--- poco-1.3.6p1.orig/debian/README.source +++ poco-1.3.6p1/debian/README.source @@ -0,0 +1,27 @@ +This package uses dpatch to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +To get the fully patched source after unpacking the source package, cd +to the root level of the source package and run: + + debian/rules patch + +Removing a patch is as simple as removing its entry from the +debian/patches/00list file, and please also remove the patch file +itself. + +Creating a new patch is done with "dpatch-edit-patch patch XX_patchname" +where you should replace XX with a new number and patchname with a +descriptive shortname of the patch. You can then simply edit all the +files your patch wants to edit, and then simply "exit 0" from the shell +to actually create the patch file. + +To tweak an already existing patch, call "dpatch-edit-patch XX_patchname" +and replace XX_patchname with the actual filename from debian/patches +you want to use. + +To clean up afterwards again, "debian/rules unpatch" will do the +work for you - or you can of course choose to call +"fakeroot debian/rules clean" all together. + --- poco-1.3.6p1.orig/debian/changelog +++ poco-1.3.6p1/debian/changelog @@ -0,0 +1,178 @@ +poco (1.3.6p1-4+deb7u1build1) trusty-security; urgency=medium + + * fake sync from Debian + + -- Steve Beattie Wed, 14 Feb 2018 14:40:55 -0800 + +poco (1.3.6p1-4+deb7u1) wheezy-security; urgency=high + + [Maxime Chatelle] + * Adds debian/patches/70_fix_CVE-2014-0350.dpatch (Closes: #746637). + The patch is backported from poco-1.4.7 where the vulnerability + has been fixed. + + [Jochen Sprickerhof] + * Add backported patch for CVE-2017-1000472 + + -- Jochen Sprickerhof Wed, 10 Jan 2018 13:11:20 +0100 + +poco (1.3.6p1-4) unstable; urgency=low + + * Wheezy cleanup release (3): should fix FTBFS on GNU/kFreeBSD for real. + * debian/patches/60_no_link_dl_rt.dpatch: link against {dl,rt} libraries + only for Poco Foundation, and both on Linux and kFreeBSD. + + -- Cristian Greco Fri, 27 Jul 2012 23:08:20 +0200 + +poco (1.3.6p1-3) unstable; urgency=low + + * Wheezy cleanup release (2): pull some more fixes from experimental. + * All FTBFS are fixed now. (Closes: #626088, #650059, #680807) + * debian/rules: + - select the right configuration options for GNU/kFreeBSD. + - drop extra --no-fpenvironment option now that arm is gone. + * debian/control: fix and expand short and extended descriptions. + + -- Cristian Greco Fri, 27 Jul 2012 07:15:34 +0200 + +poco (1.3.6p1-2) unstable; urgency=low + + * Wheezy cleanup release: pull some patches from the poco version in + experimental to fix FTBFS and other important problems. + * debian/patches: + - 20_ftbfs_gcc47.dpatch: fix FTBFS with gcc-4.7. + - 30_fix_odbc_makefile.dpatch: use multiarch tuple when detecting + odbc library path. (Closes: #654238) + - 40_fix_kfreebsd_ftbfs.dpatch: fix FTBFS on GNU/kFreeBSD. + - 50_fix_mipsel_endianness.dpatch: correctly detect mipsel + architecture. + * debian/rules: don't build the testsuite as we don't actually run it. + * debian/source/format: dpkg format is 1.0. + * debian/control: + - add myself as uploader. + - remove Krzysztof Burghardt from uploaders. (Closes: #678877) + + -- Cristian Greco Thu, 26 Jul 2012 21:26:56 +0200 + +poco (1.3.6p1-1) unstable; urgency=low + + * New Upstream Version + * Removed 20_unbundled.dpatch (merged into upstream) + * Removed 30_sh-support.dpatch (merged into upstream) + + -- Patrick Gansterer Thu, 24 Dec 2009 11:13:32 +0100 + +poco (1.3.6-1) unstable; urgency=low + + * New Upstream Version + * Corrected package dependencies (Closes: #545854) + * Removed 20_gcc44-missing-include.dpatch (merged into upstream) + * Now using upstream unbundled implementation (Closes: #560936) + + using r1294 from SVN poco 1.3.6 branch + + new patch: 20_unbundled.dpatch + + removed patch: 30_use-system-zlib.dpatch + + new build dependencies: libpcre3-dev, libsqlite3-dev + * Added 30_sh-support.dpatch to support sh4 (Closes: #548113) + + -- Patrick Gansterer Thu, 17 Dec 2009 03:07:02 +0100 + +poco (1.3.5-1) unstable; urgency=low + + * New upstream release. + * *-dbg packages moved to section debug. + * 30_crypto-testsuit-missing-libs.dpatch removed. + * POCO no longer use statically linked zlib: + + new patch: 30_use-system-zlib.dpatch + + new build dependency: zlib1g-dev + * Updated Standards-Version to 3.8.3, no changes needed. + + -- Krzysztof Burghardt Sun, 30 Aug 2009 19:49:57 +0200 + +poco (1.3.3p1-2) unstable; urgency=low + + * Fixed FTBFS with GCC 4.4 due to missing #include (Closes: #505619) + * Renamed 20_gcc43-missing-include.dpatch to 20_gcc44-missing-include.dpatch + * Downgraded dependencies on -dbg packages (Closes: #504342) + + -- Krzysztof Burghardt Sat, 15 Nov 2008 11:39:15 +0100 + +poco (1.3.3p1-1) unstable; urgency=low + + * New upstream release. + * 30_missing_paltforms.dpatch removed (merged into upstream). + * libpoco-dev provides, conflicts, replaces libpoco5-dev. + + -- Krzysztof Burghardt Wed, 29 Oct 2008 18:45:34 +0100 + +poco (1.3.2+dfsg1-3) unstable; urgency=low + + * Add dpatch 30_missing_paltforms to debian/patches/00list (Closes: #487934) + + -- Krzysztof Burghardt Thu, 26 Jun 2008 21:29:10 +0200 + +poco (1.3.2+dfsg1-2) unstable; urgency=low + + * Acknowledge NMU + * Add dpatch 30_missing_paltforms to support m68k and s390 (Closes: #487934) + * Suggests libpoco-doc instead of libpoco5-doc (Closes: #487394) + * Updated Standards-Version to 3.8.0, no changes needed (Closes: #487392) + + -- Krzysztof Burghardt Wed, 25 Jun 2008 18:38:34 +0200 + +poco (1.3.2+dfsg1-1.1) unstable; urgency=low + + * Non-maintainer upload. + * libpoco5-dev provides, conflicts, replaces libpoco-dev (Closes: #487353) + + -- George Danchev Sat, 21 Jun 2008 10:05:06 +0000 + +poco (1.3.2+dfsg1-1) unstable; urgency=low + + * New upstream + * Acknowledge NMU + * Upstream tarball repacked to remove non DFSG-free pieces + * debian/changelog: Homepage: pseudo-header changed to regular field + * debian/control: + + Splited POCO into several small packages as all libraries + and their debug version are about 10MB. + + Updated Standards-Version: to 3.7.3 (no changes needed) + * debian/rules: + + Re-enabled test suite (--no-tests removed) + + Removed CFLAGS + * debian/watch: updated to track data branch + * debian/patches/10_disable-rpath.dpatch: updated for 1.3.2 + * debian/patches/20_gcc43-missing-include.dpatch: replaces all other + gcc 4.3 patches + + -- Krzysztof Burghardt Mon, 09 Jun 2008 00:28:50 +0200 + +poco (1.2.9-2.1) unstable; urgency=low + + * Non-maintainer upload to fix clamfs' FTBFS + * Added 40_gcc_4.3_missing_include.dpatch to add a missing header + in Foundation/include/Poco/FIFOStrategy.h (Closes: #455147) + * Moved Homepage from pseudo field to real field + * Added a watch file + * Updated Standards-Version to 3.7.3, no changes needed + + -- Maximiliano Curia Fri, 21 Mar 2008 19:29:38 -0300 + +poco (1.3.0-1) experimental; urgency=low + + * New upstream + + -- Krzysztof Burghardt Thu, 10 May 2007 22:32:19 +0200 + +poco (1.2.9-2) unstable; urgency=medium + + * Add patch for GCC-4.3 (Closes: #421144) + * Fixed build problem on arm (missing configure option --no-fpenvironment) + * Fixed build problem on powerpc + + -- Krzysztof Burghardt Fri, 27 Apr 2007 18:33:48 +0200 + +poco (1.2.9-1) unstable; urgency=low + + * Initial release (Closes: #406402) + + -- Krzysztof Burghardt Mon, 12 Mar 2007 20:56:32 +0100 --- poco-1.3.6p1.orig/debian/compat +++ poco-1.3.6p1/debian/compat @@ -0,0 +1 @@ +5 --- poco-1.3.6p1.orig/debian/control +++ poco-1.3.6p1/debian/control @@ -0,0 +1,409 @@ +Source: poco +Priority: optional +Maintainer: Cristian Greco +Uploaders: Patrick Gansterer , Maxime Chatelle +Build-Depends: debhelper (>= 5), dpatch, libexpat1-dev, libmysqlclient-dev, libpcre3-dev (>= 7.8), libsqlite3-dev (>= 3.6.13), libssl-dev (>= 0.9.8), unixodbc-dev, zlib1g-dev +Standards-Version: 3.8.3 +Section: libs +Homepage: http://poco.sourceforge.net/ +Vcs-Browser: http://git.debian.org/?p=collab-maint/poco.git +Vcs-Git: git://git.debian.org/git/collab-maint/poco.git + +Package: libpoco-dev +Section: libdevel +Architecture: any +Depends: libpococrypto9 (= ${binary:Version}), libpocodata9 (= ${binary:Version}), libpocofoundation9 (= ${binary:Version}), libpocomysql9 (= ${binary:Version}), libpoconet9 (= ${binary:Version}), libpoconetssl9 (= ${binary:Version}), libpocoodbc9 (= ${binary:Version}), libpocosqlite9 (= ${binary:Version}), libpocoutil9 (= ${binary:Version}), libpocoxml9 (= ${binary:Version}), libpocozip9 (= ${binary:Version}) +Suggests: libpoco-doc, libpococrypto9-dbg (= ${binary:Version}), libpocodata9-dbg (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), libpocomysql9-dbg (= ${binary:Version}), libpoconet9-dbg (= ${binary:Version}), libpoconetssl9-dbg (= ${binary:Version}), libpocoodbc9-dbg (= ${binary:Version}), libpocosqlite9-dbg (= ${binary:Version}), libpocoutil9-dbg (= ${binary:Version}), libpocoxml9-dbg (= ${binary:Version}), libpocozip9-dbg (= ${binary:Version}) +Provides: libpoco5-dev +Conflicts: libpoco5-dev +Replaces: libpoco5-dev +Description: C++ Portable Components (POCO) Development files + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + POCO consists of four core libraries, and a number of add-on libraries. The + core libraries are Foundation, XML, Util and Net. Two of the add-on libraries + are NetSSL, providing SSL support for the network classes in the Net library, + and Data, a library for uniformly accessing different SQL databases. + +Package: libpococrypto9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpococrypto9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Crypto library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of the POCO Crypto library. + +Package: libpococrypto9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Crypto library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO Crypto library. + +Package: libpocodata9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpocodata9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Data library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of the POCO Data library. + +Package: libpocodata9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Data library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO Data library. + +Package: libpocofoundation9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Foundation library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of POCO Foundation library. + +Package: libpocofoundation9 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Foundation library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO Foundation library. + +Package: libpocomysql9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpocomysql9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), libpocodata9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) MySQL library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of the POCO MySQL library. + +Package: libpocomysql9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), libpocodata9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) MySQL library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO MySQL library. + +Package: libpoconet9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpoconet9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Network library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of POCO Network library. + +Package: libpoconet9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Network library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO Network library. + +Package: libpoconetssl9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpoconetssl9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), libpococrypto9-dbg (= ${binary:Version}), libpoconet9-dbg (= ${binary:Version}), libpocoutil9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Network library with SSL (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of POCO Network SSL library. + +Package: libpoconetssl9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), libpococrypto9 (= ${binary:Version}), libpoconet9 (= ${binary:Version}), libpocoutil9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Network library with SSL + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO Network SSL library. + +Package: libpocoodbc9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpocoodbc9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), libpocodata9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) ODBC library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of the POCO ODBC library. + +Package: libpocoodbc9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), libpocodata9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) ODBC library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO ODBC library. In Debian, it is linked against + unixODBC but also iODBC can be used instead. + +Package: libpocosqlite9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpocosqlite9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), libpocodata9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) SQLite library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of the POCO SQLite library. + +Package: libpocosqlite9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), libpocodata9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) SQLite library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO SQLite library. + +Package: libpocoutil9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpocoutil9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), libpocoxml9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Util library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of POCO Util library. + +Package: libpocoutil9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), libpocoxml9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Util library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides POCO Util library. + +Package: libpocoxml9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpocoxml9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) XML library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of POCO XML library. + +Package: libpocoxml9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) XML library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO XML library. + +Package: libpocozip9-dbg +Priority: extra +Section: debug +Architecture: any +Depends: libpocozip9 (= ${binary:Version}), libpocofoundation9-dbg (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Zip library (debug version) + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the debug version of POCO Zip library. + +Package: libpocozip9 +Architecture: any +Depends: libpocofoundation9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: C++ Portable Components (POCO) Zip library + The POCO C++ Libraries are a collection of open source C++ class libraries + that simplify and accelerate the development of network-centric, portable + applications in C++. The libraries integrate perfectly with the C++ Standard + Library and fill many of the functional gaps left open by it. + . + POCO is built strictly using standard ANSI/ISO C++, including the standard + library. The contributors attempt to find a good balance between using advanced + C++ features and keeping the classes comprehensible and the code clean, + consistent and easy to maintain. + . + This package provides the POCO Zip library. --- poco-1.3.6p1.orig/debian/copyright +++ poco-1.3.6p1/debian/copyright @@ -0,0 +1,281 @@ +This package was debianized by Krzysztof Burghardt on +Mon, 12 Mar 2007 20:56:32 +0100. + +It was downloaded from http://poco.sourceforge.net/ + +Upstream Authors: Guenter Obiltschnig + Alex Fabijanic + Peter Schojer + Claus Dabringer + Andrew Marlow (public@marlowa.plus.com) + Caleb Epstein (caleb.epstein@gmail.com) + Andrew J. P. Maclean (a.maclean@optusnet.com.au) + +Copyright: 1983, 1993 The Regents of the University of California + 1990-2, 1991-2 RSA Data Security, Inc. + 1995-2005 Jean-loup Gailly + 1995-2005 Mark Adler + 1997-2004 University of Cambridge + 1998, 1999, 2000 Thai Open Source Software Center Ltd + 2000, 2001, 2002 Kevlin Henney + 2001, 2002, 2003 Expat maintainers. + 2004-2006, Applied Informatics Software Engineering GmbH. + +License (except Expat XML Parser Toolkit, Code from the FreeBSD Project, +MD2 (RFC 1319) Message-Digest Algorithm, MD4 (RFC 1320) Message-Digest +Algorithm, MD5 (RFC 1321) Message-Digest Algorithm, Perl Compatible Regular +Expressions (PCRE), zlib, SQlite and CppUnit): + + Boost Software License - Version 1.0 - August 17th, 2003 + + Permission is hereby granted, free of charge, to any person or organization + obtaining a copy of the software and accompanying documentation covered by + this license (the "Software") to use, reproduce, display, distribute, + execute, and transmit the Software, and to prepare derivative works of the + Software, and to permit third-parties to whom the Software is furnished to + do so, all subject to the following: + + The copyright notices in the Software and this entire statement, including + the above license grant, this restriction and the following disclaimer, + must be included in all copies of the Software, in whole or in part, and + all derivative works of the Software, unless such copies or derivative + works are solely in the form of machine-executable object code generated by + a source language processor. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT + SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE + FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. + +License (Expat XML Parser Toolkit): + + Copyright © 1998, 1999, 2000 Thai Open Source Software Center Ltd + and Clark Cooper + Copyright © 2001, 2002, 2003 Expat maintainers. + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +License (Code from the FreeBSD Project): + + Copyright © 1983, 1993 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +License (MD2 (RFC 1319) Message-Digest Algorithm): + + Copyright © 1990-2, RSA Data Security, Inc. Created 1990. All + rights reserved. + + License to copy and use this software is granted for + non-commercial Internet Privacy-Enhanced Mail provided that it is + identified as the "RSA Data Security, Inc. MD2 Message Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + +License (MD4 (RFC 1320) Message-Digest Algorithm): + + Copyright © 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD4 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD4 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + +License (MD5 (RFC 1321) Message-Digest Algorithm): + + Copyright © 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + +License (Perl Compatible Regular Expressions (PCRE)): + + PCRE is a library of functions to support regular expressions whose syntax + and semantics are as close as possible to those of the Perl 5 language. + + Release 5 of PCRE is distributed under the terms of the "BSD" licence, as + specified below. The documentation for PCRE, supplied in the "doc" + directory, is distributed under the same terms as the software itself. + + Written by: Philip Hazel + + University of Cambridge Computing Service, + Cambridge, England. Phone: +44 1223 334714. + + Copyright © 1997-2004 University of Cambridge + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of the University of Cambridge nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +License (zlib): + + Copyright © 1995-2005 Jean-loup Gailly and Mark Adler + + This software is provided 'as-is', without any express or implied + warranty. In no event will the authors be held liable for any damages + arising from the use of this software. + + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute it + freely, subject to the following restrictions: + + 1. The origin of this software must not be misrepresented; you must not + claim that you wrote the original software. If you use this software + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + 2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original software. + 3. This notice may not be removed or altered from any source distribution. + +License (SQlite): + + The original author of SQLite has dedicated the code to the public domain. + Anyone is free to copy, modify, publish, use, compile, sell, or distribute + the original SQLite code, either in source code form or as a compiled binary, + for any purpose, commercial or non-commercial, and by any means. + +License (CppUnit): + + Permission to reproduce and create derivative works from the Software + ("Software Derivative Works") is hereby granted to you under the + copyright of Michael Feathers. Michael Feathers also grants you the + right to distribute the Software and Software Derivative Works. + + Michael Feathers licenses the Software to you on an "AS IS" basis, + without warranty of any kind. Michael Feathers HEREBY EXPRESSLY + DISCLAIMS ALL WARRANTIES OR CONDITIONS, EITHER EXPRESS OR IMPLIED, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF + MERCHANTABILITY, NON INFRINGEMENT AND FITNESS FOR A PARTICULAR + PURPOSE. You are solely responsible for determining the + appropriateness of using the Software and assume all risks associated + with the use and distribution of this Software, including but not + limited to the risks of program errors, damage to or loss of data, + programs or equipment, and unavailability or interruption of + operations. MICHAEL FEATHERS WILL NOT BE LIABLE FOR ANY DIRECT DAMAGES + OR FOR ANY SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES OR FOR ANY ECONOMIC + CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), EVEN IF + MICHAEL FEATHERS HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + Michael Feathers will not be liable for the loss of, or damage to, your + records or data, or any damages claimed by you based on a third party + claim. + + You agree to distribute the Software and any Software Derivatives under + a license agreement that: 1) is sufficient to notify all licensees of + the Software and Software Derivatives that Michael Feathers assumes no + liability for any claim that may arise regarding the Software or + Software Derivatives, and 2) that disclaims all warranties, both + express and implied, from Michael Feathers regarding the Software and + Software Derivatives. (If you include this Agreement with any + distribution of the Software and Software Derivatives you will have + meet this requirement). You agree that you will not delete any + copyright notices in the Software. + + This Agreement is the exclusive statement of your rights in the + Software as provided by Michael Feathers. Except for the licenses + granted to you in the second paragraph above, no other licenses are + granted hereunder, by estoppel, implication or otherwise. + +The Debian packaging is © 2007, Krzysztof Burghardt and +is licensed under the Boost Software License - Version 1.0 - August 17th, 2003. --- poco-1.3.6p1.orig/debian/libpoco-dev.docs +++ poco-1.3.6p1/debian/libpoco-dev.docs @@ -0,0 +1,2 @@ +NEWS +README --- poco-1.3.6p1.orig/debian/libpoco-dev.install +++ poco-1.3.6p1/debian/libpoco-dev.install @@ -0,0 +1,2 @@ +usr/include/* +usr/lib/lib*.so --- poco-1.3.6p1.orig/debian/libpococrypto9-dbg.install +++ poco-1.3.6p1/debian/libpococrypto9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoCryptod.so.* --- poco-1.3.6p1.orig/debian/libpococrypto9.install +++ poco-1.3.6p1/debian/libpococrypto9.install @@ -0,0 +1 @@ +usr/lib/libPocoCrypto.so.* --- poco-1.3.6p1.orig/debian/libpocodata9-dbg.install +++ poco-1.3.6p1/debian/libpocodata9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoDatad.so.* --- poco-1.3.6p1.orig/debian/libpocodata9.install +++ poco-1.3.6p1/debian/libpocodata9.install @@ -0,0 +1 @@ +usr/lib/libPocoData.so.* --- poco-1.3.6p1.orig/debian/libpocofoundation9-dbg.install +++ poco-1.3.6p1/debian/libpocofoundation9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoFoundationd.so.* --- poco-1.3.6p1.orig/debian/libpocofoundation9.install +++ poco-1.3.6p1/debian/libpocofoundation9.install @@ -0,0 +1 @@ +usr/lib/libPocoFoundation.so.* --- poco-1.3.6p1.orig/debian/libpocomysql9-dbg.install +++ poco-1.3.6p1/debian/libpocomysql9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoMySQLd.so.* --- poco-1.3.6p1.orig/debian/libpocomysql9.install +++ poco-1.3.6p1/debian/libpocomysql9.install @@ -0,0 +1 @@ +usr/lib/libPocoMySQL.so.* --- poco-1.3.6p1.orig/debian/libpoconet9-dbg.install +++ poco-1.3.6p1/debian/libpoconet9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoNetd.so.* --- poco-1.3.6p1.orig/debian/libpoconet9.install +++ poco-1.3.6p1/debian/libpoconet9.install @@ -0,0 +1 @@ +usr/lib/libPocoNet.so.* --- poco-1.3.6p1.orig/debian/libpoconetssl9-dbg.install +++ poco-1.3.6p1/debian/libpoconetssl9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoNetSSLd.so.* --- poco-1.3.6p1.orig/debian/libpoconetssl9.install +++ poco-1.3.6p1/debian/libpoconetssl9.install @@ -0,0 +1 @@ +usr/lib/libPocoNetSSL.so.* --- poco-1.3.6p1.orig/debian/libpocoodbc9-dbg.install +++ poco-1.3.6p1/debian/libpocoodbc9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoODBCd.so.* --- poco-1.3.6p1.orig/debian/libpocoodbc9.install +++ poco-1.3.6p1/debian/libpocoodbc9.install @@ -0,0 +1 @@ +usr/lib/libPocoODBC.so.* --- poco-1.3.6p1.orig/debian/libpocosqlite9-dbg.install +++ poco-1.3.6p1/debian/libpocosqlite9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoSQLited.so.* --- poco-1.3.6p1.orig/debian/libpocosqlite9.install +++ poco-1.3.6p1/debian/libpocosqlite9.install @@ -0,0 +1 @@ +usr/lib/libPocoSQLite.so.* --- poco-1.3.6p1.orig/debian/libpocoutil9-dbg.install +++ poco-1.3.6p1/debian/libpocoutil9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoUtild.so.* --- poco-1.3.6p1.orig/debian/libpocoutil9.install +++ poco-1.3.6p1/debian/libpocoutil9.install @@ -0,0 +1 @@ +usr/lib/libPocoUtil.so.* --- poco-1.3.6p1.orig/debian/libpocoxml9-dbg.install +++ poco-1.3.6p1/debian/libpocoxml9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoXMLd.so.* --- poco-1.3.6p1.orig/debian/libpocoxml9.install +++ poco-1.3.6p1/debian/libpocoxml9.install @@ -0,0 +1 @@ +usr/lib/libPocoXML.so.* --- poco-1.3.6p1.orig/debian/libpocozip9-dbg.install +++ poco-1.3.6p1/debian/libpocozip9-dbg.install @@ -0,0 +1 @@ +usr/lib/libPocoZipd.so.* --- poco-1.3.6p1.orig/debian/libpocozip9.install +++ poco-1.3.6p1/debian/libpocozip9.install @@ -0,0 +1 @@ +usr/lib/libPocoZip.so.* --- poco-1.3.6p1.orig/debian/patches/00list +++ poco-1.3.6p1/debian/patches/00list @@ -0,0 +1,8 @@ +10_disable-rpath.dpatch +20_ftbfs_gcc47.dpatch +30_fix_odbc_makefile.dpatch +40_fix_kfreebsd_ftbfs.dpatch +50_fix_mipsel_endianness.dpatch +60_no_link_dl_rt.dpatch +70_fix_CVE-2014-0350.dpatch +80_zip_vulnerability.dpatch --- poco-1.3.6p1.orig/debian/patches/10_disable-rpath.dpatch +++ poco-1.3.6p1/debian/patches/10_disable-rpath.dpatch @@ -0,0 +1,126 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10_disable-rpath.dpatch by Krzysztof Burghardt +## +## DP: Disables use of RPATH. + +@DPATCH@ +diff -urNad poco-1.3.5~/build/config/ARM-Linux poco-1.3.5/build/config/ARM-Linux +--- poco-1.3.5~/build/config/ARM-Linux 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/ARM-Linux 2009-05-23 16:33:20.189721725 +0200 +@@ -58,7 +58,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fPIC + SHAREDOPT_CXX = -fPIC +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g +diff -urNad poco-1.3.5~/build/config/CygLinux poco-1.3.5/build/config/CygLinux +--- poco-1.3.5~/build/config/CygLinux 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/CygLinux 2009-05-23 16:33:20.189721725 +0200 +@@ -55,7 +55,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fPIC + SHAREDOPT_CXX = -fPIC +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g +diff -urNad poco-1.3.5~/build/config/DigiEL poco-1.3.5/build/config/DigiEL +--- poco-1.3.5~/build/config/DigiEL 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/DigiEL 2009-05-23 16:33:20.189721725 +0200 +@@ -54,7 +54,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fPIC + SHAREDOPT_CXX = -fPIC +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g +diff -urNad poco-1.3.5~/build/config/FreeBSD poco-1.3.5/build/config/FreeBSD +--- poco-1.3.5~/build/config/FreeBSD 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/FreeBSD 2009-05-23 16:33:20.193721046 +0200 +@@ -52,7 +52,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fPIC + SHAREDOPT_CXX = -fPIC +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g +diff -urNad poco-1.3.5~/build/config/GCCEMBEDLINUX poco-1.3.5/build/config/GCCEMBEDLINUX +--- poco-1.3.5~/build/config/GCCEMBEDLINUX 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/GCCEMBEDLINUX 2009-05-23 16:33:20.193721046 +0200 +@@ -55,7 +55,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fPIC + SHAREDOPT_CXX = -fPIC +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g +diff -urNad poco-1.3.5~/build/config/Linux poco-1.3.5/build/config/Linux +--- poco-1.3.5~/build/config/Linux 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/Linux 2009-05-23 16:33:20.193721046 +0200 +@@ -52,7 +52,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fPIC + SHAREDOPT_CXX = -fPIC +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g +diff -urNad poco-1.3.5~/build/config/PPC-Linux poco-1.3.5/build/config/PPC-Linux +--- poco-1.3.5~/build/config/PPC-Linux 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/PPC-Linux 2009-05-23 16:33:20.193721046 +0200 +@@ -54,7 +54,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fPIC + SHAREDOPT_CXX = -fPIC +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g +diff -urNad poco-1.3.5~/build/config/QNX poco-1.3.5/build/config/QNX +--- poco-1.3.5~/build/config/QNX 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/QNX 2009-05-23 16:33:20.193721046 +0200 +@@ -52,7 +52,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fpic + SHAREDOPT_CXX = -fpic +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g +diff -urNad poco-1.3.5~/build/config/SSV-LINUX poco-1.3.5/build/config/SSV-LINUX +--- poco-1.3.5~/build/config/SSV-LINUX 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/SSV-LINUX 2009-05-23 16:33:20.193721046 +0200 +@@ -55,7 +55,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fPIC + SHAREDOPT_CXX = -fPIC +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g +diff -urNad poco-1.3.5~/build/config/SunOS-GCC poco-1.3.5/build/config/SunOS-GCC +--- poco-1.3.5~/build/config/SunOS-GCC 2009-05-12 20:22:09.000000000 +0200 ++++ poco-1.3.5/build/config/SunOS-GCC 2009-05-23 16:34:31.841717510 +0200 +@@ -52,7 +52,7 @@ + STATICOPT_LINK = -static + SHAREDOPT_CC = -fPIC + SHAREDOPT_CXX = -fPIC +-SHAREDOPT_LINK = -Wl,-rpath,$(LIBPATH) ++SHAREDOPT_LINK = + DEBUGOPT_CC = -g -D_DEBUG + DEBUGOPT_CXX = -g -D_DEBUG + DEBUGOPT_LINK = -g --- poco-1.3.6p1.orig/debian/patches/20_ftbfs_gcc47.dpatch +++ poco-1.3.6p1/debian/patches/20_ftbfs_gcc47.dpatch @@ -0,0 +1,63 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 20_ftbfs_gcc47.dpatch by Cristian Greco +## +## DP: Fix FTBFS with gcc-4.7. + +@DPATCH@ +diff -urNad poco-1.3.6p1~/Foundation/include/Poco/String.h poco-1.3.6p1/Foundation/include/Poco/String.h +--- poco-1.3.6p1~/Foundation/include/Poco/String.h 2009-12-21 19:14:59.000000000 +0100 ++++ poco-1.3.6p1/Foundation/include/Poco/String.h 2012-07-26 20:10:15.000000000 +0200 +@@ -431,26 +431,6 @@ + + + template +-S replace(const S& str, const S& from, const S& to, typename S::size_type start = 0) +- /// Replace all occurences of from (which must not be the empty string) +- /// in str with to, starting at position start. +-{ +- S result(str); +- replaceInPlace(result, from, to, start); +- return result; +-} +- +- +-template +-S replace(const S& str, const typename S::value_type* from, const typename S::value_type* to, typename S::size_type start = 0) +-{ +- S result(str); +- replaceInPlace(result, from, to, start); +- return result; +-} +- +- +-template + S& replaceInPlace(S& str, const S& from, const S& to, typename S::size_type start = 0) + { + poco_assert (from.size() > 0); +@@ -501,6 +481,26 @@ + } + + ++template ++S replace(const S& str, const S& from, const S& to, typename S::size_type start = 0) ++ /// Replace all occurences of from (which must not be the empty string) ++ /// in str with to, starting at position start. ++{ ++ S result(str); ++ replaceInPlace(result, from, to, start); ++ return result; ++} ++ ++ ++template ++S replace(const S& str, const typename S::value_type* from, const typename S::value_type* to, typename S::size_type start = 0) ++{ ++ S result(str); ++ replaceInPlace(result, from, to, start); ++ return result; ++} ++ ++ + #else + + --- poco-1.3.6p1.orig/debian/patches/30_fix_odbc_makefile.dpatch +++ poco-1.3.6p1/debian/patches/30_fix_odbc_makefile.dpatch @@ -0,0 +1,32 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 30_fix_odbc_makefile.dpatch by Cristian Greco +## +## DP: Use multiarch tuple when detecting odbc library path. + +@DPATCH@ +diff -urNad poco-1.3.6p1~/Data/ODBC/Makefile poco-1.3.6p1/Data/ODBC/Makefile +--- poco-1.3.6p1~/Data/ODBC/Makefile 2009-12-21 19:15:03.000000000 +0100 ++++ poco-1.3.6p1/Data/ODBC/Makefile 2012-07-26 20:16:23.000000000 +0200 +@@ -9,7 +9,8 @@ + include $(POCO_BASE)/build/rules/global + + # adjust for the target system (usually '/usr/lib' or '/usr/local/lib') +-ODBCLIBDIR = /usr/lib ++MULTIARCH_TUPLE = $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) ++ODBCLIBDIR = /usr/lib/$(MULTIARCH_TUPLE) + + INCLUDE += -I/usr/local/include -I/usr/include -I/usr/include/odbc -I/usr/local/include/odbc + SYSLIBS += -L/usr/local/lib/odbc -L/usr/lib/odbc -L/usr/lib -L/usr/local/lib +diff -urNad poco-1.3.6p1~/Data/ODBC/testsuite/Makefile poco-1.3.6p1/Data/ODBC/testsuite/Makefile +--- poco-1.3.6p1~/Data/ODBC/testsuite/Makefile 2009-12-21 19:15:03.000000000 +0100 ++++ poco-1.3.6p1/Data/ODBC/testsuite/Makefile 2012-07-26 20:16:52.000000000 +0200 +@@ -9,7 +9,8 @@ + include $(POCO_BASE)/build/rules/global + + # adjust for the target system (usually '/usr/lib' or '/usr/local/lib') +-ODBCLIBDIR = /usr/lib ++MULTIARCH_TUPLE = $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) ++ODBCLIBDIR = /usr/lib/$(MULTIARCH_TUPLE) + + INCLUDE += -I/usr/local/include -I/usr/include -I/usr/include/odbc -I/usr/local/include/odbc + SYSLIBS += -L/usr/local/lib/odbc -L/usr/lib/odbc -L/usr/lib -L/usr/local/lib --- poco-1.3.6p1.orig/debian/patches/40_fix_kfreebsd_ftbfs.dpatch +++ poco-1.3.6p1/debian/patches/40_fix_kfreebsd_ftbfs.dpatch @@ -0,0 +1,42 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 40_fix_kfreebsd_ftbfs.dpatch by Cristian Greco +## +## DP: Fix FTBFS on GNU/kFreeBSD. + +@DPATCH@ +diff -urNad poco-1.3.6p1~/Foundation/include/Poco/Platform.h poco-1.3.6p1/Foundation/include/Poco/Platform.h +--- poco-1.3.6p1~/Foundation/include/Poco/Platform.h 2012-07-26 20:55:58.000000000 +0200 ++++ poco-1.3.6p1/Foundation/include/Poco/Platform.h 2012-07-26 21:00:51.000000000 +0200 +@@ -65,7 +65,7 @@ + #define POCO_OS_VMS 0x2001 + + +-#if defined(__FreeBSD__) ++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) + #define POCO_OS_FAMILY_UNIX 1 + #define POCO_OS_FAMILY_BSD 1 + #define POCO_OS POCO_OS_FREE_BSD +diff -urNad poco-1.3.6p1~/Foundation/src/NamedEvent_UNIX.cpp poco-1.3.6p1/Foundation/src/NamedEvent_UNIX.cpp +--- poco-1.3.6p1~/Foundation/src/NamedEvent_UNIX.cpp 2012-07-26 20:55:58.000000000 +0200 ++++ poco-1.3.6p1/Foundation/src/NamedEvent_UNIX.cpp 2012-07-26 21:01:15.000000000 +0200 +@@ -52,7 +52,7 @@ + namespace Poco { + + +-#if defined(linux) || defined(__CYGWIN__) ++#if defined(linux) || defined(__CYGWIN__) || (POCO_OS == POCO_OS_FREE_BSD) + union semun + { + int val; +diff -urNad poco-1.3.6p1~/Foundation/src/NamedMutex_UNIX.cpp poco-1.3.6p1/Foundation/src/NamedMutex_UNIX.cpp +--- poco-1.3.6p1~/Foundation/src/NamedMutex_UNIX.cpp 2012-07-26 20:55:58.000000000 +0200 ++++ poco-1.3.6p1/Foundation/src/NamedMutex_UNIX.cpp 2012-07-26 21:01:41.000000000 +0200 +@@ -52,7 +52,7 @@ + namespace Poco { + + +-#if defined(linux) || defined(__CYGWIN__) ++#if defined(linux) || defined(__CYGWIN__) || (POCO_OS == POCO_OS_FREE_BSD) + union semun + { + int val; --- poco-1.3.6p1.orig/debian/patches/50_fix_mipsel_endianness.dpatch +++ poco-1.3.6p1/debian/patches/50_fix_mipsel_endianness.dpatch @@ -0,0 +1,22 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 50_fix_mipsel_endianness.dpatch by Cristian Greco +## +## DP: Correctly detect mipsel architecture. + +@DPATCH@ +diff -urNad poco-1.3.6p1~/Foundation/include/Poco/Platform.h poco-1.3.6p1/Foundation/include/Poco/Platform.h +--- poco-1.3.6p1~/Foundation/include/Poco/Platform.h 2012-07-26 20:55:58.000000000 +0200 ++++ poco-1.3.6p1/Foundation/include/Poco/Platform.h 2012-07-26 21:06:48.000000000 +0200 +@@ -156,7 +156,11 @@ + #define POCO_ARCH_LITTLE_ENDIAN 1 + #elif defined(__mips__) || defined(__mips) || defined(__MIPS__) || defined(_M_MRX000) + #define POCO_ARCH POCO_ARCH_MIPS +- #define POCO_ARCH_BIG_ENDIAN 1 ++ #if defined(__MIPSEB__) ++ #define POCO_ARCH_BIG_ENDIAN 1 ++ #else ++ #define POCO_ARCH_LITTLE_ENDIAN 1 ++ #endif + #elif defined(__hppa) || defined(__hppa__) + #define POCO_ARCH POCO_ARCH_HPPA + #define POCO_ARCH_BIG_ENDIAN 1 --- poco-1.3.6p1.orig/debian/patches/60_no_link_dl_rt.dpatch +++ poco-1.3.6p1/debian/patches/60_no_link_dl_rt.dpatch @@ -0,0 +1,29 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 60_no_link_dl_rt.dpatch by Cristian Greco +## +## DP: Link only Foundation library against -ldl and -lrt on Linux and FreeBSD. + +@DPATCH@ +diff -urNad poco-1.3.6p1~/Foundation/Makefile poco-1.3.6p1/Foundation/Makefile +--- poco-1.3.6p1~/Foundation/Makefile 2012-07-26 20:55:58.000000000 +0200 ++++ poco-1.3.6p1/Foundation/Makefile 2012-07-27 23:04:00.000000000 +0200 +@@ -55,6 +55,10 @@ + objects += SyslogChannel + endif + ++ifneq ($(or $(findstring Linux, $(POCO_CONFIG)), $(findstring FreeBSD, $(POCO_CONFIG))), ) ++ SYSLIBS += -ldl -lrt ++endif ++ + target = PocoFoundation + target_version = $(LIBVERSION) + target_libs = +diff -urNad poco-1.3.6p1~/build/config/Linux poco-1.3.6p1/build/config/Linux +--- poco-1.3.6p1~/build/config/Linux 2012-07-26 20:55:59.000000000 +0200 ++++ poco-1.3.6p1/build/config/Linux 2012-07-27 23:03:21.000000000 +0200 +@@ -68,4 +68,4 @@ + # + # System Specific Libraries + # +-SYSLIBS = -lpthread -ldl -lrt ++SYSLIBS = -lpthread --- poco-1.3.6p1.orig/debian/patches/70_fix_CVE-2014-0350.dpatch +++ poco-1.3.6p1/debian/patches/70_fix_CVE-2014-0350.dpatch @@ -0,0 +1,115 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 70_fix_CVE-2014-0350.dpatch by Maxime Chatelle +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Backported fix against CVE-2014-0350 + +@DPATCH@ + +--- poco-1.3.6p1-4/NetSSL_OpenSSL/src/X509Certificate.cpp 2009-12-21 19:15:02.000000000 +0100 ++++ poco-1.3.6p1-5/NetSSL_OpenSSL/src/X509Certificate.cpp 2014-11-18 11:41:26.033979022 +0100 +@@ -48,6 +48,21 @@ + #include + #include + ++static bool matchWildcard(const std::string& wildcard, const std::string& hostName) ++{ ++ // fix wildcards ++ std::string wildcardExpr("^"); ++ wildcardExpr += Poco::replace(wildcard, ".", "\\."); ++ Poco::replaceInPlace(wildcardExpr, "*", ".*"); ++ Poco::replaceInPlace(wildcardExpr, "..*", ".*"); ++ Poco::replaceInPlace(wildcardExpr, "?", ".?"); ++ Poco::replaceInPlace(wildcardExpr, "..?", ".?"); ++ wildcardExpr += "$"; ++ ++ Poco::RegularExpression expr(wildcardExpr, Poco::RegularExpression::RE_CASELESS); ++ return expr.match(hostName); ++} ++ + + namespace Poco { + namespace Net { +@@ -107,51 +122,47 @@ + std::string commonName; + std::set dnsNames; + certificate.extractNames(commonName, dnsNames); ++ if (!commonName.empty()) dnsNames.insert(commonName); + bool ok = (dnsNames.find(hostName) != dnsNames.end()); +- +- char buffer[NAME_BUFFER_SIZE]; +- X509_NAME* subj = 0; +- if (!ok && (subj = X509_get_subject_name(const_cast(certificate.certificate()))) && X509_NAME_get_text_by_NID(subj, NID_commonName, buffer, sizeof(buffer)) > 0) ++ if (!ok) + { +- buffer[NAME_BUFFER_SIZE - 1] = 0; +- std::string commonName(buffer); // commonName can contain wildcards like *.appinf.com +- try ++ for (std::set::const_iterator it = dnsNames.begin(); !ok && it != dnsNames.end(); ++it) + { +- // two cases: strData contains wildcards or not +- if (containsWildcards(commonName)) ++ try + { +- // a compare by IPAddress is not possible with wildcards +- // only allow compare by name +- const HostEntry& heData = DNS::resolve(hostName); +- ok = matchByAlias(commonName, heData); +- } +- else +- { +- // it depends on hostName if we compare by IP or by alias +- IPAddress ip; +- if (IPAddress::tryParse(hostName, ip)) ++ // two cases: strData contains wildcards or not ++ if (containsWildcards(*it)) + { +- // compare by IP +- const HostEntry& heData = DNS::resolve(commonName); +- const HostEntry::AddressList& addr = heData.addresses(); +- HostEntry::AddressList::const_iterator it = addr.begin(); +- HostEntry::AddressList::const_iterator itEnd = addr.end(); +- for (; it != itEnd && !ok; ++it) +- { +- ok = (*it == ip); +- } ++ // a compare by IPAddress is not possible with wildcards ++ // only allow compare by name ++ ok = matchWildcard(*it, hostName); + } + else + { +- // compare by name +- const HostEntry& heData = DNS::resolve(hostName); +- ok = matchByAlias(commonName, heData); ++ // it depends on hostName if we compare by IP or by alias ++ IPAddress ip; ++ if (IPAddress::tryParse(hostName, ip)) ++ { ++ // compare by IP ++ const HostEntry& heData = DNS::resolve(*it); ++ const HostEntry::AddressList& addr = heData.addresses(); ++ HostEntry::AddressList::const_iterator it = addr.begin(); ++ HostEntry::AddressList::const_iterator itEnd = addr.end(); ++ for (; it != itEnd && !ok; ++it) ++ { ++ ok = (*it == ip); ++ } ++ } ++ else ++ { ++ ok = Poco::icompare(*it, hostName) == 0; ++ } + } + } +- } +- catch (HostNotFoundException&) +- { +- return X509_V_ERR_APPLICATION_VERIFICATION; ++ catch (HostNotFoundException&) ++ { ++ return X509_V_ERR_APPLICATION_VERIFICATION; ++ } + } + } + --- poco-1.3.6p1.orig/debian/patches/80_zip_vulnerability.dpatch +++ poco-1.3.6p1/debian/patches/80_zip_vulnerability.dpatch @@ -0,0 +1,360 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 80_zip_vulnerability.dpatch by Guenter Obiltschnig +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: merge zip entry absolute path vulnerability fix (#1968) from develop + +@DPATCH@ +diff --git a/Zip/include/Poco/Zip/ZipCommon.h b/Zip/include/Poco/Zip/ZipCommon.h +index 5aeccc4..f030a0e 100644 +--- a/Zip/include/Poco/Zip/ZipCommon.h ++++ b/Zip/include/Poco/Zip/ZipCommon.h +@@ -110,6 +110,10 @@ public: + }; + + static const std::string ILLEGAL_PATH; ++ ++ static bool isValidPath(const std::string& path); ++ /// Checks whether the given path is valid (does ++ /// not contain ".." path segments). + }; + + +diff --git a/Zip/src/Compress.cpp b/Zip/src/Compress.cpp +index afc972b..86f8575 100644 +--- a/Zip/src/Compress.cpp ++++ b/Zip/src/Compress.cpp +@@ -200,8 +200,8 @@ void Compress::addDirectory(const Poco::Path& entryName, const Poco::DateTime& l + throw ZipException("Illegal entry name /"); + if (fileStr.empty()) + throw ZipException("Illegal empty entry name"); +- if (fileStr.find(ZipCommon::ILLEGAL_PATH) != std::string::npos) +- throw ZipException("Illegal entry name " + fileStr + " containing " + ZipCommon::ILLEGAL_PATH); ++ if (!ZipCommon::isValidPath(fileStr)) ++ throw ZipException("Illegal entry name " + fileStr + " containing parent directory reference"); + + if (entryName.depth() > 1) + { +diff --git a/Zip/src/Decompress.cpp b/Zip/src/Decompress.cpp +index b711fb0..903c198 100644 +--- a/Zip/src/Decompress.cpp ++++ b/Zip/src/Decompress.cpp +@@ -94,8 +94,8 @@ bool Decompress::handleZipEntry(std::istream& zipStream, const ZipLocalFileHeade + if (!_flattenDirs) + { + std::string dirName = hdr.getFileName(); +- if (dirName.find(ZipCommon::ILLEGAL_PATH) != std::string::npos) +- throw ZipException("Illegal entry name " + dirName + " containing " + ZipCommon::ILLEGAL_PATH); ++ if (!ZipCommon::isValidPath(dirName)) ++ throw ZipException("Illegal entry name", dirName); + Poco::Path dir(_outDir, dirName); + dir.makeDirectory(); + Poco::File aFile(dir); +@@ -114,8 +114,8 @@ bool Decompress::handleZipEntry(std::istream& zipStream, const ZipLocalFileHeade + fileName = p.getFileName(); + } + +- if (fileName.find(ZipCommon::ILLEGAL_PATH) != std::string::npos) +- throw ZipException("Illegal entry name " + fileName + " containing " + ZipCommon::ILLEGAL_PATH); ++ if (!ZipCommon::isValidPath(fileName)) ++ throw ZipException("Illegal entry name", fileName); + + Poco::Path file(fileName); + file.makeFile(); +diff --git a/Zip/src/ZipCommon.cpp b/Zip/src/ZipCommon.cpp +index 7771726..10d5902 100644 +--- a/Zip/src/ZipCommon.cpp ++++ b/Zip/src/ZipCommon.cpp +@@ -35,6 +35,7 @@ + + + #include "Poco/Zip/ZipCommon.h" ++#include "Poco/Path.h" + + + namespace Poco { +@@ -43,5 +44,37 @@ namespace Zip { + + const std::string ZipCommon::ILLEGAL_PATH(".."); + ++bool ZipCommon::isValidPath(const std::string& path) ++{ ++ try ++ { ++ if (Path(path, Path::PATH_UNIX).isAbsolute() || Path(path, Path::PATH_WINDOWS).isAbsolute()) ++ return false; ++ } ++ catch (...) ++ { ++ return false; ++ } ++ ++ if (path == "..") ++ return false; ++ if ((path.size() >= 3) && path.compare(0, 3, "../") == 0) ++ return false; ++ if ((path.size() >= 3) && path.compare(0, 3, "..\\") == 0) ++ return false; ++ if (path.find("/../") != std::string::npos) ++ return false; ++ if (path.find("\\..\\") != std::string::npos) ++ return false; ++ if (path.find("/..\\") != std::string::npos) ++ return false; ++ if (path.find("\\../") != std::string::npos) ++ return false; ++ if ((path.size() >= 2) && path.compare(0, 2, "~/") == 0) ++ return false; ++ ++ return true; ++} ++ + + } } // namespace Poco::Zip +diff --git a/Zip/src/ZipUtil.cpp b/Zip/src/ZipUtil.cpp +index 7199ebb..9657ef2 100644 +--- a/Zip/src/ZipUtil.cpp ++++ b/Zip/src/ZipUtil.cpp +@@ -196,8 +196,8 @@ void ZipUtil::verifyZipEntryFileName(const std::string& fn) + throw ZipException("Illegal entry name /"); + if (fn.empty()) + throw ZipException("Illegal empty entry name"); +- if (fn.find(ZipCommon::ILLEGAL_PATH) != std::string::npos) +- throw ZipException("Illegal entry name " + fn + " containing " + ZipCommon::ILLEGAL_PATH); ++ if (!ZipCommon::isValidPath(fn)) ++ throw ZipException("Illegal entry name " + fn + " containing parent directory reference"); + } + + +diff --git a/Zip/testsuite/src/CompressTest.cpp b/Zip/testsuite/src/CompressTest.cpp +index 4418fcd..467be64 100644 +--- a/Zip/testsuite/src/CompressTest.cpp ++++ b/Zip/testsuite/src/CompressTest.cpp +@@ -56,7 +56,7 @@ CompressTest::~CompressTest() + + void CompressTest::testSingleFile() + { +- std::ofstream out("appinf.zip", std::ios::binary); ++ std::ofstream out((Poco::Path::temp() + "appinf.zip").c_str(), std::ios::binary); + Poco::Path theFile(ZipTest::getTestFile("test.zip")); + Compress c(out, true); + c.addFile(theFile, theFile.getFileName()); +@@ -66,10 +66,9 @@ void CompressTest::testSingleFile() + + void CompressTest::testDirectory() + { +- std::ofstream out("pocobin.zip", std::ios::binary); ++ std::ofstream out((Poco::Path::temp() + "pocobin.zip").c_str(), std::ios::binary); + Poco::File aFile("some/"); +- if (aFile.exists()) +- aFile.remove(true); ++ if (aFile.exists()) aFile.remove(true); + Poco::File aDir("some/recursive/dir/"); + aDir.createDirectories(); + Poco::File aDir2("some/other/recursive/dir/"); +@@ -85,19 +84,20 @@ void CompressTest::testDirectory() + Compress c(out, true); + c.addRecursive(theFile, ZipCommon::CL_MAXIMUM, false, theFile); + ZipArchive a(c.close()); ++ Poco::File(aFile).remove(true); + } + + + void CompressTest::testManipulator() + { + { +- std::ofstream out("appinf.zip", std::ios::binary); ++ std::ofstream out((Poco::Path::temp() + "appinf.zip").c_str(), std::ios::binary); + Poco::Path theFile(ZipTest::getTestFile("test.zip")); + Compress c(out, true); + c.addFile(theFile, theFile.getFileName()); + ZipArchive a(c.close()); + } +- ZipManipulator zm("appinf.zip", true); ++ ZipManipulator zm(Poco::Path::temp() + "appinf.zip", true); + zm.renameFile("test.zip", "renamedtest.zip"); + zm.addFile("doc/othertest.zip", ZipTest::getTestFile("test.zip")); + ZipArchive archive=zm.commit(); +@@ -108,13 +108,13 @@ void CompressTest::testManipulator() + void CompressTest::testManipulatorDel() + { + { +- std::ofstream out("appinf.zip", std::ios::binary); ++ std::ofstream out((Poco::Path::temp() + "appinf.zip").c_str(), std::ios::binary); + Poco::Path theFile(ZipTest::getTestFile("test.zip")); + Compress c(out, true); + c.addFile(theFile, theFile.getFileName()); + ZipArchive a(c.close()); + } +- ZipManipulator zm("appinf.zip", true); ++ ZipManipulator zm(Poco::Path::temp() + "appinf.zip", true); + zm.deleteFile("test.zip"); + zm.addFile("doc/data.zip", ZipTest::getTestFile("data.zip")); + ZipArchive archive=zm.commit(); +@@ -126,13 +126,13 @@ void CompressTest::testManipulatorDel() + void CompressTest::testManipulatorReplace() + { + { +- std::ofstream out("appinf.zip", std::ios::binary); ++ std::ofstream out((Poco::Path::temp() + "appinf.zip").c_str(), std::ios::binary); + Poco::Path theFile(ZipTest::getTestFile("test.zip")); + Compress c(out, true); + c.addFile(theFile, theFile.getFileName()); + ZipArchive a(c.close()); + } +- ZipManipulator zm("appinf.zip", true); ++ ZipManipulator zm(Poco::Path::temp() + "appinf.zip", true); + zm.replaceFile("test.zip", ZipTest::getTestFile("doc.zip")); + + ZipArchive archive=zm.commit(); +@@ -144,7 +144,7 @@ void CompressTest::testManipulatorReplace() + void CompressTest::testSetZipComment() + { + std::string comment("Testing...123..."); +- std::ofstream out("comment.zip", std::ios::binary); ++ std::ofstream out((Poco::Path::temp() + "comment.zip").c_str(), std::ios::binary); + Poco::Path theFile(ZipTest::getTestFile("test.zip")); + Compress c(out, true); + c.addFile(theFile, theFile.getFileName()); +diff --git a/Zip/testsuite/src/ZipTest.cpp b/Zip/testsuite/src/ZipTest.cpp +index fd35be5..66fe103 100644 +--- a/Zip/testsuite/src/ZipTest.cpp ++++ b/Zip/testsuite/src/ZipTest.cpp +@@ -104,7 +104,7 @@ void ZipTest::testCrcAndSizeAfterData() + std::string testFile = getTestFile("data.zip"); + std::ifstream inp(testFile.c_str(), std::ios::binary); + assert (inp.good()); +- Decompress dec(inp, Poco::Path()); ++ Decompress dec(inp, Poco::Path::temp()); + dec.EError += Poco::Delegate >(this, &ZipTest::onDecompressError); + dec.decompressAllFiles(); + dec.EError -= Poco::Delegate >(this, &ZipTest::onDecompressError); +@@ -128,7 +128,7 @@ void ZipTest::testCrcAndSizeAfterDataWithArchive() + Poco::Path path(it->second.getFileName()); + if (path.isFile()) + { +- std::ofstream os("test.dat"); ++ std::ofstream os((Poco::Path::temp() + "test.dat").c_str()); + Poco::StreamCopier::copyStream(zipis,os); + } + } +@@ -161,7 +161,7 @@ void ZipTest::testDecompress() + std::string testFile = getTestFile("test.zip"); + std::ifstream inp(testFile.c_str(), std::ios::binary); + assert (inp.good()); +- Decompress dec(inp, Poco::Path()); ++ Decompress dec(inp, Poco::Path::temp()); + dec.EError += Poco::Delegate >(this, &ZipTest::onDecompressError); + dec.decompressAllFiles(); + dec.EError -= Poco::Delegate >(this, &ZipTest::onDecompressError); +@@ -175,7 +175,7 @@ void ZipTest::testDecompressFlat() + std::string testFile = getTestFile("test.zip"); + std::ifstream inp(testFile.c_str(), std::ios::binary); + assert (inp.good()); +- Decompress dec(inp, Poco::Path(), true); ++ Decompress dec(inp, Poco::Path::temp(), true); + dec.EError += Poco::Delegate >(this, &ZipTest::onDecompressError); + dec.decompressAllFiles(); + dec.EError -= Poco::Delegate >(this, &ZipTest::onDecompressError); +@@ -184,6 +184,71 @@ void ZipTest::testDecompressFlat() + } + + ++void ZipTest::testDecompressVuln() ++{ ++ std::string testFile = getTestFile("vuln.zip"); ++ std::ifstream inp(testFile.c_str(), std::ios::binary); ++ assert(inp.good()); ++ Decompress dec(inp, Poco::Path::temp()); ++ dec.EError += Poco::Delegate >(this, &ZipTest::onDecompressError); ++ dec.decompressAllFiles(); ++ dec.EError -= Poco::Delegate >(this, &ZipTest::onDecompressError); ++ assert (_errCnt == 1); ++ assert (dec.mapping().empty()); ++} ++ ++ ++void ZipTest::testDecompressFlatVuln() ++{ ++ std::string testFile = getTestFile("vuln.zip"); ++ std::ifstream inp(testFile.c_str(), std::ios::binary); ++ assert(inp.good()); ++ Decompress dec(inp, Poco::Path::temp(), true); ++ dec.EError += Poco::Delegate >(this, &ZipTest::onDecompressError); ++ dec.decompressAllFiles(); ++ dec.EError -= Poco::Delegate >(this, &ZipTest::onDecompressError); ++ assert (_errCnt == 0); ++ assert (!dec.mapping().empty()); ++} ++ ++ ++void ZipTest::testValidPath() ++{ ++ assert (ZipCommon::isValidPath(".")); ++ assert (ZipCommon::isValidPath("file.txt")); ++ assert (ZipCommon::isValidPath(".file.txt")); ++ assert (ZipCommon::isValidPath("..file.txt")); ++ assert (ZipCommon::isValidPath("file.txt..")); ++ assert (ZipCommon::isValidPath(".file..txt")); ++ assert (ZipCommon::isValidPath("~file..txt")); ++ assert (ZipCommon::isValidPath("~file/~")); ++ assert (ZipCommon::isValidPath("dir/~")); ++ assert (ZipCommon::isValidPath("some")); ++ assert (ZipCommon::isValidPath("some/dir")); ++ assert (ZipCommon::isValidPath("some/dir/or/another")); ++ assert (ZipCommon::isValidPath("some/dir/./another")); ++ assert (ZipCommon::isValidPath("some/dir/or/another/file.txt")); ++ assert (ZipCommon::isValidPath("s~me\\d.r\\.or..\\an..her\\file.txt")); ++ assert (ZipCommon::isValidPath("some\\dir\\or\\another")); ++ assert (ZipCommon::isValidPath("some\\dir\\or\\another\\file.txt")); ++ assert (ZipCommon::isValidPath("s~me\\d.r/.or..\\an..her\\file.txt")); ++ ++ assert (!ZipCommon::isValidPath("/../")); ++ assert (!ZipCommon::isValidPath("/")); ++ assert (!ZipCommon::isValidPath("\\..\\")); ++ assert (!ZipCommon::isValidPath("/..\\")); ++ assert (!ZipCommon::isValidPath("\\../")); ++ assert (!ZipCommon::isValidPath("..")); ++ assert (!ZipCommon::isValidPath("~/")); ++ assert (!ZipCommon::isValidPath("~/~")); ++ assert (!ZipCommon::isValidPath("/~")); ++ assert (!ZipCommon::isValidPath("/file.txt")); ++ assert (!ZipCommon::isValidPath("~/file.txt")); ++ assert (!ZipCommon::isValidPath("some/dir/or/../another/file.txt")); ++ assert (!ZipCommon::isValidPath("C:\\Windows\\system32")); ++} ++ ++ + void ZipTest::onDecompressError(const void* pSender, std::pair& info) + { + ++_errCnt; +@@ -209,7 +274,10 @@ CppUnit::Test* ZipTest::suite() + CppUnit_addTest(pSuite, ZipTest, testDecompressSingleFile); + CppUnit_addTest(pSuite, ZipTest, testDecompress); + CppUnit_addTest(pSuite, ZipTest, testDecompressFlat); ++ CppUnit_addTest(pSuite, ZipTest, testDecompressVuln); ++ CppUnit_addTest(pSuite, ZipTest, testDecompressFlatVuln); + CppUnit_addTest(pSuite, ZipTest, testCrcAndSizeAfterData); + CppUnit_addTest(pSuite, ZipTest, testCrcAndSizeAfterDataWithArchive); ++ CppUnit_addTest(pSuite, ZipTest, testValidPath); + return pSuite; + } +diff --git a/Zip/testsuite/src/ZipTest.h b/Zip/testsuite/src/ZipTest.h +index be76828..43ffc12 100644 +--- a/Zip/testsuite/src/ZipTest.h ++++ b/Zip/testsuite/src/ZipTest.h +@@ -50,10 +50,12 @@ public: + void testSkipSingleFile(); + void testDecompressSingleFile(); + void testDecompress(); ++ void testDecompressFlat(); ++ void testDecompressVuln(); ++ void testDecompressFlatVuln(); + void testCrcAndSizeAfterData(); + void testCrcAndSizeAfterDataWithArchive(); +- +- void testDecompressFlat(); ++ void testValidPath(); + + void setUp(); + void tearDown(); --- poco-1.3.6p1.orig/debian/rules +++ poco-1.3.6p1/debian/rules @@ -0,0 +1,77 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# Include dpatch +include /usr/share/dpatch/dpatch.make + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) + +CONFFLAGS := --prefix=/usr --no-samples --no-tests --unbundled + +ifeq ($(DEB_HOST_ARCH_OS),linux) + CONFFLAGS += --config=Linux +else ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) + CONFFLAGS += --config=FreeBSD +endif + +config.status: patch configure + dh_testdir + ./configure $(CONFFLAGS) + +build: build-stamp +build-stamp: config.status + dh_testdir + mkdir -p libs + $(MAKE) + touch $@ + +clean: clean-patched unpatch +clean-patched: + dh_testdir + dh_testroot + rm -f build-stamp + $(MAKE) distclean + rm -f config.make + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs CHANGELOG + dh_installdocs + dh_install --sourcedir=debian/tmp +# generate lintian overrides for -dbg packages + ( cd debian ; for i in *-dbg/usr/lib/*.so.* ; do override=`echo $$i | sed 's|/usr/lib/|: package-name-doesnt-match-sonames |' | sed 's/\.so\.//'` ; pkg=`echo $$i | sed 's|/usr/.*||'` ; dir=`echo $$pkg/usr/share/lintian/overrides` ; mkdir -p $$dir ; file=$$dir/$$pkg ; echo $$override > $$file ; done ) +# remove Mac OS X related files (.DS_Store and ._.DS_Store) + rm -f debian/libpoco-dev/usr/include/Poco/.DS_Store debian/libpoco-dev/usr/include/Poco/._.DS_Store + dh_link + dh_strip -k + dh_compress + dh_fixperms + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- poco-1.3.6p1.orig/debian/source/format +++ poco-1.3.6p1/debian/source/format @@ -0,0 +1 @@ +1.0 --- poco-1.3.6p1.orig/debian/watch +++ poco-1.3.6p1/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://sf.net/poco/poco-(.*)-all\.tar\.gz