openarena (0.8.5-5+squeeze3) stable-security; urgency=low

  * Add CVE reference to changelog and patch for previous version, now that
    one has been allocated
  * Incorporate ioquake3 r1763 into the patch for rate-limiting, to fix
    potential use of uninitialized variables if the network address family
    is unexpected
  * Apply ioquake3 r1898 to fix a regression caused by rate-limiting,
    in which the server would stop responding to getstatus after an uptime
    of 2**32 milliseconds (approximately 50 days) (Closes: #665945)

 -- Simon McVittie <smcv@debian.org>  Thu, 29 Mar 2012 20:40:46 +0100

openarena (0.8.5-5+squeeze2) stable-security; urgency=low

  * Apply ioquake3 r1762 to rate-limit getstatus and rcon connectionless
    packets, to avoid their use for traffic amplification.
    CVE-2010-5077 (Closes: #665656)

 -- Simon McVittie <smcv@debian.org>  Sun, 25 Mar 2012 19:34:53 +0100

openarena (0.8.5-5+squeeze1) stable; urgency=medium

  * Apply upstream r2098 to fix arbitrary code execution by malicious QVM
    bytecode, which could be auto-downloaded from a malicious server
    if enabled. CVE-2011-2764 (Closes: #635733)

 -- Simon McVittie <smcv@debian.org>  Thu, 28 Jul 2011 14:22:31 +0100

openarena (0.8.5-5) unstable; urgency=medium

  * Add patch (already upstream as oax r239) to fix a crash if a non-client
    object is damaged by a non-player source, e.g. setting off the Kamikaze
    near a powerup (Closes: #599866)

 -- Simon McVittie <smcv@debian.org>  Mon, 11 Oct 2010 19:40:30 +0100

openarena (0.8.5-4) unstable; urgency=low

  * Build a second copy of the game logic and install it in a subdirectory.
    It turns out that OpenArena 0.8.1 and 0.8.5 aren't network-compatible.
  * Depend on openarena-data (>= 0.8.5-3~) which causes us to load the
    0.8.1-compatible game logic whenever the upstream version would use
    0.8.1's bytecode (Closes: #592965)

 -- Simon McVittie <smcv@debian.org>  Tue, 24 Aug 2010 20:20:07 +0100

openarena (0.8.5-3) unstable; urgency=medium

  * Add patch from oax r203 to fix server crashes if a player joins, then
    rapidly leaves or dies (Closes: #592020)

 -- Simon McVittie <smcv@debian.org>  Sun, 08 Aug 2010 11:53:58 +0100

openarena (0.8.5-2) unstable; urgency=low

  [ Simon McVittie ]
  * Improve patch tagging/attribution
  * Add patch from ioquake3 r1788 to avoid buffer overflows
  * Upload to unstable, now that -data 0.8.1+dfsg1-1 has migrated    

  [ Ansgar Burchardt ]
  * debian/control: Remove myself from Uploaders.

 -- Simon McVittie <smcv@debian.org>  Tue, 03 Aug 2010 10:58:54 +0100

openarena (0.8.5-1) experimental; urgency=low

  * New upstream version (Closes: #573995)
  * Repack upstream tarball to have engine and game subdirectories; the
    engine subdirectory is from ioquake3 svn, and the game subdirectory
    is from Open Arena Expanded (the stuff previously applied as a patch)
  * Apply some of the OpenArena changes to ioquake3 as Debian patches; move
    the remaining OpenArena changes to debian/unapplied/
  * Adjust previous Debian patches to apply to this structure
  * q3arch.sh: be more pedantic about the listed architectures, since they
    have to be kept in sync with q_platform.h (possibly fixing OA on mipsel,
    if it will even run there)
  * Add a stub watch file explaining why we can't use uscan for OA
  * Standards-Version: 3.9.1 (no changes needed)
    - one known Policy violation: the embedded libjpeg is filed as #495966

 -- Simon McVittie <smcv@debian.org>  Thu, 29 Jul 2010 21:05:41 +0100

openarena (0.8.1-8) unstable; urgency=low

  * Add myself to Uploaders
  * Standards-Version: 3.9.0 (no changes needed)
  * Ship the source code for the game logic (normally in QVN bytecode files,
    which need a non-free compiler), from openarena-modSDK-0.8.1.tar.bz2;
    compile it to native code and package it in openarena-server
    (Closes: #559240)
  * Make openarena depend on openarena-server, to avoid having to add a third
    binary package for the game code (this adds less than 1MB to an
    installation of openarena)
  * Load data from /usr/lib, and create symlinks to the PK3 files in
    /usr/share, to avoid having to define yet another search path
  * Load game logic as native code if the QVM file starts with magic number
    'NTVE', even on pure servers
  * Tighten versioned dependency on openarena-data - now that we're shipping
    the game logic here and the rest in openarena-data, we need to make sure
    they're in sync

 -- Simon McVittie <smcv@debian.org>  Thu, 22 Jul 2010 00:38:00 +0100

openarena (0.8.1-7) unstable; urgency=low

  * Use memmove instead of strcpy for overlapping memory regions.
    (LP: #554748)
    + new patch: memmove.patch
  * Fix spelling error.
    + new patch: spelling.patch
  * debian/control: Add ${misc:Depends} to binary package dependencies.
  * Bump Standards-Version to 3.8.4 (no changes).

 -- Ansgar Burchardt <ansgar@43-1.org>  Mon, 07 Jun 2010 13:49:36 +0900

openarena (0.8.1-6) unstable; urgency=low

  * Convert source package to format 3.0 quilt
    * Drop build dependency on quilt
    * Remove quilt calls from debian/rules
    * Drop build dependency on sharutils, because we now can ship (binary) PNG
      icons in debian 3.0 source packages
  * Import a patch from Simon McVittie (see #546184 for details) to fix building
    openarena on amd64 processors with a 32bit userland. Thanks to Simon
    McVittie! (Closes: #546184)
  * Allow parallel builds for SMP machines to speed up building openarena
  * Update Vcs-* fields as this package now lives in Git

 -- Bruno "Fuddl" Kleinert <fuddl@debian.org>  Thu, 19 Nov 2009 17:37:45 +0100

openarena (0.8.1-5) unstable; urgency=low

  [ Gonéri Le Bouder ]
  * Segfault when deleting non-existent ban address 0, thanks Guillaume
    Delacour (Closes: #532212)
  * Standards version: 3.8.3
   - README.source to explain how the quilt patch system works 
  
  [ Paul Wise ]
  * Drop the dh_desktop call

 -- Gonéri Le Bouder <goneri@rulezlan.org>  Fri, 21 Aug 2009 20:16:35 +0200

openarena (0.8.1-4) unstable; urgency=low

  [ Gonéri Le Bouder ]
  * fix FTBFS on kFreeBSD, thanks Cyril Brulebois (#413617)
  * Standard version 3.8.1, no change

  [ Paul Wise ]
  * Makes the desktop file valid according to desktop-file-validate

 -- Gonéri Le Bouder <goneri@rulezlan.org>  Sun, 19 Apr 2009 19:49:34 +0200

openarena (0.8.1-3) unstable; urgency=low

  * Turn on BUILD_CLIENT_SMP (Closes: #517894) 

 -- Gonéri Le Bouder <goneri@rulezlan.org>  Mon, 02 Mar 2009 21:47:05 +0100

openarena (0.8.1-2) unstable; urgency=low

  * Upload to unstable
  * Add myself in uploaders:

 -- Gonéri Le Bouder <goneri@rulezlan.org>  Sat, 14 Feb 2009 15:42:55 +0100

openarena (0.8.1-1) experimental; urgency=low

  * New upstream release
  * Remove dfsg from version string because upstream no longer distributes
    non-free code
  * Update my email address where necessary
  * Install documentation files in the binary packages openarena and
    openarena-server 
  * Switch to quilt as patch management system
    * Use quilt in debian/rules
    * Import existing patches to quilt
    * Drop dpatch and add quilt als build dependency
  * Refresh/edit 10_remove_upstream_build_flags.diff: We want to keep
    distribution-specific build flags in our rules file
  * Add 20_dont_build_shipped_jpeg.diff to build against system jpeg library
    (Closes: #495966)
  * Add 30_link_against_local_libspeex.diff to build against system speex and
    speexdsp libraries

 -- Bruno "Fuddl" Kleinert <fuddl@debian.org>  Sun, 23 Nov 2008 23:19:22 +0100

openarena (0.7.7+dfsg1-1) unstable; urgency=low

  * Remove non-free code/tools/lcc (Closes: #496346)
    + Remove hunk from patch 10_fix_build_and_binary_on_alpha
    + debian/rules: Add BUILD_GAME_QVM=0 to $(MAKE) call
      (thanks to Peter De Wachter)
  * Remove code/libs containing binary libraries for Mac OS X and Win32
  * debian/copyright: Explain which parts of upstream's sources were removed
  * debian/rules: replace ${source:Upstream-Version} by 0.7.7
    because the variable also contains the `+dfsg1' part
  * Add -fsigned-char to compiler options (Closes: #487970)
    (thanks to Peter De Wachter)
  * Add myself to Uploaders
  * debian/control: Remove article from beginning of short description,
    don't start short description with a capital letter
  * debian/openarena.6: Escape minus signs
    + fixes lintian warnings: hyphen-used-as-minus-sign

 -- Ansgar Burchardt <ansgar@43-1.org>  Fri, 05 Sep 2008 21:14:51 +0200

openarena (0.7.7-1) unstable; urgency=low

  * New upstream release (Closes: #485675)
  * Add 10_remove_upstream_build_flags.dpatch to remove hard-wired build flags
  * Get rid of wrapper scripts
    * Update manpages to reflect the lack of --help, which was formerly
      interpreted by the wrapper scripts
    * Update debian/rules to install binaries in /usr/games instead of
      /usr/lib/games/openarena

 -- Bruno "Fuddl" Kleinert <fuddl@tauware.de>  Tue, 24 Jun 2008 12:03:06 +0200

openarena (0.7.6-1) unstable; urgency=low

  [ Bruno "Fuddl" Kleinert ]
  * New upstream release
  * Freshen 10_fix_build_and_binary_on_alpha.dpatch to apply to latest
    upstream sources
  * Remove 10-fix_menudef.h_includes.dpatch which pulled in a missing header
    file. The header is now included in the upstream tarball.
  * Remove debian/watch, because upstream places its new releases too often to
    different download locations
  * Updated debian/copyright to reflect the download location
  * Expand copyright years in debian/copyright

 -- Bruno "Fuddl" Kleinert <fuddl@tauware.de>  Thu, 24 Apr 2008 14:33:54 +0200

openarena (0.7.0-3) unstable; urgency=low

  [ Bruno "Fuddl" Kleinert ]
  * Rename XS-Vcs-fields to Vcs-fields in the control file
  * Remove Homepage URLs from package descriptions
  * Update my email address where necessary
  * Update to standards version 3.7.3.0. No changes
  * Add comment to 10-fix_menudef.h_includes.dpatch. Found by lintian
  * Install PNG desktop icon to correct location
  * Build-Depend on libcurl4-gnutls-dev instead of deprecated libcurl3-dev
  * Build-depend on debhelper >= 5.0.51. Found by lintian
    * We need dh_icons of version >= 5.0.51

  [ Ansgar Burchardt ]
  * Remove deprecated Encoding key from .desktop file

 -- Bruno "Fuddl" Kleinert <fuddl@tauware.de>  Sat, 22 Mar 2008 14:23:16 +0100

openarena (0.7.0-2) unstable; urgency=low

  * Fix inadvertent installation of files below usr/share/doc/openarena-server
    by the openarena (client) package. (Closes: #440173)

  [ Barry deFreese ]
  * Add watch file

  [ Jon Dowland ]
  * add Homepage: control field to source stanza

 -- Jon Dowland <jon@alcopop.org>  Mon, 03 Dec 2007 17:45:55 +0000

openarena (0.7.0-1) unstable; urgency=low

  [ Bruno "Fuddl" Kleinert ]
  * New upstream release (Closes: #432477)
  * Build-depend on libcurl3-dev (Closes: #430739)
  * Adjuste Debian menu file to the new menu structure
  * Improved README.Debian
  * Unified any kind of "Open Arena" spelling to "OpenArena"
  * 10_fix_buffer_overflow_and_format_string_bug_in_auth_server_response.dpatch
    merged with upstream
  * 10_fix-gcc4.2-compilation.dpatch fixed by upstream
  * Add 10-fix_menudef.h_includes.dpatch to add forgotten header and fix wrong
    #include-paths of that file
  * Add build dependency libvorbis-dev
  * Documentation moved into openarena-data

  [ Cyril Brulebois ]
  * Added XS-Vcs-Svn and XS-Vcs-Browser fields in the control file.

 -- Bruno "Fuddl" Kleinert <fuddl@gmx.de>  Fri, 10 Aug 2007 19:54:35 +0200

openarena (0.6.0-4) unstable; urgency=low

  * Update build dependencies to libcurl4
  * Add patch to make the engine compile with gcc-4.2 (Closes: #410178)

 -- Bruno "Fuddl" Kleinert <fuddl@gmx.de>  Fri, 22 Jun 2007 12:42:36 +0200

openarena (0.6.0-3) unstable; urgency=low

  * Exchanged "Quake 3" stuff in wrapper scripts by "OpenArena"
  * Replaced german-english mixture 'ego-shooter' by first-person shooter (Closes: #411205)
  * Fixed bash-specific syntax in the openarena wrapper script (Closes: #411350)
  * Don't dlopen() libcurl to have it automatically in binary dependency list
  * Fix build and resulting binary on alpha. Thanks Steve Langasek for the
    patch! (Closes: #410555)

 -- Bruno "Fuddl" Kleinert <fuddl@gmx.de>  Wed,  2 May 2007 21:28:55 +0200

openarena (0.6.0-2) unstable; urgency=low

  [ Bruno "Fuddl" Kleinert ]
  * Fix a buffer overflow in auth server response processing

  [ Gonéri Le Bouder ]
  * call dh_desktop to run update-desktop-database

  [ Jon Dowland ]
  * fix spelling in debian/control

 -- Jon Dowland <jon@alcopop.org>  Sat, 20 Jan 2007 12:28:09 +0000

openarena (0.6.0-1) unstable; urgency=low

  * Initial release (Closes: #380100)

 -- Bruno "Fuddl" Kleinert <fuddl@gmx.de>  Wed,  6 Dec 2006 15:38:12 +0100
