Spearmint 0.6 released

Spearmint 0.6 adds InstaGib mode, MP3 support, customize-able console font size, and fixes a Windows remote code execution exploit. See https://clover.moe/spearmint for downloads.

Reminder: The Spearmint website has moved from spearmint.pw to clover.moe/spearmint.

Spearmint 0.6 is released on the 6 year anniversary of Turtle Arena 0.6 (April 13 2012) — the first of my Friday the 13th release dates. 666 book-ended by Friday the 13ths with the main Turtle Arena development occurring in the proceeding 42 months. This the final 0.x release and end of the Friday the 13th release date targets. The next release will be 1.0 on October 10 2018; the 10 year anniversary of Spearmint/Turtle Arena development.

Spearmint 0.6 is backward compatible with Spearmint 0.5 network protocol and VMs.

There was an exploit for remote code execution on Windows clients with downloads enabled or manually installing a pk3 containing a malicious vm/mint-cgame.qvm (quake virtual machine byte-code). CGame QVM could write a file named “mint-cgamex86.dll.” and Windows API would silently drop the trailing period.  Then the CGame QVM could run the commands vm_cgame 0; vid_restart; to run the mint-cgamex86.dll it wrote. Enabling downloads is not recommended as QVMs are still insecure. The exploit was reported to The ioquake3 Group by Chomenor.

Lines beginning with “ioq3:” were also fixed in ioquake3.

Engine

  • Add MP3 playback support using libmad and Thilo Schulz’s mp3 patch for ioquake3.
  • Allow loading unzipped .txt files when connected to a pure server. (Reported by mecwerks)
  • Fix out of memory error when loading levels such as Team Arena’s mpterra2 (Distant Screams) by increasing vm_gameHeapMegs cvar to 24. (Reported by xesarni and ZaRR)
  • Out of memory errors now report which console variable needs to be increased.
  • Disable saving player’s real name (operating system user account name) in PNG screenshots. (Suggested by robo9k)
  • Add versionshort cvar that unlike version cvar does not contain the platform. If has the git build version, the date is left out too. It’s displayed in the console by CGame VM.
  • ioq3: Enabled compiler optimization for macOS x86 and x86_64. It seems to improve performance.
  • ioq3: Fix not being able to load system OpenAL library on macOS. (Reported by pragmader)
  • ioq3: Support Unicode character hex values greater than 0xFF in cl_consoleKeys. (Fixed by MAN-AT-ARMS)
  • ioq3: Fix possible crash if gamestate contains 8191-chars long configstrings. (Fixed by Eugene C.)

Engine (Exploits-related)

  • Fix VMs being able to immediately change value of an engine latch cvar. (Reported by Chomenor)
  • ioq3: Fix remote code execution on Windows when cl_allowDownload is enabled. (Reported by Chomenor)
  • ioq3: Fix string buffers formatted using Q_vsnprintf on Windows possibly not being terminated resulting in out-of-bounds memory access. (Reported by birdstakes)
  • ioq3: Fix exploit to reset player by sending wrong serverId. (Reported by Ensiform)
  • ioq3: Fix VMs being able to change CVAR_PROTECTED cvars. (Reported by Chomenor)
  • ioq3: Fix fs_game “..” reading outside of home and base path. (Reported by Chomenor)
  • ioq3: Update libvorbis to 1.3.6 to fix CVE-2018-5146, CVE-2017-14633, and CVE-2017-14632.

Renderers

  • Fix crash when running shaderlist command.
  • Support Quake Live’s “depthTest disable” and “novlcollapse” shader keywords.
  • Misc fixes for DDS picmip and r_picmip2.
  • Fix picmip not being applied in OpenGL2 renderer.
  • Don’t load detail textures if they are disabled.
  • Made r_detailtextures 2 use nopicmip for detail textures.
  • Fix Wolfenstein: Enemy Territory foliage in OpenGL1 on Intel macOS and non-macOS big-endian platforms.
  • ioq3: Fix dark lightmap on shader in Team Arena’s mpteam6 level in the OpenGL2 renderer. (Reported by wareya)
  • ioq3: Fix OpenGL2 renderer crash when BSP has deluxe maps and vertex lit surfaces. (Reported by mickael9)
  • ioq3: Fix r_fullbright 1 allowed when cheats are disabled. (Fixed by IR4T4)

VM Common

  • Add cgameversion and gameversion cvars with name, version, and date like main engine version cvar. Old gameversion cvar (value: “baseq3-4”) was renamed to gameprotocol.

Game VM

  • Add InstaGib mode (players have railgun and gauntlet, no level items) for all gametypes. Enable it in the start server menu or set g_instagib cvar to 1. (Requested by myuu on Steam)
  • ioq3: Fix multiplayer vote to use a negative or very large fraglimit or timelimit causing level to continuously restart. (Based on patch by vloup)
  • ioq3: Fix invalid access to cluster 0 in AAS_AreaRouteToGoalArea(). (Reported by Thomas Köppe)

CGame VM

  • Gametype name is now displayed on the scoreboard.
  • Add cg_consoleFontSize cvar to allow changing the console font size. It’s now smaller by default to be more similar to Quake3. Set cg_consoleFontSize to 16 for the size in previous Spearmint versions. (Requested by Calinou)
  • Display cgame version in console in addition to the engine version.
  • Changed website URL in menu to clover.moe/spearmint.
  • Don’t draw ammo warning when spectating and following player (player name is drawn over it).
  • Fix fraglimit and timelimit in Team Arena start server menu being blank on first run. (Reported by Tobias Kuehnhammer)
  • ioq3: Support more addon levels. Increased scripts/*.arena limit to allow about 273 files. (Requested by nonickname)
  • ioq3: Restore Color Depth option in setup -> system -> graphics menu. 16-bit probably doesn’t work, see graphics -> driver info menu for used values.
  • ioq3: Fix -1 (unlimited) ammo decreasing estimated ammo time remaining.
  • ioq3: Fix Team Arena server browser refresh time format (minutes less than 10 start with 0 now, 7:1 -> 7:01).
  • ioq3: Fix invalid model frame developer warnings for Team Arena holdable medkit and invulnerability effects.
  • ioq3: Fix map list in Team Arena start server menu only showing single player maps after previously entering single player menu.
  • ioq3: Fix out-of-bounds access when loading baseq3/consolehistory.dat file that is 1024 bytes. (Reported by devnexen)

Leave a Reply

Your email address will not be published. Required fields are marked *