Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-backports-changes@lists.debian.org>
Subject: Accepted curl 8.18.0-1~bpo13+1 (source) into stable-backports
Date: Wed, 14 Jan 2026 05:48:43 +0000
Signed by: Samuel Henrique <samueloph@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 13 Jan 2026 21:12:11 -0800
Source: curl
Architecture: source
Version: 8.18.0-1~bpo13+1
Distribution: trixie-backports
Urgency: medium
Maintainer: Debian Curl Maintainers <team+curl@tracker.debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Changes:
 curl (8.18.0-1~bpo13+1) trixie-backports; urgency=medium
 .
   * Rebuild for trixie-backports.
 .
 curl (8.18.0-1) unstable; urgency=medium
 .
   * New upstream version 8.18.0
   * debian/control:
       - Bump stds-version to 4.7.3.
       - Remove Priority field, it already defaults to optional.
       - Remove Rules-Requires-Root, it already defaults to no.
   * debian/copyright: bump packaging copyright years, happy 2026!
 .
 curl (8.18.0~rc3-1) unstable; urgency=medium
 .
   * New upstream version 8.18.0~rc3
   * Refresh patches
   * d/copyright: Remove entries for files removed upstream
   * Refresh patches:
      - ZZZgnutls-build.patch
      - build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch
   * d/copyright: Remove entries for files removed upstream:
      - lib/vtls/mbedtls_threadlock.c
      - lib/vtls/mbedtls_threadlock.h
 .
 curl (8.18.0~rc2-1) unstable; urgency=medium
 .
   * New upstream version 8.18.0~rc2
   * d/copyright: Remove entries for files removed upstream
   * d/patches:
     - Drop patches merged upstream:
       ~ fix-progress-meter-in-parallel-mode.patch
       ~ wcurl-CVE-2025-11563.patch
     - Update patches:
       ~ ZZZgnutls-build.patch:
         + Variables AM_CFLAGS and AM_LDFLAGS were dropped
           in lib/Makefile.am
         + Update patch's context.
       ~ build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch:
         + Context update.
         + Update patch offset.
       ~ 11_omit-directories-from-config.patch:
         + Update for upstream usage of double quotes (replacing single quotes)
           for variables and usage of '&& test' instead of '-a' in
           curl-config.in.
   * d/libcurl4-doc.docs: Some docs were converted to .md:
     - docs/FAQ.md
     - docs/KNOWN_BUGS.md
     - docs/TODO.md
 .
 curl (8.17.0-3) unstable; urgency=medium
 .
   * d/p/fix-progress-meter-in-parallel-mode.patch: cherry-pick from upstream.
 .
 curl (8.17.0-2) unstable; urgency=medium
 .
   * d/p/wcurl-CVE-2025-11563.patch: Import new upstream patch to fix
     CVE-2025-11563
 .
 curl (8.17.0-1) unstable; urgency=medium
 .
   * New upstream version 8.17.0
 .
 curl (8.17.0~rc3-1) unstable; urgency=medium
 .
   * New upstream version 8.17.0~rc3
   * d/copyright: Drop lib/curl_des.c and lib/curl_des.h, removed upstream
 .
 curl (8.17.0~rc2-1) unstable; urgency=medium
 .
   * New upstream version 8.17.0~rc2
   * Revert "d/salsa-ci: enable ARM build test"
   * Drop patches merged upstream:
     - setopt-accept-_SSL_VERIFYHOST-set-to-2L.patch
     - asyn-thrdd-drop-pthread_cancel.patch
     - setopt-make-CURLOPT_MAXREDIRS-accept-1-again.patch
   * Refresh patches:
     - ZZZgnutls-build.patch
     - build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch
   * d/copyright: Drop entry for lib/krb5.c, file was removed
   * d/libcurl*.symbols: Add new symbols curl_multi_notify_disable and
     curl_multi_notify_enable
Checksums-Sha1:
 2dcecbf0e13e8e29c4b5e683f5ced6b42a26eab0 3310 curl_8.18.0-1~bpo13+1.dsc
 1a13070ccd2c5fe1d47cb34dd56138f69708f3f9 4182005 curl_8.18.0.orig.tar.gz
 7f7ce005ddf9339ce7ff7a59c347526c0cfccf4e 488 curl_8.18.0.orig.tar.gz.asc
 60824cdd816c65349a3c4f2a788c6dca106e0675 52848 curl_8.18.0-1~bpo13+1.debian.tar.xz
 9acde8e261647b8f16339f6c8849dc6a039af06a 12580 curl_8.18.0-1~bpo13+1_amd64.buildinfo
Checksums-Sha256:
 598ad318cb91be6e6081a7fdc40bcd927c7766f7267dc045b9fafb45bac75a9a 3310 curl_8.18.0-1~bpo13+1.dsc
 e9274a5f8ab5271c0e0e6762d2fce194d5f98acc568e4ce816845b2dcc0cf88f 4182005 curl_8.18.0.orig.tar.gz
 449692ee6cbadc99762d1daa86b3faf95d60f82b1d45ea1a33e37adda4bd194b 488 curl_8.18.0.orig.tar.gz.asc
 77608c6c655941ff16cf562a82b668abf43a119862939de977930af325a4212c 52848 curl_8.18.0-1~bpo13+1.debian.tar.xz
 24a1c37600d86030a645e1b97e13bee3185b30d411b51d1947b3da60d2b32412 12580 curl_8.18.0-1~bpo13+1_amd64.buildinfo
Files:
 c65d053cf19678fd05ef179048b2808b 3310 web optional curl_8.18.0-1~bpo13+1.dsc
 240a23f26602f24564468d9abecb32fd 4182005 web optional curl_8.18.0.orig.tar.gz
 18a4907c275b16ea8d281d8db2a27d09 488 web optional curl_8.18.0.orig.tar.gz.asc
 7359e5eb20723bdd6b64478199ace10f 52848 web optional curl_8.18.0-1~bpo13+1.debian.tar.xz
 b1d05aebc29342bef35bc8cfd713d425 12580 web optional curl_8.18.0-1~bpo13+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmlnKHUACgkQu6n6rcz7
RwdIqhAAidGqkArM1jMb0El9q0AOjZnCp+6m08Kk3m0A05ofvI4bETuyKaFRDNmM
G1fj9kCCMBAqrT4jichym2h9COerCU8CoBcolKFjuONvRqMJ4yyzXdkKvrIC/UZf
KZLDsVF8jTfixbmfe5zFZ61cC2gEZuQB66Hzu19pJF6xBUbbRr8m8eGHBcjqych7
Yaw9Bct0PG5RMLxmn4mUCiPlVHkmPb29w6WNX4297Cy14WyYIi3WPlKK8oV3MDZZ
+gf9uTNN9Z4FEXXj24ev57ustco0mkF57Zq50Hig77bk6EGuGMk0L/bcQ1uK3wZE
R6QwjzqYIO1XGUwnPFZ90cFHydv691Xy4W7iKubJTOPKRmrG3kJX8pAiem3Hqt1/
i75Yy72UsJMassHPCyJLVe6uhDvWLnVOzN0jq3KvdaeJ61ZQTrGOHlYIjtUHAZ43
5/ax4uh6trnm5tQzMVhCf8ZsUGrnVkodEJpHDgeiTCaCAThWS0rDblHsR/BtisCd
K5Mx16jywpPgC7eVJI49DKEvmqnE9xnfx70rNtjUG+9OAWLMrV9xouvdJ/tcDpt2
D2qZaGPu0f5pI1AdKNcSumEco02p6hkTSXvHuPQ5SRBSCyjBF3uFUUKmwxn/kr/0
DJNnceYoeMWynPhgF26Efk8Jil5E8y0c069jpAqtCEqTx9yvdiE=
=qRKT
-----END PGP SIGNATURE-----
News for package curl
