This is just a simple RSA public key digital signature thing built on
libtomcrypt. The gist:
Some admin will generate a public/private key with rsa_make_keys, keeping the
private key secret. Using the private key and rsa_sign, the admin will sign
the autoupdater manifests, generating manifest.txt.sig.
The public key ships with the game (adding 270 bytes to the download), the
.sig is downloaded with the manifest by the autoupdater (256 bytes extra
download), then the autoupdater checks the manifest against the signature
with the public key. if the signature isn't valid (the manifest was tampered
with or corrupt), the autoupdater refuses to continue.
If the manifest is to be trusted, it lists sha256 checksums for every file to
download, so there's no need to sign every file; if they can't tamper with the
manifest, they can't tamper with any other file to be updated since the file's
listed sha256 won't match.
If the private key is compromised, we generate new keys and ship new
installers, so new installations will be able to update but existing ones
will need to do a new install to keep getting updates. Don't let the private
key get compromised. The private key doesn't go on a public server. Maybe it
doesn't even live on the admin's laptop hard drive.
If the download server is compromised and serving malware, the autoupdater
will reject it outright if they haven't compromised the private key, generated
a new manifest, and signed it with the private key.
libtomcrypt is sort of a big pile of source code, so instead of putting it
in revision control, we have a script to download it. Most things don't need
it. It lives on GitHub, so we _could_ do a git submodule, but most people
don't need it, so why waste their disk and bandwidth? That said, when compiled
you end up with a few hundred kilobytes of binary code to verify a signature
and no external dependencies, so it seems like a win.
Previously tested a mod cvar which may be wrong when multiple
mods are involved or config is reset. Let's check the server
cache's internet server count directly.
The blinking disconnect icon is drawn over lagometer in Q3.
Team Arena moved the lagometer location. Now let's draw the
disconnect icon over lagometer in Team Arena too!
"/team score" draws an oversized scoreboard in Q3. In Team Arena
it draws nothing. They probably intended to replace it with the
new .menu UI. But since it didn't happen, go ahead and use the Q3
tournament scoreboard.
- Actually use the second 'force' pass in G_Spawn when out of
available slots.
- Make G_EntitiesFree return qtrue if we can open a new slot.
(Only used when spawning Harvester skulls.)
Fixes not spawning Harvester skulls when there are no 'open freed
slots', but we have other slots available to open.
The Team Arena menu uses red team for single player but q3_ui
(and mods could) use blue. Also handle all the game types, not
just the ones used by Team Arena. Fixes FFA and Team DM.
Opening the find friend menu in the Team Arena server browser
hitches due to trying to resolve blank host names.
In UI_BuildFindPlayerList() status requests that are initial or
completed state or have timed out get reset. This means it starts
with MAX_SERVERSTATUSREQUESTS (16) blank host names. So just ignore
them in UI_GetServerStatusInfo().
The console message "1 servers listed in browser with 2 players."
would count clients multiple times when viewing favorite servers.
When viewing favorite servers in Team Arena UI, servers are added
to list before getting ping response. Each time UI checked pings
and inserted server it incremented the player count.
Filter favorite servers based on cached server info and new info
instead of only the cached info.
If cached server info is filtered out, don't add it to server list
but wait for getinfo response before marking server as invisible.