This is an automated email from the git hooks/post-receive script. smcv pushed a commit to branch debian/master in repository ioquake3.
commit 88c4ce41ce26e2af7933e9ce445c37de4bac74e7 Merge: 5087e21 65ca89c Author: Simon McVittie <[email protected]> Date: Tue Mar 14 11:14:03 2017 +0000 Merge branch 'debian/stretch' into debian/master debian/changelog | 24 +++++++ ...mation-if-a-user-enables-auto-downloading.patch | 72 ++++++++++++++++++++ ...-as-.dlls-and-don-t-load-user-config-file.patch | 76 ++++++++++++++++++++++ .../Don-t-open-.pk3-files-as-OpenAL-drivers.patch | 33 ++++++++++ ...file-writing-extension-checks-from-OpenJK.patch | 50 ++++++++++++++ debian/patches/series | 4 ++ 6 files changed, 259 insertions(+) diff --cc debian/changelog index 0d96e23,33c42fd..9367ce5 --- a/debian/changelog +++ b/debian/changelog @@@ -1,10 -1,27 +1,34 @@@ +ioquake3 (1.36+u20170227+dfsg1-1) UNRELEASED; urgency=medium + + * debian/apparmor.d: allow more forms of device enumeration + * New upstream snapshot + + -- Simon McVittie <[email protected]> Sat, 21 Jan 2017 20:17:57 +0000 + + ioquake3 (1.36+u20161101+dfsg1-2) unstable; urgency=high + + * d/gbp.conf: switch branch to debian/stretch for updates during freeze + * d/patches: Add patches from upstream fixing security vulnerabilities + - refuse to load potentially auto-downloadable .pk3 files as + ioquake3 renderers, ioquake3 game code, libcurl, or OpenAL drivers + (mitigation: auto-downloading is off by default, and in Debian + we do not dlopen libcurl anyway) + - refuse to load default configuration file names from a .pk3 file + - protect cl_renderer, cl_curllib, s_aldriver configuration variables so + game code cannot set them + - refuse to overwrite files other than *.txt with the dump console + command + - refuse to overwrite files other than *.cfg with the writeconfig + console command + (Closes: #857699) + * Add patch adapted from openarena to request confirmation before + enabling auto-downloading if the native-code Quake III Arena UI is + in use. Unfortunately this is not the case with quake3_46, but + I'm adding this patch in the hope that the wrapper script can + be fixed before the stretch release. + + -- Simon McVittie <[email protected]> Tue, 14 Mar 2017 10:14:37 +0000 + ioquake3 (1.36+u20161101+dfsg1-1) unstable; urgency=medium * New upstream snapshot -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/ioquake3.git _______________________________________________ Pkg-games-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-games-commits
