Remove curl's LDFLAGS from curl-config --static-libs
On current Debian bookworm, the LDFLAGS consist of
-L/usr/lib/${triplet}/mit-krb5 originating from
`pkg-config --libs-only-L mit-krb5-gssapi` from krb5-multidev, plus
some linker options that are intended for curl itself rather than for
dependent packages. None of these are really desirable, and they create
divergence between architectures that would prevent libcurl-*-dev from
being Multi-Arch: same.
The -L flag is not really needed, for the same reason that -L@libdir@
isn't. curl Build-Depends on libkrb5-dev, which doesn't need a special
-L flag to find libgssapi_krb5, and the various libcurl-*-dev packages
have Suggests on libkrb5-dev rather than on krb5-multidev for static
linking.
The other options (currently `-Wl,-z-relro -Wl,-z,now`) are intended
for libcurl itself, and if dependent packages want those options then
they should set them from their own packaging.
Bug-Debian: https://bugs.debian.org/
1024668
Forwarded: not-needed
Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name Remove-curl-s-LDFLAGS-from-curl-config-static-libs.patch
curl (7.88.1-10+deb12u6) bookworm; urgency=medium
* Team upload.
[ Sergio Durigan Junior ]
* d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
(Closes: #
1053643)
[ Guilherme Puida Moreira ]
* Add patches to fix CVE-2024-2004 and CVE-2024-2398.
- CVE-2024-2004: When a protocol selection parameter disables all
protocols without adding any then the default set of protocols would
remain in the allowed set due to an error in the logic for removing
protocols.
- CVE-2024-2398: When an application tells libcurl it wants to allow
HTTP/2 server push and the amount of received headers for the push
surpasses the maximum allowed limit (1000), libcurl aborts the server
push and leaks the memory allocated for the previously allocated
headers.
* d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
Refresh patch.
[dgit import unpatched curl 7.88.1-10+deb12u6]
projects / curl.git / log