about summary refs log tree commit diff
path: root/LICENSE (unfollow)
Commit message (Collapse)Author
2021-11-22Support custom pkg-config executable namesAlyssa Ross
When cross-compiling, it's common to have executables prefixed with the name of the architecture you're building for, e.g. aarch64-unknown-linux-musl-cc or x86_64-unknown-freebsd-pkg-config. Lots of build tools support a PKG_CONFIG environment variable to enable this use case. With this change, I was able to successfully cross-compile and run catgirl.
2021-11-19Cycle between adding colon suffix and not in tab completeJune McEnroe
Allows completing a nick at the beginning of a message without a colon by continuing to press tab, as well as after another nick already followed by a colon without turning it into a comma-separated list of nicks all followed by a colon. For example, tab can be used to cycle between the following pairs: nick1: | nick1 | nick1, nick2: | nick1: nick2 |
2021-11-16Make the /ops response more flavourfulJune McEnroe
How did this normal sounding format string get in there!
2021-11-10Handle RPL_WHOISSPECIALJune McEnroe
<https://modern.ircdocs.horse/index.html#rplwhoisspecial-320>
2021-10-28Parse IRC formatting in timestamp stringJune McEnroe
Strip formatting when calculating the timestamp width to avoid moving a bunch of code around. Use styleAdd (now with an initial style parameter) to show timestamps. This allows changing the style of the timestamps from the default gray using literal IRC formatting codes in the string. Not ideal, but no new options needed. Suggested by Hoël Bézier and Sebastian LaVine.
2021-10-26Fix strptime decode for musl libcpsykose
POSIX does not define a %F for strptime[1], but does define %F for strftime[2]. Afaik most libc's implement %F for both, but musl is very standards-compliant and does not have %F on strptime, leading to unparsed message tag times, which causes all backlog sent from bouncer on startup to have a timestamp of the current time, instead of the actual timestamp sent. [1] https://pubs.opengroup.org/onlinepubs/9699919799/functions/strptime.html [2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/strftime.html
2021-10-17Increment replies for list modes with /modeJune McEnroe
Otherwise only /ban can be used to list bans and /mode b or /mode +b won't show the listing.
2021-10-16Import refactored xdg.c from pounceJune McEnroe
2021-09-27chroot: Factor out and add OpenBSD buildJune McEnroe
2021-09-20Request znc.in/self-message if availableJune McEnroe
catgirl correctly handles receiving "self-messages". pounce always sends them. [1]: https://wiki.znc.in/Query_buffers [2]: https://defs.ircdocs.horse/info/selfmessages.html
2021-09-09Correct handling of colons in SASL PLAINJune McEnroe
Only the first colon should be replaced with a null byte. Ported from pounce.
2021-08-26Match id names case-insensitivelyJune McEnroe
This fixes the case where an IRCd does not normalize channel names, e.g. PRIVMSG #TEST is relayed as-is, rather than as #test or whatever the canonical casing of the channel name is. It also fixes the case of opening a query window with incorrect case, e.g. /query nickserv. However, this solution is only completely correct when CASEMAPPING=ascii.[1] I do not think the extra mappings of CASEMAPPING=rfc1459 are relevant enough to justify adding the code to handle it. [1]: https://modern.ircdocs.horse/#casemapping-parameter
2021-08-25Remove trailing tabJune McEnroe
How embarrassing.
2021-08-15Handle tags without values 1.9aJune McEnroe
Otherwise a tag with no value would cause a segfault trying to unescape the NULL tag pointer. This shouldn't happen for the server tags we parse, but clients could send @+draft/reply with no value.
2021-08-09Fix missing include for flock(2)June McEnroe
On OpenBSD it's in <fcntl.h>, and it gets declared anyway on FreeBSD and macOS. Curiously, on GNU/Linux, LOCK_* are defined, but flock(2) isn't declared.
2021-08-09Silence maybe uninitialized warningJune McEnroe
Wouldn't happen anyway since configPath will always return at least one path.
2021-07-26Use (bright) red for \com text macro 1.9June McEnroe
2021-07-20chroot: Avoid passing paths to -sJune McEnroe
2021-07-20FreeBSD: Revert caph_enter(3) call to cap_enter(2)June McEnroe
caph_enter(3) is the same as cap_enter(2) except that it returns success even if the kernel does not support capability mode. Since we only enter capability mode when explicitly requested by the restrict option, it should fail loudly if it is not supported. On the other hand, we make calls to caph_rights_limit(3) and friends in some places regardless of whether we actually enter capability mode (to keep the code simple), so those should continue to succeed even if capability mode is not supported.
2021-07-20Don't apply uiThreshold to Network and DebugJune McEnroe
Messages don't really need to be hidden from <network> and I think it could be confusing. Debug messages are all Cold so everything would be hidden, and I want to keep them that way so that <debug> doesn't clutter the status line needlessly.
2021-07-20Add -q/quiet option to raise default message visibility thresholdKlemens Nanni
Silencing all windows with `M-+' (across multiple catgirl instances) can be cumbersome, so provide an option to hide events, JOIN/PART noise, etc. by default (each window's threshold will persist across load/save cycles, i.e. when using the `-s/save' option). Started out as `-v | visibility = threshold' to set a specific level, the idea of a simpler toggle comes from june, who also squashed other bugs (as usual).
2021-07-15chat.tmux.conf: Fix base-index settingKlemens Nanni
"base-index" expects integer values, tmux prints a warning at load-time but otherwise ignores the configuration line.
2021-07-15Use /ns in manual exampleKlemens Nanni
Follow a79a3fc "Use NS and CS server aliases".
2021-07-13Move platform-dependent sandboxing code out of mainJune McEnroe
To keep the "main" sequence of events on one screen, while emphasizing that sandboxing happens either side of ircConnect().
2021-07-13Move all UI initialization togetherJune McEnroe
2021-07-13Perform TLS handshake after final pledgeKlemens Nanni
ircConnect() yields a connected TCP socket after which "inet dns" is no longer needed. Possibly having loaded private key material, it seems a tad more comforting to speak TLS *after* dropping any network capabilities (except for socket read/write to the IRC host, of course). Instead of moving the final pledge into irc.c:ircConnect() and thus complicating the code around pledge across two C modules, simply stub out an mnemonic ircHandshake() and call that explicitly. This restores behaviour gained with 981ebc4 "Remove explicit tls_handshake(3) from ircConnect" which was reverted for other reasons.
2021-07-13Explicitly clear TLS secrets afer handshakeKlemens Nanni
No need to keep them at runtime; do so unconditionally for the sake of simplicity. Declare TLS config globally so ircConnect() can clear it and declare both client and config statically as they are not used outside the irc.c module.
2021-07-13Revert "Remove explicit tls_handshake(3) from ircConnect"Klemens Nanni
This reverts commit 981ebc4f12b88fbf52ed0352428a0612dd2c2568. This broke `-o' to print the server certificate; without explicit handshake there will be no tls_read(3) in this short code path.
2021-07-13FreeBSD: Avoid caph_stream_rights(3)June McEnroe
caph_stream_rights(3) doesn't exist before FreeBSD 13.0 and there's no good reason to create that dependency. I still run servers on FreeBSD 12. This is a partial revert of cbc9545cb3f76733030c867f32ddb6a922cd2907.
2021-07-13Disable /exec in Kiosk mode (as documented)Klemens Nanni
2021-07-13/whois takes an optional nick argumentKlemens Nanni
2021-07-13Reword and clarify parts of the manualJune McEnroe
Mostly related to the utilities options.
2021-07-13Use CS command for paramless /op and /voiceJune McEnroe
Should match the actual /cs command.
2021-07-13Condense markup for ignore/highlight formatJune McEnroe
2021-07-13Point out precedence of multiple files and flagsJune McEnroe
2021-07-13Zero out server password after sendingJune McEnroe
Also send it directly using ircSend to avoid copying it and logging it to <debug>.
2021-07-13Make -o/printCert not load any files, pledge even earlierKlemens Nanni
No point in trying to load a self-signed server certificate which we are about to get from the server in the first place. No need to read client certificate/key files when all we want is the server certificate: in TLS the server always sends its certificate before the client replies with any key material, i.e. catgirl sending client data is useless. catgirl(1) synopsis also notes how these options are irrelevant in the -o/printCert case. As a result, ircConfig() no longer requires any filesystem I/O in this case, so hoist the purely network I/O related pledge() call to enforce this -- more secure, self-documenting code!
2021-07-13Attempt to keep "security" in README accurateJune McEnroe
It's a short summary trying to cover different systems...
2021-07-13OpenBSD: merge unveil and pledge logic a bitKlemens Nanni
This reads somewhat clearer as code is grouped by features instead of security mechanisms by simply merging identical tests/conditions. No functional change.
2021-07-13OpenBSD: unveil logs regardless of restrict modeKlemens Nanni
Simplify logic and decouple the two features such that the code gets even more self-ducumenting. Previously `catgirl -R -l' would never unveil and therefore "proc exec" could execute arbitrary paths without "rpath" as is usual unveil/pledge semantic. Now that `catgirl -l' alone triggers unveil(2), previous "proc exec" alone is not enough since the first unveil() hides everything else from filesystem; unveil all of root executable-only in order to restore non-restrict mode's visibility. This leaves yields distinct cases wrt. filesystem visibility (hoisted save file functionality excluded): 1. restrict on, log off: no access 2. restrict on, log on : logdir write/create 3. restrict off, log off: all exec-only 4. restrict off, log on : logdir write/create, all else exec-only In the first case `unveil("/", "")' could be used but with no benefit as the later lack of "rpath wpath cpath", i.e. filesystem access is revoked entirely by pledge alone already. Practically, this does not change functionality but improves correctness and readability.
2021-07-02Save invited channel for /joinJune McEnroe
2021-06-28Move security to the features listJune McEnroe
The restrict option now enables real sandboxing on the two main target systems.
2021-06-28OpenBSD: unveil the log directory specificallyJune McEnroe
The call to logOpen() will have already created the directory. Still use dataMkdir() as a convenient way to get the created path.
2021-06-28FreeBSD: Use capsicum_helpers.hJune McEnroe
2021-06-25Set MANDIR in chrootJune McEnroe
2021-06-25FreeBSD: Limit rights on log directoryJune McEnroe
2021-06-25FreeBSD: Limit rights on save fileJune McEnroe
2021-06-25FreeBSD: Limit rights on stdio and socketJune McEnroe
2021-06-25Remove explicit tls_handshake(3) from ircConnectJune McEnroe
The first call to ircFormat, which calls tls_write(3) in turn, will perform the handshake anyway. This way the handshake happens after the final pledge(2) call.
2021-06-25Move setting CLOEXEC on socket to ircConnectJune McEnroe