My cvar latch system changes prevent the Game VM from changing
g_gametype when the value is out of range due to it being registed in
the engine. It's been pointed out as fragile method of security, which
was still exploitable, by Noah Metzger (Chomenor). It doesn't seem like
this is working out to be a good solution.
The issue of fs_game '..' on server being relicated on client via
systeminfo exploit is still fixed as it's not affected by latch.
There are a few cases from current values of fs_game are used which
ideally should use fs_gamedir char array which has been validated.
Revert "Don't let VMs change engine latch cvars immediately"
Partially revert "Fix fs_game '..' reading outside of home and base path"
Revert "Fix VMs forcing engine latch cvar to update to latched value"
A few commits ago I stopped VM's Cvar_Set() from instantly updating
latched values. Now VM can't call Cvar_Register() afterword to force
latched value to be used.
Reported by Noah Metzger (Chomenor).
VMs could set fs_game to '..' at anytime to access files outside of home
and base path. fs_game sent by server to clients could also be '..' to
access files outside of home and base path.
'..' was not caught by FS_CheckDirTraversal() as it expects filenames
not a single directory.
I've made fs_game be latched to prevent VMs from changing it with no
good way to validate it before it's used. com_basegame and fs_basegame
are now latched as well.
Additionally, it's now possible to change com_basegame while the engine
is running. game_restart or vid_restart will make it take affect.
com_homepath is now CVAR_PROTECTED to prevent VMs from changing it
to a directory traversal.
This requires my two previous commits for preventing VMs from changing
engine latch cvars and only Cvar_Get fs_game in FS_Startup (so CVAR_INIT
isn't added in serveral other places).
Reported by Noah Metzger (Chomenor).
If a VM increases sv_maxclients while a server is running the engine
will crash. The value should be latched until engine decides to update
the cvar; the same as when a user sets it.
VM could use Cvar_Register to set a protected cvar as user created and
was then able to use Cvar_Register with CVAR_ROM to change the value.
Don't allow Cvar_Register to affect protected cvars and prevent VMs
from adding internal flags to any cvars (creator, modified, protected,
nonexistent).
Reported by Noah Metzger (Chomenor).
There was an extra plus sign in Huff_Compress(). It wasn't causing any
issues as it does not affect the generated code. Removing it makes the
source code the same as Huff_Decompress().
The odd source code was brought to my attention by Tobias Kuehnhammer.
Use opengl1 renderer behavior of adding fixed amount of ambient light
to all models regardless of HDR setting. It fixes the view weapon
having zero ambient light on pillcity map.
Models for Team Arena's holdable medkit and invulnerability effects use
the frames numbers from the player's torso but the actual models only
have one frame (0).
Gauntlet and Grappling Hook use -1 ammo. Gauntlet is excluded from
the check ammo loop but Grappling Hook causes ammo time remaining
to decrease 200 milliseconds.
The out of ammo check tests time remaining is equal to zero. This
means carrying Grappling Hook and out of ammo will have negative
time remaining which results in the low ammo message being displayed
instead of out of ammo.
The game world is too dark when r_autoExposure is disabled. It can be
fixed by setting (cheat) r_cameraExposure to 1 but then the game is
too bright when r_autoExposure is enabled. So default r_cameraExposure
to 1 and make auto exposure subtract 1 from r_cameraExposure value.
The use of signed types in these expressions lead to overflow, hence undefined behaviour. The "sum" aggregator in Com_TouchMemory isn't even used (and presumbably just exists to inhibit optimizations from removing the memory access).
- Parse OpenGL version in sdl_glimp.c to share with both renderers.
- Add GL_VERSION_ATLEAST(major, minor) macro.
- Get address of glGetStringi if using OpenGL 3.
- Fix glConfig.extensions_string when using GL3 core context in
opengl2 renderer.
- Make opengl1 renderer's gfxinfo support qglGetStringi too.
Get all OpenGL functions using SDL_GL_GetProcAddress(). This makes it
easier to cross-arch compile on Linux and add support for OpenGL ES
in the future.
Users still have to supply their own libSDL2 for cross-arch compiling
on Linux. But now the user does not have to re-install libgl1-mesa-dev
package for i386 or amd64 on Debian when switching between compiling
ioquake3 for x86 and x86_64.
If a lightning bolt killed a player or the first shotgun pellet that
hit a player killed them, the shot was not counted as accurate.
Check if shot player is alive for hit accuracy before dealing damage.
Running a server using the client engine would send server snapshots
to loopback and LAN clients each client frame (com_maxfps).
This causes excessive network traffic and likely does not provide new
information to the clients because SV_Frame() won't have run between
the extra snapshots.
This commit restores the original behavior of respecting local/LAN
client's snaps userinfo and sv_fps. The issue was introduced by the
following commit:
Commit ac30d86db0
From: Thilo Schulz
Date: Wed, 13 Jul 2011 17:11:30 +0000
Subject: - Improve snapshot rate and data rate control
Reported by Eugene C.
Fix "Error parsing animation file" messages in UI. Caused by fixing the
handling of missing tokens in animation.cfg parser in a past commit.
Fix new Team Arena torso animation frame numbers in UI.
Add support for fixedtorso and fixedlegs keywords.
Add support for reversed animations (negative numframes).
Disable SDL relative mouse mode when in_nograb is enabled. Relative
mouse mode hides the cursor and it cannot exit the window regardless
of the window's grab state.
This wasn't always the case. SDL before 2.0.4 on GNU/Linux released
the mouse cursor in relative mode. However, SDL 2.0.3/4 on Windows
does not. (I did not test other Windows versions.) So I think SDL
2.0.4 made GNU/Linux X11 behavior consistent with other platforms.
This fixes mouse input being unusable when debuging client crashes
in gdb.
Entering Team Arena's start server or in-game callvote menu causes
arenas to be reloaded. The existing memory is not freed so after
a entering the menus a few times the UI runs out of memory and
crashes.
Just load arenas once when the UI loads like in q3_ui.
- Use common controls 6 so error dialogs use correct visuals on
Windows XP or later!
- Specify running as invoker so Windows doesn't guess if it should
prompt for admin permission on Vista or later.
- Specify compatible with Vista through Windows 10. Tells Windows
not to emulate Vista behavior, not sure if it affects anything.
Makefile automatically runs windres when manifest changes.
After 'Fix floating point precision loss in renderer', Windows x86
client won't load the renderer DLLs. The problem is a 64 bit modulus.
I couldn't find any reports of this online. However, client with
built-in renderer worked with the 64 bit modulus.
Only tested with mingw-w64.
ioquake3.x86_64.exe can't load x86 OpenAL32.dll. Using separate
library names allows shipping OpenAL for both architectures.
Though since the dll name is saved in the config file, using both
clients on the same computer will cause one client arch to always
try to load the wrong OpenAL dll and then fallback to the correct
default OpenAL dll. I guess it could be fixed by using separate
cvar names for s_alDriver.
Don't draw crosshair 0 in Team Arena setup menu. It isn't drawn
in CGame. Wrap cg_drawCrosshair in missionpack menu like CGame
instead of treating as index 0 which is no longer drawn.
Make spectators use green background for team chat box when following
players. The team chat messages are from spectators not the team of
the followed player.
Make spectators draw team chat box even when not following a player.
