debian/0000755000000000000000000000000012001057652007164 5ustar debian/compat0000644000000000000000000000000211756737661010407 0ustar 8 debian/source/0000755000000000000000000000000011756737661010511 5ustar debian/source/format0000644000000000000000000000001411756737661011717 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000277411756737661011156 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: swfupload Source: http://code.google.com/p/swfupload/ Files: debian/* Copyright: 2012, Christian Welzel License: MIT Files: plugins/swfupload.swfobject.js Copyright: 2007, Geoff Stearns, Michael Williams, and Bobby van der Sluis License: MIT Files: * Copyright: 2006-2007, Lars Huring, Olov Nilzén and Mammon Media 2007-2008, Jake Roberts License: MIT License: MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. debian/watch0000644000000000000000000000063511756737661010246 0ustar version=3 opts="dversionmangle=s/\+ds1//,uversionmangle=s/\%20//g;s/_/\./g;s/v//;s/([\d\.]+)([[:alpha:]]\w+)/\1~\2/;" \ http://code.google.com/p/swfupload/downloads/list?can=1 .*/SWFUpload(?:_|%20)+v(.+)(?:_|%20)[Cc]ore\.(?:zip|tgz|tbz2|txz|tar\.gz|tar\.bz2|tar\.xz) # http://swfupload.googlecode.com/files/SWFUpload_v250_beta_3_core.zip # http://swfupload.googlecode.com/files/SWFUpload%20v2.2.0.1%20Core.zip debian/rules0000755000000000000000000000200111756737661010262 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 PACKAGENAME:=libjs-swfupload VERSION:=$(shell dpkg-parsechangelog | sed -rne 's,^Version: ([^+]+).*,\1,p') ORIG_DIR:=$(PACKAGENAME)_$(VERSION)+ds1 BLANK_DIR:=SWFUpload\ v$(VERSION)\ Core ORIGTAR:=$(PACKAGENAME)_$(VERSION).orig.tar DEBTAR :=$(PACKAGENAME)_$(VERSION)+ds1.orig.tar %: dh $@ clean: dh_testdir dh_testroot dh_clean rm -rf tmp build: dh_testdir mkdir tmp rm -f plugins/SWFObject\ License.txt cd Flash && as3compile -M SWFUpload -T 9 -X 300 -Y 300 -r 15 SWFUpload.as -o ../tmp/swfupload.swf get-orig-source: # get source uscan --no-conf --force-download --rename --repack --download-current-version --destdir=. # unpack and rename mkdir -p _unpack tar -xzf $(ORIGTAR).gz -C _unpack mv _unpack/$(BLANK_DIR) _unpack/$(ORIG_DIR) # remove dfsg non complient files rm -f _unpack/$(ORIG_DIR)/Flash/swfupload.swf # repack tar -cf - -C _unpack $(ORIG_DIR) | gzip -9 - > $(DEBTAR).gz rm -rf _unpack debian/README.source0000644000000000000000000000046111756737661011371 0ustar libjs-swfupload (2.2.0.1+ds1-1) * Use debian/rules get-orig-source to download and repack the source package. * Running debian/rules get-orig-source also removes embedded prebuild swfupload.swf during repacking step. -- Christian Welzel Tue, 22 Feb 2012 18:11:09 +0100 debian/control0000644000000000000000000000213311756737661010613 0ustar Source: libjs-swfupload Section: web Priority: optional Maintainer: Christian Welzel Build-Depends: debhelper (>= 8.0.0), swftools Standards-Version: 3.9.2 Homepage: http://code.google.com/p/swfupload/ Vcs-Git: git://github.com/sir-gawain/debian-swfupload.git Vcs-Browser: https://github.com/sir-gawain/debian-swfupload Package: libjs-swfupload Architecture: all Depends: ${misc:Depends} Description: javascript library to use Flash's upload functionality SWFUpload is a JavaScript Library that wraps the Flash Player's upload function. It brings your uploads to the next level with Multiple File Selection, Upload Progress and Client-side File Size Checking. . Unlike other Flash upload tools, SWFUpload leaves the UI in the developer's hands. Using a set of event handlers developers can display upload progress and status to the user in their own HTML/CSS UI. . Features: * Multiple File Selection * File Upload Progress * Custom Limits for File Size and Number of Uploads * Filter by File Type ie. *.jpg * File Queue * Customize the Browse Control * Flash 10 Support debian/patches/0000755000000000000000000000000012001057652010613 5ustar debian/patches/series0000644000000000000000000000006312001057652012027 0ustar fix-CVE-2012-2399-xss.patch fix-externalcall.patch debian/patches/fix-externalcall.patch0000644000000000000000000000124411756737661015124 0ustar Description: Removing compilation error Using as3compile leads to an error during compilation caused by the inline comment after a regular expression. This patch removes this comment. Author: Christian Welzel Last-Update: 2012-05-17 --- libjs-swfupload.orig/Flash/ExternalCall.as +++ libjs-swfupload/Flash/ExternalCall.as @@ -99,7 +99,7 @@ } private static function EscapeString(message:String):String { - var replacePattern:RegExp = /\\/g; //new RegExp("/\\/", "g"); + var replacePattern:RegExp = /\\/g; return message.replace(replacePattern, "\\\\"); } private static function EscapeArray(message_array:Array):Array { debian/patches/fix-CVE-2012-2399-xss.patch0000644000000000000000000000142112001057666014641 0ustar Subject: Fixes a XSS issue in ExternalCalls. Bug: http://code.google.com/p/swfupload/issues/detail?id=376 Author: Christian Welzel diff -Nurad /dev/shm/libjs-swfupload-2.2.0.1+ds1.orig/Flash/SWFUpload.as libjs-swfupload-2.2.0.1+ds1/Flash/SWFUpload.as --- /dev/shm/libjs-swfupload-2.2.0.1+ds1.orig/Flash/SWFUpload.as 2012-07-16 20:36:44.674932929 +0200 +++ libjs-swfupload-2.2.0.1+ds1/Flash/SWFUpload.as 2012-07-16 20:37:25.000000000 +0200 @@ -232,6 +232,7 @@ // Get the movie name this.movieName = root.loaderInfo.parameters.movieName; + this.movieName = this.movieName.replace(/[^a-zA-Z0-9\_\.\-]/g, ""); // **Configure the callbacks** // The JavaScript tracks all the instances of SWFUpload on a page. We can access the instance debian/dirs0000644000000000000000000000011011756737661010065 0ustar /usr/share/javascript/swfupload /usr/share/javascript/swfupload/plugins debian/docs0000644000000000000000000000005411756737661010063 0ustar Core?Changelog.txt Documentation/index.html debian/install0000644000000000000000000000010711756737661010600 0ustar swfupload.js plugins tmp/swfupload.swf /usr/share/javascript/swfupload debian/changelog0000644000000000000000000000114512001057652011037 0ustar libjs-swfupload (2.2.0.1+ds1-2) unstable; urgency=high * Security fix for XSS in ExternalCall (Closes: 681323) -- Christian Welzel Thu, 12 Jul 2012 14:52:12 +0200 libjs-swfupload (2.2.0.1+ds1-1) unstable; urgency=low * Made +ds1 version of upstream source to remove prebuild swfupload.swf. * Added note about this to README.source. -- Christian Welzel Tue, 22 Feb 2012 18:11:09 +0100 libjs-swfupload (2.2.0.1-1) unstable; urgency=low * Initial release (Closes: #602253, #609110) -- Christian Welzel Tue, 14 Feb 2012 17:11:09 +0100 debian/doc-base0000644000000000000000000000027311756737661010613 0ustar Document: swfupload Title: swfupload Reference Manual Section: Programming Format: HTML Index: /usr/share/doc/libjs-swfupload/index.html Files: /usr/share/doc/libjs-swfupload/index.html