curl (7.51.0-1ubuntu1) zesty; urgency=medium * Merge from Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev. + Drop libssh2-1-dev from binary package Depends. + debian/control: drop --with-nghttp2 -- Marc Deslauriers Wed, 16 Nov 2016 12:59:10 -0500 curl (7.51.0-1) unstable; urgency=medium * New upstream release - Fix cookie injection for other servers as per CVE-2016-8615 https://curl.haxx.se/docs/adv_20161102A.html - Fix case insensitive password comparison as per CVE-2016-8616 https://curl.haxx.se/docs/adv_20161102B.html - Fix OOB write via unchecked multiplication as per CVE-2016-8617 https://curl.haxx.se/docs/adv_20161102C.html - Fix double-free in curl_maprintf as per CVE-2016-8618 https://curl.haxx.se/docs/adv_20161102D.html - Fix double-free in krb5 code as per CVE-2016-8619 https://curl.haxx.se/docs/adv_20161102E.html - Fix glob parser write/read out of bounds as per CVE-2016-8620 https://curl.haxx.se/docs/adv_20161102F.html - Fix curl_getdate read out of bounds as per CVE-2016-8621 https://curl.haxx.se/docs/adv_20161102G.html - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622 https://curl.haxx.se/docs/adv_20161102H.html - Fix use-after-free via shared cookies as per CVE-2016-8623 https://curl.haxx.se/docs/adv_20161102I.html - Fix invalid URL parsing with '#' as per CVE-2016-8624 https://curl.haxx.se/docs/adv_20161102J.html - Fix IDNA 2003 makes curl use wrong host https://curl.haxx.se/docs/adv_20161102K.html - Fix escape and unescape integer overflows as per CVE-2016-7167 (Closes: #837945) https://curl.haxx.se/docs/adv_20160914.html - Fix incorrect reuse of client certificates (NSS backend) as per CVE-2016-7141 (Closes: #836918) https://curl.haxx.se/docs/adv_20160907.html * Drop 02_art_http_scripting.patch (file not shipped anymore) * Refresh patches * Temporarily disable IDN support * Don't install pdf and html docs (they are not shipped in the tarball anymore) * Install markdown docs -- Alessandro Ghedini Thu, 03 Nov 2016 22:46:14 +0000 curl (7.50.1-2) unstable; urgency=medium * Disable more network tests (Closes: #830273) -- Alessandro Ghedini Sun, 28 Aug 2016 14:48:05 +0100 curl (7.50.1-1ubuntu2) zesty; urgency=medium * SECURITY UPDATE: Incorrect reuse of client certificates with NSS - debian/patches/CVE-2016-7141.patch: refuse previously loaded certificate from file in lib/vtls/nss.c. - CVE-2016-7141 * SECURITY UPDATE: curl escape and unescape integer overflows - debian/patches/CVE-2016-7167.patch: deny negative string length inputs in lib/escape.c. - CVE-2016-7167 * SECURITY UPDATE: cookie injection for other servers - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in lib/cookie.c. - CVE-2016-8615 * SECURITY UPDATE: case insensitive password comparison - debian/patches/CVE-2016-8616.patch: use case sensitive user/password comparisons in lib/url.c. - CVE-2016-8616 * SECURITY UPDATE: OOB write via unchecked multiplication - debian/patches/CVE-2016-8617.patch: check for integer overflow on large input in lib/base64.c. - CVE-2016-8617 * SECURITY UPDATE: double-free in curl_maprintf - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing allocation in lib/mprintf.c. - CVE-2016-8618 * SECURITY UPDATE: double-free in krb5 code - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c. - CVE-2016-8619 * SECURITY UPDATE: glob parser write/read out of bounds - debian/patches/CVE-2016-8620.patch: stay within bounds in src/tool_urlglob.c. - CVE-2016-8620 * SECURITY UPDATE: curl_getdate read out of bounds - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in lib/parsedate.c, added tests to tests/data/test517, tests/libtest/lib517.c. - CVE-2016-8621 * SECURITY UPDATE: URL unescape heap overflow via integer truncation - debian/patches/CVE-2016-8622.patch: avoid integer overflow in lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3. - CVE-2016-8622 * SECURITY UPDATE: Use-after-free via shared cookies - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies in lib/cookie.c, lib/cookie.h, lib/http.c. - CVE-2016-8623 * SECURITY UPDATE: invalid URL parsing with # - debian/patches/CVE-2016-8624.patch: accept # as end of host name in lib/url.c. - CVE-2016-8624 -- Marc Deslauriers Thu, 03 Nov 2016 14:04:47 -0400 curl (7.50.1-1ubuntu1) yakkety; urgency=medium * Merge from Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev. + Drop libssh2-1-dev from binary package Depends. + debian/control: drop --with-nghttp2 * Drop libgnutls28-dev change, the rename didn't happen in Debian * Readd stunnel build dependency, we can build-depend from universe now. -- Gianfranco Costamagna Wed, 03 Aug 2016 15:29:21 +0200 curl (7.50.1-1) unstable; urgency=medium * New upstream release (Closes: #827900) - Fix TLS session resumption client cert bypass as per CVE-2016-5419 https://curl.haxx.se/docs/adv_20160803A.html - Fix re-using connection with wrong client cert as per CVE-2016-5420 https://curl.haxx.se/docs/adv_20160803B.html - Fix use of connection struct after free as per CVE-2016-5421 https://curl.haxx.se/docs/adv_20160803C.html - Support OpenSSL 1.1 (Closes: #828127) * Fix 04_workaround_as_needed_bug.patch. Thanks to Yuriy M. Kaminskiy for the patch (Closes: #818131) * Bump Standards-Version to 3.9.8 (no changes needed) * Update Vcs-* URLs * Refresh patches * Add 08_enable-zsh.patch to re-enable zsh completion generation * Remove 08_fix-zsh-completion.patch (was already disabled) * Add 09_fix-typo.patch to fix spelling-error-in-manpage * Add 10_disable-network-tests.patch to disable networked tests (Closes: #830273) * Improve cross Build-Depends satisfiability. Thanks to Helmut Grohne for the patch (Closes: #818092) -- Alessandro Ghedini Wed, 03 Aug 2016 12:46:05 +0100 curl (7.47.0-1ubuntu3) yakkety; urgency=medium * Build-depend on libgnutls28-dev, not libgnutls-dev, which was never added in Debian. -- Steve Langasek Thu, 14 Jul 2016 17:44:02 -0700 curl (7.47.0-1ubuntu2) xenial; urgency=medium * No-change rebuild for gnutls transition. -- Matthias Klose Wed, 17 Feb 2016 22:40:53 +0000 curl (7.47.0-1ubuntu1) xenial; urgency=medium * Merge from Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4, libssh2-1-dev, and libnghttp2-dev. + Drop libssh2-1-dev from binary package Depends. + debian/control: drop --with-nghttp2 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev -- Marc Deslauriers Wed, 27 Jan 2016 14:59:25 -0500 curl (7.47.0-1) unstable; urgency=high * New upstream release - Fix NTLM credentials not-checked for proxy connection re-use as per CVE-2016-0755 http://curl.haxx.se/docs/adv_20160127A.html - Set uyrgency=high accordingly * Remove hard-coded dependency on libgnutls (Closes: #812542) * Drop 08_fix-zsh-completion.patch (merged upstream) * Refresh patches -- Alessandro Ghedini Wed, 27 Jan 2016 11:45:59 +0000 curl (7.46.0-1ubuntu1) xenial; urgency=medium * Merge from Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4, libssh2-1-dev, and libnghttp2-dev. + Drop libssh2-1-dev from binary package Depends. + debian/control: drop --with-nghttp2 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev -- Marc Deslauriers Fri, 22 Jan 2016 09:38:38 -0500 curl (7.46.0-1) unstable; urgency=medium * New upstream release - Initialize OpenSSL algorithms after loading config (Closes: #805408) * Install curl zsh completion (Closes: #805509) - Add 08_fix-zsh-completion.patch to fix zsh completion generation -- Alessandro Ghedini Sun, 27 Dec 2015 18:18:09 +0100 curl (7.45.0-1ubuntu1) xenial; urgency=medium * Merge from Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4, libssh2-1-dev, and libnghttp2-dev. + Drop libssh2-1-dev from binary package Depends. + debian/control: drop --with-nghttp2 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev -- Marc Deslauriers Wed, 04 Nov 2015 15:47:36 -0600 curl (7.45.0-1) unstable; urgency=medium * New upstream release * Drop 08_spelling.patch (merged upstream) -- Alessandro Ghedini Wed, 07 Oct 2015 12:59:03 +0200 curl (7.44.0-2) unstable; urgency=medium * Enable HTTP/2 support (Closes: #796302) -- Alessandro Ghedini Thu, 10 Sep 2015 11:25:14 +0200 curl (7.44.0-1) unstable; urgency=medium * New upstream release * Refresh patches * Update symbols files * Add 08_spelling.patch to fix some spelling errors -- Alessandro Ghedini Wed, 12 Aug 2015 11:49:04 +0200 curl (7.43.0-1ubuntu2) wily; urgency=medium * debian/control: - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev -- Robert Ancell Tue, 11 Aug 2015 11:41:50 +1200 curl (7.43.0-1ubuntu1) wily; urgency=medium * Merge from Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. -- Marc Deslauriers Thu, 18 Jun 2015 07:39:39 -0400 curl (7.43.0-1) unstable; urgency=medium * New upstream release - Fix lingering HTTP credentials in connection re-use as per CVE-2015-3236 http://curl.haxx.se/docs/adv_20150617A.html - Fix SMB send off unrelated memory contents as per CVE-2015-3237 http://curl.haxx.se/docs/adv_20150617B.html * Refresh patches * Fix spelling-error-in-description -- Alessandro Ghedini Wed, 17 Jun 2015 10:21:34 +0200 curl (7.42.1-3ubuntu1) wily; urgency=low * Merge from Debian (LP: #1459685). Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. * Dropped patches: - debian/patches/CVE-2015-3143.patch: upstream - debian/patches/CVE-2015-3148.patch: upstream - debian/patches/CVE-2015-3144.patch: upstream - debian/patches/CVE-2015-3153.patch: upstream - debian/patches/CVE-2014-8150.patch: upstream - debian/patches/CVE-2015-3145.patch: upstream * Dropped changes: - Add new libcurl3-udeb package. - Add new curl-udeb package. they seems to be broken since pre-trusty -- Gianfranco Costamagna Mon, 08 Jun 2015 10:35:57 +0200 curl (7.42.1-3) unstable; urgency=medium * Update copyright * Set both CA bundle and CA path default values for OpenSSL and GnuTLS backends * Bump versioned depends on libgnutls to workaround lack of nettle versioned symbols (Closes: #787960) -- Alessandro Ghedini Sun, 07 Jun 2015 18:15:15 +0200 curl (7.42.1-2) unstable; urgency=medium * Switch curl binary to libcurl3-gnutls (Closes: #342719) This is the first step of a possible migration to a GnuTLS-only libcurl for Debian. Let's see how it goes. -- Alessandro Ghedini Sun, 03 May 2015 13:13:15 +0200 curl (7.42.1-1) unstable; urgency=high * New upstream release - Don't send sensitive HTTP server headers to proxies as per CVE-2015-3153 http://curl.haxx.se/docs/adv_20150429.html * Drop 08_fix-spelling.patch (merged upstream) * Refresh patches -- Alessandro Ghedini Wed, 29 Apr 2015 10:43:43 +0200 curl (7.42.0-1) unstable; urgency=medium * New upstream release - Fix re-using authenticated connection when unauthenticated as per CVE-2015-3143 http://curl.haxx.se/docs/adv_20150422A.html - Fix host name out of boundary memory access as per CVE-2015-3144 http://curl.haxx.se/docs/adv_20150422D.html - Fix cookie parser out of boundary memory access as per CVE-2015-3145 http://curl.haxx.se/docs/adv_20150422C.html - Fix Negotiate not treated as connection-oriented as per CVE-2015-3148 http://curl.haxx.se/docs/adv_20150422B.html - Disable SSLv3 in the OpenSSL backend when OPENSSL_NO_SSL3_METHOD is defined (Closes: #768562) * Drop patches merged upstream * Refresh patches * Bump Standards-Version to 3.9.6 (no changes needed) -- Alessandro Ghedini Wed, 22 Apr 2015 11:07:32 +0200 curl (7.38.0-4) unstable; urgency=high * Fix URL request injection vulnerability as per CVE-2014-8150 http://curl.haxx.se/docs/adv_20150108B.html * Set urgency=high accordingly -- Alessandro Ghedini Thu, 08 Jan 2015 10:47:24 +0100 curl (7.38.0-3ubuntu3) wily; urgency=medium * SECURITY UPDATE: NTLM connection reuse when unauthenticated - debian/patches/CVE-2015-3143.patch: require credentials to match in lib/url.c. - CVE-2015-3143 * SECURITY UPDATE: host name out of boundary memory access - debian/patches/CVE-2015-3144.patch: check for valid length in lib/url.c. - CVE-2015-3144 * SECURITY UPDATE: cookie parser out of boundary memory access - debian/patches/CVE-2015-3145.patch: properly handle a single double quote in lib/cookie.c. - CVE-2015-3145 * SECURITY UPDATE: negotiate not treated as connection-oriented - debian/patches/CVE-2015-3148.patch: close Negotiate connections when done in lib/http.c. - CVE-2015-3148 * SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c, tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c. - CVE-2015-3153 -- Marc Deslauriers Tue, 05 May 2015 14:17:51 -0400 curl (7.38.0-3ubuntu2) vivid; urgency=medium * SECURITY UPDATE: URL request injection - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529, tests/libtest/Makefile.inc, tests/libtest/lib1529.c. - CVE-2014-8150 -- Marc Deslauriers Wed, 14 Jan 2015 07:57:00 -0500 curl (7.38.0-3ubuntu1) vivid; urgency=medium * Merge from Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. * Dropped patches: - debian/patches/09_fix-timeout-in-poll-and-wait.patch: upstream - debian/patches/CVE-2014-3613.patch: upstream - debian/patches/CVE-2014-3620.patch: upstream -- Marc Deslauriers Mon, 10 Nov 2014 08:48:21 -0500 curl (7.38.0-3) unstable; urgency=high * Enable all hardening options (Closes: #763372) * Fix duphandle read out of bounds as per CVE-2014-3707 http://curl.haxx.se/docs/adv_20141105.html * Set urgency=high accordingly -- Alessandro Ghedini Thu, 06 Nov 2014 11:40:24 +0100 curl (7.38.0-2) unstable; urgency=medium * Check for libtoolize instead of libtool during build. Thanks to Helmut Grohne for the patch (Closes: #761740) * Add README.source note regarding ordering of patches (Closes: #762193) * Add 10_fix-resolver.patch from upstream (Closes: #762014) -- Alessandro Ghedini Tue, 23 Sep 2014 16:41:53 +0200 curl (7.38.0-1) unstable; urgency=medium * New upstream release - Only use full host matches for hosts used as IP address as per CVE-2014-3613 http://curl.haxx.se/docs/adv_20140910A.html - Reject incoming cookies set for TLDs as per CVE-2014-3620 http://curl.haxx.se/docs/adv_20140910B.html * Drop 08_link-curl-to-nss.patch (merged upstream) * Refresh patches * Fix wildcard-matches-nothing-in-dep5-copyright * Add 08_fix-spelling.patch -- Alessandro Ghedini Wed, 10 Sep 2014 20:11:02 +0200 curl (7.37.1-1ubuntu3) utopic; urgency=medium * debian/patches/09_fix-timeout-in-poll-and-wait.patch: apply upstream commit fixing timeout return value for curl_poll and curl_wait_ms. Thanks to Grzegorz Gutowski for finding the patch. (LP: #1375663) -- Brian Murray Thu, 02 Oct 2014 13:26:57 -0700 curl (7.37.1-1ubuntu2) utopic; urgency=medium * SECURITY UPDATE: incorrect cookie handling via partial literal IP addresses - debian/patches/CVE-2014-3613.patch: only use full host matches for hosts used as IP address in lib/cookie.c, added tests to tests/data/test1105, tests/data/test31, tests/data/test8. - CVE-2014-3613 * SECURITY UPDATE: incorrect cookie handling for TLDs - debian/patches/CVE-2014-3620.patch: reject incoming cookies set for TLDs in lib/cookie.c, added test to tests/data/test61. - CVE-2014-3620 -- Marc Deslauriers Thu, 11 Sep 2014 08:15:47 -0400 curl (7.37.1-1ubuntu1) utopic; urgency=low * Merge from Debian unstable (LP: #1348564). Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. -- Gianfranco Costamagna Fri, 25 Jul 2014 12:03:28 +0200 curl (7.37.1-1) unstable; urgency=medium * New upstream release * Re-enable RTMP support (Closes: #754222) * Add 08_link-curl-to-nss.patch to fix NSS build * Refresh patches * Install manpages of single libcurl options too -- Alessandro Ghedini Fri, 18 Jul 2014 10:18:03 +0200 curl (7.37.0-1) unstable; urgency=medium * New upstream release - Fix NULL pointer dereference in GnuTLS code (Closes: #746349) * Drop 08_fix-imap-tests.patch (merged upstream) * Refresh 01_runtests_gdb.patch * Remove Build-Depends on libgcrypt -- Alessandro Ghedini Wed, 21 May 2014 15:22:38 +0200 curl (7.36.0-2ubuntu1) utopic; urgency=low * Merge from Debian unstable. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. -- Michael Vogt Wed, 30 Apr 2014 13:34:14 +0200 curl (7.36.0-2) unstable; urgency=medium * Move Depends on -dev packages needed to use static libraries to Suggests * Switch to GnuTLS 3.x (Closes: #741568) * Disable RTMP support (librtmp-dev requires libgnutls-dev, which conflicts with libgnutls28-dev) -- Alessandro Ghedini Mon, 28 Apr 2014 19:37:14 +0200 curl (7.36.0-1) unstable; urgency=high * New upstream release (Closes: #742728) - Fix connection re-use when using different log-in credentials as per CVE-2014-0138 http://curl.haxx.se/docs/adv_20140326A.html - Reject IP address wildcard matches as per CVE-2014-0139 http://curl.haxx.se/docs/adv_20140326B.html - Set urgency=high accordingly * Add 08_fix-imap-tests.patch to fix tests broken by the fix for CVE-2014-0138 -- Alessandro Ghedini Sun, 30 Mar 2014 15:36:35 +0200 curl (7.35.0-1ubuntu2) trusty; urgency=medium * SECURITY UPDATE: wrong re-use of connections - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM HTTP logic, and extend new connection logic to other protocols in lib/http.c, lib/url.c, lib/urldata.h, add new tests to tests/data/Makefile.am, tests/data/test1418, tests/data/test1419. - CVE-2014-0138 * SECURITY UPDATE: incorrect wildcard SSL certificate validation with literal IP addresses - debian/patches/CVE-2014-0139.patch: fix wildcard logic in lib/hostcheck.c, added tests to tests/data/Makefile.am, tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c. - CVE-2014-0139 * debian/patches/fix_test172.path: fix expired cookie causing test to fail. -- Marc Deslauriers Tue, 01 Apr 2014 09:25:23 -0400 curl (7.35.0-1ubuntu1) trusty; urgency=medium * Resynchronize on Debian, remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. -- Marc Deslauriers Fri, 31 Jan 2014 08:42:28 -0500 curl (7.35.0-1) unstable; urgency=high * New upstream release - Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015 http://curl.haxx.se/docs/adv_20140129.html - Set urgency=high accordingly * Refresh patches -- Alessandro Ghedini Wed, 29 Jan 2014 11:16:57 +0100 curl (7.34.0-1ubuntu1) trusty; urgency=low * Resynchronize on Debian, remaining changes - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. * Dropped undocumented Build-Depends change to automake1.9. -- Marc Deslauriers Fri, 20 Dec 2013 09:13:22 -0500 curl (7.34.0-1) unstable; urgency=high * New upstream release - Fix GnuTLS checking of a certificate CN or SAN name field when the digital signature verification is turned off as per CVE-2013-6422 http://curl.haxx.se/docs/adv_20131217.html - Set urgency=high accordingly * Drop patches merged upstream: - 08_fix-typo.patch - 09_fix-urlglob.patch -- Alessandro Ghedini Tue, 17 Dec 2013 13:16:19 +0100 curl (7.33.0-2) unstable; urgency=low * Make -dev packages Multi-Arch: same too (Closes: #731309) * Bump Standards-Version to 3.9.5 (no changes needed) * Add 09_fix-urlglob.patch to fix URL globbing (Closes: #731855) -- Alessandro Ghedini Wed, 11 Dec 2013 18:44:37 +0100 curl (7.33.0-1ubuntu1) trusty; urgency=low * Resynchronize on Debian, remaining changes - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. -- Sebastien Bacher Wed, 06 Nov 2013 10:45:28 +0100 curl (7.33.0-1) unstable; urgency=low * New upstream release - Handle arbitrary-length username and password (Closes: #719856) * Remove Luk from Uploaders as per his request (Closes: #723603) * Do not Build-Depends on specific automake version (Closes: #724361) * Fix lintian vcs-field-not-canonical * Add 08_fix-typo.patch * Refresh patches -- Alessandro Ghedini Mon, 14 Oct 2013 22:11:14 +0200 curl (7.32.0-1ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. * Fixes freeipa-client join. (LP: #1220928) -- Ubuntu Merge-o-Matic Mon, 12 Aug 2013 15:39:32 +0000 curl (7.32.0-1) unstable; urgency=low * New upstream release * Fix typo in changelog entry for 7.31.0-1 (Closes: #714502) * Drop 08_typo.patch (merged upstream) * Drop 09_openssl-recv.patch (merged upstream) * Refresh 90_gnutls.patch and 99_nss.patch * Refresh 06_always-disable-valgrind.patch * Enable threaded DNS resolver (Closes: #570436) See NEWS.Debian for more info -- Alessandro Ghedini Mon, 12 Aug 2013 12:19:05 +0200 curl (7.31.0-2ubuntu1) saucy; urgency=low * Merge from Debian, Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. -- Oussama Bounaim Tue, 23 Jul 2013 18:42:00 +0100 curl (7.31.0-2) unstable; urgency=high * Add 09_openssl-recv.patch to fix incorrect OpenSSL usage (Closes: #714050) * Set urgency=high because of the security fix in the previous upload -- Alessandro Ghedini Wed, 26 Jun 2013 11:47:00 +0200 curl (7.31.0-1ubuntu1) saucy; urgency=low * Resynchronize on Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. -- Sebastien Bacher Mon, 24 Jun 2013 13:36:52 +0200 curl (7.31.0-1) unstable; urgency=low * New upstream release - Fix URL decode buffer boundary flaw as per CVE-2013-2174 http://curl.haxx.se/docs/adv_20130622.html * Make curl Multi-Arch: foreign (Closes: #712585) * Drop 08_reset-timecond.patch (merged upstream) * Refresh patches * Add 08_typo.patch to fix a couple of typos in one of the manpages -- Alessandro Ghedini Sat, 22 Jun 2013 15:46:53 +0200 curl (7.30.0-2) unstable; urgency=low * Move textual docs to the -doc package too * Move manpages from -dev packages to -doc as well - Add Breaks+Replaces accordingly * Remove outdated Replaces/Conflicts * Update watch file version to 3 * Add 08_reset-timecond.patch (Closes: #705783) -- Alessandro Ghedini Fri, 10 May 2013 17:46:46 +0200 curl (7.30.0-1ubuntu1) saucy; urgency=low * Resynchronize on Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. * Add warning to debian/patches/series. -- Sebastien Bacher Tue, 07 May 2013 12:16:37 +0200 curl (7.30.0-1) unstable; urgency=low * New upstream release * Update upstream copyright years * Drop patches merged upstream: - 08_NULL-pointer-dereference-on-close.patch - 09_CVE-213-1944.patch - 10_test1218-another-cookie-tailmatch-test.patch * Update patches: - 03_keep_symbols_compat.patch - 90_gnutls.patch - 99_nss.patch * Add libcurl4-doc package: - Move *.pdf and *.html files to the libcurl4-doc package - Add Suggests for -doc package to -dev packages - Move examples to the -doc package * Add Build-Depends on python which is used by some tests -- Alessandro Ghedini Thu, 18 Apr 2013 12:55:09 +0200 curl (7.29.0-2.1) unstable; urgency=high * Non-maintainer upload. [ Alessandro Ghedini ] * Do not compress *.pdf files (Closes: #704093) [ Salvatore Bonaccorso ] * Add 09_CVE-213-1944.patch. Fix CVE-2013-1944: fix tailmatching to prevent cross-domain leakage. Cookies set for 'example.com' could accidentaly also be sent by libcurl to the 'bexample.com' (ie with a prefix to the first domain name). (Closes: #705274) * Add testcase for CVE-2013-1944. -- Salvatore Bonaccorso Fri, 12 Apr 2013 13:55:34 +0200 curl (7.29.0-2) unstable; urgency=low * Fix a segfault when closing an unused multi handle (Closes: #701713) * Mention LDAPS in packages' long descriptions * Clean-up d/rules - Switch to short-form dh - Enable test suite on hurd and kfreebsd too - Enable GSSAPI support on hurd too -- Alessandro Ghedini Mon, 11 Mar 2013 19:02:56 +0100 curl (7.29.0-1ubuntu3) raring; urgency=low * SECURITY UPDATE: Incorrect cookie domain handling in tailmatch() - debian/patches/09_curl-tailmatch.patch: enforce strict subdomain match when sending cookies. Patch from YAMADA Yasuharu. - http://curl.haxx.se/curl-tailmatch.patch - CVE-2013-1944 -- Seth Arnold Wed, 10 Apr 2013 15:16:17 -0700 curl (7.29.0-1ubuntu2) raring; urgency=low * debian/patches/08_lp1124508.patch: Backport fix for upstream bug 1194, segfault in curl_multi_cleanup() when multi->closure_handle is NULL. (LP: #1124508) -- Barry Warsaw Wed, 03 Apr 2013 17:26:06 -0400 curl (7.29.0-1ubuntu1) raring; urgency=low * Resynchronise with Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. * Add warning to debian/patches/series. -- Marc Deslauriers Tue, 12 Feb 2013 08:54:32 -0500 curl (7.29.0-1) unstable; urgency=high * New upstream release - Fix buffer overflow when negotiating SASL DIGEST-MD5 authentication as per CVE-2013-0249 (Closes: #700002) http://curl.haxx.se/docs/adv_20130206.html - Set urgency=high accordingly * Install all the examples * Update 90_gnutls.patch and 99_nss.patch * Refresh patches * Correctly pass CPPFLAGS to ./configure * Upload to unstable -- Alessandro Ghedini Mon, 11 Feb 2013 14:48:03 +0100 curl (7.28.1-1) experimental; urgency=low * New upstream release * Drop 05_fix-git-over-https.patch and 08_fix-git-auth.patch (merged upstream) * Update 07_do-not-disable-debug-symbols.patch * Refresh patches * Add NEWS entry about change in CURLOPT_SSL_VERIFYHOST semantics -- Alessandro Ghedini Mon, 26 Nov 2012 17:51:27 +0100 curl (7.28.0-3ubuntu1) raring; urgency=low * Resynchronise with Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. -- Colin Watson Wed, 28 Nov 2012 17:56:05 +0000 curl (7.28.0-3) unstable; urgency=low * Add 07_do-not-disable-debug-symbols.patch, do not pass --enable-debug anymore (Closes: #693110) * Update 05_fix-git-over-https.patch to reflect new upstream patch * Add 08_fix-git-auth.patch to fix HTTPS authentication (Closes: #690764) -- Alessandro Ghedini Sat, 17 Nov 2012 14:07:21 +0100 curl (7.28.0-2ubuntu2) raring; urgency=low * Turn debian/libcurl3-udeb.install and debian/libcurl3-udeb.links back into symlinks. -- Colin Watson Wed, 31 Oct 2012 10:55:24 +0000 curl (7.28.0-2ubuntu1) raring; urgency=low * Resynchronise with Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. -- Colin Watson Wed, 31 Oct 2012 06:51:15 +0000 curl (7.28.0-2) unstable; urgency=low * Add 05_fix-git-over-https.patch (Closes: #690551) * Add 06_always-disable-valgrind.patch (Closes: #690968) -- Alessandro Ghedini Mon, 22 Oct 2012 14:35:02 +0200 curl (7.28.0-1) unstable; urgency=low * New upstream release - gnutls: do not fail on non-fatal handshake errors (Closes: #685402) * Remove versioned build depends on libssh2 (already in stable) * Bump Standards-Version to 3.9.4 (no changes needed) * Refresh 01_runtests_gdb.patch * Update *.symbols files * Build depend on ca-certifcates to avoid test failure -- Alessandro Ghedini Thu, 11 Oct 2012 19:11:09 +0200 curl (7.27.0-1ubuntu1) quantal; urgency=low * Resynchronise with Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. -- Colin Watson Mon, 20 Aug 2012 13:54:01 +0100 curl (7.27.0-1) unstable; urgency=low * New upstream release * Update upstream copyright * Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch -- Alessandro Ghedini Wed, 08 Aug 2012 17:22:00 +0200 curl (7.26.0-1ubuntu1) quantal; urgency=low * Resynchronise with Debian. Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from binary package Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. * Adjust udeb configure flags handling to something easier to merge in future. -- Colin Watson Mon, 28 May 2012 12:21:13 +0100 curl (7.26.0-1) unstable; urgency=low * New upstream release - Reject numerical IPv6 addresses outside brackets (Closes: #670126) * Email change: Alessandro Ghedini -> ghedo@debian.org * Stricter Depends on libcurl3 (Closes: #666089) * Remove Ramakrishnan (as per his request), move myself to Maintainer Thank you for all your work so far * Disable memory tracking, but keep debug enabled - Remove memdebug symbols (used by curl only) * Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch * Disable not-quite-working symbols hiding -- Alessandro Ghedini Fri, 25 May 2012 15:19:51 +0200 curl (7.25.0-1ubuntu2) quantal; urgency=low * Drop libssh2-1-dev Depends (not in main) from libcurl4-gnutls-dev and libcurl4-nss-dev too. -- Colin Watson Tue, 22 May 2012 22:58:51 +0100 curl (7.25.0-1ubuntu1) quantal; urgency=low * Merge from Debian testing (LP: #1003049). Remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from libcurl4-openssl-dev's Depends. - Add new libcurl3-udeb package. - Add new curl-udeb package. - Also closes (LP: #855291) * debian/patches/CVE-2012-0036.patch: Dropped. CVE resolved upstream. -- Andres Rodriguez Tue, 22 May 2012 14:53:29 -0400 curl (7.25.0-1) unstable; urgency=low * New upstream release - Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (Closes: #658276) - Allow negative numbers as option value (Closes: #659591) * Add libssh2-1-dev to libcurl4-gnutls-dev and libcurl4-nss-dev Depends * Bump debhelper compat level to 9 - Make *.links files executable to simplify rules file * Pass --as-needed ld flag to avoid unneeded dependencies - Add workaround_as_needed_bug to workaround a libtool bug - Drop dont_link_to_krb5 (not needed because of --as-needed) * Do some clean-up in debian/rules * Update debian/copyright format as in Debian Policy 3.9.3 * Bump Standards-Version to 3.9.3 * Explicit Conflicts in -dev packages (fixes binaries-have-file-conflict) * Add openssh-server to build depends to enable some more tests * Update upstream copyright years * Refresh patches -- Alessandro Ghedini Fri, 23 Mar 2012 16:24:51 +0100 curl (7.24.0-1) unstable; urgency=high * New upstream release - Improve documentation for the --capath option (Closes: #628697) - Fix URL sanitization vulnerability as per CVE-2012-0036 http://curl.haxx.se/docs/adv_20120124.html - Fix SSL CBC IV vulnerability as per CVE-2011-3389 http://curl.haxx.se/docs/adv_20120124B.html - Set urgency=high accordingly * Remove curl_links_with_rt patch (curl links to librt anyway) * Improve descriptions of -dev and -dbg packages * Drop fix_manpage_spelling and versioned patches (merged upstream) * Refresh patches * Add keep_symbols_compat patch to not break backwards ABI compatibility * Enable libssh2 support for GnuTLS and NSS flavours too (libssh2 now uses libgcrypt instead of libssl) -- Alessandro Ghedini Tue, 24 Jan 2012 12:04:04 +0100 curl (7.23.1-3) unstable; urgency=low * Enable security hardening flags * Remove libdb-dev from B-D (not used) * Improve short and long descriptions * Provide proper *.symbols files (Closes: #651619) * Do not version Curl_* symbols (for internal use only) * Do not override dh_makeshlibs version anymore -- Alessandro Ghedini Tue, 13 Dec 2011 19:55:31 +0100 curl (7.23.1-2) unstable; urgency=low * Bump shlibs version for libcurl3-nss (Closes: #650498) -- Alessandro Ghedini Thu, 01 Dec 2011 22:32:19 +0100 curl (7.23.1-1) unstable; urgency=low * New upstream release - Do not use gnutls_priority_set_direct and gnutls_certificate_type_set_priority anymore (Closes: #624024) * Refresh patches * Add --enable-debug flag to configure (Closes: #648902) * One Provides/Replaces per line * libcurl4-openssl-dev Provides libcurl4-dev too (Closes: #644126) * Specify only 3 components for Standards-Version (the fourth is not really needed) * Move ca-certificates to Recommends in lib* packages (Closes: #546607) * Add NSS flavour to versioned symbols -- Alessandro Ghedini Sun, 27 Nov 2011 18:45:01 +0100 curl (7.22.0-3ubuntu4) precise; urgency=low * debian/control: Add missing Depends on libcrypto1.0.0-udeb. -- Andres Rodriguez Thu, 22 Mar 2012 18:40:30 -0400 curl (7.22.0-3ubuntu3) precise; urgency=low [ Andres Rodriguez ] * Add curl-udeb package (LP: #940425) [ Dave Walker (Daviey) ] * debian/rules: Remove --add-udeb= for libcurl3, and appended to debian/shlibs.local at build time, which this package seems to be using for undocumented reasoning. -- Dave Walker (Daviey) Fri, 09 Mar 2012 23:45:09 +0000 curl (7.22.0-3ubuntu2) precise; urgency=low * SECURITY UPDATE: URL sanitization vulnerability - debian/patches/CVE-2012-0036.patch: reject URLs with embedded control codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}. - CVE-2012-0036 -- Marc Deslauriers Tue, 24 Jan 2012 08:26:50 -0500 curl (7.22.0-3ubuntu1) precise; urgency=low * Merge from Debian unstable, remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel4 and libssh2-1-dev. + Drop libssh2-1-dev from libcurl4-openssl-dev's Depends. - Add new libcurl3-udeb package. -- Timo Aaltonen Fri, 25 Nov 2011 17:30:45 +0200 curl (7.22.0-3) unstable; urgency=low [ Ramakrishnan Muthukrishnan ] * Add new Uploaders, Ian and Alessandro. (Closes: #647255) [ Luk Claes ] * Install lintian overrides with dh_lintian. * Install all files with dh_install and get rid of dh_installdirs. [ Alessandro Ghedini ] * New upstream release. * Bump debhelper compat level to 8. * debian/control: - One (Build-)Depends per line. - Sort (Build-)Depends. - Remove Build-Depends on binutils (v2.18 is already in oldstable and it is Build-Essential: yes). - Build depends on stunnel4 instead of stunnel (stunnel is just a dummy package). - Remove duplicate Section field in package curl. - Add Luk to Uploaders too, sort names. * debian/patches: - Update runtests_gdb patch, add DEP3 headers. - Update gnutls and nss patches, add DEP3 headers. - Refresh other patches. - Add DEP3 headers to all the patches. - Remove libtool patch (not applied anyway) - Set Forwarded: not-needed for Debian specific patches * Replace dh_clean -k call with dh_prep (dh_clean -k is deprecated since debhelper 7). * Add fix_manpage_spelling patch * debian/copyright: - Switch to DEP5 format - Update copyright information * Add librtmp-dev to libcurl4-nss-dev too -- Alessandro Ghedini Sun, 13 Nov 2011 21:07:32 +0100 curl (7.21.7-3ubuntu1) precise; urgency=low * Merge from Debian testing, remaining changes: - Drop dependencies not in main: + Build-Depends: Drop stunnel and libssh2-1-dev. + Drop libssh2-1-dev from libcurl4-openssl-dev's Depends. - Add new libcurl3-udeb package, stripped down for use during installation (LP: #831496). * Dropped changes: - debian/patches/timeout_bug_736216: applied upstream. -- James Page Thu, 20 Oct 2011 09:28:24 +0100 curl (7.21.7-3) unstable; urgency=low * debian/rules: Build only curl and libcurl3 with rtmp support. Rest of the packages do not need to be built with rtmp support. (closes: #641173) -- Ramakrishnan Muthukrishnan Sun, 11 Sep 2011 22:08:08 +0200 curl (7.21.7-2) unstable; urgency=low * debian/control: libcurl*-dev packages should depend on librtmp-dev. (closes: #640260) * debian/rules: add build-arch and build-indep targets. -- Ramakrishnan Muthukrishnan Mon, 05 Sep 2011 16:12:42 +0200 curl (7.21.7-1) unstable; urgency=low * New Upstream release which fixes the following bugs. - libcurl3-gnutls: HTTPS over HTTP still broken in Git (closes: #627335) - git-core: gnutls_handshake() fail when using https:// over a proxy (closes: #559371) * debian/control: capitalize 'ftp'. (closes: #587338) * debian/rules: add build-arch and build-indep targets. -- Ramakrishnan Muthukrishnan Sat, 30 Jul 2011 17:57:08 +0530 curl (7.21.6-3ubuntu3) oneiric; urgency=low [ James Page, Colin Watson ] * Add new libcurl3-udeb package, stripped down for use during installation (LP: #831496). -- James Page Wed, 14 Sep 2011 17:31:37 +0100 curl (7.21.6-3ubuntu2) oneiric; urgency=low * debian/patches/timeout_bug_736216: cherry pick upstream git revision d4e000906ac4ef243258a5c9a819a7cde247d16a to fix handshake timeout bug (LP: #736216). Thanks to Sidnei da Silva and Michael Vogt -- Jamie Strandboge Wed, 13 Jul 2011 12:08:54 -0500 curl (7.21.6-3ubuntu1) oneiric; urgency=low * Restore Ubuntu changes accidentally dropped in previous sync: - Drop dependencies not in main: + Build-Depends: Replace libssh2-1-dev with openssh-server. Drop stunnel since it's in universe, as well. + Drop libssh2-1-dev from libcurl4-openssl-dev's Depends. -- Steve Langasek Thu, 30 Jun 2011 23:40:23 +0000 curl (7.21.6-3) unstable; urgency=low * Apply the Multiarch patch from Steve Langasek. (closes: #631946) -- Ramakrishnan Muthukrishnan Wed, 29 Jun 2011 08:26:56 +0530 curl (7.21.6-2) unstable; urgency=high * Fix for the inappropriate GSSAPI delegation vulnerability (CVE-2011-2192). (closes: #631615) -- Ramakrishnan Muthukrishnan Sat, 25 Jun 2011 23:37:04 +0530 curl (7.21.6-1) unstable; urgency=low * New upstream release to fix a HTTPS over a HTTP proxy bug on 7.21.5. -- Ramakrishnan Muthukrishnan Sat, 23 Apr 2011 07:12:57 +0530 curl (7.21.5-1) unstable; urgency=low * New Upstream version. (closes: #623459) * debian/patches/{sslv2_disable, error_code}: removed as these patches were backported earlier from new upstream and this release incorporates them. -- Ramakrishnan Muthukrishnan Fri, 22 Apr 2011 13:14:41 +0530 curl (7.21.4-2) unstable; urgency=low * debian/patches/{sslv2-disable, series}: Apply the upstream commit c66b0b32fba175d5f096c944d8ec8f9f06299f4a. (closes: #622016) * debian/{rules, control}: enable rtmp. (closes: #622328) * debian/control: removing hurd from dependencies. Hurd is an 'essential' package. -- Ramakrishnan Muthukrishnan Wed, 13 Apr 2011 16:15:27 -0700 curl (7.21.4-1) unstable; urgency=low * New upstream release. * debian/control: downgraded the version number of libdb-dev required to 4.6 from 4.7, based on the inputs from Erik Schanze . -- Ramakrishnan Muthukrishnan Mon, 28 Feb 2011 19:35:36 +0530 curl (7.21.3-1) unstable; urgency=low * New upstream release. * debian/*.manpages: adding all manpages for the curl library. (closes: #605651) * gnutls->handshake: improved timeout handling. See #594150 for details. -- Ramakrishnan Muthukrishnan Wed, 15 Dec 2010 23:39:26 +0530 curl (7.21.2-4) unstable; urgency=low * support for curl library built against nss. (closes: #606244) * honour DEB_BUILD_OPTIONS=nocheck option. (closes: #606059) -- Ramakrishnan Muthukrishnan Thu, 09 Dec 2010 20:11:37 +0530 curl (7.21.2-3) unstable; urgency=low * debian/rules: reverting changes related to c-ares inclusion. * debian/control: removing libc-ares-dev for now. (closes: #605558) -- Ramakrishnan Muthukrishnan Thu, 02 Dec 2010 10:56:36 +0530 curl (7.21.2-2) unstable; urgency=low * debian/control: add libc-ares-dev as build dependency. * debian/rules: invoke configure with --enable-ares. (closes: #570436) * debian/copyright: add copyright notice of `lib/security.c' to the copyright file. (closes: #603712) -- Ramakrishnan Muthukrishnan Tue, 30 Nov 2010 17:35:29 +0530 curl (7.21.2-1) unstable; urgency=low * New upstream release. -- Ramakrishnan Muthukrishnan Mon, 18 Oct 2010 11:13:17 +0530 curl (7.21.1-1) unstable; urgency=low * New upstream release. -- Ramakrishnan Muthukrishnan Thu, 12 Aug 2010 08:20:48 +0530 curl (7.21.0-1) unstable; urgency=low * New upstream. -- Ramakrishnan Muthukrishnan Wed, 16 Jun 2010 19:25:37 +0530 curl (7.20.1-2) unstable; urgency=low * debian/rules: Removed the custom LDFLAGS variable. This is not required as we are no longer using the libtool patch. (closes: #578774) -- Ramakrishnan Muthukrishnan Wed, 28 Apr 2010 18:40:27 +0530 curl (7.20.1-1) unstable; urgency=low * New upstream release. * debian/patches/missing-double-quote: No longer needed as it has been fixed by the upstream. * debian/patches/no_com_err: Reworked the patches for the new release. * debian/patches/versioned: fix for build failure of 'make test'. (closes: #576237) * debian/rules: removed --enable-ldaps option from the configure as LDAP SSL (Novell extensions to openldap) is not available as Debian packages. * lib/http.c: chunked-encoding with Content-Length header problem has been fixed in the upstream. (closes: #572276) -- Ramakrishnan Muthukrishnan Mon, 19 Apr 2010 09:21:35 +0530 curl (7.20.0-3) unstable; urgency=low * debian/control: Vcs* tags added. * docs/libcurl/libcurl.m4: added the missing double quote (closes: #576518). -- Ramakrishnan Muthukrishnan Mon, 05 Apr 2010 18:56:40 +0530 curl (7.20.0-2) unstable; urgency=low * New Maintainer (closes: #574137). * Bug #533669 (curl segmentation fault in addbyter()) is fixed from release 7.19.7 onwards (closes: #533669). * Bug #510559 (curl sends whitespace unencoded in the url) can't be reproduced in the 7.20.0 release (closes: #510559). -- Ramakrishnan Muthukrishnan Thu, 18 Mar 2010 08:55:19 +0530 curl (7.20.0-1) unstable; urgency=low * Package is orphaned. * New upstream release. * Switch to dpkg-source 3.0 (quilt) format (closes: #538547). * Fixed build error with binutils-gold (closes: #554296). -- Domenico Andreoli Tue, 09 Feb 2010 13:06:39 +0100 curl (7.19.7-1) unstable; urgency=low * New upstream release: - curl_getdate(3) now correctly manages single letter military timezones as specified in RFC 822 (closes: #551461). * build depends on generic libdb-dev (closes: #548476). * build depends on libssh2-1-dev (>= 1.2) to enable new curl options. -- Domenico Andreoli Thu, 05 Nov 2009 10:11:57 +0100 curl (7.19.5-1) unstable; urgency=low * New upstream release * Fix "libcurl3-gnutls has memory corruption" by upgrading to new upstream release, which fixes this bug (Closes: #530131) * update standards version to 3.8.1 * adjust overrides from libdevel to debug for -dbg package * adjust doc-base section -- Andreas Schuldei Sun, 24 May 2009 21:12:19 +0200 curl (7.19.4-1) unstable; urgency=low * New upstream release * Fix "newer bdb version" (Closes: #517277) * resolve libtool version confusion, thanks to Stefanos Harhalakis * add new dependency on libgcrypt11-dev due to newly arising binary symbols -- Andreas Schuldei Thu, 02 Apr 2009 23:35:45 +0200 curl (7.18.2-8lenny1) stable-security; urgency=high * Applied upstream patch to fix arbitrary file access (CVE-2009-0037). -- Domenico Andreoli Tue, 03 Mar 2009 10:29:03 +0100 curl (7.18.2-8) unstable; urgency=low * Fix "Please add support for ldap/ldaps protocols" by changing the linker option for liblber (Closes: #506096) -- Andreas Schuldei Fri, 26 Dec 2008 23:48:19 +0100 curl (7.18.2-7) unstable; urgency=low * disable c-ares support again, no fix yet, just get stuff working again. -- Andreas Schuldei Tue, 15 Jul 2008 01:17:29 +0200 curl (7.18.2-6) unstable; urgency=low * enable c-ares support, with ipv6 support -- Andreas Schuldei Fri, 11 Jul 2008 02:05:16 +0200 curl (7.18.2-5) unstable; urgency=low * /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns "-Wl, -z, defs" (Closes: #488701), closing same bug again for curl-config --libs command -- Andreas Schuldei Wed, 02 Jul 2008 11:24:40 +0200 curl (7.18.2-4) unstable; urgency=medium * /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns "-Wl, -z, defs" (Closes: #488701) -- Andreas Schuldei Mon, 30 Jun 2008 23:59:55 +0200 curl (7.18.2-3) unstable; urgency=low * removing c-ares from the dependencies -- Andreas Schuldei Sat, 28 Jun 2008 03:34:50 +0200 curl (7.18.2-2) unstable; urgency=medium * blanking the "dependency_libs" line in lib*.la file to keep all the listed libs from being linked to other libs linking to curl. * fixing miss-linking problem by specifying liblber as a configure argument * disabling c-ares again for stability reasons * correcting libgssapi linking in configure.ac (patch no_com_err) -- Andreas Schuldei Fri, 27 Jun 2008 03:40:18 +0200 curl (7.18.2-1e1) experimental; urgency=low * testing c-ares-ipv6 integration patch -- Andreas Schuldei Mon, 23 Jun 2008 08:48:31 +0200 curl (7.18.2-1) unstable; urgency=low * New upstream release: - removed patches/ftp-response, it is already in the upstream release - fixed issues with kerberos ftp (closes: #478864). * Disable c-ares support, it is still not ready for Debian's wide user base (closes: #478864, #481189). * Standards-Version bumped to 3.8.0: - added support for parallel builds to debian/rules * Removal of $QUILT_PC's override makes this package ready for new source format 3.0 (quilt) (closes: #485023). * Configure build with --with-ca-path but only for OpenSSL flavour, GnuTLS supports only --with-ca-bundle (closes: #482814, #483999). Both libcurl3 and libcurl3-gnutls now depend on ca-certificates. -- Domenico Andreoli Mon, 09 Jun 2008 14:09:42 +0200 curl (7.18.1-1) unstable; urgency=low * New upstream release. * Fixed crossbuilding bug (closes: #465089). * Improved error reporting in case of failing FTP (closes: #474224). * Enable c-ares support (closes: #352694). * libcurl3-dbg now depends on either libcurl3 or libcurl3-gnutls (closes: #463173). -- Domenico Andreoli Thu, 17 Apr 2008 10:22:28 +0200 curl (7.18.0-1) unstable; urgency=low * New upstream release. * Use Homepage field in debian/control. -- Domenico Andreoli Tue, 29 Jan 2008 02:16:25 +0100 curl (7.17.1-1) unstable; urgency=low * New upstream release: - fixed bad use of "its" in curl.1 (closes: #443734) - fixed curl_easy_escape() with input bytes that are >= 0x80 (closes: #445214) -- Domenico Andreoli Wed, 31 Oct 2007 01:12:54 +0100 curl (7.17.0-1) unstable; urgency=low * New upstream release. * Updated to use libssh2-1-dev (closes: #441979, #442198). * Do not run the test suite on hurd (closes: #433834). * Enabled support for LDAPS protocol. -- Domenico Andreoli Fri, 14 Sep 2007 00:24:21 +0200 curl (7.16.4-5) unstable; urgency=low * libcurl4-openssl-dev now depends on libssh2-0-dev. closes: #439317, #439326. -- Domenico Andreoli Fri, 24 Aug 2007 18:13:17 +0200 curl (7.16.4-4) unstable; urgency=low * Build libcurl/GnuTLS without libssh2 because of the usual OpenSSL vs. GPL software lincense conflict (closes: #439176). -- Domenico Andreoli Thu, 23 Aug 2007 23:47:35 +0200 curl (7.16.4-3) unstable; urgency=low * Added support for scp and SFTP protocols. -- Domenico Andreoli Wed, 22 Aug 2007 00:48:32 +0200 curl (7.16.4-2) unstable; urgency=low * Fixed regression with FTP sites not requesting PASS (closes: #435771). -- Domenico Andreoli Sat, 04 Aug 2007 02:04:40 +0200 curl (7.16.4-1) unstable; urgency=low * New upstream release (closes: #432514). * Welcome Andreas to the curl packagers! * Build-Depends is now more backporting friendly. -- Domenico Andreoli Wed, 18 Jul 2007 16:44:30 +0200 curl (7.16.2-6) unstable; urgency=low * Added missing libcurl3 symlinks (closes: #429945) Patch courtesy of Bryan Donlan. -- Domenico Andreoli Sat, 23 Jun 2007 00:39:20 +0200 curl (7.16.2-5) unstable; urgency=low [ Steve Langasek ] * Re-introduce curl3 symbol versions and rename the packages back to libcurl3*, restoring ABI compatibility with the etch version of the package. [ Domenico Andreoli ] * Package libcurl4-gnutls-dev now suggests libcurl3-dbg. * libcurl3-dbg replaces/conflict/provide libcurl4-dbg. * Properly use ${binary:Version} in control file. -- Domenico Andreoli Wed, 20 Jun 2007 17:52:38 +0200 curl (7.16.2-4) unstable; urgency=low * Fixed configure.ac in case of build with GNUTLS (closes: #425013). * Fixed double-free bug (closes: #424894). Patch courtesy of Daniel Stenberg. -- Domenico Andreoli Sun, 20 May 2007 01:15:01 +0200 curl (7.16.2-3) unstable; urgency=low * Updated to db4.5 (closes: #421933). * Got rid of unused libcomerr2 dependency (closes: #392294). -- Domenico Andreoli Tue, 08 May 2007 08:46:21 +0200 curl (7.16.2-2) experimental; urgency=low * Improved package descriptions (closes: #410472). * Updated package Provides to ease the soname transition. -- Domenico Andreoli Fri, 27 Apr 2007 15:37:44 +0200 curl (7.16.2-1) experimental; urgency=low * New upstream release. * libcurl4-openssl-dev now depends on libcurl4-openssl (closes: #419774). * Bumped shlibs version to 7.16.2-1. * Patches are now managed with quilt. -- Domenico Andreoli Wed, 18 Apr 2007 09:29:48 +0200 curl (7.16.1-1) experimental; urgency=low * New upstream release. * Bumped shlibs version to 7.16.1-1. * Added HIDDEN section to version script to handle any __*, _rest or _save* local symbol. * Gopher protocol is not supported since 7.15.2. Removed any reference in package description (closes: #408704). * Moved libcurl/openssl to the new package libcurl4-openssl, now libcurl4 contains a version with no SSL or GSSAPI support (any future cryptographic stuff will be kept out of there). * Package libcurl4-dev now contains the matching headers for libcurl4 (so crypto stuff). -- Domenico Andreoli Thu, 1 Feb 2007 12:49:32 +0100 curl (7.16.0-1) experimental; urgency=low * New upstream release. * Bumped shlibs version to 7.16.0-1. * libcurl4 and libcurl4-gnutls now only recommend ca-certificates (closes: #404103). * pkg-config .pc file now uses Libs.private (closes: #405226). -- Domenico Andreoli Fri, 26 Jan 2007 14:26:55 +0100 curl (7.15.5-1) unstable; urgency=low * New upstream release: - fixed nodes removal from the splay tree (closes: #375076). * Make package build also if $TAPE is set (closes: #377470). * Bumped shlibs version to 7.15.5-1. -- Domenico Andreoli Mon, 7 Aug 2006 10:26:13 +0200 curl (7.15.4-1ubuntu1) edgy; urgency=low * Synchronize to Debian. Only change left: Removal of stunnel and libdb4.2-dev build dependencies. -- Martin Pitt Thu, 29 Jun 2006 15:04:24 +0200 curl (7.15.4-1) unstable; urgency=low * New upstream release. * Bumped shlibs version to 7.15.4-1. -- Domenico Andreoli Wed, 14 Jun 2006 14:41:16 +0200 curl (7.15.3-2) unstable; urgency=low * Fixed bug in configure.ac that makes FTBFS (closes: #367954). -- Domenico Andreoli Wed, 31 May 2006 15:18:26 +0200 curl (7.15.3-1) unstable; urgency=high * New upstream release: - fixed TFTP packet buffer overflow vulnerability [lib/tftp.c, CVE-2006-1061]. - improved curl_getenv.3 manpage grammar (closes: #357388). -- Domenico Andreoli Mon, 20 Mar 2006 11:46:25 +0100 curl (7.15.2-3) unstable; urgency=low * Applied upstream patch to fix multi interface and multi-part formposts (closes: #355715). * Build back with -O2, gcc 4.0.2-10 fixed the previously trigged bug. -- Domenico Andreoli Wed, 8 Mar 2006 15:29:15 +0100 curl (7.15.2-2) unstable; urgency=low * Added missing autotools invocation. Re-added versioned symbols (closes: #355241). * Bumped shlibs version to 7.15.2-2. * Build with -O3 to work around sospicious segfaults on tests 253 and 255. -- Domenico Andreoli Sat, 4 Mar 2006 22:47:23 +0100 curl (7.15.2-1) unstable; urgency=low * New upstream release. * Bumped shlibs version to 7.15.2-1. * Adopted debhelper's compatibility level 5. -- Domenico Andreoli Wed, 1 Mar 2006 16:12:51 +0100 curl (7.15.1-1ubuntu2) dapper; urgency=low * SECURITY UPDATE: Arbitrary remote code execution with long tftp:// URLs. * lib/tftp.c: Fix unbounded sprintf() to avoid buffer overflow. Thanks to Ulf Harnhammar for discovering this. * CVE-2006-1061 -- Martin Pitt Thu, 16 Mar 2006 11:30:25 +0100 curl (7.15.1-1ubuntu1) dapper; urgency=low * Resynchronise with Debian to get URL parser overflow fix from 7.15.1 (CVE-2005-4077). -- Martin Pitt Mon, 12 Dec 2005 15:04:52 +0100 curl (7.15.1-1) unstable; urgency=low * New upstream release: - fixed buffer overflow in URL parser function (closes: #342339). -- Domenico Andreoli Wed, 7 Dec 2005 11:11:38 +0100 curl (7.15.0-5.1) unstable; urgency=high * Non-maintainer upload. * Urgency high for RC bug fix. * Let libcurl3-*-dev depend on libkrb5-dev (closes: #340784, #340916). -- Luk Claes Sun, 4 Dec 2005 11:59:20 +0100 curl (7.15.0-5) unstable; urgency=low * libcurl3-gnutls-dev and libcurl3-openssl-dev now only recommend libkrb5-dev (closes: #334888). * Applied upstream patch to fix error message in case FTP-path does not exist (closes: #338680). * Applied upstream patch to fix parsing of --limit-rate command line option (closes: #338681). -- Domenico Andreoli Fri, 25 Nov 2005 10:30:25 +0100 curl (7.15.0-4ubuntu1) dapper; urgency=low * Resynchronise with Debian (only change left: Removal of stunnel build dependency). * Remove libdb4.2-dev build dependency. -- Martin Pitt Thu, 10 Nov 2005 17:44:35 -0500 curl (7.15.0-4) unstable; urgency=low * Fixed output of curl-config --vernum (closes: #335296). * libcurl3-openssl-dev now replaces libcurl3-dev older than 7.14.1-1 (closes: #335277). -- Domenico Andreoli Tue, 25 Oct 2005 11:48:53 +0200 curl (7.15.0-3) unstable; urgency=low * libcurl3 and libcurl3-gnutls now suggest libldap2 (closes: #294407). * Re-introduced libcurl3-dev package for transition reasons. -- Domenico Andreoli Wed, 19 Oct 2005 12:45:43 +0200 curl (7.15.0-2) unstable; urgency=low * Fixed depends of libcurl3-*-dev packages (closes: #334021, #333609, #334048). * Bumped shlibs version to 7.15.0-1 (closes: #334053). -- Domenico Andreoli Sun, 16 Oct 2005 15:34:40 +0200 curl (7.15.0-1) unstable; urgency=low * New upstream release: - fixed user+domain name buffer overflow in the NTLM code (CAN-2005-3185, closes: #333734). - libcurl3-*-dev packages now depend on libkrb5-dev (closes: #333609). - improved docs about curl_easy_setopt() and ERRORBUFFER (closes: #329313). -- Domenico Andreoli Fri, 14 Oct 2005 13:32:06 +0200 curl (7.14.1-5) unstable; urgency=low * Added build dependency on libtool (closes: #332729, #333174). -- Domenico Andreoli Tue, 11 Oct 2005 10:05:36 +0200 curl (7.14.1-4) unstable; urgency=low * Fixed SEE ALSO section in curl_excape.3 (closes: #331505). * Fixed configure.ac when --host=i586-mingw32msvc is given (closes: #329444). * Added missing example files (closes: #331722). * Updated build dependency for OpenSSL 0.9.8 transition. -- Domenico Andreoli Mon, 10 Oct 2005 12:43:25 +0200 curl (7.14.1-3) experimental; urgency=low * Fixed soname of libcurl-gnutls.so* variant. * Fixed broken sentence (closes: #329305). * Fixed reference to TheArtOfHttpScripting.gz (closes: #329299). * Added clarification about WRITEFUNCTION and WRITEDATA (closes: #329311). -- Domenico Andreoli Wed, 28 Sep 2005 17:13:51 +0200 curl (7.14.1-2) experimental; urgency=low * Started using the system-wide CA certificate file (closes: #308514). * Fixed apostrophe typos in the curl man page (closes: #326511). * Only curl_* symbols are now globally visible outside of libcurl. -- Domenico Andreoli Sat, 17 Sep 2005 23:52:28 +0200 curl (7.14.1-1) experimental; urgency=low * New upstream release. * libcurl3-gnutls has a modified soname and may be installed together with libcurl3 (closes: #318590). * Both libcurl3 and libcurl3-gnutls are built with versioned symbols and with support of GSSAPI authentication. * Renamed libcurl3-dev to libcurl3-openssl-dev. * Dropped package libcurl3-gssapi. -- Domenico Andreoli Thu, 15 Sep 2005 23:59:32 +0200 curl (7.14.0-5) unstable; urgency=low * Added libcurl3-gnutls and libcurl3-gnutls-dev packages (closes: #318590). * libcurl3-gssapi now has its own shlibs file. Packages built with this package installed will depend on it. -- Domenico Andreoli Thu, 18 Aug 2005 02:26:38 +0200 curl (7.14.0-4) unstable; urgency=low * OpenSSL is back (closes: #321294, #321391). -- Domenico Andreoli Fri, 5 Aug 2005 23:34:45 +0200 curl (7.14.0-3) unstable; urgency=low * Updated the use of dpkg-architecture (closes: #320046). * Added missing aclocal file libcurl.m4 to libcurl3-dev (closes: #315848). * Added (many) missing man pages (closes: #315850). * OpenSSL is replaced by GnuTLS in providing SSL support (closes: #318590). * Heimdal is replaced by MIT Kerberos in providing GSSAPI support. -- Domenico Andreoli Tue, 2 Aug 2005 22:34:01 +0200 curl (7.14.0-2ubuntu1) breezy; urgency=low * Synchronize with Debian. -- Matthias Klose Tue, 26 Jul 2005 19:03:01 +0200 curl (7.14.0-2) unstable; urgency=low * Rebuilt and uploaded to unstable. -- Domenico Andreoli Wed, 15 Jun 2005 11:41:32 +0200 curl (7.14.0-1) experimental; urgency=low * New upstream release. -- Domenico Andreoli Tue, 17 May 2005 10:42:35 +0200 curl (7.13.2-3) unstable; urgency=high * HTTP response headers with null bytes are now correctly managed (closes: #310948). -- Domenico Andreoli Fri, 3 Jun 2005 23:59:30 +0200 curl (7.13.2-2) unstable; urgency=low * Fixed conditional build of package libcurl3-gssapi (closes: #303939, #303953). -- Domenico Andreoli Mon, 11 Apr 2005 19:00:27 +0200 curl (7.13.2-1) unstable; urgency=low * New upstream release: - fixed curl man page typos (closes: #302820). -- Domenico Andreoli Tue, 5 Apr 2005 14:41:13 +0200 curl (7.13.1-3) unstable; urgency=low * Fixed hanging of some SSL connections (closes: #302366). -- Domenico Andreoli Thu, 31 Mar 2005 16:27:41 +0200 curl (7.13.1-2) unstable; urgency=low * Rebuilt to get the correct libidn11 dependency (closes: #299348). * Added some missing documentation files (closes: #298855). -- Domenico Andreoli Wed, 16 Mar 2005 14:30:03 +0100 curl (7.13.1-1) unstable; urgency=low * New upstream release. * Bumped up shlibs version for libcurl3 because of new curl options. -- Domenico Andreoli Fri, 4 Mar 2005 16:03:17 +0100 curl (7.13.0-2) unstable; urgency=high * Fixed NTLM Authentication buffer overflow (closes: #296678). Patch courtesy of Daniel Stenberg. This handles CAN-2005-0490. * Removed libcurl2* packages and all the scary stuff used to build them (closes: #274631). -- Domenico Andreoli Thu, 24 Feb 2005 10:07:22 +0100 curl (7.13.0-1) unstable; urgency=low * New upstream release. * libcurl3 now suggests package libldap2-dev to enable support for LDAP protocol. * Bumped up shlibs version for libcurl3 because of new curl options. -- Domenico Andreoli Sat, 5 Feb 2005 10:39:52 +0100 curl (7.12.3-2ubuntu3) hoary; urgency=low * Fix the version numbers internal to debian/rules. Closes; #8088 -- LaMont Jones Wed, 23 Mar 2005 18:41:29 -0700 curl (7.12.3-2) unstable; urgency=low * Disabled test suite on m68k, it stalls. -- Domenico Andreoli Thu, 30 Dec 2004 11:11:48 +0100 curl (7.12.3-1) unstable; urgency=low * New upstream release: - fixed debug tracing to network socket is stderr is closed (closes: #278691). * Applied patch to fix getpass license problems (closes: #286794). Patch courtesy of Daniel Stenberg. * Bumped up shlibs version for libcurl3 because of new curl options. -- Domenico Andreoli Mon, 27 Dec 2004 12:50:30 +0100 curl (7.12.2-2) unstable; urgency=low * libcurl3-dbg package is now built by dh_strip --dbg-package (closes: #274710). * Added build dependency on libdb4.2-dev. -- Domenico Andreoli Thu, 4 Nov 2004 11:36:17 +0100 curl (7.12.2-1) unstable; urgency=low * New upstream release. * Update diff to 7.11.2. * Add debian/watch file. * Add myself as a uploader. -- Matthias Klose Wed, 3 Nov 2004 00:55:52 +0100 curl (7.12.1-1) unstable; urgency=low * New upstream release: - workaround for ASN1_STRING_to_UTF8 failing if input is already UTF-8 encoded (closes: #264711). * Bumped up shlibs version for libcurl3 because of the introduction of FTP 3rd party transfer support options. -- Domenico Andreoli Tue, 10 Aug 2004 11:40:29 +0200 curl (7.12.0.rel-6) unstable; urgency=low * In rebuilding the 7.11.2 tree starting from the 7.12.0 one, lib/getdate.y is patched before lib/getdate.c (closes: #262597). -- Domenico Andreoli Sun, 1 Aug 2004 17:59:57 +0200 curl (7.12.0.rel-5) unstable; urgency=low * Tests are performed only if build target and building host are the same and are not kfreebsd-gnu or knetbsd-gnu (closes: #261591). * On hurd-i386 libcurl3-gssapi is not built. -- Domenico Andreoli Thu, 29 Jul 2004 15:17:51 +0200 curl (7.12.0.rel-4) unstable; urgency=low * Added build dependency on groff-base to really build the built-in manual. * libcurl3 now replaces old libcurl2 versions (closes: #255262). -- Domenico Andreoli Tue, 20 Jul 2004 11:40:09 +0200 curl (7.12.0.rel-3) unstable; urgency=low * Enabled curl's built-in manual. * configure script for 7.11.2 is now managed correctly. -- Domenico Andreoli Sun, 18 Jul 2004 22:25:00 +0200 curl (7.12.0.rel-2) unstable; urgency=low * libcurl2 uses curl-ca-bundle-7.11.2.crt (closes: #255262). Yes, it is a hack to not add libcurl-common package right now. -- Domenico Andreoli Sun, 18 Jul 2004 16:40:45 +0200 curl (7.12.0.rel-1) experimental; urgency=low * Version 7.12.0 is back with proper libcurl3* packages. * libcurl2* 7.11.2 packages are still provided (closes: #252879). * Enabled again the support for libidn. -- Domenico Andreoli Sun, 6 Jun 2004 23:09:33 +0200 curl (7.12.0.is.7.11.2-1) unstable; urgency=low * Reverted to version 7.11.2 (closes: #252348). * Disabled support for libidn (closes: #252367). This is to leave curl in unstable as much similar as possible to the one in testing. -- Domenico Andreoli Fri, 4 Jun 2004 19:09:25 +0200 curl (7.12.0-1) unstable; urgency=low * New upstream release: - fixed minor man page problem (closes: #232928) - improved --create-dirs description in curl man page (closes: #251351) * Enabled support for libidn. -- Domenico Andreoli Wed, 2 Jun 2004 18:06:05 +0200 curl (7.11.2-2) unstable; urgency=low * Fixed curl.1 man page (closes: #232928). Patch courtesy of Daniel Stenberg, the upstream developer. -- Domenico Andreoli Tue, 27 Apr 2004 19:47:09 +0200 curl (7.11.2-1) unstable; urgency=low * New upstream release. * Bumped up shlibs version because of the introduction of CURLOPT_TCP_NODELAY option. -- Domenico Andreoli Mon, 26 Apr 2004 14:14:20 +0200 curl (7.11.1-2) unstable; urgency=low * Added GSSAPI support to package libcurl2-gssapi (closes: #241553). -- Domenico Andreoli Fri, 2 Apr 2004 18:03:15 +0200 curl (7.11.1-1) unstable; urgency=low * New upstream release. * Bumped up shlibs version because of the introduction of CURLOPT_POSTFIELDSIZE_LARGE option. -- Domenico Andreoli Fri, 19 Mar 2004 11:39:07 +0100 curl (7.11.0-4) unstable; urgency=low * Applied fix from upstream's CVS which adds another CRLF in chunked-transfers. -- Domenico Andreoli Sun, 1 Feb 2004 13:19:02 +0100 curl (7.11.0-3) unstable; urgency=low * "Fixed" build process, now the right file is searched for CA certificates (closes: #228182). -- Domenico Andreoli Sat, 31 Jan 2004 20:06:10 +0100 curl (7.11.0-2) unstable; urgency=low * Test suite is still performed but is not critical for the build being successful any more. -- Domenico Andreoli Fri, 30 Jan 2004 13:03:03 +0100 curl (7.11.0-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Sun, 25 Jan 2004 17:50:43 +0100 curl (7.10.8+7.11.0-pre1-1) unstable; urgency=low * New upstream pre-release: - proxy+ssl now passes post variables (closes: #222901) - various test case problems exposed in #222140 should now be fixed. * Bumped up shlibs version because of the introduction of CURLOPT_NETRC_FILE and CURLOPT_FTP_SSL options in libcurl. -- Domenico Andreoli Wed, 14 Jan 2004 17:35:46 +0100 curl (7.10.8-1) unstable; urgency=low * New upstream release: - fixed LDAP support (closes: #149609) - cleaner environment for testsuite execution (closes: #210253) - fixed lib/Makefile.am's use of LDFLAGS (closes: #212086) - fixed name clash in curl.h with respect to unistd.h (closes: #213180) - fixed typo in curl manpage (closes: #218046). * Bumped up shlibs version because of new libcurl options. * Added stunnel to the Build-Depends in order to enable SSL test cases. -- Domenico Andreoli Mon, 3 Nov 2003 10:26:12 +0100 curl (7.10.7-2) unstable; urgency=low * Fixed bug in cache_resolv_response on alpha and ia64 (closes: #207174). Patch courtesy of Jurij Smakov. -- Domenico Andreoli Mon, 8 Sep 2003 21:55:46 +0200 curl (7.10.7-1) unstable; urgency=low * New upstream release. * Bumped up shlibs version because of the introduction of CURLOPT_PROXYAUTH and CURLOPT_FTP_CREATE_MISSING_DIRS options in libcurl. -- Domenico Andreoli Mon, 18 Aug 2003 00:19:43 +0200 curl (7.10.6-3) unstable; urgency=low * Applied patch to fix test 60 on ia64. -- Domenico Andreoli Sat, 9 Aug 2003 04:26:15 +0200 curl (7.10.6-2) unstable; urgency=low * Applied patch from upstream to fix url globbing (closes: #203827). * make test is still performed on building debug stuff but errors are ignored. -- Domenico Andreoli Thu, 7 Aug 2003 02:20:46 +0200 curl (7.10.6-1) unstable; urgency=low * New upstream release: - added spport for http_proxy env var with name:passwd (closes: #193630). * make test is invoked after build -- Domenico Andreoli Tue, 29 Jul 2003 01:26:50 +0200 curl (7.10.5-1) unstable; urgency=low * New upstream release: - fixed typo in curl's man page (closes: #189272). * New libcurl option CURLOPT_FTP_USE_EPRT has been added, bumped up shlibs. -- Domenico Andreoli Mon, 19 May 2003 23:57:12 +0200 curl (7.10.4-1) unstable; urgency=low * New upstream release: - now uses new settings properly when re-using an existing connection (closes: #185254) - curl man page now refers to MANUAL (closes: #178509). * Changed section of libcurl2-dev and libcurl2-dbg to libdevel. -- Domenico Andreoli Wed, 2 Apr 2003 21:25:24 +0200 curl (7.10.3-3) unstable; urgency=low * Rebuilt to link against libssl0.9.7. * Improved package descriptions thanks to suggestions provided by Filip Van Raemdonck (closes: #177995). -- Domenico Andreoli Fri, 14 Mar 2003 16:08:38 +0100 curl (7.10.3-2) unstable; urgency=low * Development package is now named libcurl2-dev, it provides libcurl-dev. People can now safely make their build dependencies and be sure to use the right stuff. * New package libcurl2-dbg is provided to help in debugging sessions. -- Domenico Andreoli Mon, 20 Jan 2003 22:04:32 +0100 curl (7.10.3-1) unstable; urgency=low * New upstream release. * It now suggests ca-certificates package. -- Domenico Andreoli Thu, 16 Jan 2003 00:27:48 +0100 curl (7.10.2-2) unstable; urgency=low * Added AM_MAINTAINER_MODE to configure.in (closes: #170050). -- Domenico Andreoli Fri, 22 Nov 2002 14:28:22 +0100 curl (7.10.2-1) unstable; urgency=low * New upstream release: - fixed segfault on retrieving relative redirects (closes: #165382) - fixed a leak of debug output (closes: #167678). * Updated config.guess and config.sub (closes: #166153). * Added zlib1g-dev to build and libcurl-dev dependencies (closes: #169654). * Added HTML and PDF versions of all manpages in libcurl-dev package. -- Domenico Andreoli Wed, 20 Nov 2002 23:38:24 +0100 curl (7.10.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Fri, 11 Oct 2002 23:26:50 +0200 curl (7.10-1) unstable; urgency=low * New upstream release: - new way to use option -x to prevent curl from using any proxy server (closes: #161153). -- Domenico Andreoli Wed, 2 Oct 2002 01:04:20 +0200 curl (7.9.8-2) unstable; urgency=low * Added again libcurl2-ssl to the libcurl2 conflicts. -- Domenico Andreoli Thu, 4 Jul 2002 02:35:24 +0200 curl (7.9.8-1) unstable; urgency=low * New upstream release. * Double flavor of curl to support both non-SSL and SSL is gone. Now curl comes only with SSL. Who needs SSL can require curl version >= 7.9.8 . -- Domenico Andreoli Mon, 24 Jun 2002 23:04:37 +0200 curl (7.9.7-2) unstable; urgency=low * Fixed the bashism in debian/rules (closes: #147352). * SSL and non-SSL series of curl packages are now built from the same source. thanks crypto-in-main! :) -- Domenico Andreoli Mon, 20 May 2002 23:28:05 +0200 curl (7.9.7-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Wed, 15 May 2002 21:09:19 +0200 curl (7.9.6-1) unstable; urgency=low * New upstream release. * libcurl.3 manpage is now installed by libcurl-dev instead of libcurl2. Indeed it provides an overview on how to use libcurl in C programs. -- Domenico Andreoli Sat, 20 Apr 2002 17:06:51 +0200 curl (7.9.5-2) unstable; urgency=low * curl-ssl stuff moved from non-US to main. -- Domenico Andreoli Mon, 25 Mar 2002 23:40:02 +0100 curl (7.9.5-1) unstable; urgency=low * New upstream release (closes: #134608). * Added autotools-dev to the build dependencies. config.{guess,sub} can now be updated automatically in the build process. -- Domenico Andreoli Tue, 12 Mar 2002 19:06:21 +0100 curl (7.9.3-2) unstable; urgency=low * Upstream source code has been correctly imported in my CVS repository (closes: #130906). -- Domenico Andreoli Sun, 27 Jan 2002 22:23:54 +0100 curl (7.9.3-1) unstable; urgency=low * New upstream release: - fixed wrong assumption on char signedness (closes: #127011) - missing header added accordingly (closes: #130401) * Fixed a typo in curl description (closes: #124526). -- Domenico Andreoli Thu, 24 Jan 2002 20:04:04 +0100 curl (7.9.2-1) unstable; urgency=low * New upstream release: - two bad timeout matters in libcurl2 are now solved (closes: #118595). -- Domenico Andreoli Fri, 7 Dec 2001 16:58:45 +0100 curl (7.9.1-3) unstable; urgency=low * Fixed return type of Curl_ftpsendf(...) to CURLcode (closes: #120485). * Versions in debian/libcurl2.shlibs have been incremented to ">= 7.9.1-1". -- Domenico Andreoli Thu, 22 Nov 2001 15:35:40 +0100 curl (7.9.1-2) unstable; urgency=low * Reverted to unpatched released 7.9.1 source tree, patch behavior was weird. -- Domenico Andreoli Thu, 15 Nov 2001 18:05:58 +0100 curl (7.9.1-1) unstable; urgency=low * New upstream release. * Applied upstream patch #478780 found on sourceforge, fixes libcurl which didn't restore SIGALRM handler (closes: #118595). * Applied patch for patch #478780 of above, see bug #118595 in BTS. Patch courtesy of Enrik Berkhan . * Build-Depends reduced to what is strictly required for building. autoconf, automake and libtool build dependencies are gone. -- Domenico Andreoli Fri, 9 Nov 2001 13:56:36 +0100 curl (7.9-1) unstable; urgency=low * New upstream release: - output of "curl-config --libs" now includes -lcurl. -- Domenico Andreoli Tue, 25 Sep 2001 18:38:46 +0200 curl (7.8-3) unstable; urgency=low * Added libc6-dev to libcurl2-dev dependencies. * Fixed lack of some FD_ZERO(...)s in lib/transfer.c (closes: #105516). -- Domenico Andreoli Fri, 3 Aug 2001 16:32:20 +0200 curl (7.8-2) unstable; urgency=low * libcurl2.shlibs now includes version numbers. some new symbols have been introduced in libcurl 7.8, so program linked against 7.8 cannot work with older ones. * IPv6 support is now enabled * configure.in has been renamed to autoconf.ac to force the use of autoconf 2.50 -- Domenico Andreoli Thu, 5 Jul 2001 01:38:24 +0200 curl (7.8-1) unstable; urgency=low * New upstream release. * Applied patch for correct shared library versioning of libcurl, curl 7.8 comes with broken shared library version out of the box. Patch provided by upstream developer. -- Domenico Andreoli Sat, 9 Jun 2001 21:12:05 +0200 curl (7.7.3-3) unstable; urgency=low * Fixed manpages libcurl-dev with required simlinks (closes: 99610). -- Domenico Andreoli Mon, 4 Jun 2001 14:37:49 +0200 curl (7.7.3-2) unstable; urgency=low * lib/url.c and lib/version.c are now fixed (closes: #97709). * install upstream changelog (closes: #97628). -- Domenico Andreoli Fri, 18 May 2001 10:32:25 +0200 curl (7.7.3-1) unstable; urgency=low * New upstream release. * Using dh_installman instead dh_installmanpages. * Installing libcurl examples with dh_installexamples. * Policy 3.5.3.0 compliant. -- Domenico Andreoli Thu, 10 May 2001 09:45:05 +0200 curl (7.7.2-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Tue, 24 Apr 2001 09:14:51 +0200 curl (7.7.1-2) unstable; urgency=low * Fixed debian/rules (closes: #78232, #93837). -- Domenico Andreoli Tue, 17 Apr 2001 17:12:19 +0200 curl (7.7.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Tue, 10 Apr 2001 13:26:09 +0200 curl (7.7-1) unstable; urgency=low * New upstream release. * Fixed formatting errors in curl.1 (closes: #90281). -- Domenico Andreoli Fri, 23 Mar 2001 18:25:26 +0100 curl (7.6.1-5) unstable; urgency=low * Fixed debian/libcurl1.shlibs in order to solve any problem for those packages which should depend on either libcurl1 or libcurl1-ssl. I should have done it long time ago. -- Domenico Andreoli Tue, 13 Mar 2001 18:29:06 +0100 curl (7.6.1-4) unstable; urgency=low * Added versioned Build-Depend for debhelper. -- Domenico Andreoli Tue, 6 Mar 2001 15:16:02 +0100 curl (7.6.1-3) unstable; urgency=low * Refining the transition to debhelper compatibility 2. I forgot the executable in the curl package (closes: #87886). -- Domenico Andreoli Wed, 28 Feb 2001 14:31:43 +0100 curl (7.6.1-2) unstable; urgency=low * Switched to debhelper compatibility version 2. -- Domenico Andreoli Fri, 23 Feb 2001 18:24:02 +0100 curl (7.6.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Tue, 13 Feb 2001 18:04:04 +0100 curl (7.6-2) unstable; urgency=low * Adjusted dependencies in order to let curl-ssl package manage a smooth upgrade from potato. -- Domenico Andreoli Fri, 9 Feb 2001 13:36:11 +0100 curl (7.6-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Mon, 29 Jan 2001 16:00:59 +0100 curl (7.5.2-2) unstable; urgency=low * This is a service upload in order to fix dependencies problems arose for a ill-formed upload of 7.5.2-1. -- Domenico Andreoli Mon, 29 Jan 2001 14:54:57 +0100 curl (7.5.2-1) unstable; urgency=low * New upstream release. * It needed to be recompiled against the new libc (closes: #80256). -- Domenico Andreoli Mon, 15 Jan 2001 13:08:15 +0100 curl (7.5-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Mon, 4 Dec 2000 13:15:33 +0100 curl (7.4.2-2) unstable; urgency=low * curl replaces curl-ssl. curl is only a frontend for libcurl and is not aware of any protocol, libcurl is. so what is really different whether ssl is enable or not is only libcurl. * curl now depends on (libcurl0 | libcurl0-ssl). * The workaround for libtool -rpath parameter is not required, so it has been removed from configure.in. * Removed "Suggests: " field in control file for libcurl0. It suggested to install curl and libcurl-dev too but it really doesn't make sense (this change was really applied in -1). -- Domenico Andreoli Tue, 28 Nov 2000 14:27:29 +0100 curl (7.4.2-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Fri, 17 Nov 2000 16:19:23 +0100 curl (7.2.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Mon, 4 Sep 2000 01:22:44 +0200 curl (7.1-3) unstable; urgency=low * Added "Suggests: " field in control file for libcurl0. Now curl and libcurl-dev are suggested upon installation of libcurl0. -- Domenico Andreoli Mon, 14 Aug 2000 15:01:08 +0200 curl (7.1-2) unstable; urgency=low * Fixed a line that did not install development manpages. -- Domenico Andreoli Thu, 10 Aug 2000 14:32:23 +0200 curl (7.1-1) unstable; urgency=low * New upstream release. * libcurl is now a separate package, it provides shared libraries and includes to allow developing for other applications. -- Domenico Andreoli Wed, 9 Aug 2000 01:21:25 +0200 curl (6.5.2-4) unstable; urgency=low * Some missing build dependencies (autoconf, automake, libtool) added. -- Domenico Andreoli Sat, 8 Jul 2000 00:13:16 +0200 curl (6.5.2-3) unstable; urgency=low * Due to some policy and technical restrictions, curl's source package has been splitted again in two, one for main archive and one for non-US. -- Domenico Andreoli Tue, 4 Jul 2000 15:52:14 +0200 curl (6.5.2-2) unstable; urgency=low * Added a Build-Depends in order to compile curl-ssl only if libssl09-dev is installed. * Documentation reflects the new location of curl debian packages home page (http://curl-deb.sourceforge.net). * Corrected minor spelling errors in README.Debian. -- Domenico Andreoli Sat, 17 Jun 2000 01:13:19 +0200 curl (6.5.2-1) unstable; urgency=low * New upstream release. * Now curl and curl-ssl binary packages are generated from the same debian source package. * Uploads and downloads are now performed simultaneously (closes: #56627). -- Domenico Andreoli Sat, 25 Mar 2000 01:06:35 +0100 curl (6.4-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Sun, 30 Jan 2000 02:21:32 +0100 curl (6.3.1-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Sat, 11 Dec 1999 17:38:13 +0100 curl (6.2-1) unstable; urgency=low * New upstream release. * No hack to compile without SSL is required anymore. Fixed by upstream maintainer. -- Domenico Andreoli Mon, 1 Nov 1999 00:37:32 +0100 curl (6.0-1) unstable; urgency=low * New upstream release. -- Domenico Andreoli Mon, 27 Sep 1999 22:28:13 +0200 curl (5.11-1.1) unstable; urgency=low * Put sources into the right section. -- Domenico Andreoli Mon, 30 Aug 1999 03:14:21 +0200 curl (5.11-1) unstable; urgency=low * New upstream release. * New debian maintainer. -- Domenico Andreoli Fri, 27 Aug 1999 11:50:04 +0200 curl (5.9-2) unstable; urgency=low * Moved to non-US, and compiled against ssl (closes: #40099). -- Leon Breedt Sat, 3 Jul 1999 15:46:54 +0200 curl (5.9-1) unstable; urgency=low * New upstream release. -- Leon Breedt Sun, 23 May 1999 21:51:30 +0200 curl (5.8-1) unstable; urgency=low * Initial Release. -- Leon Breedt Sun, 9 May 1999 18:55:48 +0200