Ubuntu
curl package

Merge ~danilogondolfo/ubuntu/+source/curl:merge-lp2045886-noble-2 into ubuntu/+source/curl:debian/sid

  1. Git
  2. lp:~danilogondolfo/ubuntu/+source/curl
  3. merge-lp2045886-noble-2
  4. Merge into debian/sid
Proposed by Danilo Egea Gondolfo
Status: Needs review
Proposed branch: ~danilogondolfo/ubuntu/+source/curl:merge-lp2045886-noble-2
Merge into: ubuntu/+source/curl:debian/sid
Diff against target: 270 lines (+172/-2)
2 files modified
debian/changelog (+169/-0)
debian/control (+3/-2)
Reviewer Review Type Date Requested Status
Simon Quigley (community) Approve
git-ubuntu import Pending
Review via email: mp+457830@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Simon Quigley (tsimonq2) :
review: Approve
Reply

Unmerged commits

596ed45... by Danilo Egea Gondolfo

 Changelog

Also, add a missing : to the previous entry.

9b8a5e9... by Danilo Egea Gondolfo

update-maintainer

107ccae... by Danilo Egea Gondolfo

reconstruct-changelog

d2124b5... by Danilo Egea Gondolfo

merge-changelogs

4d0b94f... by Danilo Egea Gondolfo

debian/control

Don't build-depend on python3-impacket on i386 so we can drop it
(and its dependencies) from the i386 partial port. It's only used for
the tests, which do not block the build in any case.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 6a1a6b8..119ef87 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
1curl (8.5.0-2ubuntu1) noble; urgency=medium
2
3 * Merge with Debian unstable (LP: #2045886). Remaining changes:
4 - debian/control: Don't build-depend on python3-impacket on i386
5 so we can drop it (and its dependencies) from the i386 partial port.
6 It's only used for the tests, which do not block the build in any case.
7
8 -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Tue, 02 Jan 2024 09:32:27 +0000
9
1curl (8.5.0-2) unstable; urgency=medium10curl (8.5.0-2) unstable; urgency=medium
211
3 * d/p/openldap_fix_an_LDAP_crash.patch: New patch to fix ldap segfault12 * d/p/openldap_fix_an_LDAP_crash.patch: New patch to fix ldap segfault
@@ -25,6 +34,22 @@ curl (8.5.0-1) unstable; urgency=medium
2534
26 -- Samuel Henrique <samueloph@debian.org> Wed, 06 Dec 2023 20:15:49 +000035 -- Samuel Henrique <samueloph@debian.org> Wed, 06 Dec 2023 20:15:49 +0000
2736
37curl (8.4.0-2ubuntu1) noble; urgency=medium
38
39 * Merge from Debian unstable (LP: #2039798). Remaining changes:
40 - debian/control: Don't build-depend on python3-impacket on i386
41 so we can drop it (and its dependencies) from the i386 partial port.
42 It's only used for the tests, which do not block the build in any case.
43 * Drop patches for CVEs fixed upstream:
44 - debian/patches/CVE-2023-38039.patch
45 - debian/patches/CVE-2023-38545.patch
46 - debian/patches/CVE-2023-38546.patch
47 * Drop delta merged in Debian:
48 - debian/tests/control
49 - debian/tests/curl-ldapi-test
50
51 -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Wed, 01 Nov 2023 12:06:23 +0000
52
28curl (8.4.0-2) unstable; urgency=medium53curl (8.4.0-2) unstable; urgency=medium
2954
30 * d/rules: set CURL_PATCHSTAMP to package's version, so it shows up in55 * d/rules: set CURL_PATCHSTAMP to package's version, so it shows up in
@@ -84,6 +109,46 @@ curl (8.2.1-2) unstable; urgency=medium
84109
85 -- Samuel Henrique <samueloph@debian.org> Fri, 25 Aug 2023 20:05:02 +0100110 -- Samuel Henrique <samueloph@debian.org> Fri, 25 Aug 2023 20:05:02 +0100
86111
112curl (8.2.1-1ubuntu3.1) mantic-security; urgency=medium
113
114 * SECURITY UPDATE: SOCKS5 heap buffer overflow
115 - debian/patches/CVE-2023-38545.patch: return error if hostname too
116 long for remote resolve in lib/socks.c, tests/data/Makefile.inc,
117 tests/data/test728.
118 - CVE-2023-38545
119 * SECURITY UPDATE: cookie injection with none file
120 - debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields
121 in lib/cookie.c, lib/cookie.h, lib/easy.c.
122 - CVE-2023-38546
123
124 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 03 Oct 2023 20:03:05 -0400
125
126curl (8.2.1-1ubuntu3) mantic; urgency=medium
127
128 * SECURITY UPDATE: HTTP headers eat all memory
129 - debian/patches/CVE-2023-38039.patch: return error when receiving too
130 large header set in lib/c-hyper.c, lib/cf-h1-proxy.c, lib/http.c,
131 lib/http.h, lib/pingpong.c, lib/urldata.h.
132 - CVE-2023-38039
133
134 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Sep 2023 09:05:17 -0400
135
136curl (8.2.1-1ubuntu2) mantic; urgency=medium
137
138 * d/t/control, d/t/curl-ldapi-test: move test-command to an actual
139 test script and add a retry logic (LP: #2030911)
140
141 -- Andreas Hasenack <andreas@canonical.com> Wed, 09 Aug 2023 17:10:40 -0300
142
143curl (8.2.1-1ubuntu1) mantic; urgency=low
144
145 * Merge from Debian unstable. Remaining changes:
146 - Don't build-depend on python3-impacket on i386 so we can drop it
147 (and its dependencies) from the i386 partial port. It's only used for
148 the tests, which do not block the build in any case.
149
150 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 05 Aug 2023 16:06:26 +0200
151
87curl (8.2.1-1) unstable; urgency=medium152curl (8.2.1-1) unstable; urgency=medium
88153
89 [ Samuel Henrique ]154 [ Samuel Henrique ]
@@ -124,6 +189,15 @@ curl (7.88.1-11) unstable; urgency=medium
124189
125 -- Samuel Henrique <samueloph@debian.org> Fri, 28 Jul 2023 21:11:25 +0100190 -- Samuel Henrique <samueloph@debian.org> Fri, 28 Jul 2023 21:11:25 +0100
126191
192curl (7.88.1-10ubuntu1) mantic; urgency=low
193
194 * Merge from Debian unstable. Remaining changes:
195 - Don't build-depend on python3-impacket on i386 so we can drop it
196 (and its dependencies) from the i386 partial port. It's only used for
197 the tests, which do not block the build in any case.
198
199 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 19 May 2023 08:46:54 +0200
200
127curl (7.88.1-10) unstable; urgency=medium201curl (7.88.1-10) unstable; urgency=medium
128202
129 * Add new patches to fix CVEs (closes: #1036239):203 * Add new patches to fix CVEs (closes: #1036239):
@@ -136,6 +210,15 @@ curl (7.88.1-10) unstable; urgency=medium
136210
137 -- Samuel Henrique <samueloph@debian.org> Thu, 18 May 2023 23:43:40 +0100211 -- Samuel Henrique <samueloph@debian.org> Thu, 18 May 2023 23:43:40 +0100
138212
213curl (7.88.1-9ubuntu1) mantic; urgency=low
214
215 * Merge from Debian unstable. Remaining changes:
216 - Don't build-depend on python3-impacket on i386 so we can drop it
217 (and its dependencies) from the i386 partial port. It's only used for
218 the tests, which do not block the build in any case.
219
220 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 02 May 2023 08:47:52 +0200
221
139curl (7.88.1-9) unstable; urgency=medium222curl (7.88.1-9) unstable; urgency=medium
140223
141 [ Sergio Durigan Junior ]224 [ Sergio Durigan Junior ]
@@ -150,6 +233,15 @@ curl (7.88.1-9) unstable; urgency=medium
150233
151 -- Samuel Henrique <samueloph@debian.org> Sat, 15 Apr 2023 20:03:44 +0100234 -- Samuel Henrique <samueloph@debian.org> Sat, 15 Apr 2023 20:03:44 +0100
152235
236curl (7.88.1-8ubuntu1) lunar; urgency=low
237
238 * Merge from Debian unstable. Remaining changes:
239 - Don't build-depend on python3-impacket on i386 so we can drop it
240 (and its dependencies) from the i386 partial port. It's only used for
241 the tests, which do not block the build in any case.
242
243 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 27 Mar 2023 07:50:29 +0200
244
153curl (7.88.1-8) unstable; urgency=medium245curl (7.88.1-8) unstable; urgency=medium
154246
155 [ Samuel Henrique ]247 [ Samuel Henrique ]
@@ -163,6 +255,15 @@ curl (7.88.1-8) unstable; urgency=medium
163255
164 -- Samuel Henrique <samueloph@debian.org> Sun, 26 Mar 2023 11:36:24 +0100256 -- Samuel Henrique <samueloph@debian.org> Sun, 26 Mar 2023 11:36:24 +0100
165257
258curl (7.88.1-7ubuntu1) lunar; urgency=low
259
260 * Merge from Debian unstable. Remaining changes:
261 - Don't build-depend on python3-impacket on i386 so we can drop it
262 (and its dependencies) from the i386 partial port. It's only used for
263 the tests, which do not block the build in any case.
264
265 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 22 Mar 2023 11:51:25 +0100
266
166curl (7.88.1-7) unstable; urgency=medium267curl (7.88.1-7) unstable; urgency=medium
167268
168 * Bump Standards-Version to 4.6.2269 * Bump Standards-Version to 4.6.2
@@ -178,6 +279,15 @@ curl (7.88.1-7) unstable; urgency=medium
178279
179 -- Samuel Henrique <samueloph@debian.org> Tue, 21 Mar 2023 22:39:05 +0000280 -- Samuel Henrique <samueloph@debian.org> Tue, 21 Mar 2023 22:39:05 +0000
180281
282curl (7.88.1-6ubuntu1) lunar; urgency=low
283
284 * Merge from Debian unstable. Remaining changes:
285 - Don't build-depend on python3-impacket on i386 so we can drop it
286 (and its dependencies) from the i386 partial port. It's only used for
287 the tests, which do not block the build in any case.
288
289 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 13 Mar 2023 10:10:19 +0100
290
181curl (7.88.1-6) unstable; urgency=medium291curl (7.88.1-6) unstable; urgency=medium
182292
183 * d/rules: Ignore test results from tests that fail on IPv6-only builders293 * d/rules: Ignore test results from tests that fail on IPv6-only builders
@@ -230,6 +340,22 @@ curl (7.88.1-2) unstable; urgency=medium
230340
231 -- Samuel Henrique <samueloph@debian.org> Fri, 03 Mar 2023 08:28:19 +0000341 -- Samuel Henrique <samueloph@debian.org> Fri, 03 Mar 2023 08:28:19 +0000
232342
343curl (7.88.1-1ubuntu1) lunar; urgency=medium
344
345 * Merge from Debian unstable (LP: #2008123). Remaining changes:
346 + Drop patches for CVEs fixed upsteam.
347 - debian/patches/CVE-2023-23914_5-1.patch
348 - debian/patches/CVE-2023-23914_5-2.patch
349 - debian/patches/CVE-2023-23914_5-3.patch
350 - debian/patches/CVE-2023-23914_5-4.patch
351 - debian/patches/CVE-2023-23914_5-5.patch
352 - debian/patches/CVE-2023-23916.patch
353 + Don't build-depend on python3-impacket on i386 so we can drop it
354 (and its dependencies) from the i386 partial port. It's only used for
355 the tests, which do not block the build in any case.
356
357 -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Wed, 22 Feb 2023 17:14:26 +0000
358
233curl (7.88.1-1) unstable; urgency=medium359curl (7.88.1-1) unstable; urgency=medium
234360
235 * New upstream version 7.88.1361 * New upstream version 7.88.1
@@ -244,6 +370,41 @@ curl (7.88.1-1) unstable; urgency=medium
244370
245 -- Samuel Henrique <samueloph@debian.org> Mon, 20 Feb 2023 22:35:53 +0000371 -- Samuel Henrique <samueloph@debian.org> Mon, 20 Feb 2023 22:35:53 +0000
246372
373curl (7.87.0-2ubuntu2) lunar; urgency=medium
374
375 * SECURITY UPDATE: multiple HSTS issues
376 - debian/patches/CVE-2023-23914_5-1.patch: add sharing of HSTS cache
377 among handles in docs/libcurl/opts/CURLSHOPT_SHARE.3,
378 docs/libcurl/symbols-in-versions, include/curl/curl.h, lib/hsts.c,
379 lib/hsts.h, lib/setopt.c, lib/share.c, lib/share.h, lib/transfer.c,
380 lib/url.c, lib/urldata.h.
381 - debian/patches/CVE-2023-23914_5-2.patch: share HSTS between handles
382 in src/tool_operate.c.
383 - debian/patches/CVE-2023-23914_5-3.patch: handle adding the same host
384 name again in lib/hsts.c.
385 - debian/patches/CVE-2023-23914_5-4.patch: support crlf="yes" for
386 verify/proxy in tests/FILEFORMAT.md, tests/runtests.pl.
387 - debian/patches/CVE-2023-23914_5-5.patch: verify hsts with two URLs in
388 tests/data/Makefile.inc, tests/data/test446.
389 - CVE-2023-23914
390 - CVE-2023-23915
391 * SECURITY UPDATE: HTTP multi-header compression denial of service
392 - debian/patches/CVE-2023-23916.patch: do not reset stage counter for
393 each header in lib/content_encoding.c, lib/urldata.h,
394 tests/data/Makefile.inc, tests/data/test387, tests/data/test418.
395 - CVE-2023-23916
396
397 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 17 Feb 2023 08:19:10 -0500
398
399curl (7.87.0-2ubuntu1) lunar; urgency=low
400
401 * Merge from Debian unstable. Remaining changes:
402 - Don't build-depend on python3-impacket on i386 so we can drop it
403 (and its dependencies) from the i386 partial port. It's only used for
404 the tests, which do not block the build in any case.
405
406 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 01 Feb 2023 11:24:47 +0100
407
247curl (7.87.0-2) unstable; urgency=medium408curl (7.87.0-2) unstable; urgency=medium
248409
249 * d/patches: Add new upstream patch to fix regression in setopt/getinfo410 * d/patches: Add new upstream patch to fix regression in setopt/getinfo
@@ -252,6 +413,14 @@ curl (7.87.0-2) unstable; urgency=medium
252413
253 -- Samuel Henrique <samueloph@debian.org> Sun, 15 Jan 2023 21:12:09 +0000414 -- Samuel Henrique <samueloph@debian.org> Sun, 15 Jan 2023 21:12:09 +0000
254415
416curl (7.87.0-1ubuntu1) lunar; urgency=medium
417
418 * Don't build-depend on python3-impacket on i386 so we can drop it
419 (and its dependencies) from the i386 partial port. It's only used for
420 the tests, which do not block the build in any case.
421
422 -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 08 Jan 2023 00:40:54 +0000
423
255curl (7.87.0-1) unstable; urgency=medium424curl (7.87.0-1) unstable; urgency=medium
256425
257 * New upstream version 7.87.0426 * New upstream version 7.87.0
diff --git a/debian/control b/debian/control
index 953ffb4..caf606a 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: curl1Source: curl
2Section: web2Section: web
3Priority: optional3Priority: optional
4Maintainer: Debian Curl Maintainers <team+curl@tracker.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian Curl Maintainers <team+curl@tracker.debian.org>
5Uploaders: Carlos Henrique Lima Melara <charlesmelara@riseup.net>,6Uploaders: Carlos Henrique Lima Melara <charlesmelara@riseup.net>,
6 Samuel Henrique <samueloph@debian.org>,7 Samuel Henrique <samueloph@debian.org>,
7 Sergio Durigan Junior <sergiodj@debian.org>8 Sergio Durigan Junior <sergiodj@debian.org>
@@ -28,7 +29,7 @@ Build-Depends:
28 locales-all <!nocheck>,29 locales-all <!nocheck>,
29 openssh-server <!nocheck>,30 openssh-server <!nocheck>,
30 python3:native <!nocheck>,31 python3:native <!nocheck>,
31 python3-impacket <!nocheck>,32 python3-impacket [!i386] <!nocheck>,
32 gnutls-bin [amd64 arm64 armel armhf i386 mips64el mipsel s390x powerpc ppc64 riscv64] <!nocheck>,33 gnutls-bin [amd64 arm64 armel armhf i386 mips64el mipsel s390x powerpc ppc64 riscv64] <!nocheck>,
33 quilt,34 quilt,
34 stunnel4 <!nocheck>,35 stunnel4 <!nocheck>,

Subscribers

People subscribed via source and target branches