curl 7.60.0-2ubuntu1 source package in Ubuntu
Changelog
curl (7.60.0-2ubuntu1) cosmic; urgency=low * Merge from Debian unstable. Remaining changes: - Use an if statement to conditionally disable libssh2 in Ubuntu-only * Dropped changes, included in Debian: - Build-depend on libssl-dev instead of libssl1.0-dev. - Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between openssl 1.0 and openssl 1.1. - debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer claiming compatibility. - debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for non-OpenSSL builds. * Dropped changes, include upstream: - SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write - debian/patches/CVE-2018-1000120.patch: reject path components with control codes in lib/ftp.c, add test to tests/*. - CVE-2018-1000120 - SECURITY UPDATE: LDAP NULL pointer dereference - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber() results for NULL before using in lib/openldap.c. - CVE-2018-1000121 - SECURITY UPDATE: RTSP RTP buffer over-read - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't go beyond buffer end in lib/transfer.c. - CVE-2018-1000122 - SECURITY UPDATE: FTP shutdown response buffer overflow - debian/patches/CVE-2018-1000300.patch: check data size in lib/pingpong.c. - CVE-2018-1000303 - SECURITY UPDATE: RTSP bad headers buffer over-read - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when bad response-line is parsed in lib/http.c. - CVE-2018-1000301 curl (7.60.0-2) unstable; urgency=medium [ Steve Langasek ] * Build-depend on libssl-dev instead of libssl1.0-dev. * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between openssl 1.0 and openssl 1.1. * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer claiming compatibility. * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for non-OpenSSL builds. Closes: #858398. * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk curl (7.60.0-1) unstable; urgency=medium * New upstream release (Closes: #891997, #893546, #898856) + Fix use of IPv6 literals with NO_PROXY + Fix NIL byte out of bounds write due to FTP path trickery as per CVE-2018-1000120 https://curl.haxx.se/docs/adv_2018-9cd6.html + Fix LDAP NULL pointer dereference as per CVE-2018-1000121 https://curl.haxx.se/docs/adv_2018-97a2.html + Fix RTSP RTP buffer over-read as per CVE-2018-1000122 https://curl.haxx.se/docs/adv_2018-b047.html + Fix heap buffer overflow when closing down an FTP connection with very long server command replies as per CVE-2018-1000300 https://curl.haxx.se/docs/adv_2018-82c2.html + Fix heap buffer over-read when parsing bad RTSP headers as per CVE-2018-1000301 https://curl.haxx.se/docs/adv_2018-b138.html * Refresh patches * Bump Standards-Version to 4.1.4 (no changes needed) -- Steve Langasek <email address hidden> Mon, 04 Jun 2018 16:27:47 -0700
Upload details
- Uploaded by:
- Steve Langasek
- Uploaded to:
- Cosmic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
curl_7.60.0.orig.tar.gz | 3.8 MiB | e9c37986337743f37fd14fe8737f246e97aec94b39d1b71e8a5973f72a9fc4f5 |
curl_7.60.0-2ubuntu1.debian.tar.xz | 31.7 KiB | 11d769b646018c3b2140211d25a066facbc0df910fdbfef37af8be5fc73d7c2f |
curl_7.60.0-2ubuntu1.dsc | 2.7 KiB | 4c512e2baf021b9d35d35c6c447f8cb27b6b6c9f466f2cdf14a6672fd4fc7bb4 |
Available diffs
- diff from 7.58.0-2ubuntu4 to 7.60.0-2ubuntu1 (655.2 KiB)
Binary packages built by this source
- curl: No summary available for curl in ubuntu cosmic.
No description available for curl in ubuntu cosmic.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu cosmic.
No description available for curl-dbgsym in ubuntu cosmic.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu cosmic.
No description available for libcurl3-gnutls in ubuntu cosmic.
- libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu cosmic.
No description available for libcurl3-
gnutls- dbgsym in ubuntu cosmic.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu cosmic.
No description available for libcurl3-nss in ubuntu cosmic.
- libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu cosmic.
No description available for libcurl3-nss-dbgsym in ubuntu cosmic.
- libcurl4: No summary available for libcurl4 in ubuntu cosmic.
No description available for libcurl4 in ubuntu cosmic.
- libcurl4-dbgsym: No summary available for libcurl4-dbgsym in ubuntu cosmic.
No description available for libcurl4-dbgsym in ubuntu cosmic.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu cosmic.
No description available for libcurl4-doc in ubuntu cosmic.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu cosmic.
No description available for libcurl4-gnutls-dev in ubuntu cosmic.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu cosmic.
No description available for libcurl4-nss-dev in ubuntu cosmic.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu cosmic.
No description available for libcurl4-
openssl- dev in ubuntu cosmic.