PRINTF annotations to all variadic printf-like wrappers
in ui.h, log.h and http_common.h
Compiler flags (configure.ac):

Replace basic -Wformat/-Wformat-nonliteral with -Wformat=2
Add -Wextra, -Wnull-dereference, -Wpointer-arith,
-Wimplicit-function-declaration, -Wundef, -Wfloat-equal,
-Wredundant-decls, -Walloc-zero
Add -fstack-protector-strong, -fno-common, -D_FORTIFY_SOURCE=2
Add GCC-specific flags via AC_COMPILE_IFELSE: -Wlogical-op,
-Wduplicated-cond, -Wduplicated-branches, -Wstringop-overflow,
-Warray-bounds=2
Suppress noisy -Wextra sub-warnings: -Wno-unused-parameter,
-Wno-missing-field-initializers, -Wno-sign-compare,
-Wno-cast-function-type
Remove AM_CFLAGS/CFLAGS duplication
Bug fixes found by new warnings:

chatlog.c: non-MUCPM redact path passed resourcepart instead of NULL
rosterwin.c: merge duplicated if/else branches into single condition
omemo.c: redundant else-if in omemo_automatic_start; remove
unnecessary scope block and goto, use early return
console.c: pointer compared to integer 0 instead of NULL
stanza.c: increase pri_str/idle_str buffers from 10 to 12 bytes
(INT_MIN = -2147483648 needs 12 bytes including NUL)
vcard.c: NULL guard for filename before g_file_set_contents
api.c: broken log_warning() calls with extra format argument
Format mismatch fixes:

chatwin.c: Jid* → char* for %s
connection.c: %x → %lx for long flags
cmd_funcs.c: %d → %zu for size_t; cast gpointer to char* for %s
cmd_defs.c: %d → %u for g_list_length() return (guint)
iq.c: barejid → fulljid for from_jid
console.c, mucwin.c, privwin.c, account.c, omemo.c, presence.c:
gpointer → (char*) casts for %s
Const-correctness and cleanup:

database.c: const for type, query, sort variables
form.c/xmpp.h: const for form_set_value parameter
files.c: refactor to early return, eliminating NULL logfile path
muc.c/muc.h: remove meaningless top-level const on return type
common.c: const for URL string literal
Remove stale declarations: cons_show_desktop_prefs (ui.h),
connection_set_priority (connection.h),
omemo_devicelist_configure_and_request (omemo.h)
test_common.c: add currb NULL check to silence -Wnull-dereference
Tooling (check-cwe134.sh):

Reduce from 5 checks to 2 (checks 1-3 redundant with -Wformat=2)
Check 1: verify known wrappers have G_GNUC_PRINTF attribute
Check 2: auto-detect unannotated variadic printf-like functions
Match both const char* and const gchar* in variadic patterns

Author: jabber.developer2 <jabber.developer2@jabber.space>
2026-03-07 11:55:50 +01:00
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
Michael Vetter
07dfeec816 Release 0.15.0 2025-03-27 20:06:38 +01:00
Steffen Jaeckel
59aa9d64df Check return values of libgcrypt initialisation.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-17 17:00:17 +01:00
Steffen Jaeckel
c5a131ee46 Introduce our own shutdown callback mechanism.
Instead of adding stuff to `_shutdown()`, we can now register a shutdown
routine from the respective `init()` function of our modules.

This also has the advantage, that we're sure they're called in reverse
order from how the initialization happened.

I didn't simply use `atexit()` because POSIX says that the number of
possible callbacks is limited (min 32) and I was not sure whether
we will maybe extend this number at one point.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-07 21:09:16 +01:00
Michael Vetter
07900e9617 Revert "Fix potential double free of ratchet identity key"
This reverts commit 3b099e9403.

This resulted in:
```
==5285== Invalid read of size 16
==5285==    at 0x4FA80FC: ec_public_key_serialize (in /usr/lib64/libsignal-protocol-c.so.2.3.3)
==5285==    by 0x4E5E76: omemo_identity_key (omemo.c:419)
==5285==    by 0x4EBB7E: omemo_bundle_publish (omemo.c:129)
==5285==    by 0x4E5BD9: omemo_publish_crypto_materials (omemo.c:335)
==5285==    by 0x460407: sv_ev_connection_features_received (server_events.c:202)
==5285==    by 0x43AA87: connection_features_received (connection.c:779)
==5285==    by 0x4418C9: _disco_info_response_id_handler_onconnect (iq.c:2423)
==5285==    by 0x43B9F1: _iq_handler (iq.c:241)
==5285==    by 0x5163848: ??? (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x516A224: ??? (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x5E4FE43: ??? (in /usr/lib64/libxml2.so.2.12.8)
==5285==    by 0x5E54927: xmlParseChunk (in /usr/lib64/libxml2.so.2.12.8)
==5285==    by 0x5163450: xmpp_run_once (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x439797: connection_check_events (connection.c:162)
==5285==    by 0x43894E: session_process_events (session.c:256)
==5285==    by 0x4319FF: prof_run (profanity.c:128)
==5285==    by 0x4EDAE6: main (main.c:174)
==5285==  Address 0xa1cb1e0 is 16 bytes inside a block of size 72 free'd
==5285==    at 0x484875B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5285==    by 0x4395D0: _xfree (connection.c:110)
==5285==    by 0x516A1A7: xmpp_stanza_release (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x516A16C: xmpp_stanza_release (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x516A16C: xmpp_stanza_release (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x516A230: ??? (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x5E4FE43: ??? (in /usr/lib64/libxml2.so.2.12.8)
==5285==    by 0x5E54927: xmlParseChunk (in /usr/lib64/libxml2.so.2.12.8)
==5285==    by 0x5163450: xmpp_run_once (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x439797: connection_check_events (connection.c:162)
==5285==    by 0x43894E: session_process_events (session.c:256)
==5285==    by 0x4319FF: prof_run (profanity.c:128)
==5285==    by 0x4EDAE6: main (main.c:174)
==5285==  Block was alloc'd at
==5285==    at 0x4845794: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5285==    by 0x43958A: _xmalloc (connection.c:102)
==5285==    by 0x516A0D1: xmpp_stanza_new (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x516BF34: ??? (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x5F10A17: ??? (in /usr/lib64/libxml2.so.2.12.8)
==5285==    by 0x5E5481F: xmlParseChunk (in /usr/lib64/libxml2.so.2.12.8)
==5285==    by 0x5163450: xmpp_run_once (in /usr/lib64/libstrophe.so.0.13.1)
==5285==    by 0x439797: connection_check_events (connection.c:162)
==5285==    by 0x43894E: session_process_events (session.c:256)
==5285==    by 0x4319FF: prof_run (profanity.c:128)
==5285==    by 0x4EDAE6: main (main.c:174)
```

Tested via sending OMEMO messages via 1:1 and in MUC.
2024-06-20 12:41:20 +02:00
Steffen Jaeckel
3b099e9403 Fix potential double free of ratchet identity key
libsignal does this properly, so there wouldn't be a real double free, but
it will `abort()`.

Instead of destroying the identity key on disconnect, already destroy it
after it has been put into the libsignal 'ratchet identity key pair'.

In the case where the key pair is initially generated, the public
and private parts are only `ref()`'ed once in [0].
In the case where the key pair is read from the disk, the public
and private parts are `ref()`'ed twice, first when decoded in [1] resp.
[2] and a second time in [3].

When `omemo_on_disconnect()` is called we were `unref()`'ing the parts
twice, before this patch. First in [4], a second time in [5] resp. [6].

Now we do the second `unref()` already when loading.

[0] `signal_protocol_key_helper_generate_identity_key_pair()`
[1] `curve_decode_point()`
[2] `curve_decode_private_point()`
[3] `ratchet_identity_key_pair_create()`
[4] `ratchet_identity_key_pair_destroy()`
[5] `ec_private_key_destroy()`
[6] `ec_public_key_destroy()`

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2024-06-19 16:01:46 +02:00
Steffen Jaeckel
848acdd1fa Improve const correctness
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2024-06-19 16:01:46 +02:00
Michael Vetter
569e37f018 Update copyright to 2024 2024-01-22 16:03:48 +01:00
Steffen Jaeckel
bac24601da Introduce equals_our_barejid()
Instead of always repeating the same pattern, introduce a helper function.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:27:02 +01:00
Steffen Jaeckel
fdfe3e2ad9 Rework OMEMO handling on disconnect
* Fix missing destruction of `session_store` and mutex
* Replace `glib_hash_table_free()`
  The glib API `g_hash_table_destroy()` does exactly the same.
* Use the default libsignal `destroy_func` instead of doing that manually
* Set internal state to `0` after everything is cleaned up

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:26:21 +01:00
Steffen Jaeckel
847a86de50 add connection_get_jid()
Use a singleton `Jid` inside the connection instead of always re-creating
a `Jid` from the same string.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:26:21 +01:00
Steffen Jaeckel
4c26462827 Ensure instances of auto types are initialized
Follow-up of #1913

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-11-06 22:22:35 +01:00
Steffen Jaeckel
5b6b5130ae Fix OMEMO keyfile loading
We have to lazy load the keyfiles as they will maybe be written at one
point and should be initialized by that time.

Fixup of ca2df180d8

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-09-08 14:51:13 +02:00
Steffen Jaeckel
ca2df180d8 Introduce a shared implementation for keyfile loading
Instead of copy&pasting the same code over again, use a common
implementation.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-09-04 09:59:09 +02:00
John Hernandez
865a056315 Cleanup g_strfreev() to auto_gcharv
Include some additional minor cleanups
2023-07-13 17:05:07 +02:00
John Hernandez
029f1caa52 Cleanup jid_destroy to auto_jid
Remove unused variables
Apply minor cleanups
2023-07-13 17:05:07 +02:00
John Hernandez
8304ac86ff g_free() to auto_gfree, introduce auto_guchar
Fix 11 potential mem leaks in theme.c
2023-07-13 17:04:59 +02:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
John Hernandez
4a70f5f513 Cleanup char* to auto_gchar gchar* for prefs_get_string
Necessity explained in #1819
2023-07-03 16:06:27 +02:00
John Hernandez
7f3fca2bd0 Cleanup: gchar as gchar instead of char
Use gchar instead of char in most of the cases where gchar is intended.

Reason: improve compatibility and stability. Issue #1819

Minor refactoring.
2023-05-04 16:15:09 +02:00
Martin Dosch
e1ffc64a65 User proper ellipsis char
As stated in
https://github.com/profanity-im/profanity/pull/1820#issuecomment-1498083383
profanity uses "..." (three dots) in a lot of places instead the proper
ellipsis char "…".
2023-04-09 12:19:18 +02:00
Steffen Jaeckel
091987db94 fix #1797
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-03-12 17:37:21 +01:00
the xhr
714add207b Add macro for possible NULL prints and use it on known sports
The macro is effective on OpenBSD and basically a no op on other platforms.
Use it for one existing and the other known debug statements.
2023-01-26 17:42:52 +01:00
the xhr
6ceafac6aa Check if string is NULL and print placeholder instead
OpenBSD's kernel warns about NULL printfs.  Fix this with a standard check.
2023-01-26 17:39:46 +01:00
Steffen Jaeckel
698aefa005 fix memory leaks in OMEMO
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-18 20:11:13 +01:00
Michael Vetter
3adc399da0 Update copyright year 2023-01-10 10:37:25 +01:00
Michael Vetter
8c313011c0 Fix typo in omemo command 2022-06-05 17:25:53 +02:00
Michael Vetter
2e85f18cd6 Use our omemo sid/fingerprint in qr code
Current clients sid/fingerprint will be shown in following format:
`xmpp:<user@server>?omemo-sid-<numerical-sid>=<omemo-fingerprint-hex-string>`

Fix https://github.com/profanity-im/profanity/issues/1320
2022-05-31 15:44:44 +02:00
Michael Vetter
1330ad4e1e Update copyright year 2022-05-09 15:43:33 +02:00
Steffen Jaeckel
b8e46552bf add files_file_in_account_data_path()
As all parts of the code invoking the `files_get_account_data_path()`
function did the same afterwards, a function has been added with the same
behavior.

1. create path
2. `mkdir` of that path
3. return final path

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-03-13 14:15:02 +01:00
Michael Vetter
3f8720d70f build: remove support for old libsignal
Remove support for libsignal-protocol-c < 2.3.2.
Debian 10 uses 2.3.2, Debian 11 and 12 use 2.3.3.
openSUSE from 15.2 onward uses 2.3.3.
Fedora since 28 uses 2.3.2.

We should be good.
2022-02-18 14:01:28 +01:00
Steffen Jaeckel
9cf78e59d5 auto-format
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-02-01 15:01:28 +01:00
nandesu-utils
fee23b55f0 Refined sender device acquirement
Now the sender devices are acknowledged only after omemo is loaded. That
is, after key generation has been completed or identity has been loaded.
2021-10-29 01:27:38 +09:00
nandesu-utils
17d62921e9 Acquire sender's device list on connection
After generation of an identity we observe that `omemo_ctx.device_list`
has an entry for sender's jid. But on application restart it is absent
thus messages are not encrypted for the rest set of sender devices.

This commit fixes this by applying code for acquiring the aforementioned device list after the connection.
2021-10-28 04:23:41 +09:00
Michael Vetter
f21595597f Format code correctly 2021-10-05 10:01:27 +02:00
Michael Vetter
4641537721 omemo: always free error and print warning
Fix https://github.com/profanity-im/profanity/issues/1584
2021-07-22 08:29:05 +02:00
Michael Vetter
a46c4443e3 Fix segfault when aesgcm url isn't the expected size
Fixes the bug mentioned in
https://github.com/profanity-im/profanity/issues/1478#issuecomment-794161606

The rest of https://github.com/profanity-im/profanity/issues/1478 I
can't reproduce. Seems to work fine.
2021-06-30 12:27:11 +02:00
DebXWoody
879a47c71b OMEMO Logging 2021-06-28 20:02:22 +02:00
DebXWoody
8fe95399a1 OMEMO: Separate handling of device list
In profanity are two handlers for device list:

 * _handle_own_device_list
 * _handle_device_list_start_session

I seems both handler will start a session via
omemo_start_device_session_handle_bundle

_handle_own_device_list will also make sure, that the own device is withing the
omemo device list. If we add the _handle_device_list_start_session into the
hashmap, we are not going the republish ourself, in case we clean-up the device
list from another client.

This will maybe fix #1552

99 Little Bugs in my Code.
Take one down.
Patch it around.
113 Bugs in my Code
2021-06-05 19:12:42 +02:00
Michael Vetter
e1fbe3be90 Merge pull request #1542 from DebXWoody/bugfix/fix1541
OMEMO: Don't encrypt to yourself (MUC)
2021-06-03 15:43:56 +02:00
DebXWoody
41913a0aea OMEMO - Unable to publish own device list
If we are not able to publish our own device list, we just ignored it.
This commit will show at least an error message and informs the user that this
device is currently not in the list of devices.

See Issue: #1538

Next task will be to handle the <precondition-not-met/> conflict properly.
2021-06-01 09:44:48 +02:00
DebXWoody
64bcc06259 OMEMO: Don't encrypt to yourself (MUC)
Use connection_get_barejid instead of connection_get_fulljid.
2021-05-29 07:30:36 +02:00
DebXWoody
3b020144d5 OMEMO: Don't encrypt to yourself (MUC)
As defined in XEP-0384 the application should not encrypt the message to own
devices. Within a groupchat, yourself are a recipients as well.

We will check the recipients and filter out the own device of the own jid.

This Pull Request will fix Issue: #1541
2021-05-28 21:48:43 +02:00
DebXWoody
de06cd395b Improved OMEMO logging
The most loggings has been set to debug. Just in case of error / problem the
logging should be done with log-level ERROR or WARNING.

We will see later, which loggings should be switched to log-level INFO.

This improvement has been done to find OMEMO bugs.

See also: #1070 #1530 #1538
2021-05-28 17:45:15 +02:00
Stefan
3ba38eafa8 OMEMO - trust mode (#1506)
Add OMEMO trust mode capabilities.

* ToFu / first usage
* blind trust
* manual
2021-04-17 13:28:54 +02:00
Maximilian Wuttke
e8664e2730 OMEMO: Fail if message keys couldn't be encrypted for any recipient device
If the message (key) can't be encrypted for any device, sending the
message is refused and an informative error message is presented to the
user.

Also, don't encrypt for the same device, since the OMEMO XEP disallows
this.
2021-04-08 00:29:58 +02:00
Michael Vetter
eaf76555bd Include config.h in omemo files
So that off_t is defined in all files (so far http_upload.c and
http_download.c too) the same way.

Fix https://github.com/profanity-im/profanity/issues/1512

Thanks @pasis for finding the solution!
2021-03-26 19:54:04 +01:00