ubuntu/+source/curl:ubuntu/cosmic-devel

Last commit made on 2019-06-07
Get this branch:
git clone -b ubuntu/cosmic-devel https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/cosmic-devel
Repository:
lp:ubuntu/+source/curl

Recent commits

705979f... by Sebastien Bacher on 2019-05-28

Import patches-unapplied version 7.61.0-1ubuntu2.5 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ea93e767a5847ea4d19e426ef1042213b219673f

New changelog entries:
  * debian/patches/git_azure_devops.patch:
    - only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
      should resolve issues using git on Azure DevOps (lp: #1805203)

ea93e76... by Marc Deslauriers on 2019-05-16

Import patches-unapplied version 7.61.0-1ubuntu2.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 6a6aca778785b3f29a8580b5c9f914dd25f05693

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

6a6aca7... by Marc Deslauriers on 2019-01-29

Import patches-unapplied version 7.61.0-1ubuntu2.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: cbf2f8324e4db24a7c7d41e9ef5dab256c1fb3b0

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

cbf2f83... by Marc Deslauriers on 2018-10-29

Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 3f21e79e0371cbd1a67a4157337e2b6c25f5b3a7

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

3f21e79... by Dimitri John Ledkov on 2018-09-29

Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 482fab373d269b80c5d12757917c9d24a3ccff9a

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

482fab3... by Leonidas S. Barbosa on 2018-09-17

Import patches-unapplied version 7.61.0-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: d01bb3995bacebb128796f811b9145df55d40906

New changelog entries:
  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2018-14618.patch: fix in
      lib/curl_ntlm_core.c.
    - CVE-2018-14618

d01bb39... by Alessandro Ghedini on 2018-08-11

Import patches-unapplied version 7.61.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 22adc56a72f8967804c92edb2368c8cad90b4f5b

New changelog entries:
  * New upstream release
    + Fix SMTP send heap buffer overflow as per CVE-2018-0500 (Closes: #903546)
      https://curl.haxx.se/docs/adv_2018-70a2.html
    + Fix some crashes related to HTTP/2 (Closes: #902628)
  * Disable libssh2 on Ubuntu.
    Thanks to Gianfranco Costamagna for the patch (Closes: #888449)
  * Bump Standards-Version to 4.2.0 (no changes needed)
  * Don't configure default CA bundle with OpenSSL and GnuTLS (Closes: #883174)

22adc56... by Alessandro Ghedini on 2018-05-23

Import patches-unapplied version 7.60.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 417382f7a96d9e70e8bbd0c898e902aec3d08c11

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

417382f... by Alessandro Ghedini on 2018-05-18

Import patches-unapplied version 7.60.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7371b12a752baa1b3e36daffb2bedea042f87727

New changelog entries:
  * New upstream release (Closes: #891997, #893546, #898856)
    + Fix use of IPv6 literals with NO_PROXY
    + Fix NIL byte out of bounds write due to FTP path trickery
      as per CVE-2018-1000120
      https://curl.haxx.se/docs/adv_2018-9cd6.html
    + Fix LDAP NULL pointer dereference as per CVE-2018-1000121
      https://curl.haxx.se/docs/adv_2018-97a2.html
    + Fix RTSP RTP buffer over-read as per CVE-2018-1000122
      https://curl.haxx.se/docs/adv_2018-b047.html
    + Fix heap buffer overflow when closing down an FTP connection
      with very long server command replies as per CVE-2018-1000300
      https://curl.haxx.se/docs/adv_2018-82c2.html
    + Fix heap buffer over-read when parsing bad RTSP headers
      as per CVE-2018-1000301
      https://curl.haxx.se/docs/adv_2018-b138.html
  * Refresh patches
  * Bump Standards-Version to 4.1.4 (no changes needed)

7371b12... by Alessandro Ghedini on 2018-01-24

Import patches-unapplied version 7.58.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f70d68d97172d3531c5c62e3131666968af4fcc0

New changelog entries:
  * Explicitly enable libssh2 support which got silently disabled in the
    previous update