--- libsoup-2.2.93.orig/debian/docs +++ libsoup-2.2.93/debian/docs @@ -0,0 +1,3 @@ +NEWS +README +AUTHORS --- libsoup-2.2.93.orig/debian/control +++ libsoup-2.2.93/debian/control @@ -0,0 +1,53 @@ +Source: libsoup +Section: devel +Priority: optional +Maintainer: Loic Minier +Uploaders: Debian GNOME Maintainers , Akira TAGOH , Andreas Rottmann , Andrew Lau , Carlos Perelló Marín , Clément Stenac , Ed Boraas , Edd Dumbill , Emil Soleyman-Zomalan , Guilherme de S. Pastore , Gustavo Noronha Silva , J.H.M. Dassen (Ray) , Joe Drew , Johannes Rohr , Jordi Mallach , Jose Carlos Garcia Sogo , Josselin Mouette , Marc 'HE' Brockschmidt , Ondřej Surý , Rob Bradford , Robert McQueen , Ross Burton , Sebastien Bacher , Sjoerd Simons , Takuo KITAME +Build-Depends: debhelper (>> 3.0.0), libglib2.0-dev (>= 2.6.0), libgnutls-dev, libxml2-dev, cdbs, gtk-doc-tools, gnome-pkg-tools +Standards-Version: 3.6.2 + +Package: libsoup2.2-dev +Section: devel +Architecture: any +Depends: ${misc:Depends}, libsoup2.2-8 (= ${Source-Version}), libglib2.0-dev, libgnutls-dev, libxml2-dev, zlib1g-dev, libgcrypt11-dev, libgpg-error-dev, libtasn1-2-dev +Suggests: libsoup2.2-doc +Description: an HTTP library implementation in C -- Development files + It was originally part of a SOAP (Simple Object Access Protocol) + implementation called Soup, but the SOAP and non-SOAP parts have now been + split into separate packages. + . + libsoup uses the Glib main loop and is designed to work well with GTK + applications. This enables GNOME applications to access HTTP servers + on the network in a completely asynchronous fashion, very similar to + the Gtk+ programming model (a synchronous operation mode is also + supported for those who want it). + +Package: libsoup2.2-8 +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: an HTTP library implementation in C -- Shared library + It was originally part of a SOAP (Simple Object Access Protocol) + implementation called Soup, but the SOAP and non-SOAP parts have now been + split into separate packages. + . + libsoup uses the Glib main loop and is designed to work well with GTK + applications. This enables GNOME applications to access HTTP servers + on the network in a completely asynchronous fashion, very similar to + the Gtk+ programming model (a synchronous operation mode is also + supported for those who want it). + +Package: libsoup2.2-doc +Section: devel +Architecture: all +Recommends: ${misc:Depends}, libsoup2.2-dev +Description: an HTTP library implementation in C -- API Reference + It was originally part of a SOAP (Simple Object Access Protocol) + implementation called Soup, but the SOAP and non-SOAP parts have now been + split into separate packages. + . + libsoup uses the Glib main loop and is designed to work well with GTK + applications. This enables GNOME applications to access HTTP servers + on the network in a completely asynchronous fashion, very similar to + the Gtk+ programming model (a synchronous operation mode is also + supported for those who want it). --- libsoup-2.2.93.orig/debian/rules +++ libsoup-2.2.93/debian/rules @@ -0,0 +1,26 @@ +#!/usr/bin/make -f + +# upstream version +UPSTREAM_VERSION := $(shell dpkg-parsechangelog | grep ^Version | sed -ne 's/^Version: //g' -e 's/-[A-Za-z0-9\.]*$$//pg') + +ifeq ($(wildcard configure.in),configure.in) +SOUP_CURRENT := $(shell grep '^SOUP_CURRENT=' configure.in | sed -e 's/SOUP_CURRENT=//g') +SOUP_AGE := $(shell grep '^SOUP_AGE=' configure.in | sed -e 's/SOUP_AGE=//g') +SOUP_SOVERSION := $(shell expr $(SOUP_CURRENT) - $(SOUP_AGE)) +endif + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/rules/utils.mk +include /usr/share/cdbs/1/class/gnome.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk +include /usr/share/gnome-pkg-tools/1/rules/uploaders.mk + + +DEB_SHLIBDEPS_INCLUDE_libsoup2.2-dev := debian/libsoup2.2-${SOUP_SOVERSION}/usr/lib +DEB_DH_MAKESHLIBS_ARGS_ALL := -V'libsoup2.2-${SOUP_SOVERSION} (>= ${UPSTREAM_VERSION})' +DEB_CONFIGURE_EXTRA_FLAGS += --enable-gtk-doc + +binary-post-install/libsoup2.2-dev:: + find debian/libsoup2.2-dev/usr/lib/pkgconfig -type f -name '*.pc' -print0 | xargs -0r chmod 644 + --- libsoup-2.2.93.orig/debian/libsoup2.2-doc.install +++ libsoup-2.2.93/debian/libsoup2.2-doc.install @@ -0,0 +1 @@ +debian/tmp/usr/share/gtk-doc --- libsoup-2.2.93.orig/debian/changelog +++ libsoup-2.2.93/debian/changelog @@ -0,0 +1,280 @@ +libsoup (2.2.93-0ubuntu1.1) dapper-security; urgency=low + + * SECURITY UPDATE: remote denial-of-service via GET request + * Added 'debian/patches/90_get_crash.patch': extracted from Debian + * References + CVE-2006-5876 + + -- Kees Cook Tue, 23 Jan 2007 11:34:59 -0800 + +libsoup (2.2.93-0ubuntu1) dapper-updates; urgency=low + + * New upstream version: + - Fixed outgoing data corruption caused when SoupServer + started writing out a response a second time after already + having started once. [334469]. Also fixed 342640 and another + bug caused by the workaround for 334469 in 2.2.92. + - Fixed a deadlock when changing a session's proxy URI. + - Fixed https-via-proxies in the synchronous case. + - Fixed a crash in evolution-exchange + - Fixed simple-proxy to not crash at startup. Oops. + + -- Sebastien Bacher Wed, 14 Jun 2006 17:03:10 +0200 + +libsoup (2.2.92-0ubuntu1) dapper; urgency=low + + * New upstream version: + - Fixed server-side digest auth to return a valid "algorithm" + value and client-side to not crash if it sees an invalid one + - Fixed the Request-Line parsing code to not hardcode a + maximum URI length (to allow very long DAAP requests from + iTunes in Rhythmbox). + - Fixed some warnings (signed/unsigned mismatch). + + -- Sebastien Bacher Tue, 11 Apr 2006 19:17:48 +0200 + +libsoup (2.2.91-1ubuntu1) dapper; urgency=low + + * Sync with Debian + * debian/patches/02_xmlrpc_pointer.patch, + debian/patches/03_xmlrpc_array.patch: + - patches for the xmlrpc code + + -- Sebastien Bacher Sat, 11 Mar 2006 15:53:09 +0100 + +libsoup (2.2.91-1) unstable; urgency=low + + * New upstream release with API additions. + - Bump up libglib2.0-dev build-dep to >= 2.6.0. + [debian/control, debian/control.in] + - Drop TODO. + [debian/docs] + * Add empty patches dir. + [debian/patches] + + -- Loic Minier Fri, 10 Mar 2006 12:22:16 +0100 + +libsoup (2.2.7-2) unstable; urgency=low + + * Anchor "Version:" regexp in dpkg-parsechangelog and fix shlibs. + [debian/rules] + + -- Loic Minier Sun, 12 Feb 2006 17:12:46 +0100 + +libsoup (2.2.7-1) unstable; urgency=low + + * Hijack package, set myself as Maintainer, GNOME team uploads. + [debian/control, debian/control.in, debian/rules] + * New upstream release. + - Fixes 100% CPU usage. (Closes: #351713) + * Bump up Standards-Version to 3.6.2. + [debian/control, debian/control.in] + * Add CDBS' utils. + [debian/rules] + * Repair and cleanup computation of SOVERSION. + [debian/rules] + * Add ${misc:Depends} to Depends. + [debian/control, debian/control.in] + * Build-depend and depend on libgnutls-dev instead of libgnutls11-dev. + (Closes: #335757) + [debian/control, debian/control.in] + * Downgrade the Recommends dependency of libsoup-doc on libsoup-dev to a + Suggests. + [debian/control, debian/control.in] + * Drop obsolete files. + [debian/libsoup2.2-doc.files, debian/libsoup2.2-dev.files, debian/dirs] + * Don't overwrite DEB_CONFIGURE_EXTRA_FLAGS and clean it up. + [debian/rules] + * Update FSF address, update AUTHORS list, and clarify Copyright versus + License. + [debian/copyright] + * Let libsoup-dev depend on zlib1g-dev to honor the pkg-config link flags. + [debian/control, debian/control.in] + * Let libsoup-dev depend on libgcrypt11-dev, libgpg-error-dev, + libtasn1-2-dev to honor the libtool dependency_libs line. + [debian/control, debian/control.in] + * Fix permissions of .pc files. + [debian/rules] + + -- Loic Minier Sun, 12 Feb 2006 09:53:41 +0100 + +libsoup (2.2.6-1) unstable; urgency=low + + * New upstream release + * bump package name: libsoup2.2-8 + + -- Takuo KITAME Sat, 10 Sep 2005 10:49:48 +0900 + +libsoup (2.2.3-2) unstable; urgency=low + + * -dev: depends on libgnutls11-dev, libxml2-dev (closes: #268037) + + -- Takuo KITAME Thu, 31 Mar 2005 17:34:29 +0900 + +libsoup (2.2.3-1) unstable; urgency=low + + * New upstream release + + -- Takuo KITAME Tue, 29 Mar 2005 10:54:50 +0900 + +libsoup (2.2.2-1) unstable; urgency=low + + * New upstream release + + -- Takuo KITAME Fri, 4 Feb 2005 14:19:05 +0900 + +libsoup (2.2.1-1) unstable; urgency=low + + * New upstream release + + -- Takuo KITAME Wed, 13 Oct 2004 11:39:50 +0900 + +libsoup (2.2.0-2) unstable; urgency=low + + * fix shlibs info + + -- Takuo KITAME Tue, 31 Aug 2004 14:34:01 +0900 + +libsoup (2.2.0-1) unstable; urgency=low + + * New upstream release + * bump package name to libsoup2.2-7 + + -- Takuo KITAME Tue, 31 Aug 2004 12:03:56 +0900 + +libsoup (2.1.13-1) unstable; urgency=low + + * New upstream release + * bump package name libsoup2.2-3 to libsoup2.2-6 + + -- Takuo KITAME Mon, 16 Aug 2004 11:58:26 +0900 + +libsoup (2.1.12-2) unstable; urgency=low + + * build against libgnutls11 + + -- Takuo KITAME Thu, 5 Aug 2004 18:27:08 +0900 + +libsoup (2.1.12-1) unstable; urgency=low + + * New upstream release + * use cdbs + + -- Takuo KITAME Tue, 20 Jul 2004 14:55:47 +0900 + +libsoup (2.1.11-1) unstable; urgency=low + + * New upstream release + + -- Takuo KITAME Mon, 7 Jun 2004 11:39:52 +0900 + +libsoup (2.1.10-3) unstable; urgency=low + + * added libsoup2.2-doc package + + -- Takuo KITAME Tue, 1 Jun 2004 12:59:24 +0900 + +libsoup (2.1.10-2) unstable; urgency=low + + * upload to unstable + + -- Takuo KITAME Wed, 26 May 2004 12:28:04 +0900 + +libsoup (2.1.10-1) experimental; urgency=low + + * New upstream release + * build against libgnutls10 + + -- Takuo KITAME Mon, 24 May 2004 19:09:13 +0900 + +libsoup (2.1.9-1) experimental; urgency=low + + * New upstream release + + -- Takuo KITAME Wed, 7 Apr 2004 12:24:47 +0900 + +libsoup (2.1.8-1) experimental; urgency=low + + * New upstream release + + -- Takuo KITAME Tue, 9 Mar 2004 11:34:14 +0900 + +libsoup (2.1.7-1) experimental; urgency=low + + * New upstream release + + -- Takuo KITAME Wed, 18 Feb 2004 15:54:49 +0900 + +libsoup (2.1.5-1) experimental; urgency=low + + * New upstream release + + -- Takuo KITAME Tue, 3 Feb 2004 13:53:58 +0900 + +libsoup (2.1.4-1) experimental; urgency=low + + * New upstream release + + -- Takuo KITAME Tue, 20 Jan 2004 15:40:58 +0900 + +libsoup (2.1.3-1) experimental; urgency=low + + * New upstream release + + -- Takuo KITAME Thu, 8 Jan 2004 17:47:13 +0900 + +libsoup (2.1.2-1) experimental; urgency=low + + * New upstream release + * change package name s/2.0/2.2/g + + -- Takuo KITAME Thu, 11 Dec 2003 15:56:02 +0900 + +libsoup (1.99.26-1) unstable; urgency=low + + * New upstream release + + -- Takuo KITAME Wed, 24 Sep 2003 12:17:04 +0900 + +libsoup (1.99.23-1) unstable; urgency=low + + * New upstream release + + -- Takuo KITAME Thu, 12 Jun 2003 11:50:37 +0900 + +libsoup (1.99.22-2) unstable; urgency=low + + * Upload into unstable/main + + -- Takuo KITAME Tue, 3 Jun 2003 15:28:17 +0900 + +libsoup (1.99.22-1) experimental; urgency=low + + * New upstream release + + -- Takuo KITAME Tue, 27 May 2003 18:33:55 +0900 + +libsoup (1.99.20-1) experimental; urgency=low + + * New upstream release + + -- Takuo KITAME Wed, 7 May 2003 11:45:22 +0900 + +libsoup (1.99.17-0.2) experimental; urgency=low + + * --with-gnutls-includes + + -- Takuo KITAME Tue, 6 May 2003 16:59:56 +0900 + +libsoup (1.99.17-0.1) experimental; urgency=low + + * New upstream release + + -- Takuo KITAME Thu, 24 Apr 2003 11:20:10 +0900 + +libsoup (1.99.12-0.1) experimental; urgency=low + + * Initial Release. + + -- Takuo KITAME Wed, 19 Mar 2003 18:09:38 +0900 + --- libsoup-2.2.93.orig/debian/libsoup2.2-8.install +++ libsoup-2.2.93/debian/libsoup2.2-8.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/*.so.* --- libsoup-2.2.93.orig/debian/compat +++ libsoup-2.2.93/debian/compat @@ -0,0 +1 @@ +4 --- libsoup-2.2.93.orig/debian/libsoup2.2-dev.install +++ libsoup-2.2.93/debian/libsoup2.2-dev.install @@ -0,0 +1,6 @@ +debian/tmp/usr/include +debian/tmp/usr/lib/*.so +debian/tmp/usr/lib/*.la +debian/tmp/usr/lib/*.a +debian/tmp/usr/lib/pkgconfig + --- libsoup-2.2.93.orig/debian/control.in +++ libsoup-2.2.93/debian/control.in @@ -0,0 +1,53 @@ +Source: libsoup +Section: devel +Priority: optional +Maintainer: Loic Minier +Uploaders: @GNOME_TEAM@ +Build-Depends: debhelper (>> 3.0.0), libglib2.0-dev (>= 2.6.0), libgnutls-dev, libxml2-dev, cdbs, gtk-doc-tools, gnome-pkg-tools +Standards-Version: 3.6.2 + +Package: libsoup2.2-dev +Section: devel +Architecture: any +Depends: ${misc:Depends}, libsoup2.2-8 (= ${Source-Version}), libglib2.0-dev, libgnutls-dev, libxml2-dev, zlib1g-dev, libgcrypt11-dev, libgpg-error-dev, libtasn1-2-dev +Suggests: libsoup2.2-doc +Description: an HTTP library implementation in C -- Development files + It was originally part of a SOAP (Simple Object Access Protocol) + implementation called Soup, but the SOAP and non-SOAP parts have now been + split into separate packages. + . + libsoup uses the Glib main loop and is designed to work well with GTK + applications. This enables GNOME applications to access HTTP servers + on the network in a completely asynchronous fashion, very similar to + the Gtk+ programming model (a synchronous operation mode is also + supported for those who want it). + +Package: libsoup2.2-8 +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: an HTTP library implementation in C -- Shared library + It was originally part of a SOAP (Simple Object Access Protocol) + implementation called Soup, but the SOAP and non-SOAP parts have now been + split into separate packages. + . + libsoup uses the Glib main loop and is designed to work well with GTK + applications. This enables GNOME applications to access HTTP servers + on the network in a completely asynchronous fashion, very similar to + the Gtk+ programming model (a synchronous operation mode is also + supported for those who want it). + +Package: libsoup2.2-doc +Section: devel +Architecture: all +Recommends: ${misc:Depends}, libsoup2.2-dev +Description: an HTTP library implementation in C -- API Reference + It was originally part of a SOAP (Simple Object Access Protocol) + implementation called Soup, but the SOAP and non-SOAP parts have now been + split into separate packages. + . + libsoup uses the Glib main loop and is designed to work well with GTK + applications. This enables GNOME applications to access HTTP servers + on the network in a completely asynchronous fashion, very similar to + the Gtk+ programming model (a synchronous operation mode is also + supported for those who want it). --- libsoup-2.2.93.orig/debian/patches/02_xmlrpc_pointer.patch +++ libsoup-2.2.93/debian/patches/02_xmlrpc_pointer.patch @@ -0,0 +1,29 @@ +--- libsoup/soup-xmlrpc-response.c 2005-06-14 12:40:23.000000000 -0400 ++++ libsoup/soup-xmlrpc-response.c 2005-08-05 06:52:27.000000000 -0400 +@@ -244,7 +244,7 @@ soup_xmlrpc_value_get_int (SoupXmlrpcVal + *i = strtol (BAD_CAST (content), &tail, 10); + xmlFree (content); + +- if (tail != '\0') ++ if (*tail != '\0') + return FALSE; + else + return TRUE; +@@ -270,7 +270,7 @@ soup_xmlrpc_value_get_double (SoupXmlrpc + *b = g_ascii_strtod (BAD_CAST (content), &tail); + xmlFree (content); + +- if (tail != '\0') ++ if (*tail != '\0') + return FALSE; + else + return TRUE; +@@ -296,7 +296,7 @@ soup_xmlrpc_value_get_boolean (SoupXmlrp + i = strtol (BAD_CAST (content), &tail, 10); + xmlFree (content); + +- if (tail != '\0') ++ if (*tail != '\0') + return FALSE; + + if (i != 0 && i != 1) --- libsoup-2.2.93.orig/debian/patches/90_get_crash.patch +++ libsoup-2.2.93/debian/patches/90_get_crash.patch @@ -0,0 +1,12 @@ +diff -Nur libsoup-2.2.96/libsoup/soup-headers.c libsoup-2.2.96.new/libsoup/soup-headers.c +--- libsoup-2.2.96/libsoup/soup-headers.c 2006-06-12 12:11:12.000000000 -0700 ++++ libsoup-2.2.96.new/libsoup/soup-headers.c 2007-01-23 11:33:54.744356219 -0800 +@@ -32,6 +32,8 @@ + int offset = 0, lws = 0; + + key = strstr (str, "\r\n"); ++ if (!key) ++ return FALSE; + key += 2; + + /* join continuation headers, using a comma */ --- libsoup-2.2.93.orig/debian/patches/03_xmlrpc_array.patch +++ libsoup-2.2.93/debian/patches/03_xmlrpc_array.patch @@ -0,0 +1,34 @@ +diff -Nur libsoup-2.2.7.orig/libsoup/soup-xmlrpc-response.c libsoup-2.2.7/libsoup/soup-xmlrpc-response.c +--- libsoup-2.2.7.orig/libsoup/soup-xmlrpc-response.c 2005-11-01 16:04:23.000000000 +0100 ++++ libsoup-2.2.7/libsoup/soup-xmlrpc-response.c 2005-11-17 18:26:17.000000000 +0100 +@@ -454,7 +454,13 @@ + if (!xml->children || strcmp(xml->children->name, "data") == 0 || xml->children->next) + return FALSE; + +- *iter = (SoupXmlrpcValueArrayIterator *) xml->children; ++ /* . Value is optional in an empty array, ++ * So in that case we're returning a valid null pointer. ++ * Otherwise, we let the value tell us who's next in the collection of ++ * siblings. ++ */ ++ *iter = (SoupXmlrpcValueArrayIterator *) xml->children->children->children; ++ + + return TRUE; + } +@@ -612,13 +618,11 @@ + if (!soup_xmlrpc_value_array_get_iterator (value, &iter)) + g_printerr ("BAD ARRAY\n"); + else { +- SoupXmlrpcValue *evalue; + int i = 0; + g_printerr ("ARRAY\n"); + while (iter != NULL) { +- soup_xmlrpc_value_array_iterator_get_value (iter, &evalue); +- soup_xmlrpc_value_dump_array_element (i, evalue, GINT_TO_POINTER (d+1)); +- iter = soup_xmlrpc_value_array_iterator_next (iter); ++ soup_xmlrpc_value_dump_array_element (i, iter, GINT_TO_POINTER (d+1)); ++ iter = soup_xmlrpc_value_array_iterator_next (iter); + i++; + } + } --- libsoup-2.2.93.orig/debian/copyright +++ libsoup-2.2.93/debian/copyright @@ -0,0 +1,31 @@ +This package was debianized by Takuo KITAME on +Fri, 14 Feb 2003 01:46:38 +0900. + +It was downloaded from ftp.gnome.org + +Upstream Authors and Copyright Holders: + Alex Graveley + Dick Porter + Miguel De Icaza + Joe Shaw + Dan Winship + +License: + + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU Lesser General +Public License can be found in `/usr/share/common-licenses/LGPL'. +