It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionThe (28304 posts) (28304 posts) 
(28304 posts) 
Pages:
1
400
800
1200
1600
1690
1691
1692
1693
1694
1887
This is my favourite topic
Posted February 06, 2021
high rated
SpellForce 3: Fallen God

Updated to 1.4e
No changelog
Posted February 07, 2021
high rated
Cyberpunk 2077 is now at v1.12 (was v1.11) - seemingly everywhere else but on GOG, that is.
This update addresses the vulnerability that could be used as part of remote code execution (including save files):
- Fixed a buffer overrun issue.
- Removed/replaced non-ASLR DLLs.
No offline installer(s) for patching/updating, as of yet.
Posted February 07, 2021
avatar
mannefriedrich: Cyberpunk 2077 is now at v1.12 (was v1.11) - seemingly everywhere else but on GOG, that is.

This update addresses the vulnerability that could be used as part of remote code execution (including save files):
- Fixed a buffer overrun issue.
- Removed/replaced non-ASLR DLLs.
avatar
mannefriedrich: No offline installer(s) for patching/updating, as of yet.
Sounds like a critical bug in the game.

If you can't update, some ways to mitigate this flaw:
* Don't load save files you don't trust. In particular, it's probably only a good idea to load saves that you made while playing the game.
* Don't let the game connect to servers or other devices. If possible, cut the game off from the internet, or disconnect your computer entirely while playing the game. (You might want to consider starting the game with Galaxy not running for the time being.)
* When you can update, do so as soon as possible.

Edit: Having read later posts, might want to disable cloud saving if you don't have the update, just in case GOG's server gets hacked and saves replaced with malicious ones.
Post edited February 09, 2021 by dtgreene
Posted February 07, 2021
avatar
mannefriedrich: Cyberpunk 2077 is now at v1.12 (was v1.11) - seemingly everywhere else but on GOG, that is.

This update addresses the vulnerability that could be used as part of remote code execution (including save files):
- Fixed a buffer overrun issue.
- Removed/replaced non-ASLR DLLs.
avatar
mannefriedrich: No offline installer(s) for patching/updating, as of yet.
Should have been available on Friday already.
Maybe they ran into problems making the hotfix/patch work with the GOG build or something. There better is going to be one in any case, I'm not keen on downloading the base game offline installers worth 100+GB all over again.

Same with The Medium.

---

Looks like the 1.12 Hotfix for Cyberpunk 2077 causes a bunch of other issues (crashing, not starting at all).
Probably that's why it's not available yet.
Post edited February 07, 2021 by CMiq
Posted February 08, 2021
avatar
mannefriedrich: Cyberpunk 2077 is now at v1.12 (was v1.11) - seemingly everywhere else but on GOG, that is.

This update addresses the vulnerability that could be used as part of remote code execution (including save files):
- Fixed a buffer overrun issue.
- Removed/replaced non-ASLR DLLs.
avatar
mannefriedrich: No offline installer(s) for patching/updating, as of yet.
Galaxy has been updated on February 5, offline installer and patch are available now.
Post edited February 08, 2021 by Hustlefan
Posted February 08, 2021
Is there some new policy about offline installers now? GOGDB's showing at least six major games that are one or two versions behind and have been for a while (Phoenix Point, Scourgebringer, Yuppie Psycho, Star Renegades, El Hijo and Call of the Sea)
Posted February 08, 2021
avatar
shawne: Is there some new policy about offline installers now? GOGDB's showing at least six major games that are one or two versions behind and have been for a while (Phoenix Point, Scourgebringer, Yuppie Psycho, Star Renegades, El Hijo and Call of the Sea)
El Hijo seems to be updated according to GOGDB.

Edit: Nvm... it isnt... Steam version was updated Dec 22nd...

The devs and publisher told me the update was available...
Post edited February 08, 2021 by Crimson-X
Posted February 08, 2021
avatar
shawne: Is there some new policy about offline installers now? GOGDB's showing at least six major games that are one or two versions behind and have been for a while (Phoenix Point, Scourgebringer, Yuppie Psycho, Star Renegades, El Hijo and Call of the Sea)
One or two versions behind what?
Posted February 08, 2021
high rated
Journey to the Savage Planet

Updated to 1.0.10b (Galaxy & Offline Installer)

No changelog, but they changed the message for offline players. Screenshot attached.
Attachments:
message.jpg (104 Kb)
Post edited February 08, 2021 by Hustlefan
Posted February 09, 2021
avatar
shawne: Is there some new policy about offline installers now? GOGDB's showing at least six major games that are one or two versions behind and have been for a while (Phoenix Point, Scourgebringer, Yuppie Psycho, Star Renegades, El Hijo and Call of the Sea)
avatar
mrkgnao: One or two versions behind what?
Probably Steam.
Posted February 09, 2021
There should an update - version 1.0.13c - for 'Starcom: Nexus' coming soon™ because the developer already posted on the game forum about a fixed problem with the gog-version:
https://www.gog.com/forum/starcom_nexus/dev_comment_issue_with_mission_progression
Posted February 09, 2021
avatar
mannefriedrich: Cyberpunk 2077 is now at v1.12 (was v1.11) - seemingly everywhere else but on GOG, that is.

This update addresses the vulnerability that could be used as part of remote code execution (including save files):
- Fixed a buffer overrun issue.
- Removed/replaced non-ASLR DLLs.
avatar
mannefriedrich: No offline installer(s) for patching/updating, as of yet.
"Buffer overflow" but ok whatever (I mean, it's cringe with that "overrun" naming since buffer overflow is an actual term, but ok whatever CDPR).
Well according to patchnotes
https://steamdb.info/patchnotes/6184116/
and related writeup
https://github.com/PixelRick/CyberpunkSaveEditor/blob/428787c65b3d287d5ac5cd5ced9ec0993922c3f1/README.md
calling this a pretty severe security issue would be an understatement.

So I guess CDPR doesn't care about it's beloved GOG customers to the point of putting them at risk more than others by not providing update in timely manner?

I took a look at GogDB and I'm consfused.
There was apparently an update of some sort
https://www.gogdb.org/product/1423049311#changelog
so maybe they pushed a patch just now.
https://www.gogdb.org/product/1423049311#downloads
Still, it's 3 days post Steam so it's pretty drastic negligence in regards to what is effectively a huge security issue that affects basically everybody under correct circumstances.
Posted February 09, 2021
avatar
mannefriedrich: Cyberpunk 2077 is now at v1.12 (was v1.11) - seemingly everywhere else but on GOG, that is.

No offline installer(s) for patching/updating, as of yet.
avatar
B1tF1ghter: "Buffer overflow" but ok whatever (I mean, it's cringe with that "overrun" naming since buffer overflow is an actual term, but ok whatever CDPR).
Well according to patchnotes
https://steamdb.info/patchnotes/6184116/
and related writeup
https://github.com/PixelRick/CyberpunkSaveEditor/blob/428787c65b3d287d5ac5cd5ced9ec0993922c3f1/README.md
calling this a pretty severe security issue would be an understatement.

So I guess CDPR doesn't care about it's beloved GOG customers to the point of putting them at risk more than others by not providing update in timely manner?

I took a look at GogDB and I'm consfused.
There was apparently an update of some sort
https://www.gogdb.org/product/1423049311#changelog
so maybe they pushed a patch just now.
https://www.gogdb.org/product/1423049311#downloads
Still, it's 3 days post Steam so it's pretty drastic negligence in regards to what is effectively a huge security issue that affects basically everybody under correct circumstances.
- "Buffer overrun" is a well-known and acceptable synonym of "buffer overflow" (see, for example, first line here:
https://en.wikipedia.org/wiki/Buffer_overflow). It's not CDPR's invention.

- And, if I'm not mistaken, GOG customers did not get the version after Steam. The version was updated on Galaxy at around the same time or even before it was updated on Steam. It's just those poor saps who insist on not using the optional client who had to wait for three days to have the offline installers updated. But they (or actually, we) should be used to it by now, because that's the norm (actually this case was much better than most offline installer updates, many of which take more than three days, and some of which get updated only weeks, months or years after galaxy).
Post edited February 09, 2021 by mrkgnao
Posted February 09, 2021
avatar
B1tF1ghter: "Buffer overflow" but ok whatever (I mean, it's cringe with that "overrun" naming since buffer overflow is an actual term, but ok whatever CDPR).
Well according to patchnotes
https://steamdb.info/patchnotes/6184116/
and related writeup
https://github.com/PixelRick/CyberpunkSaveEditor/blob/428787c65b3d287d5ac5cd5ced9ec0993922c3f1/README.md
calling this a pretty severe security issue would be an understatement.

So I guess CDPR doesn't care about it's beloved GOG customers to the point of putting them at risk more than others by not providing update in timely manner?

I took a look at GogDB and I'm consfused.
There was apparently an update of some sort
https://www.gogdb.org/product/1423049311#changelog
so maybe they pushed a patch just now.
https://www.gogdb.org/product/1423049311#downloads
Still, it's 3 days post Steam so it's pretty drastic negligence in regards to what is effectively a huge security issue that affects basically everybody under correct circumstances.
avatar
mrkgnao: - "Buffer overrun" is a well-known and acceptable synonym of "buffer overflow" (see, for example, first line here:
https://en.wikipedia.org/wiki/Buffer_overflow). It's not GOG's invention.
Well it definitely couldn't be GOG's invention given that the patchnotes I linked come from CDPR and were published on Steam :P
As a highly technical person using Linux daily "buffer OVERRUN" somewhat makes me sassy since close to nobody serious calls it that way :D

avatar
mrkgnao: And, if I'm not mistaken, GOG customers did not get the version after Steam. The version was updated on Galaxy at around the same time or even before it was updated on Steam. It's just those poor saps who insist on not using the optional client who had to wait for three days to have the offline installers updated. But they should be used to it by now, because that's the norm (actually this case was much better than most offline installer updates, many of which take more than three days, and some of which get updated only weeks, months or years after galaxy).
I feel offended :/
Yes, well, if offline installers were updated few days after Galaxy / Steam then YES, it is treating your customers unequally and negligence which could possibly lead to security breaches for GOG customers in case of specific possible circumstances.
Posted February 09, 2021
It seems the system which automatically creates the offline installers is currently broken. No new offline installers since Sunday except Cyberpunk 2077 and Journey to the Savage Planet (Both without blue dot). I assume the installers for these two games have been created manually.

@GOG: Please fix it.
Pages:
1
400
800
1200
1600
1690
1691
1692
1693
1694
1887
This is my favourite topic
Community
General discussionThe (28304 posts) (28304 posts) 
(28304 posts)