From 17d62921e9d2cfa8ade544c64a69d14d8ea66377 Mon Sep 17 00:00:00 2001 From: nandesu-utils <70854931+nandesu-utils@users.noreply.github.com> Date: Thu, 28 Oct 2021 04:01:07 +0900 Subject: [PATCH 01/12] Acquire sender's device list on connection After generation of an identity we observe that `omemo_ctx.device_list` has an entry for sender's jid. But on application restart it is absent thus messages are not encrypted for the rest set of sender devices. This commit fixes this by applying code for acquiring the aforementioned device list after the connection. --- src/omemo/omemo.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c index e1126e62..273bbd21 100644 --- a/src/omemo/omemo.c +++ b/src/omemo/omemo.c @@ -84,6 +84,7 @@ static unsigned char* _omemo_fingerprint_decode(const char* const fingerprint, s static char* _omemo_unformat_fingerprint(const char* const fingerprint_formatted); static void _cache_device_identity(const char* const jid, uint32_t device_id, ec_public_key* identity); static void _g_hash_table_free(GHashTable* hash_table); +static void _omemo_sender_devices(void); typedef gboolean (*OmemoDeviceListHandler)(const char* const jid, GList* device_list); @@ -303,6 +304,9 @@ omemo_on_connect(ProfAccount* account) log_warning("[OMEMO] no such file: %s", omemo_ctx.trust_filename->str); g_error_free(error); } + + log_debug("[OMEMO] Acquiring sender devices for current account"); + _omemo_sender_devices(); } void @@ -384,15 +388,15 @@ omemo_publish_crypto_materials(void) return; } + omemo_bundle_publish(true); +} + +static void _omemo_sender_devices(void) { char* barejid = connection_get_barejid(); - /* Ensure we get our current device list, and it gets updated with our - * device_id */ g_hash_table_insert(omemo_ctx.device_list_handler, strdup(barejid), _handle_own_device_list); omemo_devicelist_request(barejid); - omemo_bundle_publish(true); - free(barejid); } From fee23b55f08c3635731aa625e31bd54f14282cb6 Mon Sep 17 00:00:00 2001 From: nandesu-utils <70854931+nandesu-utils@users.noreply.github.com> Date: Fri, 29 Oct 2021 01:15:55 +0900 Subject: [PATCH 02/12] Refined sender device acquirement Now the sender devices are acknowledged only after omemo is loaded. That is, after key generation has been completed or identity has been loaded. --- src/omemo/omemo.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c index 273bbd21..4d53ad0c 100644 --- a/src/omemo/omemo.c +++ b/src/omemo/omemo.c @@ -84,7 +84,7 @@ static unsigned char* _omemo_fingerprint_decode(const char* const fingerprint, s static char* _omemo_unformat_fingerprint(const char* const fingerprint_formatted); static void _cache_device_identity(const char* const jid, uint32_t device_id, ec_public_key* identity); static void _g_hash_table_free(GHashTable* hash_table); -static void _omemo_sender_devices(void); +static void _acquire_sender_devices_list(void); typedef gboolean (*OmemoDeviceListHandler)(const char* const jid, GList* device_list); @@ -304,9 +304,6 @@ omemo_on_connect(ProfAccount* account) log_warning("[OMEMO] no such file: %s", omemo_ctx.trust_filename->str); g_error_free(error); } - - log_debug("[OMEMO] Acquiring sender devices for current account"); - _omemo_sender_devices(); } void @@ -391,7 +388,7 @@ omemo_publish_crypto_materials(void) omemo_bundle_publish(true); } -static void _omemo_sender_devices(void) { +static void _acquire_sender_devices_list(void) { char* barejid = connection_get_barejid(); g_hash_table_insert(omemo_ctx.device_list_handler, strdup(barejid), _handle_own_device_list); @@ -403,6 +400,11 @@ static void _omemo_sender_devices(void) { void omemo_start_sessions(void) { + // before any session may be started, a list on + // available sender devices must be acquired + log_debug("[OMEMO] Acquiring sender devices list"); + _acquire_sender_devices_list(); + GSList* contacts = roster_get_contacts(ROSTER_ORD_NAME); if (contacts) { GSList* curr; From 753d9dbbdb19df28827e8fdbb36455e1cfd3f52d Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 18 Nov 2021 22:27:20 +0000 Subject: [PATCH 03/12] src/plugins/callbacks.c: drop redundant NULL pointer check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc-12 detects redundant check against array of arrays as: src/plugins/callbacks.c: In function ‘_free_command_help’: src/plugins/callbacks.c:85:26: error: the comparison will always evaluate as ‘true’ for the address of ‘args’ will never be NULL [-Werror=address] 85 | while (help->args[i] != NULL && help->args[i][0] != NULL) { | ^~ In file included from ./src/ui/ui.h:44, from ./src/command/cmd_defs.h:42, from src/plugins/callbacks.c:41: ./src/command/cmd_funcs.h:48:12: note: ‘args’ declared here 48 | gchar* args[128][2]; | ^~~~ --- src/plugins/callbacks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/callbacks.c b/src/plugins/callbacks.c index 92c0a9f4..4a73f15b 100644 --- a/src/plugins/callbacks.c +++ b/src/plugins/callbacks.c @@ -82,7 +82,7 @@ _free_command_help(CommandHelp* help) free(help->desc); i = 0; - while (help->args[i] != NULL && help->args[i][0] != NULL) { + while (help->args[i][0] != NULL) { free(help->args[i][0]); free(help->args[i][1]); i++; From a77a57a6a45ed07c60b31f7cbe977f8e68fadbc8 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 18 Nov 2021 22:28:44 +0000 Subject: [PATCH 04/12] src/plugins/python_api.c: drop redundant NULL pointer check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc-12 detects redundant check against array of arrays as: src/plugins/python_api.c: In function ‘python_api_register_command’: src/plugins/python_api.c:199:31: error: the comparison will always evaluate as ‘true’ for the address of ‘c_arguments’ will never be NULL [-Werror=address] 199 | while (c_arguments[i] != NULL && c_arguments[i][0] != NULL) { | ^~ src/plugins/python_api.c:161:15: note: ‘c_arguments’ declared here 161 | char* c_arguments[args_len == 0 ? 0 : args_len + 1][2]; | ^~~~~~~~~~~ --- src/plugins/python_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/python_api.c b/src/plugins/python_api.c index 8ea54514..2ccd672b 100644 --- a/src/plugins/python_api.c +++ b/src/plugins/python_api.c @@ -196,7 +196,7 @@ python_api_register_command(PyObject* self, PyObject* args) free(c_synopsis[i++]); } i = 0; - while (c_arguments[i] != NULL && c_arguments[i][0] != NULL) { + while (c_arguments[i][0] != NULL) { free(c_arguments[i][0]); free(c_arguments[i][1]); i++; From 315d862e22ee9d41a897d76a0297b67b877a3960 Mon Sep 17 00:00:00 2001 From: Carlo Cabrera <30379873+carlocab@users.noreply.github.com> Date: Tue, 23 Nov 2021 21:57:02 +0800 Subject: [PATCH 05/12] Make readline check more portable Currently, `configure.ac` assumes Readline is installed via Homebrew in `/usr/local`. This doesn't work for Homebrew on Apple Silicon, or MacPorts. Let's fix this by checking for a `brew` installation, and querying that for Readline's prefix if available. If not, it checks for an existing MacPorts prefix, and finally falls back to checking `/usr/local` in case a user installed Readline for themselves there. --- configure.ac | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 566c3c80..709594d3 100644 --- a/configure.ac +++ b/configure.ac @@ -210,10 +210,19 @@ AS_IF([test "x$enable_icons_and_clipboard" != xno], [AC_MSG_NOTICE([gtk+-3.0/gtk+2.0 not found, icons and clipboard not enabled])])])])]) AS_IF([test "x$PLATFORM" = xosx], - [AC_CHECK_FILE([/usr/local/opt/readline/lib], + [AC_PATH_PROG([BREW], [brew], ["failed"], + [$PATH$PATH_SEPARATOR/opt/homebrew/bin$PATH_SEPARATOR/usr/local/bin]) + AS_IF([test "x$BREW" = xfailed], + [AC_CHECK_FILE([/opt/local/lib], + [READLINE_PREFIX="/opt/local"], + [READLINE_PREFIX="/usr/local"])], + [READLINE_PREFIX="`$BREW --prefix readline`"])]) + +AS_IF([test "x$PLATFORM" = xosx], + [AC_CHECK_FILE([$READLINE_PREFIX/lib], [LIBS="-lreadline $LIBS" - AM_CPPFLAGS="-I/usr/local/opt/readline/include $AM_CPPFLAGS" - AM_LDFLAGS="-L/usr/local/opt/readline/lib $AM_LDFLAGS" + AM_CPPFLAGS="-I$READLINE_PREFIX/include $AM_CPPFLAGS" + AM_LDFLAGS="-L$READLINE_PREFIX/lib $AM_LDFLAGS" AC_SUBST(AM_LDFLAGS)], [AC_MSG_ERROR([libreadline is required for profanity])])], From 1194a9b85e29dc8d421e6a3a12760de0e7c8ac20 Mon Sep 17 00:00:00 2001 From: Carlo Cabrera <30379873+carlocab@users.noreply.github.com> Date: Wed, 24 Nov 2021 00:10:05 +0800 Subject: [PATCH 06/12] Improve macOS Readline checks Instead of checking for `lib` directories, let's make sure `libreadline` exists. Also, let's improve the error message if we can't find it. Finally, since we're only looking for `brew` on macOS, we don't need to use `$PATH_SEPARATOR` since we know what the path separator is. --- configure.ac | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 709594d3..4a6a8ba2 100644 --- a/configure.ac +++ b/configure.ac @@ -211,20 +211,20 @@ AS_IF([test "x$enable_icons_and_clipboard" != xno], AS_IF([test "x$PLATFORM" = xosx], [AC_PATH_PROG([BREW], [brew], ["failed"], - [$PATH$PATH_SEPARATOR/opt/homebrew/bin$PATH_SEPARATOR/usr/local/bin]) + [$PATH:/opt/homebrew/bin:/usr/local/bin]) AS_IF([test "x$BREW" = xfailed], - [AC_CHECK_FILE([/opt/local/lib], + [AC_CHECK_FILE([/opt/local/lib/libreadline.dylib], [READLINE_PREFIX="/opt/local"], [READLINE_PREFIX="/usr/local"])], [READLINE_PREFIX="`$BREW --prefix readline`"])]) AS_IF([test "x$PLATFORM" = xosx], - [AC_CHECK_FILE([$READLINE_PREFIX/lib], + [AC_CHECK_FILE([$READLINE_PREFIX/lib/libreadline.dylib], [LIBS="-lreadline $LIBS" AM_CPPFLAGS="-I$READLINE_PREFIX/include $AM_CPPFLAGS" AM_LDFLAGS="-L$READLINE_PREFIX/lib $AM_LDFLAGS" AC_SUBST(AM_LDFLAGS)], - [AC_MSG_ERROR([libreadline is required for profanity])])], + [AC_MSG_ERROR([libreadline is required for profanity. Install it with Homebrew, MacPorts, or manually into /usr/local])])], [test "x$PLATFORM" = xopenbsd], [AC_CHECK_FILE([/usr/local/include/ereadline], From 2f7317cc1837ff8e9dfab8b6b0d8529f44391966 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Thu, 25 Nov 2021 14:45:45 +0100 Subject: [PATCH 07/12] Fix carbons criteria We came into the carbons checking code when we received ``. Which actually marks a message to _not_ be a carbon. In this code we also make sure that carbons only come from us. If not we don't call the message handler code. So we should actually only check for `` and ``. Thanks pukkamustard and Holger. Fixes https://github.com/profanity-im/profanity/issues/1614 --- src/xmpp/message.c | 10 ++++++++-- src/xmpp/stanza.h | 2 ++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/xmpp/message.c b/src/xmpp/message.c index 1a964846..4aa22437 100644 --- a/src/xmpp/message.c +++ b/src/xmpp/message.c @@ -223,7 +223,13 @@ _message_handler(xmpp_conn_t* const conn, xmpp_stanza_t* const stanza, void* con gboolean is_carbon = FALSE; // XEP-0280: Message Carbons - xmpp_stanza_t* carbons = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_CARBONS); + // Only allow `` and `` carbons + // Thus ignoring `` + xmpp_stanza_t* carbons = xmpp_stanza_get_child_by_name_and_ns(stanza, STANZA_NAME_SENT, STANZA_NS_CARBONS); + if (!carbons) { + carbons = xmpp_stanza_get_child_by_name_and_ns(stanza, STANZA_NAME_RECEIVED, STANZA_NS_CARBONS); + } + if (carbons) { // carbon must come from ourselves @@ -1283,7 +1289,7 @@ _handle_carbons(xmpp_stanza_t* const stanza) } */ - if ((g_strcmp0(name, "received") != 0) && (g_strcmp0(name, "sent") != 0)) { + if ((g_strcmp0(name, STANZA_NAME_RECEIVED) != 0) && (g_strcmp0(name, STANZA_NAME_SENT) != 0)) { log_warning("Carbon received with unrecognised stanza name: %s", name); return NULL; } diff --git a/src/xmpp/stanza.h b/src/xmpp/stanza.h index e2c22bd8..7aac5d08 100644 --- a/src/xmpp/stanza.h +++ b/src/xmpp/stanza.h @@ -117,6 +117,8 @@ #define STANZA_NAME_USERNAME "username" #define STANZA_NAME_PROPOSE "propose" #define STANZA_NAME_REPORT "report" +#define STANZA_NAME_RECEIVED "received" +#define STANZA_NAME_SENT "sent" // error conditions #define STANZA_NAME_BAD_REQUEST "bad-request" From f0a39a4b660cc27d40288216cb9e5a8611109c56 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Fri, 26 Nov 2021 07:51:49 +0000 Subject: [PATCH 08/12] python_api.c: enlarge `c_arguments` array to avoid OOB write Code below explicitly refers past `args_len`th element: c_arguments[args_len][0] = NULL; c_arguments[args_len][1] = NULL; Let's always allocate space for `NULL`. Noticed by Steffen Jaeckel. --- src/plugins/python_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/python_api.c b/src/plugins/python_api.c index 2ccd672b..90e33579 100644 --- a/src/plugins/python_api.c +++ b/src/plugins/python_api.c @@ -158,7 +158,7 @@ python_api_register_command(PyObject* self, PyObject* args) c_synopsis[len] = NULL; Py_ssize_t args_len = PyList_Size(arguments); - char* c_arguments[args_len == 0 ? 0 : args_len + 1][2]; + char* c_arguments[args_len + 1][2]; for (i = 0; i < args_len; i++) { PyObject* item = PyList_GetItem(arguments, i); Py_ssize_t len2 = PyList_Size(item); From a980ab14a0db9dea9ca016425df8dd8e2ae59f0b Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Dec 2021 15:56:56 +0100 Subject: [PATCH 09/12] ci: re-enable macos They have libstrophe 0.11.0 now. This reverts commit 472a3ceec4ce4bd018d7276372cf3ccdc24b76c9. --- .github/workflows/main.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c40cf4b0..ebcc86d6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,15 +22,15 @@ jobs: docker build -f Dockerfile.${{ matrix.flavor }} -t profanity . docker run profanity ./ci-build.sh -# macos: -# runs-on: macos-latest -# name: macOS -# steps: -# - uses: actions/checkout@v2 -# - name: Run brew bundle -# run: brew bundle -# - name: Run tests -# env: -# # Ensure that "keg-only" Homebrew versions are used. -# PKG_CONFIG_PATH: "/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/expat/lib/pkgconfig:/usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/openssl/lib/pkgconfig:/usr/local/opt/libffi/lib/pkgconfig:/usr/local/opt/sqlite/lib/pkgconfig:$PKG_CONFIG_PATH" -# run: ./ci-build.sh + macos: + runs-on: macos-latest + name: macOS + steps: + - uses: actions/checkout@v2 + - name: Run brew bundle + run: brew bundle + - name: Run tests + env: + # Ensure that "keg-only" Homebrew versions are used. + PKG_CONFIG_PATH: "/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/expat/lib/pkgconfig:/usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/openssl/lib/pkgconfig:/usr/local/opt/libffi/lib/pkgconfig:/usr/local/opt/sqlite/lib/pkgconfig:$PKG_CONFIG_PATH" + run: ./ci-build.sh From d6633e092092f6c1355dde0035fdeadf1b0bf4c9 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Dec 2021 16:14:26 +0100 Subject: [PATCH 10/12] ci: re-enable ubuntu This reverts commit cc206ee8cc2cf8458325337f2e68b0dd11b95afd. --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ebcc86d6..a6e2693a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,7 +12,7 @@ jobs: strategy: matrix: - flavor: [debian, fedora] + flavor: [debian, fedora, ubuntu] name: Linux steps: From 8b53acd608033e3909c3d990b5a1d8a83396c53b Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Dec 2021 16:15:04 +0100 Subject: [PATCH 11/12] ci: update ubuntu python package names --- Dockerfile.ubuntu | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index 840cd736..9686084f 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -26,7 +26,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ libxss-dev \ make \ pkg-config \ - python-dev \ + python3-dev \ + python-dev-is-python3 \ libsqlite3-dev RUN mkdir -p /usr/src/{stabber,libstrophe,profanity} From 05435d27142bffe226113d6d2f3f643cb711bada Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 3 Dec 2021 16:17:40 +0100 Subject: [PATCH 12/12] ci: re-enable tumblweed Old docker/libseccomp from GH got updated. This reverts commit 5c5c45321976c9a859694afa781178c68d076ee2. --- .github/workflows/main.yml | 2 +- Dockerfile.arch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a6e2693a..daae84d0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,7 +12,7 @@ jobs: strategy: matrix: - flavor: [debian, fedora, ubuntu] + flavor: [debian, fedora, tumbleweed, ubuntu] name: Linux steps: diff --git a/Dockerfile.arch b/Dockerfile.arch index a3644b9f..1cd4cd03 100644 --- a/Dockerfile.arch +++ b/Dockerfile.arch @@ -1,4 +1,4 @@ -FROM archlinux/base +FROM archlinux/latest RUN pacman -Syu --noconfirm && pacman -S --needed --noconfirm \ autoconf \