ubuntu/+source/curl:ubuntu/bionic-devel

Last commit made on 2019-05-22
Get this branch:
git clone -b ubuntu/bionic-devel https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/bionic-devel
Repository:
lp:ubuntu/+source/curl

Recent commits

6e076ce... by Marc Deslauriers on 2019-05-16

Import patches-unapplied version 7.58.0-2ubuntu3.7 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 64643307157a6f082aca87a9fada9c4d9f6674d3

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

6464330... by Marc Deslauriers on 2019-01-29

Import patches-unapplied version 7.58.0-2ubuntu3.6 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d37b2f7addddcd93fae4c8fb5ff7850696c64d44

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

d37b2f7... by Marc Deslauriers on 2018-10-29

Import patches-unapplied version 7.58.0-2ubuntu3.5 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: b8ade5c802760ed54e5ce0731530ac79f593609f

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

b8ade5c... by Leonidas S. Barbosa on 2018-09-13

Import patches-unapplied version 7.58.0-2ubuntu3.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 2b43766f0497f389f33e4842a6f112bf53061461

New changelog entries:
  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2018-14618.patch: fix in
      lib/curl_ntlm_core.c.
    - CVE-2018-14618

2b43766... by Marc Deslauriers on 2018-07-04

Import patches-unapplied version 7.58.0-2ubuntu3.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 636acb19047e837cc2ea2572a799b0e211f05146

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

636acb1... by Marc Deslauriers on 2018-05-08

Import patches-unapplied version 7.58.0-2ubuntu3.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 3f4a331387ee45d025380d1b86a1b8736f91df03

New changelog entries:
  * SECURITY UPDATE: FTP shutdown response buffer overflow
    - debian/patches/CVE-2018-1000300.patch: check data size in
      lib/pingpong.c.
    - CVE-2018-1000303
  * SECURITY UPDATE: RTSP bad headers buffer over-read
    - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
      bad response-line is parsed in lib/http.c.
    - CVE-2018-1000301

3f4a331... by Marc Deslauriers on 2018-03-15

Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f25607eb36d17cb4a9f0dcbcdca945b7af107a0c

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

f25607e... by Steve Langasek on 2018-02-21

Import patches-unapplied version 7.58.0-2ubuntu2 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7dd4e11d7534295572bdcb5d44dd648c3ce7c72d

New changelog entries:
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.

7dd4e11... by Gianfranco Costamagna on 2018-01-25

Import patches-unapplied version 7.58.0-2ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7371b12a752baa1b3e36daffb2bedea042f87727

New changelog entries:
  * Use an if statement to conditionally disable libssh2 in Ubuntu-only

7371b12... by Alessandro Ghedini on 2018-01-24

Import patches-unapplied version 7.58.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f70d68d97172d3531c5c62e3131666968af4fcc0

New changelog entries:
  * Explicitly enable libssh2 support which got silently disabled in the
    previous update