Tremulous Forum

General => Troubleshooting => Topic started by: testian on June 06, 2006, 01:21:06 pm

Title: subversion and release incompatibility
Post by: testian on June 06, 2006, 01:21:06 pm

The  release of Tremulous 1.1 has 2 client- and 1 server-side security holes.
The server-side hole is an information leak (only if the server allows download), the client-side ones are buffer overflows.

I'm paranoid so I want to use tremulous out of subversion as soon as the fix is ready, but it seems the executables i get are incompatible with the data files of Tremulous 1.1.
(I got an error message, I can post it when I am at home).

Should it be compatible or do I have to wait for the next release of tremulous?

Title: subversion and release incompatibility
Post by: tjw on June 06, 2006, 07:37:15 pm

You can use the binary built from SVN for a dedicated server, you just
also need to use the game.qvm built from SVN.  You should be able to
glean details on how to do this from this:

http://tjw.org/tremulous/

As for the client, it would require a backport of the patch applied to revision 755 or so.   This is something I've been meaning to do since
I maintain versions of the bins with the cl_guid added.  I just haven't got around to it.

Title: subversion and release incompatibility
Post by: tjw on June 08, 2006, 05:32:41 am

http://trem.tjw.org/backport/

Those binaries have the May 8, 2006 security fix for:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045906.html