Armagetron Advanced

Armagetron Advanced 0.2.8.3.3

Security update for 0.2.8.3.2.

Milestone information

Project:
Armagetron Advanced
Series:
0.2.8
Version:
0.2.8.3.3
Released:
 
Registrant:
Manuel Moos
Release registered:
Active:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
2 Armagetron Advanced SQUAT, 2 Manuel Moos, 1 Yann Kaiser
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
3 Confirmed, 1 In Progress, 1 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon ArmagetronAdvancedDedicated_0.2.8.3.3 (md5) 32 bit Linux portable server. 665
last downloaded 2 weeks ago
download icon ArmagetronAdvanced_0.2.8.3.3 (md5) 32 bit Linux portable client. 2,385
last downloaded 7 days ago
download icon armagetronad-dedicated-0.2.8.3.3.macosx-universal.dmg (md5) Mac server. 2,669
last downloaded 2 weeks ago
download icon armagetronad-0.2.8.3.3.macosx-universal.dmg (md5) Mac client. 19,070
last downloaded 6 days ago
download icon armagetronad-0.2.8.3.3.src.zip (md5) Source zip for windows builds. 539
last downloaded 41 weeks ago
download icon armagetronad-0.2.8.3.3.src.tar.gz (md5) Source tarball. 405
last downloaded 17 weeks ago
download icon armagetronad-0.2.8.3.3.src.tar.bz2 (md5) Source tarball. 310
last downloaded 17 weeks ago
download icon armagetronad-0.2.8.3.3.i486-generic-linux-gnu.package (md5) 32 bit Linux client autopackage. 16
last downloaded 41 weeks ago
download icon armagetronad-dedicated-0.2.8.3.3.gcc.win32.exe (md5) Windows server installer. 3,358
last downloaded 17 weeks ago
download icon armagetronad-0.2.8.3.3.gcc.win32.exe (md5) Windows client installer. 44,312
last downloaded 17 weeks ago
Total downloads: 73,729

Release notes 

Armagetronad 0.2.8.3.3 is a security and crashfix release.

The practically exploitable bug that was fixed was an error in the
network error handling. In client mode, any received packet that
causes an exception during processing would terminate the connection
to the server. Regular game clients are usually well protected by a
NAT router that would not let such packets from attackers through.
Game servers are only vulnerable during the brief period while they
are communicating with the master servers, and the effect then is that
the server will not advertise itself.

Another theoretically exploitable bug was that very short UDP packets
would cause a read beyond the input buffer. The same buffer as last
time, embarrasingly, but this time off the other end and with maximum
offset 2.

Several non-exploitable crash bugs and one pathological camera behavior
were also fixed.

For details, look into the NEWS file or ChangeLog.

Changelog 

View the full changelog

Changes since 0.2.8.3.2:
- security fix: do not read ahead of the beginning of network buffer.
- security fix: don't attribute network errors from processing random
  packets to the connection to the server
- security fix: while at it, don't process random packets unless they
  may be important
- fix for potential crash with friend list filtering
- intel driver compatibility
- fix for rare crash with sound lock
- fix for camera turning for bizarre axis configurations

Changes since 0.2.8.3.1:
- security fix: old style action commands from clients no loger cause hangs and crashes
- security fix: oversized packets are ignored properly
- security fix: never read one byte outside of the received buffer
- security fix: only include .cfg files from the var subfolder
- compiler compatibility: adapted to gcc 4.60
- smaller spelling fixes
- FOV calculations now correct for widescreen and horizontal splitscreen
- Additional checks against illegal values passed to renderer

Changes since 0.2.8.3:
- fixed temporary sound disappearance when alt-tabbing away and back
- default subcultures are now distributed
- enable 32 bit color depth at desktop resolution
- no more display lists for SiS cards
- spelling mistakes and missing German translations

Changes since 0.2.8.3_rc4:
- Intercepted chat commands are now written to ladderlog.txt. Format:
  COMMAND /command-intercepted player [command arguments]
- Increased default speed of server pinging
- Reordered game menus a bit
- fast finish works again

0 blueprints and 5 bugs targeted

Bug report Importance Assignee Status
312247 #312247 Spanish language outdated for 0.2.8.3 5 Low Armagetron Advanced SQUAT  6 Confirmed
312247 #312247 Spanish language outdated for 0.2.8.3 5 Low Armagetron Advanced SQUAT  6 Confirmed
536724 #536724 Login message does not make it clear your global ID is hidden 5 Low Manuel Moos  6 Confirmed
312245 #312245 French language outdated for 0.2.8.3 5 Low Yann Kaiser  8 In Progress
536677 #536677 uninstall scrip magic broken for newer automake versions 3 High Manuel Moos  10 Fix Released
This milestone contains Public information
Everyone can see this information.