Otherwise we end up with the message in the status window since the
frontend knows jack shit about the casemapping option when it tries to
find the associated window for the query.
This patch moves the emitted "tls handshake finished" signal to before
we do validation of the given TLS certificate. This ensures that we
display certificate information before we possibly error out and
disconnects from the server.
This patch removes support for DANE validation of TLS certificates.
There wasn't enough support in the IRC community to push for this on the
majority of bigger IRC networks. If you believe this should be
reintroduced into irssi, then please come up with an implementation that
does not rely on the libval library. It is causing a lot of troubles for
our downstream maintainers.
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.
It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:
$ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
openssl x509 > freenode.cert
This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.
-tls_pinned_cert
----------------
This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.
The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -fingerprint -sha256 -noout
-tls_pinned_pubkey
------------------
This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.
When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.
The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -pubkey -noout | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -c | \
tr a-z A-Z
It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
This patch adds the TLS_REC structure. This structure is used to emit
information about the TLS handshake from the core of irssi to the
front-end layers such that we can display connection information to the
user.
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
This patch removes the optional checks for whether to build irssi with
TLS support or not. This will allow us to ship a default configuration
file where we connect to TLS enabled IRC servers out of the box.
Fixes a problem where the field would end up as a negative number when
exposed to the perl scripts.
And move it near the other bit-packed fields so we take advantage of the
packing.
The IRCv3 SASL extension says that AUTHENTICATION payloads of exactly
400 bytes in length indicate that the message is fragmented and will
continue in a subsequent message. Handle the reassembly and splitting of
these messages so that we are compliant with the specification.
This fixes two issues:
- IRCNet doesn't have STATUSMSG, but it supports +channels, and
including + in the default value meant processing those incorrectly
- The "bahamut hack", for old servers that support but don't advertise
STATUSMSG, didn't work since ischannel_func doesn't use the default.
The choice of @ intentionally leaves out support for other STATUSMSG
(for example, AzzurraNet's bahamut 1.4 fork seemed to support + and % in
any order, contradicting the comment in the code).
I think this is a decent tradeoff, given how those servers are uncommon
and relying on +# or %# is even less common than @#.
Fixes#531
By making the signal handler hooked to the "print starting" event
smarter we can avoid dumping the whole netsplit stats for every
server/channel when a message arrives.
Issue #420
Allow use of /hilight -case exAMPle (compatible with other options)
Added matchcase to hilight config file (exemple: { text = exAMPle; matchcase = yes; } )
That error code means "check errno". A few users got it and we never
figured out what happened - it usually fixed itself after restarting
something - so hopefully with this we'll have more information the next
time.
* Adds two new keys which you can bind in /bind:
yank_next_cutbuffer: Revert to the previous last deleted text
append_next_kill: Append next deletion
* Consecutive kills are now appended to the current cutbuffer
If sasl_timeout is never initialized with a valid timeout id then
calling /disconnect on the server calls g_source_remove() with 0 as tag,
causing an harmless error message to be printed.
Beside that, the sasl_timeout field is defined as a unsigned int.
We can use 0 as sentiel since g_timeout_add returns tags that are always
greater than zero.
If the server didn't send it then just skip the check, the old value it
defaulted to was possibly overlapping with the CHANTYPES leading to an
incorrect behaviour. Fixes#435.
This way net_gethostbyaddr will fail when the system is unable to
resolve the address to a valid host name.
Without this flag in case of failure the function would return the ip
address instead of failing.
/knockout uses /ban to set bans but calls ban_remove() directly to
remove them. This commit makes it use /unban instead. This allows
scripts that hook ban/unban to work automatically with /knockout.
Have a ignore_find_full method that is the one that all the new code
should be using and provide some working stubs for ignore_find and
ignore_find_noact.
This way we prevent the creation of duplicate ignores since the old code
skipped the ignore_find call when a pattern was specified.
It should also cover all the cases where the ignores would be wrongly
overwritten, such as the case outlined in #78.
With bracketed paste, "a\nb" will result in two lines being pasted,
because it's a single thing, with an end marker which the timeout based
pastes don't have.
Due to the way term_gets() counts lines, that input will have
paste_line_count == 1. This can be misleading.
This code adjusts it by looking at the last character, and increasing
the count if it finds anything that isn't a newline.
Issue #340 brought to our attention the fact that under certain
circumstances irssi would go on a wild rampage and carelessly overwrite
some saved channel records in the configuration file.
This happened because the code didn't take into account the case where
the channel index in setupchannels wouldn't match the one in the
configuration; this actually happens when the user removes a chatnet
without removing the associated channels.
Turns out it confuses inspircd, making it reply a NAK with empty
parameter. The rest is ACKed anyway. I've already whined at saberuk
and there's a pending pull request over there fixing this issue.
And, of course, this is cleaner.
This fixes a long-standing bug where 'fname' was being feed to cat
instead of 'real_fname', causing it to quit with a 'No such file or directory'
error.
FS#377
The function "static void paste_buffer_join_lines(GArray *buf)" in
"src/fe-text/gui-readline.c" is supposed to join lines from the GArray
pointed to by *buf under certain circumstances.
In the code of the function "buf" is actually used for getting the length
of the GArray, but to get a pointer to the data, "paste_buffer->data" is
used; paste_buffer is defined in the scope of the whole file.
This delivers the desired result, because this function is only called
once, with "paste_buffer" as the argument. If paste_buffer_join_lines()
will ever be used with a different argument, it will fail.
The symptom for this one is randomly getting lines split before the last
word, even if there's no need for splitting. Also, this function is only
reached if recode is on, and iconv failed (for example, due to an
incorrect source charset). Thanks to vague for finding this and
providing valgrind logs.
The loop that looks for spaces tried to read backwards from the end of
the current line, with the end being determined by len. Assuming
strsplit_len() with len=400, this meant accessing str[399] in the first
iteration. For strings that don't need splitting, this means an invalid
read always.
If that invalid read happens to hit garbage that has a space character,
(len - offset) points after the end of string, which isn't a problem for
g_strndup() since it stops at the first null, and no splitting happens.
If the garbage doesn't have any spaces, it splits by the last word.
This commit avoids that loop entirely if (remaining_len > len). It also
changes the way it iterates over the string to be much less confusing.
Turns out it was fixing the wrong string, and trying to do
atoi("RECON-1") instead of atoi("1").
"/reconnect 1" worked, but "/reconnect RECON-1" gave that confusing
error message.
Given a big enough write_buffer_size and a long enough
write_buffer_timeout it might be possible to show the user an incomplete
or empty awaylog.
Patch by: Petteri Aimonen
term_addstr() had a long-standing fixme that suggested it didn't
take into account the string encoding when calculating the string
length.
The BIG5 code path is untested.
Both cases were off-by-one mistakes erring on the side of being too
conservative. This fixes these two harmless issues:
- For a single empty paste, it required another keystroke before
processing it
- For a sequence of themcase, a single '~' was left in the input
This actually workarounds a bug with the "st" terminal, for which i've
already submitted a patch, but irssi needs to be able to handle it
decently too.
The g_strcmp0 fallback in particular was broken since it was used in a
few places as a GCompareFunc, and macros don't work that way.
Yes, that one was my fault, but nobody complained :D
Turns out event_names_list() in irc-nicklist.c already handles this.
event_who() just ignores it, which is probably a good idea since some of
the irc servers I tested this with have a bug that results in sending
multiple prefixes in the NAMES reply but not in the WHO one (they were
forks of ircd-hybrid before 7.3.0)
And NAMES always happens, anyway. WHO is omitted sometimes for huge
channels.
The return value is a char*, and here it was false which is 0 which is
more or less the same as null.
That could have been a crash somewhere, the functions that call this
don't expect null ever.
Just passing the full target to the "message irc op_public" signal
handler and letting it do the cleanup.
The fe_channel_skip_prefix() call in event_privmsg() is kept because
recode_in() needs a real channel name, but
There was similar code in sig_message_own_wall(), but that one is
correct - the /wall command always sends NOTICE @#chan, so I added a
comment down there to make it clear.
Fixes FS#817 - "SegFault when executing bind command", which provides
the test case "/bind cleft key meta", which is stupid but now it doesn't
break things.
The limit of 100 is arbitrary, it means roughly 140 stack frames total.
The flyspray ticket mentions it crashes at 512, in my system it goes all
the way to 149677 stack frames.
http://bugs.irssi.org/index.php?do=details&task_id=817
http://bugs.irssi.org/index.php?do=details&task_id=905
Not using the patch from that ticket, the issue turned out to be that
(dest - last_lf_pos) returned number of unichr, not bytes, so that's 4
times less than what the size parameter of memmove() should be.
We disable the ICRNL flag to make Enter independent from ^J from the
keybinding point of view since the former will now send ^M, leaving the
user free to remap ^J without trapping itself into the irssi session
because of a broken Enter key.
Also disable the software flow control because we don't expect anyone to
run irssi over a serial console; we gain some more freedom by having ^Q
and ^S freely mappable by the user.
Replace G_SOURCE_REMOVE with FALSE for the compatibility sake.
Zero the timeout id after g_source_remove and when exipred.
Save the sasl_* options in sig_chatnet_saved().
The only supported methods are PLAIN and EXTERNAL, the latter is untested as of
now.
The code gets the values from the keys named sasl_{mechanism,username,password}
specified for each chatnet.
Enter the "application" mode when setting up the terminal, this improves the
compatiblity with the standards; as a side effect now DEL key works ootb when
irssi is run in the suckless's st terminal.
Clean up the vector resulting from g_strsplit before
returning from expando_hostname(). Also, use g_strdup()
instead of g_strconcat() to return the pointer to hostname.
When changing the value of irssiproxy_ports to use a different network
name in a port that was already bound (so like changing from asd=6667 to
sdf=6667) it would throw "address already in use".
This fixes it by delaying the add_listen() calls after all the
remove_listen() were called.
The function now skips all the leading characters that are in the STATUSMSG. If
the server didn't send the STATUSMSG option then it's assumed to be "@+" for
compatibility with bahamut 2.4 (sic).
I wrote some tests to compare the behavior but I don't know where to put
them, so i'm including them here:
assert(g_strcmp0("a", "b") == -1);
assert(g_strcmp0(NULL, "a") == -1);
assert(g_strcmp0("a", NULL) == 1);
assert(g_strcmp0("b", "a") == 1);
assert(g_strcmp0("a", "a") == 0);
assert(g_strcmp0(NULL, NULL) == 0);
Change "proxy client connected" to "proxy client connecting" to avoid being confused by clients that have connected but not necessarily authenticated. Emit "proxy client connected" once authenticated, keeping the name for backwards compatibility.
We add some additional checks into the config parser's
node_section_index, node_traverse and node_set_str functions. In
particular, we check if the requested node is of scalar or complex type
and whether this matches the value found in the config. If it does not
match, then a warning is issued appropriately and the config is
corrected.
By temporarily raising the fatal log level to critical during irssi
start-up, we make it fail when the config file is broken. This is then
re-set so that /reload of a broken config file will not crash irssi and
just report the errors and gracefully continue instead.
The change introduced in #191 will crash irssi immediately if you
accidentally try to /reload certain broken config files. It is enough to
warn the user in this case, so we turn g_error into g_critical.
this adds the CONFIG_REC * to the config_node_section and
config_node_section_index APIs as they will require access to the config
cache later on to make the config parser more robust.
sed -i 's/hv_store/(void) &/'
This only results in a warning in older gcc versions, but that includes
the one used in the Travis CI environment by default
Fixes issue #187. It's a bit annoying this can't do anything other than
exit, however as there's no schema for the config it's only possible to
validate on use. This level of config can't be accessed from Perl so a
script can't cause Irssi to die (via this method at least).
Before this, doing "TERM=vt100 irssi" showed all text as bold and
blinking because of a failed check of window->term->TI_colors that
was doing (value & 8) and not expecting a value of 0.
The changed lines themselves look a bit weird, but they make more sense
in the context of the original commit, 96a292d4.
Original patch by hondza <sedaj2@gmail.com>, from FS#833. I applied
several needed style changes, and rebased to current HEAD.
This implements the IRCv3.2 self-message extension partially (we can't
announce its support through CAP yet). This is also the format used by
the 'privmsg' znc module, and is already implemented by several other
clients.
At some point in the past few years, Flyspray changed its URL scheme from id=nnn to task_id=nnn, which broke some old comments in the source. Update those comments to URLs that still work.
Try to split long lines on spaces to avoid words being splitted. This
can be turned off with the option `split_line_on_space'. The code
assumes that the terminal encoding has ASCII spaces.
The userhost Irssi uses for line splitting can in some cases be wrong,
for instance when a proxy is used or when a server cloaks the hostname
without telling the client. Now Irssi always assumes the userhost is of
maximum length. 10 for username (common value) and 63 for hostname (in
RFC 2812).
With many ignores (a few thousand) /reload could take so long that connections
were dropped. The problem is that nickmatch_rebuild() was being called for
every ignore. The easy solution is to only call it once at the end.
this fixes a crash due to illegal memory access that can occur if
something is printed to the screen on the "terminal resized"
handler. It is not clear to me whether this race condition can be
triggered by external incoming messages, but it might be better safe
than sorry.
Fixes FS#721
This makes Ctrl+^ and ^ bindable again as different keys. We do this
by escaping single `^` as `^-`, which is not a valid control character
(unlike `^^`)
The original approach suggested in FS#721 is insufficient, it will
break bindings such as `meta-^` because Irssi is convinced that `^`
introduces a Control-key ("key combo") so it is waiting for what may
follow.
while the last patch did stop /path/.xxx from turning italic, it also
stopped any other /emphasis/ from becoming italic. correct this by
testing for ispunct, so spaces are valid italic terminators
the colour 0 was broken by the extended colours patch because it needs
an explicit bit check (lower bits will be false since it is 0)
Thanks to lhynes for the report
Fixes Github issue #97https://github.com/irssi/irssi/issues/97
Fix proposed by ailin-nemui, built and tested on Debian Jessie using
0.8.15 source, tested by GeertHauwaerts as well.
It's tricky to make the banner show first in all cases and it's unlikely
to be seen if someone is connecting to a server already, so just don't
show it.
ferret, the author of `splitlong-safe.pl' pointed out that `userhostlen'
should not only contain the maximum length of the hostname, but also the
maximum length of the username. Now 10 is used as the maximum username
length as a fallback. (`splitlong-safe.pl' uses the same limit.)
The username limit isn't defined in the standard, but 10 is common on
many networks. The odds that something goes wrong here is low, as
1) the fallback limit is only used when the user has not yet joined a
channel
2) the maximum hostname length (63) gives some error margin as the
hostname usually is shorter
`split_line_end' could force lines to be unnecessarily split. This
commit fixes the problem by making sure that the last line isn't shorter
than `split_line_end'.
Add settings `split_line_start' and `split_line_end' analogous to
`splitlong_line_start' and `splitlong_line_end' in `splitlong.pl'. The
prefixes and suffixes are concatenated with a wrapper function to keep
`recode_split' and `strsplit_len' simple.
This commit adds handling of long IRC messages to the core. In contrast
to the `splitlong.pl' plugin, multi-byte encoded and recoded messages
are properly split.
To allow for this, a new function has been added to the server struct:
`split_message'. `split_message' returns a string array with the message
splitted to substrings of a length that the server can handle. If a
protocol module doesn't have any limit, it can simply return a singleton
array with a copy of the message.
The `MSG' chat command now calls `split_message' before `send_message',
and emits `message own_public' / `message own_private' with each
substring, so that the string splitting will be visible in the UI.
`split_message' in the IRC module uses `recode_split' which in turn uses
iconv to properly split multi-byte encoded (and recoded) messages.
This is technically wrong as it then gets used as an IPv4 sockaddr, but it only
needs to be some 0s so this is easier than changing the IPADDR data structure or
adding a new API.
256 colour patch is cleaned up and the remaining cases are made work,
this includes especially Theme support, which was not implemented
before. Changes not related to colours were reverted again, making a
review of the two patches against master easier to follow.
As a byproduct of the Hex-colour code parser, the 24bit colours are
also implemented. Actually using them in the terminal is guarded by a
compile time switch (as well as a run time switch), as it breaks the
existing colour protocol and requires additional storage.
To make a seamless usage, down-conversion is provided for 8 and 16
colours.
Diverging from Tom's approach, the colour protocol is reverted back to
the original one. Unfortunately, the changes required in the Theme
engine will break the API.
For more details, please refer to the patch documentation at either
http://irssi-docs.wikispaces.com/Notes-256-Colour or
https://github.com/shabble/irssi-docs/wiki/Notes-256-Colour
In this path we can't look up ignores again because the print text signal
doesn't know the nick, etc. Instead just show it. The user can use -actcolor %n
or make the hilight more specific if desired.
This results in a more flexible system and is less surprising as it means levels
can be used in the way they normally can in an ignore.
As an example the current approach to NO_ACT provides no way to let HILIGHTS
be shown, with this change /set activity_hide_targets can be recreated with:
/ignore #channel NO_ACT
/ignore #channel -except -regexp -pattern . NO_ACT HILIGHTS
(but obviously this can be configured in many more ways if desired).
add the missing alternate_nick in Irc::Server by making an additional
call to the Irc::Connect filler. this is not quite ideal but might
need bigger refactoring otherwise.
This patch implements some 256 colour support for Irssi up from the
previous 16 colours. Initial parsing of the %x/%X format codes is
implemented and the parser accounts in advances the char* for
that.
The colour attributes are widened from 4 to 8 bit. The colour protocol
is changed to a new format. Some pointers to remaining work are
written in the comment in textbuffer.h.
Note that Irssi already does support requesting 256 colours from the
terminal in the original source code, so this part did not have to be
touched.
Further to pull #49 this is the result of an audit of the use of perl
stack macros. There were several cases where PUTBACK was being called
where the stack pointer could be out-of-date.
Also some misc. cleanup where the macros were used needlessly.
PUTBACK was being called even for the error path which didn't use the
stack. Emitting the "script error" signal can involve running Perl code
(Irssi:core::destroy) therefore the stack can be reallocated. This
can result in the perl stack being corrupted because the local stack
pointer is out of date (although as it's use of freed memory the crash
is not always instant).
This removes the calls to Perl_get_context() that get automatically
added to XS code for ancient source code compatibility reasons.
The result is about a ~60K size reduction in the binary (based on
comparing two 64-bit stripped irssi binaries compiled
--with-perl-staticlib).
If the first g_module_symbol call failed, module_deinit was set
to value2, which is uninitialized. Move the assignment after
checking variable found to silence the warning.
This patch adds 3 new signals:
* tlsa avalable: emitted if TLSA is available for a given domain.
* tlsa verification success: emitted if the TLSA check was successful.
* tlsa verification failed: emitted if the TLSA check was unsuccessful.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5220 dbcabf3a-b0e7-0310-adc4-f8d773084564
This patch refactors how we are passing connection information for SSL
connections. This will allow us to emit signals with a SERVER_REC as
parameter during SSL handshake.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5219 dbcabf3a-b0e7-0310-adc4-f8d773084564
This patch adds experimental support for the DNSSEC DANE verification
protocol using the libval library from the DNSSEC-Tools package.
Thanks to Thomas Steen Ramussen for creating a test setup and suggesting
the idea of experimenting with DANE support in Irssi :-)
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5218 dbcabf3a-b0e7-0310-adc4-f8d773084564
The crash can happen if the terminal height decreases before the first window
is created. Based on a patch by Jaroslav Škarvada (red hat bug #796457).
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5217 dbcabf3a-b0e7-0310-adc4-f8d773084564
connections to TLSv1.1 servers from working. Patch by pi-rho.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5216 dbcabf3a-b0e7-0310-adc4-f8d773084564
Passing this option will force Irssi to not execute the content of the
autosendcmd chatnet-setting upon connect.
Fixes: #738
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5209 dbcabf3a-b0e7-0310-adc4-f8d773084564
if they are somehow enabled (UHNAMES/userhost-in-names).
bug #805
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5205 dbcabf3a-b0e7-0310-adc4-f8d773084564
prefix exists by conditionally allocating and marking to-be-freed the cumode
string inside of expando_cumode(). (Bug #669)
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5203 dbcabf3a-b0e7-0310-adc4-f8d773084564
when attempting to automatically use chat_protocol perl modules. This
fixes the automatic calling of "use Irssi::Irc" when the Irssi perl modules
have been installed in a location outside of perl's site/vendor hierarchy.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5197 dbcabf3a-b0e7-0310-adc4-f8d773084564
This code is used, for example, when /set expand_escapes on.
I can't reproduce crashes but I can reproduce garbage if I type a\1.
bug #775
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5195 dbcabf3a-b0e7-0310-adc4-f8d773084564
binds as part of /layout save. This addresses the problem of previously
saved channel window items forgetting their windows upon reconnection,
which resulted in them being opened in new windows.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5194 dbcabf3a-b0e7-0310-adc4-f8d773084564
"nicklist new" signal.
Fixes the nicklist sorting on xirssi.
Patch by nenolod.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5184 dbcabf3a-b0e7-0310-adc4-f8d773084564
group id instead of the process id. (This covers the case of /bin/sh
instances which fork/exec commands passed via -c. In such cases,
sending a signal to the stored process id would sent it to the /bin/sh
process itself, not the forked child.)
Add error reporting to sending signals.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5174 dbcabf3a-b0e7-0310-adc4-f8d773084564