dotnet7 (7.0.109-0ubuntu1~22.10.1) kinetic-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser>
      PasswordSignInAsync Method.
  * debian/tests: introduced missing .tests.rc.d directory.
  * debian/tests/control: enabled test dotnet-runtime-json-contains-ubuntu-rids.
  * debian/tests/.tests.rc.d/init.sh: fixed parsing error of runtime revision
    number.

 -- Ian Constantin <ian.constantin@canonical.com>  Thu, 06 Jul 2023 10:59:12 +0300

dotnet7 (7.0.108-0ubuntu1~22.10.1) kinetic-security; urgency=medium

  [ Mateus Rodrigues de Morais ]
  * New upstream release.
    - Fixes regression that was introduced with the bugfix for CVE-2023-29331:
      Loading null-password-encrypted PFX certificates through .NET can fail
      unexpectedly for certificates that previously loaded successfully.
  [ Ian Constantin ]
  * debian/tests: introducing extended autopkgtests accidentally missed in the
    previous release.

 -- Ian Constantin <ian.constantin@canonical.com>  Wed, 21 Jun 2023 16:12:30 +0300

dotnet7 (7.0.107-0ubuntu1~22.10.1) kinetic-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or
      DataTable from XML.
  * SECURITY UPDATE: denial of service
    - CVE-2023-29331: When a .NET application is internet-facing and accepts
      an X509 client certificate for mutual TLS, a malicious client certificate
      can cause unbounded CPU usage.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-29337: A vulnerability exists in NuGet where a potential race
      condition can lead to a symlink attack.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory
      argument.
  * SECURITY UPDATE: remote code execution
    - CVE-2023-33128: An issue in source generators can lead to a crash due to
      unmanaged heap corruption.
  * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream.

  [ Dominik Viererbe ]
  * d/t: extended autopkgtest:
    * essential-binaries-and-config-files-should-be-present
    * cli-metadata-should-be-correct
    * global-json-should-be-detected
    * console-template-should-build-and-run
    * dotnet-help-should-show-output
    * dotnet-project-management-cli-should-work
    * example-fsharp-script-output-should-equal-expected-values
    * building-hello-world-for-all-supported-rids-should-work
    * dotnet-xunit-tests-should-work
    * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery
    * crossbuild-for-windows-x64-should-run
    * dotnet6-and-dotnet7-should-work-together

 -- Ian Constantin <ian.constantin@canonical.com>  Fri, 02 Jun 2023 22:28:04 +0300

dotnet7 (7.0.105-0ubuntu1~22.10.1) kinetic-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-28260: AzureDevOps Elevation of Privilege - Dotnet CWD dll
      hijack vuln.

 -- Ian Constantin <ian.constantin@canonical.com>  Thu, 06 Apr 2023 10:24:09 +0300

dotnet7 (7.0.104-0ubuntu2~22.10.1) kinetic; urgency=medium

  * Backport dotnet 7.0.104 to kinetic (LP: #2011809).
    - debian/control: revert to libicu71

 -- Dominik Viererbe <dominik.viererbe@canonical.com>  Wed, 22 Mar 2023 13:14:34 +0200

dotnet7 (7.0.104-0ubuntu2) lunar; urgency=medium

  * d/p/add-kinetic-rids.patch: Added RIDs for ubuntu 22.10 kinetic.
    - Based on the dropped d/p/66225runtime-fix-runtime-id.patch 
      from wfurt <tweinfurt@yahoo.com>.

 -- Dominik Viererbe <dominik.viererbe@canonical.com>  Tue, 21 Mar 2023 19:16:20 +0200

dotnet7 (7.0.104-0ubuntu1) lunar; urgency=medium

  * New upstream microrelease.
  * d/p/66225runtime-fix-runtime-id.patch : Dropped.

 -- Miriam España Acebal <miriam.espana@canonical.com>  Fri, 10 Mar 2023 12:45:58 +0100

dotnet7 (7.0.103-0ubuntu1) lunar; urgency=medium

  * New upstream microrelease.
  * d/control: Using libicu72.
  * d/p/2671-remove-Proprietary-comment.patch: Remove comment. This is
    merged upstream but it isn't reflected on the source code yet.
  * d/repack-dotnet-tarball.sh: New file. Repack MS tarball.
  * d/rules: if-else for bootstrapping building versus normal one (LP: #2006531).
    Removing unused commented lines for clarity.

 -- Miriam España Acebal <miriam.espana@canonical.com>  Wed, 08 Feb 2023 10:15:30 +0100

dotnet7 (7.0.102-0ubuntu2) lunar; urgency=medium

  * Rebuild against latest icu

 -- Jeremy Bicha <jbicha@ubuntu.com>  Sat, 04 Feb 2023 10:34:33 -0500

dotnet7 (7.0.102-0ubuntu1) lunar; urgency=medium

  * New upstream microrelease.
  * d/rules: Reverting DOTNET_TOP, but still using dotnet_version
    to get previous sdk when building.
  * d/test: Improving existing DEP-8 tests.

  [Graham Inggs]
  * d/test/basic-*: Adding AUTOPKGTEST_TMP for allowing dotnet muxer
    to find correct path for execution.

 -- Miriam España Acebal <miriam.espana@canonical.com>  Thu, 19 Jan 2023 13:43:55 +0100

dotnet7 (7.0.101-0ubuntu2) lunar; urgency=medium

  * d/rules: Fixing DOTNET_TOP: still both bootstrapped archs use old layout.

 -- Miriam España Acebal <miriam.espana@canonical.com>  Wed, 18 Jan 2023 16:59:44 +0100

dotnet7 (7.0.101-0ubuntu1) lunar; urgency=medium

  * New upstream microrelease.
  * d/rules: adapting DOTNET_TOP for amd64 when still uses
    MS bootstrapped debs on building. Erasing switch comments 
    for building depending on layout.
  * d/dotnet-host-7.0.manpages: Renamed from
    d/dotnet-sdk-7.0.manpages. Attaching man pages installation
    here to avoid conflicts when two different SDKs are installed.
  * d/control: Added Breaks field for avoid installation issues when dotnet6
    (previous versions to 6.0.111) is on the system.

  [Steve Langasek]
  * Refresh debian/patches/66225runtime-fix-runtime-id.patch for lunar.

 -- Miriam España Acebal <miriam.espana@canonical.com>  Fri, 16 Dec 2022 11:45:51 +0100

dotnet7 (7.0.100-0ubuntu1) lunar; urgency=medium

  * Initial release (LP: #1995478).

 -- Miriam España Acebal <miriam.espana@canonical.com>  Wed, 07 Dec 2022 18:49:39 +0000
