[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#719413: pu: package curl/7.26.0-1+wheezy4

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I prepared a pu upload for curl based on 7.26.0-1+wheezy3 (already in pu via
stable-sec), which fixes #705783 for wheezy as well. This bug is related to
#705648 in apt, which got fixed in the apt 0.9.7.9 stable upload [0].

Basically, the fix in apt for #705648 is partly useless without the fix in curl
for #705783 (also see #719300), and since the fixed apt got included into pu [1],
I figured that the curl fix should probably go into pu as well.

Anyway, see attached diff and let me know what you think.

Cheers

[0] http://packages.qa.debian.org/a/apt/news/20130605T231705Z.html
[1] http://lists.debian.org/debian-release/2013/06/msg00130.html

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru curl-7.26.0/debian/changelog curl-7.26.0/debian/changelog
--- curl-7.26.0/debian/changelog	2013-08-10 16:40:41.000000000 +0200
+++ curl-7.26.0/debian/changelog	2013-08-10 16:46:18.000000000 +0200
@@ -1,3 +1,9 @@
+curl (7.26.0-1+wheezy4) stable-proposed-updates; urgency=low
+
+  * Add 09_reset-timecond.patch (Closes: #705783, #719300)
+
+ -- Alessandro Ghedini <ghedo@debian.org>  Sat, 10 Aug 2013 16:45:38 +0200
+
 curl (7.26.0-1+wheezy3) stable-security; urgency=high
 
   * Fix URL decode buffer boundary flaw as per CVE-2013-2174
diff -Nru curl-7.26.0/debian/patches/09_reset-timecond.patch curl-7.26.0/debian/patches/09_reset-timecond.patch
--- curl-7.26.0/debian/patches/09_reset-timecond.patch	1970-01-01 01:00:00.000000000 +0100
+++ curl-7.26.0/debian/patches/09_reset-timecond.patch	2013-08-10 16:46:18.000000000 +0200
@@ -0,0 +1,20 @@
+From b4e6a3a974c24ca2aee77150a633ac85e807a3e7 Mon Sep 17 00:00:00 2001
+From: Alessandro Ghedini <alessandro@ghedini.me>
+Date: Sat, 20 Apr 2013 12:09:55 +0200
+Subject: [PATCH] getinfo.c: reset timecond when clearing session-info
+ variables
+
+Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783
+Reported-by: Ludovico Cavedon <cavedon@debian.org>
+Origin: upstream, https://github.com/bagder/curl/commit/c49ed0b
+
+--- a/lib/getinfo.c
++++ b/lib/getinfo.c
+@@ -55,6 +55,7 @@
+   info->httpcode = 0;
+   info->httpversion=0;
+   info->filetime=-1; /* -1 is an illegal time and thus means unknown */
++  info->timecond=0;
+
+   if(info->contenttype)
+     free(info->contenttype);
diff -Nru curl-7.26.0/debian/patches/series curl-7.26.0/debian/patches/series
--- curl-7.26.0/debian/patches/series	2013-08-10 16:40:41.000000000 +0200
+++ curl-7.26.0/debian/patches/series	2013-08-10 16:46:18.000000000 +0200
@@ -6,6 +6,7 @@
 06_curl-tailmatch-CVE-2013-1944.patch
 07_test1218-another-cookie-tailmatch-test.patch
 08_CVE-2013-2174.patch
+09_reset-timecond.patch
 
 90_gnutls.patch
 99_nss.patch
Reply to: