1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.

Unreal 226b-f security fixed engine.u file

Discussion in 'Unreal' started by Leo(T.C.K.), Aug 27, 2010.

Thread Status:
Not open for further replies.
  1. Leo(T.C.K.)

    Leo(T.C.K.) Well-Known Member

    Joined:
    May 14, 2006
    Messages:
    4,689
    Likes Received:
    29
    This is an update of engine.u for 226b and 226f clients/servers, because of a dangerous exploit that hasn't been fixed as of yet.

    225 clients and servers should wait for own version, which will be made eventually...

    For maximum security on Unreal servers, we (zeurkous and me) recommend you to set all system files to read only, beacuse there is an older exploit with writing a LOG file through abusive admins forcing open command with for example "LOG=core.dll", using mods which allow admins to take over player and force any console command on him...or perhaps contact Smartball, because he has made some fixes against these exploits...

    AFAIK that older exploit can be only fixed natively, the way that command works and is fixed in oldunreal 227 patch only so far.

    Engine.u-v226zeur2.tar.bz2
     
    Last edited: Aug 27, 2010
  2. Leo(T.C.K.)

    Leo(T.C.K.) Well-Known Member

    Joined:
    May 14, 2006
    Messages:
    4,689
    Likes Received:
    29
    One small note: It seems Zora already included some client side protection for the log writing in nephthys already....I didn't know about that, as I told her today request if she could add some proposed change by me and zeurkous.

    The problem is nephthys is inompatible with mcoop2, at least versions 1.4 and higher, the mcoop needs to be updated now I guess, or nephthys conformed to it or something.
     
  3. Leo(T.C.K.)

    Leo(T.C.K.) Well-Known Member

    Joined:
    May 14, 2006
    Messages:
    4,689
    Likes Received:
    29
    I made one for 225 several days ago, although the proper release will get delayed. It is both for 225 server or client, but well...it is compatible with all official versions, but it isn't compatible with 227, beacsue I would have needed to conform it with those versions and I could break something.

    Also I understand why Zora didn't make Nephthys for 227, the amount of work is simply tremendous and not worth it at all.

    So....people should really have separate Unreal installs, one for 227 and another one for normal, or use shared tree using ini with different paths.
    It is not my or Zora's fault, blame someone else...perhaps if the 227 team didn't have mind stuck in the mud...and didn't make attempts to force 227 down people throats.

    But I had to make this for proper security.

    If you want the 225 fixed engine.u against this very dangerous exploit, pm me...it will take a week for proper release with readme, I wanted zeurkous to write that, but he is busy atm, also I did the hex editing myself this time, just to be sure.
     
    Last edited: Sep 8, 2010
  4. GreatEmerald

    GreatEmerald Khnumhotep

    Joined:
    Jan 20, 2008
    Messages:
    4,042
    Likes Received:
    1
    Uhh, there is no reason not to use 227. It's as if someone decided to use UT2004 3336 instead of 3369 - that makes no sense.
     
  5. Delacroix

    Delacroix Successor of Almarion

    Joined:
    Jan 12, 2006
    Messages:
    804
    Likes Received:
    2
    It makes no sense, what you're saying, GE. It just makes no sense. OU are doing a RUSH JOB, convincing people to use 227. It's not final yet, does NOT officially support the only Unreal version in sale (Gold) and still has it's fair share of own bugs. It's too early for this to spread.
     
  6. GreatEmerald

    GreatEmerald Khnumhotep

    Joined:
    Jan 20, 2008
    Messages:
    4,042
    Likes Received:
    1
    Oh, but I'm not saying that you should do it now. It's the same with previous Unreal patches - nobody uses 224a, everyone uses 224v, since that's the complete patch. I'm just saying that there will be no reason not to switch once it goes final. But overall this is more about servers, and those are the ones that could switch even now, since they usually don't care about UPak content, and there have been loads of fixes there.
     
  7. UBerserker

    UBerserker old EPIC GAMES

    Joined:
    Jan 20, 2008
    Messages:
    4,798
    Likes Received:
    0
    I'll get 227. Only when it will be fully finished though!
     
  8. Delacroix

    Delacroix Successor of Almarion

    Joined:
    Jan 12, 2006
    Messages:
    804
    Likes Received:
    2
    GreatEmerald - but the security upgrades are a temporary hotfix for NOW and NOW is the key word here. NOW it's too early to use 227. That's what Leo and I mean.
     
  9. GreatEmerald

    GreatEmerald Khnumhotep

    Joined:
    Jan 20, 2008
    Messages:
    4,042
    Likes Received:
    1
    That's all right then. It's just that there are plenty of people who say they won't use 227 but don't mention the word "now " :)
     
  10. Smirftsch

    Smirftsch New Member

    Joined:
    May 9, 2000
    Messages:
    322
    Likes Received:
    0
    Sorry, but this statement is partially wrong.

    Nobody is "forcing" anyone to use 227, but already 227f has tons of less bugs compared to previous versions, especially 226. Of course it has its own bugs, but that's only a handful and none of it is as critical as many 226 bugs. I often don't understand why people refuse to use 227 and when I ask there are rarely real reasons but just prejudices - but that's a different story.

    That being said I want to append that its fully understandable in my eyes if someone decides not to use a beta until it is final- for whatever that means if you consider that 226 is a plain rip out of UT in which almost no debugging was made, forced by the community with a big online petition (yeah, no kidding, just do a search on Google) - I'd consider it almost alpha or pre-beta and would have never left it that way. But that was Epic and things that count for them obviously don't count for me.
    So 226 is still considered "better" obviously.
    That I was given the code by Epic to do exactly what I do now seems not to count also.

    Also its wrong that 227f does not support UGold, it does support it and it can be installed, it just negates the usage of the Return to Napali extension for now. This is mainly because I was denied the usage of UPak in the patch if it can be applied to classic Unreal. So 227g will have 2 different patch versions, one with UPak for UGold/Anthology and one without for Unreal classic.

    For that are in the wiki also hints and tips to do multi installations- also an UPak.dll independent RTNP can be found in the web to play it with 227f again -so what the heck do you miss?
     
  11. Delacroix

    Delacroix Successor of Almarion

    Joined:
    Jan 12, 2006
    Messages:
    804
    Likes Received:
    2
    My statement is 100% right.

    First of all, look up at OU one of my topics, where I asked for a bunch of maps to be fixed using the 224 editor. One of the regular forumers has told me sth like that: Friggin use 227 or sth like that. I CAN look up a direct quote and the topic itself if you wish. If you don't call this forcing, I don't know what the heck is.

    I do agree that 227 is almost bugfree in comparison to the previous versions, especially 226... and when it's finalized, probably every single Unreal player will switch to it, save just a few marauders.

    I consider product "supported" when a patch can be applied to a product without breaking it. Installing 227 over UGold invalidates RTNP and because of this I consider UGold unsupported by 227. End of freaking story. Try issuing a service pack for Windows Vista making Office 2003 unworking and I'd outright kill the culprit. UGold is NOT YET supported, period.

    And as for the unofficial UPak.u - are you kidding? It's NOT PUBLIC! I haven't seen it on a single website, it circulates SOLELY through emails/PMs so that's totally unofficial and off the record. Temporary solution, but still, UG is not supported - only vanilla Unreal is.

    EDIT: And yes, 227 CAN be applied to UGold and players will benefit from its features, but currently RTNP is the price to pay for it.
     
    Last edited: Sep 9, 2010
  12. Leo(T.C.K.)

    Leo(T.C.K.) Well-Known Member

    Joined:
    May 14, 2006
    Messages:
    4,689
    Likes Received:
    29
    I personally have the separate installs. I don't see the need for switching and overwriting my 226-225 installs (although I use shared directory tree) and yes, indeed some people are forcing 227 to others and what was on forums is not the worst of it all, just to say the least.

    This fix is for the old versions (225 VERSION FIX NOT OFFICIALLY RELEASED YET, JUST REMINDER). Besides 227 clients performs best at 227 servers (few bugs like sliding bug happen if you join 227 server or if 227 client joins 225 and of course the players can't see the new actors which are in the same package, yes that means even the new-old translocator and stuff) and 225-226 clients perform best at 225-226 servers.

    The 225 version will hopefully be released soon, the package is done and all tested, only readme needs to be written by zeurkous.
     
    Last edited: Sep 9, 2010
  13. Smirftsch

    Smirftsch New Member

    Joined:
    May 9, 2000
    Messages:
    322
    Likes Received:
    0
    Just some people do obviously not distinguish between forum and page. The page offers help and downloads as well as a lot of manuals/wiki/FAQ's. For example also how to handle multiple parallel installations etc. of f.e. 227 and UGold.
    227 is preferred of course, especially in the wiki but that's not because someone said: "ey, don't put 226 content in it", it's because just no one put it in there and I can't put all things in there alone.

    The fact that often the answer in the forum is:" Use 227" is because often it is just that easy, why fixing and fixing and answering and answering the same things again and again for the older versions while the solution is already there?
    I know there are surely reasons as described above not to use 227, like if you want to play RTNP (while online there is no single UGold server) or this sliding bug of yours although I never experienced such a thing myself and I'm playing often on 225 servers also. But in the end its usually just that people didn't read the manual or are just to lazy to redo some of the configuration. It just doesn't work because they are not freakin able to read some lines of text, but then in forums like here at BU is complained how bad it is or how it would mess up things.

    A good example is here in the mapping section where someone complains how bad 227f is because it breaks zoning, while the real reason is that zoning is handled differently as form of optimization to help with the max zone limit, that was originally implemented by Legend in UGold already and which I just enabled for 227 too. Zoning is definitely NOT broken.
    But just not willing to give it a chance, to try some things, or even bother to ask in the home of the patch at Oldunreal where this behavior would have been explained within a few sentences. Instead you can find now here in BU forums how messed 227f UED is.
    That 227f UED2 does have already a lot of fixes already compared to the UT version and that it is even first time possible at all to use UED2 with Unreal, that's not mentioned of course.
    Sounds weird, but I experienced that dozens of times.

    Well, back on topic I can only advise anyone who decides to stay with 224/225/226 using at least Nephthys and consider this update here (while I have to admit that I haven't tested it myself due to lack of time and can't tell how effective it is) to be protected against this really critical issue.
    I'm just concerned that this bug is definitely existing for UT as well.
     
    Last edited: Sep 10, 2010
  14. Leo(T.C.K.)

    Leo(T.C.K.) Well-Known Member

    Joined:
    May 14, 2006
    Messages:
    4,689
    Likes Received:
    29
    Well, at least you are not discouraging people to not use this fix, as someone (pointing at the same thread at other forums which turned into flamewar and deletion of entire thread).

    As for 227 UED functions, I am very pleased with them myself, well with the 227g ones more likely, since they actually do help me work a bit quicker with ued, not talking about the new static mesh functions though, that's a bit of new gimmick there.

    The sliding bug happens and I showed it at a video, it is sometimes hardly noticable, but it happens, a slight kag when you stop running. Still the fact that it uses so many actors makes me want to have separate installs rather.

    Btw with nephthys client you can't join 227 servers due to incompatibility from version 1.4 higher, more reason why to keep separate installs.
     
    Last edited: Sep 10, 2010
  15. Leo(T.C.K.)

    Leo(T.C.K.) Well-Known Member

    Joined:
    May 14, 2006
    Messages:
    4,689
    Likes Received:
    29
    EDIT: not worth this...

    If you want to see my post, it is in spoiler tags now (because there was reply to my post and I hate deleting anything, even mistakes and stuff), although it was written in affection:

    Fine, I reposted the thread at the other forums, without any bull**** (just the first three posts merged together) even deleted the comment about the head in mud and now the reposted thread got deleted and I got banned. I am done with old Unreal community really, you have took it to new heights in idiocy really.

    All I want is to help the game going on, instead what I got past weeks is intolerance, hatred, censorship and hard abuse and attempted blackmail of a certain oldunreal admin. There was lots going on behind the walls, but I will write about it all, about this deception, harassment and all of that and other illegal activity.

    You will see.

    EDIT: Also some of the things I said no longer holds true (the ban), although it happened.
    EDIT2: and then it again happened, for me posting about my health issues
     
    Last edited: Oct 1, 2010
  16. Creavion

    Creavion New Member

    Joined:
    Aug 27, 2005
    Messages:
    471
    Likes Received:
    0
    Uhm, what illegal stuff are you talking about. AFAIK there isn`t anything illegal about 227... (maybe I will regret that question very soon) and please no death threats... thats not helpful for anybody.

    Seriously, why do people have to enjoy to make other peoples lives sometimes to a nightmare...
     
  17. Leo(T.C.K.)

    Leo(T.C.K.) Well-Known Member

    Joined:
    May 14, 2006
    Messages:
    4,689
    Likes Received:
    29
    Not about 227 developement, I am talking about something else here. I am not making any death threats, but threats were given to me.

    What I mean with you will see that I will post the details offsite, on independand source.
    No lies involved just facts.
     
    Last edited: Sep 10, 2010
  18. Smirftsch

    Smirftsch New Member

    Joined:
    May 9, 2000
    Messages:
    322
    Likes Received:
    0
    At least? I told you how to make it net compatible without any hesitation. But now you have a personal impression how I felt again and again about that when my work although done with best intentions was and is being put in question again and again. I said you this will happen, remember?

    Anyway, I told you I'm done with all disputes because my health doesn't allow me to take care personally about all things happening on Oldunreal forums.
    I just wish that 227 and the page itself doesn't suffer from all disputes, I put to much work in it over all the years.
    We may be no friends and probably never will be, but we are on the same side regarding Unreal- make it safe for all and keep it playable as long as possible. Don't forget this.
     
    Last edited: Sep 10, 2010
  19. Leo(T.C.K.)

    Leo(T.C.K.) Well-Known Member

    Joined:
    May 14, 2006
    Messages:
    4,689
    Likes Received:
    29
    Well, I thank you for that actually, for our mutual support in past as well, even regarding 227. Yeah I had impression you all don't like the fix anyway and that you see danger to 227 in this.

    Yeah I get it.

    A lot of people were caught in a crossfire lately, but well I am not sliping the issues under the carpet and I will speak against the people who have truly harmed me you know.

    I was told nothing will be done against anything anyway and clearly...so I know the issues were being taken down under carpet and silenced. That's not the way to solve things and certainly it would help avoiding it all, even if some apologies were made in beginning (I wanted to discuss it with the people involved but they chose other way) but it got overboard totally with all the harassing etc and it is too late to say sorry now I guess, after all the disgusting things that were done by him/them.
     
    Last edited: Sep 10, 2010
  20. []KAOS[]Casey

    []KAOS[]Casey 227 dev

    Joined:
    May 17, 2009
    Messages:
    28
    Likes Received:
    0
    Rush job? we've been on it for a few years now, we take our time to release stuff to make sure it's stable, and so far we've withheld g for a lot longer than all the other patches, and soon enough it will be longer than the delay from a->b->c->d->f all combined. can you explain your logic with it being a rush job? I don't really get it. as for "Convincing" people to use 227.. let's just say there's security issues far above and beyond that the public knows about that I wish I could reveal that are extremely serious.

    The only reason we haven't supported gold yet is because of legal issues not allowing us to do so. Previously smirf had emailed epic to allow for upak in a separate installer, but either got no reply or some bunk like "not enough bandwidth to do that."

    1. with the 224 maps, I posted that simply because true compatibility doesn't exist, and it was the easiest for you to do. The trials and tribulations of achieving true compatibility is nearly impossible, even then there's still a way to break any version. Besides, once you have it loaded in 227 you could've just exported it and reimported and/or debugged that way. Installing 227 could have lead to your ultimate solution.


    2. http://www.klankaos.com/upak.u

    that's probably an old version of it for 227f and hell I dont even remember if it works anymore, but whatever. enjoy. This won't work if you don't have a previously legitimate install of gold with the maps, textures, sounds, music etc etc. unsupported in every way but there you go.
     
Thread Status:
Not open for further replies.

Share This Page