-
curl (7.21.3-1ubuntu1.5) natty-security; urgency=low
* SECURITY UPDATE: URL sanitization vulnerability
- debian/patches/CVE-2012-0036.patch: reject URLs with embedded control
codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}.
- CVE-2012-0036
-- Marc Deslauriers <email address hidden> Tue, 24 Jan 2012 08:28:19 -0500
-
curl (7.21.3-1ubuntu1.3) natty-proposed; urgency=low
* debian/patches/timeout_bug_736216: cherry pick upstream
git revision d4e000906ac4ef243258a5c9a819a7cde247d16a to fix
handshake timeout bug (LP: #736216). Thanks to Sidnei da Silva
and Michael Vogt
-- Steve Beattie <email address hidden> Fri, 24 Jun 2011 11:36:02 -0700
-
curl (7.21.3-1ubuntu1.2) natty-security; urgency=low
* SECURITY UPDATE: libcurl unconditional credential delegation during
GSSAPI authentication vulnerability.
- debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
do not delegate credentials when doing GSSAPI authentication
- CVE-2011-2192
-- Steve Beattie <email address hidden> Tue, 21 Jun 2011 09:36:52 -0700
-
curl (7.21.3-1ubuntu1.1) natty-proposed; urgency=low
* cherry pick upstream git revision
d4e000906ac4ef243258a5c9a819a7cde247d16a
to fix handshake timeout bug (LP: #736216)
Thanks to Sidnei da Silva
-- Michael Vogt <email address hidden> Thu, 16 Jun 2011 16:30:47 +0200
-
curl (7.21.3-1ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes: (LP: #707756)
- debian/control:
+ Build-Depends: Replace libssh2-1-dev with openssh-server.
Drop stunnel since it's in universe, as well.
+ Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
Above changes are necessary to be independent from the universe.
curl (7.21.3-1) unstable; urgency=low
* New upstream release.
* debian/*.manpages: adding all manpages for the curl library.
(closes: #605651)
* gnutls->handshake: improved timeout handling. See #594150 for details.
-- Artur Rona <email address hidden> Wed, 26 Jan 2011 02:50:18 +0100
-
curl (7.21.2-4ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes: (LP: #693635, #637416)
- debian/control:
+ Build-Depends: Replace libssh2-1-dev with openssh-server.
Drop stunnel since it's in universe, as well.
+ Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
Above changes are necessary to be independent from the universe.
-- Artur Rona <email address hidden> Thu, 23 Dec 2010 01:42:41 +0100
-
curl (7.21.2-1ubuntu1) natty; urgency=low
* Merge with Debian unstable, remaining Ubuntu changes: (LP: #682286)
* debian/control:
- (Keep build deps in main)
- Drop build dependencies: stunnel, libssh2-1-dev
- Add build-dependency on openssh-server
- Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
-- Robert Ancell <email address hidden> Mon, 29 Nov 2010 17:26:37 +1100
-
curl (7.21.1-1ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes:
- Keep build deps in main:
- Drop build dependencies: stunnel, libssh2-1-dev
- Add build-dependency on openssh-server
- Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
curl (7.21.1-1) unstable; urgency=low
* New upstream release.
-- Matthias Klose <email address hidden> Thu, 07 Oct 2010 16:53:40 +0200
-
curl (7.21.0-1ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes: LP: #596334
- Keep build deps in main:
- Drop build dependencies: stunnel, libssh2-1-dev
- Add build-dependency on openssh-server
- Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
curl (7.21.0-1) unstable; urgency=low
* New upstream.
curl (7.20.1-2) unstable; urgency=low
* debian/rules: Removed the custom LDFLAGS variable. This is not
required as we are no longer using the libtool patch.
(closes: #578774)
curl (7.20.1-1) unstable; urgency=low
* New upstream release.
* debian/patches/missing-double-quote: No longer needed as it has been
fixed by the upstream.
* debian/patches/no_com_err: Reworked the patches for the new release.
* debian/patches/versioned: fix for build failure of 'make test'.
(closes: #576237)
* debian/rules: removed --enable-ldaps option from the configure as LDAP
SSL (Novell extensions to openldap) is not available as Debian packages.
* lib/http.c: chunked-encoding with Content-Length header problem has
been fixed in the upstream. (closes: #572276)
curl (7.20.0-3) unstable; urgency=low
* debian/control: Vcs* tags added.
* docs/libcurl/libcurl.m4: added the missing double quote (closes: #576518).
curl (7.20.0-2) unstable; urgency=low
* New Maintainer (closes: #574137).
* Bug #533669 (curl segmentation fault in addbyter()) is fixed
from release 7.19.7 onwards (closes: #533669).
* Bug #510559 (curl sends whitespace unencoded in the url) can't
be reproduced in the 7.20.0 release (closes: #510559).
curl (7.20.0-1) unstable; urgency=low
* Package is orphaned.
* New upstream release.
* Switch to dpkg-source 3.0 (quilt) format (closes: #538547).
* Fixed build error with binutils-gold (closes: #554296).
-- Bhavani Shankar <email address hidden> Sun, 20 Jun 2010 13:56:28 +0530
