-
curl (8.8.0-1ubuntu1) oracular; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/control: Don't build-depend on python3-impacket and stunnel4 on
i386 so we can drop it (and its dependencies) from the i386 partial port.
It's only used for the tests, which do not block the build in any case.
* Drop CVE-2024-0853 CVE-2024-2004 and CVE-2024-2398 fixes, now upstream
curl (8.8.0-1) unstable; urgency=medium
* New upstream version 8.8.0
* Refresh patches
* Revert "Temporarily disable LDAP support on 32-bit non-x86"
* d/patches: Drop merged patches
* d/p/docs_makefile...: Upstream patch to fix curl-config regression
* d/libcurl*.symbols: Add new symbol curl_multi_waitfds
curl (8.7.1-5) unstable; urgency=high
* d/p/content_encoding_brotli_and_others...patch: New patch to fix an
encoding regression. Thank you to Jeroen Ooms and the curl developers
(Daniel Stenberg and Stefan Eissing) for reporting and pointing out the
fix.
curl (8.7.1-4) unstable; urgency=medium
* d/p/curl-8_7_1-h2-ngtcp2-write-error-handling.diff: New patch to address
git+http2 issue. Thanks to Stefan Eissing <email address hidden> for
doing the backport.
curl (8.7.1-3) unstable; urgency=medium
[ Carlos Henrique Lima Melara ]
* d/p/fix-regression-in-curlinfo.patch: add patch from upstream, thanks to
Antonio Terceiro for reporting it (closes: #1069292)
[ Samuel Henrique ]
* d/libcurl3t64-gnutls.lintian-overrides: Drop unused override
curl (8.7.1-2) unstable; urgency=medium
[ Carlos Henrique Lima Melara ]
* d/rules: fix sed substitution regex for curl-config
* d/rules: make a call to dpkg-buildflags in curl-config to get CFLAGS
(Closes: #1057138)
* d/control: suggests dpkg-dev for -dev packages so we get dpkg goodies
* d/libcurl4-doc.docs: list each markdown file to be installed
* d/make-manpages-reproducible.patch: import from upstream
* d/p/fix-regression-on-chunked-post.patch: add new patch from upstream
[ Sergio Durigan Junior ]
* d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
(Closes: #1053643)
[ Samuel Henrique ]
* d/rules: Run tests in parallel
* d/p/test1901...: New patch to confirm regression fix
curl (8.7.1-1) unstable; urgency=medium
* New upstream version 8.7.1
- Fix CVE-2024-2004: Usage of disabled protocol
- Fix CVE-2024-2398: HTTP/2 push headers memory-leak
* d/patches: Drop patches present on this release
curl (8.6.0-4) unstable; urgency=medium
[ Carlos Henrique Lima Melara ]
* d/libcurl*.links: use substitution variables instead of executable files
[ Simon McVittie ]
* d/control: Add a build-profile that disables LDAP support
(closes: #1066981)
* Temporarily disable LDAP support on 32-bit non-x86 (closes: #1066982)
* Temporarily disable build-time tests on 32-bit non-x86
curl (8.6.0-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix wrong X-Time64-Compat for libcurl4t64. Closes: #1065315.
curl (8.6.0-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition. Closes: #1061992
curl (8.6.0-3) unstable; urgency=medium
* d/p/vtls_revert_receive_max_buffer_add_test_case.patch: New patch to fix
tls regression (closes: #1063462)
curl (8.6.0-2) unstable; urgency=medium
* d/p/sendf_ignore_response_body_to_head.patch: New upstream patch to fix a
compat issue (closes: #1063342)
* d/control: Switch from pkg-config to pkgconf
curl (8.6.0-1) unstable; urgency=medium
[ Samuel Henrique ]
* New upstream version 8.6.0
- Fix CVE-2024-0853: OCSP verification bypass with TLS session reuse
* Drop upstream patches from 8.6.0
* Update approach for installing manpages
* d/copyright: Update copyright
[ Carlos Henrique Lima Melara ]
* d/control: exclude dependency on gnutls-bin for tests on ppc64el
(Closes: #1059952)
-- Gianfranco Costamagna <email address hidden> Fri, 24 May 2024 16:08:30 +0200
-
curl (8.5.0-2ubuntu10.1) noble-security; urgency=medium
* SECURITY UPDATE: Usage of disabled protocol
- debian/patches/CVE-2024-2004-pre1.patch: test1474: removed.
- debian/patches/CVE-2024-2004.patch: fix disabling all protocols in
lib/setopt.c, tests/data/Makefile.inc, tests/data/test1474.
- CVE-2024-2004
* SECURITY UPDATE: HTTP/2 push headers memory-leak
- debian/patches/CVE-2024-2398.patch: push headers better cleanup in
lib/http2.c.
- CVE-2024-2398
-- Marc Deslauriers <email address hidden> Mon, 22 Apr 2024 12:00:57 -0400
-
curl (8.5.0-2ubuntu10) noble; urgency=high
* No change rebuild against libgnutls30t64, libnettle8t64, libpsl5t64,
libssl3t64.
-- Julian Andres Klode <email address hidden> Mon, 08 Apr 2024 16:38:07 +0200
