Merge pull request #57 from ZoiteChat/master

merge master changes into C17.

.github/workflows/msys-build.yml

@@ -1,56 +0,0 @@
-name: MSYS2 Build
-
-on:
-  push:
-    branches: [master]
-  pull_request:
-    branches: [master]
-
-jobs:
-  msys2_build:
-    runs-on: windows-latest
-    defaults:
-      run:
-        shell: msys2 {0}
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: msys2/setup-msys2@v2
-        with:
-          msystem: MINGW64
-          update: true
-          install: >-
-            mingw-w64-x86_64-gcc
-            mingw-w64-x86_64-pkg-config
-            mingw-w64-x86_64-python-cffi
-            mingw-w64-x86_64-meson
-            mingw-w64-x86_64-ninja
-            mingw-w64-x86_64-gtk2
-            mingw-w64-x86_64-gtk-update-icon-cache
-            mingw-w64-x86_64-luajit
-            mingw-w64-x86_64-desktop-file-utils
-            mingw-w64-x86_64-gettext-tools
-
-      - name: Sanity check gettext ITS rules
-        run: |
-          set -eux
-          which msgfmt || true
-          msgfmt --version
-          ls -la /mingw64/share/gettext-*/its || true
-
-      - name: Configure
-        run: |
-          set -eux
-          rm -rf build
-          meson setup build \
-            -Dtext-frontend=true \
-            -Ddbus=disabled \
-            -Dwith-upd=false \
-            -Dwith-perl=false
-
-      - name: Build
-        run: ninja -C build
-
-      - name: Test
-        run: ninja -C build test

changelog.rst

@@ -1,6 +1,13 @@
 ZoiteChat ChangeLog
 =================
 
+2.17.4 (2026-02-03)
+-------------------
+
+- STS handling now persists server policies, enforces upgrades more consistently, and falls back to current ports when needed.
+- Windows build workflow updated (MSYS2 setup changes) and OpenSSL trust store handling tightened for safer TLS connections.
+- Reduced GLib coupling in multiple Windows subsystems (spellcheck, history, sysinfo) plus small stability fixes.
+
 2.17.3 (2026-01-17)
 -------------------
 

data/misc/net.zoite.Zoitechat.appdata.xml.in

@@ -25,6 +25,16 @@
     <id>zoitechat.desktop</id>
   </provides>
 <releases>
+  <release date="2026-02-03" version="2.17.4">
+    <description>
+      <p>Fixes and minor features:</p>
+      <ul>
+        <li>STS handling now persists server policies, enforces upgrades more consistently, and falls back to current ports when needed.</li>
+        <li>Windows build workflow updated (MSYS2 setup changes) and OpenSSL trust store handling tightened for safer TLS connections.</li>
+        <li>Reduced GLib coupling in multiple Windows subsystems (spellcheck, history, sysinfo) plus small stability fixes.</li>
+      </ul>
+    </description>
+  </release>
   <release date="2026-01-17" version="2.17.3">
     <description>
       <p>Fixes and minor features:</p>

meson.build

@@ -1,5 +1,5 @@
 project('zoitechat', 'c',
-  version: '2.17.3',
+  version: '2.17.4',
   meson_version: '>= 0.47.0',
   default_options: [
     'c_std=c17',

readme.md

@@ -5,7 +5,6 @@
 [![Flatpak Build](https://github.com/ZoiteChat/zoitechat/actions/workflows/flatpak-build.yml/badge.svg)](https://github.com/ZoiteChat/zoitechat/actions/workflows/flatpak-build.yml)
 [![AppImage Build](https://github.com/ZoiteChat/zoitechat/actions/workflows/appimage-build.yml/badge.svg)](https://github.com/ZoiteChat/zoitechat/actions/workflows/appimage-build.yml)
 [![Windows Build](https://github.com/ZoiteChat/zoitechat/actions/workflows/windows-build.yml/badge.svg)](https://github.com/ZoiteChat/zoitechat/actions/workflows/windows-build.yml)
-[![MSYS2 Build](https://github.com/ZoiteChat/zoitechat/actions/workflows/msys-build.yml/badge.svg)](https://github.com/ZoiteChat/zoitechat/actions/workflows/msys-build.yml)
 [![OpenBSD Build](https://github.com/ZoiteChat/zoitechat/actions/workflows/openbsd-build.yml/badge.svg)](https://github.com/ZoiteChat/zoitechat/actions/workflows/openbsd-build.yml)
 
 [![Version][github-version-img]][github-version-uri] [![Downloads][github-downloads-img]][github-downloads-uri] [![Size][github-size-img]][github-size-img] [![Last Commit][github-commit-img]][github-commit-img] [![Contributors][contribs-all-img]](#contributors-)

src/common/inbound.c

@@ -1713,6 +1713,26 @@ void
 inbound_cap_ack (server *serv, char *nick, char *extensions,
 					  const message_tags_data *tags_data)
 {
+	if (extensions)
+	{
+		char **tokens = g_strsplit (extensions, " ", 0);
+		int i;
+
+		for (i = 0; tokens[i]; i++)
+		{
+			char **parts = g_strsplit (tokens[i], "=", 2);
+
+			if (!g_strcmp0 (parts[0], "sts") && parts[1] && parts[1][0])
+			{
+				sts_handle_capability (serv, parts[1]);
+			}
+
+			g_strfreev (parts);
+		}
+
+		g_strfreev (tokens);
+	}
+
 	EMIT_SIGNAL_TIMESTAMP (XP_TE_CAPACK, serv->server_session, nick, extensions,
 								  NULL, NULL, 0, tags_data->timestamp);
 
@@ -1880,6 +1900,11 @@ inbound_cap_ls (server *serv, char *nick, char *extensions_str,
 			{
 				sts_upgrade_triggered |= sts_handle_capability (serv, value);
 			}
+			else
+			{
+				PrintTextf (serv->server_session,
+							_("Invalid STS capability token without a value; ignoring."));
+			}
 			continue;
 		}
 

src/common/sts.c

@@ -338,7 +338,13 @@ sts_parse_value (const char *value, guint16 *port, guint64 *duration, gboolean *
 		{
 			gint64 port_value;
 
-			if (*has_port || !val)
+			if (*has_port)
+			{
+				g_strfreev (tokens);
+				return FALSE;
+			}
+
+			if (!val)
 			{
 				continue;
 			}
@@ -354,7 +360,13 @@ sts_parse_value (const char *value, guint16 *port, guint64 *duration, gboolean *
 		{
 			guint64 duration_value;
 
-			if (*has_duration || !val)
+			if (*has_duration)
+			{
+				g_strfreev (tokens);
+				return FALSE;
+			}
+
+			if (!val)
 			{
 				continue;
 			}
@@ -365,10 +377,16 @@ sts_parse_value (const char *value, guint16 *port, guint64 *duration, gboolean *
 		}
 		else if (!g_ascii_strcasecmp (key, "preload"))
 		{
-			if (*has_preload)
+			if (val)
 			{
 				continue;
 			}
+
+			if (*has_preload)
+			{
+				g_strfreev (tokens);
+				return FALSE;
+			}
 			*preload = TRUE;
 			*has_preload = TRUE;
 		}
@@ -553,15 +571,7 @@ sts_handle_capability (struct server *serv, const char *value)
 	{
 		if (!has_port)
 		{
-			if (serv->port > 0)
-			{
-				port = (guint16) serv->port;
-				has_port = TRUE;
-			}
-			else
-			{
-				return FALSE;
-			}
+			return FALSE;
 		}
 #ifdef USE_OPENSSL
 		if (serv->sts_upgrade_in_progress)
@@ -578,12 +588,13 @@ sts_handle_capability (struct server *serv, const char *value)
 			serv->disconnect (serv->server_session, FALSE, -1);
 			serv->connect (serv, host_copy, (int) port, serv->no_login);
 		}
+		return TRUE;
 #else
 		PrintTextf (serv->server_session,
 					_("STS upgrade requested for %s, but TLS is not available.\n"),
 					hostname);
+		return FALSE;
 #endif
-		return TRUE;
 	}
 
 	if (!has_duration)
@@ -601,12 +612,14 @@ sts_handle_capability (struct server *serv, const char *value)
 	{
 		time_t now = time (NULL);
 		time_t expires_at = now + (time_t) duration;
-		guint16 effective_port = serv->port > 0 ? (guint16) serv->port : port;
+		guint16 effective_port = 0;
+		sts_profile *existing_profile;
 		sts_profile *profile;
 
-		if (effective_port == 0)
+		existing_profile = sts_profile_lookup (hostname, now);
+		if (existing_profile)
 		{
-			return FALSE;
+			effective_port = existing_profile->port;
 		}
 
 		profile = sts_profile_new (hostname, effective_port, expires_at, duration,

win32/version.txt

@@ -1 +1 @@
-2.17.3
+2.17.4