-
libsoup2.4 (2.64.1-1) unstable; urgency=medium
* New upstream release
* Drop all patches: applied in new release
-- Jeremy Bicha <email address hidden> Tue, 25 Sep 2018 11:20:40 -0400
-
libsoup2.4 (2.64.0-2) unstable; urgency=medium
* Cherry-pick 6 commits with meson build fixes
-- Jeremy Bicha <email address hidden> Tue, 04 Sep 2018 17:58:53 -0400
-
libsoup2.4 (2.64.0-1) unstable; urgency=medium
[ Jeremy Bicha ]
* New upstream release
* Build with meson
* Release to unstable
[ Iain Lane ]
* Make the runtime directory with 0700 permissions
* Use dh_auto_test not $(MAKE), since we're using meson now
-- Jeremy Bicha <email address hidden> Tue, 04 Sep 2018 09:33:53 -0400
-
libsoup2.4 (2.63.92-1) experimental; urgency=medium
* New upstream version
-- Sebastien Bacher <email address hidden> Wed, 29 Aug 2018 12:36:57 +0200
-
libsoup2.4 (2.63.90-1) experimental; urgency=medium
* debian/{gbp.conf,control{,.in}}: Update for experimental.
* New upstream release 2.63.90 (LP: #1786789)
- Avoid unaligned memory accesses in WebSocket implementation
- Bail out on cookie-jar calls with empty hostnames
- Fix crash under soup_socket_new()
- Fix critical warning in SoupSocket
- Fix digest authentication with encoded URIs
- Fixes to GObject-introspection
- Fixes to the simple-httpd example
- Fixes to xmlrpc-server test with PHP >= 7.2 and related
- Many Coverity-found code fixes
- Set default cookie path for NULL origins
- Use atomic-refcounting in classes that are not using GObject-refcounting
- Use base domain to decide if cookies are third-party
- Use libpsl for the SoupTLD API instead of shipping a copy of the
public-suffix list
* debian/control.in:
- Build-Depend on libpsl-dev per upstream.
- Rules-Requires-Root: no - we don't need to be root to build/test.
- Standards-Version → 4.2.0
* debian/patches: Drop, included from upstream.
-- Iain Lane <email address hidden> Fri, 10 Aug 2018 13:29:19 +0100
-
libsoup2.4 (2.62.2-2) unstable; urgency=high
* debian/patches/0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch,
debian/patches/0002-Add-soup_cookie_jar_get_cookies-with-empty-hostname-.patch:
Cherry-pick two patches from upstream to fix an out of bounds access in
the cookie jar (CVE-2018-12910).
-- Iain Lane <email address hidden> Thu, 28 Jun 2018 19:57:42 +0100
-
libsoup2.4 (2.62.2-1) unstable; urgency=medium
* New upstream release
-- Jeremy Bicha <email address hidden> Mon, 07 May 2018 10:59:55 -0400
-
libsoup2.4 (2.62.1-1) unstable; urgency=medium
* New upstream release
* Drop cookie-jar-use-base-domain.patch: Applied in new release
* Bump Standards-Version to 4.1.4
-- Jeremy Bicha <email address hidden> Tue, 10 Apr 2018 14:47:57 -0400
