diff --git a/ChangeLog.adoc b/ChangeLog.adoc index c5f638f73..da99b6d62 100644 --- a/ChangeLog.adoc +++ b/ChangeLog.adoc @@ -33,6 +33,7 @@ Bug fixes:: * core: fix memory leak in calculation of expression on FreeBSD (issue #1469) * core: fix resize of a bar when its size is 0 (automatic) (issue #1470) * python: fix crash when invalid UTF-8 string is in a WeeChat hashtable converted to a Python dict (issue #1463) + * trigger: do not hide values of options with /set command in cmd_pass trigger Documentation:: diff --git a/ReleaseNotes.adoc b/ReleaseNotes.adoc index 9ac4d7077..23c2ddaea 100644 --- a/ReleaseNotes.adoc +++ b/ReleaseNotes.adoc @@ -32,6 +32,77 @@ Motivations: * GnuTLS library should be available everywhere * reduce complexity of code and tests of builds. +[[v2.9_trigger_cmd_pass_remove_set_command]] +=== The trigger "cmd_pass" does not hide any more values of /set command + +The default trigger "cmd_pass" does not hide any more values of options in `/set` +command which contain "password" in the name. + +The reason is that it was masking values of options that contains the word +"password" but the value is not a password and does not contain sensitive data, +for example these options were affected: + +* irc.look.nicks_hide_password +* relay.network.allow_empty_password +* relay.network.password_hash_algo +* relay.network.password_hash_iterations + +Since all real password options are now evaluated, it is recommended to use +secure data to store the passwords ciphered in config file. + +By using secure data, the passwords are never displayed on screen (even with +`/set` command) nor written in log files. + +For example you can do that: + +---- +/secure passphrase my_secret_passphrase +/secure set freenode my_password +/set irc.server.freenode.sasl_password "${sec.data.freenode}" +---- + +This will be displayed like that in WeeChat, using the new regex value of +_cmd_pass_ trigger: + +---- +/secure passphrase ******************** +/secure set freenode *********** +/set irc.server.freenode.sasl_password "${sec.data.freenode}" +---- + +If you want to use the new trigger regex after upgrade, you can do: + +---- +/trigger restore cmd_pass +---- + +If ever you prefer the old trigger regex, you can change it like that: + +---- +/set trigger.trigger.cmd_pass.regex "==^((/(msg|m|quote) +(-server +[^ ]+ +)?nickserv +(id|identify|set +password|ghost +[^ ]+|release +[^ ]+|regain +[^ ]+|recover +[^ ]+) +)|/oper +[^ ]+ +|/quote +pass +|/set +[^ ]*password[^ ]* +|/secure +(passphrase|decrypt|set +[^ ]+) +)(.*)==${re:1}${hide:*,${re:+}}" +---- + +[[v2.9_trigger_command_eval]] +=== Evaluation of trigger command arguments + +The arguments for a trigger command (except the command itself) are now evaluated. + +That means you can use for example new lines in the command description, like that: + +---- +/trigger add test command "test;test command;arg1 arg2;arg1: description 1${\n}arg2: description 2" +---- + +The command `/help test` will display this help in WeeChat: + +---- +[trigger] /test arg1 arg2 + +test command + +arg1: description 1 +arg2: description 2 +---- + [[v2.9_relay_weechat_protocol_handshake_nonce]] === Add of handshake and nonce in weechat relay protocol @@ -62,28 +133,6 @@ a breaking change in protocol, needed for security reasons. See the link:weechat_relay_protocol.en.html#command_init[init command] in Relay protocol doc for more information. -[[v2.9_trigger_command_eval]] -=== Evaluation of trigger command arguments - -The arguments for a trigger command (except the command itself) are now evaluated. - -That means you can use for example new lines in the command description, like that: - ----- -/trigger add test command "test;test command;arg1 arg2;arg1: description 1${\n}arg2: description 2" ----- - -The command `/help test` will display this help in WeeChat: - ----- -[trigger] /test arg1 arg2 - -test command - -arg1: description 1 -arg2: description 2 ----- - [[v2.8]] == Version 2.8 (2020-03-29) diff --git a/src/plugins/trigger/trigger-config.c b/src/plugins/trigger/trigger-config.c index 128ae6bb3..83dcaa327 100644 --- a/src/plugins/trigger/trigger-config.c +++ b/src/plugins/trigger/trigger-config.c @@ -71,7 +71,6 @@ char *trigger_config_default_list[][1 + TRIGGER_NUM_OPTIONS] = * - /msg nickserv id|identify|ghost|release|regain|recover * - /oper * - /quote pass - * - /set *password* * - /secure passphrase|decrypt|set */ { "cmd_pass", "on", @@ -84,7 +83,6 @@ char *trigger_config_default_list[][1 + TRIGGER_NUM_OPTIONS] = "recover +[^ ]+) +)|" "/oper +[^ ]+ +|" "/quote +pass +|" - "/set +[^ ]*password[^ ]* +|" "/secure +(passphrase|decrypt|set +[^ ]+) +)" "(.*)" "==${re:1}${hide:*,${re:+}}",