pound (2.6-6.1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Request smuggling
    - debian/patches/0009-CVE-2016-10711-CVE-2018-21245.patch: avoid
      request smuggling in http.c.
    - CVE-2016-10711
    - CVE-2018-21245

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Wed, 20 Jan 2021 15:58:50 -0300

pound (2.6-6.1) unstable; urgency=medium

  * Non-maintainer upload by the security team with maintainer approval.
  * Add missing part of anti_beast patch to fix disabling of client
    renegotiation. (Closes: #765649)

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 05 May 2015 13:27:06 +0000

pound (2.6-6) unstable; urgency=low

  * Add options to disable SSLv2 and SSLv3.

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Mon, 20 Oct 2014 00:48:13 +0100

pound (2.6-5) unstable; urgency=low

  * Add MKCALENDAR support (Closes: #742488)
  * Check config file is valid for restart/force-restart (Closes: #747517)
  * Up max http size to 8k (Closes: #691941)

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Sun, 19 Oct 2014 22:31:00 +0100

pound (2.6-4) unstable; urgency=low

  * Add HTTP PATCH support
  * Add semaphore wait support (Closes: #737853)

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Mon, 03 Mar 2014 15:22:11 +0000

pound (2.6-3) unstable; urgency=low

  * New maintainer: Brett Parker <iDunno@sommitrealweird.co.uk>
  * Update xss_redirect_patch
    - Allow = character in urls (Closes: #723731)
  * Add patch from Joe Gooch <mrwizard@k12system.com> for CRIME vulnerability
    - tls_compression_disable.patch (Closes: #727197)

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Sun, 26 Jan 2014 12:40:27 +0000

pound (2.6-2) unstable; urgency=low

  * Update anti_beast patch
     - Actually authored by Joe Gooch <mrwizard@k12system.com>
     - Fix segfault on some systems
  * Added patch to fix XSS redirect vulnerability
    - Patch from Joe Gooch <mrwizard@k12system.com>
  * Switched to dpkg-buildflags (Closes: #654833)
     - Patch from Moritz Muehlenhoff <jmm@debian.org>

 -- Martin Meredith <mez@debian.org>  Fri, 03 Feb 2012 09:40:45 +0000

pound (2.6-1) unstable; urgency=low

  * New upstream release
  * Patch from Michal Jirku <box@wejn.org> to add config
    options that prevent BEAST/renegotiation attacks

 -- Martin Meredith <mez@debian.org>  Mon, 30 Jan 2012 10:21:52 +0000

pound (2.5-1.1) unstable; urgency=low

  * NMU
  * Apply patch to work with new openssl. Thanks to Ilya Barygin
    <barygin@gmail.com> for the patch. Closes: #622041
  * Add simple initial build-arch and build-indep rules as suggested by
    lintian

 -- Steve McIntyre <steve.mcintyre@linaro.org>  Thu, 12 Dec 2011 15:29:12 +0000

pound (2.5-1) unstable; urgency=low

  * New upstream release
  * Switch to dpkg-source 3.0 (quilt) format
  * Removed previous patch from #517359 - incorporated upstream
  * Added ${misc:Depends}
  * Added openssl as a B-D (New functionality to connect to SSL backends)

 -- Martin Meredith <mez@debian.org>  Wed, 10 Mar 2010 21:44:12 +0000

pound (2.4.5-3) unstable; urgency=low

  * Added functionality to init script to allow optional
    arguments (Closes: #449430)

 -- Martin Meredith <mez@debian.org>  Fri, 02 Oct 2009 13:30:36 +0100

pound (2.4.5-2) unstable; urgency=low

  * Fixed small typo in init script (Closes: #537602)

 -- Martin Meredith <mez@debian.org>  Mon, 27 Jul 2009 21:04:07 +0100

pound (2.4.5-1) unstable; urgency=low

  * New upstream release
  * Hijacked Package: New Maintainer (due to MIA)
  * Changed init script to create /var/run/pound
  * Upstream has fixed RewriteLocation Port issues (Closes: #525733)
  * Added patch to fix truncation issues (Closes: #517359)
  * Updated to standards version 3.8.2
  * Updated to debhelper 7
  * Added dpatch as B-D

 -- Martin Meredith <mez@debian.org>  Sun, 05 Jul 2009 16:11:36 +0100

pound (2.4.3-1) unstable; urgency=medium

  [Michael Mende]
  * New upstream release.

 -- Michael Mende <debian@menole.net>  Wed,  4 May 2008 13:11:21 +0200

pound (2.4.2-1) unstable; urgency=medium

  [Michael Mende]
  * New upstream release.
  * Added FAQ and CHANGELOG. (Closes: #472453)
  * debian/watch
    + Fixed regex.

 -- Michael Mende <debian@menole.net>  Tue, 28 Apr 2008 14:33:11 +0200

pound (2.4-2) unstable; urgency=medium

  [Michael Mende]
  * debian/control:
    + Removed libgoogle-perftools-dev from build-dependencies because 
      libgoogle-perftools does not seem to enter testing soon.
  * debian/rules:
    + Syntax error in LDFLAGS on some architectures. (Closes: #469823)
    + CFLAGS on ARM without '-fstack-protector' due to segmentation faults.
    + Added 'noexecstack' to LDFLAGS.

 -- Michael Mende <debian@menole.net>  Wed,  7 Mar 2008 11:20:11 +0100

pound (2.4-1) unstable; urgency=medium

  [Michael Mende]
  * New upstream version (Closes: #432784).
  * Has now support for IPv6 (Closes: #360158).
  * debian/copyright
    + Moved license to GPLv3 (changed in upstream version 2.4d).
  * debian/rules:
    + '[ ! -f Makefile ] || $(MAKE) clean' instead of '-$(MAKE) distclean'
      (Closes: #424308).
    + Remove Makefile after make clean.
    + Added security hardening features.
  * debian/control:
    + Removed Sam Johnston from Maintainer: and Jörg Wendland from Uploaders:
      field (Closes: #465968).
    + Set myself as maintainer.
    + Bumped Standards-Version to 3.7.3.
    + Use debhelper 6 now.
    + Added Homepage field.
    + Added libgoogle-perftools-dev to build-dependencies for amd64, i386, ia64
      and powerpc.
    + Added libpcre3-dev to build-dependencies.
  * debian/dirs:
    + Added /var/run/pound for poundctl control socket.
  * debian/pound.cfg:
    + Added global option 'Control' to enable poundctl usage.
  * Addes watch file debian/watch.

 -- Michael Mende <debian@menole.net>  Wed, 27 Feb 2008 11:31:12 +0100

pound (2.2.7-2) unstable; urgency=high

  * Urgency high: This supersedes 2.2.7-1 which closed #360842. That was a
    grave bug, as it rendered pound unusable, I just had not realized how bad
    it was.
  * Also fix init script: restart did not work (first start, then stop),
    status bailed if daemon not running

 -- Michael Piefel <piefel@debian.org>  Thu, 29 Mar 2007 13:43:55 +0200

pound (2.2.7-1) unstable; urgency=low

  * New upstream version (closes: #407183)
    - also this time the fix that was supposed to be included in the last
      upload is now in the upstream source (closes: #360842)
  * Update syntax of example config file (closes: #356466)
  * Make pound really use the specified CFLAGS (closes: #342080)
  * Update init.d script to be LSB-compliant
  * Bumped Standards-Version to 3.7.2
  * Use debhelper 5 now

 -- Michael Piefel <piefel@debian.org>  Wed, 28 Mar 2007 11:12:25 +0200

pound (2.0-1.1) unstable; urgency=low

  * Non-maintainer upload
  * apply patch fixsegfaults.patch to fix segmentation fault
    in worker (closes: #360842)

 -- Arthur de Jong <adejong@debian.org>  Mon, 25 Sep 2006 12:42:57 +0200

pound (2.0-1) unstable; urgency=low

  * New upstream release
  * New configuration file syntax
  * Listener-specific backends to eliminate need for multiple instances
  * New redirector backend
  * Secondary proarties (error messages, timeouts, etc.) now private to
    listeners.
  * HAport accepts an optional address
  * Added -V flag for version
  * Session tracking on a specific header

 -- Sam Johnston <samj@aos.net.au>  Thu,  2 Feb 2006 05:29:09 +1100

pound (1.9.4-1) unstable; urgency=low

  * New upstream release
  * Added LogFacility config file directive
  * HTTP Request Smuggling fix: first of Content-Length and
    Transfer-Encoding takes precedence

 -- Sam Johnston <samj@aos.net.au>  Fri, 21 Oct 2005 03:14:24 +1000

pound (1.9.3-1) unstable; urgency=low

  * New upstream release. Closes #326941, #331604, #333559, #320220, #263578.

 -- Sam Johnston <samj@aos.net.au>  Sun, 16 Oct 2005 08:02:40 +1000

pound (1.9-1) unstable; urgency=low

  * New upstream version, closes: #310646, #311548, #306649
  * Ack security NMU, the fix is included upstream, closes: #307852
  * Add myself to uploaders with ok from Sam.
  * Clean up debian/:
    - remove rules.old
    - remove bogus comments and commands from rules
    - remove config, debconf is not used
  * debian/init.d:
    - use pid file
    - remove commented lines

 -- Joerg Wendland <joergland@debian.org>  Mon, 11 Jul 2005 09:16:30 +0200

pound (1.8.2-1.1) unstable; urgency=high

  * Non-maintainer upload (tnx djpig).
  * CAN-2005-1391: Fix possible buffer overflow in the add_port
    function which could be triggered by a long Host: header
    from a remote host (Closes: #307852)

 -- Joey Hess <joeyh@debian.org>  Mon, 27 Jun 2005 14:13:42 -0400

pound (1.8.2-1) unstable; urgency=low

  * New upstream version, closes: #285357
    - This supposedly also fixes some SSL issues and closes 263578
  * Added myself to uploaders, I will try to look after the package as
    long as Sam is too busy.
  * Increased MAXBUF, closes: #293915

 -- Michael Piefel <piefel@debian.org>  Tue, 22 Mar 2005 09:45:58 +0100

pound (1.7-1) unstable; urgency=high

  * New upstream *SECURITY* release
  * Resolves bugtraq id 10267 (Input Validation Error)

 -- Sam Johnston <samj@aos.net.au>  Wed, 19 May 2004 09:09:39 +1000

pound (1.5-2) unstable; urgency=medium

  * Removed --pidfile argument to start-stop-daemon in init script.
    Closes: #222885.

 -- Sam Johnston <samj@aos.net.au>  Thu,  5 Feb 2004 01:50:07 +1100

pound (1.5-1) unstable; urgency=low

  * New upstream release
  * Changing priority from optional to extra.

 -- Sam Johnston <samj@aos.net.au>  Fri, 24 Oct 2003 17:13:59 +1000

pound (1.4-3) unstable; urgency=low

  * Changing priority back to optional while waiting for override update.

 -- Sam Johnston <samj@aos.net.au>  Mon, 13 Oct 2003 18:07:22 +1000

pound (1.4-2) unstable; urgency=low

  * New maintainer
  * Changing priority from optional to extra.

 -- Sam Johnston <samj@aos.net.au>  Mon, 13 Oct 2003 16:51:57 +1000

pound (1.4-1.1) unstable; urgency=low

  * Non-maintainer upload
  * Removes templates file as debconf is not used. Closes: #208064, #208392.
  * Adds init.d script. Closes: #207689.
  * Added version (0.9.7) for libssl-dev to resolve engine related compile
    errors.
  * Sets default config file location to /etc/pound/pound.cfg
  * Includes minimal example pound.cfg (courtesy gentoo-portage)
  * Fixed broken paths in manpage.
  * Adds /etc/default/pound file to prevent unconfigured startup.

 -- Sam Johnston <samj@aos.net.au>  Sat, 11 Oct 2003 14:12:13 +1000

pound (1.4-1) unstable; urgency=low

  * Initial release.

 -- Norbert Tretkowski <nobse@debian.org>  Sun, 03 Aug 2003 12:20:27 +0200

