Make individual scripts the unit of ownership for theme contributions
so that loading a script that calls weechat.theme_register(...) and
later unloading it correctly removes the script's overrides.
Plugin API addition (weechat-plugin.h):
- new function pointer t_weechat_plugin.theme_unregister_script
delegates to core's theme_unregister_script.
- new convenience macro weechat_theme_unregister_script(script).
- WEECHAT_PLUGIN_API_VERSION bumped to 20260527-02.
Script API additions (plugin-script-api.{c,h}):
- new plugin_script_api_theme_register (plugin, script, name,
overrides) forwards to the plugin API with the script pointer
as the contribution owner, so contributions are tracked
per-script (not per script-language plugin).
Lifecycle wiring (plugin-script.c):
- new file-local plugin_script_remove_themes (plugin, script)
calls weechat_theme_unregister_script.
- plugin_script_remove now calls it alongside the other
plugin_script_remove_* helpers, so script-unload tears down
everything (configs, bar items, themes, hooks).
Eight language bindings updated to call
plugin_script_api_theme_register instead of weechat_theme_register
directly, so they pass the script pointer as owner:
- python, perl, ruby, lua, tcl, javascript, php, guile.
The behavior change is end-to-end visible only at script unload:
before, an unloaded script's theme overrides lingered in the
registry forever and would be re-applied on the next /theme apply;
after, they vanish when the script unloads. /plugin unload of an
entire script-language plugin already worked via commit 24's hook
in plugin_remove (which drops both plugin-only contributions and
their script-owned children when the language plugin itself goes
away, because the contribution's plugin pointer matches).
No new unit tests in this commit: the underlying theme_unregister_script
function is covered by TEST(CoreTheme, UnregisterByOwner), and the
remaining changes are plumbing.
Call theme_unregister_plugin (plugin) from plugin_remove, right after
config_file_free_all_plugin and before unhook_all_plugin. This drops
every theme contribution whose plugin pointer matches the plugin being
unloaded, so subsequent /theme apply runs no longer try to set
options for an unloaded plugin and per-plugin contributions don't
outlive the plugin.
Script-owned contributions (plugin != NULL && script != NULL) are
left intact - they are cleaned up per-script in the next commit.
This commit is wiring only: the underlying theme_unregister_plugin
function and its semantics are already covered by
TEST(CoreTheme, UnregisterByOwner) in the previous commit.
Refactor the theme registry to store one sub-table per contributor
instead of a single merged hashtable. Each registered theme now holds
a linked list of t_theme_contribution entries:
struct t_theme_contribution {
struct t_weechat_plugin *plugin; /* NULL = core */
const void *script; /* NULL for non-script */
struct t_hashtable *overrides;
...
};
Identity of a contributor is the (plugin, script) pair:
- (NULL, NULL) -> core (theme_builtin_init)
- (plugin, NULL) -> plugin-level contribution
- (plugin, script) -> individual script (filled in by next commit)
theme_register is now (plugin, script, name, overrides). It searches
the existing contributions for a matching (plugin, script) and merges
the new overrides into it; otherwise it appends a fresh contribution.
The public macro weechat_theme_register(name, overrides) still takes
two args - it now expands to pass weechat_plugin and NULL for script.
theme_apply iterates contributions in list order, calling
config_file_option_set for each entry; later contributions naturally
win for duplicate keys.
Two new internal helpers prepare for the lifecycle work in the next
two commits:
- theme_unregister_plugin (plugin): drops every contribution owned
by that plugin (with script == NULL).
- theme_unregister_script (plugin, script): drops every contribution
owned by that script.
Neither is called yet; the auto-purge wiring lands in commits 24
(plugin_unloaded signal) and 25 (script API + script-unload hook).
Other touched code:
- core-theme-builtin.c switches to theme_register (NULL, NULL, ...).
- core-command.c /theme info uses theme_overrides_count helper
instead of reaching into theme->overrides (which no longer
exists).
- WEECHAT_PLUGIN_API_VERSION bumped to 20260527-01 (function-pointer
signature change).
Two new tests cover the new semantics:
- UnregisterByOwner: registers four contributions from distinct
(plugin, script) pairs, then prunes by plugin and by script,
asserting per-contribution removal.
- RegisterMergesPerContributor: two successive register calls from
the same (plugin, script) merge into a single contribution with
later keys overriding earlier ones.
Existing tests are updated to use the new theme_register signature,
theme_overrides_count, and theme_get_override (replacing direct
access to theme->overrides->items_count and hashtable_get on
theme->overrides). No plugin or script call sites change - the
public weechat_theme_register macro keeps the same shape.
Add trigger-theme.{c,h} with the trigger plugin contribution to the
built-in "light" theme: 6 entries (flag_command, flag_conditions,
flag_post_action, flag_regex, flag_return_code, regex) tuned for a
light-background terminal.
Same 2D-array pattern as the other plugin contributions.
Default option values are NOT changed.
Add spell-theme.{c,h} with the spell plugin contribution to the
built-in "light" theme: 1 entry (spell.color.misspelled=red) tuned for
a light-background terminal.
Same 2D-array pattern as the other plugin contributions.
Default option values are NOT changed.
Add script-theme.{c,h} with the script plugin contribution to the
built-in "light" theme: 24 entries on script.color.* (status_* and
text_*) tuned for a light-background terminal.
Same 2D-array pattern as the other plugin contributions.
Default option values are NOT changed.
Add relay-theme.{c,h} with the relay plugin contribution to the
built-in "light" theme: 5 entries (status_auth_failed, status_authenticating,
status_connecting, status_disconnected, text_selected) tuned for a
light-background terminal.
Same 2D-array pattern as the other plugin contributions.
Default option values are NOT changed.
Add logger-theme.{c,h} with the logger plugin contribution to the
built-in "light" theme: 2 entries (logger.color.backlog_end=darkgray,
logger.color.backlog_line=darkgray) tuned for a light-background
terminal.
Same 2D-array pattern as the other plugin contributions.
Default option values are NOT changed.
Add exec-theme.{c,h} with the exec plugin contribution to the built-in
"light" theme: 2 entries (exec.color.flag_finished=red,
exec.color.flag_running=green) tuned for a light-background terminal.
Same 2D-array pattern as the other plugin contributions.
Default option values are NOT changed.
Add xfer-theme.{c,h} with the xfer plugin contribution to the built-in
"light" theme: 7 overrides on xfer.color.* (status_aborted,
status_active, status_connecting, status_done, status_failed,
status_waiting, text_selected) tuned for a light-background terminal.
Same NULL-terminated 2D-array pattern as the irc, fset and buflist
contributions; xfer_theme_init() is called once from
weechat_plugin_init after xfer_config_init / xfer_config_read.
Default option values are NOT changed.
Add buflist-theme.{c,h} with the buflist plugin contribution to the
built-in "light" theme: 5 overrides on buflist.format.* options
(buffer_current, hotlist_low, hotlist_message, lag, number) tuned for
a light-background terminal. Each target is a "string|themable" option
holding an evaluated format expression with embedded ${color:...}
references.
Follows the same pattern as the irc and fset contributions: a
NULL-terminated 2D string table consumed by a tiny local register
helper that builds a hashtable and calls weechat_theme_register;
buflist_theme_init() is called once from weechat_plugin_init after
buflist_config_init / buflist_config_read.
Default option values are NOT changed.
Add fset-theme.{c,h} with the fset plugin contribution to the built-in
"light" theme: 47 overrides on fset.color.* options (line backgrounds,
selected-row tuning, title and value colors) tuned for a
light-background terminal.
The table is a NULL-terminated 2-column array of strings (no struct
wrapper, matching the pattern adopted for the irc contribution).
fset_theme_register builds a hashtable from the table and calls
weechat_theme_register; fset_theme_init() is called once from
weechat_plugin_init after fset_config_init / fset_config_read.
Default option values are NOT changed.
Add irc-theme.{c,h} with the IRC plugin contribution to the built-in
"light" theme: 9 overrides on irc.color.* options tuned for a
light-background terminal (input_nick, item_lag_finished,
item_tls_version_deprecated, list_buffer_line_selected,
message_chghost, message_setname, nick_prefixes, topic_new, topic_old).
The registration is a small wrapper around weechat_theme_register that
builds a hashtable from a static (option, value) table and frees it
after the call. irc_theme_init() is called from weechat_plugin_init
after irc_config_init/read so the option names are already created
when the theme registry references them.
Default option values are NOT changed.
Add weechat.theme_register (name, overrides) to all eight script
languages. Each binding is a mechanical translation of the same
signature:
- name: string
- overrides: language-native dict / hash / associative array of
full_option_name -> value strings
- returns: pointer-as-string of the registered t_theme (empty
string on failure)
Each binding converts the dict to a struct t_hashtable using the
existing per-language helper (weechat_python_dict_to_hashtable,
weechat_perl_hash_to_hashtable, weechat_ruby_hash_to_hashtable,
weechat_lua_tohashtable, weechat_tcl_dict_to_hashtable,
weechat_js_object_to_hashtable, weechat_php_array_to_hashtable,
weechat_guile_alist_to_hashtable), calls weechat_theme_register,
frees the temporary hashtable, and returns the result. The new
function is registered right after the config_* functions so the API
listing stays grouped by topic.
PHP also receives a new arginfo entry (string, array -> string) in
both weechat-php_arginfo.h and weechat-php_legacy_arginfo.h.
This is plumbing only - the underlying theme_register function is
already covered by tests/unit/core/test-core-theme.cpp
(TEST(CoreTheme, Register)). No script-side tests are added here.
Add a single new entry point to the plugin API:
struct t_theme *weechat_theme_register (const char *name,
struct t_hashtable *overrides);
Plugins call this at init time to contribute their per-theme color (or
other themable) overrides for a built-in theme like "dark". The
overrides hashtable maps full option names ("irc.color.input_nick") to
their string values; the caller retains ownership and may free it
right after the call. Repeated calls with the same theme name merge
into the existing registry entry, so each plugin can declare its own
contributions independently of core and of other plugins.
Wiring:
- struct t_theme forward-declared in weechat-plugin.h alongside the
other opaque types.
- theme_register function pointer added to t_weechat_plugin.
- weechat_theme_register convenience macro added.
- plugin.c initializes the pointer to core's theme_register.
- WEECHAT_PLUGIN_API_VERSION bumped to 20260526-01.
This commit is plumbing only: the underlying theme_register function
already has unit-test coverage in tests/unit/core/test-core-theme.cpp
(TEST(CoreTheme, Register)), so no new tests are added here.
Extend the "t:" filter so the special value "themable" matches every
option whose new themable flag is set, regardless of type (color,
string, integer, boolean, enum). This makes the flag interactively
discoverable in the fset buffer and is the natural way to inspect the
surface area that an upcoming /theme command will be allowed to touch.
The themable flag of an option is now mirrored on struct t_fset_option,
exposed via hdata ("themable", integer) and infolist ("themable",
integer), and printed in the log.
Add an "int themable" field on struct t_config_option. The flag is set
automatically for every CONFIG_OPTION_TYPE_COLOR option, and may be set
explicitly on any other type by suffixing the type argument with
"|themable" in the call to config_file_new_option (e.g. "string|themable"
for a string option whose value contains "${color:...}" references).
Opt in the relevant string options in core (buffer_time_format,
day_change_message_*, item_time_format, nick_color_force, prefix_*,
chat_nick_colors, eval_syntax_colors, color palette aliases) and in the
buflist, fset, irc, relay plugins.
The flag is exposed via hdata, infolist, and print_log so scripts and
/debug can read it. This is the foundation for an upcoming /theme
command that will only be allowed to modify themable options.
A relay client could send data with no end-of-line (an unterminated method
or header line) and dribble its payload, making WeeChat accumulate it in the
partial message buffer that grew without limit, until all memory was
exhausted. This path is reachable before authentication during websocket
initialization with the "weechat" and "irc" protocols.
The accumulated partial message is now bounded by
RELAY_HTTP_PARTIAL_MESSAGE_MAX_LENGTH: once the limit is reached, the extra
data is ignored.
A relay client could announce a huge websocket frame (or HTTP body via
"Content-Length") and dribble its payload, making WeeChat accumulate it
in a buffer that grew without limit, until all memory was exhausted. The
websocket frame path is reachable before authentication with the
"weechat" and "irc" protocols.
The announced websocket frame length and HTTP "Content-Length" are now
bounded by WEBSOCKET_FRAME_MAX_LENGTH and RELAY_HTTP_BODY_MAX_LENGTH: an
oversized websocket frame closes the connection, and an oversized body is
rejected.
A malicious or compromised IRC server could send data with no end-of-line
(or a flood of "005" messages), making WeeChat accumulate it in a buffer
that grew without limit, until all memory was exhausted.
The unterminated received message and the accumulated "005" (ISUPPORT)
data are now bounded by IRC_SERVER_RECV_MSG_MAX_LENGTH and
IRC_SERVER_ISUPPORT_MAX_LENGTH: extra data is ignored once the limit is
reached.
The IRC relay protocol's PASS handler compared the server password with
the client-supplied value using strcmp, leaking the password byte-by-byte
via response timing. This is the same class of bug fixed for the api and
weechat protocols, on a separate code path that did not go through
relay_auth_check_password_plain.
Extract the HMAC-then-constant-time-compare logic from
relay_auth_check_password_plain into relay_auth_password_equals, then
use it in both the plain-auth wrapper and the IRC PASS handler.
The relay authentication used non-constant-time comparisons (strcasecmp,
strcmp) to verify password hashes and plaintext passwords, allowing an
attacker to derive the expected hash byte-by-byte from response timing
and then authenticate without knowing the password.
- SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to
uppercase and compare in constant time over the fixed expected length.
- Plaintext password comparison: HMAC-SHA256 both passwords with a fresh
per-call random key and compare the fixed-size MACs in constant time,
hiding both per-byte timing and the password length.
Add string_memcmp_constant_time helper in core, exposed via the plugin
API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
An authenticated relay client using the permessage-deflate websocket
extension could send a small compressed frame that decompresses to an
unbounded amount of data, exhausting all memory and crashing WeeChat.
The output buffer in relay_websocket_inflate is now capped to
WEBSOCKET_INFLATE_MAX_SIZE: frames decompressing beyond this limit are
rejected and the connection is closed.
In commit 9a9a262ea1 we moved from
pkg-config to find_package() to work around a deficiency in the pkgsrc
package manager, which does not ship pkg-config files as intended by
CPython.
Modern CMake discourages use of "FOO_LIBRARIES" in all cases, when
imported "interface" libraries can and should be used instead. The meson
equivalent is `dependency()` versus `cc.find_library()`, so this is
certainly a general trend among modern build systems.
An imported interface target, such as the previous PkgConfig::PYTHON,
carries with it the various internal properties such as DEFINITIONS,
INCLUDE_DIRS, or LIBRARIES, and batch applies them. It also avoids
leaking across cmake 2.x style whole-directory scopes.
Use the documented cmake imported interface target for embedding Python
and avoid `add_definitions(${Python_DEFINITIONS})` and similar. As a
bonus, it's also shorter and more concise.
Fixes: 9a9a262ea1
Fixes: https://github.com/weechat/weechat/pull/2251
Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
In commit 9a9a262ea1 we moved from
pkg-config to find_package() to work around a deficiency in the pkgsrc
package manager, which does not ship pkg-config files as intended by
CPython. In the process, Gentoo and other platforms that, unlike pkgsrc,
publicly support multiple versions of python installed in parallel, had
python version selection broken. Consequently, weechat linked to the
wrong python, which happened to be installed in build chroots but was
not the versioned python package that the weechat package listed as a
dependency. Attempting to install weechat then broke on some systems
(which installed one version of python as a dependency but actually
linked to a totally different one).
This happens due to a design bug in upstream CMake. It is never
conceptually reasonable to use
```
find_package(Python COMPONENTS ...)
```
and omit the "Interpreter" component; if you do, CMake will ignore its
own documentation on how to control the build to use a specific python,
and choose one randomly (== "latest version available"). If, and only
if, the Interpreter component is checked, the development headers /
libraries for python will be guaranteed consistent with the documented
lookup variables from FindPython.cmake's documentation.
Bug: https://bugs.gentoo.org/968814
Fixes: 9a9a262ea1
Fixes: https://github.com/weechat/weechat/pull/2251
Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
Sébastien Helleu