opennds (10.2.0+dfsg-1ubuntu0.24.10.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2024-25763.patch: Delete the client instead of
      changing state
    - CVE-2024-25763

 -- Bruce Cable <bruce.cable@canonical.com>  Thu, 27 Feb 2025 13:34:10 +1100

opennds (10.2.0+dfsg-1build2) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- William Grant <wgrant@ubuntu.com>  Mon, 01 Apr 2024 18:06:46 +1100

opennds (10.2.0+dfsg-1build1) noble; urgency=high

  * No change rebuild against libmicrohttpd12t64.

 -- Julian Andres Klode <juliank@ubuntu.com>  Fri, 22 Mar 2024 17:47:22 +0100

opennds (10.2.0+dfsg-1) unstable; urgency=medium

  * New upstream release. (Closes: #1059451, #1059452).
    - CVE-2023-38313, CVE-2023-38314, CVE-2023-38315, CVE-2023-38316:
      Fix NULL pointer dereference if authdir is called with an incomplete or
      missing query string.
    - CVE-2023-38320, CVE-2023-38322: Fix - NULL pointer dereference if
      user_agent is NULL.
    - CVE-2023-38324: Generate unique sha256 faskey if not set in config.
    - CVE-2023-41101: Fix buffer overflow causing segfault.
    - CVE-2023-41102: Fix multiple memory leaks.
  * debian/patches:
    + Rebase 1004_add-documentation-key-in-service-file.patch.
    + Add 1005_evaluate-system-call-retvals.patch. Fix FTBFS against recent
      Debian.
  * debian/{opennds-daemon.install,rules}:
    + Adjust file installations into DEST_DIR.
  * debian/copyright:
    + Update copyright attributions.
    + Update copyright attribution for debian/.
    + Update auto-generated copyright.in file.
  * lintian:
    + Update files lines in very-long-line-length-in-source-file overrides
      with globbings.
  * debian/opennds-daemon-common.links:
    + Drop file. Drop man page symlinking. The formerly shipped man page was
      bogus and upstream removed it (for now). (Closes: #1040392).

 -- Mike Gabriel <sunweaver@debian.org>  Sat, 20 Jan 2024 11:00:54 +0100

opennds (9.10.0-1) unstable; urgency=medium

  * New upstream release.
  * debian/patches:
    + Drop patches 1001 and 1003. Both applied upstream.
    + Drop 1002_typo-fixes-in-man-page.patch. Upstream remove the man page
      (which did contain bogus info anyway).
  * debian/copyright:
    + Update auto-generated copyright.in file.
    + Update copyright attributions.
  * debian/control:
    + Bump Standards-Version: to 4.6.2. No changes needed.
  * debian/source/lintian-overrides:
    + Update to new syntax.
  * debian/rules:
    + Move system service file to /lib/systemd/ (instead of /etc/systemd/).
  * debian/opennds-daemon-common.manpages:
    + Drop file. No man page anymore.

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 06 Feb 2023 23:40:56 +0100

opennds (9.7.0-3) unstable; urgency=medium

  * debian/rules:
    + Fix missing ';' in multi-line if-clause.

 -- Mike Gabriel <sunweaver@debian.org>  Wed, 18 May 2022 20:09:09 +0200

opennds (9.7.0-2) unstable; urgency=medium

  [ Daniel Teichmann ]
  * debian/rules:
    + Only fix perms if file exists and is executable. Fixes arch:any only
      builds.

 -- Mike Gabriel <sunweaver@debian.org>  Wed, 18 May 2022 17:22:47 +0200

opennds (9.7.0-1) unstable; urgency=medium

  [ Daniel Teichmann ]
  * Initial upload to Debian. (Closes: #1009368).

 -- Mike Gabriel <sunweaver@debian.org>  Wed, 27 Apr 2022 14:15:08 +0200
