libupnp (1:1.6.24-4) unstable; urgency=medium * Fix patch 18-url-upnpstrings.patch to have working compat functions for the (upstream) fixed-length strings. * Add still more compat code to ease applications to compile against both libupnp 1.6 and 1.8. -- Uwe Kleine-König Fri, 22 Dec 2017 16:56:01 +0100 libupnp (1:1.6.24-3) unstable; urgency=medium * Specify details for "public domain" in debian/copyright to please lintian. * Switch to https URI for copyright-format * Update Standards-Version to 4.1.2 (no changes required). * Add Multi-Arch: headers and switch libupnp-dev to arch-any. Thanks to Helmut Grohne who provided a slightly different patch. (Closes: #843216) * Add more and fix existing compat code. -- Uwe Kleine-König Tue, 19 Dec 2017 22:28:06 +0100 libupnp (1:1.6.24-2) unstable; urgency=high * Cherry pick "Fix segmentation fault in http_MakeMessage" from upstream. (Closes: #883118) * Ensure that the assert(0) in http_MakeMessage isn't hit if fmt contains 'E'. Thanks to Tobi Frost for the patch. -- Uwe Kleine-König Sun, 10 Dec 2017 23:02:08 +0100 libupnp (1:1.6.24-1) unstable; urgency=medium * Fix Vcs URL to not use an insecure URI * Fix machine parsable copyright to use standard name for "public-domain" * New upstream release -- Uwe Kleine-König Sat, 25 Nov 2017 22:13:26 +0100 libupnp (1:1.6.22-1) unstable; urgency=medium * New upstream release: + drop 01-debian-md5-licence.patch, solved similar upstream + drop 24-miniserver_IPV4_INADDR_ANY.patch, CVE-2016-6255.patch, CVE-2016-8863.patch and miniserver-fix-binding-to-ipv6-link-local-addresses.patch, all applied upstream. * Drop explicit -dbg package and rely on autogenerated -dbgsym instead. * Take maintainership. (Closes: #857211) * Various packaging cleanups -- Uwe Kleine-König Wed, 09 Aug 2017 09:31:36 +0200 libupnp (1:1.6.19+git20160116-1.2) unstable; urgency=high * Non-maintainer upload. * Fix out-of-bounds-access (CVE-2016-8863, Closes: #842093) * Fix usage on ipv6 enabled hosts (Closes: #813249) -- Uwe Kleine-König Fri, 09 Dec 2016 10:40:28 +0100 libupnp (1:1.6.19+git20160116-1.1) unstable; urgency=high * Non-maintainer upload. * Don't allow unhandled POSTs to write to the filesystem by default (Closes: #831857) (CVE-2016-6255) Thanks to Matthew Garrett for the patch. -- James Cowgill Wed, 19 Oct 2016 21:03:51 +0100 libupnp (1:1.6.19+git20160116-1) unstable; urgency=medium * Update to latest git: + Don't fail if IPv6 is unavailable, we might be running on an IPv4-only host (Closes: #781876). + Don't define strndup and strnlen if autoconf says we already have them (Closes: #807393). * Add a patch to have Doxygen not write timestamps in the generated documentation to allow package builds to be reproducible. [Jérémy Bobbio ] (patch 22) (Closes: #774518). * Bind miniserver sockets to our given IP address not INADDR_ANY (patch 24). * libupnp6-doc: add override of embedded-javascript-library for jquery.js, see README.jquery in doxygen itself for why (lintian, Policy section 4.13). * Fix lintian binary-file-built-without-LFS-support for libixml: fix libixml Makefile.am, fseeko and #includes, and define AC_USE_LARGEFILE in configure.ac instead of the direct messing with 64bit #defines (patch 27). -- Nick Leverton Sun, 17 Jan 2016 01:03:04 +0000 libupnp (1:1.6.19+git20141001-1) unstable; urgency=low * Ack both NMUs, thankyou for your care of this package. * New upstream release (Closes: #740584, #670964). We take the git version as the git log suggests some worthwhile security and reliability fixes. * Build for IPv6 (note, UpnpInit() only enables IPv4 connections so most existing libupnp users need not be aware of this). * Change Priority to "optional" (Closes: #740582). * Remove patch 0001-Security-fix-for-CERT-issue-VU-922681 now in upstream. * Improve debian/rules hardening option usage stuff. * Update Standards-Version to 3.9.6 (no changes required). * Fix "memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */" in our copy of Colin Plumb's md5.c (patch 01-debian-md5-licence.patch). * Disable build tests since we aren't guaranteed to have network access in buildds (patch 19). -- Nick Leverton Wed, 08 Oct 2014 00:09:27 +0100 libupnp (1:1.6.17-1.2) unstable; urgency=high * Non-maintainer upload by the Security Team. * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix various stack-based buffer overflows in service_unique_name() function. This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699316 -- Yves-Alexis Perez Fri, 01 Feb 2013 21:56:12 +0100 libupnp (1:1.6.17-1.1) unstable; urgency=high * Non-maintainer upload. * libupnp6-doc Replaces libupnp3-dev (closes: #670894) -- Julien Cristau Tue, 08 May 2012 16:59:14 +0200 libupnp (1:1.6.17-1) unstable; urgency=low * Ack NMU, thankyou for your work on this package. * New upstream release, rename to libupnp6 for upstream's soname bump. (LP: #855339, LP: #648506). Now includes IPv6 support. * Update from upstream git to get reinstated UpnpSetVirtualDirCallbacks API. * Remove all patches that are now in upstream. * Update remaining patches (01,07,12) for new upstream coding standards. * Remove fixed-length URLs from upnpapi (patch 18, Closes: #353169). * Update to debhelper v9 to get multi-arch and build-hardening in dh. * Update to Policy 3.9.3, and note that we are "discouraged" from shipping three libraries in this package but live with it for now. * Convert to multiarch. * libupnp-dev metapackage is now Arch: all. * Override lintian about versioned Conflicts and dupe files in docs. * Update debian/copyright to DEP-5 v1.0. * Generate up-to-date docs for the current API and ship a -doc package. -- Nick Leverton Sat, 14 Apr 2012 20:58:59 +0100 libupnp (1:1.6.6-5.1) unstable; urgency=low * Non-maintainer upload. * Don't ship .la files (Closes: #622520). -- Luk Claes Sat, 25 Jun 2011 20:01:57 +0200 libupnp (1:1.6.6-5) unstable; urgency=low * Fixes to BSD build issues (Closes: #573319, FTBFS on Gnu/kFreeBSD) * We no longer Build-Depend on dbs anyway (Closes: #576068) * More debug tidying (07-neaten-debug.patch): - send UPNP_CRITICAL msgs to the info log as well as to the error log. - don't print HTTP headers to stdout as they're already in logfile. * Always compile in logging code but don't log unless requested (12-debian-always-debug.patch) to help porting other apps. * Cherry-pick some upstream bug fixes: - soap_request_and_response http_request parameter error from r486 - "reuseaddr" patch from issue 2995758 backported from r548 - threadpool hang when busy from r515 - memory leak in SSDP AdvertiseAndReply from issue 2392304, r518 * Add $PTHREAD_CFLAGS to libupnp.pc as assumed by {acx,ax}_pthread.m4 (patch 16, Closes: #555386). -- Nick Leverton Fri, 14 May 2010 15:47:17 +0100 libupnp (1:1.6.6-4) unstable; urgency=low * New patch 03-fix-duplicate-entries: fix FTBFS by removing duplicates from file list; patch by Stefan Potyra (Closes: #572859) * Update Sections (Closes: #519926) and general Policy to 3.8.4 * Use debhelper 7 dh instead of dbs * Generate and update symbols file * Allow to co-exist with latest libupnp4. * Patch 06-patch-statevar-query.patch adapted from upstream 1.8 branch to fix format of State Variable Query response. * Fix sending of incorrect timeout on auto renew (patch 10). -- Nick Leverton Mon, 08 Mar 2010 18:23:14 +0000 libupnp (1:1.6.6-3) unstable; urgency=high [ Dmitry E. Oboukhov ] * Added libupnp-dev with depends to libupnp3-dev, really closes: #490339, #490533. [ Nick Leverton ] * Include GNU/kfreeBSD build patch (Closes: #491173) -- Nick Leverton Mon, 21 Jul 2008 20:57:42 +0100 libupnp (1:1.6.6-2) unstable; urgency=low * Bump epoch and add Conflicts with libupnp4, to displace incorrect upload of libupnp4 which displaced this package. Closes: #490339 * Fix the erroneous bug 426833 reference in old changelog, don't just document that it was wrong. Closes: #490536 * Standards-Version bumped to 3.8.0, compat bumped to 7. -- Nick Leverton Sun, 13 Jul 2008 10:39:17 +0100 libupnp (1.6.6-1) unstable; urgency=low * New upstream release * Remove patch 03-upstream-upnp-rootdevice.patch, now in upstream. * Remove buggy patch 02-debian-fixed-length-buffer-for-urls.patch (Closes: #482737, reopens #353169). libupnp4 will include upstream's wider changes for ridding the library of fixed-length static buffers. * Update watchfile again for better uscan pattern matching * Build -dbg symbol package anyway; allow pupnp "--enable-debug" via DEB_BUILD_OPTIONS="debug" * Update copyright file to reflect all contributors. * Tidy up build to use dh_install. -- Nick Leverton Thu, 19 Jun 2008 18:27:11 +0100 libupnp (1.6.5-2) unstable; urgency=low * Correct New Maintainer bug number (was given as #426833, should be #462833) (really Closes: #462833). * Replace RSA Inc copyright MD5 functions by public domain implementation (Closes: #459516). * Remove Build-dep on doc++ as upstream now ships documentation in tarball (Closes: #307562). * Dynamically allocated buffer for uPnP Action urls (Closes: #353169). * Update Description to match current fork of upstream. * Fix watchfile to omit libupnp-doc tarballs. * No longer ignore "upnp:rootdevice" advertisement, upstream svn r326 (03-upstream-upnp-rootdevice.patch). -- Nick Leverton Mon, 21 Apr 2008 22:20:53 +0100 libupnp (1.6.5-1) unstable; urgency=low * New upstream release (Closes: #426388, #439373) * New maintainer (Closes: #462833) * Upstream soname changed, bump package to libupnp3 * Make libupnp-dev depend on matching version of libupnp3 -- Nick Leverton Sun, 24 Feb 2008 10:29:48 +0000 libupnp (1.4.3-2) unstable; urgency=low * Make libupnp-dev depend on libupnp2. -- Steve McIntyre <93sam@debian.org> Sat, 28 Apr 2007 16:58:23 +0100 libupnp (1.4.3-1) unstable; urgency=low * New upstream release from pupnp fork (Closes: #392783, #400903, #320949). * Do not claim libupnp-dev contains debugging symbols (Closes: #350115). * Update to Standards-Version 3.7.2. * Remove unnecessary ${shlibs:Depends} from libupnp-dev's Depends field. * Thanks to Jeremy Laine for help on this release. * Two kFreeBSD build failures reported should now be fixed. Closes: #416254. Please open more bugs if there are any more failures. -- Steve McIntyre <93sam@debian.org> Sat, 31 Mar 2007 16:03:29 +0200 libupnp (1.2.1-3) unstable; urgency=low * Fix multiple compiler warnings fixes with gcc4. Thanks to Oskar Liljeblad for a patch. Closes: #320949 * Include debug versions of the libraries in the -dev package. Closes: #350115 * Updated Standards-version. -- Steve McIntyre <93sam@debian.org> Sun, 12 Feb 2006 20:55:35 +0000 libupnp (1.2.1-2) unstable; urgency=low * Fix FTBFS with gcc4. Thanks to Andreas Jochens for the patch. Closes: #301775 -- Steve McIntyre <93sam@debian.org> Sun, 17 Jul 2005 20:23:44 +0300 libupnp (1.2.1-1) unstable; urgency=low * Initial version -- Steve McIntyre <93sam@debian.org> Tue, 18 Jan 2005 19:42:08 +0000