Version in base suite: 7.88.1-10+deb12u12

Base version: curl_7.88.1-10+deb12u12
Target version: curl_7.88.1-10+deb12u13
Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/curl/curl_7.88.1-10+deb12u12.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/c/curl/curl_7.88.1-10+deb12u13.dsc

 changelog                                     |    8 +++
 patches/fix-CVE-2023-27534-regression-1.patch |   68 ++++++++++++++++++++++++++
 patches/fix-CVE-2023-27534-regression-2.patch |   33 ++++++++++++
 patches/series                                |    3 +
 4 files changed, 112 insertions(+)

diff -Nru curl-7.88.1/debian/changelog curl-7.88.1/debian/changelog
--- curl-7.88.1/debian/changelog	2025-03-09 10:45:45.000000000 +0000
+++ curl-7.88.1/debian/changelog	2025-06-10 02:44:05.000000000 +0000
@@ -1,3 +1,11 @@
+curl (7.88.1-10+deb12u13) bookworm; urgency=medium
+
+  * Team upload.
+  * debian/patches/fix-CVE-2023-27534-regression-{1,2}.patch: add patches from
+    upstream to restore sftp://host/~ behaviour.
+
+ -- Carlos Henrique Lima Melara <charlesmelara@riseup.net>  Mon, 09 Jun 2025 23:44:05 -0300
+
 curl (7.88.1-10+deb12u12) bookworm; urgency=medium
 
   * d/p/runtests.pl-Increase-variance-of-random-seed-used-for-tes: Fix test
diff -Nru curl-7.88.1/debian/patches/fix-CVE-2023-27534-regression-1.patch curl-7.88.1/debian/patches/fix-CVE-2023-27534-regression-1.patch
--- curl-7.88.1/debian/patches/fix-CVE-2023-27534-regression-1.patch	1970-01-01 00:00:00.000000000 +0000
+++ curl-7.88.1/debian/patches/fix-CVE-2023-27534-regression-1.patch	2025-06-10 02:44:05.000000000 +0000
@@ -0,0 +1,68 @@
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 25 Apr 2023 13:06:01 +0200
+Subject: curl_path: bring back support for SFTP path ending in /~
+
+libcurl used to do a directory listing for this case (even though the
+documentation says a URL needs to end in a slash for this), but
+4e2b52b5f7a3 modified the behavior.
+
+This change brings back a directory listing for SFTP paths that are
+specified exactly as /~ in the URL.
+
+Reported-by: Pavel Mayorov
+Fixes #11001
+Closes #11023
+
+Origin: upstream, https://github.com/curl/curl/commit/91b53efa4b6854dc3688f55bfb329b0cafcf5325
+Bug: https://github.com/curl/curl/issues/11001
+Last-Update: 2025-06-09
+---
+ lib/curl_path.c | 31 +++++++++++++++++--------------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+diff --git a/lib/curl_path.c b/lib/curl_path.c
+index 977e533..b4b48fe 100644
+--- a/lib/curl_path.c
++++ b/lib/curl_path.c
+@@ -62,24 +62,27 @@ CURLcode Curl_getworkingpath(struct Curl_easy *data,
+     }
+   }
+   else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
+-          (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
+-    size_t len;
+-    const char *p;
+-    int copyfrom = 3;
++          (!strcmp("/~", working_path) ||
++           ((working_path_len > 2) && !memcmp(working_path, "/~/", 3)))) {
+     if(Curl_dyn_add(&npath, homedir)) {
+       free(working_path);
+       return CURLE_OUT_OF_MEMORY;
+     }
+-    /* Copy a separating '/' if homedir does not end with one */
+-    len = Curl_dyn_len(&npath);
+-    p = Curl_dyn_ptr(&npath);
+-    if(len && (p[len-1] != '/'))
+-      copyfrom = 2;
+-
+-    if(Curl_dyn_addn(&npath,
+-                     &working_path[copyfrom], working_path_len - copyfrom)) {
+-      free(working_path);
+-      return CURLE_OUT_OF_MEMORY;
++    if(working_path_len > 2) {
++      size_t len;
++      const char *p;
++      int copyfrom = 3;
++      /* Copy a separating '/' if homedir does not end with one */
++      len = Curl_dyn_len(&npath);
++      p = Curl_dyn_ptr(&npath);
++      if(len && (p[len-1] != '/'))
++        copyfrom = 2;
++
++      if(Curl_dyn_addn(&npath,
++                       &working_path[copyfrom], working_path_len - copyfrom)) {
++        free(working_path);
++        return CURLE_OUT_OF_MEMORY;
++      }
+     }
+   }
+ 
diff -Nru curl-7.88.1/debian/patches/fix-CVE-2023-27534-regression-2.patch curl-7.88.1/debian/patches/fix-CVE-2023-27534-regression-2.patch
--- curl-7.88.1/debian/patches/fix-CVE-2023-27534-regression-2.patch	1970-01-01 00:00:00.000000000 +0000
+++ curl-7.88.1/debian/patches/fix-CVE-2023-27534-regression-2.patch	2025-06-10 02:44:05.000000000 +0000
@@ -0,0 +1,33 @@
+From: Carlos Henrique Lima Melara <charlesmelara@riseup.net>
+Date: Thu, 5 Jun 2025 14:29:06 +0200
+Subject: curl_path: make SFTP handle a path like /~ properly.
+
+... without a trailing slash.
+
+Fixes #17534
+Closes #17542
+
+Origin: upstream, https://github.com/curl/curl/commit/0ede81dcc61844cecce8904fb4de24319afeb024
+Bug: https://github.com/curl/curl/issues/17534
+Last-Update: 2025-06-09
+---
+ lib/curl_path.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/curl_path.c b/lib/curl_path.c
+index b4b48fe..db66fb0 100644
+--- a/lib/curl_path.c
++++ b/lib/curl_path.c
+@@ -84,6 +84,12 @@ CURLcode Curl_getworkingpath(struct Curl_easy *data,
+         return CURLE_OUT_OF_MEMORY;
+       }
+     }
++    else {
++      if(Curl_dyn_add(&npath, "/")) {
++        free(working_path);
++        return CURLE_OUT_OF_MEMORY;
++      }
++    }
+   }
+ 
+   if(Curl_dyn_len(&npath)) {
diff -Nru curl-7.88.1/debian/patches/series curl-7.88.1/debian/patches/series
--- curl-7.88.1/debian/patches/series	2025-03-09 10:45:45.000000000 +0000
+++ curl-7.88.1/debian/patches/series	2025-06-10 02:44:05.000000000 +0000
@@ -65,6 +65,9 @@
 # Fix test issues with port clashes, now each build has a different random seed.
 runtests.pl-Increase-variance-of-random-seed-used-for-tes.patch
 
+fix-CVE-2023-27534-regression-1.patch
+fix-CVE-2023-27534-regression-2.patch
+
 # Do not add patches below.
 # Used to generate packages for the other crypto libraries.
 90_gnutls.patch