Incoming carbons are logged as normal message already.
So we had this logged twice but didn't log outgoing carbons,
send from our account but by another client, at all.
Fix https://github.com/profanity-im/profanity/issues/1181
This theme color applies to the tab title text of the statusbar tab that
is currently shown.
The (somewhat confusingly named) `statusbar.active` theme color now
applies to all other tabs (before, it applied to all tabs).
Coloring of a tab that is highlighted/has new messages is done as before
using the `statusbar.new` theme color.
The default color is set to `cyan`, and thus causes no visible change
for users -- until modified.
Glib can print error messages to stderr and blocking write freezes
Profanity if the buffer is full. Move stderr to nonblocking mode
in hope that glib will skip printing on EWOULDBLOCK error. In this
case we lose some error messages, but Profanity continues working.
https://gultsch.de/dino_multiple.html mentions CVE-2019-16235, CVE-2019-16236 and CVE-2019-16237.
CVE-2019-16235: Is checking the from in carbon messages. We do that.
CVE-2019-16236: Is checking the from in roster pushes. We do that but
didn't log it yet.
CVE-2019-16237: Is checking the form in MAM messages. We don't support
them yet.
Profanity uses the node part of a JID as display name for a tab. If such
a JID doesn't contain the node part, Profanity crashes on NULL pointer
dereference.
In the above case, use barejid which is just a domain. Fixes#1153.
Just to be on the safe side.
Probably only relevant for unit tests where ncurses vars are not
initialized with real values.
Fix unit tests on all platforms.
Double-check that a <delay/> tag on a groupchat message was actually
added by the MUC service (rather than the sending client) before
assuming it was received from the MUC history.
Fixes#1173.
This occured with a user running Cisco Jabber. It seems this server
sends repeated presence subscribed stanzas. And although I find this
strange according to RFC this seems to be ok.
So let's filter them and only display in the console output and to the
log. But don't open seperate windows.
Fix https://github.com/profanity-im/profanity/issues/1165
This should actually never happen because we have the mechanism that
checks the commands. But let's do it in case we break something in that
mechanism and to make clang happy.
Fixes clangs: 'Argument with 'nonnull' attribute passed null'
Instead of only checking for files when 'last_directory' has changed, do
it every time.
Add autocomplete_update function that updates the items while retaining
last_found and search_str.
Fixes#1099
Fix:
```
==18682== 408 bytes in 17 blocks are definitely lost in loss record
3,279 of 3,632
==18682== at 0x483677F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18682== by 0x42F602: roster_update_presence (roster_list.c:129)
==18682== by 0x448AA3: sv_ev_contact_online (server_events.c:906)
==18682== by 0x43D2BA: _available_handler (presence.c:674)
==18682== by 0x43C81B: _presence_handler (presence.c:398)
==18682== by 0x5AF118E: handler_fire_stanza (handler.c:124)
==18682== by 0x5AEDBDA: _handle_stream_stanza (conn.c:1253)
==18682== by 0x5AFA43E: _end_element (parser_expat.c:190)
==18682== by 0x6818AA4: doContent (xmlparse.c:2977)
==18682== by 0x681A3AB: contentProcessor (xmlparse.c:2552)
==18682== by 0x681D7EB: XML_ParseBuffer (xmlparse.c:1988)
==18682== by 0x681D7EB: XML_ParseBuffer (xmlparse.c:1957)
==18682== by 0x5AF0A63: xmpp_run_once (event.c:255)
==18682== by 0x432E5D: connection_check_events (connection.c:104)
==18682== by 0x4323B3: session_process_events (session.c:255)
==18682== by 0x42C097: prof_run (profanity.c:128)
==18682== by 0x4B25B9: main (main.c:172)
```
omemo_key_free() was called to free the key.
It free the key->data too. But in same cases this was not set yet. So
we need to set the data to NULL (or use calloc) at initialization so
that omemo_key_free() only frees it if it was actually allocated.
Regards https://github.com/profanity-im/profanity/issues/1148
so far only the key part was freed. We also need to free the actual
handler.
Fix:
```
==21171== 1,128 bytes in 47 blocks are definitely lost in loss record
3,476 of 3,670
==21171== at 0x483677F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21171== by 0x434248: iq_id_handler_add (iq.c:265)
==21171== by 0x4B122E: omemo_devicelist_request (omemo.c:46)
==21171== by 0x4AC411: omemo_start_session (omemo.c:409)
==21171== by 0x4AC37C: omemo_start_sessions (omemo.c:396)
==21171== by 0x447881: sv_ev_roster_received (server_events.c:189)
==21171== by 0x444019: roster_result_handler (roster.c:312)
==21171== by 0x433FC2: _iq_handler (iq.c:202)
==21171== by 0x5AF118E: ??? (in /usr/lib64/libmesode.so.0.0.0)
==21171== by 0x5AEDBDA: ??? (in /usr/lib64/libmesode.so.0.0.0)
==21171== by 0x5AFA43E: ??? (in /usr/lib64/libmesode.so.0.0.0)
==21171== by 0x6818AA4: ??? (in /usr/lib64/libexpat.so.1.6.8)
==21171== by 0x681A3AB: ??? (in /usr/lib64/libexpat.so.1.6.8)
==21171== by 0x681D7EB: XML_ParseBuffer (in
/usr/lib64/libexpat.so.1.6.8)
==21171== by 0x5AF0A63: xmpp_run_once (in
/usr/lib64/libmesode.so.0.0.0)
==21171== by 0x432E5D: connection_check_events (connection.c:104)
==21171== by 0x4323B3: session_process_events (session.c:255)
==21171== by 0x42C097: prof_run (profanity.c:128)
==21171== by 0x4B2627: main (main.c:172)
```
Fix:
```
==20561== 32 bytes in 1 blocks are definitely lost in loss record 1,467
of 3,678
==20561== at 0x483677F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20561== by 0x4B16C9: omemo_start_device_session_handle_bundle
(omemo.c:167)
==20561== by 0x43405E: _iq_handler (iq.c:214)
==20561== by 0x5AF118E: ??? (in /usr/lib64/libmesode.so.0.0.0)
==20561== by 0x5AEDBDA: ??? (in /usr/lib64/libmesode.so.0.0.0)
==20561== by 0x5AFA43E: ??? (in /usr/lib64/libmesode.so.0.0.0)
==20561== by 0x6818AA4: ??? (in /usr/lib64/libexpat.so.1.6.8)
==20561== by 0x681A3AB: ??? (in /usr/lib64/libexpat.so.1.6.8)
==20561== by 0x681D7EB: XML_ParseBuffer (in
/usr/lib64/libexpat.so.1.6.8)
==20561== by 0x5AF0A63: xmpp_run_once (in
/usr/lib64/libmesode.so.0.0.0)
==20561== by 0x432E5D: connection_check_events (connection.c:104)
==20561== by 0x4323B3: session_process_events (session.c:255)
==20561== by 0x42C097: prof_run (profanity.c:128)
==20561== by 0x4B260D: main (main.c:172)
```
In some conditions we just returned without freeing allocated variables.
Should fix following valgrind reported leak:
```
==17941== 19 bytes in 1 blocks are definitely lost in loss record 613 of
3,674
==17941== at 0x483677F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==17941== by 0x5BB0DAA: strdup (strdup.c:42)
==17941== by 0x4B1592: omemo_start_device_session_handle_bundle
(omemo.c:126)
==17941== by 0x43405E: _iq_handler (iq.c:214)
==17941== by 0x5AF118E: ??? (in /usr/lib64/libmesode.so.0.0.0)
==17941== by 0x5AEDBDA: ??? (in /usr/lib64/libmesode.so.0.0.0)
==17941== by 0x5AFA43E: ??? (in /usr/lib64/libmesode.so.0.0.0)
==17941== by 0x6818AA4: ??? (in /usr/lib64/libexpat.so.1.6.8)
==17941== by 0x681A3AB: ??? (in /usr/lib64/libexpat.so.1.6.8)
==17941== by 0x681D7EB: XML_ParseBuffer (in
/usr/lib64/libexpat.so.1.6.8)
==17941== by 0x5AF0A63: xmpp_run_once (in
/usr/lib64/libmesode.so.0.0.0)
==17941== by 0x432E5D: connection_check_events (connection.c:104)
==17941== by 0x4323B3: session_process_events (session.c:255)
==17941== by 0x42C097: prof_run (profanity.c:128)
==17941== by 0x4B2610: main (main.c:172)
```
We call omemo_init() when starting profanity and should have an
omemo_close() at exit.
For now we free the fingerprint autocompleter in there.
Fixes valgrind:
```
==13226== 24 bytes in 1 blocks are definitely lost in loss record 2,855
of 6,958
==13226== at 0x483677F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==13226== by 0x48AD39: autocomplete_new (autocomplete.c:57)
==13226== by 0x4AB89F: omemo_init (omemo.c:127)
==13226== by 0x42C283: _init (profanity.c:206)
==13226== by 0x42BFF3: prof_run (profanity.c:98)
==13226== by 0x4B25E6: main (main.c:172)
```
Regards https://github.com/profanity-im/profanity/issues/1131
Probably missing copy of body to plain in carbon and privmessage.
Only covers the incoming message path because goal is OMEMO decryption
of untrusted message.
Cover some of the log functions but not all.
Implements feature requested at: https://github.com/profanity-im/profanity/issues/632
So instead of:
/time console set <format>
/time chat set <format>
/time muc set <format>
/time mucconfig set <format>
/time private set <format>
/time xml set <format>
As a short cut the user can do:
/time all set <format>
Excluding statusbar and lastactivity settings since they are not for main windows, but used slightly differently.
Some code was duplicated/similar.
The parts about using a chatwin while being started from another window
(recipient provided) and being a chatwin were the same.
Like this it should be easier to read and less code.
In case Python or C plugins are disabled install/load failed silently.
Notify the user that we can't load them because profanity was built
without support for plugins.
Some of the omemo commands depend on the roster being present.
Several of those functions call `assert()` if that's not the case.
Modify omemo autocompletion in such a way that only things that don't
need the roster will be completed. Only works on first level.
When typing `/omemo` it will still complete to `/omemo start` but not
offer suggestions for that, but print a message that you need to be
connected.
Fix https://github.com/profanity-im/profanity/issues/1117
If re-establish a connection don't print the room history again.
In case there there happened nothing at all since we got the room
history on the last connection.
And in case there were no new messages during the time we have been
disconnected.
Instead of printing the room history again we now print 'Re-established
Connection'.
This adds a bit of overhead since we save the timestamp upon every MUC
message.
See: https://github.com/profanity-im/profanity/issues/704
We destory the roster in ev_disconnect_cleanup().
Adding a function to test if the roster has been destroyed and testing
for it in the statusbar.
So now when the connection is lost 'Lost connection' is printed in all
open windows.
We can then reconnect with `/connect accountname`.
Should fix https://github.com/profanity-im/profanity/issues/1083
status_bar_new() and status_bar_active() are almost identical.
Let's use one helper function to not duplicate code.
I thought about renaming both functions into one and adding another
parameter but didn't come up with a good name for the function that
clearly describes what it does. So staying with current names + helper
functions.
Save the name for displaying the windows in the statusbar inside the tab
object.
So far we calculated them repeatedly and this created issues when we
lost the connection.
Regards https://github.com/profanity-im/profanity/issues/1083
If Profanity is disconnected in any way before ping response is
received, the autoping timer will expire after the next connection
is established. As result, user will be disconnected immediately.
Cancel autoping timer in ev_disconnect_cleanup(), so it is done
for all kind of disconnections.
If connection loss occurs, it calls session_disconnect() eventually.
This function clears saved account data which is required for
reconnection. Therefore, when reconnect timer expires, we get errors:
02/06/2019 04:53:42: stderr: ERR: (profanity:17115): GLib-CRITICAL **:
04:53:42.305: g_key_file_has_group: assertion
'group_name != NULL' failed
02/06/2019 04:53:43: prof: ERR: Unable to reconnect, account no longer
exists: (null)
To solve it, don't clear the saved data in session_disconnect(). It will
be cleared properly on connection loss if reconnect timer is not
configured. But won't be cleared with /disconnect command.
So, after /disconnect the data will live in memory until the next
/connect.
Also, remove some copy-paste in connection loss path.
When connection is lost, profanity tries to disconnect what leads
to an infinite loop. The loop occurs, because connection_disconnet()
runs xmpp_run_once() separately and waits for XMPP_CONN_DISCONNECT
event. But it doesn't happen, because the connection object is
disconnected.
As solution, don't disconnect after XMPP_CONN_DISCONNECT is received.
Also, don't free libstrophe objects while the event loops executes,
because the event loop continues using objects after callbacks quit.
mblen will fail with return code -1 if the locale used by the unit tests
isn't available on the machine. This will lead to an off by one error in some
tests where the needle is at the end of the haystack.
Since prof_occurrences expect null-terminated strings, the character after
the needle can simply be found by incrementing the address of the found needle
with strlen(needle).
`/occupants char` now sets a character that is displayed before the nick
in MUCs. Similar like `/roster char` is displaying a char for the roster.
Regards #690
This is actually not needed because result will always be set.
hartmann had problems building profanity on OpenBSD and he proposed this
patch.
Let's use it to make the compiler happy there.
`/occupants header char` now sets a character that is displayed before
the role (moderator, visitor..) in a room. Similar to `/roster header
char` is displaying a char for the roster.
Regards https://github.com/boothj5/profanity/issues/690
Roster has a `/roster contact indent` option.
Now we have the same for occupants. So contacts in roster and in MUC can
have configurable indentation.
Regards https://github.com/boothj5/profanity/issues/690
Presence of contact not found in roster are filtered out.
But sometimes roster is received after a first few presences.
We choose to store presences until we receive roster and then process
this presences.
Fixes#1050
When auto joining a MUC we don't have access to required information so
we just don't start OMEMO at this time.
Once we receive disco info we then try to start OMEMO.
There is 3 policy:
- manual: OMEMO session are only started manually
- automatic: OMEMO session are only started if they have been started
manually before
- always: OMEMO session are always started unless they have been ended
manually before
Closes#1040 and fixes#1052
If OMEMO wasn't loaded, removing key would create empty identity.txt
file. Then at load time it would segfault profanity.
Another commit should fix load of malformed identity.txt.
When connecting for the first time or when creating a new account don't
use only 'profanity' as default resource.
Some server don't support having 2 connection with same resource. Using
profanity as default lead to deconnections.
When decrypting first message with prekey, libsignal wants to remove
used prekey from storage. Return value on success should be 0.
We used to return number of deleted keys. Thus libsignal was considering
we failed to remove the key and we were ignoring plaintext.
Reflected messages can't be filtered by nick only otherwise you might
ignore messages comming from you on another devices.
Consequently we maintain a list of sent messages id in mucwin.
To be sure the id will be correctly reflected we use the origin-id
stanza.
Ensure we request device_list and remove non conforming handling of
responses.
Move initialisation of iq_handlers before call to sv_ev_login_account_success
Store hints are required has some server might discard messages without
body. Here we ensure OMEMO messages are stored on server and delivered
to client when they connect back.
It's really important since it avoid libsignal to desynchronize
counters.
We try to decrypt all messages, if it's successful we use
sv_ev_incoming_message even for OMEMO messages. We pass an OMEMO
boolean to let UI be aware that message were encrypted.
The command "/plugins install <path_to_folder> should install all
plugins in the given folder. This commit removes the check if the path
points to a file (which is repeated in the section installing a plugin
from file) and makes the existing code installing multiple plugins accessible
Don't lower account name before calling accounts_get_account().
Only lower if there is no account with the given name and the name is
interpreted as a jid.
Updated unittests to test this behaviour.
Fixes#725
.
After specifying the PGP key ID with pgp.keyid within the accounts file on startup profanity asks for the secret key passphrase. It then doesn't redraw the screen, leaving it in an odd looking state.
This probably only happens with pinentry-curses since it draws in
screen.
We need this fix for cli only environments.
Fixes https://github.com/boothj5/profanity/issues/906 reported by Bob
Mottram.
Based on https://github.com/boothj5/profanity/pull/908 by Bob Mottram
Bob removed his GitHub account, so GitHub created a ghost placeholder
user for him, which unfortunately makes it impossible to cherry-pick
this commit. To more or less preserve authorship I added him as
co-author.
Commit picked and message edited by jubalh.
Co-authored-by: Bob Mottram <bob@freedombone.net>
With all the different kinds of encryption (OMEMO, OTR3 OTR4, PGP in XEP-0027 and XEP-0373) it might be helpful to know which kind of encryption is used.
With this feature user can configure TLS policy for an account and
override it for a single login with /connect command.
Example:
/account set <jid> tls force
/connect <jid> tls trust
The example shows how to trust server's certificate only once.
Fixes#1021.
New tls policy "trust" added to /connect and /account. With the policy
TLS connection is established even with invalid certificate. Note, that
trust policy forces TLS connection and it fails when server doesn't
support TLS.
Examples:
/connect <jid> tls trust
/account <name> set tls trust
Move `p_sha1_hash()` from `common.c` to `xmpp/stanza.c` as it is only
used in this file and now depends on libstrophe so xmpp is a better
namespace folder.
Renaming it as `_stanza_create_sha1_hash()`. And making static since
only used here.
The function cannot be tested in the unit tests anymore.
Once functional tests are working again we should write a test for the
sha1 functionality.
In accordance with Section 3.2.2.1 of XML Schema Part 2: Datatypes, the
allowable lexical representations for the xs:boolean datatype are the
strings "0" and "false" for the concept 'false' and the strings "1" and
"true" for the concept 'true'; implementations MUST support both styles
of lexical representation.
