Make callTeamVote check for all command separators like in callVote.
It's not exploitable as the only vote option (leader) always uses an
integer argument.
Also the ioquake3 engine remove command separators from client game
commands in Cmd_Args_Sanitize().
Fix floatTime using float precision instead of double using GCC.
Fix R_BindAnimatedImage to be in sync with function table.
Fix vertexDeform bulge, vertexDeform normals, noise wave function
at high level time.
Revert unnecessary float -> double conversions.
Patch for https://bugzilla.icculus.org/show_bug.cgi?id=5931 by
Eugene C. from 2013 plus recent fix for tcMod rotate.
I merged the changes into the OpenGL2 renderer though the fix for
tcMod turb doesn't translate.
Prevent reading past end of message in MSG_ReadBits. If read past
end of msg->data buffer (16348 bytes) the engine could SEGFAULT.
Make MSG_WriteBits use an exact buffer overflow check instead of
possibly failing with a few bytes left.
Setting cl_renderer isn't a security concern and valid behavior for
a menu to provide. Sys_LoadDLL ensures only libries are loaded and
engine prevents QVMs from writing them.
This commit fixes the vanilla Q3 UI VMs not displaying a server list
when id Software's master server is down.
Originally master 0 for the globalservers command was Internet and
master 1 was MPlayer (defunct). In 2008 ioquake3 changed it so that
master 0 to 4 were five separate master servers with no affect on
original Quake3/Team Arena UI VMs; they continued to get the server
list from master.quake3arena.com.
id Software's master server (master.quake3arena.com) goes down
occasionally. Using ioq3's UI VM additional master servers can be
accessed but players using the original UI VMs are unable to get a
server list.
In order to fix the original UI VMs in Quake3/Team Arena's pk3s this
commit makes 'globalservers 0' fetch all master servers. So players
get a combined list of id Software's and ioquake3's master list. Or
just ioquake3's list if id Software's master is down.
Getting lists from individual master servers using globalservers has
changed from 0 through 4 to 1 through 5 to accommodate using 0 for
other purposes. This commit modifies ioq3's UI code to support the new
values for globalservers command.
A side affect of these changes is that UI VMs based on ioq3 since 2008
will have Internet1 fetch all master servers and Internet2 request
sv_master1 instead of sv_master2 and so on. It may be worth noting that
getting server list from masters 3-5 could not be done using ioq3's UI
before 2011.
The Team Arena code for giving defense bonus for fragging player
who recently damaged a skull carrier unintentionally applied to
the flag carrier.
The skull carrier case would of been handled by the flag carrier
block above it. However, Harvest mode doesn't call
Team_CheckHurtCarrier() so the skull carrier defense bonus does
not work.
This restores the pre-Team Arena behavior of not giving defense
score bonus to flag carrier.
Fix copy-paste error in the original Quake 3 code. The wrong values
are used for v1 and v2. v2 was previously set to distance of attacker
to flag base; which should be handled already.
The game now gives defense score bonus to player when they frag an
enemy near their team's flag carrier while the player is more than
1000 units from the flag carrier.
This may also fix not giving defense bonus when near carrier due to
checking if carrier and enemy (instead of attacker) are in PVS.
Found by @Razish.
Models don't have a surface limit; skins shouldn't either. Some player
models require more than 32 surfaces since vanilla Quake 3 did not
enforce the limit.
Skins are now limited to 256 surfaces because having no limit would
require parsing the skin file twice. The skin surfaces are dynamically
allocated so it doesn't increase memory usage when less surfaces
are used.
ArenaServers_InsertFavorites() fails to do anything because favorites
are added to the server list even if nonresponsive.
Set nonresponsive favorite server hostname to address.
When refreshing local servers, Team Arean UI never changed the status
message when it timed out. This gave a false impression it was still
looking for servers.
Let's continue looking for local servers in q3_ui and Team Arena UI
until one is found.
Restore MD3 code for cg_shadows 2 and 3 like other model formats.
Fix planar projection shadow deform (cg_shadows 3) to use correct
light direction. I fixed light direction for stencil shadows
(cg_shadows 2) but it's still broken.
Don't add the same bot to multiple teams until there are as many
bots on the server as there are bot types.
Previously each team would have unique bots until all bot types
were added to the team but other teams may have the same bot. Now
there will not be any duplicate bots until there are more bots than
bot types.
Now Quake 3 (32 bot types) in 16 vs 16 bot CTF will not contain
duplicate bot types. (You have to increase memory in code/game/
g_mem.c in order to add 32 bots though.)
I had to change G_AddRandomBot() to use 'addbot random' or else the
same bot could be added to red and blue teams. The bot was selected
and stored in console command buffer so game doesn't know not to
select the bot again.
If there are two bot infos in scripts/bots.txt then each team can
only add two random bots via bot_minplayers or addbot random.
Pick random bot info from least used bot infos instead of only ones
that are used by zero players. That way a random bot can always be
added to the game.
This rarely affected Quake 3 since there is 32 bot infos. It could
easily affect new games though.
Team Arena's Overload gametype has red and blue team Obelisk base
objects. It uses separate entities for visual and damage. Only the
damageable entity was dropped to floor. Leaving model floating off
the ground.
Team Arena's Harvester base has the same problem. Model entity
floats in air but trigger entity drops to floor.
Drop all Team Arena team base models to floor. Fixes CTF, 1Flag,
Overload, and Harvester base models.
There are various issues caused by not knowing the initial team for
the local client and bots when they connect. This is can be reproduced
by starting a team game from the main menu.
When g_teamAutoJoin is enabled, bots and local client join a random
team at connect and then execute their team command a few frames
later. This may result in the player being killed if they specify a
different team. In Team Arena's Harvester mode this causes harvester
skulls to be spawned at the beginning of the game.
When g_teamForceBalance is enabled, the local client and bots may not
be able to join their desired team. This may result in them being
spectators. If g_teamAutoJoin is also enabled they may be left on
the opposite (red/blue) team they were meant to join.
There is a hack for including bot's team in their player info string
(used by cgame for which team skin to use) before the bot joins
their desired team. Bots aren't guaranteed to join their desired team
(as may happen when both g_teamAutoJoin and g_teamForceBalance are
enabled) so clients may see them as being on the wrong team!
----
Add teampref userinfo option for team preference. If teampref is set
it will be used for attempting to join the team immediately at connect.
Bots now join team at connect using teampref userinfo. So remove
the hack for setting bot's team in player info string before the bot
joins the team.
To avoid the client sending teampref userinfo to all network servers,
the local client uses a g_localTeamPref cvar. The g_localTeamPref
cvar is cleared after it's used so it doesn't get used when starting
another server later. Another reason not to use a teampref userinfo
cvar is there isn't a reliable way to clear it in CGame/UI which are
likely loaded from baseq3 pk3.
Make it so g_teamAutoJoin doesn't affect clients who specify
teampref. If teampref is invalid, the client will join a random team
like g_teamAutoJoin.
Don't apply g_teamForceBalance to the local client or bots. Otherwise
they may be left as spectators when starting team game from menu.
The start server menus use team command and g_localTeamPref to set
the human player's team. This way it's compatible with vanilla Q3
game VMs and the new setting team at connect feature.
Bots did not notice player disconnected, so they kept attacking
the last known position.
Checking if entity is valid in BotEntityVisible might fix other
similar issues too.
This is just a simple RSA public key digital signature thing built on
libtomcrypt. The gist:
Some admin will generate a public/private key with rsa_make_keys, keeping the
private key secret. Using the private key and rsa_sign, the admin will sign
the autoupdater manifests, generating manifest.txt.sig.
The public key ships with the game (adding 270 bytes to the download), the
.sig is downloaded with the manifest by the autoupdater (256 bytes extra
download), then the autoupdater checks the manifest against the signature
with the public key. if the signature isn't valid (the manifest was tampered
with or corrupt), the autoupdater refuses to continue.
If the manifest is to be trusted, it lists sha256 checksums for every file to
download, so there's no need to sign every file; if they can't tamper with the
manifest, they can't tamper with any other file to be updated since the file's
listed sha256 won't match.
If the private key is compromised, we generate new keys and ship new
installers, so new installations will be able to update but existing ones
will need to do a new install to keep getting updates. Don't let the private
key get compromised. The private key doesn't go on a public server. Maybe it
doesn't even live on the admin's laptop hard drive.
If the download server is compromised and serving malware, the autoupdater
will reject it outright if they haven't compromised the private key, generated
a new manifest, and signed it with the private key.
libtomcrypt is sort of a big pile of source code, so instead of putting it
in revision control, we have a script to download it. Most things don't need
it. It lives on GitHub, so we _could_ do a git submodule, but most people
don't need it, so why waste their disk and bandwidth? That said, when compiled
you end up with a few hundred kilobytes of binary code to verify a signature
and no external dependencies, so it seems like a win.
Previously tested a mod cvar which may be wrong when multiple
mods are involved or config is reset. Let's check the server
cache's internet server count directly.
