dotnet8 (8.0.110-8.0.10-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: remote code execution
    - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
      application code is writing to the response body, a race condition may
      lead to remote code execution.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43483: Multiple .NET components designed to process hostile
      input are susceptible to hash flooding attacks.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
      SortedList.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43485: Denial of Service attack against System.Text.Json
      ExtensionData feature.

 -- Ian Constantin <ian.constantin@canonical.com>  Wed, 02 Oct 2024 09:54:18 +0300

dotnet8 (8.0.108-8.0.8-0ubuntu1~24.04.2) noble; urgency=medium

  * Add ppc64el as a supported architecture (LP: #2075185).
    - d/control, d/rules: Add ppc64el as a supported architecture.
    - d/eng/versionlib/dotnet.py: Add ppc64le to ArchitectureIdentifier.
  * d/p/0002-roslyn-analyzers-dont-use-apphost.patch: Fix ppc64el FTBFS by
    disabling usage of AppHost in roslyn-analyzers PerformanceTests project.
  * d/p/0003-vstest-intent-net8.0.patch: Fix ppc64el FTBFS by changing the
    vstest Intent test project TFM to net8.0.
  * d/t/regular-tests/release-version-sane/VersionTest.cs: Fix test failure
    by defining a sane release version as less than or equal to current.
  * d/eng/test-runner: Update test runner to latest version (v1.1.0) to fix
    autopkgtest failure in ppc64el.

 -- Mateus Rodrigues de Morais <mateus.morais@canonical.com>  Tue, 13 Aug 2024 18:58:38 -0300

dotnet8 (8.0.108-8.0.8-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: information disclosure
    - CVE-2024-38167: information disclosure vulnerability in TlsStream.
  * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY
    connection method updated.

 -- Ian Constantin <ian.constantin@canonical.com>  Fri, 09 Aug 2024 09:43:27 +0300

dotnet8 (8.0.107-8.0.7-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-30105: Denial of service vulnerability in System.Text.Json
      deserialization.
  * SECURITY UPDATE: denial of service
    - CVE-2024-35264: Denial of service in ASP.NET Core 8.
  * SECURITY UPDATE: denial of service
    - CVE-2024-38095: Denial of service in parsing X.509 Content and
      ObjectIdentifiers.

 -- Ian Constantin <ian.constantin@canonical.com>  Tue, 02 Jul 2024 11:55:58 +0300

dotnet8 (8.0.105-8.0.5-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: stack buffer overflow
    - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
      routine allows for remote code execution.
  * SECURITY UPDATE: resource dead-lock
    - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a
      denial of service.
  * debian/patches/0001-fix-clang18-build.patch: refreshed patch to remove
    new upstream inclusions.

 -- Ian Constantin <ian.constantin@canonical.com>  Thu, 09 May 2024 17:16:30 +0300

dotnet8 (8.0.104-8.0.4-0ubuntu1) noble; urgency=medium

  * New upstream release (LP: #2060261).
  * debian/README.source: Update support information (LP: #2058746).
  * debian/eng/versionlib: Add support for '+really' and '~bootstrap+ARCH' 
                           in version string.
  * debian/tests/versionlib-tests: Add versionlib unit tests
    - debian/tests/run-versionlib-tests.sh: script to run the tests

 -- Dominik Viererbe <dominik.viererbe@canonical.com>  Fri, 05 Apr 2024 06:22:48 +0300

dotnet8 (8.0.103-8.0.3-0ubuntu3) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- William Grant <wgrant@ubuntu.com>  Mon, 01 Apr 2024 16:43:22 +1100

dotnet8 (8.0.103-8.0.3-0ubuntu2) noble; urgency=medium

  * d/control: added s390x as a supported architecture
  * d/rules: one-liner to remove .pdb files outside of debug symbols directory
    and added s390x as a supported architecture
  * d/p/0001-fix-clang18-build.patch: fixes FTBFS on clang 18 (LP: #2058766)

 -- Mateus Rodrigues de Morais <mateus.morais@canonical.com>  Sun, 24 Mar 2024 15:32:00 -0300

dotnet8 (8.0.103-8.0.3-0ubuntu1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21392: DoS in .NET Core / YARP HTTP / 2 WebSocket support.
  * Add ca-certificates to dotnet-sdk-8.0 depends (LP: #2057982).
  * Replace debian/tests:
    - Add debian/tests/01_regular-tests & debian/tests/regular-tests
      (testcases files; included version of: 
      https://github.com/canonical/dotnet-regular-tests/).
    - Add debian/tests/build-time-tests
  * debian/rules: Added override_dh_auto_test; runs d/t/build-time-tests
  * debian/copyright: Update debian/ copyright information
  * debian/eng: Added directory for scripts & libraries used within the package:
    - Add debian/eng/test-runner (executes debian/tests/regular-tests testcases;
      included version of: https://github.com/canonical/dotnet-test-runner).
    - Added debian/eng/versionlib (.NET version parsing library; used by 
      debian/tests).
    - Added debian/eng/strenum; needed by debian/eng/versionlib
    - Added debian/eng/dotnet-version.py; needed by debian/tests/01_regular-tests
    - Moved debian/watch-script.sh and debian/build-dotnet-tarball.sh 
      to debian/eng
  * debian/source/include-binaries: includes a certificate needed by
    debian/tests/regular-tests/libuv-kestrel-sample-app-2x
  * Removed debian/repack-dotnet-tarball.sh (deprecated)

 -- Dominik Viererbe <dominik.viererbe@canonical.com>  Mon, 18 Mar 2024 14:54:29 +0200

dotnet8 (8.0.102-8.0.2-0ubuntu2) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 04 Mar 2024 17:42:12 +0000

dotnet8 (8.0.102-8.0.2-0ubuntu1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21386: denial of service vector in SignalR server.
  * SECURITY UPDATE: denial of service
    - CVE-2024-21404: .NET with OpenSSL support is vulnerable to a denial of
      service when parsing X509 certificates.

 -- Ian Constantin <ian.constantin@canonical.com>  Thu, 08 Feb 2024 14:02:19 +0200

dotnet8 (8.0.101-8.0.1-0ubuntu2) noble; urgency=medium

  * Added new binary packages for debug symbols.
  * Moved RID-specific targeting packs to dotnet-sdk-8.0 binary package
    per Microsoft documentation. (LP: #2046458)

 -- Mateus Rodrigues de Morais <mateus.morais@canonical.com>  Wed, 17 Jan 2024 17:30:29 -0300

dotnet8 (8.0.101-8.0.1-0ubuntu1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: validation bypass
    - CVE-2024-0057: X509 Certificates - Validation Bypass across Azure
  * SECURITY UPDATE: denial of service
    - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT
  * debian/build-dotnet-tarball.sh: rename function print_err to print_error
  * debian/control: transition to libicu74
  * debian/tests: removed dotnet6-and-dotnet7-and-dotnet8-should-work-together

 -- Ian Constantin <ian.constantin@canonical.com>  Sat, 06 Jan 2024 18:28:44 +0200

dotnet8 (8.0.100-8.0.0-0ubuntu2) noble; urgency=medium

  * No-change rebuild for ICU soname change.

 -- Matthias Klose <doko@ubuntu.com>  Tue, 19 Dec 2023 11:05:39 +0100

dotnet8 (8.0.100-8.0.0-0ubuntu1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-36558: Security Feature Bypass in Blazor forms
  * SECURITY UPDATE: Arbitrary File Write and Deletion
    - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection
      Arbitrary File Write and Deletion
  * debian/patches/0001-Fix-source-built-runtime-version-number.patch: removed
    no longer needed patch.
 -- Ian Constantin <ian.constantin@canonical.com>  Mon, 13 Nov 2023 15:13:03 +0200

dotnet8 (8.0.100-8.0.0~rc2-0ubuntu2) noble; urgency=medium

  * d/p/0001-Fix-source-built-runtime-version-number.patch: Fix
    source-built runtime version number. (LP: #2040547)

 -- Mateus Rodrigues de Morais <mateus.morais@canonical.com>  Thu, 26 Oct 2023 08:52:11 -0300

dotnet8 (8.0.100-8.0.0~rc2-0ubuntu1) mantic-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-44487: Denial of service - Kestrel server.
  * debian/tests/cli-metadata-should-be-correct: updated regex for the Host
    Runtime Version check.

  [ Mateus Rodrigues de Morais ]
  * debian/rules: removed uneeded sym link for
    $(DOTNET_TOP)/source-built-artifacts/Private.SourceBuilt.Prebuilts.*.tar.gz
  * debian/lintian: additional lintian overrides added.

 -- Ian Constantin <ian.constantin@canonical.com>  Wed, 18 Oct 2023 21:05:17 +0300

dotnet8 (8.0.100-8.0.0~rc1-0ubuntu1) mantic; urgency=medium

  * Initial release (LP: #2025261)

 -- Mateus Rodrigues de Morais <mateus.morais@canonical.com>  Thu, 05 Oct 2023 15:58:22 -0300
