Change log for curl package in Debian
| 76 → 129 of 204 results | First • Previous • Next • Last |
curl (7.31.0-1) unstable; urgency=low
* New upstream release
- Fix URL decode buffer boundary flaw as per CVE-2013-2174
http://curl.haxx.se/docs/adv_20130622.html
* Maake curl Multi-Arch: foreign (Closes: #712585)
* Drop 08_reset-timecond.patch (merged upstream)
* Refresh patches
* Add 08_typo.patch to fix a couple of typos in one of the manpages
-- Alessandro Ghedini <email address hidden> Sat, 22 Jun 2013 15:46:53 +0200
curl (7.30.0-2) unstable; urgency=low
* Move textual docs to the -doc package too
* Move manpages from -dev packages to -doc as well
- Add Breaks+Replaces accordingly
* Remove outdated Replaces/Conflicts
* Update watch file version to 3
* Add 08_reset-timecond.patch (Closes: #705783)
-- Alessandro Ghedini <email address hidden> Fri, 10 May 2013 17:46:46 +0200
curl (7.30.0-1) unstable; urgency=low
* New upstream release
* Update upstream copyright years
* Drop patches merged upstream:
- 08_NULL-pointer-dereference-on-close.patch
- 09_CVE-213-1944.patch
- 10_test1218-another-cookie-tailmatch-test.patch
* Update patches:
- 03_keep_symbols_compat.patch
- 90_gnutls.patch
- 99_nss.patch
* Add libcurl4-doc package:
- Move *.pdf and *.html files to the libcurl4-doc package
- Add Suggests for -doc package to -dev packages
- Move examples to the -doc package
* Add Build-Depends on python which is used by some tests
-- Alessandro Ghedini <email address hidden> Thu, 18 Apr 2013 12:55:09 +0200
| Superseded in wheezy-release |
curl (7.26.0-1+wheezy2) wheezy-proposed-updates; urgency=high
[ Alessandro Ghedini ]
* Fix cookie domain tailmatch as per CVE-2013-1944
http://curl.haxx.se/docs/adv_20130412.html (Closes: #705274)
* Set urgency=high accordingly
[ Salvatore Bonaccorso ]
* Add testcase for CVE-2013-1944
-- Alessandro Ghedini <email address hidden> Wed, 10 Apr 2013 22:56:48 +0200
| Superseded in sid-release |
curl (7.29.0-2.1) unstable; urgency=high
* Non-maintainer upload.
[ Alessandro Ghedini ]
* Do not compress *.pdf files (Closes: #704093)
[ Salvatore Bonaccorso ]
* Add 09_CVE-213-1944.patch.
Fix CVE-2013-1944: fix tailmatching to prevent cross-domain leakage.
Cookies set for 'example.com' could accidentaly also be sent by libcurl
to the 'bexample.com' (ie with a prefix to the first domain name).
(Closes: #705274)
* Add testcase for CVE-2013-1944.
-- Salvatore Bonaccorso <email address hidden> Fri, 12 Apr 2013 13:55:34 +0200
curl (7.29.0-2) unstable; urgency=low
* Fix a segfault when closing an unused multi handle (Closes: #701713)
* Mention LDAPS in packages' long descriptions
* Clean-up d/rules
- Switch to short-form dh
- Enable test suite on hurd and kfreebsd too
- Enable GSSAPI support on hurd too
-- Alessandro Ghedini <email address hidden> Mon, 11 Mar 2013 19:02:56 +0100
| Superseded in wheezy-release |
curl (7.26.0-1+wheezy1) testing-proposed-updates; urgency=high
* Fix buffer overflow when negotiating SMTP DIGEST-MD5 authentication
as per CVE-2013-0249 (Closes: #700002)
http://curl.haxx.se/docs/adv_20130206.html
* Set urgency=high accordingly
-- Alessandro Ghedini <email address hidden> Sun, 10 Feb 2013 19:14:47 +0100
curl (7.29.0-1) unstable; urgency=high
* New upstream release
- Fix buffer overflow when negotiating SASL DIGEST-MD5 authentication
as per CVE-2013-0249 (Closes: #700002)
http://curl.haxx.se/docs/adv_20130206.html
- Set urgency=high accordingly
* Install all the examples
* Update 90_gnutls.patch and 99_nss.patch
* Refresh patches
* Correctly pass CPPFLAGS to ./configure
* Upload to unstable
-- Alessandro Ghedini <email address hidden> Mon, 11 Feb 2013 14:48:03 +0100
| Deleted in experimental-release (Reason: None provided.) |
curl (7.28.1-1) experimental; urgency=low
* New upstream release
* Drop 05_fix-git-over-https.patch and 08_fix-git-auth.patch
(merged upstream)
* Update 07_do-not-disable-debug-symbols.patch
* Refresh patches
* Add NEWS entry about change in CURLOPT_SSL_VERIFYHOST semantics
-- Alessandro Ghedini <email address hidden> Mon, 26 Nov 2012 17:51:27 +0100
curl (7.28.0-3) unstable; urgency=low
* Add 07_do-not-disable-debug-symbols.patch, do not pass --enable-debug
anymore (Closes: #683103)
* Update 05_fix-git-over-https.patch to reflect new upstream patch
* Add 08_fix-git-auth.patch to fix HTTPS authentication (Closes: #690764)
-- Alessandro Ghedini <email address hidden> Sat, 17 Nov 2012 14:07:21 +0100
curl (7.28.0-2) unstable; urgency=low * Add 05_fix-git-over-https.patch (Closes: #690551) * Add 06_always-disable-valgrind.patch (Closes: #690968) -- Alessandro Ghedini <email address hidden> Mon, 22 Oct 2012 14:35:02 +0200
curl (7.28.0-1) unstable; urgency=low
* New upstream release
- gnutls: do not fail on non-fatal handshake errors (Closes: #685402)
* Remove versioned build depends on libssh2 (already in stable)
* Bump Standards-Version to 3.9.4 (no changes needed)
* Refresh 01_runtests_gdb.patch
* Update *.symbols files
* Build depend on ca-certifcates to avoid test failure
-- Alessandro Ghedini <email address hidden> Thu, 11 Oct 2012 19:11:09 +0200
curl (7.27.0-1) unstable; urgency=low * New upstream release * Update upstream copyright * Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch -- Alessandro Ghedini <email address hidden> Wed, 08 Aug 2012 17:22:00 +0200
curl (7.26.0-1) unstable; urgency=low
* New upstream release
- Reject numerical IPv6 addresses outside brackets (Closes: #670126)
* Email change: Alessandro Ghedini -> <email address hidden>
* Stricter Depends on libcurl3 (Closes: #666089)
* Remove Ramakrishnan (as per his request), move myself to Maintainer
Thank you for all your work so far
* Disable memory tracking, but keep debug enabled
- Remove memdebug symbols (used by curl only)
* Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch
* Disable not-quite-working symbols hiding
-- Alessandro Ghedini <email address hidden> Fri, 25 May 2012 15:19:51 +0200
| Superseded in squeeze-release |
curl (7.21.0-2.1+squeeze2) stable-security; urgency=low * Non-maintainer upload * Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (Closes: #658276) -- Alessandro Ghedini <email address hidden> Sat, 24 Mar 2012 15:01:45 +0100
curl (7.25.0-1) unstable; urgency=low
* New upstream release
- Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (Closes: #658276)
- Allow negative numbers as option value (Closes: #659591)
* Add libssh2-1-dev to libcurl4-gnutls-dev and libcurl4-nss-dev Depends
* Bump debhelper compat level to 9
- Make *.links files executable to simplify rules file
* Pass --as-needed ld flag to avoid unneeded dependencies
- Add workaround_as_needed_bug to workaround a libtool bug
- Drop dont_link_to_krb5 (not needed because of --as-needed)
* Do some clean-up in debian/rules
* Update debian/copyright format as in Debian Policy 3.9.3
* Bump Standards-Version to 3.9.3
* Explicit Conflicts in -dev packages (fixes binaries-have-file-conflict)
* Add openssh-server to build depends to enable some more tests
* Update upstream copyright years
* Refresh patches
-- Alessandro Ghedini <email address hidden> Fri, 23 Mar 2012 16:24:51 +0100
| Published in lenny-release |
curl (7.18.2-8lenny6) oldstable-security; urgency=high
* Non-maintainer upload.
* Fix SSL CBC IV vulnerability as per CVE-2011-3389
http://curl.haxx.se/docs/adv_20120124B.html
* Set urgency=high accordingly
-- Alessandro Ghedini <email address hidden> Wed, 25 Jan 2012 16:03:45 +0100
curl (7.24.0-1) unstable; urgency=high
* New upstream release
- Improve documentation for the --capath option (Closes: #628697)
- Fix URL sanitization vulnerability as per CVE-2012-0036
http://curl.haxx.se/docs/adv_20120124.html
- Fix SSL CBC IV vulnerability as per CVE-2011-3389
http://curl.haxx.se/docs/adv_20120124B.html
- Set urgency=high accordingly
* Remove curl_links_with_rt patch (curl links to librt anyway)
* Improve descriptions of -dev and -dbg packages
* Drop fix_manpage_spelling and versioned patches (merged upstream)
* Refresh patches
* Add keep_symbols_compat patch to not break backwards ABI compatibility
* Enable libssh2 support for GnuTLS and NSS flavours too
(libssh2 now uses libgcrypt instead of libssl)
-- Alessandro Ghedini <email address hidden> Tue, 24 Jan 2012 12:04:04 +0100
curl (7.23.1-3) unstable; urgency=low * Enable security hardening flags * Remove libdb-dev from B-D (not used) * Improve short and long descriptions * Provide proper *.symbols files (Closes: #651619) * Do not version Curl_* symbols (for internal use only) * Do not override dh_makeshlibs version anymore -- Alessandro Ghedini <email address hidden> Tue, 13 Dec 2011 19:55:31 +0100
curl (7.23.1-2) unstable; urgency=low * Bump shlibs version for libcurl3-nss (Closes: #650498) -- Alessandro Ghedini <email address hidden> Thu, 01 Dec 2011 22:32:19 +0100
curl (7.23.1-1) unstable; urgency=low
* New upstream release
- Do not use gnutls_priority_set_direct and
gnutls_certificate_type_set_priority anymore (Closes: #624024)
* Refresh patches
* Add --enable-debug flag to configure (Closes: #648902)
* One Provides/Replaces per line
* libcurl4-openssl-dev Provides libcurl4-dev too (Closes: #644126)
* Specify only 3 components for Standards-Version
(the fourth is not really needed)
* Move ca-certificates to Recommends in lib* packages (Closes: #546607)
* Add NSS flavour to versioned symbols
-- Alessandro Ghedini <email address hidden> Sun, 27 Nov 2011 18:45:01 +0100
curl (7.22.0-3) unstable; urgency=low
[ Ramakrishnan Muthukrishnan ]
* Add new Uploaders, Ian and Alessandro. (Closes: #647255)
[ Luk Claes ]
* Install lintian overrides with dh_lintian.
* Install all files with dh_install and get rid of dh_installdirs.
[ Alessandro Ghedini ]
* New upstream release.
* Bump debhelper compat level to 8.
* debian/control:
- One (Build-)Depends per line.
- Sort (Build-)Depends.
- Remove Build-Depends on binutils
(v2.18 is already in oldstable and it is Build-Essential: yes).
- Build depends on stunnel4 instead of stunnel
(stunnel is just a dummy package).
- Remove duplicate Section field in package curl.
- Add Luk to Uploaders too, sort names.
* debian/patches:
- Update runtests_gdb patch, add DEP3 headers.
- Update gnutls and nss patches, add DEP3 headers.
- Refresh other patches.
- Add DEP3 headers to all the patches.
- Remove libtool patch (not applied anyway)
- Set Forwarded: not-needed for Debian specific patches
* Replace dh_clean -k call with dh_prep
(dh_clean -k is deprecated since debhelper 7).
* Add fix_manpage_spelling patch
* debian/copyright:
- Switch to DEP5 format
- Update copyright information
* Add librtmp-dev to libcurl4-nss-dev too
-- Alessandro Ghedini <email address hidden> Sun, 13 Nov 2011 21:07:32 +0100
curl (7.21.0-2) stable-security; urgency=high
* debian/patches/curl-gssapi-delegation: Fix for GSSAPI delegation
vulnerability as detailed in CVE-2011-2192. More information and
the patch at <http://curl.haxx.se/docs/adv_20110623.html>.
(closes: #631615)
-- Ramakrishnan Muthukrishnan <email address hidden> Sun, 26 Jun 2011 20:53:39 +0530
curl (7.21.7-3) unstable; urgency=low
* debian/rules: Build only curl and libcurl3 with rtmp support. Rest of the
packages do not need to be built with rtmp support. (closes: #641173)
-- Ramakrishnan Muthukrishnan <email address hidden> Sun, 11 Sep 2011 22:08:08 +0200
curl (7.21.7-2) unstable; urgency=low
* debian/control: libcurl*-dev packages should depend on librtmp-dev.
(closes: #640260)
* debian/rules: add build-arch and build-indep targets.
-- Ramakrishnan Muthukrishnan <email address hidden> Mon, 05 Sep 2011 16:12:42 +0200
Available diffs
- diff from 7.21.6-3 to 7.21.7-2 (571.5 KiB)
curl (7.21.7-1) unstable; urgency=low * New Upstream release which fixes the following bugs. - libcurl3-gnutls: HTTPS over HTTP still broken in Git (closes: #627335) - git-core: gnutls_handshake() fail when using https:// over a proxy (closes: #559371) * debian/control: capitalize 'ftp'. (closes: #587338) * debian/rules: add build-arch and build-indep targets. -- Ramakrishnan Muthukrishnan <email address hidden> Sat, 30 Jul 2011 17:57:08 +0530
curl (7.21.6-3) unstable; urgency=low * Apply the Multiarch patch from Steve Langasek. (closes: #631946) -- Ramakrishnan Muthukrishnan <email address hidden> Wed, 29 Jun 2011 08:26:56 +0530
curl (7.21.6-2) unstable; urgency=high * Fix for the inappropriate GSSAPI delegation vulnerability (CVE-2011-2192). (closes: #631615) -- Ramakrishnan Muthukrishnan <email address hidden> Sat, 25 Jun 2011 23:37:04 +0530
curl (7.21.6-1) unstable; urgency=low * New upstream release to fix a HTTPS over a HTTP proxy bug on 7.21.5. -- Ramakrishnan Muthukrishnan <email address hidden> Sat, 23 Apr 2011 07:12:57 +0530
curl (7.21.5-1) unstable; urgency=low
* New Upstream version. (closes: #623459) * debian/patches/{sslv2_disable, error_code}: removed as these patches were backported earlier from new upstream and this release incorporates them. -- Ramakrishnan Muthukrishnan <email address hidden> Fri, 22 Apr 2011 13:14:41 +0530
curl (7.21.4-2) unstable; urgency=low
* debian/patches/{sslv2-disable, series}: Apply the upstream commit c66b0b32fba175d5f096c944d8ec8f9f06299f4a. (closes: #622016) * debian/{rules, control}: enable rtmp. (closes: #622328) * debian/control: removing hurd from dependencies. Hurd is an 'essential' package. -- Ramakrishnan Muthukrishnan <email address hidden> Wed, 13 Apr 2011 16:15:27 -0700
curl (7.21.4-1) unstable; urgency=low * New upstream release. * debian/control: downgraded the version number of libdb-dev required to 4.6 from 4.7, based on the inputs from Erik Schanze <email address hidden>. -- Ramakrishnan Muthukrishnan <email address hidden> Mon, 28 Feb 2011 19:35:36 +0530
curl (7.21.3-1) unstable; urgency=low * New upstream release. * debian/*.manpages: adding all manpages for the curl library. (closes: #605651) * gnutls->handshake: improved timeout handling. See #594150 for details. -- Ramakrishnan Muthukrishnan <email address hidden> Wed, 15 Dec 2010 23:39:26 +0530
curl (7.21.2-4) unstable; urgency=low * support for curl library built against nss. (closes: #606244) * honour DEB_BUILD_OPTIONS=nocheck option. (closes: #606059) -- Ramakrishnan Muthukrishnan <email address hidden> Thu, 09 Dec 2010 20:11:37 +0530
curl (7.21.2-3) unstable; urgency=low * debian/rules: reverting changes related to c-ares inclusion. * debian/control: removing libc-ares-dev for now. (closes: #605558) -- Ramakrishnan Muthukrishnan <email address hidden> Thu, 02 Dec 2010 10:56:36 +0530
curl (7.21.2-2) unstable; urgency=low * debian/control: add libc-ares-dev as build dependency. * debian/rules: invoke configure with --enable-ares. (closes: #570436) * debian/copyright: add copyright notice of lib/security to the copyright file. (closes: #603712) -- Ramakrishnan Muthukrishnan <email address hidden> Tue, 30 Nov 2010 17:35:29 +0530
curl (7.21.2-1) unstable; urgency=low * New upstream release. -- Ramakrishnan Muthukrishnan <email address hidden> Mon, 18 Oct 2010 11:13:17 +0530
curl (7.21.1-1) unstable; urgency=low * New upstream release. -- Ramakrishnan Muthukrishnan <email address hidden> Thu, 12 Aug 2010 08:20:48 +0530
| Superseded in lenny-release |
curl (7.18.2-8lenny4) stable-security; urgency=high
* Non-maintainer upload by the security team
* Fix possible buffer overflow via callback function
Fixes: CVE-2010-0734
-- Steffen Joeris <email address hidden> Sat, 27 Mar 2010 16:06:15 +1100
curl (7.21.0-1) unstable; urgency=low * New upstream. -- Ramakrishnan Muthukrishnan <email address hidden> Wed, 16 Jun 2010 19:25:37 +0530
curl (7.20.1-2) unstable; urgency=low
* debian/rules: Removed the custom LDFLAGS variable. This is not
required as we are no longer using the libtool patch.
(closes: #578774)
-- Ramakrishnan Muthukrishnan <email address hidden> Wed, 28 Apr 2010 18:40:27 +0530
curl (7.20.0-3) unstable; urgency=low * debian/control: Vcs* tags added. * docs/libcurl/libcurl.m4: added the missing double quote (closes: #576518). -- Ramakrishnan Muthukrishnan <email address hidden> Mon, 05 Apr 2010 18:56:40 +0530
curl (7.20.0-2) unstable; urgency=low
* New Maintainer (closes: #574137).
* Bug #533669 (curl segmentation fault in addbyter()) is fixed
from release 7.19.7 onwards (closes: #533669).
* Bug #510559 (curl sends whitespace unencoded in the url) can't
be reproduced in the 7.20.0 release (closes: #510559).
-- Ramakrishnan Muthukrishnan <email address hidden> Thu, 18 Mar 2010 08:55:19 +0530
curl (7.20.0-1) unstable; urgency=low * Package is orphaned. * New upstream release. * Switch to dpkg-source 3.0 (quilt) format (closes: #538547). * Fixed build error with binutils-gold (closes: #554296). -- Domenico Andreoli <email address hidden> Tue, 09 Feb 2010 13:06:39 +0100
curl (7.19.7-1) unstable; urgency=low
* New upstream release:
- curl_getdate(3) now correctly manages single letter military
timezones as specified in RFC 822 (closes: #551461).
* build depends on generic libdb-dev (closes: #548476).
* build depends on libssh2-1-dev (>= 1.2) to enable new curl options.
-- Domenico Andreoli <email address hidden> Thu, 05 Nov 2009 10:11:57 +0100
| Superseded in lenny-release |
curl (7.18.2-8lenny3) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix possible midm attack via injected null bytes in the
certificate (CVE-2009-2417; Closes: #541991).
-- Nico Golde <email address hidden> Tue, 18 Aug 2009 00:57:34 +0000
curl (7.19.5-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix possible mitm via injected null byte (CVE-2009-2417; Closes: #541991). -- Nico Golde <email address hidden> Thu, 27 Aug 2009 20:10:51 +0200
curl (7.19.5-1) unstable; urgency=low
* New upstream release
* Fix "libcurl3-gnutls has memory corruption" by upgrading to new upstream
release, which fixes this bug (Closes: #530131)
* update standards version to 3.8.1
* adjust overrides from libdevel to debug for -dbg package
* adjust doc-base section
-- Andreas Schuldei <email address hidden> Sun, 24 May 2009 21:12:19 +0200
curl (7.19.4-1) unstable; urgency=low
* New upstream release
* Fix "newer bdb version" <explain what you changed and why>
(Closes: #517277)
* resolve libtool version confusion, thanks to
Stefanos Harhalakis <email address hidden>
* add new dependency on libgcrypt11-dev due to newly arising binary symbols
-- Andreas Schuldei <email address hidden> Thu, 02 Apr 2009 23:35:45 +0200
| Superseded in lenny-release |
curl (7.18.2-8lenny2) stable-security; urgency=high * Non-maintainer upload by the security team * Update patch for CVE-2009-0037 to include missing header sections -- Steffen Joeris <email address hidden> Tue, 10 Mar 2009 06:18:42 +0000
curl (7.18.2-8.1) unstable; urgency=high
* Non-maintainer upload by the security team.
* Include upstream patch to prevent overwriting and reading arbitrary
local files or command execution via malicious redirects depending on
the setup curl is used in.
NOTE: This update introduces a new option called CURLOPT_REDIR_PROTOCOLS
which includes the protocols curl will follow on redirects, scp and file
are not included by default (CVE-2009-0037; Closes: #518423).
-- Nico Golde <email address hidden> Wed, 11 Mar 2009 15:33:08 +0100
curl (7.18.2-8) unstable; urgency=low
* Fix "Please add support for ldap/ldaps protocols"
by changing the linker option for liblber (Closes: #506096)
-- Andreas Schuldei <email address hidden> Fri, 26 Dec 2008 23:48:19 +0100
curl (7.18.2-7) unstable; urgency=low * disable c-ares support again, no fix yet, just get stuff working again. -- Andreas Schuldei <email address hidden> Tue, 15 Jul 2008 01:17:29 +0200
curl (7.18.2-5) unstable; urgency=low
* /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns
"-Wl, -z, defs" (Closes: #488701), closing same bug again for
curl-config --libs command
-- Andreas Schuldei <email address hidden> Wed, 02 Jul 2008 11:24:40 +0200
| 76 → 129 of 204 results | First • Previous • Next • Last |
