ubuntu/+source/curl:ubuntu/cosmic

Last commit made on 2018-10-01
Get this branch:
git clone -b ubuntu/cosmic https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/cosmic
Repository:
lp:ubuntu/+source/curl

Recent commits

3f21e79... by Dimitri John Ledkov on 2018-09-29

Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 482fab373d269b80c5d12757917c9d24a3ccff9a

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

482fab3... by Leonidas S. Barbosa on 2018-09-17

Import patches-unapplied version 7.61.0-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: d01bb3995bacebb128796f811b9145df55d40906

New changelog entries:
  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2018-14618.patch: fix in
      lib/curl_ntlm_core.c.
    - CVE-2018-14618

d01bb39... by Alessandro Ghedini on 2018-08-11

Import patches-unapplied version 7.61.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 22adc56a72f8967804c92edb2368c8cad90b4f5b

New changelog entries:
  * New upstream release
    + Fix SMTP send heap buffer overflow as per CVE-2018-0500 (Closes: #903546)
      https://curl.haxx.se/docs/adv_2018-70a2.html
    + Fix some crashes related to HTTP/2 (Closes: #902628)
  * Disable libssh2 on Ubuntu.
    Thanks to Gianfranco Costamagna for the patch (Closes: #888449)
  * Bump Standards-Version to 4.2.0 (no changes needed)
  * Don't configure default CA bundle with OpenSSL and GnuTLS (Closes: #883174)

22adc56... by Alessandro Ghedini on 2018-05-23

Import patches-unapplied version 7.60.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 417382f7a96d9e70e8bbd0c898e902aec3d08c11

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

417382f... by Alessandro Ghedini on 2018-05-18

Import patches-unapplied version 7.60.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7371b12a752baa1b3e36daffb2bedea042f87727

New changelog entries:
  * New upstream release (Closes: #891997, #893546, #898856)
    + Fix use of IPv6 literals with NO_PROXY
    + Fix NIL byte out of bounds write due to FTP path trickery
      as per CVE-2018-1000120
      https://curl.haxx.se/docs/adv_2018-9cd6.html
    + Fix LDAP NULL pointer dereference as per CVE-2018-1000121
      https://curl.haxx.se/docs/adv_2018-97a2.html
    + Fix RTSP RTP buffer over-read as per CVE-2018-1000122
      https://curl.haxx.se/docs/adv_2018-b047.html
    + Fix heap buffer overflow when closing down an FTP connection
      with very long server command replies as per CVE-2018-1000300
      https://curl.haxx.se/docs/adv_2018-82c2.html
    + Fix heap buffer over-read when parsing bad RTSP headers
      as per CVE-2018-1000301
      https://curl.haxx.se/docs/adv_2018-b138.html
  * Refresh patches
  * Bump Standards-Version to 4.1.4 (no changes needed)

7371b12... by Alessandro Ghedini on 2018-01-24

Import patches-unapplied version 7.58.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f70d68d97172d3531c5c62e3131666968af4fcc0

New changelog entries:
  * Explicitly enable libssh2 support which got silently disabled in the
    previous update

f70d68d... by Alessandro Ghedini on 2018-01-24

Import patches-unapplied version 7.58.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 02781fad91b78d3ab6e5291b485931162c997a8b

New changelog entries:
  * New upstream release
    - Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005
      https://curl.haxx.se/docs/adv_2018-824a.html
    - Fix HTTP authentication leak in redirects as per CVE-2018-1000007
      https://curl.haxx.se/docs/adv_2018-b3bf.html
  * Point Vcs-* to salsa.d.o
  * Bump Standards-Version to 4.1.3 (no changes needed)
  * Bump debhlper compat level to 11
  * Refresh patches
  * fix insecure-copyright-format-uri

02781fa... by Alessandro Ghedini on 2017-11-30

Import patches-unapplied version 7.57.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5d5191b1cf0d5a4940e1c7d60745f48da831e6f4

New changelog entries:
  * New upstream release
    - Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816
      https://curl.haxx.se/docs/adv_2017-11e7.html
    - Fix FTP wildcard out of bounds read as per CVE-2017-8817
      https://curl.haxx.se/docs/adv_2017-ae72.html
    - Fix SSL out of buffer access as per CVE-2017-8818
      https://curl.haxx.se/docs/adv_2017-af0a.html
  * Remove -fdebug-prefix-map from curl-config.
    Thanks to Timo Weingärtner for the patch (Closes: #861974, #874223, #874238)
  * Don't install zsh completion when cross compiling.
    Thanks to Wookey for the patch (Closes: #812965)

5d5191b... by Alessandro Ghedini on 2017-10-24

Import patches-unapplied version 7.56.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6651943a39abf91dc2329186d792d355b90ff0fd

New changelog entries:
  * New upstream release
    - Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257
      https://curl.haxx.se/docs/adv_20171023.html
  * Bump Standards-Version to 4.1.1 (no changes needed)
  * Drop 01_runtests_gdb.patch
  * Drop 12_dont-wait-on-CONNECT.patch
  * Refresh patches
  * Update *.symbols files
  * Use https:// URL in watch file

6651943... by Alessandro Ghedini on 2017-09-02

Import patches-unapplied version 7.55.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6d29eddfc82b336741d6c3fbfa46928f6bb372ac

New changelog entries:
  * New upstream release
    - Fix FTBFS on powerpc (Closes: #872502)
  * Apply upstream patch to fix connection timeouts with NetworkManager
    (Closes: #873181)
  * Refresh patches
  * Bump Standards-Version to 4.1.0 (no changes needed)