libupnp (1:1.6.19+git20141001-1+deb8u2) jessie-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * Fix CVE-2020-13848: denial of service (crash) via a crafted SSDP message
    due to a NULL pointer dereference (Closes: #962282)

 -- Abhijith PA <abhijith@debian.org>  Mon, 08 Jun 2020 02:11:11 +0530

libupnp (1:1.6.19+git20141001-1+deb8u1) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * backport fixes for CVE-2016-6255 and CVE-2016-8863
    (Closes: #831857, #842093)

 -- Uwe Kleine-König <ukleinek@debian.org>  Tue, 13 Dec 2016 11:46:31 +0100

libupnp (1:1.6.19+git20141001-1) unstable; urgency=low

  * Ack both NMUs, thankyou for your care of this package.
  * New upstream release (Closes: #740584, #670964).  We take the git version
    as the git log suggests some worthwhile security and reliability fixes.
  * Build for IPv6 (note, UpnpInit() only enables IPv4 connections so
    most existing libupnp users need not be aware of this).
  * Change Priority to "optional" (Closes: #740582).
  * Remove patch 0001-Security-fix-for-CERT-issue-VU-922681 now in upstream.
  * Improve debian/rules hardening option usage stuff.
  * Update Standards-Version to 3.9.6 (no changes required).
  * Fix "memset(ctx, 0, sizeof(ctx));   /* In case it's sensitive */"
    in our copy of Colin Plumb's md5.c (patch 01-debian-md5-licence.patch).
  * Disable build tests since we aren't guaranteed to have network access
    in buildds (patch 19).

 -- Nick Leverton <nick@leverton.org>  Wed, 08 Oct 2014 00:09:27 +0100

libupnp (1:1.6.17-1.2) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix
    various stack-based buffer overflows in service_unique_name() function.
    This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,
    CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699316

 -- Yves-Alexis Perez <corsac@debian.org>  Fri, 01 Feb 2013 21:56:12 +0100

libupnp (1:1.6.17-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * libupnp6-doc Replaces libupnp3-dev (closes: #670894)

 -- Julien Cristau <jcristau@debian.org>  Tue, 08 May 2012 16:59:14 +0200

libupnp (1:1.6.17-1) unstable; urgency=low

  * Ack NMU, thankyou for your work on this package.
  * New upstream release, rename to libupnp6 for upstream's soname bump.
    (LP: #855339, LP: #648506).  Now includes IPv6 support.
  * Update from upstream git to get reinstated UpnpSetVirtualDirCallbacks API.
  * Remove all patches that are now in upstream.
  * Update remaining patches (01,07,12) for new upstream coding standards.
  * Remove fixed-length URLs from upnpapi (patch 18, Closes: #353169).
  * Update to debhelper v9 to get multi-arch and build-hardening in dh.
  * Update to Policy 3.9.3, and note that we are "discouraged" from
    shipping three libraries in this package but live with it for now.
  * Convert to multiarch.
  * libupnp-dev metapackage is now Arch: all.
  * Override lintian about versioned Conflicts and dupe files in docs.
  * Update debian/copyright to DEP-5 v1.0.
  * Generate up-to-date docs for the current API and ship a -doc package.

 -- Nick Leverton <nick@leverton.org>  Sat, 14 Apr 2012 20:58:59 +0100

libupnp (1:1.6.6-5.1) unstable; urgency=low

  * Non-maintainer upload.
  * Don't ship .la files (Closes: #622520).

 -- Luk Claes <luk@debian.org>  Sat, 25 Jun 2011 20:01:57 +0200

libupnp (1:1.6.6-5) unstable; urgency=low

  * Fixes to BSD build issues (Closes: #573319, FTBFS on Gnu/kFreeBSD)
  * We no longer Build-Depend on dbs anyway (Closes: #576068)
  * More debug tidying (07-neaten-debug.patch):
    - send UPNP_CRITICAL msgs to the info log as well as to the error log.
    - don't print HTTP headers to stdout as they're already in logfile.
  * Always compile in logging code but don't log unless requested
    (12-debian-always-debug.patch) to help porting other apps.
  * Cherry-pick some upstream bug fixes:
    - soap_request_and_response http_request parameter error from r486
    - "reuseaddr" patch from issue 2995758 backported from r548
    - threadpool hang when busy from r515
    - memory leak in SSDP AdvertiseAndReply from issue 2392304, r518
  * Add $PTHREAD_CFLAGS to libupnp.pc as assumed by {acx,ax}_pthread.m4
    (patch 16, Closes: #555386).

 -- Nick Leverton <nick@leverton.org>  Fri, 14 May 2010 15:47:17 +0100

libupnp (1:1.6.6-4) unstable; urgency=low

  * New patch 03-fix-duplicate-entries: fix FTBFS by removing duplicates
    from file list; patch by Stefan Potyra (Closes: #572859)
  * Update Sections (Closes: #519926) and general Policy to 3.8.4
  * Use debhelper 7 dh instead of dbs
  * Generate and update symbols file
  * Allow to co-exist with latest libupnp4.
  * Patch 06-patch-statevar-query.patch adapted from upstream 1.8 branch
    to fix format of State Variable Query response.
  * Fix sending of incorrect timeout on auto renew (patch 10).

 -- Nick Leverton <nick@leverton.org>  Mon, 08 Mar 2010 18:23:14 +0000

libupnp (1:1.6.6-3) unstable; urgency=high

  [ Dmitry E. Oboukhov ]
  * Added libupnp-dev with depends to libupnp3-dev, 
  	really closes: #490339, #490533.

  [ Nick Leverton ]
  * Include GNU/kfreeBSD build patch (Closes: #491173)

 -- Nick Leverton <nick@leverton.org>  Mon, 21 Jul 2008 20:57:42 +0100

libupnp (1:1.6.6-2) unstable; urgency=low

  * Bump epoch and add Conflicts with libupnp4, to displace incorrect
    upload of libupnp4 which displaced this package.  Closes: #490339
  * Fix the erroneous bug 426833 reference in old changelog, don't just
    document that it was wrong.  Closes: #490536
  * Standards-Version bumped to 3.8.0, compat bumped to 7.

 -- Nick Leverton <nick@leverton.org>  Sun, 13 Jul 2008 10:39:17 +0100

libupnp (1.6.6-1) unstable; urgency=low

  * New upstream release
  * Remove patch 03-upstream-upnp-rootdevice.patch, now in upstream.
  * Remove buggy patch 02-debian-fixed-length-buffer-for-urls.patch
    (Closes: #482737, reopens #353169).  libupnp4 will include upstream's
    wider changes for ridding the library of fixed-length static buffers.
  * Update watchfile again for better uscan pattern matching
  * Build -dbg symbol package anyway; allow pupnp "--enable-debug" via
    DEB_BUILD_OPTIONS="debug"
  * Update copyright file to reflect all contributors.
  * Tidy up build to use dh_install.

 -- Nick Leverton <nick@leverton.org>  Thu, 19 Jun 2008 18:27:11 +0100

libupnp (1.6.5-2) unstable; urgency=low

  * Correct New Maintainer bug number (was given as #426833, should
    be #462833) (really Closes: #462833).
  * Replace RSA Inc copyright MD5 functions by public domain
    implementation (Closes: #459516).
  * Remove Build-dep on doc++ as upstream now ships documentation in
    tarball (Closes: #307562).
  * Dynamically allocated buffer for uPnP Action urls (Closes: #353169).
  * Update Description to match current fork of upstream.
  * Fix watchfile to omit libupnp-doc tarballs.
  * No longer ignore "upnp:rootdevice" advertisement, upstream svn r326
    (03-upstream-upnp-rootdevice.patch).

 -- Nick Leverton <nick@leverton.org>  Mon, 21 Apr 2008 22:20:53 +0100

libupnp (1.6.5-1) unstable; urgency=low

  * New upstream release (Closes: #426388, #439373)
  * New maintainer (Closes: #462833)
  * Upstream soname changed, bump package to libupnp3
  * Make libupnp-dev depend on matching version of libupnp3

 -- Nick Leverton <nick@leverton.org>  Sun, 24 Feb 2008 10:29:48 +0000

libupnp (1.4.3-2) unstable; urgency=low

  * Make libupnp-dev depend on libupnp2.
	
 -- Steve McIntyre <93sam@debian.org>  Sat, 28 Apr 2007 16:58:23 +0100

libupnp (1.4.3-1) unstable; urgency=low

  * New upstream release from pupnp fork (Closes: #392783, #400903, #320949).
  * Do not claim libupnp-dev contains debugging symbols (Closes: #350115).
  * Update to Standards-Version 3.7.2.
  * Remove unnecessary ${shlibs:Depends} from libupnp-dev's Depends field.
  * Thanks to Jeremy Laine for help on this release.
  * Two kFreeBSD build failures reported should now be fixed.
    Closes: #416254. Please open more bugs if there are any more failures.
	
 -- Steve McIntyre <93sam@debian.org>  Sat, 31 Mar 2007 16:03:29 +0200

libupnp (1.2.1-3) unstable; urgency=low

  * Fix multiple compiler warnings fixes with gcc4. Thanks to Oskar
    Liljeblad for a patch. Closes: #320949
  * Include debug versions of the libraries in the -dev package.
    Closes: #350115
  * Updated Standards-version.
	
 -- Steve McIntyre <93sam@debian.org>  Sun, 12 Feb 2006 20:55:35 +0000

libupnp (1.2.1-2) unstable; urgency=low

  * Fix FTBFS with gcc4. Thanks to Andreas Jochens for the patch.
    Closes: #301775

 -- Steve McIntyre <93sam@debian.org>  Sun, 17 Jul 2005 20:23:44 +0300

libupnp (1.2.1-1) unstable; urgency=low

  * Initial version

 -- Steve McIntyre <93sam@debian.org>  Tue, 18 Jan 2005 19:42:08 +0000

