iortcw (1.51.b+dfsg1-3) unstable; urgency=medium * Declare compliance with Debian Policy 4.1.3 * Replace kde-baseapps-bin dependency with kdialog (see #885839) * AppArmor: Use from apparmor (>= 2.10.95-5) instead of reinventing it * AppArmor: Allow reading EGL vendor configuration * AppArmor: Allow zenity to read from dconf * Move packaging to salsa.debian.org * AppArmor: Remove rules for OpenAL static data files, which are now allowed by (#874665 in apparmor) -- Simon McVittie Mon, 15 Jan 2018 09:26:05 +0000 iortcw (1.51.b+dfsg1-2) unstable; urgency=medium * Declare compliance with Debian Policy 4.1.1 * Set Rules-Requires-Root to no -- Simon McVittie Mon, 06 Nov 2017 10:19:01 +0000 iortcw (1.51.b+dfsg1-1) unstable; urgency=medium * New upstream release - Drop patch from previous version, now upstream * Declare compliance with Debian Policy 4.1.0 * d/watch: Mangle version number so the trailing "b" is not considered to be less than +dfsg -- Simon McVittie Fri, 08 Sep 2017 11:18:04 +0100 iortcw (1.51+dfsg1-3) unstable; urgency=medium * d/p/1.52/All-Fix-improve-buffer-overflow-in-MSG_ReadBits-MSG_Write.patch: Add patch (from ioquake3 via upstream) to fix a read buffer overflow in MSG_ReadBits (CVE-2017-11721) -- Simon McVittie Sat, 05 Aug 2017 11:56:31 +0100 iortcw (1.51+dfsg1-2) unstable; urgency=medium * d/copyright, d/rules: Update to reflect addition of COPYING.txt to the upstream repository (the license remains the same) * d/apparmor.d: Allow even more device enumeration * Declare compliance with Debian Policy 4.0.0 -- Simon McVittie Mon, 24 Jul 2017 07:40:19 +0100 iortcw (1.51+dfsg1-1) unstable; urgency=medium * Reference CVE-2017-6903 in previous changelog entry * Reset git branch to debian/master * New upstream release - drop patches that came from upstream * d/copyright: Fix format declaration * AppArmor: Allow reading OpenAL static data files -- Simon McVittie Thu, 15 Jun 2017 11:33:12 +0100 iortcw (1.50a+dfsg1-3) unstable; urgency=high * d/gbp.conf: switch branch to debian/stretch for updates during freeze * d/patches: Add patches from upstream fixing security vulnerabilities - refuse to load potentially auto-downloadable .pk3 files as iortcw renderers, iortcw game code, libcurl, or OpenAL drivers (mitigation: auto-downloading is off by default, and in Debian we do not dlopen libcurl anyway) - refuse to load default configuration file names from a .pk3 file - protect cl_renderer, cl_curllib, s_aldriver configuration variables so game code cannot set them - refuse to overwrite files other than *.txt with the dump console command - refuse to overwrite files other than *.cfg with the writeconfig console command (Closes: #857714; CVE-2017-6903) -- Simon McVittie Tue, 14 Mar 2017 09:37:19 +0000 iortcw (1.50a+dfsg1-2) unstable; urgency=medium * Drop unused libspeexdsp-dev build-dependency (VoIP is now done using the Opus codec) * debian/watch: strip +dfsg1 suffix when comparing versions even if working from a release and not a datestamped snapshot * debian/apparmor.d: allow more forms of device enumeration -- Simon McVittie Sat, 21 Jan 2017 20:25:48 +0000 iortcw (1.50a+dfsg1-1) unstable; urgency=medium * New upstream release 1.5a, represented as 1.50a here to make it sort in the intended order - drop patches that were merged upstream - debian/copyright: update * d/p/Don-t-require-.git-index-to-exist.patch: Fix FTBFS when .git/index doesn't exist -- Simon McVittie Sun, 20 Nov 2016 22:27:56 +0000 iortcw (1.42d+dfsg1-5) unstable; urgency=medium * Fix date(1) syntax when using SOURCE_DATE_EPOCH * Mark patches as applied upstream or Debian-specific, as appropriate * Always do a "release" build. Override OPTIMIZE to empty instead of using upstream's "debug" build for noopt. * Use upstream's copyfiles (install) target instead of reimplementing it * Write generated scripts directly into debian/tmp/usr/games * Add missing dependency on lsb-base, detected by lintian * Sync AppArmor profile with ioquake3 -- Simon McVittie Sat, 05 Nov 2016 22:36:05 +0000 iortcw (1.42d+dfsg1-4) unstable; urgency=medium * Normalize packaging via wrap-and-sort -abst * debian/gbp.conf: use DEP-14 branch names debian/master, upstream/latest * Remove rtcw-dbg binary package and rely on automatic dbgsym packages * debian/rules: improve get-orig-source target * Bump debhelper compat level to 10 - don't explicitly use dh-systemd, it is now integrated - don't explicitly do a parallel build, it is the default * debian/rules: align with ioquake3's (cosmetic changes only) -- Simon McVittie Wed, 21 Sep 2016 20:10:00 +0100 iortcw (1.42d+dfsg1-3) unstable; urgency=medium * Standards-Version: 3.9.8 (no changes required) * d/rules: remove misleading leftover comment * Upload to unstable -- Simon McVittie Sun, 17 Jul 2016 20:25:40 +0100 iortcw (1.42d+dfsg1-2) experimental; urgency=medium * apparmor: add a child profile for the "safe mode" popups (tested with xmessage and zenity - kdialog will probably need more rules) * apparmor: don't try to run dh_apparmor on non-Linux ports * apparmor: #include the local snippets created by dh_apparmor * Add patch to replace __DATE__ with $SOURCE_DATE_EPOCH if set; that variable is set automatically by recent debhelper * Add Documentation key to the systemd services * Add a patch fixing some spelling mistakes in user-visible messages (but not "persistant", which is unfortunately part of the API) * Enable full compiler hardening -- Simon McVittie Mon, 21 Mar 2016 09:39:40 +0000 iortcw (1.42d+dfsg1-1) experimental; urgency=medium * New upstream release - Please note that this upstream release changes the location of game files from ~/.iortcw to ~/.wolf. - debian/copyright: update - debian/rules: update get-orig-source * debian/scripts/rtcw.in: use ~/.wolf even in non-release snapshots that would normally use ~/.iortcw, for consistency * Add a patch to force the "autoupdate" mechanism to be disabled. This was off by default anyway, but if enabled, it would download and execute arbitrary code from Activision servers without authentication. * Switch Vcs-Git to https (see #810378) * Standards-Version: 3.9.7 (no changes needed) * Add experimental AppArmor profiles to protect the client and server, both in "complain" mode for now -- Simon McVittie Tue, 08 Mar 2016 08:00:37 +0000 iortcw (1.42b+20151119+dfsg1-1) experimental; urgency=medium * New upstream snapshot - build-depend on Freetype which is now enabled by default upstream - enable the new ARMv7 JIT on armhf, forcibly disable it elsewhere (avoiding uname) - debian/copyright: update * debian/rules: maintainer-get-orig-source: put the tarball in ../build-area -- Simon McVittie Sat, 21 Nov 2015 23:11:58 +0000 iortcw (1.42b+20150930+dfsg1-1) experimental; urgency=low * New package for Return to Castle Wolfenstein (Closes: #773742) - game-data-packager (>= 40) can package the required non-free data * Packaging based on ioquake3 * Initial Debian changes, similar to ioquake3: - exclude non-Free lcc compiler (licensed for non-commercial use only) - exclude {MP,SP}/media: licensing unclear, and not needed (game-data-packager downloads and repackages an unofficial content patch from iortcw at the same time it downloads the official patch) - exclude Free third-party libraries too, to simplify license compliance, and use system copies of those libraries instead: cURL, Freetype, libjpeg, libogg, OpenAL, libopus, SDL2, libvorbis, zlib - run in a window by default per Games Team policy - disable auto-downloading by default since it is a security risk - reinstate checks for executable file overwriting and remove code to unpack arbitrary native code from (potentially auto-downloaded) game mods, fixing vulnerabilities similar to CVE-2011-3012 but breaking some mods as an unfortunate but unavoidable side-effect -- Simon McVittie Mon, 05 Oct 2015 00:17:58 +0100