openconnect (7.08-1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Close HTTPS connection on failure returns from process_http_response()
  * Fix buffer overflow with chunked HTTP handling (CVE-2019-16239)
    (Closes: #940871)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 19 Jan 2020 00:15:10 +0100

openconnect (7.08-1) unstable; urgency=medium

  * New upstream version 7.08
    - Fix MTU detection (Closes: #847135)
  * d/libopenconnect5.{shlibs,symbols}: Update for new release
  * d/p/juniper-content-length.patch: Drop, applied upstream
  * d/p/fix-tests-shell-syntax.patch: Fix test suite shell bashisms
  * d/p/softhsm2-module-workaround.patch: Hard-code Debian location of
    libsofthsm2.so
  * d/control:
    - Add Build-Depends: libsocket-wrapper, libuid-wrapper, ocserv, openssl, and
      softhsm2 for test suite
    - Add Build-Depends: libpcsclite-dev to enable Yubikey support
      (LP: #1649227)
    - Add Build-Depends: dpkg-dev (>= 1.17.14) for build profiles support
    - Drop obsolete Build-Depends: liboath-dev
    - Reorder fields according to "cme fix dpkg-control"
  * Bump debhelper compatibility level to 10
  * Drop explicit dependency on dh-autoreconf and disabling silent rules, now
    enabled by default

 -- Mike Miller <mtmiller@debian.org>  Sat, 24 Dec 2016 10:50:15 -0800

openconnect (7.07-2) unstable; urgency=medium

  * d/rules: Build with --as-needed to remove indirect lib dependencies
  * d/control: Add Depends: liblz4-dev for libopenconnect-dev (Closes: 846706)
  * d/control: Use canonical repository URL for Vcs-Browser
  * d/copyright: Refresh copyright information
  * d/copyright: Update Format using "cme fix dpkg-copyright"

 -- Mike Miller <mtmiller@debian.org>  Thu, 08 Dec 2016 15:05:19 -0800

openconnect (7.07-1) unstable; urgency=medium

  * New upstream release.
    - Fix spelling of "sí" in Spanish translation. (Closes: #792073)
    - Fix handling of KMP message with --juniper. (Closes: #833466)
  * Add Build-Depends on libkrb5-dev, enables GSSAPI support. (Closes: #830905)
  * d/p/juniper-content-length.patch: Add Content-Length header to mimic
    official pulse client. (Closes: #845184)
  * Update libopenconnect5 shlibs and symbols files.
  * debian/rules: Update list of distributed files to back up and restore.
  * Use https URI for Vcs-* control fields.
  * Bump Standards-Version to 3.9.8. No changes needed.

 -- Mike Miller <mtmiller@debian.org>  Fri, 25 Nov 2016 12:22:01 -0800

openconnect (7.06-2) unstable; urgency=medium

  * Upload to unstable.

 -- Mike Miller <mtmiller@debian.org>  Mon, 25 May 2015 17:32:01 -0400

openconnect (7.06-1) experimental; urgency=medium

  * New upstream release. (Closes: #776235)
  * Bump libopenconnect soname (3 -> 5) and update symbols file.
  * Add Build-Depends on liblz4-dev for LZ4 compression.
  * debian/rules:
    - Update list of distributed files to back up and restore.
    - Ensure version.c gets the right upstream or Debian version string.
    - Allow build rules to work on a git snapshot tree.
  * debian/copyright: Refresh for new upstream release.
  * Bump Standards-Version to 3.9.6. No changes needed.

 -- Mike Miller <mtmiller@debian.org>  Sun, 05 Apr 2015 23:12:29 -0400

openconnect (6.00-2) unstable; urgency=medium

  * 01_fix-double-free.patch: Fix double free when PKCS#11 token does
    not include CA certs. (Closes: #781240) Thanks to Laurent Bigonville.

 -- Mike Miller <mtmiller@debian.org>  Thu, 26 Mar 2015 08:34:14 -0400

openconnect (6.00-1) unstable; urgency=medium

  * New upstream release, upload to unstable.
    - Fix regression breaking PKCS#11 token support. (Closes: #744214,
      LP: #1308054)
  * doc-remove-footer.patch: Remove, applied upstream.
  * Update libopenconnect3 shlibs and symbols files.

 -- Mike Miller <mtmiller@debian.org>  Tue, 08 Jul 2014 22:33:31 -0400

openconnect (5.99-2) experimental; urgency=medium

  * Build against GnuTLS 3.x, drop OpenSSL. (Closes: #742755)
    - Add Build-Depends on libgnutls28-dev rather than libgnutls-dev.
    - Drop Build-Depends on libssl-dev.
    - Remove OpenSSL-specific private function from libopenconnect3.symbols.
    - fix-gnutls-2.x-build.patch: Drop patch no longer needed when building
      against GnuTLS 3.x.
  * Add Depends on liboath-dev for libopenconnect-dev.
  * Add Build-Depends on libstoken-dev for RSA software token support.
  * Build openconnect-dbg and libopenconnect3-dbg debug symbol packages.
  * debian/rules: Back up and restore upstream files touched by dh-autoreconf.
  * debian/upstream/signing-key.asc: Store upstream PGP signing key in
    ASCII-armored format.
  * Run wrap-and-sort on debian/control and debian/*.install.

 -- Mike Miller <mtmiller@debian.org>  Thu, 03 Apr 2014 09:14:07 -0400

openconnect (5.99-1) experimental; urgency=medium

  * New upstream release.
  * Bump libopenconnect soname (2 -> 3) and update symbols file.
  * doc-remove-footer.patch: Refresh patch from upstream git commit.
  * fix-gnutls-2.x-build.patch: Cherry-pick from upstream git to fix building
    against GnuTLS 2.x.
  * debian/copyright: Refresh for new upstream release.

 -- Mike Miller <mtmiller@debian.org>  Thu, 06 Mar 2014 22:50:40 -0500

openconnect (5.03-1) unstable; urgency=medium

  * New upstream release.

 -- Mike Miller <mtmiller@debian.org>  Tue, 11 Feb 2014 22:43:03 -0500

openconnect (5.02-1) unstable; urgency=medium

  * New upstream release.
    - Temporarily disable XML POST if an authgroup dropdown exists.
      (LP: #1229195)
  * doc-remove-footer.patch: Remove footer from HTML doc template, it
    links to images from www.w3.org.
  * debian/control: Use lowercase for package synopsis.
  * debian/copyright: Fix some omissions in the copyright listing.
  * debian/rules: No need to explicitly set CFLAGS/CPPFLAGS/LDFLAGS.
  * debian/watch: Add support for verification of PGP signature on
    upstream release.
  * Use my @debian.org address.
  * Bump Standards-Version to 3.9.5. No changes needed.

 -- Mike Miller <mtmiller@debian.org>  Sun, 12 Jan 2014 15:30:14 -0500

openconnect (5.01-1) unstable; urgency=low

  * New upstream release.
    - Fix abuse of realloc() causing memory leaks. (Closes: #700805)
    - Fix compatibility with certain connection forms. (Closes: #708207)
    - Improve error handling when server closes connection. (Closes: #708928)
  * Update shlibs and symbols files for libopenconnect2.
  * debian/rules: Do not check for broken DTLS in OpenSSL, it has been
    patched in the Debian openssl package.
  * Add Build-Depends on liboath-dev.
  * Add missing explicit dependency on zlib1g-dev
    - Add Build-Depends on zlib1g-dev.
    - Add Depends on zlib1g-dev to libopenconnect-dev.

 -- Mike Miller <mtmiller@ieee.org>  Sun, 02 Jun 2013 11:18:58 -0400

openconnect (4.99-2) unstable; urgency=low

  * Upload to unstable.

 -- Mike Miller <mtmiller@ieee.org>  Tue, 07 May 2013 19:46:22 -0400

openconnect (4.99-1) experimental; urgency=low

  * New upstream release (5.00 beta release).
  * Update symbols file for libopenconnect2.
  * Bump Standards-Version to 3.9.4. No changes needed.
  * Remove obsolete DM-Upload-Allowed control field.
  * Canonicalize Vcs-* control fields.

 -- Mike Miller <mtmiller@ieee.org>  Fri, 15 Feb 2013 09:14:15 -0500

openconnect (4.07-1) experimental; urgency=low

  * New upstream release.

 -- Mike Miller <mtmiller@ieee.org>  Sat, 01 Sep 2012 10:07:59 -0400

openconnect (4.06-1) experimental; urgency=low

  * New upstream release.
  * debian/patches/01-Check-for-system-CA-certificate-file-for-GnuTLS.patch:
    Remove, applied upstream.

 -- Mike Miller <mtmiller@ieee.org>  Mon, 23 Jul 2012 23:30:35 -0400

openconnect (4.05-1) experimental; urgency=low

  * New upstream release.
  * Use dh-autoreconf to regenerate the build system.
  * debian/patches/01-Check-for-system-CA-certificate-file-for-GnuTLS.patch:
    Cherry-pick from upstream to allow configuring the default CA certificate
    path.
  * Configure with the path to the ca-certificates bundle.
  * Add Recommends: ca-certificates to libopenconnect2 to use its provided
    certificates by default.
  * Build-depend on groff for building HTML docs.

 -- Mike Miller <mtmiller@ieee.org>  Sat, 21 Jul 2012 15:29:27 -0400

openconnect (4.04-1~exp1) experimental; urgency=low

  * New upstream release. (Closes: #677939)
  * Remove 01_man-vpnc-script-path.patch, applied upstream.
  * Bump libopenconnect soname (1 -> 2) and update symbols file.
  * Build against GnuTLS.
    - Build-depend on libgnutls-dev (>= 2.12.16).
    - Build-depend on libp11-kit-dev.
    - Still build-depend on libssl-dev for openconnect executable only.
  * Enable verbose build (V=1) for more useful build logs.
  * Bump debhelper compatibility to version 9.
  * Set Multi-Arch: same and update library install paths for multiarch.

 -- Mike Miller <mtmiller@ieee.org>  Tue, 10 Jul 2012 23:21:17 -0400

openconnect (3.20-4) unstable; urgency=low

  * debian/patches/03_fix-abuse-of-realloc.patch: Backport patch from upstream
    to fix possible memory leaks on realloc. (Closes: #700805)

 -- Mike Miller <mtmiller@ieee.org>  Thu, 28 Feb 2013 23:42:31 -0500

openconnect (3.20-3) unstable; urgency=low

  * debian/patches/02_CVE-2012-6128.patch: Backport patch from upstream to fix
    buffer overflow (CVE-2012-6128). (Closes: #700794)

 -- Mike Miller <mtmiller@ieee.org>  Sun, 17 Feb 2013 11:56:35 -0500

openconnect (3.20-2) unstable; urgency=low

  * Depend on vpnc-scripts for routing and DNS configuration. (Closes:
    #566193)
  * Add 01_man-vpnc-script-path.patch to fix man page to match the
    default vpnc-script path in Debian.
  * Add DM-Upload-Allowed flag.

 -- Mike Miller <mtmiller@ieee.org>  Wed, 06 Jun 2012 08:45:27 -0400

openconnect (3.20-1) unstable; urgency=low

  * New upstream release.
  * Update debian/copyright for 2012.
  * Update libopenconnect1.symbols for versioned shared library ABI.

 -- Mike Miller <mtmiller@ieee.org>  Thu, 17 May 2012 22:06:31 -0400

openconnect (3.18-1) unstable; urgency=low

  * New upstream release

 -- Mike Miller <mtmiller@ieee.org>  Wed, 02 May 2012 21:02:47 -0400

openconnect (3.17-1) unstable; urgency=low

  * New upstream release
    - Simplify install path for HTML docs
    - Add required configuration path to vpnc script
  * Use dpkg-buildflags for compiler options, support hardened build
  * Add Vcs-* fields for the git repository

 -- Mike Miller <mtmiller@ieee.org>  Sat, 21 Apr 2012 08:48:41 -0400

openconnect (3.16-1) unstable; urgency=low

  * New upstream release
    - Fix FTBFS on kfreebsd and hurd (Closes: #667996)
  * Build and install HTML docs, copy the upstream changelog
  * Fix Homepage address
  * Remove debian/TODO, contents all done

 -- Mike Miller <mtmiller@ieee.org>  Mon, 09 Apr 2012 21:27:54 -0400

openconnect (3.15-2) unstable; urgency=low

  * Fix minimum version for shared library symbol

 -- Mike Miller <mtmiller@ieee.org>  Sat, 31 Mar 2012 09:38:14 -0400

openconnect (3.15-1) unstable; urgency=low

  * New maintainer
  * New upstream release (Closes: #619967, #637362)
    - Package new shared library, remove static library
    - Remove fix-link.patch, already in 3.15
  * Update description from upstream homepage (Closes: #521831)
  * Update debian/copyright to machine-readable format 1.0
  * Clean up package dependencies
    - Add deps on libssl-dev and libxml2-dev for -dev package
    - Add libproxy to build-deps and library deps
  * Bump Standards-Version to 3.9.3

 -- Mike Miller <mtmiller@ieee.org>  Wed, 28 Mar 2012 22:49:19 -0400

openconnect (3.02-2) unstable; urgency=low

  * Upload to unstable.

 -- Ross Burton <ross@debian.org>  Wed, 11 May 2011 11:55:34 +0100

openconnect (3.02-1) experimental; urgency=low

  * New upstream release
  * Add patch from upstream to fix linking on Debian

 -- Ross Burton <ross@debian.org>  Wed, 11 May 2011 11:55:34 +0100

openconnect (2.25-0.1+squeeze2) stable-security; urgency=high

  * debian/patches/02_CVE-2012-6128.patch: Backport patch from upstream to fix
    buffer overflow (CVE-2012-6128).

 -- Mike Miller <mtmiller@ieee.org>  Wed, 13 Feb 2013 19:55:03 -0500

openconnect (2.25-0.1+squeeze1) stable-security; urgency=high

  * Apply patch from upstream to fix buffer overflow (CVE-2012-3291)

 -- Mike Miller <mtmiller@ieee.org>  Thu, 14 Jun 2012 02:56:51 -0400

openconnect (2.25-0.1) unstable; urgency=low

  * Non-maintainer upload.
  * New upstream release (Closes: #566188)
    - always verify SSL server certificates (Closes: #590873)

 -- Dominic Hargreaves <dom@earth.li>  Sat, 28 Aug 2010 11:21:16 +0100

openconnect (2.22-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix kFreeBSD detection (Closes: #577004) using patch from Petr Salinger 

 -- Christoph Egger <christoph@debian.org>  Sat, 17 Jul 2010 16:06:33 -0400

openconnect (2.22-1) unstable; urgency=low

  * New upstream release

 -- Rob Bradford <robster@debian.org>  Thu, 25 Mar 2010 16:11:35 +0000

openconnect (2.01-1) unstable; urgency=low

  * New upstream release.

 -- Ross Burton <ross@debian.org>  Wed, 24 Jun 2009 19:17:44 +0100

openconnect (2.00-1) unstable; urgency=low

  * New upstream release.
  * Add fixes from upstream up to rev d45d92

 -- Ross Burton <ross@debian.org>  Tue, 16 Jun 2009 15:32:46 +0100

openconnect (1.40-1) unstable; urgency=low

  * New upstream release.

 -- Ross Burton <ross@debian.org>  Wed, 27 May 2009 15:50:36 +0100

openconnect (1.00-1) unstable; urgency=low

  * New upstream release
    - Remove leak.patch
  * Reword the description

 -- Ross Burton <ross@debian.org>  Wed, 18 Mar 2009 10:45:13 +0000

openconnect (0.99-2) unstable; urgency=low

  * Add patch from upstream to fix chronic memory leak.

 -- Ross Burton <ross@debian.org>  Fri, 06 Feb 2009 15:50:54 +0000

openconnect (0.99-1) unstable; urgency=low

  * New upstream release.
  * Update copyright information
  * Add watch file
  * Add Homepage field

 -- Ross Burton <ross@debian.org>  Thu, 15 Jan 2009 13:26:25 +0000

openconnect (0.98-3) unstable; urgency=low

  * Bump Standards
  * Add misc:Depends
  * Remove vpnc wrapper and depends

 -- Ross Burton <ross@debian.org>  Wed, 14 Jan 2009 12:21:50 +0000

openconnect (0.98-2) unstable; urgency=low

  * Disable the GTK+ UI, so that Network Manager support works.

 -- Ross Burton <ross@debian.org>  Wed, 14 Jan 2009 11:22:20 +0000

openconnect (0.98-1) unstable; urgency=low

  * New upstream release.
  * Add more netmasks (thanks Shane Bryan)

 -- Ross Burton <ross@debian.org>  Sat, 15 Nov 2008 11:55:18 +0000

openconnect (0.96-1) unstable; urgency=low

  * New upstream release.
  * Enable the GTK+ passcode dialog

 -- Ross Burton <ross@debian.org>  Tue, 28 Oct 2008 09:29:21 +0000

openconnect (0.95.1-2) unstable; urgency=low

  * Install the NM helper into the correct location.

 -- Ross Burton <ross@debian.org>  Fri, 24 Oct 2008 16:15:20 +0100

openconnect (0.95.1-1) unstable; urgency=low

  * Initial packaging.

 -- Ross Burton <ross@debian.org>  Thu, 23 Oct 2008 12:01:37 +0100

