instead we use a custom struct. std::pair is bad becasue you never know
what "first" or "second" mean.
(cherry-picked from commit c4aacbe31f31799861e03f4b7f7b241bee64aa65)
as said in the comment, that get_special_bool might return the wrong value, as since 5f58cd7c6d the bc_vector no longer contains disabled attacks we can just remove this code.
fixes#3324
(cherry-picked from commit 44734570dd1824a098252d78dafc0f5a561c13cf)
as the ingame ui is not shown yet, [delay] would only result in showing a black screen,
Also in the case of initial lua it might result in crashes because of the threaded loadingscren, or simply because parts of the ui are not initialized yet.
(cherry-picked from commit 97b561269101e5e6d1637d00b44363fc6a1728fd)
Also fixes a mistake from the 1.14.3 rules that caused "xxx MiB" to be
replaced with "xxx MB MiB" for all platforms. Oops. Nobody noticed
anyway (?).
[ci skip]
(cherry-picked from commit 12a3b973b9f357d0b1685df5b29fbcea0fefc7be)
Uses an Orcish castle instead of destroyes human. Troll would maybe fit best,
but it doesn't fit well with the surrounding. Has now only 2 castle hexes.
On easy difficulty, reduced turns by two, it should be enought turns.
Also added one more enemy, as there are less wolves spawned on easy.
And income for Gryphons once again increased by 1, they are very expensive.
Reminding events have been adjusted to turns.
[ci skip]
(cherry-picked from commit c2064827e4d65d819ee258ec40ef54b0c8875590)
Until he is found. This also means one less villages for side 2, increased
their income thatfor,
[ci skip]
(cherry-picked from commit 390d66fda1f55f0b08b3ad950c7e96b38bb35994)
It is the Saurians that have their males killed in S11, so the females
take revenge.
(cherry-picked from commit 32a630bd3f9a7fe30a0799d7039f37db8155382a)
This reverts commit a4bad90bad379feb77e17a4d8ab6cda1dc05e3cc.
It is supposed to be the male Saurians that get killed in S11, and the
females seek revenge in S21.
(cherry-picked from commit 7ced35839b83979b36f3d4236333667ee02d04ea)
The ability isn't needed in master because none of the unit tests call
deprecated functions here, but it may be useful in the future or make
cherry-picking of future changes easier.
(cherry-picked from commit 74d8cfa98e0f61ee22a536fc06c2019c9c89aede)
Fixes the vulnerability introduced in commit 52ae31efb21b31f5bb0763d1da24709e90393c59.
(cherry-picked from commit 6450bada57f95af55c490f9d7601ef5e073cdaf1)
Like @gfgtdf pointed out, loadstring() is still supported by Lua in the
name of backwards compatibility, even though it was deprecated in Lua 5.2
and is no longer mentioned in Lua manual. Thus, as of committing this it's
actually possible to load Lua bytecode.
Let's unit test this to ensure that we don't reintroduce this
vulnerability.
(cherry-picked from commit aa73b836009ca98cade2d0dfca6b99cbf8d19e76)
Side 3 was composed by enemy reinforcements. Since they were
spawned on the right corner of the map, and since side 2
was blocked inside Halstead by and [avoid] tag, it was
necessary to add a new hidden side which could move freely
on the map.
If we upgrade the AI, removing the [avoid] tag, this hidden
side becomes unnecessary.
(cherry-picked from commit f32dfaa9170a998dbbacb54d73346cb67a32dd05)
All sides will now head to the central fortress. Orcs
should now be a bit smarter, and they should not suicide
during the morning or the afternoon. The humans in Halstead
will initially remain inside their fortress, until the enemy
arrival.
(cherry-picked from commit e63a15fc913de1d51ea8caf4330409109e1b2f0f)
Instead of checking whether there are no enemy units left
every time one of them dies, use the "enemies defeated"
event.
(cherry-picked from commit 4ced6c752630d7703c1b73290417add9abb7e19e)
There are two layers of halos and they are applied in a somewhat
convoluted fashion. I should probably explain why.
The bottom halo is designed so it's drawn *below* the main unit sprite
so as to not muddle the colours on it. Halos are normally drawn *on top*
of sprites.
The back halo is specifically masked so it's drawn behind the main unit
sprite without overlapping any of its pixels, but it's asymmetrical and
supposed to flip along with the unit sprite depending on the direction
it's facing. Halos do not do that currently, at least not without using
animation WML conditionals. Unfortunately, for some reason, using a
standing animation that's nothing but conditionals causes the game to
crash at the moment.
Taking all this into consideration, using the blit IPF is a much easier
mechanism to avoid both issues at once, even if it makes the code
slightly awkward.
If someone can think of an alternative method, they're more than welcome
to change the code as long as the sprite's composition remains exactly
the same as it is now. I'm just the artist in this case.
[ci skip]
(cherry-picked from commit 6e1a861bdab92edcd24c297aa97367dfcb6c0876)
It didn't make sense for the dwarves to only notice "glowing" after night had ended.
[ci skip]
(cherry-picked from commit 5758c900e248baf3fc581e9932a2553d92120ac2)
This avoids one of the two files which are currently causing macOS SCons
builds to fail in the master branch.
(cherry-picked from commit 8dc60ae98fa472d7a5fa124002f7b1a2f552e0f3)
Monkey-patching has multiple problems. The biggest problem for a security
fix like this is that it's way too easy to forget to re-apply when we
update Lua to a newer version.
Instead, we now have the implementation of load() under our control and can
update Lua without risk of reintroducing CVE-2018-1999023.
(cherry-picked from commit 52ae31efb21b31f5bb0763d1da24709e90393c59)
this test whether we succesfully prevent the exceution and parsing of
precompiled lua chunks, which can be used to break the lua sandbox.
This test does not cover all affected functions in particular not the ai
code that loads lua chunks.
(cherry-picked from commit 6b13a63bb0999e1c494a4236a5d565306db5a0b9)
This could otherwise be used to escape the lua sandbox, as described in
multiple sources. For example one can use it to reenable the os.execute
function to do shell commands
The affected functions were
load,loadstring,wesnoth.dofile,wesnoth.require and various places in the
wesnoth source where lua chunks were loaded for example by the ai code.
This commit also changes the lua source to change luas load (which is
the same as loadstring), alternatively we could add a wrapper around the
original load function that always passes "t" as third parameter, i went
this way mostly because it was easier to implement, but also because i
was not 100% sure that is is impossible to query the upvalues of a
function via lua (wesnoth disables debug.getupvalue but still).
There is also an occurance in the application_lua_kernel that was not fixed
because i assumed that umc cannot contian application lua scipts.
As further security measure we might want to disable printing the function
adress in luas tostring for c functions, this cannot be exploited by itself
but it can be used to defeat ASLR in some cases.
(cherry-picked from commit 2554c166dd45bfdee8ee24431224bd25e52bab12)
* revised and additional snowed hut villages, with night-light TOD variations
* remove spaces to keep column alignment
(cherry-picked from commit 9042b0beb75e637b786a659eb674cccc6d92be28)
Negating an unsigned integer still returns an unsigned value
(in other words, always positive) which isn't what we want.
(cherry-picked from commit e961cc08993bb2b796891530d084da73ec212351)
Before:
20180724 17:21:37 error gui/layout: Failed to fit vertical list to requested rect; expected bottom edge was 277
20180724 17:21:37 error gui/layout: , actual bottom edge was 195
20180724 17:21:37 error gui/layout: (top edge is 113)
After:
20180724 17:34:30 error gui/layout: Failed to fit vertical list to requested rect; expected bottom edge was 277, actual bottom edge was 195 (top edge is 113)
(cherry-picked from commit aab10daac44a3883e368ff457764d0659c69c39f)
This allows the sorting logic top be shared between the sidebar and the
unit preview pane. It also means that we no longer need to create a lambda
to sort them.
I also refactored the generation of movement cost data in help. In
particular, we're no longer extracting the struct to named local variables.
(cherry-picked from commit d8e2498dded14e9df5abcd5e20ac8c8c252dca3a)
Sort movement costs in tooltip, unit preview pane, and unit description alphabetically.
(cherry-picked from commit 61b7e7298b99e11746501e435e6301c7360e2d1c)
