curl 7.60.0-2ubuntu1 source package in Ubuntu
Changelog
curl (7.60.0-2ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Use an if statement to conditionally disable libssh2 in Ubuntu-only
* Dropped changes, included in Debian:
- Build-depend on libssl-dev instead of libssl1.0-dev.
- Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
openssl 1.0 and openssl 1.1.
- debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
claiming compatibility.
- debian/patches/90_gnutls.patch: Retain symbol versioning compatibility
for non-OpenSSL builds.
* Dropped changes, include upstream:
- SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
- debian/patches/CVE-2018-1000120.patch: reject path components with
control codes in lib/ftp.c, add test to tests/*.
- CVE-2018-1000120
- SECURITY UPDATE: LDAP NULL pointer dereference
- debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
results for NULL before using in lib/openldap.c.
- CVE-2018-1000121
- SECURITY UPDATE: RTSP RTP buffer over-read
- debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
go beyond buffer end in lib/transfer.c.
- CVE-2018-1000122
- SECURITY UPDATE: FTP shutdown response buffer overflow
- debian/patches/CVE-2018-1000300.patch: check data size in
lib/pingpong.c.
- CVE-2018-1000303
- SECURITY UPDATE: RTSP bad headers buffer over-read
- debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
bad response-line is parsed in lib/http.c.
- CVE-2018-1000301
curl (7.60.0-2) unstable; urgency=medium
[ Steve Langasek ]
* Build-depend on libssl-dev instead of libssl1.0-dev.
* Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
openssl 1.0 and openssl 1.1.
* debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
claiming compatibility.
* debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
non-OpenSSL builds. Closes: #858398.
* Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk
curl (7.60.0-1) unstable; urgency=medium
* New upstream release (Closes: #891997, #893546, #898856)
+ Fix use of IPv6 literals with NO_PROXY
+ Fix NIL byte out of bounds write due to FTP path trickery
as per CVE-2018-1000120
https://curl.haxx.se/docs/adv_2018-9cd6.html
+ Fix LDAP NULL pointer dereference as per CVE-2018-1000121
https://curl.haxx.se/docs/adv_2018-97a2.html
+ Fix RTSP RTP buffer over-read as per CVE-2018-1000122
https://curl.haxx.se/docs/adv_2018-b047.html
+ Fix heap buffer overflow when closing down an FTP connection
with very long server command replies as per CVE-2018-1000300
https://curl.haxx.se/docs/adv_2018-82c2.html
+ Fix heap buffer over-read when parsing bad RTSP headers
as per CVE-2018-1000301
https://curl.haxx.se/docs/adv_2018-b138.html
* Refresh patches
* Bump Standards-Version to 4.1.4 (no changes needed)
-- Steve Langasek <email address hidden> Mon, 04 Jun 2018 16:27:47 -0700
Upload details
- Uploaded by:
- Steve Langasek
- Uploaded to:
- Cosmic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| curl_7.60.0.orig.tar.gz | 3.8 MiB | e9c37986337743f37fd14fe8737f246e97aec94b39d1b71e8a5973f72a9fc4f5 |
| curl_7.60.0-2ubuntu1.debian.tar.xz | 31.7 KiB | 11d769b646018c3b2140211d25a066facbc0df910fdbfef37af8be5fc73d7c2f |
| curl_7.60.0-2ubuntu1.dsc | 2.7 KiB | 4c512e2baf021b9d35d35c6c447f8cb27b6b6c9f466f2cdf14a6672fd4fc7bb4 |
Available diffs
- diff from 7.58.0-2ubuntu4 to 7.60.0-2ubuntu1 (655.2 KiB)
Binary packages built by this source
- curl: No summary available for curl in ubuntu cosmic.
No description available for curl in ubuntu cosmic.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu cosmic.
No description available for curl-dbgsym in ubuntu cosmic.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu cosmic.
No description available for libcurl3-gnutls in ubuntu cosmic.
- libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu cosmic.
No description available for libcurl3-
gnutls- dbgsym in ubuntu cosmic.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu cosmic.
No description available for libcurl3-nss in ubuntu cosmic.
- libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu cosmic.
No description available for libcurl3-nss-dbgsym in ubuntu cosmic.
- libcurl4: No summary available for libcurl4 in ubuntu cosmic.
No description available for libcurl4 in ubuntu cosmic.
- libcurl4-dbgsym: No summary available for libcurl4-dbgsym in ubuntu cosmic.
No description available for libcurl4-dbgsym in ubuntu cosmic.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu cosmic.
No description available for libcurl4-doc in ubuntu cosmic.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu cosmic.
No description available for libcurl4-gnutls-dev in ubuntu cosmic.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu cosmic.
No description available for libcurl4-nss-dev in ubuntu cosmic.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu cosmic.
No description available for libcurl4-
openssl- dev in ubuntu cosmic.
