The IRC relay protocol's PASS handler compared the server password with
the client-supplied value using strcmp, leaking the password byte-by-byte
via response timing. This is the same class of bug fixed for the api and
weechat protocols, on a separate code path that did not go through
relay_auth_check_password_plain.
Extract the HMAC-then-constant-time-compare logic from
relay_auth_check_password_plain into relay_auth_password_equals, then
use it in both the plain-auth wrapper and the IRC PASS handler.
The relay authentication used non-constant-time comparisons (strcasecmp,
strcmp) to verify password hashes and plaintext passwords, allowing an
attacker to derive the expected hash byte-by-byte from response timing
and then authenticate without knowing the password.
- SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to
uppercase and compare in constant time over the fixed expected length.
- Plaintext password comparison: HMAC-SHA256 both passwords with a fresh
per-call random key and compare the fixed-size MACs in constant time,
hiding both per-byte timing and the password length.
Add string_memcmp_constant_time helper in core, exposed via the plugin
API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
An authenticated relay client using the permessage-deflate websocket
extension could send a small compressed frame that decompresses to an
unbounded amount of data, exhausting all memory and crashing WeeChat.
The output buffer in relay_websocket_inflate is now capped to
WEBSOCKET_INFLATE_MAX_SIZE: frames decompressing beyond this limit are
rejected and the connection is closed.
If pygmentize is not found, the build now emits a CMake warning and
proceeds with an empty dark theme stylesheet rather than aborting.
A non-zero exit from pygmentize is also downgraded from SEND_ERROR to
WARNING for the same reason. This restores the pre-existing behavior
where the documentation could be built without any pygments tooling
installed (Asciidoctor then renders code blocks as plain text).
Syntax highlighting now follows the user's `prefers-color-scheme`:
- Light theme uses the pygments `default` style, embedded by Asciidoctor as before.
- Dark theme uses the pygments `monokai` style, generated at CMake
configure time via `pygmentize` and injected into the docinfo through a
`@PYGMENTS_DARK_CSS@` placeholder, scoped under
`@media (prefers-color-scheme: dark)`.
To support template substitution, `doc/docinfo.html` is renamed to
`docinfo.html.in` and produced into the build directory via
`configure_file`; all HTML targets now depend on the generated docinfo
and the `docinfodir` attribute points to the binary dir.
Code blocks also gain a subtle 3D bevel:
- `pre` borders use theme-specific bevel colors (`--pre-bevel-light` on
top/left, `--pre-bevel-dark` on bottom/right) for a raised look in both
themes.
- A shared `--pre-bevel-bg` surface color is applied to literalblock,
listingblock and `pre.pygments`, so all code blocks sit on the same
background regardless of the pygments style.
- `pre { line-height: 1.25 }` is forced to keep line spacing consistent
between light (Asciidoctor base `1.45`) and dark (pygments `125%`).
`python3-pygments` is added to the documented build dependencies (the
`pygmentize` binary it provides is required at configure time).
Sébastien Helleu