1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-05 17:23:15 +02:00
Commit Graph

334 Commits

Author SHA1 Message Date
Sébastien Helleu e1fdd9fd71 core: add version 4.9.3 2026-07-05 16:14:16 +02:00
Sébastien Helleu b4ce4e6262 core: update ChangeLog (GHSA-wmpc-m6g9-fwj8) 2026-07-05 14:36:06 +02:00
Sébastien Helleu f65591cb56 api: do not free dynamic string on error in function string_dyn_concat 2026-07-05 12:00:32 +02:00
Sébastien Helleu 20f5ecc6dd core: fix possible buffer overflow in list of commands displayed by /help (issue #2330)
Fix: c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn security vulnerability

Found by OrbisAI Security
2026-07-05 10:26:52 +02:00
orbisai0security aa77bff164 core: fix possible buffer overflow in command /color alias (issue #2330)
Fix: c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn security vulnerability

Automated security fix generated by OrbisAI Security
2026-07-05 10:25:24 +02:00
Sébastien Helleu 031bc877cb core: add issue in ChangeLog (closes #1338) 2026-07-05 09:15:23 +02:00
Sébastien Helleu 08280f472d core: auto-detect terminal background and apply light theme on first start
Detect the terminal background (via COLORFGBG or an OSC 11 query) before
GUI init and, on the first start, automatically apply the built-in
"light" theme when a light terminal is detected.

The function gui_term_theme_is_light returns an int (1 if light, 0 otherwise,
0 being the safe value when detection is unsure).
2026-07-05 08:58:16 +02:00
Sébastien Helleu 460010cc13 core: register built-in "light" theme
Add a small core-theme-builtin.c module containing the core
contribution to the "light" theme: 33 overrides for
"weechat.bar.{status,title}.color_*" and "weechat.color.*" tuned for
light-background terminals.

theme_builtin_init() builds a hashtable from the static entry table and
calls theme_register("light", overrides), then frees the temporary
hashtable. It is called once from weechat_init right after theme_init.
Calling it twice is a no-op (the registry merges identical keys).

Default option values are NOT changed. Existing configs render exactly
as before; users opt in with "/theme apply light".

Add TEST(CoreTheme, BuiltinInit) covering:
  - the "light" theme is absent before theme_builtin_init();
  - it is present after, with >= 30 overrides;
  - three spot-checked values match the source table;
  - calling theme_builtin_init() a second time does not change the
    override count.

Plugins contribute their own "light" overrides via weechat_theme_register
in subsequent commits.
2026-07-05 08:44:01 +02:00
Sébastien Helleu 815edccc8a api: expose theme_register to plugins
Add a single new entry point to the plugin API:

  struct t_theme *weechat_theme_register (const char *name,
                                          struct t_hashtable *overrides);

Plugins call this at init time to contribute their per-theme color (or
other themable) overrides for a built-in theme like "dark". The
overrides hashtable maps full option names ("irc.color.input_nick") to
their string values; the caller retains ownership and may free it
right after the call. Repeated calls with the same theme name merge
into the existing registry entry, so each plugin can declare its own
contributions independently of core and of other plugins.

Wiring:

- struct t_theme forward-declared in weechat-plugin.h alongside the
  other opaque types.
- theme_register function pointer added to t_weechat_plugin.
- weechat_theme_register convenience macro added.
- plugin.c initializes the pointer to core's theme_register.
- WEECHAT_PLUGIN_API_VERSION bumped to 20260704-01.

This commit is plumbing only: the underlying theme_register function
already has unit-test coverage in tests/unit/core/test-core-theme.cpp
(TEST(CoreTheme, Register)), so no new tests are added here.
2026-07-05 08:44:01 +02:00
Sébastien Helleu 23a8a97ad9 core: implement /theme apply with themable enforcement and auto-backup
Implement /theme apply <name> for themes currently in the in-memory
registry. The file-shadowing branch (read a .theme file from
${weechat_config_dir}/themes/ when no built-in matches) is added in
the next commit together with the parser.

Apply algorithm (theme_apply in core-theme.c):

- Look up the theme in the registry; abort with an error if unknown.
- If weechat.look.theme_backup is on and the target name does not
  begin with "backup-", write a full snapshot of every themable
  option to ${weechat_config_dir}/themes/backup-<timestamp>.theme
  via theme_make_backup; abort the apply if the backup cannot be
  written, so the user can always undo.
- Iterate the theme's overrides with theme_applying=1 so the
  per-option config_change_color skips its gui refresh; for each
  entry look up the option, refuse it if missing or non-themable
  (warning to core buffer), otherwise call config_file_option_set.
- Perform a single gui_color_init_weechat + gui_window_ask_refresh
  at the end.
- Persist the active label in weechat.look.theme and send signal
  "theme_applied" with the name as data.

Add the new option weechat.look.theme_backup (boolean, default on)
which controls the backup-or-abort behavior described above.

Wire the new /theme apply subcommand into core-command.c with the
existing /theme registration; update help text accordingly.
2026-07-05 08:44:00 +02:00
Sébastien Helleu abea2e1449 core: add /theme command with list and info subcommands
Add the /theme command with two read-only subcommands for now:

- /theme (or /theme list): list registered themes; the active theme
  (matching weechat.look.theme) is marked with "->".
- /theme info <name>: show name, description, creation date, WeeChat
  version and override count of a theme.

Both subcommands only consider themes present in the in-memory
registry (registered via core/plugins/scripts). User theme files on
disk are not yet handled: the file parser and transient file reads
land in a later commit together with /theme apply.
2026-07-05 08:44:00 +02:00
Sébastien Helleu 06f8dd4cd3 core: add weechat.look.theme option and theme_applying guard
Add a new string option "weechat.look.theme" holding the name of the
last theme applied via the upcoming /theme command. It is set
automatically by /theme apply and persisted on disk for /theme info to
display after restart; it is NOT re-applied at startup (the user's
saved color values win to avoid clobbering manual post-apply tweaks).

Amend config_change_color so it skips the gui_color_init_weechat ()
and gui_window_ask_refresh (1) calls when theme_applying is set.
/theme apply will set this flag while iterating overrides so the N
individual option changes do not trigger N redundant screen refreshes;
the apply path then performs a single refresh at the end.
2026-07-05 08:44:00 +02:00
Sébastien Helleu d8433eaf55 fset: add "t:themable" filter
Extend the "t:" filter so the special value "themable" matches every
option whose new themable flag is set, regardless of type (color,
string, integer, boolean, enum). This makes the flag interactively
discoverable in the fset buffer and is the natural way to inspect the
surface area that an upcoming /theme command will be allowed to touch.

The themable flag of an option is now mirrored on struct t_fset_option,
exposed via hdata ("themable", integer) and infolist ("themable",
integer), and printed in the log.
2026-07-05 00:45:58 +02:00
Sébastien Helleu 68d5004e12 core: add themable flag to configuration options
Add an "int themable" field on struct t_config_option. The flag is set
automatically for every CONFIG_OPTION_TYPE_COLOR option, and may be set
explicitly on any other type by suffixing the type argument with
"|themable" in the call to config_file_new_option (e.g. "string|themable"
for a string option whose value contains "${color:...}" references).

Opt in the relevant string options in core and in the buflist, fset, irc,
relay plugins.

The flag is exposed via hdata, infolist, and print_log so scripts and
/debug can read it. This is the foundation for an upcoming /theme
command that will only be allowed to modify themable options.
2026-07-05 00:45:58 +02:00
Sébastien Helleu 825f05015f core: update ChangeLog (issue #2331) 2026-07-03 07:50:22 +02:00
Sébastien Helleu bfb34faa97 irc: replace "atol" by "atoll" for variables cast to time_t
On modern 32-bit platforms with a 64-bit time_t, long is 32-bit but time_t is
64-bit.
2026-06-21 08:19:42 +02:00
Sébastien Helleu a4b8d7aedd tcl: fix conversion of dates in the API functions
On modern 32-bit platforms with a 64-bit time_t, long is 32-bit but time_t is
64-bit.

Replace calls to Tcl_GetLongFromObj by Tcl_GetWideIntFromObj.
2026-06-21 08:19:42 +02:00
Sébastien Helleu 75b364cd89 ruby: fix conversion of dates in the API functions
On modern 32-bit platforms with a 64-bit time_t, long is 32-bit but time_t is
64-bit.

Replace calls to NUM2ULONG by NUM2ULL.
2026-06-21 08:19:42 +02:00
Sébastien Helleu 914d3df639 python: fix conversion of dates in the API functions
On modern 32-bit platforms with a 64-bit time_t, long is 32-bit but time_t is
64-bit.

Use "long long" for variables cast to time_t.
2026-06-21 08:19:42 +02:00
Sébastien Helleu a5404172c8 perl: fix conversion of dates in the API functions
On modern 32-bit platforms with a 64-bit time_t, the value returned by SvIV can
be 32-bit (its width depends on how Perl was built), whereas time_t is 64-bit.

Read the date with SvNV instead: a double represents all real timestamps
exactly, so the conversion to time_t no longer depends on the size of the Perl
integer type.
2026-06-21 08:19:42 +02:00
Sébastien Helleu 1dd423cb23 lua: fix conversion of dates in the API functions
On modern 32-bit platforms with a 64-bit time_t, long is 32-bit but time_t is
64-bit.

Use "long long" for variables cast to time_t.
2026-06-21 07:43:59 +02:00
Sébastien Helleu 8f33a72c99 guile: fix conversion of dates in the API functions
On modern 32-bit platforms with a 64-bit time_t, long is 32-bit but time_t is
64-bit.

Replace calls to scm_to_long by scm_to_long_long.
2026-06-21 07:42:02 +02:00
Sébastien Helleu 3200a05c00 relay/api: fix memory leak in resources "handshake", "input" and "completion" 2026-06-17 21:54:15 +02:00
Sébastien Helleu 861f589fc2 core: update ChangeLog (#2326) 2026-06-17 21:31:03 +02:00
Sébastien Helleu cf702d541f api: change type of parameter "pos_option_name" to "const char **" in function config_search_with_string 2026-06-15 07:29:33 +02:00
Sébastien Helleu a696a100d8 core: update ChangeLog (#2325) 2026-06-12 13:02:05 +02:00
Sébastien Helleu d78105ddf5 core: add CVE IDs in ChangeLog 2026-06-09 22:10:17 +02:00
Sébastien Helleu 551c12e049 relay/api: add resource GET /api/scripts 2026-06-08 23:04:40 +02:00
Sébastien Helleu 12016c4c05 script: add info "script_languages" 2026-06-08 18:54:06 +02:00
Sébastien Helleu 66e633e27e core: add version 4.9.2 2026-06-07 11:51:55 +02:00
Sébastien Helleu c307087e2d core: update ChangeLog (#2324) 2026-06-06 11:19:14 +02:00
Sébastien Helleu d74993a42c relay: limit size of partial message received while reading an HTTP request to prevent memory exhaustion
A relay client could send data with no end-of-line (an unterminated method
or header line) and dribble its payload, making WeeChat accumulate it in the
partial message buffer that grew without limit, until all memory was
exhausted. This path is reachable before authentication during websocket
initialization with the "weechat" and "irc" protocols.

The accumulated partial message is now bounded by
RELAY_HTTP_PARTIAL_MESSAGE_MAX_LENGTH: once the limit is reached, the extra
data is ignored.
2026-06-06 09:36:22 +02:00
Sébastien Helleu 51464e400f core: add links to issues in ChangeLog (#2321, #2322) 2026-06-06 07:20:41 +02:00
Sébastien Helleu 1c5e6c3fc2 core: update ChangeLog (#2323) 2026-06-06 07:20:38 +02:00
Sébastien Helleu befbcceb7f relay/api: add field "last_read_line_id" in GET /api/buffers 2026-06-06 07:04:46 +02:00
aizu-m 328f86affc irc: fix out-of-bounds read in DCC command with quoted filename 2026-06-04 23:17:58 +02:00
aizu-m 23291acb7b xfer: replace directory separator in remote nick by underscore in download filename 2026-06-04 22:38:08 +02:00
Sébastien Helleu b802681230 api: fix infinite loop in function string_replace when the search string is empty 2026-06-03 21:15:16 +02:00
Sébastien Helleu 3687ce0f0f relay: limit size of received websocket frame and HTTP body to prevent memory exhaustion
A relay client could announce a huge websocket frame (or HTTP body via
"Content-Length") and dribble its payload, making WeeChat accumulate it
in a buffer that grew without limit, until all memory was exhausted. The
websocket frame path is reachable before authentication with the
"weechat" and "irc" protocols.

The announced websocket frame length and HTTP "Content-Length" are now
bounded by WEBSOCKET_FRAME_MAX_LENGTH and RELAY_HTTP_BODY_MAX_LENGTH: an
oversized websocket frame closes the connection, and an oversized body is
rejected.
2026-06-01 21:56:34 +02:00
Sébastien Helleu 1211510ded irc: limit size of data received from the server to prevent memory exhaustion
A malicious or compromised IRC server could send data with no end-of-line
(or a flood of "005" messages), making WeeChat accumulate it in a buffer
that grew without limit, until all memory was exhausted.

The unterminated received message and the accumulated "005" (ISUPPORT)
data are now bounded by IRC_SERVER_RECV_MSG_MAX_LENGTH and
IRC_SERVER_ISUPPORT_MAX_LENGTH: extra data is ignored once the limit is
reached.
2026-06-01 21:53:03 +02:00
Sébastien Helleu d7bc041098 core: add version 4.9.1 2026-05-31 15:09:01 +02:00
Sébastien Helleu 43a118ac47 core: fix timing attack on TOTP validation (GHSA-vhv8-g2r9-cwcc)
weecrypto_totp_validate compared the generated and client-supplied OTPs
with strcmp and broke out of the time-window loop on the first match.
Both choices leaked information via response timing: strcmp leaked the
expected OTP digit-by-digit (shrinking the brute-force search from
~10^digits to a handful of guesses within the 30-second window), and
the early break leaked which window offset matched.

Compare in constant time with string_memcmp_constant_time and always
iterate the full window, OR-ing the result into otp_ok without an
early exit.

This affects both relay protocols (which call totp_validate via the
public info hook) and any other caller of the info hook.
2026-05-31 09:16:46 +02:00
Sébastien Helleu 6948aea626 relay: fix timing attack on password authentication (GHSA-vhv8-g2r9-cwcc)
The relay authentication used non-constant-time comparisons (strcasecmp,
strcmp) to verify password hashes and plaintext passwords, allowing an
attacker to derive the expected hash byte-by-byte from response timing
and then authenticate without knowing the password.

- SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to
  uppercase and compare in constant time over the fixed expected length.
- Plaintext password comparison: HMAC-SHA256 both passwords with a fresh
  per-call random key and compare the fixed-size MACs in constant time,
  hiding both per-byte timing and the password length.

Add string_memcmp_constant_time helper in core, exposed via the plugin
API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
2026-05-31 09:16:15 +02:00
Sébastien Helleu 5dbb96b66a relay: limit size of decompressed websocket frame to prevent memory exhaustion (GHSA-v2v4-45wm-5cr3)
An authenticated relay client using the permessage-deflate websocket
extension could send a small compressed frame that decompresses to an
unbounded amount of data, exhausting all memory and crashing WeeChat.

The output buffer in relay_websocket_inflate is now capped to
WEBSOCKET_INFLATE_MAX_SIZE: frames decompressing beyond this limit are
rejected and the connection is closed.
2026-05-31 09:16:06 +02:00
Sébastien Helleu 1400b6c197 core: add fix of IRC tag in ChangeLog 2026-05-23 13:23:26 +02:00
Sébastien Helleu c71978c0b3 core: fix option weechat.look.color_real_white not applied when color is "white" on 16+ colors terminals (closes #1742) 2026-05-23 12:15:04 +02:00
Sébastien Helleu 5520ed1950 fset: remove error displayed in core buffer when clicking with the mouse below the last option displayed 2026-05-21 13:55:15 +02:00
Sébastien Helleu 815640b840 relay: add option relay.network.unix_socket_permissions (closes #2317) 2026-05-10 19:22:57 +02:00
Sébastien Helleu 3082c2e4e5 core: add condition on connected relay api clients in default value of option weechat.look.hotlist_add_conditions 2026-04-28 21:30:51 +02:00
Sébastien Helleu cead39b52f core: add /mute in default command for key alt+"=" (toggle filters)
Since v4.8.0 and commit d0298b4738, toggling
filters with `/filter toggle` displays a message on core buffer.

This is OK when running the command manually, but not when pressing the key
alt+"=".
2026-03-31 19:12:46 +02:00