please merge curl from debian

Bug #1459685 reported by Gianfranco Costamagna
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
curl (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

debdiff attached.

Related branches

CVE References

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

package building on ppa:costamagnagianfranco/locutusofborg-ppa
(and built successfully on local wily pbuilder)

Revision history for this message
Martin Pitt (pitti) wrote :

There is nothing in debian/ which would fill the two udebs (ubuntu delta) with anything -- no *.install files, no code in debian/rules. And indeed libcurl3-udeb and curl-udeb are empty. While this is certainly not the fault of *this* merge, this should be rectified.

Please do some research when this got broken. If this situation is already like that for a long time (pre-trusty), then obviously nobody has actually missed these udebs and they should just be removed. Please talk to the installer team about that, in particular https://launchpad.net/~mathieu-tl . If we don't need them any more, please drop the remainders (in debian/control and merge changelog) in that merge. If we still need them, and the empty udebs broke anything, please fish them out of the previous merge which broke this. Thanks!

Changed in curl (Ubuntu):
status: New → Incomplete
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Hi Martin, after some research I found they were added for bug
https://bugs.launchpad.net/ubuntu/+source/xmlrpc-c/+bug/831496

there were both .install and .links files, after a while they became symlinks, and after they disappeared between 7.29 and 7.30, so far before trusty.

Since we are in the early development, I proposed to sed them out and see if any regression (unlikely) is spotted.

@mathieu, what is your opinion on this matter? do we really need the two empty packages?

Changed in curl (Ubuntu):
status: Incomplete → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in curl (Ubuntu):
status: New → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

> Since we are in the early development, I proposed to sed them out and see if any regression (unlikely) is spotted.

Works for me. If this got broken pre-trusty it's indeed unlikely to still be needed.

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

I'm attaching an updated debdiff.

Revision history for this message
Martin Pitt (pitti) wrote :

Looks good now, thank you!

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Please note this upload is stuck by LP: #1462934

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

curl 7.43.0-1ubuntu1 is now in wily-proposed, awaiting a transition.
Since there is nothing to sponsor, I am unsubscribing ubuntu-sponsors from this bug.

Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package curl - 7.43.0-1ubuntu1

---------------
curl (7.43.0-1ubuntu1) wily; urgency=medium

  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop stunnel4 and libssh2-1-dev.
      + Drop libssh2-1-dev from binary package Depends.

curl (7.43.0-1) unstable; urgency=medium

  * New upstream release
    - Fix lingering HTTP credentials in connection re-use as per CVE-2015-3236
      http://curl.haxx.se/docs/adv_20150617A.html
    - Fix SMB send off unrelated memory contents as per CVE-2015-3237
      http://curl.haxx.se/docs/adv_20150617B.html
  * Refresh patches
  * Fix spelling-error-in-description

 -- Marc Deslauriers <email address hidden> Thu, 18 Jun 2015 07:39:39 -0400

Changed in curl (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.