This release works around a crash bug in the (otherwise, I have to stress, excellent) libsdl12-compat library that has replaced native SDL 1.2 in a couple of scenarios. Manjaro Linux and Mac Homewbrew users were affected, and it seems latest Debian and Arch were also broken. Windows users were unaffected. A library fix is on its way, but may take a while to arrive, so this quick patch should mend things until then.
And, to be frank, also the old, regular widescreen overlords. All this time, the game had been optimized for 4:3 or 5:4 screens, with menu text and HUD elements getting stretched to the side for widescreen users. No more of that! The changes also benefit splitscreen users; for a horizontal split, the HUD will now no longer cover half the (split) screen.... read more
This release completes the library content of the AppImage files and Zero Install archives to make them compatible
with more Linux distributions. You only need to upgrade if you are on Linux and would like to use the AppImage
distribution. Affected Zero Install users get upgraded automatically, everyone else was not affected and can stick
to 0.2.9.0.
We never intended to release a 0.2.9 version, instead the plan was to go directly to 0.4. But 0.4 got stalled, badly. And we had continued improving the source on the 0.2.8 branch little by little. Then Covid-19 came around, forcing a lot of people to stay at home, which gave us the motivation to release the game on Steam and itch.io. That's basically why this version exists, so we did not have to publish a 0.2.8.3 based version there.... read more
I really hope nobody is using this as their only source of security related news, because 0.2.8.3.5 has been out for a while and is a network security fix. It was possible to send malicious object creation messages to clients or servers; they would be recognized as such and discarded, but only after they were allowed to do some damage. It was possible to shut down networked games, for example.
In other news, we're releasing the game renamed to Retrocycles on Steam: https://store.steampowered.com/app/1306180/Retrocycles/. I Invite everyone to whishlist it right now, that will help the game stay in the spotlight for longer once it is released. And on release day, July the 22nd, it would be sweet if the servers were well populated. Ideally you'd use the Steam client to boost the concurrent play numbers there.
Version 0.2.8.3.4 is not a security update, just a compilation and compatibility fix update. It now works fine with gcc 6. 0.2.8.3.3 does not even compile and if you fix the compile errors (a patch for that was floating around previously), it crashes quite reproducibly. If you don't have any obvious problems, you can stick to 0.2.8.3.3.
Oh, and we forgot to announce 0.2.8.3.3 here, which WAS a security update. So if this news channel is your only source of Armagetron Advanced release news, sorry. Update now!
Version 0.2.8.3.2 of the multiplayer lightcycle game Armagetron Advanced has been released, fixing several vulnerabilities.
The most important vulnerability let modified clients send servers into infinite loops by exploiting a bug in handling the very, very old cycle turn command protocol.
The second vulnerability allowed anyone with enough access rights to execute "/admin include" to gain owner rights on a server and take it over for as long as it kept running.... read more
It took a while, but the long expected release 0.2.8.3 of the Multiplayer Lightcycle game Armagetron Advanced is finally here.
Polishing existing things has been the focus of this release. This version handles lag better than any version before it, rendering performance has been increased, and there were many small victories in the ever continuing war against spam. One new big feature made it in, too: players are now able to authenticate to game servers using a distributed protocol, thus making organized competitive play that much easier and the life of impostors and trolls harder.
Two attack possibilities have been discovered that let anyone shut down or freeze a game server with a modified client. Aditionally, remote administrators can freeze a game server with commands that produce too much output. Versions 0.2.8.X are affected by all three; version 0.2.8.2.1, fixing them all, is available in the file release section.
Other versions are vulnerable to the server shutdown exploit, too; there, a crash can be caused. Patches for 0.2.7.X, 0.2.6.X and 0.3.0 are available in the patches section. Let us know which versions are in active use in binary form, we'll consider full releases for those who can't use a source patch.... read more
Armagetron Advanced, the multiplayer lightcycle game, just got a new minor release.
Some smaller improvements and bugfixes went into 0.2.8.2. Console and chat now have a history function, spectators are now visible to other players so they can chat and be kicked, and team management has been sanitized a bit. It should be a safe upgrade for all users of 0.2.8.1.
The next release is planned to be the experimental release 0.3.0, showcasing where we're going. There is also going to be a 0.2.8.3 with more small improvements later.
All 0.2.8 beta and release candidate versions of Armagetron Advanced and 0.2.8.0 itself are vulnerable to file path related attacks. Versions 0.2.7.1 and earlier lack the features that introduce the vulnerability and are safe.
There are two attack scenarios: In the first, a malicious server administrator can use a forged MAP_FILE path to inject files in arbitrary places on the clients as long as no file already exists there. This has been fixed in version 0.2.8.0. In the second scenario, a malicious remote server administrator can read partial content of every file the server has access to. Whole private ssh and gpg keys can be read. This vulnerability has been closed in 0.2.8.1.... read more
Recently, some security vulnerabilities in Armagetron Advanced have been made public. Read more here:
http://www.securiteam.com/windowsntfocus/5JP0A15EVO.html
http://aluigi.altervista.org/adv/atron-adv.txt
As a response, version 0.2.7.1 fixing these problems has been made available. It also fixes several large and many small annoying bugs, like the rip bug and client/server cycle synchronization problems. Please see the release notes for more information.
The development team is pleased to announce version 0.2.7.0. Enjoy!
Our development team is proud to announce "Armagetron Advanced" - which includes several new features that have been added to Manuel Moos's original Armagetron. This project is currently preparing documentation and configurable options.
More news will follow regarding our release when the appropriate time comes.