Page 1 of 2
Zandronum 1.2.1
Posted: Sun May 25, 2014 10:35 pm
by Dusk
We're live with Zandronum 1.2.1.
This is a security release which addresses major issues in both server and client integrity. These were fixed in version 1.3 and have been backported into a separate release.
Spoiler: Full changelog (Open)
- - Fixed: A malformed packet could make the server kick the clients. Thanks to Konar6 for supplying a proof-of-concept exploit that allowed to debug the issue. [Torr Samaho]
- - Fixed an exploit with color codes in player names (ported from Konar6's kpatch). [Torr Samaho]
- - Fixed a client memory exhaustion vulnerability. Thanks to AgentME for reporting the vulnerability and submitting a preliminary patch. [Torr Samaho]
- - Fixed a client heap corruption vulnerability. Thanks to AgentME for reporting the vulnerability and submitting a patch. [Torr Samaho]
- - Fixed an exploit based on out of bounds userinfo sent by a malicious client (ported from Konar6's kpatch). [Torr Samaho]
- - Fixed an exploit based on improperly disconnected malicious clients. Kudos to kgsws for finding and reporting this exploit. [Torr Samaho]
- - Fixed an exploit that allowed malicious clients to create additional bodies. Kudos to kgsws for finding and reporting this exploit. [Torr Samaho]
- - Fixed: A malformed packet could crash the server. Thanks to AgentME for reporting the vulnerability and submitting a preliminary patch. [Torr Samaho]
! - The linux binaries are not compiled with -fno-stack-protector anymore. This was originally intended to increase compatibility with distros using older glibc versions but is not necessary anymore since the source is open. Thanks to AgentME for pointing this out. [Torr Samaho]
Also shipped with the release is Doomseeker 0.12b.
Downloads:
Note: for this release the Mercurial source code repository can be downloaded from
https://bitbucket.org/CrimsonDusk/zandronum-stable at commit 7cac9d36556956d36f52c19473da8078b63272f1.
RE: Zandronum 1.2.1
Posted: Sun May 25, 2014 11:50 pm
by ibm5155
what, isn't kgsws banned? :s
and, also, did someone reported a bug when mission failed and there's a polyobject moving? I got a problem when that happened the door was opening, and on the next round it was doing a 360ยบ O_o and it didn't stop lol
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 12:11 am
by The Toxic Avenger
He's currently banned for another month, but that doesn't bar him from submitting fixes.
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 1:05 am
by Ijon Tichy
Perfect time to recompil-
okay what the hell fmod do I use for this
4.24.16 (what I used for z& 1.2) breaks on linking
4.26.36 (what I use for gzdoom) breaks on building
aaaaaghhh fmod why are you so SHITTY
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 1:44 am
by Blzut3
2.24.16 should link fine. You're probably using the wrong include directory or something.
The other builds are up.
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 1:53 am
by Ijon Tichy
Turns out that while it was using the correct include directory (the one in zandronum-stable), it was using /usr/lib/libfmodex64-4.26.36.so.
... why isn't it using 4.24.16, especially when it's in /usr/lib too?
edit: to clarify, it's cmake being retarded here, not zandronum
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 12:19 pm
by Monsterovich
I thought that zandronum 2.0 is finally released (oh, yeah), but I looked attentively, fuk.. where is 2.0?!!1 Where is new ZDoom 2.5.0?! It's time to reinstall zandronum, bro!
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 1:50 pm
by Konar6
Did you forget to remove the testing flag (Internal build) or is it supposed to be a testing release?
inb4 don't download this, 1.2.1.1 incoming
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 1:52 pm
by ibm5155
waiting for 1.2.1.2 xD
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 2:48 pm
by ryupichu suszuki
man i was hoping to see a return of voxels from skulltag
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 3:03 pm
by Monsterovich
ryupichu suszuki wrote:
man i was hoping to see a return of voxels from skulltag
I don't remember voxels in skulltag.
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 3:58 pm
by Catastrophe
ryupichu suszuki wrote:
man i was hoping to see a return of voxels from skulltag
There were no voxels in skulltag.
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 8:35 pm
by Ru5tK1ng
Well done Dusk, a good security release since everyone is probably tired (I would hope so) of servers crashing due to exploits.
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 8:52 pm
by Slim
Heh, looks like a certain someone's not gonna be crashing SNS anymore. Man that got annoying. :/
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 9:11 pm
by ryupichu suszuki
Catastrophe wrote:
ryupichu suszuki wrote:
man i was hoping to see a return of voxels from skulltag
There were no voxels in skulltag.
hmm they wasent any, what about the 3d mechs in all out war back in skulltag
RE: Zandronum 1.2.1
Posted: Mon May 26, 2014 10:10 pm
by Slim
ryupichu suszuki wrote:
Catastrophe wrote:
ryupichu suszuki wrote:
man i was hoping to see a return of voxels from skulltag
There were no voxels in skulltag.
hmm they wasent any, what about the 3d mechs in all out war back in skulltag
Models, not Voxels.
RE: Zandronum 1.2.1
Posted: Tue May 27, 2014 2:50 am
by StrikerMan780
And models are still there. Use gl_use_models 1 (iirc).
RE: Zandronum 1.2.1
Posted: Sun Jun 01, 2014 2:55 pm
by ryupichu suszuki
Suicide Slim wrote:
ryupichu suszuki wrote:
Catastrophe wrote:
ryupichu suszuki wrote:
man i was hoping to see a return of voxels from skulltag
There were no voxels in skulltag.
hmm they wasent any, what about the 3d mechs in all out war back in skulltag
Models, not Voxels.
oh, heh sorry i must be confused then, well then im just hoping for an expansion for the bandwidth then
RE: Zandronum 1.2.1
Posted: Mon Jun 02, 2014 8:37 pm
by cyberman
for some odd reason it says this when i try connecting to servers, "failed to connect. your version is different" which is weird considering that i have version 1.2.1, are i guess they are either using the older version, or it is just being an ass for me. this is so confusing
RE: Zandronum 1.2.1
Posted: Mon Jun 02, 2014 8:44 pm
by uggi121
Cyberman, 95% of the servers are using 1.2
Iddqd servers seem to be the only ones using 1.21