ubuntu/+source/curl:ubuntu/trusty-proposed

Last commit made on 2016-08-31
Get this branch:
git clone -b ubuntu/trusty-proposed https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-proposed
Repository:
lp:ubuntu/+source/curl

Recent commits

d8ed8b1... by Gianfranco Costamagna on 2016-08-28

Import patches-unapplied version 7.35.0-1ubuntu2.9 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 0c4dec9eaecaba6ee5e057990e55d2475bc5442f

New changelog entries:
  [ Joe Afflerbach ]
  * debian/patches/curl-chunk-fix.patch:
    - fix problem with chunked encoded data (LP: #1613698)

0c4dec9... by Marc Deslauriers on 2016-08-05

Import patches-unapplied version 7.35.0-1ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 28a99aaf11bb052d18592a18d46605ab45352632

New changelog entries:
  * SECURITY UPDATE: TLS session resumption client cert bypass
    - debian/patches/CVE-2016-5419.patch: switch off SSL session id when
      client cert is used in lib/url.c, lib/urldata.h, lib/vtls/vtls.c.
    - CVE-2016-5419
  * SECURITY UPDATE: re-using connections with wrong client cert
    - debian/patches/CVE-2016-5420.patch: only reuse connections with the
      same client cert in lib/vtls/vtls.c.
    - CVE-2016-5420
  * SECURITY UPDATE: use of connection struct after free
    - debian/patches/CVE-2016-5421.patch: clear connection pointer for easy
      handles in lib/multi.c.
    - CVE-2016-5421

28a99aa... by Gianfranco Costamagna on 2016-03-12

Import patches-unapplied version 7.35.0-1ubuntu2.7 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 232ea4a45d60040c6dc39e4bc742e4304cb019be

New changelog entries:
  [ Matthew Hall ]
  * debian/patches/libcurl_broken_pkcs12.patch:
    - fix p12 client certificates (LP: #1556330)

232ea4a... by Marc Deslauriers on 2016-01-26

Import patches-unapplied version 7.35.0-1ubuntu2.6 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0f73c7e44f4725b083310e9cbc65e98a6d0ba686

New changelog entries:
  * SECURITY UPDATE: NTLM credentials not-checked for proxy connection
    re-use
    - debian/patches/CVE-2016-0755.patch: fix ConnectionExists to compare
      Proxy credentials in lib/url.c.
    - CVE-2016-0755

0f73c7e... by Marc Deslauriers on 2015-04-29

Import patches-unapplied version 7.35.0-1ubuntu2.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: e94d277d01eff9cccea6c6d608f3b237e05f5e3b

New changelog entries:
  * SECURITY UPDATE: NTLM connection reuse when unauthenticated
    - debian/patches/CVE-2015-3143.patch: require credentials to match in
      lib/url.c.
    - CVE-2015-3143
  * SECURITY UPDATE: cookie parser out of boundary memory access
    - debian/patches/CVE-2015-3145.patch: properly handle a single double
      quote in lib/cookie.c.
    - CVE-2015-3145
  * SECURITY UPDATE: negotiate not treated as connection-oriented
    - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
      each exchange and close Negotiate connections when done in
      lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
    - CVE-2015-3148

e94d277... by Marc Deslauriers on 2015-01-14

Import patches-unapplied version 7.35.0-1ubuntu2.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 639b1b706aec0952f6aaa229299a16936ce310cc

New changelog entries:
  * SECURITY UPDATE: URL request injection
    - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
      lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529,
      tests/libtest/Makefile.inc, tests/libtest/lib1529.c.
    - CVE-2014-8150

639b1b7... by Marc Deslauriers on 2014-11-06

Import patches-unapplied version 7.35.0-1ubuntu2.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: ce4de67c98bb12ad91c5365ebf3a2a5610084db1

New changelog entries:
  * SECURITY UPDATE: sensitive data disclosure via duphandle read out of
    bounds
    - debian/patches/CVE-2014-3707.patch: properly copy memory aread in
      lib/formdata.c, lib/strdup.{c,h}, lib/url.c, lib/urldata.h,
      src/Makefile.inc, src/tool_setup.h, src/tool_strdup.{c,h}.
    - CVE-2014-3707

ce4de67... by Marc Deslauriers on 2014-09-11

Import patches-unapplied version 7.35.0-1ubuntu2.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 55cfcfeaba4911addf47107a9370761c9763d383

New changelog entries:
  * SECURITY UPDATE: incorrect cookie handling via partial literal IP
    addresses
    - debian/patches/CVE-2014-3613.patch: only use full host matches for
      hosts used as IP address in lib/cookie.c, added tests to
      tests/data/test1105, tests/data/test31, tests/data/test8.
    - CVE-2014-3613
  * SECURITY UPDATE: incorrect cookie handling for TLDs
    - debian/patches/CVE-2014-3620.patch: reject incoming cookies set for
      TLDs in lib/cookie.c, added test to tests/data/test61.
    - CVE-2014-3620

55cfcfe... by Marc Deslauriers on 2014-04-01

Import patches-unapplied version 7.35.0-1ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: c9e7660b439c738702ddffab0c07d8630c3411d9

New changelog entries:
  * SECURITY UPDATE: wrong re-use of connections
    - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
      HTTP logic, and extend new connection logic to other protocols in
      lib/http.c, lib/url.c, lib/urldata.h, add new tests to
      tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
    - CVE-2014-0138
  * SECURITY UPDATE: incorrect wildcard SSL certificate validation with
    literal IP addresses
    - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
      lib/hostcheck.c, added tests to tests/data/Makefile.am,
      tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
    - CVE-2014-0139
  * debian/patches/fix_test172.path: fix expired cookie causing test to
    fail.

c9e7660... by Marc Deslauriers on 2014-01-31

Import patches-unapplied version 7.35.0-1ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 03afdf1304bacdfe22d9d87af4b50765b63cae07

New changelog entries:
  * Resynchronize on Debian, remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop stunnel4 and libssh2-1-dev.
      + Drop libssh2-1-dev from binary package Depends.
    - Add new libcurl3-udeb package.
    - Add new curl-udeb package.