This is just a simple RSA public key digital signature thing built on
libtomcrypt. The gist:
Some admin will generate a public/private key with rsa_make_keys, keeping the
private key secret. Using the private key and rsa_sign, the admin will sign
the autoupdater manifests, generating manifest.txt.sig.
The public key ships with the game (adding 270 bytes to the download), the
.sig is downloaded with the manifest by the autoupdater (256 bytes extra
download), then the autoupdater checks the manifest against the signature
with the public key. if the signature isn't valid (the manifest was tampered
with or corrupt), the autoupdater refuses to continue.
If the manifest is to be trusted, it lists sha256 checksums for every file to
download, so there's no need to sign every file; if they can't tamper with the
manifest, they can't tamper with any other file to be updated since the file's
listed sha256 won't match.
If the private key is compromised, we generate new keys and ship new
installers, so new installations will be able to update but existing ones
will need to do a new install to keep getting updates. Don't let the private
key get compromised. The private key doesn't go on a public server. Maybe it
doesn't even live on the admin's laptop hard drive.
If the download server is compromised and serving malware, the autoupdater
will reject it outright if they haven't compromised the private key, generated
a new manifest, and signed it with the private key.
libtomcrypt is sort of a big pile of source code, so instead of putting it
in revision control, we have a script to download it. Most things don't need
it. It lives on GitHub, so we _could_ do a git submodule, but most people
don't need it, so why waste their disk and bandwidth? That said, when compiled
you end up with a few hundred kilobytes of binary code to verify a signature
and no external dependencies, so it seems like a win.
Previously tested a mod cvar which may be wrong when multiple
mods are involved or config is reset. Let's check the server
cache's internet server count directly.
The blinking disconnect icon is drawn over lagometer in Q3.
Team Arena moved the lagometer location. Now let's draw the
disconnect icon over lagometer in Team Arena too!
"/team score" draws an oversized scoreboard in Q3. In Team Arena
it draws nothing. They probably intended to replace it with the
new .menu UI. But since it didn't happen, go ahead and use the Q3
tournament scoreboard.
- Actually use the second 'force' pass in G_Spawn when out of
available slots.
- Make G_EntitiesFree return qtrue if we can open a new slot.
(Only used when spawning Harvester skulls.)
Fixes not spawning Harvester skulls when there are no 'open freed
slots', but we have other slots available to open.
The Team Arena menu uses red team for single player but q3_ui
(and mods could) use blue. Also handle all the game types, not
just the ones used by Team Arena. Fixes FFA and Team DM.
Opening the find friend menu in the Team Arena server browser
hitches due to trying to resolve blank host names.
In UI_BuildFindPlayerList() status requests that are initial or
completed state or have timed out get reset. This means it starts
with MAX_SERVERSTATUSREQUESTS (16) blank host names. So just ignore
them in UI_GetServerStatusInfo().
The console message "1 servers listed in browser with 2 players."
would count clients multiple times when viewing favorite servers.
When viewing favorite servers in Team Arena UI, servers are added
to list before getting ping response. Each time UI checked pings
and inserted server it incremented the player count.
Filter favorite servers based on cached server info and new info
instead of only the cached info.
If cached server info is filtered out, don't add it to server list
but wait for getinfo response before marking server as invisible.
The player column in Team Arena UI lists clients and max clients
in format of "clients [maxclients]". When sorting by clients the
max clients is ignored which results in player column being
disorganized.
When servers have the same number of clients, sort based on max
clients. Otherwise client sort is sub-sorted based on order of
getinfo responses (ping).
Having to manually request the list, with two buttons (get new
list, refresh list) is somewhat confusing. Also since it looks
like there are no servers, users might not try to figure out
how to get the server list.
The first time viewing a master server list in Team Arena UI,
automatically request a new server list. After that the cache
will be available with a timestamp of the last refresh time.
I think this will make it easier to understand how the menu
works.
This may cause unneeded updating of the server cache because the
last refresh timestamp is per-fs_game but the server cache is
shared by all games. This will only occur once for each game
though so it's not a big concern.
Lots of Linux distros have different names (libcurl-gnutls.so vs etc), and
version the symbols (curl_global_init@@CURL_LIBSSL_3), so it's more compatible
to just dlsym the basic entry points we need and just demand that libcurl is
installed at all.
Alternately: we'll use our own libcurl build, but we'll probably have to dump
SSL support to make this sane to do.
Resolve master server addresses every 24 hours instead of keeping
result forever. Don't clear sv_master[1-5] cvar if the address fails
to resolve; it might work later.
constructions like (dataMask & ~3) was used to protect against out-of-bound load/store when address is 4-byte closer to dataMask
but at the same time it effectively cut low address bits for ALL load/store operations which is totally wrong in terms of conformance to ALLOWED (i.e. generated by q3lcc from C sources) low-level operations like packed binary data parsing
Save argument instead of using a pointer to cmd token memory that
might be overwritten when Cmd_TokenizeString() is called.
No known method for causing the issue without engine changes.
Cmd_TokenizeString() is called by FS_PureServerSetReferencedPaks()
in CL_Disconnect() but it's not an issue because the string is
blank.
Thanks @mickael9.
Check for truncated paths which could allow loading a library with
a non-standard extension. Also provides a better message for why a
valid library with a long path would fail to load.
Processing a callvote command after a vote passed to change maps but
has not been executed yet will result in 1) map change immediately
happening 2) after new map loads players have vote HUD messages but
Game VM doesn't have a vote in progress. The phantom vote status will
only be removed if players start a new vote or run vid_restart.
The underlying issue is that a second callvote sets vote config
strings but a map change is executed before they are sent to clients.
Resulting in clients getting "cs" reliable commands with the config
string changes _after_ the map change. Out of sync config strings.
Even if the underlying issue was fixed, the second vote would be lost.
So it's best to not force a map change to happen immediately anyway.
Reported by Tobias Kuehnhammer.
- Paths to search for mods are now specified in an array
- Mods can now consist solely of ".pk3dir" folders and still be
considered valid
- The function now has a consistent style
+seta, +sets, and +setu were ignored because Com_AddStartupCommands
thought Com_StartupVariable handled it.
+set didn't allow value to be multiple tokens which due to Unix shell
unintuitively removing quotes causes the variable to only be set to
the first token. This could be worked around by escaping quotes
ioq3ded +set g_motd \"hello world\"
but it doesn't match behavior of other start up commands (which now
includes seta, sets, and setu) that use all tokens.
source_t filename and includepath are 1024 but MAX_PATH is 64. As far as
I know the paths don't exceed that so this probably doesn't fix anything.
Similar changes were already made to l_script.c so this makes things
consistent. This was found because it was fixed in RTCW's code.
MISSIONPACK define is already required for this file or else it triggers an #error at the top of the file - removing redundant test that will never occur.
gcc 6 with -Wall -Wextra warns:
code/botlib/l_precomp.c: In function ‘PC_NameHash’:
code/botlib/l_precomp.c:551:2: warning: ‘register’ is not at beginning of declaration [-Wold-style-declaration]
int register hash, i;
^~~
Modern compilers either ignore the register storage class when
generating code, or generate better code without it, so just remove
most of them.
The remaining uses are in third-party bundled libraries (libjpeg, zlib),
and in a PowerPC-specific inline function consisting of inline
assembler (because I'm not 100% confident that it doesn't have
some practical use there).