libupnp4 (1.8.0~svn20100507-1.2+deb7u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Marc Deslauriers Thu, 05 Jan 2017 07:45:39 -0500 libupnp4 (1.8.0~svn20100507-1.2+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2016-8863, a heap buffer overflow in the create_url_list function. -- Markus Koschany Fri, 16 Dec 2016 21:44:56 +0100 libupnp4 (1.8.0~svn20100507-1.2) unstable; urgency=high * Non-maintainer upload by the Security Team. * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix various stack-based buffer overflows in service_unique_name() function. This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699459 * debian/rules: - enable hardening flags. * debian/control: - add build-dep on dpkg-dev (>= 1.16.1~) -- Yves-Alexis Perez Fri, 01 Feb 2013 22:53:13 +0100 libupnp4 (1.8.0~svn20100507-1.1) unstable; urgency=low * Non-maintainer upload. * Don't ship .la files (Closes: #622539). -- Luk Claes Sun, 26 Jun 2011 15:54:50 +0200 libupnp4 (1.8.0~svn20100507-1) unstable; urgency=low * New pull from upstream subversion * Fixes to BSD build issues (Closes: #573321, FTBFS on Gnu/kFreeBSD) * More debug tidying (07-neaten-debug.patch): - send UPNP_CRITICAL msgs to the info log as well as to the error log. - don't print HTTP headers to stdout as they're already in logfile. * Always compile in logging code but don't log unless requested (12-debian-always-debug.patch) to help porting other apps. * Remove patches 03, 04, 06, 08 and 10, now in upstream (note naming difference in upstream's string object accessors). * Add $PTHREAD_CFLAGS to libupnp.pc as assumed by {acx,ax}_pthread.m4 (patch 16, Closes: #581608). -- Nick Leverton Fri, 14 May 2010 15:34:11 +0100 libupnp4 (1.8.0~svn20090313-1) unstable; urgency=low * ACK NMU (thanks to gregor herrmann and Stefan Potyra). * Pull from svn, see upstream changes.gz for details (Closes: #492160, FTBFS on GNU/kFreeBSD, thanks to Petr Salinger). * Update Sections and general Policy to 3.8.4 * Use debhelper 7 dh instead of dbs * Generate and update symbols file * Rename libs to libupnp4, libixml4 and libthreadutil4, to allow co-installing libupnp3 and libupnp4. * New patch 04-string-access-functions.patch: add _strget_ accessors to API, to avoid remembering to call UpnpString_get_String in clients. * New patch 05-const-tidyup.patch for a few constness fixes. * Upstream patch 06-patch-statevar-query.patch for missing CRNL. * New patch 07-neaten-debug.patch to improve debug readability * New patch 08-renewals-sid.patch to fix autorenewals. * New patch 09-update-doc.patch to generate up to date -doc package. * New patch 10-upnpinit-ntoa.patch to replace inet_ntoa by inet_ntop. -- Nick Leverton Mon, 08 Mar 2010 18:26:14 +0000 libupnp4 (1.8.0~cvs20080628-2.1) unstable; urgency=low * Non-maintainer upload. * New patch 03-fix-duplicate-entries: remove duplicates from file list; patch by Stefan Potyra (closes: #543068). -- gregor herrmann Sat, 28 Nov 2009 00:47:48 +0100 libupnp4 (1.8.0~cvs20080628-2) unstable; urgency=low * Rebuild with source name libupnp4, to allow libupnp3 to remain in archive. * Various dependencies have been fixed, closes: #490533. * Added conflicts with libupnp3* (Closes: #490639) -- Nick Leverton Sun, 13 Jul 2008 19:58:10 +0100 libupnp (1.8.0~cvs20080628-1) unstable; urgency=low * New upstream release * Bump soname yet again. This version is still under development but it is promised to be a stable API once it is released ! * Co-exist with libupnp3 to allow controlled transition over API change. [ unera ] * Added lintian overrides. -- Nick Leverton Sat, 28 Jun 2008 10:18:16 +0100 libupnp (1.6.6-1) unstable; urgency=low * New upstream release * Remove patch 03-upstream-upnp-rootdevice.patch, now in upstream. * Remove buggy patch 02-debian-fixed-length-buffer-for-urls.patch (Closes: #482737, reopens #353169). libupnp4 will include upstream's wider changes for ridding the library of fixed-length static buffers. * Update watchfile again for better uscan pattern matching * Build -dbg symbol package anyway; allow pupnp "--enable-debug" via DEB_BUILD_OPTIONS="debug" * Update copyright file to reflect all contributors. * Tidy up build to use dh_install. -- Nick Leverton Thu, 19 Jun 2008 18:27:11 +0100 libupnp (1.6.5-2) unstable; urgency=low * Correct New Maintainer bug number (was given as #426833, should be #462833) (really Closes: #462833). * Replace RSA Inc copyright MD5 functions by public domain implementation (Closes: #459516). * Remove Build-dep on doc++ as upstream now ships documentation in tarball (Closes: #307562). * Dynamically allocated buffer for uPnP Action urls (Closes: #353169). * Update Description to match current fork of upstream. * Fix watchfile to omit libupnp-doc tarballs. * No longer ignore "upnp:rootdevice" advertisement, upstream svn r326 (03-upstream-upnp-rootdevice.patch). -- Nick Leverton Mon, 21 Apr 2008 22:20:53 +0100 libupnp (1.6.5-1) unstable; urgency=low * New upstream release (Closes: #426388, #439373) * New maintainer (Closes: #426833) * Upstream soname changed, bump package to libupnp3 * Make libupnp-dev depend on matching version of libupnp3 -- Nick Leverton Sun, 24 Feb 2008 10:29:48 +0000 libupnp (1.4.3-2) unstable; urgency=low * Make libupnp-dev depend on libupnp2. -- Steve McIntyre <93sam@debian.org> Sat, 28 Apr 2007 16:58:23 +0100 libupnp (1.4.3-1) unstable; urgency=low * New upstream release from pupnp fork (Closes: #392783, #400903, #320949). * Do not claim libupnp-dev contains debugging symbols (Closes: #350115). * Update to Standards-Version 3.7.2. * Remove unnecessary ${shlibs:Depends} from libupnp-dev's Depends field. * Thanks to Jeremy Laine for help on this release. * Two kFreeBSD build failures reported should now be fixed. Closes: #416254. Please open more bugs if there are any more failures. -- Steve McIntyre <93sam@debian.org> Sat, 31 Mar 2007 16:03:29 +0200 libupnp (1.2.1-3) unstable; urgency=low * Fix multiple compiler warnings fixes with gcc4. Thanks to Oskar Liljeblad for a patch. Closes: #320949 * Include debug versions of the libraries in the -dev package. Closes: #350115 * Updated Standards-version. -- Steve McIntyre <93sam@debian.org> Sun, 12 Feb 2006 20:55:35 +0000 libupnp (1.2.1-2) unstable; urgency=low * Fix FTBFS with gcc4. Thanks to Andreas Jochens for the patch. Closes: #301775 -- Steve McIntyre <93sam@debian.org> Sun, 17 Jul 2005 20:23:44 +0300 libupnp (1.2.1-1) unstable; urgency=low * Initial version -- Steve McIntyre <93sam@debian.org> Tue, 18 Jan 2005 19:42:08 +0000