libupnp (1:1.6.24-4) unstable; urgency=medium

  * Fix patch 18-url-upnpstrings.patch to have working compat functions
    for the (upstream) fixed-length strings.
  * Add still more compat code to ease applications to compile against both
    libupnp 1.6 and 1.8.

 -- Uwe Kleine-König <ukleinek@debian.org>  Fri, 22 Dec 2017 16:56:01 +0100

libupnp (1:1.6.24-3) unstable; urgency=medium

  * Specify details for "public domain" in debian/copyright to please lintian.
  * Switch to https URI for copyright-format
  * Update Standards-Version to 4.1.2 (no changes required).
  * Add Multi-Arch: headers and switch libupnp-dev to arch-any.  Thanks to
    Helmut Grohne who provided a slightly different patch. (Closes: #843216)
  * Add more and fix existing compat code.

 -- Uwe Kleine-König <ukleinek@debian.org>  Tue, 19 Dec 2017 22:28:06 +0100

libupnp (1:1.6.24-2) unstable; urgency=high

  * Cherry pick "Fix segmentation fault in http_MakeMessage" from upstream.
    (Closes: #883118)
  * Ensure that the assert(0) in http_MakeMessage isn't hit if fmt contains
    'E'. Thanks to Tobi Frost for the patch.

 -- Uwe Kleine-König <ukleinek@debian.org>  Sun, 10 Dec 2017 23:02:08 +0100

libupnp (1:1.6.24-1) unstable; urgency=medium

  * Fix Vcs URL to not use an insecure URI
  * Fix machine parsable copyright to use standard name for "public-domain"
  * New upstream release

 -- Uwe Kleine-König <ukleinek@debian.org>  Sat, 25 Nov 2017 22:13:26 +0100

libupnp (1:1.6.22-1) unstable; urgency=medium

  * New upstream release:
    + drop 01-debian-md5-licence.patch, solved similar upstream
    + drop 24-miniserver_IPV4_INADDR_ANY.patch, CVE-2016-6255.patch,
      CVE-2016-8863.patch and
      miniserver-fix-binding-to-ipv6-link-local-addresses.patch, all applied
      upstream.
  * Drop explicit -dbg package and rely on autogenerated -dbgsym instead.
  * Take maintainership. (Closes: #857211)
  * Various packaging cleanups

 -- Uwe Kleine-König <ukleinek@debian.org>  Wed, 09 Aug 2017 09:31:36 +0200

libupnp (1:1.6.19+git20160116-1.2) unstable; urgency=high

  * Non-maintainer upload.
  * Fix out-of-bounds-access (CVE-2016-8863, Closes: #842093)
  * Fix usage on ipv6 enabled hosts (Closes: #813249) 

 -- Uwe Kleine-König <ukleinek@debian.org>  Fri, 09 Dec 2016 10:40:28 +0100

libupnp (1:1.6.19+git20160116-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Don't allow unhandled POSTs to write to the filesystem by
    default (Closes: #831857) (CVE-2016-6255)
    Thanks to Matthew Garrett for the patch.

 -- James Cowgill <jcowgill@debian.org>  Wed, 19 Oct 2016 21:03:51 +0100

libupnp (1:1.6.19+git20160116-1) unstable; urgency=medium

  * Update to latest git:
    + Don't fail if IPv6 is unavailable, we might be running on an
      IPv4-only host (Closes: #781876).
    + Don't define strndup and strnlen if autoconf says we already have them
      (Closes: #807393).
  * Add a patch to have Doxygen not write timestamps in the generated
    documentation to allow package builds to be reproducible.
    [Jérémy Bobbio <lunar@debian.org>] (patch 22) (Closes: #774518).
  * Bind miniserver sockets to our given IP address not INADDR_ANY (patch 24).
  * libupnp6-doc: add override of embedded-javascript-library for jquery.js, 
    see README.jquery in doxygen itself for why (lintian, Policy section 4.13).
  * Fix lintian binary-file-built-without-LFS-support for libixml: fix
    libixml Makefile.am, fseeko and #includes, and define AC_USE_LARGEFILE in
    configure.ac instead of the direct messing with 64bit #defines (patch 27).

 -- Nick Leverton <nick@leverton.org>  Sun, 17 Jan 2016 01:03:04 +0000

libupnp (1:1.6.19+git20141001-1) unstable; urgency=low

  * Ack both NMUs, thankyou for your care of this package.
  * New upstream release (Closes: #740584, #670964).  We take the git version
    as the git log suggests some worthwhile security and reliability fixes.
  * Build for IPv6 (note, UpnpInit() only enables IPv4 connections so
    most existing libupnp users need not be aware of this).
  * Change Priority to "optional" (Closes: #740582).
  * Remove patch 0001-Security-fix-for-CERT-issue-VU-922681 now in upstream.
  * Improve debian/rules hardening option usage stuff.
  * Update Standards-Version to 3.9.6 (no changes required).
  * Fix "memset(ctx, 0, sizeof(ctx));   /* In case it's sensitive */"
    in our copy of Colin Plumb's md5.c (patch 01-debian-md5-licence.patch).
  * Disable build tests since we aren't guaranteed to have network access
    in buildds (patch 19).

 -- Nick Leverton <nick@leverton.org>  Wed, 08 Oct 2014 00:09:27 +0100

libupnp (1:1.6.17-1.2) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix
    various stack-based buffer overflows in service_unique_name() function.
    This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,
    CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699316

 -- Yves-Alexis Perez <corsac@debian.org>  Fri, 01 Feb 2013 21:56:12 +0100

libupnp (1:1.6.17-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * libupnp6-doc Replaces libupnp3-dev (closes: #670894)

 -- Julien Cristau <jcristau@debian.org>  Tue, 08 May 2012 16:59:14 +0200

libupnp (1:1.6.17-1) unstable; urgency=low

  * Ack NMU, thankyou for your work on this package.
  * New upstream release, rename to libupnp6 for upstream's soname bump.
    (LP: #855339, LP: #648506).  Now includes IPv6 support.
  * Update from upstream git to get reinstated UpnpSetVirtualDirCallbacks API.
  * Remove all patches that are now in upstream.
  * Update remaining patches (01,07,12) for new upstream coding standards.
  * Remove fixed-length URLs from upnpapi (patch 18, Closes: #353169).
  * Update to debhelper v9 to get multi-arch and build-hardening in dh.
  * Update to Policy 3.9.3, and note that we are "discouraged" from
    shipping three libraries in this package but live with it for now.
  * Convert to multiarch.
  * libupnp-dev metapackage is now Arch: all.
  * Override lintian about versioned Conflicts and dupe files in docs.
  * Update debian/copyright to DEP-5 v1.0.
  * Generate up-to-date docs for the current API and ship a -doc package.

 -- Nick Leverton <nick@leverton.org>  Sat, 14 Apr 2012 20:58:59 +0100

libupnp (1:1.6.6-5.1) unstable; urgency=low

  * Non-maintainer upload.
  * Don't ship .la files (Closes: #622520).

 -- Luk Claes <luk@debian.org>  Sat, 25 Jun 2011 20:01:57 +0200

libupnp (1:1.6.6-5) unstable; urgency=low

  * Fixes to BSD build issues (Closes: #573319, FTBFS on Gnu/kFreeBSD)
  * We no longer Build-Depend on dbs anyway (Closes: #576068)
  * More debug tidying (07-neaten-debug.patch):
    - send UPNP_CRITICAL msgs to the info log as well as to the error log.
    - don't print HTTP headers to stdout as they're already in logfile.
  * Always compile in logging code but don't log unless requested
    (12-debian-always-debug.patch) to help porting other apps.
  * Cherry-pick some upstream bug fixes:
    - soap_request_and_response http_request parameter error from r486
    - "reuseaddr" patch from issue 2995758 backported from r548
    - threadpool hang when busy from r515
    - memory leak in SSDP AdvertiseAndReply from issue 2392304, r518
  * Add $PTHREAD_CFLAGS to libupnp.pc as assumed by {acx,ax}_pthread.m4
    (patch 16, Closes: #555386).

 -- Nick Leverton <nick@leverton.org>  Fri, 14 May 2010 15:47:17 +0100

libupnp (1:1.6.6-4) unstable; urgency=low

  * New patch 03-fix-duplicate-entries: fix FTBFS by removing duplicates
    from file list; patch by Stefan Potyra (Closes: #572859)
  * Update Sections (Closes: #519926) and general Policy to 3.8.4
  * Use debhelper 7 dh instead of dbs
  * Generate and update symbols file
  * Allow to co-exist with latest libupnp4.
  * Patch 06-patch-statevar-query.patch adapted from upstream 1.8 branch
    to fix format of State Variable Query response.
  * Fix sending of incorrect timeout on auto renew (patch 10).

 -- Nick Leverton <nick@leverton.org>  Mon, 08 Mar 2010 18:23:14 +0000

libupnp (1:1.6.6-3) unstable; urgency=high

  [ Dmitry E. Oboukhov ]
  * Added libupnp-dev with depends to libupnp3-dev, 
  	really closes: #490339, #490533.

  [ Nick Leverton ]
  * Include GNU/kfreeBSD build patch (Closes: #491173)

 -- Nick Leverton <nick@leverton.org>  Mon, 21 Jul 2008 20:57:42 +0100

libupnp (1:1.6.6-2) unstable; urgency=low

  * Bump epoch and add Conflicts with libupnp4, to displace incorrect
    upload of libupnp4 which displaced this package.  Closes: #490339
  * Fix the erroneous bug 426833 reference in old changelog, don't just
    document that it was wrong.  Closes: #490536
  * Standards-Version bumped to 3.8.0, compat bumped to 7.

 -- Nick Leverton <nick@leverton.org>  Sun, 13 Jul 2008 10:39:17 +0100

libupnp (1.6.6-1) unstable; urgency=low

  * New upstream release
  * Remove patch 03-upstream-upnp-rootdevice.patch, now in upstream.
  * Remove buggy patch 02-debian-fixed-length-buffer-for-urls.patch
    (Closes: #482737, reopens #353169).  libupnp4 will include upstream's
    wider changes for ridding the library of fixed-length static buffers.
  * Update watchfile again for better uscan pattern matching
  * Build -dbg symbol package anyway; allow pupnp "--enable-debug" via
    DEB_BUILD_OPTIONS="debug"
  * Update copyright file to reflect all contributors.
  * Tidy up build to use dh_install.

 -- Nick Leverton <nick@leverton.org>  Thu, 19 Jun 2008 18:27:11 +0100

libupnp (1.6.5-2) unstable; urgency=low

  * Correct New Maintainer bug number (was given as #426833, should
    be #462833) (really Closes: #462833).
  * Replace RSA Inc copyright MD5 functions by public domain
    implementation (Closes: #459516).
  * Remove Build-dep on doc++ as upstream now ships documentation in
    tarball (Closes: #307562).
  * Dynamically allocated buffer for uPnP Action urls (Closes: #353169).
  * Update Description to match current fork of upstream.
  * Fix watchfile to omit libupnp-doc tarballs.
  * No longer ignore "upnp:rootdevice" advertisement, upstream svn r326
    (03-upstream-upnp-rootdevice.patch).

 -- Nick Leverton <nick@leverton.org>  Mon, 21 Apr 2008 22:20:53 +0100

libupnp (1.6.5-1) unstable; urgency=low

  * New upstream release (Closes: #426388, #439373)
  * New maintainer (Closes: #462833)
  * Upstream soname changed, bump package to libupnp3
  * Make libupnp-dev depend on matching version of libupnp3

 -- Nick Leverton <nick@leverton.org>  Sun, 24 Feb 2008 10:29:48 +0000

libupnp (1.4.3-2) unstable; urgency=low

  * Make libupnp-dev depend on libupnp2.
	
 -- Steve McIntyre <93sam@debian.org>  Sat, 28 Apr 2007 16:58:23 +0100

libupnp (1.4.3-1) unstable; urgency=low

  * New upstream release from pupnp fork (Closes: #392783, #400903, #320949).
  * Do not claim libupnp-dev contains debugging symbols (Closes: #350115).
  * Update to Standards-Version 3.7.2.
  * Remove unnecessary ${shlibs:Depends} from libupnp-dev's Depends field.
  * Thanks to Jeremy Laine for help on this release.
  * Two kFreeBSD build failures reported should now be fixed.
    Closes: #416254. Please open more bugs if there are any more failures.
	
 -- Steve McIntyre <93sam@debian.org>  Sat, 31 Mar 2007 16:03:29 +0200

libupnp (1.2.1-3) unstable; urgency=low

  * Fix multiple compiler warnings fixes with gcc4. Thanks to Oskar
    Liljeblad for a patch. Closes: #320949
  * Include debug versions of the libraries in the -dev package.
    Closes: #350115
  * Updated Standards-version.
	
 -- Steve McIntyre <93sam@debian.org>  Sun, 12 Feb 2006 20:55:35 +0000

libupnp (1.2.1-2) unstable; urgency=low

  * Fix FTBFS with gcc4. Thanks to Andreas Jochens for the patch.
    Closes: #301775

 -- Steve McIntyre <93sam@debian.org>  Sun, 17 Jul 2005 20:23:44 +0300

libupnp (1.2.1-1) unstable; urgency=low

  * Initial version

 -- Steve McIntyre <93sam@debian.org>  Tue, 18 Jan 2005 19:42:08 +0000

