lp:ubuntu/wily/curl
- Get this branch:
- bzr branch lp:ubuntu/wily/curl
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 90. By Robert Ancell
-
* debian/control:
- Switch build depends from transitional libgnutsl28-dev to libgnutls-dev - 89. By Marc Deslauriers
-
* Merge from Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends. - 88. By Gianfranco Costamagna
-
* Merge from Debian (LP: #1459685). Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
* Dropped patches:
- debian/patches/ CVE-2015- 3143.patch: upstream
- debian/patches/ CVE-2015- 3148.patch: upstream
- debian/patches/ CVE-2015- 3144.patch: upstream
- debian/patches/ CVE-2015- 3153.patch: upstream
- debian/patches/ CVE-2014- 8150.patch: upstream
- debian/patches/ CVE-2015- 3145.patch: upstream
* Dropped changes:
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
they seems to be broken since pre-trusty - 87. By Gianfranco Costamagna
-
* Merge from Debian (LP: #1459685). Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
* Dropped patches:
- debian/patches/ CVE-2015- 3143.patch: upstream
- debian/patches/ CVE-2015- 3148.patch: upstream
- debian/patches/ CVE-2015- 3144.patch: upstream
- debian/patches/ CVE-2015- 3153.patch: upstream
- debian/patches/ CVE-2014- 8150.patch: upstream
- debian/patches/ CVE-2015- 3145.patch: upstream
* Dropped the added udeb packages. They were empty since trusty and were
originally added for LP: #831496, this change is likely not needed any
more. - 86. By Marc Deslauriers
-
* SECURITY UPDATE: NTLM connection reuse when unauthenticated
- debian/patches/ CVE-2015- 3143.patch: require credentials to match in
lib/url.c.
- CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
- debian/patches/ CVE-2015- 3144.patch: check for valid length in
lib/url.c.
- CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
- debian/patches/ CVE-2015- 3145.patch: properly handle a single double
quote in lib/cookie.c.
- CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
- debian/patches/ CVE-2015- 3148.patch: close Negotiate connections when
done in lib/http.c.
- CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
- debian/patches/ CVE-2015- 3153.patch: make HTTP headers separated in
docs/libcurl/ opts/CURLOPT_ HEADEROPT. 3, lib/url.c,
tests/data/test1527, tests/data/test287, tests/libtest/ lib1527. c.
- CVE-2015-3153 - 85. By Marc Deslauriers
-
* SECURITY UPDATE: URL request injection
- debian/patches/ CVE-2014- 8150.patch: drop bad chars from URL in
lib/url.c, added test to tests/data/Makefile. am, tests/data/ test1529,
tests/libtest/ Makefile. inc, tests/libtest/ lib1529. c.
- CVE-2014-8150 - 84. By Marc Deslauriers
-
* Merge from Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
* Dropped patches:
- debian/patches/ 09_fix- timeout- in-poll- and-wait. patch: upstream
- debian/patches/ CVE-2014- 3613.patch: upstream
- debian/patches/ CVE-2014- 3620.patch: upstream - 83. By Brian Murray
-
debian/
patches/ 09_fix- timeout- in-poll- and-wait. patch: apply upstream
commit fixing timeout return value for curl_poll and curl_wait_ms.
Thanks to Grzegorz Gutowski for finding the patch. (LP: #1375663) - 82. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect cookie handling via partial literal IP
addresses
- debian/patches/ CVE-2014- 3613.patch: only use full host matches for
hosts used as IP address in lib/cookie.c, added tests to
tests/data/test1105, tests/data/test31, tests/data/test8.
- CVE-2014-3613
* SECURITY UPDATE: incorrect cookie handling for TLDs
- debian/patches/ CVE-2014- 3620.patch: reject incoming cookies set for
TLDs in lib/cookie.c, added test to tests/data/test61.
- CVE-2014-3620 - 81. By Gianfranco Costamagna
-
* Merge from Debian unstable (LP: #1348564). Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/trusty/curl