dgit.raspbian.org Git - curl.git/log

Merge curl (8.6.0-2) import into refs/heads/workingbranch

Build with GnuTLS.

Origin: vendor
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2018-05-23

Gbp-Pq: Name 90_gnutls.patch

[PATCH] sendf: ignore response body to HEAD

and mark the stream for close, but return OK since the response this far
was ok - if headers were received. Partly because this is what curl has
done traditionally.

Test 499 verifies. Updates test 689.

Reported-by: Sergey Bronnikov
Bug: https://curl.se/mail/lib-2024-02/0000.html
Closes #12842

Gbp-Pq: Name sendf_ignore_response_body_to_head.patch

Remove curl's LDFLAGS from curl-config --static-libs

On current Debian bookworm, the LDFLAGS consist of
-L/usr/lib/${triplet}/mit-krb5 originating from
`pkg-config --libs-only-L mit-krb5-gssapi` from krb5-multidev, plus
some linker options that are intended for curl itself rather than for
dependent packages. None of these are really desirable, and they create
divergence between architectures that would prevent libcurl-*-dev from
being Multi-Arch: same.

The -L flag is not really needed, for the same reason that -L@libdir@
isn't. curl Build-Depends on libkrb5-dev, which doesn't need a special
-L flag to find libgssapi_krb5, and the various libcurl-*-dev packages
have Suggests on libkrb5-dev rather than on krb5-multidev for static
linking.

The other options (currently `-Wl,-z-relro -Wl,-z,now`) are intended
for libcurl itself, and if dependent packages want those options then
they should set them from their own packaging.

Bug-Debian: https://bugs.debian.org/1024668
Forwarded: not-needed
Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name Remove-curl-s-LDFLAGS-from-curl-config-static-libs.patch

In order to (partially) multi-arch-ify curl-config, remove all

Origin: vendor
Bug-Debian: http://bugs.debian.org/731998
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2017-01-10

mention of @includedir@ and @libdir@ from the script. On Debian, the actual
header and library directories are architecture-dependent, but will always be
in the C compiler's default search path, so -I and -L options are not
necessary (and may be harmful in multi-arch environments.)

Gbp-Pq: Name 11_omit-directories-from-config.patch

build: Divide mit-krb5-gssapi link flags between LDFLAGS and LIBS

From the comments nearby about not having --libs-only-L, it looks as
though the intention was to apply a split like this to all dependency
libraries where possible, and the only reason it was not done for
Kerberos is that krb5-config doesn't have that feature and pkg-config
was originally not supported here. For example, zlib, libssh and librtmp
all have their flags from pkg-config split in this way.

Now that pkg-config is supported here, we can do the intended split.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch

Enable zsh completion generation

Origin: vendor
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 08_enable-zsh.patch

Work around libtool --as-needed reordering bug

Origin: vendor
Bug-Debian: http://bugs.debian.org/347650
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 04_workaround_as_needed_bug.patch

curl (8.6.0-2) unstable; urgency=medium

  * d/p/sendf_ignore_response_body_to_head.patch: New upstream patch to fix a
    compat issue (closes: #1063342)
  * d/control: Switch from pkg-config to pkgconf

[dgit import unpatched curl 8.6.0-2]

Import curl_8.6.0-2.debian.tar.xz

[dgit import tarball curl 8.6.0-2 curl_8.6.0-2.debian.tar.xz]

Import curl_8.6.0.orig.tar.gz

[dgit import orig curl_8.6.0.orig.tar.gz]

Merge curl (8.5.0-2) import into refs/heads/workingbranch

Build with GnuTLS.

Origin: vendor
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2018-05-23

Gbp-Pq: Name 90_gnutls.patch

Add upstream file that missed the tarball for 8.5.0

Forwarded: not-needed

More context at https://github.com/curl/curl/issues/12462#issuecomment-1843569943

Gbp-Pq: Name add_errorcodes_upstream_file.patch

[PATCH] openldap: fix an LDAP crash

Reported-by: Ozan Cansel
Fixes #12593
Closes #12600

Gbp-Pq: Name openldap_fix_an_LDAP_crash.patch

[PATCH] dist: add tests/errorcodes.pl to the tarball

Used by test 1477

Reported-by: Xi Ruoyao
Follow-up to 0ca3a4ec9a7
Fixes #12462
Closes #12463

Gbp-Pq: Name dist_add_tests_errorcodes_pl_to_the_tarball.patch

Remove curl's LDFLAGS from curl-config --static-libs

On current Debian bookworm, the LDFLAGS consist of
-L/usr/lib/${triplet}/mit-krb5 originating from
`pkg-config --libs-only-L mit-krb5-gssapi` from krb5-multidev, plus
some linker options that are intended for curl itself rather than for
dependent packages. None of these are really desirable, and they create
divergence between architectures that would prevent libcurl-*-dev from
being Multi-Arch: same.

The -L flag is not really needed, for the same reason that -L@libdir@
isn't. curl Build-Depends on libkrb5-dev, which doesn't need a special
-L flag to find libgssapi_krb5, and the various libcurl-*-dev packages
have Suggests on libkrb5-dev rather than on krb5-multidev for static
linking.

The other options (currently `-Wl,-z-relro -Wl,-z,now`) are intended
for libcurl itself, and if dependent packages want those options then
they should set them from their own packaging.

Bug-Debian: https://bugs.debian.org/1024668
Forwarded: not-needed
Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name Remove-curl-s-LDFLAGS-from-curl-config-static-libs.patch

In order to (partially) multi-arch-ify curl-config, remove all

Origin: vendor
Bug-Debian: http://bugs.debian.org/731998
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2017-01-10

mention of @includedir@ and @libdir@ from the script. On Debian, the actual
header and library directories are architecture-dependent, but will always be
in the C compiler's default search path, so -I and -L options are not
necessary (and may be harmful in multi-arch environments.)

Gbp-Pq: Name 11_omit-directories-from-config.patch

build: Divide mit-krb5-gssapi link flags between LDFLAGS and LIBS

From the comments nearby about not having --libs-only-L, it looks as
though the intention was to apply a split like this to all dependency
libraries where possible, and the only reason it was not done for
Kerberos is that krb5-config doesn't have that feature and pkg-config
was originally not supported here. For example, zlib, libssh and librtmp
all have their flags from pkg-config split in this way.

Now that pkg-config is supported here, we can do the intended split.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch

Enable zsh completion generation

Origin: vendor
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 08_enable-zsh.patch

Work around libtool --as-needed reordering bug

Origin: vendor
Bug-Debian: http://bugs.debian.org/347650
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 04_workaround_as_needed_bug.patch

curl (8.5.0-2) unstable; urgency=medium

* d/p/openldap_fix_an_LDAP_crash.patch: New patch to fix ldap segfault
(closes: #1057855)

[dgit import unpatched curl 8.5.0-2]

Import curl_8.5.0-2.debian.tar.xz

[dgit import tarball curl 8.5.0-2 curl_8.5.0-2.debian.tar.xz]

Import curl_8.5.0.orig.tar.gz

[dgit import orig curl_8.5.0.orig.tar.gz]

Merge curl (8.4.0-2) import into refs/heads/workingbranch

Build with GnuTLS.

Origin: vendor
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2018-05-23

Gbp-Pq: Name 90_gnutls.patch

Remove curl's LDFLAGS from curl-config --static-libs

On current Debian bookworm, the LDFLAGS consist of
-L/usr/lib/${triplet}/mit-krb5 originating from
`pkg-config --libs-only-L mit-krb5-gssapi` from krb5-multidev, plus
some linker options that are intended for curl itself rather than for
dependent packages. None of these are really desirable, and they create
divergence between architectures that would prevent libcurl-*-dev from
being Multi-Arch: same.

The -L flag is not really needed, for the same reason that -L@libdir@
isn't. curl Build-Depends on libkrb5-dev, which doesn't need a special
-L flag to find libgssapi_krb5, and the various libcurl-*-dev packages
have Suggests on libkrb5-dev rather than on krb5-multidev for static
linking.

The other options (currently `-Wl,-z-relro -Wl,-z,now`) are intended
for libcurl itself, and if dependent packages want those options then
they should set them from their own packaging.

Bug-Debian: https://bugs.debian.org/1024668
Forwarded: not-needed
Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name Remove-curl-s-LDFLAGS-from-curl-config-static-libs.patch

In order to (partially) multi-arch-ify curl-config, remove all

Origin: vendor
Bug-Debian: http://bugs.debian.org/731998
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2017-01-10

mention of @includedir@ and @libdir@ from the script. On Debian, the actual
header and library directories are architecture-dependent, but will always be
in the C compiler's default search path, so -I and -L options are not
necessary (and may be harmful in multi-arch environments.)

Gbp-Pq: Name 11_omit-directories-from-config.patch

build: Divide mit-krb5-gssapi link flags between LDFLAGS and LIBS

From the comments nearby about not having --libs-only-L, it looks as
though the intention was to apply a split like this to all dependency
libraries where possible, and the only reason it was not done for
Kerberos is that krb5-config doesn't have that feature and pkg-config
was originally not supported here. For example, zlib, libssh and librtmp
all have their flags from pkg-config split in this way.

Now that pkg-config is supported here, we can do the intended split.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch

Enable zsh completion generation

Origin: vendor
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 08_enable-zsh.patch

Work around libtool --as-needed reordering bug

Origin: vendor
Bug-Debian: http://bugs.debian.org/347650
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 04_workaround_as_needed_bug.patch

curl (8.4.0-2) unstable; urgency=medium

* d/rules: set CURL_PATCHSTAMP to package's version, so it shows up in
"--version" output

[dgit import unpatched curl 8.4.0-2]

Import curl_8.4.0-2.debian.tar.xz

[dgit import tarball curl 8.4.0-2 curl_8.4.0-2.debian.tar.xz]

Import curl_8.4.0.orig.tar.gz

[dgit import orig curl_8.4.0.orig.tar.gz]

Merge curl (8.3.0-3) import into refs/heads/workingbranch

Build with GnuTLS.

Origin: vendor
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2018-05-23

Gbp-Pq: Name 90_gnutls.patch

[PATCH] cookie: remove unnecessary struct fields

Plus: reduce the hash table size from 256 to 63. It seems unlikely to
make much of a speed difference for most use cases but saves 1.5KB of
data per instance.

Closes #11862

Gbp-Pq: Name CVE-2023-38546.patch

[PATCH] socks: return error if hostname too long for remote resolve

Prior to this change the state machine attempted to change the remote
resolve to a local resolve if the hostname was too long. Unfortunately
that did not always work as intended, leading to a security issue. And
when it did it's a privacy violation for users of socks5h that may
expect their DNS requests will not leak.

Bug: https://curl.se/docs/CVE-2023-38545.html

Backported by: Samuel Henrique <samueloph@debian.org>

Gbp-Pq: Name CVE-2023-38545.patch

[PATCH] lib: use wrapper for curl_mime_data fseek callback

fseek uses long offset which does not match with curl_off_t. This leads
to undefined behavior when calling the callback and caused failure on
arm 32 bit.

Use a wrapper to solve this and use fseeko which uses off_t instead of
long.

Thanks to the nice people at Libera IRC #musl for helping finding this
out.

Fixes #11882
Fixes #11900
Closes #11918

Gbp-Pq: Name lib_use_wrapper_for_curl_mime_data_fseek_callback.patch

[PATCH] tests: increase the default server logs lock timeout

This timeout is used to wait for the server to finish writing its logs
before checking them against the expected values. An overloaded machine
could take more than the two seconds previously allocated, so increase
the timeout to 5 seconds.

Ref: #11328
Closes #11834

Gbp-Pq: Name tests_increase_the_default_server_logs_lock_timeout.patch

[PATCH] test650: fix an end tag typo

Gbp-Pq: Name test650_fix_an_end_tag_typo.patch

Remove curl's LDFLAGS from curl-config --static-libs

On current Debian bookworm, the LDFLAGS consist of
-L/usr/lib/${triplet}/mit-krb5 originating from
`pkg-config --libs-only-L mit-krb5-gssapi` from krb5-multidev, plus
some linker options that are intended for curl itself rather than for
dependent packages. None of these are really desirable, and they create
divergence between architectures that would prevent libcurl-*-dev from
being Multi-Arch: same.

The -L flag is not really needed, for the same reason that -L@libdir@
isn't. curl Build-Depends on libkrb5-dev, which doesn't need a special
-L flag to find libgssapi_krb5, and the various libcurl-*-dev packages
have Suggests on libkrb5-dev rather than on krb5-multidev for static
linking.

The other options (currently `-Wl,-z-relro -Wl,-z,now`) are intended
for libcurl itself, and if dependent packages want those options then
they should set them from their own packaging.

Bug-Debian: https://bugs.debian.org/1024668
Forwarded: not-needed
Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name Remove-curl-s-LDFLAGS-from-curl-config-static-libs.patch

In order to (partially) multi-arch-ify curl-config, remove all

Origin: vendor
Bug-Debian: http://bugs.debian.org/731998
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2017-01-10

mention of @includedir@ and @libdir@ from the script. On Debian, the actual
header and library directories are architecture-dependent, but will always be
in the C compiler's default search path, so -I and -L options are not
necessary (and may be harmful in multi-arch environments.)

Gbp-Pq: Name 11_omit-directories-from-config.patch

build: Divide mit-krb5-gssapi link flags between LDFLAGS and LIBS

From the comments nearby about not having --libs-only-L, it looks as
though the intention was to apply a split like this to all dependency
libraries where possible, and the only reason it was not done for
Kerberos is that krb5-config doesn't have that feature and pkg-config
was originally not supported here. For example, zlib, libssh and librtmp
all have their flags from pkg-config split in this way.

Now that pkg-config is supported here, we can do the intended split.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Gbp-Pq: Name build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch

Enable zsh completion generation

Origin: vendor
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 08_enable-zsh.patch

Work around libtool --as-needed reordering bug

Origin: vendor
Bug-Debian: http://bugs.debian.org/347650
Forwarded: not-needed
Reviewed-by: Alessandro Ghedini <ghedo@debian.org>
Last-Update: 2016-08-03

Gbp-Pq: Name 04_workaround_as_needed_bug.patch

curl (8.3.0-3) unstable; urgency=high

* Add patches to fix CVE-2023-38545 and CVE-2023-38546

[dgit import unpatched curl 8.3.0-3]

Import curl_8.3.0-3.debian.tar.xz

[dgit import tarball curl 8.3.0-3 curl_8.3.0-3.debian.tar.xz]

Merge curl (8.3.0-2) import into refs/heads/workingbranch