ubuntu/+source/curl:ubuntu/disco-devel

Last commit made on 2019-05-22
Get this branch:
git clone -b ubuntu/disco-devel https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/disco-devel
Repository:
lp:ubuntu/+source/curl

Recent commits

b3f3a38... by Marc Deslauriers on 2019-05-16

Import patches-unapplied version 7.64.0-2ubuntu1.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: 3033929f39641c22610df6f4f0148097cd7151c5

New changelog entries:
  * SECURITY UPDATE: Integer overflows in curl_url_set()
    - debian/patches/CVE-2019-5345.patch: limit sizes in lib/setopt.c,
      lib/urlapi.c, lib/urldata.h, tests/data/Makefile.inc,
      tests/data/test1559, tests/libtest/Makefile.inc,
      tests/libtest/lib1559.c.
    - CVE-2019-5345
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

3033929... by Gianfranco Costamagna on 2019-04-05

Import patches-unapplied version 7.64.0-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 8adf12e02041b5ba0eced44c50e182c3fe24a0a8

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

8adf12e... by Alessandro Ghedini on 2019-03-07

Import patches-unapplied version 7.64.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: eeb6703b488e4a663508622fefdb7086850967a6

New changelog entries:
  * Fix infinite loop when fetching URLs with unreachable IPv6 (Closes: #922554)

eeb6703... by Alessandro Ghedini on 2019-02-06

Import patches-unapplied version 7.64.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e202d40710f7d1e52fa1b3026ff477b186de5b8d

New changelog entries:
  * New upstream release
    + Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
      https://curl.haxx.se/docs/CVE-2018-16890.html
    + Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
      https://curl.haxx.se/docs/CVE-2019-3822.html
    + Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
      https://curl.haxx.se/docs/CVE-2019-3823.html
    + Fix HTTP negotiation with POST requests (Closes: #920267)

e202d40... by Alessandro Ghedini on 2019-01-15

Import patches-unapplied version 7.63.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 73ce9f1bd176377a3e2cd6c6e3e45a93389fe55b

New changelog entries:
  * New upstream release
    + Fix IPv6 numeral address parser (Closes: #915520)
    + Fix timeout handling (Closes: #914793)
    + Fix HTTP auth to include query in URI (Closes: #913214)
  * Drop 12_fix-runtests-curl.patch (merged upstream)
  * Update symbols
  * Update copyright for removed files
  * Bump debhlper compat level to 12
  * Bump Standards-Version to 4.3.0 (no changes needed)

73ce9f1... by Alessandro Ghedini on 2018-10-31

Import patches-unapplied version 7.62.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d01bb3995bacebb128796f811b9145df55d40906

New changelog entries:
  * New upstream release
    + Fix NTLM password overflow via integer overflow as per CVE-2018-14618
      (Closes: #908327) https://curl.haxx.se/docs/CVE-2018-14618.html
    + Fix SASL password overflow via integer overflow as per CVE-2018-16839
      https://curl.haxx.se/docs/CVE-2018-16839.html
    + Fix use-after-free in handle close as per CVE-2018-16840
      https://curl.haxx.se/docs/CVE-2018-16840.html
    + Fix warning message out-of-buffer read as per CVE-2018-16842
      https://curl.haxx.se/docs/CVE-2018-16842.html
    + Fix broken terminal output (closes: #911333)
  * Refresh patches
  * Add 12_fix-runtests-curl.patch to fix running curl in tests

d01bb39... by Alessandro Ghedini on 2018-08-11

Import patches-unapplied version 7.61.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 22adc56a72f8967804c92edb2368c8cad90b4f5b

New changelog entries:
  * New upstream release
    + Fix SMTP send heap buffer overflow as per CVE-2018-0500 (Closes: #903546)
      https://curl.haxx.se/docs/adv_2018-70a2.html
    + Fix some crashes related to HTTP/2 (Closes: #902628)
  * Disable libssh2 on Ubuntu.
    Thanks to Gianfranco Costamagna for the patch (Closes: #888449)
  * Bump Standards-Version to 4.2.0 (no changes needed)
  * Don't configure default CA bundle with OpenSSL and GnuTLS (Closes: #883174)

22adc56... by Alessandro Ghedini on 2018-05-23

Import patches-unapplied version 7.60.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 417382f7a96d9e70e8bbd0c898e902aec3d08c11

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

417382f... by Alessandro Ghedini on 2018-05-18

Import patches-unapplied version 7.60.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7371b12a752baa1b3e36daffb2bedea042f87727

New changelog entries:
  * New upstream release (Closes: #891997, #893546, #898856)
    + Fix use of IPv6 literals with NO_PROXY
    + Fix NIL byte out of bounds write due to FTP path trickery
      as per CVE-2018-1000120
      https://curl.haxx.se/docs/adv_2018-9cd6.html
    + Fix LDAP NULL pointer dereference as per CVE-2018-1000121
      https://curl.haxx.se/docs/adv_2018-97a2.html
    + Fix RTSP RTP buffer over-read as per CVE-2018-1000122
      https://curl.haxx.se/docs/adv_2018-b047.html
    + Fix heap buffer overflow when closing down an FTP connection
      with very long server command replies as per CVE-2018-1000300
      https://curl.haxx.se/docs/adv_2018-82c2.html
    + Fix heap buffer over-read when parsing bad RTSP headers
      as per CVE-2018-1000301
      https://curl.haxx.se/docs/adv_2018-b138.html
  * Refresh patches
  * Bump Standards-Version to 4.1.4 (no changes needed)

7371b12... by Alessandro Ghedini on 2018-01-24

Import patches-unapplied version 7.58.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f70d68d97172d3531c5c62e3131666968af4fcc0

New changelog entries:
  * Explicitly enable libssh2 support which got silently disabled in the
    previous update