Ubuntu
curl package

Merge ~danilogondolfo/ubuntu/+source/curl:merge-lp2045886-noble-2 into ubuntu/+source/curl:debian/sid

  1. Git
  2. lp:~danilogondolfo/ubuntu/+source/curl
  3. merge-lp2045886-noble-2
  4. Merge into debian/sid
Proposed by Danilo Egea Gondolfo
Status: Needs review
Proposed branch: ~danilogondolfo/ubuntu/+source/curl:merge-lp2045886-noble-2
Merge into: ubuntu/+source/curl:debian/sid
Diff against target: 270 lines (+172/-2)
2 files modified
debian/changelog (+169/-0)
debian/control (+3/-2)
Reviewer Review Type Date Requested Status
Simon Quigley (community) Approve
git-ubuntu import Pending
Review via email: mp+457830@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Simon Quigley (tsimonq2) :
review: Approve
Reply

Unmerged commits

596ed45... by Danilo Egea Gondolfo

 Changelog

Also, add a missing : to the previous entry.

9b8a5e9... by Danilo Egea Gondolfo

update-maintainer

107ccae... by Danilo Egea Gondolfo

reconstruct-changelog

d2124b5... by Danilo Egea Gondolfo

merge-changelogs

4d0b94f... by Danilo Egea Gondolfo

debian/control

Don't build-depend on python3-impacket on i386 so we can drop it
(and its dependencies) from the i386 partial port. It's only used for
the tests, which do not block the build in any case.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 6a1a6b8..119ef87 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+curl (8.5.0-2ubuntu1) noble; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #2045886). Remaining changes:
9+ - debian/control: Don't build-depend on python3-impacket on i386
10+ so we can drop it (and its dependencies) from the i386 partial port.
11+ It's only used for the tests, which do not block the build in any case.
12+
13+ -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Tue, 02 Jan 2024 09:32:27 +0000
14+
15 curl (8.5.0-2) unstable; urgency=medium
16
17 * d/p/openldap_fix_an_LDAP_crash.patch: New patch to fix ldap segfault
18@@ -25,6 +34,22 @@ curl (8.5.0-1) unstable; urgency=medium
19
20 -- Samuel Henrique <samueloph@debian.org> Wed, 06 Dec 2023 20:15:49 +0000
21
22+curl (8.4.0-2ubuntu1) noble; urgency=medium
23+
24+ * Merge from Debian unstable (LP: #2039798). Remaining changes:
25+ - debian/control: Don't build-depend on python3-impacket on i386
26+ so we can drop it (and its dependencies) from the i386 partial port.
27+ It's only used for the tests, which do not block the build in any case.
28+ * Drop patches for CVEs fixed upstream:
29+ - debian/patches/CVE-2023-38039.patch
30+ - debian/patches/CVE-2023-38545.patch
31+ - debian/patches/CVE-2023-38546.patch
32+ * Drop delta merged in Debian:
33+ - debian/tests/control
34+ - debian/tests/curl-ldapi-test
35+
36+ -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Wed, 01 Nov 2023 12:06:23 +0000
37+
38 curl (8.4.0-2) unstable; urgency=medium
39
40 * d/rules: set CURL_PATCHSTAMP to package's version, so it shows up in
41@@ -84,6 +109,46 @@ curl (8.2.1-2) unstable; urgency=medium
42
43 -- Samuel Henrique <samueloph@debian.org> Fri, 25 Aug 2023 20:05:02 +0100
44
45+curl (8.2.1-1ubuntu3.1) mantic-security; urgency=medium
46+
47+ * SECURITY UPDATE: SOCKS5 heap buffer overflow
48+ - debian/patches/CVE-2023-38545.patch: return error if hostname too
49+ long for remote resolve in lib/socks.c, tests/data/Makefile.inc,
50+ tests/data/test728.
51+ - CVE-2023-38545
52+ * SECURITY UPDATE: cookie injection with none file
53+ - debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields
54+ in lib/cookie.c, lib/cookie.h, lib/easy.c.
55+ - CVE-2023-38546
56+
57+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 03 Oct 2023 20:03:05 -0400
58+
59+curl (8.2.1-1ubuntu3) mantic; urgency=medium
60+
61+ * SECURITY UPDATE: HTTP headers eat all memory
62+ - debian/patches/CVE-2023-38039.patch: return error when receiving too
63+ large header set in lib/c-hyper.c, lib/cf-h1-proxy.c, lib/http.c,
64+ lib/http.h, lib/pingpong.c, lib/urldata.h.
65+ - CVE-2023-38039
66+
67+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Sep 2023 09:05:17 -0400
68+
69+curl (8.2.1-1ubuntu2) mantic; urgency=medium
70+
71+ * d/t/control, d/t/curl-ldapi-test: move test-command to an actual
72+ test script and add a retry logic (LP: #2030911)
73+
74+ -- Andreas Hasenack <andreas@canonical.com> Wed, 09 Aug 2023 17:10:40 -0300
75+
76+curl (8.2.1-1ubuntu1) mantic; urgency=low
77+
78+ * Merge from Debian unstable. Remaining changes:
79+ - Don't build-depend on python3-impacket on i386 so we can drop it
80+ (and its dependencies) from the i386 partial port. It's only used for
81+ the tests, which do not block the build in any case.
82+
83+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 05 Aug 2023 16:06:26 +0200
84+
85 curl (8.2.1-1) unstable; urgency=medium
86
87 [ Samuel Henrique ]
88@@ -124,6 +189,15 @@ curl (7.88.1-11) unstable; urgency=medium
89
90 -- Samuel Henrique <samueloph@debian.org> Fri, 28 Jul 2023 21:11:25 +0100
91
92+curl (7.88.1-10ubuntu1) mantic; urgency=low
93+
94+ * Merge from Debian unstable. Remaining changes:
95+ - Don't build-depend on python3-impacket on i386 so we can drop it
96+ (and its dependencies) from the i386 partial port. It's only used for
97+ the tests, which do not block the build in any case.
98+
99+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 19 May 2023 08:46:54 +0200
100+
101 curl (7.88.1-10) unstable; urgency=medium
102
103 * Add new patches to fix CVEs (closes: #1036239):
104@@ -136,6 +210,15 @@ curl (7.88.1-10) unstable; urgency=medium
105
106 -- Samuel Henrique <samueloph@debian.org> Thu, 18 May 2023 23:43:40 +0100
107
108+curl (7.88.1-9ubuntu1) mantic; urgency=low
109+
110+ * Merge from Debian unstable. Remaining changes:
111+ - Don't build-depend on python3-impacket on i386 so we can drop it
112+ (and its dependencies) from the i386 partial port. It's only used for
113+ the tests, which do not block the build in any case.
114+
115+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 02 May 2023 08:47:52 +0200
116+
117 curl (7.88.1-9) unstable; urgency=medium
118
119 [ Sergio Durigan Junior ]
120@@ -150,6 +233,15 @@ curl (7.88.1-9) unstable; urgency=medium
121
122 -- Samuel Henrique <samueloph@debian.org> Sat, 15 Apr 2023 20:03:44 +0100
123
124+curl (7.88.1-8ubuntu1) lunar; urgency=low
125+
126+ * Merge from Debian unstable. Remaining changes:
127+ - Don't build-depend on python3-impacket on i386 so we can drop it
128+ (and its dependencies) from the i386 partial port. It's only used for
129+ the tests, which do not block the build in any case.
130+
131+ -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 27 Mar 2023 07:50:29 +0200
132+
133 curl (7.88.1-8) unstable; urgency=medium
134
135 [ Samuel Henrique ]
136@@ -163,6 +255,15 @@ curl (7.88.1-8) unstable; urgency=medium
137
138 -- Samuel Henrique <samueloph@debian.org> Sun, 26 Mar 2023 11:36:24 +0100
139
140+curl (7.88.1-7ubuntu1) lunar; urgency=low
141+
142+ * Merge from Debian unstable. Remaining changes:
143+ - Don't build-depend on python3-impacket on i386 so we can drop it
144+ (and its dependencies) from the i386 partial port. It's only used for
145+ the tests, which do not block the build in any case.
146+
147+ -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 22 Mar 2023 11:51:25 +0100
148+
149 curl (7.88.1-7) unstable; urgency=medium
150
151 * Bump Standards-Version to 4.6.2
152@@ -178,6 +279,15 @@ curl (7.88.1-7) unstable; urgency=medium
153
154 -- Samuel Henrique <samueloph@debian.org> Tue, 21 Mar 2023 22:39:05 +0000
155
156+curl (7.88.1-6ubuntu1) lunar; urgency=low
157+
158+ * Merge from Debian unstable. Remaining changes:
159+ - Don't build-depend on python3-impacket on i386 so we can drop it
160+ (and its dependencies) from the i386 partial port. It's only used for
161+ the tests, which do not block the build in any case.
162+
163+ -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 13 Mar 2023 10:10:19 +0100
164+
165 curl (7.88.1-6) unstable; urgency=medium
166
167 * d/rules: Ignore test results from tests that fail on IPv6-only builders
168@@ -230,6 +340,22 @@ curl (7.88.1-2) unstable; urgency=medium
169
170 -- Samuel Henrique <samueloph@debian.org> Fri, 03 Mar 2023 08:28:19 +0000
171
172+curl (7.88.1-1ubuntu1) lunar; urgency=medium
173+
174+ * Merge from Debian unstable (LP: #2008123). Remaining changes:
175+ + Drop patches for CVEs fixed upsteam.
176+ - debian/patches/CVE-2023-23914_5-1.patch
177+ - debian/patches/CVE-2023-23914_5-2.patch
178+ - debian/patches/CVE-2023-23914_5-3.patch
179+ - debian/patches/CVE-2023-23914_5-4.patch
180+ - debian/patches/CVE-2023-23914_5-5.patch
181+ - debian/patches/CVE-2023-23916.patch
182+ + Don't build-depend on python3-impacket on i386 so we can drop it
183+ (and its dependencies) from the i386 partial port. It's only used for
184+ the tests, which do not block the build in any case.
185+
186+ -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Wed, 22 Feb 2023 17:14:26 +0000
187+
188 curl (7.88.1-1) unstable; urgency=medium
189
190 * New upstream version 7.88.1
191@@ -244,6 +370,41 @@ curl (7.88.1-1) unstable; urgency=medium
192
193 -- Samuel Henrique <samueloph@debian.org> Mon, 20 Feb 2023 22:35:53 +0000
194
195+curl (7.87.0-2ubuntu2) lunar; urgency=medium
196+
197+ * SECURITY UPDATE: multiple HSTS issues
198+ - debian/patches/CVE-2023-23914_5-1.patch: add sharing of HSTS cache
199+ among handles in docs/libcurl/opts/CURLSHOPT_SHARE.3,
200+ docs/libcurl/symbols-in-versions, include/curl/curl.h, lib/hsts.c,
201+ lib/hsts.h, lib/setopt.c, lib/share.c, lib/share.h, lib/transfer.c,
202+ lib/url.c, lib/urldata.h.
203+ - debian/patches/CVE-2023-23914_5-2.patch: share HSTS between handles
204+ in src/tool_operate.c.
205+ - debian/patches/CVE-2023-23914_5-3.patch: handle adding the same host
206+ name again in lib/hsts.c.
207+ - debian/patches/CVE-2023-23914_5-4.patch: support crlf="yes" for
208+ verify/proxy in tests/FILEFORMAT.md, tests/runtests.pl.
209+ - debian/patches/CVE-2023-23914_5-5.patch: verify hsts with two URLs in
210+ tests/data/Makefile.inc, tests/data/test446.
211+ - CVE-2023-23914
212+ - CVE-2023-23915
213+ * SECURITY UPDATE: HTTP multi-header compression denial of service
214+ - debian/patches/CVE-2023-23916.patch: do not reset stage counter for
215+ each header in lib/content_encoding.c, lib/urldata.h,
216+ tests/data/Makefile.inc, tests/data/test387, tests/data/test418.
217+ - CVE-2023-23916
218+
219+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 17 Feb 2023 08:19:10 -0500
220+
221+curl (7.87.0-2ubuntu1) lunar; urgency=low
222+
223+ * Merge from Debian unstable. Remaining changes:
224+ - Don't build-depend on python3-impacket on i386 so we can drop it
225+ (and its dependencies) from the i386 partial port. It's only used for
226+ the tests, which do not block the build in any case.
227+
228+ -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 01 Feb 2023 11:24:47 +0100
229+
230 curl (7.87.0-2) unstable; urgency=medium
231
232 * d/patches: Add new upstream patch to fix regression in setopt/getinfo
233@@ -252,6 +413,14 @@ curl (7.87.0-2) unstable; urgency=medium
234
235 -- Samuel Henrique <samueloph@debian.org> Sun, 15 Jan 2023 21:12:09 +0000
236
237+curl (7.87.0-1ubuntu1) lunar; urgency=medium
238+
239+ * Don't build-depend on python3-impacket on i386 so we can drop it
240+ (and its dependencies) from the i386 partial port. It's only used for
241+ the tests, which do not block the build in any case.
242+
243+ -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 08 Jan 2023 00:40:54 +0000
244+
245 curl (7.87.0-1) unstable; urgency=medium
246
247 * New upstream version 7.87.0
248diff --git a/debian/control b/debian/control
249index 953ffb4..caf606a 100644
250--- a/debian/control
251+++ b/debian/control
252@@ -1,7 +1,8 @@
253 Source: curl
254 Section: web
255 Priority: optional
256-Maintainer: Debian Curl Maintainers <team+curl@tracker.debian.org>
257+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
258+XSBC-Original-Maintainer: Debian Curl Maintainers <team+curl@tracker.debian.org>
259 Uploaders: Carlos Henrique Lima Melara <charlesmelara@riseup.net>,
260 Samuel Henrique <samueloph@debian.org>,
261 Sergio Durigan Junior <sergiodj@debian.org>
262@@ -28,7 +29,7 @@ Build-Depends:
263 locales-all <!nocheck>,
264 openssh-server <!nocheck>,
265 python3:native <!nocheck>,
266- python3-impacket <!nocheck>,
267+ python3-impacket [!i386] <!nocheck>,
268 gnutls-bin [amd64 arm64 armel armhf i386 mips64el mipsel s390x powerpc ppc64 riscv64] <!nocheck>,
269 quilt,
270 stunnel4 <!nocheck>,

Subscribers

People subscribed via source and target branches