iortcw (1.51.b+dfsg1-3) unstable; urgency=medium
* Declare compliance with Debian Policy 4.1.3
* Replace kde-baseapps-bin dependency with kdialog (see #885839)
* AppArmor: Use <abstractions/wayland> from apparmor (>= 2.10.95-5)
instead of reinventing it
* AppArmor: Allow reading EGL vendor configuration
* AppArmor: Allow zenity to read from dconf
* Move packaging to salsa.debian.org
* AppArmor: Remove rules for OpenAL static data files, which are now
allowed by <abstractions/audio> (#874665 in apparmor)
-- Simon McVittie <smcv@debian.org> Mon, 15 Jan 2018 09:26:05 +0000
iortcw (1.51.b+dfsg1-2) unstable; urgency=medium
* Declare compliance with Debian Policy 4.1.1
* Set Rules-Requires-Root to no
-- Simon McVittie <smcv@debian.org> Mon, 06 Nov 2017 10:19:01 +0000
iortcw (1.51.b+dfsg1-1) unstable; urgency=medium
* New upstream release
- Drop patch from previous version, now upstream
* Declare compliance with Debian Policy 4.1.0
* d/watch: Mangle version number so the trailing "b" is not considered
to be less than +dfsg
-- Simon McVittie <smcv@debian.org> Fri, 08 Sep 2017 11:18:04 +0100
iortcw (1.51+dfsg1-3) unstable; urgency=medium
* d/p/1.52/All-Fix-improve-buffer-overflow-in-MSG_ReadBits-MSG_Write.patch:
Add patch (from ioquake3 via upstream) to fix a read buffer overflow
in MSG_ReadBits (CVE-2017-11721)
-- Simon McVittie <smcv@debian.org> Sat, 05 Aug 2017 11:56:31 +0100
iortcw (1.51+dfsg1-2) unstable; urgency=medium
* d/copyright, d/rules: Update to reflect addition of COPYING.txt
to the upstream repository (the license remains the same)
* d/apparmor.d: Allow even more device enumeration
* Declare compliance with Debian Policy 4.0.0
-- Simon McVittie <smcv@debian.org> Mon, 24 Jul 2017 07:40:19 +0100
iortcw (1.51+dfsg1-1) unstable; urgency=medium
* Reference CVE-2017-6903 in previous changelog entry
* Reset git branch to debian/master
* New upstream release
- drop patches that came from upstream
* d/copyright: Fix format declaration
* AppArmor: Allow reading OpenAL static data files
-- Simon McVittie <smcv@debian.org> Thu, 15 Jun 2017 11:33:12 +0100
iortcw (1.50a+dfsg1-3) unstable; urgency=high
* d/gbp.conf: switch branch to debian/stretch for updates during freeze
* d/patches: Add patches from upstream fixing security vulnerabilities
- refuse to load potentially auto-downloadable .pk3 files as
iortcw renderers, iortcw game code, libcurl, or OpenAL drivers
(mitigation: auto-downloading is off by default, and in Debian
we do not dlopen libcurl anyway)
- refuse to load default configuration file names from a .pk3 file
- protect cl_renderer, cl_curllib, s_aldriver configuration variables so
game code cannot set them
- refuse to overwrite files other than *.txt with the dump console
command
- refuse to overwrite files other than *.cfg with the writeconfig
console command
(Closes: #857714; CVE-2017-6903)
-- Simon McVittie <smcv@debian.org> Tue, 14 Mar 2017 09:37:19 +0000
iortcw (1.50a+dfsg1-2) unstable; urgency=medium
* Drop unused libspeexdsp-dev build-dependency
(VoIP is now done using the Opus codec)
* debian/watch: strip +dfsg1 suffix when comparing versions even if
working from a release and not a datestamped snapshot
* debian/apparmor.d: allow more forms of device enumeration
-- Simon McVittie <smcv@debian.org> Sat, 21 Jan 2017 20:25:48 +0000
iortcw (1.50a+dfsg1-1) unstable; urgency=medium
* New upstream release 1.5a, represented as 1.50a here to make it
sort in the intended order
- drop patches that were merged upstream
- debian/copyright: update
* d/p/Don-t-require-.git-index-to-exist.patch: Fix FTBFS when
.git/index doesn't exist
-- Simon McVittie <smcv@debian.org> Sun, 20 Nov 2016 22:27:56 +0000
iortcw (1.42d+dfsg1-5) unstable; urgency=medium
* Fix date(1) syntax when using SOURCE_DATE_EPOCH
* Mark patches as applied upstream or Debian-specific, as
appropriate
* Always do a "release" build. Override OPTIMIZE to empty instead of
using upstream's "debug" build for noopt.
* Use upstream's copyfiles (install) target instead of reimplementing it
* Write generated scripts directly into debian/tmp/usr/games
* Add missing dependency on lsb-base, detected by lintian
* Sync AppArmor profile with ioquake3
-- Simon McVittie <smcv@debian.org> Sat, 05 Nov 2016 22:36:05 +0000
iortcw (1.42d+dfsg1-4) unstable; urgency=medium
* Normalize packaging via wrap-and-sort -abst
* debian/gbp.conf: use DEP-14 branch names debian/master, upstream/latest
* Remove rtcw-dbg binary package and rely on automatic dbgsym packages
* debian/rules: improve get-orig-source target
* Bump debhelper compat level to 10
- don't explicitly use dh-systemd, it is now integrated
- don't explicitly do a parallel build, it is the default
* debian/rules: align with ioquake3's (cosmetic changes only)
-- Simon McVittie <smcv@debian.org> Wed, 21 Sep 2016 20:10:00 +0100
iortcw (1.42d+dfsg1-3) unstable; urgency=medium
* Standards-Version: 3.9.8 (no changes required)
* d/rules: remove misleading leftover comment
* Upload to unstable
-- Simon McVittie <smcv@debian.org> Sun, 17 Jul 2016 20:25:40 +0100
iortcw (1.42d+dfsg1-2) experimental; urgency=medium
* apparmor: add a child profile for the "safe mode" popups (tested
with xmessage and zenity - kdialog will probably need more rules)
* apparmor: don't try to run dh_apparmor on non-Linux ports
* apparmor: #include the local snippets created by dh_apparmor
* Add patch to replace __DATE__ with $SOURCE_DATE_EPOCH if set;
that variable is set automatically by recent debhelper
* Add Documentation key to the systemd services
* Add a patch fixing some spelling mistakes in user-visible messages
(but not "persistant", which is unfortunately part of the API)
* Enable full compiler hardening
-- Simon McVittie <smcv@debian.org> Mon, 21 Mar 2016 09:39:40 +0000
iortcw (1.42d+dfsg1-1) experimental; urgency=medium
* New upstream release
- Please note that this upstream release changes the location of game
files from ~/.iortcw to ~/.wolf.
- debian/copyright: update
- debian/rules: update get-orig-source
* debian/scripts/rtcw.in: use ~/.wolf even in non-release snapshots that
would normally use ~/.iortcw, for consistency
* Add a patch to force the "autoupdate" mechanism to be disabled.
This was off by default anyway, but if enabled, it would download and
execute arbitrary code from Activision servers without authentication.
* Switch Vcs-Git to https (see #810378)
* Standards-Version: 3.9.7 (no changes needed)
* Add experimental AppArmor profiles to protect the client and server,
both in "complain" mode for now
-- Simon McVittie <smcv@debian.org> Tue, 08 Mar 2016 08:00:37 +0000
iortcw (1.42b+20151119+dfsg1-1) experimental; urgency=medium
* New upstream snapshot
- build-depend on Freetype which is now enabled by default upstream
- enable the new ARMv7 JIT on armhf, forcibly disable it elsewhere
(avoiding uname)
- debian/copyright: update
* debian/rules: maintainer-get-orig-source: put the tarball in
../build-area
-- Simon McVittie <smcv@debian.org> Sat, 21 Nov 2015 23:11:58 +0000
iortcw (1.42b+20150930+dfsg1-1) experimental; urgency=low
* New package for Return to Castle Wolfenstein (Closes: #773742)
- game-data-packager (>= 40) can package the required non-free data
* Packaging based on ioquake3
* Initial Debian changes, similar to ioquake3:
- exclude non-Free lcc compiler (licensed for non-commercial use only)
- exclude {MP,SP}/media: licensing unclear, and not needed
(game-data-packager downloads and repackages an unofficial content patch
from iortcw at the same time it downloads the official patch)
- exclude Free third-party libraries too, to simplify license compliance,
and use system copies of those libraries instead:
cURL, Freetype, libjpeg, libogg, OpenAL, libopus, SDL2, libvorbis, zlib
- run in a window by default per Games Team policy
- disable auto-downloading by default since it is a security risk
- reinstate checks for executable file overwriting and remove code to
unpack arbitrary native code from (potentially auto-downloaded)
game mods, fixing vulnerabilities similar to CVE-2011-3012 but
breaking some mods as an unfortunate but unavoidable side-effect
-- Simon McVittie <smcv@debian.org> Mon, 05 Oct 2015 00:17:58 +0100