0.2.8.3.3: Doing the old dance again. Final builds available
0.2.8.3.3: Doing the old dance again. Final builds available
Edit:
Final builds are available here: https://sourceforge.net/projects/armage ... 0.2.8.3.3/
Change: --disable-uninstall is now the default. "make uninstall" still works, just "armagetronad-uninstall", the uninstall script that still would work after you removed the sources or the build directory, is no longer created.
Original:
We (that is, dlh mostly) found some problematic exploitable bits in our network code that also affect 0.2.8.3.2, so we're doing an update on that.
We will tell you more about the bugs later when the final version is released. For now, let it suffice that no remote code execution is possible on 0.2.8.3.2, at least not over the bugs we fixed here. The worst we managed to actually do under realistic constraints is disturb the communication of a server with the master servers. Theoretically, crashes are also possible, though in testing the relevant exploit, none ever happened. What happens there depends on the compiler, OS and system library versions, though.
You can get the first and hopefully only release candidate here: http://sourceforge.net/projects/armaget ... 8.3.3_rc1/
Please test whether it breaks anything. The changes were in the network code; so if a client sees all servers in local and internet browsing and can connect and disconnect and play for a bit, it's fine. If the server advertises itself on the master and accepts players, it's fine.
The relevant code changes are also in the most recent snapshots:
http://sourceforge.net/projects/armaget ... pha_r1447/ for legacy 0.2.8 branch builds
http://sourceforge.net/projects/armaget ... _20150130/ for 0.4 builds
Test and enjoy!
Final builds are available here: https://sourceforge.net/projects/armage ... 0.2.8.3.3/
Change: --disable-uninstall is now the default. "make uninstall" still works, just "armagetronad-uninstall", the uninstall script that still would work after you removed the sources or the build directory, is no longer created.
Original:
We (that is, dlh mostly) found some problematic exploitable bits in our network code that also affect 0.2.8.3.2, so we're doing an update on that.
We will tell you more about the bugs later when the final version is released. For now, let it suffice that no remote code execution is possible on 0.2.8.3.2, at least not over the bugs we fixed here. The worst we managed to actually do under realistic constraints is disturb the communication of a server with the master servers. Theoretically, crashes are also possible, though in testing the relevant exploit, none ever happened. What happens there depends on the compiler, OS and system library versions, though.
You can get the first and hopefully only release candidate here: http://sourceforge.net/projects/armaget ... 8.3.3_rc1/
Please test whether it breaks anything. The changes were in the network code; so if a client sees all servers in local and internet browsing and can connect and disconnect and play for a bit, it's fine. If the server advertises itself on the master and accepts players, it's fine.
The relevant code changes are also in the most recent snapshots:
http://sourceforge.net/projects/armaget ... pha_r1447/ for legacy 0.2.8 branch builds
http://sourceforge.net/projects/armaget ... _20150130/ for 0.4 builds
Test and enjoy!
Re: 0.2.8.3.3: Doing the old dance again. RC1 available
thanks for the work, i hope people can test it.
Re: 0.2.8.3.3: Doing the old dance again. RC1 available
Yes, thanks and I will get testing.
Playing since December 2006
Re: 0.2.8.3.3: Doing the old dance again. RC1 available
Post part1
It doesn't seem to want to compile...
Output:
It doesn't seem to want to compile...
Output:
administrator@kwheezy-desktop:~$ cd /home/administrator/armagetron-other/armagetronad-0.2.8.3.3_rc1/
administrator@kwheezy-desktop:~/armagetron-other/armagetronad-0.2.8.3.3_rc1$ ./configure
<spammy log snipped>
Last edited by aP|Nelg on Wed Feb 04, 2015 2:40 am, edited 1 time in total.
Re: 0.2.8.3.3: Doing the old dance again. RC1 available
Post part2. Please see Part 1 first
/bin/bash /home/administrator/armagetron-other/armagetronad-0.2.8.3.3_rc1/install-sh -c batch/make/uninstall /usr/local/games/armagetronad-uninstall
rm /usr/local/games/armagetronad-uninstall
ROOTDIR= DESTDIR= MAKE="make" PREFIX="/usr/local" PROGTITLE="Armagetron Advanced" PROGNAME="armagetronad" SCRIPTDIR="/usr/local/share/games/armagetronad/scripts" sh batch/make/uninstall /usr/local/games/armagetronad-uninstall ""
Generating uninstallation script /usr/local/games/armagetronad-uninstall.../bin/bash: line 7: cd: DESTDIR_UNINSTALL/usr/local/games: No such file or directory
make[6]: *** [uninstall-gamesPROGRAMS] Error 1
make[5]: *** [uninstall-recursive] Error 1
make[4]: *** [uninstall-recursive] Error 1
make[3]: *** [install-uninstall] Error 1
make[3]: Leaving directory `/home/administrator/armagetron-other/armagetronad-0.2.8.3.3_rc1'
make[2]: *** [install-exec-am] Error 2
make[2]: Leaving directory `/home/administrator/armagetron-other/armagetronad-0.2.8.3.3_rc1'
make[1]: *** [install-am] Error 2
make[1]: Leaving directory `/home/administrator/armagetron-other/armagetronad-0.2.8.3.3_rc1'
make: *** [install-recursive] Error 1
Last edited by Z-Man on Sat Feb 28, 2015 12:29 am, edited 1 time in total.
Reason: Log culled.
Reason: Log culled.
Re: 0.2.8.3.3: Doing the old dance again. RC1 available
Ah, rats. Forgot about that. The hacky uninstall script generation on 0.2.8.3 broke on "recent" versions of autotools. Configure it with ./configure --disable-uninstall.
We have a fix for that; I need to decide whether to backport that or just use old, compatible autotools versions if I can.
We have a fix for that; I need to decide whether to backport that or just use old, compatible autotools versions if I can.
Re: 0.2.8.3.3: Doing the old dance again. RC2 available
Went for a third option. The two mentioned above were both too risky or infeasible.
RC2 is available here: https://sourceforge.net/projects/armage ... 8.3.3_rc2/
Change: --disable-uninstall is now the default. "make uninstall" still works, just "armagetronad-uninstall", the uninstall script that still would work after you removed the sources or the build directory, is no longer created.
Has anyone ever used that uninstall script?
RC2 is available here: https://sourceforge.net/projects/armage ... 8.3.3_rc2/
Change: --disable-uninstall is now the default. "make uninstall" still works, just "armagetronad-uninstall", the uninstall script that still would work after you removed the sources or the build directory, is no longer created.
Has anyone ever used that uninstall script?
Re: 0.2.8.3.3: Doing the old dance again. RC2 available
Tell me if I'm missing something but I see no file there to download. It still says "Totals: 9 items" but there are no items
Playing since December 2006
Re: 0.2.8.3.3: Doing the old dance again. RC2 available
Oh. I had that the first time I looked, but then it went away and the files appeared. I guess I'll have to reupload them.
Re: 0.2.8.3.3: Doing the old dance again. RC2 available
Or not. It works for me now reliably. Can you check again before I mess everything up? Your report was suspiciously close to the upload time, maybe the system has sorted itself out now?
Re: 0.2.8.3.3: Doing the old dance again. RC2 available
Yes, they seem to be there now.
Playing since December 2006
Re: 0.2.8.3.3: Doing the old dance again. RC2 available
OK, so I've tested 0.2.8.3.3_RC2 and it seems to work fine although it needs two patches for it to work on OpenBSD. These two issues were found by the OpenBSD devs for 0.2.8.3.2, I've just applied them to 0.2.8.3.3_RC2.
I'm assuming that this one is a fix for configure to find libpng. Without the patch, the error message "You need libpng to compile Armagetron." is given when running configure. Is this specific to OpenBSD? Either way, can you make it so that this patch is not required?
I take it that this second one is just setting a different directory to store config files in due to the slightly different filesystem layout that OpenBSD uses. Even so, is there a way to remove the necessity of this patch?
Also, if you can make changes, will they make their way into 0.4?
I'm assuming that this one is a fix for configure to find libpng. Without the patch, the error message "You need libpng to compile Armagetron." is given when running configure. Is this specific to OpenBSD? Either way, can you make it so that this patch is not required?
Code: Select all
--- configure.orig Mon Feb 16 03:28:38 2015
+++ configure Mon Feb 16 03:30:09 2015
@@ -10843,8 +10843,8 @@ fi
CPPFLAGS="$CPPFLAGS `libpng-config --cflags`"
LIBS="$LIBS $PNGLIBS"
-ac_fn_c_check_func "$LINENO" "png_check_sig" "ac_cv_func_png_check_sig"
-if test "x$ac_cv_func_png_check_sig" = xyes; then :
+ac_fn_c_check_func "$LINENO" "png_sig_cmp" "ac_cv_func_png_sig_cmp"
+if test "x$ac_cv_func_png_sig_cmp" = xyes; then :
else
as_fn_error $? "You need libpng to compile Armagetron." "$LINENO" 5
Code: Select all
--- config/Makefile.in.orig Mon Feb 16 03:21:54 2015
+++ config/Makefile.in Mon Feb 16 03:25:03 2015
@@ -312,7 +312,7 @@ top_srcdir = @top_srcdir@
version = @version@
# configuration location
-configdir = ${aa_sysconfdir}
+configdir = ${prefix}/share/examples/armagetronad
nobase_config_DATA = default.cfg master.srv settings.cfg\
subcultures.srv\
settings_visual.cfg\
Playing since December 2006
Re: 0.2.8.3.3: Doing the old dance again. RC2 available
The first patch is already on 0.2.8 and safe; yeah, I'll merge that. Go rc3.
The second one seems file system structure culture dependant. I don't have /usr/share/examples. It would need to be applied conditionally. And I'm not quite sure how that is even supposed to work; if you just patch the location there, it only influences where the config files go, not where they are loaded from, so they would not be found... or is there some magic in BSD's 'install' command that copies anything you install to /usr/share/examples to wherever we really need them to be? Is it even required? If yes, what's the error you get if you don't apply it?
Anyway, a definite "no" on the second patch. Out of scope for a security release. I'll try to look into it for the current branches.
(The patches modify output files. 'course, anything I merge modifies configure.ac, not configure)
The second one seems file system structure culture dependant. I don't have /usr/share/examples. It would need to be applied conditionally. And I'm not quite sure how that is even supposed to work; if you just patch the location there, it only influences where the config files go, not where they are loaded from, so they would not be found... or is there some magic in BSD's 'install' command that copies anything you install to /usr/share/examples to wherever we really need them to be? Is it even required? If yes, what's the error you get if you don't apply it?
Anyway, a definite "no" on the second patch. Out of scope for a security release. I'll try to look into it for the current branches.
(The patches modify output files. 'course, anything I merge modifies configure.ac, not configure)
Re: 0.2.8.3.3: Doing the old dance again. RC3 available
RC3 is up: http://sourceforge.net/projects/armaget ... 8.3.3_rc3/
Only change from rc2 is the libpng detection.
Only change from rc2 is the libpng detection.
Re: 0.2.8.3.3: Doing the old dance again. RC3 available
0.2.8.3.3 RC3 seems to work fine for me.
@Z-Man
I wrote a load of stuff about the second patch but some bug in the X server crashed my computer and I lost it all...I'll rewrite it tomorrow when I have time.
@Z-Man
I wrote a load of stuff about the second patch but some bug in the X server crashed my computer and I lost it all...I'll rewrite it tomorrow when I have time.
Playing since December 2006