ubuntu/+source/curl:ubuntu/zesty

Last commit made on 2017-04-09
Get this branch:
git clone -b ubuntu/zesty https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/zesty
Repository:
lp:ubuntu/+source/curl

Recent commits

673cd3e... by Gianfranco Costamagna on 2017-04-09

Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

dd83779... by Alessandro Ghedini on 2017-04-08

Import patches-unapplied version 7.52.1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2919bea5483dd62172975384d3da1ce4ff50d86b

New changelog entries:
  * Fix regression in CONNECT response handling (Closes: #857613)
  * Fix buffer read overrun on --write-out as per CVE-2017-7407
    https://curl.haxx.se/docs/adv_20170403.html (Closes: #859500)

2919bea... by Alessandro Ghedini on 2017-02-21

Import patches-unapplied version 7.52.1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4eeb0572ddc390c50cde0b831b99f8c367d5ab29

New changelog entries:
  * Make SSL_VERIFYSTATUS work again as per CVE-2017-2629
    https://curl.haxx.se/docs/adv_20170222.html

4eeb057... by Alessandro Ghedini on 2017-01-29

Import patches-unapplied version 7.52.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1c9418b78e159b6f66fb9553f7e1b3e56f3c0943

New changelog entries:
  * Fix HTTPS connection timeout with OpenSSL (Closes: #852317)

1c9418b... by Alessandro Ghedini on 2017-01-12

Import patches-unapplied version 7.52.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 761b2a090edddb86ec3104e30714bf721dbd30be

New changelog entries:
  * New upstream release
    - Fix printf floating point buffer overflow as per CVE-2016-9586
      (Closes: #848958)
  * B-D on "libssl1.0-dev | libssl-dev (<< 1.1)" (Closes: #850880, #844018)
  * Another attempt at making -dev packages multi-arch.
    Thanks to Benjamin Moody for the patches. (Closes: #731998, #846360)
  * Enable support for PSL (Closes: #847958)
  * Re-enable support for IDN (Closes: #849539)
  * Drop 10_disable-network-tests.patch.
    It didn't really work, and the issue is not urgent.
  * Switch curl binary back to libcurl3/OpenSSL.
    While the GnuTLS flavour mostly worked fine, there are a bunch of features
    that are not implemented.

761b2a0... by Alessandro Ghedini on 2016-11-03

Import patches-unapplied version 7.51.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 66b33c5f29c1408e27467e38ecd7c7b31dd66572

New changelog entries:
  * New upstream release
    - Fix cookie injection for other servers as per CVE-2016-8615
      https://curl.haxx.se/docs/adv_20161102A.html
    - Fix case insensitive password comparison as per CVE-2016-8616
      https://curl.haxx.se/docs/adv_20161102B.html
    - Fix OOB write via unchecked multiplication as per CVE-2016-8617
      https://curl.haxx.se/docs/adv_20161102C.html
    - Fix double-free in curl_maprintf as per CVE-2016-8618
      https://curl.haxx.se/docs/adv_20161102D.html
    - Fix double-free in krb5 code as per CVE-2016-8619
      https://curl.haxx.se/docs/adv_20161102E.html
    - Fix glob parser write/read out of bounds as per CVE-2016-8620
      https://curl.haxx.se/docs/adv_20161102F.html
    - Fix curl_getdate read out of bounds as per CVE-2016-8621
      https://curl.haxx.se/docs/adv_20161102G.html
    - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
      https://curl.haxx.se/docs/adv_20161102H.html
    - Fix use-after-free via shared cookies as per CVE-2016-8623
      https://curl.haxx.se/docs/adv_20161102I.html
    - Fix invalid URL parsing with '#' as per CVE-2016-8624
      https://curl.haxx.se/docs/adv_20161102J.html
    - Fix IDNA 2003 makes curl use wrong host
      https://curl.haxx.se/docs/adv_20161102K.html
    - Fix escape and unescape integer overflows as
      per CVE-2016-7167 (Closes: #837945)
      https://curl.haxx.se/docs/adv_20160914.html
    - Fix incorrect reuse of client certificates (NSS backend)
      as per CVE-2016-7141 (Closes: #836918)
      https://curl.haxx.se/docs/adv_20160907.html
  * Drop 02_art_http_scripting.patch (file not shipped anymore)
  * Refresh patches
  * Temporarily disable IDN support
  * Don't install pdf and html docs (they are not shipped in the tarball anymore)
  * Install markdown docs
  * Disable more network tests (Closes: #830273)

66b33c5... by Alessandro Ghedini on 2016-08-03

Import patches-unapplied version 7.50.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b4c7744d4da5add144aa6bd29761210313409cc

New changelog entries:
  * New upstream release (Closes: #827900)
    - Fix TLS session resumption client cert bypass as per CVE-2016-5419
      https://curl.haxx.se/docs/adv_20160803A.html
    - Fix re-using connection with wrong client cert as per CVE-2016-5420
      https://curl.haxx.se/docs/adv_20160803B.html
    - Fix use of connection struct after free as per CVE-2016-5421
      https://curl.haxx.se/docs/adv_20160803C.html
    - Support OpenSSL 1.1 (Closes: #828127)
  * Fix 04_workaround_as_needed_bug.patch.
    Thanks to Yuriy M. Kaminskiy for the patch (Closes: #818131)
  * Bump Standards-Version to 3.9.8 (no changes needed)
  * Update Vcs-* URLs
  * Refresh patches
  * Add 08_enable-zsh.patch to re-enable zsh completion generation
  * Remove 08_fix-zsh-completion.patch (was already disabled)
  * Add 09_fix-typo.patch to fix spelling-error-in-manpage
  * Add 10_disable-network-tests.patch to disable networked tests
    (Closes: #830273)
  * Improve cross Build-Depends satisfiability.
    Thanks to Helmut Grohne for the patch (Closes: #818092)

8b4c774... by Alessandro Ghedini on 2016-01-27

Import patches-unapplied version 7.47.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 216e12551539b1c0c178d5c291b177949e413aeb

New changelog entries:
  * New upstream release
    - Fix NTLM credentials not-checked for proxy connection re-use
      as per CVE-2016-0755
      http://curl.haxx.se/docs/adv_20160127A.html
    - Set uyrgency=high accordingly
  * Remove hard-coded dependency on libgnutls (Closes: #812542)
  * Drop 08_fix-zsh-completion.patch (merged upstream)
  * Refresh patches

216e125... by Alessandro Ghedini on 2015-12-27

Import patches-unapplied version 7.46.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c3f832d3b634c2828a2f06d266c842ce8957933b

New changelog entries:
  * New upstream release
    - Initialize OpenSSL algorithms after loading config (Closes: #805408)
  * Install curl zsh completion (Closes: #805509)
    - Add 08_fix-zsh-completion.patch to fix zsh completion generation

c3f832d... by Alessandro Ghedini on 2015-10-07

Import patches-unapplied version 7.45.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fb7c49c5c6567aeab539f32c911132196c4ddd91

New changelog entries:
  * New upstream release
  * Drop 08_spelling.patch (merged upstream)