Commit graph

2800 commits

Author SHA1 Message Date
Daniel Gultsch 7177c523a1 Do not insert text shared over XMPP uri when already drafting message
XMPP uris in the style of `xmpp:test@domain.tld?body=Something` can be used to
directly share a message with a specific contact. Previously the text was
always appended to the message currently in draft. The message was never send
automatically. Essentially those links where treated like normal text share
intents (for example when sharing a URL from the browser) but without the
contact selection.

There is a concern (CVE-2018-18467) that when this URI is invoked automatically
and the user is currently drafting a long message to that particular contact
the text could be inserted in the draft field (input box) without the user
noticing.

To circumvent that the text shared over XMPP uris that contain a particular
contact is now appended only if the draft box is currently empty.

Sharing text normally (**with** manual contact selection) is still treated the
same; meaning the shared text will be appended to the current draft. This is
intended behaviour to make the
'Hey I have this cool link here;' *open browser*, *share link* - secenario
work.
2018-10-19 15:39:31 +02:00
Daniel Gultsch 71bbd379e9 removed unused paramater 'newTask' from switchToConversation api 2018-10-19 15:18:36 +02:00
Daniel Gultsch 4f12cf06ed revert back to 16 byte IVs for omemo since ChatSecure doesn’t support 12 byte 2018-10-17 20:46:57 +02:00
Daniel Gultsch 5f8184fe8e only store non hardcoded resolver result in db 2018-10-16 12:23:27 +02:00
Daniel Gultsch 2edab21423 render 'read up to this point' in 1:1 when followed by date bubble
fixes #3237
2018-10-16 12:18:28 +02:00
Daniel Gultsch 2e2914ee78 fixed NPE after attempt to store user@ip style jid resolver result 2018-10-13 16:13:33 +02:00
Daniel Gultsch dd1d1858d0 fixed cache cleaning cleaning all confercenes instead of where contact is. closes #3229 2018-10-12 16:13:37 +02:00
Daniel Gultsch 5718d552ed do not show 'open website' button after info has changed
fixes #3220
2018-10-11 05:06:46 +02:00
Daniel Gultsch 409bf3c0cb use bouncycastle provider up to api 27
apparently using conscrypt on Android below version 7? throws an exception when using 16 byte IVs.
so we now use BC when ever possible (excluding api 28)

we don’t know why Conscrypt behaves differently on various android versions
2018-10-11 04:36:37 +02:00
Daniel Gultsch 7c5af89c89 offer either 'cancel download' or 'delete file' but not both
fixes #3221
2018-10-11 04:33:14 +02:00
Licaon_Kter 58c6dbbbbe Lower foreground service notification priority (#3223)
...so no useless icon is shown on the status bar on Android 7 and older (as it was up to 2.2.9)
2018-10-11 02:44:17 +02:00
Daniel Gultsch 57fe153ef1 make 'cancelled' work for jingle ft 2018-10-08 10:31:41 +02:00
Daniel Gultsch bdb8d98eb1 show snackbar for remote server timeout in mucs 2018-10-08 10:31:11 +02:00
Daniel Gultsch de0741bdf7 show cancelled instead of delivery failed if user requested to abort transfer 2018-10-07 14:59:08 +02:00
Daniel Gultsch 284861de65 Do not attempt to draw overlay on null bitmap 2018-10-07 13:44:20 +02:00
Daniel Gultsch 3dceb9d3ad refactor video qualtiy selector; less technical descriptions; code cleanup 2018-10-07 13:09:13 +02:00
Daniel Gultsch 84f7aeaea0 Merge branch 'video-selector' of https://github.com/licaon-kter/Conversations into licaon-kter-video-selector 2018-10-07 09:51:14 +02:00
licaon-kter a6fef8101b Fix selector, limit formats to 360 & 720 per CTS 2018-10-07 04:25:16 +03:00
Daniel Gultsch f23311ab3f PRNG fixes were a nop ever since we switched to 4.4+ 2018-10-06 19:34:20 +02:00
Daniel Gultsch 521bb7846c catch exception if Conscrypt could not be initialized and use tls 1.2 2018-10-06 19:33:38 +02:00
Daniel Gultsch 8980a0c631 make jids appear as monospace in dialogs 2018-10-06 17:03:12 +02:00
licaon-kter fcccf545ba Add video compression selector 2018-10-06 17:15:32 +03:00
Daniel Gultsch fd165e5106 add confirmation dialog for deleting files
fixes #3202, closes #3193, closes #3214
2018-10-06 14:59:28 +02:00
Daniel Gultsch 7aa8aba5c0 code cleanup / reformat in ShareViaAccount 2018-10-06 12:48:39 +02:00
Daniel Gultsch ce46b36c33 go back to 16 byte IVs for OMEMO
clients like Dino can’t handle 12 byte IVs
2018-10-04 22:32:42 +02:00
Daniel Gultsch 0e3be466ad fixed regression introduce in earlier commit. don’t use conscrypt on older devices 2018-10-04 19:21:23 +02:00
Daniel Gultsch bfa63e13c5 added a few TODOs in regards to the handling of inactive devices 2018-10-04 18:48:45 +02:00
Daniel Gultsch 04ac2264e8 Do weOwnFile security check only when attaching
The general security check is recommend so a third party can not ask us to send an internal file. But we don’t need to do this for files we attach ourself from within Conversations
2018-10-04 17:17:20 +02:00
Daniel Gultsch 657b1cae9d use fab.hide() and fab.show() - this will animate the process 2018-10-04 16:46:35 +02:00
Daniel Gultsch 390175e5b3 use short read timeout when waiting for first stream open. disable read timeout aftwards 2018-10-04 11:20:02 +02:00
Daniel Gultsch a34033dea3 run through sendMessage() procedure instead of taking shortcut after returning from TrustKeys
The shortcut didn’t take care of message edits and some other things
2018-10-03 23:23:47 +02:00
Daniel Gultsch 23282484d6 prevent race condition when fetching device ids 2018-10-03 22:03:47 +02:00
Daniel Gultsch f608fb349a refactored file encryption to give access to inner stream
Conscrypt on some plattforms doesn’t like when we close the CipherInputStream. Therefor we refactor the api to give us access to the inner stream so we can close that independently.
2018-10-03 18:14:45 +02:00
Daniel Gultsch 4c08ba8d03 use 12 byte IV for omemo and http upload 2018-10-03 17:44:48 +02:00
Daniel Gultsch 9ca636589c remove more legacy otr decryption code 2018-10-03 12:50:54 +02:00
Daniel Gultsch 7fa8811f64 refresh ui after device list update only if list has changed 2018-10-03 11:53:02 +02:00
Daniel Gultsch b2cbd60f94 use Consistent Color Generation (XEP-0392 v0.6) 2018-10-02 20:33:53 +02:00
Daniel Gultsch 98d3d91a8e create notification channel for quite hours. fixes #3212 2018-10-02 20:25:03 +02:00
Daniel Gultsch d4b98c9aff made xmpp domain verifier verify wildcard domains where domain is a sub.sub domain 2018-10-01 17:08:23 +02:00
Daniel Gultsch db2107c093 clean up connection code. unify domain = ip and extended connection settings into fake resolver 2018-10-01 17:07:37 +02:00
Daniel Gultsch 8270adf703 use sni and alpn for start tls as well. apperently google requires it 2018-10-01 11:34:27 +02:00
Daniel Gultsch 1cbb60d7ed removed unused code (otr jingle encrypted file transfer) 2018-09-30 13:48:11 +02:00
Daniel Gultsch bb6b647af8 use stronger video compression (lower bitrate & lower resolution) 2018-09-28 18:38:54 +02:00
Daniel Gultsch 9816261569 introduced error code for server not opening stream after auth or starttls 2018-09-27 17:39:49 +02:00
Daniel Gultsch cf879dd8e8 fixed sni and alpn for kitkat 2018-09-27 10:00:58 +02:00
Daniel Gultsch d737ea296e code cleanup 2018-09-27 09:59:05 +02:00
Daniel Gultsch 681ce91ab8 do not run through connection loop after thread was interrupted and resolver returned 0 results 2018-09-26 14:39:04 +02:00
Daniel Gultsch 6121217df5 fixed auth 2018-09-26 10:39:36 +02:00
Sam Whited ef4cfacaf4 Fix auth when upgrading from SCRAM-SHA-1 to -256 (#3192) 2018-09-26 10:19:54 +02:00
Daniel Gultsch 9015d0a1fc interrupt sub thread in resolver 2018-09-26 10:18:56 +02:00