[Rambetter]

MaJ and I have created an SVN source code repository for the ioUrbanTerror server program. The code being committed to this SVN is limited to critical bug and exploit fixes. No enhancements are committed. The size and impact of the changes is kept to an absolute minimum.

The SVN URL to access the source code is svn://svn.clanwtf.net/repos/ioUrT-server-4.1

So for example on UNIX you could get the source code with the following command:

svn checkout svn://svn.clanwtf.net/repos/ioUrT-server-4.1

Revision 1 is the exact source code from ioUrbanTerrorSource_2007_12_20.zip. So for example to get the diffs of all changes made, do this:

cd ioUrT-server-4.1/
rm -rf extra-patches
svn diff -r1

In the above commands, I have you remove the extra-patches/ directory before you take the diff because that directory only contains extra patches that are not used if you just build the server normally. (See below for more info on extra patches.)

If you want to submit a patch that fixes a critical issue, please PM it to me.

Also there is a similar project for ioquake3, in case you are using ioquake3 to run your Urban Terror server. (For example I am using it to run a couple of my servers.)

svn checkout svn://svn.clanwtf.net/repos/ioquake3-server-1.36

Each of these projects (ioUrT-server-4.1 and ioquake3-server-1.36) has an extra-patches/ directory. There is a README.txt file in this directory explaining the nature of the patches and how to apply them. These patches are only for extra functionality that is not related to critical bugfixes.

This post has been edited by Rambetter: 31 March 2010 - 06:58 AM

[Yas]

wow.
gl with this project!

didn't realise there were that many critical bugs/exploits that a svn was needed.

anyway, anything to keep people safe and happy is worth it.

[Rambetter]

Yas, on 06 October 2009 - 11:20 PM, said:

wow.
gl with this project!

didn't realise there were that many critical bugs/exploits that a svn was needed.

anyway, anything to keep people safe and happy is worth it.

Well we started the source control for 2 reasons. First, we needed SVN because we're making some "nice additional enhancements" that are not related to exploits or major bugs. Second, we are fixing major exploits that are not public knowledge yet. So, we have another project in SVN that is currently not public, because if these major exploit fixes are seen by script kiddies, a lot of unpatched servers crashing will result.

But it's nice to have these exploits fixed in a private repository, so that when and if the expoits become public knowledge, we will have already tested the fix, and giving the fix to the public will be simply a matter of merging one revision into the main trunk.

[jgen (old)]

Wow, this is a great idea guys!

If there is anything I can do to help, please let me know.

[Rambetter]

I've been maintaining this repository and now there are some extra patches for added functionality. But these are optional. See initial post.

[mitsubishi]

/totaltimerun from my edits is server supported (reports total time the server has ever run plus for current session); you might want to use it, if you're adventurous:p
(might need further bookkeeping work though to support several configs on the same machine since it initially assumed one client only hence it wrote its var in q3config).

This post has been edited by mitsubishi: 27 February 2010 - 12:28 AM

[sC` naixn]

Rambetter, on 26 February 2010 - 04:08 PM, said:

I've been maintaining this repository and now there are some extra patches for added functionality. But these are optional. See initial post.

Hi!

Thanks a lot for the repo, it's very useful and cool!
However, I was wondering, why did you back out the sv_rconDelay update? Is it for security reasons, or just because you wanted to do it within a patch and didn't do so yet?

Thanks a lot!

[Rambetter]

Naixn, on 01 March 2010 - 11:26 AM, said:

Hi!

Thanks a lot for the repo, it's very useful and cool!
However, I was wondering, why did you back out the sv_rconDelay update? Is it for security reasons, or just because you wanted to do it within a patch and didn't do so yet?

Thanks a lot!

sv_rconDelay was to give the admin control over the time intervals between good and bad rcons. I got rid of the user control and hardcoded the time intervals, which is safer and less confusing.

Right now the time between bad rcons is 500 milliseconds and the time between good rcons is 100 milliseconds. It's in the code, it's not a patch. That change addresses the rcon flood exploit.

[UAA V00d00]

Has Maj released that moderator patch yet? If so is it on the svn?

[Rambetter]

MaJ has done something with the moderator stuff, but that change is not in this SVN repository. If you really want it, we can work on putting in the patch.