[Freeciv-Dev] [bug #15603] Tooltips for columns in city report
Follow-up Comment #11, bug #15603 (project freeciv): however, two of them (create_option_dialog(), create_settable_options_dialog()) no longer exist on trunk (presumably due to options unification?) It is moved in optiondlg.c, but it is freed correctly in option_dialog_destroy(). Personally, I used gtk_object_destroy() instead of g_object_unref() which shouldn't have different behaviour but which fit a bit more the inheritance of the GtkTooltips class. ___ Reply to this item at: http://gna.org/bugs/?15603 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15624] [RFC] scripting: Sandbox Lua scripts
Follow-up Comment #9, bug #15624 (project freeciv): The first proposed solution, providing an unbreakable sandbox, is not the best solution. The problem with the first patch is that tolua exposes all the userdata types' metatables (as the names of each type), and the script can then overwrite special functions, such as the '__gc' slot, and we can't control when that function is called. It is possible to make all the metatables read-only but it gets more complicated, and we haven't gone trough all of tolua yet. It is easier to just block the io and os libraries. ___ Reply to this item at: http://gna.org/bugs/?15624 ___ Meddelandet skickades via/av Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15624] [RFC] scripting: Sandbox Lua scripts
Update of bug #15624 (project freeciv): Status: In Progress = Ready For Test ___ Follow-up Comment #10: This solution is easy and less complex/less lines of code, which makes it easy to choose. This solution is also very easily applied to the 2.1 branch. (Less code than in 2.2 or later due to how Lua 5.1 removed the public functions to load libraries one by one). -- Subject: [PATCH] Make impossible to access operating system from Lua scripts For security reasons, Lua scripts should not be able to read files or run programs on the host computer; freeciv scenarios should only be able to influence the state of the game, not the state of the server process or computer (except through normal scenario events, such as end of game). For this reason, we do not load some standard lua libraries that allow access to files or the operating system. We also disallow loading lua libraries so that the script cannot go around this restriction. This is the 2.2 and trunk version (Lua 5.1): we exclude the io library, os library, and blacklist functions dofile, loadfile. For Lua 5.1, the list of modules and functions we consider unsafe are: os, io, package, dofile, loadfile, loadlib, module, require These are all unavailable by not being loaded or being explicitly blocked. (file #8635, file #8636) ___ Additional Item Attachment: File name: 0001-Make-impossible-to-access-operating-system-from-Lua-.patch Size:3 KB File name: 0001-Make-impossible-to-access-operating-system-2_1.patch Size:8 KB ___ Reply to this item at: http://gna.org/bugs/?15624 ___ Meddelandet skickades via/av Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15624] [RFC] scripting: Sandbox Lua scripts
Follow-up Comment #11, bug #15624 (project freeciv): Testcase Scenario. This Scenario will run a couple of asserts to make sure none of the Lua 5.1 unsafe functionality is available through their standard ways. A successful run will not show any lua errors or output at all neither at scenario load time or at the start of the first turn. From what we know now, this savefile assures that a freeciv lua script can not access files or run programs. (file #8637) ___ Additional Item Attachment: File name: ScriptSecurityTest.sav Size:5 KB ___ Reply to this item at: http://gna.org/bugs/?15624 ___ Meddelandet skickades via/av Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15624] [RFC] scripting: Sandbox Lua scripts
Update of bug #15624 (project freeciv): Dependency Removed: = patch #1534 ___ Reply to this item at: http://gna.org/bugs/?15624 ___ Meddelandet skickades via/av Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15624] [RFC] scripting: Sandbox Lua scripts
Follow-up Comment #12, bug #15624 (project freeciv): A very similar version, but in pure C. The 2.2+trunk version of the patch has an added compiler warning if the unsafe functions information is not updated for a new Lua version. The 2.1 patch does not have this, since Lua 5.0 doesn't define a numeric version symbol. Ideally, our lua script runtime should be configured in lua. Two reasons for pure C: 1. It's what freeciv coders understand. 2. Tolua is regrettably not so conductive for doing this since, among other things, errors (explicit by asserts or unintentional ones too) are silently ignored in embedded code in api.pkg. (file #8638, file #8639) ___ Additional Item Attachment: File name: 0001-Make-impossible-to-access-operating-system-2_1.patch Size:2 KB File name: 0001-Make-impossible-to-access-operating-system-from-Lua-.patch Size:4 KB ___ Reply to this item at: http://gna.org/bugs/?15624 ___ Meddelandet skickades via/av Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15667] Wrong short cut documented for overlaying workers
Update of bug #15667 (project freeciv): Status: Ready For Test = Fixed Open/Closed:Open = Closed ___ Reply to this item at: http://gna.org/bugs/?15667 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [patch #1550] Remove FIXME in fciconv.c
Update of patch #1550 (project freeciv): Privacy: Public = Private Open/Closed:Open = Closed ___ Reply to this item at: http://gna.org/patch/?1550 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15671] Replace my_select() by fc_select()
Update of bug #15671 (project freeciv): Status: Ready For Test = Fixed Open/Closed:Open = Closed ___ Reply to this item at: http://gna.org/bugs/?15671 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [patch #1551] Improved description for fciconv
Update of patch #1551 (project freeciv): Status: Ready For Test = Done Open/Closed:Open = Closed ___ Reply to this item at: http://gna.org/patch/?1551 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [patch #1557] Separate widgets' string16 and info label
Update of patch #1557 (project freeciv): Status: Ready For Test = Done Open/Closed:Open = Closed ___ Reply to this item at: http://gna.org/patch/?1557 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [patch #1487] Merge client and server options GUI
Update of patch #1487 (project freeciv): Status:None = Ready For Test Assigned to:None = pepeto ___ Follow-up Comment #1: Not perfect, but at least a big improvement attached. (file #8640) ___ Additional Item Attachment: File name: trunk_SDL_options.diff.bz2 Size:14 KB ___ Reply to this item at: http://gna.org/patch/?1487 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15684] ownership of tiles not stable via save / load cycle
Follow-up Comment #1, bug #15684 (project freeciv): What was the version of the savegame, and with what branch did you loaded it? ___ Reply to this item at: http://gna.org/bugs/?15684 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15663] Custom Scenarios are not show in Start Scenario Game list
Follow-up Comment #1, bug #15663 (project freeciv): What is the behaviour in the trunk branch? ___ Reply to this item at: http://gna.org/bugs/?15663 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15643] unknown vote_no ignored
Follow-up Comment #2, bug #15643 (project freeciv): Will you attach any clue ? ___ Reply to this item at: http://gna.org/bugs/?15643 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15663] Custom Scenarios are not show in Start Scenario Game list
Follow-up Comment #2, bug #15663 (project freeciv): Trunk is much better, or at least it seems to list all scenarios in working directory and most importantly in the .freeciv/scenarios directory. Trunk must be opening all files to read the scenario titles, (and it takes a long time if you have a lot of savegames in the working directory, but that's not the common case). However * There is no obvious ordering * We still list savegames that are not scenarios * There are many scenarios with duplicate names, or even empty names (blank lines in the list). This ought to be common if you are editing scenarios in different versions. I think the filename should be visible somehow, and used as fallback if the name is empty. It would be really nice if like-named scenarios were automatically disambiguated by filename. It would be nice if a 2.2 bugfix could align a bit more with trunk, with some of these above concerns addressed as well. Is it too risky to use a heuristic and try to detect autosave savefiles by filename only? That way we don't need to decompress read all autosaves that we find. Again, this might not be an issue for the common user. ___ Reply to this item at: http://gna.org/bugs/?15663 ___ Meddelandet skickades via/av Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15663] Custom Scenarios are not show in Start Scenario Game list
Follow-up Comment #3, bug #15663 (project freeciv): This simple diff improves 2.2 a lot, by displaying scenarios from ~/.freeciv/scenarios (where Save Scenario saves them), and additionally using the filename if the scenario name is an empty string. (file #8641) ___ Additional Item Attachment: File name: list_scenarios_2_2.diffSize:1 KB ___ Reply to this item at: http://gna.org/bugs/?15663 ___ Meddelandet skickades via/av Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
