Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

configure shouldn't silently strip debug options #7216

Closed
Hello71 opened this issue Jun 8, 2021 · 2 comments
Closed

configure shouldn't silently strip debug options #7216

Hello71 opened this issue Jun 8, 2021 · 2 comments
Labels

Comments

@Hello71
Copy link
Contributor

Hello71 commented Jun 8, 2021

CFLAGS=-g ./configure assumes --without-debug then ignores -g. i think that without explicit --without-debug it shouldn't be ignored at all, and even with --without-debug it should allow compiling with -g anyways (interpreting --without-debug as "don't add debug flags", not "remove all debugging functionality") or at least issue an error and fail loudly.

CURL_VAR_STRIP([tmp_CFLAGS],[$flags_dbg_all])

i suspect this was initially done due to autoconf CFLAGS="-g -O2" default, but it's a very unintuitive behavior, and from a distro level means we need to do special work to support curl debugging. --with-debug seems not right for us either, since we may want to specify our own setting. in fact, as i read it, it is currently totally impossible to set anything other than -g (with gcc/clang), since -g* is stripped and replaced with either -g or nothing.

@jay jay added the build label Jun 9, 2021
bagder added a commit that referenced this issue Jun 16, 2021
To allow users to set them when invoking configure without using
--with-debug.

Reported-by: Alex Xu
Fixes #7216
@bagder
Copy link
Member

bagder commented Jun 17, 2021

@Hello71 I presume #7267 is then in line with your thinking?

@Hello71
Copy link
Contributor Author

Hello71 commented Jun 17, 2021

yes, thanks!

@bagder bagder closed this as completed in 6dd35dd Jun 17, 2021
jmb202 pushed a commit to pexip/os-curl that referenced this issue Nov 9, 2022
curl (7.86.0-1) unstable; urgency=medium
.
  * New upstream version 7.86.0
    - Fix HSTS bypass via IDN:
      curl's HSTS check could be bypassed to trick it to keep using HTTP.
      (closes: CVE-2022-42916)
    - Fix HTTP proxy double-free (closes: CVE-2022-42915)
    - Fix .netrc parser out-of-bounds access (closes: CVE-2022-35260)
    - Fix POST following PUT confusion (closes: CVE-2022-32221)
.
curl (7.85.0-1) unstable; urgency=medium
.
  * New upstream version 7.85.0
    - Fix control code in cookie denial of service:
      When curl retrieves and parses cookies from an HTTP(S) server, it
      accepts cookies using control codes (byte values below 32). When cookies
      that contain such control codes are later sent back to an HTTP(S) server,
      it might make the server return a 400 response. Effectively allowing a
      "sister site" to deny service to siblings
      (closes: #1018831, CVE-2022-35252)
    - Fix FTBFS on riscv64 with gcc-12 (closes: #1015835)
  * Bump Standards-Version to 4.6.1
  * Add lintian overrides for old-style-config-script-multiarch-path triggered
    for curl-config
  * d/patches:
    - 11_omit-directories-from-config.patch: Update patch
    - 20_ftbfs_import_sched.patch: Drop patch, applied upstream
  * d/rules: Fix configure args, remove bogus '--without-ssl'
  * d/copyright: Update the whole file
  * d/(control|watch): Update upstream's URL
.
curl (7.84.0-2) unstable; urgency=medium
.
  * d/p/20_ftbfs_import_sched.patch: New upstream patch to fix FTBFS
    (closes: #1014596)
.
curl (7.84.0-1) unstable; urgency=medium
.
  * New upstream version 7.84.0
    - Fix the following CVEs:
      ~ Improper Enforcement of Message Integrity During Transmission in a
        Communication Channel (CVE-2022-32208)
      ~ Improper Preservation of Permissions (CVE-2022-32207)
      ~ Allocation of Resources Without Limits or Throttling (CVE-2022-32205,
        CVE-2022-32206)
.
curl (7.83.1-2) unstable; urgency=medium
.
  * d/p/fix_multiline_header_regression.patch: New upstream patch to fix
    regression (closes: #1012263, #1011696)
.
curl (7.83.1-1) unstable; urgency=medium
.
  * New upstream version 7.83.1
    - Fix the following CVEs:
      ~ HSTS bypass via trailing dot (CVE-2022-30115)
      ~ TLS and SSH connection too eager reuse (CVE-2022-27782)
      ~ CERTINFO never-ending busy-loop (CVE-2022-27781)
      ~ percent-encoded path separator in URL host (CVE-2022-27780)
      ~ cookie for trailing dot TLD (CVE-2022-27779)
      ~ curl removes wrong file on error (CVE-2022-27778)
.
curl (7.83.0-1) unstable; urgency=medium
.
  * New upstream version 7.83.0
    - Fix auth/cookie leak on redirect (closes: #1010252, CVE-2022-27776)
    - Fix bad local IPv6 connection reuse (closes: #1010253, CVE-2022-27775)
    - Fix credential leak on redirect (closes: #1010254, CVE-2022-27774)
    - Fix OAUTH2 bearer bypass in connection re-use
      (closes: #1010295, CVE-2022-22576)
  * d/libcurl*.symbols: update symbols files to add curl_easy_header and
    curl_easy_nextheader
  * d/patches:
    - Refresh patches
    - 12_fix_openssl_cm_check.patch: remove patch, applied upstream
.
curl (7.82.0-2) unstable; urgency=medium
.
  * d/p/12_fix_openssl_cm_check.patch: New upstream patch to fix openssl CN
    check (closes: #1007739, #1007740)
  * d/control:
    - Set libcurl4-doc as Multi-Arch: foreign
    - Remove ancient version requirements for dependencies
  * d/salsa-ci.yml: Disable reprotest until it acknowledges
    SALSA_CI_DPKG_BUILDPACKAGE_ARGS
.
curl (7.82.0-1) unstable; urgency=medium
.
  * New upstream version 7.82.0
  * d/salsa-ci.yml: Add CI definition customized to skip tests (nocheck), to
    avoid long build times
  * Update and refresh patches: 13_fix-man-formatting.patch has been merged
    upstream
  * d/rules:
    - Add --with-nss-deprecated, required to build with nss now
      (upstream will drop support in August)
    - Look for nocheck build profile in DEB_BUILD_PROFILES instead of
      DEB_BUILD_OPTIONS (wider coverage)
.
curl (7.81.0-1) unstable; urgency=medium
.
  * New upstream version 7.81.0
  * d/p/13_fix-man-formatting.patch: Refresh patch
.
curl (7.80.0-3) unstable; urgency=medium
.
  * Revert "Revert "debian/control: Add Build-Depends on libssh-dev for
    Ubuntu".
.
    As per #1002598, the blocker has been solved.
.
    Note that this does not changes Debian's curl to libssh, it still
    uses libssh2.
.
    Discussions about changing to libssh are ongoing at #897950
.
curl (7.80.0-2) unstable; urgency=medium
.
  * Revert "debian/control: Add Build-Depends on libssh-dev for Ubuntu"
    (closes: #1002597)
    The change had side effects on Debian due to the inclusion of the new
    Build-dep, even though it doesn't changes the resulting binary. It cause
    issues for architecture bootstraping.
.
    We are gonna reintroduce this change once the issues are fixed, to allow
    Ubuntu to remove its delta.
.
    See discussions at #1002598 and #1002597 for details
.
curl (7.80.0-1) unstable; urgency=medium
.
  [ Samuel Henrique ]
  * New upstream version 7.80.0
  * Bump Standards-Version to 4.6.0
  * Add new symbol curl_url_strerror to symbols files
  * Compile with zstd support (closes: #983660)
  * d/p/12_use-python3-in-tests.patch: Drop patch, merged upstream
  * d/p/13_fix-man-formatting.patch: Update patch
  * d/p/14_fix-compatibility-impacket-0-9-23.patch: Drop patch, merged upstream
.
  [ Jeremy Bicha ]
  * debian/control: Add Build-Depends on libssh-dev for Ubuntu
.
curl (7.79.1-2) unstable; urgency=medium
.
  * d/rules: Make test failures non-fatal again.
    Unfortunately there are some test failures happening on a few
    architectures, so we have to make the build pass even if not all tests
    are succeeding, at least until we have time to properly investigate
    the reason for these failures.
.
curl (7.79.1-1) unstable; urgency=medium
.
  [ Samuel Henrique ]
  * Add myself as an Uploader
  * Add sergiodj as an uploader
  * New upstream version 7.79.1 (closes: #989046)
    - Changes since 7.74.0:
      ~ vtls: fix connection reuse checks for issuer cert and case sensitivity
      (closes: #991492, CVE-2021-22924)
      ~ Fix User-Agent header missing in some cases (closes: #994940)
      ~ Fix TELNET stack contents disclosure (closes: #989228, CVE-2021-22898)
  * d/rules: Add --with-{openssl|gnutls|nss} to configure args
  * Update all patches.
     Remove patches:
     - 07_do-not-disable-debug-symbols: Obsolete as per
       curl/curl#7216.
     - 14_transfer-strip-credentials-from-the-auto-referer-hea:
       Originally from upstream, part of the release now.
     - 15_vtls-add-isproxy-argument-to-Curl_ssl_get-addsession:
       Originally from upstream, part of the release now.
     - fix-regression-microseconds-instead-of-seconds:
       Originally from upstream, part of the release now.
     Update patches:
     - 12_use-python3-in-tests: Update and forward upstream.
     - 90_gnutls: Update
     - 99_nss: Update
     - 13_fix-man-formatting: Update
.
  [ Debian Janitor ]
  * Use secure URI in Homepage field.
  * Set debhelper-compat version in Build-Depends.
  * Set upstream metadata fields: Bug-Database,
    Bug-Submit (from ./configure), Repository, Repository-Browse.
  * Avoid explicitly specifying -Wl,--as-needed linker flag.
.
  [ Helmut Grohne ]
  * Also remove -ffile-prefix-map from curl-config (closes: #990128)
  * Explicitly disable zstd support (closes: #992505)
.
  [ Sergio Durigan Junior ]
  * d/control: Add Rules-Requires-Root: no.
  * d/copyright: Add public-domain license text.
  * Enable GPG-checking of orig tarball.
    - d/upstream/signing-key.asc: Upstream public key.
    - d/watch: Add "pgpmode=auto" as an option.
  * Bump debhelper-compat to 13.
    - d/control: B-D on debhelper-compat = 13.
    - d/rules: After the override_dh_auto_install target has been run,
      we know that we can safely get rid of the contents inside the
      debian/tmp/ directory.  This is needed because otherwise dh_missing
      will complain about uninstalled files, which will make the build
      fail when using debhelper-compat 13.
  * d/rules: Some minor cleanup and removal of unneeded comments.
  * d/rules: Honour "nocheck" build option.
  * Make OpenSSL and GNUTLS builds fail if tests fail
    - d/rules: Adjust rule to make OpenSSL and GNUTLS builds fail if their
      tests fail.  Unfortunately, it's still not possible to make the NSS
      build fail if its tests fail; we're still investigating the failures
      there with it.
    - d/p/14_fix-compatibility-impacket-0-9-23.patch: Needed patch
      to make tests pass with impacket 0.9.23+.
balabit-sync pushed a commit to balabit-deps/balabit-os-9-curl that referenced this issue Nov 15, 2022
curl (7.81.0-1ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: when curl sends back cookies with control bytes a
    HTTP(S) server may return a 400 response
    - debian/patches/CVE-2022-35252.patch: adds invalid_octets function
      to lib/cookie.c to reject cookies with control bytes
    - CVE-2022-35252

curl (7.81.0-1ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Set-cookie denial of service
    - debian/patches/CVE-2022-32205.patch: apply limits to cookies
      specifications in lib/cookie.c, lib/cookie.h, lib/http.c, lib/urldata.h.
    - CVE-2022-32205
  * SECURITY UPDATE: HTTP compression denial of service
    - debian/patches/CVE-2022-32206.patch: return error on too many
      compression steps in lib/content_encoding.c.
    - CVE-2022-32206
  * SECURITY UPDATE: Unpreserved file permissions
    - debian/patches/CVE-2022-32207.patch: add Curl_fopen()
      for better overwriting of files in lib/Makefile.inc,
      lib/cookie.c, lib/fopen.c, lib/fopen.h.
    - CVE-2022-32207
  * SECURITY UPDATE: FTP-KRB bad msg verification
    - debian/patches/CVE-2022-32208.patch: return error properly
      on decode errors in lib/krb5.c.
    - CVE-2022-32208

curl (7.81.0-1ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: percent-encoded path separator in URL host
    - debian/patches/CVE-2022-27780.patch: reject percent-decoding host
      name into separator bytes in lib/urlapi.c.
    - CVE-2022-27780
  * SECURITY UPDATE: CERTINFO never-ending busy-loop
    - debian/patches/CVE-2022-27781.patch: return error if seemingly stuck
      in a cert loop in lib/vtls/nss.c.
    - CVE-2022-27781
  * SECURITY UPDATE: TLS and SSH connection too eager reuse
    - debian/patches/CVE-2022-27782.patch: check more TLS details for
      connection reuse in lib/setopt.c, lib/url.c, lib/urldata.h,
      lib/vtls/gtls.c, lib/vtls/openssl.c, lib/vtls/nss.c, lib/vtls/vtls.c,
      lib/vssh/ssh.h.
    - CVE-2022-27782

curl (7.81.0-1ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: OAUTH2 bypass
    - debian/patches/CVE-2022-22576.patch: check sasl additional
      parameters for conn resuse in lib/strcase.c, lib/strcase.h,
      lib/url.c, lib/urldata.h, lib/vtls/vtls.c.
    - CVE-2022-22576
  * SECURITY UPDATE: Credential leak on redirect
    - debian/patches/CVE-2022-27774-1.patch: store conn_remote_port
      in the info struct to make it available after the connection ended
      in lib/connect.c, lib/urldata.h.
    - debian/patches/CVE-2022-27774-2.patch: redirects to other protocols
      or ports clear auth in lib/transfer.c.
    - debian/patches/CVE-2022-27774-3.patch: adds tests to verify
      these fix in tests/data/Makefile.inc, tests/data/test973,
      tests/data/test974, tests/data/test975, tests/data/test976.
    - CVE-2022-27774
  * SECURITY UPDATE: Bad local IPV6 connection reuse
    - debian/patches/CVE-2022-27775.patch: include the zone id in the
      'bundle' haskey in lib/conncache.c.
    - CVE-2022-27775
  * SECURITY UPDATE: Auth/cookie leak on redirect
    - debian/patches/CVE-2022-27776.patch: avoid auth/cookie on redirects
      same host diff port in lib/http.c, lib/urldata.h.
    - CVE-2022-27776

curl (7.81.0-1) unstable; urgency=medium

  * New upstream version 7.81.0
  * d/p/13_fix-man-formatting.patch: Refresh patch

curl (7.80.0-3) unstable; urgency=medium

  * Revert "Revert "debian/control: Add Build-Depends on libssh-dev for
    Ubuntu".

    As per #1002598, the blocker has been solved.

    Note that this does not changes Debian's curl to libssh, it still
    uses libssh2.

    Discussions about changing to libssh are ongoing at #897950

curl (7.80.0-2) unstable; urgency=medium

  * Revert "debian/control: Add Build-Depends on libssh-dev for Ubuntu"
    (closes: #1002597)
    The change had side effects on Debian due to the inclusion of the new
    Build-dep, even though it doesn't changes the resulting binary. It cause
    issues for architecture bootstraping.

    We are gonna reintroduce this change once the issues are fixed, to allow
    Ubuntu to remove its delta.

    See discussions at #1002598 and #1002597 for details

curl (7.80.0-1) unstable; urgency=medium

  [ Samuel Henrique ]
  * New upstream version 7.80.0
  * Bump Standards-Version to 4.6.0
  * Add new symbol curl_url_strerror to symbols files
  * Compile with zstd support (closes: #983660)
  * d/p/12_use-python3-in-tests.patch: Drop patch, merged upstream
  * d/p/13_fix-man-formatting.patch: Update patch
  * d/p/14_fix-compatibility-impacket-0-9-23.patch: Drop patch, merged upstream

  [ Jeremy Bicha ]
  * debian/control: Add Build-Depends on libssh-dev for Ubuntu

curl (7.79.1-2) unstable; urgency=medium

  * d/rules: Make test failures non-fatal again.
    Unfortunately there are some test failures happening on a few
    architectures, so we have to make the build pass even if not all tests
    are succeeding, at least until we have time to properly investigate
    the reason for these failures.

curl (7.79.1-1) unstable; urgency=medium

  [ Samuel Henrique ]
  * Add myself as an Uploader
  * Add sergiodj as an uploader
  * New upstream version 7.79.1 (closes: #989046)
    - Changes since 7.74.0:
      ~ vtls: fix connection reuse checks for issuer cert and case sensitivity
      (closes: #991492, CVE-2021-22924)
      ~ Fix User-Agent header missing in some cases (closes: #994940)
      ~ Fix TELNET stack contents disclosure (closes: #989228, CVE-2021-22898)
  * d/rules: Add --with-{openssl|gnutls|nss} to configure args
  * Update all patches.
     Remove patches:
     - 07_do-not-disable-debug-symbols: Obsolete as per
       https://github.com/curl/curl/issues/7216.
     - 14_transfer-strip-credentials-from-the-auto-referer-hea:
       Originally from upstream, part of the release now.
     - 15_vtls-add-isproxy-argument-to-Curl_ssl_get-addsession:
       Originally from upstream, part of the release now.
     - fix-regression-microseconds-instead-of-seconds:
       Originally from upstream, part of the release now.
     Update patches:
     - 12_use-python3-in-tests: Update and forward upstream.
     - 90_gnutls: Update
     - 99_nss: Update
     - 13_fix-man-formatting: Update

  [ Debian Janitor ]
  * Use secure URI in Homepage field.
  * Set debhelper-compat version in Build-Depends.
  * Set upstream metadata fields: Bug-Database,
    Bug-Submit (from ./configure), Repository, Repository-Browse.
  * Avoid explicitly specifying -Wl,--as-needed linker flag.

  [ Helmut Grohne ]
  * Also remove -ffile-prefix-map from curl-config (closes: #990128)
  * Explicitly disable zstd support (closes: #992505)

  [ Sergio Durigan Junior ]
  * d/control: Add Rules-Requires-Root: no.
  * d/copyright: Add public-domain license text.
  * Enable GPG-checking of orig tarball.
    - d/upstream/signing-key.asc: Upstream public key.
    - d/watch: Add "pgpmode=auto" as an option.
  * Bump debhelper-compat to 13.
    - d/control: B-D on debhelper-compat = 13.
    - d/rules: After the override_dh_auto_install target has been run,
      we know that we can safely get rid of the contents inside the
      debian/tmp/ directory.  This is needed because otherwise dh_missing
      will complain about uninstalled files, which will make the build
      fail when using debhelper-compat 13.
  * d/rules: Some minor cleanup and removal of unneeded comments.
  * d/rules: Honour "nocheck" build option.
  * Make OpenSSL and GNUTLS builds fail if tests fail
    - d/rules: Adjust rule to make OpenSSL and GNUTLS builds fail if their
      tests fail.  Unfortunately, it's still not possible to make the NSS
      build fail if its tests fail; we're still investigating the failures
      there with it.
    - d/p/14_fix-compatibility-impacket-0-9-23.patch: Needed patch
      to make tests pass with impacket 0.9.23+.

curl (7.74.0-1.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Add upstream patch bc7ecc7 so curl -w times shown as seconds with
    fractions (Closes: #989064)

curl (7.74.0-1.2) unstable; urgency=medium

  * Non-maintainer upload.
  * transfer: strip credentials from the auto-referer header field
    (CVE-2021-22876) (Closes: #986269)
  * vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
    (CVE-2021-22890) (Closes: #986270)

curl (7.74.0-1.1) unstable; urgency=medium

  * Non-maintainer upload.

  [ Bruno Kleinert ]
  * Fixed "Please build-depend on libidn2-dev instead of obsolete transition
    package libidn2-0-dev" (Closes: #974996)

curl (7.74.0-1) unstable; urgency=medium

  * New upstream release
    + Fix inferior OCSP verification as per CVE-2020-8286 (Closes: #977161)
      https://curl.se/docs/CVE-2020-8286.html
    + Fix FTP wildcard stack overflow as per CVE-2020-8285 (Closes: #977162)
      https://curl.se/docs/CVE-2020-8285.html
    + Fix trusting FTP PASV responses as per CVE-2020-8284 (Closes: #977163)
      https://curl.se/docs/CVE-2020-8284.html
  * Update debian/watch to new upstream download page layout
  * Update 12_use-python3-in-tests.patch due to renamed file
  * Refresh patches
  * Fix cross-build due to python build dependencies.
    Thanks to Helmut Grohne for the patch (Closes: #969004)
  * Fix formatting in some man pages.
    Thanks to Bjarni Ingi Gislason for the patch (Closes: #963559)
  * Update list of documentation files to install
  * Update symbols
  * Bump Standards-Version to 4.5.1 (no changes needed)
  * Drop removed file from d/copyright

curl (7.72.0-1) unstable; urgency=medium

  * New upstream release
    + Fix partial password leak over DNS on HTTP redirect as per CVE-2020-8169
      (Closes: #965280)
      https://curl.haxx.se/docs/CVE-2020-8169.html
    + Fix local file overwrite with -J option as per CVE-2020-8177
      (Closes: #965281)
      https://curl.haxx.se/docs/CVE-2020-8177.html
    + Fix wrong connect-only connection as per CVE-2020-8231 (Closes: #968831)
      https://curl.haxx.se/docs/CVE-2020-8231.html
  * Refresh patches
  * Do not install *.la files.
    Thanks to Pino Toscano for the patch. (Closes: #955785)
  * Update list of doc files
  * Update copyright for polarssl -> mbedtls rename
  * Use python3 executable in tests

curl (7.68.0-1) unstable; urgency=medium

  * New upstream release
  * Bump Standards-Version to 4.5.0 (no changes needed)
  * Update symbols files
  * Configure default CA file with OpenSSL again (Closes: #948441)

curl (7.67.0-2) unstable; urgency=medium

  * Restore :native annotation for python3 Build-Depends.
    Thanks to Helmut Grohne for the patch (Closes: #945928)

curl (7.67.0-1) unstable; urgency=medium

  * New upstream release
  * Replace python with python3 in Build-Depends (Closes: #942984)
  * Bump Standards-Version to 4.4.1 (no changes needed)

curl (7.66.0-1) unstable; urgency=medium

  * New upstream release (Closes: #940024)
    + Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
      https://curl.haxx.se/docs/CVE-2019-5481.html
    + Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
      (Closes: #940010)
      https://curl.haxx.se/docs/CVE-2019-5482.html
  * Refresh patches
  * Enable brotli support (Closes: #940129)
  * Update *.symbols files

curl (7.65.3-1) unstable; urgency=medium

  * New upstream release
  * Drop 12_fix-man-errors.patch (merged upstream)
  * Remove Ian Jackson from Uploaders as he has never done an upload

curl (7.65.1-1) unstable; urgency=medium

  * New upstream release
    + Reduce verbose output (Closes: #926148)
    + Fix parsing URLs with link local addresses (Closes: #926812)
  * Drop patches merged upstream
  * Refresh patches
  * Bump STandards-Version to 4.4.0 (no changes needed)
  * Update entry in copyright for renamed files
  * Fix some man errors.
    Thanks to Bjarni Ingi Gislason for the patch (Closes: #926352)
  * Add Build-Depends-Package field to symbols files

curl (7.64.0-4) unstable; urgency=medium

  * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
    https://curl.haxx.se/docs/CVE-2019-5436.html
  * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352)
    https://curl.haxx.se/docs/CVE-2019-5435.html

curl (7.64.0-3) unstable; urgency=medium

  * Fix potential crash in HTTP/2 code and busy loop at the end of connections
    (Closes: #927471)

curl (7.64.0-2) unstable; urgency=medium

  * Fix infinite loop when fetching URLs with unreachable IPv6 (Closes: #922554)

curl (7.64.0-1) unstable; urgency=medium

  * New upstream release
    + Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
      https://curl.haxx.se/docs/CVE-2018-16890.html
    + Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
      https://curl.haxx.se/docs/CVE-2019-3822.html
    + Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
      https://curl.haxx.se/docs/CVE-2019-3823.html
    + Fix HTTP negotiation with POST requests (Closes: #920267)
  * Refresh patches
  * Import fixes for zsh completion script generator (Closes: #92145)

curl (7.63.0-1) unstable; urgency=medium

  * New upstream release
    + Fix IPv6 numeral address parser (Closes: #915520)
    + Fix timeout handling (Closes: #914793)
    + Fix HTTP auth to include query in URI (Closes: #913214)
  * Drop 12_fix-runtests-curl.patch (merged upstream)
  * Update symbols
  * Update copyright for removed files
  * Bump debhlper compat level to 12
  * Bump Standards-Version to 4.3.0 (no changes needed)

curl (7.62.0-1) unstable; urgency=medium

  * New upstream release
    + Fix NTLM password overflow via integer overflow as per CVE-2018-14618
      (Closes: #908327) https://curl.haxx.se/docs/CVE-2018-14618.html
    + Fix SASL password overflow via integer overflow as per CVE-2018-16839
      https://curl.haxx.se/docs/CVE-2018-16839.html
    + Fix use-after-free in handle close as per CVE-2018-16840
      https://curl.haxx.se/docs/CVE-2018-16840.html
    + Fix warning message out-of-buffer read as per CVE-2018-16842
      https://curl.haxx.se/docs/CVE-2018-16842.html
    + Fix broken terminal output (closes: #911333)
  * Refresh patches
  * Add 12_fix-runtests-curl.patch to fix running curl in tests

curl (7.61.0-1) unstable; urgency=medium

  * New upstream release
    + Fix SMTP send heap buffer overflow as per CVE-2018-0500 (Closes: #903546)
      https://curl.haxx.se/docs/adv_2018-70a2.html
    + Fix some crashes related to HTTP/2 (Closes: #902628)
  * Disable libssh2 on Ubuntu.
    Thanks to Gianfranco Costamagna for the patch (Closes: #888449)
  * Bump Standards-Version to 4.2.0 (no changes needed)
  * Don't configure default CA bundle with OpenSSL and GnuTLS (Closes: #883174)

curl (7.60.0-2) unstable; urgency=medium

  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds.  Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

curl (7.60.0-1) unstable; urgency=medium

  * New upstream release (Closes: #891997, #893546, #898856)
    + Fix use of IPv6 literals with NO_PROXY
    + Fix NIL byte out of bounds write due to FTP path trickery
      as per CVE-2018-1000120
      https://curl.haxx.se/docs/adv_2018-9cd6.html
    + Fix LDAP NULL pointer dereference as per CVE-2018-1000121
      https://curl.haxx.se/docs/adv_2018-97a2.html
    + Fix RTSP RTP buffer over-read as per CVE-2018-1000122
      https://curl.haxx.se/docs/adv_2018-b047.html
    + Fix heap buffer overflow when closing down an FTP connection
      with very long server command replies as per CVE-2018-1000300
      https://curl.haxx.se/docs/adv_2018-82c2.html
    + Fix heap buffer over-read when parsing bad RTSP headers
      as per CVE-2018-1000301
      https://curl.haxx.se/docs/adv_2018-b138.html
  * Refresh patches
  * Bump Standards-Version to 4.1.4 (no changes needed)

curl (7.58.0-2) unstable; urgency=medium

  * Explicitly enable libssh2 support which got silently disabled in the
    previous update

curl (7.58.0-1) unstable; urgency=medium

  * New upstream release
    - Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005
      https://curl.haxx.se/docs/adv_2018-824a.html
    - Fix HTTP authentication leak in redirects as per CVE-2018-1000007
      https://curl.haxx.se/docs/adv_2018-b3bf.html
  * Point Vcs-* to salsa.d.o
  * Bump Standards-Version to 4.1.3 (no changes needed)
  * Bump debhlper compat level to 11
  * Refresh patches
  * fix insecure-copyright-format-uri

curl (7.57.0-1) unstable; urgency=medium

  * New upstream release
    - Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816
      https://curl.haxx.se/docs/adv_2017-11e7.html
    - Fix FTP wildcard out of bounds read as per CVE-2017-8817
      https://curl.haxx.se/docs/adv_2017-ae72.html
    - Fix SSL out of buffer access as per CVE-2017-8818
      https://curl.haxx.se/docs/adv_2017-af0a.html
  * Remove -fdebug-prefix-map from curl-config.
    Thanks to Timo Weingärtner for the patch (Closes: #861974, #874223, #874238)
  * Don't install zsh completion when cross compiling.
    Thanks to Wookey for the patch (Closes: #812965)

curl (7.56.1-1) unstable; urgency=medium

  * New upstream release
    - Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257
      https://curl.haxx.se/docs/adv_20171023.html
  * Bump Standards-Version to 4.1.1 (no changes needed)
  * Drop 01_runtests_gdb.patch
  * Drop 12_dont-wait-on-CONNECT.patch
  * Refresh patches
  * Update *.symbols files
  * Use https:// URL in watch file

curl (7.55.1-1) unstable; urgency=medium

  * New upstream release
    - Fix FTBFS on powerpc (Closes: #872502)
  * Apply upstream patch to fix connection timeouts with NetworkManager
    (Closes: #873181)
  * Refresh patches
  * Bump Standards-Version to 4.1.0 (no changes needed)

curl (7.55.0-1) unstable; urgency=medium

  * New upstream release
    - Fix TFTP sends more than buffer size as per CVE-2017-1000100
      (Closes: #871555)
    - Fix URL globbing out of bounds read as per CVE-2017-1000101
      (Closes: #871554)
  * Refresh patches and drop patches merged upstream
  * Update Standards-Version to 4.0.1 (no changes needed)
  * Drop -dbg package

curl (7.52.1-5) unstable; urgency=high

  * Fix TLS session resumption client cert bypass as per CVE-2017-7468
    https://curl.haxx.se/docs/adv_20170419.html

curl (7.52.1-4) unstable; urgency=medium

  * Fix regression in CONNECT response handling (Closes: #857613)
  * Fix buffer read overrun on --write-out as per CVE-2017-7407
    https://curl.haxx.se/docs/adv_20170403.html (Closes: #859500)

curl (7.52.1-3) unstable; urgency=high

  * Make SSL_VERIFYSTATUS work again as per CVE-2017-2629
    https://curl.haxx.se/docs/adv_20170222.html

curl (7.52.1-2) unstable; urgency=medium

  * Fix HTTPS connection timeout with OpenSSL (Closes: #852317)

curl (7.52.1-1) unstable; urgency=medium

  * New upstream release
    - Fix printf floating point buffer overflow as per CVE-2016-9586
      (Closes: #848958)
  * B-D on "libssl1.0-dev | libssl-dev (<< 1.1)" (Closes: #850880, #844018)
  * Another attempt at making -dev packages multi-arch.
    Thanks to Benjamin Moody for the patches. (Closes: #731998, #846360)
  * Enable support for PSL (Closes: #847958)
  * Re-enable support for IDN (Closes: #849539)
  * Drop 10_disable-network-tests.patch.
    It didn't really work, and the issue is not urgent.
  * Switch curl binary back to libcurl3/OpenSSL.
    While the GnuTLS flavour mostly worked fine, there are a bunch of features
    that are not implemented.

curl (7.51.0-1) unstable; urgency=medium

  * New upstream release
    - Fix cookie injection for other servers as per CVE-2016-8615
      https://curl.haxx.se/docs/adv_20161102A.html
    - Fix case insensitive password comparison as per CVE-2016-8616
      https://curl.haxx.se/docs/adv_20161102B.html
    - Fix OOB write via unchecked multiplication as per CVE-2016-8617
      https://curl.haxx.se/docs/adv_20161102C.html
    - Fix double-free in curl_maprintf as per CVE-2016-8618
      https://curl.haxx.se/docs/adv_20161102D.html
    - Fix double-free in krb5 code as per CVE-2016-8619
      https://curl.haxx.se/docs/adv_20161102E.html
    - Fix glob parser write/read out of bounds as per CVE-2016-8620
      https://curl.haxx.se/docs/adv_20161102F.html
    - Fix curl_getdate read out of bounds as per CVE-2016-8621
      https://curl.haxx.se/docs/adv_20161102G.html
    - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
      https://curl.haxx.se/docs/adv_20161102H.html
    - Fix use-after-free via shared cookies as per CVE-2016-8623
      https://curl.haxx.se/docs/adv_20161102I.html
    - Fix invalid URL parsing with '#' as per CVE-2016-8624
      https://curl.haxx.se/docs/adv_20161102J.html
    - Fix IDNA 2003 makes curl use wrong host
      https://curl.haxx.se/docs/adv_20161102K.html
    - Fix escape and unescape integer overflows as
      per CVE-2016-7167 (Closes: #837945)
      https://curl.haxx.se/docs/adv_20160914.html
    - Fix incorrect reuse of client certificates (NSS backend)
      as per CVE-2016-7141 (Closes: #836918)
      https://curl.haxx.se/docs/adv_20160907.html
  * Drop 02_art_http_scripting.patch (file not shipped anymore)
  * Refresh patches
  * Temporarily disable IDN support
  * Don't install pdf and html docs (they are not shipped in the tarball anymore)
  * Install markdown docs

curl (7.50.1-2) unstable; urgency=medium

  * Disable more network tests (Closes: #830273)

curl (7.50.1-1) unstable; urgency=medium

  * New upstream release (Closes: #827900)
    - Fix TLS session resumption client cert bypass as per CVE-2016-5419
      https://curl.haxx.se/docs/adv_20160803A.html
    - Fix re-using connection with wrong client cert as per CVE-2016-5420
      https://curl.haxx.se/docs/adv_20160803B.html
    - Fix use of connection struct after free as per CVE-2016-5421
      https://curl.haxx.se/docs/adv_20160803C.html
    - Support OpenSSL 1.1 (Closes: #828127)
  * Fix 04_workaround_as_needed_bug.patch.
    Thanks to Yuriy M. Kaminskiy for the patch (Closes: #818131)
  * Bump Standards-Version to 3.9.8 (no changes needed)
  * Update Vcs-* URLs
  * Refresh patches
  * Add 08_enable-zsh.patch to re-enable zsh completion generation
  * Remove 08_fix-zsh-completion.patch (was already disabled)
  * Add 09_fix-typo.patch to fix spelling-error-in-manpage
  * Add 10_disable-network-tests.patch to disable networked tests
    (Closes: #830273)
  * Improve cross Build-Depends satisfiability.
    Thanks to Helmut Grohne for the patch (Closes: #818092)

curl (7.47.0-1) unstable; urgency=high

  * New upstream release
    - Fix NTLM credentials not-checked for proxy connection re-use
      as per CVE-2016-0755
      http://curl.haxx.se/docs/adv_20160127A.html
    - Set uyrgency=high accordingly
  * Remove hard-coded dependency on libgnutls (Closes: #812542)
  * Drop 08_fix-zsh-completion.patch (merged upstream)
  * Refresh patches

curl (7.46.0-1) unstable; urgency=medium

  * New upstream release
    - Initialize OpenSSL algorithms after loading config (Closes: #805408)
  * Install curl zsh completion (Closes: #805509)
    - Add 08_fix-zsh-completion.patch to fix zsh completion generation

curl (7.45.0-1) unstable; urgency=medium

  * New upstream release
  * Drop 08_spelling.patch (merged upstream)

curl (7.44.0-2) unstable; urgency=medium

  * Enable HTTP/2 support (Closes: #796302)

curl (7.44.0-1) unstable; urgency=medium

  * New upstream release
  * Refresh patches
  * Update symbols files
  * Add 08_spelling.patch to fix some spelling errors

curl (7.43.0-1) unstable; urgency=medium

  * New upstream release
    - Fix lingering HTTP credentials in connection re-use as per CVE-2015-3236
      http://curl.haxx.se/docs/adv_20150617A.html
    - Fix SMB send off unrelated memory contents as per CVE-2015-3237
      http://curl.haxx.se/docs/adv_20150617B.html
  * Refresh patches
  * Fix spelling-error-in-description

curl (7.42.1-3) unstable; urgency=medium

  * Update copyright
  * Set both CA bundle and CA path default values for OpenSSL and GnuTLS
    backends
  * Bump versioned depends on libgnutls to workaround lack of nettle versioned
    symbols (Closes: #787960)

curl (7.42.1-2) unstable; urgency=medium

  * Switch curl binary to libcurl3-gnutls (Closes: #342719)
    This is the first step of a possible migration to a GnuTLS-only
    libcurl for Debian. Let's see how it goes.

curl (7.42.1-1) unstable; urgency=high

  * New upstream release
    - Don't send sensitive HTTP server headers to proxies as per
      CVE-2015-3153
      http://curl.haxx.se/docs/adv_20150429.html
  * Drop 08_fix-spelling.patch (merged upstream)
  * Refresh patches

curl (7.42.0-1) unstable; urgency=medium

  * New upstream release
    - Fix re-using authenticated connection when unauthenticated
      as per CVE-2015-3143
      http://curl.haxx.se/docs/adv_20150422A.html
    - Fix host name out of boundary memory access as per CVE-2015-3144
      http://curl.haxx.se/docs/adv_20150422D.html
    - Fix cookie parser out of boundary memory access as per CVE-2015-3145
      http://curl.haxx.se/docs/adv_20150422C.html
    - Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
      http://curl.haxx.se/docs/adv_20150422B.html
    - Disable SSLv3 in the OpenSSL backend when OPENSSL_NO_SSL3_METHOD is
      defined (Closes: #768562)
  * Drop patches merged upstream
  * Refresh patches
  * Bump Standards-Version to 3.9.6 (no changes needed)

curl (7.38.0-4) unstable; urgency=high

  * Fix URL request injection vulnerability as per CVE-2014-8150
    http://curl.haxx.se/docs/adv_20150108B.html
  * Set urgency=high accordingly

curl (7.38.0-3) unstable; urgency=high

  * Enable all hardening options (Closes: #763372)
  * Fix duphandle read out of bounds as per CVE-2014-3707
    http://curl.haxx.se/docs/adv_20141105.html
  * Set urgency=high accordingly

curl (7.38.0-2) unstable; urgency=medium

  * Check for libtoolize instead of libtool during build.
    Thanks to Helmut Grohne for the patch (Closes: #761740)
  * Add README.source note regarding ordering of patches (Closes: #762193)
  * Add 10_fix-resolver.patch from upstream (Closes: #762014)

curl (7.38.0-1) unstable; urgency=medium

  * New upstream release
    - Only use full host matches for hosts used as IP address
      as per CVE-2014-3613
      http://curl.haxx.se/docs/adv_20140910A.html
    - Reject incoming cookies set for TLDs as per CVE-2014-3620
      http://curl.haxx.se/docs/adv_20140910B.html
  * Drop 08_link-curl-to-nss.patch (merged upstream)
  * Refresh patches
  * Fix wildcard-matches-nothing-in-dep5-copyright
  * Add 08_fix-spelling.patch

curl (7.37.1-1) unstable; urgency=medium

  * New upstream release
  * Re-enable RTMP support (Closes: #754222)
  * Add 08_link-curl-to-nss.patch to fix NSS build
  * Refresh patches
  * Install manpages of single libcurl options too

curl (7.37.0-1) unstable; urgency=medium

  * New upstream release
    - Fix NULL pointer dereference in GnuTLS code (Closes: #746349)
  * Drop 08_fix-imap-tests.patch (merged upstream)
  * Refresh 01_runtests_gdb.patch
  * Remove Build-Depends on libgcrypt

curl (7.36.0-2) unstable; urgency=medium

  * Move Depends on -dev packages needed to use static libraries to Suggests
  * Switch to GnuTLS 3.x (Closes: #741568)
  * Disable RTMP support (librtmp-dev requires libgnutls-dev, which conflicts
    with libgnutls28-dev)

curl (7.36.0-1) unstable; urgency=high

  * New upstream release (Closes: #742728)
    - Fix connection re-use when using different log-in credentials
      as per CVE-2014-0138
      http://curl.haxx.se/docs/adv_20140326A.html
    - Reject IP address wildcard matches as per CVE-2014-0139
      http://curl.haxx.se/docs/adv_20140326B.html
    - Set urgency=high accordingly
  * Add 08_fix-imap-tests.patch to fix tests broken by the fix for CVE-2014-0138

curl (7.35.0-1) unstable; urgency=high

  * New upstream release
    - Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015
      http://curl.haxx.se/docs/adv_20140129.html
    - Set urgency=high accordingly
  * Refresh patches

curl (7.34.0-1) unstable; urgency=high

  * New upstream release
    - Fix GnuTLS checking of a certificate CN or SAN name field when the
      digital signature verification is turned off as per CVE-2013-6422
      http://curl.haxx.se/docs/adv_20131217.html
    - Set urgency=high accordingly
  * Drop patches merged upstream:
    - 08_fix-typo.patch
    - 09_fix-urlglob.patch

curl (7.33.0-2) unstable; urgency=low

  * Make -dev packages Multi-Arch: same too (Closes: #731309)
  * Bump Standards-Version to 3.9.5 (no changes needed)
  * Add 09_fix-urlglob.patch to fix URL globbing (Closes: #731855)

curl (7.33.0-1) unstable; urgency=low

  * New upstream release
    - Handle arbitrary-length username and password (Closes: #719856)
  * Remove Luk from Uploaders as per his request (Closes: #723603)
  * Do not Build-Depends on specific automake version (Closes: #724361)
  * Fix lintian vcs-field-not-canonical
  * Add 08_fix-typo.patch
  * Refresh patches

curl (7.32.0-1) unstable; urgency=low

  * New upstream release
  * Fix typo in changelog entry for 7.31.0-1 (Closes: #714502)
  * Drop 08_typo.patch (merged upstream)
  * Drop 09_openssl-recv.patch (merged upstream)
  * Refresh 90_gnutls.patch and 99_nss.patch
  * Refresh 06_always-disable-valgrind.patch
  * Enable threaded DNS resolver (Closes: #570436)
    See NEWS.Debian for more info

curl (7.31.0-2) unstable; urgency=high

  * Add 09_openssl-recv.patch to fix incorrect OpenSSL usage (Closes: #714050)
  * Set urgency=high because of the security fix in the previous upload

curl (7.31.0-1) unstable; urgency=low

  * New upstream release
    - Fix URL decode buffer boundary flaw as per CVE-2013-2174
      http://curl.haxx.se/docs/adv_20130622.html
  * Make curl Multi-Arch: foreign (Closes: #712585)
  * Drop 08_reset-timecond.patch (merged upstream)
  * Refresh patches
  * Add 08_typo.patch to fix a couple of typos in one of the manpages

curl (7.30.0-2) unstable; urgency=low

  * Move textual docs to the -doc package too
  * Move manpages from -dev packages to -doc as well
    - Add Breaks+Replaces accordingly
  * Remove outdated Replaces/Conflicts
  * Update watch file version to 3
  * Add 08_reset-timecond.patch (Closes: #705783)

curl (7.30.0-1) unstable; urgency=low

  * New upstream release
  * Update upstream copyright years
  * Drop patches merged upstream:
    - 08_NULL-pointer-dereference-on-close.patch
    - 09_CVE-213-1944.patch
    - 10_test1218-another-cookie-tailmatch-test.patch
  * Update patches:
    - 03_keep_symbols_compat.patch
    - 90_gnutls.patch
    - 99_nss.patch
  * Add libcurl4-doc package:
    - Move *.pdf and *.html files to the libcurl4-doc package
    - Add Suggests for -doc package to -dev packages
    - Move examples to the -doc package
  * Add Build-Depends on python which is used by some tests

curl (7.29.0-2.1) unstable; urgency=high

  * Non-maintainer upload.

  [ Alessandro Ghedini ]
  * Do not compress *.pdf files (Closes: #704093)

  [ Salvatore Bonaccorso ]
  * Add 09_CVE-213-1944.patch.
    Fix CVE-2013-1944: fix tailmatching to prevent cross-domain leakage.
    Cookies set for 'example.com' could accidentaly also be sent by libcurl
    to the 'bexample.com' (ie with a prefix to the first domain name).
    (Closes: #705274)
  * Add testcase for CVE-2013-1944.

curl (7.29.0-2) unstable; urgency=low

  * Fix a segfault when closing an unused multi handle (Closes: #701713)
  * Mention LDAPS in packages' long descriptions
  * Clean-up d/rules
    - Switch to short-form dh
    - Enable test suite on hurd and kfreebsd too
    - Enable GSSAPI support on hurd too

curl (7.29.0-1) unstable; urgency=high

  * New upstream release
    - Fix buffer overflow when negotiating SASL DIGEST-MD5 authentication
      as per CVE-2013-0249 (Closes: #700002)
      http://curl.haxx.se/docs/adv_20130206.html
    - Set urgency=high accordingly
  * Install all the examples
  * Update 90_gnutls.patch and 99_nss.patch
  * Refresh patches
  * Correctly pass CPPFLAGS to ./configure
  * Upload to unstable

curl (7.28.1-1) experimental; urgency=low

  * New upstream release
  * Drop 05_fix-git-over-https.patch and 08_fix-git-auth.patch
    (merged upstream)
  * Update 07_do-not-disable-debug-symbols.patch
  * Refresh patches
  * Add NEWS entry about change in CURLOPT_SSL_VERIFYHOST semantics

curl (7.28.0-3) unstable; urgency=low

  * Add 07_do-not-disable-debug-symbols.patch, do not pass --enable-debug
    anymore (Closes: #693110)
  * Update 05_fix-git-over-https.patch to reflect new upstream patch
  * Add 08_fix-git-auth.patch to fix HTTPS authentication (Closes: #690764)

curl (7.28.0-2) unstable; urgency=low

  * Add 05_fix-git-over-https.patch (Closes: #690551)
  * Add 06_always-disable-valgrind.patch (Closes: #690968)

curl (7.28.0-1) unstable; urgency=low

  * New upstream release
    - gnutls: do not fail on non-fatal handshake errors (Closes: #685402)
  * Remove versioned build depends on libssh2 (already in stable)
  * Bump Standards-Version to 3.9.4 (no changes needed)
  * Refresh 01_runtests_gdb.patch
  * Update *.symbols files
  * Build depend on ca-certifcates to avoid test failure

curl (7.27.0-1) unstable; urgency=low

  * New upstream release
  * Update upstream copyright
  * Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch

curl (7.26.0-1) unstable; urgency=low

  * New upstream release
    - Reject numerical IPv6 addresses outside brackets (Closes: #670126)
  * Email change: Alessandro Ghedini -> ghedo@debian.org
  * Stricter Depends on libcurl3 (Closes: #666089)
  * Remove Ramakrishnan (as per his request), move myself to Maintainer
    Thank you for all your work so far
  * Disable memory tracking, but keep debug enabled
    - Remove memdebug symbols (used by curl only)
  * Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch
  * Disable not-quite-working symbols hiding

curl (7.25.0-1) unstable; urgency=low

  * New upstream release
    - Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (Closes: #658276)
    - Allow negative numbers as option value (Closes: #659591)
  * Add libssh2-1-dev to libcurl4-gnutls-dev and libcurl4-nss-dev Depends
  * Bump debhelper compat level to 9
    - Make *.links files executable to simplify rules file
  * Pass --as-needed ld flag to avoid unneeded dependencies
    - Add workaround_as_needed_bug to workaround a libtool bug
    - Drop dont_link_to_krb5 (not needed because of --as-needed)
  * Do some clean-up in debian/rules
  * Update debian/copyright format as in Debian Policy 3.9.3
  * Bump Standards-Version to 3.9.3
  * Explicit Conflicts in -dev packages (fixes binaries-have-file-conflict)
  * Add openssh-server to build depends to enable some more tests
  * Update upstream copyright years
  * Refresh patches

curl (7.24.0-1) unstable; urgency=high

  * New upstream release
    - Improve documentation for the --capath option (Closes: #628697)
    - Fix URL sanitization vulnerability as per CVE-2012-0036
      http://curl.haxx.se/docs/adv_20120124.html
    - Fix SSL CBC IV vulnerability as per CVE-2011-3389
      http://curl.haxx.se/docs/adv_20120124B.html
    - Set urgency=high accordingly
  * Remove curl_links_with_rt patch (curl links to librt anyway)
  * Improve descriptions of -dev and -dbg packages
  * Drop fix_manpage_spelling and versioned patches (merged upstream)
  * Refresh patches
  * Add keep_symbols_compat patch to not break backwards ABI compatibility
  * Enable libssh2 support for GnuTLS and NSS flavours too
    (libssh2 now uses libgcrypt instead of libssl)

curl (7.23.1-3) unstable; urgency=low

  * Enable security hardening flags
  * Remove libdb-dev from B-D (not used)
  * Improve short and  long descriptions
  * Provide proper *.symbols files (Closes: #651619)
  * Do not version Curl_* symbols (for internal use only)
  * Do not override dh_makeshlibs version anymore

curl (7.23.1-2) unstable; urgency=low

  * Bump shlibs version for libcurl3-nss (Closes: #650498)

curl (7.23.1-1) unstable; urgency=low

  * New upstream release
    - Do not use gnutls_priority_set_direct and
      gnutls_certificate_type_set_priority anymore (Closes: #624024)
  * Refresh patches
  * Add --enable-debug flag to configure (Closes: #648902)
  * One Provides/Replaces per line
  * libcurl4-openssl-dev Provides libcurl4-dev too (Closes: #644126)
  * Specify only 3 components for Standards-Version
    (the fourth is not really needed)
  * Move ca-certificates to Recommends in lib* packages (Closes: #546607)
  * Add NSS flavour to versioned symbols

curl (7.22.0-3) unstable; urgency=low

  [ Ramakrishnan Muthukrishnan ]
  * Add new Uploaders, Ian and Alessandro. (Closes: #647255)

  [ Luk Claes ]
  * Install lintian overrides with dh_lintian.
  * Install all files with dh_install and get rid of dh_installdirs.

  [ Alessandro Ghedini ]
  * New upstream release.
  * Bump debhelper compat level to 8.
  * debian/control:
    - One (Build-)Depends per line.
    - Sort (Build-)Depends.
    - Remove Build-Depends on binutils
      (v2.18 is already in oldstable and it is Build-Essential: yes).
    - Build depends on stunnel4 instead of stunnel
      (stunnel is just a dummy package).
    - Remove duplicate Section field in package curl.
    - Add Luk to Uploaders too, sort names.
  * debian/patches:
    - Update runtests_gdb patch, add DEP3 headers.
    - Update gnutls and nss patches, add DEP3 headers.
    - Refresh other patches.
    - Add DEP3 headers to all the patches.
    - Remove libtool patch (not applied anyway)
    - Set Forwarded: not-needed for Debian specific patches
  * Replace dh_clean -k call with dh_prep
    (dh_clean -k is deprecated since debhelper 7).
  * Add fix_manpage_spelling patch
  * debian/copyright:
    - Switch to DEP5 format
    - Update copyright information
  * Add librtmp-dev to libcurl4-nss-dev too

curl (7.21.7-3) unstable; urgency=low

  * debian/rules: Build only curl and libcurl3 with rtmp support. Rest of the
    packages do not need to be built with rtmp support. (closes: #641173)

curl (7.21.7-2) unstable; urgency=low

  * debian/control: libcurl*-dev packages should depend on librtmp-dev.
    (closes: #640260)
  * debian/rules: add build-arch and build-indep targets.

curl (7.21.7-1) unstable; urgency=low

  * New Upstream release which fixes the following bugs.
    - libcurl3-gnutls: HTTPS over HTTP still broken in
      Git (closes: #627335)
    - git-core: gnutls_handshake() fail when using
      https:// over a proxy (closes: #559371)
  * debian/control: capitalize 'ftp'. (closes: #587338)
  * debian/rules: add build-arch and build-indep targets.

curl (7.21.6-3) unstable; urgency=low

  * Apply the Multiarch patch from Steve Langasek.
    (closes: #631946)

curl (7.21.6-2) unstable; urgency=high

  * Fix for the inappropriate GSSAPI delegation vulnerability (CVE-2011-2192).
    (closes: #631615)

curl (7.21.6-1) unstable; urgency=low

  * New upstream release to fix a HTTPS over a HTTP proxy bug on 7.21.5.

curl (7.21.5-1) unstable; urgency=low

  * New Upstream version. (closes: #623459)
  * debian/patches/{sslv2_disable, error_code}: removed as these
    patches were backported earlier from new upstream and this
    release incorporates them.

curl (7.21.4-2) unstable; urgency=low

  * debian/patches/{sslv2-disable, series}: Apply the
    upstream commit c66b0b32fba175d5f096c944d8ec8f9f06299f4a.
    (closes: #622016)
  * debian/{rules, control}: enable rtmp. (closes: #622328)
  * debian/control: removing hurd from dependencies. Hurd is
    an 'essential' package.

curl (7.21.4-1) unstable; urgency=low

  * New upstream release.
  * debian/control: downgraded the version number of libdb-dev required
    to 4.6 from 4.7, based on the inputs from Erik Schanze <schanzi_@gmx.de>.

curl (7.21.3-1) unstable; urgency=low

  * New upstream release.
  * debian/*.manpages: adding all manpages for the curl library.
    (closes: #605651)
  * gnutls->handshake: improved timeout handling. See #594150 for details.

curl (7.21.2-4) unstable; urgency=low

  * support for curl library built against nss.
    (closes: #606244)
  * honour DEB_BUILD_OPTIONS=nocheck option.
    (closes: #606059)

curl (7.21.2-3) unstable; urgency=low

  * debian/rules: reverting changes related to c-ares inclusion.
  * debian/control: removing libc-ares-dev for now.
    (closes: #605558)

curl (7.21.2-2) unstable; urgency=low

  * debian/control: add libc-ares-dev as build dependency.
  * debian/rules: invoke configure with --enable-ares.
    (closes: #570436)
  * debian/copyright: add copyright notice of `lib/security.c'
    to the copyright file. (closes: #603712)

curl (7.21.2-1) unstable; urgency=low

  * New upstream release.

curl (7.21.1-1) unstable; urgency=low

  * New upstream release.

curl (7.21.0-1) unstable; urgency=low

  * New upstream.

curl (7.20.1-2) unstable; urgency=low

  * debian/rules: Removed the custom LDFLAGS variable. This is not
    required as we are no longer using the libtool patch.
    (closes: #578774)

curl (7.20.1-1) unstable; urgency=low

  * New upstream release.
  * debian/patches/missing-double-quote: No longer needed as it has been
    fixed by the upstream.
  * debian/patches/no_com_err: Reworked the patches for the new release.
  * debian/patches/versioned: fix for build failure of 'make test'.
    (closes: #576237)
  * debian/rules: removed --enable-ldaps option from the configure as LDAP
    SSL (Novell extensions to openldap) is not available as Debian packages.
  * lib/http.c: chunked-encoding with Content-Length header problem has
    been fixed in the upstream. (closes: #572276)

curl (7.20.0-3) unstable; urgency=low

  * debian/control: Vcs* tags added.
  * docs/libcurl/libcurl.m4: added the missing double quote (closes: #576518).

curl (7.20.0-2) unstable; urgency=low

  * New Maintainer (closes: #574137).
  * Bug #533669 (curl segmentation fault in addbyter()) is fixed
    from release 7.19.7 onwards (closes: #533669).
  * Bug #510559 (curl sends whitespace unencoded in the url) can't
    be reproduced in the 7.20.0 release (closes: #510559).

curl (7.20.0-1) unstable; urgency=low

  * Package is orphaned.
  * New upstream release.
  * Switch to dpkg-source 3.0 (quilt) format (closes: #538547).
  * Fixed build error with binutils-gold (closes: #554296).

curl (7.19.7-1) unstable; urgency=low

  * New upstream release:
    - curl_getdate(3) now correctly manages single letter military
      timezones as specified in RFC 822 (closes: #551461).
  * build depends on generic libdb-dev (closes: #548476).
  * build depends on libssh2-1-dev (>= 1.2) to enable new curl options.

curl (7.19.5-1) unstable; urgency=low

  * New upstream release
  * Fix "libcurl3-gnutls has memory corruption" by upgrading to new upstream
    release, which fixes this bug (Closes: #530131)
  * update standards version to 3.8.1
  * adjust overrides from libdevel to debug for -dbg package
  * adjust doc-base section

curl (7.19.4-1) unstable; urgency=low

  * New upstream release
  * Fix "newer bdb version" <explain what you changed and why>
    (Closes: #517277)
  * resolve libtool version confusion, thanks to
    Stefanos Harhalakis <v13@v13.gr>
  * add new dependency on libgcrypt11-dev due to newly arising binary symbols

curl (7.18.2-8lenny1) stable-security; urgency=high

  * Applied upstream patch to fix arbitrary file access (CVE-2009-0037).

curl (7.18.2-8) unstable; urgency=low

  * Fix "Please add support for ldap/ldaps protocols"
    by changing the linker option for liblber (Closes: #506096)

curl (7.18.2-7) unstable; urgency=low

  * disable c-ares support again, no fix yet, just get stuff working again.

curl (7.18.2-6) unstable; urgency=low

  * enable c-ares support, with ipv6 support

curl (7.18.2-5) unstable; urgency=low

  * /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns
    "-Wl, -z, defs" (Closes: #488701), closing same bug again for
    curl-config --libs  command

curl (7.18.2-4) unstable; urgency=medium

  * /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns
    "-Wl, -z, defs" (Closes: #488701)

curl (7.18.2-3) unstable; urgency=low

  * removing c-ares from the dependencies

curl (7.18.2-2) unstable; urgency=medium

  * blanking the "dependency_libs" line in lib*.la file to keep all the listed libs
    from being linked to other libs linking to curl.
  * fixing miss-linking problem by specifying liblber as a configure argument
  * disabling c-ares again for stability reasons
  * correcting libgssapi linking in configure.ac (patch no_com_err)

curl (7.18.2-1e1) experimental; urgency=low

  * testing c-ares-ipv6 integration patch

curl (7.18.2-1) unstable; urgency=low

  * New upstream release:
    - removed patches/ftp-response, it is already in the upstream release
    - fixed issues with kerberos ftp (closes: #478864).
  * Disable c-ares support, it is still not ready for Debian's wide
    user base (closes: #478864, #481189).
  * Standards-Version bumped to 3.8.0:
    - added support for parallel builds to debian/rules
  * Removal of $QUILT_PC's override makes this package ready for new
    source format 3.0 (quilt) (closes: #485023).
  * Configure build with --with-ca-path but only for OpenSSL flavour,
    GnuTLS supports only --with-ca-bundle (closes: #482814, #483999).
    Both libcurl3 and libcurl3-gnutls now depend on ca-certificates.

curl (7.18.1-1) unstable; urgency=low

  * New upstream release.
  * Fixed crossbuilding bug (closes: #465089).
  * Improved error reporting in case of failing FTP (closes: #474224).
  * Enable c-ares support (closes: #352694).
  * libcurl3-dbg now depends on either libcurl3 or libcurl3-gnutls
    (closes: #463173).

curl (7.18.0-1) unstable; urgency=low

  * New upstream release.
  * Use Homepage field in debian/control.

curl (7.17.1-1) unstable; urgency=low

  * New upstream release:
    - fixed bad use of "its" in curl.1 (closes: #443734)
    - fixed curl_easy_escape() with input bytes that are >= 0x80
      (closes: #445214)

curl (7.17.0-1) unstable; urgency=low

  * New upstream release.
  * Updated to use libssh2-1-dev (closes: #441979, #442198).
  * Do not run the test suite on hurd (closes: #433834).
  * Enabled support for LDAPS protocol.

curl (7.16.4-5) unstable; urgency=low

  * libcurl4-openssl-dev now depends on libssh2-0-dev.
    closes: #439317, #439326.

curl (7.16.4-4) unstable; urgency=low

  * Build libcurl/GnuTLS without libssh2 because of the usual OpenSSL
    vs. GPL software lincense conflict (closes: #439176).

curl (7.16.4-3) unstable; urgency=low

  * Added support for scp and SFTP protocols.

curl (7.16.4-2) unstable; urgency=low

  * Fixed regression with FTP sites not requesting PASS (closes: #435771).

curl (7.16.4-1) unstable; urgency=low

  * New upstream release (closes: #432514).
  * Welcome Andreas to the curl packagers!
  * Build-Depends is now more backporting friendly.

curl (7.16.2-6) unstable; urgency=low

  * Added missing libcurl3 symlinks (closes: #429945)
    Patch courtesy of Bryan Donlan.

curl (7.16.2-5) unstable; urgency=low

  [ Steve Langasek ]
  * Re-introduce curl3 symbol versions and rename the packages back to
    libcurl3*, restoring ABI compatibility with the etch version of the
    package.

  [ Domenico Andreoli ]
  * Package libcurl4-gnutls-dev now suggests libcurl3-dbg.
  * libcurl3-dbg replaces/conflict/provide libcurl4-dbg.
  * Properly use ${binary:Version} in control file.

curl (7.16.2-4) unstable; urgency=low

  * Fixed configure.ac in case of build with GNUTLS (closes: #425013).
  * Fixed double-free bug (closes: #424894).
    Patch courtesy of Daniel Stenberg.

curl (7.16.2-3) unstable; urgency=low

  * Updated to db4.5 (closes: #421933).
  * Got rid of unused libcomerr2 dependency (closes: #392294).

curl (7.16.2-2) experimental; urgency=low

  * Improved package descriptions (closes: #410472).
  * Updated package Provides to ease the soname transition.

curl (7.16.2-1) experimental; urgency=low

  * New upstream release.
  * libcurl4-openssl-dev now depends on libcurl4-openssl (closes: #419774).
  * Bumped shlibs version to 7.16.2-1.
  * Patches are now managed with quilt.

curl (7.16.1-1) experimental; urgency=low

  * New upstream release.
  * Bumped shlibs version to 7.16.1-1.
  * Added HIDDEN section to version script to handle any __*, _rest or
    _save* local symbol.
  * Gopher protocol is not supported since 7.15.2. Removed any reference
    in package description (closes: #408704).
  * Moved libcurl/openssl to the new package libcurl4-openssl, now
    libcurl4 contains a version with no SSL or GSSAPI support (any
    future cryptographic stuff will be kept out of there).
  * Package libcurl4-dev now contains the matching headers for libcurl4
    (so crypto stuff).

curl (7.16.0-1) experimental; urgency=low

  * New upstream release.
  * Bumped shlibs version to 7.16.0-1.
  * libcurl4 and libcurl4-gnutls now only recommend ca-certificates
    (closes: #404103).
  * pkg-config .pc file now uses Libs.private (closes: #405226).

curl (7.15.5-1) unstable; urgency=low

  * New upstream release:
    - fixed nodes removal from the splay tree (closes: #375076).
  * Make package build also if $TAPE is set (closes: #377470).
  * Bumped shlibs version to 7.15.5-1.

curl (7.15.4-1ubuntu1) edgy; urgency=low

  * Synchronize to Debian. Only change left: Removal of stunnel and
    libdb4.2-dev build dependencies.

curl (7.15.4-1) unstable; urgency=low

  * New upstream release.
  * Bumped shlibs version to 7.15.4-1.

curl (7.15.3-2) unstable; urgency=low

  * Fixed bug in configure.ac that makes FTBFS (closes: #367954).

curl (7.15.3-1) unstable; urgency=high

  * New upstream release:
    - fixed TFTP packet buffer overflow vulnerability
      [lib/tftp.c, CVE-2006-1061].
    - improved curl_getenv.3 manpage grammar (closes: #357388).

curl (7.15.2-3) unstable; urgency=low

  * Applied upstream patch to fix multi interface and multi-part formposts
    (closes: #355715).
  * Build back with -O2, gcc 4.0.2-10 fixed the previously trigged bug.

curl (7.15.2-2) unstable; urgency=low

  * Added missing autotools invocation. Re-added versioned symbols
    (closes: #355241).
  * Bumped shlibs version to 7.15.2-2.
  * Build with -O3 to work around sospicious segfaults on tests 253
    and 255.

curl (7.15.2-1) unstable; urgency=low

  * New upstream release.
  * Bumped shlibs version to 7.15.2-1.
  * Adopted debhelper's compatibility level 5.

curl (7.15.1-1ubuntu2) dapper; urgency=low

  * SECURITY UPDATE: Arbitrary remote code execution with long tftp:// URLs.
  * lib/tftp.c: Fix unbounded sprintf() to avoid buffer overflow. Thanks to
    Ulf Harnhammar for discovering this.
  * CVE-2006-1061

curl (7.15.1-1ubuntu1) dapper; urgency=low

  * Resynchronise with Debian to get URL parser overflow fix from 7.15.1
    (CVE-2005-4077).

curl (7.15.1-1) unstable; urgency=low

  * New upstream release:
    - fixed buffer overflow in URL parser function (closes: #342339).

curl (7.15.0-5.1) unstable; urgency=high

  * Non-maintainer upload.
  * Urgency high for RC bug fix.
  * Let libcurl3-*-dev depend on libkrb5-dev (closes: #340784, #340916).

curl (7.15.0-5) unstable; urgency=low

  * libcurl3-gnutls-dev and libcurl3-openssl-dev now only recommend
    libkrb5-dev (closes: #334888).
  * Applied upstream patch to fix error message in case FTP-path does
    not exist (closes: #338680).
  * Applied upstream patch to fix parsing of --limit-rate command line
    option (closes: #338681).

curl (7.15.0-4ubuntu1) dapper; urgency=low

  * Resynchronise with Debian (only change left: Removal of stunnel build
    dependency).
  * Remove libdb4.2-dev build dependency.

curl (7.15.0-4) unstable; urgency=low

  * Fixed output of curl-config --vernum (closes: #335296).
  * libcurl3-openssl-dev now replaces libcurl3-dev older than 7.14.1-1
    (closes: #335277).

curl (7.15.0-3) unstable; urgency=low

  * libcurl3 and libcurl3-gnutls now suggest libldap2 (closes: #294407).

  * Re-introduced libcurl3-dev package for transition reasons.

curl (7.15.0-2) unstable; urgency=low

  * Fixed depends of libcurl3-*-dev packages (closes: #334021, #333609, #334048).
  * Bumped shlibs version to 7.15.0-1 (closes: #334053).

curl (7.15.0-1) unstable; urgency=low

  * New upstream release:
    - fixed user+domain name buffer overflow in the NTLM code
      (CAN-2005-3185, closes: #333734).
    - libcurl3-*-dev packages now depend on libkrb5-dev (closes: #333609).
    - improved docs about curl_easy_setopt() and ERRORBUFFER (closes: #329313).

curl (7.14.1-5) unstable; urgency=low

  * Added build dependency on libtool (closes: #332729, #333174).

curl (7.14.1-4) unstable; urgency=low

  * Fixed SEE ALSO section in curl_excape.3 (closes: #331505).
  * Fixed configure.ac when --host=i586-mingw32msvc is given (closes: #329444).
  * Added missing example files (closes: #331722).
  * Updated build dependency for OpenSSL 0.9.8 transition.

curl (7.14.1-3) experimental; urgency=low

  * Fixed soname of libcurl-gnutls.so* variant.
  * Fixed broken sentence (closes: #329305).
  * Fixed reference to TheArtOfHttpScripting.gz (closes: #329299).
  * Added clarification about WRITEFUNCTION and WRITEDATA (closes: #329311).

curl (7.14.1-2) experimental; urgency=low

  * Started using the system-wide CA certificate file (closes: #308514).
  * Fixed apostrophe typos in the curl man page (closes: #326511).
  * Only curl_* symbols are now globally visible outside of libcurl.

curl (7.14.1-1) experimental; urgency=low

  * New upstream release.
  * libcurl3-gnutls has a modified soname and may be installed together
    with libcurl3 (closes: #318590).
  * Both libcurl3 and libcurl3-gnutls are built with versioned symbols
    and with support of GSSAPI authentication.
  * Renamed libcurl3-dev to libcurl3-openssl-dev.
  * Dropped package libcurl3-gssapi.

curl (7.14.0-5) unstable; urgency=low

  * Added libcurl3-gnutls and libcurl3-gnutls-dev packages (closes: #318590).
  * libcurl3-gssapi now has its own shlibs file. Packages built with this
    package installed will depend on it.

curl (7.14.0-4) unstable; urgency=low

  * OpenSSL is back (closes: #321294, #321391).

curl (7.14.0-3) unstable; urgency=low

  * Updated the use of dpkg-architecture (closes: #320046).
  * Added missing aclocal file libcurl.m4 to libcurl3-dev (closes: #315848).
  * Added (many) missing man pages (closes: #315850).
  * OpenSSL is replaced by GnuTLS in providing SSL support (closes: #318590).
  * Heimdal is replaced by MIT Kerberos in providing GSSAPI support.

curl (7.14.0-2ubuntu1) breezy; urgency=low

  * Synchronize with Debian.

curl (7.14.0-2) unstable; urgency=low

  * Rebuilt and uploaded to unstable.

curl (7.14.0-1) experimental; urgency=low

  * New upstream release.

curl (7.13.2-3) unstable; urgency=high

  * HTTP response headers with null bytes are now correctly managed
    (closes: #310948).

curl (7.13.2-2) unstable; urgency=low

  * Fixed conditional build of package libcurl3-gssapi
    (closes: #303939, #303953).

curl (7.13.2-1) unstable; urgency=low

  * New upstream release:
    - fixed curl man page typos (closes: #302820).

curl (7.13.1-3) unstable; urgency=low

  * Fixed hanging of some SSL connections (closes: #302366).

curl (7.13.1-2) unstable; urgency=low

  * Rebuilt to get the correct libidn11 dependency (closes: #299348).
  * Added some missing documentation files (closes: #298855).

curl (7.13.1-1) unstable; urgency=low

  * New upstream release.
  * Bumped up shlibs version for libcurl3 because of new curl options.

curl (7.13.0-2) unstable; urgency=high

  * Fixed NTLM Authentication buffer overflow (closes: #296678).
    Patch courtesy of Daniel Stenberg. This handles CAN-2005-0490.
  * Removed libcurl2* packages and all the scary stuff used to build them
    (closes: #274631).

curl (7.13.0-1) unstable; urgency=low

  * New upstream release.
  * libcurl3 now suggests package libldap2-dev to enable support for
    LDAP protocol.
  * Bumped up shlibs version for libcurl3 because of new curl options.

curl (7.12.3-2ubuntu3) hoary; urgency=low

  * Fix the version numbers internal to debian/rules.  Closes; #8088

curl (7.12.3-2) unstable; urgency=low

  * Disabled test suite on m68k, it stalls.

curl (7.12.3-1) unstable; urgency=low

  * New upstream release:
    - fixed debug tracing to network socket is stderr is closed
      (closes: #278691).
  * Applied patch to fix getpass license problems (closes: #286794).
    Patch courtesy of Daniel Stenberg.
  * Bumped up shlibs version for libcurl3 because of new curl options.

curl (7.12.2-2) unstable; urgency=low

  * libcurl3-dbg package is now built by dh_strip --dbg-package
    (closes: #274710).
  * Added build dependency on libdb4.2-dev.

curl (7.12.2-1) unstable; urgency=low

  * New upstream release.
  * Update diff to 7.11.2.
  * Add debian/watch file.
  * Add myself as a uploader.

curl (7.12.1-1) unstable; urgency=low

  * New upstream release:
    - workaround for ASN1_STRING_to_UTF8 failing if input is already
      UTF-8 encoded (closes: #264711).
  * Bumped up shlibs version for libcurl3 because of the introduction
    of FTP 3rd party transfer support options.

curl (7.12.0.rel-6) unstable; urgency=low

  * In rebuilding the 7.11.2 tree starting from the 7.12.0 one,
    lib/getdate.y is patched before lib/getdate.c (closes: #262597).

curl (7.12.0.rel-5) unstable; urgency=low

  * Tests are performed only if build target and building host are the
    same and are not kfreebsd-gnu or knetbsd-gnu (closes: #261591).
  * On hurd-i386 libcurl3-gssapi is not built.

curl (7.12.0.rel-4) unstable; urgency=low

  * Added build dependency on groff-base to really build the built-in
    manual.
  * libcurl3 now replaces old libcurl2 versions (closes: #255262).

curl (7.12.0.rel-3) unstable; urgency=low

  * Enabled curl's built-in manual.
  * configure script for 7.11.2 is now managed correctly.

curl (7.12.0.rel-2) unstable; urgency=low

  * libcurl2 uses curl-ca-bundle-7.11.2.crt (closes: #255262).
    Yes, it is a hack to not add libcurl-common package right now.

curl (7.12.0.rel-1) experimental; urgency=low

  * Version 7.12.0 is back with proper libcurl3* packages.
  * libcurl2* 7.11.2 packages are still provided (closes: #252879).
  * Enabled again the support for libidn.

curl (7.12.0.is.7.11.2-1) unstable; urgency=low

  * Reverted to version 7.11.2 (closes: #252348).
  * Disabled support for libidn (closes: #252367). This is to leave
    curl in unstable as much similar as possible to the one in testing.

curl (7.12.0-1) unstable; urgency=low

  * New upstream release:
    - fixed minor man page problem (closes: #232928)
    - improved --create-dirs description in curl man page (closes: #251351)
  * Enabled support for libidn.

curl (7.11.2-2) unstable; urgency=low

  * Fixed curl.1 man page (closes: #232928).
    Patch courtesy of Daniel Stenberg, the upstream developer.

curl (7.11.2-1) unstable; urgency=low

  * New upstream release.
  * Bumped up shlibs version because of the introduction of
    CURLOPT_TCP_NODELAY option.

curl (7.11.1-2) unstable; urgency=low

  * Added GSSAPI support to package libcurl2-gssapi (closes: #241553).

curl (7.11.1-1) unstable; urgency=low

  * New upstream release.
  * Bumped up shlibs version because of the introduction of
    CURLOPT_POSTFIELDSIZE_LARGE option.

curl (7.11.0-4) unstable; urgency=low

  * Applied fix from upstream's CVS which adds another CRLF in
    chunked-transfers.

curl (7.11.0-3) unstable; urgency=low

  * "Fixed" build process, now the right file is searched for CA
    certificates (closes: #228182).

curl (7.11.0-2) unstable; urgency=low

  * Test suite is still performed but is not critical for the build
    being successful any more.

curl (7.11.0-1) unstable; urgency=low

  * New upstream release.

curl (7.10.8+7.11.0-pre1-1) unstable; urgency=low

  * New upstream pre-release:
    - proxy+ssl now passes post variables (closes: #222901)
    - various test case problems exposed in #222140 should now be fixed.
  * Bumped up shlibs version because of the introduction of
    CURLOPT_NETRC_FILE and CURLOPT_FTP_SSL options in libcurl.

curl (7.10.8-1) unstable; urgency=low

  * New upstream release:
    - fixed LDAP support (closes: #149609)
    - cleaner environment for testsuite execution (closes: #210253)
    - fixed lib/Makefile.am's use of LDFLAGS (closes: #212086)
    - fixed name clash in curl.h with respect to unistd.h (closes: #213180)
    - fixed typo in curl manpage (closes: #218046).
  * Bumped up shlibs version because of new libcurl options.
  * Added stunnel to the Build-Depends in order to enable SSL test cases.

curl (7.10.7-2) unstable; urgency=low

  * Fixed bug in cache_resolv_response on alpha and ia64 (closes: #207174).
    Patch courtesy of Jurij Smakov.

curl (7.10.7-1) unstable; urgency=low

  * New upstream release.
  * Bumped up shlibs version because of the introduction of CURLOPT_PROXYAUTH
    and CURLOPT_FTP_CREATE_MISSING_DIRS options in libcurl.

curl (7.10.6-3) unstable; urgency=low

  * Applied patch to fix test 60 on ia64.

curl (7.10.6-2) unstable; urgency=low

  * Applied patch from upstream to fix url globbing (closes: #203827).
  * make test is still performed on building debug stuff but errors
    are ignored.

curl (7.10.6-1) unstable; urgency=low

  * New upstream release:
    - added spport for http_proxy env var with name:passwd
      (closes: #193630).
  * make test is invoked after build

curl (7.10.5-1) unstable; urgency=low

  * New upstream release:
    - fixed typo in curl's man page (closes: #189272).
  * New libcurl option CURLOPT_FTP_USE_EPRT has been added, bumped
    up shlibs.

curl (7.10.4-1) unstable; urgency=low

  * New upstream release:
    - now uses new settings properly when re-using an existing connection
      (closes: #185254)
    - curl man page now refers to MANUAL (closes: #178509).
  * Changed section of libcurl2-dev and libcurl2-dbg to libdevel.

curl (7.10.3-3) unstable; urgency=low

  * Rebuilt to link against libssl0.9.7.
  * Improved package descriptions thanks to suggestions provided by
    Filip Van Raemdonck <mechanix@debian.org> (closes: #177995).

curl (7.10.3-2) unstable; urgency=low

  * Development package is now named libcurl2-dev, it provides
    libcurl-dev.  People can now safely make their build dependencies
    and be sure to use the right stuff.
  * New package libcurl2-dbg is provided to help in debugging sessions.

curl (7.10.3-1) unstable; urgency=low

  * New upstream release.
  * It now suggests ca-certificates package.

curl (7.10.2-2) unstable; urgency=low

  * Added AM_MAINTAINER_MODE to configure.in (closes: #170050).

curl (7.10.2-1) unstable; urgency=low

  * New upstream release:
    - fixed segfault on retrieving relative redirects (closes: #165382)
    - fixed a leak of debug output (closes: #167678).
  * Updated config.guess and config.sub (closes: #166153).
  * Added zlib1g-dev to build and libcurl-dev dependencies
    (closes: #169654).
  * Added HTML and PDF versions of all manpages in libcurl-dev package.

curl (7.10.1-1) unstable; urgency=low

  * New upstream release.

curl (7.10-1) unstable; urgency=low

  * New upstream release:
    - new way to use option -x to prevent curl from using any proxy
      server (closes: #161153).

curl (7.9.8-2) unstable; urgency=low

  * Added again libcurl2-ssl to the libcurl2 conflicts.

curl (7.9.8-1) unstable; urgency=low

  * New upstream release.
  * Double flavor of curl to support both non-SSL and SSL is gone.
    Now curl comes only with SSL. Who needs SSL can require curl
    version >= 7.9.8 .

curl (7.9.7-2) unstable; urgency=low

  * Fixed the bashism in debian/rules (closes: #147352).
  * SSL and non-SSL series of curl packages are now built from the
    same source. thanks crypto-in-main! :)

curl (7.9.7-1) unstable; urgency=low

  * New upstream release.

curl (7.9.6-1) unstable; urgency=low

  * New upstream release.
  * libcurl.3 manpage is now installed by libcurl-dev instead of
    libcurl2. Indeed it provides an overview on how to use libcurl in
    C programs.

curl (7.9.5-2) unstable; urgency=low

  * curl-ssl stuff moved from non-US to main.

curl (7.9.5-1) unstable; urgency=low

  * New upstream release (closes: #134608).
  * Added autotools-dev to the build dependencies. config.{guess,sub}
    can now be updated automatically in the build process.

curl (7.9.3-2) unstable; urgency=low

  * Upstream source code has been correctly imported in my CVS
    repository (closes: #130906).

curl (7.9.3-1) unstable; urgency=low

  * New upstream release:
    - fixed wrong assumption on char signedness (closes: #127011)
    - missing header added accordingly (closes: #130401)
  * Fixed a typo in curl description (closes: #124526).

curl (7.9.2-1) unstable; urgency=low

  * Ne…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging a pull request may close this issue.

3 participants