[ubuntu/yakkety-proposed] curl 7.50.1-1ubuntu1 (Accepted)

Gianfranco Costamagna locutusofborg at debian.org
Wed Aug 3 15:16:15 UTC 2016 

curl (7.50.1-1ubuntu1) yakkety; urgency=medium

  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

curl (7.50.1-1) unstable; urgency=medium

  * New upstream release (Closes: #827900)
    - Fix TLS session resumption client cert bypass as per CVE-2016-5419
      https://curl.haxx.se/docs/adv_20160803A.html
    - Fix re-using connection with wrong client cert as per CVE-2016-5420
      https://curl.haxx.se/docs/adv_20160803B.html
    - Fix use of connection struct after free as per CVE-2016-5421
      https://curl.haxx.se/docs/adv_20160803C.html
    - Support OpenSSL 1.1 (Closes: #828127)
  * Fix 04_workaround_as_needed_bug.patch.
    Thanks to Yuriy M. Kaminskiy for the patch (Closes: #818131)
  * Bump Standards-Version to 3.9.8 (no changes needed)
  * Update Vcs-* URLs
  * Refresh patches
  * Add 08_enable-zsh.patch to re-enable zsh completion generation
  * Remove 08_fix-zsh-completion.patch (was already disabled)
  * Add 09_fix-typo.patch to fix spelling-error-in-manpage
  * Add 10_disable-network-tests.patch to disable networked tests
    (Closes: #830273)
  * Improve cross Build-Depends satisfiability.
    Thanks to Helmut Grohne for the patch (Closes: #818092)

Date: Wed, 03 Aug 2016 15:29:21 +0200
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.50.1-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 03 Aug 2016 15:29:21 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.50.1-1ubuntu1
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 818092 818131 827900 828127 830273
Changes:
 curl (7.50.1-1ubuntu1) yakkety; urgency=medium
 .
   * Merge from Debian. Remaining changes:
     - Drop dependencies not in main:
       + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
       + Drop libssh2-1-dev from binary package Depends.
       + debian/control: drop --with-nghttp2
   * Drop libgnutls28-dev change, the rename didn't happen in Debian
   * Readd stunnel build dependency, we can build-depend from
     universe now.
 .
 curl (7.50.1-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #827900)
     - Fix TLS session resumption client cert bypass as per CVE-2016-5419
       https://curl.haxx.se/docs/adv_20160803A.html
     - Fix re-using connection with wrong client cert as per CVE-2016-5420
       https://curl.haxx.se/docs/adv_20160803B.html
     - Fix use of connection struct after free as per CVE-2016-5421
       https://curl.haxx.se/docs/adv_20160803C.html
     - Support OpenSSL 1.1 (Closes: #828127)
   * Fix 04_workaround_as_needed_bug.patch.
     Thanks to Yuriy M. Kaminskiy for the patch (Closes: #818131)
   * Bump Standards-Version to 3.9.8 (no changes needed)
   * Update Vcs-* URLs
   * Refresh patches
   * Add 08_enable-zsh.patch to re-enable zsh completion generation
   * Remove 08_fix-zsh-completion.patch (was already disabled)
   * Add 09_fix-typo.patch to fix spelling-error-in-manpage
   * Add 10_disable-network-tests.patch to disable networked tests
     (Closes: #830273)
   * Improve cross Build-Depends satisfiability.
     Thanks to Helmut Grohne for the patch (Closes: #818092)
Checksums-Sha1:
 799d2f82da9fc0d061e1d63d29cec9275f9c83c4 2789 curl_7.50.1-1ubuntu1.dsc
 c8db732c280059f570fc39c6b49ae5c1f19ee5ef 8894258 curl_7.50.1.orig.tar.gz
 40bade7af79f83f879745042c67e817db8af3b01 29736 curl_7.50.1-1ubuntu1.debian.tar.xz
Checksums-Sha256:
 934019c7a278bab83702d42cb5b107eb3e8249fb1964e9274d3e81382ae1368d 2789 curl_7.50.1-1ubuntu1.dsc
 3e392cf600822b817be82d9080b377fcbab70538d5a8bf525a1cd66e157b99ea 8894258 curl_7.50.1.orig.tar.gz
 62f73738174586c74e40ec20460e11392e3540f7a5b2e88b37ca490cfeac104a 29736 curl_7.50.1-1ubuntu1.debian.tar.xz
Files:
 99b60904e6bae7a82c69cb0632bf6cc5 2789 web optional curl_7.50.1-1ubuntu1.dsc
 c264788f2e4313a05140d712c1ec90c2 8894258 web optional curl_7.50.1.orig.tar.gz
 8e593f280f14c9153b259afc2dc7da07 29736 web optional curl_7.50.1-1ubuntu1.debian.tar.xz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXognGAAoJEGVp2FWnRL6TWaUP/2sLDPQO09CDH35VPlVV09R6
5+Szy856KWfaMjE3euSeryzfgvc058Zp3o3D5iM4P1jnb7cWrED92mYoIFSBJlFQ
WhYw6TNaNTc3SWzECHj776Fb6wf7ncUbdJSNruZpxMNtIZTSNPf5w3NZpNMtkLTw
GIf4X7Ap1QZSiyjsu+TkmgqieuqSkS0MUR8w1T/a2gthD2K32jgXq9gW/bb5CvQg
7EBsCLoFwprbLBlPHeeyB26w6FZ/OwRaTsHTLv26BDRmzquQHgm3uFkoLV+jlP/l
rCiVmKe41ZLFapz3/sG29/n+Bd7p8vJpreMkQRCU3ylcvZ/8rRhvcoQ8zgAnOdon
1oL/Q3s4jVhlpm53TobunKsvEMgCZVWA4QS+pfRRhQn6ApLZqfYtoUJP4e7Shnx0
zeyCo1e594/HgDKn33PFQw5ImeT2Qfnb6EUjir66/e8Ey+hYBy86nHFlXkHLFCeg
8pNgBhdDa67dQzP9V+W1z5si5K6uuvQKIKziiKvRGwvVHmjjnJDjH1E4TTX/3eyF
Fvz1gaIKXE1x+/5HmaTXZ3n8Y02Cgy94ybRUDLW1zvPqdNf+n1j8d3LoPMgL6pcI
yZWU1ks1MMiVlKREn60mKH4ABLf22Z4oXfq5knIdirFx8/RFvYjrnYOStuYOFfol
xitLZJxcMuQvMqJWWRk+
=3Ocf
-----END PGP SIGNATURE-----

More information about the Yakkety-changes mailing list