--- curl-7.18.0.orig/debian/libcurl3-gnutls.links +++ curl-7.18.0/debian/libcurl3-gnutls.links @@ -0,0 +1 @@ +usr/lib/libcurl-gnutls.so.4 usr/lib/libcurl-gnutls.so.3 --- curl-7.18.0.orig/debian/libcurl4-gnutls-dev.doc-base +++ curl-7.18.0/debian/libcurl4-gnutls-dev.doc-base @@ -0,0 +1,9 @@ +Document: libcurl4-gnutls-dev +Title: libcurl documentation +Author: Daniel Stenberg +Abstract: HTML version of all the manpages about libcurl +Section: Apps/devel + +Format: HTML +Index: /usr/share/doc/libcurl4-gnutls-dev/html/index.html +Files: /usr/share/doc/libcurl4-gnutls-dev/html/*.html --- curl-7.18.0.orig/debian/libcurl3.install +++ curl-7.18.0/debian/libcurl3.install @@ -0,0 +1 @@ +usr/lib/libcurl.so.4* --- curl-7.18.0.orig/debian/libcurl4-openssl-dev.docs +++ curl-7.18.0/debian/libcurl4-openssl-dev.docs @@ -0,0 +1,14 @@ +README +docs/BINDINGS +docs/BUGS +docs/CONTRIBUTE +docs/FAQ +docs/FEATURES +docs/HISTORY +docs/INTERNALS +docs/KNOWN_BUGS +docs/RESOURCES +docs/THANKS +docs/TODO +docs/VERSIONS +docs/TheArtOfHttpScripting --- curl-7.18.0.orig/debian/libcurl4-gnutls-dev.links +++ curl-7.18.0/debian/libcurl4-gnutls-dev.links @@ -0,0 +1,13 @@ +/usr/share/man/man3/curl_strequal.3 /usr/share/man/man3/curl_strnequal.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_maprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mfprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_msnprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_msprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvaprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvfprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvsnprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvsprintf.3 +/usr/lib/libcurl-gnutls.a /usr/lib/libcurl.a +/usr/lib/libcurl-gnutls.la /usr/lib/libcurl.la +/usr/lib/libcurl-gnutls.so /usr/lib/libcurl.so --- curl-7.18.0.orig/debian/libcurl4-gnutls-dev.examples +++ curl-7.18.0/debian/libcurl4-gnutls-dev.examples @@ -0,0 +1,34 @@ +docs/examples/Makefile.example +docs/examples/README +docs/examples/anyauthput.c +docs/examples/cacertinmem.c +docs/examples/cookie_interface.c +docs/examples/curlgtk.c +docs/examples/curlx.c +docs/examples/debug.c +docs/examples/fileupload.c +docs/examples/fopen.c +docs/examples/ftpget.c +docs/examples/ftpgetresp.c +docs/examples/ftpupload.c +docs/examples/getinfo.c +docs/examples/getinmemory.c +docs/examples/htmltidy.c +docs/examples/htmltitle.cc +docs/examples/http-post.c +docs/examples/httpput.c +docs/examples/https.c +docs/examples/multi-app.c +docs/examples/multi-debugcallback.c +docs/examples/multi-double.c +docs/examples/multi-post.c +docs/examples/multi-single.c +docs/examples/multithread.c +docs/examples/opensslthreadlock.c +docs/examples/persistant.c +docs/examples/post-callback.c +docs/examples/postit2.c +docs/examples/sepheaders.c +docs/examples/simple.c +docs/examples/simplepost.c +docs/examples/simplessl.c --- curl-7.18.0.orig/debian/libcurl4-gnutls-dev.install +++ curl-7.18.0/debian/libcurl4-gnutls-dev.install @@ -0,0 +1,6 @@ +usr/bin/curl-config +usr/lib/libcurl-gnutls.a +usr/lib/libcurl-gnutls.la +usr/lib/libcurl-gnutls.so +usr/lib/pkgconfig/libcurl.pc +usr/include --- curl-7.18.0.orig/debian/changelog.old-ssl +++ curl-7.18.0/debian/changelog.old-ssl @@ -0,0 +1,335 @@ + +curl-ssl (7.9.3-1) unstable; urgency=low + + * New upstream version: + - fixed wrong assumption on char signedness (Closes: #127013). + + -- Domenico Andreoli Thu, 24 Jan 2002 20:30:53 +0100 + +curl-ssl (7.9.2-1) unstable; urgency=low + + * New upstream version: + - two bad timeout matters in libcurl2-ssl are now solved. + + -- Domenico Andreoli Fri, 7 Dec 2001 17:00:04 +0100 + +curl-ssl (7.9.1-3) unstable; urgency=low + + * Fixed return type of Curl_ftpsendf(...) to CURLcode (Closes: #120488). + * Versions in debian/libcurl2-ssl.shlibs have been incremented to + ">= 7.9.1-1". + + -- Domenico Andreoli Thu, 22 Nov 2001 15:41:13 +0100 + +curl-ssl (7.9.1-2) unstable; urgency=low + + * Reverted to unpatched released 7.9.1 source tree, patch behavior + was weird. + + -- Domenico Andreoli Thu, 15 Nov 2001 18:07:58 +0100 + +curl-ssl (7.9.1-1) unstable; urgency=low + + * New upstream version. + * Applied upstream patch #478780 found on sourceforge, fixes libcurl + which didn't restore SIGALRM handler. + * Applied patch for patch #478780 of above, see bug #118595 in BTS. + Patch courtesy of Enrik Berkhan . + * Build-Depends reduced to what is strictly required for building. + autoconf, automake and libtool build dependencies are gone. + + -- Domenico Andreoli Fri, 9 Nov 2001 13:14:49 +0100 + +curl-ssl (7.9-1) unstable; urgency=low + + * New upstream version: + - output of "curl-config --libs" now includes -lcurl (Closes: #112825). + + -- Domenico Andreoli Wed, 26 Sep 2001 00:07:39 +0200 + +curl-ssl (7.8-3) unstable; urgency=low + + * Added libc6-dev and libssl-dev to libcurl2-ssl-dev dependencies + (Closes: #105918). + * Fixed lack of some FD_ZERO(...)s in lib/transfer.c. + + -- Domenico Andreoli Fri, 3 Aug 2001 16:36:11 +0200 + +curl-ssl (7.8-2) unstable; urgency=low + + * libcurl2-ssl.shlibs now includes version numbers. some new symbols + have been introduced in libcurl 7.8, so program linked against 7.8 + cannot work with older ones. + * IPv6 support is now enabled + * configure.in has been renamed to autoconf.ac to force the use of + autoconf 2.50 + + -- Domenico Andreoli Wed, 4 Jul 2001 23:49:36 +0200 + +curl-ssl (7.8-1) unstable; urgency=low + + * New upstream version. + * Applied patch for correct shared library versioning of libcurl, curl + 7.8 comes with broken shared library version out of the box. + Patch provided by upstream developer. + + -- Domenico Andreoli Sat, 9 Jun 2001 21:29:26 +0200 + +curl-ssl (7.7.3-3) unstable; urgency=low + + * Fixed manpages libcurl-ssl-dev with required simlinks. + + -- Domenico Andreoli Mon, 4 Jun 2001 14:46:32 +0200 + +curl-ssl (7.7.3-2) unstable; urgency=low + + * lib/url.c and lib/version.c are now fixed (Closes: #97709). + + -- Domenico Andreoli Fri, 18 May 2001 10:28:52 +0200 + +curl-ssl (7.7.3-1) unstable; urgency=low + + * New upstream version. + * Using dh_installman instead dh_installmanpages. + * Installing libcurl examples with dh_installexamples. + * Policy 3.5.3.0 compliant. + + -- Domenico Andreoli Thu, 10 May 2001 12:58:43 +0200 + +curl-ssl (7.7.2-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Tue, 24 Apr 2001 09:18:18 +0200 + +curl-ssl (7.7.1-2) unstable; urgency=low + + * Fixed a bug in debian/rules which made the build in "install" target + instead of "build" + + -- Domenico Andreoli Wed, 18 Apr 2001 12:24:15 +0200 + +curl-ssl (7.7.1-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Tue, 10 Apr 2001 13:26:39 +0200 + +curl-ssl (7.7-2) unstable; urgency=low + + * Adjusted curl-ssl pseudopackage description, it was not really good + english, now it should be better. :) + + -- Domenico Andreoli Thu, 29 Mar 2001 11:55:01 +0200 + +curl-ssl (7.7-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Fri, 23 Mar 2001 17:35:24 +0100 + +curl-ssl (7.6.1-5) unstable; urgency=low + + * Fixed debian/libcurl1-ssl.shlibs in order to solve any problem for + those packages which should depend on either libcurl1 or libcurl1-ssl. + I should have done it long time ago. + + -- Domenico Andreoli Tue, 13 Mar 2001 18:31:26 +0100 + +curl-ssl (7.6.1-4) unstable; urgency=low + + * Added versioned Build-Depend for debhelper. + + -- Domenico Andreoli Tue, 6 Mar 2001 15:17:09 +0100 + +curl-ssl (7.6.1-3) unstable; urgency=low + + * Switched to debhelper compatibility version 2. + * Fixed the overlapping manpages with libcurl1-ssl-dev (Closes: #86943, + #87196, #86866). + + -- Domenico Andreoli Fri, 23 Feb 2001 18:13:55 +0100 + +curl-ssl (7.6.1-2) unstable; urgency=low + + * Fixed the overlapping manpage with curl (Closes: #86866). + + -- Domenico Andreoli Thu, 22 Feb 2001 01:06:41 +0100 + +curl-ssl (7.6.1-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Tue, 13 Feb 2001 18:04:26 +0100 + +curl-ssl (7.6-2) unstable; urgency=low + + * Adjusted dependencies and added a dummy curl-ssl package in order to + smoothen the upgrade from potato (Closes: #84626). + * Fixed the section, it was non-US/main instead of the correct non-US. + + -- Domenico Andreoli Fri, 9 Feb 2001 13:44:43 +0100 + +curl-ssl (7.6-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Tue, 30 Jan 2001 16:52:44 +0100 + +curl-ssl (7.5.2-2) unstable; urgency=low + + * Trying to solve the dependency problem with libssl09, i made this + upload in order to fix dependencies problems arised for a ill-formed + upload of 7.5.2-1. + + -- Domenico Andreoli Mon, 22 Jan 2001 16:18:34 +0100 + +curl-ssl (7.5.2-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Mon, 15 Jan 2001 13:10:51 +0100 + +curl-ssl (7.5-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Mon, 4 Dec 2000 13:16:01 +0100 + +curl-ssl (7.4.2-2) unstable; urgency=low + + * This package doesn't provide a ssl-anabled curl, since it was + identical to the one with ssl disabled. curl is only a frontend + for libcurl and is not aware of any protocol, libcurl is. so what + is really different whether ssl is enabled or not is only libcurl. + * The workaround for libtool -rpath parameter is not required, so + it has been removed from configure.in (Closes: #78232). + * Removed "Suggests: " field in control file for libcurl0-ssl. It + suggested to install curl-ssl and libcurl-ssl-dev too but it really + doesn't make sense (this change was really applied in -1). + + -- Domenico Andreoli Tue, 28 Nov 2000 14:36:07 +0100 + +curl-ssl (7.4.2-1) unstable; urgency=low + + * New upstream version. + * Fixed wrong short description (Closes: #71787) + * Added libssl095a-dev in Build-Depends field (Closes: #76237) + + -- Domenico Andreoli Fri, 17 Nov 2000 16:19:38 +0100 + +curl-ssl (7.2.1-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Mon, 4 Sep 2000 01:23:58 +0200 + +curl-ssl (7.1-3) unstable; urgency=low + + * Added Suggests: field in control file for libcurl0-ssl. Now curl- + ssl and libcurl-ssl-dev are suggested upon installation of libcurl0- + ssl. + + -- Domenico Andreoli Mon, 14 Aug 2000 15:18:18 +0200 + +curl-ssl (7.1-2) unstable; urgency=low + + * Fixed a line that did not install development manpages. + + -- Domenico Andreoli Thu, 10 Aug 2000 14:32:23 +0200 + +curl-ssl (7.1-1) unstable; urgency=low + + * New upstrem version. + * libcurl is now a separate package, it provides shared libraries and + includes to allow developing for other applications. + + -- Domenico Andreoli Wed, 9 Aug 2000 01:21:25 +0200 + +curl-ssl (6.5.2-4) unstable; urgency=low + + * Some missing build dependecies (autoconf, automake, libtool) added. + + -- Domenico Andreoli Sat, 8 Jul 2000 00:13:16 +0200 + +curl-ssl (6.5.2-3) unstable; urgency=low + + * Due to some policy and technical restrictions, curl's source package + has been splitted again in two, one for main archive and one for non-US. + + -- Domenico Andreoli Tue, 4 Jul 2000 15:52:14 +0200 + +curl-ssl (6.5.2-2) unstable; urgency=low + + * Added a Build-Depends in order to compile curl-ssl only if + libssl09-dev is installed. + * Documentation reflects the new location of curl debian packages + home page (http://curl-deb.sourceforge.net). + * Corrected minor spelling errors in README.Debian. + + -- Domenico Andreoli Sat, 17 Jun 2000 01:13:19 +0200 + +curl-ssl (6.5.2-1) unstable; urgency=low + + * New upstream version. + * Now curl and curl-ssl binary packages are generated from the same + debian source package. + * Uploads and dowloads are now performed simultaneously (Closes: #56627). + + -- Domenico Andreoli Sat, 25 Mar 2000 01:06:35 +0100 + +curl-ssl (6.4-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Sun, 30 Jan 2000 02:21:32 +0100 + +curl-ssl (6.3.1-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Sat, 11 Dec 1999 17:38:13 +0100 + +curl-ssl (6.2-1) unstable; urgency=low + + * New upstream version. + * No hack to compile without SSL is required anymore. Fixed by + upstream maintainer. + + -- Domenico Andreoli Mon, 1 Nov 1999 00:37:32 +0100 + +curl-ssl (6.0-1) unstable; urgency=low + + * New upstream version. + + -- Domenico Andreoli Mon, 27 Sep 1999 22:28:13 +0200 + +curl-ssl (5.11-1.1) unstable; urgency=low + + * Put sources into the right section. + + -- Domenico Andreoli Mon, 30 Aug 1999 03:14:21 +0200 + +curl-ssl (5.11-1) unstable; urgency=low + + * Initial release. + + -- Domenico Andreoli Fri, 27 Aug 1999 11:50:04 +0200 + +curl-ssl (5.9-2) unstable; urgency=low + + * Moved to non-US, and compiled against ssl (closes #40099). + + -- Leon Breedt Sat, 3 Jul 1999 15:46:54 +0200 + +curl-ssl (5.9-1) unstable; urgency=low + + * New upstream version. + + -- Leon Breedt Sun, 23 May 1999 21:51:30 +0200 + +curl-ssl (5.8-1) unstable; urgency=low + + * Initial Release. + + -- Leon Breedt Sun, 9 May 1999 18:55:48 +0200 --- curl-7.18.0.orig/debian/libcurl3-gnutls.lintian-overrides +++ curl-7.18.0/debian/libcurl3-gnutls.lintian-overrides @@ -0,0 +1 @@ +libcurl3-gnutls: package-name-doesnt-match-sonames libcurl-gnutls4 --- curl-7.18.0.orig/debian/libcurl4-gnutls-dev.docs +++ curl-7.18.0/debian/libcurl4-gnutls-dev.docs @@ -0,0 +1,14 @@ +README +docs/BINDINGS +docs/BUGS +docs/CONTRIBUTE +docs/FAQ +docs/FEATURES +docs/HISTORY +docs/INTERNALS +docs/KNOWN_BUGS +docs/RESOURCES +docs/THANKS +docs/TODO +docs/VERSIONS +docs/TheArtOfHttpScripting --- curl-7.18.0.orig/debian/libcurl3.lintian-overrides +++ curl-7.18.0/debian/libcurl3.lintian-overrides @@ -0,0 +1 @@ +libcurl3: package-name-doesnt-match-sonames libcurl4 --- curl-7.18.0.orig/debian/libcurl3-gnutls.install +++ curl-7.18.0/debian/libcurl3-gnutls.install @@ -0,0 +1 @@ +usr/lib/libcurl-gnutls.so.4* --- curl-7.18.0.orig/debian/watch +++ curl-7.18.0/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://curl.haxx.se/download/curl-([\d\.]*).tar.gz --- curl-7.18.0.orig/debian/libcurl3-gnutls.docs +++ curl-7.18.0/debian/libcurl3-gnutls.docs @@ -0,0 +1,9 @@ +README +docs/BINDINGS +docs/BUGS +docs/FAQ +docs/FEATURES +docs/KNOWN_BUGS +docs/THANKS +docs/TODO +docs/VERSIONS --- curl-7.18.0.orig/debian/libcurl4-openssl-dev.examples +++ curl-7.18.0/debian/libcurl4-openssl-dev.examples @@ -0,0 +1,34 @@ +docs/examples/Makefile.example +docs/examples/README +docs/examples/anyauthput.c +docs/examples/cacertinmem.c +docs/examples/cookie_interface.c +docs/examples/curlgtk.c +docs/examples/curlx.c +docs/examples/debug.c +docs/examples/fileupload.c +docs/examples/fopen.c +docs/examples/ftpget.c +docs/examples/ftpgetresp.c +docs/examples/ftpupload.c +docs/examples/getinfo.c +docs/examples/getinmemory.c +docs/examples/htmltidy.c +docs/examples/htmltitle.cc +docs/examples/http-post.c +docs/examples/httpput.c +docs/examples/https.c +docs/examples/multi-app.c +docs/examples/multi-debugcallback.c +docs/examples/multi-double.c +docs/examples/multi-post.c +docs/examples/multi-single.c +docs/examples/multithread.c +docs/examples/opensslthreadlock.c +docs/examples/persistant.c +docs/examples/post-callback.c +docs/examples/postit2.c +docs/examples/sepheaders.c +docs/examples/simple.c +docs/examples/simplepost.c +docs/examples/simplessl.c --- curl-7.18.0.orig/debian/libcurl3.links +++ curl-7.18.0/debian/libcurl3.links @@ -0,0 +1 @@ +usr/lib/libcurl.so.4 usr/lib/libcurl.so.3 --- curl-7.18.0.orig/debian/libcurl4-openssl-dev.install +++ curl-7.18.0/debian/libcurl4-openssl-dev.install @@ -0,0 +1,6 @@ +usr/bin/curl-config +usr/lib/libcurl.a +usr/lib/libcurl.la +usr/lib/libcurl.so +usr/lib/pkgconfig/libcurl.pc +usr/include --- curl-7.18.0.orig/debian/libcurl4-gnutls-dev.manpages +++ curl-7.18.0/debian/libcurl4-gnutls-dev.manpages @@ -0,0 +1,43 @@ +docs/curl-config.1 +docs/libcurl/curl_easy_cleanup.3 +docs/libcurl/curl_easy_duphandle.3 +docs/libcurl/curl_easy_getinfo.3 +docs/libcurl/curl_easy_init.3 +docs/libcurl/curl_easy_perform.3 +docs/libcurl/curl_easy_reset.3 +docs/libcurl/curl_easy_setopt.3 +docs/libcurl/curl_easy_strerror.3 +docs/libcurl/curl_escape.3 +docs/libcurl/curl_formadd.3 +docs/libcurl/curl_formfree.3 +docs/libcurl/curl_free.3 +docs/libcurl/curl_getdate.3 +docs/libcurl/curl_getenv.3 +docs/libcurl/curl_global_cleanup.3 +docs/libcurl/curl_global_init.3 +docs/libcurl/curl_global_init_mem.3 +docs/libcurl/curl_mprintf.3 +docs/libcurl/curl_multi_add_handle.3 +docs/libcurl/curl_multi_cleanup.3 +docs/libcurl/curl_multi_fdset.3 +docs/libcurl/curl_multi_info_read.3 +docs/libcurl/curl_multi_init.3 +docs/libcurl/curl_multi_perform.3 +docs/libcurl/curl_multi_remove_handle.3 +docs/libcurl/curl_multi_strerror.3 +docs/libcurl/curl_share_cleanup.3 +docs/libcurl/curl_share_init.3 +docs/libcurl/curl_share_setopt.3 +docs/libcurl/curl_share_strerror.3 +docs/libcurl/curl_slist_append.3 +docs/libcurl/curl_slist_free_all.3 +docs/libcurl/curl_strequal.3 +docs/libcurl/curl_unescape.3 +docs/libcurl/curl_version.3 +docs/libcurl/curl_version_info.3 +docs/libcurl/libcurl-easy.3 +docs/libcurl/libcurl-errors.3 +docs/libcurl/libcurl-multi.3 +docs/libcurl/libcurl-share.3 +docs/libcurl/libcurl-tutorial.3 +docs/libcurl/libcurl.3 --- curl-7.18.0.orig/debian/compat +++ curl-7.18.0/debian/compat @@ -0,0 +1 @@ +5 --- curl-7.18.0.orig/debian/.pc/.version +++ curl-7.18.0/debian/.pc/.version @@ -0,0 +1 @@ +2 --- curl-7.18.0.orig/debian/rules +++ curl-7.18.0/debian/rules @@ -0,0 +1,132 @@ +#! /usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +# These are locations of quilt stuff +export QUILT_PATCHES=$(shell pwd)/debian/patches +export QUILT_PC=$(shell pwd)/debian/.pc + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH) +DEB_BUILD_ARCH_OS ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH_OS) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) + +DO_TEST=no +ifeq (${DEB_BUILD_GNU_TYPE},${DEB_HOST_GNU_TYPE}) +ifneq (${DEB_BUILD_ARCH},m68k) +ifneq (${DEB_BUILD_ARCH_OS},kfreebsd) +ifneq (${DEB_BUILD_ARCH_OS},knetbsd) +ifneq (${DEB_BUILD_ARCH_OS},hurd) +DO_TEST=yes +endif +endif +endif +endif +endif + +SHLIBS_VERSION=7.16.2-1 + +CONFIGURE_ARGS = --host=${DEB_HOST_GNU_TYPE} --build=${DEB_BUILD_GNU_TYPE} --prefix=/usr --mandir=/usr/share/man --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt --disable-dependency-tracking --enable-ipv6 --enable-ldaps --enable-manual --enable-versioned-symbols + +ifneq (${DEB_BUILD_ARCH_OS},hurd) +GSSAPI_ARGS += --with-gssapi=/usr +endif + +build: build-stamp + +#configure-stamp: DH_OPTIONS= +configure-stamp: + dh_testdir + mkdir -p debian/build debian/build-gnutls + + quilt push versioned + tar -cf - --exclude=debian . | tar -xf - -C debian/build + + quilt push gnutls + tar -cf - --exclude=debian . | tar -xf - -C debian/build-gnutls + + for flavour in build build-gnutls; do \ + (cd debian/$$flavour && libtoolize --copy --force && aclocal-1.9 && automake-1.9 && autoconf) \ + done + + cd debian/build && ./configure ${CONFIGURE_ARGS} ${GSSAPI_ARGS} + cd debian/build-gnutls && ./configure ${CONFIGURE_ARGS} ${GSSAPI_ARGS} --without-ssl --with-gnutls --without-libssh2 + touch configure-stamp + +#build-stamp: DH_OPTIONS= +build-stamp: configure-stamp + dh_testdir + ${MAKE} -C debian/build + ${MAKE} -C debian/build-gnutls + +ifeq (${DO_TEST},yes) + -${MAKE} -C debian/build test + -${MAKE} -C debian/build-gnutls test +endif + + touch build-stamp + +clean: + dh_testdir + dh_testroot + -quilt pop -a + rm -rf build-stamp configure-stamp debian/build debian/build-gnutls debian/tmp-gnutls + dh_clean debian/shlibs.local + +#install: DH_OPTIONS= +install: build-stamp + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + ${MAKE} -C debian/build DESTDIR=$(shell pwd)/debian/tmp install + ${MAKE} -C debian/build-gnutls DESTDIR=$(shell pwd)/debian/tmp-gnutls install + dh_install -plibcurl3-gnutls -plibcurl4-gnutls-dev --sourcedir=debian/tmp-gnutls + dh_install -Nlibcurl3-gnutls -Nlibcurl4-gnutls-dev --sourcedir=debian/tmp + install -m 644 debian/libcurl3-gnutls.lintian-overrides debian/libcurl3-gnutls/usr/share/lintian/overrides/libcurl3-gnutls + install -m 644 debian/libcurl3.lintian-overrides debian/libcurl3/usr/share/lintian/overrides/libcurl3 + +# Build architecture-independent files here. +#binary-indep: DH_OPTIONS=-i +binary-indep: build-stamp install +# We have nothing to do here. + +# Build architecture-dependent files here. +#binary-arch: DH_OPTIONS=-a +binary-arch: build-stamp install + dh_testdir + dh_testroot + dh_installdocs + for package in libcurl4-openssl-dev libcurl4-gnutls-dev; do \ + install -m 644 docs/libcurl/libcurl.m4 debian/$${package}/usr/share/aclocal; \ + for doc_ext in html pdf; do \ + install -m 644 docs/*.$${doc_ext} debian/$${package}/usr/share/doc/$${package}/$${doc_ext}; \ + install -m 644 docs/libcurl/*.$${doc_ext} debian/$${package}/usr/share/doc/$${package}/$${doc_ext}/libcurl; \ + done; \ + done + dh_installman + dh_installexamples + dh_installchangelogs CHANGES + dh_link + dh_strip -Nlibcurl3 -Nlibcurl3-gnutls + dh_strip -plibcurl3 -plibcurl3-gnutls --dbg-package=libcurl3-dbg + dh_compress + dh_fixperms + echo "libcurl 4 libcurl3 (>= $(SHLIBS_VERSION))" > debian/shlibs.local + dh_makeshlibs -plibcurl3 -V "libcurl3 (>= $(SHLIBS_VERSION))" + dh_makeshlibs -plibcurl3-gnutls -V "libcurl3-gnutls (>= $(SHLIBS_VERSION))" + dh_installdeb + dh_shlibdeps + dh_md5sums + dh_gencontrol + dh_builddeb + +binary: binary-indep binary-arch + +.PHONY: binary binary-arch binary-indep build clean install --- curl-7.18.0.orig/debian/changelog +++ curl-7.18.0/debian/changelog @@ -0,0 +1,1290 @@ +curl (7.18.0-1ubuntu2.4) hardy-security; urgency=low + + * SECURITY UPDATE: Incorrect cookie domain handling in tailmatch() + - debian/patches/curl-tailmatch.patch: enforce strict subdomain match + when sending cookies. Patch from YAMADA Yasuharu. + - http://curl.haxx.se/curl-tailmatch.patch + - CVE-2013-1944 + + -- Seth Arnold Thu, 11 Apr 2013 14:11:37 -0700 + +curl (7.18.0-1ubuntu2.3) hardy-security; urgency=low + + * SECURITY UPDATE: libcurl unconditional credential delegation during + GSSAPI authentication vulnerability. + - debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch: + do not delegate credentials when doing GSSAPI authentication + - CVE-2011-2192 + * SECURITY UPDATE: libcurl zlib automatic decompression callback + data buffer overflow + - debian/patches/libcurl-contentencoding.patch: restrict amount of + callback data sent to an application + - CVE-2010-0734 + * SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte. + - debian/patches/series: adjust patch ordering so that + debian/patches/cert-null-cn gets applied at build time + - CVE-2009-2417 + + -- Steve Beattie Wed, 08 Jun 2011 16:51:02 -0700 + +curl (7.18.0-1ubuntu2.2) hardy-security; urgency=low + + * SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte. + - add debian/patches/cert-null-cn: backported upstream changes. + - CVE-2009-2417 + + -- Kees Cook Thu, 13 Aug 2009 09:12:09 -0700 + +curl (7.18.0-1ubuntu2.1) hardy-security; urgency=low + + * SECURITY UPDATE: Local file exposure via redirect + - debian/patches/security-CVE-2009-0037.patch: add logic to + include/curl/curl.h, lib/{easy,url}.c and lib/urldata.h to limit what + protocols curl will automatically follow via a redirect. By default, it + now follows all protocols except FILE and SCP. + - CVE-2009-0037 + + -- Marc Deslauriers Thu, 26 Feb 2009 15:22:47 -0500 + +curl (7.18.0-1ubuntu2) hardy; urgency=low + + * Use automake-1.9, as used by upstream. + + -- Matthias Klose Fri, 08 Feb 2008 13:24:07 +0000 + +curl (7.18.0-1ubuntu1) hardy; urgency=low + + * Merge from Debian; remaining changes: + - Drop the stunnel build dependency. + - Drop the build-dependency on libdb4.5-dev, add build-dependency on + openssh-server. + - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends. + + -- Matthias Klose Fri, 08 Feb 2008 11:20:41 +0000 + +curl (7.18.0-1) unstable; urgency=low + + * New upstream release. + * Use Homepage field in debian/control. + + -- Domenico Andreoli Tue, 29 Jan 2008 02:16:25 +0100 + +curl (7.17.1-1ubuntu4) hardy; urgency=low + + * No-change rebuild against libldap-2.4-2. + + -- Steve Langasek Tue, 22 Jan 2008 17:17:51 +0000 + +curl (7.17.1-1ubuntu3) hardy; urgency=low + + * And drop libssh2-1-dev from libcurl4-openssl-dev's Depends. + + -- Steve Kowalik Fri, 21 Dec 2007 00:55:12 +1100 + +curl (7.17.1-1ubuntu2) hardy; urgency=low + + * Drop libssh2-1-dev (universe) from Build-Depends (LP: #175891). + + -- Michael Bienia Wed, 12 Dec 2007 16:27:27 +0100 + +curl (7.17.1-1ubuntu1) hardy; urgency=low + + * Merge with Debian; remaining changes: + - Drop the stunnel build dependency. + * Drop the build-dependency on libdb4.5-dev, add build-dependency on + openssh-server. + + -- Matthias Klose Tue, 04 Dec 2007 01:09:30 +0100 + +curl (7.17.1-1) unstable; urgency=low + + * New upstream release: + - fixed bad use of "its" in curl.1 (closes: #443734) + - fixed curl_easy_escape() with input bytes that are >= 0x80 + (closes: #445214) + + -- Domenico Andreoli Wed, 31 Oct 2007 01:12:54 +0100 + +curl (7.17.0-1) unstable; urgency=low + + * New upstream release. + * Updated to use libssh2-1-dev (closes: #441979, #442198). + * Do not run the test suite on hurd (closes: #433834). + * Enabled support for LDAPS protocol. + + -- Domenico Andreoli Fri, 14 Sep 2007 00:24:21 +0200 + +curl (7.16.4-5) unstable; urgency=low + + * libcurl4-openssl-dev now depends on libssh2-0-dev. + closes: #439317, #439326. + + -- Domenico Andreoli Fri, 24 Aug 2007 18:13:17 +0200 + +curl (7.16.4-4) unstable; urgency=low + + * Build libcurl/GnuTLS without libssh2 because of the usual OpenSSL + vs. GPL software lincense conflict (closes: #439176). + + -- Domenico Andreoli Thu, 23 Aug 2007 23:47:35 +0200 + +curl (7.16.4-3) unstable; urgency=low + + * Added support for scp and SFTP protocols. + + -- Domenico Andreoli Wed, 22 Aug 2007 00:48:32 +0200 + +curl (7.16.4-2ubuntu1) gutsy; urgency=low + + * Merge with Debian; remaining changes: + - Drop the stunnel build dependency. + + -- Matthias Klose Thu, 09 Aug 2007 09:16:47 +0200 + +curl (7.16.4-2) unstable; urgency=low + + * Fixed regression with FTP sites not requesting PASS (closes: #435771). + + -- Domenico Andreoli Sat, 04 Aug 2007 02:04:40 +0200 + +curl (7.16.4-1) unstable; urgency=low + + * New upstream release (closes: #432514). + * Welcome Andreas to the curl packagers! + * Build-Depends is now more backporting friendly. + + -- Domenico Andreoli Wed, 18 Jul 2007 16:44:30 +0200 + +curl (7.16.2-6ubuntu5) gutsy; urgency=low + + * Added debian/patches/gnutls-verifications: actually perform expiration + and activation verifications (CVE-2007-3564). + + -- Kees Cook Wed, 27 Jun 2007 12:16:00 -0700 + +curl (7.16.2-6ubuntu4) gutsy; urgency=low + + * Completly revert the two previous changes - libcurl's symbols are + versioned. + + -- Steve Kowalik Wed, 4 Jul 2007 18:25:14 +1000 + +curl (7.16.2-6ubuntu3) gutsy; urgency=low + + * Add Conflicts and Replaces on older versions of libcurl4{,-gnutls} for + libcurl3{,-gnutls} so that upgrades don't blow up. + + -- Steve Kowalik Wed, 4 Jul 2007 11:56:50 +1000 + +curl (7.16.2-6ubuntu2) gutsy; urgency=low + + * Provide two transitional packages, libcurl4 and libcurl4-gnutls that + depend on their libcurl3 counterparts. + * Stop libcurl3 and libcurl3-gnutls Conflicting and Providing their + libcurl4 counterparts. + + -- Steve Kowalik Tue, 3 Jul 2007 19:03:20 +1000 + +curl (7.16.2-6ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable + * Remaining Ubuntu changes: + - Drop the stunnel build dependency. + + -- Steve Kowalik Tue, 3 Jul 2007 01:16:24 +1000 + +curl (7.16.2-6) unstable; urgency=low + + * Added missing libcurl3 symlinks (closes: #429945) + Patch courtesy of Bryan Donlan. + + -- Domenico Andreoli Sat, 23 Jun 2007 00:39:20 +0200 + +curl (7.16.2-5ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable + * Remaining Ubuntu changes: + - Drop the stunnel build dependency. + + -- Steve Kowalik Mon, 2 Jul 2007 22:38:33 +1000 + +curl (7.16.2-5) unstable; urgency=low + + [ Steve Langasek ] + * Re-introduce curl3 symbol versions and rename the packages back to + libcurl3*, restoring ABI compatibility with the etch version of the + package. + + [ Domenico Andreoli ] + * Package libcurl4-gnutls-dev now suggests libcurl3-dbg. + * libcurl3-dbg replaces/conflict/provide libcurl4-dbg. + * Properly use ${binary:Version} in control file. + + -- Domenico Andreoli Wed, 20 Jun 2007 17:52:38 +0200 + +curl (7.16.2-4ubuntu1) gutsy; urgency=low + + * Merge with Debian; remaining changes: + - Drop the stunnel build dependency. + + -- Matthias Klose Mon, 11 Jun 2007 19:02:21 +0200 + +curl (7.16.2-4) unstable; urgency=low + + * Fixed configure.ac in case of build with GNUTLS (closes: #425013). + * Fixed double-free bug (closes: #424894). + Patch courtesy of Daniel Stenberg. + + -- Domenico Andreoli Sun, 20 May 2007 01:15:01 +0200 + +curl (7.16.2-3ubuntu1) gutsy; urgency=low + + * Merge with Debian; remaining changes: + - Drop the stunnel build dependency. + + -- Matthias Klose Wed, 16 May 2007 15:16:54 +0200 + +curl (7.16.2-3) unstable; urgency=low + + * Updated to db4.5 (closes: #421933). + * Got rid of unused libcomerr2 dependency (closes: #392294). + + -- Domenico Andreoli Tue, 08 May 2007 08:46:21 +0200 + +curl (7.16.2-2) experimental; urgency=low + + * Improved package descriptions (closes: #410472). + * Updated package Provides to ease the soname transition. + + -- Domenico Andreoli Fri, 27 Apr 2007 15:37:44 +0200 + +curl (7.16.2-1) experimental; urgency=low + + * New upstream release. + * libcurl4-openssl-dev now depends on libcurl4-openssl (closes: #419774). + * Bumped shlibs version to 7.16.2-1. + * Patches are now managed with quilt. + + -- Domenico Andreoli Wed, 18 Apr 2007 09:29:48 +0200 + +curl (7.16.1-1) experimental; urgency=low + + * New upstream release. + * Bumped shlibs version to 7.16.1-1. + * Added HIDDEN section to version script to handle any __*, _rest or + _save* local symbol. + * Gopher protocol is not supported since 7.15.2. Removed any reference + in package description (closes: #408704). + * Moved libcurl/openssl to the new package libcurl4-openssl, now + libcurl4 contains a version with no SSL or GSSAPI support (any + future cryptographic stuff will be kept out of there). + * Package libcurl4-dev now contains the matching headers for libcurl4 + (so crypto stuff). + + -- Domenico Andreoli Thu, 1 Feb 2007 12:49:32 +0100 + +curl (7.16.0-1) experimental; urgency=low + + * New upstream release. + * Bumped shlibs version to 7.16.0-1. + * libcurl4 and libcurl4-gnutls now only recommend ca-certificates + (closes: #404103). + * pkg-config .pc file now uses Libs.private (closes: #405226). + + -- Domenico Andreoli Fri, 26 Jan 2007 14:26:55 +0100 + +curl (7.15.5-1ubuntu2) feisty; urgency=low + + * Rebuild for changes in the amd64 toolchain. + * Set Ubuntu maintainer address. + + -- Matthias Klose Mon, 5 Mar 2007 01:14:05 +0000 + +curl (7.15.5-1ubuntu1) feisty; urgency=low + + * Merge from debian unstable. Remaining Ubuntu changes: + - debian/control: Drop libdb4.2 build dependency. + + -- Martin Pitt Mon, 30 Oct 2006 10:56:48 +0100 + +curl (7.15.5-1) unstable; urgency=low + + * New upstream release: + - fixed nodes removal from the splay tree (closes: #375076). + * Make package build also if $TAPE is set (closes: #377470). + * Bumped shlibs version to 7.15.5-1. + + -- Domenico Andreoli Mon, 7 Aug 2006 10:26:13 +0200 + +curl (7.15.4-1ubuntu1) edgy; urgency=low + + * Synchronize to Debian. Only change left: Removal of stunnel and + libdb4.2-dev build dependencies. + + -- Martin Pitt Thu, 29 Jun 2006 15:04:24 +0200 + +curl (7.15.4-1) unstable; urgency=low + + * New upstream release. + * Bumped shlibs version to 7.15.4-1. + + -- Domenico Andreoli Wed, 14 Jun 2006 14:41:16 +0200 + +curl (7.15.3-2) unstable; urgency=low + + * Fixed bug in configure.ac that makes FTBFS (closes: #367954). + + -- Domenico Andreoli Wed, 31 May 2006 15:18:26 +0200 + +curl (7.15.3-1) unstable; urgency=high + + * New upstream release: + - fixed TFTP packet buffer overflow vulnerability + [lib/tftp.c, CVE-2006-1061]. + - improved curl_getenv.3 manpage grammar (closes: #357388). + + -- Domenico Andreoli Mon, 20 Mar 2006 11:46:25 +0100 + +curl (7.15.2-3) unstable; urgency=low + + * Applied upstream patch to fix multi interface and multi-part formposts + (closes: #355715). + * Build back with -O2, gcc 4.0.2-10 fixed the previously trigged bug. + + -- Domenico Andreoli Wed, 8 Mar 2006 15:29:15 +0100 + +curl (7.15.2-2) unstable; urgency=low + + * Added missing autotools invocation. Re-added versioned symbols + (closes: #355241). + * Bumped shlibs version to 7.15.2-2. + * Build with -O3 to work around sospicious segfaults on tests 253 + and 255. + + -- Domenico Andreoli Sat, 4 Mar 2006 22:47:23 +0100 + +curl (7.15.2-1) unstable; urgency=low + + * New upstream release. + * Bumped shlibs version to 7.15.2-1. + * Adopted debhelper's compatibility level 5. + + -- Domenico Andreoli Wed, 1 Mar 2006 16:12:51 +0100 + +curl (7.15.1-1ubuntu2) dapper; urgency=low + + * SECURITY UPDATE: Arbitrary remote code execution with long tftp:// URLs. + * lib/tftp.c: Fix unbounded sprintf() to avoid buffer overflow. Thanks to + Ulf Harnhammar for discovering this. + * CVE-2006-1061 + + -- Martin Pitt Thu, 16 Mar 2006 11:30:25 +0100 + +curl (7.15.1-1ubuntu1) dapper; urgency=low + + * Resynchronise with Debian to get URL parser overflow fix from 7.15.1 + (CVE-2005-4077). + + -- Martin Pitt Mon, 12 Dec 2005 15:04:52 +0100 + +curl (7.15.1-1) unstable; urgency=low + + * New upstream release: + - fixed buffer overflow in URL parser function (closes: #342339). + + -- Domenico Andreoli Wed, 7 Dec 2005 11:11:38 +0100 + +curl (7.15.0-5.1) unstable; urgency=high + + * Non-maintainer upload. + * Urgency high for RC bug fix. + * Let libcurl3-*-dev depend on libkrb5-dev (closes: #340784, #340916). + + -- Luk Claes Sun, 4 Dec 2005 11:59:20 +0100 + +curl (7.15.0-5) unstable; urgency=low + + * libcurl3-gnutls-dev and libcurl3-openssl-dev now only recommend + libkrb5-dev (closes: #334888). + * Applied upstream patch to fix error message in case FTP-path does + not exist (closes: #338680). + * Applied upstream patch to fix parsing of --limit-rate command line + option (closes: #338681). + + -- Domenico Andreoli Fri, 25 Nov 2005 10:30:25 +0100 + +curl (7.15.0-4ubuntu1) dapper; urgency=low + + * Resynchronise with Debian (only change left: Removal of stunnel build + dependency). + * Remove libdb4.2-dev build dependency. + + -- Martin Pitt Thu, 10 Nov 2005 17:44:35 -0500 + +curl (7.15.0-4) unstable; urgency=low + + * Fixed output of curl-config --vernum (closes: #335296). + * libcurl3-openssl-dev now replaces libcurl3-dev older than 7.14.1-1 + (closes: #335277). + + -- Domenico Andreoli Tue, 25 Oct 2005 11:48:53 +0200 + +curl (7.15.0-3) unstable; urgency=low + + * libcurl3 and libcurl3-gnutls now suggest libldap2 (closes: #294407). + + * Re-introduced libcurl3-dev package for transition reasons. + + -- Domenico Andreoli Wed, 19 Oct 2005 12:45:43 +0200 + +curl (7.15.0-2) unstable; urgency=low + + * Fixed depends of libcurl3-*-dev packages (closes: #334021, #333609, #334048). + * Bumped shlibs version to 7.15.0-1 (closes: #334053). + + -- Domenico Andreoli Sun, 16 Oct 2005 15:34:40 +0200 + +curl (7.15.0-1) unstable; urgency=low + + * New upstream release: + - fixed user+domain name buffer overflow in the NTLM code + (CAN-2005-3185, closes: #333734). + - libcurl3-*-dev packages now depend on libkrb5-dev (closes: #333609). + - improved docs about curl_easy_setopt() and ERRORBUFFER (closes: #329313). + + -- Domenico Andreoli Fri, 14 Oct 2005 13:32:06 +0200 + +curl (7.14.1-5) unstable; urgency=low + + * Added build dependency on libtool (closes: #332729, #333174). + + -- Domenico Andreoli Tue, 11 Oct 2005 10:05:36 +0200 + +curl (7.14.1-4) unstable; urgency=low + + * Fixed SEE ALSO section in curl_excape.3 (closes: #331505). + * Fixed configure.ac when --host=i586-mingw32msvc is given (closes: #329444). + * Added missing example files (closes: #331722). + * Updated build dependency for OpenSSL 0.9.8 transition. + + -- Domenico Andreoli Mon, 10 Oct 2005 12:43:25 +0200 + +curl (7.14.1-3) experimental; urgency=low + + * Fixed soname of libcurl-gnutls.so* variant. + * Fixed broken sentence (closes: #329305). + * Fixed reference to TheArtOfHttpScripting.gz (closes: #329299). + * Added clarification about WRITEFUNCTION and WRITEDATA (closes: #329311). + + -- Domenico Andreoli Wed, 28 Sep 2005 17:13:51 +0200 + +curl (7.14.1-2) experimental; urgency=low + + * Started using the system-wide CA certificate file (closes: #308514). + * Fixed apostrophe typos in the curl man page (closes: #326511). + * Only curl_* symbols are now globally visible outside of libcurl. + + -- Domenico Andreoli Sat, 17 Sep 2005 23:52:28 +0200 + +curl (7.14.1-1) experimental; urgency=low + + * New upstream release. + * libcurl3-gnutls has a modified soname and may be installed together + with libcurl3 (closes: #318590). + * Both libcurl3 and libcurl3-gnutls are built with versioned symbols + and with support of GSSAPI authentication. + * Renamed libcurl3-dev to libcurl3-openssl-dev. + * Dropped package libcurl3-gssapi. + + -- Domenico Andreoli Thu, 15 Sep 2005 23:59:32 +0200 + +curl (7.14.0-5) unstable; urgency=low + + * Added libcurl3-gnutls and libcurl3-gnutls-dev packages (closes: #318590). + * libcurl3-gssapi now has its own shlibs file. Packages built with this + package installed will depend on it. + + -- Domenico Andreoli Thu, 18 Aug 2005 02:26:38 +0200 + +curl (7.14.0-4) unstable; urgency=low + + * OpenSSL is back (closes: #321294, #321391). + + -- Domenico Andreoli Fri, 5 Aug 2005 23:34:45 +0200 + +curl (7.14.0-3) unstable; urgency=low + + * Updated the use of dpkg-architecture (closes: #320046). + * Added missing aclocal file libcurl.m4 to libcurl3-dev (closes: #315848). + * Added (many) missing man pages (closes: #315850). + * OpenSSL is replaced by GnuTLS in providing SSL support (closes: #318590). + * Heimdal is replaced by MIT Kerberos in providing GSSAPI support. + + -- Domenico Andreoli Tue, 2 Aug 2005 22:34:01 +0200 + +curl (7.14.0-2ubuntu1) breezy; urgency=low + + * Synchronize with Debian. + + -- Matthias Klose Tue, 26 Jul 2005 19:03:01 +0200 + +curl (7.14.0-2) unstable; urgency=low + + * Rebuilt and uploaded to unstable. + + -- Domenico Andreoli Wed, 15 Jun 2005 11:41:32 +0200 + +curl (7.14.0-1) experimental; urgency=low + + * New upstream release. + + -- Domenico Andreoli Tue, 17 May 2005 10:42:35 +0200 + +curl (7.13.2-3) unstable; urgency=high + + * HTTP response headers with null bytes are now correctly managed + (closes: #310948). + + -- Domenico Andreoli Fri, 3 Jun 2005 23:59:30 +0200 + +curl (7.13.2-2) unstable; urgency=low + + * Fixed conditional build of package libcurl3-gssapi + (closes: #303939, #303953). + + -- Domenico Andreoli Mon, 11 Apr 2005 19:00:27 +0200 + +curl (7.13.2-1) unstable; urgency=low + + * New upstream release: + - fixed curl man page typos (closes: #302820). + + -- Domenico Andreoli Tue, 5 Apr 2005 14:41:13 +0200 + +curl (7.13.1-3) unstable; urgency=low + + * Fixed hanging of some SSL connections (closes: #302366). + + -- Domenico Andreoli Thu, 31 Mar 2005 16:27:41 +0200 + +curl (7.13.1-2) unstable; urgency=low + + * Rebuilt to get the correct libidn11 dependency (closes: #299348). + * Added some missing documentation files (closes: #298855). + + -- Domenico Andreoli Wed, 16 Mar 2005 14:30:03 +0100 + +curl (7.13.1-1) unstable; urgency=low + + * New upstream release. + * Bumped up shlibs version for libcurl3 because of new curl options. + + -- Domenico Andreoli Fri, 4 Mar 2005 16:03:17 +0100 + +curl (7.13.0-2) unstable; urgency=high + + * Fixed NTLM Authentication buffer overflow (closes: #296678). + Patch courtesy of Daniel Stenberg. This handles CAN-2005-0490. + * Removed libcurl2* packages and all the scary stuff used to build them + (closes: #274631). + + -- Domenico Andreoli Thu, 24 Feb 2005 10:07:22 +0100 + +curl (7.13.0-1) unstable; urgency=low + + * New upstream release. + * libcurl3 now suggests package libldap2-dev to enable support for + LDAP protocol. + * Bumped up shlibs version for libcurl3 because of new curl options. + + -- Domenico Andreoli Sat, 5 Feb 2005 10:39:52 +0100 + +curl (7.12.3-2ubuntu3) hoary; urgency=low + + * Fix the version numbers internal to debian/rules. Closes; #8088 + + -- LaMont Jones Wed, 23 Mar 2005 18:41:29 -0700 + +curl (7.12.3-2) unstable; urgency=low + + * Disabled test suite on m68k, it stalls. + + -- Domenico Andreoli Thu, 30 Dec 2004 11:11:48 +0100 + +curl (7.12.3-1) unstable; urgency=low + + * New upstream release: + - fixed debug tracing to network socket is stderr is closed + (closes: #278691). + * Applied patch to fix getpass license problems (closes: #286794). + Patch courtesy of Daniel Stenberg. + * Bumped up shlibs version for libcurl3 because of new curl options. + + -- Domenico Andreoli Mon, 27 Dec 2004 12:50:30 +0100 + +curl (7.12.2-2) unstable; urgency=low + + * libcurl3-dbg package is now built by dh_strip --dbg-package + (closes: #274710). + * Added build dependency on libdb4.2-dev. + + -- Domenico Andreoli Thu, 4 Nov 2004 11:36:17 +0100 + +curl (7.12.2-1) unstable; urgency=low + + * New upstream release. + * Update diff to 7.11.2. + * Add debian/watch file. + * Add myself as a uploader. + + -- Matthias Klose Wed, 3 Nov 2004 00:55:52 +0100 + +curl (7.12.1-1) unstable; urgency=low + + * New upstream release: + - workaround for ASN1_STRING_to_UTF8 failing if input is already + UTF-8 encoded (closes: #264711). + * Bumped up shlibs version for libcurl3 because of the introduction + of FTP 3rd party transfer support options. + + -- Domenico Andreoli Tue, 10 Aug 2004 11:40:29 +0200 + +curl (7.12.0.rel-6) unstable; urgency=low + + * In rebuilding the 7.11.2 tree starting from the 7.12.0 one, + lib/getdate.y is patched before lib/getdate.c (closes: #262597). + + -- Domenico Andreoli Sun, 1 Aug 2004 17:59:57 +0200 + +curl (7.12.0.rel-5) unstable; urgency=low + + * Tests are performed only if build target and building host are the + same and are not kfreebsd-gnu or knetbsd-gnu (closes: #261591). + * On hurd-i386 libcurl3-gssapi is not built. + + -- Domenico Andreoli Thu, 29 Jul 2004 15:17:51 +0200 + +curl (7.12.0.rel-4) unstable; urgency=low + + * Added build dependency on groff-base to really build the built-in + manual. + * libcurl3 now replaces old libcurl2 versions (closes: #255262). + + -- Domenico Andreoli Tue, 20 Jul 2004 11:40:09 +0200 + +curl (7.12.0.rel-3) unstable; urgency=low + + * Enabled curl's built-in manual. + * configure script for 7.11.2 is now managed correctly. + + -- Domenico Andreoli Sun, 18 Jul 2004 22:25:00 +0200 + +curl (7.12.0.rel-2) unstable; urgency=low + + * libcurl2 uses curl-ca-bundle-7.11.2.crt (closes: #255262). + Yes, it is a hack to not add libcurl-common package right now. + + -- Domenico Andreoli Sun, 18 Jul 2004 16:40:45 +0200 + +curl (7.12.0.rel-1) experimental; urgency=low + + * Version 7.12.0 is back with proper libcurl3* packages. + * libcurl2* 7.11.2 packages are still provided (closes: #252879). + * Enabled again the support for libidn. + + -- Domenico Andreoli Sun, 6 Jun 2004 23:09:33 +0200 + +curl (7.12.0.is.7.11.2-1) unstable; urgency=low + + * Reverted to version 7.11.2 (closes: #252348). + * Disabled support for libidn (closes: #252367). This is to leave + curl in unstable as much similar as possible to the one in testing. + + -- Domenico Andreoli Fri, 4 Jun 2004 19:09:25 +0200 + +curl (7.12.0-1) unstable; urgency=low + + * New upstream release: + - fixed minor man page problem (closes: #232928) + - improved --create-dirs description in curl man page (closes: #251351) + * Enabled support for libidn. + + -- Domenico Andreoli Wed, 2 Jun 2004 18:06:05 +0200 + +curl (7.11.2-2) unstable; urgency=low + + * Fixed curl.1 man page (closes: #232928). + Patch courtesy of Daniel Stenberg, the upstream developer. + + -- Domenico Andreoli Tue, 27 Apr 2004 19:47:09 +0200 + +curl (7.11.2-1) unstable; urgency=low + + * New upstream release. + * Bumped up shlibs version because of the introduction of + CURLOPT_TCP_NODELAY option. + + -- Domenico Andreoli Mon, 26 Apr 2004 14:14:20 +0200 + +curl (7.11.1-2) unstable; urgency=low + + * Added GSSAPI support to package libcurl2-gssapi (closes: #241553). + + -- Domenico Andreoli Fri, 2 Apr 2004 18:03:15 +0200 + +curl (7.11.1-1) unstable; urgency=low + + * New upstream release. + * Bumped up shlibs version because of the introduction of + CURLOPT_POSTFIELDSIZE_LARGE option. + + -- Domenico Andreoli Fri, 19 Mar 2004 11:39:07 +0100 + +curl (7.11.0-4) unstable; urgency=low + + * Applied fix from upstream's CVS which adds another CRLF in + chunked-transfers. + + -- Domenico Andreoli Sun, 1 Feb 2004 13:19:02 +0100 + +curl (7.11.0-3) unstable; urgency=low + + * "Fixed" build process, now the right file is searched for CA + certificates (closes: #228182). + + -- Domenico Andreoli Sat, 31 Jan 2004 20:06:10 +0100 + +curl (7.11.0-2) unstable; urgency=low + + * Test suite is still performed but is not critical for the build + being successful any more. + + -- Domenico Andreoli Fri, 30 Jan 2004 13:03:03 +0100 + +curl (7.11.0-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Sun, 25 Jan 2004 17:50:43 +0100 + +curl (7.10.8+7.11.0-pre1-1) unstable; urgency=low + + * New upstream pre-release: + - proxy+ssl now passes post variables (closes: #222901) + - various test case problems exposed in #222140 should now be fixed. + * Bumped up shlibs version because of the introduction of + CURLOPT_NETRC_FILE and CURLOPT_FTP_SSL options in libcurl. + + -- Domenico Andreoli Wed, 14 Jan 2004 17:35:46 +0100 + +curl (7.10.8-1) unstable; urgency=low + + * New upstream release: + - fixed LDAP support (closes: #149609) + - cleaner environment for testsuite execution (closes: #210253) + - fixed lib/Makefile.am's use of LDFLAGS (closes: #212086) + - fixed name clash in curl.h with respect to unistd.h (closes: #213180) + - fixed typo in curl manpage (closes: #218046). + * Bumped up shlibs version because of new libcurl options. + * Added stunnel to the Build-Depends in order to enable SSL test cases. + + -- Domenico Andreoli Mon, 3 Nov 2003 10:26:12 +0100 + +curl (7.10.7-2) unstable; urgency=low + + * Fixed bug in cache_resolv_response on alpha and ia64 (closes: #207174). + Patch courtesy of Jurij Smakov. + + -- Domenico Andreoli Mon, 8 Sep 2003 21:55:46 +0200 + +curl (7.10.7-1) unstable; urgency=low + + * New upstream release. + * Bumped up shlibs version because of the introduction of CURLOPT_PROXYAUTH + and CURLOPT_FTP_CREATE_MISSING_DIRS options in libcurl. + + -- Domenico Andreoli Mon, 18 Aug 2003 00:19:43 +0200 + +curl (7.10.6-3) unstable; urgency=low + + * Applied patch to fix test 60 on ia64. + + -- Domenico Andreoli Sat, 9 Aug 2003 04:26:15 +0200 + +curl (7.10.6-2) unstable; urgency=low + + * Applied patch from upstream to fix url globbing (closes: #203827). + * make test is still performed on building debug stuff but errors + are ignored. + + -- Domenico Andreoli Thu, 7 Aug 2003 02:20:46 +0200 + +curl (7.10.6-1) unstable; urgency=low + + * New upstream release: + - added spport for http_proxy env var with name:passwd + (closes: #193630). + * make test is invoked after build + + -- Domenico Andreoli Tue, 29 Jul 2003 01:26:50 +0200 + +curl (7.10.5-1) unstable; urgency=low + + * New upstream release: + - fixed typo in curl's man page (closes: #189272). + * New libcurl option CURLOPT_FTP_USE_EPRT has been added, bumped + up shlibs. + + -- Domenico Andreoli Mon, 19 May 2003 23:57:12 +0200 + +curl (7.10.4-1) unstable; urgency=low + + * New upstream release: + - now uses new settings properly when re-using an existing connection + (closes: #185254) + - curl man page now refers to MANUAL (closes: #178509). + * Changed section of libcurl2-dev and libcurl2-dbg to libdevel. + + -- Domenico Andreoli Wed, 2 Apr 2003 21:25:24 +0200 + +curl (7.10.3-3) unstable; urgency=low + + * Rebuilt to link against libssl0.9.7. + * Improved package descriptions thanks to suggestions provided by + Filip Van Raemdonck (closes: #177995). + + -- Domenico Andreoli Fri, 14 Mar 2003 16:08:38 +0100 + +curl (7.10.3-2) unstable; urgency=low + + * Development package is now named libcurl2-dev, it provides + libcurl-dev. People can now safely make their build dependencies + and be sure to use the right stuff. + * New package libcurl2-dbg is provided to help in debugging sessions. + + -- Domenico Andreoli Mon, 20 Jan 2003 22:04:32 +0100 + +curl (7.10.3-1) unstable; urgency=low + + * New upstream release. + * It now suggests ca-certificates package. + + -- Domenico Andreoli Thu, 16 Jan 2003 00:27:48 +0100 + +curl (7.10.2-2) unstable; urgency=low + + * Added AM_MAINTAINER_MODE to configure.in (closes: #170050). + + -- Domenico Andreoli Fri, 22 Nov 2002 14:28:22 +0100 + +curl (7.10.2-1) unstable; urgency=low + + * New upstream release: + - fixed segfault on retrieving relative redirects (closes: #165382) + - fixed a leak of debug output (closes: #167678). + * Updated config.guess and config.sub (closes: #166153). + * Added zlib1g-dev to build and libcurl-dev dependencies + (closes: #169654). + * Added HTML and PDF versions of all manpages in libcurl-dev package. + + -- Domenico Andreoli Wed, 20 Nov 2002 23:38:24 +0100 + +curl (7.10.1-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Fri, 11 Oct 2002 23:26:50 +0200 + +curl (7.10-1) unstable; urgency=low + + * New upstream release: + - new way to use option -x to prevent curl from using any proxy + server (closes: #161153). + + -- Domenico Andreoli Wed, 2 Oct 2002 01:04:20 +0200 + +curl (7.9.8-2) unstable; urgency=low + + * Added again libcurl2-ssl to the libcurl2 conflicts. + + -- Domenico Andreoli Thu, 4 Jul 2002 02:35:24 +0200 + +curl (7.9.8-1) unstable; urgency=low + + * New upstream release. + * Double flavor of curl to support both non-SSL and SSL is gone. + Now curl comes only with SSL. Who needs SSL can require curl + version >= 7.9.8 . + + -- Domenico Andreoli Mon, 24 Jun 2002 23:04:37 +0200 + +curl (7.9.7-2) unstable; urgency=low + + * Fixed the bashism in debian/rules (closes: #147352). + * SSL and non-SSL series of curl packages are now built from the + same source. thanks crypto-in-main! :) + + -- Domenico Andreoli Mon, 20 May 2002 23:28:05 +0200 + +curl (7.9.7-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Wed, 15 May 2002 21:09:19 +0200 + +curl (7.9.6-1) unstable; urgency=low + + * New upstream release. + * libcurl.3 manpage is now installed by libcurl-dev instead of + libcurl2. Indeed it provides an overview on how to use libcurl in + C programs. + + -- Domenico Andreoli Sat, 20 Apr 2002 17:06:51 +0200 + +curl (7.9.5-2) unstable; urgency=low + + * curl-ssl stuff moved from non-US to main. + + -- Domenico Andreoli Mon, 25 Mar 2002 23:40:02 +0100 + +curl (7.9.5-1) unstable; urgency=low + + * New upstream release (closes: #134608). + * Added autotools-dev to the build dependencies. config.{guess,sub} + can now be updated automatically in the build process. + + -- Domenico Andreoli Tue, 12 Mar 2002 19:06:21 +0100 + +curl (7.9.3-2) unstable; urgency=low + + * Upstream source code has been correctly imported in my CVS + repository (closes: #130906). + + -- Domenico Andreoli Sun, 27 Jan 2002 22:23:54 +0100 + +curl (7.9.3-1) unstable; urgency=low + + * New upstream release: + - fixed wrong assumption on char signedness (closes: #127011) + - missing header added accordingly (closes: #130401) + * Fixed a typo in curl description (closes: #124526). + + -- Domenico Andreoli Thu, 24 Jan 2002 20:04:04 +0100 + +curl (7.9.2-1) unstable; urgency=low + + * New upstream release: + - two bad timeout matters in libcurl2 are now solved (closes: #118595). + + -- Domenico Andreoli Fri, 7 Dec 2001 16:58:45 +0100 + +curl (7.9.1-3) unstable; urgency=low + + * Fixed return type of Curl_ftpsendf(...) to CURLcode (closes: #120485). + * Versions in debian/libcurl2.shlibs have been incremented to + ">= 7.9.1-1". + + -- Domenico Andreoli Thu, 22 Nov 2001 15:35:40 +0100 + +curl (7.9.1-2) unstable; urgency=low + + * Reverted to unpatched released 7.9.1 source tree, patch behavior + was weird. + + -- Domenico Andreoli Thu, 15 Nov 2001 18:05:58 +0100 + +curl (7.9.1-1) unstable; urgency=low + + * New upstream release. + * Applied upstream patch #478780 found on sourceforge, fixes libcurl + which didn't restore SIGALRM handler (closes: #118595). + * Applied patch for patch #478780 of above, see bug #118595 in BTS. + Patch courtesy of Enrik Berkhan . + * Build-Depends reduced to what is strictly required for building. + autoconf, automake and libtool build dependencies are gone. + + -- Domenico Andreoli Fri, 9 Nov 2001 13:56:36 +0100 + +curl (7.9-1) unstable; urgency=low + + * New upstream release: + - output of "curl-config --libs" now includes -lcurl. + + -- Domenico Andreoli Tue, 25 Sep 2001 18:38:46 +0200 + +curl (7.8-3) unstable; urgency=low + + * Added libc6-dev to libcurl2-dev dependencies. + * Fixed lack of some FD_ZERO(...)s in lib/transfer.c (closes: #105516). + + -- Domenico Andreoli Fri, 3 Aug 2001 16:32:20 +0200 + +curl (7.8-2) unstable; urgency=low + + * libcurl2.shlibs now includes version numbers. some new symbols have + been introduced in libcurl 7.8, so program linked against 7.8 cannot + work with older ones. + * IPv6 support is now enabled + * configure.in has been renamed to autoconf.ac to force the use of + autoconf 2.50 + + -- Domenico Andreoli Thu, 5 Jul 2001 01:38:24 +0200 + +curl (7.8-1) unstable; urgency=low + + * New upstream release. + * Applied patch for correct shared library versioning of libcurl, curl + 7.8 comes with broken shared library version out of the box. + Patch provided by upstream developer. + + -- Domenico Andreoli Sat, 9 Jun 2001 21:12:05 +0200 + +curl (7.7.3-3) unstable; urgency=low + + * Fixed manpages libcurl-dev with required simlinks (closes: 99610). + + -- Domenico Andreoli Mon, 4 Jun 2001 14:37:49 +0200 + +curl (7.7.3-2) unstable; urgency=low + + * lib/url.c and lib/version.c are now fixed (closes: #97709). + * install upstream changelog (closes: #97628). + + -- Domenico Andreoli Fri, 18 May 2001 10:32:25 +0200 + +curl (7.7.3-1) unstable; urgency=low + + * New upstream release. + * Using dh_installman instead dh_installmanpages. + * Installing libcurl examples with dh_installexamples. + * Policy 3.5.3.0 compliant. + + -- Domenico Andreoli Thu, 10 May 2001 09:45:05 +0200 + +curl (7.7.2-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Tue, 24 Apr 2001 09:14:51 +0200 + +curl (7.7.1-2) unstable; urgency=low + + * Fixed debian/rules (closes: #78232, #93837). + + -- Domenico Andreoli Tue, 17 Apr 2001 17:12:19 +0200 + +curl (7.7.1-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Tue, 10 Apr 2001 13:26:09 +0200 + +curl (7.7-1) unstable; urgency=low + + * New upstream release. + * Fixed formatting errors in curl.1 (closes: #90281). + + -- Domenico Andreoli Fri, 23 Mar 2001 18:25:26 +0100 + +curl (7.6.1-5) unstable; urgency=low + + * Fixed debian/libcurl1.shlibs in order to solve any problem for those + packages which should depend on either libcurl1 or libcurl1-ssl. + I should have done it long time ago. + + -- Domenico Andreoli Tue, 13 Mar 2001 18:29:06 +0100 + +curl (7.6.1-4) unstable; urgency=low + + * Added versioned Build-Depend for debhelper. + + -- Domenico Andreoli Tue, 6 Mar 2001 15:16:02 +0100 + +curl (7.6.1-3) unstable; urgency=low + + * Refining the transition to debhelper compatibility 2. I forgot the + executable in the curl package (closes: #87886). + + -- Domenico Andreoli Wed, 28 Feb 2001 14:31:43 +0100 + +curl (7.6.1-2) unstable; urgency=low + + * Switched to debhelper compatibility version 2. + + -- Domenico Andreoli Fri, 23 Feb 2001 18:24:02 +0100 + +curl (7.6.1-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Tue, 13 Feb 2001 18:04:04 +0100 + +curl (7.6-2) unstable; urgency=low + + * Adjusted dependencies in order to let curl-ssl package manage a + smooth upgrade from potato. + + -- Domenico Andreoli Fri, 9 Feb 2001 13:36:11 +0100 + +curl (7.6-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Mon, 29 Jan 2001 16:00:59 +0100 + +curl (7.5.2-2) unstable; urgency=low + + * This is a service upload in order to fix dependencies problems arose + for a ill-formed upload of 7.5.2-1. + + -- Domenico Andreoli Mon, 29 Jan 2001 14:54:57 +0100 + +curl (7.5.2-1) unstable; urgency=low + + * New upstream release. + * It needed to be recompiled against the new libc (closes: #80256). + + -- Domenico Andreoli Mon, 15 Jan 2001 13:08:15 +0100 + +curl (7.5-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Mon, 4 Dec 2000 13:15:33 +0100 + +curl (7.4.2-2) unstable; urgency=low + + * curl replaces curl-ssl. curl is only a frontend for libcurl and is not + aware of any protocol, libcurl is. so what is really different whether + ssl is enable or not is only libcurl. + * curl now depends on (libcurl0 | libcurl0-ssl). + * The workaround for libtool -rpath parameter is not required, so + it has been removed from configure.in. + * Removed "Suggests: " field in control file for libcurl0. It suggested + to install curl and libcurl-dev too but it really doesn't make sense + (this change was really applied in -1). + + -- Domenico Andreoli Tue, 28 Nov 2000 14:27:29 +0100 + +curl (7.4.2-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Fri, 17 Nov 2000 16:19:23 +0100 + +curl (7.2.1-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Mon, 4 Sep 2000 01:22:44 +0200 + +curl (7.1-3) unstable; urgency=low + + * Added "Suggests: " field in control file for libcurl0. Now curl and + libcurl-dev are suggested upon installation of libcurl0. + + -- Domenico Andreoli Mon, 14 Aug 2000 15:01:08 +0200 + +curl (7.1-2) unstable; urgency=low + + * Fixed a line that did not install development manpages. + + -- Domenico Andreoli Thu, 10 Aug 2000 14:32:23 +0200 + +curl (7.1-1) unstable; urgency=low + + * New upstream release. + * libcurl is now a separate package, it provides shared libraries and + includes to allow developing for other applications. + + -- Domenico Andreoli Wed, 9 Aug 2000 01:21:25 +0200 + +curl (6.5.2-4) unstable; urgency=low + + * Some missing build dependencies (autoconf, automake, libtool) added. + + -- Domenico Andreoli Sat, 8 Jul 2000 00:13:16 +0200 + +curl (6.5.2-3) unstable; urgency=low + + * Due to some policy and technical restrictions, curl's source package + has been splitted again in two, one for main archive and one for non-US. + + -- Domenico Andreoli Tue, 4 Jul 2000 15:52:14 +0200 + +curl (6.5.2-2) unstable; urgency=low + + * Added a Build-Depends in order to compile curl-ssl only if + libssl09-dev is installed. + * Documentation reflects the new location of curl debian packages + home page (http://curl-deb.sourceforge.net). + * Corrected minor spelling errors in README.Debian. + + -- Domenico Andreoli Sat, 17 Jun 2000 01:13:19 +0200 + +curl (6.5.2-1) unstable; urgency=low + + * New upstream release. + * Now curl and curl-ssl binary packages are generated from the same + debian source package. + * Uploads and downloads are now performed simultaneously (closes: #56627). + + -- Domenico Andreoli Sat, 25 Mar 2000 01:06:35 +0100 + +curl (6.4-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Sun, 30 Jan 2000 02:21:32 +0100 + +curl (6.3.1-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Sat, 11 Dec 1999 17:38:13 +0100 + +curl (6.2-1) unstable; urgency=low + + * New upstream release. + * No hack to compile without SSL is required anymore. Fixed by + upstream maintainer. + + -- Domenico Andreoli Mon, 1 Nov 1999 00:37:32 +0100 + +curl (6.0-1) unstable; urgency=low + + * New upstream release. + + -- Domenico Andreoli Mon, 27 Sep 1999 22:28:13 +0200 + +curl (5.11-1.1) unstable; urgency=low + + * Put sources into the right section. + + -- Domenico Andreoli Mon, 30 Aug 1999 03:14:21 +0200 + +curl (5.11-1) unstable; urgency=low + + * New upstream release. + * New debian maintainer. + + -- Domenico Andreoli Fri, 27 Aug 1999 11:50:04 +0200 + +curl (5.9-2) unstable; urgency=low + + * Moved to non-US, and compiled against ssl (closes: #40099). + + -- Leon Breedt Sat, 3 Jul 1999 15:46:54 +0200 + +curl (5.9-1) unstable; urgency=low + + * New upstream release. + + -- Leon Breedt Sun, 23 May 1999 21:51:30 +0200 + +curl (5.8-1) unstable; urgency=low + + * Initial Release. + + -- Leon Breedt Sun, 9 May 1999 18:55:48 +0200 + --- curl-7.18.0.orig/debian/libcurl3.docs +++ curl-7.18.0/debian/libcurl3.docs @@ -0,0 +1,9 @@ +README +docs/BINDINGS +docs/BUGS +docs/FAQ +docs/FEATURES +docs/KNOWN_BUGS +docs/THANKS +docs/TODO +docs/VERSIONS --- curl-7.18.0.orig/debian/libcurl3-dbg.docs +++ curl-7.18.0/debian/libcurl3-dbg.docs @@ -0,0 +1,6 @@ +README +docs/BUGS +docs/KNOWN_BUGS +docs/THANKS +docs/TODO +docs/VERSIONS --- curl-7.18.0.orig/debian/curl.docs +++ curl-7.18.0/debian/curl.docs @@ -0,0 +1,11 @@ +README +docs/BINDINGS +docs/BUGS +docs/FAQ +docs/FEATURES +docs/KNOWN_BUGS +docs/MANUAL +docs/THANKS +docs/TODO +docs/VERSIONS +docs/TheArtOfHttpScripting --- curl-7.18.0.orig/debian/libcurl4-gnutls-dev.dirs +++ curl-7.18.0/debian/libcurl4-gnutls-dev.dirs @@ -0,0 +1,7 @@ +usr/lib +usr/include +usr/share/aclocal +usr/share/doc/libcurl4-gnutls-dev/html +usr/share/doc/libcurl4-gnutls-dev/html/libcurl +usr/share/doc/libcurl4-gnutls-dev/pdf +usr/share/doc/libcurl4-gnutls-dev/pdf/libcurl --- curl-7.18.0.orig/debian/libcurl3-gnutls.dirs +++ curl-7.18.0/debian/libcurl3-gnutls.dirs @@ -0,0 +1,2 @@ +usr/lib +usr/share/lintian/overrides --- curl-7.18.0.orig/debian/libcurl3.dirs +++ curl-7.18.0/debian/libcurl3.dirs @@ -0,0 +1,2 @@ +usr/lib +usr/share/lintian/overrides --- curl-7.18.0.orig/debian/curl.dirs +++ curl-7.18.0/debian/curl.dirs @@ -0,0 +1 @@ +usr/bin --- curl-7.18.0.orig/debian/curl.manpages +++ curl-7.18.0/debian/curl.manpages @@ -0,0 +1 @@ +docs/curl.1 --- curl-7.18.0.orig/debian/curl.install +++ curl-7.18.0/debian/curl.install @@ -0,0 +1 @@ +usr/bin/curl --- curl-7.18.0.orig/debian/copyright +++ curl-7.18.0/debian/copyright @@ -0,0 +1,30 @@ +This package was debianized by Domenico Andreoli on +Fri, 17 Nov 2000 16:10:37 +0100 + +It was downloaded from http://curl.haxx.se + +Upstream Authors: Daniel Stenberg + +Copyright: + + COPYRIGHT AND PERMISSION NOTICE + + Copyright (c) 1996 - 2002, Daniel Stenberg, . + + All rights reserved. + + Permission to use, copy, modify, and distribute this software for any purpose + with or without fee is hereby granted, provided that the above copyright + notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN + NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, + DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR + OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE + OR OTHER DEALINGS IN THE SOFTWARE. + + Except as contained in this notice, the name of a copyright holder shall not + be used in advertising or otherwise to promote the sale, use or other dealings + in this Software without prior written authorization of the copyright holder. --- curl-7.18.0.orig/debian/control +++ curl-7.18.0/debian/control @@ -0,0 +1,98 @@ +Source: curl +Section: web +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Domenico Andreoli +Uploaders: Matthias Klose , Andreas Schuldei +Build-Depends: debhelper (>> 5), autoconf, libtool, automake1.9, binutils (>= 2.14.90.0.7), libssl-dev, libgnutls-dev, zlib1g-dev, libkrb5-dev [!hurd-i386], libidn11-dev, groff-base, libdb-dev, libldap2-dev, quilt, openssh-server +Build-Conflicts: autoconf2.13, automake1.4 +Standards-Version: 3.7.2 +Homepage: http://curl.haxx.se + +Package: curl +Architecture: any +Section: web +Replaces: curl-ssl +Provides: curl-ssl +Depends: ${shlibs:Depends} +Description: Get a file from an HTTP, HTTPS or FTP server + curl is a client to get files from servers using any of the supported + protocols. The command is designed to work without user interaction + or any kind of interactivity. + . + curl offers a busload of useful tricks like proxy support, user + authentication, ftp upload, HTTP post, file transfer resume and more. + +Package: libcurl3 +Architecture: any +Section: libs +Depends: ${shlibs:Depends} +Replaces: libcurl2 (<< 1:7.11.2-2), libcurl4 +Conflicts: libcurl4 +Description: Multi-protocol file transfer library (OpenSSL) + libcurl is designed to be a solid, usable, reliable and portable + multi-protocol file transfer library. + . + SSL support is provided by OpenSSL. + . + This is the shared version of libcurl. + +Package: libcurl3-gnutls +Architecture: any +Section: libs +Depends: ${shlibs:Depends} +Recommends: ca-certificates +Replaces: libcurl4-gnutls +Conflicts: libcurl4-gnutls +Description: Multi-protocol file transfer library (GnuTLS) + libcurl is designed to be a solid, usable, reliable and portable + multi-protocol file transfer library. + . + SSL support is provided by GnuTLS. + . + This is the shared version of libcurl. + +Package: libcurl4-openssl-dev +Architecture: any +Section: libdevel +Suggests: libcurl3-dbg +Provides: libcurl-dev, libcurl-ssl-dev, libcurl3-openssl-dev, libcurl3-dev +Replaces: libcurl-dev, libcurl-ssl-dev, libcurl3-openssl-dev, libcurl3-dev (<< 7.14.1-1) +Conflicts: libcurl-dev +Depends: libcurl3 (= ${binary:Version}), libc6-dev | libc-dev, libssl-dev, zlib1g-dev, libidn11-dev, libkrb5-dev | hurd, libldap2-dev +Description: Development files and documentation for libcurl (OpenSSL) + These files (ie. includes, static library, manual pages) allow to + build software which uses libcurl. + . + SSL support is provided by OpenSSL. + . + HTML and PDF versions of all the manual pages are also provided. + +Package: libcurl4-gnutls-dev +Architecture: any +Section: libdevel +Suggests: libcurl3-dbg +Provides: libcurl-dev, libcurl-ssl-dev, libcurl3-gnutls-dev, libcurl4-dev +Replaces: libcurl-dev, libcurl-ssl-dev, libcurl3-gnutls-dev, libcurl4-dev +Conflicts: libcurl-dev +Depends: libcurl3-gnutls (= ${binary:Version}), libc6-dev | libc-dev, libgnutls-dev, zlib1g-dev, libidn11-dev, libkrb5-dev | hurd, libldap2-dev +Description: Development files and documentation for libcurl (GnuTLS) + These files (ie. includes, static library, manual pages) allow to + build software which uses libcurl. + . + SSL support is provided by GnuTLS. + . + HTML and PDF versions of all the manual pages are also provided. + +Package: libcurl3-dbg +Architecture: any +Section: libdevel +Priority: extra +Suggests: libc-dbg +Provides: libcurl4-dbg +Replaces: libcurl4-dbg +Conflicts: libcurl4-dbg +Recommends: libcurl3 (= ${binary:Version}), libcurl3-gnutls (= ${binary:Version}) +Description: libcurl compiled with debug symbols + This contains the debug symbols of both the OpenSSL and GnuTLS versions of + libcurl3. It might be useful in debug sessions of software which uses libcurl. --- curl-7.18.0.orig/debian/libcurl4-openssl-dev.dirs +++ curl-7.18.0/debian/libcurl4-openssl-dev.dirs @@ -0,0 +1,7 @@ +usr/lib +usr/include +usr/share/aclocal +usr/share/doc/libcurl4-openssl-dev/html +usr/share/doc/libcurl4-openssl-dev/html/libcurl +usr/share/doc/libcurl4-openssl-dev/pdf +usr/share/doc/libcurl4-openssl-dev/pdf/libcurl --- curl-7.18.0.orig/debian/patches/no_com_err +++ curl-7.18.0/debian/patches/no_com_err @@ -0,0 +1,14 @@ +Index: curl/configure.ac +=================================================================== +--- curl.orig/configure.ac 2008-01-30 16:32:23.000000000 +0100 ++++ curl/configure.ac 2008-01-30 16:32:31.000000000 +0100 +@@ -1014,7 +1014,8 @@ + elif test -z "$GSSAPI_LIB_DIR"; then + if test -f "$GSSAPI_ROOT/bin/krb5-config"; then + gss_ldflags=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi` +- LDFLAGS="$LDFLAGS $gss_ldflags" ++ #LDFLAGS="$LDFLAGS $gss_ldflags" ++ LDFLAGS="$LDFLAGS -lgssapi_krb5" + elif test "$GSSAPI_ROOT" != "yes"; then + LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff -lgssapi" + else --- curl-7.18.0.orig/debian/patches/art_http_scripting +++ curl-7.18.0/debian/patches/art_http_scripting @@ -0,0 +1,13 @@ +Index: curl/docs/index.html +=================================================================== +--- curl.orig/docs/index.html 2007-04-17 16:20:47.000000000 +0200 ++++ curl/docs/index.html 2007-04-17 16:20:50.000000000 +0200 +@@ -12,7 +12,7 @@ +
curl + +

Tutorial

+-The Art Of Scripting HTTP Requests Using Curl (plain text) ++The Art Of Scripting HTTP Requests Using Curl (plain text) + +

libcurl

+ See the libcurl section --- curl-7.18.0.orig/debian/patches/security-CVE-2009-0037.patch +++ curl-7.18.0/debian/patches/security-CVE-2009-0037.patch @@ -0,0 +1,219 @@ +# +# Description: fix local file disclosure via redirect. +# Patch: http://curl.haxx.se/CVE-2009-0037/curl-7.18.1-CVE-2009-0037.patch +# +diff -Nur curl-7.18.0/docs/libcurl/curl_easy_setopt.3 curl-7.18.0.new/docs/libcurl/curl_easy_setopt.3 +--- curl-7.18.0/docs/libcurl/curl_easy_setopt.3 2008-01-11 09:20:41.000000000 -0500 ++++ curl-7.18.0.new/docs/libcurl/curl_easy_setopt.3 2009-02-26 15:22:00.000000000 -0500 +@@ -429,6 +429,26 @@ + + \fICURLOPT_URL\fP is the only option that \fBmust\fP be set before + \fIcurl_easy_perform(3)\fP is called. ++ ++\fICURLOPT_PROTOCOLS\fP can be used to limit what protocols libcurl will use ++for this transfer, independent of what libcurl has been compiled to ++support. That may be useful if you accept the URL from an external source and ++want to limit the accessibility. ++.IP CURLOPT_PROTOCOLS ++Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask ++limits what protocols libcurl may use in the transfer. This allows you to have ++a libcurl built to support a wide range of protocols but still limit specific ++transfers to only be allowed to use a subset of them. By default libcurl will ++accept all protocols it supports. See also ++\fICURLOPT_REDIR_PROTOCOLS\fP. (Added in 7.19.4) ++.IP CURLOPT_REDIR_PROTOCOLS ++Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask ++limits what protocols libcurl may use in a transfer that it follows to in a ++redirect when \fICURLOPT_FOLLOWLOCATION\fP is enabled. This allows you to ++limit specific transfers to only be allowed to use a subset of protocols in ++redirections. By default libcurl will allow all protocols except for FILE and ++SCP. This is a difference compared to pre-7.19.4 versions which ++unconditionally would follow to all protocols supported. (Added in 7.19.4) + .IP CURLOPT_PROXY + Set HTTP proxy to use. The parameter should be a char * to a zero terminated + string holding the host name or dotted IP address. To specify port number in +@@ -668,6 +688,10 @@ + and follow new Location: headers all the way until no more such headers are + returned. \fICURLOPT_MAXREDIRS\fP can be used to limit the number of redirects + libcurl will follow. ++ ++NOTE: since 7.19.4, libcurl can limit to what protocols it will automatically ++follow. The accepted protocols are set with \fICURLOPT_REDIR_PROTOCOLS\fP and ++it excludes the FILE protocol by default. + .IP CURLOPT_UNRESTRICTED_AUTH + A non-zero parameter tells the library it can continue to send authentication + (user+password) when following locations, even when hostname changed. This +diff -Nur curl-7.18.0/include/curl/curl.h curl-7.18.0.new/include/curl/curl.h +--- curl-7.18.0/include/curl/curl.h 2008-01-10 05:30:20.000000000 -0500 ++++ curl-7.18.0.new/include/curl/curl.h 2009-02-26 15:22:00.000000000 -0500 +@@ -580,6 +580,21 @@ + CURLFTPMETHOD_LAST /* not an option, never use */ + } curl_ftpmethod; + ++/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */ ++#define CURLPROTO_HTTP (1<<0) ++#define CURLPROTO_HTTPS (1<<1) ++#define CURLPROTO_FTP (1<<2) ++#define CURLPROTO_FTPS (1<<3) ++#define CURLPROTO_SCP (1<<4) ++#define CURLPROTO_SFTP (1<<5) ++#define CURLPROTO_TELNET (1<<6) ++#define CURLPROTO_LDAP (1<<7) ++#define CURLPROTO_LDAPS (1<<8) ++#define CURLPROTO_DICT (1<<9) ++#define CURLPROTO_FILE (1<<10) ++#define CURLPROTO_TFTP (1<<11) ++#define CURLPROTO_ALL (~0) /* enable everything */ ++ + /* long may be 32 or 64 bits, but we should never depend on anything else + but 32 */ + #define CURLOPTTYPE_LONG 0 +@@ -1188,6 +1203,18 @@ + CINIT(SEEKFUNCTION, FUNCTIONPOINT, 167), + CINIT(SEEKDATA, OBJECTPOINT, 168), + ++ /* set the bitmask for the protocols that are allowed to be used for the ++ transfer, which thus helps the app which takes URLs from users or other ++ external inputs and want to restrict what protocol(s) to deal ++ with. Defaults to CURLPROTO_ALL. */ ++ CINIT(PROTOCOLS, LONG, 181), ++ ++ /* set the bitmask for the protocols that libcurl is allowed to follow to, ++ as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs ++ to be set in both bitmasks to be allowed to get redirected to. Defaults ++ to CURLPROTO_ALL & ~CURLPROTO_FILE. */ ++ CINIT(REDIR_PROTOCOLS, LONG, 182), ++ + CURLOPT_LASTENTRY /* the last unused */ + } CURLoption; + +diff -Nur curl-7.18.0/lib/easy.c curl-7.18.0.new/lib/easy.c +--- curl-7.18.0/lib/easy.c 2008-01-15 17:44:26.000000000 -0500 ++++ curl-7.18.0.new/lib/easy.c 2009-02-26 15:22:00.000000000 -0500 +@@ -752,6 +752,13 @@ + type */ + data->set.new_file_perms = 0644; /* Default permissions */ + data->set.new_directory_perms = 0755; /* Default permissions */ ++ ++ /* for the *protocols fields we don't use the CURLPROTO_ALL convenience ++ define since we internally only use the lower 16 bits for the passed ++ in bitmask to not conflict with the private bits */ ++ data->set.allowed_protocols = PROT_EXTMASK; ++ data->set.redir_protocols = ++ PROT_EXTMASK & ~(CURLPROTO_FILE|CURLPROTO_SCP); /* not FILE or SCP */ + } + + /* +diff -Nur curl-7.18.0/lib/url.c curl-7.18.0.new/lib/url.c +--- curl-7.18.0/lib/url.c 2008-01-27 17:41:56.000000000 -0500 ++++ curl-7.18.0.new/lib/url.c 2009-02-26 15:22:00.000000000 -0500 +@@ -737,6 +737,13 @@ + data->set.new_file_perms = 0644; /* Default permissions */ + data->set.new_directory_perms = 0755; /* Default permissions */ + ++ /* for the *protocols fields we don't use the CURLPROTO_ALL convenience ++ define since we internally only use the lower 16 bits for the passed ++ in bitmask to not conflict with the private bits */ ++ data->set.allowed_protocols = PROT_EXTMASK; ++ data->set.redir_protocols = ++ PROT_EXTMASK & ~(CURLPROTO_FILE|CURLPROTO_SCP); /* not FILE or SCP */ ++ + /* most recent connection is not yet defined */ + data->state.lastconnect = -1; + +@@ -2072,6 +2079,22 @@ + } + break; + ++ case CURLOPT_PROTOCOLS: ++ /* set the bitmask for the protocols that are allowed to be used for the ++ transfer, which thus helps the app which takes URLs from users or other ++ external inputs and want to restrict what protocol(s) to deal ++ with. Defaults to CURLPROTO_ALL. */ ++ data->set.allowed_protocols = va_arg(param, long) & PROT_EXTMASK; ++ break; ++ ++ case CURLOPT_REDIR_PROTOCOLS: ++ /* set the bitmask for the protocols that libcurl is allowed to follow to, ++ as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs ++ to be set in both bitmasks to be allowed to get redirected to. Defaults ++ to CURLPROTO_ALL & ~CURLPROTO_FILE. */ ++ data->set.redir_protocols = va_arg(param, long) & PROT_EXTMASK; ++ break; ++ + default: + /* unknown tag and its companion, just ignore: */ + result = CURLE_FAILED_INIT; /* correct this */ +@@ -3124,7 +3147,19 @@ + + for (pp = protocols; (p = *pp) != NULL; pp++) + if(strequal(p->scheme, conn->protostr)) { +- /* Protocol found in table. Perform setup complement if some. */ ++ /* Protocol found in table. Check if allowed */ ++ if(!(data->set.allowed_protocols & p->protocol)) ++ /* nope, get out */ ++ break; ++ ++ /* it is allowed for "normal" request, now do an extra check if this is ++ the result of a redirect */ ++ if(data->state.this_is_a_follow && ++ !(data->set.redir_protocols & p->protocol)) ++ /* nope, get out */ ++ break; ++ ++ /* Perform setup complement if some. */ + conn->handler = p; + + if(p->setup_connection) { +diff -Nur curl-7.18.0/lib/urldata.h curl-7.18.0.new/lib/urldata.h +--- curl-7.18.0/lib/urldata.h 2008-01-27 17:41:56.000000000 -0500 ++++ curl-7.18.0.new/lib/urldata.h 2009-02-26 15:22:00.000000000 -0500 +@@ -852,19 +852,26 @@ + long connectindex; /* what index in the connection cache connects index this + particular struct has */ + long protocol; /* PROT_* flags concerning the protocol set */ +-#define PROT_MISSING (1<<0) +-#define PROT_HTTP (1<<2) +-#define PROT_HTTPS (1<<3) +-#define PROT_FTP (1<<4) +-#define PROT_TELNET (1<<5) +-#define PROT_DICT (1<<6) +-#define PROT_LDAP (1<<7) +-#define PROT_FILE (1<<8) +-#define PROT_FTPS (1<<9) +-#define PROT_SSL (1<<10) /* protocol requires SSL */ +-#define PROT_TFTP (1<<11) +-#define PROT_SCP (1<<12) +-#define PROT_SFTP (1<<13) ++#define PROT_HTTP CURLPROTO_HTTP ++#define PROT_HTTPS CURLPROTO_HTTPS ++#define PROT_FTP CURLPROTO_FTP ++#define PROT_TELNET CURLPROTO_TELNET ++#define PROT_DICT CURLPROTO_DICT ++#define PROT_LDAP CURLPROTO_LDAP ++#define PROT_FILE CURLPROTO_FILE ++#define PROT_FTPS CURLPROTO_FTPS ++#define PROT_TFTP CURLPROTO_TFTP ++#define PROT_SCP CURLPROTO_SCP ++#define PROT_SFTP CURLPROTO_SFTP ++ ++/* CURLPROTO_TFTP (1<<11) is currently the highest used bit in the public ++ bitmask. We make sure we use "private bits" above the first 16 to make ++ things easier. */ ++ ++#define PROT_EXTMASK 0xfff ++ ++#define PROT_SSL (1<<22) /* protocol requires SSL */ ++#define PROT_MISSING (1<<23) + + #define PROT_CLOSEACTION PROT_FTP /* these ones need action before socket + close */ +@@ -1463,6 +1470,8 @@ + bool proxy_transfer_mode; /* set transfer mode (;type=) when doing FTP + via an HTTP proxy */ + char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */ ++ long allowed_protocols; ++ long redir_protocols; + }; + + struct Names { --- curl-7.18.0.orig/debian/patches/curl-tailmatch.patch +++ curl-7.18.0/debian/patches/curl-tailmatch.patch @@ -0,0 +1,139 @@ +Hand-applied and refreshed by sarnold. + +From 5b1bca89609f67fcd27cea0e9f382c8c1caad041 Mon Sep 17 00:00:00 2001 +From: YAMADA Yasuharu +Date: Wed, 10 Apr 2013 11:22:09 +0200 +Subject: [PATCH] cookie: fix tailmatching to prevent cross-domain leakage + +Cookies set for 'example.com' could accidentaly also be sent by libcurl +to the 'bexample.com' (ie with a prefix to the first domain name). + +--- + lib/cookie.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 105 insertions(+), 5 deletions(-) + +Index: b/lib/cookie.c +=================================================================== +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -123,15 +123,115 @@ + free(co); + } + +-static bool tailmatch(const char *little, const char *bigone) ++/* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because ++ its behavior is altered by the current locale. */ ++static char Curl_raw_toupper(char in) + { +- size_t littlelen = strlen(little); +- size_t biglen = strlen(bigone); ++ switch (in) { ++ case 'a': ++ return 'A'; ++ case 'b': ++ return 'B'; ++ case 'c': ++ return 'C'; ++ case 'd': ++ return 'D'; ++ case 'e': ++ return 'E'; ++ case 'f': ++ return 'F'; ++ case 'g': ++ return 'G'; ++ case 'h': ++ return 'H'; ++ case 'i': ++ return 'I'; ++ case 'j': ++ return 'J'; ++ case 'k': ++ return 'K'; ++ case 'l': ++ return 'L'; ++ case 'm': ++ return 'M'; ++ case 'n': ++ return 'N'; ++ case 'o': ++ return 'O'; ++ case 'p': ++ return 'P'; ++ case 'q': ++ return 'Q'; ++ case 'r': ++ return 'R'; ++ case 's': ++ return 'S'; ++ case 't': ++ return 'T'; ++ case 'u': ++ return 'U'; ++ case 'v': ++ return 'V'; ++ case 'w': ++ return 'W'; ++ case 'x': ++ return 'X'; ++ case 'y': ++ return 'Y'; ++ case 'z': ++ return 'Z'; ++ } ++ return in; ++} ++ ++/* ++ * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant ++ * to be locale independent and only compare strings we know are safe for ++ * this. See http://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for ++ * some further explanation to why this function is necessary. ++ * ++ * The function is capable of comparing a-z case insensitively even for ++ * non-ascii. ++ */ ++ ++static int Curl_raw_equal(const char *first, const char *second) ++{ ++ while(*first && *second) { ++ if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) ++ /* get out of the loop as soon as they don't match */ ++ break; ++ first++; ++ second++; ++ } ++ /* we do the comparison here (possibly again), just to make sure that if the ++ loop above is skipped because one of the strings reached zero, we must not ++ return this as a successful match */ ++ return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second)); ++} ++ ++static bool tailmatch(const char *cooke_domain, const char *hostname) ++{ ++ size_t cookie_domain_len = strlen(cooke_domain); ++ size_t hostname_len = strlen(hostname); ++ ++ if(hostname_len < cookie_domain_len) ++ return FALSE; + +- if(littlelen > biglen) ++ if(!Curl_raw_equal(cooke_domain, hostname+hostname_len-cookie_domain_len)) + return FALSE; + +- return (bool)strequal(little, bigone+biglen-littlelen); ++ /* A lead char of cookie_domain is not '.'. ++ RFC6265 4.1.2.3. The Domain Attribute says: ++ For example, if the value of the Domain attribute is ++ "example.com", the user agent will include the cookie in the Cookie ++ header when making HTTP requests to example.com, www.example.com, and ++ www.corp.example.com. ++ */ ++ if(hostname_len == cookie_domain_len) ++ return TRUE; ++ if('.' == *(hostname + hostname_len - cookie_domain_len - 1)) ++ return TRUE; ++ return FALSE; + } + + /* --- curl-7.18.0.orig/debian/patches/runtests_gdb +++ curl-7.18.0/debian/patches/runtests_gdb @@ -0,0 +1,26 @@ +Index: curl/tests/runtests.pl +=================================================================== +--- curl.orig/tests/runtests.pl 2008-01-30 16:32:22.000000000 +0100 ++++ curl/tests/runtests.pl 2008-01-30 16:32:45.000000000 +0100 +@@ -1989,10 +1989,10 @@ + # run the command line we built + if ($torture) { + $cmdres = torture($CMDLINE, +- "$gdb --directory libtest $DBGCURL -x log/gdbcmd"); ++ "libtool --mode=execute gdb --directory libtest $DBGCURL -x log/gdbcmd"); + } + elsif($gdbthis) { +- runclient("$gdb --directory libtest $DBGCURL -x log/gdbcmd"); ++ runclient("libtool --mode=execute gdb --directory libtest $DBGCURL -x log/gdbcmd"); + $cmdres=0; # makes it always continue after a debugged run + } + else { +@@ -2021,7 +2021,7 @@ + open(GDBCMD, ">log/gdbcmd2"); + print GDBCMD "bt\n"; + close(GDBCMD); +- runclient("$gdb --directory libtest -x log/gdbcmd2 -batch $DBGCURL core "); ++ runclient("libtool --mode=execute gdb --directory libtest -x log/gdbcmd2 -batch $DBGCURL core "); + # unlink("log/gdbcmd2"); + } + } --- curl-7.18.0.orig/debian/patches/gnutls +++ curl-7.18.0/debian/patches/gnutls @@ -0,0 +1,71 @@ +Index: curl/lib/Makefile.am +=================================================================== +--- curl.orig/lib/Makefile.am 2008-01-30 16:32:54.000000000 +0100 ++++ curl/lib/Makefile.am 2008-01-30 16:33:05.000000000 +0100 +@@ -39,7 +39,7 @@ + + CLEANFILES = $(DSP) $(VCPROJ) + +-lib_LTLIBRARIES = libcurl.la ++lib_LTLIBRARIES = libcurl-gnutls.la + LIBCURL_LIBS = @LIBCURL_LIBS@ + + # we use srcdir/include for the static global include files +@@ -95,12 +95,12 @@ + VERSIONED_SYMBOLS = -Wl,--version-script=libcurl.vers + endif + +-libcurl_la_LDFLAGS = $(UNDEF) $(VERSION) $(MIMPURE) $(LIBCURL_LIBS) $(VERSIONED_SYMBOLS) ++libcurl_gnutls_la_LDFLAGS = $(UNDEF) $(VERSION) $(MIMPURE) $(LIBCURL_LIBS) $(VERSIONED_SYMBOLS) + + # Makefile.inc provides the CSOURCES and HHEADERS defines + include Makefile.inc + +-libcurl_la_SOURCES = $(CSOURCES) $(HHEADERS) ++libcurl_gnutls_la_SOURCES = $(CSOURCES) $(HHEADERS) + + WIN32SOURCES = $(CSOURCES) + WIN32HEADERS = $(HHEADERS) config-win32.h +Index: curl/src/Makefile.am +=================================================================== +--- curl.orig/src/Makefile.am 2008-01-30 16:32:18.000000000 +0100 ++++ curl/src/Makefile.am 2008-01-30 16:33:05.000000000 +0100 +@@ -37,8 +37,8 @@ + + include Makefile.inc + +-curl_LDADD = ../lib/libcurl.la @CURL_LIBS@ +-curl_DEPENDENCIES = ../lib/libcurl.la ++curl_LDADD = ../lib/libcurl-gnutls.la @CURL_LIBS@ ++curl_DEPENDENCIES = ../lib/libcurl-gnutls.la + BUILT_SOURCES = hugehelp.c + CLEANFILES = hugehelp.c + # Use the C locale to ensure that only ASCII characters appear in the +Index: curl/tests/libtest/Makefile.am +=================================================================== +--- curl.orig/tests/libtest/Makefile.am 2008-01-30 16:32:17.000000000 +0100 ++++ curl/tests/libtest/Makefile.am 2008-01-30 16:33:05.000000000 +0100 +@@ -51,8 +51,8 @@ + lib544 lib545 lib547 lib548 lib549 lib552 lib553 + + # Dependencies (may need to be overriden) +-LDADD = $(LIBDIR)/libcurl.la +-DEPENDENCIES = $(LIBDIR)/libcurl.la ++LDADD = $(LIBDIR)/libcurl-gnutls.la ++DEPENDENCIES = $(LIBDIR)/libcurl-gnutls.la + + + lib500_SOURCES = lib500.c $(SUPPORTFILES) +Index: curl/docs/examples/Makefile.am +=================================================================== +--- curl.orig/docs/examples/Makefile.am 2008-01-30 16:32:18.000000000 +0100 ++++ curl/docs/examples/Makefile.am 2008-01-30 16:33:05.000000000 +0100 +@@ -18,7 +18,7 @@ + CPPFLAGS = -DCURL_NO_OLDIES $(STATICCPPFLAGS) + + # Dependencies +-LDADD = $(LIBDIR)/libcurl.la ++LDADD = $(LIBDIR)/libcurl-gnutls.la + + # These are all libcurl example programs to be test compiled + noinst_PROGRAMS = 10-at-a-time anyauthput cookie_interface \ --- curl-7.18.0.orig/debian/patches/cert-null-cn +++ curl-7.18.0/debian/patches/cert-null-cn @@ -0,0 +1,83 @@ +Description: abort on Certs with a NULL byte (CVE-2009-2417). + +Index: curl-7.18.2/lib/ssluse.c +=================================================================== +--- curl-7.18.2.orig/lib/ssluse.c 2009-08-13 09:01:47.000000000 -0700 ++++ curl-7.18.2/lib/ssluse.c 2009-08-13 09:07:24.000000000 -0700 +@@ -1057,7 +1057,7 @@ + if(check->type == target) { + /* get data and length */ + const char *altptr = (char *)ASN1_STRING_data(check->d.ia5); +- int altlen; ++ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5); + + switch(target) { + case GEN_DNS: /* name/pattern comparison */ +@@ -1071,14 +1071,16 @@ + "I checked the 0.9.6 and 0.9.8 sources before my patch and + it always 0-terminates an IA5String." + */ +- if(cert_hostcheck(altptr, conn->host.name)) ++ if((altlen == strlen(altptr)) && ++ /* if this isn't true, there was an embedded zero in the name ++ string and we cannot match it. */ ++ cert_hostcheck(altptr, conn->host.name)) + matched = TRUE; + break; + + case GEN_IPADD: /* IP address comparison */ + /* compare alternative IP address if the data chunk is the same size + our server IP address is */ +- altlen = ASN1_STRING_length(check->d.ia5); + if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) + matched = TRUE; + break; +@@ -1118,18 +1120,27 @@ + string manually to avoid the problem. This code can be made + conditional in the future when OpenSSL has been fixed. Work-around + brought by Alexis S. L. Carvalho. */ +- if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { +- j = ASN1_STRING_length(tmp); +- if(j >= 0) { +- peer_CN = OPENSSL_malloc(j+1); +- if(peer_CN) { +- memcpy(peer_CN, ASN1_STRING_data(tmp), j); +- peer_CN[j] = '\0'; ++ if(tmp) { ++ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { ++ j = ASN1_STRING_length(tmp); ++ if(j >= 0) { ++ peer_CN = OPENSSL_malloc(j+1); ++ if(peer_CN) { ++ memcpy(peer_CN, ASN1_STRING_data(tmp), j); ++ peer_CN[j] = '\0'; ++ } + } + } ++ else /* not a UTF8 name */ ++ j = ASN1_STRING_to_UTF8(&peer_CN, tmp); ++ ++ if(peer_CN && ((int)strlen((char *)peer_CN) != j)) { ++ /* there was a terminating zero before the end of string, this ++ cannot match and we return failure! */ ++ failf(data, "SSL: illegal cert name field"); ++ res = CURLE_SSL_PEER_CERTIFICATE; ++ } + } +- else /* not a UTF8 name */ +- j = ASN1_STRING_to_UTF8(&peer_CN, tmp); + } + + if(peer_CN == nulstr) +@@ -1147,7 +1158,10 @@ + } + #endif /* CURL_DOES_CONVERSIONS */ + +- if(!peer_CN) { ++ if(res) ++ /* error already detected, pass through */ ++ ; ++ else if(!peer_CN) { + failf(data, + "SSL: unable to obtain common name from peer certificate"); + return CURLE_PEER_FAILED_VERIFICATION; --- curl-7.18.0.orig/debian/patches/versioned +++ curl-7.18.0/debian/patches/versioned @@ -0,0 +1,100 @@ +Index: curl/configure.ac +=================================================================== +--- curl.orig/configure.ac 2008-01-30 16:32:31.000000000 +0100 ++++ curl/configure.ac 2008-01-30 16:32:54.000000000 +0100 +@@ -1637,6 +1637,52 @@ + AM_CONDITIONAL(CABUNDLE, test x$ca != xno) + + dnl ********************************************************************** ++dnl Check for linker switch for versioned symbols ++dnl ********************************************************************** ++ ++AC_MSG_CHECKING([if libraries can be versioned]) ++GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script` ++if test -z "$GLD"; then ++ versioned_symbols_flavour= ++ AC_MSG_RESULT(no) ++ AC_MSG_WARN(*** ++*** You may want to rerun configure using --with-gnu-ld to enable versioned symbols. ++) ++else ++ AC_MSG_RESULT(yes) ++ ++AC_MSG_CHECKING([whether versioned symbols are wanted]) ++versioned_symbols_flavour= ++ ++AC_ARG_ENABLE(versioned-symbols, ++AC_HELP_STRING([--enable-versioned-symbols], [Enable versioned symbols in shared library]) ++AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shared library]), ++[ case "$enableval" in ++ yes) AC_MSG_RESULT(yes) ++ if test "$OPENSSL_ENABLED" = "1"; then ++ versioned_symbols_flavour="OPENSSL_" ++ else ++ if test "$OPT_GNUTLS" != "no"; then ++ versioned_symbols_flavour="GNUTLS_" ++ fi ++ fi ++ versioned_symbols="yes" ++ ;; ++ ++ *) AC_MSG_RESULT(no) ++ ;; ++ esac ++], [ ++AC_MSG_RESULT(no) ++] ++) ++fi ++ ++AC_SUBST(VERSIONED_FLAVOUR, ["$versioned_symbols_flavour"]) ++AM_CONDITIONAL(VERSIONED_SYMBOLS, test "$versioned_symbols" = "yes") ++ ++ ++dnl ********************************************************************** + dnl Check for the presence of IDN libraries and headers + dnl ********************************************************************** + +@@ -2458,6 +2504,7 @@ + include/curl/Makefile \ + src/Makefile \ + lib/Makefile \ ++ lib/libcurl.vers \ + tests/Makefile \ + tests/data/Makefile \ + tests/server/Makefile \ +Index: curl/lib/Makefile.am +=================================================================== +--- curl.orig/lib/Makefile.am 2008-01-30 16:32:20.000000000 +0100 ++++ curl/lib/Makefile.am 2008-01-30 16:32:54.000000000 +0100 +@@ -91,7 +91,11 @@ + MIMPURE = -mimpure-text + endif + +-libcurl_la_LDFLAGS = $(UNDEF) $(VERSION) $(MIMPURE) $(LIBCURL_LIBS) ++if VERSIONED_SYMBOLS ++VERSIONED_SYMBOLS = -Wl,--version-script=libcurl.vers ++endif ++ ++libcurl_la_LDFLAGS = $(UNDEF) $(VERSION) $(MIMPURE) $(LIBCURL_LIBS) $(VERSIONED_SYMBOLS) + + # Makefile.inc provides the CSOURCES and HHEADERS defines + include Makefile.inc +Index: curl/lib/libcurl.vers.in +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ curl/lib/libcurl.vers.in 2008-01-30 16:32:54.000000000 +0100 +@@ -0,0 +1,13 @@ ++HIDDEN ++{ ++ local: ++ __*; ++ _rest*; ++ _save*; ++}; ++ ++CURL_@VERSIONED_FLAVOUR@3 ++{ ++ global: curl_*; ++ local: *; ++}; --- curl-7.18.0.orig/debian/patches/series +++ curl-7.18.0/debian/patches/series @@ -0,0 +1,11 @@ +no_com_err +runtests_gdb +art_http_scripting +security-CVE-2009-0037.patch +versioned +cert-null-cn +libcurl-contentencoding.patch -p0 +0001-Curl_input_negotiate-do-not-delegate-credentials.patch +# must be last patch +curl-tailmatch.patch +gnutls --- curl-7.18.0.orig/debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch +++ curl-7.18.0/debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch @@ -0,0 +1,30 @@ +From a4be0864ba953b3317ece66bf8c2332ea74a4715 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 8 Jun 2011 00:10:26 +0200 +Subject: [PATCH] Curl_input_negotiate: do not delegate credentials + +This is a security flaw. See curl advisory 201106xx for details. + +CVE-2011-2192 + +Reported by: Richard Silverman +--- + lib/http_negotiate.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c +index 202d69e..5127e64 100644 +--- a/lib/http_negotiate.c ++++ b/lib/http_negotiate.c +@@ -243,7 +243,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, + &neg_ctx->context, + neg_ctx->server_name, + GSS_C_NO_OID, +- GSS_C_DELEG_FLAG, ++ 0, + 0, + GSS_C_NO_CHANNEL_BINDINGS, + &input_token, +-- +1.7.5.3 + --- curl-7.18.0.orig/debian/patches/libcurl-contentencoding.patch +++ curl-7.18.0/debian/patches/libcurl-contentencoding.patch @@ -0,0 +1,21 @@ +Subject: Restrict amount of callback data when automatically decompressing via zlib. +Origin: http://curl.haxx.se/libcurl-contentencoding.patch + +CVE-2010-0734 + +Index: lib/content_encoding.c +=================================================================== +RCS file: /cvsroot/curl/curl/lib/content_encoding.c,v +retrieving revision 1.35 +diff -u -p -r1.35 content_encoding.c +--- lib/content_encoding.c 22 Jan 2010 23:21:39 -0000 1.35 ++++ lib/content_encoding.c 9 Feb 2010 08:53:40 -0000 +@@ -40,7 +40,7 @@ + (doing so will reduce code size slightly). */ + #define OLD_ZLIB_SUPPORT 1 + +-#define DSIZ 0x10000 /* buffer size for decompressed data */ ++#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */ + + #define GZIP_MAGIC_0 0x1f + #define GZIP_MAGIC_1 0x8b --- curl-7.18.0.orig/debian/libcurl3-dbg.dirs +++ curl-7.18.0/debian/libcurl3-dbg.dirs @@ -0,0 +1 @@ +usr/lib/debug --- curl-7.18.0.orig/debian/libcurl4-openssl-dev.doc-base +++ curl-7.18.0/debian/libcurl4-openssl-dev.doc-base @@ -0,0 +1,9 @@ +Document: libcurl4-openssl-dev +Title: libcurl documentation +Author: Daniel Stenberg +Abstract: HTML version of all the manpages about libcurl +Section: Apps/devel + +Format: HTML +Index: /usr/share/doc/libcurl4-openssl-dev/html/index.html +Files: /usr/share/doc/libcurl4-openssl-dev/html/*.html --- curl-7.18.0.orig/debian/libcurl4-openssl-dev.links +++ curl-7.18.0/debian/libcurl4-openssl-dev.links @@ -0,0 +1,10 @@ +/usr/share/man/man3/curl_strequal.3 /usr/share/man/man3/curl_strnequal.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_maprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mfprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_msnprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_msprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvaprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvfprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvsnprintf.3 +/usr/share/man/man3/curl_mprintf.3 /usr/share/man/man3/curl_mvsprintf.3 --- curl-7.18.0.orig/debian/libcurl4-openssl-dev.manpages +++ curl-7.18.0/debian/libcurl4-openssl-dev.manpages @@ -0,0 +1,43 @@ +docs/curl-config.1 +docs/libcurl/curl_easy_cleanup.3 +docs/libcurl/curl_easy_duphandle.3 +docs/libcurl/curl_easy_getinfo.3 +docs/libcurl/curl_easy_init.3 +docs/libcurl/curl_easy_perform.3 +docs/libcurl/curl_easy_reset.3 +docs/libcurl/curl_easy_setopt.3 +docs/libcurl/curl_easy_strerror.3 +docs/libcurl/curl_escape.3 +docs/libcurl/curl_formadd.3 +docs/libcurl/curl_formfree.3 +docs/libcurl/curl_free.3 +docs/libcurl/curl_getdate.3 +docs/libcurl/curl_getenv.3 +docs/libcurl/curl_global_cleanup.3 +docs/libcurl/curl_global_init.3 +docs/libcurl/curl_global_init_mem.3 +docs/libcurl/curl_mprintf.3 +docs/libcurl/curl_multi_add_handle.3 +docs/libcurl/curl_multi_cleanup.3 +docs/libcurl/curl_multi_fdset.3 +docs/libcurl/curl_multi_info_read.3 +docs/libcurl/curl_multi_init.3 +docs/libcurl/curl_multi_perform.3 +docs/libcurl/curl_multi_remove_handle.3 +docs/libcurl/curl_multi_strerror.3 +docs/libcurl/curl_share_cleanup.3 +docs/libcurl/curl_share_init.3 +docs/libcurl/curl_share_setopt.3 +docs/libcurl/curl_share_strerror.3 +docs/libcurl/curl_slist_append.3 +docs/libcurl/curl_slist_free_all.3 +docs/libcurl/curl_strequal.3 +docs/libcurl/curl_unescape.3 +docs/libcurl/curl_version.3 +docs/libcurl/curl_version_info.3 +docs/libcurl/libcurl-easy.3 +docs/libcurl/libcurl-errors.3 +docs/libcurl/libcurl-multi.3 +docs/libcurl/libcurl-share.3 +docs/libcurl/libcurl-tutorial.3 +docs/libcurl/libcurl.3