Urban Terror Forums: SVN repository for ioUrbanTerror exploit fixes - Urban Terror Forums

Jump to content

 Login | Register 
Advertisement
  • (5 Pages)
  • +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

SVN repository for ioUrbanTerror exploit fixes Rate Topic: ****- 6 Votes

#1 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140

Posted 06 October 2009 - 09:43 PM

EDIT: Full guide to compiling a patched server binary is here: http://daffy.nerius.com/urtserver/

MaJ and I have created an SVN source code repository for the ioUrbanTerror server program. The code being committed to this SVN is limited to critical bug and exploit fixes. No enhancements are committed. The size and impact of the changes are kept to an absolute minimum.

The SVN URL to access the source code is svn://svn.clanwtf.net/repos/ioUrT-server-4.1

So for example on UNIX you could get the source code with the following command:

svn checkout svn://svn.clanwtf.net/repos/ioUrT-server-4.1

If you want to submit a patch that fixes a critical issue, please PM it to me.

This post has been edited by Rambetter: 12 December 2011 - 12:30 AM


#2 User is offline   Yas Icon

  • Account: yas
  • Country:
  • Joined: 28-February 10
  • Posts: 1,313

Posted 06 October 2009 - 11:20 PM

wow.
gl with this project!

didn't realise there were that many critical bugs/exploits that a svn was needed.

anyway, anything to keep people safe and happy is worth it.

#3 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140

Posted 06 October 2009 - 11:34 PM

View PostYas, on 06 October 2009 - 11:20 PM, said:

wow.
gl with this project!

didn't realise there were that many critical bugs/exploits that a svn was needed.

anyway, anything to keep people safe and happy is worth it.


Well we started the source control for 2 reasons. First, we needed SVN because we're making some "nice additional enhancements" that are not related to exploits or major bugs. Second, we are fixing major exploits that are not public knowledge yet. So, we have another project in SVN that is currently not public, because if these major exploit fixes are seen by script kiddies, a lot of unpatched servers crashing will result. :-)

But it's nice to have these exploits fixed in a private repository, so that when and if the expoits become public knowledge, we will have already tested the fix, and giving the fix to the public will be simply a matter of merging one revision into the main trunk.

#4 User is offline   jgen (old) Icon

  • Joined: 25-June 09
  • Posts: 8

Posted 13 October 2009 - 02:48 AM

Wow, this is a great idea guys!

If there is anything I can do to help, please let me know.

#5 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140

Posted 26 February 2010 - 11:08 PM

I've been maintaining this repository and now there are some extra patches for added functionality. But these are optional. See initial post.

bullet_loaderAdvertisement

#6 User is offline   mitsubishi Icon

  • Account: mitsubishi
  • Country:
  • Joined: 28-February 10
  • Posts: 13,481

Posted 27 February 2010 - 12:26 AM

/totaltimerun from my edits is server supported (reports total time the server has ever run plus for current session); you might want to use it, if you're adventurous:p
(might need further bookkeeping work though to support several configs on the same machine since it initially assumed one client only hence it wrote its var in q3config).

This post has been edited by mitsubishi: 27 February 2010 - 12:28 AM


#7 User is offline   naixn Icon

  • Account: naixn
  • Main tag: sC`
  • Joined: 28-February 10
  • Posts: 25

Posted 01 March 2010 - 08:26 PM

View PostRambetter, on 26 February 2010 - 11:08 PM, said:

I've been maintaining this repository and now there are some extra patches for added functionality. But these are optional. See initial post.

Hi!

Thanks a lot for the repo, it's very useful and cool!
However, I was wondering, why did you back out the sv_rconDelay update? Is it for security reasons, or just because you wanted to do it within a patch and didn't do so yet?

Thanks a lot!

#8 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140

Posted 01 March 2010 - 11:33 PM

View PostNaixn, on 01 March 2010 - 08:26 PM, said:

Hi!

Thanks a lot for the repo, it's very useful and cool!
However, I was wondering, why did you back out the sv_rconDelay update? Is it for security reasons, or just because you wanted to do it within a patch and didn't do so yet?

Thanks a lot!


sv_rconDelay was to give the admin control over the time intervals between good and bad rcons. I got rid of the user control and hardcoded the time intervals, which is safer and less confusing.

Right now the time between bad rcons is 500 milliseconds and the time between good rcons is 100 milliseconds. It's in the code, it's not a patch. That change addresses the rcon flood exploit.

#9 User is offline   V00d00 Icon

  •   verified user   
  • Account: v00d00
  • Main tag: uJ|
  • Country:
  • Joined: 11-November 08
  • Posts: 516

Posted 06 March 2010 - 03:59 PM

Has Maj released that moderator patch yet? If so is it on the svn?

#10 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140

Posted 06 March 2010 - 09:33 PM

MaJ has done something with the moderator stuff, but that change is not in this SVN repository. If you really want it, we can work on putting in the patch.

  • (5 Pages)
  • +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Advertisement


Copyright © 1999-2024 Frozensand Games Limited  |  All rights reserved  |  Urban Terror™ and FrozenSand™ are trademarks of Frozensand Games Limited

Frozensand Games is a Limited company registered in England and Wales. Company Reg No: 10343942