Compare commits

..

407 Commits

Author SHA1 Message Date
36f4377b4c fix(editor): remove duplicate #include "ui/ui.h"
All checks were successful
CI Code / Check spelling (pull_request) Successful in 16s
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Code Coverage (pull_request) Successful in 2m36s
CI Code / Linux (debian) (pull_request) Successful in 4m42s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m52s
CI Code / Linux (arch) (pull_request) Successful in 5m41s
editor.c included ui/ui.h twice in a row (lines 25 and 27). Harmless
due to the header guard but pure noise.
2026-05-24 11:13:39 +03:00
1dd22af294 fix: follow-ups to cherry-picked d3d7c328b
All checks were successful
CI Code / Check spelling (pull_request) Successful in 18s
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Code Coverage (pull_request) Successful in 2m37s
CI Code / Linux (debian) (pull_request) Successful in 4m40s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m50s
CI Code / Linux (arch) (pull_request) Successful in 5m39s
- src/xmpp/jid.c: add missing #include "log.h" — d3d7c328b
  introduced a log_debug() call in jid_create without pulling in
  the header, so the source tree did not actually build.

- src/omemo/omemo.c omemo_on_message_send: add the missing
  NULL-check after the gcry_malloc_secure calls for 'tag' /
  'key_tag' so a real OOM does not sail into the memcpy/encrypt
  path. (The 'key' check d3d7c328b added is defensive only —
  gcry_random_bytes_secure aborts internally on failure.)

- src/omemo/omemo.c _cache_device_identity: drop the second
  'if (!fingerprint) return' on the autocomplete path. fingerprint
  is already NULL-checked at the top of the function and is not
  reassigned in between, so the second guard is dead code (upstream
  artefact).

- src/tools/editor.c launch_editor: replace the
  g_main_context_acquire/release pair with
  g_child_watch_source_new(getpid()) + g_source_unref.
  acquire/release does not install GLib's SIGCHLD handler — that
  handler is registered as a side effect of constructing a
  GChildWatchSource. Now we actually pre-arm SIGCHLD before
  forking, which is what d3d7c328b's comment claimed.

- src/ui/statusbar.c status_bar_inactive / _create_tab: switch the
  remaining two literal '10' tab-id values to the CONSOLE_TAB_ID
  define introduced by d3d7c328b, then inline the expression
  directly into the GINT_TO_POINTER() argument so the one-shot
  local 'true_win' goes away.

Verified with ci-build.sh in Debian docker: all 4 configs pass
(644/0, 605/0, 605/0, 644/0 unit + 130/0 functional).
2026-05-23 16:57:45 +03:00
d3d7c328b4 fix: address config injection and SIGCHLD handling
- Sanitize account names to prevent GKeyFile config injection by
  blocking special characters like #, \n, and \r.
- Ensure GLib's SIGCHLD handler is initialized before forking
  external editors to prevent zombie processes.
- Add missing error check for OMEMO random key generation.
- Replace hardcoded console tab ID with a named constant.
- Log invalid JIDs safely to prevent potential null pointer issues.
2026-05-23 16:13:39 +03:00
adab585c09 fix(review): address PR #105 review follow-ups
All checks were successful
CI Code / Check coding style (pull_request) Successful in 31s
CI Code / Check spelling (pull_request) Successful in 18s
CI Code / Linux (debian) (pull_request) Successful in 4m45s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m56s
CI Code / Linux (arch) (pull_request) Successful in 5m39s
CI Code / Code Coverage (pull_request) Successful in 6m41s
- src/log.c: log_stderr_init no longer closes STDERR_FILENO immediately
  after dup2(). The previous 'close(dup_fd)' closed fd 2 because dup2
  returns newfd on success; the in-app stderr capture pipe was silently
  dead, dropping libstrophe/openssl error output. Close the original
  stderr_pipe[1] instead and remember that the write end now lives at
  STDERR_FILENO so _log_stderr_close stays correct.

- src/database_sqlite.c: NULL-check sqlite3_mprintf result before
  passing it to sqlite3_exec in the DbVersion bootstrap path.

- src/tools/editor.c: drop three orphan #includes (<fcntl.h>,
  <pthread.h>, <readline/readline.h>) left behind when 9b03e3a50
  removed the async-editor path.

- src/xmpp/jid.c: match the g_new0 allocation in jid_create with
  g_free in jid_destroy. Same behaviour on glibc but stops being a
  foot-gun under custom glib allocators.

Verified with ci-build.sh in Debian docker: all 4 configs pass
(644/0, 605/0, 605/0, 644/0 unit + 130/0 functional).
2026-05-21 15:40:25 +03:00
9b03e3a508 refactor: address PR #105 review (#1222, #1226)
All checks were successful
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 30s
CI Code / Code Coverage (pull_request) Successful in 2m36s
CI Code / Linux (debian) (pull_request) Successful in 4m39s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m48s
CI Code / Linux (arch) (pull_request) Successful in 5m36s
#1222 (src/xmpp/roster_list.c): remove dead 'resource = NULL' inside
roster_update_presence() — assigning to a value parameter never
affects the caller. Document the ownership contract: the function
consumes 'resource' on every return path and callers must null
their own pointer afterwards. The existing caller in
roster_process_pending_presence already does that, and
resource_destroy() is NULL-safe.

#1226 (src/tools/editor.{c,h}): remove get_message_from_editor[_async]
and the surrounding async-editor infrastructure (editor_thread,
editor_task global, editor_process polling, EditorTask typedef).
The upstream callback-based launch_editor API has replaced every
call site (cmd_funcs.c, inputwin.c). Also drop the now-unused
'background_mode' global (only the obsolete async path ever set it
to TRUE) and the editor_process() call in profanity.c main loop.

Verified with ci-build.sh in Debian docker — all 4 build configs
pass (644/0, 605/0, 605/0, 644/0 unit + 130/0 functional each).
2026-05-21 12:50:19 +03:00
14380c8373 tests: add ui_is_suspended stub (upstream 3326ce5c6)
All checks were successful
CI Code / Check spelling (pull_request) Successful in 18s
CI Code / Check coding style (pull_request) Successful in 31s
CI Code / Code Coverage (pull_request) Successful in 2m28s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m20s
CI Code / Linux (debian) (pull_request) Successful in 6m45s
CI Code / Linux (arch) (pull_request) Successful in 9m36s
Add stub for ui_is_suspended() in tests/unittests/ui/stub_ui.c so
the unit-test binary links cleanly against any code path that calls
it from non-UI translation units.
2026-05-21 12:31:15 +03:00
025051505b fix(receipts): request receipts when capabilities unknown (upstream 4749645c7)
When the receipts-request preference is on but we have no cached
EntityCapabilities for the recipient (new session, bare-jid only,
disco not finished), the previous check via caps_jid_has_feature()
defaulted to 'not supported' and silently suppressed the receipt.
Per XEP-0184 we should send the receipt request unless we have
positive knowledge that the peer does not advertise the feature.

Restore that behaviour: look up caps with caps_lookup(); only flip
request_receipt off when caps are present AND the feature is
missing from the list. If caps are NULL, leave the request enabled
(falls back to the user preference).
2026-05-21 12:30:56 +03:00
fbdef0b9d4 fix(database): port v3 migration into database_sqlite.c and harden init (upstream 42a849d16)
The SQLite-backend code now lives in database_sqlite.c (master split
src/database.c into a thin backend dispatcher); the upstream changes
that PR 105 had folded into the monolithic database.c were not
ported across when we took master's dispatcher version. This brings
forward the v3 schema work and folds in upstream 42a849d16
(fix(database): resolve migration failure and improve init safety):

- latest_version bumped 2 -> 3; ChatLogs.archive_id gains UNIQUE
  constraint; _migrate_to_v3 dedupes existing rows via the
  ChatLogs_v3_migration intermediate table
- DbVersion bookkeeping uses DELETE+INSERT instead of UPDATE so
  multiple rows do not trip the unique-constraint failure reported
  upstream (#2105)
- Initial INSERT INTO DbVersion uses latest_version via
  sqlite3_mprintf, so brand-new databases are stamped at the current
  schema and skip redundant migrations
- server_events.c now checks log_database_init's return so a broken
  DB init is logged instead of silently leaving the handle half-open

(644/0, 605/0, 605/0, 644/0 unit + 130/0 functional each).
2026-05-21 12:30:33 +03:00
dfdca61073 Merge branch 'master' into merge/upstream-full
All checks were successful
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 31s
CI Code / Linux (debian) (pull_request) Successful in 4m48s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m56s
CI Code / Code Coverage (pull_request) Successful in 7m0s
CI Code / Linux (arch) (pull_request) Successful in 10m5s
Bring in master commits since the previous merge:
- 4776c1f1e fix(ai): properly decode \uXXXX JSON escape sequences as UTF-8
- 53cdf488b fix(ai): resolve UAF and require provider argument instead of defaults
- 3b673150b chore(chatlog): disable background message file logging (stage 1)

Conflict in src/chatlog.c: master stubs out all chat_log_* function
bodies (project policy — disable plain-text per-day chatlogs), while
the upstream-merged version in this branch still had upstream's full
implementation. Taking master's version entirely keeps the no-op
chatlog API surface that the ~20 call sites in event/, otr/ and
profanity.c depend on.
2026-05-21 11:58:44 +03:00
49797acbde test(receipts): update caps ver hash for send_receipt_request fixture
Functional test stbbr fixture used the old Profanity caps verification
hash (hAkb1xZdJV9BQpgGNw8zG5Xsals=) for buddy1's simulated presence
and the corresponding disco#info reply. The current build computes
JNkIRQChhYM8+Co3IypmMtMJnOE= for the same identity+features set, so
align the fixture with what the running client now produces.
2026-05-21 11:50:11 +03:00
c0f8f1a0f1 fix(merge): drop leftover <<<<<<< HEAD marker in jid_is_valid
Some checks failed
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Linux (debian) (pull_request) Failing after 4m54s
CI Code / Linux (ubuntu) (pull_request) Failing after 5m6s
CI Code / Linux (arch) (pull_request) Failing after 5m49s
CI Code / Code Coverage (pull_request) Failing after 6m22s
My earlier merge-resolution Edit on src/xmpp/jid.c only covered the
=======/>>>>>>> half of the hunk and left an orphan <<<<<<< HEAD on
line 82 of jid_is_valid. CI caught it. Removed.
2026-05-18 12:01:32 +03:00
508de43da9 Merge branch 'master' into merge/upstream-full
Some checks failed
CI Code / Check spelling (pull_request) Successful in 17s
CI Code / Check coding style (pull_request) Successful in 31s
CI Code / Linux (debian) (pull_request) Failing after 39s
CI Code / Linux (ubuntu) (pull_request) Failing after 42s
CI Code / Linux (arch) (pull_request) Failing after 4m59s
CI Code / Code Coverage (pull_request) Failing after 4m48s
Resolve conflicts after master gained the flat-file database backend,
AI client, and other cproof-fork features:

- CHANGELOG: keep cproof-fork unreleased section atop full upstream
  history (0.17.0 / 0.16.0 / 0.15.1)
- src/command/cmd_ac.c: keep both upstream spellcheck AC and cproof
  /history switch|verify|export|import autocompletion
- src/config/preferences.c: merge upstream [spellcheck] group with the
  cproof [ai]/[ai/<provider>] groups
- src/database.c: take master (thin dispatcher); upstream SQLite
  improvements (v3 migration, auto_gchar) belong in database_sqlite.c
  and will land in a follow-up commit
- src/tools/autocomplete.c: take upstream unescape of search_str
- src/ui/statusbar.c: keep guint signatures (per project preference)
  and adapt _status_bar_draw_dbbackend to guint as well
- src/xmpp/jid.c: combine the new jid_is_valid/jid_is_valid_user_jid
  with the "(null)" legacy-placeholder guard in
  jid_create_from_bare_and_resource; use auto_gchar
- tests/functionaltests/proftest.c: keep unsigned-safe pre-check on
  output_len before subtracting OUTPUT_BUF_SIZE
- tests/unittests/unittests.c: keep upstream subdirectory include
  layout plus cproof-only test_ai_client/database_export/database_stress
- tests/unittests/test_jid.c: drop orphan top-level copy (the
  restructured version lives in tests/unittests/xmpp/test_jid.c)

Upstream is included up to 1ac05754b (release 0.18.0 era). Follow-up:
pull 1ac05754b..upstream/master (esp. 42a849d16 db migration fix and
4749645c7 receipt-request restore), and adapt the SQLite improvements
into database_sqlite.c.
2026-05-18 11:42:48 +03:00
a7ad9ac0a4 Revert build: enable -Wconversion/-Wsign-compare and add --enable-sanitizers
All checks were successful
CI Code / Check spelling (pull_request) Successful in 21s
CI Code / Check coding style (pull_request) Successful in 35s
CI Code / Code Coverage (pull_request) Successful in 2m50s
CI Code / Linux (debian) (pull_request) Successful in 4m19s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m32s
CI Code / Linux (arch) (pull_request) Successful in 5m4s
This reverts the configure.ac

Tracked as a TODO under issue #112.
2026-04-28 18:49:18 +03:00
145792ca7d Merge remote-tracking branch 'origin/master' into merge/upstream-full
# Conflicts:
#	configure.ac
2026-04-28 18:40:32 +03:00
60da899bd9 fix: address open PR #105 review comments (leaks + null safety)
All checks were successful
CI Code / Check spelling (pull_request) Successful in 20s
CI Code / Check coding style (pull_request) Successful in 38s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m36s
CI Code / Linux (arch) (pull_request) Successful in 4m42s
CI Code / Code Coverage (pull_request) Successful in 7m7s
CI Code / Linux (debian) (pull_request) Successful in 7m28s
- ui/window.c win_show_subwin (#1144): unconditional newpad without
  freeing the previous pad leaks the ncurses subwin if the function
  is invoked twice without an intervening win_hide_subwin. Added a
  delwin guard.
- omemo/omemo.c omemo_on_disconnect (#1126): hash tables and
  libsignal handles are destroyed unconditionally even when a full
  init never ran (e.g. shutdown after a failed load), and neither
  g_hash_table_destroy nor signal_*_destroy are documented as
  NULL-safe. NULL-check each handle before tearing it down.
- xmpp/roster_list.c (#1140 / #1141 / #1160): null the caller's
  pointer immediately after resource_destroy() so a stale reference
  cannot trigger a double-free; resource_destroy itself only zeroes
  the struct fields it owns and cannot reach back to the caller.
2026-04-28 17:19:20 +03:00
1e372f6fa8 fix(subprojects): point libstrophe.wrap at libstrophe-gh-mirror
All checks were successful
CI Code / Check spelling (pull_request) Successful in 22s
CI Code / Check coding style (pull_request) Successful in 36s
CI Code / Code Coverage (pull_request) Successful in 2m57s
CI Code / Linux (debian) (pull_request) Successful in 4m15s
CI Code / Linux (ubuntu) (pull_request) Successful in 4m40s
CI Code / Linux (arch) (pull_request) Successful in 10m13s
devs/libstrophe-gh is a static fork; -mirror is the live one.
2026-04-28 10:35:03 +03:00
9feff00ead refactor: clean narrowing conversions and harden unsigned arithmetic
Cleanup of the conversion-safety warnings exposed by enabling
-Wconversion / -Wsign-compare in the previous commit, plus guard
clauses at the few places where unsigned arithmetic could actually
misbehave.

Build:
- configure.ac drops -Wno-error=conversion and
  -Wno-error=float-conversion. Only -Wno-error=sign-conversion and
  -Wno-error=sign-compare remain, gating the ~230 sign warnings
  inherited from upstream that will be cleaned up in follow-ups.

Type / conversion fixes (no behaviour change):
- Length-like locals in command/cmd_ac.c, command/cmd_funcs.c,
  pgp/gpg.c, tools/autocomplete.c, tools/parser.c and ui/mucwin.c
  switched from int to size_t / glong (matching strlen /
  g_utf8_strlen return type) so we no longer need an (int) cast and
  loop counters / array sizes stay in their natural unsigned domain.
- g_timer_elapsed / GTimeSpan -> int casts in session.c, iq.c,
  core.c, server_events.c, window.c.
- _win_print_wrapped: indent parameter and local curx/maxx switched
  from size_t to int to match _win_indent / getcurx / getmaxx.
- Port casts (int -> unsigned short) at the libstrophe boundary in
  connection.c and session.c, each preceded by
  g_assert(port >= 0 && port <= UINT16_MAX) so the truncation is
  documented at the call-site.
- curl_off_t / fread size_t results cast at usage in http_upload.c,
  http_download.c, omemo/crypto.c.
- strtoul results cast to uint32_t in xmpp/omemo.c and omemo/omemo.c
  where device/prekey IDs are genuinely 32-bit.
- config/color.c: fg/bg/palette indices switched to `short`
  end-to-end (find_col, color_hash, find_closest_col,
  _color_pair_cache_get, cache.pairs), so the ncurses init_pair
  boundary needs at most one (short)i cast for the cache index. Also
  TODO-noted: init_extended_pair is needed for >15-bit palettes.
- xmpp/avatar.c: float arithmetic explicitly casts its int operands.
- tests/functionaltests/proftest.c: read() result handling uses
  size_t for the accumulator, _read_output returns ssize_t, and the
  buffer-shift check happens before space subtraction so the
  expression cannot underflow.

Real-risk guard clauses (the part that actually fixes bugs):
- src/ui/statusbar.c _tabs_width: `end > opened_tabs - 1` rewritten
  as `end < opened_tabs` so opened_tabs == 0 no longer underflows.
- src/ui/statusbar.c _status_bar_draw_extended_tabs: the mirror
  comparison rewritten as `end >= opened_tabs`.
- src/ui/statusbar.c status_bar_draw: replaced
  `MAX(0, getmaxx - (int)_tabs_width)` with an explicit precheck
  before subtraction.
- src/omemo/omemo.c prekey selection: prekey_index is now uint32_t
  and randomized into an unsigned buffer, so modulo with prekeys_len
  cannot yield a negative index for g_list_nth_data.
- src/omemo/crypto.c omemo_decrypt_func: PKCS#5/PKCS#7 unpadding
  reads `plaintext[plaintext_len - 1]`, which would underflow on a
  malformed empty ciphertext and read past the heap buffer. Reject
  plaintext_len == 0 before the padding peek and validate the
  padding byte against the buffer length before the unpad loop.
  Initialise plaintext = NULL so the early `goto out` cannot free
  uninitialised memory.
- src/ui/inputwin.c (4 mbrlen sites) and src/ui/window.c
  _win_print_wrapped: mbrlen() returns 0 for the null wide
  character. The existing checks rejected (size_t)-1 / -2 but
  treated 0 as a valid step, so the surrounding loops would either
  advance by SIZE_MAX (i += ch_len - 1) or spin in place
  (word_pos += 0 forever). Add `|| ch_len == 0` to each guard;
  inside the spell-check word-emission loop also fall back to a
  one-byte advance.
- Defensive `len > 0 ? len - 1 : 0` prechecks at the strlen-based
  g_strndup / loop sites in ui/console.c, plugins/c_api.c and
  plugins/python_plugins.c.
2026-04-28 10:24:52 +03:00
5459e78e82 build: enable -Wconversion/-Wsign-compare and add --enable-sanitizers
Turn on the stricter conversion-safety warnings and wire in an optional
sanitizer build mode. Nothing is promoted to a hard error yet: the
warnings become part of the build output and can be cleaned up
incrementally without blocking development.

- Drop -Wno-sign-compare and add -Wsign-compare + -Wconversion to the
  GCC-specific warnings loop (probed for compiler support).
- Add --enable-sanitizers flag that enables ASan + UBSan +
  -fsanitize=unsigned-integer-overflow with -fno-sanitize-recover=all.
  Off by default; intended for a dedicated CI job.
- Under PACKAGE_STATUS=development (-Werror), opt out of turning the
  new conversion/sign-compare warnings into hard errors via
  -Wno-error=sign-conversion/-conversion/-float-conversion/-sign-compare.
  Existing codebase has ~240 sign-conversion, ~87 other narrowing and a
  handful of sign-compare warnings (mostly inherited from upstream);
  they stay visible but don't block development builds.
- Route glib/gio CFLAGS through -isystem so macros like
  GPOINTER_TO_UINT in glibconfig.h don't generate noise.
2026-04-24 16:01:17 +03:00
c815c39cdd ci: fix Valgrind startup failure on Arch via DEBUGINFOD_URLS
All checks were successful
CI Code / Check spelling (pull_request) Successful in 22s
CI Code / Check coding style (pull_request) Successful in 33s
CI Code / Linux (debian) (pull_request) Successful in 6m54s
CI Code / Linux (ubuntu) (pull_request) Successful in 7m4s
CI Code / Code Coverage (pull_request) Successful in 6m49s
CI Code / Linux (arch) (pull_request) Successful in 8m46s
Arch Linux ships a stripped ld-linux-x86-64.so.2, so Valgrind cannot
find the memcmp/memcpy/strlen symbols it must redirect and exits at
startup with "Fatal error at startup: a function redirection which is
mandatory for this platform-tool combination cannot be set up".

debuginfod is already installed in the image but was never wired up.
Set DEBUGINFOD_URLS to the official Arch debuginfod server so Valgrind
fetches the missing glibc debug symbols on demand and caches them.
2026-04-24 15:41:44 +03:00
4401e817d0 refactor: address PR #105 review feedback
Some checks failed
CI Code / Check spelling (pull_request) Successful in 21s
CI Code / Check coding style (pull_request) Successful in 35s
CI Code / Linux (arch) (pull_request) Failing after 2m52s
CI Code / Code Coverage (pull_request) Successful in 2m56s
CI Code / Linux (debian) (pull_request) Successful in 6m48s
CI Code / Linux (ubuntu) (pull_request) Successful in 7m11s
Apply fixes, refactors and test additions requested by reviewer on PR #105.

Fixes:
- database: warn and notify user on duplicate archive_id instead of
  silently debug-logging it (R05).
- database: add missing '[' in "[DB Migration]" log prefix (R06).
- xmpp/resource: NULL-out name/status after g_free to avoid double-free
  via roster_list.c cleanup path (R09, R23).
- common: widen strtoi_range internal storage from int to long so that
  values in (INT_MAX, LONG_MAX] are rejected as out-of-range instead of
  being silently truncated on 64-bit platforms (R25).

Refactors:
- xmpp/message: extract _receive_omemo helper, removing three copies of
  the OMEMO receive block in groupchat / MUC-PM / chat handlers (R04).
- omemo: flatten deeply nested device-list processing via guard-clause
  continues (R11).
- tools/autocomplete: merge two nested ifs into a single && condition
  (R13).
- ui/titlebar: extract _show_trust_indicator and inline _wprintw_withattr
  wrapper, collapsing three near-identical trust-indicator blocks (R22).
- config/tlscerts: drop _checked_g_strdup wrapper; g_strdup is
  NULL-safe per glib documentation (R19).
- ui/inputwin: use auto_gchar for spellcheck word instead of manual
  g_free (R20).
- tools/editor: drop outdated "Deprecated synchronous" comment that
  no longer matches the callback-based implementation (R28).

Tests:
- tests/command/cmd_ac: rename segfaults_when_empty ->
  no_segfault_when_empty; expand cycling coverage to three files plus
  backward SHIFT-TAB traversal (R16, R17).
- tests/common: add strtoi_range overflow/underflow and strtol-parsing
  consistency tests (R25).
- tests/xmpp/jid: add test for '@' inside resourcepart per RFC 6122
  section 2.4 (R26).

Misc:
- xmpp/omemo: change omemo_error_to_string return type from char* to
  gchar* for glib consistency (R01).
- subprojects/libstrophe: point wrap-git at our fork at
  git.jabber.space/devs/libstrophe-gh (R24).
- RELEASE_GUIDE: drop "Updating website" section referring to an
  upstream site that is not ours (R18).
2026-04-24 15:13:38 +03:00
a5fe32b245 Merge remote-tracking branch 'upstream/master' into merge/upstream-full
# Conflicts:
#	CONTRIBUTING.md
#	src/profanity.c
#	src/tools/editor.c
2026-04-18 12:26:52 +03:00
Michael Vetter
3af4e9acb8 Merge pull request #2153 from bkmgit/doc-spellcheck
doc: Explain how to enable spell checking
2026-04-16 13:22:17 +02:00
Michael Vetter
064149cf0e Merge pull request #2155 from bkmgit/update-release-guide
docs: XEP list does not need to be updated manually on a release
2026-04-16 13:21:45 +02:00
Benson Muite
5b75bc26c8 docs: XEP list does not need to be updated manually on a release
Updated tooling builds supported XEP list from profanity.doap file
The profanity.doap file is a git submodule in the website repository.
It is used as an input to create the supported XEPs webpage.
3cd439d172

Fixes: #2154
Signed-off-by: Benson Muite <benson_muite@emailplus.org>
2026-04-16 09:35:23 +03:00
Benson Muite
31bb9ab514 docs: Explain how to enable spell checking
Fixes: #2152
Signed-off-by: Benson Muite <benson_muite@emailplus.org>
2026-04-16 09:29:43 +03:00
Michael Vetter
49240083b0 Merge pull request #2151 from profanity-im/issue
chore: Explain how to get a backtrace
2026-04-13 21:29:09 +02:00
Michael Vetter
dbc739bcc5 chore: Mention omemo backend in issue template as well
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-13 21:27:37 +02:00
Michael Vetter
741777d2c7 chore: Explain how to add a backtrace in issue template
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-13 21:27:32 +02:00
Michael Vetter
c071d6cf84 Merge pull request #2150 from profanity-im/fix/2148
fix: resolve issues with async editor
2026-04-12 22:55:57 +02:00
Michael Vetter
b17ed21b16 fix: Fix connect with empty resource
We recently made the jid validation and creation functions more strict.
So this is a sideffect of it. We need to use `jid_fulljid_or_barejid`
instead of jidp->fulljid here since it now treats just the barejid not
as a fulljid.

Ref: 09757da5df
Ref: f251cc8bb3
Ref: fa64b135df
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-12 19:25:53 +02:00
Michael Vetter
dd76f9087f fix: resolve issues with async editor
If we build Profanity without GTK we dont iterate the context so we will
never know when the editor exited. Calling `g_main_context_iteration()`
or finally switching to GMainLoop fixes this.
So far calling `tray_update()` does this for us in GTK builds.
So this went unnoticed.

The editor will inherit ignored signal handlers (SIGINT, SIGTSTP, SIGPIPE)
from us. Neovim uses libuv which seems to check SIGINT on startup to
determine whether the environment is interactive or not.
We now reset these signals to SIG_DFL in the child process before execvp.

Profanity uses readline which still competed for terminal input with the
editor. We only took care about other Profanity UI processes in our
previous commit. This led to misordered characters in the editor.

In my tests with vim everything worked fine and these bugs were
discovered when a user used neovim.

Fixes: https://github.com/profanity-im/profanity/issues/2148
Ref: 36ec2b0ae1
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-11 23:45:36 +02:00
4319172758 Merge upstream/master into merge/upstream-full
All checks were successful
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Check spelling (pull_request) Successful in 15s
CI Code / Linux (debian) (pull_request) Successful in 6m43s
CI Code / Linux (ubuntu) (pull_request) Successful in 6m49s
CI Code / Linux (arch) (pull_request) Successful in 8m52s
CI Code / Code Coverage (pull_request) Successful in 7m19s
Merge profanity-im/profanity master (373 commits) into cproof fork.

Source changes (manual merge):
- src/command/: cmd_defs, cmd_funcs, cmd_ac — upstream g_new0, auto_gchar,
  launch_editor callback; keep our XEP-0308 LMC, force-encryption, CWE-134
- src/config/: preferences, tlscerts, account — upstream UNIQUE dedup,
  dynamic pad capacity; keep our db_history_result_t, scroll logic
- src/database.*: upstream g_new0 memory mgmt; keep our return types,
  add null-check fix for msg->timestamp
- src/omemo/, src/pgp/: upstream _gpgme_key_get_email, g_new0;
  keep our replace_id in omemo_on_message_send
- src/tools/: editor, http_upload, bookmark_ignore — upstream launch_editor
  callback API
- src/ui/: console, window, chatwin, mucwin, inputwin, buffer —
  upstream win_warn_needed/sent dedup, PAD_MIN_HEIGHT dynamic pads;
  keep our y_start_pos scroll, _truncate_datetime_suffix
- src/xmpp/: message, stanza, presence, roster_list, iq, session —
  upstream connection_get_available_resources; keep our LMC stanza logic
- src/common.c: fix format-security (cons_show)

Build system:
- Makefile.am: updated test paths to subdirectory structure, added
  test_cmd_ac, test_forced_encryption
- Restored autotools files deleted by upstream meson migration:
  bootstrap.sh, autogen.sh, m4/ax_valgrind_check.m4, configure-debug

Tests:
- Unit tests: upstream unittests.c base + our forced_encryption tests
  (482 passed, 0 failed across all 4 configurations)
- Functional tests: kept our version (93 passed, 0 failed)
  upstream version requires stbbr_for_xmlns not yet in our stabber fork
- Updated test stubs: stub_xmpp.c, stub_omemo.c from upstream

Compile fixes:
- src/common.c: cons_show(errmsg) -> cons_show("%s", errmsg)
- src/database.c: null-check before msg->timestamp access
- src/ui/console.c: size_t -> (int) cast for format width
- src/config/tlscerts.c: %d -> %zu for size_t
2026-04-11 13:44:50 +03:00
Michael Vetter
89fce43c07 Start new cycle
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-10 18:30:57 +02:00
Michael Vetter
56443dccd4 Release 0.18.0
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-10 18:29:41 +02:00
Michael Vetter
1ac05754be Merge pull request #2147 from balejk/omemo-heartbeats-fix
omemo: ignore key contents if there is no payload
2026-04-09 14:08:06 +02:00
Karel Balej
1458b09e27 fix(omemo): ignore key contents if there is no payload
For key transport messages, Monal at least doesn't append the
authentication tag to the plaintext key contents as that only makes
sense if the key was used to encrypt something. This causes the key
length check to fail and show the

	OMEMO message received but decryption failed.

error to the user which is confusing because there is no user-originated
message involved.

Skip the length check for key transport messages as profanity only uses
these to advance the ratchet and makes no use of the decrypted contents.

Signed-off-by: Karel Balej <balejk@matfyz.cz>
2026-04-09 09:52:10 +02:00
Michael Vetter
95eb1ef8e7 Merge pull request #2146 from profanity-im/wip
Misc improvements
2026-04-03 10:21:15 +02:00
Michael Vetter
4be8ec47fe docs: Add section about sanitizers to contributing.md
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-03 10:19:40 +02:00
Michael Vetter
27cb926061 ci: remove ASan from Valgrind check
ASan and Valgrind both intercept memory allocations and management at
runtime. Running them simultaneously might lead to conflicts in memory
tracking.

This change ensures that during the Valgrind phase of the build matrix,
only Valgrind is responsible for memory analysis, avoiding redundant
overhead and ensuring more reliable results.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-03 10:03:03 +02:00
Michael Vetter
8af80a7ad5 ci: Run functional tests in CI
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-03 09:31:30 +02:00
Michael Vetter
6a7262f2b0 ci: Add CodeQL
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-03 09:22:04 +02:00
Michael Vetter
35bf9df0a9 refactor: Make Launching the editor more robust
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-03 08:40:14 +02:00
Michael Vetter
a643fd87cc docs: Remove autotools leftover from CONTRIBUTING.md
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-03 08:33:59 +02:00
Michael Vetter
2ad3bff8f0 docs: Add eval_password example
And show how to escape whitespaces.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-03 08:32:31 +02:00
Michael Vetter
c0f96e9b60 Merge pull request #2145 from profanity-im/fix/2143
fix: restore TTY access for eval_password commands
2026-04-02 23:18:07 +02:00
Michael Vetter
196d3c3783 cleanup: Cleanup gitignore
Remove IDE specific entries, they belong in the global conf of the user.
Remove autotools specific files.

Ref: bc777c56b2
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-02 23:16:51 +02:00
Michael Vetter
c3718e3ae7 cleanup: Remove unused variable
This was forgotten in a refactor commit.

Ref: c43c9567df
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-02 22:47:26 +02:00
Michael Vetter
36ec2b0ae1 feat: implement asynchronous external editor support
Move from blocking fork/wait logic to nonblocking fork and
g_child_watch_add.

This ensures that the Profanity main loop continues to run while an
external editor is open. So we don't loose connection and react to
pings.

We change editor handling also in vcard and muc subject editing.
In the new implementation we are launching the editor and passing a
callback which we will use once the editor exited.

We use the recently added ui_susped() and ui_resume().

To not clutter the UI we need to check whether Profanity UI is suspended
and omit drawing in this case.

Fixes: https://github.com/profanity-im/profanity/issues/1888
Ref: 9b112904a9bc7250dc013d901187ca8622580d98
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-02 22:47:26 +02:00
Michael Vetter
fc66ddc2c1 refactor: Use helper functions in vcard related code
There was way too much repetition here.
This is in preparation for future changes regarding the editor.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-02 22:47:26 +02:00
Michael Vetter
8675f7be0c fix: Fix removal of entries in account file
Commit 81f92f1fe introduced a selective update mechanism to
_accounts_save() to prevent overwrites when running multiple instances
by only modifying the specific account being saved.

Commit 5c484c fixed a problem with that commit regarding empty accounts.

It turns there was another bug introduced:
The new implementation only set the keys that existed in memory.
So removal of keys was not possible anymore.

Fixes: 81f92f1fed
Ref: 5c484c26ed
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-02 22:47:22 +02:00
Michael Vetter
c9a3823f13 fix: restore TTY access for eval_password commands
Replace g_spawn_command_line_sync with g_spawn_sync with the
G_SPAWN_CHILD_INHERITS_STDIN flag.
This is actually needed to so that interactive commands can access the
terminal.
Otherwise they cannot ask the user for the passphrase.

Ref: f5787fb31f
Fixes: https://github.com/profanity-im/profanity/issues/2143
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-02 16:38:34 +02:00
Michael Vetter
c49ee8d415 Merge pull request #2144 from profanity-im/fix/2124
fix: Fix crash when loading MAM for a contact with empty db
2026-04-02 16:12:27 +02:00
Michael Vetter
14c0c38acd fix: Fix crash when loading MAM for a contact with empty db
I think this bug happens when a user scrolls up a window, triggering
iq_mam_request_older() to load older history, in the case when the
database is empty for that contact.

The initial MAM fetch is triggered when the window is opened which
should get the latest history.

Fixes: https://github.com/profanity-im/profanity/issues/2142
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-04-02 13:37:49 +02:00
Michael Vetter
b56498adcb Merge pull request #2139 from profanity-im/fix/1844
Improve autocompleter and command parsing in relation to quoting
2026-04-02 12:31:58 +02:00
Michael Vetter
923dfea71e Merge pull request #2136 from profanity-im/db-dup
refactor(database): enforce unique archive_id for reliable deduplication
2026-04-02 12:31:26 +02:00
Michael Vetter
37463c0e43 Merge pull request #2141 from paulfertser/allow_libstrophe_as_subproject
chore: support building libstrophe as a subproject
2026-04-02 12:22:02 +02:00
Michael Vetter
dfe79038d4 Merge pull request #2140 from profanity-im/fix/1420
fix: handle X11 connection loss gracefully
2026-04-02 12:21:09 +02:00
Paul Fertser
5670ccb2b1 chore: support building libstrophe as a subproject
Allow building the latest libstrophe from upstream Git automatically when
-Dforce_fallback_for=libstrophe is passed.

Default to find and link against system-provided libstrophe stays the same.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
2026-04-02 13:07:04 +03:00
Michael Vetter
8eac31e5e1 fix: handle X11 connection loss gracefully
Use XSetIOErrorExitHandler on X11 to detect connection loss and
disable GTK features (tray, clipboard, notifications).

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Co-authored-by: Paul Fertser <fercerpav@gmail.com>
2026-04-01 23:14:46 +02:00
Michael Vetter
c43c9567df refactor(database): use ON CONFLICT for deduplication
Replace 'INSERT OR IGNORE' with 'INSERT ... ON CONFLICT(`archive_id`) DO
NOTHING RETURNING id'. This is only available since sqlite 3.35.0.
So deduplication only happens for `archive_id` and we don't silently
ignore other errors or constraints (like not null).

We can now detect if an insertion was skipped due to duplication by
checking the result of 'RETURNING id'.

We don't print out when we don't insert duplicated messages since this
will happen often and will be too noisy. So we match the behaviour of
what Dino is doing.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-31 15:27:33 +02:00
Michael Vetter
df1f1e5ef1 fix: ensure consistent unescaping and space handling
Unescape any character following a backslash. This fixes autocompletion
for names with escaped spaces.
For example: `/msg Thor\ Odinson hello`

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-30 18:33:59 +02:00
Michael Vetter
3997f34e5a Merge pull request #2137 from profanity-im/omemo-prekey
fix(omemo): standardize PreKey management to prevent decryption failures
2026-03-30 10:54:56 +02:00
Michael Vetter
bda5b0f844 fix(tools): implement backslash escaping for contact names
Implement backslash based escaping in the command parser and autocompletion
logic to handle contact names containing double quotes.
This stops the parser from splitting nicknames into multiple tokens, which
previously caused "Invalid usage" errors.

The parser now sees \ as an escape character for quotes and spaces in
_parse_args_helper, count_tokens and get_start. Autocomplete results are
escaped when they contain spaces, and search prefixes are unescaped before
matching. strip_arg_quotes() has also been updated to handle unescaping.

Fixes: https://github.com/profanity-im/profanity/issues/1844
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-29 00:15:23 +01:00
Michael Vetter
9b2f96fb45 chore: Update information on XEP-0077
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-28 00:49:22 +01:00
Michael Vetter
91e536b02d chore: Fix release years in doap file
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-28 00:49:19 +01:00
Michael Vetter
816617672e ci: Rename and sort Ci jobs
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-28 00:11:16 +01:00
Michael Vetter
247c44be30 fix(xmpp): verify 'by' attribute of stanza-id and MAM result
Implement security checks to ensure the 'archive_id' (XEP-0359) used
for database deduplication originates from a trusted source.

XEP-0359 Section 3.1: "The 'by' attribute MUST be the XMPP
address (JID) of the entity assigning the unique and stable stanza ID."
Furthermore, Section 4 (Security Considerations) specifies: "A client
SHOULD only trust <stanza-id/> elements from its own server or from
a MUC service it is joined to."

XEP-0313 Section 4.1.2: "The 'by' attribute of the <result/> element is
the JID of the archive being queried." and "If the 'by' attribute is not
present, the recipient MUST assume that the results are from their own
personal archive."

Let _handle_chat verify <stanza-id/> 'by' attribute matches our bare JID.
Let _handle_groupchat verify <stanza-id/> 'by' attribute matches the MUC
s bare JID.
Let _handle_mam verify the <result/> 'by' attribute matches the outer
message 'from' (archive JID). If 'by' is missing then 'from' matches our
own bare JID (personal archive).

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-27 23:57:59 +01:00
Michael Vetter
64fcdfaa0f refactor(database): enforce unique archive_id for reliable deduplication
Implement a UNIQUE constraint on the archive_id column (XEP-0359 stanza-id)
to prevent duplicate messages in the chat log. This addresses problems where
the same message could be stored multiple times if received via both MAM
and regular.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-27 23:25:54 +01:00
Michael Vetter
68085f014f fix(omemo): standardize PreKey management to prevent decryption failures
Standardize how PreKeys are handled during OMEMO message reception to
align with XEP-0384 best practices.

Previously Profanity replaced a consumed PreKey by generating a new
one with the same ID. This behavior could lead to decryption failures if
multiple senders attempted to use the same PreKey ID before the client
could successfully update its bundle on the server.

Remove consumed PreKeys from the local store.
New PreKeys are generated in batches (100) when the local supply runs
low (< 10).
Republish OMEMO bundle after replenishment.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-27 23:21:03 +01:00
Michael Vetter
259caea9c8 Merge pull request #2134 from profanity-im/feat/noautotools
feat: Remove autotools and adapt docu and scripts
2026-03-27 22:42:24 +01:00
Michael Vetter
ca156d58a2 Merge pull request #2135 from GunniBusch/feat/add-macos-homebrew-ci
ci: add macOS Homebrew CI
2026-03-27 22:40:42 +01:00
Leon Adomaitis
189f682518 ci: add macOS Homebrew CI
Signed-off-by: Leon Adomaitis <leon@adomaitis.de>
2026-03-27 22:24:36 +01:00
Michael Vetter
1d646a1afe ci: Let Debian build only with libomemo-c
So we can test if it works if libsignal isn't even installed on the
system.

Ref: 9a501e6ecd
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-27 21:58:38 +01:00
Michael Vetter
e169aa1426 ci: Set compiler path for Cygwin
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-27 21:58:34 +01:00
Michael Vetter
f5b7cdecb5 ci: Add libasan and libubsan to Fedora image
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-27 21:48:02 +01:00
Michael Vetter
c695b3a7b0 ci: Require gtk3-devel instead of gtk2-devel
Ref: 01c9a51c70
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-27 21:39:56 +01:00
Michael Vetter
bc777c56b2 feat: Remove autotools and adapt docu and scripts
We will only use Meson from now on.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-27 21:33:44 +01:00
Michael Vetter
84e6eeae92 Merge pull request #2132 from profanity-im/feat/spellcheck
Add spellchecking
2026-03-27 14:32:01 +01:00
Michael Vetter
5e8987274f chore: Update RELEASE_GUIDE.md
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-27 10:01:02 +01:00
Michael Vetter
0dbc18cd7e Merge pull request #2133 from GunniBusch/fix/omemo-libary
fix(omemo): add missing includes for libomemo-c builds
2026-03-27 08:12:56 +01:00
Leon Adomaitis
9a501e6ecd fix(omemo): add missing includes for libomemo-c builds
Signed-off-by: Leon Adomaitis <leon@adomaitis.de>
2026-03-27 02:34:26 +01:00
Michael Vetter
ed2fdf88ac feat: Add /spellcheck list command
To list all available dictionaries.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-26 23:34:13 +01:00
Michael Vetter
4922366366 feat: add spellcheck highlighting support
Introduce optional spellcheck highlighting in the input window using
the Enchant-2 library.

```
/spellcheck on
/spellcheck lang en_US
```

New theme color `input.misspelled`.

Fixes: https://github.com/profanity-im/profanity/issues/183
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-26 23:34:06 +01:00
Michael Vetter
88b80c33ef chore: Fix old spelling mistakes
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-26 12:45:07 +01:00
Michael Vetter
9be249e63c Start new cycle
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-26 12:21:43 +01:00
Michael Vetter
d99db450c5 Release 0.17.0
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-26 12:17:31 +01:00
Michael Vetter
24f7d16390 chore: Properly exclude directories
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-26 12:17:31 +01:00
Michael Vetter
25d2cb0120 fix: Check for necessary pointers in omemo_receive_message
Static analyzer hilighted this.

Ref: e39ffd981
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-26 11:41:20 +01:00
Michael Vetter
64b77ab493 tests: Check for binary before starting functional tests
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-26 11:28:26 +01:00
Michael Vetter
6ce6383b26 chore: Make meson doublecheck only available if the script exists
We won't have it in the distribution tarballs.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-26 10:25:25 +01:00
Michael Vetter
b83003ff76 Merge pull request #2131 from profanity-im/fix/dl
Improve (encrypted) file downloads
2026-03-26 10:21:17 +01:00
Michael Vetter
63af72773c feat: Implement color coded status messages for file transfers
Introduce meaningful color feedback for background tasks like file
downloads and uploads. Progress is displayed in a neutral color,
while successful completions turn green and failures turn red.

We reuse the existing THEME colors for now.

Add new UI flags ENTRY_COMPLETED and ENTRY_ERROR to
the buffer entry system. So we don't misuse delivery receipts anymore.

Fixes: https://github.com/profanity-im/profanity/issues/1758
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-25 17:40:10 +01:00
Michael Vetter
a9ef000328 fix: Improve status reporting and filename handling for /url save
Use the original aesgcm:// URL when downloading OMEMO downloads.  Then
in the final message use the decrypted file destination instead of the
internal temporary path.

Use the unique download ID instead of the URL for message updates to
have proper progress reporting.

Unify the final transfer status to "done" across both downloads and
uploads.

Fixes: https://github.com/profanity-im/profanity/issues/1939
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-24 22:37:54 +01:00
Michael Vetter
050096c21e Merge pull request #2130 from profanity-im/fix/omemo-false-cannot-decrypt-msg
Fix incorrect omemo decryption error for Key Transport Messages
2026-03-22 17:59:09 +01:00
Michael Vetter
a824b26008 refactor: improve key transport message handling and deduplicate errors
Centralize heartbeat detection and have a function for error to string
mapping. So we don't need the same code in multiple handlers.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-22 17:42:08 +01:00
Michael Vetter
e4bfda2f8a fix: Incorrect omemo decryption error for Key Transport Messages
Correctly handle OMEMO stanzas that contain a <header> but no <payload>.
These "Key Transport Messages" (heartbeats) are used by some clients
for session maintenance and establishing trust.

Ref: a2726b6a7 made the <payload> element mandatory in the parser.
Ref: 4d49c2b74 the bug became user-visible.

Fixes: https://github.com/profanity-im/profanity/issues/2129
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-22 17:41:57 +01:00
Michael Vetter
a85a33e397 chore: Add linter file to be ignored upon export 2026-03-21 01:10:48 +01:00
Michael Vetter
287b466e3c Merge pull request #2128 from profanity-im/tooling
Improve tooling for development and maintenance
2026-03-21 01:07:05 +01:00
Michael Vetter
a8c7850a97 chore: Unify build configuration script into one
Earlier ci/meson-build.sh and ci/ci-build.sh.
The latter we then renamed to the more descriptive build-configuration-matrix.sh.

Both scripts are doing the same thing but for different build systems.
So lets merge them together.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-21 01:05:16 +01:00
Michael Vetter
beef714a30 ci: Add linter to make sure all commits are DCO signed
Mentioned in the CONTRIBUTING.md as well.
Let's enforce it.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-21 01:05:16 +01:00
Michael Vetter
9407eb958d ci: Add linter to make sure we use Conventional Commits
This will make it easier for us to write Changelogs for example.
See https://www.conventionalcommits.org/en/v1.0.0.
Also mentioned in the CONTRIBUTING.md

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-21 01:05:11 +01:00
Michael Vetter
d808b88b55 chore: Add README explaining the purpose and usage of helper scripts
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-21 01:02:48 +01:00
Michael Vetter
a786ba3564 chore: Add changelog-helper script
Since we now use Conventional Commits we can create our Changelog
semi-automatically.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-21 01:02:36 +01:00
Michael Vetter
4347af833a chore: Use more descriptive names for helper scripts
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-21 00:18:52 +01:00
Michael Vetter
53a980cdd3 Merge pull request #2122 from profanity-im/fix-2045
feat(ui): implement dynamic pad resizing
2026-03-21 00:00:06 +01:00
Michael Vetter
98fc8b6110 Merge pull request #2127 from profanity-im/fix/2084
fix: allow adding own JID to roster
2026-03-20 23:59:04 +01:00
Michael Vetter
4c731f5241 fix: allow adding own JID to roster
Enable adding oneself to the roster.

Self subscriptions are implicit according to XEP-0060 / XEP-0163.
So we adapt the /sub command to handle this gracefully by just printing
an informative message.

Profanitys logic didn't handle own presence/when adding to roster
correctly. This got fixed now.

Fixes: https://github.com/profanity-im/profanity/issues/2084

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-20 23:48:00 +01:00
Michael Vetter
bbdd5e176a Merge pull request #2126 from profanity-im/fix/2125
fix(ui): Fix custom outgoing stamp and fix stamp command help
2026-03-20 22:15:33 +01:00
Michael Vetter
9035af95cb feat: Add command autocompletion for /stamp
Ref: 2c003dd2
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-20 16:23:46 +01:00
Michael Vetter
b0a89530f2 fix(ui): Fix custom outgoing stamp and fix stamp command help
Replace the hardcoded "me" stamp for outgoing messages that are
sometimes used with the value from PREF_OUTGOING_STAMP.

It was never implemented in all code paths. Like with receipts for
example.

Additionally fix the confusing description and variable names.

Ref: 2c003dd2 (Add /stamp feature)
Ref: 3a4cd7da (Broke the variables)
Fixes: https://github.com/profanity-im/profanity/issues/2125
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-20 16:23:41 +01:00
Michael Vetter
c3fbb89a7a Merge pull request #2123 from profanity-im/ci
ci: Cleanup and improve CI jobs
2026-03-20 15:09:31 +01:00
Michael Vetter
540d9e686c ci: Don't run functional tests in CI yet
Disable the functional tests in the case of meson as well.
They don't seem to work in the CI or take too long.
This needs further investigation. For now let's run them locally and
before each release.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-20 14:22:26 +01:00
Michael Vetter
c7834e022b chore: Require DCO from now on
Explain the how and why in CONTRIBUTING.md

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
2026-03-20 14:16:46 +01:00
Michael Vetter
3b988f6790 build: add .gitattributes to exclude development files from exports
This will result in smaller and cleaner tarballs for distributions to use.

Additionally it is a logical step towards moving fully to the Meson build system.
While the last release provided two tarballs (one generated with
Autotools and one with Meson), the next release will only provide a
Meson-generated tarball.

These attributes are respected by `git archive` and `meson dist` which
means they will take effect for the Meson generated tarballs and the
GitHub autogenerated tarballs as well.

As a consequence of switching to `meson dist`, pre-generated files like
`configure` will no longer be included in the tarballs. Users and
distributions that still wish to use the Autotools build system from
these tarballs will now need to run `./bootstrap.sh` or `autoreconf -fi`
themselves, which requires automake, autoconf, and libtool to be
installed.

Since many distributions are slowly dropping the usage of vendor
generated tarballs and are moving to checking out git tags this should
not be a problem.
Arch Linux is for example doing
`source=("git+https://github.com/user/project.git#tag=v1.2.3")` and
Debian has the `git-buildpackage` too. So both of them require require
autoreconf already.

Autotools support might be removed entirely in a future
release since I find them much easier to edit and maintain.
2026-03-20 14:03:52 +01:00
Michael Vetter
24335c657c ci: Sort jobs and names in a better way
Instead of:

```
CI / Check coding style
CI / Check spelling
CI / debian | Autotools | unit | signal
CI / debian | Meson | unit+func | libomemo
CI / debian | Meson | unit+func | signal
CI / fedora | Autotools | unit | signal
CI / ubuntu | Autotools | unit | signal
Cygwin / cygwin-build
```

We will sort them into "Style", "Linux" and "Cygwin".
2026-03-20 13:14:02 +01:00
Michael Vetter
551aea683a ci: Only print log file if we find it 2026-03-20 12:47:39 +01:00
Michael Vetter
2d7426fb2f fix: Fix rare memleak
Triggered by unit tests. In Profanity itself the situation is probably
rarely happening. We would have to disconnect/exit after receiving
presence but before the roster arrives.
2026-03-20 12:47:39 +01:00
Michael Vetter
4417ec453a chore: Update valgrind suppression file
Locally valgrind is quiet. But on CI valgrind complains. This is due to
an older valgrind version which doesn't handle AVX2-optimized strings
properly. So we need to add it to the suppression file.
2026-03-20 12:47:36 +01:00
Michael Vetter
3596e4c263 ci: Run functional tests only in the case of meson
Remove stabber from Dockerfiles were we only build with autotools.
2026-03-20 12:45:40 +01:00
Michael Vetter
f778e3e093 build(autotools): Add --enable-functional-tests switch 2026-03-20 12:45:40 +01:00
Michael Vetter
45ddbe94e8 ci: Make CI more informative
Have a better overview, we are interested in which tests are run, which
distro, which build system and which omemo backend.

debian | Autotools | unit+func | signal
debian | Meson | unit+func | signal
debian | Meson | unit+func | libomemo
fedora | Autotools | unit+func | signal
ubuntu | Autotools | unit+func | signal
2026-03-20 12:34:39 +01:00
Michael Vetter
9904c05841 Merge pull request #2124 from profanity-im/fix-2083
Check connection state before accepting command.
2026-03-20 10:44:32 +01:00
Steffen Jaeckel
613df86450 Check connection state before accepting command.
Prevent `/register` and `/reconnect` if connection is not in correct state.

Fixes: https://github.com/profanity-im/profanity/issues/2083
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2026-03-20 09:23:41 +01:00
Michael Vetter
8548dfca96 ci: Move CI related files into own directory 2026-03-20 08:36:17 +01:00
Michael Vetter
180ee651a5 ci: Remove OpenBSD
There once was OpenBSD CI from sr.ht sponsored by wstrm.
It's not available since a log time. So let's drop it.
2026-03-20 08:23:18 +01:00
Michael Vetter
b53ec23778 ci: Remove Brewfile
a4cbf3e4 removed macOS from the CI.
We couldn't get it to build and no community member stepped up.
So let's remove this file now as well.
2026-03-20 08:21:52 +01:00
Michael Vetter
3e16ae1def feat(ui): implement dynamic pad resizing
The ncurses pad used for rendering window history had a fixed height of 100
lines, which caused "Ncurses Overflow!" errors and broke scrolling once
the content exceeded this limit.

This commit replaces the fixed limit with a dynamic resizing strategy.
We use a minimum height of 100 lines.
If a pad reaches its threshold of 3000 lines, a full redraw is triggered
to reclaim space from discarded messages and reset the pad height.
Pads are shrunk back to the minimum height during every redraw to
minimize memory usage for inactive windows.

Message history should always be smoothly scrollable now.

d7e46d64fe set it from 1000 to 10000.
f27fa98717 set it from 1000 to 100.
Probably also relevant is 4fe2c423b1.

Close: https://github.com/profanity-im/profanity/pull/2074
Fixes: https://github.com/profanity-im/profanity/issues/2045
2026-03-19 22:10:36 +01:00
Michael Vetter
b219ce9e60 Merge pull request #2121 from profanity-im/ci-buildwithlibomemo
ci: Build with libomemo-c for the "Linux Meson" job
2026-03-19 20:24:33 +01:00
Michael Vetter
e252f54436 ci: Build with libomemo-c for the "Linux Meson" job
The rest will stay with libsignal-protocol-c. So we test both.
Let's add the dependency to all Dockerfiles already.
2026-03-19 20:11:26 +01:00
Michael Vetter
046eb13e2e Merge pull request #2117 from profanity-im/xep0377
Improve support for XEP-0377
2026-03-19 19:53:22 +01:00
Michael Vetter
456a266fa9 Merge pull request #2120 from profanity-im/feature/libomemo-support
Add support for libomemo-c as OMEMO backend
2026-03-19 19:52:35 +01:00
Michael Vetter
27b5f0fbda build(meson): add support for libomemo-c as OMEMO backend
Add the ability to choose between libsignal-protocol-c (default)
and libomemo-c when building with OMEMO support enabled in Meson.

Close: https://github.com/profanity-im/profanity/pull/2020
2026-03-19 19:01:50 +01:00
Michael Vetter
82db360fb9 feat: Improve XEP-0377 support with report-origin and third-party elements
Add support for <report-origin/> and <third-party/>.

When a server forwards a report to an administrator, the original reporter
(report-origin) and the offender (third-party) are preserved even
if the 'from' address is modified during forwarding.

Also display this information in case we receive a report.
2026-03-19 13:31:13 +01:00
Michael Vetter
d395cfb6b9 Merge pull request #2118 from profanity-im/fix-2011
fix: missing plugins_post_chat_message_display calls
2026-03-19 12:59:18 +01:00
Michael Vetter
1d94316937 fix: missing plugins_post_chat_message_display calls
We need the post-display hooks in DB, log, outgoing messages, and carbons as well.
Also add pre-display hook to carbons for consistency.

Fixes: https://github.com/profanity-im/profanity/issues/2011
2026-03-19 11:46:31 +01:00
Michael Vetter
030c0b7999 docs: Improve help for /blocked 2026-03-19 11:07:51 +01:00
Michael Vetter
93918a20d1 feat: Display incoming reports (XEP-0377)
Servers might forward incoming reports to admins. So we need to display
them so they can react upon it.
2026-03-19 10:57:41 +01:00
Michael Vetter
d616e160cd Merge pull request #2116 from profanity-im/sanitzexml
feat: Sanitize illegal XML characters from outgoing messages
2026-03-19 10:40:19 +01:00
Michael Vetter
446f28ac31 fix: Use <body> tag for spam reporting (XEP-0377)
Update `blocked_add` to use the `<body>` tag with the `jabber:client`
namespace when reporting spam, as specified in XEP-0377 Example 5.
Other report types continue to use the `<text>` tag.

Fixes: https://github.com/profanity-im/profanity/issues/1971
2026-03-19 10:36:59 +01:00
Michael Vetter
189050f3f4 feat: Sanitize illegal XML characters from outgoing messages
Filter out control characters (U+0000 to U+001F) from outgoing
messages, as they are illegal in XML 1.0 (except for \t, \n, and \r).
This prevents XMPP servers from closing the connection when such
characters are accidentally or intentionally included in a message.

Fixes: https://github.com/profanity-im/profanity/issues/1437
2026-03-19 10:28:49 +01:00
Michael Vetter
1f146d1499 Merge pull request #2113 from profanity-im/omemo-noise
Reduce OMEMO noise
2026-03-19 09:36:53 +01:00
Michael Vetter
6a569626fe Merge pull request #2115 from profanity-im/fix-1986
Properly support UTF-8 characters in autocompletion
2026-03-19 09:13:02 +01:00
Michael Vetter
f6b9903c31 tests: Add test for tab autocompletion of /msg
Test both latin and UTF-8.
2026-03-19 08:55:20 +01:00
Michael Vetter
ee0d325648 tests: add prof_send_raw
Allow sending byte sequences to the Profanity PTY without a newline.
Now we can simulate control characters, specifically the `TAB` key
(`\t`), to trigger autocompletion.
2026-03-19 08:50:58 +01:00
Michael Vetter
e9c6b3b3d8 feat(tools): support UTF-8 characters in autocompletion
Autocompletion failed for nicknames using non Latin scripts. We used
`g_str_to_ascii`, which replaces characters it cannot transliterate with
'?', leading search failures and false matches between different
scripts.

Now we do:
Use `g_utf8_casefold` for case-insensitive UTF-8 comparison. This
ensures that like 'Σ' correctly match 'σ' across all Unicode scripts,
providing correct results for non English nicknames.

If we don't fine anything typing a base ASCII character matches an
accented one (typing `e` matches `è`). This pass uses `g_str_to_ascii`
followed by `g_ascii_strdown` for comparison. It is now restricted to
run if the search string itself is valid ASCII, preventing the
"everything matches '?'" bug in non Latin scripts.

Autocomplete items are sorted using `strcmp`. `g_utf8_collate` provides
linguistical ordering for a specific language. But its behavior is
locale dependent and undefined when comparing strings from different
scripts. `strcmp` does byte-wise ordering that correctly follows Unicode
code order for UTF-8 strings.
2026-03-19 08:41:50 +01:00
Michael Vetter
b7c8f8235c feat(omemo): suppress "new device" alerts for already known devices
Modify omemo_set_device_list to check against the persistent
known_devices.txt file before notifying the user. This prevents
false-positive security alerts on every restart for devices
that have already been registered and trusted.

Check against the persistent known_devices.txt file before notifying
the user. This ensures that "New OMEMO device" alerts are only shown
for devices that are truly new to this client.

Ref: ce9b5140d
2026-03-18 22:19:18 +01:00
Michael Vetter
4253da99c5 feat(omemo): suppress redundant session already exists messages
Removing the UI notification in omemo_start_device_session to reduce
noise during /omemo start.
The information is still available in the debug logs.

And I think for existing sessions its just too much without value.

Ref: b20e3f1a
2026-03-18 22:19:13 +01:00
Michael Vetter
321ff57150 feat(omemo): suppress repetitive missing device ID warnings
When sending OMEMO messages, we print a warning message for every
participant without a device ID on every single send:

```
Can't find a OMEMO device id for my@jid.org
```

This clutters the UI due to the high volume of repetitive information.

This is solved by tracking suppressed warnings within the window
structure. A warning for a specific JID and type is only shown once
per window context.

Suppression state is stored in the base ProfWin structure and managed
via helper functions (win_warn_needed, win_warn_sent). The state is
lazily initialized to save resources and automatically cleaned up when
the window is closed.

Warnings are explicitly reset when an OMEMO session is started or
ended to ensure users see fresh alerts when toggling encryption.
2026-03-18 21:48:37 +01:00
Michael Vetter
9de455ceea Merge pull request #2112 from profanity-im/fix-2110
Fix 2110
2026-03-18 17:16:07 +01:00
Steffen Jaeckel
2240879956 Fix potential double free.
Change `log_database_get_previous_chat()` to not take ownership of
`end_time`, so it's clear that whoever passes it in, has to free it.

Fixes: https://github.com/profanity-im/profanity/issues/2110
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2026-03-18 16:47:49 +01:00
Steffen Jaeckel
349de02b8c Introduce prof_date_time_format_iso8601().
Instead of repeating the same pattern over and over, introduce a helper
function that either outputs a formatted timestamp if one is given as
argument or returns the current time if no argument is given.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2026-03-18 16:47:49 +01:00
Steffen Jaeckel
f55f7611c2 The buffer API should use unsigned types.
Either there are buffer entries or there are none. No need to have negative
values in the API.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2026-03-18 16:47:49 +01:00
Michael Vetter
73ccd6bc9b Merge pull request #2109 from profanity-im/more-fixes
More fixes
2026-03-16 10:55:56 +01:00
Steffen Jaeckel
d9a8c579b6 Optimize random data generation.
In the process of trying to bring down the time of sending an OMEMO
encrypted message I noticed that a lot of time was spent in generating the
random key and IV (~0.54s on my machine).
By changing this to a single call to `gcry_random_bytes_secure()` I have
been able to slash the time by 50% to ~0.27s.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2026-03-16 10:43:28 +01:00
Steffen Jaeckel
cbe6dac448 Flush OMEMO store only after encrypting for all recipients.
Instead of flushing the OMEMO store to disk after each operation, do it
only once after all recipients are processed.

A user reported a long delay between hitting enter on the keyboard and the
message being sent on the wire in an OMEMO-enabled group chat. This patch
hopefully improves this situation.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2026-03-16 10:43:28 +01:00
Steffen Jaeckel
ff65db0b10 Fix potential segfault.
It's not guaranteed that `log_database_get_limits_info()` returns a
non-NULL value or that `timestamp` is non-NULL.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2026-03-16 10:43:28 +01:00
Michael Vetter
ab3f58b3a3 docs: Add information about footers in git commit messages 2026-03-09 13:32:05 +01:00
Michael Vetter
acba9d9da7 Merge pull request #2108 from profanity-im/omemo-ux-fix
fix: Dont OMEMO trust check so often
2026-03-09 13:22:19 +01:00
Michael Vetter
833090aac5 chore: Add copyright header to C files who had none 2026-03-09 13:14:44 +01:00
Michael Vetter
798edce22a chore: Move to SPDX license header 2026-03-09 12:55:37 +01:00
Michael Vetter
04ba2700d0 docs: Sort entries in theme_template 2026-03-09 12:19:25 +01:00
Michael Vetter
7235b019fc docs: Update theme_template with missing options
Synchronize theme_template with the current codebase by adding all
themeable preferences and color attributes that were previously
undocumented.
Remove 'wins.autotidy' option which is no longer used.
2026-03-09 12:17:23 +01:00
Michael Vetter
562b7c2ab9 docs: Add Conventional Commit Structure 2026-03-09 12:08:26 +01:00
Michael Vetter
aaf146bd4f chore: Add XEP comparison script
The idea is that we keep our DOAP file updated.
Then we always know which version of a XEP we implemented.
By running this script we can then find out if a new version of a XEP
came out.
And we can check whether we need to update our code to adhere to the
latest version or whether we can just version bump.
2026-03-09 11:51:49 +01:00
Michael Vetter
624585572e fix: Dont OMEMO trust check so often
a26cdf386b / #2104 added OMEMO trust status to the
title bar, but it was being re-calculated on UI refresh.

Update only on certain operations (like `/omemo trust`, new device
discoveries and even incoming OMEMO messages for example).
2026-03-09 11:38:51 +01:00
Michael Vetter
205634534e Merge pull request #2107 from profanity-im/fix/2106
fix: Fix not saving first created account
2026-03-09 10:37:31 +01:00
Michael Vetter
5c484c26ed fix: Fix not saving first created account
Commit 81f92f1fe introduced a selective update mechanism to
_accounts_save() to prevent overwrites when running multiple instances
by only modifying the specific account being saved.

There was one mistake: the logic for adding a new
account was tied to the final iteration of a loop over
existing accounts.

When starting with an empty accounts file, the
loop never executes though.

We can call g_key_file_set_value() directly and don't need the loop
because this function will only modify one entry or add it if it doesn't
exist.
2026-03-09 09:57:48 +01:00
Michael Vetter
0b46c32a71 chore: updat clang-format action to 4.16.0 2026-03-09 09:17:24 +01:00
Michael Vetter
a26cdf386b Merge pull request #2104 from profanity-im/omemo-ux
Improve OMEMO UX
2026-03-09 09:15:24 +01:00
Michael Vetter
e39ffd981f refactor: Refactor OMEMO error handling and add non-null attributes
Add __attribute__((nonnull) hints to omemo_receive_message and
omemo_on_message_recv declarations to catch NULL arguments at
compiletime.
So we can set the error state unconditionally in the functions.
2026-03-09 08:48:41 +01:00
Michael Vetter
3e2673aad2 cleanup: Cleanup types 2026-03-09 07:52:21 +01:00
Michael Vetter
4d49c2b746 feat: Provide descriptive fallback messages for OMEMO decryption failures
If an incoming OMEMO message failed to decrypt (due to missing session
keys or untrusted identities), Profanity would fall back to displaying
the raw XMPP body. This usually contained a generic string like "This
message is encrypted with OMEMO,".

We wrote the detailed reason in the debug logs but the user only saw the
fallback message and probably wondered *why* the message wasn't
displayed properly.

I'm unsure if we should display the fallback message as well though.
2026-03-09 07:49:03 +01:00
Michael Vetter
b20e3f1a0c feat: Improve feedback during OMEMO session Initiation
After typing `/omemo start` a user was not informed of what exactly
happens.
Profanity is fetching the device list and the key bundle for each
device. This happens asynchronously. It could be that it takes some time
and the user already starts typing a message, believing OMEMO is
working.

Now we print:
* Initiating OMEMO session..
* Fetching device list and key bundles
* OMEMO session ready

So the user understands much better the current situation.
2026-03-09 07:49:03 +01:00
Michael Vetter
5a3083f273 feat: Show active and trust status in /omemo fingerprint
The /omemo fingerprint command provided a list of all keys ever
seen for a contact but did not indicate which keys were currently "active"
(present in the latest server device list). This made it difficult for users
to identify which fingerprints actually required verification to fix
encryption issues.

Users can now easily distinguish between devices currently in use and
historical keys that no longer matter.

When encryption fails users can immediately see which "active" key is
"untrusted," allowing them to verify the correct fingerprint fast.

Function `omemo_is_device_active` will check if a fingerprint belongs
to a device currently announced by the contacts server.
2026-03-09 07:49:03 +01:00
Michael Vetter
99c03f8c3b feat: Provide detailed encryption failure messages for OMEMO
When OMEMO encryption failed due to untrusted devices, the
user was presented with a generic error message. This made it difficult
to identify which specific fingerprints were causing the issue, forcing
users to manually hunt for untrusted keys using /omemo fingerprint.

New function `omemo_get_jid_untrusted_fingerprints` to specifically
identify unverified identities for a contact.
`omemo_on_message_send` will now catch encryption failures and
explicitly list the untrusted fingerprints in the chat window.
2026-03-09 07:49:03 +01:00
Michael Vetter
ce9b5140d5 feat: Notify users when new OMEMO devices or fingerprints are discovered
Previously, Profanity silently updated OMEMO device lists and identity
caches in the background. This often led to confusion when a contact
added a new device, as encryption or decryption would eventually fail
due to untrusted keys without any prior warning to the user.

The `notifying` flag will distinguish between initial data loading and
realtime discovery.

We now print a message both when a contact publishes a new device ID or
when a new fingerprint is discovered.
2026-03-09 07:49:03 +01:00
Michael Vetter
ded2f6afc0 feat: Add OMEMO trust status indicators to the titlebar
Previously the titlebar only showed [OMEMO], regardless of whether the
active session contained untrusted devices. This forced users to manually
run /omemo fingerprint to check the security status of their conversation,
making it difficult to know at a glance if a session was truly secure.

New function `omemo_is_jid_trusted()` to check if all active devices for a JID are trusted.
Update chat and MUC titlebar to display [trusted] or [untrusted] tags when an OMEMO session is active.
Not sure if MUC makes sense here?
2026-03-09 07:49:03 +01:00
Michael Vetter
73b44eff67 chore: Add 0.16.0 to release in doap file 2026-03-09 07:30:39 +01:00
Michael Vetter
7dedd26440 docs: Update implemented XEPs 2026-03-09 07:29:00 +01:00
Michael Vetter
7663c334ed Merge pull request #2105 from profanity-im/fix/2103
fix: Sanitize account names
2026-03-08 22:30:29 +01:00
Michael Vetter
bfc9eb259c fix: Sanitize account names
GKeyFile parses ini-like config files. So the characters '[', ']',
and '=' cannot be used.
We will replace them with '_' now.

This bug was found when a user wanted to connect to an IPv6 address (user@[ipv6:address]).

One problem could be that we get duplicate account names with they would
use one of those 3 characters. But I consider this very unlikely.

Fix https://github.com/profanity-im/profanity/issues/2103
2026-03-08 21:45:35 +01:00
Michael Vetter
185e943adf Merge pull request #2102 from profanity-im/msgjid
Improve JID validation and fix a bug when loading database messages
2026-03-06 15:18:45 +01:00
Michael Vetter
40963c702e fix: database return NULL if no history limits are found
log_database_get_limits_info should return NULL when a contact has no
history in the database.

We hit a bug with `/msg adsf@asd` before.
2026-03-06 15:05:57 +01:00
Michael Vetter
f251cc8bb3 feat: handle and allow JIDs with trailing slashes
Make jid_is_valid() allow JIDs ending with a slash (`user@domain/`).
In these cases, the parser now treats the input as a Bare JID with no
resource part, rather than rejecting it as invalid.

We will then just get `user@domain`.
2026-03-06 15:05:52 +01:00
Michael Vetter
35a2f2990a fix: Correct handling of create_fulljid without resource
If resource was NULL/"" we otherwise had a trailing slash.
2026-03-06 13:09:49 +01:00
Michael Vetter
fa64b135df refactor: Centralize validation within jid_is_valid 2026-03-06 13:08:06 +01:00
Michael Vetter
d6705362a2 fix: Only allow /msg with valid JIDs
Only allow to message someone who has a nick in roster or when we pass a
user JID.
Otherwise notify the user.
2026-03-06 12:36:53 +01:00
Michael Vetter
5bcf859e92 feat: Add jid_is_valid_user_jid() to check for valid user JIDs
This one will need a localpart as well.
It should be used when we want to message a user for example.
While jid_is_valid() also returns TRUE for domain/server JIDs.
2026-03-06 12:35:30 +01:00
Michael Vetter
09757da5df feat: Improve validation of JIDs
Add new `jid_is_valid()` function and improve the adherence to XMPP RFCs
in jid_create().

Add unit tests for them as well.
2026-03-06 12:11:30 +01:00
Michael Vetter
a001a6c4b7 Merge pull request #2101 from profanity-im/functionaltests
Reenable functional tests
2026-03-06 11:13:56 +01:00
Michael Vetter
778a9b3d3d tests: Don't build functional test with analyzer and increase timeouts 2026-03-06 11:01:18 +01:00
Michael Vetter
285a5086ca docs: Add note about sanitizers overhead 2026-03-06 09:53:49 +01:00
Michael Vetter
f3e3a64ec2 docs: Add a section explaining how to write functional tests 2026-03-06 09:45:51 +01:00
Michael Vetter
cea4c961e0 docs: Add section explaining how to run functional tests 2026-03-06 09:35:58 +01:00
Michael Vetter
5bc6604648 tests: remove apparently unused code 2026-03-06 09:02:09 +01:00
Michael Vetter
cf7b5f808e tests: fix functional presence tests 2026-03-05 22:46:33 +01:00
Michael Vetter
23fe2a4661 tests: fix functional test message_receive_chatwin 2026-03-05 22:22:24 +01:00
Michael Vetter
2692f70473 tests: fix functional test message_send 2026-03-05 22:14:57 +01:00
Michael Vetter
82c9284616 tests: fix functional test resets_to_barejid_after_presence_received 2026-03-05 22:00:09 +01:00
Michael Vetter
e03b165741 tests: fix functional test sends_room_join 2026-03-05 21:31:25 +01:00
Michael Vetter
e0fbe40757 tests: fix functional test send_receipt_on_request 2026-03-05 20:24:16 +01:00
Michael Vetter
421bb2e261 feat: Only request receipts when supported
Only request delivery receipts if the recipient is known to support them
via entity capabilities
As mentioned in the recommendations of XEP-0184.
2026-03-05 20:21:47 +01:00
Michael Vetter
b3d61587e1 tests: fix functional test receive_carbon 2026-03-05 19:45:58 +01:00
Michael Vetter
897e192544 ests: fix functional test rooms_query 2026-03-05 13:51:28 +01:00
Michael Vetter
fbd31f61a6 tests: fix functional test connect_shows_presence_updates 2026-03-05 13:19:37 +01:00
Michael Vetter
3f989775a6 tests: fix functional test ping_responds_to_server_request 2026-03-05 13:12:02 +01:00
Michael Vetter
cb89451b3a tests: fix functional test ping_jid 2026-03-05 13:11:59 +01:00
Michael Vetter
d2d5f1489f tests: Fix passing of special characters to prof_expect()
We were passing our raw strings to the regex engine. We need to escape
them with g_regex_escape_string() first.
2026-03-05 13:11:59 +01:00
Michael Vetter
edd36f784f tests: fix functional test test_ping 2026-03-05 13:11:54 +01:00
Michael Vetter
d7142479ae tests: try two places for profanity binary 2026-03-05 12:33:03 +01:00
Michael Vetter
9cb11bdec2 tests: Reenable functional tests
They were disabled in 171b6e73c9.

Enable the functional test suite and replaces the
dependency on libexpect with a custom solution.

The native solution allows for specific optimizations like automatic
ANSI code stripping, which is essential for reliable pattern matching in
an ncurses interface.

Custom PTY management via libutil provides full control over the process
lifecycle, resolving issues where tests would hang indefinitely.
We use forkpty from libutil.

Addiiotnally this commit implements automatic ANSI escape sequence
filtering to improve matching consistency.
This will get rid of the colors in matches. It's still something that we
need to think about more since basically we will not test out
color/theme system this way.

We also add non-blocking poll() and SIGKILL based teardown logic to
ensure clean test termination.

We added the functional tests to both autotools and meson.
They are only build when tests are enabled and stabber + libutil are
present.
Meson will print this out nicely in the summary.

Regards https://github.com/profanity-im/profanity/issues/789
2026-03-04 22:32:38 +01:00
Michael Vetter
11bc6ea22b fix: Fix usage error in /time command
When targeting a specific preference (`/time console off`)
the loop would continue to iterate through the remaining
categories after finding and applying the setting.

Because subsequent items would not match, it always resulted in
"invalid usage" printed as well after the success message.
2026-03-04 22:23:31 +01:00
Michael Vetter
99e7057a36 fix: Increase max arguments for /connect to 9
The /connect command supports several optional parameters
server, port, tls, and auth.

This was implemented in ac410445af but
this change in the command definitions probably were forgotten.
2026-03-04 22:20:31 +01:00
Michael Vetter
7088c2c95e Merge pull request #2100 from profanity-im/fix/2098
Fix file autocompletion bugs and restore cycling
2026-03-01 01:44:50 +01:00
Michael Vetter
8dbd1e3253 fix: Fix file autocompletion bugs and restore cycling
Fix several issues in cmd_ac_complete_filepath:
* Prevent a segfault when input is empty.
* Fix a double free where acstring was managed by both auto_gchar and GArray.
* Fix a memory leak when reassigning inpcp during quote stripping.
* Restore the ability to cycle through files on repeated TAB presses by
  caching the last input and skipping updates if the input is already a
  known completion.
* Preserve user input style (e.g. ~, ./) in autocompletion strings to
  ensure matches are correctly displayed and filtered.

Bug got introduced when "cleaning" code with new compiler flags and
sanitizers: aec8e48268.
Add unit tests so this doesn't happen again.

Before that commit we didn't use the static variable but used
autocomplete_update instead. Now we avoid redundat updates and preserve
the state across tab presses. We should look at this again later.

Fix https://github.com/profanity-im/profanity/issues/2098
2026-03-01 01:26:14 +01:00
Michael Vetter
612cc0e59e Merge pull request #2099 from profanity-im/clean-unittests
Cleanup unittests and improve documentation for new contibutors
2026-02-28 15:15:13 +01:00
Michael Vetter
aadf912e0e docs: Expand the build section in CONTRIBUTING.md
Usually we point to the website. But honestly it's cumbersome for
developers to update the website. Let's decide later whether we remove
the section there or how we keep it in sync.

But for now let's just add a detailed build section here.
Especially since now we ship autotools *and* meson.

Also mention the convention that we use `build_run` as the meson build
dir. The quality script will depend on this.
2026-02-28 14:52:36 +01:00
Michael Vetter
91911b3e2f ci: Update clang-format to version 21
Update the gh workflow to pin clang-format to version 21.

Mention the version we use in CONTRIBUTING.md.
And hint to the workflow file if we want to change it.
2026-02-28 14:52:36 +01:00
Michael Vetter
109347eea5 docs: Explain how to turn clang-format of for some blocks of code 2026-02-28 14:52:36 +01:00
Michael Vetter
b0abb64950 refactor: Fix clang-format expansion of table
By removing the trailing comma from the array initialization we hint
clang-format to maintain the compact layout.
2026-02-28 14:52:36 +01:00
Michael Vetter
80e36bd1e2 tests: Apply coding style to unit tests 2026-02-28 14:52:36 +01:00
Michael Vetter
174848499d feat: Add unified quality-check script and git hook support
Move the `make doublecheck` functionality into a build system agnostic
script.

`scripts/quality-check.sh` can now be used to check for spelling via
codespell, formatting clang-format and run the unit tests.

`make doublecheck` and `meson compile doublecheck` will call this
script.

Sometimes we have issues with different versions of clang-format locally
vs our CI. In this case SKIP_FORMAT env variable can be set.
2026-02-28 14:52:27 +01:00
Michael Vetter
b29326969c docs: Explain how to write unit tests 2026-02-28 12:56:13 +01:00
Michael Vetter
e81435be06 tests: standardize naming convention
Use a behavior-driven naming convention for unit tests.

Functions are now named using the pattern: [unit]__[verb]__[scenario]
The __ works as a semantic separator.

Examples:
* jid_create__returns__null_from_null()
* cmd_connect__shows__usage_when_no_server_value

Benefits:
* Easy to find all tests associated with a specific function using the
  mandatory prefix.
* Test output in CI now explicitly describes the unit, the expected
  outcome, and the scenario being tested.

Also disabled keyhandlers tests due to missing code in src/ui.
2026-02-28 12:41:33 +01:00
Michael Vetter
a7408a970e cleanup: Map test files according to structure in src
For example cmd_account() is located in src/command/cmd_funcs.c.
The unit test was located in tests/unittests/test_cmd_account.c.
Let's move it to a subdirectory like tests/unittests/command/test_cmd_account.c
to correpsond to the same structure.
2026-02-28 11:36:47 +01:00
Michael Vetter
d8c16640c5 Merge pull request #2097 from profanity-im/fix/731-pseudo-join
fix: Ignore self-presence for untracked MUC rooms
2026-02-28 11:32:24 +01:00
Michael Vetter
e18b71576e Merge pull request #2096 from profanity-im/fix/1997-floatingpoint
fix: Fix Floating Point Exception in OMEMO session building
2026-02-28 11:07:35 +01:00
Michael Vetter
9fb45b543b fix: Ignore self-presence for untracked MUC rooms
Only handle self-presence for rooms we are actively managing.

Earlier we blindly react to any self-presence
stanza by calling 'ui_room_join'.

The join could have been initiated by another client or an external
Gateway. In the case of #731 this was Slack.
I remember that more people reported this kind of bug in our MUC.

We then would open a window and the nick would be (null) because we
don't have any nickname for that room set.

So only react on self-presence if we manage the MUC.
Other XMPP clients do the same.

Fix https://github.com/profanity-im/profanity/issues/731
2026-02-28 10:42:03 +01:00
Michael Vetter
45c551b8ac Merge pull request #2095 from profanity-im/morefixes
Add more compiler flags
2026-02-28 10:34:33 +01:00
Michael Vetter
bc13a726b6 fix: Fix Floating Point Exception in OMEMO session building
When an OMEMO bundle is received with an empty <prekeys/> element,
`prekeys_list` remains empty. In omemo_start_device_session(),
performing a modulo operation on the length of an empty list
(0) triggered a SIGFPE (Floating point exception).

torsocks likely affected the network environment where such empty
or incomplete bundles could be intercepted.

Fix https://github.com/profanity-im/profanity/issues/1997
2026-02-28 10:28:26 +01:00
Michael Vetter
09c9307493 ci: build with ASan and UBSan
Should help us find the following bugs early.

ASan:
* Out-of-bounds accesses
* Use-after-free
* Memory leaks
* Double free / Invalid free

UBSan:
* Undefined Behavior
* Signed integer overflow
* Null pointer dereference
* Pointer misalignment
* Division by zero
* Bit-shifting out of bounds

This needs works during runtime. But let's add it here so that at least
basic --version run is test and as a reminder for developer to add it.
I will also adjust documentation later on.
2026-02-28 10:10:04 +01:00
Michael Vetter
ab4adf19d0 refactor: Refactor form_set_value to use glib list management
Simplify how field values are updated and ensure memory is correctly
managed.

The previous implementation relied on manual manipulation of the
GSList internal `data` member and only handled cases where a field
had zero or one existing value.

The function now correctly handles fields that may
already contain multiple values by using 'g_slist_free_full' to
clear the entire list and its contents before setting the new
value.
2026-02-28 10:02:26 +01:00
Michael Vetter
434a887834 Fix -Wanalyzer-deref-before-check warning in get_message_from_editor
Let's add an explicit check.
2026-02-28 09:55:33 +01:00
Michael Vetter
c24cdcd671 fix: Fix -Wanalyzer-deref-before-check warning in cmd_ac_complete
Adding an explicit NULL check for 'input' at the start of
cmd_ac_complete to prevent a potential crash and resolve
a GCC static analyzer warning.

Quirk Explanation:
The analyzer found  a "deref-before-check" warning for:
`if ((strncmp(input, "/", 1) == 0) && (!strchr(input, ' ')))`

The analyzer interpreted 'strchr(input, ' ')' as a point where the
validity of 'input' is being questioned (a "check"), even though it is
actually checking the return value. This is due to GCC's internal model
of certain standard string functions having a 'nonnull' attribute or
being categorized as pointer "interrogations" in its state machine.

Because 'strncmp' dereferences 'input' earlier in the same line, the
analyzer saw a logical contradiction: "You treat it as safe in strncmp,
but then you call a function (strchr) that 'requires/checks' it to be
safe, implying you weren't sure."
2026-02-28 09:44:27 +01:00
Michael Vetter
4b5c253b89 build: Add -Wpointer-arith flag
Even though we are using with GNU extensions I will add this flag
since I prefer the explicit writing style that we have to use wich
this flag enabled.
2026-02-28 09:29:44 +01:00
Michael Vetter
38624f26a5 Merge pull request #2094 from profanity-im/flags
Let's build with -fanalyzer in debug mode.
These commits are related to issues found by gccs static analyzer.

Also bulid with -fstack-protector-strong compiler flag.
This flag adds a canary to stack frames, causing the program to terminate immediately if stack corruption is detected.

This helps identify memory safety bugs earlier during development by
turning silent corruption into an immediate crash.
2026-02-27 23:15:44 +01:00
Michael Vetter
36b15ec6d5 tests: update unit tests
Not really a best practise. They should have been run before each commit
and updated accordingly. Next time..
2026-02-27 23:01:14 +01:00
Michael Vetter
02cde29b65 cleanup: use g_new() instead of malloc in prof_add_shutdown_routine() 2026-02-27 22:29:45 +01:00
Michael Vetter
051f986774 cleanup: make _connection_handler() safer
Check for the memory before using it.
2026-02-27 22:29:45 +01:00
Michael Vetter
10ef8505f8 cleanup: Cleanup log modul
* _rotate_log_file(): guard against NULL mainlogfile before g_strdup/strlen
* log_stderr_init(): move dup2 after malloc checks to avoid fd leak on
  allocation failure.
  Also remove explicit close(STDERR_FILENO) before dup2
  since dup2 closes the target atomically. Close the fd returned by
  dup2 immediately.
2026-02-27 22:29:45 +01:00
Michael Vetter
35030b7a7e cleanup: use g_new0 instead of malloc in buffer_get_entry_by_id() 2026-02-27 22:29:45 +01:00
Michael Vetter
7876645cb0 cleanup: be a bit more defensive in 2026-02-27 22:29:45 +01:00
Michael Vetter
7b0232c11c wleanup: be a bit more defensive in server_events.c 2026-02-27 22:29:45 +01:00
Michael Vetter
286e563fbe fix: fix redundant error reporting in http download
We were sequentially checking for errors from 'curl_easy_perform',
'ftell', and 'fclose'. Each time overwriting the last one, resulting in
a leak. This commit ensures that 'err' is only set if it is currently
NULL, preserving the first and most specific error encountered.
2026-02-27 22:29:45 +01:00
Michael Vetter
f5787fb31f cleanup: refactor account_eval_password to use glib
Move from popen() to g_spawn_command_line_sync().
Which is nicer and gets rid of a resource leak that was present here.
2026-02-27 22:29:45 +01:00
Michael Vetter
5d31f376dd cleanup: check for strdup() success in stanza_create_http_upload_request() 2026-02-27 22:29:45 +01:00
Michael Vetter
0218ba26c8 fix: fix memory leak and potential crash in iq_id_handler_add
`userdata` was not freed if a handler could not be registered.

This occurs when the 'id' parameter is NULL. In such cases, the
handler cannot be stored in the 'id_handlers' table, but ownership
of 'userdata' has already been transferred to this function. This
commit ensures 'free_func' is called if 'id' is NULL since we always
need to have an ID.
2026-02-27 22:29:45 +01:00
Michael Vetter
e15f659277 fix: Fix NULL dereference and memory leak in _mam_rsm_id_handler
Add NULL checks before calling 'strlen' and also ensures that the string
is long enough before attempting to offset it by 3.
2026-02-27 22:29:45 +01:00
Michael Vetter
776bc262d0 refactor: change vcard_print() checks
data is allocated via g_new0() so cannot be NULL here.
And it was used before the check already so that didn't make any sense
in the first place.
2026-02-27 22:29:45 +01:00
Michael Vetter
1ec536d343 fix: fix api_get_current_occupants() memory problems
Fix a potential NULL pointer dereference. And free the list properly.
2026-02-27 22:29:45 +01:00
Michael Vetter
2406413e14 fix: fix NULL dereference and memory leaks in OX logic
recp elements were accessed without verifying the success of
_ox_key_lookup().

Also fix several memory leaks.

gpgme_data_new() followed 'gpgme_data_new_from_mem' was redundant.
2026-02-27 22:29:42 +01:00
Michael Vetter
16080ab985 cleanup: Fix potential null pointer dereference 2026-02-27 19:45:57 +01:00
Michael Vetter
f74501e97e cleanup: add a defensive check in cmd_process_input() 2026-02-27 19:36:47 +01:00
Michael Vetter
d8a7b234bb fix: segfault when using /command help
Usually we use `/help command`. Additionally there is a shortcut
`/comamnd?`. 54fea4afcf tried to introduce
to have `/command help`. Which doesn't really work since most commands
get this as parameters. So it never worked. Additionally it introduced
at segfault because it tried to set *question_mark to NULL even we can
also get there without the `?` but by having the `help` as parameter.
2026-02-27 19:33:28 +01:00
Michael Vetter
373ec4a7e3 refactor: replace malloc with g_new0 in many occasions 2026-02-27 19:26:42 +01:00
Michael Vetter
de5949e8eb refactor: partly move plugins to glib
That's not very nice yet but we have to start somewhere.
2026-02-27 19:26:42 +01:00
Michael Vetter
20154048e7 refactor: Move pgp module to gchar 2026-02-27 19:26:42 +01:00
Michael Vetter
45dc50eccf fix: initialize OMEMO pointers and add NULL checks 2026-02-27 19:26:42 +01:00
Michael Vetter
55be1de29c cleanup: use g_new0 and g_strdup for alias allocation
And move whole preferences module to gchar.
2026-02-27 19:26:42 +01:00
Michael Vetter
aec8e48268 refactor: modernize cmd_ac_complete_filepath and simplify path handling 2026-02-27 19:26:42 +01:00
Michael Vetter
65ca3c448b fix: handle potential NULL from malloc in OMEMO fingerprint decoding 2026-02-27 19:26:42 +01:00
Michael Vetter
4ee35028e5 cleanup: use g_malloc and auto_gchar in _win_print_wrapped 2026-02-27 19:26:42 +01:00
Michael Vetter
ba5614fb0e cleanup: use auto_FILE and handle fopen failure in command_docgen 2026-02-27 19:26:42 +01:00
Michael Vetter
156b78adfa cleanup: fix potential NULL dereference and leaks in cmd_sendfile
* Add NULL checks for malloc and strdup calls in cmd_sendfile
* Ensure file handles and descriptors are closed on all error paths
2026-02-27 00:02:59 +01:00
Michael Vetter
5711671c99 refactor: roster export uses GString and g_file_set_contents now
Modernize the /export command implementation by adopting GLib-based
patterns for string manipulation and file handling.

* Replace _writecsv with _append_csv_escaped to efficiently handle CSV
  quote doubling directly within a GString buffer
* Refactor cmd_export to build the CSV content in memory using GString,
  minimizing system calls
* Use g_file_set_contents for atomic writing
2026-02-27 00:02:59 +01:00
Michael Vetter
9f3d78a994 refactor: Make _writecsv safer and with better performance
* Cache strlen() result
* Check for malloc() failure to prevent null pointer dereference
* Ensure the output buffer is null-terminated for safe use with cons_show()
* Simplify the quote escaping logic for better readability.
2026-02-27 00:02:52 +01:00
Michael Vetter
3d2a82ad4a cleanup: Fix potential NULL dereference in cmd_omemo_(un)trust
Replace malloc() with g_malloc() to handle allocation failure and
ensure enough memory is allocated for the null terminator.
2026-02-26 19:47:13 +01:00
Michael Vetter
d29fcdbed3 refactor: Use p_contact_new instead of malloc in p_contact_new() 2026-02-26 19:29:43 +01:00
Michael Vetter
48205fc6de cleanup: Initialize waittime to 0
This fixes a -fanalyzer uninitialized value warning.
2026-02-26 19:21:45 +01:00
Michael Vetter
caf84ca731 refactor: use g_new in message_pubsub_event_handler_add() 2026-02-26 19:06:44 +01:00
Michael Vetter
f98e33be81 refactor: make Jid use glib functions 2026-02-26 19:06:44 +01:00
Michael Vetter
abffffb499 refactor: make Resource use glib functions 2026-02-26 19:06:44 +01:00
Michael Vetter
8a36ca6d97 refactor: start to standardize on gchar
Make get_random_string() return a gchar*.

This is part of the effort to migrate string declarations and
allocations from char to gchar, replacing standard C allocators
(malloc/calloc/strdup) with their glib equivalents
(g_malloc/g_new0/g_strdup).

The primary goal is to prevent mismatched allocator bugs. While char and
gchar are binary compatible, mixing their respective deallocators is
dangerous:

* Freeing malloc'd memory with g_free() (or vice versa) can lead to
  memory corruption, double-frees, or crashes.
* This is seems to be the case especiall on non Linux platforms or when
  using hardened memory allocators where the GLib slice allocator or
  wrappers may differ from the system heap.

By standardizing on gchar, we ensure that our automatic cleanup macros
(like auto_gchar) always invoke the correct deallocator (g_free).
2026-02-26 19:06:44 +01:00
Michael Vetter
e1fd2a1cf6 refactor: replace calloc with g_new0 for struct allocations
Migrate structure allocations from calloc to glibs g_new0 macro to
improve type safety and memory robustness.

* Type Safety: The macro takes the type name directly, ensuring the
  allocated size always matches the pointer type.
* Static Analysis: It guarantees a non-NULL return by aborting on
  failure, which silences -fanalyzer warnings regarding potential NULL
  pointer dereferences.
* Readability: Removes redundant sizeof() calls and is the glib way
2026-02-26 19:06:39 +01:00
Michael Vetter
f1d4ed41d6 refactor: Use g_malloc0 instead of calloc in get_random_string()
It automatically aborts the program on allocation failure.
Also eliminates the need for repetitive manual NULL checks.
2026-02-26 16:29:50 +01:00
Michael Vetter
ec45a19c72 build: enable -fanalyzer for static analysis
Enable gccs static analyzer to detect memory bugs at compile-time. This
validates our __attribute__((__cleanup__)) macros and improves security
when parsing external XMPP data with zero runtime overhead.
2026-02-26 16:28:00 +01:00
Michael Vetter
606a10208a build: Enable _FORTIFY_SOURCE and -Og optimization
Add security hardening via _FORTIFY_SOURCE=2 and switch to -Og to
provide the necessary optimization for these checks while remaining
debugger friendly.

The goal is to catch many buffer overflows and format string errors
at compile-time or runtime.

-Og may occasionally optimize out very short-lived
local variables, making them invisible in the debugger.
So i'm not sure this is a very good idea. But I hope that we will find
bugs earlier and don't even need to debug that often. We might revert
this change later though in case we run into problems too often.

I'm not aware of any other downsides.
2026-02-26 08:50:12 +01:00
Michael Vetter
e95e8b5c6f build: Add -fstack-protector-strong compiler flag
Enable stack protection to detect buffer overflows and harden the binary.
This flag adds a canary to stack frames, causing the
program to terminate immediately if stack corruption is detected.

This helps identify memory safety bugs earlier during development by
turning silent corruption into an immediate crash, and provides
protection against stack-smashing exploits at runtime with negligible
performance overhead.

We don't add this generally because we wan't distributions/users to
decide if they want it. But it can help us find problems early on during
development.
2026-02-26 08:42:24 +01:00
Michael Vetter
8fd3c05983 Merge pull request #2093 from profanity-im/improve-unittests
Improve unittests
2026-02-25 12:50:50 +01:00
Michael Vetter
549f28fa0d tests: Add test for release_is_new()
Also refactor the function so we pass it the current version
and don't rely on the define inside of it.

This function only allows version format in the style of "x.y.z".
2026-02-25 12:40:32 +01:00
Michael Vetter
ea7a59808a refactor: optimize prof_occurrences()
Optimize prof_occurrences by using pointer arithmetic and
g_utf8_next_char instead of calls to g_utf8_offset_to_pointer.

Improve list construction efficiency in prof_occurrences by
using g_slist_prepend and g_slist_reverse instead of appends.

Also fix a slight oversight that could lead to trouble:
When empty search strings (e.g. empty nicks) are passed
it caused matches at every position.

Update the test case to test for empty nicks.
2026-02-25 12:40:32 +01:00
Michael Vetter
ca8cc8f651 tests: Add test for get_mentions() 2026-02-25 12:40:32 +01:00
Michael Vetter
0c15cd1d93 tests: Add test for valid_tls_policy_option()
See last commit with comment regarding cons_show().

In this test here we can see that if we pass NULL cons_show() isn't
called. Making it a bit different that other invalid test cases.
2026-02-25 12:40:32 +01:00
Michael Vetter
b7d53adba6 tests: Add tests for string_matches_one_of()
Writing this test I'm unsure whether a function like
string_matches_one_of() should actually call cons_show().
Let's just note that for later.
2026-02-25 12:40:28 +01:00
Michael Vetter
2b650c8daf build: Set -Qunused-arguments depending on compiler not os
This got introduced in configure.ac in
4ca6296fb7. I'll leave it there as is for
now but let's use the proper way in meson.

See discussion in https://github.com/profanity-im/profanity/pull/2090
2026-02-24 19:07:52 +01:00
Michael Vetter
e6bad112aa Merge pull request #2090 from botantony/fix-function-declaration
fix: define `prefs_changes_print` outside of `prefs_changes`
2026-02-24 19:01:25 +01:00
botantony
309c0a64a7 fix: define prefs_changes_print outside of prefs_changes
This causes build failures on macOS runners in Homebrew, see:
https://github.com/Homebrew/homebrew-core/pull/268970
https://github.com/Homebrew/homebrew-core/actions/runs/22305120219/job/64538952484?pr=268970

I didn't run `make format` because it modified other unrelated files
(guess they were not formatted before) but I assume this PR follow the
style guides

Signed-off-by: botantony <antonsm21@gmail.com>
2026-02-24 14:54:31 +01:00
Michael Vetter
a7be9f1280 tests: Add tests for strtoi_range() 2026-02-23 20:05:32 +01:00
Michael Vetter
5a7bba8093 tests: Add test for string_to_verbosity() 2026-02-23 18:37:14 +01:00
Michael Vetter
74bf33e727 tests: Add test for get_expanded_path() 2026-02-23 18:37:10 +01:00
Michael Vetter
1be326911c tests: Improve autocomplete unit tests
It seems like we didn't even check whether the operations succeed or
not.

* `clear_empty()`
  Add assertion to confirm a newly created autocomplete object is empty.
* `find_after_create()`:
  Add assertion to ensure `autocomplete_complete()` returns NULL when no
  entries are present in th object.
2026-02-23 18:28:49 +01:00
Michael Vetter
657de5f22f Merge pull request #2089 from profanity-im/cleanup
Cleanup
2026-02-23 11:10:38 +01:00
Michael Vetter
2b6bb1ae3e docs: Mention generated html pages in release guide 2026-02-23 10:50:24 +01:00
Michael Vetter
64a72249cb Start new cycle 2026-02-23 10:44:08 +01:00
Michael Vetter
5ff84d98d8 Release 0.16.0 2026-02-23 10:30:36 +01:00
Michael Vetter
a1fe714487 build: enable more warnings in debug mode 2026-02-20 16:50:03 +01:00
Michael Vetter
6221d1046a cleanup: Cast device ids in omemo.c
Seems like in signal address.device_id is int32 for some reason.
2026-02-20 16:50:03 +01:00
Michael Vetter
10a68437ad cleanup: Move loop var from int to size_t in omemo.c 2026-02-20 16:50:03 +01:00
Michael Vetter
7eb64b2779 cleanup: Cast g_hash_table_lookup return to function pointer
Explicitly cast the void pointer returned by g_hash_table_lookup
to the expected function pointer signature.

Make `-Wpedantic` happy.
2026-02-20 16:49:58 +01:00
Michael Vetter
110b359ee1 cleanup: Cast to get rid of warnings 2026-02-20 16:45:01 +01:00
Michael Vetter
1d0e6580d1 cleanup: Move loop var from int to size_t in cmd_funcs.c 2026-02-20 16:45:01 +01:00
Michael Vetter
ddd43f5e60 cleanup: Move more functions from int to guint in statusbar.c 2026-02-20 16:45:01 +01:00
Michael Vetter
8970b5e61b cleanup: Move some variables from int to guint in statusbar.c 2026-02-20 16:45:01 +01:00
Michael Vetter
1120170ef7 cleanup: Adapt type and cast to get ride of warnings 2026-02-20 16:44:54 +01:00
Michael Vetter
289fed262f cleanup: cast option to curl_easy_setopt
Also found via LTO mismatch.
2026-02-20 16:28:56 +01:00
Michael Vetter
759e5830a6 fix: Correct function signature for unittests
Found as LTO type-mismatch.
2026-02-20 16:25:47 +01:00
Michael Vetter
f1acf702a9 chore: Update copyright year 2026-02-20 16:13:31 +01:00
Michael Vetter
6e61383e97 cleanup: Adapt loop counter to proper type
Fixing a couple of -Wsign-compare warnings.
2026-02-20 16:02:27 +01:00
Michael Vetter
3e0c9e79e4 cleanup: Correct comparison in cons_show_wins()
g_strstr_len() actually returns a gchar* to the position. So it is not
like in the case of strlen() where it returns the number of bytes.
2026-02-20 16:02:17 +01:00
Michael Vetter
61fa8d5b66 cleanup: Initialize optional fields in profModule
Let's initialize them with NULL to make the compiler happy.
2026-02-20 16:02:13 +01:00
Michael Vetter
70ed25c418 cleanup: Initialize GOptionEntry entries correctly
The `arg_description` field was forgotten in 034a98587.
2026-02-20 16:02:08 +01:00
Michael Vetter
15fcda7950 cleanup: Fix uninitialized field in color_distance()
`name` of the struct `color_def` was not initialized but is also not
needed in this function.
2026-02-20 16:02:03 +01:00
Michael Vetter
12a181b5d5 cleanup: Wrap release handler in iq.c
GDestroyNotify takes a void* and returns void.

Wrap xmpp_stanza_release to get rid of the incompatible function type
warning.
2026-02-20 16:01:58 +01:00
Michael Vetter
b6a70aa47e cleanup: Fix cast function type warnings in pgp.c
The gpgme_set_passphrase_cb function expects a function
pointer of type gpgme_passphrase_cb_t.

The gpgme_passphrase_cb_t typedef specifies a function that returns
gpgme_error_t so return GPG_ERR_NO_ERROR instead of 0.
2026-02-20 16:01:52 +01:00
Michael Vetter
b8eddb4e3c cleanup: Make muc_nick() return const char*
Fix `type qualifiers ignored on function return type`.
2026-02-20 16:01:46 +01:00
Steffen Jaeckel
4b610579ae Fix Git version strings for out-of-tree builds.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2026-02-09 10:24:56 +01:00
Michael Vetter
0ad4e38aa1 readme: remove sponsors section
Noone wants to sponsor us anyways :)
2026-02-05 16:48:50 +01:00
Michael Vetter
13a0214ed6 Merge pull request #2086 from profanity-im/meson-build
Fix https://github.com/profanity-im/profanity/issues/1002.
Was already started in 2021 in https://github.com/profanity-im/profanity/pull/1619 but then abandoned it.

I want to take this opportunity to change a couple of other things regarding building:
* The `--plugins` switch is gone. Use `--python-plugins` and `--c-plugins` instead.
* We don't autoenable depending on dependencies being present. Every feature needs to be enabled explicitly. This helps with having deterministic builds.
* Instead of setting `PACKAGE_STATUS="development/release"` in the configure.ac file we will use the default meson `buildtype`.

Autotools will probably stay a while. The next release will contain both with a note for packagers to try to use meson and give us feedback.

Meson/Ninja is significantly faster and the syntax is much easier to read.
The faster build times eventually will also help when waiting for CI results.

There are some things missing still like our `make dist`, `make doublecheck` and such.

Usage example:
```
meson setup build --buildtype=release -Domemo=enabled -Dpgp=enabled
meson compile -C build
```

The changes described above are only on meson. Autotools still behaves the same. The plan is to keep it as is and remove it once we know everything works in meson.
2026-02-05 16:08:15 +01:00
Michael Vetter
4223105746 ci: add ci job for building with meson
This probably could be nicer. But since we will drop one in the future
it's not really a priority to make this pretty.
2026-02-05 15:36:54 +01:00
Michael Vetter
57d18d44c8 build: only check for gpgme via pkg-config
Most likely we don't need to check for gpgme-config on most modern
systems.
2026-02-05 15:33:44 +01:00
Michael Vetter
f6eced0ad0 build: simplify build configuration and remove redundancy
Use disabler() for optional dependencies.
Extract repeated build type checks into is_debug/is_release variables.
Consolidate compiler flags into single add_project_arguments() calls.
Simplify dependency list building (Meson auto-ignores disabled deps).
Streamline platform checks using 'in' operator.
Remove redundant variables (xscrnsaver_found, gtk_version, config_h_inc).
Simplify ncurses and header detection with clearer fallback chains.
Consolidate install_data() calls for files in same directory.
2026-02-05 15:09:41 +01:00
Michael Vetter
01c9a51c70 build: only support gtk3 for icon and clipboard
gtk2 is pretty old now. Let's just focus on gtk3.
2026-02-05 14:36:28 +01:00
Michael Vetter
75579c6bf6 build: simplify adding dependencies
We don't actually need to check whether they were found.
Meson will just ignore the empty ones.
2026-02-05 14:31:28 +01:00
Michael Vetter
d91ff7eb20 build: features need to be enabled
For meson we dont just check for the presence of a dependency and
then auto enable it.
Users must enable features explicit. This helps with having
deterministic results.

Also remove the general `plugins` switch which was used to
enable/disable both python and c plugins. Users can just use
those switches.
2026-02-05 14:19:10 +01:00
Michael Vetter
886080dc9b build: simplify readline detection 2026-02-05 13:35:55 +01:00
Michael Vetter
af0dfcce70 build: fixup release/debug mistake 2026-02-05 13:32:27 +01:00
Michael Vetter
d8211584f6 build: only check for ncurses{w}
In out autotools build we check for all kinds of curses and their
support for wide character.
Let's focus on more modern systems until someone complains.
2026-02-05 13:28:59 +01:00
Michael Vetter
275afd40d5 build: remove specific libstrophe build check
For autotools this was added in:
75bb00368f

Regarding:
https://github.com/profanity-im/profanity/issues/1334

I think libstrophe is rather common now and should be treated
like all the other dependencies anyways.
So I'll remove this from the meson files at least. Since my
goal is to have a cleaner build system.
2026-02-05 13:10:52 +01:00
Michael Vetter
e29c418452 build: simplify platform detection 2026-02-05 13:03:26 +01:00
Michael Vetter
32ca4a2e30 build: add -Wno-unused-parameter 2026-02-05 13:02:17 +01:00
Michael Vetter
49ef85a58d build: introduce variable to check for xscreensaver
`.found()` does not work on lists. And since this feature needs
several deps it is a list.
2026-02-05 12:17:04 +01:00
Michael Vetter
87c4b7ec53 build: readd compiler flags that got lost in conversion 2026-02-05 12:16:42 +01:00
Michael Vetter
3f76676e9a build: use default meson buildtype
In autotools we had `package_status` which we set to either
`release` or `development`.
When converting from autotools to meson we used that mechanism
as well. But actually meson has a default way of handling this
with the option `buildtype`.

The following values are possible:
debug, debugoptimized, release, plain

So our `package_status = development` will now be
`if get_option('buildtype') == 'debug' or get_option('buildtype') ==
'debugoptimized'`. Probably we could also use
`if get_option('buildtype') == 'release'. But like this the
`plain` will be really plain.

Usage:
```
meson setup build --buildtype=debug
meson compile -C build
```
2026-02-05 12:16:34 +01:00
Michael Vetter
fbfa1f13e5 Add meson build system 2026-02-05 09:13:40 +01:00
Michael Vetter
f5ecceac91 Merge pull request #2066 from ritesh006/ci/cygwin-build
ci: add Cygwin build workflow
2026-01-24 20:09:18 +01:00
Ritesh Kudkelwar
f21ce24cd7 ci: add Cygwin build workflow
Add a GitHub Actions workflow to build with Cygwin on Windows.
Fixes issues by forcing Cygwin bash for all steps, handling temporary script paths,
stripping CRLF line endings, and enabling igncr.
2026-01-24 19:53:18 +05:30
Michael Vetter
fce4da4883 Merge pull request #2082 from balejk/sigterm
exit gracefully on SIGTERM and SIGHUP
2026-01-22 14:00:44 +01:00
Karel Balej
7c83c2608d exit gracefully on SIGTERM and SIGHUP
Make profanity exit gracefully when it receives either SIGTERM or
SIGHUP. This means that various cleanups will happen as if the user
issued the /quit command, whereas before these signals would terminate
profanity immediately leaving for instance the connection to the server
unterminated.

The main motivation for this change is so that profanity will exit
gracefully when the user closes the terminal that it's running in, which
is a handy shortcut (but can also happen on accident) and won't now lead
to the connection slowly timing out on the server instead. Similarly for
SIGTERM: profanity now for instance needs not be manually closed before
shutting down the computer to avoid the above as it will instead receive
this signal from the init process.
2026-01-22 13:37:56 +01:00
Michael Vetter
e8e9c29e4f Merge pull request #2075 from mcalierno/fix/apple-silicon-homebrew
Update compiler flags for homebrew packages on Apple silicon
2025-12-03 12:06:06 +01:00
Steffen Jaeckel
b17716570b Merge pull request #2080 from profanity-im/some-fixes
Some fixes
2025-11-26 22:07:03 +01:00
Steffen Jaeckel
01c781fcf6 Don't publish keys if the server doesn't support pubsub.
Related-to: https://github.com/profanity-im/profanity/issues/2078
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
1d508d592c Fix memory leaks when OMEMO keys have not been generated yet.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
fa1c4dddc9 Fix invalid free after /omemo gen
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
0830d82916 Minor fixes of accounts.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
f19acc2156 Fix reconnect when no account has been set up yet.
e.g. if one connects with an account for the first time and the server
returns a `see-other-host` error.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
c61c72f2f0 When renaming an account, copy all existing keys.
No need to have a fixed list of keys, we can simply copy all existing ones.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
bb964b2f1b Consistency please.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
7c04b17aff Simplify accounts_get_account().
* No need to call `g_key_file_has_key()` before calling a getter.
* Add helper to convert `gcharv` to `glist`.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
81f92f1fed Fix overwriting new accounts when running multiple instances.
If one is running multiple instances of profanity, the behavior of the
accounts module was to constantly overwrite the accounts file with the
version that was on-disk of the first instance of profanity started.

This is changed now in order to only write what we modified, we keep a
copy of the accounts file and when "saving" we re-read accounts from disk
and only update the values of the modified account.

This is not 100% fool proof if one modifies the same account from two
different instances, but still better than before.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
038f345a4e Minor improve theme
* Less `GString`.
* Don't `g_free()` a `strdup()`'ed string.
* Don't lookup the `console` window X times, but only once.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
54fea4afcf Minor improvements.
* Add new TLS policy `direct` as a replacement for `legacy`.
* Document that `/[command]?` prints the help of a command.
* Add option to get help via `/command help`.
* Fix `my-prof.supp` generation and tests for out-of-source builds.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
a50cd3a885 Refactor tlscerts.
* use `gchar` instead of `char`.
* improve situations when strings must be duplicated or can pass ownership.
* encapsulate the X.509 name details into a struct.
* prevent memory leaks if a name detail is contained multiple times.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
62fd40c510 Use gboolean consistently.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
b0221f6146 Simplify conf_string_list_{add,remove}() implementations.
* add can simply do a `memcpy()`.
* in remove we don't have to put the array in a list in order to put it
  back into an array again. Also we don't have to `strdup()` each entry,
  which leads to even less allocations.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
1ede01ed8c Free in reverse order.
... as much as possible ... subject and issuer details excluded.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
a07cff8a99 Use the stronger certificate fingerprint.
If a cert has a SHA256 use that one and only use SHA1 as fallback.

Closes: https://github.com/profanity-im/profanity/issues/2068
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:06 +01:00
Steffen Jaeckel
0acea8d0d2 Retrieve and save new fingerprints from libstrophe.
This also reads the certificate SHA256 and pubkey fingerprint from
libstrophe, but doesn't store it persistently yet.

Related-to: https://github.com/profanity-im/profanity/issues/2068
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:46:51 +01:00
Steffen Jaeckel
4dcaa839fa Prepare to use SHA256 fingerprints of certs.
First let's make clear we're currently using SHA1 & untangle the tlscerts
API from fingerprint specific details.

Related-to: https://github.com/profanity-im/profanity/issues/2068
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:46:29 +01:00
Steffen Jaeckel
7f5ae430af Fix more memleaks
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Steffen Jaeckel
24c3b5d531 Add new command /changes
With that command one can see the modifications of the runtime
configuration vs. the saved configuration.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Steffen Jaeckel
79ff9bad7d Fix OMEMO startup
When setting up OMEMO for the first time via `/omemo gen` one had
to reconnect in order to make OMEMO work. This is fixed now.

Fixes: 5b6b5130 ("Fix OMEMO keyfile loading")
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Steffen Jaeckel
1aeb19acb0 Print PID in debug logs.
So one can easily see if there are two instances running, if they are
logging to the same file.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Steffen Jaeckel
2fb56b8536 Fix some more untyped APIs
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Steffen Jaeckel
48ac88de08 Fix GError handling
Several users have reported segfaults when starting up profanity which
has OMEMO support, but OMEMO is not set up yet.

@StefanKropp has been able to reproduce this and tracked it down to
`_load_identity()` calling `omemo_known_devices_keyfile_save()`.
The latter then calls `save_keyfile()` which calls
`g_key_file_save_to_file()`. This can then fail if one of the first two
strings is NULL and won't set the `error` on return. In its error handling
`save_keyfile()` unconditionally dereferences `error` which leads to the
segfault.

Fix this and also go through the entire codebase and verify that the usage
of `GError` is done correctly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Steffen Jaeckel
5da079bbb2 Merge pull request #2072 from aryansri05/fix-otr-whitespace-detection
Fix OTR whitespace tag detection to prevent false positives
2025-11-03 22:15:58 +01:00
aryansri05
cff26a97af Fix OTR whitespace tag detection to prevent false positives
The previous implementation used strstr() which would match OTR tag patterns anywhere in the message. This caused normal messages containing these patterns to incorrectly trigger OTR session initialization.

Changed to use strncmp() to verify that V1/V2 tags immediately follow the base tag, ensuring only legitimate OTR whitespace tags trigger session establishment.

Fixes #1957
2025-11-03 22:02:14 +01:00
Michael
5ac6ab71a2 Use PKG_CHECK_MODULES to check for libgcrypt
On macOS running ./configure --enable-omemo was failing to find gcrypt despite being installed.
2025-10-26 11:49:32 +00:00
Michael
34e8b1b2f0 Update compiler flags for homebrew packages on Apple silicon
Add /opt/homebrew/{include,lib} flags for apple silicon macs, which are not included as default search paths by Clang/GCC. (Homebrew uses /usr/local/{include,lib} on intel macs)
2025-10-25 13:42:27 +01:00
Michael Vetter
58d130a0a9 ci: disable arch
```
 #11 0.137 --2025-09-18 10:41:06--  https://aur.archlinux.org/cgit/aur.git/snapshot/libstrophe-git.tar.gz
```

This currently blocks us at https://github.com/profanity-im/profanity/pull/2066.
2025-09-18 12:48:28 +02:00
Michael Vetter
6ce69428cb Merge pull request #2063 from jubalh/terminology-messages
docs: explain the different kinds of messages
2025-09-13 14:04:14 +02:00
Michael Vetter
2ac4e170a1 Merge pull request #2067 from mcalierno/bugfix/fix-mac-build
Add types to function prototypes
2025-09-13 13:50:38 +02:00
Michael
a704887f14 Add types to function prototypes
Build fail under macOS, Clang 16.0.0.
Add parameters to the following prototypes
- bookmark_ignore_on_connect()
- cons_show_qrcode()
2025-09-13 12:36:05 +01:00
Michael Vetter
58312ed0d8 Merge pull request #2062 from ritesh006/fix/cygwin-pthread
build: replace ACX_PTHREAD with AX_PTHREAD
2025-09-12 23:27:51 +02:00
ritesh006
26513840a8 build: replace ACX_PTHREAD with AX_PTHREAD
On Cygwin, ./configure failed with:

    ./configure: line XXXX: syntax error near unexpected token ACX_PTHREAD([], [AC_MSG_ERROR([pthread is required])])'

Root cause: ACX_PTHREAD is a legacy macro not provided by modern
Autoconf; the maintained macro is AX_PTHREAD (from autoconf-archive).

Changes:
- Replace ACX_PTHREAD with AX_PTHREAD in configure.ac.
- Rely on system autoconf-archive; do not vendor m4/ax_pthread.m4.
- Keep AC_CONFIG_MACRO_DIR([m4]) (harmless even if empty).

Result:
- autoreconf -fi && ./configure && make succeeds on Cygwin x86_64.
- Linux builds continue to work.

Fixes: #2059
2025-09-12 20:30:45 +05:30
Michael Vetter
000ef280dd docs: explain the different kinds of messages 2025-09-12 09:30:41 +02:00
Michael Vetter
44f9037e16 docs: fix typo 2025-09-05 11:47:59 +02:00
Michael Vetter
15a277eb9e Start new cycle 2025-08-22 09:31:58 +02:00
Michael Vetter
c01b531fe2 Release 0.15.1 2025-08-22 09:23:01 +02:00
Michael Vetter
66c7a6b7e4 Merge pull request #2060 from profanity-im/fix-1911
If config keyfile does not exist, create it.
2025-08-21 15:23:23 +02:00
Steffen Jaeckel
b12521ca21 If config keyfile does not exist, create it.
Fixes #1911
Alternative to #2056

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-21 11:05:54 +02:00
Michael Vetter
26dbdb31c6 Add feature request template 2025-08-21 09:26:17 +02:00
Michael Vetter
41c47f432d Delete old file 2025-08-21 09:24:45 +02:00
Michael Vetter
5dcbd84f75 Update issue templates
According to the new way: https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates
2025-08-21 09:23:45 +02:00
Michael Vetter
f1e12a33cf Rename issue template
Seems like GH changed how the templates work.
2025-08-21 09:19:31 +02:00
Michael Vetter
bbc62fb2d9 Merge pull request #2053 from profanity-im/some-improvements
Some improvements
2025-08-20 18:21:46 +02:00
Steffen Jaeckel
7f48452d84 Don't use memchr() on strings potentially shorter than 4 bytes.
When running profanity under Valgrind with slashguard enabled, the
following error could occur:

```
[...]
==4021347== Invalid read of size 1
==4021347==    at 0x4851F49: memchr (vg_replace_strmem.c:986)
==4021347==    by 0x45CEAD: _inp_slashguard_check (inputwin.c:183)
==4021347==    by 0x45CEAD: inp_readline (inputwin.c:225)
==4021347==    by 0x431184: prof_run (profanity.c:121)
==4021347==    by 0x42C609: main (main.c:176)
==4021347==  Address 0xe850883 is 0 bytes after a block of size 3 alloc'd
==4021347==    at 0x48477C4: malloc (vg_replace_malloc.c:446)
[...]
```

`memchr()` requires the complete memory that shall be searched to be
accessible. Using `strchr()` could work for shorter strings, but we only
want to search in the first 4 chars.

Instead of somehow working around those limitations, simply search manually
in the first 4 bytes.

Fixes: 3c56b289 ("Add slashguard feature")
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-20 16:25:39 +02:00
Steffen Jaeckel
65f5883fee Introduce tests/prof_cmocka.h
As 9f2abc75 accidentally got the ordering of some of the includes wrong,
I decided to propose my initial solution again.

Additional to that, I've opened a MR against CMocka to solve this on
their side, since I believe that the current way this is done is not
sustainable [0].

[0] https://gitlab.com/cmocka/cmocka/-/merge_requests/91

Fixes: 9f2abc75 ("Fix tests with gcc15 (uintptr_t)")
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-06 15:52:33 +02:00
Steffen Jaeckel
9d335729a0 Tidy up some code
* less allocations
* less duplicate code

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-06 12:45:13 +02:00
Steffen Jaeckel
40aafd06e7 Refactor slashguard
Fixes #2054
Fixes: 95c2199c ("Some more memory improvements")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-06 12:45:13 +02:00
Steffen Jaeckel
e0f107f75e Fix memory leak.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-06 12:45:13 +02:00
Steffen Jaeckel
3299dd8fc6 Trampoline Python unref again.
In the past `Py_XDECREF()` was a macro. Preserve compat to ancient Python
versions by having a trampoline which calls `Py_XDECREF()`.

Fixes: #2043
Fixes: c0da36c4 ("Rage-cleanup.")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-06 12:45:13 +02:00
Steffen Jaeckel
3370f8a7f1 Separate entries visually in my-prof.supp
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-06 12:45:13 +02:00
Michael Vetter
bda6dabbd9 Merge pull request #2055 from andreasstieger/gcc15
Fix tests with gcc15 (uintptr_t)
2025-08-06 11:45:41 +02:00
Michael Vetter
12bb3195ee Merge pull request #2058 from mdosch/fix-aasgard-typo
Fix typo in examples.
2025-08-04 08:45:07 +02:00
Martin Dosch
5696bf77c7 Fix typo in examples. 2025-08-03 23:17:42 +02:00
Andreas Stieger
9f2abc75ad Fix tests with gcc15 (uintptr_t)
fixes: error: ‘uintptr_t’ undeclared, defined in header ‘<stdint.h>
2025-07-28 18:38:26 +02:00
Michael Vetter
edda887ae6 ci: enable arch
This reverts commit 7164d71992.
See fix 606eaac31d.
2025-07-23 09:08:57 +02:00
Michael Vetter
e7d79d2614 Merge pull request #2050 from killerdevildog/fix-gpgme-2.0.0-compatibility
Fix GPGME >= 2.0.0 compatibility issue #2048
2025-07-23 09:00:17 +02:00
Quaylyn Rimer
606eaac31d Fix GPGME >= 2.0.0 compatibility issue #2048
Replace deprecated gpgme_key_get_string_attr with modern API

This commit fixes the build failure against GPGME >= 2.0.0 where
gpgme_key_get_string_attr and GPGME_ATTR_EMAIL were removed.

Changes made:
- Replaced direct call to gpgme_key_get_string_attr(key, GPGME_ATTR_EMAIL, NULL, 0)
- Added new helper function _gpgme_key_get_email() with backwards compatibility
- Function uses conditional compilation to support both old and new GPGME versions

Backwards Compatibility:
- GPGME < 2.0.0: Uses gpgme_key_get_string_attr() if GPGME_ATTR_EMAIL is available
- GPGME >= 2.0.0: Uses modern key->uids->email API

Forward Compatibility:
- Code compiles successfully with GPGME 2.0.0+ where deprecated functions are removed
- Uses modern GPGME API that iterates through key user IDs to find email addresses

Testing:
- Tested with GPGME 1.18.0 (backwards compatibility confirmed)
- Tested compilation compatibility for both old and new GPGME versions
- Verified the exact error from issue #2048 is resolved
- Confirmed no regression in functionality

Fixes: #2048
Resolves compilation error: 'gpgme_key_get_string_attr' undeclared
Resolves compilation error: 'GPGME_ATTR_EMAIL' undeclared
2025-07-22 20:27:43 -06:00
Michael Vetter
359a086287 Merge pull request #2041 from profanity-im/some-improvements
Some improvements
2025-06-24 09:25:52 +02:00
Michael Vetter
7164d71992 ci: disable arch temporarily
Will need to fix this soon. Lets temp remove arch to get results for the
other systems.

Build fail on Arch:
```
 src/pgp/gpg.c: In function ‘p_gpg_decrypt’:
src/pgp/gpg.c:659:36: error: implicit declaration of function ‘gpgme_key_get_string_attr’ [-Wimplicit-function-declaration]
  659 |                 const char* addr = gpgme_key_get_string_attr(key, GPGME_ATTR_EMAIL, NULL, 0);
      |                                    ^~~~~~~~~~~~~~~~~~~~~~~~~
src/pgp/gpg.c:659:67: error: ‘GPGME_ATTR_EMAIL’ undeclared (first use in this function)
  659 |                 const char* addr = gpgme_key_get_string_attr(key, GPGME_ATTR_EMAIL, NULL, 0);
      |                                                                   ^~~~~~~~~~~~~~~~
src/pgp/gpg.c:659:67: note: each undeclared identifier is reported only once for each function it appears in
make[1]: *** [Makefile:2085: src/pgp/gpg.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:1314: all] Error 2
```
2025-06-24 09:05:39 +02:00
Steffen Jaeckel
dd8da16c96 Use correct free function.
Fixes: 75d76638 ("Free wins summary list")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-06-23 12:43:04 +02:00
Steffen Jaeckel
f7cddd11c4 Improve const correctness
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-28 16:42:27 +02:00
Steffen Jaeckel
4eaa291f70 Re-factor cmd_presence()
Similar to 9c2b3f6579, but no bugs were fixed. Maybe some were introduced
but only time will tell.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-28 16:40:05 +02:00
Steffen Jaeckel
29129bf888 Return error on /time <invalid-section>
Fixes: 9c2b3f6579 ("Re-factor `cmd_time()`")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-28 16:40:05 +02:00
Steffen Jaeckel
4194298dbd Less GString
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-28 16:40:05 +02:00
Steffen Jaeckel
5810f49c97 url save: fix location printed
Print the final storage location when successfully decrypting a file with
`aesgcm://` source.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-23 11:19:04 +02:00
23 changed files with 39 additions and 233 deletions

View File

@@ -2638,8 +2638,7 @@ static const struct cmd_t command_defs[] = {
CMD_DESC(
"Spawn external editor to edit message. "
"After editing the inputline may appear empty. Press enter to send the text anyways. "
"Use /executable to set your favourite editor. "
"Ctrl-Z in the editor aborts the session and returns to Profanity." )
"Use /executable to set your favourite editor." )
},
{ CMD_PREAMBLE("/correct-editor",

View File

@@ -748,17 +748,17 @@ call_external(gchar** argv)
*
* This function constructs an argument vector (argv) based on the provided template string, replacing placeholders ("%u" and "%p") with the provided URL and filename, respectively.
*
* @param template_fmt The template string with placeholders.
* @param url The URL to replace "%u" (or NULL to skip).
* @param filename The filename to replace "%p" (or NULL to skip).
* @return The constructed argument vector (argv) as a null-terminated array of strings.
* @param template The template string with placeholders.
* @param url The URL to replace "%u" (or NULL to skip).
* @param filename The filename to replace "%p" (or NULL to skip).
* @return The constructed argument vector (argv) as a null-terminated array of strings.
*
* @note Remember to free the returned argument vector using `auto_gcharv` or `g_strfreev()`.
*/
gchar**
format_call_external_argv(const char* template_fmt, const char* url, const char* filename)
format_call_external_argv(const char* template, const char* url, const char* filename)
{
gchar** argv = g_strsplit(template_fmt, " ", 0);
gchar** argv = g_strsplit(template, " ", 0);
guint num_args = 0;
while (argv[num_args]) {
@@ -767,7 +767,7 @@ format_call_external_argv(const char* template_fmt, const char* url, const char*
argv[num_args] = g_strdup(url);
} else if (0 == g_strcmp0(argv[num_args], "%p") && filename != NULL) {
g_free(argv[num_args]);
argv[num_args] = g_strdup(filename);
argv[num_args] = strdup(filename);
}
num_args++;
}

View File

@@ -181,7 +181,7 @@ void get_file_paths_recursive(const char* directory, GSList** contents);
gchar* get_random_string(int length);
gboolean call_external(gchar** argv);
gchar** format_call_external_argv(const char* template_fmt, const char* url, const char* filename);
gchar** format_call_external_argv(const char* template, const char* url, const char* filename);
gchar* unique_filename_from_url(const char* url, const char* path);
gchar* get_expanded_path(const char* path);

View File

@@ -10,8 +10,6 @@
#ifndef EVENT_COMMON_H
#define EVENT_COMMON_H
#include "glib.h"
void ev_disconnect_cleanup(void);
void ev_inc_connection_counter(void);
void ev_reset_connection_counter(void);

View File

@@ -341,7 +341,7 @@ sv_ev_room_message(ProfMessage* message)
status_bar_active(num, WIN_MUC, mucwin->roomjid);
if ((g_strcmp0(mynick, message->from_jid->resourcepart) != 0) && (prefs_get_boolean(PREF_BEEP))) {
ui_beep();
beep();
}
// not currently on groupchat window
@@ -349,7 +349,7 @@ sv_ev_room_message(ProfMessage* message)
status_bar_new(num, WIN_MUC, mucwin->roomjid);
if ((g_strcmp0(mynick, message->from_jid->resourcepart) != 0) && (prefs_get_boolean(PREF_FLASH))) {
ui_flash();
flash();
}
cons_show_incoming_room_message(message->from_jid->resourcepart, mucwin->roomjid, num, mention, triggers, mucwin->unread, window);

View File

@@ -10,8 +10,6 @@
#ifndef PGP_GPG_H
#define PGP_GPG_H
#include "glib.h"
typedef struct pgp_key_t
{
gchar* id;

View File

@@ -70,38 +70,6 @@ static void _connect_default(const char* const account);
pthread_mutex_t lock;
static gboolean force_quit = FALSE;
static volatile sig_atomic_t suspend_requested = FALSE;
static volatile sig_atomic_t cont_requested = FALSE;
static void
_handle_suspend_signals(void)
{
if (cont_requested) {
cont_requested = FALSE;
if (!editor_is_active()) {
clearok(stdscr, TRUE);
ui_resize();
}
}
if (editor_check_stopped()) {
log_info("[Editor] stopped; aborting back to profanity");
suspend_requested = FALSE;
editor_emergency_kill();
} else if (suspend_requested) {
suspend_requested = FALSE;
if (editor_is_active()) {
log_info("[Editor] SIGTSTP from vim group; deferring to next poll");
} else {
log_info("[Suspend] dropping to shell");
if (!isendwin()) {
endwin();
}
kill(0, SIGSTOP);
}
}
}
void
prof_run(gchar* log_level, gchar* account_name, gchar* config_file, gchar* log_file, gchar* theme_name, gchar** commands)
{
@@ -125,7 +93,6 @@ prof_run(gchar* log_level, gchar* account_name, gchar* config_file, gchar* log_f
int waittime = 0;
while (cont && !force_quit) {
log_stderr_handler();
_handle_suspend_signals();
session_check_autoaway();
line = commands ? *commands : inp_readline();
@@ -215,18 +182,6 @@ sigterm_handler(int sig)
force_quit = TRUE;
}
static void
sigtstp_handler(int sig)
{
suspend_requested = TRUE;
}
static void
sigcont_handler(int sig)
{
cont_requested = TRUE;
}
static void
_init(char* log_level, char* config_file, char* log_file, char* theme_name)
{
@@ -234,8 +189,7 @@ _init(char* log_level, char* config_file, char* log_file, char* theme_name)
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGINT, SIG_IGN);
signal(SIGTSTP, sigtstp_handler);
signal(SIGCONT, sigcont_handler);
signal(SIGTSTP, SIG_IGN);
signal(SIGWINCH, ui_sigwinch_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGHUP, sigterm_handler);

View File

@@ -10,10 +10,8 @@
#ifndef BOOKMARK_IGNORE_H
#define BOOKMARK_IGNORE_H
#include "xmpp/xmpp.h"
void bookmark_ignore_on_connect(const char* const barejid);
void bookmark_ignore_on_disconnect();
void bookmark_ignore_on_disconnect(void);
gboolean bookmark_ignored(Bookmark* bookmark);
gchar** bookmark_ignore_list(gsize* len);
void bookmark_ignore_add(const char* const barejid);

View File

@@ -32,15 +32,9 @@ typedef struct EditorContext
void* user_data;
} EditorContext;
static gboolean editor_active = FALSE; // re-entrancy guard
static pid_t editor_pid = 0;
static void
_editor_exit_cb(GPid pid, gint status, gpointer data)
{
editor_active = FALSE;
editor_pid = 0;
EditorContext* ctx = data;
gchar* contents = NULL;
GError* error = NULL;
@@ -58,10 +52,8 @@ _editor_exit_cb(GPid pid, gint status, gpointer data)
cons_show_error("Could not read edited content: %s", error->message);
g_error_free(error);
}
} else if (WIFEXITED(status)) {
cons_show_error("Editor exited with status %d", WEXITSTATUS(status));
} else if (WIFSIGNALED(status)) {
cons_show("Editor session cancelled.");
} else {
cons_show_error("Editor exited with error status %d", WEXITSTATUS(status));
}
if (remove(ctx->filename) != 0) {
@@ -78,11 +70,6 @@ _editor_exit_cb(GPid pid, gint status, gpointer data)
gboolean
launch_editor(gchar* initial_content, void (*callback)(gchar* content, void* data), void* user_data)
{
if (editor_active) {
cons_show_error("An editor session is already active.");
return TRUE;
}
auto_gchar gchar* filename = NULL;
auto_gerror GError* glib_error = NULL;
const char* jid = connection_get_barejid();
@@ -131,7 +118,6 @@ launch_editor(gchar* initial_content, void (*callback)(gchar* content, void* dat
ctx->callback = callback;
ctx->user_data = user_data;
editor_active = TRUE;
ui_suspend();
// Force GLib to install its SIGCHLD handler before forking. Creating a
@@ -143,7 +129,6 @@ launch_editor(gchar* initial_content, void (*callback)(gchar* content, void* dat
pid_t pid = fork();
if (pid == -1) {
log_error("[Editor] Failed to fork: %s", strerror(errno));
editor_active = FALSE;
ui_resume();
ui_resize();
cons_show_error("Failed to start editor: %s", strerror(errno));
@@ -154,8 +139,7 @@ launch_editor(gchar* initial_content, void (*callback)(gchar* content, void* dat
} else if (pid == 0) {
// Child process: Inherits TTY from parent
// SIGTSTP=SIG_DFL lets vim's :stop / Ctrl-Z work; profanity catches
// the STOPPED state via editor_check_stopped() and drops to the shell.
// Reset signal handlers that profanity sets so the editor doesn't inherit them
signal(SIGINT, SIG_DFL);
signal(SIGTSTP, SIG_DFL);
signal(SIGPIPE, SIG_DFL);
@@ -167,39 +151,7 @@ launch_editor(gchar* initial_content, void (*callback)(gchar* content, void* dat
}
// Parent process: Watch the child asynchronously
editor_pid = pid;
g_child_watch_add((GPid)pid, _editor_exit_cb, ctx);
g_strfreev(editor_argv);
return FALSE;
}
void
editor_emergency_kill(void)
{
if (!editor_active || editor_pid <= 0) {
return;
}
log_warning("[Editor] aborting editor pid %d", editor_pid);
kill(editor_pid, SIGCONT); // wake if STOPPED; no-op otherwise
kill(editor_pid, SIGTERM);
// _editor_exit_cb will restore the UI when the child reaps.
}
gboolean
editor_is_active(void)
{
return editor_active;
}
gboolean
editor_check_stopped(void)
{
// Poll for STOPPED without reaping (g_child_watch handles exit via its
// own WNOHANG). Lets prof_run drop the group to the shell on Ctrl-Z.
if (!editor_active || editor_pid <= 0) {
return FALSE;
}
int status;
pid_t r = waitpid(editor_pid, &status, WNOHANG | WUNTRACED);
return (r == editor_pid && WIFSTOPPED(status));
}

View File

@@ -16,13 +16,4 @@
gboolean launch_editor(gchar* initial_content, void (*callback)(gchar* content, void* data), void* user_data);
void editor_emergency_kill(void); // SIGCONT+SIGTERM the editor child
// TRUE if editor child is STOPPED (Ctrl-Z / :stop / gdb-attach). Does not
// reap; g_child_watch keeps handling exit.
gboolean editor_check_stopped(void);
// Editor-session flag accessor. Used by prof_run on SIGCONT resume.
gboolean editor_is_active(void);
#endif

View File

@@ -327,7 +327,7 @@ chatwin_incoming_msg(ProfChatWin* chatwin, ProfMessage* message, gboolean win_cr
cons_show_incoming_message(display_name, num, chatwin->unread, window);
if (prefs_get_boolean(PREF_FLASH)) {
ui_flash();
flash();
}
chatwin->unread++;
@@ -364,7 +364,7 @@ chatwin_incoming_msg(ProfChatWin* chatwin, ProfMessage* message, gboolean win_cr
wins_add_quotes_ac(window, message->plain, FALSE);
if (prefs_get_boolean(PREF_BEEP)) {
ui_beep();
beep();
}
}
@@ -399,6 +399,8 @@ chatwin_outgoing_msg(ProfChatWin* chatwin, const char* const message, const char
win_print_outgoing((ProfWin*)chatwin, enc_char, id, replace_id, display_message);
}
plugins_post_chat_message_display(myjid->barejid, myjid->resourcepart, display_message);
// Save last id and message for LMC
// Note: if the same message is to be corrected several times, the id of the original message is used in each case
// https://xmpp.org/extensions/xep-0308.html#rules
@@ -432,6 +434,7 @@ chatwin_outgoing_carbon(ProfChatWin* chatwin, ProfMessage* message)
win_print_outgoing(window, enc_char, message->id, message->replace_id, message->plain);
plugins_post_chat_message_display(message->from_jid->barejid, message->from_jid->resourcepart, message->plain);
message->plain = old_plain;
int num = wins_get_num(window);
@@ -558,6 +561,7 @@ _chatwin_history(ProfChatWin* chatwin, const char* const contact_barejid)
if (plugin_msg)
msg->plain = plugin_msg;
win_print_history((ProfWin*)chatwin, msg);
plugins_post_chat_message_display(msg->from_jid->barejid, msg->from_jid->resourcepart, msg->plain);
msg->plain = old_plain;
curr = g_slist_next(curr);
}
@@ -597,6 +601,7 @@ chatwin_db_history(ProfChatWin* chatwin, const gchar* start_time, const gchar* e
} else {
win_print_history((ProfWin*)chatwin, msg);
}
plugins_post_chat_message_display(msg->from_jid->barejid, msg->from_jid->resourcepart, msg->plain);
msg->plain = old_plain;
curr = g_slist_next(curr);
}

View File

@@ -54,7 +54,6 @@
static int inp_size;
static gboolean perform_resize = FALSE;
static gboolean ui_suspended = FALSE;
static GTimer* ui_idle_time;
static WINDOW* main_scr;
@@ -64,14 +63,6 @@ static Display* display;
static void _ui_draw_term_title(void);
// Fail-safe gate: authoritative flag (doesn't depend on isendwin staying
// TRUE), plus the regular endwin check for shutdown.
static gboolean
_ui_redraw_suspended(void)
{
return ui_suspended || isendwin();
}
static void
_ui_close(void)
{
@@ -129,7 +120,8 @@ ui_sigwinch_handler(int sig)
void
ui_update(void)
{
if (_ui_redraw_suspended()) {
// UI is suspended
if (isendwin()) {
return;
}
@@ -146,7 +138,7 @@ ui_update(void)
title_bar_update_virtual();
status_bar_draw();
inp_put_back();
prof_doupdate();
doupdate();
if (perform_resize) {
perform_resize = FALSE;
@@ -188,49 +180,21 @@ void
ui_suspend(void)
{
inp_suspend();
// Flush before flipping the flag (prof_doupdate skips while suspended).
prof_doupdate();
ui_suspended = TRUE;
endwin();
}
void
ui_resume(void)
{
ui_suspended = FALSE;
clearok(stdscr, TRUE); // ncurses can't see vim's screen clobber
refresh();
inp_resume();
}
void
ui_beep(void)
{
if (!isendwin()) {
beep();
}
}
void
ui_flash(void)
{
if (!isendwin()) {
flash();
}
}
void
prof_doupdate(void)
{
if (!_ui_redraw_suspended()) {
doupdate();
}
}
void
ui_resize(void)
{
if (_ui_redraw_suspended()) {
// UI is suspended
if (isendwin()) {
return;
}
@@ -252,7 +216,8 @@ ui_resize(void)
void
ui_redraw(void)
{
if (_ui_redraw_suspended()) {
// UI is suspended
if (isendwin()) {
return;
}

View File

@@ -182,11 +182,7 @@ inp_readline(void)
{
// UI is suspended
if (is_suspended || isendwin()) {
// Mirror the normal-path unlock so workers aren't starved
// for the whole editor session.
pthread_mutex_unlock(&lock);
g_usleep(100000); // 100ms
pthread_mutex_lock(&lock);
return NULL;
}
@@ -315,13 +311,11 @@ inp_get_line(void)
werase(inp_win);
wmove(inp_win, 0, 0);
_inp_win_update_virtual();
prof_doupdate();
doupdate();
char* line = NULL;
while (!line) {
line = inp_readline();
ui_update();
while (g_main_context_iteration(NULL, FALSE)) // non-blocking; bounded by ready sources
;
}
status_bar_clear_prompt();
return line;
@@ -344,14 +338,12 @@ inp_get_password(void)
werase(inp_win);
wmove(inp_win, 0, 0);
_inp_win_update_virtual();
prof_doupdate();
doupdate();
char* password = NULL;
get_password = TRUE;
while (!password) {
password = inp_readline();
ui_update();
while (g_main_context_iteration(NULL, FALSE)) // non-blocking; bounded by ready sources
;
}
get_password = FALSE;
status_bar_clear_prompt();
@@ -467,7 +459,7 @@ _inp_write(char* line, int offset)
_inp_win_handle_scroll();
_inp_win_update_virtual();
prof_doupdate();
doupdate();
}
static int

View File

@@ -57,7 +57,7 @@ privwin_incoming_msg(ProfPrivateWin* privatewin, ProfMessage* message)
privatewin->unread++;
if (prefs_get_boolean(PREF_FLASH)) {
ui_flash();
flash();
}
}
@@ -65,7 +65,7 @@ privwin_incoming_msg(ProfPrivateWin* privatewin, ProfMessage* message)
wins_add_quotes_ac(window, message->plain, TRUE);
if (prefs_get_boolean(PREF_BEEP)) {
ui_beep();
beep();
}
if (notify) {

View File

@@ -10,8 +10,6 @@
#ifndef UI_TITLEBAR_H
#define UI_TITLEBAR_H
#include "glib.h"
void create_title_bar(void);
void free_title_bar(void);
void title_bar_update_virtual(void);

View File

@@ -43,9 +43,6 @@ void ui_load_colours(void);
void ui_update(void);
void ui_redraw(void);
void ui_resize(void);
// doupdate() wrapper that skips when the UI is suspended. Use this instead
// of raw doupdate() to avoid the per-site whitelist class of bug.
void prof_doupdate(void);
void ui_focus_win(ProfWin* window);
void ui_sigwinch_handler(int sig);
void ui_handle_otr_error(const char* const barejid, const char* const message);
@@ -87,8 +84,6 @@ void ui_handle_recipient_error(const char* const recipient, const char* const er
void ui_handle_error(const char* const err_msg);
void ui_clear_win_title(void);
void ui_goodbye_title(void);
void ui_beep(void);
void ui_flash(void);
void ui_handle_room_configuration_form_error(const char* const roomjid, const char* const message);
void ui_handle_room_config_submit_result(const char* const roomjid);
void ui_handle_room_config_submit_result_error(const char* const roomjid, const char* const message);

View File

@@ -43,7 +43,7 @@
#include "ai/ai_client.h"
static const int PAD_MIN_HEIGHT = 100;
static const int PAD_THRESHOLD = 12000; // above buffer cap (~9000): reclaims dead pad space, never fires while scrolling
static const int PAD_THRESHOLD = 3000;
static gboolean _in_redraw = FALSE;
static void
@@ -67,20 +67,6 @@ _win_ensure_pad_capacity(ProfWin* window, WINDOW* win, int lines_needed)
}
}
}
// upper-bound estimate of rows a message body occupies (hard newlines + soft-wrap), to reserve pad space before printing so a tall message isn't clipped (a clipped height desyncs the scroll offset)
static int
_win_estimated_lines(WINDOW* win, const char* const message, int indent, int pad_indent)
{
int usable = MAX(1, getmaxx(win) - (indent + pad_indent));
int newlines = 0;
for (const char* p = message; *p; p++) {
if (*p == '\n') {
newlines++;
}
}
return newlines + utf8_display_len(message) / usable + 2;
}
static const char* LOADING_MESSAGE = "Loading older messages…";
static const char* CONS_WIN_TITLE = "CProof. Type /help for help information.";
static const char* XML_WIN_TITLE = "XML Console";
@@ -2015,7 +2001,7 @@ _win_print_internal(ProfWin* window, const char* show_char, int pad_indent, GDat
}
}
_win_ensure_pad_capacity(window, window->layout->win, getcury(window->layout->win) + _win_estimated_lines(window->layout->win, message + offset, indent, pad_indent));
_win_ensure_pad_capacity(window, window->layout->win, getcury(window->layout->win));
if (prefs_get_boolean(PREF_WRAP)) {
_win_print_wrapped(window->layout->win, message + offset, indent, pad_indent);
@@ -2186,10 +2172,9 @@ win_redraw(ProfWin* window)
unsigned int size = buffer_size(window->layout->buffer);
_in_redraw = TRUE;
// size the pad to fit the whole buffer (plus headroom) and erase it
// shrink pad back to minimum size and erase it
int cols = getmaxx(window->layout->win);
int needed = window->layout->buffer->lines + 100;
wresize(window->layout->win, MAX(needed, PAD_MIN_HEIGHT), cols);
wresize(window->layout->win, PAD_MIN_HEIGHT, cols);
werase(window->layout->win);
for (unsigned int i = 0; i < size; i++) {

View File

@@ -10,8 +10,6 @@
#ifndef XMPP_BLOCKING_H
#define XMPP_BLOCKING_H
#include <strophe.h>
void blocking_request(void);
int blocked_set_handler(xmpp_stanza_t* stanza);
int reporting_set_handler(xmpp_stanza_t* stanza);

View File

@@ -10,8 +10,6 @@
#ifndef XMPP_IQ_H
#define XMPP_IQ_H
#include <strophe.h>
typedef int (*ProfIqCallback)(xmpp_stanza_t* const stanza, void* const userdata);
typedef void (*ProfIqFreeCallback)(void* userdata);

View File

@@ -7,8 +7,6 @@
* SPDX-License-Identifier: GPL-3.0-or-later WITH OpenSSL-exception
*/
#include "glib.h"
/*!
* \page OX OX Implementation
*

View File

@@ -10,9 +10,6 @@
#ifndef XMPP_ROSTER_H
#define XMPP_ROSTER_H
#include "glib.h"
#include <strophe.h>
void roster_request(void);
void roster_set_handler(xmpp_stanza_t* const stanza);
void roster_result_handler(xmpp_stanza_t* const stanza);

View File

@@ -12,7 +12,6 @@
#include "ui/win_types.h"
#include "xmpp/vcard.h"
#include <strophe.h>
vCard* vcard_new();
void vcard_free(vCard* vcard);

View File

@@ -85,10 +85,6 @@ void
ui_resize(void)
{
}
void
prof_doupdate(void)
{
}
void
ui_focus_win(ProfWin* win)
@@ -1479,13 +1475,3 @@ ui_is_suspended(void)
{
return FALSE;
}
void
ui_beep(void)
{
}
void
ui_flash(void)
{
}