Merge remote-tracking branch 'local-1.7/master-MC1.7.10' into master-…

…MC1.12

build.gradle

@@ -232,7 +232,10 @@ dependencies {
  embedded name: 'OC-JNLua', version: '20230530.0', ext: 'jar'
  embedded name: 'OC-JNLua-Natives', version: '20220928.1', ext: 'jar'
 
+ testImplementation("junit:junit:4.13")
  testImplementation("org.mockito:mockito-all:1.10.19")
+ testImplementation("org.scalactic:scalactic_2.11:2.2.6")
+ testImplementation("org.scalatest:scalatest_2.11:2.2.6")
 
  provided fg.deobf("codechicken:EnderStorage:${config.minecraft.version}-${config.enderstorage.version}:universal")
 }

build.properties

@@ -5,7 +5,7 @@ forge.version=14.23.5.2860
 
 mod.name=OpenComputers
 mod.group=li.cil.oc
-mod.version=1.8.0-snapshot
+mod.version=1.8.3-snapshot
 
 ae2.version=rv6-stable-7
 buildcraft.version=7.99.24.8

changelog.md

@@ -1,30 +1,12 @@
-## New features
-
-* [#3533] Added support for observing the contents of fluid container items.
-* [1.12.2] Ported some CoFH Core, Ender IO and Railcraft drivers and wrench support.
-* Added Railcraft Anchor/Worldspike driver (repo-alt).
-* Added Spanish translation (sanmofe).
-
 ## Fixes/improvements
 
-* [#3620] Fixed OC 1.8.0+ regression involving API arguments and numbers.
-* [#3013] Fixed rare server-side deadlock when sending disk activity update packets.
-* Fixed bugs in internal wcwidth() implementation and updated it to cover Unicode 12.
-* [1.7.10] Fixed the Database upgrade's documentation not showing up in NEI.
-* Fixed server->client synchronization for some types of GPU bitblt operations.
-* Fixed string.gmatch not supporting the "init" argument on Lua 5.4.
-* Tweaks to server->client networking code:
- * Added support for configuring the maximum packet distance for effects, sounds, and all client packets.
- * Improved the method of synchronizing tile entity updates with the client.
- * Robot light colors are now sent to all observers of the tile entity, preventing a potential (rare) glitch.
-* Update GNU Unifont to 15.0.05.
-
-## OpenOS fixes/improvements
-
-* [#3371] Fix minor bug in rm.lua.
-* Fix "ls -l" command on Lua 5.4.
-* General minor improvements to the codebase.
+* Reworked Internet Card filtering rules.
+ * Implemented a new, more powerful system and improved default configuration.
+ * Internet Card rules are now stored in the "internet.filteringRules" configuration key.
+ * The old keys ("internet.whitelist", "internet.blacklist") are no longer used; an automatic migration is done upon upgrading the mod.
+* [#3635] ArrayIndexOutOfBoundsException when using servers with 3 network cards
+* [#3634] Internet card selector update logic erroneously drops non-ready keys
 
 ## List of contributors
 
-asie, ds84182, Possseidon, repo-alt, sanmofe
+asie, Fingercomp

src/main/java/com/typesafe/config/impl/OpenComputersConfigCommentManipulationHook.java

@@ -0,0 +1,26 @@
+package com.typesafe.config.impl;
+
+import com.typesafe.config.Config;
+import com.typesafe.config.ConfigValue;
+
+import java.util.List;
+
+public final class OpenComputersConfigCommentManipulationHook {
+ private OpenComputersConfigCommentManipulationHook() {
+
+ }
+
+ public static Config setComments(Config config, String path, List<String> comments) {
+ return config.withValue(path, setComments(config.getValue(path), comments));
+ }
+
+ public static ConfigValue setComments(ConfigValue value, List<String> comments) {
+ if (value.origin() instanceof SimpleConfigOrigin && value instanceof AbstractConfigValue) {
+ return ((AbstractConfigValue) value).withOrigin(
+ ((SimpleConfigOrigin) value.origin()).setComments(comments)
+ );
+ } else {
+ return value;
+ }
+ }
+}

src/main/java/li/cil/oc/util/InetAddressRange.java

@@ -0,0 +1,64 @@
+
+package li.cil.oc.util;
+
+import com.google.common.net.InetAddresses;
+
+import java.net.InetAddress;
+
+// Originally by SquidDev
+public final class InetAddressRange {
+ private final byte[] min;
+ private final byte[] max;
+
+ InetAddressRange(byte[] min, byte[] max) {
+ this.min = min;
+ this.max = max;
+ }
+
+ public boolean matches(InetAddress address) {
+ byte[] entry = address.getAddress();
+ if (entry.length != min.length) return false;
+
+ for (int i = 0; i < entry.length; i++) {
+ int value = 0xFF & entry[i];
+ if (value < (0xFF & min[i]) || value > (0xFF & max[i])) return false;
+ }
+
+ return true;
+ }
+
+ public static InetAddressRange parse(String addressStr, String prefixSizeStr) {
+ int prefixSize;
+ try {
+ prefixSize = Integer.parseInt(prefixSizeStr);
+ } catch (NumberFormatException e) {
+ throw new IllegalArgumentException(String.format("Malformed address range entry '%s': Cannot extract size of CIDR mask from '%s'.",
+ addressStr + '/' + prefixSizeStr, prefixSizeStr));
+ }
+
+ InetAddress address;
+ try {
+ address = InetAddresses.forString(addressStr);
+ } catch (IllegalArgumentException e) {
+ throw new IllegalArgumentException(String.format("Malformed address range entry '%s': Cannot extract IP address from '%s'.",
+ addressStr + '/' + prefixSizeStr, addressStr));
+ }
+
+ // Mask the bytes of the IP address.
+ byte[] minBytes = address.getAddress(), maxBytes = address.getAddress();
+ int size = prefixSize;
+ for (int i = 0; i < minBytes.length; i++) {
+ if (size <= 0) {
+ minBytes[i] = (byte) 0;
+ maxBytes[i] = (byte) 0xFF;
+ } else if (size < 8) {
+ minBytes[i] = (byte) (minBytes[i] & 0xFF << (8 - size));
+ maxBytes[i] = (byte) (maxBytes[i] | ~(0xFF << (8 - size)));
+ }
+
+ size -= 8;
+ }
+
+ return new InetAddressRange(minBytes, maxBytes);
+ }
+}

src/main/resources/application.conf

@@ -965,37 +965,44 @@ opencomputers {
  # the `connect` method on internet card components becomes available.
  enableTcp: true
 
- # This is a list of forbidden domain names. If an HTTP request is made
- # or a socket connection is opened the target address will be compared
- # to the addresses / address ranges in this list. It it is present in this
- # list, the request will be denied.
- # Entries are either domain names (www.example.com) or IP addresses in
- # string format (10.0.0.3), optionally in CIDR notation to make it easier
- # to define address ranges (1.0.0.0/8). Domains are resolved to their
- # actual IP once on startup, future requests are resolved and compared
- # to the resolved addresses.
- # By default all local addresses are blocked. This is only meant as a
+ # This is a list of filtering rules. For any HTTP request or TCP socket
+ # connection, the target address will be processed by each rule, starting
+ # from first to last. The first matching rule will be applied; if no rule
+ # contains a match, the request will be denied.
+ # Two types of rules are currently supported: "allow", which allows an
+ # address to be accessed, and "deny", which forbids such access.
+ # Rules can be suffixed with additional filters to limit their scope:
+ # - all: apply to all addresses
+ # - default: apply built-in allow/deny rules; these may not be up to date,
+ # so one should primarily rely on them as a fallback
+ # - private: apply to all private addresses
+ # - bogon: apply to all known bogon addresses
+ # - ipv4: apply to all IPv4 addresses
+ # - ipv6: apply to all IPv6 addresses
+ # - ipv4-embedded-ipv6: apply to all IPv4 addresses embedded in IPv6
+ # addresses
+ # - ip:[address]: apply to this IP address in string format (10.0.0.3).
+ # CIDR notation is supported and allows defining address ranges
+ # (1.0.0.0/8).
+ # - domain:[domain]: apply to this domain. Domains are resolved to their
+ # actual IP only once (on startup), future requests are resolved and
+ # compared to the resolved addresses. Wildcards are not supported.
+ # The "removeme" rule does not have any use, but is instead present to
+ # detect whether to emit a warning on dedicated server configurations.
+ # Modpack authors are asked not to remove this rule; server administrators
+ # are free to remove it once the filtering rules have been adjusted.
+ # By default all private addresses are blocked. This is only meant as a
  # thin layer of security, to avoid average users hosting a game on their
  # local machine having players access services in their local network.
  # Server hosters are expected to configure their network outside of the
  # mod's context in an appropriate manner, e.g. using a system firewall.
- blacklist: [
- "127.0.0.0/8"
- "0.0.0.0/8"
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
+ filteringRules: [
+ "removeme",
+ "deny private",
+ "deny bogon",
+ "allow default"
  ]
 
- # This is a list of allowed domain names. Requests may only be made
- # to addresses that are present in this list. If this list is empty,
- # requests may be made to all addresses not forbidden. Note that the
- # blacklist is always applied, so if an entry is present in both the
- # whitelist and the blacklist, the blacklist will win.
- # Entries are of the same format as in the blacklist. Examples:
- # "gist.github.com", "www.pastebin.com"
- whitelist: []
-
  # The time in seconds to wait for a response to a request before timing
  # out and returning an error message. If this is zero (the default) the
  # request will never time out.

src/main/resources/assets/opencomputers/loot/openos/lib/core/boot.lua

@@ -1,7 +1,7 @@
 -- called from /init.lua
 local raw_loadfile = ...
 
-_G._OSVERSION = "OpenOS 1.8.2"
+_G._OSVERSION = "OpenOS 1.8.3"
 
 -- luacheck: globals component computer unicode _OSVERSION
 local component = component

src/main/scala/li/cil/oc/OpenComputers.scala

@@ -57,6 +57,32 @@ object OpenComputers {
  def serverStart(e: FMLServerStartingEvent): Unit = {
  CommandHandler.register(e)
  ThreadPoolFactory.safePools.foreach(_.newThreadPool())
+
+ if (Settings.get.internetAccessConfigured()) {
+ if (Settings.get.internetFilteringRulesInvalid()) {
+ OpenComputers.log.warn("####################################################")
+ OpenComputers.log.warn("# #")
+ OpenComputers.log.warn("# Could not parse Internet Card filtering rules! #")
+ OpenComputers.log.warn("# Review the server log and adjust the filtering #")
+ OpenComputers.log.warn("# list to ensure it is appropriately configured. #")
+ OpenComputers.log.warn("# (config/OpenComputers.cfg => filteringRules) #")
+ OpenComputers.log.warn("# Internet access has been automatically disabled. #")
+ OpenComputers.log.warn("# #")
+ OpenComputers.log.warn("####################################################")
+ } else if (!Settings.get.internetFilteringRulesObserved && e.getServer.isDedicatedServer) {
+ OpenComputers.log.warn("####################################################")
+ OpenComputers.log.warn("# #")
+ OpenComputers.log.warn("# It appears that you're running a dedicated #")
+ OpenComputers.log.warn("# server with OpenComputers installed! Make sure #")
+ OpenComputers.log.warn("# to review the Internet Card address filtering #")
+ OpenComputers.log.warn("# list to ensure it is appropriately configured. #")
+ OpenComputers.log.warn("# (config/OpenComputers.cfg => filteringRules) #")
+ OpenComputers.log.warn("# #")
+ OpenComputers.log.warn("####################################################")
+ } else {
+ OpenComputers.log.info(f"Successfully applied ${Settings.get.internetFilteringRules.length} Internet Card filtering rules.")
+ }
+ }
  }
 
  @EventHandler