checksum: Move checksum operation to a thread

Since commit 747a52aae8 users have to
opt-out of using SSL when creating a new server. This commit makes
it so /SERVER also uses SSL by default.

In order to connect insecurely users must now use one of these
methods:

    /SERVER -insecure irc.example.com
    /SERVER irc.example.com -6667

The `-ssl` flag and the `+port` syntax have been retained for compat
reasons.

.github/workflows/flatpak-build.yml

@@ -1,7 +1,7 @@
 name: Flatpak Build
 on: [push, pull_request]
 jobs:
-  build:
+  flatpak_build:
     runs-on: ubuntu-latest
     container:
       image: bilelmoussaoui/flatpak-github-actions:gnome-40

.github/workflows/msys-build.yml

@@ -0,0 +1,40 @@
+name: MSYS2 Build
+on: [push, pull_request]
+
+jobs:
+  msys2_build:
+    runs-on: windows-latest
+    defaults:
+      run:
+        shell: msys2 {0}
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: msys2/setup-msys2@v2
+        with:
+          install: >-
+            mingw-w64-x86_64-gcc
+            mingw-w64-x86_64-pkg-config
+            mingw-w64-x86_64-python3-cffi
+            mingw-w64-x86_64-meson
+            mingw-w64-x86_64-gtk2
+            mingw-w64-x86_64-luajit
+            mingw-w64-x86_64-desktop-file-utils
+
+      - name: Configure
+        run: >-
+          meson build
+          -Dtext-frontend=true
+          -Ddbus=disabled
+          -Dwith-upd=false
+          -Dwith-perl=false
+
+      - name: Build
+        run: ninja -C build
+
+      - name: Test
+        run: ninja -C build test
+
+      - name: Install
+        run: ninja -C build install

.github/workflows/ubuntu-build.yml

@@ -1,7 +1,7 @@
 name: Ubuntu Build
 on: [push, pull_request]
 jobs:
-  build:
+  ubuntu_build:
     runs-on: ubuntu-20.04
 
     steps:
@@ -10,7 +10,7 @@ jobs:
       - name: Install Dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install -y meson libcanberra-dev libdbus-glib-1-dev libglib2.0-dev libgtk2.0-dev libluajit-5.1-dev libpci-dev libperl-dev libproxy-dev libssl-dev python3-dev python3-cffi mono-devel desktop-file-utils
+          sudo apt-get install -y meson libcanberra-dev libdbus-glib-1-dev libglib2.0-dev libgtk2.0-dev libluajit-5.1-dev libpci-dev libperl-dev libssl-dev python3-dev python3-cffi mono-devel desktop-file-utils
 
       - name: Configure
         run: meson build -Dtext=true -Dtheme-manager=true -Dauto_features=enabled

.github/workflows/windows-build.yml

@@ -2,7 +2,7 @@ name: Windows Build
 on: [push, pull_request]
 
 jobs:
-  build:
+  windows_build:
     runs-on: windows-2019
     strategy:
       matrix:
@@ -28,7 +28,7 @@ jobs:
           Invoke-WebRequest https://dl.hexchat.net/misc/idpsetup-1.5.1.exe -OutFile deps\idpsetup.exe
           & deps\idpsetup.exe /VERYSILENT
 
-          Invoke-WebRequest https://dl.hexchat.net/gtk/gtk-${{ matrix.platform }}-2018-08-29.7z -OutFile deps\gtk-${{ matrix.arch }}.7z
+          Invoke-WebRequest https://dl.hexchat.net/gtk/gtk-${{ matrix.platform }}-2018-08-29-openssl1.1.7z -OutFile deps\gtk-${{ matrix.arch }}.7z
           & 7z.exe x deps\gtk-${{ matrix.arch }}.7z -oC:\gtk-build\gtk
 
           Invoke-WebRequest https://dl.hexchat.net/gtk-win32/gendef-20111031.7z -OutFile deps\gendef.7z
@@ -41,11 +41,11 @@ jobs:
           & 7z.exe x deps\perl-${{ matrix.arch }}.7z -oC:\gtk-build\perl-5.20\${{ matrix.platform }}
 
           New-Item -Path "c:\gtk-build" -Name "python-2.7" -ItemType "Directory"
-          New-Item -Path "c:\gtk-build" -Name "python-3.6" -ItemType "Directory"
+          New-Item -Path "c:\gtk-build" -Name "python-3.8" -ItemType "Directory"
           New-Item -Path "c:\gtk-build\python-2.7" -Name "${{ matrix.platform }}" -ItemType "SymbolicLink" -Value "C:/hostedtoolcache/windows/Python/2.7.18/${{ matrix.arch }}"
-          New-Item -Path "c:\gtk-build\python-3.6" -Name "${{ matrix.platform }}" -ItemType "SymbolicLink" -Value "C:/hostedtoolcache/windows/Python/3.6.8/${{ matrix.arch }}"
+          New-Item -Path "c:\gtk-build\python-3.8" -Name "${{ matrix.platform }}" -ItemType "SymbolicLink" -Value "C:/hostedtoolcache/windows/Python/3.8.10/${{ matrix.arch }}"
 
-          C:/hostedtoolcache/windows/Python/3.6.8/${{ matrix.arch }}/python.exe -m pip install cffi
+          C:/hostedtoolcache/windows/Python/3.8.10/${{ matrix.arch }}/python.exe -m pip install cffi
           C:/hostedtoolcache/windows/Python/2.7.18/${{ matrix.arch }}/python.exe -m pip install -qq cffi
         shell: powershell
 

data/icons/meson.build

@@ -1,9 +1,11 @@
 icondir = join_paths(get_option('datadir'), 'icons/hicolor')
 install_data(
   'hexchat.png',
+  rename: 'io.github.Hexchat.png',
   install_dir: join_paths(icondir, '48x48/apps')
 )
 install_data(
   'hexchat.svg',
+  rename: 'io.github.Hexchat.svg',
   install_dir: join_paths(icondir, 'scalable/apps')
 )

data/misc/io.github.Hexchat.Plugin.metainfo.xml.in

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <component type="addon">
   <id>io.github.Hexchat.Plugin.@NAME@</id>
-  <extends>io.github.Hexchat.desktop</extends>
+  <extends>io.github.Hexchat</extends>
   <name>@NAME@ Plugin</name>
   <summary>@SUMMARY@</summary>
   <url type="homepage">https://hexchat.github.io/</url>

data/misc/io.github.Hexchat.appdata.xml.in

@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<component type="desktop">
-  <id>io.github.Hexchat.desktop</id>
+<component type="desktop-application">
+  <id>io.github.Hexchat</id>
   <name>HexChat</name>
+  <launchable type="desktop-id">io.github.Hexchat.desktop</launchable>
   <developer_name>HexChat</developer_name>
   <metadata_license>CC0-1.0</metadata_license>
   <project_license>GPL-2.0+</project_license>
@@ -26,6 +27,35 @@
     <id>hexchat.desktop</id>
   </provides>
   <releases>
+    <release date="2022-02-12" version="2.16.1">
+      <description>
+        <p>This is a minor release with mostly bug-fixes:</p>
+        <ul>
+          <li>Add `-NOOVERRIDE` flag to the `GUI COLOR` command</li>
+          <li>Add `-q` (quiet) flag to the `EXECWRITE` command</li>
+          <li>Rename installed icon to match app-id (Fixes notification icon)</li>
+          <li>Fix escaping already escaped URLs when opening them</li>
+          <li>Fix Python scripts not being opened as UTF-8</li>
+          <li>Fix `TIMER` command supporting decimals regardless of locale</li>
+        </ul>
+      </description>
+    </release>
+    <release date="2021-10-01" version="2.16.0">
+      <description>
+        <p>This is a feature release:</p>
+        <ul>
+          <li>Add support for IRCv3 SETNAME, invite-notify, account-tag, standard replies, and UTF8ONLY</li>
+          <li>Add support for strikethrough formatting</li>
+          <li>Fix text clipping issues by respecting font line height</li>
+          <li>Fix URLs not being escaped when opened</li>
+          <li>Fix possible hang when showing notifications</li>
+          <li>Print ChanServ notices in the front tab by default</li>
+          <li>Update network list</li>
+          <li>python: Rewrite plugin improving memory usage and compatibility</li>
+          <li>fishlim: Add support for CBC and other improvements</li>
+        </ul>
+      </description>
+    </release>
     <release date="2019-12-20" version="2.14.3">
       <description>
         <p>This is a bug-fix release:</p>

data/misc/io.github.Hexchat.desktop.in.in

@@ -4,7 +4,7 @@ GenericName=IRC Client
 Comment=Chat with other people online
 Keywords=IM;Chat;
 Exec=@exec_command@
-Icon=hexchat
+Icon=io.github.Hexchat
 Terminal=false
 Type=Application
 Categories=GTK;Network;IRCClient;

flatpak/io.github.Hexchat.json

@@ -5,7 +5,6 @@
   "runtime-version": "40",
   "sdk": "org.gnome.Sdk",
   "command": "hexchat",
-  "rename-icon": "hexchat",
   "finish-args": [
     "--share=ipc",
     "--socket=x11",
@@ -31,7 +30,7 @@
   "modules": [
     "shared-modules/gtk2/gtk2.json",
     "shared-modules/gtk2/gtk2-common-themes.json",
-    "shared-modules/dbus-glib/dbus-glib-0.110.json",
+    "shared-modules/dbus-glib/dbus-glib.json",
     "shared-modules/lua5.3/lua-5.3.5.json",
     "shared-modules/libcanberra/libcanberra.json",
     "python3-cffi.json",

meson.build

@@ -1,5 +1,5 @@
 project('hexchat', 'c',
-  version: '2.14.3',
+  version: '2.16.1',
   meson_version: '>= 0.47.0',
   default_options: [
     'c_std=gnu89',
@@ -13,7 +13,7 @@ gnome = import('gnome')
 cc = meson.get_compiler('c')
 
 
-libgio_dep = dependency('gio-2.0', version: '>= 2.34.0')
+libgio_dep = dependency('gio-2.0', version: '>= 2.36.0')
 libgmodule_dep = dependency('gmodule-2.0')
 
 libcanberra_dep = dependency('libcanberra', version: '>= 0.22',
@@ -22,7 +22,7 @@ dbus_glib_dep = dependency('dbus-glib-1', required: get_option('dbus'))
 
 global_deps = []
 if cc.get_id() == 'msvc'
-  libssl_dep = cc.find_library('libeay32')
+  libssl_dep = cc.find_library('libssl')
 else
   libssl_dep = dependency('openssl', version: '>= 0.9.8',
                           required: get_option('tls'))
@@ -34,6 +34,7 @@ config_h.set_quoted('PACKAGE_NAME', meson.project_name())
 config_h.set_quoted('GETTEXT_PACKAGE', 'hexchat')
 config_h.set_quoted('LOCALEDIR', join_paths(get_option('prefix'),
                                  get_option('datadir'), 'locale'))
+config_h.set_quoted('G_LOG_DOMAIN', 'hexchat')
 config_h.set10('ENABLE_NLS', true)
 
 # Optional features
@@ -46,8 +47,8 @@ config_h.set('G_DISABLE_SINGLE_INCLUDES', true)
 config_h.set('GTK_DISABLE_DEPRECATED', true)
 config_h.set('GTK_DISABLE_SINGLE_INCLUDES', true)
 config_h.set('GDK_PIXBUF_DISABLE_SINGLE_INCLUDES', true)
-config_h.set('GLIB_VERSION_MAX_ALLOWED', 'GLIB_VERSION_2_34')
-config_h.set('GLIB_VERSION_MIN_REQUIRED', 'GLIB_VERSION_2_34')
+config_h.set('GLIB_VERSION_MAX_ALLOWED', 'GLIB_VERSION_2_36')
+config_h.set('GLIB_VERSION_MIN_REQUIRED', 'GLIB_VERSION_2_36')
 
 # Detected features
 config_h.set('HAVE_MEMRCHR', cc.has_function('memrchr'))

plugins/checksum/checksum.c

@@ -22,218 +22,152 @@
 
 #include "config.h"
 
-#include <stdlib.h>
-#include <glib.h>
-#include <glib/gstdio.h>
 #include <gio/gio.h>
 
 #include "hexchat-plugin.h"
 
-#define BUFSIZE 32768
-#define DEFAULT_LIMIT 256									/* default size is 256 MiB */
-#define SHA256_DIGEST_LENGTH 32
-#define SHA256_BUFFER_LENGTH 65
-
 static hexchat_plugin *ph;									/* plugin handle */
 static char name[] = "Checksum";
 static char desc[] = "Calculate checksum for DCC file transfers";
-static char version[] = "3.1";
+static char version[] = "4.0";
 
 static void
-set_limit (char *size)
+print_sha256_result (hexchat_context *ctx, gboolean send_message, const char *checksum, const char *filename, GError *error)
 {
-	int limit = atoi (size);
+	/* Context may have been destroyed. */
+	/* FIXME: This could still send the PRIVMSG even if the context was closed. */
+	if (!hexchat_set_context (ph, ctx))
+		return;
 
-	if (limit > 0 && limit < INT_MAX)
-	{
-		if (hexchat_pluginpref_set_int (ph, "limit", limit))
-			hexchat_printf (ph, "Checksum: File size limit has successfully been set to: %d MiB\n", limit);
+	if (error)
+		hexchat_printf (ph, "Failed to create checksum for %s: %s", filename, error->message);
+	else if (send_message)
+		hexchat_commandf (ph, "quote PRIVMSG %s :SHA-256 checksum for %s (remote): %s", hexchat_get_info (ph, "channel"), filename, checksum);
 	else
-			hexchat_printf (ph, "Checksum: File access error while saving!\n");
+		hexchat_printf (ph, "SHA-256 checksum for %s (local): %s\n", filename, checksum);
 }
-	else
+
+/* TODO: We could put more info in task data and share the same callback. */
+static void
+on_received_file_sha256_complete (GFile *file, GAsyncResult *result, gpointer user_data)
 {
-		hexchat_printf (ph, "Checksum: Invalid input!\n");
-	}
+	hexchat_context *ctx = user_data;
+	GError *error = NULL;
+	char *sha256 = NULL;
+	const char *filename = g_task_get_task_data (G_TASK (result));
+
+	sha256 = g_task_propagate_pointer (G_TASK (result), &error);
+	print_sha256_result (ctx, FALSE, sha256, filename, error);
+
+	g_free (sha256);
+	g_clear_error (&error);
 }
 
-static int
-get_limit (void)
+static void
+on_sent_file_sha256_complete (GFile *file, GAsyncResult *result, gpointer user_data)
 {
-	int size = hexchat_pluginpref_get_int (ph, "limit");
+	hexchat_context *ctx = user_data;
+	GError *error = NULL;
+	char *sha256 = NULL;
+	const char *filename = g_task_get_task_data (G_TASK (result));
 
-	if (size <= 0 || size >= INT_MAX)
-		return DEFAULT_LIMIT;
-	else
-		return size;
+	sha256 = g_task_propagate_pointer (G_TASK (result), &error);
+	print_sha256_result (ctx, TRUE, sha256, filename, error);
+
+	g_free (sha256);
+	g_clear_error (&error);
 }
 
-static gboolean
-check_limit (GFile *file)
-{
-	GFileInfo *file_info;
-	goffset file_size;
-
-	file_info = g_file_query_info (file, G_FILE_ATTRIBUTE_STANDARD_SIZE, G_FILE_QUERY_INFO_NONE,
-									NULL, NULL);
-
-	if (!file_info)
-		return FALSE;
-
-	file_size = g_file_info_get_size (file_info);
-	g_object_unref (file_info);
-
-	if (file_size > get_limit () * 1048576ll)
-		return FALSE;
-
-	return TRUE;
-}
-
-static gboolean
-sha256_from_stream (GFileInputStream *file_stream, char out_buf[])
+static void
+thread_sha256_file (GTask *task, GFile *file, gpointer task_data, GCancellable *cancellable)
 {
 	GChecksum *checksum;
-	gssize bytes_read;
-	guint8 digest[SHA256_DIGEST_LENGTH];
-	gsize digest_len = sizeof(digest);
-	guchar buffer[BUFSIZE];
-	gsize i;
+	GFileInputStream *istream;
+	guint8 buffer[32768];
+	GError *error = NULL;
+	gssize ret;
+
+	istream = g_file_read (file, cancellable, &error);
+	if (error) {
+		g_task_return_error (task, error);
+		return;
+	}
 
 	checksum = g_checksum_new (G_CHECKSUM_SHA256);
 
-	while ((bytes_read = g_input_stream_read (G_INPUT_STREAM (file_stream), buffer, sizeof (buffer), NULL, NULL)))
-	{
-		if (bytes_read == -1)
-		{
+	while ((ret = g_input_stream_read (G_INPUT_STREAM (istream), buffer, sizeof(buffer), cancellable, &error)) > 0)
+		g_checksum_update (checksum, buffer, ret);
+
+	if (error) {
 		g_checksum_free (checksum);
-			return FALSE;
+		g_task_return_error (task, error);
+		return;
 	}
 
-		g_checksum_update (checksum, buffer, bytes_read);
-	}
-
-	g_checksum_get_digest (checksum, digest, &digest_len);
+	g_task_return_pointer (task, g_strdup (g_checksum_get_string (checksum)), g_free);
 	g_checksum_free (checksum);
-
-	for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
-	{
-		/* out_buf will be exactly SHA256_BUFFER_LENGTH including null */
-		g_sprintf (out_buf + (i * 2), "%02x", digest[i]);
-	}
-
-	return TRUE;
-}
-
-static gboolean
-sha256_from_file (char *filename, char out_buf[])
-{
-	GFileInputStream *file_stream;
-	char *filename_fs;
-	GFile *file;
-
-	filename_fs = g_filename_from_utf8 (filename, -1, NULL, NULL, NULL);
-	if (!filename_fs)
-	{
-		hexchat_printf (ph, "Checksum: Invalid filename (%s)\n", filename);
-		return FALSE;
-	}
-
-	file = g_file_new_for_path (filename_fs);
-	g_free (filename_fs);
-	if (!file)
-	{
-		hexchat_printf (ph, "Checksum: Failed to open %s\n", filename);
-		return FALSE;
-	}
-
-	if (!check_limit (file))
-	{
-		hexchat_printf (ph, "Checksum: %s is larger than size limit. You can increase it with /CHECKSUM SET.\n", filename);
-		g_object_unref (file);
-		return FALSE;
-	}
-
-	file_stream = g_file_read (file, NULL, NULL);
-	if (!file_stream)
-	{
-		hexchat_printf (ph, "Checksum: Failed to read file %s\n", filename);
-		g_object_unref (file);
-		return FALSE;
-	}
-
-	if (!sha256_from_stream (file_stream, out_buf))
-	{
-		hexchat_printf (ph, "Checksum: Failed to generate checksum for %s\n", filename);
-		g_object_unref (file_stream);
-		g_object_unref (file);
-		return FALSE;
-	}
-
-	g_object_unref (file_stream);
-	g_object_unref (file);
-	return TRUE;
 }
 
 static int
 dccrecv_cb (char *word[], void *userdata)
 {
+	GTask *task;
+	char *filename_fs;
+	GFile *file;
+	hexchat_context *ctx;
 	const char *dcc_completed_dir;
-	char *filename, checksum[SHA256_BUFFER_LENGTH];
-
-	/* Print in the privmsg tab of the sender */
-	hexchat_set_context (ph, hexchat_find_context (ph, NULL, word[3]));
+	char *filename;
 
 	if (hexchat_get_prefs (ph, "dcc_completed_dir", &dcc_completed_dir, NULL) == 1 && dcc_completed_dir[0] != '\0')
 		filename = g_build_filename (dcc_completed_dir, word[1], NULL);
 	else
 		filename = g_strdup (word[2]);
 
-	if (sha256_from_file (filename, checksum))
-	{
-		hexchat_printf (ph, "SHA-256 checksum for %s (local): %s\n", word[1], checksum);
+	filename_fs = g_filename_from_utf8 (filename, -1, NULL, NULL, NULL);
+	if (!filename_fs) {
+		hexchat_printf (ph, "Checksum: Invalid filename (%s)\n", filename);
+		g_free (filename);
+		return HEXCHAT_EAT_NONE;
 	}
 
-	g_free (filename);
+	/* Print in the privmsg tab of the sender */
+	ctx = hexchat_find_context (ph, NULL, word[3]);
+
+	file = g_file_new_for_path (filename_fs);
+	task = g_task_new (file, NULL, (GAsyncReadyCallback) on_received_file_sha256_complete, ctx);
+	g_task_set_task_data (task, filename, g_free);
+	g_task_run_in_thread (task, (GTaskThreadFunc) thread_sha256_file);
+
+	g_free (filename_fs);
+	g_object_unref (file);
+	g_object_unref (task);
+
 	return HEXCHAT_EAT_NONE;
 }
 
 static int
 dccoffer_cb (char *word[], void *userdata)
 {
-	char checksum[SHA256_BUFFER_LENGTH];
+	GFile *file;
+	GTask *task;
+	hexchat_context *ctx;
+	char *filename;
 
 	/* Print in the privmsg tab of the receiver */
-	hexchat_set_context (ph, hexchat_find_context (ph, NULL, word[3]));
+	ctx = hexchat_find_context (ph, NULL, word[3]);
 
-	if (sha256_from_file (word[3], checksum))
-	{
-		hexchat_commandf (ph, "quote PRIVMSG %s :SHA-256 checksum for %s (remote): %s", word[2], word[1], checksum);
-	}
+	filename = g_strdup (word[3]);
+	file = g_file_new_for_path (filename);
+	task = g_task_new (file, NULL, (GAsyncReadyCallback) on_sent_file_sha256_complete, ctx);
+	g_task_set_task_data (task, filename, g_free);
+	g_task_run_in_thread (task, (GTaskThreadFunc) thread_sha256_file);
+
+	g_object_unref (file);
+	g_object_unref (task);
 
 	return HEXCHAT_EAT_NONE;
 }
 
-static int
-checksum (char *word[], char *word_eol[], void *userdata)
-{
-	if (!g_ascii_strcasecmp ("GET", word[2]))
-	{
-		hexchat_printf (ph, "File size limit for checksums: %d MiB", get_limit ());
-	}
-	else if (!g_ascii_strcasecmp ("SET", word[2]))
-	{
-		set_limit (word[3]);
-	}
-	else
-	{
-		hexchat_printf (ph, "Usage: /CHECKSUM GET|SET\n");
-		hexchat_printf (ph, "  GET - print the maximum file size (in MiB) to be hashed\n");
-		hexchat_printf (ph, "  SET <filesize> - set the maximum file size (in MiB) to be hashed\n");
-	}
-
-	return HEXCHAT_EAT_ALL;
-}
-
 int
 hexchat_plugin_init (hexchat_plugin *plugin_handle, char **plugin_name, char **plugin_desc, char **plugin_version, char *arg)
 {
@@ -243,13 +177,6 @@ hexchat_plugin_init (hexchat_plugin *plugin_handle, char **plugin_name, char **p
 	*plugin_desc = desc;
 	*plugin_version = version;
 
-	/* this is required for the very first run */
-	if (hexchat_pluginpref_get_int (ph, "limit") == -1)
-	{
-		hexchat_pluginpref_set_int (ph, "limit", DEFAULT_LIMIT);
-	}
-
-	hexchat_hook_command (ph, "CHECKSUM", HEXCHAT_PRI_NORM, checksum, "Usage: /CHECKSUM GET|SET", NULL);
 	hexchat_hook_print (ph, "DCC RECV Complete", HEXCHAT_PRI_NORM, dccrecv_cb, NULL);
 	hexchat_hook_print (ph, "DCC Offer", HEXCHAT_PRI_NORM, dccoffer_cb, NULL);
 

plugins/checksum/meson.build

@@ -3,4 +3,5 @@ shared_module('checksum', 'checksum.c',
   install: true,
   install_dir: plugindir,
   name_prefix: '',
+  vs_module_defs: 'checksum.def',
 )

plugins/exec/meson.build

@@ -1,5 +1,6 @@
 shared_module('exec', 'exec.c',
   dependencies: hexchat_plugin_dep,
   install: true,
-  install_dir: plugindir
+  install_dir: plugindir,
+  vs_module_defs: 'exec.def',
 )

plugins/fishlim/fish.c

@@ -87,6 +87,54 @@ static const signed char fish_unbase64[256] = {
     dest |= (uint8_t)*((source)++); \
 } while (0);
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+static OSSL_PROVIDER *legacy_provider;
+static OSSL_PROVIDER *default_provider;
+static OSSL_LIB_CTX *ossl_ctx;
+#endif
+
+int fish_init(void)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    ossl_ctx = OSSL_LIB_CTX_new();
+    if (!ossl_ctx)
+        return 0;
+
+    legacy_provider = OSSL_PROVIDER_load(ossl_ctx, "legacy");
+    if (!legacy_provider) {
+        fish_deinit();
+        return 0;
+    }
+
+    default_provider = OSSL_PROVIDER_load(ossl_ctx, "default");
+    if (!default_provider) {
+        fish_deinit();
+        return 0;
+    }
+#endif
+    return 1;
+}
+
+void fish_deinit(void)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    if (legacy_provider) {
+        OSSL_PROVIDER_unload(legacy_provider);
+        legacy_provider = NULL;
+    }
+
+    if (default_provider) {
+        OSSL_PROVIDER_unload(default_provider);
+        default_provider = NULL;
+    }
+
+    if (ossl_ctx) {
+        OSSL_LIB_CTX_free(ossl_ctx);
+        ossl_ctx = NULL;
+    }
+#endif
+}
 
 /**
  * Encode ECB FiSH Base64
@@ -228,9 +276,19 @@ char *fish_cipher(const char *plaintext, size_t plaintext_len, const char *key,
             plaintext_len -= 8;
         }
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+        cipher = EVP_CIPHER_fetch(ossl_ctx, "BF-CBC", NULL);
+#else
         cipher = (EVP_CIPHER *) EVP_bf_cbc();
+#endif
+
     } else if (mode == EVP_CIPH_ECB_MODE) {
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+        cipher = EVP_CIPHER_fetch(ossl_ctx, "BF-ECB", NULL);
+#else
         cipher = (EVP_CIPHER *) EVP_bf_ecb();
+#endif
     }
 
     /* Zero Padding */

plugins/fishlim/fish.h

@@ -35,6 +35,8 @@ enum fish_mode {
   FISH_CBC_MODE = 0x2
 };
 
+int fish_init(void);
+void fish_deinit(void);
 char *fish_base64_encode(const char *message, size_t message_len);
 char *fish_base64_decode(const char *message, size_t *final_len);
 char *fish_encrypt(const char *key, size_t keylen, const char *message, size_t message_len, enum fish_mode mode);

plugins/fishlim/fishlim.vcxproj

@@ -29,7 +29,7 @@
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;HAVE_DH_SET0_PQG;HAVE_DH_GET0_KEY;HAVE_DH_SET0_KEY;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <AdditionalIncludeDirectories>$(DepsRoot)\include;$(Glib);..\..\src\common;$(HexChatLib);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>
@@ -40,7 +40,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
-      <PreprocessorDefinitions>WIN32;_WIN64;_AMD64_;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_WIN64;_AMD64_;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;HAVE_DH_SET0_PQG;HAVE_DH_GET0_KEY;HAVE_DH_SET0_KEY;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <AdditionalIncludeDirectories>$(DepsRoot)\include;$(Glib);..\..\src\common;$(HexChatLib);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>

plugins/fishlim/meson.build

@@ -19,4 +19,5 @@ shared_module('fishlim', fishlim_sources,
   install: true,
   install_dir: plugindir,
   name_prefix: '',
+  vs_module_defs: 'fishlim.def',
 )

plugins/fishlim/plugin_hexchat.c

@@ -815,6 +815,9 @@ int hexchat_plugin_init(hexchat_plugin *plugin_handle,
     hexchat_hook_server_attrs(ph, "TOPIC", HEXCHAT_PRI_NORM, handle_incoming, NULL);
     hexchat_hook_server_attrs(ph, "332", HEXCHAT_PRI_NORM, handle_incoming, NULL);
 
+    if (!fish_init())
+        return 0;
+
     if (!dh1080_init())
         return 0;
 
@@ -828,6 +831,7 @@ int hexchat_plugin_init(hexchat_plugin *plugin_handle,
 int hexchat_plugin_deinit(void) {
     g_clear_pointer(&pending_exchanges, g_hash_table_destroy);
     dh1080_deinit();
+    fish_deinit();
 
     hexchat_printf(ph, "%s plugin unloaded\n", plugin_name);
     return 1;

plugins/fishlim/tests/meson.build

@@ -1,17 +1,16 @@
-subdir('old_version')
-
 fishlim_test_sources = [
   'tests.c',
-  'fake/keystore.c',
+  'mock-keystore.c',
   '../fish.c',
   '../utils.c',
 ]
 
 fishlim_tests = executable('fishlim_tests', fishlim_test_sources,
-  dependencies: [libgio_dep, libssl_dep],
-  link_with : fishlim_old_lib
+  dependencies: [libgio_dep, libssl_dep, hexchat_plugin_dep],
+  include_directories: include_directories('..'),
 )
 
 test('Fishlim Tests', fishlim_tests,
-  timeout: 90
+  protocol: 'tap',
+  timeout: 600,
 )

plugins/fishlim/tests/mock-keystore.c

@@ -1,5 +1,4 @@
 /*
-
   Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -22,26 +21,31 @@
 
 */
 
-#include "../../fish.h"
-
+#include "fish.h"
 
 /**
  * Extracts a key from the key store file.
  */
-char *keystore_get_key(const char *nick, enum fish_mode *mode) {
+char *
+keystore_get_key(const char *nick, enum fish_mode *mode)
+{
     return NULL;
 }
 
 /**
  * Sets a key in the key store file.
  */
-gboolean keystore_store_key(const char *nick, const char *key, enum fish_mode mode) {
+gboolean
+keystore_store_key(const char *nick, const char *key, enum fish_mode mode)
+{
     return TRUE;
 }
 
 /**
  * Deletes a nick from the key store.
  */
-gboolean keystore_delete_nick(const char *nick) {
+gboolean
+keystore_delete_nick(const char *nick)
+{
     return TRUE;
 }

plugins/fishlim/tests/old_version/fish.c

@@ -1,155 +0,0 @@
-/*
-
-  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
-
-  Permission is hereby granted, free of charge, to any person obtaining a copy
-  of this software and associated documentation files (the "Software"), to deal
-  in the Software without restriction, including without limitation the rights
-  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-  copies of the Software, and to permit persons to whom the Software is
-  furnished to do so, subject to the following conditions:
-
-  The above copyright notice and this permission notice shall be included in
-  all copies or substantial portions of the Software.
-
-  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-  THE SOFTWARE.
-
-*/
-
-#ifdef __APPLE__
-#define __AVAILABILITYMACROS__
-#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/blowfish.h>
-
-#include "fish.h"
-
-#define IB 64
-static const char fish_base64[64] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
-static const signed char fish_unbase64[256] = {
-    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
-    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
-/*      !  "  #  $  %  &  '  (    )  *  +  ,  -  .  / */
-    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB, 0, 1,
-/*   0  1  2  3  4  5  6  7    8  9  :  ;  <  =  >  ? */
-     2, 3, 4, 5, 6, 7, 8, 9,  10,11,IB,IB,IB,IB,IB,IB,
-/*   @  A  B  C  D  E  F  G    H  I  J  K  L  M  N  O */
-    IB,38,39,40,41,42,43,44,  45,46,47,48,49,50,51,52,
-/*   P  Q  R  S  T  U  V  W    X  Y  Z  [  \  ]  ^  _*/
-    53,54,55,56,57,58,59,60,  61,62,63,IB,IB,IB,IB,IB,
-/*   `  a  b  c  d  e  f  g    h  i  j  k  l  m  n  o */
-    IB,12,13,14,15,16,17,18,  19,20,21,22,23,24,25,26,
-/*   p  q  r  s  t  u  v  w    x  y  z  {  |  }  ~  <del> */
-    27,28,29,30,31,32,33,34,  35,36,37,IB,IB,IB,IB,IB,
-};
-
-#define GET_BYTES(dest, source) do { \
-    *((dest)++) = ((source) >> 24) & 0xFF; \
-    *((dest)++) = ((source) >> 16) & 0xFF; \
-    *((dest)++) = ((source) >> 8) & 0xFF; \
-    *((dest)++) = (source) & 0xFF; \
-} while (0);
-
-
-char *__old_fish_encrypt(const char *key, size_t keylen, const char *message) {
-    BF_KEY bfkey;
-    size_t messagelen;
-    size_t i;
-    int j;
-    char *encrypted;
-    char *end;
-    unsigned char bit;
-    unsigned char word;
-    unsigned char d;
-    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
-    
-    messagelen = strlen(message);
-    if (messagelen == 0) return NULL;
-    encrypted = g_malloc(((messagelen - 1) / 8) * 12 + 12 + 1); /* each 8-byte block becomes 12 bytes */
-    end = encrypted;
-     
-    while (*message) {
-        /* Read 8 bytes (a Blowfish block) */
-        BF_LONG binary[2] = { 0, 0 };
-        unsigned char c;
-        for (i = 0; i < 8; i++) {
-            c = message[i];
-            binary[i >> 2] |= c << 8*(3 - (i&3));
-            if (c == '\0') break;
-        }
-        message += 8;
-        
-        /* Encrypt block */
-        BF_encrypt(binary, &bfkey);
-        
-        /* Emit FiSH-BASE64 */
-        bit = 0;
-        word = 1;
-        for (j = 0; j < 12; j++) {
-            d = fish_base64[(binary[word] >> bit) & 63];
-            *(end++) = d;
-            bit += 6;
-            if (j == 5) {
-                bit = 0;
-                word = 0;
-            }
-        }
-        
-        /* Stop if a null terminator was found */
-        if (c == '\0') break;
-    }
-    *end = '\0';
-    return encrypted;
-}
-
-
-char *__old_fish_decrypt(const char *key, size_t keylen, const char *data) {
-    BF_KEY bfkey;
-    size_t i;
-    char *decrypted;
-    char *end;
-    unsigned char bit;
-    unsigned char word;
-    unsigned char d;
-    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
-    
-    decrypted = g_malloc(strlen(data) + 1);
-    end = decrypted;
-    
-    while (*data) {
-        /* Convert from FiSH-BASE64 */
-        BF_LONG binary[2] = { 0, 0 };
-        bit = 0;
-        word = 1;
-        for (i = 0; i < 12; i++) {
-            d = fish_unbase64[(const unsigned char)*(data++)];
-            if (d == IB) goto decrypt_end;
-            binary[word] |= (unsigned long)d << bit;
-            bit += 6;
-            if (i == 5) {
-                bit = 0;
-                word = 0;
-            }
-        }
-        
-        /* Decrypt block */
-        BF_decrypt(binary, &bfkey);
-        
-        /* Copy to buffer */
-        GET_BYTES(end, binary[0]);
-        GET_BYTES(end, binary[1]);
-    }
-    
-  decrypt_end:
-    *end = '\0';
-    return decrypted;
-}

plugins/fishlim/tests/old_version/fish.h

@@ -1,37 +0,0 @@
-/*
-
-  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
-
-  Permission is hereby granted, free of charge, to any person obtaining a copy
-  of this software and associated documentation files (the "Software"), to deal
-  in the Software without restriction, including without limitation the rights
-  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-  copies of the Software, and to permit persons to whom the Software is
-  furnished to do so, subject to the following conditions:
-
-  The above copyright notice and this permission notice shall be included in
-  all copies or substantial portions of the Software.
-
-  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-  THE SOFTWARE.
-
-*/
-
-#ifndef FISH_OLD_H
-#define FISH_OLD_H
-
-#include <stddef.h>
-
-#include <glib.h>
-
-char *__old_fish_encrypt(const char *key, size_t keylen, const char *message);
-char *__old_fish_decrypt(const char *key, size_t keylen, const char *data);
-
-#endif
-
-

plugins/fishlim/tests/old_version/meson.build

@@ -1,4 +0,0 @@
-fishlim_old_lib = shared_library('fishlim_old_lib',
-  ['fish.c'],
-  dependencies: [libgio_dep, libssl_dep],
-)

plugins/fishlim/tests/tests.c

@@ -1,5 +1,4 @@
 /*
-
   Copyright (c) 2020 <bakasura@protonmail.ch>
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -22,22 +21,20 @@
 
 */
 
-#ifndef PLUGIN_HEXCHAT_FISHLIM_TEST_H
-#define PLUGIN_HEXCHAT_FISHLIM_TEST_H
-
-// Libs
+#include <string.h>
 #include <glib.h>
-// Project Libs
-#include "../fish.h"
-#include "../utils.h"
-#include "old_version/fish.h"
+
+#include "fish.h"
+#include "utils.h"
 
 /**
  * Auxiliary function: Generate a random string
  * @param out Preallocated string to fill
  * @param len Size of bytes to fill
  */
-void random_string(char *out, size_t len) {
+static void
+random_string(char *out, size_t len)
+{
     GRand *rand = NULL;
     int i = 0;
 
@@ -51,13 +48,14 @@ void random_string(char *out, size_t len) {
     g_rand_free(rand);
 }
 
-
 /**
- * Check encrypt and decrypt in ECB mode and compare with old implementation
+ * Check encrypt and decrypt in ECB mode
  */
-void __ecb(void) {
-    char *bo64 = NULL, *b64 = NULL;
-    char *deo = NULL, *de = NULL;
+static void
+test_ecb(void)
+{
+    char *b64 = NULL;
+    char *de = NULL;
     int key_len, message_len = 0;
     char key[57];
     char message[1000];
@@ -71,36 +69,20 @@ void __ecb(void) {
             random_string(message, message_len);
 
             /* Encrypt */
-            bo64 = __old_fish_encrypt(key, key_len, message);
-            g_assert_nonnull(bo64);
             b64 = fish_encrypt(key, key_len, message, message_len, FISH_ECB_MODE);
             g_assert_nonnull(b64);
-            g_assert_cmpuint(g_strcmp0(b64, bo64), == , 0);
 
             /* Decrypt */
             /* Linear */
-            deo = __old_fish_decrypt(key, key_len, bo64);
             de = fish_decrypt_str(key, key_len, b64, FISH_ECB_MODE);
-            g_assert_nonnull(deo);
-            g_assert_nonnull(de);
-            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
-            g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
-            g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
-            g_free(deo);
-            g_free(de);
-            /* Mixed */
-            deo = __old_fish_decrypt(key, key_len, b64);
-            de = fish_decrypt_str(key, key_len, bo64, FISH_ECB_MODE);
-            g_assert_nonnull(deo);
-            g_assert_nonnull(de);
-            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
-            g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
-            g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
-            g_free(deo);
+			g_assert_cmpstr (de, ==, message);
+            g_free(de);
+	
+            /* Mixed */
+            de = fish_decrypt_str(key, key_len, b64, FISH_ECB_MODE);
+			g_assert_cmpstr (de, ==, message);
             g_free(de);
 
-            /* Free */
-            g_free(bo64);
             g_free(b64);
         }
     }
@@ -109,7 +91,9 @@ void __ecb(void) {
 /**
  * Check encrypt and decrypt in CBC mode
  */
-void __cbc(void) {
+static void
+test_cbc(void)
+{
     char *b64 = NULL;
     char *de = NULL;
     int key_len, message_len = 0;
@@ -131,11 +115,9 @@ void __cbc(void) {
             /* Decrypt */
             /* Linear */
             de = fish_decrypt_str(key, key_len, b64, FISH_CBC_MODE);
-            g_assert_nonnull(de);
-            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
+            g_assert_cmpstr (de, ==, message);
             g_free(de);
 
-            /* Free */
             g_free(b64);
         }
     }
@@ -144,33 +126,34 @@ void __cbc(void) {
 /**
  * Check the calculation of final length from an encoded string in Base64
  */
-void __base64_len(void) {
+static void
+test_base64_len (void)
+{
     char *b64 = NULL;
-    int i, message_len = 0;
     char message[1000];
+    int message_end = sizeof (message) - 1;
 
-    for (i = 0; i < 10; ++i) {
+    random_string(message, message_end);
 
-        for (message_len = 1; message_len < 1000; ++message_len) {
-            random_string(message, message_len);
-            b64 = g_base64_encode((const unsigned char *) message, message_len);
+    for (; message_end >= 0; --message_end) {
+        message[message_end] = '\0'; /* Truncate instead of generating new strings */
+        b64 = g_base64_encode((const unsigned char *) message, message_end);
         g_assert_nonnull(b64);
-            g_assert_cmpuint(strlen(b64), == , base64_len(message_len));
+        g_assert_cmpuint(strlen(b64), == , base64_len(message_end));
         g_free(b64);
     }
 }
-}
 
 /**
  * Check the calculation of final length from an encoded string in BlowcryptBase64
  */
-void __base64_fish_len(void) {
+static void
+test_base64_fish_len (void)
+{
     char *b64 = NULL;
-    int i, message_len = 0;
+    int message_len = 0;
     char message[1000];
 
-    for (i = 0; i < 10; ++i) {
-
     for (message_len = 1; message_len < 1000; ++message_len) {
         random_string(message, message_len);
         b64 = fish_base64_encode(message, message_len);
@@ -179,13 +162,13 @@ void __base64_fish_len(void) {
         g_free(b64);
     }
 }
-}
-
 
 /**
  * Check the calculation of final length from an encrypted string in ECB mode
  */
-void __base64_ecb_len(void) {
+static void
+test_base64_ecb_len(void)
+{
     char *b64 = NULL;
     int key_len, message_len = 0;
     char key[57];
@@ -209,7 +192,9 @@ void __base64_ecb_len(void) {
 /**
  * Check the calculation of final length from an encrypted string in CBC mode
  */
-void __base64_cbc_len(void) {
+static void
+test_base64_cbc_len(void)
+{
     char *b64 = NULL;
     int key_len, message_len = 0;
     char key[57];
@@ -233,7 +218,9 @@ void __base64_cbc_len(void) {
 /**
  * Check the calculation of length limit for a plaintext in each encryption mode
  */
-void __max_text_command_len(void) {
+static void
+test_max_text_command_len(void)
+{
     int max_encoded_len, plaintext_len;
     enum fish_mode mode;
 
@@ -248,17 +235,16 @@ void __max_text_command_len(void) {
 /**
  * Check the calculation of length limit for a plaintext in each encryption mode
  */
-void __foreach_utf8_data_chunks(void) {
+static void
+test_foreach_utf8_data_chunks(void)
+{
     GRand *rand = NULL;
     GString *chunks = NULL;
-    int tests, max_chunks_len, chunks_len;
+    int  max_chunks_len, chunks_len;
     char ascii_message[1001];
     char *data_chunk = NULL;
 
     rand = g_rand_new();
-
-    for (tests = 0; tests < 1000; ++tests) {
-
     max_chunks_len = g_rand_int_range(rand, 2, 301);
     random_string(ascii_message, 1000);
 
@@ -273,25 +259,27 @@ void __foreach_utf8_data_chunks(void) {
     }
     /* Check data loss */
     g_assert_cmpstr(chunks->str, == , ascii_message);
+
     g_string_free(chunks, TRUE);
-    }
+    g_rand_free (rand);
 }
 
-
-int main(int argc, char *argv[]) {
+int
+main(int argc, char *argv[]) {
 
     g_test_init(&argc, &argv, NULL);
 
-    g_test_add_func("/fishlim/__ecb", __ecb);
-    g_test_add_func("/fishlim/__cbc", __ecb);
-    g_test_add_func("/fishlim/__base64_len", __base64_len);
-    g_test_add_func("/fishlim/__base64_fish_len", __base64_fish_len);
-    g_test_add_func("/fishlim/__base64_ecb_len", __base64_ecb_len);
-    g_test_add_func("/fishlim/__base64_cbc_len", __base64_cbc_len);
-    g_test_add_func("/fishlim/__max_text_command_len", __max_text_command_len);
-    g_test_add_func("/fishlim/__foreach_utf8_data_chunks", __foreach_utf8_data_chunks);
+    g_test_add_func("/fishlim/ecb", test_ecb);
+    g_test_add_func("/fishlim/cbc", test_cbc);
+    g_test_add_func("/fishlim/base64_len", test_base64_len);
+    g_test_add_func("/fishlim/base64_fish_len", test_base64_fish_len);
+    g_test_add_func("/fishlim/base64_ecb_len", test_base64_ecb_len);
+    g_test_add_func("/fishlim/base64_cbc_len", test_base64_cbc_len);
+    g_test_add_func("/fishlim/max_text_command_len", test_max_text_command_len);
+    g_test_add_func("/fishlim/foreach_utf8_data_chunks", test_foreach_utf8_data_chunks);
 
-    return g_test_run();
+    fish_init();
+    int ret = g_test_run();
+    fish_deinit();
+    return ret;
 }
-
-#endif //PLUGIN_HEXCHAT_FISHLIM_TEST_H

plugins/fishlim/utils.c

@@ -22,6 +22,8 @@
 
 */
 
+#include <string.h>
+
 #include "utils.h"
 #include "fish.h"
 

plugins/lua/lua.c

@@ -957,16 +957,21 @@ static int api_hexchat_pluginprefs_meta_pairs(lua_State *L)
 	hexchat_plugin *h;
 
 	if(!script->name)
+
 		return luaL_error(L, "cannot use hexchat.pluginprefs before registering with hexchat.register");
 
 	dest = lua_newuserdata(L, 4096);
+
 	h = script->handle;
 	if(!hexchat_pluginpref_list(h, dest))
 		strcpy(dest, "");
 	lua_pushlightuserdata(L, dest);
 	lua_pushlightuserdata(L, dest);
 	lua_pushcclosure(L, api_hexchat_pluginprefs_meta_pairs_closure, 2);
-	return 1;
+	lua_insert(L, -2); // Return the userdata (second return value from pairs),
+						// even though it's not used by the closure (first return
+						// value from pairs), so that Lua knows not to GC it.
+	return 2;
 }
 
 static int api_attrs_meta_index(lua_State *L)
@@ -1764,4 +1769,3 @@ G_MODULE_EXPORT int hexchat_plugin_deinit(hexchat_plugin *plugin_handle)
 	g_clear_pointer(&expand_buffer, g_free);
 	return 1;
 }
-

plugins/perl/meson.build

@@ -88,4 +88,5 @@ shared_module('perl',
   install_dir: plugindir,
   install_rpath: perl_rpath,
   name_prefix: '',
+  vs_module_defs: 'perl.def',
 )

plugins/python/meson.build

@@ -28,4 +28,5 @@ shared_module('python', python3_source,
   install: true,
   install_dir: plugindir,
   name_prefix: '',
+  vs_module_defs: 'python.def'
 )

plugins/python/python.py

@@ -146,8 +146,8 @@ class Plugin:
     def loadfile(self, filename):
         try:
             self.filename = filename
-            with open(filename) as f:
-                data = f.read()
+            with open(filename, 'rb') as f:
+                data = f.read().decode('utf-8')
             compiled = compile_file(data, filename)
             exec(compiled, self.globals)
 
@@ -284,7 +284,7 @@ def _on_server_attrs_hook(word, word_eol, attrs, userdata):
 @ffi.def_extern()
 def _on_timer_hook(userdata):
     hook = ffi.from_handle(userdata)
-    if hook.callback(hook.userdata) is True:
+    if hook.callback(hook.userdata) == True:
         return 1
 
     hook.is_unload = True  # Don't unhook

plugins/sysinfo/meson.build

@@ -57,4 +57,5 @@ shared_module('sysinfo', sysinfo_sources,
   install: true,
   install_dir: plugindir,
   name_prefix: '',
+  vs_module_defs: 'sysinfo.def',
 )

plugins/upd/meson.build

@@ -5,4 +5,5 @@ shared_module('upd', 'upd.c',
   install: true,
   install_dir: plugindir,
   name_prefix: '',
+  vs_module_defs: 'upd.def',
 )

plugins/winamp/meson.build

@@ -3,4 +3,5 @@ shared_module('winamp', 'winamp.c',
   install: true,
   install_dir: plugindir,
   name_prefix: '',
+  vs_module_defs: 'winamp.def',
 )

src/common/fe.h

@@ -69,7 +69,16 @@ int fe_input_add (int sok, int flags, void *func, void *data);
 void fe_input_remove (int tag);
 void fe_idle_add (void *func, void *data);
 void fe_set_topic (struct session *sess, char *topic, char *stripped_topic);
-void fe_set_tab_color (struct session *sess, int col);
+typedef enum
+{
+	FE_COLOR_NONE = 0,
+	FE_COLOR_NEW_DATA = 1,
+	FE_COLOR_NEW_MSG = 2,
+	FE_COLOR_NEW_HILIGHT = 3,
+	FE_COLOR_FLAG_NOOVERRIDE = 8,
+} tabcolor;
+#define FE_COLOR_ALLFLAGS (FE_COLOR_FLAG_NOOVERRIDE)
+void fe_set_tab_color (struct session *sess, tabcolor col);
 void fe_flash_window (struct session *sess);
 void fe_update_mode_buttons (struct session *sess, char mode, char sign);
 void fe_update_channel_key (struct session *sess);
@@ -132,6 +141,7 @@ void fe_get_int (char *prompt, int def, void *callback, void *ud);
 #define FRF_NOASKOVERWRITE 32	/* don't ask to overwrite existing files */
 #define FRF_EXTENSIONS 64		/* specify file extensions to be displayed */
 #define FRF_MIMETYPES 128		/* specify file mimetypes to be displayed */
+#define FRF_MODAL 256           /* dialog should be modal to parent */
 void fe_get_file (const char *title, char *initial,
 				 void (*callback) (void *userdata, char *file), void *userdata,
 				 int flags);

src/common/hexchat.h

@@ -501,9 +501,9 @@ typedef struct server
 	int joindelay_tag;				/* waiting before we send JOIN */
 	char hostname[128];				/* real ip number */
 	char servername[128];			/* what the server says is its name */
-	char password[86];
+	char password[1024];
 	char nick[NICKLEN];
-	char linebuf[2048];				/* RFC says 512 chars including \r\n */
+	char linebuf[8704];				/* RFC says 512 chars including \r\n, IRCv3 message tags add 8191, plus the NUL byte */
 	char *last_away_reason;
 	int pos;								/* current position in linebuf */
 	int nickcount;

src/common/inbound.c

@@ -1929,7 +1929,24 @@ inbound_sasl_authenticate (server *serv, char *data)
 			return;
 		}
 
+		/* long SASL passwords must be split into 400-byte chunks
+		   https://ircv3.net/specs/extensions/sasl-3.1#the-authenticate-command */
+		size_t pass_len = strlen (pass);
+		if (pass_len <= 400)
 			tcp_sendf (serv, "AUTHENTICATE %s\r\n", pass);
+		else
+		{
+			size_t sent = 0;
+			while (sent < pass_len)
+			{
+				char *pass_chunk = g_strndup (pass + sent, 400);
+				tcp_sendf (serv, "AUTHENTICATE %s\r\n", pass_chunk);
+				sent += 400;
+				g_free (pass_chunk);
+			}
+		}
+		if (pass_len % 400 == 0)
+			tcp_sendf (serv, "AUTHENTICATE +\r\n");
 		g_free (pass);
 
 		

src/common/meson.build

@@ -47,7 +47,6 @@ if host_machine.system() == 'windows'
   ]
   common_sysinfo_deps += [
     cc.find_library('wbemuuid'), # sysinfo
-    cc.find_library('wbemcore'),
   ]
 
   common_sources += 'sysinfo/win32/backend.c'

src/common/modes.c

@@ -67,8 +67,8 @@ send_channel_modes (session *sess, char *tbuf, char *word[], int wpos,
 	int usable_modes, orig_len, len, wlen, i, max;
 	server *serv = sess->server;
 
-	/* sanity check. IRC RFC says three per line. */
-	if (serv->modes_per_line < 3)
+	/* sanity check. IRC RFC says three per line but some servers may support less. */
+	if (serv->modes_per_line < 1)
 		serv->modes_per_line = 3;
 	if (modes_per_line < 1)
 		modes_per_line = serv->modes_per_line;
@@ -880,7 +880,7 @@ inbound_005 (server * serv, char *word[], const message_tags_data *tags_data)
 				g_free (serv->nick_prefixes);
 				g_free (serv->nick_modes);
 				serv->nick_prefixes = g_strdup (pre + 1);
-				serv->nick_modes = g_strdup (tokvalue);
+				serv->nick_modes = g_strdup (tokvalue + 1);
 			} else
 			{
 				/* bad! some ircds don't give us the modes. */
@@ -918,8 +918,12 @@ inbound_005 (server * serv, char *word[], const message_tags_data *tags_data)
 			server_set_encoding (serv, "UTF-8");
 		} else if (g_strcmp0 (tokname, "NAMESX") == 0)
 		{
-									/* 12345678901234567 */
+			if (tokadding && !serv->have_namesx)
+			{
+				/* only use protoctl if the server doesn't have the equivalent cap */
 				tcp_send_len (serv, "PROTOCTL NAMESX\r\n", 17);
+				serv->have_namesx = TRUE;
+			}
 		} else if (g_strcmp0 (tokname, "WHOX") == 0)
 		{
 			serv->have_whox = tokadding;

src/common/notify.c

@@ -123,7 +123,11 @@ notify_save (void)
 {
 	int fh;
 	struct notify *notify;
-	GSList *list = notify_list;
+        // while reading the notify.conf file, elements are added by prepending to the
+        // list. reverse the list before writing to disk to keep the original
+        // order of the list
+        GSList *list = g_slist_copy(notify_list);
+        list = g_slist_reverse(list);
 
 	fh = hexchat_open_file ("notify.conf", O_TRUNC | O_WRONLY | O_CREAT, 0600, XOF_DOMODE);
 	if (fh != -1)
@@ -142,6 +146,7 @@ notify_save (void)
 		}
 		close (fh);
 	}
+        g_slist_free(list);
 }
 
 void

src/common/outbound.c

@@ -1579,9 +1579,26 @@ cmd_execw (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		EMIT_SIGNAL (XP_TE_NOCHILD, sess, NULL, NULL, NULL, NULL, 0);
 		return FALSE;
 	}
+	if (strcmp (word[2], "--") == 0)
+	{
+		len = strlen(word_eol[3]);
+		temp = g_strconcat (word_eol[3], "\n", NULL);
+		PrintText(sess, temp);
+	}
+	else
+	{
+		if (strcmp (word[2], "-q") == 0)
+		{
+			len = strlen(word_eol[3]);
+			temp = g_strconcat (word_eol[3], "\n", NULL);
+		}
+		else
+		{
 			len = strlen(word_eol[2]);
 			temp = g_strconcat (word_eol[2], "\n", NULL);
 			PrintText(sess, temp);
+		}
+	}
 	write(sess->running_exec->myfd, temp, len + 1);
 	g_free(temp);
 
@@ -2152,7 +2169,6 @@ cmd_gui (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 	{
 	case 0x058b836e: fe_ctrl_gui (sess, 8, 0); break; /* APPLY */
 	case 0xac1eee45: fe_ctrl_gui (sess, 7, 2); break; /* ATTACH */
-	case 0x05a72f63: fe_ctrl_gui (sess, 4, atoi (word[3])); break; /* COLOR */
 	case 0xb06a1793: fe_ctrl_gui (sess, 7, 1); break; /* DETACH */
 	case 0x05cfeff0: fe_ctrl_gui (sess, 3, 0); break; /* FLASH */
 	case 0x05d154d8: fe_ctrl_gui (sess, 2, 0); break; /* FOCUS */
@@ -2166,6 +2182,12 @@ cmd_gui (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		else
 			return FALSE;
 		break;
+	case 0x05a72f63: /* COLOR */
+		if (!g_ascii_strcasecmp (word[4], "-NOOVERRIDE"))
+			fe_ctrl_gui (sess, 4, FE_COLOR_FLAG_NOOVERRIDE | atoi (word[3]));
+		else
+			fe_ctrl_gui (sess, 4, atoi (word[3]));
+		break;
 	default:
 		return FALSE;
 	}
@@ -3227,7 +3249,7 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		int offset = 0;
 
 #ifdef USE_OPENSSL
-		int use_ssl = FALSE;
+		int use_ssl = TRUE;
 		int use_ssl_noverify = FALSE;
 		if (g_strcmp0 (word[2], "-ssl") == 0)
 		{
@@ -3239,6 +3261,11 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 			use_ssl = TRUE;
 			use_ssl_noverify = TRUE;
 			offset++;	/* args move up by 1 word */
+		} else if (g_strcmp0 (word[2], "-insecure") == 0)
+		{
+			use_ssl = FALSE;
+			use_ssl_noverify = FALSE;
+			offset++;	/* args move up by 1 word */
 		}
 		serv->use_ssl = use_ssl;
 		serv->accept_invalid_cert = use_ssl_noverify;
@@ -3428,8 +3455,10 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 	char *pass = NULL;
 	char *channel = NULL;
 	char *key = NULL;
-	int use_ssl = FALSE;
+#ifdef USE_OPENSSL
+	int use_ssl = TRUE;
 	int use_ssl_noverify = FALSE;
+#endif
 	int is_url = TRUE;
 	server *serv = sess->server;
 	ircnet *net = NULL;
@@ -3447,6 +3476,11 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		use_ssl_noverify = TRUE;
 		offset++;	/* args move up by 1 word */
 	}
+	else if (g_strcmp0 (word[2], "-insecure") == 0)
+	{
+		use_ssl = FALSE;
+		offset++;	/* args move up by 1 word */
+	}
 #endif
 
 	if (!parse_irc_url (word[2 + offset], &server_name, &port, &channel, &key, &use_ssl))
@@ -3487,6 +3521,13 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		use_ssl = TRUE;
 #endif
 	}
+	else if (port[0] == '-')
+	{
+		port++;
+#ifdef USE_OPENSSL
+		use_ssl = FALSE;
+#endif
+	}
 
 	if (*pass)
 	{
@@ -3542,7 +3583,7 @@ cmd_servchan (struct session *sess, char *tbuf, char *word[],
 	int offset = 0;
 
 #ifdef USE_OPENSSL
-	if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-ssl-noverify") == 0)
+	if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-ssl-noverify") == 0 || g_strcmp0 (word[2], "-insecure") == 0)
 		offset++;
 #endif
 
@@ -3876,34 +3917,6 @@ cmd_wallchop (struct session *sess, char *tbuf, char *word[],
 	return TRUE;
 }
 
-static int
-cmd_wallchan (struct session *sess, char *tbuf, char *word[],
-				  char *word_eol[])
-{
-	GSList *list;
-
-	if (*word_eol[2])
-	{
-		list = sess_list;
-		while (list)
-		{
-			sess = list->data;
-			if (sess->type == SESS_CHANNEL)
-			{
-				message_tags_data no_tags = MESSAGE_TAGS_DATA_INIT;
-
-				inbound_chanmsg (sess->server, NULL, sess->channel,
-									  sess->server->nick, word_eol[2], TRUE, FALSE, 
-									  &no_tags);
-				sess->server->p_message (sess->server, sess->channel, word_eol[2]);
-			}
-			list = list->next;
-		}
-		return TRUE;
-	}
-	return FALSE;
-}
-
 static int
 cmd_hop (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 {
@@ -4000,7 +4013,7 @@ const struct commands xc_cmds[] = {
 	 N_("EXECKILL [-9], kills a running exec in the current session. If -9 is given the process is SIGKILL'ed")},
 #ifndef __EMX__
 	{"EXECSTOP", cmd_execs, 0, 0, 1, N_("EXECSTOP, sends the process SIGSTOP")},
-	{"EXECWRITE", cmd_execw, 0, 0, 1, N_("EXECWRITE, sends data to the processes stdin")},
+	{"EXECWRITE", cmd_execw, 0, 0, 1, N_("EXECWRITE [-q|--], sends data to the processes stdin; use -q flag to quiet/suppress output at text box; use -- flag to stop interpreting arguments as flags, needed if -q itself would occur as data")},
 #endif
 #endif
 #if 0
@@ -4015,8 +4028,9 @@ const struct commands xc_cmds[] = {
 	{"GETINT", cmd_getint, 0, 0, 1, "GETINT <default> <command> <prompt>"},
 	{"GETSTR", cmd_getstr, 0, 0, 1, "GETSTR <default> <command> <prompt>"},
 	{"GHOST", cmd_ghost, 1, 0, 1, N_("GHOST <nick> [password], Kills a ghosted nickname")},
-	{"GUI", cmd_gui, 0, 0, 1, "GUI [APPLY|ATTACH|DETACH|SHOW|HIDE|FOCUS|FLASH|ICONIFY|COLOR <n>]\n"
-									  "       GUI [MSGBOX <text>|MENU TOGGLE]"},
+	{"GUI", cmd_gui, 0, 0, 1, "GUI [APPLY|ATTACH|DETACH|SHOW|HIDE|FOCUS|FLASH|ICONIFY]\n"
+									  "       GUI [MSGBOX <text>|MENU TOGGLE]\n"
+									  "       GUI COLOR <n> [-NOOVERRIDE]"},
 	{"HELP", cmd_help, 0, 0, 1, 0},
 	{"HOP", cmd_hop, 1, 1, 1,
 	 N_("HOP <nick>, gives chanhalf-op status to the nick (needs chanop)")},
@@ -4103,14 +4117,14 @@ const struct commands xc_cmds[] = {
 	{"SEND", cmd_send, 0, 0, 1, N_("SEND <nick> [<file>]")},
 #ifdef USE_OPENSSL
 	{"SERVCHAN", cmd_servchan, 0, 0, 1,
-	 N_("SERVCHAN [-ssl|-ssl-noverify] <host> <port> <channel>, connects and joins a channel")},
+	 N_("SERVCHAN [-insecure|-ssl|-ssl-noverify] <host> <port> <channel>, connects and joins a channel using ssl unless otherwise specified")},
 #else
 	{"SERVCHAN", cmd_servchan, 0, 0, 1,
 	 N_("SERVCHAN <host> <port> <channel>, connects and joins a channel")},
 #endif
 #ifdef USE_OPENSSL
 	{"SERVER", cmd_server, 0, 0, 1,
-	 N_("SERVER [-ssl|-ssl-noverify] <host> [<port>] [<password>], connects to a server, the default port is 6667 for normal connections, and 6697 for ssl connections")},
+	 N_("SERVER [-insecure|-ssl|-ssl-noverify] <host> [<port>] [<password>], connects to a server using ssl unless otherwise specified, the default port is 6697 for ssl connections and 6667 for insecure connections")},
 #else
 	{"SERVER", cmd_server, 0, 0, 1,
 	 N_("SERVER <host> [<port>] [<password>], connects to a server, the default port is 6667")},
@@ -4141,8 +4155,6 @@ const struct commands xc_cmds[] = {
 	{"USERLIST", cmd_userlist, 1, 1, 1, 0},
 	{"VOICE", cmd_voice, 1, 1, 1,
 	 N_("VOICE <nick>, gives voice status to someone (needs chanop)")},
-	{"WALLCHAN", cmd_wallchan, 1, 1, 1,
-	 N_("WALLCHAN <message>, writes the message to all channels")},
 	{"WALLCHOP", cmd_wallchop, 1, 1, 1,
 	 N_("WALLCHOP <message>, sends the message to all chanops on the current channel")},
 	{0, 0, 0, 0, 0, 0}

src/common/plugin-timer.c

@@ -198,7 +198,7 @@ timer_cb (char *word[], char *word_eol[], void *userdata)
 		offset += 2;
 	}
 
-	timeout = atof (word[2 + offset]);
+	timeout = g_ascii_strtod (word[2 + offset], NULL);
 	command = word_eol[3 + offset];
 
 	if (timeout < 0.1 || timeout * 1000 > INT_MAX || !command[0])

src/common/proto-irc.c

@@ -461,7 +461,7 @@ channel_date (session *sess, char *chan, char *timestr,
 }
 
 static int
-trailing_index(const char *word_eol[])
+trailing_index(char *word_eol[])
 {
 	int param_index;
 	for (param_index = 3; param_index < PDIWORDS; ++param_index)
@@ -503,22 +503,6 @@ process_numeric (session * sess, int n,
 
 		goto def;
 
-	case 4:	/* check the ircd type */
-		serv->use_listargs = FALSE;
-		serv->modes_per_line = 3;		/* default to IRC RFC */
-		if (strncmp (word[5], "bahamut", 7) == 0)				/* DALNet */
-		{
-			serv->use_listargs = TRUE;		/* use the /list args */
-		} else if (strncmp (word[5], "u2.10.", 6) == 0)		/* Undernet */
-		{
-			serv->use_listargs = TRUE;		/* use the /list args */
-			serv->modes_per_line = 6;		/* allow 6 modes per line */
-		} else if (strncmp (word[5], "glx2", 4) == 0)
-		{
-			serv->use_listargs = TRUE;		/* use the /list args */
-		}
-		goto def;
-
 	case 5:
 		inbound_005 (serv, word, tags_data);
 		goto def;
@@ -643,7 +627,7 @@ process_numeric (session * sess, int n,
 	case 320:	/* :is an identified user */
 		if (!serv->skip_next_whois)
 			EMIT_SIGNAL_TIMESTAMP (XP_TE_WHOIS_ID, whois_sess, word[4],
-										  word_eol[5] + 1, NULL, NULL, 0,
+										  word_eol[5][0] == ':' ? word_eol[5] + 1 : word_eol[5], NULL, NULL, 0,
 										  tags_data->timestamp);
 		break;
 
@@ -936,6 +920,14 @@ process_numeric (session * sess, int n,
 		notify_set_online (serv, word[4], tags_data);
 		break;
 
+	case 524: // ERR_HELPNOTFOUND
+	case 704: // RPL_HELPSTART
+	case 705: // RPL_HELPTXT
+	case 706: // RPL_ENDOFHELP
+		EMIT_SIGNAL_TIMESTAMP (XP_TE_SERVTEXT, sess, STRIP_COLON(word, word_eol, 5), NULL, NULL, NULL,
+									  0, tags_data->timestamp);
+		break;
+
 	case 728:	/* +q-list entry */
 		/* NOTE:  FREENODE returns these results inconsistent with e.g. +b */
 		/* Who else has imlemented MODE_QUIET, I wonder? */

src/common/server.c

@@ -362,7 +362,7 @@ server_read (GIOChannel *source, GIOCondition condition, server *serv)
 				serv->linebuf[serv->pos] = lbuf[i];
 				if (serv->pos >= (sizeof (serv->linebuf) - 1))
 					fprintf (stderr,
-								"*** HEXCHAT WARNING: Buffer overflow - shit server!\n");
+								"*** HEXCHAT WARNING: Buffer overflow - non-compliant server!\n");
 				else
 					serv->pos++;
 			}
@@ -772,7 +772,7 @@ server_connect_success (server *serv)
 
 		/* it'll be a memory leak, if connection isn't terminated by
 		   server_cleanup() */
-		if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify, NULL)))
+		if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify)))
 		{
 			EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, err, NULL,
 							 NULL, NULL, 0);
@@ -1559,7 +1559,7 @@ server_connect (server *serv, char *hostname, int port, int no_login)
 	if (!hostname[0])
 		return;
 
-	if (port < 0)
+	if (port < 1 || port > 65535)
 	{
 		/* use default port for this server type */
 		port = 6667;
@@ -1567,8 +1567,8 @@ server_connect (server *serv, char *hostname, int port, int no_login)
 		if (serv->use_ssl)
 			port = 6697;
 #endif
+		g_debug ("Attempted to connect to invalid port, assuming default port %d", port);
 	}
-	port &= 0xffff;	/* wrap around */
 
 	if (serv->connected || serv->connecting || serv->recondelay_tag)
 		server_disconnect (sess, TRUE, -1);
@@ -1770,6 +1770,7 @@ server_set_defaults (server *serv)
 	serv->chanmodes = g_strdup ("beI,k,l");
 	serv->nick_prefixes = g_strdup ("@%+");
 	serv->nick_modes = g_strdup ("ohv");
+	serv->modes_per_line = 3; /* https://datatracker.ietf.org/doc/html/rfc1459#section-4.2.3.1 */
 	serv->sasl_mech = MECH_PLAIN;
 
 	if (!serv->encoding)
@@ -1778,6 +1779,7 @@ server_set_defaults (server *serv)
 	serv->nickcount = 1;
 	serv->end_of_motd = FALSE;
 	serv->sent_capend = FALSE;
+	serv->use_listargs = FALSE;
 	serv->is_away = FALSE;
 	serv->supports_watch = FALSE;
 	serv->supports_monitor = FALSE;

src/common/servlist.c

@@ -54,8 +54,6 @@ static const struct defaultserver def[] =
 	/* Invalid hostname in cert */
 	{0,			"irc.2600.net"},
 
-	{"ACN", 0, 0, 0, LOGIN_SASL, 0, TRUE},
-	{0,			"global.acn.gr"},
 
 	{"AfterNET", 0, 0, 0, LOGIN_SASL, 0, TRUE},
 	{0,			"irc.afternet.org"},
@@ -187,12 +185,12 @@ static const struct defaultserver def[] =
 	{"Interlinked", 0, 0, 0, LOGIN_SASL, 0, TRUE},
 	{0,			"irc.interlinked.me"},
 
+	{"Irc-Nerds", 0, 0, 0, LOGIN_SASL, 0, TRUE},
+	{0,			"irc.irc-nerds.net"},
+	
 	{"IRC4Fun", 0, 0, 0, LOGIN_SASL, 0, TRUE},
 	{0,				"irc.irc4fun.net"},
 
-	{"IRCHighWay", 0, 0, 0, 0, 0, TRUE},
-	{0,				"irc.irchighway.net"},
-
 	{"IRCNet",		0},
 	{0,				"open.ircnet.net"},
 

src/common/ssl.c

@@ -321,23 +321,22 @@ _SSL_socket (SSL_CTX *ctx, int sd)
 
 
 char *
-_SSL_set_verify (SSL_CTX *ctx, void *verify_callback, char *cacert)
+_SSL_set_verify (SSL_CTX *ctx, void *verify_callback)
 {
+#ifdef DEFAULT_CERT_FILE
+	if (!SSL_CTX_load_verify_locations (ctx, DEFAULT_CERT_FILE, NULL))
+	{
+		__SSL_fill_err_buf ("SSL_CTX_load_verify_locations");
+		return (err_buf);
+	}
+#else
 	if (!SSL_CTX_set_default_verify_paths (ctx))
 	{
 		__SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths");
 		return (err_buf);
 	}
-/*
-	if (cacert)
-	{
-		if (!SSL_CTX_load_verify_locations (ctx, cacert, NULL))
-		{
-			__SSL_fill_err_buf ("SSL_CTX_load_verify_locations");
-			return (err_buf);
-		}
-	}
-*/
+#endif
+
 	SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, verify_callback);
 
 	return (NULL);

src/common/ssl.h

@@ -45,7 +45,7 @@ SSL_CTX *_SSL_context_init (void (*info_cb_func));
 #define _SSL_context_free(a)	SSL_CTX_free(a);
 
 SSL *_SSL_socket (SSL_CTX *ctx, int sd);
-char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback), char *cacert);
+char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback));
 /*
     int SSL_connect(SSL *);
     int SSL_accept(SSL *);

src/common/sysinfo/win32/backend.c

@@ -84,7 +84,8 @@ sysinfo_get_cpu_arch (void)
 
 	GetNativeSystemInfo (&si);
 
-	if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64)
+	if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64 ||
+		si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_ARM64)
 	{
 		return cpu_arch = 64;
 	}
@@ -106,7 +107,8 @@ sysinfo_get_build_arch (void)
 
 	GetSystemInfo (&si);
 
-	if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64)
+	if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64 ||
+		si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_ARM64)
 	{
 		return build_arch = 64;
 	}
@@ -354,6 +356,8 @@ static char *read_cpu_info (IWbemClassObject *object)
 
 	VariantClear (&max_clock_speed_variant);
 
+	g_strchomp (name_utf8);
+
 	if (cpu_freq_mhz > 1000)
 	{
 		result = g_strdup_printf ("%s (%.2fGHz)", name_utf8, cpu_freq_mhz / 1000.f);

src/common/util.c

@@ -1375,11 +1375,16 @@ str_sha256hash (char *string)
 	int i;
 	unsigned char hash[SHA256_DIGEST_LENGTH];
 	char buf[SHA256_DIGEST_LENGTH * 2 + 1];		/* 64 digit hash + '\0' */
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	SHA256 (string, strlen (string), hash);
+#else
 	SHA256_CTX sha256;
 
 	SHA256_Init (&sha256);
 	SHA256_Update (&sha256, string, strlen (string));
 	SHA256_Final (hash, &sha256);
+#endif
 
 	for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
 	{

src/fe-gtk/chanlist.c

@@ -512,7 +512,7 @@ chanlist_save (GtkWidget * wid, server *serv)
 	GtkTreeModel *model = GET_MODEL (serv);
 
 	if (gtk_tree_model_get_iter_first (model, &iter))
-		gtkutil_file_req (_("Select an output filename"), chanlist_filereq_done,
+		gtkutil_file_req (NULL, _("Select an output filename"), chanlist_filereq_done,
 								serv, NULL, NULL, FRF_WRITE);
 }
 

src/fe-gtk/dccgui.c

@@ -146,7 +146,7 @@ fe_dcc_send_filereq (struct session *sess, char *nick, int maxcps, int passive)
 	mdc->maxcps = maxcps;
 	mdc->passive = passive;
 
-	gtkutil_file_req (tbuf, dcc_send_filereq_file, mdc, prefs.hex_dcc_dir, NULL, FRF_MULTIPLE|FRF_FILTERISINITIAL);
+	gtkutil_file_req (NULL, tbuf, dcc_send_filereq_file, mdc, prefs.hex_dcc_dir, NULL, FRF_MULTIPLE|FRF_FILTERISINITIAL);
 
 	g_free (tbuf);
 }

src/fe-gtk/fe-gtk.c

@@ -664,13 +664,13 @@ fe_print_text (struct session *sess, char *text, time_t stamp,
 		return;
 
 	if (sess == current_tab)
-		fe_set_tab_color (sess, 0);
+		fe_set_tab_color (sess, FE_COLOR_NONE);
 	else if (sess->tab_state & TAB_STATE_NEW_HILIGHT)
-		fe_set_tab_color (sess, 3);
+		fe_set_tab_color (sess, FE_COLOR_NEW_HILIGHT);
 	else if (sess->tab_state & TAB_STATE_NEW_MSG)
-		fe_set_tab_color (sess, 2);
+		fe_set_tab_color (sess, FE_COLOR_NEW_MSG);
 	else
-		fe_set_tab_color (sess, 1);
+		fe_set_tab_color (sess, FE_COLOR_NEW_DATA);
 }
 
 void
@@ -903,7 +903,7 @@ fe_confirm (const char *message, void (*yesproc)(void *), void (*noproc)(void *)
 	if (dcc->file)
 	{
 		char *filepath = g_build_filename (prefs.hex_dcc_dir, dcc->file, NULL);
-		gtkutil_file_req (message, dcc_saveas_cb, ud, filepath, NULL,
+		gtkutil_file_req (NULL, message, dcc_saveas_cb, ud, filepath, NULL,
 								FRF_WRITE|FRF_NOASKOVERWRITE|FRF_FILTERISINITIAL);
 		g_free (filepath);
 	}
@@ -1054,6 +1054,46 @@ osx_show_uri (const char *url)
 
 #endif
 
+static inline char *
+escape_uri (const char *uri)
+{
+	return g_uri_escape_string(uri, G_URI_RESERVED_CHARS_GENERIC_DELIMITERS G_URI_RESERVED_CHARS_SUBCOMPONENT_DELIMITERS, FALSE);
+}
+
+static inline gboolean
+uri_contains_forbidden_characters (const char *uri)
+{
+	while (*uri)
+	{
+		/* This is not an exhaustive list, the full URI has segments that allow characters like "[]:" for example. */
+		if (strchr ("`<> ${}\"+", *uri) != NULL || (*uri & 0x80) /* non-ascii */)
+			return TRUE;
+		uri++;
+	}
+
+	return FALSE;
+}
+
+static char *
+maybe_escape_uri (const char *uri)
+{
+	/* The only way to know if a string has already been escaped or not
+	 * is by fulling parsing each segement but we can try some more simple heuristics. */
+
+	/* If we find characters that should clearly be escaped. */
+	if (uri_contains_forbidden_characters (uri))
+		return escape_uri (uri);
+
+	/* If it fails to be unescaped then it was not escaped. */
+	char *unescaped = g_uri_unescape_string (uri, NULL);
+	if (!unescaped)
+		return escape_uri (uri);
+	g_free (unescaped);
+
+	/* At this point it is probably safe to pass through as-is. */
+	return g_strdup (uri);
+}
+
 static void
 fe_open_url_inner (const char *url)
 {
@@ -1071,8 +1111,8 @@ fe_open_url_inner (const char *url)
 #elif defined(__APPLE__)
     osx_show_uri (url);
 #else
-	char *escaped_url = g_uri_escape_string (url, G_URI_RESERVED_CHARS_GENERIC_DELIMITERS G_URI_RESERVED_CHARS_SUBCOMPONENT_DELIMITERS,
-	                                         FALSE);
+	char *escaped_url = maybe_escape_uri (url);
+	g_debug ("Opening URL \"%s\" (%s)", escaped_url, url);
 	gtk_show_uri (NULL, escaped_url, GDK_CURRENT_TIME, NULL);
 	g_free (escaped_url);
 #endif
@@ -1176,7 +1216,7 @@ fe_get_file (const char *title, char *initial,
 {
 	/* OK: Call callback once per file, then once more with file=NULL. */
 	/* CANCEL: Call callback once with file=NULL. */
-	gtkutil_file_req (title, callback, userdata, initial, NULL, flags | FRF_FILTERISINITIAL);
+	gtkutil_file_req (NULL, title, callback, userdata, initial, NULL, flags | FRF_FILTERISINITIAL);
 }
 
 void

src/fe-gtk/gtkutil.c

@@ -190,7 +190,7 @@ gtkutil_file_req_response (GtkWidget *dialog, gint res, struct file_req *freq)
 }
 
 void
-gtkutil_file_req (const char *title, void *callback, void *userdata, char *filter, char *extensions,
+gtkutil_file_req (GtkWindow *parent, const char *title, void *callback, void *userdata, char *filter, char *extensions,
 						int flags)
 {
 	struct file_req *freq;
@@ -269,6 +269,16 @@ gtkutil_file_req (const char *title, void *callback, void *userdata, char *filte
 							G_CALLBACK (gtkutil_file_req_response), freq);
 	g_signal_connect (G_OBJECT (dialog), "destroy",
 						   G_CALLBACK (gtkutil_file_req_destroy), (gpointer) freq);
+
+	if (parent)
+		gtk_window_set_transient_for (GTK_WINDOW (dialog), parent);
+
+	if (flags & FRF_MODAL)
+	{
+		g_assert (parent);
+		gtk_window_set_modal (GTK_WINDOW (dialog), TRUE);
+	}
+
 	gtk_widget_show (dialog);
 }
 

src/fe-gtk/gtkutil.h

@@ -25,7 +25,7 @@
 
 typedef void (*filereqcallback) (void *, char *file);
 
-void gtkutil_file_req (const char *title, void *callback, void *userdata, char *filter, char *extensions, int flags);
+void gtkutil_file_req (GtkWindow *parent, const char *title, void *callback, void *userdata, char *filter, char *extensions, int flags);
 void gtkutil_destroy (GtkWidget * igad, GtkWidget * dgad);
 void gtkutil_destroy_on_esc (GtkWidget *win);
 GtkWidget *gtkutil_button (GtkWidget *box, char *stock, char *tip, void *callback,

src/fe-gtk/maingui.c

@@ -175,20 +175,26 @@ fe_flash_window (session *sess)
 /* set a tab plain, red, light-red, or blue */
 
 void
-fe_set_tab_color (struct session *sess, int col)
+fe_set_tab_color (struct session *sess, tabcolor col)
 {
 	struct session *server_sess = sess->server->server_session;
+	int col_noflags = (col & ~FE_COLOR_ALLFLAGS);
+	int col_shouldoverride = !(col & FE_COLOR_FLAG_NOOVERRIDE);
+
 	if (sess->res->tab && sess->gui->is_tab && (col == 0 || sess != current_tab))
 	{
-		switch (col)
+		switch (col_noflags)
 		{
 		case 0:	/* no particular color (theme default) */
 			sess->tab_state = TAB_STATE_NONE;
 			chan_set_color (sess->res->tab, plain_list);
 			break;
 		case 1:	/* new data has been displayed (dark red) */
+			if (col_shouldoverride || !((sess->tab_state & TAB_STATE_NEW_MSG)
+										|| (sess->tab_state & TAB_STATE_NEW_HILIGHT))) {
 				sess->tab_state = TAB_STATE_NEW_DATA;
 				chan_set_color (sess->res->tab, newdata_list);
+			}
 
 			if (chan_is_collapsed (sess->res->tab)
 				&& !((server_sess->tab_state & TAB_STATE_NEW_MSG)
@@ -201,8 +207,10 @@ fe_set_tab_color (struct session *sess, int col)
 
 			break;
 		case 2:	/* new message arrived in channel (light red) */
+			if (col_shouldoverride || !(sess->tab_state & TAB_STATE_NEW_HILIGHT)) {
 				sess->tab_state = TAB_STATE_NEW_MSG;
 				chan_set_color (sess->res->tab, newmsg_list);
+			}
 
 			if (chan_is_collapsed (sess->res->tab)
 				&& !(server_sess->tab_state & TAB_STATE_NEW_HILIGHT)
@@ -540,7 +548,7 @@ mg_focus (session *sess)
 	/* when called via mg_changui_new, is_tab might be true, but
 		sess->res->tab is still NULL. */
 	if (sess->res->tab)
-		fe_set_tab_color (sess, 0);
+		fe_set_tab_color (sess, FE_COLOR_NONE);
 }
 
 static int

src/fe-gtk/menu.c

@@ -1362,7 +1362,7 @@ savebuffer_req_done (session *sess, char *file)
 static void
 menu_savebuffer (GtkWidget * wid, gpointer none)
 {
-	gtkutil_file_req (_("Select an output filename"), savebuffer_req_done,
+	gtkutil_file_req (NULL, _("Select an output filename"), savebuffer_req_done,
 							current_sess, NULL, NULL, FRF_WRITE);
 }
 

src/fe-gtk/notifications/notification-freedesktop.c

@@ -18,6 +18,7 @@
 
 #include "config.h"
 
+#include <string.h>
 #include <gio/gio.h>
 
 static GDBusProxy *fdo_notifications;
@@ -55,7 +56,7 @@ notification_backend_show (const char *title, const char *text)
     g_variant_builder_init (&params, G_VARIANT_TYPE ("(susssasa{sv}i)"));
     g_variant_builder_add (&params, "s", "hexchat"); /* App name */
     g_variant_builder_add (&params, "u", 0); /* ID, 0 means don't replace */
-    g_variant_builder_add (&params, "s", ""); /* App icon (set from hints instead) */
+    g_variant_builder_add (&params, "s", "io.github.Hexchat"); /* App icon */
     g_variant_builder_add (&params, "s", title);
     g_variant_builder_add (&params, "s", text);
     g_variant_builder_add (&params, "as", NULL); /* Actions */

src/fe-gtk/plugin-notification.c

@@ -218,7 +218,7 @@ notification_plugin_init (hexchat_plugin *plugin_handle, char **plugin_name, cha
 	if (!notification_backend_init (&error))
 	{
 		if (error)
-			hexchat_printf(plugin_handle, "Failed loading notification plugin: %s\n", error);
+			g_debug("Failed loading notification plugin: %s\n", error);
 		return 0;
 	}
 
@@ -246,7 +246,7 @@ notification_plugin_init (hexchat_plugin *plugin_handle, char **plugin_name, cha
 
 
 int
-notification_plugin_deinit (void)
+notification_plugin_deinit (void *unused_param)
 {
 	notification_backend_deinit ();
 	return 1;

src/fe-gtk/plugingui.c

@@ -161,7 +161,7 @@ plugingui_load (void)
 {
 	char *sub_dir = g_build_filename (get_xdir(), "addons", NULL);
 
-	gtkutil_file_req (_("Select a Plugin or Script to load"), plugingui_load_cb, current_sess,
+	gtkutil_file_req (NULL, _("Select a Plugin or Script to load"), plugingui_load_cb, current_sess,
 							sub_dir, "*."PLUGIN_SUFFIX";*.lua;*.pl;*.py;*.tcl;*.js", FRF_FILTERISINITIAL|FRF_EXTENSIONS);
 
 	g_free (sub_dir);

src/fe-gtk/rawlog.c

@@ -77,7 +77,7 @@ rawlog_clearbutton (GtkWidget * wid, server *serv)
 static int
 rawlog_savebutton (GtkWidget * wid, server *serv)
 {
-	gtkutil_file_req (_("Save As..."), rawlog_save, serv, NULL, NULL, FRF_WRITE);
+	gtkutil_file_req (NULL, _("Save As..."), rawlog_save, serv, NULL, NULL, FRF_WRITE);
 	return FALSE;
 }
 

src/fe-gtk/setup.c

@@ -48,6 +48,7 @@ GtkStyle *create_input_style (GtkStyle *);
 
 #define LABEL_INDENT 12
 
+static GtkWidget *setup_window = NULL;
 static int last_selected_page = 0;
 static int last_selected_row = 0; /* sound row */
 static gboolean color_change;
@@ -1105,8 +1106,8 @@ setup_browsefile_cb (GtkWidget *button, GtkWidget *entry)
 	filter = "image/*";
 	filter_type = FRF_MIMETYPES;
 #endif
-	gtkutil_file_req (_("Select an Image File"), setup_filereq_cb,
-					entry, NULL, filter, filter_type|FRF_RECENTLYUSED);
+	gtkutil_file_req (GTK_WINDOW (setup_window), _("Select an Image File"), setup_filereq_cb,
+					entry, NULL, filter, filter_type|FRF_RECENTLYUSED|FRF_MODAL);
 }
 
 static void
@@ -1141,7 +1142,7 @@ setup_fontsel_cancel (GtkWidget *button, GtkFontSelectionDialog *dialog)
 static void
 setup_browsefolder_cb (GtkWidget *button, GtkEntry *entry)
 {
-	gtkutil_file_req (_("Select Download Folder"), setup_filereq_cb, entry, (char*)gtk_entry_get_text (entry), NULL, FRF_CHOOSEFOLDER);
+	gtkutil_file_req (GTK_WINDOW (setup_window), _("Select Download Folder"), setup_filereq_cb, entry, (char*)gtk_entry_get_text (entry), NULL, FRF_CHOOSEFOLDER|FRF_MODAL);
 }
 
 static void
@@ -1154,6 +1155,9 @@ setup_browsefont_cb (GtkWidget *button, GtkWidget *entry)
 	dialog = (GtkFontSelectionDialog *) gtk_font_selection_dialog_new (_("Select font"));
 	font_dialog = (GtkWidget *)dialog;	/* global var */
 
+	gtk_window_set_transient_for (GTK_WINDOW (font_dialog), GTK_WINDOW (setup_window));
+	gtk_window_set_modal (GTK_WINDOW (font_dialog), TRUE);
+
 	sel = (GtkFontSelection *) gtk_font_selection_dialog_get_font_selection (dialog);
 
 	if (gtk_entry_get_text (GTK_ENTRY (entry))[0])
@@ -1457,6 +1461,8 @@ setup_color_cb (GtkWidget *button, gpointer userdata)
 	g_object_set_data (G_OBJECT (ok_button), "b", button);
 	gtk_widget_set_sensitive (help_button, FALSE);
 	gtk_color_selection_set_current_color (GTK_COLOR_SELECTION (gtk_color_selection_dialog_get_color_selection (cdialog)), color);
+	gtk_window_set_transient_for (GTK_WINDOW (dialog), GTK_WINDOW (setup_window));
+	gtk_window_set_modal (GTK_WINDOW (dialog), TRUE);
 	gtk_widget_show (dialog);
 
 	g_object_unref (cancel_button);
@@ -1711,8 +1717,8 @@ setup_snd_browse_cb (GtkWidget *button, GtkEntry *entry)
 	filter_type = FRF_MIMETYPES;
 #endif
 
-	gtkutil_file_req (_("Select a sound file"), setup_snd_filereq_cb, entry,
-						sounds_dir, filter, FRF_FILTERISINITIAL|filter_type);
+	gtkutil_file_req (GTK_WINDOW (setup_window), _("Select a sound file"), setup_snd_filereq_cb, entry,
+						sounds_dir, filter, FRF_MODAL|FRF_FILTERISINITIAL|filter_type);
 	g_free (sounds_dir);
 }
 
@@ -2336,8 +2342,6 @@ setup_close_cb (GtkWidget *win, GtkWidget **swin)
 void
 setup_open (void)
 {
-	static GtkWidget *setup_window = NULL;
-
 	if (setup_window)
 	{
 		gtk_window_present (GTK_WINDOW (setup_window));

src/fe-gtk/sexy-spell-entry.c

@@ -1255,7 +1255,7 @@ void
 sexy_spell_entry_activate_default_languages(SexySpellEntry *entry)
 {
 	GSList *enchant_langs;
-	char *lang, *langs;
+	char *lang, **i, **langs;
 
 	if (!have_enchant)
 		return;
@@ -1265,21 +1265,21 @@ sexy_spell_entry_activate_default_languages(SexySpellEntry *entry)
 
 	enchant_langs = sexy_spell_entry_get_languages(entry);
 
-	langs = g_strdup (prefs.hex_text_spell_langs);
+	langs = g_strsplit_set (prefs.hex_text_spell_langs, ", \t", 0);
 
-	lang = strtok (langs, ",");
-	while (lang != NULL)
+	for (i = langs; *i; i++)
 	{
+		lang = *i;
+
 		if (enchant_has_lang (lang, enchant_langs))
 		{
 			sexy_spell_entry_activate_language_internal (entry, lang, NULL);
 		}
-		lang = strtok (NULL, ",");
 	}
 
 	g_slist_foreach(enchant_langs, (GFunc) g_free, NULL);
 	g_slist_free(enchant_langs);
-	g_free (langs);
+	g_strfreev (langs);
 
 	/* If we don't have any languages activated, use "en" */
 	if (entry->priv->dict_list == NULL)

src/fe-gtk/textgui.c

@@ -282,7 +282,7 @@ pevent_save_cb (GtkWidget * wid, void *data)
 {
 	if (data)
 	{
-		gtkutil_file_req (_("Print Texts File"), pevent_save_req_cb, NULL,
+		gtkutil_file_req (NULL, _("Print Texts File"), pevent_save_req_cb, NULL,
 								NULL, NULL, FRF_WRITE);
 		return;
 	}
@@ -304,7 +304,7 @@ pevent_load_req_cb (void *arg1, char *file)
 static void
 pevent_load_cb (GtkWidget * wid, void *data)
 {
-	gtkutil_file_req (_("Print Texts File"), pevent_load_req_cb, NULL, NULL, NULL, 0);
+	gtkutil_file_req (NULL, _("Print Texts File"), pevent_load_req_cb, NULL, NULL, NULL, 0);
 }
 
 static void

src/fe-gtk/urlgrab.c

@@ -145,7 +145,7 @@ url_save_callback (void *arg1, char *file)
 static void
 url_button_save (void)
 {
-	gtkutil_file_req (_("Select an output filename"),
+	gtkutil_file_req (NULL, _("Select an output filename"),
 							url_save_callback, NULL, NULL, NULL, FRF_WRITE);
 }
 

src/fe-gtk/xtext.c

@@ -947,7 +947,7 @@ gtk_xtext_find_char (GtkXText * xtext, int x, int y, int *off, int *out_of_bound
 	textentry *ent;
 	int line;
 	int subline;
-	int outofbounds;
+	int outofbounds = FALSE;
 
 	/* Adjust y value for negative rounding, double to int */
 	if (y < 0)

src/fe-text/fe-text.c

@@ -623,7 +623,7 @@ fe_cleanup (void)
 {
 }
 void
-fe_set_tab_color (struct session *sess, int col)
+fe_set_tab_color (struct session *sess, tabcolor col)
 {
 }
 void

win32/copy/copy.vcxproj

@@ -40,7 +40,8 @@
     <None Include="$(DepsRoot)\bin\gthread-2.0-0.dll" />
     <None Include="$(DepsRoot)\bin\gtk-win32-2.0.dll" />
     <None Include="$(DepsRoot)\bin\iconv.dll" />
-    <None Include="$(DepsRoot)\bin\libeay32.dll" />
+    <None Include="$(DepsRoot)\bin\libcrypto*.dll" />
+    <None Include="$(DepsRoot)\bin\libssl*.dll" />
     <None Include="$(DepsRoot)\bin\libenchant.dll" />
     <None Include="$(DepsRoot)\bin\ffi-7.dll" />
     <None Include="$(DepsRoot)\bin\intl.dll" />
@@ -50,7 +51,6 @@
     <None Include="$(DepsRoot)\bin\pangocairo-1.0-0.dll" />
     <None Include="$(DepsRoot)\bin\pangoft2-1.0-0.dll" />
     <None Include="$(DepsRoot)\bin\pangowin32-1.0-0.dll" />
-    <None Include="$(DepsRoot)\bin\ssleay32.dll" />
     <None Include="$(DepsRoot)\bin\zlib1.dll" />
     <None Include="$(WinSparklePath)\WinSparkle.dll" />
     <None Include="$(HexChatBin)thememan.exe" />

win32/hexchat.props

@@ -8,14 +8,14 @@
 		<YourGendefPath>c:\gtk-build\gendef</YourGendefPath>
 		<YourPerlPath>c:\gtk-build\perl-5.20</YourPerlPath>
 		<YourPython2Path>c:\gtk-build\python-2.7</YourPython2Path>
-		<YourPython3Path>c:\gtk-build\python-3.6</YourPython3Path>
+		<YourPython3Path>c:\gtk-build\python-3.8</YourPython3Path>
 		<YourWinSparklePath>c:\gtk-build\WinSparkle</YourWinSparklePath>
 
 		<!-- YOU SHOULDN'T TOUCH ANYTHING BELOW -->
 
 		<!-- G_DISABLE_DEPRECATED is unfeasible due to g_completion_* -->
 		<!-- must be buildable with GSEAL_ENABLE in the future, xtext, setup, and chanview-tabs stand in the way -->
-		<OwnFlags>GTK_DISABLE_DEPRECATED;GDK_PIXBUF_DISABLE_DEPRECATED;G_DISABLE_SINGLE_INCLUDES;GDK_PIXBUF_DISABLE_SINGLE_INCLUDES;GTK_DISABLE_SINGLE_INCLUDES;HAVE_STRTOULL;strtoull=_strtoui64;strcasecmp=stricmp;strncasecmp=strnicmp;__inline__=__inline</OwnFlags>
+		<OwnFlags>GTK_DISABLE_DEPRECATED;GDK_PIXBUF_DISABLE_DEPRECATED;G_DISABLE_SINGLE_INCLUDES;GDK_PIXBUF_DISABLE_SINGLE_INCLUDES;GTK_DISABLE_SINGLE_INCLUDES;HAVE_X509_GET_SIGNATURE_NID;HAVE_SSL_CTX_GET_SSL_METHOD;DEFAULT_CERT_FILE="cert.pem";HAVE_STRTOULL;strtoull=_strtoui64;strcasecmp=stricmp;strncasecmp=strnicmp;__inline__=__inline</OwnFlags>
 		<!-- FIXME: Add ability to use debug builds -->
 		<DepsRoot>$(YourDepsPath)\$(PlatformName)\release</DepsRoot>
 		<GendefPath>$(YourGendefPath)</GendefPath>
@@ -26,14 +26,14 @@
 		<Python2Lib>python27</Python2Lib>
 		<Python2Output>hcpython2</Python2Output>
 		<Python3Path>$(YourPython3Path)\$(PlatformName)</Python3Path>
-		<Python3Lib>python36</Python3Lib>
+		<Python3Lib>python38</Python3Lib>
 		<Python3Output>hcpython3</Python3Output>
 		<LuaInclude>$(DepsRoot)\include\luajit-2.1</LuaInclude>
 		<LuaOutput>hclua</LuaOutput>
 		<LuaLib>lua51</LuaLib>
 		<Glib>$(DepsRoot)\include\glib-2.0;$(DepsRoot)\lib\glib-2.0\include;$(DepsRoot)\include\libxml2</Glib>
 		<Gtk>$(DepsRoot)\include\gtk-2.0;$(DepsRoot)\lib\gtk-2.0\include;$(DepsRoot)\include\atk-1.0;$(DepsRoot)\include\cairo;$(DepsRoot)\include\pango-1.0;$(DepsRoot)\include\gdk-pixbuf-2.0</Gtk>
-		<DepLibs>gtk-win32-2.0.lib;gdk-win32-2.0.lib;atk-1.0.lib;gio-2.0.lib;gdk_pixbuf-2.0.lib;pangowin32-1.0.lib;pangocairo-1.0.lib;pango-1.0.lib;cairo.lib;gobject-2.0.lib;gmodule-2.0.lib;glib-2.0.lib;intl.lib;libxml2.lib;libeay32.lib;ssleay32.lib;wininet.lib;winmm.lib;ws2_32.lib</DepLibs>
+		<DepLibs>gtk-win32-2.0.lib;gdk-win32-2.0.lib;atk-1.0.lib;gio-2.0.lib;gdk_pixbuf-2.0.lib;pangowin32-1.0.lib;pangocairo-1.0.lib;pango-1.0.lib;cairo.lib;gobject-2.0.lib;gmodule-2.0.lib;glib-2.0.lib;intl.lib;libxml2.lib;libcrypto.lib;libssl.lib;ssleay32.lib;wininet.lib;winmm.lib;ws2_32.lib</DepLibs>
 		<DataDir>$(SolutionDir)..\data\\</DataDir>
 		<HexChatBuild>$(SolutionDir)..\..\hexchat-build</HexChatBuild>
 		<HexChatBin>$(HexChatBuild)\$(PlatformName)\bin\</HexChatBin>

win32/installer/hexchat.iss.tt

@@ -74,7 +74,7 @@ Name: "langs\lua"; Description: "Lua"; Types: normal custom; Flags: disablenouni
 Name: "langs\perl"; Description: "Perl (requires Perl 5.20)"; Types: custom; Flags: disablenouninstallwarning
 Name: "langs\python"; Description: "Python Interface"; Types: custom; Flags: disablenouninstallwarning
 Name: "langs\python\python2"; Description: "Python (requires Python 2.7)"; Types: custom; Flags: disablenouninstallwarning exclusive
-Name: "langs\python\python3"; Description: "Python (requires Python 3.6)"; Types: custom; Flags: disablenouninstallwarning exclusive
+Name: "langs\python\python3"; Description: "Python (requires Python 3.8)"; Types: custom; Flags: disablenouninstallwarning exclusive
 
 [Tasks]
 Name: portable; Description: "Yes"; GroupDescription: "Portable Mode: Stores configuration files within install directory for portable drives."; Flags: unchecked
@@ -138,7 +138,13 @@ Source: "gspawn-win32-helper-console.exe"; DestDir: "{app}"; Flags: ignoreversio
 Source: "gthread-2.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "gtk-win32-2.0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "iconv.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
-Source: "libeay32.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
+#if APPARCH == "x64"
+Source: "libcrypto-1_1-x64.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
+Source: "libssl-1_1-x64.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
+#else
+Source: "libcrypto-1_1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
+Source: "libssl-1_1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
+#endif
 Source: "libenchant.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "ffi-7.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "intl.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
@@ -148,7 +154,6 @@ Source: "pango-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: l
 Source: "pangocairo-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "pangoft2-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "pangowin32-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
-Source: "ssleay32.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "zlib1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 
 Source: "plugins\hcnotifications-winrt.dll"; DestDir: "{app}\plugins"; Flags: ignoreversion; Components: libs
@@ -293,14 +298,14 @@ begin
 		REDIST := 'https://dl.hexchat.net/misc/vcredist_2015_x64.exe';
 		REDIST_2013 := 'https://dl.hexchat.net/misc/vcredist_2013_x64.exe';
 		PERL := 'https://dl.hexchat.net/misc/perl/Perl%205.20.0%20x64.msi';
-		PY2 := 'https://www.python.org/ftp/python/2.7.14/python-2.7.14.amd64.msi';
-		PY3 := 'https://www.python.org/ftp/python/3.6.4/python-3.6.4-amd64.exe';
+		PY2 := 'https://www.python.org/ftp/python/2.7.18/python-2.7.18.amd64.msi';
+		PY3 := 'https://www.python.org/ftp/python/3.8.10/python-3.8.10-amd64.exe';
 #else
 		REDIST := 'https://dl.hexchat.net/misc/vcredist_2015_x86.exe';
 		REDIST_2013 := 'https://dl.hexchat.net/misc/vcredist_2013_x86.exe';
 		PERL := 'https://dl.hexchat.net/misc/perl/Perl%205.20.0%20x86.msi';
-		PY2 := 'https://www.python.org/ftp/python/2.7.14/python-2.7.14.msi';
-		PY3 := 'https://www.python.org/ftp/python/3.6.4/python-3.6.4.exe';
+		PY2 := 'https://www.python.org/ftp/python/2.7.18/python-2.7.18.msi';
+		PY3 := 'https://www.python.org/ftp/python/3.8.10/python-3.8.10.exe';
 #endif
 		DOTNET := 'https://dl.hexchat.net/misc/dotnet_40.exe';
 		SPELL := 'https://dl.hexchat.net/hexchat/HexChat%20Spelling%20Dictionaries%20r2.exe';
@@ -327,7 +332,7 @@ begin
 			if IsComponentSelected('langs\python\python2') and not CheckDLL('python27.dll') then
 				idpAddFile(PY2, ExpandConstant('{tmp}\python.msi'));
 
-			if IsComponentSelected('langs\python\python3') and not CheckDLL('python36.dll') then
+			if IsComponentSelected('langs\python\python3') and not CheckDLL('python38.dll') then
 				idpAddFile(PY3, ExpandConstant('{tmp}\python.exe'));
 		end;
 	end;