Debian Patches
Status for curl/8.14.1-2+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| ZZZgnutls-build.patch | Build with GnuTLS. | Steve McIntyre <93sam@debian.org> | not-needed | vendor | 2024-11-06 | |
| build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch | build: Divide mit-krb5-gssapi link flags between LDFLAGS and LIBS From the comments nearby about not having --libs-only-L, it looks as though the intention was to apply a split like this to all dependency libraries where possible, and the only reason it was not done for Kerberos is that krb5-config doesn't have that feature and pkg-config was originally not supported here. For example, zlib, libssh and librtmp all have their flags from pkg-config split in this way. Now that pkg-config is supported here, we can do the intended split. |
Simon McVittie <smcv@collabora.com> | no | 2022-11-22 | ||
| 11_omit-directories-from-config.patch | Omit directories embedding arch info from curl-config In order to (partially) multi-arch-ify curl-config, remove all mention of @includedir@ and @libdir@ from the script. On Debian, the actual header and library directories are architecture-dependent, but will always be in the C compiler's default search path, so -I and -L options are not necessary (and may be harmful in multi-arch environments.) |
Benjamin Moody <benjamin.moody@gmail.com> | not-needed | debian | vendor | 2025-02-05 |
| tool_getparam_fix_ftp_pasv.patch | [PATCH] tool_getparam: fix --ftp-pasv This boolean option was moved to the wrong handling function. Make it an ARG_NONE and move it to the correct handler and add a test to verify that the option works. Follow-up to 698491f44 Fixes #17545 Closes #17547 |
Dan Fandrich <dan@coneharvesters.com> | no | 2025-06-06 | ||
| curl_path_make_SFTP_handle_a_path.patch | [PATCH] curl_path: make SFTP handle a path like /~ properly. ... without a trailing slash. Fixes #17534 Closes #17542 |
Carlos Henrique Lima Melara <charlesmelara@riseup.net> | no | 2025-06-05 | ||
| tool_operate_fix_return_code_when_retry_is_used_but_not_triggered.patch | [PATCH] tool_operate: fix return code when --retry is used but not triggered Verify with test 752 Fixes #17554 Closes #17559 |
Daniel Stenberg <daniel@haxx.se> | no | 2025-06-09 | ||
| cookie-don-t-treat-the-leading-slash-as-trailing.patch | [PATCH] cookie: don't treat the leading slash as trailing If there is only a leading slash in the path, keep that. Also add an assert to make sure the path is never blank. Closes #18266 |
Daniel Stenberg <daniel@haxx.se> | no | 2025-08-11 | ||
| CVE-2025-10148.patch | [PATCH] ws: get a new mask for each new outgoing frame Closes #18496 Changes: * Refresh patch context for lib/ws.c * Adapt return value to current function return type |
Daniel Stenberg <daniel@haxx.se> | no | 2025-09-08 | ||
| wcurl-Set-CURL_OPTIONS-right-before-the-url.patch | [PATCH] Set CURL_OPTIONS right before the url I'm reordering the parameters used in the curl invocation to have "CURL-OPTIONS" be set for last, allowing "--output" to also be overwritten and making the curl invocation more clear, as having "--continue-at -" not right before the URL looks weird. As far as my tests went, this has no functionality side effect other than allowing "output" to be set by the user. * Modify wcurl patch to apply on curl sources by changing the location of the wcurl script from wcurl to scripts/wcurl. |
Samuel Henrique <samueloph@debian.org> | no | 2025-09-21 | ||
| wcurl-Fix-example-for-continue-at.patch | [PATCH] Fix example for "continue-at" It stopped working after we introduced the "--no-clobber" option, to make the example work again we just need to explicitly override it with "--clobber". Thanks to Thomas Braun for reporting it. Closes: https://github.com/curl/wcurl/issues/61 * Modify wcurl patch to apply on curl sources by changing the location of the wcurl script from wcurl to scripts/wcurl. * Drop changes to wcurl's README file as they are not in the curl sources. |
Samuel Henrique <samueloph@debian.org> | no | 2025-09-21 | ||
| wcurl-CVE-2025-11563.patch | [PATCH] Don't percent-decode '/' and '\' in output file name * Modify wcurl patch to apply on curl sources by changing the location of the wcurl script from wcurl to scripts/wcurl. * Drop changes to wcurl's tests as they are not in the curl sources. * Swap placement of logical AND (&&) operator in conditions of the if statement to match the new approach; i.e.; they are written in the beginning of the line instead of the end now. * Pull fix from https://github.com/curl/wcurl/pull/75, prefixing values in UNSAFE_PERCENT_ENCODE with "%". |
Samuel Henrique <samueloph@debian.org> | no | 2025-10-12 |
All known versions for source package 'curl'
- 8.17.0-2 (sid)
- 8.17.0-1 (forky)
- 8.16.0-4~bpo13+1 (trixie-backports)
- 8.14.1-2+deb13u2 (trixie-proposed-updates)
- 8.14.1-2 (trixie)
- 8.14.1-2~bpo12+1 (bookworm-backports)
- 7.88.1-10+deb12u14 (bookworm)
- 7.88.1-10+deb12u5 (bookworm-security)