lp:ubuntu/wily/curl

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/wily/curl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

90. By Robert Ancell

* debian/control:
  - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev

89. By Marc Deslauriers

* Merge from Debian. Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.

88. By Gianfranco Costamagna

* Merge from Debian (LP: #1459685). Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
* Dropped patches:
  - debian/patches/CVE-2015-3143.patch: upstream
  - debian/patches/CVE-2015-3148.patch: upstream
  - debian/patches/CVE-2015-3144.patch: upstream
  - debian/patches/CVE-2015-3153.patch: upstream
  - debian/patches/CVE-2014-8150.patch: upstream
  - debian/patches/CVE-2015-3145.patch: upstream
* Dropped changes:
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.
    they seems to be broken since pre-trusty

87. By Gianfranco Costamagna

* Merge from Debian (LP: #1459685). Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
* Dropped patches:
  - debian/patches/CVE-2015-3143.patch: upstream
  - debian/patches/CVE-2015-3148.patch: upstream
  - debian/patches/CVE-2015-3144.patch: upstream
  - debian/patches/CVE-2015-3153.patch: upstream
  - debian/patches/CVE-2014-8150.patch: upstream
  - debian/patches/CVE-2015-3145.patch: upstream
* Dropped the added udeb packages. They were empty since trusty and were
  originally added for LP: #831496, this change is likely not needed any
  more.

86. By Marc Deslauriers

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: close Negotiate connections when
    done in lib/http.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153

85. By Marc Deslauriers

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529,
    tests/libtest/Makefile.inc, tests/libtest/lib1529.c.
  - CVE-2014-8150

84. By Marc Deslauriers

* Merge from Debian. Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.
* Dropped patches:
  - debian/patches/09_fix-timeout-in-poll-and-wait.patch: upstream
  - debian/patches/CVE-2014-3613.patch: upstream
  - debian/patches/CVE-2014-3620.patch: upstream

83. By Brian Murray

debian/patches/09_fix-timeout-in-poll-and-wait.patch: apply upstream
commit fixing timeout return value for curl_poll and curl_wait_ms.
Thanks to Grzegorz Gutowski for finding the patch. (LP: #1375663)

82. By Marc Deslauriers

* SECURITY UPDATE: incorrect cookie handling via partial literal IP
  addresses
  - debian/patches/CVE-2014-3613.patch: only use full host matches for
    hosts used as IP address in lib/cookie.c, added tests to
    tests/data/test1105, tests/data/test31, tests/data/test8.
  - CVE-2014-3613
* SECURITY UPDATE: incorrect cookie handling for TLDs
  - debian/patches/CVE-2014-3620.patch: reject incoming cookies set for
    TLDs in lib/cookie.c, added test to tests/data/test61.
  - CVE-2014-3620

81. By Gianfranco Costamagna

* Merge from Debian unstable (LP: #1348564). Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/trusty/curl
This branch contains Public information 
Everyone can see this information.

Subscribers