ubuntu/+source/curl:ubuntu/artful-proposed

Last commit made on 2017-10-05
Get this branch:
git clone -b ubuntu/artful-proposed https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/artful-proposed
Repository:
lp:ubuntu/+source/curl

Recent commits

f2c6fdb... by Marc Deslauriers on 2017-10-04

Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 77981d8206026856a3f250d24883c5fb930d115e

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

77981d8... by Gianfranco Costamagna on 2017-09-03

Import patches-unapplied version 7.55.1-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 6651943a39abf91dc2329186d792d355b90ff0fd

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

6651943... by Alessandro Ghedini on 2017-09-02

Import patches-unapplied version 7.55.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6d29eddfc82b336741d6c3fbfa46928f6bb372ac

New changelog entries:
  * New upstream release
    - Fix FTBFS on powerpc (Closes: #872502)
  * Apply upstream patch to fix connection timeouts with NetworkManager
    (Closes: #873181)
  * Refresh patches
  * Bump Standards-Version to 4.1.0 (no changes needed)

6d29edd... by Alessandro Ghedini on 2017-08-12

Import patches-unapplied version 7.55.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4351b6803570cab64e28b6dc27b17a3ae74bfceb

New changelog entries:
  * New upstream release
    - Fix TFTP sends more than buffer size as per CVE-2017-1000100
      (Closes: #871555)
    - Fix URL globbing out of bounds read as per CVE-2017-1000101
      (Closes: #871554)
  * Refresh patches and drop patches merged upstream
  * Update Standards-Version to 4.0.1 (no changes needed)
  * Drop -dbg package

4351b68... by Alessandro Ghedini on 2017-04-19

Import patches-unapplied version 7.52.1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Fix TLS session resumption client cert bypass as per CVE-2017-7468
    https://curl.haxx.se/docs/adv_20170419.html

dd83779... by Alessandro Ghedini on 2017-04-08

Import patches-unapplied version 7.52.1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2919bea5483dd62172975384d3da1ce4ff50d86b

New changelog entries:
  * Fix regression in CONNECT response handling (Closes: #857613)
  * Fix buffer read overrun on --write-out as per CVE-2017-7407
    https://curl.haxx.se/docs/adv_20170403.html (Closes: #859500)

2919bea... by Alessandro Ghedini on 2017-02-21

Import patches-unapplied version 7.52.1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4eeb0572ddc390c50cde0b831b99f8c367d5ab29

New changelog entries:
  * Make SSL_VERIFYSTATUS work again as per CVE-2017-2629
    https://curl.haxx.se/docs/adv_20170222.html

4eeb057... by Alessandro Ghedini on 2017-01-29

Import patches-unapplied version 7.52.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1c9418b78e159b6f66fb9553f7e1b3e56f3c0943

New changelog entries:
  * Fix HTTPS connection timeout with OpenSSL (Closes: #852317)

1c9418b... by Alessandro Ghedini on 2017-01-12

Import patches-unapplied version 7.52.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 761b2a090edddb86ec3104e30714bf721dbd30be

New changelog entries:
  * New upstream release
    - Fix printf floating point buffer overflow as per CVE-2016-9586
      (Closes: #848958)
  * B-D on "libssl1.0-dev | libssl-dev (<< 1.1)" (Closes: #850880, #844018)
  * Another attempt at making -dev packages multi-arch.
    Thanks to Benjamin Moody for the patches. (Closes: #731998, #846360)
  * Enable support for PSL (Closes: #847958)
  * Re-enable support for IDN (Closes: #849539)
  * Drop 10_disable-network-tests.patch.
    It didn't really work, and the issue is not urgent.
  * Switch curl binary back to libcurl3/OpenSSL.
    While the GnuTLS flavour mostly worked fine, there are a bunch of features
    that are not implemented.

761b2a0... by Alessandro Ghedini on 2016-11-03

Import patches-unapplied version 7.51.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 66b33c5f29c1408e27467e38ecd7c7b31dd66572

New changelog entries:
  * New upstream release
    - Fix cookie injection for other servers as per CVE-2016-8615
      https://curl.haxx.se/docs/adv_20161102A.html
    - Fix case insensitive password comparison as per CVE-2016-8616
      https://curl.haxx.se/docs/adv_20161102B.html
    - Fix OOB write via unchecked multiplication as per CVE-2016-8617
      https://curl.haxx.se/docs/adv_20161102C.html
    - Fix double-free in curl_maprintf as per CVE-2016-8618
      https://curl.haxx.se/docs/adv_20161102D.html
    - Fix double-free in krb5 code as per CVE-2016-8619
      https://curl.haxx.se/docs/adv_20161102E.html
    - Fix glob parser write/read out of bounds as per CVE-2016-8620
      https://curl.haxx.se/docs/adv_20161102F.html
    - Fix curl_getdate read out of bounds as per CVE-2016-8621
      https://curl.haxx.se/docs/adv_20161102G.html
    - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
      https://curl.haxx.se/docs/adv_20161102H.html
    - Fix use-after-free via shared cookies as per CVE-2016-8623
      https://curl.haxx.se/docs/adv_20161102I.html
    - Fix invalid URL parsing with '#' as per CVE-2016-8624
      https://curl.haxx.se/docs/adv_20161102J.html
    - Fix IDNA 2003 makes curl use wrong host
      https://curl.haxx.se/docs/adv_20161102K.html
    - Fix escape and unescape integer overflows as
      per CVE-2016-7167 (Closes: #837945)
      https://curl.haxx.se/docs/adv_20160914.html
    - Fix incorrect reuse of client certificates (NSS backend)
      as per CVE-2016-7141 (Closes: #836918)
      https://curl.haxx.se/docs/adv_20160907.html
  * Drop 02_art_http_scripting.patch (file not shipped anymore)
  * Refresh patches
  * Temporarily disable IDN support
  * Don't install pdf and html docs (they are not shipped in the tarball anymore)
  * Install markdown docs
  * Disable more network tests (Closes: #830273)