Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package weechat for openSUSE:Factory checked 
in at 2026-07-06 12:32:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/weechat (Old)
 and      /work/SRC/openSUSE:Factory/.weechat.new.1982 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "weechat"

Mon Jul  6 12:32:57 2026 rev:95 rq:1363873 version:4.9.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/weechat/weechat.changes  2026-06-09 
14:26:51.232814132 +0200
+++ /work/SRC/openSUSE:Factory/.weechat.new.1982/weechat.changes        
2026-07-06 12:35:29.233988238 +0200
@@ -1,0 +2,14 @@
+Sun Jul  5 14:25:38 UTC 2026 - Hunter Wardlaw <[email protected]>
+
+- Update to 4.9.3:
+  * core: fix buffer overflow in connection to SOCKS5 proxy (#2325)
+  * core: fix possible buffer overflow in command /color alias (#2330)
+  * core: fix possible buffer overflow in list of commands displayed 
+    by /help (#2330)
+  * api: do not free dynamic string on error in function string_dyn_concat
+  * relay/api: fix memory leak in resources "handshake", "input" and 
+    "completion" (GHSA-wmpc-m6g9-fwj8)
+  * relay: fix read of uncompressed websocket frame (#2331)
+  * xfer: fix out-of-bounds write in xfer file transfer resume (#2326)
+
+-------------------------------------------------------------------

Old:
----
  weechat-4.9.2.tar.xz
  weechat-4.9.2.tar.xz.asc

New:
----
  weechat-4.9.3.tar.xz
  weechat-4.9.3.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ weechat.spec ++++++
--- /var/tmp/diff_new_pack.XgXDzq/_old  2026-07-06 12:35:31.918081502 +0200
+++ /var/tmp/diff_new_pack.XgXDzq/_new  2026-07-06 12:35:31.922081641 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           weechat
-Version:        4.9.2
+Version:        4.9.3
 Release:        0
 Summary:        Multi-protocol extensible Chat Client
 License:        GPL-3.0-or-later

++++++ weechat-4.9.2.tar.xz -> weechat-4.9.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/.poexam/poexam.toml 
new/weechat-4.9.3/.poexam/poexam.toml
--- old/weechat-4.9.2/.poexam/poexam.toml       2026-06-07 09:25:09.000000000 
+0200
+++ new/weechat-4.9.3/.poexam/poexam.toml       2026-07-05 15:40:23.000000000 
+0200
@@ -7,9 +7,11 @@
     "checks",
 ]
 ignore = [
+    "acronyms",
     "brackets",
     "double-quotes",
     "double-words",
+    "functions",
     "header",
     "html-tags",
     "paths",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/CHANGELOG.md 
new/weechat-4.9.3/CHANGELOG.md
--- old/weechat-4.9.2/CHANGELOG.md      2026-06-07 09:25:09.000000000 +0200
+++ new/weechat-4.9.3/CHANGELOG.md      2026-07-05 15:40:23.000000000 +0200
@@ -6,6 +6,18 @@
 
 # WeeChat ChangeLog
 
+## Version 4.9.3 (2026-07-05)
+
+### Fixed
+
+- core: fix buffer overflow in connection to SOCKS5 proxy 
([#2325](https://github.com/weechat/weechat/issues/2325))
+- core: fix possible buffer overflow in command /color alias 
([#2330](https://github.com/weechat/weechat/issues/2330))
+- core: fix possible buffer overflow in list of commands displayed by /help 
([#2330](https://github.com/weechat/weechat/issues/2330))
+- api: do not free dynamic string on error in function string_dyn_concat
+- relay/api: fix memory leak in resources "handshake", "input" and 
"completion" 
([GHSA-wmpc-m6g9-fwj8](https://github.com/weechat/weechat/security/advisories/GHSA-wmpc-m6g9-fwj8))
+- relay: fix read of uncompressed websocket frame 
([#2331](https://github.com/weechat/weechat/issues/2331))
+- xfer: fix out-of-bounds write in xfer file transfer resume 
([#2326](https://github.com/weechat/weechat/issues/2326))
+
 ## Version 4.9.2 (2026-06-07)
 
 ### Fixed
@@ -25,9 +37,9 @@
 
 - core: fix option weechat.look.color_real_white not applied when color is 
"white" on 16+ colors terminals 
([#1742](https://github.com/weechat/weechat/issues/1742))
 - irc: fix tag in message with list of names when joining a channel
-- relay: limit size of decompressed websocket frame with permessage-deflate to 
prevent memory exhaustion 
([GHSA-v2v4-45wm-5cr3](https://github.com/weechat/weechat/security/advisories/GHSA-v2v4-45wm-5cr3))
-- relay: fix timing attack on password authentication 
([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc))
-- api, relay: fix timing attack on TOTP validation 
([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc))
+- relay: limit size of decompressed websocket frame with permessage-deflate to 
prevent memory exhaustion 
([GHSA-v2v4-45wm-5cr3](https://github.com/weechat/weechat/security/advisories/GHSA-v2v4-45wm-5cr3),
 
[CVE-2026-53524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-53524))
+- relay: fix timing attack on password authentication 
([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc),
 
[CVE-2026-53525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-53525))
+- api, relay: fix timing attack on TOTP validation 
([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc),
 
[CVE-2026-53525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-53525))
 
 ## Version 4.9.0 (2026-03-29)
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/doc/en/weechat_plugin_api.en.adoc 
new/weechat-4.9.3/doc/en/weechat_plugin_api.en.adoc
--- old/weechat-4.9.2/doc/en/weechat_plugin_api.en.adoc 2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/doc/en/weechat_plugin_api.en.adoc 2026-07-05 
15:40:23.000000000 +0200
@@ -3474,6 +3474,8 @@
 The pointer _*string_ can change if the string is reallocated (if there is
 not enough space to concatenate the string).
 
+In case of error, the dynamic string is left unchanged.
+
 Prototype:
 
 [source,c]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/doc/en/weechat_relay_api.en.adoc 
new/weechat-4.9.3/doc/en/weechat_relay_api.en.adoc
--- old/weechat-4.9.2/doc/en/weechat_relay_api.en.adoc  2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/doc/en/weechat_relay_api.en.adoc  2026-07-05 
15:40:23.000000000 +0200
@@ -1028,6 +1028,13 @@
   confused with the buffer number, which is different)
 * `buffer_name` (string, **required**): buffer name
 
+Query parameters:
+
+* `colors` (string, optional, default: `ansi`): how to return strings with 
color codes:
+** `ansi`: return ANSI color codes
+** `weechat`: return WeeChat internal color codes
+** `strip`: strip colors
+
 Request example: get nicks of a buffer:
 
 [source,shell]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/doc/fr/weechat_plugin_api.fr.adoc 
new/weechat-4.9.3/doc/fr/weechat_plugin_api.fr.adoc
--- old/weechat-4.9.2/doc/fr/weechat_plugin_api.fr.adoc 2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/doc/fr/weechat_plugin_api.fr.adoc 2026-07-05 
15:40:23.000000000 +0200
@@ -3532,6 +3532,8 @@
 Le pointeur _*string_ peut changer si la chaîne est réallouée (s'il n'y a pas
 assez de place pour concaténer la chaîne).
 
+En cas d'erreur, la chaîne dynamique reste inchangée.
+
 Prototype :
 
 [source,c]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/doc/fr/weechat_relay_api.fr.adoc 
new/weechat-4.9.3/doc/fr/weechat_relay_api.fr.adoc
--- old/weechat-4.9.2/doc/fr/weechat_relay_api.fr.adoc  2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/doc/fr/weechat_relay_api.fr.adoc  2026-07-05 
15:40:23.000000000 +0200
@@ -1040,6 +1040,14 @@
   confondre avec le numéro du tampon, qui est différent)
 * `buffer_name` (chaîne, **obligatoire**) : nom du tampon
 
+Paramètres de requête :
+
+* `colors` (chaîne, facultatif, par défaut : `ansi`) : comment les chaînes avec
+  des couleurs sont retournées :
+** `ansi` : retourner les codes couleur ANSI
+** `weechat` : retourner les codes couleur internes WeeChat
+** `strip` : supprimer les couleurs
+
 Exemple de requête : obtenir les pseudos d'un tampon :
 
 [source,shell]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/doc/it/weechat_plugin_api.it.adoc 
new/weechat-4.9.3/doc/it/weechat_plugin_api.it.adoc
--- old/weechat-4.9.2/doc/it/weechat_plugin_api.it.adoc 2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/doc/it/weechat_plugin_api.it.adoc 2026-07-05 
15:40:23.000000000 +0200
@@ -3635,6 +3635,9 @@
 The pointer _*string_ can change if the string is reallocated (if there is
 not enough space to concatenate the string).
 
+// TRANSLATION MISSING
+In case of error, the dynamic string is left unchanged.
+
 Prototipo:
 
 [source,c]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/doc/ja/weechat_plugin_api.ja.adoc 
new/weechat-4.9.3/doc/ja/weechat_plugin_api.ja.adoc
--- old/weechat-4.9.2/doc/ja/weechat_plugin_api.ja.adoc 2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/doc/ja/weechat_plugin_api.ja.adoc 2026-07-05 
15:40:23.000000000 +0200
@@ -3586,6 +3586,9 @@
 文字列が再確保された場合 (文字列を連結するのに十分なサイズが確保されていなかった場合)
 にはポインタ _*string_ が変わる可能性があります。
 
+// TRANSLATION MISSING
+In case of error, the dynamic string is left unchanged.
+
 プロトタイプ:
 
 [source,c]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/doc/sr/weechat_plugin_api.sr.adoc 
new/weechat-4.9.3/doc/sr/weechat_plugin_api.sr.adoc
--- old/weechat-4.9.2/doc/sr/weechat_plugin_api.sr.adoc 2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/doc/sr/weechat_plugin_api.sr.adoc 2026-07-05 
15:40:23.000000000 +0200
@@ -3356,6 +3356,9 @@
 
 Показивач на стринг _*string_ може да се промени ако се стринг реалоцира (у 
случају да нема довољно простора за надовезивање стринга).
 
+// TRANSLATION MISSING
+In case of error, the dynamic string is left unchanged.
+
 Прототип:
 
 [source,c]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/doc/sr/weechat_relay_api.sr.adoc 
new/weechat-4.9.3/doc/sr/weechat_relay_api.sr.adoc
--- old/weechat-4.9.2/doc/sr/weechat_relay_api.sr.adoc  2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/doc/sr/weechat_relay_api.sr.adoc  2026-07-05 
15:40:23.000000000 +0200
@@ -1024,12 +1024,19 @@
 GET /api/buffers/{име_бафера}/nicks
 ----
 
-Параметри упита:
+Параметри путање:
 
 * `id_бафера` (цео број, **обавезно**): јединствени идентификатор бафера (не 
треба
   да се помеша са бројем бафера, то је нешто друго)
 * `име_бафера` (стринг, **обавезно**): име бафера
 
+Параметри упита:
+
+* `colors` (стринг, није обавезно, подразумевано: `ansi`): како се враћају 
стрингови са кодовима боје:
+** `ansi`: враћају се ANSI кодови боје
+** `weechat`: враћају се WeeChat интерни кодови боје
+** `strip`: уклањају се боје
+
 Пример захтева: врати надимке бафера:
 
 [source,shell]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/po/de.po new/weechat-4.9.3/po/de.po
--- old/weechat-4.9.2/po/de.po  2026-06-07 09:25:09.000000000 +0200
+++ new/weechat-4.9.3/po/de.po  2026-07-05 15:40:23.000000000 +0200
@@ -29,7 +29,7 @@
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: [email protected]\n"
 "POT-Creation-Date: 2026-03-21 17:24+0100\n"
-"PO-Revision-Date: 2026-03-21 17:24+0100\n"
+"PO-Revision-Date: 2026-07-03 08:28+0200\n"
 "Last-Translator: Nils Görs <[email protected]>\n"
 "Language-Team: German <[email protected]>\n"
 "Language: de_DE\n"
@@ -17330,7 +17330,7 @@
 "Um Tastenkurzbefehle im Skript-Buffer direkt nutzen zu können (zum Beispiel: "
 "alt+i = installieren, alt+r = entfernen, ...), muss diese Einstellung "
 "aktiviert werden. Andernfalls können Aktionen nur über die Eingabezeile "
-"durchgeführt werden: i,r..."
+"durchgeführt werden: i,r, ..."
 
 msgid "color for status \"autoloaded\" (\"a\")"
 msgstr "Farbe in der der Status \"autoloaded\" (\"a\") dargestellt werden soll"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/src/core/core-command.c 
new/weechat-4.9.3/src/core/core-command.c
--- old/weechat-4.9.2/src/core/core-command.c   2026-06-07 09:25:09.000000000 
+0200
+++ new/weechat-4.9.3/src/core/core-command.c   2026-07-05 15:40:23.000000000 
+0200
@@ -1720,17 +1720,12 @@
             else
                 str_alias = argv[i];
         }
-        str_color[0] = '\0';
-        if (str_alias)
-        {
-            strcat (str_color, ";");
-            strcat (str_color, str_alias);
-        }
-        if (str_rgb)
-        {
-            strcat (str_color, ";");
-            strcat (str_color, str_rgb);
-        }
+        snprintf (str_color, sizeof (str_color),
+                  "%s%s%s%s",
+                  (str_alias) ? ";" : "",
+                  (str_alias) ? str_alias : "",
+                  (str_rgb) ? ";" : "",
+                  (str_rgb) ? str_rgb : "");
 
         /* add color alias */
         snprintf (str_command, sizeof (str_command),
@@ -2980,7 +2975,7 @@
     struct t_gui_buffer *ptr_buffer;
     int command_found, length, max_length, list_size;
     int cols, lines, col, line, index;
-    char str_format[64], str_command[256], str_line[2048];
+    char str_format[64], str_command[256], **str_line;
 
     if (verbose)
     {
@@ -3083,27 +3078,29 @@
             }
 
             /* display lines with commands, in columns */
-            for (line = 0; line < lines; line++)
+            str_line = string_dyn_alloc (256);
+            if (str_line)
             {
-                str_line[0] = '\0';
-                for (col = 0; col < cols; col++)
+                for (line = 0; line < lines; line++)
                 {
-                    index = (col * lines) + line;
-                    if (index < list_size)
+                    string_dyn_copy (str_line, NULL);
+                    for (col = 0; col < cols; col++)
                     {
-                        item = weelist_get (list, index);
-                        if (item)
+                        index = (col * lines) + line;
+                        if (index < list_size)
                         {
-                            if (strlen (str_line) + strlen (weelist_string 
(item)) + 1 < (int)sizeof (str_line))
+                            item = weelist_get (list, index);
+                            if (item)
                             {
                                 snprintf (str_command, sizeof (str_command),
                                           str_format, weelist_string (item));
-                                strcat (str_line, str_command);
+                                string_dyn_concat (str_line, str_command, -1);
                             }
                         }
                     }
+                    gui_chat_printf (NULL, "%s", *str_line);
                 }
-                gui_chat_printf (NULL, "%s", str_line);
+                string_dyn_free (str_line, 1);
             }
         }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/src/core/core-network.c 
new/weechat-4.9.3/src/core/core-network.c
--- old/weechat-4.9.2/src/core/core-network.c   2026-06-07 09:25:09.000000000 
+0200
+++ new/weechat-4.9.3/src/core/core-network.c   2026-07-05 15:40:23.000000000 
+0200
@@ -581,7 +581,13 @@
                           int port)
 {
     struct t_network_socks5 socks5;
-    unsigned char buffer[288];
+    /*
+     * buffer must be large enough for the username/password authentication
+     * request, which is the longest message sent/received here; according to
+     * RFC 1929 it is: version (1) + username length (1) + username (max 255)
+     * + password length (1) + password (max 255)
+     */
+    unsigned char buffer[2 + 255 + 1 + 255];
     int username_len, password_len, addr_len, addr_buffer_len;
     unsigned char *addr_buffer;
     char *username, *password;
@@ -630,6 +636,18 @@
         username_len = strlen (username);
         password_len = strlen (password);
 
+        /*
+         * username and password length are each stored on a single byte
+         * (RFC 1929), so they cannot exceed 255 bytes: reject longer values,
+         * otherwise the memcpy calls below would overflow the buffer
+         */
+        if ((username_len > 255) || (password_len > 255))
+        {
+            free (username);
+            free (password);
+            return 0;
+        }
+
         /* make username/password buffer */
         buffer[0] = 1;
         buffer[1] = (unsigned char) username_len;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/src/core/core-string.c 
new/weechat-4.9.3/src/core/core-string.c
--- old/weechat-4.9.2/src/core/core-string.c    2026-06-07 09:25:09.000000000 
+0200
+++ new/weechat-4.9.3/src/core/core-string.c    2026-07-05 15:40:23.000000000 
+0200
@@ -4768,6 +4768,8 @@
  * if the string had to be extended, or the same pointer if there was enough
  * size to concatenate the new string.
  *
+ * In case of error, the dynamic string is left unchanged.
+ *
  * Return:
  *   1: OK
  *   0: error
@@ -4803,11 +4805,7 @@
             new_size_alloc = new_size;
         string_realloc = realloc (ptr_string_dyn->string, new_size_alloc);
         if (!string_realloc)
-        {
-            free (ptr_string_dyn->string);
-            free (ptr_string_dyn);
             return 0;
-        }
         ptr_string_dyn->string = string_realloc;
         ptr_string_dyn->size_alloc = new_size_alloc;
     }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/src/core/core-url.c 
new/weechat-4.9.3/src/core/core-url.c
--- old/weechat-4.9.2/src/core/core-url.c       2026-06-07 09:25:09.000000000 
+0200
+++ new/weechat-4.9.3/src/core/core-url.c       2026-07-05 15:40:23.000000000 
+0200
@@ -143,8 +143,10 @@
 
 struct t_url_constant url_authtype[] =
 {
+#if LIBCURL_VERSION_NUM < 0x081600 /* < 8.22.0 */
     URL_DEF_CONST(_TLSAUTH, NONE),
     URL_DEF_CONST(_TLSAUTH, SRP),
+#endif
     { NULL, 0 },
 };
 
@@ -409,9 +411,11 @@
     URL_DEF_OPTION(PASSWORD, STRING, NULL),
     URL_DEF_OPTION(PROXYUSERNAME, STRING, NULL),
     URL_DEF_OPTION(PROXYPASSWORD, STRING, NULL),
+#if LIBCURL_VERSION_NUM < 0x081600 /* < 8.22.0 */
     URL_DEF_OPTION(TLSAUTH_TYPE, MASK, url_authtype),
     URL_DEF_OPTION(TLSAUTH_USERNAME, STRING, NULL),
     URL_DEF_OPTION(TLSAUTH_PASSWORD, STRING, NULL),
+#endif
     URL_DEF_OPTION(SASL_AUTHZID, STRING, NULL),
 
     URL_DEF_OPTION(SASL_IR, LONG, NULL),
@@ -626,9 +630,11 @@
     URL_DEF_OPTION(PROXY_SSL_OPTIONS, LONG, url_ssl_options),
     URL_DEF_OPTION(PROXY_SSL_VERIFYHOST, LONG, NULL),
     URL_DEF_OPTION(PROXY_SSL_VERIFYPEER, LONG, NULL),
+#if LIBCURL_VERSION_NUM < 0x081600 /* < 8.22.0 */
     URL_DEF_OPTION(PROXY_TLSAUTH_PASSWORD, STRING, NULL),
     URL_DEF_OPTION(PROXY_TLSAUTH_TYPE, STRING, NULL),
     URL_DEF_OPTION(PROXY_TLSAUTH_USERNAME, STRING, NULL),
+#endif
     URL_DEF_OPTION(TLS13_CIPHERS, LIST, NULL),
     URL_DEF_OPTION(PROXY_TLS13_CIPHERS, LIST, NULL),
 #if LIBCURL_VERSION_NUM >= 0x074700 /* 7.71.0 */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/src/gui/curses/headless/main.c 
new/weechat-4.9.3/src/gui/curses/headless/main.c
--- old/weechat-4.9.2/src/gui/curses/headless/main.c    2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/src/gui/curses/headless/main.c    2026-07-05 
15:40:23.000000000 +0200
@@ -47,7 +47,7 @@
 daemonize (void)
 {
     pid_t pid;
-    int fd, i;
+    int fd, i, rc;
 
     printf ("%s ", _("Running WeeChat in background..."));
 
@@ -77,8 +77,9 @@
         close (i);
     }
     fd = open ("/dev/null", O_RDWR);
-    (void) dup (fd);
-    (void) dup (fd);
+    rc = dup (fd);
+    rc = dup (fd);
+    (void) rc;
 }
 
 /*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/src/gui/gui-buffer.c 
new/weechat-4.9.3/src/gui/gui-buffer.c
--- old/weechat-4.9.2/src/gui/gui-buffer.c      2026-06-07 09:25:09.000000000 
+0200
+++ new/weechat-4.9.3/src/gui/gui-buffer.c      2026-07-05 15:40:23.000000000 
+0200
@@ -3804,6 +3804,7 @@
 
     gui_hotlist_remove_buffer (buffer, 1);
     free (buffer->hotlist_removed);
+    buffer->hotlist_removed = NULL;
     if (gui_hotlist_initial_buffer == buffer)
         gui_hotlist_initial_buffer = NULL;
 
@@ -3822,55 +3823,85 @@
     /* free all lines */
     gui_line_free_all (buffer);
     free (buffer->own_lines);
+    buffer->own_lines = NULL;
     free (buffer->mixed_lines);
+    buffer->mixed_lines = NULL;
 
     /* free some data */
     gui_buffer_undo_free_all (buffer);
     gui_history_buffer_free (buffer);
     gui_completion_free (buffer->completion);
+    buffer->completion = NULL;
     gui_nicklist_remove_all (buffer);
     gui_nicklist_remove_group (buffer, buffer->nicklist_root);
+    buffer->nicklist_root = NULL;
     hashtable_free (buffer->hotlist_max_level_nicks);
+    buffer->hotlist_max_level_nicks = NULL;
     gui_key_free_all (-1, &buffer->keys, &buffer->last_key,
                       &buffer->keys_count, 0);
     gui_buffer_local_var_remove_all (buffer);
     hashtable_free (buffer->local_variables);
+    buffer->local_variables = NULL;
     free (buffer->plugin_name_for_upgrade);
+    buffer->plugin_name_for_upgrade = NULL;
     free (buffer->name);
+    buffer->name = NULL;
     free (buffer->full_name);
+    buffer->full_name = NULL;
     free (buffer->old_full_name);
+    buffer->old_full_name = NULL;
     free (buffer->short_name);
+    buffer->short_name = NULL;
     free (buffer->title);
+    buffer->title = NULL;
     free (buffer->modes);
+    buffer->modes = NULL;
     free (buffer->input_prompt);
+    buffer->input_prompt = NULL;
     free (buffer->input_buffer);
+    buffer->input_buffer = NULL;
     free (buffer->input_undo_snap);
+    buffer->input_undo_snap = NULL;
     free (buffer->text_search_input);
+    buffer->text_search_input = NULL;
     if (buffer->text_search_regex_compiled)
     {
         regfree (buffer->text_search_regex_compiled);
         free (buffer->text_search_regex_compiled);
+        buffer->text_search_regex_compiled = NULL;
     }
     free (buffer->highlight_words);
+    buffer->highlight_words = NULL;
     free (buffer->highlight_disable_regex);
+    buffer->highlight_disable_regex = NULL;
     if (buffer->highlight_disable_regex_compiled)
     {
         regfree (buffer->highlight_disable_regex_compiled);
         free (buffer->highlight_disable_regex_compiled);
+        buffer->highlight_disable_regex_compiled = NULL;
     }
     free (buffer->highlight_regex);
+    buffer->highlight_regex = NULL;
     if (buffer->highlight_regex_compiled)
     {
         regfree (buffer->highlight_regex_compiled);
         free (buffer->highlight_regex_compiled);
+        buffer->highlight_regex_compiled = NULL;
     }
     free (buffer->highlight_tags_restrict);
+    buffer->highlight_tags_restrict = NULL;
     string_free_split_tags (buffer->highlight_tags_restrict_array);
+    buffer->highlight_tags_restrict_array = NULL;
     free (buffer->highlight_tags);
+    buffer->highlight_tags = NULL;
     string_free_split_tags (buffer->highlight_tags_array);
+    buffer->highlight_tags_array = NULL;
     free (buffer->input_callback_data);
+    buffer->input_callback_data = NULL;
     free (buffer->close_callback_data);
+    buffer->close_callback_data = NULL;
     free (buffer->nickcmp_callback_data);
+    buffer->nickcmp_callback_data = NULL;
 
     /* remove buffer from buffers list */
     if (buffer->prev_buffer)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/weechat-4.9.2/src/plugins/relay/api/relay-api-protocol.c 
new/weechat-4.9.3/src/plugins/relay/api/relay-api-protocol.c
--- old/weechat-4.9.2/src/plugins/relay/api/relay-api-protocol.c        
2026-06-07 09:25:09.000000000 +0200
+++ new/weechat-4.9.3/src/plugins/relay/api/relay-api-protocol.c        
2026-07-05 15:40:23.000000000 +0200
@@ -402,7 +402,10 @@
     if (json_body)
     {
         if (!cJSON_IsObject (json_body))
+        {
+            cJSON_Delete (json_body);
             return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+        }
         json_algos = cJSON_GetObjectItem (json_body, "password_hash_algo");
         if (json_algos)
         {
@@ -781,8 +784,13 @@
     char str_delay[32];
 
     json_body = cJSON_Parse (client->http_req->body);
-    if (!json_body || !cJSON_IsObject (json_body))
+    if (!json_body)
+        return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+    if (!cJSON_IsObject (json_body))
+    {
+        cJSON_Delete (json_body);
         return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+    }
 
     /* get buffer either by name or by id */
     ptr_buffer = NULL;
@@ -908,8 +916,13 @@
     struct t_gui_buffer *ptr_buffer;
 
     json_body = cJSON_Parse (client->http_req->body);
-    if (!json_body || !cJSON_IsObject(json_body))
+    if (!json_body)
         return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+    if (!cJSON_IsObject(json_body))
+    {
+        cJSON_Delete (json_body);
+        return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
+    }
 
     /* get buffer either by name or by id */
     ptr_buffer = NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/src/plugins/relay/relay-websocket.c 
new/weechat-4.9.3/src/plugins/relay/relay-websocket.c
--- old/weechat-4.9.2/src/plugins/relay/relay-websocket.c       2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/src/plugins/relay/relay-websocket.c       2026-07-05 
15:40:23.000000000 +0200
@@ -653,7 +653,7 @@
     size_t size_decompressed;
     char *payload_decompressed;
     struct t_relay_websocket_frame *frames2, *ptr_frame;
-    int size, masked_frame, mask[4];
+    int size, compressed, masked_frame, mask[4];
 
     if (!buffer || !frames || !num_frames)
         return 0;
@@ -674,6 +674,9 @@
 
         opcode = buffer[index_buffer] & 15;
 
+        /* RSV1 indicates whether this message is compressed */
+        compressed = (buffer[index_buffer] & 64) ? 1 : 0;
+
         /* check if frame is masked */
         masked_frame = (buffer[index_buffer + 1] & 128) ? 1 : 0;
 
@@ -780,9 +783,9 @@
 
         /*
          * decompress data if frame is not empty and if "permessage-deflate"
-         * is enabled
+         * is enabled and the message is compressed
          */
-        if ((length_frame > 0) && ws_deflate && ws_deflate->enabled)
+        if ((length_frame > 0) && ws_deflate && ws_deflate->enabled && 
compressed)
         {
             if (!ws_deflate->strm_inflate)
             {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/src/plugins/xfer/xfer-dcc.c 
new/weechat-4.9.3/src/plugins/xfer/xfer-dcc.c
--- old/weechat-4.9.2/src/plugins/xfer/xfer-dcc.c       2026-06-07 
09:25:09.000000000 +0200
+++ new/weechat-4.9.3/src/plugins/xfer/xfer-dcc.c       2026-07-05 
15:40:23.000000000 +0200
@@ -242,8 +242,8 @@
 xfer_dcc_resume_hash (struct t_xfer *xfer)
 {
     char *buf;
-    unsigned long long total_read;
-    ssize_t length_buf, to_read, num_read;
+    unsigned long long total_read, length_buf, to_read;
+    ssize_t num_read;
     int ret, fd;
 
     total_read = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/weechat-4.9.2/version.sh new/weechat-4.9.3/version.sh
--- old/weechat-4.9.2/version.sh        2026-06-07 09:25:09.000000000 +0200
+++ new/weechat-4.9.3/version.sh        2026-07-05 15:40:23.000000000 +0200
@@ -41,8 +41,8 @@
 #     devel-number   the devel version as hex number ("0x04010000" for 
"4.1.0-dev")
 #
 
-weechat_stable="4.9.2"
-weechat_devel="4.9.2"
+weechat_stable="4.9.3"
+weechat_devel="4.9.3"
 
 stable_major=$(echo "${weechat_stable}" | cut -d"." -f1)
 stable_minor=$(echo "${weechat_stable}" | cut -d"." -f2)

Reply via email to