Publishing details
Changelog
curl (7.47.0-1ubuntu2.1~ubuntu15.10.1) wily; urgency=medium
* No-change backport to wily
curl (7.47.0-1ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: TLS session resumption client cert bypass
- debian/patches/CVE-2016-5419.patch: switch off SSL session id when
client cert is used in lib/url.c, lib/urldata.h, lib/vtls/vtls.c.
- CVE-2016-5419
* SECURITY UPDATE: re-using connections with wrong client cert
- debian/patches/CVE-2016-5420.patch: only reuse connections with the
same client cert in lib/vtls/vtls.c.
- CVE-2016-5420
* SECURITY UPDATE: use of connection struct after free
- debian/patches/CVE-2016-5421.patch: clear connection pointer for easy
handles in lib/multi.c.
- CVE-2016-5421
curl (7.47.0-1ubuntu2) xenial; urgency=medium
* No-change rebuild for gnutls transition.
curl (7.47.0-1ubuntu1) xenial; urgency=medium
* Merge from Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4, libssh2-1-dev, and libnghttp2-dev.
+ Drop libssh2-1-dev from binary package Depends.
+ debian/control: drop --with-nghttp2
- Switch build depends from transitional libgnutsl28-dev to
libgnutls-dev
curl (7.47.0-1) unstable; urgency=high
* New upstream release
- Fix NTLM credentials not-checked for proxy connection re-use
as per CVE-2016-0755
http://curl.haxx.se/docs/adv_20160127A.html
- Set uyrgency=high accordingly
* Remove hard-coded dependency on libgnutls (Closes: #812542)
* Drop 08_fix-zsh-completion.patch (merged upstream)
* Refresh patches
curl (7.46.0-1ubuntu1) xenial; urgency=medium
* Merge from Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4, libssh2-1-dev, and libnghttp2-dev.
+ Drop libssh2-1-dev from binary package Depends.
+ debian/control: drop --with-nghttp2
- Switch build depends from transitional libgnutsl28-dev to
libgnutls-dev
curl (7.46.0-1) unstable; urgency=medium
* New upstream release
- Initialize OpenSSL algorithms after loading config (Closes: #805408)
* Install curl zsh completion (Closes: #805509)
- Add 08_fix-zsh-completion.patch to fix zsh completion generation
curl (7.45.0-1ubuntu1) xenial; urgency=medium
* Merge from Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4, libssh2-1-dev, and libnghttp2-dev.
+ Drop libssh2-1-dev from binary package Depends.
+ debian/control: drop --with-nghttp2
- Switch build depends from transitional libgnutsl28-dev to
libgnutls-dev
curl (7.45.0-1) unstable; urgency=medium
* New upstream release
* Drop 08_spelling.patch (merged upstream)
curl (7.44.0-2) unstable; urgency=medium
* Enable HTTP/2 support (Closes: #796302)
curl (7.44.0-1) unstable; urgency=medium
* New upstream release
* Refresh patches
* Update symbols files
* Add 08_spelling.patch to fix some spelling errors
-- Elliot Saba <email address hidden> Fri, 23 Sep 2016 19:44:54 -0700
Builds
Built packages
-
curl
command line tool for transferring data with URL syntax
-
libcurl3
easy-to-use client-side URL transfer library (OpenSSL flavour)
-
libcurl3-dbg
debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
-
libcurl3-gnutls
easy-to-use client-side URL transfer library (GnuTLS flavour)
-
libcurl3-nss
easy-to-use client-side URL transfer library (NSS flavour)
-
libcurl4-doc
documentation for libcurl
-
libcurl4-gnutls-dev
development files and documentation for libcurl (GnuTLS flavour)
-
libcurl4-nss-dev
development files and documentation for libcurl (NSS flavour)
-
libcurl4-openssl-dev
development files and documentation for libcurl (OpenSSL flavour)
Package files