Your message dated Sun, 31 Mar 2019 21:34:04 +0100
with message-id <[email protected]>
and subject line Re: Bug#926132: unblock: curl/7.64.0-2
has caused the Debian Bug report #926132,
regarding unblock: curl/7.64.0-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
926132: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926132
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package curl
The version in sid fixes #922554, which affects several users of NetworkManager.
and is marked as important (the patch is backported from upstream).
Debdiff is attached.
At the time I uploaded it I expected it to migrate to testing before the freeze,
but apparently I did the math wrong. Anyway an unrelated change adding a couple
of entries to the previous upload'ss changelog was also included (as you can see
from the debdiff), hope that's not too much of a problem.
unblock curl/7.64.0-2
-- System Information:
Debian Release: buster/sid
APT prefers buildd-unstable
APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru curl-7.64.0/debian/changelog curl-7.64.0/debian/changelog
--- curl-7.64.0/debian/changelog 2019-02-06 22:33:05.000000000 +0000
+++ curl-7.64.0/debian/changelog 2019-03-07 20:02:35.000000000 +0000
@@ -1,3 +1,9 @@
+curl (7.64.0-2) unstable; urgency=medium
+
+ * Fix infinite loop when fetching URLs with unreachable IPv6 (Closes: #922554)
+
+ -- Alessandro Ghedini <[email protected]> Thu, 07 Mar 2019 20:02:35 +0000
+
curl (7.64.0-1) unstable; urgency=medium
* New upstream release
@@ -8,6 +14,8 @@
+ Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
https://curl.haxx.se/docs/CVE-2019-3823.html
+ Fix HTTP negotiation with POST requests (Closes: #920267)
+ * Refresh patches
+ * Import fixes for zsh completion script generator (Closes: #92145)
-- Alessandro Ghedini <[email protected]> Wed, 06 Feb 2019 22:33:05 +0000
diff -Nru curl-7.64.0/debian/patches/13_singlesocket-fix-the-sincebefore-placement.patch curl-7.64.0/debian/patches/13_singlesocket-fix-the-sincebefore-placement.patch
--- curl-7.64.0/debian/patches/13_singlesocket-fix-the-sincebefore-placement.patch 1970-01-01 01:00:00.000000000 +0100
+++ curl-7.64.0/debian/patches/13_singlesocket-fix-the-sincebefore-placement.patch 2019-03-07 20:02:35.000000000 +0000
@@ -0,0 +1,38 @@
+From afc00e047c773faeaa60a5f86a246cbbeeba5819 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <[email protected]>
+Date: Tue, 19 Feb 2019 15:56:54 +0100
+Subject: [PATCH] singlesocket: fix the 'sincebefore' placement
+
+The variable wasn't properly reset within the loop and thus could remain
+set for sockets that hadn't been set before and miss notifying the app.
+
+This is a follow-up to 4c35574 (shipped in curl 7.64.0)
+
+Reported-by: buzo-ffm on github
+Detected-by: Jan Alexander Steffens
+Fixes #3585
+Closes #3589
+---
+ lib/multi.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -2360,8 +2360,6 @@
+ int num;
+ unsigned int curraction;
+ int actions[MAX_SOCKSPEREASYHANDLE];
+- unsigned int comboaction;
+- bool sincebefore = FALSE;
+
+ for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++)
+ socks[i] = CURL_SOCKET_BAD;
+@@ -2380,6 +2378,8 @@
+ i++) {
+ unsigned int action = CURL_POLL_NONE;
+ unsigned int prevaction = 0;
++ unsigned int comboaction;
++ bool sincebefore = FALSE;
+
+ s = socks[i];
+
diff -Nru curl-7.64.0/debian/patches/series curl-7.64.0/debian/patches/series
--- curl-7.64.0/debian/patches/series 2019-02-06 22:33:05.000000000 +0000
+++ curl-7.64.0/debian/patches/series 2019-03-07 20:02:35.000000000 +0000
@@ -4,6 +4,7 @@
08_enable-zsh.patch
11_omit-directories-from-config.patch
12_zsh.patch
+13_singlesocket-fix-the-sincebefore-placement.patch
# do not add patches below
90_gnutls.patch
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On Sun, Mar 31, 2019 at 08:43:31PM +0100, Alessandro Ghedini wrote:
> Please unblock package curl
>
> The version in sid fixes #922554, which affects several users of
> NetworkManager.
> and is marked as important (the patch is backported from upstream).
Unblocked; thanks.
--
Jonathan Wiltshire [email protected]
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
--- End Message ---
