Your message dated Sun, 31 Mar 2019 21:34:04 +0100 with message-id <20190331203404.GA12262@powdarrmonkey.net> and subject line Re: Bug#926132: unblock: curl/7.64.0-2 has caused the Debian Bug report #926132, regarding unblock: curl/7.64.0-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 926132: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926132 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: curl/7.64.0-2
- From: Alessandro Ghedini <ghedo@debian.org>
- Date: Sun, 31 Mar 2019 20:43:31 +0100
- Message-id: <[🔎] 20190331194330.GA28975@pinky.flat11.house>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package curl The version in sid fixes #922554, which affects several users of NetworkManager. and is marked as important (the patch is backported from upstream). Debdiff is attached. At the time I uploaded it I expected it to migrate to testing before the freeze, but apparently I did the math wrong. Anyway an unrelated change adding a couple of entries to the previous upload'ss changelog was also included (as you can see from the debdiff), hope that's not too much of a problem. unblock curl/7.64.0-2 -- System Information: Debian Release: buster/sid APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)diff -Nru curl-7.64.0/debian/changelog curl-7.64.0/debian/changelog --- curl-7.64.0/debian/changelog 2019-02-06 22:33:05.000000000 +0000 +++ curl-7.64.0/debian/changelog 2019-03-07 20:02:35.000000000 +0000 @@ -1,3 +1,9 @@ +curl (7.64.0-2) unstable; urgency=medium + + * Fix infinite loop when fetching URLs with unreachable IPv6 (Closes: #922554) + + -- Alessandro Ghedini <ghedo@debian.org> Thu, 07 Mar 2019 20:02:35 +0000 + curl (7.64.0-1) unstable; urgency=medium * New upstream release @@ -8,6 +14,8 @@ + Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html + Fix HTTP negotiation with POST requests (Closes: #920267) + * Refresh patches + * Import fixes for zsh completion script generator (Closes: #92145) -- Alessandro Ghedini <ghedo@debian.org> Wed, 06 Feb 2019 22:33:05 +0000 diff -Nru curl-7.64.0/debian/patches/13_singlesocket-fix-the-sincebefore-placement.patch curl-7.64.0/debian/patches/13_singlesocket-fix-the-sincebefore-placement.patch --- curl-7.64.0/debian/patches/13_singlesocket-fix-the-sincebefore-placement.patch 1970-01-01 01:00:00.000000000 +0100 +++ curl-7.64.0/debian/patches/13_singlesocket-fix-the-sincebefore-placement.patch 2019-03-07 20:02:35.000000000 +0000 @@ -0,0 +1,38 @@ +From afc00e047c773faeaa60a5f86a246cbbeeba5819 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 19 Feb 2019 15:56:54 +0100 +Subject: [PATCH] singlesocket: fix the 'sincebefore' placement + +The variable wasn't properly reset within the loop and thus could remain +set for sockets that hadn't been set before and miss notifying the app. + +This is a follow-up to 4c35574 (shipped in curl 7.64.0) + +Reported-by: buzo-ffm on github +Detected-by: Jan Alexander Steffens +Fixes #3585 +Closes #3589 +--- + lib/multi.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -2360,8 +2360,6 @@ + int num; + unsigned int curraction; + int actions[MAX_SOCKSPEREASYHANDLE]; +- unsigned int comboaction; +- bool sincebefore = FALSE; + + for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) + socks[i] = CURL_SOCKET_BAD; +@@ -2380,6 +2378,8 @@ + i++) { + unsigned int action = CURL_POLL_NONE; + unsigned int prevaction = 0; ++ unsigned int comboaction; ++ bool sincebefore = FALSE; + + s = socks[i]; + diff -Nru curl-7.64.0/debian/patches/series curl-7.64.0/debian/patches/series --- curl-7.64.0/debian/patches/series 2019-02-06 22:33:05.000000000 +0000 +++ curl-7.64.0/debian/patches/series 2019-03-07 20:02:35.000000000 +0000 @@ -4,6 +4,7 @@ 08_enable-zsh.patch 11_omit-directories-from-config.patch 12_zsh.patch +13_singlesocket-fix-the-sincebefore-placement.patch # do not add patches below 90_gnutls.patchAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Alessandro Ghedini <ghedo@debian.org>, 926132-done@bugs.debian.org
- Subject: Re: Bug#926132: unblock: curl/7.64.0-2
- From: Jonathan Wiltshire <jmw@debian.org>
- Date: Sun, 31 Mar 2019 21:34:04 +0100
- Message-id: <20190331203404.GA12262@powdarrmonkey.net>
- In-reply-to: <[🔎] 20190331194330.GA28975@pinky.flat11.house>
- References: <[🔎] 20190331194330.GA28975@pinky.flat11.house>
On Sun, Mar 31, 2019 at 08:43:31PM +0100, Alessandro Ghedini wrote: > Please unblock package curl > > The version in sid fixes #922554, which affects several users of NetworkManager. > and is marked as important (the patch is backported from upstream). Unblocked; thanks. -- Jonathan Wiltshire jmw@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
--- End Message ---