1

Topic: 0.6.3 released - security fix

As a result of a recently reported security vulnerability in the server, this release contains little updates. In particular it's only the following changes:

Bugfixes:

  • Fix the above-mentioned security vulnerability (Memory reads, Segmentation Fault) in all 0.6.x servers.

  • Fix server crash in the console code.

  • Fix master server lookup for servers.

  • Fix scripts/make_release.py script.

  • Fix client crash when opening a map with an invalid version.

As a result, server owners are urged to upgrade ASAP, you're running an exploitable server right now.

Client updates however, are not as urgent as the server updates, because the only fix is an editor crash.

Download Teeworlds 0.6.3!

2

Re: 0.6.3 released - security fix

For people not having access to the source code of the mod they're running, I've prepared a script that should be able to patch the executables, removing the vulnerability.

View script.
Download Python 3 script.
Usage: python fix.py <server executable>. Script doesn't work in-place, it creates a copy of the executable that it patches.

3

Re: 0.6.3 released - security fix

Do not need the script myself, but a huge thank you for setting that up heinrich5991.

4

Re: 0.6.3 released - security fix

Where is the corresponding git repository yikes ?

Luck is allowed

5

Re: 0.6.3 released - security fix

Yeah where is the corresponding git repository please ?

while(!Success())
    TryAgain();
Try until you succeed.

6

Re: 0.6.3 released - security fix

Thanks for the update, what about putting it too on the index page of the website? I mean the direct download link.

Need a tool to manage your servers? teeman
<3

7

Re: 0.6.3 released - security fix

Does it also patch linux versions?

8 (edited by [pieLover] 2014-11-20 22:34:02)

Re: 0.6.3 released - security fix

Mr_Anderson wrote:

Does it also patch linux versions?

Yes, as far as I know.

EDIT: Yes, it does. It names it to have a .exe as the extension but that's it.

Clan: Riot (I'm one of three leaders: Mile, Deku, pie)
Host teeworlds maps on a fng/ctf/dm/ddrace server for testing:http://riotproductions.tk/teewo/ broken-need reinstall nginx http://riotproductions.tk/bounce?whatEven, Teeworlds NA Discord chat

9 (edited by lolo 2020-09-15 13:40:32)

Re: 0.6.3 released - security fix

Post deleted for privacy reasons.

10 (edited by Mr_Anderson 2014-11-20 23:16:32)

Re: 0.6.3 released - security fix

pielover88888 wrote:

EDIT: Yes, it does. It names it to have a .exe as the extension but that's it.

Yes. I just removed ".exe" smile

Really nice work!

11

Re: 0.6.3 released - security fix

HMH wrote:

Where is the corresponding git repository yikes ?

Neox76 wrote:

Yeah where is the corresponding git repository please ?

Currently you can view it at my fork (branch 0.6 of heinrich5991/teeworlds), however it will be pulled into teeworlds/teeworlds soon, I just need to coordinate with m!nus.
(This was a hasty release, that's why not everything was prepared, we tried to do the best in the least time smile )

12

Re: 0.6.3 released - security fix

pielover88888 wrote:
Mr_Anderson wrote:

Does it also patch linux versions?

Yes, as far as I know.

EDIT: Yes, it does. It names it to have a .exe as the extension but that's it.

Yes, I was just too lazy to do different renamings for Windows/Linux.

13

Re: 0.6.3 released - security fix

floyd wrote:

Thanks for the update, what about putting it too on the index page of the website? I mean the direct download link.

Thanks, I now understand what you wanted to say. Download link on the index page fixed.

14

Re: 0.6.3 released - security fix

Where is Ukrainian language? Are you hate us?

E' un Sole Nero!

15

Re: 0.6.3 released - security fix

"Memory reads, Segmentation Fault" - ah, C++! "Free" language, "independent" of PROprietary companies!

16

Re: 0.6.3 released - security fix

lamefun wrote:

"Memory reads, Segmentation Fault" - ah, C++! "Free" language, "independent" of PROprietary companies!

This is not the appropriate place for this kind of discussion. Stop with this.

Not Luck, Just Magic.

17

Re: 0.6.3 released - security fix

Snoooop wrote:

Where is Ukrainian language? Are you hate us?

We tried to remove languages that are far from completion.

18

Re: 0.6.3 released - security fix

I compiled the macversion, sdl and feetype pathes should be correctly set to the Frameworks folder within the appbundle already.

Here it is: teeworlds-0.6.3-osx.dmg

Luck is allowed

19

Re: 0.6.3 released - security fix

hello guys i was like inactive for years now. Is 1.7 under development or nu? sad

If you want a perfect map for your own server you can PM me to make you one ^^

Please also try play nodes you may download it here!. And as always.Have a nice day

20

Re: 0.6.3 released - security fix

Wait, 1.7? You mean 0.7, right?
Really sick of everyone calling 0.6 "1.6", and 0.7 "1.7" hmm

Clan: Riot (I'm one of three leaders: Mile, Deku, pie)
Host teeworlds maps on a fng/ctf/dm/ddrace server for testing:http://riotproductions.tk/teewo/ broken-need reinstall nginx http://riotproductions.tk/bounce?whatEven, Teeworlds NA Discord chat

21

Re: 0.6.3 released - security fix

pielover88888 wrote:

Really sick of everyone calling 0.6 "1.6", and 0.7 "1.7" hmm

Dude there is no point in calling it 0.x anyways because that would indicate that Teeworlds is still in the pre-alpha. And since it is "nearly perfect" (yeah, sure, stfu devs) the term 1.x would be more accurate. Also, everyone knows what is meant by 1.7, there should be nothing bothering anyone.
As for you dremy; yes, the development is still ongoing, though very slowly. We kind of have to wait another decade for its release, as there is an average of one line of code added per day (and even this estimate might be way too high).

Move along, nothing to see here, really.

22

Re: 0.6.3 released - security fix

As usual, those who complain are those who do nothing.

Not Luck, Just Magic.

23

Re: 0.6.3 released - security fix

That surely is the truth. No denying that. Though is it our task, the consumers, to do anything concerning the development? Furthermore you cannot ask anyone, who does not have the slightest idea of what he can do to help, or knows how to contribute code of any sorts, to do anything. I am not upset, I really am not. I would certainly like to help and contribute things to this community. But I simply do not know how or what or where. I contributed various things such as maps and tutorials. These few posts are obviously nothing compared to the amount of posts other members made. But I do what I can, and I can only do this much.

Move along, nothing to see here, really.

24

Re: 0.6.3 released - security fix

HMH wrote:

I compiled the macversion, sdl and feetype pathes should be correctly set to the Frameworks folder within the appbundle already.

Here it is: teeworlds-0.6.3-osx.dmg


And even if you try contributing something...

...http://downloads.teeworlds.com/teeworlds-0.6.3-osx.dmg

Luck is allowed

25

Re: 0.6.3 released - security fix

HMH wrote:
HMH wrote:

I compiled the macversion, sdl and feetype pathes should be correctly set to the Frameworks folder within the appbundle already.

Here it is: teeworlds-0.6.3-osx.dmg


And even if you try contributing something...

...http://downloads.teeworlds.com/teeworlds-0.6.3-osx.dmg

Can someone with a Mac try out this build? We unfortunately don't have someone that can test this on the team. hmm