Ubuntu
curl package

Update libcurl package in 12.04LTS to version 7.3x

Bug #1219306 reported by Jesus Castagnetto
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
curl (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

The latest versions of curl solves a problem whereas there will be loss of information, and inconsistent interpretation of data, due to headers inserted by intermediate proxy/ies.

See the details in: https://github.com/bagder/curl/pull/60 and http://sourceforge.net/p/curl/bugs/1204/

The package for 12.04 uses de 7.22 version as a base, and the current (as of today) version is 7.32.0 (http://curl.haxx.se/changes.html#7_32_0).

There are other security fixes in the 7.3x version family.

See original description
Tags: precise
Jesus Castagnetto (jesus-castagnetto)
description: updated
Brian Murray (brian-murray)
tags: added: precise
Revision history for this message
Parker Moore (parkrmoore) wrote :

I have a use-case that requires this update. v7.22 doesn't handle protocol-relative `Location` headers.

When I curl an endpoint (e.g. https://example.org/some-redirect-url) that gives:

    Location: //example.org/some-url/to/a/page/somewhere.html

The current libcurl version on precise -- v7.22 -- barfs on this and redirects the client to an unacceptable:

    https://example.org//example.org/some-url/to/a/page/somewhere.html

v7.30 fixes this and correctly redirects to:

    https://example.org//example.org/some-url/to/a/page/somewhere.html

What is needed to push out this change?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in curl (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.