April 15, 2019 Patch (Classic)

From Team Fortress Wiki
Revision as of 22:49, 8 October 2019 by Gabrielwoj (talk | contribs) (Created page with "{{Patch layout | game = tfc | before = {{Patch name|8|21|2018|classic}} | day = 15 | month = april | year = 2019 | after = {{Patch name|10|8|2019|classic}} | source =...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Patch notes

Larger changes

  • Added privilege checking to command execution. Commands originating outside of the client are now only able to execute commands that are considered to be safe. Commands such as 'connect', 'bind', 'quit' and certain cvars such as 'cl_filterstuffcmd' are now only executable by trusted sources.
  • Setting 'cl_filterstuffcmd' to a value greater than zero (e.g. 'cl_filterstuffcmd 1') will set a number of commands that are potentially abusable, such as 'say', 'fps_max', and 'setinfo', to also be only executable by privileged sources.

Fixes

  • Fixed intermittent double weapon firing
  • Fixed client incorrectly blocking download of custom sprays

Security fixes

  • All custom resources downloaded from a server now have their file name's checked for safety before being allowed to download
  • Invalid file extensions are now prevented in several commands
  • Dynamic libraries are no longer searched for in custom resource directories
  • Added additional file extensions to custom resource blocked extensions list
  • Fixed buffer overflow in message delta parsing
  • Fixed RCE in weapon message handling
  • Fixed RCE in model loading
  • Fixed buffer overflows in TGA and BMP loading
  • Fixed buffer overflow in demo playback
  • Fixed buffer overflows in model name loading
  • Fixed buffer overflow in detail texture loading
  • Fixed buffer overflow in console map listing
  • Fixed command chaining in cvar's that specified config files to be passed to the 'exec' command

Files changed

Note: The changelog below is generated from a diff of two revisions of the game. This data may be incomplete or inconsistent.
Revision changes
Modified: tfc/cl_dlls/client.dll
Modified: tfc/cl_dlls/client.dylib
Modified: tfc/cl_dlls/client.so
Modified: tfc/dlls/tfc.dll
Modified: tfc/dlls/tfc.dylib
Modified: tfc/dlls/tfc.so