Ubuntu
curl package

Merge ~danilogondolfo/ubuntu/+source/curl:merge-lp2039798-noble into ubuntu/+source/curl:debian/sid

  1. Git
  2. lp:~danilogondolfo/ubuntu/+source/curl
  3. merge-lp2039798-noble
  4. Merge into debian/sid
Proposed by Danilo Egea Gondolfo
Status: Needs review
Proposed branch: ~danilogondolfo/ubuntu/+source/curl:merge-lp2039798-noble
Merge into: ubuntu/+source/curl:debian/sid
Diff against target: 254 lines (+163/-2)
2 files modified
debian/changelog (+160/-0)
debian/control (+3/-2)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
git-ubuntu import Pending
Review via email: mp+455006@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the MP, Danilo.

I'm leaving two minor comments regarding the changelog entry, but otherwise it's looking great. Let me know when you address the comments and I'll sponsor the upload.

review: Needs Fixing
Reply
Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

Thank you, Sergio. Just fixed it.

Reply
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks. Uploaded:

$ dput ssh-ubuntu curl_8.4.0-2ubuntu1_source.changes
  177 D: Setting host argument.
  178 Checking signature on .changes
  179 gpg: /home/sergio/work/curl/curl_8.4.0-2ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
  180 Checking signature on .dsc
  181 gpg: /home/sergio/work/curl/curl_8.4.0-2ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
  182 Package includes an .orig.tar.gz file although the debian revision suggests
  183 that it might not be required. Multiple uploads of the .orig.tar.gz may be
  184 rejected by the upload queue management software.
  185 Uploading to ssh-ubuntu (via sftp to upload.ubuntu.com):
  186 Uploading curl_8.4.0-2ubuntu1.dsc: done.
  187 Uploading curl_8.4.0.orig.tar.gz: done.
  188 Uploading curl_8.4.0.orig.tar.gz.asc: done.
  189 Uploading curl_8.4.0-2ubuntu1.debian.tar.xz: done.
  190 Uploading curl_8.4.0-2ubuntu1_source.buildinfo: done.
  191 Uploading curl_8.4.0-2ubuntu1_source.changes: done.
  192 Successfully uploaded packages.

review: Approve
Reply

Unmerged commits

c692550... by Danilo Egea Gondolfo

Changelog

d553817... by Danilo Egea Gondolfo

update-maintainer

ad78cad... by Danilo Egea Gondolfo

reconstruct-changelog

10757bf... by Danilo Egea Gondolfo

merge-changelogs

9d66e78... by Danilo Egea Gondolfo

debian/control

Don't build-depend on python3-impacket on i386 so we can drop it
(and its dependencies) from the i386 partial port. It's only used for
the tests, which do not block the build in any case.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index b69d34a..1e5c29f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
1curl (8.4.0-2ubuntu1) noble; urgency=medium
2
3 * Merge from Debian unstable (LP: #2039798). Remaining changes:
4 - debian/control: Don't build-depend on python3-impacket on i386
5 so we can drop it (and its dependencies) from the i386 partial port.
6 It's only used for the tests, which do not block the build in any case.
7 * Drop patches for CVEs fixed upstream:
8 - debian/patches/CVE-2023-38039.patch
9 - debian/patches/CVE-2023-38545.patch
10 - debian/patches/CVE-2023-38546.patch
11 * Drop delta merged in Debian
12 - debian/tests/control
13 - debian/tests/curl-ldapi-test
14
15 -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Wed, 01 Nov 2023 12:06:23 +0000
16
1curl (8.4.0-2) unstable; urgency=medium17curl (8.4.0-2) unstable; urgency=medium
218
3 * d/rules: set CURL_PATCHSTAMP to package's version, so it shows up in19 * d/rules: set CURL_PATCHSTAMP to package's version, so it shows up in
@@ -57,6 +73,46 @@ curl (8.2.1-2) unstable; urgency=medium
5773
58 -- Samuel Henrique <samueloph@debian.org> Fri, 25 Aug 2023 20:05:02 +010074 -- Samuel Henrique <samueloph@debian.org> Fri, 25 Aug 2023 20:05:02 +0100
5975
76curl (8.2.1-1ubuntu3.1) mantic-security; urgency=medium
77
78 * SECURITY UPDATE: SOCKS5 heap buffer overflow
79 - debian/patches/CVE-2023-38545.patch: return error if hostname too
80 long for remote resolve in lib/socks.c, tests/data/Makefile.inc,
81 tests/data/test728.
82 - CVE-2023-38545
83 * SECURITY UPDATE: cookie injection with none file
84 - debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields
85 in lib/cookie.c, lib/cookie.h, lib/easy.c.
86 - CVE-2023-38546
87
88 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 03 Oct 2023 20:03:05 -0400
89
90curl (8.2.1-1ubuntu3) mantic; urgency=medium
91
92 * SECURITY UPDATE: HTTP headers eat all memory
93 - debian/patches/CVE-2023-38039.patch: return error when receiving too
94 large header set in lib/c-hyper.c, lib/cf-h1-proxy.c, lib/http.c,
95 lib/http.h, lib/pingpong.c, lib/urldata.h.
96 - CVE-2023-38039
97
98 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Sep 2023 09:05:17 -0400
99
100curl (8.2.1-1ubuntu2) mantic; urgency=medium
101
102 * d/t/control, d/t/curl-ldapi-test: move test-command to an actual
103 test script and add a retry logic (LP: #2030911)
104
105 -- Andreas Hasenack <andreas@canonical.com> Wed, 09 Aug 2023 17:10:40 -0300
106
107curl (8.2.1-1ubuntu1) mantic; urgency=low
108
109 * Merge from Debian unstable. Remaining changes:
110 - Don't build-depend on python3-impacket on i386 so we can drop it
111 (and its dependencies) from the i386 partial port. It's only used for
112 the tests, which do not block the build in any case.
113
114 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 05 Aug 2023 16:06:26 +0200
115
60curl (8.2.1-1) unstable; urgency=medium116curl (8.2.1-1) unstable; urgency=medium
61117
62 [ Samuel Henrique ]118 [ Samuel Henrique ]
@@ -97,6 +153,15 @@ curl (7.88.1-11) unstable; urgency=medium
97153
98 -- Samuel Henrique <samueloph@debian.org> Fri, 28 Jul 2023 21:11:25 +0100154 -- Samuel Henrique <samueloph@debian.org> Fri, 28 Jul 2023 21:11:25 +0100
99155
156curl (7.88.1-10ubuntu1) mantic; urgency=low
157
158 * Merge from Debian unstable. Remaining changes:
159 - Don't build-depend on python3-impacket on i386 so we can drop it
160 (and its dependencies) from the i386 partial port. It's only used for
161 the tests, which do not block the build in any case.
162
163 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 19 May 2023 08:46:54 +0200
164
100curl (7.88.1-10) unstable; urgency=medium165curl (7.88.1-10) unstable; urgency=medium
101166
102 * Add new patches to fix CVEs (closes: #1036239):167 * Add new patches to fix CVEs (closes: #1036239):
@@ -109,6 +174,15 @@ curl (7.88.1-10) unstable; urgency=medium
109174
110 -- Samuel Henrique <samueloph@debian.org> Thu, 18 May 2023 23:43:40 +0100175 -- Samuel Henrique <samueloph@debian.org> Thu, 18 May 2023 23:43:40 +0100
111176
177curl (7.88.1-9ubuntu1) mantic; urgency=low
178
179 * Merge from Debian unstable. Remaining changes:
180 - Don't build-depend on python3-impacket on i386 so we can drop it
181 (and its dependencies) from the i386 partial port. It's only used for
182 the tests, which do not block the build in any case.
183
184 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 02 May 2023 08:47:52 +0200
185
112curl (7.88.1-9) unstable; urgency=medium186curl (7.88.1-9) unstable; urgency=medium
113187
114 [ Sergio Durigan Junior ]188 [ Sergio Durigan Junior ]
@@ -123,6 +197,15 @@ curl (7.88.1-9) unstable; urgency=medium
123197
124 -- Samuel Henrique <samueloph@debian.org> Sat, 15 Apr 2023 20:03:44 +0100198 -- Samuel Henrique <samueloph@debian.org> Sat, 15 Apr 2023 20:03:44 +0100
125199
200curl (7.88.1-8ubuntu1) lunar; urgency=low
201
202 * Merge from Debian unstable. Remaining changes:
203 - Don't build-depend on python3-impacket on i386 so we can drop it
204 (and its dependencies) from the i386 partial port. It's only used for
205 the tests, which do not block the build in any case.
206
207 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 27 Mar 2023 07:50:29 +0200
208
126curl (7.88.1-8) unstable; urgency=medium209curl (7.88.1-8) unstable; urgency=medium
127210
128 [ Samuel Henrique ]211 [ Samuel Henrique ]
@@ -136,6 +219,15 @@ curl (7.88.1-8) unstable; urgency=medium
136219
137 -- Samuel Henrique <samueloph@debian.org> Sun, 26 Mar 2023 11:36:24 +0100220 -- Samuel Henrique <samueloph@debian.org> Sun, 26 Mar 2023 11:36:24 +0100
138221
222curl (7.88.1-7ubuntu1) lunar; urgency=low
223
224 * Merge from Debian unstable. Remaining changes:
225 - Don't build-depend on python3-impacket on i386 so we can drop it
226 (and its dependencies) from the i386 partial port. It's only used for
227 the tests, which do not block the build in any case.
228
229 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 22 Mar 2023 11:51:25 +0100
230
139curl (7.88.1-7) unstable; urgency=medium231curl (7.88.1-7) unstable; urgency=medium
140232
141 * Bump Standards-Version to 4.6.2233 * Bump Standards-Version to 4.6.2
@@ -151,6 +243,15 @@ curl (7.88.1-7) unstable; urgency=medium
151243
152 -- Samuel Henrique <samueloph@debian.org> Tue, 21 Mar 2023 22:39:05 +0000244 -- Samuel Henrique <samueloph@debian.org> Tue, 21 Mar 2023 22:39:05 +0000
153245
246curl (7.88.1-6ubuntu1) lunar; urgency=low
247
248 * Merge from Debian unstable. Remaining changes:
249 - Don't build-depend on python3-impacket on i386 so we can drop it
250 (and its dependencies) from the i386 partial port. It's only used for
251 the tests, which do not block the build in any case.
252
253 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 13 Mar 2023 10:10:19 +0100
254
154curl (7.88.1-6) unstable; urgency=medium255curl (7.88.1-6) unstable; urgency=medium
155256
156 * d/rules: Ignore test results from tests that fail on IPv6-only builders257 * d/rules: Ignore test results from tests that fail on IPv6-only builders
@@ -203,6 +304,22 @@ curl (7.88.1-2) unstable; urgency=medium
203304
204 -- Samuel Henrique <samueloph@debian.org> Fri, 03 Mar 2023 08:28:19 +0000305 -- Samuel Henrique <samueloph@debian.org> Fri, 03 Mar 2023 08:28:19 +0000
205306
307curl (7.88.1-1ubuntu1) lunar; urgency=medium
308
309 * Merge from Debian unstable (LP: #2008123). Remaining changes:
310 + Drop patches for CVEs fixed upsteam.
311 - debian/patches/CVE-2023-23914_5-1.patch
312 - debian/patches/CVE-2023-23914_5-2.patch
313 - debian/patches/CVE-2023-23914_5-3.patch
314 - debian/patches/CVE-2023-23914_5-4.patch
315 - debian/patches/CVE-2023-23914_5-5.patch
316 - debian/patches/CVE-2023-23916.patch
317 + Don't build-depend on python3-impacket on i386 so we can drop it
318 (and its dependencies) from the i386 partial port. It's only used for
319 the tests, which do not block the build in any case.
320
321 -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Wed, 22 Feb 2023 17:14:26 +0000
322
206curl (7.88.1-1) unstable; urgency=medium323curl (7.88.1-1) unstable; urgency=medium
207324
208 * New upstream version 7.88.1325 * New upstream version 7.88.1
@@ -217,6 +334,41 @@ curl (7.88.1-1) unstable; urgency=medium
217334
218 -- Samuel Henrique <samueloph@debian.org> Mon, 20 Feb 2023 22:35:53 +0000335 -- Samuel Henrique <samueloph@debian.org> Mon, 20 Feb 2023 22:35:53 +0000
219336
337curl (7.87.0-2ubuntu2) lunar; urgency=medium
338
339 * SECURITY UPDATE: multiple HSTS issues
340 - debian/patches/CVE-2023-23914_5-1.patch: add sharing of HSTS cache
341 among handles in docs/libcurl/opts/CURLSHOPT_SHARE.3,
342 docs/libcurl/symbols-in-versions, include/curl/curl.h, lib/hsts.c,
343 lib/hsts.h, lib/setopt.c, lib/share.c, lib/share.h, lib/transfer.c,
344 lib/url.c, lib/urldata.h.
345 - debian/patches/CVE-2023-23914_5-2.patch: share HSTS between handles
346 in src/tool_operate.c.
347 - debian/patches/CVE-2023-23914_5-3.patch: handle adding the same host
348 name again in lib/hsts.c.
349 - debian/patches/CVE-2023-23914_5-4.patch: support crlf="yes" for
350 verify/proxy in tests/FILEFORMAT.md, tests/runtests.pl.
351 - debian/patches/CVE-2023-23914_5-5.patch: verify hsts with two URLs in
352 tests/data/Makefile.inc, tests/data/test446.
353 - CVE-2023-23914
354 - CVE-2023-23915
355 * SECURITY UPDATE: HTTP multi-header compression denial of service
356 - debian/patches/CVE-2023-23916.patch: do not reset stage counter for
357 each header in lib/content_encoding.c, lib/urldata.h,
358 tests/data/Makefile.inc, tests/data/test387, tests/data/test418.
359 - CVE-2023-23916
360
361 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 17 Feb 2023 08:19:10 -0500
362
363curl (7.87.0-2ubuntu1) lunar; urgency=low
364
365 * Merge from Debian unstable. Remaining changes:
366 - Don't build-depend on python3-impacket on i386 so we can drop it
367 (and its dependencies) from the i386 partial port. It's only used for
368 the tests, which do not block the build in any case.
369
370 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 01 Feb 2023 11:24:47 +0100
371
220curl (7.87.0-2) unstable; urgency=medium372curl (7.87.0-2) unstable; urgency=medium
221373
222 * d/patches: Add new upstream patch to fix regression in setopt/getinfo374 * d/patches: Add new upstream patch to fix regression in setopt/getinfo
@@ -225,6 +377,14 @@ curl (7.87.0-2) unstable; urgency=medium
225377
226 -- Samuel Henrique <samueloph@debian.org> Sun, 15 Jan 2023 21:12:09 +0000378 -- Samuel Henrique <samueloph@debian.org> Sun, 15 Jan 2023 21:12:09 +0000
227379
380curl (7.87.0-1ubuntu1) lunar; urgency=medium
381
382 * Don't build-depend on python3-impacket on i386 so we can drop it
383 (and its dependencies) from the i386 partial port. It's only used for
384 the tests, which do not block the build in any case.
385
386 -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 08 Jan 2023 00:40:54 +0000
387
228curl (7.87.0-1) unstable; urgency=medium388curl (7.87.0-1) unstable; urgency=medium
229389
230 * New upstream version 7.87.0390 * New upstream version 7.87.0
diff --git a/debian/control b/debian/control
index 8fd48c5..a39683e 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: curl1Source: curl
2Section: web2Section: web
3Priority: optional3Priority: optional
4Maintainer: Alessandro Ghedini <ghedo@debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Alessandro Ghedini <ghedo@debian.org>
5Uploaders: Samuel Henrique <samueloph@debian.org>,6Uploaders: Samuel Henrique <samueloph@debian.org>,
6 Sergio Durigan Junior <sergiodj@debian.org>7 Sergio Durigan Junior <sergiodj@debian.org>
7Build-Depends:8Build-Depends:
@@ -27,7 +28,7 @@ Build-Depends:
27 locales-all <!nocheck>,28 locales-all <!nocheck>,
28 openssh-server <!nocheck>,29 openssh-server <!nocheck>,
29 python3:native <!nocheck>,30 python3:native <!nocheck>,
30 python3-impacket <!nocheck>,31 python3-impacket [!i386] <!nocheck>,
31 gnutls-bin [amd64 arm64 armel armhf i386 mips64el mipsel s390x powerpc ppc64 riscv64] <!nocheck>,32 gnutls-bin [amd64 arm64 armel armhf i386 mips64el mipsel s390x powerpc ppc64 riscv64] <!nocheck>,
32 quilt,33 quilt,
33 stunnel4 <!nocheck>,34 stunnel4 <!nocheck>,

Subscribers

People subscribed via source and target branches