--- Log opened Sun Jul 29 00:00:27 2018 20180729 00:23:01-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has quit [Quit: No Ping reply in 180 seconds.] 20180729 00:24:08-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has joined #wesnoth-dev 20180729 00:56:16-!- irker579 [~irker@uruz.ai0867.net] has joined #wesnoth-dev 20180729 00:56:16< irker579> wesnoth/wesnoth:1.14 gfgtdf 02804c1482 add server notifications about outdated AppVeyor: All builds passed 20180729 01:23:22-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has quit [Quit: http://quassel-irc.org - Converse confortabelmente. En calquera parte.] 20180729 01:52:27-!- gfgtdf_ [~chatzilla@x55b0eb81.dyn.telefonica.de] has joined #wesnoth-dev 20180729 01:55:38-!- gfgtdf [~chatzilla@x4e320767.dyn.telefonica.de] has quit [Ping timeout: 268 seconds] 20180729 01:55:52-!- gfgtdf_ is now known as gfgtdf 20180729 02:29:06-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 02:29:12-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 02:59:56-!- gfgtdf [~chatzilla@x55b0eb81.dyn.telefonica.de] has quit [Quit: ChatZilla 0.9.93 [Firefox 52.9.0/20180621064021]] 20180729 03:04:56-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 03:05:02-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 03:11:50< Rhonda> wesnoth mentioned in the talk right now: https://debconf18.debconf.org/schedule/venue/3/ 20180729 03:12:07< Rhonda> https://debconf18.debconf.org/talks/122-debian-games-learn-more-about-free-software-games-in-debian/ :) 20180729 03:36:13-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 03:36:19-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 03:38:46<+discordbot> neat 20180729 04:37:27-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 04:37:33-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 05:35:29-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 05:35:35-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 05:46:46-!- celticminstrel [~celmin@unaffiliated/celticminstrel] has quit [Quit: And lo! The computer falls into a deep sleep, to awake again some other day!] 20180729 06:20:35-!- lilinitsy_ [~demonitsy@75-168-156-222.mpls.qwest.net] has quit [Ping timeout: 240 seconds] 20180729 06:59:18-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has joined #wesnoth-dev 20180729 07:28:57-!- irker579 [~irker@uruz.ai0867.net] has quit [Quit: transmission timeout] 20180729 09:07:21-!- valdar [~atarocch@31.159.116.146] has joined #wesnoth-dev 20180729 10:04:03-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 10:04:09-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 10:35:21-!- Appleman1234 [~quassel@123.211.131.135] has joined #wesnoth-dev 20180729 10:58:43< zookeeper> looking at [role][else], i realize that support for [else] in SUF is probably what i've always wanted. 20180729 11:14:54< zookeeper> (the [else] would contain another SUF of course, not ActionWML) 20180729 11:37:59-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has quit [Ping timeout: 260 seconds] 20180729 11:46:57-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 11:47:03-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 13:03:57-!- Appleman1234 [~quassel@123.211.131.135] has quit [Ping timeout: 264 seconds] 20180729 13:32:27-!- celticminstrel [~celmin@unaffiliated/celticminstrel] has joined #wesnoth-dev 20180729 14:02:05-!- Guest37760 [matthiaskr@gateway/shell/panicbnc/x-ptcetqehlrdpofcy] has quit [Quit: PanicBNC - https://PanicBNC.net - currently sucks] 20180729 14:04:22-!- aidanhs2 [~aidanhs@81.4.110.234] has quit [Ping timeout: 256 seconds] 20180729 14:15:10-!- valdar [~atarocch@31.159.116.146] has quit [Ping timeout: 244 seconds] 20180729 14:18:28-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has joined #wesnoth-dev 20180729 14:18:54-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has quit [Client Quit] 20180729 14:22:47-!- matthiaskrgr [matthiaskr@gateway/shell/panicbnc/x-gxebdsowzfzclczj] has joined #wesnoth-dev 20180729 14:23:11-!- matthiaskrgr is now known as Guest20612 20180729 14:32:33-!- aidanhs2 [~aidanhs@81.4.110.234] has joined #wesnoth-dev 20180729 14:37:19-!- irker849 [~irker@uruz.ai0867.net] has joined #wesnoth-dev 20180729 14:37:19< irker849> wesnoth/wesnoth:1.14 josteph e95d5308ba THoT S6: Let a Scout be the first to sme AppVeyor: All builds passed 20180729 15:43:13<+discordbot> celticminstrel: Glad to know that I am not the only one who mistypes --amend a lot 20180729 15:49:35< irker849> wesnoth: josteph wesnoth:1.14 ee120484cb4c / data/campaigns/The_Hammer_of_Thursagan/scenarios/06_High_Pass.cfg: THoT S6: Let a Scout be the first to smell Ratheln's cooking. https://github.com/wesnoth/wesnoth/commit/ee120484cb4cb88b37e793dc44cfbd67e11655da 20180729 15:51:05< irker849> wesnoth: josteph wesnoth:master f0ed45bde93a / data/campaigns/The_Hammer_of_Thursagan/scenarios/06_High_Pass.cfg: THoT S6: Let a Scout be the first to smell Ratheln's cooking. https://github.com/wesnoth/wesnoth/commit/f0ed45bde93aa040ac2031b5955d2b68c49e1cb6 20180729 16:05:22-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 16:05:28-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 16:06:44-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has joined #wesnoth-dev 20180729 16:23:36< celticminstrel> <_< 20180729 16:23:44< celticminstrel> I don't think I'd say I do it a lot... 20180729 16:34:27-!- sigurdfd [sigurdfd@dynamic-acs-72-23-110-196.zoominternet.net] has joined #wesnoth-dev 20180729 16:41:46< irker849> wesnoth: sigurdfdragon wesnoth:1.14 85ec9d903757 / data/campaigns/Secrets_of_the_Ancients/scenarios/ (11_Battleground.cfg 21_Against_the_World.cfg): Revert "SotA S11 & 21: Fix #3294" https://github.com/wesnoth/wesnoth/commit/85ec9d903757ed18f24fb65422bb7706d928c8b8 20180729 16:41:48< irker849> wesnoth: sigurdfdragon wesnoth:1.14 5813542906f2 / data/campaigns/Secrets_of_the_Ancients/scenarios/21_Against_the_World.cfg: SotA S21: Fix #3294 properly https://github.com/wesnoth/wesnoth/commit/5813542906f220d9dc5001300dc20ab0b8c1ae76 20180729 16:41:50< irker849> wesnoth: sigurdfdragon wesnoth:1.14 93789118077e / data/campaigns/Secrets_of_the_Ancients/scenarios/21_Against_the_World.cfg: SotA S21: Slight touchups https://github.com/wesnoth/wesnoth/commit/93789118077e4cee48dc215d5d075e6c39386d09 20180729 16:41:52< irker849> wesnoth: sigurdfdragon wesnoth:1.14 8f4055676f14 / changelog.md: Update changelog https://github.com/wesnoth/wesnoth/commit/8f4055676f141695686c7a00ff1f772d27a91881 20180729 16:44:26< irker849> wesnoth: sigurdfdragon wesnoth:master 7ced35839b83 / data/campaigns/Secrets_of_the_Ancients/scenarios/ (11_Battleground.cfg 21_Against_the_World.cfg): Revert "SotA S11 & 21: Fix #3294" https://github.com/wesnoth/wesnoth/commit/7ced35839b83979b36f3d4236333667ee02d04ea 20180729 16:44:28< irker849> wesnoth: sigurdfdragon wesnoth:master 32a630bd3f9a / data/campaigns/Secrets_of_the_Ancients/scenarios/21_Against_the_World.cfg: SotA S21: Fix #3294 properly https://github.com/wesnoth/wesnoth/commit/32a630bd3f9a7fe30a0799d7039f37db8155382a 20180729 16:44:30< irker849> wesnoth: sigurdfdragon wesnoth:master 46cc9a528919 / data/campaigns/Secrets_of_the_Ancients/scenarios/21_Against_the_World.cfg: SotA S21: Slight touchups https://github.com/wesnoth/wesnoth/commit/46cc9a528919df08d08f6df86c3d11a4545377ed 20180729 16:44:32< irker849> wesnoth: sigurdfdragon wesnoth:master c2cf0288fc3e / changelog.md: Update changelog https://github.com/wesnoth/wesnoth/commit/c2cf0288fc3e5361e16407c5c5abcdbe2a3711a4 20180729 16:51:41-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has joined #wesnoth-dev 20180729 16:54:58-!- TC01 [~quassel@venus.arosser.com] has quit [Ping timeout: 264 seconds] 20180729 17:07:18-!- sigurdfd [sigurdfd@dynamic-acs-72-23-110-196.zoominternet.net] has quit [] 20180729 17:27:50< celticminstrel> Not sure if this is worth opening an issue for @Vultraz but is the recall window initially sorted by level ascending now? It was for me at least, but maybe that was because I didn't reset preferences and the recent change meant that ascending and descending swap meanings somehow. In any case it should be initially sorted by level descending. 20180729 17:29:14<+discordbot> Likely a regression from https://github.com/wesnoth/wesnoth/pull/3370 20180729 17:29:50<+discordbot> It's quite strange, though. The PR makes the triangle match the sorting order, and the default order is descending. 20180729 17:30:21<+discordbot> https://github.com/wesnoth/wesnoth/blob/8f4055676f141695686c7a00ff1f772d27a91881/src/gui/dialogs/unit_recall.cpp#L60 20180729 17:31:49< celticminstrel> But the game also remembers what you left it in, right? 20180729 17:32:01<+discordbot> Yes. 20180729 17:32:07< celticminstrel> So maybe it remembered that I'd last had it in ascending, but the value it stored to mean that in prefs now means descending instead. 20180729 17:32:23< celticminstrel> If that's what it is, then there's no issue at all probably? 20180729 17:32:46<+discordbot> Indeed. If it's the case, it's not a bug. 20180729 17:32:58<+discordbot> Just a byproduct of the previous incorrect implementation. 20180729 17:33:53<+discordbot> https://github.com/wesnoth/wesnoth/commit/7c93690fa757373450c0d1ec22fc5c2372cb833a 20180729 17:47:52-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 17:47:58-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 17:52:51-!- valdar [~atarocch@109.112.10.222] has joined #wesnoth-dev 20180729 18:02:57-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 18:03:03-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 18:15:48-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 18:15:54-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 18:19:29-!- gfgtdf [~chatzilla@x55b0eb81.dyn.telefonica.de] has joined #wesnoth-dev 20180729 18:28:57-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 18:29:03-!- janebot [~Gambot@206.189.184.60] has joined #wesnoth-dev 20180729 18:29:04-!- janebot [~Gambot@206.189.184.60] has quit [Changing host] 20180729 18:29:04-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 18:38:04-!- vn971 [~vasya@94.158.103.15] has joined #wesnoth-dev 20180729 18:39:13< vn971> Is there a way to force download of a "modification" add-on, but not force it's use in a map? 🤔 20180729 18:47:27-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 18:47:33-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 18:48:55< vn971> Oh nevermind, it was even too easy to be asked for. 20180729 18:57:13< celticminstrel> I was thinking of opening a PR to move various units from campaigns to core. 20180729 18:57:48< celticminstrel> Things like quenoth, the additonal nagas, merman brawler, great ogre. Maybe a few others. 20180729 18:58:28< celticminstrel> (Moving quenoth looks to be pretty hard mind you, with all their events.) 20180729 18:59:06< celticminstrel> But anyway, the point of bringing it up is... are there any other units that people might want to consider moving to core? 20180729 18:59:30< celticminstrel> I was also considering the dwarvish miner, but not sure how to reconcile the SoF and SotA versions of it. 20180729 19:00:12< celticminstrel> (It looks like SoF uses role for its "loaded" status, that should probably be changed to use status instead, as role is assumed unique in many cases.) 20180729 19:01:05< vn971> celticminstrel: mostly it's "the less units the better", for me personally... Was especially so in the first years I played wesnoth. 20180729 19:01:09< celticminstrel> (Also I'm not sure if SotA would still need a local version because of the boat hackery.) 20180729 19:01:25< celticminstrel> I can't say I agree on that. 20180729 19:01:46< celticminstrel> Note that moving to core doesn't affect the multiplayer faction. It just means that add-ons that want to use these versions no longer need to copy them. 20180729 19:01:52< vn971> Today I even play Ageless easily. But back in the time I remember each new unit was a pain. Though to be fair, you propose to add to "core", not "Default" Era. So IDK how many people enable all units in Preferences and whether my note is really applicable. 20180729 19:01:54< celticminstrel> ^factions 20180729 19:02:16<+discordbot> enable all units? 20180729 19:02:36< vn971> @Pentarctagon: "show all units in help". 20180729 19:02:44< celticminstrel> I think this is more about convenience for add-on devs. I for one don't like having to copy a unit from mainline just so I can use it in my campaign. 20180729 19:04:04< celticminstrel> IIRC there were some undead units in the campaigns that people might in core? 20180729 19:04:43< celticminstrel> I don't want to touch units used for unique characters, such as the dwarvish leadership unit or the merfolk king. 20180729 19:05:00< vn971> @Pentarctagon, celticminstrel: easiest case which happened to me personally. I try to understand how abilities work, whether they are cool etc. So I open Help > abilities and start studying the list... The more items it has the more I have to study. Even if I have to study "swarm", which I won't see in Default Era at all. 20180729 19:05:33<+discordbot> would it be possible to add them to core, but hide them behind #ifdefs that an add-on author could enable if they want? 20180729 19:05:55< celticminstrel> Possible, but that partially defeats the purpose I think? That would mean they can't be used in MP, right? 20180729 19:06:17< celticminstrel> There'd be an ifdef for ENABLE_GREAT_OGRE but other than that I'd assumed just putting them in the "global namespace" so to speak. 20180729 19:06:33< celticminstrel> (And the ifdef would be for splicing it into the advancement tree, not for its existence.) 20180729 19:07:19<+discordbot> I think it'd also be a question of how many units this would add. If it's adding another hundred units or something, then that could have an impact on load times and such. 20180729 19:07:37< celticminstrel> Well, most of these are single units, I think. 20180729 19:07:45< celticminstrel> The quenoth is the biggest set. 20180729 19:07:50< celticminstrel> Which is what... fifteen or something? 20180729 19:08:09-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has quit [Ping timeout: 264 seconds] 20180729 19:08:33< celticminstrel> Twenty-one, in fact. And four nagas. 20180729 19:09:08< celticminstrel> Then merman brawler and probably also citizen, and great ogre. 20180729 19:09:16-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has joined #wesnoth-dev 20180729 19:09:26< celticminstrel> And perhaps three or four undead? I'm not entirely sure what other campaign units might be desirable. 20180729 19:09:41< celticminstrel> But that's well under fifty. 20180729 19:10:25< celticminstrel> Probably no more than thirty. 20180729 19:12:11< celticminstrel> BTW, can we actually add a riderless tauroch too? We have a riderless dustbok but IMO a riderless tauroch would be even nicer to have. 20180729 19:12:30< celticminstrel> I assume we do have a sprite for that somewhere? 20180729 19:36:09-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has quit [Quit: http://quassel-irc.org - Converse confortabelmente. En calquera parte.] 20180729 19:43:09-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 19:43:15-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 19:45:12-!- irker849 [~irker@uruz.ai0867.net] has quit [Quit: transmission timeout] 20180729 19:52:11-!- celticminstrel [~celmin@unaffiliated/celticminstrel] has quit [Quit: KABOOM! It seems that I have exploded. Please wait while I reinstall the universe.] 20180729 19:52:43-!- celticminstrel [~celmin@unaffiliated/celticminstrel] has joined #wesnoth-dev 20180729 19:57:43-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 19:57:49-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 19:58:21-!- boucman [~rosen@wesnoth/developer/boucman] has joined #wesnoth-dev 20180729 20:14:20-!- lilinitsy_ [~demonitsy@75-168-95-50.mpls.qwest.net] has joined #wesnoth-dev 20180729 20:38:08-!- irker733 [~irker@uruz.ai0867.net] has joined #wesnoth-dev 20180729 20:38:08< irker733> wesnoth/wesnoth:master Konrad2 a09df8143b Add files via upload AppVeyor: All builds passed 20180729 20:52:46-!- valdar [~atarocch@109.112.10.222] has quit [Ping timeout: 268 seconds] 20180729 20:54:08< gfgtdf> maybe someone could review the texts in https://github.com/wesnoth/wesnoth/commit/02804c1482f6ea7cd4e8f081d57e8fe7b18296ff ? i'd like to ask Soliton to rebuild the server to make sure all player know about the new version, but i'm not 100% sure about the text yet. 20180729 20:57:23-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has joined #wesnoth-dev 20180729 20:58:13<+discordbot> "you" should be capitalized. 20180729 20:58:47<+discordbot> An exclamation mark or period should end "We strongly reccomend to update to a newer wesnoth version" 20180729 20:59:43<+discordbot> maybe change "invade" to another word like "compromise"? 20180729 21:00:35< gfgtdf> ok thx will change those. 20180729 21:02:45< vn971> Do we actually allow connecting with an insecure version? 🤔 (Sorry, I have IRC disabled at times, I may have missed discussion on that.) 20180729 21:03:42<+discordbot> also maybe reword "A new version wesnoth " + recommendedversion + " is out!" to "A newer wesnoth version, " + recommended_version + ", is out!" 20180729 21:04:08< irker733> wesnoth: gfgtdf wesnoth:1.14 23ba7092256d / src/server/server.cpp: improve wesnoth version warning. https://github.com/wesnoth/wesnoth/commit/23ba7092256d2cfb055523d246ef0561af958567 20180729 21:04:49<+discordbot> also also, should "wesnoth" be capitalized? 20180729 21:05:52< gfgtdf> vn971: currently we do (i see people using version 1.14.1 or 1.14.3 on the official server), there wasn't much discussion on that though. 20180729 21:06:04<+discordbot> "reccomend to update" -> "recommend updating" as well 20180729 21:06:15< vn971> If the CVE seem to be more or less detailed about possible exploits. I'd vote for just banning insecure clients. For their own sake. But maybe not to ours, that depends on the point of view. 20180729 21:07:17< vn971> * typo, sorry. There should be no "if". I mean to say that the CVE is in fact more or less detailed. 20180729 21:07:54<+discordbot> (I'm done with suggestions, by the way) 20180729 21:09:39< vn971> In one clear message. I strongly vote for disallowing joining exploitable clients to the official server. Thoughts? 20180729 21:11:05< gfgtdf> i agree on that but it'd be nice if they get a rejected with a messsage explaining that its becasue ofa security issue 20180729 21:11:12< gfgtdf> Pentarctagon: ty 20180729 21:11:21< irker733> wesnoth: gfgtdf wesnoth:1.14 b3443d13e534 / src/server/server.cpp: improve wesnoth version warning further https://github.com/wesnoth/wesnoth/commit/b3443d13e5345abbf2ce9fbecf702e368d027dbe 20180729 21:15:02-!- stikonas [~gentoo@wesnoth/translator/stikonas] has joined #wesnoth-dev 20180729 21:18:21<+discordbot> Based on its description: "...one can use it to reenable the os.execute function to do shell commands..." this sounds like you could essentially do whatever the current user would be able to do. That sounds severe enough to disable joining the MP server for insecure clients to me. Though IIRC a point that was raised before was there are distros that will backport the change while keeping the version number the same, so I 20180729 21:18:22<+discordbot> don't know if that should change anything. 20180729 21:18:51<+discordbot> though such a restriction would also need to apply to accessing the add-ons server as well, wouldn't it? 20180729 21:19:52< vn971> @Pentarctagon uh, sadly, yes indeed. It's not a strict rule that we should do it in parallel, but it makes sense to do both by the same reasons. 20180729 21:21:44< gfgtdf> Pentarctagon: i though this only applies to older versions liek 1.12 and 1.10 ? 20180729 21:22:17< gfgtdf> like* 20180729 21:22:19<+discordbot> The security advisory post says "This affects versions 1.7.0 through 1.14.3" 20180729 21:22:28<+discordbot> https://forums.wesnoth.org/viewtopic.php?f=5&t=48530 20180729 21:22:59<+discordbot> so basically since lua was introduced, I think? 20180729 21:23:04< gfgtdf> my comment was about the "there are distros that will backport the change while keeping the version number the same" that is oynl newer version there is no reason to fix it withotu cahnign version number 20180729 21:23:55<+discordbot> It's the practice that GNU/Linux distributions follow, AFAIK. 20180729 21:25:16< gfgtdf> so if we bring out 1.14.4 they will seriously still put the fix into 1.14.3 ? even though tehy also have 1.14.4 ? 20180729 21:26:01<+discordbot> For 1.14.x, it depends. Some will just update to 1.14.4, others will backport the fix. 20180729 21:26:15< vn971> gfgtdf: that's what I'd expect from e.g. Debian. 20180729 21:26:32< vn971> In case of Debian the actual number is 1.12.6 though. 20180729 21:26:33<+discordbot> For older versions (which I thought you were talking about), they don't change the version number. 20180729 21:28:07< vn971> We didn't backport the fix to 1.12.6 ourselves as well for now, it seems. wesnoth-s package maintainers on Debian seem to be Rhonda and Vincent Cheng. https://packages.debian.org/stretch/wesnoth 20180729 21:28:42< vn971> // I can't push based on that, I don't do Cpp development myself at all, unfortunately. Just bringing in the numbers if that matters. 20180729 21:30:15< gfgtdf> hmm ye my question was just about 1.14 soince we are investgation whetehr we shoudl block users with older versions from the current stable mp server. 20180729 21:31:26<+discordbot> What's the reasoning behind backporting vs updating to the newest version? 20180729 21:32:03<+discordbot> Improvements versus stability. 20180729 21:32:21< vn971> @Pentarctagon stability I think. No unexpected breakage of functionality. 20180729 21:32:27<+discordbot> Updating brings all improvements from upstream developers (us), but also has a risk of regressions. 20180729 21:34:12< gfgtdf> well in any case printing a wanring is an improvemnt over what we currenly have, it doesn't stop us from rejecting those versions later if we want. 20180729 21:34:43< vn971> gfgtdf: agree, totally support moving on with the current solution in parallel to thinking if we should enforce more. 20180729 21:35:10< gfgtdf> Soliton: could you please rebuild and update the official 1.14 mp server for the lastest changes in the 1.14 branch ? 20180729 21:37:25<+discordbot> so it sounds like the question is whether it's worth the trade off of making sure everyone that connects to the stable MP server is using a secure version vs incorrectly blocking some people who had the security fix backported. 20180729 21:45:25< vn971> @Pentarctagon do you realistically believe anyone has it backported at all? I mean, Debian and Ubuntu don't seem to have it backported. Most others should upgrade anyway? 20180729 21:46:57<+discordbot> i support rejecting old versions 20180729 21:48:39<+discordbot> vn971: I really don't know. Backporting between minor versions of a stable release series seems pretty strange to me as a whole. 20180729 21:50:11< vn971> @Pentarctagon: I don't see anyone who'd do that, if even Deb and Ubu didn't. So by default I assume "version < 1.14" == "you have security vulnerability". Really don't see any other choices here. 20180729 21:52:06<+discordbot> I wasn't trying to say anyone did actually do that(and even if they did we have Steam and the flatpak version as alternatives available). I was mostly just trying to make sure I was understanding the question. 20180729 21:52:40<+discordbot> particularly since I could have sworn this was brought up and considered briefly before 20180729 21:58:19< zookeeper> celticminstrel, no, i don't think anyone's made a riderless tauroch sprite, but yes, it might be nice to have. 20180729 21:58:41< vn971> @Pentarctagon: I think your point is still valid for 1.12, if we ever consider "supporting" them too. If we start banning old clients we may mess up with distros who'll actually make the backport. This one will be tough. Especially if the backport won't either change version or do anything we can check from server. This all is really sad to me. 20180729 22:00:01<+discordbot> Is any of this (the fix or the warning) being backported to 1.12 by us? 20180729 22:00:29<+discordbot> If not, 1.12 is kind of a moot point. 20180729 22:00:46< vn971> I mean the backporting situation in distros I respect is sad. This is partially why I moved to ArchLinux - I stopped believing in proper backport security fixes. But it's sad to see the issue with my own eyes on old loved distro. 20180729 22:01:31< zookeeper> also, i rather strongly object to moving the quenoth units to core. there should always be a reason beyond "well some UMC might want to use X so it should be in core for maximum convenience" for including stuff in core, because that alone is an untenable argument because it can applied to everything. 20180729 22:01:39< vn971> @Pentarctagon: it wasn't backported by us to 1.12 if I read git correctly. 20180729 22:03:12-!- Appleman1234 [~quassel@123.211.131.135] has joined #wesnoth-dev 20180729 22:05:45<+discordbot> I'm confused as to why 1.12 has been brought up, in that case 20180729 22:09:47< zookeeper> if the problem affects 1.12 then it'd be weird to disallow only older 1.14 versions if/when 1.12 is going to be around anyway. 20180729 22:09:52< zookeeper> that's what i presume to be the point. 20180729 22:11:06<+discordbot> Can you all stop jumping to conclusions and commits for a moment? 20180729 22:12:37<+discordbot> I'm going to start by pointing out Wesnoth Inc's interests first. The iPhone version is still on 1.10, we need the 1.10 server running for that reason. I don't know if @sinda has backported the fix to 1.10 or if he's even aware of it (or whether he has updated the iPad version to 1.12.4 yet). 20180729 22:13:05<+discordbot> Second, I am not interested in having the rolling distributions vs. stable distributions argument here. 20180729 22:13:29<+discordbot> If you are aware that a distribution hasn't applied the fix despite me loudly announcing it to our packagers mailing list, file a bug with them. 20180729 22:13:58<+discordbot> And gfgtdf, I believe I told you to file a bug report of our own for reference purposes after 1 week following the 1.14.4 release. 20180729 22:14:11<+discordbot> (I meant 1.14.4 when referring to iPad above, not 1.12.4.) 20180729 22:15:29<+discordbot> Finally, I am pretty sure Rhonda and vincent_c (they both handle Debian and Ubuntu) are aware of the fix, I assume there's some hold-up at their end which is why I haven't seen the DSA yet. 20180729 22:17:02<+discordbot> (Assuming the hold-up isn't precisely that because the fix wasn't backported to the 1.12 branch, they're having difficulties figuring out how to backport it themselves.) 20180729 22:17:20-!- gallaecio [~quassel@89.96.79.188.dynamic.jazztel.es] has quit [Quit: http://quassel-irc.org - Converse confortabelmente. En calquera parte.] 20180729 22:18:07<+discordbot> And post-finally, loonycyborg and I are also able to rebuild the MP server, not just Soliton. 20180729 22:29:19<+discordbot> the Wesnoth iOS page says it's been updated to 1.14.4 20180729 22:29:24<+discordbot> https://itunes.apple.com/us/app/battle-for-wesnoth-hd/id575852062?mt=8 20180729 22:31:18<+discordbot> And what about the iPhone version? 20180729 22:32:24<+discordbot> if we're still talking about blocking access of older clients to the current stable MP server, then it wouldn't apply, would it? 20180729 22:32:55<+discordbot> You're thinking of the current stable MP server but we also run 1.12 and 1.10 instances. 20180729 22:33:59<+discordbot> I was probably using the wrong words then. I don't think the 1.14 instance can block 1.12 or 1.10 clients, can it? 20180729 22:34:36<+discordbot> As a matter of fact, it does block 1.12 and 1.10 clients, just not for that reason. 20180729 22:35:02<+discordbot> It's the 1.12 and 1.10 instances that would need to "block" anything in this case, and in any case, I think you are ignoring everything else I pointed out. 20180729 22:35:08<+discordbot> In particular with regards to backported patches. 20180729 22:36:33<+discordbot> You can't force distributions to upgrade to 1.14.4 or bump the version numbers, and locking out players of distributions that do not conform to somebody's personal notion of an ideal platform would be really bad form from us as an upstream. 20180729 22:37:43<+discordbot> (And I am going to preemptively say that anything that Vultraz says on this matter does not count because he doesn't know the first thing about non-Windows operating systems and software distribution.) 20180729 22:40:21<+discordbot> I still wasn't saying it very well. The 1.14 instance won't block clients from connecting to the 1.12 and 1.10 instances, will it? 20180729 22:40:40< celticminstrel> zookeeper: Really? I figured someone must've made such a sprite at some point to use as a base for the tauroch rider sprites... 20180729 22:41:11<+discordbot> The redirector on port 15000 sends 1.12 and 1.10 clients to the 1.12 and 1.10 instances, respectively. 20180729 22:41:29<+discordbot> It runs a debug build from master itself. 20180729 22:43:37<+discordbot> so unless someone intends to implement blocking of insecure versions in 1.10, then the iPhone version is irrelevant to this, I would think. 20180729 22:44:16<+discordbot> I just explained why there's not going to be any such blocking in the first place. 20180729 22:44:38< zookeeper> celticminstrel, nope, jetrel only made the lvl1 rider sprite as-is 20180729 22:44:51<+discordbot> I know. I still don't understand why the iPhone was brought up/ 20180729 22:44:55<+discordbot> But the iPhone version is not fully irrelevant either because it exists and is vulnerable unless the patch has been backported to it. 20180729 22:45:41< celticminstrel> Maybe someone could ask Jetrel if he has a riderless sprite handy? 20180729 22:45:46< celticminstrel> If he works in layers, it's possible. 20180729 22:45:47<+discordbot> You started talking about blocking versions in general, I pointed out why we're not going to block versions. 20180729 22:46:18<+discordbot> Whether an instance is technically able or unable to block versions is secondary to that. 20180729 22:49:16<+discordbot> The only thing I've meant to be asking about is the topic of blocking 1.14.3 and older on the 1.14 instance. 20180729 22:50:11< gfgtdf> @shadowm ye i know that, but my expreice is that often if i ask multiple persons to do somehitng noone feels reposible, so i asked Soliton first. 20180729 22:50:46<+discordbot> I haven't heard of him in a while despite stuff relevant to his area coming up (and being resolved in his absence). 20180729 22:51:48< gfgtdf> shadowm: so will you rebuild the server ? 20180729 22:52:07<+discordbot> When I take a look at the commits I will. 20180729 22:52:40<+discordbot> Because if I understand correctly, it's just a warning for now, isn't it? 20180729 22:53:04<+discordbot> Why did you have to hide the version number in the worst possible place though? 20180729 22:53:22<+discordbot> No-one's going to remember that it's buried in src/server/server.cpp. 20180729 22:54:01<+discordbot> We have src/wesconfig.h with the minimum "this does not crash the game" version for saved games, so why not use that instead? 20180729 22:54:51<+discordbot> reacting to @shadowm 's ping. I'm not aware of what the issue is. 1.14.4 is released for iPad. on iPhone, os.execute is ifdef-ed out and is no-op. Is there anything else that needs to be done? 20180729 22:55:04<+discordbot> Yes, a lot in fact. 20180729 22:55:38<+discordbot> http://mailman.wesnoth.org/pipermail/packagers/2018-July/000003.html 20180729 22:55:44<+discordbot> https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 20180729 22:56:50<+discordbot> It's not as simple as removing one or two functions because the whole point is that it is theoretically possible to jump outside of Lua (and there are also other potential targets within Lua anyway). 20180729 22:57:46<+discordbot> 1.14.4 has the fix, I'm restating that in case it's not obvious somehow (at least one person asked me that question before). It hasn't been backported to our 1.10 and 1.12 branches yet AFAIK, it ideally should be, but if it isn't, you have the ability to look into doing so yourself. 20180729 22:58:08<+discordbot> Thanks, reading now. 20180729 22:58:12< gfgtdf> shadowm: if you want to review, its not only that commit that has changed, it's also 0917a78c02, 692319b5ca, 20128ac991 and maybe even ca90ca35f0 20180729 22:58:17<+discordbot> Or just get gfgtdf to do it for you, preferably, so that everyone can reap the benefits. 20180729 22:58:29-!- boucman [~rosen@wesnoth/developer/boucman] has quit [Remote host closed the connection] 20180729 22:58:53< vn971> @shadowm: I think it makes sense to separate questions for different versions. I support blocking 1.14.0 -- 1.14.3.* because 1. these versions can lead to problems for us and severe problems to our users 2. I don't think the "package manager lag" stuff really applies to them. I still hope that Debian/Ubuntu will get a proper fix eventually. At least I wouldn't hurry up with blocking here. 20180729 22:59:07-!- Guest20612 [matthiaskr@gateway/shell/panicbnc/x-gxebdsowzfzclczj] has quit [Quit: PanicBNC - https://PanicBNC.net - currently sucks] 20180729 22:59:29<+discordbot> I already saw that vn971, that's why I said I do not support that thing you're supporting. 20180729 22:59:40<+discordbot> And therefore will not apply any changes to the server along those lines. 20180729 23:00:53< vn971> @shadowm: at the same time, I understand the desire not to start a panic, and importantly enough not frighten users away from using wesnoth in general. Not making the users afraid of running the game. That's where proper wording comes in. 20180729 23:01:10-!- matthiaskrgr [matthiaskr@gateway/shell/panicbnc/x-xmrmzecoqpgkvzqp] has joined #wesnoth-dev 20180729 23:01:34-!- matthiaskrgr is now known as Guest33016 20180729 23:01:37< vn971> @shadowm: you elaborate on 1.12 and earlier versions, you didn't talk about 1.14.3 explicitely. Why aren't you in support of that? You're afraid it'll hurt Wesnoth Inc-s image? 20180729 23:02:02<+discordbot> Why do I need to elaborate on 1.14.3 when the patch in the 1.14 branch trivially applies on it? 20180729 23:02:14<+discordbot> (Because, you know, 1.14.3 is a close ancestor of the patch itself.) 20180729 23:02:54< vn971> @shadowm: so you really think we have, or will in near future have 1.14.3 clients with the fix backported? 20180729 23:03:10<+discordbot> It is possible? I don't know? That's up to downstreams. 20180729 23:03:24-!- aidanhs2 [~aidanhs@81.4.110.234] has quit [Ping timeout: 256 seconds] 20180729 23:04:39<+discordbot> The only downstream we have a direct influence on is the iOS port (both iPhone and iPad), we already have confirmation that the iPad version is in fact updated to 1.14.4, and you can see above that sinda just became aware of the implications for the iPhone version, which is not 1.14.3 but rather some 1.10.x version. 20180729 23:05:49<+discordbot> So I don't know why on earth I'd be "afraid" it'll hurt the company's image in some fashion considering that's literally the only thing under their control. (Not to mention I'm not affiliated with them in any fashion whatsoever.) 20180729 23:06:00<+discordbot> so ipad is 1.14.x? 20180729 23:06:06< vn971> @shadowm: yes it is possible. Theoretically. But in practice we have a remote exploit on our hands that we can as well stop. 20180729 23:06:06< vn971> Mind you, the current wording that users will start see now is "has known security issues that can be used to compromise your computer". You want to maintain a good image yet you tell that a compromise is available for the game the user just opened. And you're not forcing an update, you just tell, you know, it's insecure at all. 20180729 23:06:23<+discordbot> Yes, as a reminder Pentarctagon just posted a link to the store page mentioning that it's now updated to 1.14.4. 20180729 23:06:38<+discordbot> but iphone still 1.10? 20180729 23:06:55<+discordbot> "the iPhone version, which is not 1.14.3 but rather some 1.10.x version" 20180729 23:07:01<+discordbot> hmm 20180729 23:07:09<+discordbot> I kinda thought that they have same os 20180729 23:07:15< vn971> @shadowm: from reputation perspective, it may actually be _better_ to block instead of make those warnings. Not to mention it's more honest(?)... 20180729 23:07:21<+discordbot> so would require same porting effort 20180729 23:07:29<+discordbot> Same operating system, different form factor, different challenges for Wesnoth. 20180729 23:07:46<+discordbot> Because the game's UI apparently needed some heavy changes to fit in an iPhone screen. 20180729 23:08:27<+discordbot> vn971: Stop making this about "maintaining a good image" because it isn't. 20180729 23:08:28< gfgtdf> shdowm: made a the reference issue, it mostly coping the commits message. 20180729 23:09:31<+discordbot> Thanks. 20180729 23:09:44<+discordbot> on the other hand, most people don't understand what exact risks those security issues pose 20180729 23:10:14<+discordbot> I don't think wesnoth would make a good vector for malware at this moment 20180729 23:10:58<+discordbot> I don't know loony, I have this thing about me. 20180729 23:11:14<+discordbot> Every time someone says "nah X will never happen" near me, X eventually happens. 20180729 23:12:06< vn971> @loonycyborg: some ssh keys are appealing to get though. 20180729 23:12:20<+discordbot> I will admit that sometimes I make X happen myself as long as the consequences are just entertaining and not destructive. 20180729 23:12:44<+discordbot> yes 20180729 23:12:49<+discordbot> it can really happen 20180729 23:13:10<+discordbot> but most people won't understand what are risks exactly 20180729 23:13:34< vn971> I'm off. Last thing: we can maybe have some timeline when to apply which measures. Will read the discussion tomorrow. 20180729 23:13:42<+discordbot> so they'll either overreact or become complacent 20180729 23:14:04<+discordbot> there's simply no good way to communicate security stuff to average person 20180729 23:14:17<+discordbot> better if it's handled with auto-updates and stuff 20180729 23:14:44< vn971> @loonycyborg: that's why blocking doesn't sound as bad to me if you compare it with pure warnings, actually. A block is a demand that you just do something, and then it's over. A warning is something you ignore yet might still remember.. 20180729 23:15:18<+discordbot> My only planned timeline was: release, 1 week later full disclosure (since someone spilled the beans too early through Git). The rest is something you people came up with all of a sudden one Sunday evening. 20180729 23:15:22-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has quit [Ping timeout: 264 seconds] 20180729 23:15:24<+discordbot> And I do not agree with any of it. 20180729 23:16:21<+discordbot> Blocking is not going to happen, and I don't feel the warnings are going to be useful or effective. 20180729 23:16:35<+discordbot> (And I repeat this a 5th time for your convenience: blocking is not going to happen.) 20180729 23:19:26<+discordbot> Also, as a matter of fact, CVE-2015-0844 was much more trivially exploitable and no-one decided to block clients because of it. 20180729 23:29:49< irker733> wesnoth/wesnoth:1.14 sigurdfdragon 8f4055676f Update changelog AppVeyor: All builds passed 20180729 23:35:09-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has quit [Remote host closed the connection] 20180729 23:35:15-!- janebot [~Gambot@unaffiliated/gambit/bot/gambot] has joined #wesnoth-dev 20180729 23:38:43-!- gfgtdf [~chatzilla@x55b0eb81.dyn.telefonica.de] has quit [Quit: ChatZilla 0.9.93 [Firefox 52.9.0/20180621064021]] 20180729 23:55:48-!- stikonas [~gentoo@wesnoth/translator/stikonas] has quit [Remote host closed the connection] --- Log closed Mon Jul 30 00:00:28 2018