dgit.raspbian.org Git - curl.git/log

Use correct path when loading libnss{pem,ckbi}.so

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726073

Gbp-Pq: Name Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch

Remove curl's LDFLAGS from curl-config --static-libs

On current Debian bookworm, the LDFLAGS consist of
-L/usr/lib/${triplet}/mit-krb5 originating from
`pkg-config --libs-only-L mit-krb5-gssapi` from krb5-multidev, plus
some linker options that are intended for curl itself rather than for
dependent packages. None of these are really desirable, and they create
divergence between architectures that would prevent libcurl-*-dev from
being Multi-Arch: same.

The -L flag is not really needed, for the same reason that -L@libdir@
isn't. curl Build-Depends on libkrb5-dev, which doesn't need a special
-L flag to find libgssapi_krb5, and the various libcurl-*-dev packages
have Suggests on libkrb5-dev rather than on krb5-multidev for static
linking.

The other options (currently `-Wl,-z-relro -Wl,-z,now`) are intended
for libcurl itself, and if dependent packages want those options then
they should set them from their own packaging.

Bug-Debian: https://bugs.debian.org/1024668
Forwarded: not-needed
Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name Remove-curl-s-LDFLAGS-from-curl-config-static-libs.patch

In order to (partially) multi-arch-ify curl-config, remove all

Origin: vendor
Bug-Debian: http://bugs.debian.org/731998
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2017-01-10

mention of @includedir@ and @libdir@ from the script. On Debian, the actual
header and library directories are architecture-dependent, but will always be
in the C compiler's default search path, so -I and -L options are not
necessary (and may be harmful in multi-arch environments.)

Gbp-Pq: Name 11_omit-directories-from-config.patch

build: Divide mit-krb5-gssapi link flags between LDFLAGS and LIBS

From the comments nearby about not having --libs-only-L, it looks as
though the intention was to apply a split like this to all dependency
libraries where possible, and the only reason it was not done for
Kerberos is that krb5-config doesn't have that feature and pkg-config
was originally not supported here. For example, zlib, libssh and librtmp
all have their flags from pkg-config split in this way.

Now that pkg-config is supported here, we can do the intended split.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch

Enable zsh completion generation

Origin: vendor
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 08_enable-zsh.patch

Work around libtool --as-needed reordering bug

Origin: vendor
Bug-Debian: http://bugs.debian.org/347650
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 04_workaround_as_needed_bug.patch

curl (7.88.1-10) unstable; urgency=medium

  * Add new patches to fix CVEs (closes: #1036239):
    - CVE-2023-28319: UAF in SSH sha256 fingerprint check
    - CVE-2023-28320: siglongjmp race condition
    - CVE-2023-28321: IDN wildcard match
    - CVE-2023-28322: more POST-after-PUT confusion
  * d/libcurl*.symbols: Drop curl_jmpenv, not built anymore due to
    CVE-2023-28320

[dgit import unpatched curl 7.88.1-10]

Import curl_7.88.1-10.debian.tar.xz

[dgit import tarball curl 7.88.1-10 curl_7.88.1-10.debian.tar.xz]

Import curl_7.88.1.orig.tar.gz

[dgit import orig curl_7.88.1.orig.tar.gz]