Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-backports-changes@lists.debian.org>
Subject: Accepted curl 8.11.1-1~bpo12+1 (source) into stable-backports
Date: Sun, 15 Dec 2024 14:40:07 +0000
Signed by: Samuel Henrique <samueloph@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 15 Dec 2024 10:14:51 -0300
Source: curl
Architecture: source
Version: 8.11.1-1~bpo12+1
Distribution: bookworm-backports
Urgency: medium
Maintainer: Debian Curl Maintainers <team+curl@tracker.debian.org>
Changed-By: Aquila Macedo Costa <aquilamacedo@riseup.net>
Closes: 1086804 1089682
Changes:
 curl (8.11.1-1~bpo12+1) bookworm-backports; urgency=medium
 .
   * Rebuild for bookworm-backports.
 .
 curl (8.11.1-1) unstable; urgency=medium
 .
   [ Samuel Henrique ]
   * New upstream version 8.11.1
     - Fix CVE-2024-11053: netrc and redirect credential leak (closes: #1089682)
   * Update wcurl to 2024.12.08
   * New patches:
     - async_thread_avoid_closing_eventfd_twice: Fix file descriptor issue with eventfd
     - sectransp_free_certificate_on_error: Fix memory leak
   * Refresh patches:
     - ZZZgnutls-build
     - build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a
   * d/p/11_omit-directories-from-config: Update patch
   * Drop merged patches:
     - cmdline_ech_md_formatting_cleanups
     - duphandle_also_init_netrc
     - libssh_when_using_IPv6_numerical_address_add_brackets
     - netrc_support_large_file_longer_lines_longer_tokens
     - setopt_fix_CURLOPT_HTTP_CONTENT_DECODING
   * d/p/Remove-curl-s-LDFLAGS-from-curl-config-static-libs: Remove patch, not needed anymore
 .
   [ Carlos Henrique Lima Melara ]
   * d/t/upstream-tests-*: test gnutls backend against installed curl
   * d/t/control: install curl on upstream-tests-gnutls and remove on openssl
 .
 curl (8.11.0-1) unstable; urgency=medium
 .
   [ Samuel Henrique ]
   * New upstream version 8.11.0
   * Fix CVE-2024-9681: HSTS subdomain overwrites parent cache entry
    (closes: #1086804)
   * Update patches for the new release
   * d/rules: Drop '--enable-websockets', it's enabled by default now
   * d/libcurl*.symbols: Remove HIDDEN@HIDDEN 7.16.2
   * Add 5 upstream patches to fix regressions:
     - cmdline_ech_md_formatting_cleanups.patch
     - duphandle_also_init_netrc.patch
     - libssh_when_using_IPv6_numerical_address_add_brackets.patch
     - netrc_support_large_file_longer_lines_longer_tokens.patch
     - setopt_fix_CURLOPT_HTTP_CONTENT_DECODING.patch
 .
   [ Carlos Henrique Lima Melara ]
   * d/rules: add sed rule to make curl-config get CPPFLAGS in run-time
   * d/control: move libldap2-dev to Depends and use newer libldap-dev name
   * d/control: move libkrb5-dev from Suggests to Depends for -dev packages
 .
 curl (8.10.1-2) unstable; urgency=medium
 .
   * d/patches/gtls_add_p12_format_support.patch: New upstream patch for P12
     support
Checksums-Sha1:
 3ad6fdafce2a87d42e88e8a92ceb7c046ed30c54 3250 curl_8.11.1-1~bpo12+1.dsc
 785a854854ea2f80754d6cfbf7e3074a3d04710c 4169067 curl_8.11.1.orig.tar.gz
 70366b9763c7be0134b75b3cfc1bf373007d7a21 484 curl_8.11.1.orig.tar.gz.asc
 7627dfdb1abd54778d642dd207daa26b9949e1ce 54156 curl_8.11.1-1~bpo12+1.debian.tar.xz
 250a5654086473260ed98c5309bbf2fda0de4a21 12842 curl_8.11.1-1~bpo12+1_amd64.buildinfo
Checksums-Sha256:
 ed03af77c8cdaf635e9456e3bc43c8db7e8baaeae8166b282c150b81265f59cf 3250 curl_8.11.1-1~bpo12+1.dsc
 a889ac9dbba3644271bd9d1302b5c22a088893719b72be3487bc3d401e5c4e80 4169067 curl_8.11.1.orig.tar.gz
 d6c44df0a8e6958ef8d38fceda44f219db666b8215da6b33dc7dda81fcfc696b 484 curl_8.11.1.orig.tar.gz.asc
 ff3e8f511111443207018dbe0dfd3a12d6426acfa2eef69585be2f18afbef6bc 54156 curl_8.11.1-1~bpo12+1.debian.tar.xz
 ad4de3b4cded0ed8be6140bc8c0f622c0801db86756fdc5e4f444683b9e1d837 12842 curl_8.11.1-1~bpo12+1_amd64.buildinfo
Files:
 635bc7a1dda37f221e3428547af38fff 3250 web optional curl_8.11.1-1~bpo12+1.dsc
 8eed752aeeb8ee54063b75baf95d3e14 4169067 web optional curl_8.11.1.orig.tar.gz
 6ef30ecafd1513f1d3cef9fd5f6508b9 484 web optional curl_8.11.1.orig.tar.gz.asc
 74da841ee9bc484c0066c5388a0bdc2c 54156 web optional curl_8.11.1-1~bpo12+1.debian.tar.xz
 424c05255efad5a572ff2dddf13a3495 12842 web optional curl_8.11.1-1~bpo12+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmde2/YACgkQu6n6rcz7
Rwdx+w//cr+x5U+pyGAZpeQnUbt7aT5LKeLbqkMMoMqetUmQqHhKgcmJi51giRBX
KY9xAtg7nbE4HOCRNwUBUJgqxnRQsF+ad6oTc88TgmgHEZSVi2UOF5XH+4JBY3jQ
WkbPj3nf2+dFmPnEGkSaDzOdBWRZZvHtYd5r4klj59C4GcPh5y+1yumNylnBRrt6
hFkMZrA9/WLIKgYkr6H1PyaumS7/NuZZ3p2E7YVVJAhaUpTlelkayiCJRcbaPSjM
FAbrOTXYFQMny/KRVj7bVp9HeF1s98LNWe5x+YOkGSVj4IYPAQMTqKEfFRJVH8lf
Fu2NgaUX1hu3ViHlwPGEn/Rnk8RAo98JjHYPD+aS182EQXi8aSBp9AXpJUpcLGPY
xUuGykUPvD8NJXW0dbO2yRxNrpEGHKZH78nHCtEWaTTHLfLuib2IinkLKNZ88h0g
KEtnZYJE4AKTpSYoPlQw7GeOSzkjQzNpIq3pOoHCNfGE9KvvgNNF6YzDp9x/ZcrP
UvAnK6I9f6E2BoRYwPd3LQ2x9Lek9FAkH9UAOBoMb4J5+LBYFmhAxqYXpltjzq1n
iY2hhi6rPNWjNLNXOIdKCaFo1ucwIqBBO/0he10aLTKXvUJ/4mKFphJsvR88rZxB
Tes8kps00Ztu3yeV0wEwRIenYzDUUQt8ZRQHP9nZnjwWnOSPjOo=
=gJyJ
-----END PGP SIGNATURE-----
News for package curl
