-
curl (7.16.4-2ubuntu1.1) gutsy-security; urgency=low
* SECURITY UPDATE: Local file exposure via redirect
- debian/patches/security-CVE-2009-0037.patch: add logic to
include/curl/curl.h, lib/{easy,url}.c and lib/urldata.h to limit what
protocols curl will automatically follow via a redirect. By default, it
now follows all protocols except FILE and SCP.
- CVE-2009-0037
-- Marc Deslauriers <email address hidden> Thu, 26 Feb 2009 15:38:56 -0500
-
curl (7.16.4-2ubuntu1) gutsy; urgency=low
* Merge with Debian; remaining changes:
- Drop the stunnel build dependency.
curl (7.16.4-2) unstable; urgency=low
* Fixed regression with FTP sites not requesting PASS (closes: #435771).
-- Matthias Klose <email address hidden> Thu, 09 Aug 2007 09:16:47 +0200
-
curl (7.16.4-1ubuntu1) gutsy; urgency=low
* Merge with Debian.
- Drop debian/patches/gnutls-verifications, applied upstream.
- Remove all stuff which should be reverted according to 7.16.2-6ubuntu4.
- Remaining change: drop stunnel build dependency.
curl (7.16.4-1) unstable; urgency=low
* New upstream release (closes: #432514).
* Welcome Andreas to the curl packagers!
* Build-Depends is now more backporting friendly.
-- Matthias Klose <email address hidden> Wed, 01 Aug 2007 12:22:30 +0200
-
curl (7.16.2-6ubuntu5) gutsy; urgency=low
* Added debian/patches/gnutls-verifications: actually perform expiration
and activation verifications (CVE-2007-3564).
-- Kees Cook <email address hidden> Wed, 27 Jun 2007 12:16:00 -0700
-
curl (7.16.2-6ubuntu4) gutsy; urgency=low
* Completly revert the two previous changes - libcurl's symbols are
versioned.
-- Steve Kowalik <email address hidden> Wed, 4 Jul 2007 18:25:14 +1000
-
curl (7.16.2-6ubuntu3) gutsy; urgency=low
* Add Conflicts and Replaces on older versions of libcurl4{,-gnutls} for
libcurl3{,-gnutls} so that upgrades don't blow up.
-- Steve Kowalik <email address hidden> Wed, 4 Jul 2007 11:56:50 +1000
-
curl (7.16.2-6ubuntu2) gutsy; urgency=low
* Provide two transitional packages, libcurl4 and libcurl4-gnutls that
depend on their libcurl3 counterparts.
* Stop libcurl3 and libcurl3-gnutls Conflicting and Providing their
libcurl4 counterparts.
-- Steve Kowalik <email address hidden> Tue, 3 Jul 2007 19:03:20 +1000
-
curl (7.16.2-6ubuntu1) gutsy; urgency=low
* Merge from Debian unstable
* Remaining Ubuntu changes:
- Drop the stunnel build dependency.
curl (7.16.2-6) unstable; urgency=low
* Added missing libcurl3 symlinks (closes: #429945)
Patch courtesy of Bryan Donlan.
-- Steve Kowalik <email address hidden> Tue, 3 Jul 2007 01:16:24 +1000
-
curl (7.16.2-5ubuntu1) gutsy; urgency=low
* Merge from Debian unstable
* Remaining Ubuntu changes:
- Drop the stunnel build dependency.
curl (7.16.2-5) unstable; urgency=low
[ Steve Langasek ]
* Re-introduce curl3 symbol versions and rename the packages back to
libcurl3*, restoring ABI compatibility with the etch version of the
package.
[ Domenico Andreoli ]
* Package libcurl4-gnutls-dev now suggests libcurl3-dbg.
* libcurl3-dbg replaces/conflict/provide libcurl4-dbg.
* Properly use ${binary:Version} in control file.
-- Steve Kowalik <email address hidden> Mon, 2 Jul 2007 22:38:33 +1000
-
curl (7.16.2-4ubuntu1) gutsy; urgency=low
* Merge with Debian; remaining changes:
- Drop the stunnel build dependency.
curl (7.16.2-4) unstable; urgency=low
* Fixed configure.ac in case of build with GNUTLS (closes: #425013).
* Fixed double-free bug (closes: #424894).
Patch courtesy of Daniel Stenberg.
-- Matthias Klose <email address hidden> Mon, 11 Jun 2007 19:02:21 +0200
-
curl (7.16.2-3ubuntu1) gutsy; urgency=low
* Merge with Debian; remaining changes:
- Drop the stunnel build dependency.
curl (7.16.2-3) unstable; urgency=low
* Updated to db4.5 (closes: #421933).
* Got rid of unused libcomerr2 dependency (closes: #392294).
curl (7.16.2-2) experimental; urgency=low
* Improved package descriptions (closes: #410472).
* Updated package Provides to ease the soname transition.
curl (7.16.2-1) experimental; urgency=low
* New upstream release.
* libcurl4-openssl-dev now depends on libcurl4-openssl (closes: #419774).
* Bumped shlibs version to 7.16.2-1.
* Patches are now managed with quilt.
curl (7.16.1-1) experimental; urgency=low
* New upstream release.
* Bumped shlibs version to 7.16.1-1.
* Added HIDDEN section to version script to handle any __*, _rest or
_save* local symbol.
* Gopher protocol is not supported since 7.15.2. Removed any reference
in package description (closes: #408704).
* Moved libcurl/openssl to the new package libcurl4-openssl, now
libcurl4 contains a version with no SSL or GSSAPI support (any
future cryptographic stuff will be kept out of there).
* Package libcurl4-dev now contains the matching headers for libcurl4
(so crypto stuff).
curl (7.16.0-1) experimental; urgency=low
* New upstream release.
* Bumped shlibs version to 7.16.0-1.
* libcurl4 and libcurl4-gnutls now only recommend ca-certificates
(closes: #404103).
* pkg-config .pc file now uses Libs.private (closes: #405226).
-- Matthias Klose <email address hidden> Wed, 16 May 2007 15:16:54 +0200
-
curl (7.15.5-1ubuntu2) feisty; urgency=low
* Rebuild for changes in the amd64 toolchain.
* Set Ubuntu maintainer address.
-- Matthias Klose <email address hidden> Mon, 5 Mar 2007 01:14:05 +0000
