~ubuntu-branches/ubuntu/lucid/curl/lucid-security : contents of debian/changelog at revision 51

~ubuntu-branches/ubuntu/lucid/curl/lucid-security : (revision 51)
curl (7.19.7-1ubuntu1.11) lucid-security; urgency=medium

  * SECURITY UPDATE: URL request injection
    - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
      lib/url.c.
    - CVE-2014-8150

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 14 Jan 2015 16:46:45 -0500

curl (7.19.7-1ubuntu1.10) lucid-security; urgency=medium

  * SECURITY UPDATE: sensitive data disclosure via duphandle read out of
    bounds
    - debian/patches/CVE-2014-3707.patch: properly copy memory aread in
      lib/formdata.c, lib/strdup.{c,h}, lib/url.c, lib/urldata.h,
      src/Makefile.inc.
    - CVE-2014-3707

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 06 Nov 2014 12:08:42 -0500

curl (7.19.7-1ubuntu1.9) lucid-security; urgency=medium

  * SECURITY UPDATE: incorrect cookie handling via partial literal IP
    addresses
    - debian/patches/CVE-2014-3613.patch: only use full host matches for
      hosts used as IP address in lib/cookie.c, added tests to
      tests/data/test1105, tests/data/test31, tests/data/test8.
    - CVE-2014-3613
  * debian/patches/disable_test519.path: disable test 519 as previous
    security update causes it to hang.
  * debian/patches/versioned: added Curl_* so test suite works during
    build.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 12 Sep 2014 10:01:28 -0400

curl (7.19.7-1ubuntu1.7) lucid-security; urgency=medium

  * SECURITY UPDATE: wrong re-use of connections
    - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
      HTTP logic, and extend new connection logic to other protocols in
      lib/http.c, lib/url.c, lib/urldata.h, add new tests to
      tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
    - CVE-2014-0138
  * SECURITY UPDATE: incorrect wildcard SSL certificate validation with
    literal IP addresses
    - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
      lib/ssluse.c.
    - CVE-2014-0139
  * debian/patches/fix_test172.path: fix expired cookie causing test to
    fail.
  * debian/patches/disable_test519.path: disable test 519 as security
    update causes it to hang. Fixing this would require backporting new
    logic into tests/server/sws.c.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 14 Apr 2014 09:43:35 -0400

curl (7.19.7-1ubuntu1.6) lucid-security; urgency=medium

  * SECURITY UPDATE: information disclosure via incorrect NTLM credential
    reuse
    - debian/patches/CVE-2014-0015.patch: don't reuse connections if NTLM
      auth is used in lib/url.c.
    - CVE-2014-0015

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 31 Jan 2014 08:37:13 -0500

curl (7.19.7-1ubuntu1.5) lucid-security; urgency=low

  * SECURITY REGRESSION: can't disable cert checking in command line tool
    (LP: #1258366)
    - debian/patches/CVE-2013-4545.patch: properly disable host
      verification when insecure mode is used in src/main.c.
    - CVE-2013-4545

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 06 Dec 2013 07:52:56 -0500

curl (7.19.7-1ubuntu1.4) lucid-security; urgency=low

  * SECURITY UPDATE: missing CN verification when signature verification is
    disabled.
    - debian/patches/CVE-2013-4545.patch: still verify host when
      CURLOPT_SSL_VERIFYPEER isn't set in lib/ssluse.c.
    - CVE-2013-4545

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 29 Nov 2013 08:34:48 -0500

curl (7.19.7-1ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in URL decoder
    - debian/patches/CVE-2013-2174.patch: fix overflow in lib/escape.c.
    - CVE-2013-2174

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 27 Jun 2013 14:13:20 -0400

curl (7.19.7-1ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
    - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
      when sending cookies. Patch from YAMADA Yasuharu.
    - http://curl.haxx.se/curl-tailmatch.patch
    - CVE-2013-1944

 -- Seth Arnold <seth.arnold@canonical.com>  Thu, 11 Apr 2013 14:08:02 -0700

curl (7.19.7-1ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: libcurl unconditional credential delegation during
    GSSAPI authentication vulnerability.
    - debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
      do not delegate credentials when doing GSSAPI authentication
    - CVE-2011-2192
  * SECURITY UPDATE: libcurl zlib automatic decompression callback
    data buffer overflow
    - debian/patches/libcurl-contentencoding.patch: restrict amount of
      callback data sent to an application
    - CVE-2010-0734

 -- Steve Beattie <sbeattie@ubuntu.com>  Wed, 08 Jun 2011 16:52:01 -0700

curl (7.19.7-1ubuntu1) lucid; urgency=low

  * Merge with Debian testing.  Remaining changes:
    - Keep build deps in main:
      - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
      - Add build-dependency on openssh-server
      - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

 -- Kees Cook <kees@ubuntu.com>  Fri, 11 Dec 2009 19:33:21 -0800

curl (7.19.7-1) unstable; urgency=low

  * New upstream release:
    - curl_getdate(3) now correctly manages single letter military
      timezones as specified in RFC 822 (closes: #551461).
  * build depends on generic libdb-dev (closes: #548476).
  * build depends on libssh2-1-dev (>= 1.2) to enable new curl options.

 -- Domenico Andreoli <cavok@debian.org>  Thu, 05 Nov 2009 10:11:57 +0100

curl (7.19.5-1ubuntu2) karmic; urgency=low

  * SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
    - add debian/patches/cert-null-cn: backported upstream changes.
    - CVE-2009-2417

 -- Kees Cook <kees@ubuntu.com>  Thu, 13 Aug 2009 14:32:50 -0700

curl (7.19.5-1ubuntu1) karmic; urgency=low

  * Merge from Debian unstable (LP: #380281), remaining changes:
    - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
    - Call automake-1.9 with --add-missing --copy --force
  * Fixes LP: #379477

 -- Bhavani Shankar <right2bhavi@gmail.com>  Tue, 26 May 2009 18:58:51 +0530

curl (7.19.5-1) unstable; urgency=low

  * New upstream release
  * Fix "libcurl3-gnutls has memory corruption" by upgrading to new upstream
    release, which fixes this bug (Closes: #530131)
  * update standards version to 3.8.1
  * adjust overrides from libdevel to debug for -dbg package
  * adjust doc-base section

 -- Andreas Schuldei <andreas@debian.org>  Sun, 24 May 2009 21:12:19 +0200

curl (7.19.4-1ubuntu1) karmic; urgency=low

  * Merge from debian unstable, remaining changes:
    - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
    - Call automake-1.9 with --add-missing --copy --force
  * drop debian/patches/security_CVE-2009-0037.patch 
    - this patch is part of 7.19.4
  
 -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 29 Apr 2009 11:10:29 +0200

curl (7.19.4-1) unstable; urgency=low

  * New upstream release
  * Fix "newer bdb version" <explain what you changed and why> 
    (Closes: #517277)
  * resolve libtool version confusion, thanks to 
    Stefanos Harhalakis <v13@v13.gr>
  * add new dependency on libgcrypt11-dev due to newly arising binary symbols

 -- Andreas Schuldei <andreas@debian.org>  Thu, 02 Apr 2009 23:35:45 +0200

curl (7.18.2-8ubuntu4) jaunty; urgency=low

  * SECURITY UPDATE: add fix for CVE-2009-0037 back in
    - debian/patches/security_CVE-2009-0037.patch: updated patch to add missing
      section to lib/easy.c
    - CVE-2009-0037

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 03 Mar 2009 19:58:20 -0500

curl (7.18.2-8ubuntu3) jaunty; urgency=low

  * Revert last patch due to https regression (LP: #337501)

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 03 Mar 2009 17:57:35 -0600

curl (7.18.2-8ubuntu2) jaunty; urgency=low

  * SECURITY UPDATE: Local file exposure via redirect
    - debian/patches/security_CVE-2009-0037.patch: add logic to lib/url.c and
      lib/urldata.h to limit what protocols curl will automatically follow via a
      redirect. By default, it now follows all protocols except FILE and SCP.
    - CVE-2009-0037

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 03 Mar 2009 16:27:30 -0500

curl (7.18.2-8ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes: LP: #314279
    - Drop the stunnel build dependency.
    - Drop the build-dependency on libdb4.5-dev
    - Add build-dependency on openssh-server
    - Call automake-1.9 with --add-missing --copy --force.
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

 -- Bhavani Shankar <right2bhavi@gmail.com>  Tue, 06 Jan 2009 12:16:22 +0530

curl (7.18.2-8lenny1) stable-security; urgency=high

  * Applied upstream patch to fix arbitrary file access (CVE-2009-0037).

 -- Domenico Andreoli <cavok@debian.org>  Tue, 03 Mar 2009 10:29:03 +0100

curl (7.18.2-8) unstable; urgency=low

  * Fix "Please add support for ldap/ldaps protocols" 
    by changing the linker option for liblber (Closes: #506096)

 -- Andreas Schuldei <andreas@debian.org>  Fri, 26 Dec 2008 23:48:19 +0100

curl (7.18.2-7ubuntu2) jaunty; urgency=low

  * drop change: 
    - "Added Recommends: on ca-certificate for curl package", libcurl3
      has a depends on ca-certificates already

 -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 10 Nov 2008 13:08:07 +0100

curl (7.18.2-7ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes:
    - Drop the stunnel build dependency.
    - Drop the build-dependency on libdb4.5-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
    - Call automake-1.9 with --add-missing --copy --force
    - Added Recommends: on ca-certificate for curl package

 -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 10 Nov 2008 12:55:54 +0100

curl (7.18.2-7) unstable; urgency=low

  * disable c-ares support again, no fix yet, just get stuff working again.

 -- Andreas Schuldei <andreas@debian.org>  Tue, 15 Jul 2008 01:17:29 +0200

curl (7.18.2-6) unstable; urgency=low

  * enable c-ares support, with ipv6 support

 -- Andreas Schuldei <andreas@debian.org>  Fri, 11 Jul 2008 02:05:16 +0200

curl (7.18.2-5) unstable; urgency=low

  * /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns
    "-Wl, -z, defs" (Closes: #488701), closing same bug again for 
    curl-config --libs  command

 -- Andreas Schuldei <andreas@jesaja.schuldei.org>  Wed, 02 Jul 2008 11:24:40 +0200

curl (7.18.2-4) unstable; urgency=medium

  * /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns
    "-Wl, -z, defs" (Closes: #488701)

 -- Andreas Schuldei <andreas@debian.org>  Mon, 30 Jun 2008 23:59:55 +0200

curl (7.18.2-3) unstable; urgency=low

  * removing c-ares from the dependencies

 -- Andreas Schuldei <andreas@debian.org>  Sat, 28 Jun 2008 03:34:50 +0200

curl (7.18.2-2) unstable; urgency=medium

  * blanking the "dependency_libs" line in lib*.la file to keep all the listed libs
    from being linked to other libs linking to curl.
  * fixing miss-linking problem by specifying liblber as a configure argument
  * disabling c-ares again for stability reasons
  * correcting libgssapi linking in configure.ac (patch no_com_err)	

 -- Andreas Schuldei <andreas@debian.org>  Fri, 27 Jun 2008 03:40:18 +0200

curl (7.18.2-1ubuntu4) intrepid; urgency=low

  * Added Recommends: on ca-certificate for curl package (LP: #152781).

 -- Nick Ellery <nick.ellery@ubuntu.com>  Fri, 10 Oct 2008 23:32:54 -0700

curl (7.18.2-1ubuntu3) intrepid; urgency=low

  * Call automake-1.9 with --add-missing --copy --force. (LP: #281561)

 -- Steve Kowalik <stevenk@ubuntu.com>  Sat, 11 Oct 2008 15:10:30 +1100

curl (7.18.2-1ubuntu2) intrepid; urgency=low

  * No-change rebuild for libgnutls13 -> libgnutls26 transistion.

 -- Steve Kowalik <stevenk@ubuntu.com>  Sat, 11 Oct 2008 01:28:05 +1100

curl (7.18.2-1ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, remaining changes:
    - Drop the stunnel build dependency.
    - Drop the build-dependency on libdb4.5-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

 -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 18 Jun 2008 15:21:57 +0200

curl (7.18.2-1e1) experimental; urgency=low

  * testing c-ares-ipv6 integration patch

 -- Andreas Schuldei <andreas@debian.org>  Mon, 23 Jun 2008 08:48:31 +0200

curl (7.18.2-1) unstable; urgency=low

  * New upstream release:
    - removed patches/ftp-response, it is already in the upstream release
    - fixed issues with kerberos ftp (closes: #478864). 
  * Disable c-ares support, it is still not ready for Debian's wide
    user base (closes: #478864, #481189).
  * Standards-Version bumped to 3.8.0:
    - added support for parallel builds to debian/rules
  * Removal of $QUILT_PC's override makes this package ready for new
    source format 3.0 (quilt) (closes: #485023).
  * Configure build with --with-ca-path but only for OpenSSL flavour,
    GnuTLS supports only --with-ca-bundle (closes: #482814, #483999).
    Both libcurl3 and libcurl3-gnutls now depend on ca-certificates.

 -- Domenico Andreoli <cavok@debian.org>  Mon, 09 Jun 2008 14:09:42 +0200

curl (7.18.1-1) unstable; urgency=low

  * New upstream release.
  * Fixed crossbuilding bug (closes: #465089).
  * Improved error reporting in case of failing FTP (closes: #474224).
  * Enable c-ares support (closes: #352694).
  * libcurl3-dbg now depends on either libcurl3 or libcurl3-gnutls
    (closes: #463173).

 -- Domenico Andreoli <cavok@debian.org>  Thu, 17 Apr 2008 10:22:28 +0200

curl (7.18.0-1ubuntu2) hardy; urgency=low

  * Use automake-1.9, as used by upstream.

 -- Matthias Klose <doko@ubuntu.com>  Fri, 08 Feb 2008 13:24:07 +0000

curl (7.18.0-1ubuntu1) hardy; urgency=low

  * Merge from Debian; remaining changes:
    - Drop the stunnel build dependency.
    - Drop the build-dependency on libdb4.5-dev, add build-dependency on
      openssh-server.
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

 -- Matthias Klose <doko@ubuntu.com>  Fri, 08 Feb 2008 11:20:41 +0000

curl (7.18.0-1) unstable; urgency=low

  * New upstream release.
  * Use Homepage field in debian/control.

 -- Domenico Andreoli <cavok@debian.org>  Tue, 29 Jan 2008 02:16:25 +0100

curl (7.17.1-1ubuntu4) hardy; urgency=low

  * No-change rebuild against libldap-2.4-2.

 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 22 Jan 2008 17:17:51 +0000

curl (7.17.1-1ubuntu3) hardy; urgency=low

  * And drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

 -- Steve Kowalik <stevenk@ubuntu.com>  Fri, 21 Dec 2007 00:55:12 +1100

curl (7.17.1-1ubuntu2) hardy; urgency=low

  * Drop libssh2-1-dev (universe) from Build-Depends (LP: #175891).

 -- Michael Bienia <geser@ubuntu.com>  Wed, 12 Dec 2007 16:27:27 +0100

curl (7.17.1-1ubuntu1) hardy; urgency=low

  * Merge with Debian; remaining changes:
    - Drop the stunnel build dependency.
  * Drop the build-dependency on libdb4.5-dev, add build-dependency on
    openssh-server.

 -- Matthias Klose <doko@ubuntu.com>  Tue, 04 Dec 2007 01:09:30 +0100

curl (7.17.1-1) unstable; urgency=low

  * New upstream release:
    - fixed bad use of "its" in curl.1 (closes: #443734)
    - fixed curl_easy_escape() with input bytes that are >= 0x80
      (closes: #445214)

 -- Domenico Andreoli <cavok@debian.org>  Wed, 31 Oct 2007 01:12:54 +0100

curl (7.17.0-1) unstable; urgency=low

  * New upstream release.
  * Updated to use libssh2-1-dev (closes: #441979, #442198).
  * Do not run the test suite on hurd (closes: #433834).
  * Enabled support for LDAPS protocol.

 -- Domenico Andreoli <cavok@debian.org>  Fri, 14 Sep 2007 00:24:21 +0200

curl (7.16.4-5) unstable; urgency=low

  * libcurl4-openssl-dev now depends on libssh2-0-dev.
    closes: #439317, #439326.

 -- Domenico Andreoli <cavok@debian.org>  Fri, 24 Aug 2007 18:13:17 +0200

curl (7.16.4-4) unstable; urgency=low

  * Build libcurl/GnuTLS without libssh2 because of the usual OpenSSL
    vs. GPL software lincense conflict (closes: #439176).

 -- Domenico Andreoli <cavok@debian.org>  Thu, 23 Aug 2007 23:47:35 +0200

curl (7.16.4-3) unstable; urgency=low

  * Added support for scp and SFTP protocols.

 -- Domenico Andreoli <cavok@debian.org>  Wed, 22 Aug 2007 00:48:32 +0200

curl (7.16.4-2ubuntu1) gutsy; urgency=low

  * Merge with Debian; remaining changes:
    - Drop the stunnel build dependency.

 -- Matthias Klose <doko@ubuntu.com>  Thu, 09 Aug 2007 09:16:47 +0200

curl (7.16.4-2) unstable; urgency=low

  * Fixed regression with FTP sites not requesting PASS (closes: #435771).

 -- Domenico Andreoli <cavok@debian.org>  Sat, 04 Aug 2007 02:04:40 +0200

curl (7.16.4-1) unstable; urgency=low

  * New upstream release (closes: #432514).
  * Welcome Andreas to the curl packagers!
  * Build-Depends is now more backporting friendly.

 -- Domenico Andreoli <cavok@debian.org>  Wed, 18 Jul 2007 16:44:30 +0200

curl (7.16.2-6ubuntu5) gutsy; urgency=low

  * Added debian/patches/gnutls-verifications: actually perform expiration
    and activation verifications (CVE-2007-3564).

 -- Kees Cook <kees@ubuntu.com>  Wed, 27 Jun 2007 12:16:00 -0700

curl (7.16.2-6ubuntu4) gutsy; urgency=low

  * Completly revert the two previous changes - libcurl's symbols are
    versioned.

 -- Steve Kowalik <stevenk@ubuntu.com>  Wed,  4 Jul 2007 18:25:14 +1000

curl (7.16.2-6ubuntu3) gutsy; urgency=low

  * Add Conflicts and Replaces on older versions of libcurl4{,-gnutls} for
    libcurl3{,-gnutls} so that upgrades don't blow up.

 -- Steve Kowalik <stevenk@ubuntu.com>  Wed,  4 Jul 2007 11:56:50 +1000

curl (7.16.2-6ubuntu2) gutsy; urgency=low

  * Provide two transitional packages, libcurl4 and libcurl4-gnutls that
    depend on their libcurl3 counterparts.
  * Stop libcurl3 and libcurl3-gnutls Conflicting and Providing their
    libcurl4 counterparts.

 -- Steve Kowalik <stevenk@ubuntu.com>  Tue,  3 Jul 2007 19:03:20 +1000

curl (7.16.2-6ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable
  * Remaining Ubuntu changes:
    - Drop the stunnel build dependency.

 -- Steve Kowalik <stevenk@ubuntu.com>  Tue,  3 Jul 2007 01:16:24 +1000

curl (7.16.2-6) unstable; urgency=low

  * Added missing libcurl3 symlinks (closes: #429945)
    Patch courtesy of Bryan Donlan.

 -- Domenico Andreoli <cavok@debian.org>  Sat, 23 Jun 2007 00:39:20 +0200

curl (7.16.2-5ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable
  * Remaining Ubuntu changes:
    - Drop the stunnel build dependency.

 -- Steve Kowalik <stevenk@ubuntu.com>  Mon,  2 Jul 2007 22:38:33 +1000

curl (7.16.2-5) unstable; urgency=low

  [ Steve Langasek ]
  * Re-introduce curl3 symbol versions and rename the packages back to
    libcurl3*, restoring ABI compatibility with the etch version of the
    package.

  [ Domenico Andreoli ]
  * Package libcurl4-gnutls-dev now suggests libcurl3-dbg.
  * libcurl3-dbg replaces/conflict/provide libcurl4-dbg.
  * Properly use ${binary:Version} in control file.

 -- Domenico Andreoli <cavok@debian.org>  Wed, 20 Jun 2007 17:52:38 +0200

curl (7.16.2-4ubuntu1) gutsy; urgency=low

  * Merge with Debian; remaining changes:
    - Drop the stunnel build dependency.

 -- Matthias Klose <doko@ubuntu.com>  Mon, 11 Jun 2007 19:02:21 +0200

curl (7.16.2-4) unstable; urgency=low

  * Fixed configure.ac in case of build with GNUTLS (closes: #425013).
  * Fixed double-free bug (closes: #424894).
    Patch courtesy of Daniel Stenberg.

 -- Domenico Andreoli <cavok@debian.org>  Sun, 20 May 2007 01:15:01 +0200

curl (7.16.2-3ubuntu1) gutsy; urgency=low

  * Merge with Debian; remaining changes:
    - Drop the stunnel build dependency.

 -- Matthias Klose <doko@ubuntu.com>  Wed, 16 May 2007 15:16:54 +0200

curl (7.16.2-3) unstable; urgency=low

  * Updated to db4.5 (closes: #421933).
  * Got rid of unused libcomerr2 dependency (closes: #392294).

 -- Domenico Andreoli <cavok@debian.org>  Tue, 08 May 2007 08:46:21 +0200

curl (7.16.2-2) experimental; urgency=low

  * Improved package descriptions (closes: #410472). 
  * Updated package Provides to ease the soname transition.

 -- Domenico Andreoli <cavok@debian.org>  Fri, 27 Apr 2007 15:37:44 +0200

curl (7.16.2-1) experimental; urgency=low

  * New upstream release.
  * libcurl4-openssl-dev now depends on libcurl4-openssl (closes: #419774).
  * Bumped shlibs version to 7.16.2-1.
  * Patches are now managed with quilt.

 -- Domenico Andreoli <cavok@debian.org>  Wed, 18 Apr 2007 09:29:48 +0200

curl (7.16.1-1) experimental; urgency=low

  * New upstream release.
  * Bumped shlibs version to 7.16.1-1.
  * Added HIDDEN section to version script to handle any __*, _rest or
    _save* local symbol.
  * Gopher protocol is not supported since 7.15.2. Removed any reference
    in package description (closes: #408704).
  * Moved libcurl/openssl to the new package libcurl4-openssl, now
    libcurl4 contains a version with no SSL or GSSAPI support (any
    future cryptographic stuff will be kept out of there).
  * Package libcurl4-dev now contains the matching headers for libcurl4
    (so crypto stuff).

 -- Domenico Andreoli <cavok@debian.org>  Thu,  1 Feb 2007 12:49:32 +0100

curl (7.16.0-1) experimental; urgency=low

  * New upstream release.
  * Bumped shlibs version to 7.16.0-1.
  * libcurl4 and libcurl4-gnutls now only recommend ca-certificates
    (closes: #404103).
  * pkg-config .pc file now uses Libs.private (closes: #405226). 

 -- Domenico Andreoli <cavok@debian.org>  Fri, 26 Jan 2007 14:26:55 +0100

curl (7.15.5-1ubuntu2) feisty; urgency=low

  * Rebuild for changes in the amd64 toolchain.
  * Set Ubuntu maintainer address.

 -- Matthias Klose <doko@ubuntu.com>  Mon,  5 Mar 2007 01:14:05 +0000

curl (7.15.5-1ubuntu1) feisty; urgency=low

  * Merge from debian unstable. Remaining Ubuntu changes:
    - debian/control: Drop libdb4.2 build dependency.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 30 Oct 2006 10:56:48 +0100

curl (7.15.5-1) unstable; urgency=low

  * New upstream release:
    - fixed nodes removal from the splay tree (closes: #375076).
  * Make package build also if $TAPE is set (closes: #377470).
  * Bumped shlibs version to 7.15.5-1.

 -- Domenico Andreoli <cavok@debian.org>  Mon,  7 Aug 2006 10:26:13 +0200

curl (7.15.4-1ubuntu1) edgy; urgency=low

  * Synchronize to Debian. Only change left: Removal of stunnel and
    libdb4.2-dev build dependencies.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 29 Jun 2006 15:04:24 +0200

curl (7.15.4-1) unstable; urgency=low

  * New upstream release.
  * Bumped shlibs version to 7.15.4-1.

 -- Domenico Andreoli <cavok@debian.org>  Wed, 14 Jun 2006 14:41:16 +0200

curl (7.15.3-2) unstable; urgency=low

  * Fixed bug in configure.ac that makes FTBFS (closes: #367954).

 -- Domenico Andreoli <cavok@debian.org>  Wed, 31 May 2006 15:18:26 +0200

curl (7.15.3-1) unstable; urgency=high

  * New upstream release:
    - fixed TFTP packet buffer overflow vulnerability
      [lib/tftp.c, CVE-2006-1061].
    - improved curl_getenv.3 manpage grammar (closes: #357388).

 -- Domenico Andreoli <cavok@debian.org>  Mon, 20 Mar 2006 11:46:25 +0100

curl (7.15.2-3) unstable; urgency=low

  * Applied upstream patch to fix multi interface and multi-part formposts
    (closes: #355715).
  * Build back with -O2, gcc 4.0.2-10 fixed the previously trigged bug.

 -- Domenico Andreoli <cavok@debian.org>  Wed,  8 Mar 2006 15:29:15 +0100

curl (7.15.2-2) unstable; urgency=low

  * Added missing autotools invocation. Re-added versioned symbols
    (closes: #355241).
  * Bumped shlibs version to 7.15.2-2.
  * Build with -O3 to work around sospicious segfaults on tests 253
    and 255.

 -- Domenico Andreoli <cavok@debian.org>  Sat,  4 Mar 2006 22:47:23 +0100

curl (7.15.2-1) unstable; urgency=low

  * New upstream release.
  * Bumped shlibs version to 7.15.2-1.
  * Adopted debhelper's compatibility level 5.

 -- Domenico Andreoli <cavok@debian.org>  Wed,  1 Mar 2006 16:12:51 +0100

curl (7.15.1-1ubuntu2) dapper; urgency=low

  * SECURITY UPDATE: Arbitrary remote code execution with long tftp:// URLs.
  * lib/tftp.c: Fix unbounded sprintf() to avoid buffer overflow. Thanks to
    Ulf Harnhammar for discovering this.
  * CVE-2006-1061

 -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 16 Mar 2006 11:30:25 +0100

curl (7.15.1-1ubuntu1) dapper; urgency=low

  * Resynchronise with Debian to get URL parser overflow fix from 7.15.1
    (CVE-2005-4077).

 -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 12 Dec 2005 15:04:52 +0100

curl (7.15.1-1) unstable; urgency=low

  * New upstream release:
    - fixed buffer overflow in URL parser function (closes: #342339).

 -- Domenico Andreoli <cavok@debian.org>  Wed,  7 Dec 2005 11:11:38 +0100

curl (7.15.0-5.1) unstable; urgency=high

  * Non-maintainer upload.
  * Urgency high for RC bug fix.
  * Let libcurl3-*-dev depend on libkrb5-dev (closes: #340784, #340916).

 -- Luk Claes <luk@debian.org>  Sun,  4 Dec 2005 11:59:20 +0100

curl (7.15.0-5) unstable; urgency=low

  * libcurl3-gnutls-dev and libcurl3-openssl-dev now only recommend
    libkrb5-dev (closes: #334888).
  * Applied upstream patch to fix error message in case FTP-path does
    not exist (closes: #338680).
  * Applied upstream patch to fix parsing of --limit-rate command line
    option (closes: #338681).

 -- Domenico Andreoli <cavok@debian.org>  Fri, 25 Nov 2005 10:30:25 +0100

curl (7.15.0-4ubuntu1) dapper; urgency=low

  * Resynchronise with Debian (only change left: Removal of stunnel build
    dependency).
  * Remove libdb4.2-dev build dependency.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 10 Nov 2005 17:44:35 -0500

curl (7.15.0-4) unstable; urgency=low

  * Fixed output of curl-config --vernum (closes: #335296).
  * libcurl3-openssl-dev now replaces libcurl3-dev older than 7.14.1-1
    (closes: #335277).

 -- Domenico Andreoli <cavok@debian.org>  Tue, 25 Oct 2005 11:48:53 +0200

curl (7.15.0-3) unstable; urgency=low

  * libcurl3 and libcurl3-gnutls now suggest libldap2 (closes: #294407).

  * Re-introduced libcurl3-dev package for transition reasons.

 -- Domenico Andreoli <cavok@debian.org>  Wed, 19 Oct 2005 12:45:43 +0200

curl (7.15.0-2) unstable; urgency=low

  * Fixed depends of libcurl3-*-dev packages (closes: #334021, #333609, #334048).
  * Bumped shlibs version to 7.15.0-1 (closes: #334053).

 -- Domenico Andreoli <cavok@debian.org>  Sun, 16 Oct 2005 15:34:40 +0200

curl (7.15.0-1) unstable; urgency=low

  * New upstream release:
    - fixed user+domain name buffer overflow in the NTLM code
      (CAN-2005-3185, closes: #333734).
    - libcurl3-*-dev packages now depend on libkrb5-dev (closes: #333609).
    - improved docs about curl_easy_setopt() and ERRORBUFFER (closes: #329313).

 -- Domenico Andreoli <cavok@debian.org>  Fri, 14 Oct 2005 13:32:06 +0200

curl (7.14.1-5) unstable; urgency=low

  * Added build dependency on libtool (closes: #332729, #333174).

 -- Domenico Andreoli <cavok@debian.org>  Tue, 11 Oct 2005 10:05:36 +0200

curl (7.14.1-4) unstable; urgency=low

  * Fixed SEE ALSO section in curl_excape.3 (closes: #331505).
  * Fixed configure.ac when --host=i586-mingw32msvc is given (closes: #329444).
  * Added missing example files (closes: #331722).
  * Updated build dependency for OpenSSL 0.9.8 transition.

 -- Domenico Andreoli <cavok@debian.org>  Mon, 10 Oct 2005 12:43:25 +0200

curl (7.14.1-3) experimental; urgency=low

  * Fixed soname of libcurl-gnutls.so* variant.
  * Fixed broken sentence (closes: #329305).
  * Fixed reference to TheArtOfHttpScripting.gz (closes: #329299).
  * Added clarification about WRITEFUNCTION and WRITEDATA (closes: #329311).

 -- Domenico Andreoli <cavok@debian.org>  Wed, 28 Sep 2005 17:13:51 +0200

curl (7.14.1-2) experimental; urgency=low

  * Started using the system-wide CA certificate file (closes: #308514).
  * Fixed apostrophe typos in the curl man page (closes: #326511).
  * Only curl_* symbols are now globally visible outside of libcurl.

 -- Domenico Andreoli <cavok@debian.org>  Sat, 17 Sep 2005 23:52:28 +0200

curl (7.14.1-1) experimental; urgency=low

  * New upstream release.
  * libcurl3-gnutls has a modified soname and may be installed together
    with libcurl3 (closes: #318590).
  * Both libcurl3 and libcurl3-gnutls are built with versioned symbols
    and with support of GSSAPI authentication.
  * Renamed libcurl3-dev to libcurl3-openssl-dev.
  * Dropped package libcurl3-gssapi.

 -- Domenico Andreoli <cavok@debian.org>  Thu, 15 Sep 2005 23:59:32 +0200

curl (7.14.0-5) unstable; urgency=low

  * Added libcurl3-gnutls and libcurl3-gnutls-dev packages (closes: #318590).
  * libcurl3-gssapi now has its own shlibs file. Packages built with this
    package installed will depend on it.

 -- Domenico Andreoli <cavok@debian.org>  Thu, 18 Aug 2005 02:26:38 +0200

curl (7.14.0-4) unstable; urgency=low

  * OpenSSL is back (closes: #321294, #321391).

 -- Domenico Andreoli <cavok@debian.org>  Fri,  5 Aug 2005 23:34:45 +0200

curl (7.14.0-3) unstable; urgency=low

  * Updated the use of dpkg-architecture (closes: #320046).
  * Added missing aclocal file libcurl.m4 to libcurl3-dev (closes: #315848).
  * Added (many) missing man pages (closes: #315850).
  * OpenSSL is replaced by GnuTLS in providing SSL support (closes: #318590).
  * Heimdal is replaced by MIT Kerberos in providing GSSAPI support.

 -- Domenico Andreoli <cavok@debian.org>  Tue,  2 Aug 2005 22:34:01 +0200

curl (7.14.0-2ubuntu1) breezy; urgency=low

  * Synchronize with Debian.

 -- Matthias Klose <doko@ubuntu.com>  Tue, 26 Jul 2005 19:03:01 +0200

curl (7.14.0-2) unstable; urgency=low

  * Rebuilt and uploaded to unstable.

 -- Domenico Andreoli <cavok@debian.org>  Wed, 15 Jun 2005 11:41:32 +0200

curl (7.14.0-1) experimental; urgency=low

  * New upstream release.

 -- Domenico Andreoli <cavok@debian.org>  Tue, 17 May 2005 10:42:35 +0200

curl (7.13.2-3) unstable; urgency=high

  * HTTP response headers with null bytes are now correctly managed
    (closes: #310948).

 -- Domenico Andreoli <cavok@debian.org>  Fri,  3 Jun 2005 23:59:30 +0200

curl (7.13.2-2) unstable; urgency=low

  * Fixed conditional build of package libcurl3-gssapi
    (closes: #303939, #303953).

 -- Domenico Andreoli <cavok@debian.org>  Mon, 11 Apr 2005 19:00:27 +0200

curl (7.13.2-1) unstable; urgency=low

  * New upstream release:
    - fixed curl man page typos (closes: #302820).

 -- Domenico Andreoli <cavok@debian.org>  Tue,  5 Apr 2005 14:41:13 +0200

curl (7.13.1-3) unstable; urgency=low

  * Fixed hanging of some SSL connections (closes: #302366).

 -- Domenico Andreoli <cavok@debian.org>  Thu, 31 Mar 2005 16:27:41 +0200

curl (7.13.1-2) unstable; urgency=low

  * Rebuilt to get the correct libidn11 dependency (closes: #299348).
  * Added some missing documentation files (closes: #298855).

 -- Domenico Andreoli <cavok@debian.org>  Wed, 16 Mar 2005 14:30:03 +0100

curl (7.13.1-1) unstable; urgency=low

  * New upstream release.
  * Bumped up shlibs version for libcurl3 because of new curl options.

 -- Domenico Andreoli <cavok@debian.org>  Fri,  4 Mar 2005 16:03:17 +0100

curl (7.13.0-2) unstable; urgency=high

  * Fixed NTLM Authentication buffer overflow (closes: #296678).
    Patch courtesy of Daniel Stenberg. This handles CAN-2005-0490.
  * Removed libcurl2* packages and all the scary stuff used to build them
    (closes: #274631).

 -- Domenico Andreoli <cavok@debian.org>  Thu, 24 Feb 2005 10:07:22 +0100

curl (7.13.0-1) unstable; urgency=low

  * New upstream release.
  * libcurl3 now suggests package libldap2-dev to enable support for
    LDAP protocol.
  * Bumped up shlibs version for libcurl3 because of new curl options.

 -- Domenico Andreoli <cavok@debian.org>  Sat,  5 Feb 2005 10:39:52 +0100

curl (7.12.3-2ubuntu3) hoary; urgency=low

  * Fix the version numbers internal to debian/rules.  Closes; #8088

 -- LaMont Jones <lamont@ubuntu.com>  Wed, 23 Mar 2005 18:41:29 -0700

curl (7.12.3-2) unstable; urgency=low

  * Disabled test suite on m68k, it stalls.

 -- Domenico Andreoli <cavok@debian.org>  Thu, 30 Dec 2004 11:11:48 +0100

curl (7.12.3-1) unstable; urgency=low

  * New upstream release:
    - fixed debug tracing to network socket is stderr is closed
      (closes: #278691).
  * Applied patch to fix getpass license problems (closes: #286794).
    Patch courtesy of Daniel Stenberg.
  * Bumped up shlibs version for libcurl3 because of new curl options.

 -- Domenico Andreoli <cavok@debian.org>  Mon, 27 Dec 2004 12:50:30 +0100

curl (7.12.2-2) unstable; urgency=low

  * libcurl3-dbg package is now built by dh_strip --dbg-package
    (closes: #274710).
  * Added build dependency on libdb4.2-dev.

 -- Domenico Andreoli <cavok@debian.org>  Thu,  4 Nov 2004 11:36:17 +0100

curl (7.12.2-1) unstable; urgency=low

  * New upstream release.
  * Update diff to 7.11.2.
  * Add debian/watch file.
  * Add myself as a uploader.

 -- Matthias Klose <doko@debian.org>  Wed,  3 Nov 2004 00:55:52 +0100

curl (7.12.1-1) unstable; urgency=low

  * New upstream release:
    - workaround for ASN1_STRING_to_UTF8 failing if input is already
      UTF-8 encoded (closes: #264711).
  * Bumped up shlibs version for libcurl3 because of the introduction
    of FTP 3rd party transfer support options.

 -- Domenico Andreoli <cavok@debian.org>  Tue, 10 Aug 2004 11:40:29 +0200

curl (7.12.0.rel-6) unstable; urgency=low

  * In rebuilding the 7.11.2 tree starting from the 7.12.0 one,
    lib/getdate.y is patched before lib/getdate.c (closes: #262597).

 -- Domenico Andreoli <cavok@debian.org>  Sun,  1 Aug 2004 17:59:57 +0200

curl (7.12.0.rel-5) unstable; urgency=low

  * Tests are performed only if build target and building host are the
    same and are not kfreebsd-gnu or knetbsd-gnu (closes: #261591).
  * On hurd-i386 libcurl3-gssapi is not built.

 -- Domenico Andreoli <cavok@debian.org>  Thu, 29 Jul 2004 15:17:51 +0200

curl (7.12.0.rel-4) unstable; urgency=low

  * Added build dependency on groff-base to really build the built-in
    manual.
  * libcurl3 now replaces old libcurl2 versions (closes: #255262).

 -- Domenico Andreoli <cavok@debian.org>  Tue, 20 Jul 2004 11:40:09 +0200

curl (7.12.0.rel-3) unstable; urgency=low

  * Enabled curl's built-in manual. 
  * configure script for 7.11.2 is now managed correctly.

 -- Domenico Andreoli <cavok@debian.org>  Sun, 18 Jul 2004 22:25:00 +0200

curl (7.12.0.rel-2) unstable; urgency=low

  * libcurl2 uses curl-ca-bundle-7.11.2.crt (closes: #255262).
    Yes, it is a hack to not add libcurl-common package right now.

 -- Domenico Andreoli <cavok@debian.org>  Sun, 18 Jul 2004 16:40:45 +0200

curl (7.12.0.rel-1) experimental; urgency=low

  * Version 7.12.0 is back with proper libcurl3* packages.
  * libcurl2* 7.11.2 packages are still provided (closes: #252879).
  * Enabled again the support for libidn.

 -- Domenico Andreoli <cavok@debian.org>  Sun,  6 Jun 2004 23:09:33 +0200

curl (7.12.0.is.7.11.2-1) unstable; urgency=low

  * Reverted to version 7.11.2 (closes: #252348).
  * Disabled support for libidn (closes: #252367). This is to leave
    curl in unstable as much similar as possible to the one in testing.

 -- Domenico Andreoli <cavok@debian.org>  Fri,  4 Jun 2004 19:09:25 +0200

curl (7.12.0-1) unstable; urgency=low

  * New upstream release:
    - fixed minor man page problem (closes: #232928)
    - improved --create-dirs description in curl man page (closes: #251351)
  * Enabled support for libidn. 

 -- Domenico Andreoli <cavok@debian.org>  Wed,  2 Jun 2004 18:06:05 +0200

curl (7.11.2-2) unstable; urgency=low

  * Fixed curl.1 man page (closes: #232928).
    Patch courtesy of Daniel Stenberg, the upstream developer.

 -- Domenico Andreoli <cavok@debian.org>  Tue, 27 Apr 2004 19:47:09 +0200

curl (7.11.2-1) unstable; urgency=low

  * New upstream release.
  * Bumped up shlibs version because of the introduction of
    CURLOPT_TCP_NODELAY option.

 -- Domenico Andreoli <cavok@debian.org>  Mon, 26 Apr 2004 14:14:20 +0200

curl (7.11.1-2) unstable; urgency=low

  * Added GSSAPI support to package libcurl2-gssapi (closes: #241553). 

 -- Domenico Andreoli <cavok@debian.org>  Fri,  2 Apr 2004 18:03:15 +0200

curl (7.11.1-1) unstable; urgency=low

  * New upstream release.
  * Bumped up shlibs version because of the introduction of
    CURLOPT_POSTFIELDSIZE_LARGE option.

 -- Domenico Andreoli <cavok@debian.org>  Fri, 19 Mar 2004 11:39:07 +0100

curl (7.11.0-4) unstable; urgency=low

  * Applied fix from upstream's CVS which adds another CRLF in
    chunked-transfers.

 -- Domenico Andreoli <cavok@debian.org>  Sun,  1 Feb 2004 13:19:02 +0100

curl (7.11.0-3) unstable; urgency=low

  * "Fixed" build process, now the right file is searched for CA
    certificates (closes: #228182).

 -- Domenico Andreoli <cavok@debian.org>  Sat, 31 Jan 2004 20:06:10 +0100

curl (7.11.0-2) unstable; urgency=low

  * Test suite is still performed but is not critical for the build
    being successful any more.

 -- Domenico Andreoli <cavok@debian.org>  Fri, 30 Jan 2004 13:03:03 +0100

curl (7.11.0-1) unstable; urgency=low

  * New upstream release. 

 -- Domenico Andreoli <cavok@debian.org>  Sun, 25 Jan 2004 17:50:43 +0100

curl (7.10.8+7.11.0-pre1-1) unstable; urgency=low

  * New upstream pre-release:
    - proxy+ssl now passes post variables (closes: #222901)
    - various test case problems exposed in #222140 should now be fixed.
  * Bumped up shlibs version because of the introduction of
    CURLOPT_NETRC_FILE and CURLOPT_FTP_SSL options in libcurl.

 -- Domenico Andreoli <cavok@debian.org>  Wed, 14 Jan 2004 17:35:46 +0100

curl (7.10.8-1) unstable; urgency=low

  * New upstream release:
    - fixed LDAP support (closes: #149609)
    - cleaner environment for testsuite execution (closes: #210253)
    - fixed lib/Makefile.am's use of LDFLAGS (closes: #212086)
    - fixed name clash in curl.h with respect to unistd.h (closes: #213180)
    - fixed typo in curl manpage (closes: #218046).
  * Bumped up shlibs version because of new libcurl options.
  * Added stunnel to the Build-Depends in order to enable SSL test cases.

 -- Domenico Andreoli <cavok@debian.org>  Mon,  3 Nov 2003 10:26:12 +0100

curl (7.10.7-2) unstable; urgency=low

  * Fixed bug in cache_resolv_response on alpha and ia64 (closes: #207174).
    Patch courtesy of Jurij Smakov.

 -- Domenico Andreoli <cavok@debian.org>  Mon,  8 Sep 2003 21:55:46 +0200

curl (7.10.7-1) unstable; urgency=low

  * New upstream release.
  * Bumped up shlibs version because of the introduction of CURLOPT_PROXYAUTH
    and CURLOPT_FTP_CREATE_MISSING_DIRS options in libcurl.

 -- Domenico Andreoli <cavok@debian.org>  Mon, 18 Aug 2003 00:19:43 +0200

curl (7.10.6-3) unstable; urgency=low

  * Applied patch to fix test 60 on ia64.

 -- Domenico Andreoli <cavok@debian.org>  Sat,  9 Aug 2003 04:26:15 +0200

curl (7.10.6-2) unstable; urgency=low

  * Applied patch from upstream to fix url globbing (closes: #203827).
  * make test is still performed on building debug stuff but errors
    are ignored.

 -- Domenico Andreoli <cavok@debian.org>  Thu,  7 Aug 2003 02:20:46 +0200

curl (7.10.6-1) unstable; urgency=low

  * New upstream release:
    - added spport for http_proxy env var with name:passwd
      (closes: #193630).
  * make test is invoked after build 

 -- Domenico Andreoli <cavok@debian.org>  Tue, 29 Jul 2003 01:26:50 +0200

curl (7.10.5-1) unstable; urgency=low

  * New upstream release:
    - fixed typo in curl's man page (closes: #189272).
  * New libcurl option CURLOPT_FTP_USE_EPRT has been added, bumped
    up shlibs.

 -- Domenico Andreoli <cavok@debian.org>  Mon, 19 May 2003 23:57:12 +0200

curl (7.10.4-1) unstable; urgency=low

  * New upstream release:
    - now uses new settings properly when re-using an existing connection
      (closes: #185254)
    - curl man page now refers to MANUAL (closes: #178509).
  * Changed section of libcurl2-dev and libcurl2-dbg to libdevel. 

 -- Domenico Andreoli <cavok@debian.org>  Wed,  2 Apr 2003 21:25:24 +0200

curl (7.10.3-3) unstable; urgency=low

  * Rebuilt to link against libssl0.9.7.
  * Improved package descriptions thanks to suggestions provided by
    Filip Van Raemdonck <mechanix@debian.org> (closes: #177995).

 -- Domenico Andreoli <cavok@debian.org>  Fri, 14 Mar 2003 16:08:38 +0100

curl (7.10.3-2) unstable; urgency=low

  * Development package is now named libcurl2-dev, it provides
    libcurl-dev.  People can now safely make their build dependencies
    and be sure to use the right stuff.
  * New package libcurl2-dbg is provided to help in debugging sessions.

 -- Domenico Andreoli <cavok@debian.org>  Mon, 20 Jan 2003 22:04:32 +0100

curl (7.10.3-1) unstable; urgency=low

  * New upstream release.
  * It now suggests ca-certificates package.

 -- Domenico Andreoli <cavok@debian.org>  Thu, 16 Jan 2003 00:27:48 +0100

curl (7.10.2-2) unstable; urgency=low

  * Added AM_MAINTAINER_MODE to configure.in (closes: #170050).

 -- Domenico Andreoli <cavok@debian.org>  Fri, 22 Nov 2002 14:28:22 +0100

curl (7.10.2-1) unstable; urgency=low

  * New upstream release:
    - fixed segfault on retrieving relative redirects (closes: #165382)
    - fixed a leak of debug output (closes: #167678).
  * Updated config.guess and config.sub (closes: #166153).
  * Added zlib1g-dev to build and libcurl-dev dependencies
    (closes: #169654).
  * Added HTML and PDF versions of all manpages in libcurl-dev package.

 -- Domenico Andreoli <cavok@debian.org>  Wed, 20 Nov 2002 23:38:24 +0100

curl (7.10.1-1) unstable; urgency=low

  * New upstream release. 

 -- Domenico Andreoli <cavok@debian.org>  Fri, 11 Oct 2002 23:26:50 +0200

curl (7.10-1) unstable; urgency=low

  * New upstream release:
    - new way to use option -x to prevent curl from using any proxy
      server (closes: #161153).

 -- Domenico Andreoli <cavok@debian.org>  Wed,  2 Oct 2002 01:04:20 +0200

curl (7.9.8-2) unstable; urgency=low

  * Added again libcurl2-ssl to the libcurl2 conflicts.

 -- Domenico Andreoli <cavok@debian.org>  Thu,  4 Jul 2002 02:35:24 +0200

curl (7.9.8-1) unstable; urgency=low

  * New upstream release.
  * Double flavor of curl to support both non-SSL and SSL is gone.
    Now curl comes only with SSL. Who needs SSL can require curl
    version >= 7.9.8 .

 -- Domenico Andreoli <cavok@debian.org>  Mon, 24 Jun 2002 23:04:37 +0200

curl (7.9.7-2) unstable; urgency=low

  * Fixed the bashism in debian/rules (closes: #147352).
  * SSL and non-SSL series of curl packages are now built from the
    same source. thanks crypto-in-main! :)

 -- Domenico Andreoli <cavok@debian.org>  Mon, 20 May 2002 23:28:05 +0200

curl (7.9.7-1) unstable; urgency=low

  * New upstream release. 

 -- Domenico Andreoli <cavok@debian.org>  Wed, 15 May 2002 21:09:19 +0200

curl (7.9.6-1) unstable; urgency=low

  * New upstream release.
  * libcurl.3 manpage is now installed by libcurl-dev instead of
    libcurl2. Indeed it provides an overview on how to use libcurl in
    C programs.

 -- Domenico Andreoli <cavok@debian.org>  Sat, 20 Apr 2002 17:06:51 +0200

curl (7.9.5-2) unstable; urgency=low

  * curl-ssl stuff moved from non-US to main.

 -- Domenico Andreoli <cavok@debian.org>  Mon, 25 Mar 2002 23:40:02 +0100

curl (7.9.5-1) unstable; urgency=low

  * New upstream release (closes: #134608).
  * Added autotools-dev to the build dependencies. config.{guess,sub}
    can now be updated automatically in the build process.

 -- Domenico Andreoli <cavok@debian.org>  Tue, 12 Mar 2002 19:06:21 +0100

curl (7.9.3-2) unstable; urgency=low

  * Upstream source code has been correctly imported in my CVS
    repository (closes: #130906).

 -- Domenico Andreoli <cavok@debian.org>  Sun, 27 Jan 2002 22:23:54 +0100

curl (7.9.3-1) unstable; urgency=low

  * New upstream release:
    - fixed wrong assumption on char signedness (closes: #127011)
    - missing header added accordingly (closes: #130401)
  * Fixed a typo in curl description (closes: #124526).

 -- Domenico Andreoli <cavok@debian.org>  Thu, 24 Jan 2002 20:04:04 +0100

curl (7.9.2-1) unstable; urgency=low

  * New upstream release:
    - two bad timeout matters in libcurl2 are now solved (closes: #118595).

 -- Domenico Andreoli <cavok@debian.org>  Fri,  7 Dec 2001 16:58:45 +0100

curl (7.9.1-3) unstable; urgency=low

  * Fixed return type of Curl_ftpsendf(...) to CURLcode (closes: #120485).
  * Versions in debian/libcurl2.shlibs have been incremented to
    ">= 7.9.1-1".

 -- Domenico Andreoli <cavok@debian.org>  Thu, 22 Nov 2001 15:35:40 +0100

curl (7.9.1-2) unstable; urgency=low

  * Reverted to unpatched released 7.9.1 source tree, patch behavior
    was weird.

 -- Domenico Andreoli <cavok@debian.org>  Thu, 15 Nov 2001 18:05:58 +0100

curl (7.9.1-1) unstable; urgency=low

  * New upstream release.
  * Applied upstream patch #478780 found on sourceforge, fixes libcurl
    which didn't restore SIGALRM handler (closes: #118595).
  * Applied patch for patch #478780 of above, see bug #118595 in BTS.
    Patch courtesy of Enrik Berkhan <Enrik.Berkhan@planb.de>.
  * Build-Depends reduced to what is strictly required for building.
    autoconf, automake and libtool build dependencies are gone.

 -- Domenico Andreoli <cavok@debian.org>  Fri,  9 Nov 2001 13:56:36 +0100

curl (7.9-1) unstable; urgency=low

  * New upstream release:
    - output of "curl-config --libs" now includes -lcurl.

 -- Domenico Andreoli <cavok@debian.org>  Tue, 25 Sep 2001 18:38:46 +0200

curl (7.8-3) unstable; urgency=low

  * Added libc6-dev to libcurl2-dev dependencies.
  * Fixed lack of some FD_ZERO(...)s in lib/transfer.c (closes: #105516).

 -- Domenico Andreoli <cavok@debian.org>  Fri,  3 Aug 2001 16:32:20 +0200

curl (7.8-2) unstable; urgency=low

  * libcurl2.shlibs now includes version numbers. some new symbols have
    been introduced in libcurl 7.8, so program linked against 7.8 cannot
    work with older ones.
  * IPv6 support is now enabled
  * configure.in has been renamed to autoconf.ac to force the use of
    autoconf 2.50

 -- Domenico Andreoli <cavok@debian.org>  Thu,  5 Jul 2001 01:38:24 +0200

curl (7.8-1) unstable; urgency=low

  * New upstream release. 
  * Applied patch for correct shared library versioning of libcurl, curl
    7.8 comes with broken shared library version out of the box.
    Patch provided by upstream developer.

 -- Domenico Andreoli <cavok@debian.org>  Sat,  9 Jun 2001 21:12:05 +0200

curl (7.7.3-3) unstable; urgency=low

  * Fixed manpages libcurl-dev with required simlinks (closes: 99610).

 -- Domenico Andreoli <cavok@debian.org>  Mon,  4 Jun 2001 14:37:49 +0200

curl (7.7.3-2) unstable; urgency=low

  * lib/url.c and lib/version.c are now fixed (closes: #97709).
  * install upstream changelog (closes: #97628).

 -- Domenico Andreoli <cavok@debian.org>  Fri, 18 May 2001 10:32:25 +0200

curl (7.7.3-1) unstable; urgency=low

  * New upstream release. 
  * Using dh_installman instead dh_installmanpages.
  * Installing libcurl examples with dh_installexamples.
  * Policy 3.5.3.0 compliant.

 -- Domenico Andreoli <cavok@debian.org>  Thu, 10 May 2001 09:45:05 +0200

curl (7.7.2-1) unstable; urgency=low

  * New upstream release. 

 -- Domenico Andreoli <cavok@debian.org>  Tue, 24 Apr 2001 09:14:51 +0200

curl (7.7.1-2) unstable; urgency=low

  * Fixed debian/rules (closes: #78232, #93837). 

 -- Domenico Andreoli <cavok@debian.org>  Tue, 17 Apr 2001 17:12:19 +0200

curl (7.7.1-1) unstable; urgency=low

  * New upstream release. 

 -- Domenico Andreoli <cavok@debian.org>  Tue, 10 Apr 2001 13:26:09 +0200

curl (7.7-1) unstable; urgency=low

  * New upstream release.
  * Fixed formatting errors in curl.1 (closes: #90281). 

 -- Domenico Andreoli <cavok@debian.org>  Fri, 23 Mar 2001 18:25:26 +0100

curl (7.6.1-5) unstable; urgency=low

  * Fixed debian/libcurl1.shlibs in order to solve any problem for those
    packages which should depend on either libcurl1 or libcurl1-ssl.
    I should have done it long time ago.

 -- Domenico Andreoli <cavok@debian.org>  Tue, 13 Mar 2001 18:29:06 +0100

curl (7.6.1-4) unstable; urgency=low

  * Added versioned Build-Depend for debhelper.

 -- Domenico Andreoli <cavok@debian.org>  Tue,  6 Mar 2001 15:16:02 +0100

curl (7.6.1-3) unstable; urgency=low

  * Refining the transition to debhelper compatibility 2. I forgot the
    executable in the curl package (closes: #87886).

 -- Domenico Andreoli <cavok@debian.org>  Wed, 28 Feb 2001 14:31:43 +0100

curl (7.6.1-2) unstable; urgency=low

  * Switched to debhelper compatibility version 2.

 -- Domenico Andreoli <cavok@debian.org>  Fri, 23 Feb 2001 18:24:02 +0100

curl (7.6.1-1) unstable; urgency=low

  * New upstream release. 

 -- Domenico Andreoli <cavok@libero.it>  Tue, 13 Feb 2001 18:04:04 +0100

curl (7.6-2) unstable; urgency=low

  * Adjusted dependencies in order to let curl-ssl package manage a
    smooth upgrade from potato.

 -- Domenico Andreoli <cavok@libero.it>  Fri,  9 Feb 2001 13:36:11 +0100

curl (7.6-1) unstable; urgency=low

  * New upstream release.

 -- Domenico Andreoli <cavok@libero.it>  Mon, 29 Jan 2001 16:00:59 +0100

curl (7.5.2-2) unstable; urgency=low

  * This is a service upload in order to fix dependencies problems arose
    for a ill-formed upload of 7.5.2-1.

 -- Domenico Andreoli <cavok@libero.it>  Mon, 29 Jan 2001 14:54:57 +0100

curl (7.5.2-1) unstable; urgency=low

  * New upstream release.
  * It needed to be recompiled against the new libc (closes: #80256).

 -- Domenico Andreoli <cavok@libero.it>  Mon, 15 Jan 2001 13:08:15 +0100

curl (7.5-1) unstable; urgency=low

  * New upstream release. 

 -- Domenico Andreoli <cavok@libero.it>  Mon,  4 Dec 2000 13:15:33 +0100

curl (7.4.2-2) unstable; urgency=low

  * curl replaces curl-ssl. curl is only a frontend for libcurl and is not
    aware of any protocol, libcurl is. so what is really different whether
    ssl is enable or not is only libcurl.
  * curl now depends on (libcurl0 | libcurl0-ssl).
  * The workaround for libtool -rpath parameter is not required, so
    it has been removed from configure.in.
  * Removed "Suggests: " field in control file for libcurl0. It suggested
    to install curl and libcurl-dev too but it really doesn't make sense
    (this change was really applied in -1).

 -- Domenico Andreoli <cavok@libero.it>  Tue, 28 Nov 2000 14:27:29 +0100

curl (7.4.2-1) unstable; urgency=low

  * New upstream release. 

 -- Domenico Andreoli <cavok@libero.it>  Fri, 17 Nov 2000 16:19:23 +0100

curl (7.2.1-1) unstable; urgency=low

  * New upstream release. 

 -- Domenico Andreoli <cavok@libero.it>  Mon,  4 Sep 2000 01:22:44 +0200

curl (7.1-3) unstable; urgency=low

  * Added "Suggests: " field in control file for libcurl0. Now curl and
    libcurl-dev are suggested upon installation of libcurl0.

 -- Domenico Andreoli <cavok@libero.it>  Mon, 14 Aug 2000 15:01:08 +0200

curl (7.1-2) unstable; urgency=low

  * Fixed a line that did not install development manpages.

 -- Domenico Andreoli <cavok@libero.it>  Thu, 10 Aug 2000 14:32:23 +0200

curl (7.1-1) unstable; urgency=low

  * New upstream release.
  * libcurl is now a separate package, it provides shared libraries and
    includes to allow developing for other applications.

 -- Domenico Andreoli <cavok@libero.it>  Wed,  9 Aug 2000 01:21:25 +0200

curl (6.5.2-4) unstable; urgency=low

  * Some missing build dependencies (autoconf, automake, libtool) added.

 -- Domenico Andreoli <cavok@libero.it>  Sat,  8 Jul 2000 00:13:16 +0200

curl (6.5.2-3) unstable; urgency=low

  * Due to some policy and technical restrictions, curl's source package
    has been splitted again in two, one for main archive and one for non-US.

 -- Domenico Andreoli <cavok@libero.it>  Tue,  4 Jul 2000 15:52:14 +0200

curl (6.5.2-2) unstable; urgency=low

  * Added a Build-Depends in order to compile curl-ssl only if
    libssl09-dev is installed.
  * Documentation reflects the new location of curl debian packages
    home page (http://curl-deb.sourceforge.net).
  * Corrected minor spelling errors in README.Debian.

 -- Domenico Andreoli <cavok@libero.it>  Sat, 17 Jun 2000 01:13:19 +0200

curl (6.5.2-1) unstable; urgency=low

  * New upstream release.
  * Now curl and curl-ssl binary packages are generated from the same
    debian source package.
  * Uploads and downloads are now performed simultaneously (closes: #56627).

 -- Domenico Andreoli <cavok@libero.it>  Sat, 25 Mar 2000 01:06:35 +0100

curl (6.4-1) unstable; urgency=low

  * New upstream release.

 -- Domenico Andreoli <cavok@libero.it>  Sun, 30 Jan 2000 02:21:32 +0100

curl (6.3.1-1) unstable; urgency=low

  * New upstream release.

 -- Domenico Andreoli <cavok@libero.it>  Sat, 11 Dec 1999 17:38:13 +0100

curl (6.2-1) unstable; urgency=low

  * New upstream release.
  * No hack to compile without SSL is required anymore. Fixed by
    upstream maintainer.

 -- Domenico Andreoli <cavok@libero.it>  Mon,  1 Nov 1999 00:37:32 +0100

curl (6.0-1) unstable; urgency=low

  * New upstream release.

 -- Domenico Andreoli <cavok@freemail.it>  Mon, 27 Sep 1999 22:28:13 +0200

curl (5.11-1.1) unstable; urgency=low

  * Put sources into the right section.

 -- Domenico Andreoli <cavok@freemail.it>  Mon, 30 Aug 1999 03:14:21 +0200

curl (5.11-1) unstable; urgency=low

  * New upstream release.
  * New debian maintainer.

 -- Domenico Andreoli <cavok@freemail.it>  Fri, 27 Aug 1999 11:50:04 +0200

curl (5.9-2) unstable; urgency=low

  * Moved to non-US, and compiled against ssl (closes: #40099).

 -- Leon Breedt <ljb@debian.org>  Sat,  3 Jul 1999 15:46:54 +0200

curl (5.9-1) unstable; urgency=low

  * New upstream release.

 -- Leon Breedt <ljb@debian.org>  Sun, 23 May 1999 21:51:30 +0200

curl (5.8-1) unstable; urgency=low

  * Initial Release.

 -- Leon Breedt <ljb@debian.org>  Sun,  9 May 1999 18:55:48 +0200