[ioquake3] 06/06: Merge branch 'debian/stretch' into debian/master
Simon McVittie
smcv at debian.org
Tue Mar 14 11:15:03 UTC 2017
This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to branch debian/master
in repository ioquake3.
commit 88c4ce41ce26e2af7933e9ce445c37de4bac74e7
Merge: 5087e21 65ca89c
Author: Simon McVittie <smcv at debian.org>
Date: Tue Mar 14 11:14:03 2017 +0000
Merge branch 'debian/stretch' into debian/master
debian/changelog | 24 +++++++
...mation-if-a-user-enables-auto-downloading.patch | 72 ++++++++++++++++++++
...-as-.dlls-and-don-t-load-user-config-file.patch | 76 ++++++++++++++++++++++
.../Don-t-open-.pk3-files-as-OpenAL-drivers.patch | 33 ++++++++++
...file-writing-extension-checks-from-OpenJK.patch | 50 ++++++++++++++
debian/patches/series | 4 ++
6 files changed, 259 insertions(+)
diff --cc debian/changelog
index 0d96e23,33c42fd..9367ce5
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,10 -1,27 +1,34 @@@
+ioquake3 (1.36+u20170227+dfsg1-1) UNRELEASED; urgency=medium
+
+ * debian/apparmor.d: allow more forms of device enumeration
+ * New upstream snapshot
+
+ -- Simon McVittie <smcv at debian.org> Sat, 21 Jan 2017 20:17:57 +0000
+
+ ioquake3 (1.36+u20161101+dfsg1-2) unstable; urgency=high
+
+ * d/gbp.conf: switch branch to debian/stretch for updates during freeze
+ * d/patches: Add patches from upstream fixing security vulnerabilities
+ - refuse to load potentially auto-downloadable .pk3 files as
+ ioquake3 renderers, ioquake3 game code, libcurl, or OpenAL drivers
+ (mitigation: auto-downloading is off by default, and in Debian
+ we do not dlopen libcurl anyway)
+ - refuse to load default configuration file names from a .pk3 file
+ - protect cl_renderer, cl_curllib, s_aldriver configuration variables so
+ game code cannot set them
+ - refuse to overwrite files other than *.txt with the dump console
+ command
+ - refuse to overwrite files other than *.cfg with the writeconfig
+ console command
+ (Closes: #857699)
+ * Add patch adapted from openarena to request confirmation before
+ enabling auto-downloading if the native-code Quake III Arena UI is
+ in use. Unfortunately this is not the case with quake3_46, but
+ I'm adding this patch in the hope that the wrapper script can
+ be fixed before the stretch release.
+
+ -- Simon McVittie <smcv at debian.org> Tue, 14 Mar 2017 10:14:37 +0000
+
ioquake3 (1.36+u20161101+dfsg1-1) unstable; urgency=medium
* New upstream snapshot
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/ioquake3.git
More information about the Pkg-games-commits
mailing list