curl (7.38.0-4+deb8u16) jessie-security; urgency=high * CVE-2019-5482: Fix a heap buffer overflow in the TFTP protocol handling. (Closes: #940010) -- Chris Lamb Thu, 12 Sep 2019 10:33:15 +0200 curl (7.38.0-4+deb8u15) jessie-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2019-5436: libcurl contains a heap buffer overflow in the function tftp_receive_packet() that receives data from a TFTP server. It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely controlled by the server. -- Markus Koschany Sat, 25 May 2019 22:09:04 +0200 curl (7.38.0-4+deb8u14) jessie-security; urgency=high * CVE-2018-16890: Fix a heap buffer out-of-bounds read vulnerability in the handling of NTLM type-2 messages. * CVE-2019-3822: Fix a stack-based buffer overflow in the handling of outgoing NTLM type-3 headers. * CVE-2019-3823: Fix a heap out-of-bounds read in the code handling the end-of-response in the SMTP protocol. -- Chris Lamb Mon, 11 Feb 2019 15:57:22 +0100 curl (7.38.0-4+deb8u13) jessie-security; urgency=high * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: * CVE-2016-7141: When built with NSS and the libnsspem.so library is available at runtime, allows remote attacker to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. * CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl allow attackerrs to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. * CVE-2016-9586: Curl is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any applications that accept a format string from the outside without necessary input filtering, it could allow remote attacks. * CVE-2018-16839: Curl is vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. * CVE-2018-16842: Curl is vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. -- Markus Koschany Tue, 06 Nov 2018 19:01:46 +0100 curl (7.38.0-4+deb8u12) jessie-security; urgency=high * Fix an NTLM password overflow via integer overflow as per CVE-2018-14618 https://curl.haxx.se/docs/CVE-2018-14618.html. -- Chris Lamb Sat, 08 Sep 2018 11:55:45 +0100 curl (7.38.0-4+deb8u11) jessie-security; urgency=high * Fix heap buffer over-read when parsing bad RTSP headers as per CVE-2018-1000301 https://curl.haxx.se/docs/adv_2018-b138.html -- Alessandro Ghedini Tue, 15 May 2018 23:05:31 +0100 curl (7.38.0-4+deb8u10) jessie-security; urgency=high * Fix NIL byte out of bounds write due to FTP path trickery as per CVE-2018-1000120 https://curl.haxx.se/docs/adv_2018-9cd6.html * Fix LDAP NULL pointer dereference as per CVE-2018-1000121 https://curl.haxx.se/docs/adv_2018-97a2.html * Fix RTSP RTP buffer over-read as per CVE-2018-1000122 https://curl.haxx.se/docs/adv_2018-b047.html -- Alessandro Ghedini Tue, 13 Mar 2018 20:47:46 +0000 curl (7.38.0-4+deb8u9) jessie-security; urgency=high * Fix HTTP authentication leak in redirects as per CVE-2018-1000007 https://curl.haxx.se/docs/adv_2018-b3bf.html -- Alessandro Ghedini Thu, 25 Jan 2018 22:34:49 +0000 curl (7.38.0-4+deb8u8) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816 https://curl.haxx.se/docs/adv_2017-11e7.html * Fix FTP wildcard out of bounds read as per CVE-2017-8817 https://curl.haxx.se/docs/adv_2017-ae72.html -- Yves-Alexis Perez Sat, 25 Nov 2017 22:03:21 +0100 curl (7.38.0-4+deb8u7) jessie-security; urgency=medium * Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257 https://curl.haxx.se/docs/adv_20171023.html -- Alessandro Ghedini Sun, 22 Oct 2017 22:01:06 +0100 curl (7.38.0-4+deb8u6) jessie-security; urgency=medium * Fix TFTP sends more than buffer size as per CVE-2017-1000100 https://curl.haxx.se/docs/adv_20170809B.html * Fix URL globbing out of bounds read as per CVE-2017-1000101 https://curl.haxx.se/docs/adv_20170809A.html * Fix FTP PWD response parser out of bounds read as per CVE-2017-1000254 https://curl.haxx.se/docs/adv_20171004.html -- Alessandro Ghedini Sun, 01 Oct 2017 12:05:13 +0100 curl (7.38.0-4+deb8u5) jessie-security; urgency=high * Fix cookie injection for other servers as per CVE-2016-8615 https://curl.haxx.se/docs/adv_20161102A.html * Fix case insensitive password comparison as per CVE-2016-8616 https://curl.haxx.se/docs/adv_20161102B.html * Fix OOB write via unchecked multiplication as per CVE-2016-8617 https://curl.haxx.se/docs/adv_20161102C.html * Fix double-free in curl_maprintf as per CVE-2016-8618 https://curl.haxx.se/docs/adv_20161102D.html * Fix double-free in krb5 code as per CVE-2016-8619 https://curl.haxx.se/docs/adv_20161102E.html * Fix glob parser write/read out of bounds as per CVE-2016-8620 https://curl.haxx.se/docs/adv_20161102F.html * Fix curl_getdate read out of bounds as per CVE-2016-8621 https://curl.haxx.se/docs/adv_20161102G.html * Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622 https://curl.haxx.se/docs/adv_20161102H.html * Fix use-after-free via shared cookies as per CVE-2016-8623 https://curl.haxx.se/docs/adv_20161102I.html * Fix invalid URL parsing with '#' as per CVE-2016-8624 https://curl.haxx.se/docs/adv_20161102J.html -- Alessandro Ghedini Tue, 01 Nov 2016 21:38:10 +0000 curl (7.38.0-4+deb8u4) jessie-security; urgency=high * Fix TLS session resumption client cert bypass as per CVE-2016-5419 https://curl.haxx.se/docs/adv_20160803A.html * Fix re-using connection with wrong client cert as per CVE-2016-5420 https://curl.haxx.se/docs/adv_20160803B.html * Fix use of connection struct after free as per CVE-2016-5421 https://curl.haxx.se/docs/adv_20160803C.html -- Alessandro Ghedini Mon, 01 Aug 2016 12:19:28 +0100 curl (7.38.0-4+deb8u3) jessie-security; urgency=medium * Fix NTLM credentials not-checked for proxy connection re-use as per CVE-2016-0755 http://curl.haxx.se/docs/adv_20160127A.htm -- Alessandro Ghedini Tue, 26 Jan 2016 22:39:38 +0000 curl (7.38.0-4+deb8u2) jessie-security; urgency=high * Don't send sensitive HTTP server headers to proxies as per CVE-2015-3153 http://curl.haxx.se/docs/adv_20150429.html -- Alessandro Ghedini Wed, 29 Apr 2015 10:47:47 +0200 curl (7.38.0-4+deb8u1) jessie-security; urgency=high * Fix re-using authenticated connection when unauthenticated as per CVE-2015-3143 http://curl.haxx.se/docs/adv_20150422A.html * Fix host name out of boundary memory access as per CVE-2015-3144 http://curl.haxx.se/docs/adv_20150422D.html * Fix cookie parser out of boundary memory access as per CVE-2015-3145 http://curl.haxx.se/docs/adv_20150422C.html * Fix Negotiate not treated as connection-oriented as per CVE-2015-3148 http://curl.haxx.se/docs/adv_20150422B.html -- Alessandro Ghedini Tue, 21 Apr 2015 13:16:29 +0200 curl (7.38.0-4) unstable; urgency=high * Fix URL request injection vulnerability as per CVE-2014-8150 http://curl.haxx.se/docs/adv_20150108B.html * Set urgency=high accordingly -- Alessandro Ghedini Thu, 08 Jan 2015 10:47:24 +0100 curl (7.38.0-3) unstable; urgency=high * Enable all hardening options (Closes: #763372) * Fix duphandle read out of bounds as per CVE-2014-3707 http://curl.haxx.se/docs/adv_20141105.html * Set urgency=high accordingly -- Alessandro Ghedini Thu, 06 Nov 2014 11:40:24 +0100 curl (7.38.0-2) unstable; urgency=medium * Check for libtoolize instead of libtool during build. Thanks to Helmut Grohne for the patch (Closes: #761740) * Add README.source note regarding ordering of patches (Closes: #762193) * Add 10_fix-resolver.patch from upstream (Closes: #762014) -- Alessandro Ghedini Tue, 23 Sep 2014 16:41:53 +0200 curl (7.38.0-1) unstable; urgency=medium * New upstream release - Only use full host matches for hosts used as IP address as per CVE-2014-3613 http://curl.haxx.se/docs/adv_20140910A.html - Reject incoming cookies set for TLDs as per CVE-2014-3620 http://curl.haxx.se/docs/adv_20140910B.html * Drop 08_link-curl-to-nss.patch (merged upstream) * Refresh patches * Fix wildcard-matches-nothing-in-dep5-copyright * Add 08_fix-spelling.patch -- Alessandro Ghedini Wed, 10 Sep 2014 20:11:02 +0200 curl (7.37.1-1) unstable; urgency=medium * New upstream release * Re-enable RTMP support (Closes: #754222) * Add 08_link-curl-to-nss.patch to fix NSS build * Refresh patches * Install manpages of single libcurl options too -- Alessandro Ghedini Fri, 18 Jul 2014 10:18:03 +0200 curl (7.37.0-1) unstable; urgency=medium * New upstream release - Fix NULL pointer dereference in GnuTLS code (Closes: #746349) * Drop 08_fix-imap-tests.patch (merged upstream) * Refresh 01_runtests_gdb.patch * Remove Build-Depends on libgcrypt -- Alessandro Ghedini Wed, 21 May 2014 15:22:38 +0200 curl (7.36.0-2) unstable; urgency=medium * Move Depends on -dev packages needed to use static libraries to Suggests * Switch to GnuTLS 3.x (Closes: #741568) * Disable RTMP support (librtmp-dev requires libgnutls-dev, which conflicts with libgnutls28-dev) -- Alessandro Ghedini Mon, 28 Apr 2014 19:37:14 +0200 curl (7.36.0-1) unstable; urgency=high * New upstream release (Closes: #742728) - Fix connection re-use when using different log-in credentials as per CVE-2014-0138 http://curl.haxx.se/docs/adv_20140326A.html - Reject IP address wildcard matches as per CVE-2014-0139 http://curl.haxx.se/docs/adv_20140326B.html - Set urgency=high accordingly * Add 08_fix-imap-tests.patch to fix tests broken by the fix for CVE-2014-0138 -- Alessandro Ghedini Sun, 30 Mar 2014 15:36:35 +0200 curl (7.35.0-1) unstable; urgency=high * New upstream release - Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015 http://curl.haxx.se/docs/adv_20140129.html - Set urgency=high accordingly * Refresh patches -- Alessandro Ghedini Wed, 29 Jan 2014 11:16:57 +0100 curl (7.34.0-1) unstable; urgency=high * New upstream release - Fix GnuTLS checking of a certificate CN or SAN name field when the digital signature verification is turned off as per CVE-2013-6422 http://curl.haxx.se/docs/adv_20131217.html - Set urgency=high accordingly * Drop patches merged upstream: - 08_fix-typo.patch - 09_fix-urlglob.patch -- Alessandro Ghedini Tue, 17 Dec 2013 13:16:19 +0100 curl (7.33.0-2) unstable; urgency=low * Make -dev packages Multi-Arch: same too (Closes: #731309) * Bump Standards-Version to 3.9.5 (no changes needed) * Add 09_fix-urlglob.patch to fix URL globbing (Closes: #731855) -- Alessandro Ghedini Wed, 11 Dec 2013 18:44:37 +0100 curl (7.33.0-1) unstable; urgency=low * New upstream release - Handle arbitrary-length username and password (Closes: #719856) * Remove Luk from Uploaders as per his request (Closes: #723603) * Do not Build-Depends on specific automake version (Closes: #724361) * Fix lintian vcs-field-not-canonical * Add 08_fix-typo.patch * Refresh patches -- Alessandro Ghedini Mon, 14 Oct 2013 22:11:14 +0200 curl (7.32.0-1) unstable; urgency=low * New upstream release * Fix typo in changelog entry for 7.31.0-1 (Closes: #714502) * Drop 08_typo.patch (merged upstream) * Drop 09_openssl-recv.patch (merged upstream) * Refresh 90_gnutls.patch and 99_nss.patch * Refresh 06_always-disable-valgrind.patch * Enable threaded DNS resolver (Closes: #570436) See NEWS.Debian for more info -- Alessandro Ghedini Mon, 12 Aug 2013 12:19:05 +0200 curl (7.31.0-2) unstable; urgency=high * Add 09_openssl-recv.patch to fix incorrect OpenSSL usage (Closes: #714050) * Set urgency=high because of the security fix in the previous upload -- Alessandro Ghedini Wed, 26 Jun 2013 11:47:00 +0200 curl (7.31.0-1) unstable; urgency=low * New upstream release - Fix URL decode buffer boundary flaw as per CVE-2013-2174 http://curl.haxx.se/docs/adv_20130622.html * Make curl Multi-Arch: foreign (Closes: #712585) * Drop 08_reset-timecond.patch (merged upstream) * Refresh patches * Add 08_typo.patch to fix a couple of typos in one of the manpages -- Alessandro Ghedini Sat, 22 Jun 2013 15:46:53 +0200 curl (7.30.0-2) unstable; urgency=low * Move textual docs to the -doc package too * Move manpages from -dev packages to -doc as well - Add Breaks+Replaces accordingly * Remove outdated Replaces/Conflicts * Update watch file version to 3 * Add 08_reset-timecond.patch (Closes: #705783) -- Alessandro Ghedini Fri, 10 May 2013 17:46:46 +0200 curl (7.30.0-1) unstable; urgency=low * New upstream release * Update upstream copyright years * Drop patches merged upstream: - 08_NULL-pointer-dereference-on-close.patch - 09_CVE-213-1944.patch - 10_test1218-another-cookie-tailmatch-test.patch * Update patches: - 03_keep_symbols_compat.patch - 90_gnutls.patch - 99_nss.patch * Add libcurl4-doc package: - Move *.pdf and *.html files to the libcurl4-doc package - Add Suggests for -doc package to -dev packages - Move examples to the -doc package * Add Build-Depends on python which is used by some tests -- Alessandro Ghedini Thu, 18 Apr 2013 12:55:09 +0200 curl (7.29.0-2.1) unstable; urgency=high * Non-maintainer upload. [ Alessandro Ghedini ] * Do not compress *.pdf files (Closes: #704093) [ Salvatore Bonaccorso ] * Add 09_CVE-213-1944.patch. Fix CVE-2013-1944: fix tailmatching to prevent cross-domain leakage. Cookies set for 'example.com' could accidentaly also be sent by libcurl to the 'bexample.com' (ie with a prefix to the first domain name). (Closes: #705274) * Add testcase for CVE-2013-1944. -- Salvatore Bonaccorso Fri, 12 Apr 2013 13:55:34 +0200 curl (7.29.0-2) unstable; urgency=low * Fix a segfault when closing an unused multi handle (Closes: #701713) * Mention LDAPS in packages' long descriptions * Clean-up d/rules - Switch to short-form dh - Enable test suite on hurd and kfreebsd too - Enable GSSAPI support on hurd too -- Alessandro Ghedini Mon, 11 Mar 2013 19:02:56 +0100 curl (7.29.0-1) unstable; urgency=high * New upstream release - Fix buffer overflow when negotiating SASL DIGEST-MD5 authentication as per CVE-2013-0249 (Closes: #700002) http://curl.haxx.se/docs/adv_20130206.html - Set urgency=high accordingly * Install all the examples * Update 90_gnutls.patch and 99_nss.patch * Refresh patches * Correctly pass CPPFLAGS to ./configure * Upload to unstable -- Alessandro Ghedini Mon, 11 Feb 2013 14:48:03 +0100 curl (7.28.1-1) experimental; urgency=low * New upstream release * Drop 05_fix-git-over-https.patch and 08_fix-git-auth.patch (merged upstream) * Update 07_do-not-disable-debug-symbols.patch * Refresh patches * Add NEWS entry about change in CURLOPT_SSL_VERIFYHOST semantics -- Alessandro Ghedini Mon, 26 Nov 2012 17:51:27 +0100 curl (7.28.0-3) unstable; urgency=low * Add 07_do-not-disable-debug-symbols.patch, do not pass --enable-debug anymore (Closes: #693110) * Update 05_fix-git-over-https.patch to reflect new upstream patch * Add 08_fix-git-auth.patch to fix HTTPS authentication (Closes: #690764) -- Alessandro Ghedini Sat, 17 Nov 2012 14:07:21 +0100 curl (7.28.0-2) unstable; urgency=low * Add 05_fix-git-over-https.patch (Closes: #690551) * Add 06_always-disable-valgrind.patch (Closes: #690968) -- Alessandro Ghedini Mon, 22 Oct 2012 14:35:02 +0200 curl (7.28.0-1) unstable; urgency=low * New upstream release - gnutls: do not fail on non-fatal handshake errors (Closes: #685402) * Remove versioned build depends on libssh2 (already in stable) * Bump Standards-Version to 3.9.4 (no changes needed) * Refresh 01_runtests_gdb.patch * Update *.symbols files * Build depend on ca-certifcates to avoid test failure -- Alessandro Ghedini Thu, 11 Oct 2012 19:11:09 +0200 curl (7.27.0-1) unstable; urgency=low * New upstream release * Update upstream copyright * Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch -- Alessandro Ghedini Wed, 08 Aug 2012 17:22:00 +0200 curl (7.26.0-1) unstable; urgency=low * New upstream release - Reject numerical IPv6 addresses outside brackets (Closes: #670126) * Email change: Alessandro Ghedini -> ghedo@debian.org * Stricter Depends on libcurl3 (Closes: #666089) * Remove Ramakrishnan (as per his request), move myself to Maintainer Thank you for all your work so far * Disable memory tracking, but keep debug enabled - Remove memdebug symbols (used by curl only) * Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch * Disable not-quite-working symbols hiding -- Alessandro Ghedini Fri, 25 May 2012 15:19:51 +0200 curl (7.25.0-1) unstable; urgency=low * New upstream release - Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (Closes: #658276) - Allow negative numbers as option value (Closes: #659591) * Add libssh2-1-dev to libcurl4-gnutls-dev and libcurl4-nss-dev Depends * Bump debhelper compat level to 9 - Make *.links files executable to simplify rules file * Pass --as-needed ld flag to avoid unneeded dependencies - Add workaround_as_needed_bug to workaround a libtool bug - Drop dont_link_to_krb5 (not needed because of --as-needed) * Do some clean-up in debian/rules * Update debian/copyright format as in Debian Policy 3.9.3 * Bump Standards-Version to 3.9.3 * Explicit Conflicts in -dev packages (fixes binaries-have-file-conflict) * Add openssh-server to build depends to enable some more tests * Update upstream copyright years * Refresh patches -- Alessandro Ghedini Fri, 23 Mar 2012 16:24:51 +0100 curl (7.24.0-1) unstable; urgency=high * New upstream release - Improve documentation for the --capath option (Closes: #628697) - Fix URL sanitization vulnerability as per CVE-2012-0036 http://curl.haxx.se/docs/adv_20120124.html - Fix SSL CBC IV vulnerability as per CVE-2011-3389 http://curl.haxx.se/docs/adv_20120124B.html - Set urgency=high accordingly * Remove curl_links_with_rt patch (curl links to librt anyway) * Improve descriptions of -dev and -dbg packages * Drop fix_manpage_spelling and versioned patches (merged upstream) * Refresh patches * Add keep_symbols_compat patch to not break backwards ABI compatibility * Enable libssh2 support for GnuTLS and NSS flavours too (libssh2 now uses libgcrypt instead of libssl) -- Alessandro Ghedini Tue, 24 Jan 2012 12:04:04 +0100 curl (7.23.1-3) unstable; urgency=low * Enable security hardening flags * Remove libdb-dev from B-D (not used) * Improve short and long descriptions * Provide proper *.symbols files (Closes: #651619) * Do not version Curl_* symbols (for internal use only) * Do not override dh_makeshlibs version anymore -- Alessandro Ghedini Tue, 13 Dec 2011 19:55:31 +0100 curl (7.23.1-2) unstable; urgency=low * Bump shlibs version for libcurl3-nss (Closes: #650498) -- Alessandro Ghedini Thu, 01 Dec 2011 22:32:19 +0100 curl (7.23.1-1) unstable; urgency=low * New upstream release - Do not use gnutls_priority_set_direct and gnutls_certificate_type_set_priority anymore (Closes: #624024) * Refresh patches * Add --enable-debug flag to configure (Closes: #648902) * One Provides/Replaces per line * libcurl4-openssl-dev Provides libcurl4-dev too (Closes: #644126) * Specify only 3 components for Standards-Version (the fourth is not really needed) * Move ca-certificates to Recommends in lib* packages (Closes: #546607) * Add NSS flavour to versioned symbols -- Alessandro Ghedini Sun, 27 Nov 2011 18:45:01 +0100 curl (7.22.0-3) unstable; urgency=low [ Ramakrishnan Muthukrishnan ] * Add new Uploaders, Ian and Alessandro. (Closes: #647255) [ Luk Claes ] * Install lintian overrides with dh_lintian. * Install all files with dh_install and get rid of dh_installdirs. [ Alessandro Ghedini ] * New upstream release. * Bump debhelper compat level to 8. * debian/control: - One (Build-)Depends per line. - Sort (Build-)Depends. - Remove Build-Depends on binutils (v2.18 is already in oldstable and it is Build-Essential: yes). - Build depends on stunnel4 instead of stunnel (stunnel is just a dummy package). - Remove duplicate Section field in package curl. - Add Luk to Uploaders too, sort names. * debian/patches: - Update runtests_gdb patch, add DEP3 headers. - Update gnutls and nss patches, add DEP3 headers. - Refresh other patches. - Add DEP3 headers to all the patches. - Remove libtool patch (not applied anyway) - Set Forwarded: not-needed for Debian specific patches * Replace dh_clean -k call with dh_prep (dh_clean -k is deprecated since debhelper 7). * Add fix_manpage_spelling patch * debian/copyright: - Switch to DEP5 format - Update copyright information * Add librtmp-dev to libcurl4-nss-dev too -- Alessandro Ghedini Sun, 13 Nov 2011 21:07:32 +0100 curl (7.21.7-3) unstable; urgency=low * debian/rules: Build only curl and libcurl3 with rtmp support. Rest of the packages do not need to be built with rtmp support. (closes: #641173) -- Ramakrishnan Muthukrishnan Sun, 11 Sep 2011 22:08:08 +0200 curl (7.21.7-2) unstable; urgency=low * debian/control: libcurl*-dev packages should depend on librtmp-dev. (closes: #640260) * debian/rules: add build-arch and build-indep targets. -- Ramakrishnan Muthukrishnan Mon, 05 Sep 2011 16:12:42 +0200 curl (7.21.7-1) unstable; urgency=low * New Upstream release which fixes the following bugs. - libcurl3-gnutls: HTTPS over HTTP still broken in Git (closes: #627335) - git-core: gnutls_handshake() fail when using https:// over a proxy (closes: #559371) * debian/control: capitalize 'ftp'. (closes: #587338) * debian/rules: add build-arch and build-indep targets. -- Ramakrishnan Muthukrishnan Sat, 30 Jul 2011 17:57:08 +0530 curl (7.21.6-3) unstable; urgency=low * Apply the Multiarch patch from Steve Langasek. (closes: #631946) -- Ramakrishnan Muthukrishnan Wed, 29 Jun 2011 08:26:56 +0530 curl (7.21.6-2) unstable; urgency=high * Fix for the inappropriate GSSAPI delegation vulnerability (CVE-2011-2192). (closes: #631615) -- Ramakrishnan Muthukrishnan Sat, 25 Jun 2011 23:37:04 +0530 curl (7.21.6-1) unstable; urgency=low * New upstream release to fix a HTTPS over a HTTP proxy bug on 7.21.5. -- Ramakrishnan Muthukrishnan Sat, 23 Apr 2011 07:12:57 +0530 curl (7.21.5-1) unstable; urgency=low * New Upstream version. (closes: #623459) * debian/patches/{sslv2_disable, error_code}: removed as these patches were backported earlier from new upstream and this release incorporates them. -- Ramakrishnan Muthukrishnan Fri, 22 Apr 2011 13:14:41 +0530 curl (7.21.4-2) unstable; urgency=low * debian/patches/{sslv2-disable, series}: Apply the upstream commit c66b0b32fba175d5f096c944d8ec8f9f06299f4a. (closes: #622016) * debian/{rules, control}: enable rtmp. (closes: #622328) * debian/control: removing hurd from dependencies. Hurd is an 'essential' package. -- Ramakrishnan Muthukrishnan Wed, 13 Apr 2011 16:15:27 -0700 curl (7.21.4-1) unstable; urgency=low * New upstream release. * debian/control: downgraded the version number of libdb-dev required to 4.6 from 4.7, based on the inputs from Erik Schanze . -- Ramakrishnan Muthukrishnan Mon, 28 Feb 2011 19:35:36 +0530 curl (7.21.3-1) unstable; urgency=low * New upstream release. * debian/*.manpages: adding all manpages for the curl library. (closes: #605651) * gnutls->handshake: improved timeout handling. See #594150 for details. -- Ramakrishnan Muthukrishnan Wed, 15 Dec 2010 23:39:26 +0530 curl (7.21.2-4) unstable; urgency=low * support for curl library built against nss. (closes: #606244) * honour DEB_BUILD_OPTIONS=nocheck option. (closes: #606059) -- Ramakrishnan Muthukrishnan Thu, 09 Dec 2010 20:11:37 +0530 curl (7.21.2-3) unstable; urgency=low * debian/rules: reverting changes related to c-ares inclusion. * debian/control: removing libc-ares-dev for now. (closes: #605558) -- Ramakrishnan Muthukrishnan Thu, 02 Dec 2010 10:56:36 +0530 curl (7.21.2-2) unstable; urgency=low * debian/control: add libc-ares-dev as build dependency. * debian/rules: invoke configure with --enable-ares. (closes: #570436) * debian/copyright: add copyright notice of `lib/security.c' to the copyright file. (closes: #603712) -- Ramakrishnan Muthukrishnan Tue, 30 Nov 2010 17:35:29 +0530 curl (7.21.2-1) unstable; urgency=low * New upstream release. -- Ramakrishnan Muthukrishnan Mon, 18 Oct 2010 11:13:17 +0530 curl (7.21.1-1) unstable; urgency=low * New upstream release. -- Ramakrishnan Muthukrishnan Thu, 12 Aug 2010 08:20:48 +0530 curl (7.21.0-1) unstable; urgency=low * New upstream. -- Ramakrishnan Muthukrishnan Wed, 16 Jun 2010 19:25:37 +0530 curl (7.20.1-2) unstable; urgency=low * debian/rules: Removed the custom LDFLAGS variable. This is not required as we are no longer using the libtool patch. (closes: #578774) -- Ramakrishnan Muthukrishnan Wed, 28 Apr 2010 18:40:27 +0530 curl (7.20.1-1) unstable; urgency=low * New upstream release. * debian/patches/missing-double-quote: No longer needed as it has been fixed by the upstream. * debian/patches/no_com_err: Reworked the patches for the new release. * debian/patches/versioned: fix for build failure of 'make test'. (closes: #576237) * debian/rules: removed --enable-ldaps option from the configure as LDAP SSL (Novell extensions to openldap) is not available as Debian packages. * lib/http.c: chunked-encoding with Content-Length header problem has been fixed in the upstream. (closes: #572276) -- Ramakrishnan Muthukrishnan Mon, 19 Apr 2010 09:21:35 +0530 curl (7.20.0-3) unstable; urgency=low * debian/control: Vcs* tags added. * docs/libcurl/libcurl.m4: added the missing double quote (closes: #576518). -- Ramakrishnan Muthukrishnan Mon, 05 Apr 2010 18:56:40 +0530 curl (7.20.0-2) unstable; urgency=low * New Maintainer (closes: #574137). * Bug #533669 (curl segmentation fault in addbyter()) is fixed from release 7.19.7 onwards (closes: #533669). * Bug #510559 (curl sends whitespace unencoded in the url) can't be reproduced in the 7.20.0 release (closes: #510559). -- Ramakrishnan Muthukrishnan Thu, 18 Mar 2010 08:55:19 +0530 curl (7.20.0-1) unstable; urgency=low * Package is orphaned. * New upstream release. * Switch to dpkg-source 3.0 (quilt) format (closes: #538547). * Fixed build error with binutils-gold (closes: #554296). -- Domenico Andreoli Tue, 09 Feb 2010 13:06:39 +0100 curl (7.19.7-1) unstable; urgency=low * New upstream release: - curl_getdate(3) now correctly manages single letter military timezones as specified in RFC 822 (closes: #551461). * build depends on generic libdb-dev (closes: #548476). * build depends on libssh2-1-dev (>= 1.2) to enable new curl options. -- Domenico Andreoli Thu, 05 Nov 2009 10:11:57 +0100 curl (7.19.5-1) unstable; urgency=low * New upstream release * Fix "libcurl3-gnutls has memory corruption" by upgrading to new upstream release, which fixes this bug (Closes: #530131) * update standards version to 3.8.1 * adjust overrides from libdevel to debug for -dbg package * adjust doc-base section -- Andreas Schuldei Sun, 24 May 2009 21:12:19 +0200 curl (7.19.4-1) unstable; urgency=low * New upstream release * Fix "newer bdb version" (Closes: #517277) * resolve libtool version confusion, thanks to Stefanos Harhalakis * add new dependency on libgcrypt11-dev due to newly arising binary symbols -- Andreas Schuldei Thu, 02 Apr 2009 23:35:45 +0200 curl (7.18.2-8lenny1) stable-security; urgency=high * Applied upstream patch to fix arbitrary file access (CVE-2009-0037). -- Domenico Andreoli Tue, 03 Mar 2009 10:29:03 +0100 curl (7.18.2-8) unstable; urgency=low * Fix "Please add support for ldap/ldaps protocols" by changing the linker option for liblber (Closes: #506096) -- Andreas Schuldei Fri, 26 Dec 2008 23:48:19 +0100 curl (7.18.2-7) unstable; urgency=low * disable c-ares support again, no fix yet, just get stuff working again. -- Andreas Schuldei Tue, 15 Jul 2008 01:17:29 +0200 curl (7.18.2-6) unstable; urgency=low * enable c-ares support, with ipv6 support -- Andreas Schuldei Fri, 11 Jul 2008 02:05:16 +0200 curl (7.18.2-5) unstable; urgency=low * /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns "-Wl, -z, defs" (Closes: #488701), closing same bug again for curl-config --libs command -- Andreas Schuldei Wed, 02 Jul 2008 11:24:40 +0200 curl (7.18.2-4) unstable; urgency=medium * /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns "-Wl, -z, defs" (Closes: #488701) -- Andreas Schuldei Mon, 30 Jun 2008 23:59:55 +0200 curl (7.18.2-3) unstable; urgency=low * removing c-ares from the dependencies -- Andreas Schuldei Sat, 28 Jun 2008 03:34:50 +0200 curl (7.18.2-2) unstable; urgency=medium * blanking the "dependency_libs" line in lib*.la file to keep all the listed libs from being linked to other libs linking to curl. * fixing miss-linking problem by specifying liblber as a configure argument * disabling c-ares again for stability reasons * correcting libgssapi linking in configure.ac (patch no_com_err) -- Andreas Schuldei Fri, 27 Jun 2008 03:40:18 +0200 curl (7.18.2-1e1) experimental; urgency=low * testing c-ares-ipv6 integration patch -- Andreas Schuldei Mon, 23 Jun 2008 08:48:31 +0200 curl (7.18.2-1) unstable; urgency=low * New upstream release: - removed patches/ftp-response, it is already in the upstream release - fixed issues with kerberos ftp (closes: #478864). * Disable c-ares support, it is still not ready for Debian's wide user base (closes: #478864, #481189). * Standards-Version bumped to 3.8.0: - added support for parallel builds to debian/rules * Removal of $QUILT_PC's override makes this package ready for new source format 3.0 (quilt) (closes: #485023). * Configure build with --with-ca-path but only for OpenSSL flavour, GnuTLS supports only --with-ca-bundle (closes: #482814, #483999). Both libcurl3 and libcurl3-gnutls now depend on ca-certificates. -- Domenico Andreoli Mon, 09 Jun 2008 14:09:42 +0200 curl (7.18.1-1) unstable; urgency=low * New upstream release. * Fixed crossbuilding bug (closes: #465089). * Improved error reporting in case of failing FTP (closes: #474224). * Enable c-ares support (closes: #352694). * libcurl3-dbg now depends on either libcurl3 or libcurl3-gnutls (closes: #463173). -- Domenico Andreoli Thu, 17 Apr 2008 10:22:28 +0200 curl (7.18.0-1) unstable; urgency=low * New upstream release. * Use Homepage field in debian/control. -- Domenico Andreoli Tue, 29 Jan 2008 02:16:25 +0100 curl (7.17.1-1) unstable; urgency=low * New upstream release: - fixed bad use of "its" in curl.1 (closes: #443734) - fixed curl_easy_escape() with input bytes that are >= 0x80 (closes: #445214) -- Domenico Andreoli Wed, 31 Oct 2007 01:12:54 +0100 curl (7.17.0-1) unstable; urgency=low * New upstream release. * Updated to use libssh2-1-dev (closes: #441979, #442198). * Do not run the test suite on hurd (closes: #433834). * Enabled support for LDAPS protocol. -- Domenico Andreoli Fri, 14 Sep 2007 00:24:21 +0200 curl (7.16.4-5) unstable; urgency=low * libcurl4-openssl-dev now depends on libssh2-0-dev. closes: #439317, #439326. -- Domenico Andreoli Fri, 24 Aug 2007 18:13:17 +0200 curl (7.16.4-4) unstable; urgency=low * Build libcurl/GnuTLS without libssh2 because of the usual OpenSSL vs. GPL software lincense conflict (closes: #439176). -- Domenico Andreoli Thu, 23 Aug 2007 23:47:35 +0200 curl (7.16.4-3) unstable; urgency=low * Added support for scp and SFTP protocols. -- Domenico Andreoli Wed, 22 Aug 2007 00:48:32 +0200 curl (7.16.4-2) unstable; urgency=low * Fixed regression with FTP sites not requesting PASS (closes: #435771). -- Domenico Andreoli Sat, 04 Aug 2007 02:04:40 +0200 curl (7.16.4-1) unstable; urgency=low * New upstream release (closes: #432514). * Welcome Andreas to the curl packagers! * Build-Depends is now more backporting friendly. -- Domenico Andreoli Wed, 18 Jul 2007 16:44:30 +0200 curl (7.16.2-6) unstable; urgency=low * Added missing libcurl3 symlinks (closes: #429945) Patch courtesy of Bryan Donlan. -- Domenico Andreoli Sat, 23 Jun 2007 00:39:20 +0200 curl (7.16.2-5) unstable; urgency=low [ Steve Langasek ] * Re-introduce curl3 symbol versions and rename the packages back to libcurl3*, restoring ABI compatibility with the etch version of the package. [ Domenico Andreoli ] * Package libcurl4-gnutls-dev now suggests libcurl3-dbg. * libcurl3-dbg replaces/conflict/provide libcurl4-dbg. * Properly use ${binary:Version} in control file. -- Domenico Andreoli Wed, 20 Jun 2007 17:52:38 +0200 curl (7.16.2-4) unstable; urgency=low * Fixed configure.ac in case of build with GNUTLS (closes: #425013). * Fixed double-free bug (closes: #424894). Patch courtesy of Daniel Stenberg. -- Domenico Andreoli Sun, 20 May 2007 01:15:01 +0200 curl (7.16.2-3) unstable; urgency=low * Updated to db4.5 (closes: #421933). * Got rid of unused libcomerr2 dependency (closes: #392294). -- Domenico Andreoli Tue, 08 May 2007 08:46:21 +0200 curl (7.16.2-2) experimental; urgency=low * Improved package descriptions (closes: #410472). * Updated package Provides to ease the soname transition. -- Domenico Andreoli Fri, 27 Apr 2007 15:37:44 +0200 curl (7.16.2-1) experimental; urgency=low * New upstream release. * libcurl4-openssl-dev now depends on libcurl4-openssl (closes: #419774). * Bumped shlibs version to 7.16.2-1. * Patches are now managed with quilt. -- Domenico Andreoli Wed, 18 Apr 2007 09:29:48 +0200 curl (7.16.1-1) experimental; urgency=low * New upstream release. * Bumped shlibs version to 7.16.1-1. * Added HIDDEN section to version script to handle any __*, _rest or _save* local symbol. * Gopher protocol is not supported since 7.15.2. Removed any reference in package description (closes: #408704). * Moved libcurl/openssl to the new package libcurl4-openssl, now libcurl4 contains a version with no SSL or GSSAPI support (any future cryptographic stuff will be kept out of there). * Package libcurl4-dev now contains the matching headers for libcurl4 (so crypto stuff). -- Domenico Andreoli Thu, 1 Feb 2007 12:49:32 +0100 curl (7.16.0-1) experimental; urgency=low * New upstream release. * Bumped shlibs version to 7.16.0-1. * libcurl4 and libcurl4-gnutls now only recommend ca-certificates (closes: #404103). * pkg-config .pc file now uses Libs.private (closes: #405226). -- Domenico Andreoli Fri, 26 Jan 2007 14:26:55 +0100 curl (7.15.5-1) unstable; urgency=low * New upstream release: - fixed nodes removal from the splay tree (closes: #375076). * Make package build also if $TAPE is set (closes: #377470). * Bumped shlibs version to 7.15.5-1. -- Domenico Andreoli Mon, 7 Aug 2006 10:26:13 +0200 curl (7.15.4-1ubuntu1) edgy; urgency=low * Synchronize to Debian. Only change left: Removal of stunnel and libdb4.2-dev build dependencies. -- Martin Pitt Thu, 29 Jun 2006 15:04:24 +0200 curl (7.15.4-1) unstable; urgency=low * New upstream release. * Bumped shlibs version to 7.15.4-1. -- Domenico Andreoli Wed, 14 Jun 2006 14:41:16 +0200 curl (7.15.3-2) unstable; urgency=low * Fixed bug in configure.ac that makes FTBFS (closes: #367954). -- Domenico Andreoli Wed, 31 May 2006 15:18:26 +0200 curl (7.15.3-1) unstable; urgency=high * New upstream release: - fixed TFTP packet buffer overflow vulnerability [lib/tftp.c, CVE-2006-1061]. - improved curl_getenv.3 manpage grammar (closes: #357388). -- Domenico Andreoli Mon, 20 Mar 2006 11:46:25 +0100 curl (7.15.2-3) unstable; urgency=low * Applied upstream patch to fix multi interface and multi-part formposts (closes: #355715). * Build back with -O2, gcc 4.0.2-10 fixed the previously trigged bug. -- Domenico Andreoli Wed, 8 Mar 2006 15:29:15 +0100 curl (7.15.2-2) unstable; urgency=low * Added missing autotools invocation. Re-added versioned symbols (closes: #355241). * Bumped shlibs version to 7.15.2-2. * Build with -O3 to work around sospicious segfaults on tests 253 and 255. -- Domenico Andreoli Sat, 4 Mar 2006 22:47:23 +0100 curl (7.15.2-1) unstable; urgency=low * New upstream release. * Bumped shlibs version to 7.15.2-1. * Adopted debhelper's compatibility level 5. -- Domenico Andreoli Wed, 1 Mar 2006 16:12:51 +0100 curl (7.15.1-1ubuntu2) dapper; urgency=low * SECURITY UPDATE: Arbitrary remote code execution with long tftp:// URLs. * lib/tftp.c: Fix unbounded sprintf() to avoid buffer overflow. Thanks to Ulf Harnhammar for discovering this. * CVE-2006-1061 -- Martin Pitt Thu, 16 Mar 2006 11:30:25 +0100 curl (7.15.1-1ubuntu1) dapper; urgency=low * Resynchronise with Debian to get URL parser overflow fix from 7.15.1 (CVE-2005-4077). -- Martin Pitt Mon, 12 Dec 2005 15:04:52 +0100 curl (7.15.1-1) unstable; urgency=low * New upstream release: - fixed buffer overflow in URL parser function (closes: #342339). -- Domenico Andreoli Wed, 7 Dec 2005 11:11:38 +0100 curl (7.15.0-5.1) unstable; urgency=high * Non-maintainer upload. * Urgency high for RC bug fix. * Let libcurl3-*-dev depend on libkrb5-dev (closes: #340784, #340916). -- Luk Claes Sun, 4 Dec 2005 11:59:20 +0100 curl (7.15.0-5) unstable; urgency=low * libcurl3-gnutls-dev and libcurl3-openssl-dev now only recommend libkrb5-dev (closes: #334888). * Applied upstream patch to fix error message in case FTP-path does not exist (closes: #338680). * Applied upstream patch to fix parsing of --limit-rate command line option (closes: #338681). -- Domenico Andreoli Fri, 25 Nov 2005 10:30:25 +0100 curl (7.15.0-4ubuntu1) dapper; urgency=low * Resynchronise with Debian (only change left: Removal of stunnel build dependency). * Remove libdb4.2-dev build dependency. -- Martin Pitt Thu, 10 Nov 2005 17:44:35 -0500 curl (7.15.0-4) unstable; urgency=low * Fixed output of curl-config --vernum (closes: #335296). * libcurl3-openssl-dev now replaces libcurl3-dev older than 7.14.1-1 (closes: #335277). -- Domenico Andreoli Tue, 25 Oct 2005 11:48:53 +0200 curl (7.15.0-3) unstable; urgency=low * libcurl3 and libcurl3-gnutls now suggest libldap2 (closes: #294407). * Re-introduced libcurl3-dev package for transition reasons. -- Domenico Andreoli Wed, 19 Oct 2005 12:45:43 +0200 curl (7.15.0-2) unstable; urgency=low * Fixed depends of libcurl3-*-dev packages (closes: #334021, #333609, #334048). * Bumped shlibs version to 7.15.0-1 (closes: #334053). -- Domenico Andreoli Sun, 16 Oct 2005 15:34:40 +0200 curl (7.15.0-1) unstable; urgency=low * New upstream release: - fixed user+domain name buffer overflow in the NTLM code (CAN-2005-3185, closes: #333734). - libcurl3-*-dev packages now depend on libkrb5-dev (closes: #333609). - improved docs about curl_easy_setopt() and ERRORBUFFER (closes: #329313). -- Domenico Andreoli Fri, 14 Oct 2005 13:32:06 +0200 curl (7.14.1-5) unstable; urgency=low * Added build dependency on libtool (closes: #332729, #333174). -- Domenico Andreoli Tue, 11 Oct 2005 10:05:36 +0200 curl (7.14.1-4) unstable; urgency=low * Fixed SEE ALSO section in curl_excape.3 (closes: #331505). * Fixed configure.ac when --host=i586-mingw32msvc is given (closes: #329444). * Added missing example files (closes: #331722). * Updated build dependency for OpenSSL 0.9.8 transition. -- Domenico Andreoli Mon, 10 Oct 2005 12:43:25 +0200 curl (7.14.1-3) experimental; urgency=low * Fixed soname of libcurl-gnutls.so* variant. * Fixed broken sentence (closes: #329305). * Fixed reference to TheArtOfHttpScripting.gz (closes: #329299). * Added clarification about WRITEFUNCTION and WRITEDATA (closes: #329311). -- Domenico Andreoli Wed, 28 Sep 2005 17:13:51 +0200 curl (7.14.1-2) experimental; urgency=low * Started using the system-wide CA certificate file (closes: #308514). * Fixed apostrophe typos in the curl man page (closes: #326511). * Only curl_* symbols are now globally visible outside of libcurl. -- Domenico Andreoli Sat, 17 Sep 2005 23:52:28 +0200 curl (7.14.1-1) experimental; urgency=low * New upstream release. * libcurl3-gnutls has a modified soname and may be installed together with libcurl3 (closes: #318590). * Both libcurl3 and libcurl3-gnutls are built with versioned symbols and with support of GSSAPI authentication. * Renamed libcurl3-dev to libcurl3-openssl-dev. * Dropped package libcurl3-gssapi. -- Domenico Andreoli Thu, 15 Sep 2005 23:59:32 +0200 curl (7.14.0-5) unstable; urgency=low * Added libcurl3-gnutls and libcurl3-gnutls-dev packages (closes: #318590). * libcurl3-gssapi now has its own shlibs file. Packages built with this package installed will depend on it. -- Domenico Andreoli Thu, 18 Aug 2005 02:26:38 +0200 curl (7.14.0-4) unstable; urgency=low * OpenSSL is back (closes: #321294, #321391). -- Domenico Andreoli Fri, 5 Aug 2005 23:34:45 +0200 curl (7.14.0-3) unstable; urgency=low * Updated the use of dpkg-architecture (closes: #320046). * Added missing aclocal file libcurl.m4 to libcurl3-dev (closes: #315848). * Added (many) missing man pages (closes: #315850). * OpenSSL is replaced by GnuTLS in providing SSL support (closes: #318590). * Heimdal is replaced by MIT Kerberos in providing GSSAPI support. -- Domenico Andreoli Tue, 2 Aug 2005 22:34:01 +0200 curl (7.14.0-2ubuntu1) breezy; urgency=low * Synchronize with Debian. -- Matthias Klose Tue, 26 Jul 2005 19:03:01 +0200 curl (7.14.0-2) unstable; urgency=low * Rebuilt and uploaded to unstable. -- Domenico Andreoli Wed, 15 Jun 2005 11:41:32 +0200 curl (7.14.0-1) experimental; urgency=low * New upstream release. -- Domenico Andreoli Tue, 17 May 2005 10:42:35 +0200 curl (7.13.2-3) unstable; urgency=high * HTTP response headers with null bytes are now correctly managed (closes: #310948). -- Domenico Andreoli Fri, 3 Jun 2005 23:59:30 +0200 curl (7.13.2-2) unstable; urgency=low * Fixed conditional build of package libcurl3-gssapi (closes: #303939, #303953). -- Domenico Andreoli Mon, 11 Apr 2005 19:00:27 +0200 curl (7.13.2-1) unstable; urgency=low * New upstream release: - fixed curl man page typos (closes: #302820). -- Domenico Andreoli Tue, 5 Apr 2005 14:41:13 +0200 curl (7.13.1-3) unstable; urgency=low * Fixed hanging of some SSL connections (closes: #302366). -- Domenico Andreoli Thu, 31 Mar 2005 16:27:41 +0200 curl (7.13.1-2) unstable; urgency=low * Rebuilt to get the correct libidn11 dependency (closes: #299348). * Added some missing documentation files (closes: #298855). -- Domenico Andreoli Wed, 16 Mar 2005 14:30:03 +0100 curl (7.13.1-1) unstable; urgency=low * New upstream release. * Bumped up shlibs version for libcurl3 because of new curl options. -- Domenico Andreoli Fri, 4 Mar 2005 16:03:17 +0100 curl (7.13.0-2) unstable; urgency=high * Fixed NTLM Authentication buffer overflow (closes: #296678). Patch courtesy of Daniel Stenberg. This handles CAN-2005-0490. * Removed libcurl2* packages and all the scary stuff used to build them (closes: #274631). -- Domenico Andreoli Thu, 24 Feb 2005 10:07:22 +0100 curl (7.13.0-1) unstable; urgency=low * New upstream release. * libcurl3 now suggests package libldap2-dev to enable support for LDAP protocol. * Bumped up shlibs version for libcurl3 because of new curl options. -- Domenico Andreoli Sat, 5 Feb 2005 10:39:52 +0100 curl (7.12.3-2ubuntu3) hoary; urgency=low * Fix the version numbers internal to debian/rules. Closes; #8088 -- LaMont Jones Wed, 23 Mar 2005 18:41:29 -0700 curl (7.12.3-2) unstable; urgency=low * Disabled test suite on m68k, it stalls. -- Domenico Andreoli Thu, 30 Dec 2004 11:11:48 +0100 curl (7.12.3-1) unstable; urgency=low * New upstream release: - fixed debug tracing to network socket is stderr is closed (closes: #278691). * Applied patch to fix getpass license problems (closes: #286794). Patch courtesy of Daniel Stenberg. * Bumped up shlibs version for libcurl3 because of new curl options. -- Domenico Andreoli Mon, 27 Dec 2004 12:50:30 +0100 curl (7.12.2-2) unstable; urgency=low * libcurl3-dbg package is now built by dh_strip --dbg-package (closes: #274710). * Added build dependency on libdb4.2-dev. -- Domenico Andreoli Thu, 4 Nov 2004 11:36:17 +0100 curl (7.12.2-1) unstable; urgency=low * New upstream release. * Update diff to 7.11.2. * Add debian/watch file. * Add myself as a uploader. -- Matthias Klose Wed, 3 Nov 2004 00:55:52 +0100 curl (7.12.1-1) unstable; urgency=low * New upstream release: - workaround for ASN1_STRING_to_UTF8 failing if input is already UTF-8 encoded (closes: #264711). * Bumped up shlibs version for libcurl3 because of the introduction of FTP 3rd party transfer support options. -- Domenico Andreoli Tue, 10 Aug 2004 11:40:29 +0200 curl (7.12.0.rel-6) unstable; urgency=low * In rebuilding the 7.11.2 tree starting from the 7.12.0 one, lib/getdate.y is patched before lib/getdate.c (closes: #262597). -- Domenico Andreoli Sun, 1 Aug 2004 17:59:57 +0200 curl (7.12.0.rel-5) unstable; urgency=low * Tests are performed only if build target and building host are the same and are not kfreebsd-gnu or knetbsd-gnu (closes: #261591). * On hurd-i386 libcurl3-gssapi is not built. -- Domenico Andreoli Thu, 29 Jul 2004 15:17:51 +0200 curl (7.12.0.rel-4) unstable; urgency=low * Added build dependency on groff-base to really build the built-in manual. * libcurl3 now replaces old libcurl2 versions (closes: #255262). -- Domenico Andreoli Tue, 20 Jul 2004 11:40:09 +0200 curl (7.12.0.rel-3) unstable; urgency=low * Enabled curl's built-in manual. * configure script for 7.11.2 is now managed correctly. -- Domenico Andreoli Sun, 18 Jul 2004 22:25:00 +0200 curl (7.12.0.rel-2) unstable; urgency=low * libcurl2 uses curl-ca-bundle-7.11.2.crt (closes: #255262). Yes, it is a hack to not add libcurl-common package right now. -- Domenico Andreoli Sun, 18 Jul 2004 16:40:45 +0200 curl (7.12.0.rel-1) experimental; urgency=low * Version 7.12.0 is back with proper libcurl3* packages. * libcurl2* 7.11.2 packages are still provided (closes: #252879). * Enabled again the support for libidn. -- Domenico Andreoli Sun, 6 Jun 2004 23:09:33 +0200 curl (7.12.0.is.7.11.2-1) unstable; urgency=low * Reverted to version 7.11.2 (closes: #252348). * Disabled support for libidn (closes: #252367). This is to leave curl in unstable as much similar as possible to the one in testing. -- Domenico Andreoli Fri, 4 Jun 2004 19:09:25 +0200 curl (7.12.0-1) unstable; urgency=low * New upstream release: - fixed minor man page problem (closes: #232928) - improved --create-dirs description in curl man page (closes: #251351) * Enabled support for libidn. -- Domenico Andreoli Wed, 2 Jun 2004 18:06:05 +0200 curl (7.11.2-2) unstable; urgency=low * Fixed curl.1 man page (closes: #232928). Patch courtesy of Daniel Stenberg, the upstream developer. -- Domenico Andreoli Tue, 27 Apr 2004 19:47:09 +0200 curl (7.11.2-1) unstable; urgency=low * New upstream release. * Bumped up shlibs version because of the introduction of CURLOPT_TCP_NODELAY option. -- Domenico Andreoli Mon, 26 Apr 2004 14:14:20 +0200 curl (7.11.1-2) unstable; urgency=low * Added GSSAPI support to package libcurl2-gssapi (closes: #241553). -- Domenico Andreoli Fri, 2 Apr 2004 18:03:15 +0200 curl (7.11.1-1) unstable; urgency=low * New upstream release. * Bumped up shlibs version because of the introduction of CURLOPT_POSTFIELDSIZE_LARGE option. -- Domenico Andreoli Fri, 19 Mar 2004 11:39:07 +0100 curl (7.11.0-4) unstable; urgency=low * Applied fix from upstream's CVS which adds another CRLF in chunked-transfers. -- Domenico Andreoli Sun, 1 Feb 2004 13:19:02 +0100 curl (7.11.0-3) unstable; urgency=low * "Fixed" build process, now the right file is searched for CA certificates (closes: #228182). -- Domenico Andreoli Sat, 31 Jan 2004 20:06:10 +0100 curl (7.11.0-2) unstable; urgency=low * Test suite is still performed but is not critical for the build being successful any more. -- Domenico Andreoli Fri, 30 Jan 2004 13:03:03 +0100 curl (7.11.0-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Sun, 25 Jan 2004 17:50:43 +0100 curl (7.10.8+7.11.0-pre1-1) unstable; urgency=low * New upstream pre-release: - proxy+ssl now passes post variables (closes: #222901) - various test case problems exposed in #222140 should now be fixed. * Bumped up shlibs version because of the introduction of CURLOPT_NETRC_FILE and CURLOPT_FTP_SSL options in libcurl. -- Domenico Andreoli Wed, 14 Jan 2004 17:35:46 +0100 curl (7.10.8-1) unstable; urgency=low * New upstream release: - fixed LDAP support (closes: #149609) - cleaner environment for testsuite execution (closes: #210253) - fixed lib/Makefile.am's use of LDFLAGS (closes: #212086) - fixed name clash in curl.h with respect to unistd.h (closes: #213180) - fixed typo in curl manpage (closes: #218046). * Bumped up shlibs version because of new libcurl options. * Added stunnel to the Build-Depends in order to enable SSL test cases. -- Domenico Andreoli Mon, 3 Nov 2003 10:26:12 +0100 curl (7.10.7-2) unstable; urgency=low * Fixed bug in cache_resolv_response on alpha and ia64 (closes: #207174). Patch courtesy of Jurij Smakov. -- Domenico Andreoli Mon, 8 Sep 2003 21:55:46 +0200 curl (7.10.7-1) unstable; urgency=low * New upstream release. * Bumped up shlibs version because of the introduction of CURLOPT_PROXYAUTH and CURLOPT_FTP_CREATE_MISSING_DIRS options in libcurl. -- Domenico Andreoli Mon, 18 Aug 2003 00:19:43 +0200 curl (7.10.6-3) unstable; urgency=low * Applied patch to fix test 60 on ia64. -- Domenico Andreoli Sat, 9 Aug 2003 04:26:15 +0200 curl (7.10.6-2) unstable; urgency=low * Applied patch from upstream to fix url globbing (closes: #203827). * make test is still performed on building debug stuff but errors are ignored. -- Domenico Andreoli Thu, 7 Aug 2003 02:20:46 +0200 curl (7.10.6-1) unstable; urgency=low * New upstream release: - added spport for http_proxy env var with name:passwd (closes: #193630). * make test is invoked after build -- Domenico Andreoli Tue, 29 Jul 2003 01:26:50 +0200 curl (7.10.5-1) unstable; urgency=low * New upstream release: - fixed typo in curl's man page (closes: #189272). * New libcurl option CURLOPT_FTP_USE_EPRT has been added, bumped up shlibs. -- Domenico Andreoli Mon, 19 May 2003 23:57:12 +0200 curl (7.10.4-1) unstable; urgency=low * New upstream release: - now uses new settings properly when re-using an existing connection (closes: #185254) - curl man page now refers to MANUAL (closes: #178509). * Changed section of libcurl2-dev and libcurl2-dbg to libdevel. -- Domenico Andreoli Wed, 2 Apr 2003 21:25:24 +0200 curl (7.10.3-3) unstable; urgency=low * Rebuilt to link against libssl0.9.7. * Improved package descriptions thanks to suggestions provided by Filip Van Raemdonck (closes: #177995). -- Domenico Andreoli Fri, 14 Mar 2003 16:08:38 +0100 curl (7.10.3-2) unstable; urgency=low * Development package is now named libcurl2-dev, it provides libcurl-dev. People can now safely make their build dependencies and be sure to use the right stuff. * New package libcurl2-dbg is provided to help in debugging sessions. -- Domenico Andreoli Mon, 20 Jan 2003 22:04:32 +0100 curl (7.10.3-1) unstable; urgency=low * New upstream release. * It now suggests ca-certificates package. -- Domenico Andreoli Thu, 16 Jan 2003 00:27:48 +0100 curl (7.10.2-2) unstable; urgency=low * Added AM_MAINTAINER_MODE to configure.in (closes: #170050). -- Domenico Andreoli Fri, 22 Nov 2002 14:28:22 +0100 curl (7.10.2-1) unstable; urgency=low * New upstream release: - fixed segfault on retrieving relative redirects (closes: #165382) - fixed a leak of debug output (closes: #167678). * Updated config.guess and config.sub (closes: #166153). * Added zlib1g-dev to build and libcurl-dev dependencies (closes: #169654). * Added HTML and PDF versions of all manpages in libcurl-dev package. -- Domenico Andreoli Wed, 20 Nov 2002 23:38:24 +0100 curl (7.10.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Fri, 11 Oct 2002 23:26:50 +0200 curl (7.10-1) unstable; urgency=low * New upstream release: - new way to use option -x to prevent curl from using any proxy server (closes: #161153). -- Domenico Andreoli Wed, 2 Oct 2002 01:04:20 +0200 curl (7.9.8-2) unstable; urgency=low * Added again libcurl2-ssl to the libcurl2 conflicts. -- Domenico Andreoli Thu, 4 Jul 2002 02:35:24 +0200 curl (7.9.8-1) unstable; urgency=low * New upstream release. * Double flavor of curl to support both non-SSL and SSL is gone. Now curl comes only with SSL. Who needs SSL can require curl version >= 7.9.8 . -- Domenico Andreoli Mon, 24 Jun 2002 23:04:37 +0200 curl (7.9.7-2) unstable; urgency=low * Fixed the bashism in debian/rules (closes: #147352). * SSL and non-SSL series of curl packages are now built from the same source. thanks crypto-in-main! :) -- Domenico Andreoli Mon, 20 May 2002 23:28:05 +0200 curl (7.9.7-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Wed, 15 May 2002 21:09:19 +0200 curl (7.9.6-1) unstable; urgency=low * New upstream release. * libcurl.3 manpage is now installed by libcurl-dev instead of libcurl2. Indeed it provides an overview on how to use libcurl in C programs. -- Domenico Andreoli Sat, 20 Apr 2002 17:06:51 +0200 curl (7.9.5-2) unstable; urgency=low * curl-ssl stuff moved from non-US to main. -- Domenico Andreoli Mon, 25 Mar 2002 23:40:02 +0100 curl (7.9.5-1) unstable; urgency=low * New upstream release (closes: #134608). * Added autotools-dev to the build dependencies. config.{guess,sub} can now be updated automatically in the build process. -- Domenico Andreoli Tue, 12 Mar 2002 19:06:21 +0100 curl (7.9.3-2) unstable; urgency=low * Upstream source code has been correctly imported in my CVS repository (closes: #130906). -- Domenico Andreoli Sun, 27 Jan 2002 22:23:54 +0100 curl (7.9.3-1) unstable; urgency=low * New upstream release: - fixed wrong assumption on char signedness (closes: #127011) - missing header added accordingly (closes: #130401) * Fixed a typo in curl description (closes: #124526). -- Domenico Andreoli Thu, 24 Jan 2002 20:04:04 +0100 curl (7.9.2-1) unstable; urgency=low * New upstream release: - two bad timeout matters in libcurl2 are now solved (closes: #118595). -- Domenico Andreoli Fri, 7 Dec 2001 16:58:45 +0100 curl (7.9.1-3) unstable; urgency=low * Fixed return type of Curl_ftpsendf(...) to CURLcode (closes: #120485). * Versions in debian/libcurl2.shlibs have been incremented to ">= 7.9.1-1". -- Domenico Andreoli Thu, 22 Nov 2001 15:35:40 +0100 curl (7.9.1-2) unstable; urgency=low * Reverted to unpatched released 7.9.1 source tree, patch behavior was weird. -- Domenico Andreoli Thu, 15 Nov 2001 18:05:58 +0100 curl (7.9.1-1) unstable; urgency=low * New upstream release. * Applied upstream patch #478780 found on sourceforge, fixes libcurl which didn't restore SIGALRM handler (closes: #118595). * Applied patch for patch #478780 of above, see bug #118595 in BTS. Patch courtesy of Enrik Berkhan . * Build-Depends reduced to what is strictly required for building. autoconf, automake and libtool build dependencies are gone. -- Domenico Andreoli Fri, 9 Nov 2001 13:56:36 +0100 curl (7.9-1) unstable; urgency=low * New upstream release: - output of "curl-config --libs" now includes -lcurl. -- Domenico Andreoli Tue, 25 Sep 2001 18:38:46 +0200 curl (7.8-3) unstable; urgency=low * Added libc6-dev to libcurl2-dev dependencies. * Fixed lack of some FD_ZERO(...)s in lib/transfer.c (closes: #105516). -- Domenico Andreoli Fri, 3 Aug 2001 16:32:20 +0200 curl (7.8-2) unstable; urgency=low * libcurl2.shlibs now includes version numbers. some new symbols have been introduced in libcurl 7.8, so program linked against 7.8 cannot work with older ones. * IPv6 support is now enabled * configure.in has been renamed to autoconf.ac to force the use of autoconf 2.50 -- Domenico Andreoli Thu, 5 Jul 2001 01:38:24 +0200 curl (7.8-1) unstable; urgency=low * New upstream release. * Applied patch for correct shared library versioning of libcurl, curl 7.8 comes with broken shared library version out of the box. Patch provided by upstream developer. -- Domenico Andreoli Sat, 9 Jun 2001 21:12:05 +0200 curl (7.7.3-3) unstable; urgency=low * Fixed manpages libcurl-dev with required simlinks (closes: 99610). -- Domenico Andreoli Mon, 4 Jun 2001 14:37:49 +0200 curl (7.7.3-2) unstable; urgency=low * lib/url.c and lib/version.c are now fixed (closes: #97709). * install upstream changelog (closes: #97628). -- Domenico Andreoli Fri, 18 May 2001 10:32:25 +0200 curl (7.7.3-1) unstable; urgency=low * New upstream release. * Using dh_installman instead dh_installmanpages. * Installing libcurl examples with dh_installexamples. * Policy 3.5.3.0 compliant. -- Domenico Andreoli Thu, 10 May 2001 09:45:05 +0200 curl (7.7.2-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Tue, 24 Apr 2001 09:14:51 +0200 curl (7.7.1-2) unstable; urgency=low * Fixed debian/rules (closes: #78232, #93837). -- Domenico Andreoli Tue, 17 Apr 2001 17:12:19 +0200 curl (7.7.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Tue, 10 Apr 2001 13:26:09 +0200 curl (7.7-1) unstable; urgency=low * New upstream release. * Fixed formatting errors in curl.1 (closes: #90281). -- Domenico Andreoli Fri, 23 Mar 2001 18:25:26 +0100 curl (7.6.1-5) unstable; urgency=low * Fixed debian/libcurl1.shlibs in order to solve any problem for those packages which should depend on either libcurl1 or libcurl1-ssl. I should have done it long time ago. -- Domenico Andreoli Tue, 13 Mar 2001 18:29:06 +0100 curl (7.6.1-4) unstable; urgency=low * Added versioned Build-Depend for debhelper. -- Domenico Andreoli Tue, 6 Mar 2001 15:16:02 +0100 curl (7.6.1-3) unstable; urgency=low * Refining the transition to debhelper compatibility 2. I forgot the executable in the curl package (closes: #87886). -- Domenico Andreoli Wed, 28 Feb 2001 14:31:43 +0100 curl (7.6.1-2) unstable; urgency=low * Switched to debhelper compatibility version 2. -- Domenico Andreoli Fri, 23 Feb 2001 18:24:02 +0100 curl (7.6.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Tue, 13 Feb 2001 18:04:04 +0100 curl (7.6-2) unstable; urgency=low * Adjusted dependencies in order to let curl-ssl package manage a smooth upgrade from potato. -- Domenico Andreoli Fri, 9 Feb 2001 13:36:11 +0100 curl (7.6-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Mon, 29 Jan 2001 16:00:59 +0100 curl (7.5.2-2) unstable; urgency=low * This is a service upload in order to fix dependencies problems arose for a ill-formed upload of 7.5.2-1. -- Domenico Andreoli Mon, 29 Jan 2001 14:54:57 +0100 curl (7.5.2-1) unstable; urgency=low * New upstream release. * It needed to be recompiled against the new libc (closes: #80256). -- Domenico Andreoli Mon, 15 Jan 2001 13:08:15 +0100 curl (7.5-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Mon, 4 Dec 2000 13:15:33 +0100 curl (7.4.2-2) unstable; urgency=low * curl replaces curl-ssl. curl is only a frontend for libcurl and is not aware of any protocol, libcurl is. so what is really different whether ssl is enable or not is only libcurl. * curl now depends on (libcurl0 | libcurl0-ssl). * The workaround for libtool -rpath parameter is not required, so it has been removed from configure.in. * Removed "Suggests: " field in control file for libcurl0. It suggested to install curl and libcurl-dev too but it really doesn't make sense (this change was really applied in -1). -- Domenico Andreoli Tue, 28 Nov 2000 14:27:29 +0100 curl (7.4.2-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Fri, 17 Nov 2000 16:19:23 +0100 curl (7.2.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Mon, 4 Sep 2000 01:22:44 +0200 curl (7.1-3) unstable; urgency=low * Added "Suggests: " field in control file for libcurl0. Now curl and libcurl-dev are suggested upon installation of libcurl0. -- Domenico Andreoli Mon, 14 Aug 2000 15:01:08 +0200 curl (7.1-2) unstable; urgency=low * Fixed a line that did not install development manpages. -- Domenico Andreoli Thu, 10 Aug 2000 14:32:23 +0200 curl (7.1-1) unstable; urgency=low * New upstream release. * libcurl is now a separate package, it provides shared libraries and includes to allow developing for other applications. -- Domenico Andreoli Wed, 9 Aug 2000 01:21:25 +0200 curl (6.5.2-4) unstable; urgency=low * Some missing build dependencies (autoconf, automake, libtool) added. -- Domenico Andreoli Sat, 8 Jul 2000 00:13:16 +0200 curl (6.5.2-3) unstable; urgency=low * Due to some policy and technical restrictions, curl's source package has been splitted again in two, one for main archive and one for non-US. -- Domenico Andreoli Tue, 4 Jul 2000 15:52:14 +0200 curl (6.5.2-2) unstable; urgency=low * Added a Build-Depends in order to compile curl-ssl only if libssl09-dev is installed. * Documentation reflects the new location of curl debian packages home page (http://curl-deb.sourceforge.net). * Corrected minor spelling errors in README.Debian. -- Domenico Andreoli Sat, 17 Jun 2000 01:13:19 +0200 curl (6.5.2-1) unstable; urgency=low * New upstream release. * Now curl and curl-ssl binary packages are generated from the same debian source package. * Uploads and downloads are now performed simultaneously (closes: #56627). -- Domenico Andreoli Sat, 25 Mar 2000 01:06:35 +0100 curl (6.4-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Sun, 30 Jan 2000 02:21:32 +0100 curl (6.3.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Sat, 11 Dec 1999 17:38:13 +0100 curl (6.2-1) unstable; urgency=low * New upstream release. * No hack to compile without SSL is required anymore. Fixed by upstream maintainer. -- Domenico Andreoli Mon, 1 Nov 1999 00:37:32 +0100 curl (6.0-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Mon, 27 Sep 1999 22:28:13 +0200 curl (5.11-1.1) unstable; urgency=low * Put sources into the right section. -- Domenico Andreoli Mon, 30 Aug 1999 03:14:21 +0200 curl (5.11-1) unstable; urgency=low * New upstream release. * New debian maintainer. -- Domenico Andreoli Fri, 27 Aug 1999 11:50:04 +0200 curl (5.9-2) unstable; urgency=low * Moved to non-US, and compiled against ssl (closes: #40099). -- Leon Breedt Sat, 3 Jul 1999 15:46:54 +0200 curl (5.9-1) unstable; urgency=low * New upstream release. -- Leon Breedt Sun, 23 May 1999 21:51:30 +0200 curl (5.8-1) unstable; urgency=low * Initial Release. -- Leon Breedt Sun, 9 May 1999 18:55:48 +0200