Accepted curl 7.74.0-1.2~bpo10+1 (source amd64 all) into buster-backports->backports-policy, buster-backports

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Apr 2021 20:44:32 +0000
Source: curl
Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev
Architecture: source amd64 all
Version: 7.74.0-1.2~bpo10+1
Distribution: buster-backports
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Martin <debacle@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 926148 926352 926812 940009 940010 940024 940129 942984 945928 948441 955785 963559 965280 965281 968831 969004 974996 977161 977162 977163 986269 986270
Changes:
 curl (7.74.0-1.2~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
 .
 curl (7.74.0-1.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * transfer: strip credentials from the auto-referer header field
     (CVE-2021-22876) (Closes: #986269)
   * vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
     (CVE-2021-22890) (Closes: #986270)
 .
 curl (7.74.0-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
 .
   [ Bruno Kleinert ]
   * Fixed "Please build-depend on libidn2-dev instead of obsolete transition
     package libidn2-0-dev" (Closes: #974996)
 .
 curl (7.74.0-1) unstable; urgency=medium
 .
   * New upstream release
     + Fix inferior OCSP verification as per CVE-2020-8286 (Closes: #977161)
       https://curl.se/docs/CVE-2020-8286.html
     + Fix FTP wildcard stack overflow as per CVE-2020-8285 (Closes: #977162)
       https://curl.se/docs/CVE-2020-8285.html
     + Fix trusting FTP PASV responses as per CVE-2020-8284 (Closes: #977163)
       https://curl.se/docs/CVE-2020-8284.html
   * Update debian/watch to new upstream download page layout
   * Update 12_use-python3-in-tests.patch due to renamed file
   * Refresh patches
   * Fix cross-build due to python build dependencies.
     Thanks to Helmut Grohne for the patch (Closes: #969004)
   * Fix formatting in some man pages.
     Thanks to Bjarni Ingi Gislason for the patch (Closes: #963559)
   * Update list of documentation files to install
   * Update symbols
   * Bump Standards-Version to 4.5.1 (no changes needed)
   * Drop removed file from d/copyright
 .
 curl (7.72.0-1) unstable; urgency=medium
 .
   * New upstream release
     + Fix partial password leak over DNS on HTTP redirect as per CVE-2020-8169
       (Closes: #965280)
       https://curl.haxx.se/docs/CVE-2020-8169.html
     + Fix local file overwrite with -J option as per CVE-2020-8177
       (Closes: #965281)
       https://curl.haxx.se/docs/CVE-2020-8177.html
     + Fix wrong connect-only connection as per CVE-2020-8231 (Closes: #968831)
       https://curl.haxx.se/docs/CVE-2020-8231.html
   * Refresh patches
   * Do not install *.la files.
     Thanks to Pino Toscano for the patch. (Closes: #955785)
   * Update list of doc files
   * Update copyright for polarssl -> mbedtls rename
   * Use python3 executable in tests
 .
 curl (7.68.0-1) unstable; urgency=medium
 .
   * New upstream release
   * Bump Standards-Version to 4.5.0 (no changes needed)
   * Update symbols files
   * Configure default CA file with OpenSSL again (Closes: #948441)
 .
 curl (7.67.0-2) unstable; urgency=medium
 .
   * Restore :native annotation for python3 Build-Depends.
     Thanks to Helmut Grohne for the patch (Closes: #945928)
 .
 curl (7.67.0-1) unstable; urgency=medium
 .
   * New upstream release
   * Replace python with python3 in Build-Depends (Closes: #942984)
   * Bump Standards-Version to 4.4.1 (no changes needed)
 .
 curl (7.66.0-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #940024)
     + Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
       https://curl.haxx.se/docs/CVE-2019-5481.html
     + Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
       (Closes: #940010)
       https://curl.haxx.se/docs/CVE-2019-5482.html
   * Refresh patches
   * Enable brotli support (Closes: #940129)
   * Update *.symbols files
 .
 curl (7.65.3-1) unstable; urgency=medium
 .
   * New upstream release
   * Drop 12_fix-man-errors.patch (merged upstream)
   * Remove Ian Jackson from Uploaders as he has never done an upload
 .
 curl (7.65.1-1) unstable; urgency=medium
 .
   * New upstream release
     + Reduce verbose output (Closes: #926148)
     + Fix parsing URLs with link local addresses (Closes: #926812)
   * Drop patches merged upstream
   * Refresh patches
   * Bump STandards-Version to 4.4.0 (no changes needed)
   * Update entry in copyright for renamed files
   * Fix some man errors.
     Thanks to Bjarni Ingi Gislason for the patch (Closes: #926352)
   * Add Build-Depends-Package field to symbols files
Checksums-Sha1:
 4987fc665f0acbf0947f669df1f98ba046749513 2697 curl_7.74.0-1.2~bpo10+1.dsc
 a54dae6125381da137415f2a830ee29aab94d446 36240 curl_7.74.0-1.2~bpo10+1.debian.tar.xz
 6018239ebec930327ae3b2c489a67701b9e222e4 144808 curl-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 8d3a791a6427db5e0444b867d2237972bdb7e93f 11923 curl_7.74.0-1.2~bpo10+1_amd64.buildinfo
 51cdcaefe57b0bfbf683d4c73057ecb26162926d 267504 curl_7.74.0-1.2~bpo10+1_amd64.deb
 d015419686c2c813a0c9780f13e52ce6e9bde27d 808404 libcurl3-gnutls-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 9c3b1a041bbec8b3fefcda38f94c8ea2edfc73d6 337196 libcurl3-gnutls_7.74.0-1.2~bpo10+1_amd64.deb
 bd12a3e4251ef2c55fcc3b6493eacf9f98e15a03 846312 libcurl3-nss-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 157046e5b4acbcebb3e43c94c75eba88fa6398aa 345148 libcurl3-nss_7.74.0-1.2~bpo10+1_amd64.deb
 92cd672524dda8efdd5b88a894c8e4e71e7cfab0 826368 libcurl4-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 44546210613f8b38df99304ad4b0578676fc313b 1007968 libcurl4-doc_7.74.0-1.2~bpo10+1_all.deb
 588d258bb04d4a9aaa57f4a421d984139837b1e6 428212 libcurl4-gnutls-dev_7.74.0-1.2~bpo10+1_amd64.deb
 3e08ed59634ae910d05619951d05ba13e1f75242 436244 libcurl4-nss-dev_7.74.0-1.2~bpo10+1_amd64.deb
 348fbdeeb6b617f1a5bffb2803f7674c045d0f2d 431748 libcurl4-openssl-dev_7.74.0-1.2~bpo10+1_amd64.deb
 c738e9eaa6623a87a14edf27190fdde569ddb885 340924 libcurl4_7.74.0-1.2~bpo10+1_amd64.deb
Checksums-Sha256:
 77371f671b0ded26095b91ff779027f41229edd309947017b50e97120f381a73 2697 curl_7.74.0-1.2~bpo10+1.dsc
 e642fb39e3e8485b895801e480a9b3bd895997f905a6802e47a29c2a821e9631 36240 curl_7.74.0-1.2~bpo10+1.debian.tar.xz
 3d34aecb84606da8e31946e26b8588d1d70133db9bbfacbd6ef931b56742a606 144808 curl-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 2fc67cbf4d6e6a824e3bf013c13e4576f27269cde12074168db0f25926b088cb 11923 curl_7.74.0-1.2~bpo10+1_amd64.buildinfo
 6884c89a7ba93f72077d7e24df053f4d5bb7f288f30eaa513a2da25cf58271c4 267504 curl_7.74.0-1.2~bpo10+1_amd64.deb
 ddbbe7d81dc21b6c4e76cd2821935c26f23e3640bfe28efd416bc88d5cd66eb3 808404 libcurl3-gnutls-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 46d8f0915405e077794b8a971bf47e2dc5d98fb75f10ea4fba5d10ed378c2e07 337196 libcurl3-gnutls_7.74.0-1.2~bpo10+1_amd64.deb
 bf382e19654efc71ba9940ab2f745159623caa7e241b2192588296f5f6bdea73 846312 libcurl3-nss-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 a8041a50aa92fb96d25c1c4feed58ca18efa31df174a63c2300192c286af7f1b 345148 libcurl3-nss_7.74.0-1.2~bpo10+1_amd64.deb
 49dd48b3b56dfec7e15a9bbf79a2ffd7501be2fc083448c71216f7852486b5b1 826368 libcurl4-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 fd7cf669c4d1f5caf41db153e1a242950f8a041634fa571e7753d5bc9c948326 1007968 libcurl4-doc_7.74.0-1.2~bpo10+1_all.deb
 9ff91e34031e7737ebeb062d2d26b2b78234b12e46478471f319d084ce181d57 428212 libcurl4-gnutls-dev_7.74.0-1.2~bpo10+1_amd64.deb
 e81c6c6148573605f3d1b50478dae3657c3400eef6c0c4cd6ffdb6d7b9c67074 436244 libcurl4-nss-dev_7.74.0-1.2~bpo10+1_amd64.deb
 85b0ebcfd5b93e8b8923324216fb151bb0e27363062d3fdba0b1fba4e16cbf87 431748 libcurl4-openssl-dev_7.74.0-1.2~bpo10+1_amd64.deb
 161922932320201fb889d3d3e7fed99754e16a3df9973688fb14300d4b4b9ae1 340924 libcurl4_7.74.0-1.2~bpo10+1_amd64.deb
Files:
 0d9ec8e0ee393417c0f8025573f39511 2697 web optional curl_7.74.0-1.2~bpo10+1.dsc
 660dd91d17275f988628864a7066681d 36240 web optional curl_7.74.0-1.2~bpo10+1.debian.tar.xz
 201cc6d3a0e32d4f67a21f0c06cb16af 144808 debug optional curl-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 041c4bcac8d2311e5f2d2168f557649c 11923 web optional curl_7.74.0-1.2~bpo10+1_amd64.buildinfo
 04c04fca63670ab74c72091e95effb4e 267504 web optional curl_7.74.0-1.2~bpo10+1_amd64.deb
 34a2cd6539bfde8784d81ec3d04c0118 808404 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 5b4cbd63469c86616a5ad8483efa808b 337196 libs optional libcurl3-gnutls_7.74.0-1.2~bpo10+1_amd64.deb
 499b5677abf8c5eb8cca1d5aa7302597 846312 debug optional libcurl3-nss-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 ad2792c44c92e160705eed7614fbbb87 345148 libs optional libcurl3-nss_7.74.0-1.2~bpo10+1_amd64.deb
 8142f0a0675c49bbfeea0778a29699b5 826368 debug optional libcurl4-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
 8739386c1aff3a18a6b47102d1ab2a91 1007968 doc optional libcurl4-doc_7.74.0-1.2~bpo10+1_all.deb
 ff716bdecd25321f1c5b7a517af4fbcc 428212 libdevel optional libcurl4-gnutls-dev_7.74.0-1.2~bpo10+1_amd64.deb
 2550d9606708578a648a2bfa70a24d66 436244 libdevel optional libcurl4-nss-dev_7.74.0-1.2~bpo10+1_amd64.deb
 0fe6ac58c04225d0d142b1e5a411c930 431748 libdevel optional libcurl4-openssl-dev_7.74.0-1.2~bpo10+1_amd64.deb
 1a2eba6bad6f8767cedee677ecb9af57 340924 libs optional libcurl4_7.74.0-1.2~bpo10+1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEftHeo0XZoKEY1KdA4+Chwoa5Y+oFAmB3Y/sACgkQ4+Chwoa5
Y+qhHg//QokkrQTedOS0s2ZNdMgir/nDenVGjt+9ZBpOixDzU1QqNyu1xYV+gNwF
PJj4QGSRyCcSiYIAm8uyQmhUAiZiWj5bcZ5Nwp8frsurdMW4tZcFN91S0yI4/t92
abW1PA2cB5ZeQ77D69cpG7lkz60a5lSCwMEbHFLVOkpFpP3VIHvO/jbgGwOkI9Hd
rlpVKqL3syqZW5LzIZczoNFNI20zesW09lC0q1APcwvo+U7KGL2le0818qkDhzEn
jADmoDINVcJKP2kfLznM+V0xn8i+jrjdJMd2abMPCWnKuxzmmvj0D9bDeO1ftett
k0i6WIQiezlzsxYgUNQrH8bnTggQSON+dFQsWO4BKz6faZOg4lO6k/tvXoC6F8BW
fBdKiW/D+NS3DgTarPBd87fuGx304UKxHOiwD30XqN/d5EiD90fa4+zR1toX95K/
C84OcLQxt4AKDuWPxxUifpDsGikCggtxvfMsegqQWYlWswZtqvEIFvajdNqv4LYt
r7m2+yGrN+Dk69Orl9V1rlFFz3Dg3wcgjklLmbAzbmBqP7pSOgWTtxWVfNM+/AcZ
eSofozYav9EjylCOyWVZFAZByMnzKcGZxpEz8SjWY+NPBiPTD+QBvv2ePDOIGC5p
CpUg0tFgq2ZuHyspG54JeGsaYs2vt/FQRVEx0COMeT6mpJ/+X3Q=
=5iZ/
-----END PGP SIGNATURE-----