On Wed, 2025-02-19 at 21:57 -0300, Matheus Polkorny wrote: > The reason is to fix CVE-2024-11053 [1], when both a `.netrc` file > for credentials and HTTP redirects are used, curl could leak the > password from the first host to the redirect target in certain cases.
I'm not sure if either of the sets of changes for these bugs caused the issue, but the new curl upload FTBFS for both the arch:all and amd64 builds, with test failures: TESTFAIL: These test cases failed: 320 324 This is quite reproducible - so far 3 times on "all" and 2 on amd64. Regards, Adam
