My cvar latch system changes prevent the Game VM from changing
g_gametype when the value is out of range due to it being registed in
the engine. It's been pointed out as fragile method of security, which
was still exploitable, by Noah Metzger (Chomenor). It doesn't seem like
this is working out to be a good solution.
The issue of fs_game '..' on server being relicated on client via
systeminfo exploit is still fixed as it's not affected by latch.
There are a few cases from current values of fs_game are used which
ideally should use fs_gamedir char array which has been validated.
Revert "Don't let VMs change engine latch cvars immediately"
Partially revert "Fix fs_game '..' reading outside of home and base path"
Revert "Fix VMs forcing engine latch cvar to update to latched value"
A few commits ago I stopped VM's Cvar_Set() from instantly updating
latched values. Now VM can't call Cvar_Register() afterword to force
latched value to be used.
Reported by Noah Metzger (Chomenor).
If a VM increases sv_maxclients while a server is running the engine
will crash. The value should be latched until engine decides to update
the cvar; the same as when a user sets it.
VM could use Cvar_Register to set a protected cvar as user created and
was then able to use Cvar_Register with CVAR_ROM to change the value.
Don't allow Cvar_Register to affect protected cvars and prevent VMs
from adding internal flags to any cvars (creator, modified, protected,
nonexistent).
Reported by Noah Metzger (Chomenor).
Fix setting CVAR_VM_CREATED flag on cvars created using set[asu] commands (including archived cvars from cfg) and trap_Cvar_Set.
trap_Cvar_Register called Cvar_Get which cleared CVAR_USER_CREATED flag, but CVAR_VM_CREATED wasn't set because the cvar already existed.
- Fix problem where users could change values of CVAR_INIT variables after the call to Cvar_Get() via Com_StartupVariable()
- Move sound shutdown after client shutdown so VMs don't hold invalid sound handles in memory
- tidy up top of tr_types.h a bit, change flags to hex representation
- make ROM cvar enforcing really work
- remove cg_stereoSeparation from cgame as it is obsolete.
- Add CG_DrawCrosshair3D so people see crosshair correctly when stereoseparation is enabled
* Updated TODO
* Moved ChangeLog to root
* Updated ChangeLog
* s/Foobar/Quake III Arena Source Code/
* Biggest patch EVAR. I wonder how many mail boxes this will fill...
