Sébastien Helleu
30230498b2
The relay authentication used non-constant-time comparisons (strcasecmp, strcmp) to verify password hashes and plaintext passwords, allowing an attacker to derive the expected hash byte-by-byte from response timing and then authenticate without knowing the password. - SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to uppercase and compare in constant time over the fixed expected length. - Plaintext password comparison: HMAC-SHA256 both passwords with a fresh per-call random key and compare the fixed-size MACs in constant time, hiding both per-byte timing and the password length. Add string_memcmp_constant_time helper in core, exposed via the plugin API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
WeeChat
WeeChat (Wee Enhanced Environment for Chat) is a free chat client, fast and light, designed for many operating systems.
It is highly customizable and extensible with scripts.
Homepage: https://weechat.org/
Features
- Modular chat client: WeeChat has a lightweight core and optional plugins. All plugins (including IRC) are independent and can be unloaded.
- Multi-platform: WeeChat runs on GNU/Linux, *BSD, GNU/Hurd, Haiku, macOS and Windows (Bash/Ubuntu and Cygwin).
- Multi-protocols: WeeChat is designed to support multiple protocols by plugins, like IRC.
- Standards-compliant: the IRC plugin is compliant with RFCs 1459, 2810, 2811, 2812, 2813 and 7194.
- Small, fast, and very light: the core is and should stay as light and fast as possible.
- Customizable and extensible: there are a lot of options to customize WeeChat, and it is extensible with C plugins and scripts (Perl, Python, Ruby, Lua, Tcl, Scheme, JavaScript and PHP).
- Fully documented: there is comprehensive documentation, which is translated into several languages.
- Developed from scratch: WeeChat was built from scratch and is not based on any other client.
- Free software: WeeChat is released under GPLv3.
On WeeChat's website you can find more screenshots.
Installation
WeeChat can be installed using your favorite package manager (recommended) or by compiling it yourself.
For detailed instructions, please check the WeeChat user's guide.
Semantic versioning
WeeChat is following a "practical" semantic versioning, see file CONTRIBUTING.md.
Copyright
Copyright © 2003-2026 Sébastien Helleu
This file is part of WeeChat, the extensible chat client.
WeeChat is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
WeeChat is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with WeeChat. If not, see https://www.gnu.org/licenses/.