WeeChat DevCenter

Sunday, May 19 2024

API relay and remote connection

A brand new relay called "api" has been devleopped since 6 months : it's an HTTP REST API, which should in long term replace completey the "weechat" protocol.

The "api" relay provides the following key features:

  • easy client implementation: HTTP REST API, JSON input/output, use of ANSI color codes
  • automatic compression of responses (deflate, gzip, zstd and permessage-deflate for websocket)
  • data synchronization: real-time sync with websocket or polling with HTTP requests
  • no internal structures exposed: no use of pointers & complex structures like hdata
  • WeeChat itself can connect to another WeeChat using this protocol (also known as relay "remote")

The complete specification is there: Relay HTTP REST API.

The new /remote command lets you connect to the "api" relay of another running WeeChat (it must expose the same API version).

To connect to a remote WeeChat, just add a relay on the remote (for TLS, which is recommended, replace api by tls.api):

/set relay.network.password "secr3t"
/relay add api 9000

On the client, supposing it's running on the same machine:

/remote add test http://localhost:9000 -password=secr3t
/remote connect test

Then all buffers of remote WeeChat are opened locally by relay and any text or command sent on these buffers are sent and executed on the remote WeeChat.

Input is also synchronized (from remote to local WeeChat only), so that remote buffers like /fset can be used locally, including keys like Alt+Enter to set input with a command to execute.
Only the local buffer mouse actions are not yet supported (ie you can not scroll the fset buffer with mouse).

Sunday, April 7 2024

Version 4.2.2

Version 4.2.2 is are available, see new bugs fixed in the ChangeLog v4.2.2.

Monday, January 22 2024

Version 4.2.1

Version 4.2.1 is are available, see new bugs fixed in the ChangeLog v4.2.1.

Sunday, January 21 2024

Version 4.2.0

Version 4.2.0 is available, see new features and bugs fixed in the ChangeLog and important notes if you upgrade to this version from any older version in the Release notes.

Saturday, January 20 2024

Versions 4.0.8 and 4.1.3

Versions 4.0.8 and 4.1.3 are available, see new bugs fixed in the ChangeLog v4.0.8 and ChangeLog v4.1.3.

Sunday, December 3 2023

Versions 4.0.7 and 4.1.2

Versions 4.0.7 and 4.1.2 are available, see new bugs fixed in the ChangeLog v4.0.7 and ChangeLog v4.1.2.

Thursday, October 26 2023

Versions 4.0.6 and 4.1.1

Versions 4.0.6 and 4.1.1 are available, see new bugs fixed in the ChangeLog v4.0.6 and ChangeLog v4.1.1.

Sunday, October 15 2023

Version 4.1.0

Version 4.1.0 is available, see new features and bugs fixed in the ChangeLog and important notes if you upgrade to this version from any older version in the Release notes.

Sunday, September 24 2023

Version 4.0.5

Version 4.0.5 is available, see new features and bugs fixed in the ChangeLog.

Tuesday, August 22 2023

Version 4.0.4

Version 4.0.4 is available, it fixes the following bugs:

  • fix integer overflow when setting integer option with ++N or --N
  • fix increment/decrement of options weechat.notify.*
  • add missing tags on multiline IRC messages
  • fix redirection of IRC command /list when the reply doesn't start with message 321 (start of /list)
  • fix wrong time displayed for IRC CTCP messages received from self nick
  • remove trailing empty line in display of backlog (logger plugin)
  • fix display of non-ASCII chars after load of a script with Perl >= 5.38
  • adjust scroll after command /script go N
  • fix function string_parse_size on 32-bit systems (python and ruby)
  • fix conversion of string to IPv4 on 32-bit systems in xfer plugin
  • fix tests on function irc_join_compare_join_channel
  • fix tests of functions print_date_tag, print_y_date_tags and hook_timer on 32-bit systems

Tuesday, August 8 2023

Version 4.0.3

Version 4.0.3 is available, it fixes the following bugs:

  • fix input length and crash after delete of line
  • fix display of self IRC CTCP message containing bold attribute
  • fix memory leak in IRC message parser
  • fix switch to IRC channel manually joined when server option autojoin_dynamic is on and option irc.look.buffer_switch_autojoin is off
  • fix display of outgoing IRC notice with channel when capability "echo-message" is enabled
  • fix display of IRC CTCP messages received from relay client
  • display a warning in build of docs if a locale is missing with fallback to English for auto-generated content

Wednesday, July 12 2023

Version 4.0.2

Version 4.0.2 is available, it fixes the following bugs:

  • fix renaming of options with command /item rename
  • don't send "key_pressed" signal again for the same key press
  • don't send "key_combo_*" signals for incomplete keys
  • add key ctrl-backspace in /help key
  • keep keys ctrl-H and ctrl-? (in lower case) if they were manually bound to custom commands in a previous version

Friday, June 30 2023

Version 4.0.1

Version 4.0.1 is available, it fixes the following bugs:

  • force key "return" to command "/input return" when migrating legacy keys
  • display actual key name and command with Alt+k, remove key Alt+K (grab raw key) and associated commands /input grab_raw_key and /input grab_raw_key_command
  • check for newline characters in string_is_whitespace_char
  • do not convert option name to lower case in API functions config_set_plugin and config_set_desc_plugin
  • fix crash on quit with Guile < 3
  • reply to a IRC CTCP request sent to self nick
  • sent "QUIT" message to IRC servers connected with TLS on /upgrade

Monday, June 26 2023

Happy birthday WeeChat, 20 years!

Happy birthday WeeChat, 20 years old!

I wrote the very first line of code on June 26th, 2003, and released the first version 0.0.1 on September, 27th 2003.

The 86th release was made 2 days ago: 4.0.0

I would like to thank all contributors for the help with translations, patches and ideas of features.
All contributions and donations are much appreciated! ♥

Saturday, June 24 2023

Version 4.0.0

Version 4.0.0 is available!

WeeChat now follows a practical semantic versioning and there are breaking changes in this release, please read carefully the release notes.

See ChangeLog for the complete list of new features and bug fixes.

New major features in this release:

  • use human readable key bindings
  • use 256 colors by default
  • make many identifiers case sensitive, rename default aliases to lower case
  • display similar command names when a command is unknown
  • add item "mouse_status" in default status bar
  • rename SSL options to TLS, connect by default with TLS to IRC servers
  • improve multiline support, add multiline support in IRC and Relay plugins
  • add support of new IRC capabilities: draft/multiline, batch, echo-message (in Relay plugin as well)
  • add support of LINELEN and UTF8ONLY in IRC plugin
  • add IRC commands /action, /rules, /knock
  • display IRC STATUSMSG actions differently from standard actions on channels
  • add option "join" in command /autojoin
  • add server option "registered_mode", add fields "authentication_method" and "sasl_mechanism_used" in server
  • add "${username}" in server options "nicks" and "username", change their default values to use it
  • add infos "irc_server_cap" and "irc_server_cap_value"
  • add option irc.look.display_host_notice
  • add modifier "irc_cap_sync_req"
  • add relative move of read marker with /buffer set unread +/-N
  • add command /reset
  • add option "rename" in command /bar
  • add option "split_return" in command /input
  • add option "missing" in command /alias
  • add $& to replace all arguments with double quotes escaped in aliases
  • add options weechat.color.chat_status_disabled and weechat.color.chat_status_enabled, remove options trigger.color.trigger and trigger.color.trigger_disabled
  • improve display of color options in fset buffer, add options fset.color.color_name and fset.color.color_name_selected
  • add option logger.file.log_conditions
  • add info "logger_log_file"
  • add modifiers "relay_client_irc_in", "relay_client_irc_out1" and "relay_client_irc_out" in relay irc protocol
  • add handshake option "escape_commands" in relay weechat protocol
  • add API function config_set_version
  • many bugs fixed.

Removed in this release:

  • build with autotools (CMake now required)
  • RPM packaging
  • cpack config

New commands:

  • /action
  • /knock
  • /reset
  • /rules

New options:

  • fset.color.color_name
  • fset.color.color_name_selected
  • irc.look.display_host_notice
  • irc.server_default.registered_mode
  • logger.file.log_conditions
  • weechat.look.input_multiline_lead_linebreak
  • weechat.color.chat_status_enabled
  • weechat.color.chat_status_disabled
  • weechat.look.paste_auto_add_newline
  • weechat.color.status_name_insecure

Options changed:

  • option irc.server_default.ssl renamed to irc.server_default.tls
  • option irc.server_default.ssl_cert renamed to irc.server_default.tls_cert
  • option irc.server_default.ssl_dhkey_size renamed to irc.server_default.tls_dhkey_size
  • option irc.server_default.ssl_fingerprint renamed to irc.server_default.tls_fingerprint
  • option irc.server_default.ssl_password renamed to irc.server_default.tls_password
  • option irc.server_default.ssl_priorities renamed to irc.server_default.tls_priorities
  • option irc.server_default.ssl_verify renamed to irc.server_default.tls_verify
  • option relay.network.ssl_cert_key renamed to relay.network.tls_cert_key
  • option relay.network.ssl_priorities renamed to relay.network.tls_priorities
  • option weechat.color.status_name_ssl renamed to weechat.color.status_name_tls

Options removed:

  • trigger.color.trigger
  • trigger.color.trigger_disabled

New keys:

  • Alt+K (upper case): grab raw key and its command
  • In cursor mode:
    • letter "l" (lower case): quote focused line

Tuesday, June 13 2023

Live streaming: 20th anniversary and release of v4.0.0

On June 26th, 2023, WeeChat will turn 20!

Project started on June 26th, 2003. It has grew a lot over time, thanks to contributions and ideas from a lot of users.

Today, WeeChat has:

  • 286.778 lines of code
  • 179.994 lines of documentation
  • 12.146 commits
  • 85 versions released: 69 major, 16 patch
  • 297 feature requests open
  • 91 bugs open
  • 170 contributors — thank you all! ♥

To celebrate the 20th anniversary and the release of the next major version, a live streaming is organized on Saturday, June 24th, 7pm UTC.
Around the world: San Francisco: 12pm – Montreal: 3pm – Paris: 9pm – Tokyo: 4am (June, 25th) – Sydney: 5am (June, 25th).

URL: https://youtube.com/live/EtzdpXFEcO0

Agenda of this live session, in English and recorded:

  • History of the project
  • Demo of the new features in 4.0.0
  • Live release of 4.0.0
  • The future of WeeChat

During the live, you can ask questions or react either in youtube or in channel #weechat-live (irc.libera.chat).

I look forward to seeing many of you there!

Saturday, March 18 2023

Key bindings improvements, case sensitive identifiers, semantic versioning

Major changes are coming in the next WeeChat version, bumped to 4.0.0 (instead of 3.9, as planned initially).

Some breaking changes:

  1. key bindings improvements: using names instead of raw codes (eg: meta-left instead of meta2-1;3D)
  2. many identifiers have been made case sensitive, including commands, aliases and options
  3. build with autotools has been removed, only CMake can now be used to compile WeeChat.

There are other changes, see the ChangeLog.
Note that this version is under development and your feedback is welcome!
Please read carefully the release notes if you're testing it: Release Notes.

Cherry on the cake: WeeChat is now following a "practical" semantic versioning, a less strict version of https://semver.org/.

For more information on all major/breaking changes, see the specifications: https://specs.weechat.org/

Sunday, January 8 2023

Version 3.8

Version 3.8 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add option weechat.look.chat_space_right
  • allow value "0" in buffer property "unread" to remove read marker from buffer
  • add command /allbuf
  • add command /hotlist
  • move some /input actions to commands /allbuf, /buffer and /hotlist
  • improve case convert and insensitive char comparisons
  • add color attributes "blink" and "dim" (half bright)
  • allow command /toggle to create option before setting the value, if allowed in the section
  • add signals "buffer_user_input_xxx" and "buffer_user_closing_xxx" for buffers created with /buffer add
  • add identifier in buffer lines
  • add option "unicode" in command /debug
  • add Curl options for versions 7.64.0 to 7.87.0
  • add API functions string_strcmp and string_strncmp
  • rename char comparison API functions "utf8_char*" to "string_char*"
  • return arithmetic difference between chars in API functions string_charcmp, string_charcasecmp, string_charcasecmp_range, string_strcasecmp, string_strcasecmp_range, string_strncasecmp, string_strncasecmp_range, string_strcmp_ignore_chars
  • return newly allocated string in API functions string_tolower and string_toupper
  • add API function utf8_strncpy
  • add trigger regex command "y" to translate chars, set default regex command to "s" (regex replace)
  • many bugs fixed.

New commands:

  • /allbuf
  • /hotlist

New options:

  • weechat.look.chat_space_right

Sunday, October 23 2022

Dark theme for this blog

This blog is now following automatically your desktop / browser theme, by using light theme and a new dark theme.

Friday, October 21 2022

Version 3.7.1

Version 3.7.1 is available, it fixes a regression in trigger plugin introduced in version 3.7.

Upgrade is recommended if you use triggers (other than the default ones).

Sunday, October 9 2022

Version 3.7

Version 3.7 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add option "-save" in command "/upgrade"
  • add option weechat.look.highlight_disable_regex and buffer property "highlight_disable_regex"
  • sort filters by name
  • add key Alt+Backspace to delete previous word, change key Ctrl+w to delete previous word until whitespace
  • rename API function string_build_with_split_string to string_rebuild_split_string, add arguments "index_start" and "index_end"
  • add info "uptime_current"
  • add API function crypto_hash_file
  • add support of priority in API function hook_line
  • add API function string_parse_size
  • add API function file_compress
  • add buflist variable "${hotlist_priority_number}" (integer version of "${hotlist_priority}")
  • display SETNAME command in IRC channels and private buffers, add options irc.color.message_setname and irc.look.smart_filter_setname
  • add option irc.look.display_pv_nick_change
  • add options to rotate and compress log files: logger.file.rotation_compression_level, logger.file.rotation_compression_type and logger.file.rotation_size_max
  • allow special dict value "-" to disable spell checking on a specific buffer
  • add elapsed time for trigger execution on monitor buffer when trigger debug is set, add option trigger.color.identifier
  • add trigger variable "${tg_hook_type}"
  • many bugs fixed.

New keys:

  • Alt+Backspace: delete previous word (Ctrl+w: delete previous word until whitespace)

Sunday, July 10 2022

Version 3.6

Version 3.6 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add command "/item" to create custom bar items
  • add bar item "spacer"
  • add case conversion in evaluation of expressions with "lower:string" and "upper:string"
  • move detailed list of hooks from command "/plugin listfull" to "/debug hooks <plugin>"
  • allow to remove multiple filters at once with command "/filter del"
  • allow to catch multiple signals in functions hook_signal and hook_hsignal
  • rename option "save" to "apply" in IRC command "/autojoin"
  • add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706)
  • add support of PHP 8.2
  • many bugs fixed.

Sunday, March 27 2022

Version 3.5

Version 3.5 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • search in message tags when tags are displayed with "/debug tags"
  • add support of date and tags in messages displayed in buffers with free content, add function printf_y_date_tags
  • add IRC command /autojoin, add IRC server option "autojoin_dynamic"
  • add IRC message tags in messages displayed
  • add "zstd" (Zstandard) compression in relay weechat protocol, remove option "compression" from "init" command, rename option relay.network.compression_level to relay.network.compression
  • add trigger variables "${tg_tag_irc_xxx}" containing IRC message tags
  • many bugs fixed.

Sunday, March 13 2022

Version 3.4.1

Version 3.4.1 is available, it fixes a security vulnerability: after changing gnutls options, the function used to validate certificates is not called any more, this can lead to a man-in-the-middle attack.

Upgrade is recommended for all users.

Saturday, January 8 2022

New design for security page

One thing is sure, we're not kidding with the security vulnerabilities, and our goal is to be completely transparent with the users about the issues as soon as they are public (ie with a new version, a fix/patch or at least a workaround available).

In this context, the security page has been redesigned from scratch, it is more user-friendly and a lot of new information has been added about each vulnerability.

The URL is unchanged: https://weechat.org/doc/security/.

Among the new information:

  • A "WSA" identifier (WeeChat Security Advisory), which is unique by vulnerability, and built like this: WSA-YEAR-ID (YEAR on 4 digits, and the ID starts to 1 for the first vulnerability of this year, 2 for the second, etc.).
  • The CVSS vector, score and severity, for more information:
  • The vulnerability type, also known as CWE (Common Weakness Enumeration), for more information: https://cwe.mitre.org/
  • The short description of the issue.
  • The scope: which part of WeeChat is affected: it can be one or multiple plugins or features.
  • More detailed information about the mitigation for the issue.
  • The credit: who found the issue and reported it to WeeChat security team (displayed only with the agreement of the reporter).

Important: due to the way the CVSS vector, score and severity are computed, the severity level previously displayed has changed for some vulnerabilities and is now higher:

  • WSA-2021-1 (Crash on malformed websocket frame in relay plugin): medium -> high (score: 7.5)
  • WSA-2020-3 (Buffer overflow on new IRC message 005 with nick prefixes): low -> high (score: 7.5)
  • WSA-2020-2 (Crash on malformed IRC message 352 (WHO)): low -> high (score: 7.5)
  • WSA-2020-1 (Buffer overflow on malformed IRC message 324 (channel mode)): low -> high (score: 7.5)
  • WSA-2013-3 (Crash on IRC commands sent via Relay): medium -> high (score: 7.5)
  • WSA-2013-2 (Crash on send of unknown commands to IRC server): low -> medium (score: 5.5)
  • WSA-2013-1 (Crash on nicks monitored with /notify): low -> medium (score: 5.5)
  • WSA-2006-1 (Crash in API function infobar_printf): low -> medium (score: 6.2)
  • WSA-2004-1 (Buffer overflows in build of strings): low -> medium (score: 6.2)

The page is now separated into two parts: the overview with only part of the info, and detail of each vulnerability below.

The overview shows synthesized data (click for full size):

weechat.org_2022-01_security_new_overview.png, Jan 2022

Below this, the detail of each vulnerability is displayed, for example this detail about the latest security vulnerability, fixed in version 3.2.1 (September 2021):

weechat.org_2022-01_security_new_detail.png, Jan 2022

For convenience, a list of vulnerabilities by WeeChat version is also available:

weechat.org_2022-01_security_new_by_version.png, Jan 2022

For the record and reference (especially old severities), the previous security page was:

weechat.org_2022-01_security_old.png, Jan 2022

Friday, January 7 2022

Zstandard compression in relay plugin

Zstandard compression has been added in weechat protocol of relay plugin (see important notes in the release notes).

It offers better and faster compression (on WeeChat side) and faster decompression (client side).

Example of a small message (53KB), default compression (20):

   WeeChat: obj: 2964/53611 bytes (zstd: 95%, 0,12ms)
   Client: decompressed (zstd): 53606 bytes, ratio: 95%, parsed in 0.67ms)
   WeeChat: obj: 3752/53611 bytes (zlib: 94%, 0,23ms), id: quiet
   Client: decompressed (zlib): 53606 bytes, ratio: 94%, parsed in 2.10ms)

Example of a big message (2.3MB), default compression (20):

   WeeChat: obj: 133280/2376095 bytes (zstd: 95%, 2,97ms), id: quiet
   Client: decompressed (zstd): 2376090 bytes, ratio: 95%, parsed in 15.03ms)
   WeeChat: obj: 345255/2376095 bytes (zlib: 86%, 12,72ms), id: quiet
   Client: decompressed (zlib): 2376090 bytes, ratio: 86%, parsed in 21.20ms)

So with the same compression level:

  • zstd is up to 4x faster on compression than zlib (WeeChat side)
  • zstd is up to 3x faster on decompression than zlib (client side)
  • compressed packets are up to 2.6x smaller with zstd than zlib.

Saturday, December 18 2021

Version 3.4

Version 3.4 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • improve the IRC message parser
  • add command /toggle
  • add user variables in evaluation of expressions with "define:name,value"
  • add support of static arrays in hdata
  • hide key and password in command "/msg nickserv setpass nick key password"
  • add dark theme in documentation (automatic theme, following browser/desktop settings)
  • add support of Ruby 3.0
  • many bugs fixed.

Sunday, November 28 2021

Dark theme for WeeChat docs

In addition to weechat.org website, a dark theme has been added in WeeChat docs (only development docs for now: https://weechat.org/doc/devel/).
The use of this dark theme is automatic (following your desktop/browser configuration).

New dark theme (click for full size):


weechat_doc_dark.png

The light theme:


weechat_doc_light.png

Hope you like this new eye-friendly dark theme!

Wednesday, November 24 2021

Dark theme for weechat.org

A brand new dark theme has been added on WeeChat.org!

The use of this dark theme is automatic (following your desktop/browser configuration).
It can be forced by a new link displayed at the bottom of any page: "Theme: auto (dark, light)".

New dark theme (click for full size):


weechat.org_2021_dark.png

The light theme:


weechat.org_2021_light.png

Hope you like this new eye-friendly dark theme!

Sunday, September 19 2021

Version 3.3

Version 3.3 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add new plugin "typing" to display users currently writing messages on IRC channel/private buffers (IRCv3 specification)
  • enable all IRC capabilities by default (if supported by server and WeeChat), change default value of option irc.server_default.capabilities to "*"
  • implement IRCv3.2 SASL authentication, add command /auth, reconnect by default to the server in case of SASL authentication failure
  • add support of capability "message-tags" and TAGMSG messages (IRCv3 specification)
  • add command /setname, add support of message and capability "setname" (IRCv3 specification)
  • add support of FAIL/WARN/NOTE IRC messages (IRCv3 specification)
  • drop support of IRC DH-BLOWFISH and DH-AES SASL mechanisms
  • add new keys to clear, remove and restore buffers in hotlist
  • add option "certs" in command /debug
  • add options "-o", "-ol", "-i" and "-il" in command "/plugin list"
  • add split of string and shell arguments in evaluation of expressions with "split:number,seps,flags,xxx" and "split_shell:number,xxx"
  • add "${re:repl_index}" to get the index of replacement in function string_eval_expression
  • add random integer number in evaluation of expressions with "random:min,max"
  • add functions string_cut and file_copy in API
  • remember insertion order in hashtables
  • add keys/values with tags in output of irc_message_parse_to_hashtable
  • add option "-parted" in command /allchan
  • allow signals "irc_raw_in" and "irc_in" to eat messages
  • many bugs fixed.

New options:

  • irc.look.display_account_message
  • irc.look.display_extended_join
  • irc.look.typing_status_nicks
  • irc.look.typing_status_self
  • typing.look.delay_purge_paused
  • typing.look.delay_purge_typing
  • typing.look.delay_set_paused
  • typing.look.enabled_nicks
  • typing.look.enabled_self
  • typing.look.input_min_chars
  • typing.look.item_max_length

New keys:

  • Alt+h, Alt+c: clear hotlist (old key was Alt+h)
  • Alt+h, Alt+m: remove current buffer from hotlist
  • Alt+h, Alt+r: restore latest hotlist removed in the current buffer
  • Alt+h, Alt+Shift+R: restore latest hotlist removed in all buffers

Saturday, September 4 2021

Version 3.2.1

Version 3.2.1 is available, it fixes a security vulnerability: a malformed websocket frame received in relay plugin can cause a crash (CVE-2021-40516).

Upgrade is recommended for all users.

Sunday, June 13 2021

Version 3.2

Version 3.2 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • use XDG directories by default (config, data, cache, runtime)
  • add support of IRC SASL mechanisms SCRAM-SHA-1, SCRAM-SHA-256 and SCRAM-SHA-512
  • automatically load system certificates without giving a hardcoded path to the file with certificates
  • add options to customize commands executed on system signals received (SIGHUP, SIGQUIT, SIGTERM, SIGUSR1, SIGUSR2)
  • add bar item "tls_version" and buflist format
  • add signals "cursor_start" and "cursor_end"
  • add function crypto_hmac in API
  • add translated string in evaluation of expressions with "translate:xxx"
  • add info "weechat_daemon"
  • add Python stub for WeeChat API
  • add variables "${tg_shell_argc}" and "${tg_shell_argvN}" in command trigger evaluated strings
  • many bugs fixed.

New options:

  • buflist.format.tls_version
  • irc.color.item_tls_version_ok
  • irc.color.item_tls_version_deprecated
  • irc.color.item_tls_version_insecure
  • weechat.network.gnutls_ca_system
  • weechat.network.gnutls_ca_user
  • weechat.signal.sighup
  • weechat.signal.sigquit
  • weechat.signal.sigterm
  • weechat.signal.sigusr1
  • weechat.signal.sigusr2

Options removed:

  • weechat.network.gnutls_ca_file

Saturday, June 12 2021

IRC SASL SCRAM authentication

IRC SASL SCRAM authentication has been added in WeeChat 3.2, with 3 new mechanisms:

  • scram-sha-1: SASL SCRAM with SHA-1 digest algorithm,
  • scram-sha-256: SASL SCRAM with SHA-256 digest algorithm,
  • scram-sha-512: SASL SCRAM with SHA-512 digest algorithm.

References:

XDG directories

Support of XDG directories has been added in WeeChat 3.2 and these directories are now used by default.
Note: for compatibility reasons, if a legacy directory ~/.weechat exists, it is used instead of XDG directories.

The files are stored in four different directories:

  • config (eg: /home/user/.config/weechat)
  • data (eg: /home/user/.local/share/weechat)
  • cache (eg: /home/user/.cache/weechat)
  • runtime (eg: /run/user/1000/weechat).

As this led to a lot of changes in WeeChat code but also in the scripts, a new specification repository has been setup on GitHub: https://github.com/weechat/specs.we...

Please read the XDG directories specification for the complete list of changes: https://specs.weechat.org/specs/001....

Saturday, May 29 2021

IRC channels moved to libera.chat

Due to the recent events affecting freenode (see references below), the WeeChat official and unofficial channels have moved from freenode to libera.chat:

  • official channels: #weechat, #weechat-fr
  • non-official channels: #weechat-de, #weechat-fi
  • off-topic channel: #weechat-offtopic

To add a new libera server and connect to it, joining only the English support channel:

/server add libera irc.libera.chat/6697 -ssl -autojoin=#weechat
/connect libera

To join the French channel as well:

/server add libera irc.libera.chat/6697 -ssl -autojoin=#weechat,#weechat-fr
/connect libera

If all your freenode channels have moved to libera, you can also rename the server and change the address:

/disconnect freenode
/server rename freenode libera
/set irc.server.libera.addresses "irc.libera.chat/6697"
/set irc.server.libera.ssl on
/connect libera

See you soon on libera!

References:

Sunday, March 7 2021

Version 3.1

Version 3.1 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add options weechat.look.hotlist_update_on_buffer_switch and weechat.look.read_marker_update_on_buffer_switch
  • add option sec.crypt.passphrase_command to read passphrase from an external program on startup, remove option sec.crypt.passphrase_file
  • improve debug in command /eval
  • add options "setvar" and "delvar" in command /buffer, rename option "localvar" to "listvar"
  • add buffer local variable "completion_default_template" (evaluated) to override the value of option weechat.completion.default_template
  • add option "recreate" in command /filter
  • add raw string in evaluation of expressions with "raw:xxx"
  • add evaluation of conditions in evaluation of expressions with "eval_cond:xxx"
  • add info_hashtable "secured_data"
  • add info "irc_is_message_ignored"
  • add IRC server option "default_chantypes", used when the server does not send them in message 005
  • add variable ${tg_trigger_name} in command trigger evaluated strings
  • many bugs fixed.

New options:

  • buflist.look.use_items
  • irc.server.xxx.default_chantypes
  • sec.crypt.passphrase_command
  • weechat.look.hotlist_update_on_buffer_switch
  • weechat.look.read_marker_update_on_buffer_switch

Options removed:

  • sec.crypt.passphrase_file (replaced by sec.crypt.passphrase_command)

Friday, February 26 2021

Script anti_password.py

You've sent your password to the wrong window (ie: WeeChat), and it is now public, viewed by 1,500 people?
For now, you have to change your password.

For the future, a new script is now available: anti_password.py.

How does it work?

When you press Enter to send text to a buffer, the script detects if the input is a password, in two ways:

  1. If the input matches a condition: number of words, lower/upper/digit/special chars.
  2. If a secured data value is in the input (reminder: secured data is the recommended way to store all your passwords in WeeChat) (requires WeeChat ≥ 3.1).

If a password is detected, the text is not sent to the buffer (3 times with the default config).

Note: the WeeChat commands (ie /xxx) are ignored and are always sent.

Options

There are 4 options to configure the script (see /fset anti_password for a list of options with help):

  • allowed_regex: allowed regular expression (checked first)
  • password_condition: the condition used to detect a password
  • check_secured_data: whether the script checks for secured data (disabled, input equals secured data or secured data included in input)
  • max_rejects: the number of times the same input is rejected; after this number, the input is finally sent to the buffer.

Keep your passwords safe!

Updated on 2021-03-13: added option allowed_regex.

Sunday, January 31 2021

Version 3.0.1

Version 3.0.1 is available, it fixes a crash in spell plugin with IRC color codes and two other minor bugs.

Upgrade is recommended if you enable the spell checking (not enabled by default).

Wednesday, November 11 2020

Version 3.0

Version 3.0 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add option script.scripts.download_enabled (it must be explicitly set to "on" to allow download of scripts from weechat.org)
  • add option "-oerr" in command /exec to send stderr to buffer (now disabled by default)
  • allow to send text on buffers and evaluate command with commands /allchan, /allpv and /allserv
  • add option fset.look.auto_refresh
  • add variable "tg_argc" in data set by command trigger and variable "tg_trigger_name" in data set by all triggers
  • add argument "bytes" in API function string_dyn_concat
  • add API function string_color_code_size
  • add optional list of colors in infos "nick_color" and "nick_color_name"
  • irc: add pointer to irc_nick in focus of bar item "buffer_nicklist"
  • many bugs fixed.

New options:

  • fset.look.auto_refresh
  • script.scripts.download_enabled

Saturday, July 18 2020

Version 2.9

Version 2.9 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add command "handshake" in weechat relay protocol and nonce to prevent replay attacks during authentication
  • add command "completion" in weechat relay protocol
  • add option relay.network.auth_timeout, add status "waiting_auth" in irc and weechat relay protocols
  • add option "color_bg_inactive" in bars
  • add bar items "buffer_nicklist_count_groups" and "buffer_nicklist_count_all"
  • add key Alt+Enter to insert a newline, set default size for input bar to 0 (automatic)
  • add a scalable WeeChat logo (SVG)
  • add base 16/32/64 encoding/decoding in evaluation of expressions with "base_encode:base,xxx" and "base_decode:base,xxx"
  • add case sensitive wildcard matching comparison operator ("==*" and "!!*") and case sensitive/insensitive include comparison operators ("==-", "!!-", "=-", "!-") in evaluation of expressions
  • add keys Alt+Shift+B and Alt+Shift+N to toggle buflist/nicklist bars
  • reload configuration files when the SIGHUP signal is received
  • add API functions to complete words in command line
  • evaluate option buflist.look.sort
  • add support of "UTF8MAPPING" in IRC server
  • display IRC "account" messages in buffers
  • evaluate arguments when a trigger of type "command" is created
  • enable again command "/guile eval"
  • fix slow send of data to relay clients when SSL is enabled
  • add CI with GitHub Actions
  • run tests on plugins only if the plugins are enabled and compiled
  • GnuTLS is now a required dependency
  • disable build of JavaScript plugin by default, remove Debian package "weechat-javascript"
  • many bugs fixed.

New options:

  • irc.color.message_account
  • irc.look.smart_filter_account
  • relay.network.auth_timeout
  • relay.network.nonce_size
  • relay.network.password_hash_algo
  • relay.network.password_hash_iterations
  • weechat.bar.xxx.color_bg_inactive (one color per bar)

New keys:

  • Alt+Enter: insert a newline
  • Alt+Shift+B: toggle buflist
  • Alt+Shift+N: toggle nicklist bar

Sunday, March 29 2020

Version 2.8

Version 2.8 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add variable "old_full_name" in buffer, set during buffer renaming
  • add debug option "-d" in command /eval
  • add functions crypto_hash and crypto_hash_pbkdf2 in plugin API
  • add infos "auto_connect" and "weechat_headless"
  • add pointer "window" in bar item evaluation (buflist)
  • add support of fake IRC servers (no I/O, for testing purposes)
  • accept hash of password in init command of weechat relay protocol with option "password_hash" (PBKDF2, SHA256, SHA512)
  • reject client with weechat relay protocol if password or totp is received in init command but not set in WeeChat
  • add support of Ruby 2.7
  • add support of PHP 7.4
  • many bugs fixed.

Thursday, February 20 2020

Version 2.7.1

Version 2.7.1 is available, it fixes three security vulnerabilities:

Upgrade is recommended for all users.

Sunday, December 8 2019

Version 2.7

Version 2.7 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add option logger.file.color_lines (support of ANSI color codes in log files)
  • add filters on IRC raw buffer
  • add IRC server option "ssl_password"
  • add option irc.look.display_pv_warning_address
  • add options irc.color.message_kick and irc.color.reason_kick
  • add option xfer.file.download_temporary_suffix
  • add option weechat.look.nick_color_hash_salt
  • add different WeeChat icons sizes
  • add calculation of expression in evaluation of expressions with "calc:xxx"
  • add optional default path (evaluated) in completion "filename"
  • add modifier "color_encode_ansi"
  • add support of Guile 2.2
  • add support of Python 3.8
  • many bugs fixed.

New options:

  • irc.look.display_pv_warning_address
  • irc.color.message_kick
  • irc.color.reason_kick
  • irc.server_default.charset_message
  • irc.server_default.ssl_password
  • logger.file.color_lines
  • weechat.look.nick_color_hash_salt
  • xfer.file.download_temporary_suffix

Options removed:

  • irc.network.channel_encode (replaced by irc.server_default.charset_message)

Sunday, September 8 2019

Version 2.6

Version 2.6 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • use Python 3 by default
  • add support of 32767 color pairs
  • add option "close" in command /window
  • add infos "term_colors" and "term_color_pairs"
  • add infolist "buflist" with list of buffer pointers
  • evaluate option exec.command.shell, change default value to "${env:SHELL}"
  • add filters "h=xxx" and "he=xxx" to filter options by description in fset buffer (translated or in English)
  • make command char optional in server option "command"
  • remove default aliases /ame and /amsg
  • many bugs fixed.

Tuesday, July 2 2019

Python 3 by default

As scheduled in the Python 3 transition page, since July 1st 2019, the "python" plugin is now compiled with Python 3 by default.

The changes:

  • If Python 3 is found, the "python" plugin is compiled with Python 3.
  • If Python 3 is not found, the "python" plugin is not built at all (even if Python 2 is installed).

The CMake option "ENABLE_PYTHON3" has been renamed to "ENABLE_PYTHON2" (configure option "--enable-python2"). If this option is enabled, the "python" plugin is built with Python 2 (if found), with a fallback on Python 3.

The development packages for Debian and Ubuntu are now compiled with Python 3 (it should be available soon for Raspbian). The future stable versions (≥ 2.6) will be compiled with Python 3 as well.

Thursday, June 6 2019

Version 2.5

Version 2.5 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add support of UNIX domain sockets in relay plugin
  • add option relay.weechat.commands
  • add trigger hooks "info" and "info_hashtable"
  • add option xfer.network.speed_limit_recv
  • add option weechat.look.buffer_time_same
  • add option weechat.look.prefix_same_nick_middle
  • add option "addreplace" in command /filter
  • add bar items "irc_nick", "irc_host" and "irc_nick_host"
  • add functions command_options and string_match_list in plugin API
  • rename aspell plugin to spell
  • use getopt to parse command line arguments
  • many bugs fixed.

New options:

  • relay.weechat.commands
  • weechat.look.buffer_time_same
  • weechat.look.prefix_same_nick_middle
  • xfer.network.speed_limit_recv

Sunday, February 17 2019

Version 2.4

Version 2.4 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add command line option "-t" (or "--temp-dir") to create a temporary WeeChat home (deleted on exit)
  • add support of Time-based One-Time Password (TOTP), add infos "totp_generate" and "totp_validate", add support of TOTP as second authentication factor in weechat protocol (relay plugin)
  • add buflist variable ${number2}, always set with the indented buffer number
  • add option exec.command.shell to customize the shell used with /exec -sh
  • add support of close frame in websocket connection (relay plugin)
  • add functions string_base_encode and string_base_decode in API, remove functions string_encode_base64 and string_decode_base64
  • add default keys Ctrl+F11/F12 to scroll up/down one page in nicklist (same action as F11/F12)
  • add default buflist keys Ctrl+F1/F2 to scroll up/down one page in buflist (same action as F1/F2)
  • many bugs fixed.

New options:

  • exec.command.shell
  • relay.network.totp_secret
  • relay.network.totp_window

New keys:

  • Ctrl+F1/F2: scroll up/down one page in buflist
  • Ctrl+F11/F12: scroll up/down one page in nicklist

Monday, January 14 2019

Support of TOTP

TOTP (Time-based One-Time Password) support has been added in WeeChat, which can now generate and check TOTP validity.

A TOTP is generated with:

  • the secret (encoded in base 32),
  • the time (by default 0, which is the current time),
  • the number of digits (4 to 10 digits are supported, 6 is the default and recommended value).

Relay plugin

The TOTP can be used as second authentication factor in the relay plugin, with two new options:

  • relay.network.totp_secret: the TOTP secret, encoded in base 32
  • relay.network.totp_window: the allowed window: number of TOTP allowed before and after the current time window.

For example to set the secret using secured data (just replace "xxxxx" by your secret in base 32):

/secure set relay_totp_secret xxxxx
/set relay.network.totp_secret "${sec.data.relay_totp_secret}"

Then your relay client must support and send the TOTP value, in addition to the password, in the "init" command:

init password=secretpassword,totp=123456

If the password is valid and that TOTP is valid for the current time, the authentication is successful.

Infos / eval

You can also generate or validate TOTP with two new infos in WeeChat:

  • totp_generate: generate a TOTP
  • totp_validate: validate a TOTP

For example to show the value of TOTP for the secret "secretbase32", current time, with 6 digits:

/eval -n ${info:totp_generate,secretbase32,0,6}

Documentation

You can read more about TOTP in the docs:

Sunday, October 21 2018

Version 2.3

Version 2.3 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add hook "line"
  • add option "-P" (or "--plugins") to customize the plugins to load at startup
  • allow multiple options "-r" ("--run-command") in command line arguments
  • allow allow partial buffer name and multiple arguments in command /buffer close
  • allow specifying buffer number/name for /buffer localvar
  • allow creation of temporary variables with the regex in trigger plugin
  • add real IP in client description in relay plugin
  • add repeat of string in evaluation of expressions with "repeat:count,string"
  • many bugs fixed.

Saturday, July 14 2018

Version 2.2

Version 2.2 is available!

As usual, many new features and bug fixes, see ChangeLog for detail.

New major features in this release:

  • add support of list options in curl
  • allow merge of buffers by name in command /buffer
  • add reverse of string in evaluation of expressions with "rev:"
  • add indexed ban list and completion for /unban and /unquiet (IRC plugin)
  • add support for IRCv3.2 Client Capability Negotiation
  • add support for IRCv3.2 invite-notify
  • add support for IRCv3.2 chghost, add options irc.look.smart_filter_chghost and irc.color.message_chghost
  • add option xfer.network.send_ack
  • add support of Python 3.7
  • fix memory leaks scripting plugins
  • many bugs fixed.

New options:

  • irc.color.message_chghost
  • irc.look.smart_filter_chghost
  • xfer.network.send_ack

- page 1 of 4