--- libvc-003.dfsg.1.orig/debian/compat +++ libvc-003.dfsg.1/debian/compat @@ -0,0 +1 @@ +7 --- libvc-003.dfsg.1.orig/debian/changelog +++ libvc-003.dfsg.1/debian/changelog @@ -0,0 +1,153 @@ +libvc (003.dfsg.1-12) unstable; urgency=low + + * New maintainer. Closes: #534359 + * Bump Standards-Verstion to 3.8.3 + + -- Tony Palma Wed, 16 Sep 2009 04:28:17 -0500 + +libvc (003.dfsg.1-11) unstable; urgency=low + + * debian/control: + + Bump Standards-Version to 3.8.1 (add needed file + debian/README.source explaining the patch system) + + The package is now maintained with Git at alioth.debian.org. Add + Vcs-Git field and change Vcs-Browser accordingly. + + -- Rafael Laboissiere Mon, 20 Apr 2009 13:03:08 +0200 + +libvc (003.dfsg.1-10) unstable; urgency=low + + * debian/rules: Use debian/clean instead of manually cleaning files + * debian/compat, debian/control: Bump build-dependency on debhelper to + >= 7.0.0, otherwise debian/clean is moot + * debian/clean: New file + * debian/control: + + Fix Lintian warning debhelper-but-no-misc-depends + + Drop useless Section field for libvc0 package + * debian/libvc0.symbols: Add shared library symbols file + + -- Rafael Laboissiere Fri, 13 Feb 2009 18:28:03 +0100 + +libvc (003.dfsg.1-9) unstable; urgency=low + + * debian/control: + + Append trunk/ to the path in Vcs-Svn:, such that debcheckout works + + Bump Standards-Version to 3.8.0 (no changes needed) + * debian/watch: Remove "dfsg" from the upstream version before number + comparison + * Use quilt instead of CDBS' simple-patchsys + + -- Rafael Laboissiere Tue, 01 Jul 2008 17:10:33 +0200 + +libvc (003.dfsg.1-8) unstable; urgency=low + + * debian/control: + + Use the now official Vcs-* fields instead of the obsolete XS-Vcs-* + + Dropped the Homepage pseudo-header from the extended descriptions + + Bumped Standards-Version to 3.7.3 + + -- Rafael Laboissiere Sat, 15 Dec 2007 23:35:16 +0100 + +libvc (003.dfsg.1-7) unstable; urgency=low + + * debian/patches/04-accept-line-folding.patch: New patch for making the + flex scanner accept values of the fields spanning several lines using + the folding technique of RFC-822 (i.e. using a space in the beginning + of the continuation lines. This does not yet make libvc completely + RFC-2425-compliant, because the continuation sequence "\n " is still + contained in the output (i.e. not eaten up). At any rate, rolo should + now be able to read vCard files containing folded lines (closes: + #442944). + * debian/control: + + Tightened the dependency on autoconf to >= 2.61 and build-conflict + with autoconf2.13, otherwise the -vfi option passed to autoreconf + does not work + + Added Homepage field + + -- Rafael Laboissiere Sun, 23 Sep 2007 10:12:19 +0200 + +libvc (003.dfsg.1-6) unstable; urgency=low + + * debian/patches/manpage-Lb-definition.patch: Patch for doc/vc.3 which + adds definition for the libvc library (.Lb macro) and avoids nroff + warnings + * Make the library compliant with the vCard 2.1 specification as regards + valid field names which are defined to be any printable 7bit us-ascii + except []=:., > (closes: #430546): + + debian/patches/field-names-comply-with-vCard2.1.patch: Added patch + to change lex scanning variables in src/vc_scan.l + + debian/control: Build-Depends on flex + + debian/rules: Save and restore src/vc_scan.c and remove ylwrap in + the clean rule + + -- Rafael Laboissiere Tue, 26 Jun 2007 12:20:23 +0200 + +libvc (003.dfsg.1-5) unstable; urgency=low + + * debian/control: Added XS-Vcs-Svn and XS-Vcs-Browser fields + * debian/patches/vc-manpage-lb-macro.patch: Added patch for fixing + Lintian's manpage-has-errors-from-man warning (wrong argument to .Lb + macro) + + -- Rafael Laboissiere Sun, 22 Apr 2007 11:43:09 +0200 + +libvc (003.dfsg.1-4) unstable; urgency=low + + * debian/control: Changed section of libvc-dev to libdevel, avoiding the + override disparity + + -- Rafael Laboissiere Tue, 27 Mar 2007 16:25:44 +0200 + +libvc (003.dfsg.1-3) unstable; urgency=low + + * debian/rules: Call "autoreconf -vfi" in makebuilddir rule. This is + apparently needed for GNU/kFreeBSD, due to the outdated libtool files + in the upstream tarball (closes: #416257) + * debian/control: Build-Depends on autoconf, automake, and libtool + + -- Rafael Laboissiere Tue, 27 Mar 2007 03:56:16 +0200 + +libvc (003.dfsg.1-2) unstable; urgency=low + + * debian/copyright: Added note about the removal of the doc/rfc2426.txt + from the Debian upstream tarball + + -- Rafael Laboissiere Sun, 25 Mar 2007 23:07:43 +0200 + +libvc (003.dfsg.1-1) unstable; urgency=low + + * Regenerated the upstream tarball (and added ".dfsg.1" to the version + number), removing the RFC document, which is not DFSG compliant. + Hopefully, the package will be accepted by the ftp-admin this time. + * debian/libvc-dev.docs: Do not install doc/rfc2426.txt + + -- Rafael Laboissiere Sun, 11 Mar 2007 20:24:34 +0100 + +libvc (003-4) unstable; urgency=low + + * debian/patches/count-vcards-buffer-overflow.patch: Fix buffer overflow + problem, as reported in + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1356 + (thanks to Carsten Hey for drawing my attention to this problem) + * debian/README.Debian: Added file to document the above + + -- Rafael Laboissiere Mon, 19 Feb 2007 04:03:16 +0100 + +libvc (003-3) unstable; urgency=low + + * Uploaded to unstable again, this time with the orig.tar.gz file + included + + -- Rafael Laboissiere Mon, 12 Feb 2007 19:27:23 +0100 + +libvc (003-2) unstable; urgency=low + + * First release to unstable (closes: #410658) + + -- Rafael Laboissiere Mon, 12 Feb 2007 19:04:08 +0100 + +libvc (003-1) unstable; urgency=low + + * Initial release + + -- Rafael Laboissiere Mon, 12 Feb 2007 12:32:36 +0100 --- libvc-003.dfsg.1.orig/debian/control +++ libvc-003.dfsg.1/debian/control @@ -0,0 +1,36 @@ +Source: libvc +Section: libs +Priority: optional +Maintainer: Tony Palma +Build-Depends: debhelper (>= 7.0.0), cdbs, dpkg-dev (>= 1.13.19), + autotools-dev, autoconf, automake, libtool, flex, quilt +Standards-Version: 3.8.3 +Homepage: http://rolo.sourceforge.net/ +Vcs-Git: git://alioth.debian.org/~rafael/public_git/deb-pkg/libvc.git +Vcs-Browser: http://git.debian.org/?p=users/rafael/deb-pkg/libvc.git + +Package: libvc-dev +Section: libdevel +Architecture: any +Depends: libvc0 (= ${binary:Version}), ${misc:Depends} +Description: vCard library - development files + vCard is an Electronic Business Card format, as specified by the + versit Consortium, useful for storing personal data. libvc handles + scanning a vCard file, parsing the vCard file into a data storage + structure, manipulating the data storage structure, and writing back + to file. It was originally written for `rolo', but has been + split-off as a generic library for general use. + . + This package contains static library, headers, and the development + manpage for libvc. + +Package: libvc0 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: vCard (the Electronic Business Card) library + vCard is an Electronic Business Card format, as specified by the + versit Consortium, useful for storing personal data. libvc handles + scanning a vCard file, parsing the vCard file into a data storage + structure, manipulating the data storage structure, and writing back + to file. It was originally written for `rolo', but has been + split-off as a generic library for general use. --- libvc-003.dfsg.1.orig/debian/watch +++ libvc-003.dfsg.1/debian/watch @@ -0,0 +1,3 @@ +version=3 +opts=dversionmangle=s/\.dfsg\.\d+$// \ + http://rolo.sourceforge.net/ .*/libvc-(.*)\.tar\.gz --- libvc-003.dfsg.1.orig/debian/copyright +++ libvc-003.dfsg.1/debian/copyright @@ -0,0 +1,30 @@ +This package was debianized by Rafael Laboissiere on +Sun Feb 11 15:57:18 CET 2007 + +It was downloaded from http://rolo.sourceforge.net/ + +Upstream Author: Andrew Hsu + +Copyright: + + libvc - vCard library + Copyright (C) 2003 Andrew Hsu + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later + version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + +On Debian systems, the complete text of the GNU Lesser General Public +License can be found in `/usr/share/common-licenses/LGPL-2'. + +The file doc/rfc2426.txt, which was present in the original upstream +tarball was removed before repacking the Debian "upstream" tarball (called +libvc_003.dfsg.1.orig.tar.gz), because this file has licensing conditions +not-compatible with the Debian Free Software Guidelines. --- libvc-003.dfsg.1.orig/debian/libvc-dev.docs +++ libvc-003.dfsg.1/debian/libvc-dev.docs @@ -0,0 +1,5 @@ +NEWS +README +THANKS +TODO + --- libvc-003.dfsg.1.orig/debian/clean +++ libvc-003.dfsg.1/debian/clean @@ -0,0 +1 @@ +ylwrap --- libvc-003.dfsg.1.orig/debian/libvc0.docs +++ libvc-003.dfsg.1/debian/libvc0.docs @@ -0,0 +1,4 @@ +NEWS +README +THANKS +TODO --- libvc-003.dfsg.1.orig/debian/libvc-dev.install +++ libvc-003.dfsg.1/debian/libvc-dev.install @@ -0,0 +1,4 @@ +debian/tmp/usr/lib/*.so +debian/tmp/usr/lib/*.a +debian/tmp/usr/include +debian/tmp/usr/share --- libvc-003.dfsg.1.orig/debian/rules +++ libvc-003.dfsg.1/debian/rules @@ -0,0 +1,38 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# debian/rules for the libvc package +# GNU copyright 2007 by Rafael Laboissiere + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk + +SAVEFILES = \ + INSTALL \ + Makefile.in \ + aclocal.m4 \ + configure \ + install-sh \ + ltmain.sh \ + missing \ + mkinstalldirs \ + depcomp \ + config.guess \ + config.sub \ + src/Makefile.in \ + src/vc_scan.c \ + doc/Makefile.in \ + + +makebuilddir/libvc0:: + # Save files modified by autoreconf + for file in $(SAVEFILES) ; do \ + test -e $$file-orig || cp $$file $$file-orig ; \ + done + autoreconf -vfi + +clean:: + # Restore original file + for file in $(SAVEFILES) ; do \ + test ! -e $$file-orig || mv $$file-orig $$file ; \ + done --- libvc-003.dfsg.1.orig/debian/libvc0.install +++ libvc-003.dfsg.1/debian/libvc0.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libvc.so.* --- libvc-003.dfsg.1.orig/debian/README.source +++ libvc-003.dfsg.1/debian/README.source @@ -0,0 +1,8 @@ +README.source for libvc +======================= + +This package uses quilt to manage all modifications to the upstream sources. +See `/usr/share/doc/quilt/README.source' to get more information on how to +use it. + + -- Rafael Laboissiere Fri, 24 Apr 2009 15:56:10 +0200 --- libvc-003.dfsg.1.orig/debian/libvc0.symbols +++ libvc-003.dfsg.1/debian/libvc0.symbols @@ -0,0 +1,75 @@ +libvc.so.0 libvc0 #MINVER# + count_vcards@Base 003.dfsg.1 + current_vc@Base 003.dfsg.1 + current_vc_param_name@Base 003.dfsg.1 + current_vcard@Base 003.dfsg.1 + fprintf_vc_component@Base 003.dfsg.1 + fprintf_vc_component_param@Base 003.dfsg.1 + fprintf_vcard@Base 003.dfsg.1 + get_val_struct_part@Base 003.dfsg.1 + parse_vcard_file@Base 003.dfsg.1 + vc_add_param@Base 003.dfsg.1 + vc_append_with_name@Base 003.dfsg.1 + vc_delete@Base 003.dfsg.1 + vc_delete_deep@Base 003.dfsg.1 + vc_get_group@Base 003.dfsg.1 + vc_get_name@Base 003.dfsg.1 + vc_get_next@Base 003.dfsg.1 + vc_get_next_by_name@Base 003.dfsg.1 + vc_get_param@Base 003.dfsg.1 + vc_get_preferred_email@Base 003.dfsg.1 + vc_get_preferred_tel@Base 003.dfsg.1 + vc_get_value@Base 003.dfsg.1 + vc_is_preferred@Base 003.dfsg.1 + vc_link@Base 003.dfsg.1 + vc_new@Base 003.dfsg.1 + vc_param_delete@Base 003.dfsg.1 + vc_param_delete_deep@Base 003.dfsg.1 + vc_param_get_by_name@Base 003.dfsg.1 + vc_param_get_name@Base 003.dfsg.1 + vc_param_get_next@Base 003.dfsg.1 + vc_param_get_next_by_name@Base 003.dfsg.1 + vc_param_get_value@Base 003.dfsg.1 + vc_param_link@Base 003.dfsg.1 + vc_param_new@Base 003.dfsg.1 + vc_param_set_name@Base 003.dfsg.1 + vc_param_set_value@Base 003.dfsg.1 + vc_set_group@Base 003.dfsg.1 + vc_set_name@Base 003.dfsg.1 + vc_set_value@Base 003.dfsg.1 + yy_create_buffer@Base 003.dfsg.1 + yy_delete_buffer@Base 003.dfsg.1 + yy_flex_debug@Base 003.dfsg.1 + yy_flush_buffer@Base 003.dfsg.1 + yy_scan_buffer@Base 003.dfsg.1 + yy_scan_bytes@Base 003.dfsg.1 + yy_scan_string@Base 003.dfsg.1 + yy_switch_to_buffer@Base 003.dfsg.1 + yyalloc@Base 003.dfsg.1 + yychar@Base 003.dfsg.1 + yyerror@Base 003.dfsg.1 + yyfree@Base 003.dfsg.1 + yyget_debug@Base 003.dfsg.1 + yyget_in@Base 003.dfsg.1 + yyget_leng@Base 003.dfsg.1 + yyget_lineno@Base 003.dfsg.1 + yyget_out@Base 003.dfsg.1 + yyget_text@Base 003.dfsg.1 + yyin@Base 003.dfsg.1 + yyleng@Base 003.dfsg.1 + yylex@Base 003.dfsg.1 + yylex_destroy@Base 003.dfsg.1 + yylineno@Base 003.dfsg.1 + yylval@Base 003.dfsg.1 + yynerrs@Base 003.dfsg.1 + yyout@Base 003.dfsg.1 + yyparse@Base 003.dfsg.1 + yypop_buffer_state@Base 003.dfsg.1 + yypush_buffer_state@Base 003.dfsg.1 + yyrealloc@Base 003.dfsg.1 + yyrestart@Base 003.dfsg.1 + yyset_debug@Base 003.dfsg.1 + yyset_in@Base 003.dfsg.1 + yyset_lineno@Base 003.dfsg.1 + yyset_out@Base 003.dfsg.1 + yytext@Base 003.dfsg.1 --- libvc-003.dfsg.1.orig/debian/README.Debian +++ libvc-003.dfsg.1/debian/README.Debian @@ -0,0 +1,9 @@ +libvc0 for Debian +----------------- + +The libvc sources have been patch to fix a buffer overflow vulnerability, +as reported in http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1356 + + -- Rafael Laboissiere Mon, 19 Feb 2007 04:22:42 +0100 + + --- libvc-003.dfsg.1.orig/debian/patches/field-names-comply-with-vCard2.1diff +++ libvc-003.dfsg.1/debian/patches/field-names-comply-with-vCard2.1diff @@ -0,0 +1,25 @@ +Change lex scanning variables, complying with VCard-2 + + -- Rafael Laboissiere Tue, 01 Jul 2008 17:10:33 +0200 + +Index: libvc-003.dfsg.1/src/vc_scan.l +=================================================================== +--- libvc-003.dfsg.1.orig/src/vc_scan.l 2008-07-01 17:20:04.000000000 +0200 ++++ libvc-003.dfsg.1/src/vc_scan.l 2008-07-01 17:20:10.000000000 +0200 +@@ -49,6 +49,7 @@ + NON-ASCII [\x80-\xFF] + SAFE-CHAR {WSP}|\x21|[\x23-\x2B]|[\x2D-\x39]|[\x3C-\x7E]|{NON-ASCII} + VALUE-CHAR {WSP}|{VCHAR}|{NON-ASCII} ++NAME-CHAR [\x21-\x2B\x2D\x2F-\x39\x3C\x3E-\x5A\x5C\x5E-\x7E] + + %option noyywrap + %x SC_VALUE SC_PARAM SC_PARAM_VALUE +@@ -60,7 +61,7 @@ + "\n" { yylval = NULL; return yytext[0]; } + "." { yylval = NULL; return yytext[0]; } + ({ALPHA}|{DIGIT}|-)+/"." { yylval = yytext; return TOK_GROUP; } +-({ALPHA}|{DIGIT}|-)+ { yylval = yytext; return TOK_NAME; } ++{NAME-CHAR}+ { yylval = yytext; return TOK_NAME; } + ";" { yylval = NULL; BEGIN(SC_PARAM); return yytext[0]; } + ":" { yylval = NULL; BEGIN(SC_VALUE); return yytext[0]; } + --- libvc-003.dfsg.1.orig/debian/patches/manpage-Lb-definition.diff +++ libvc-003.dfsg.1/debian/patches/manpage-Lb-definition.diff @@ -0,0 +1,16 @@ +Adds definition for the libvc library (.Lb macro) and avoids nroff warnings + + -- Rafael Laboissiere Tue, 01 Jul 2008 17:10:33 +0200 + +Index: libvc-003.dfsg.1/doc/vc.3 +=================================================================== +--- libvc-003.dfsg.1.orig/doc/vc.3 2008-07-01 17:20:46.000000000 +0200 ++++ libvc-003.dfsg.1/doc/vc.3 2008-07-01 17:20:54.000000000 +0200 +@@ -44,6 +44,7 @@ + .Nm get_val_struct_part + .Nd vCard library + .Sh LIBRARY ++.ds str-Lb-libvc vCard\~library (libvc, \-lvc) + .Lb libvc + .Sh SYNOPSIS + .In vc.h --- libvc-003.dfsg.1.orig/debian/patches/accept-line-folding.diff +++ libvc-003.dfsg.1/debian/patches/accept-line-folding.diff @@ -0,0 +1,23 @@ +Make the flex scanner accept values of the fields spanning +several lines using the folding technique of RFC-822 (i.e. using +a space in the beginning of the continuation lines. This does +not yet make libvc completely RFC-2425-compliant, because the +continuation sequence "\n " is still contained in the +output (i.e. not eaten up). At any rate, rolo should now be able +to read vCard files containing folded lines (closes: #442944). + + -- Rafael Laboissiere Tue, 01 Jul 2008 17:10:33 +0200 + +Index: libvc-003.dfsg.1/src/vc_scan.l +=================================================================== +--- libvc-003.dfsg.1.orig/src/vc_scan.l 2008-07-01 17:28:46.000000000 +0200 ++++ libvc-003.dfsg.1/src/vc_scan.l 2008-07-01 17:28:54.000000000 +0200 +@@ -67,7 +67,7 @@ + + + { +-{VALUE-CHAR}* { yylval = yytext; return TOK_VALUE; } ++({VALUE-CHAR}|"\n ")* { yylval = yytext; return TOK_VALUE; } + "\n" { yylval = NULL; BEGIN(INITIAL); return yytext[0]; } + } + --- libvc-003.dfsg.1.orig/debian/patches/series +++ libvc-003.dfsg.1/debian/patches/series @@ -0,0 +1,4 @@ +count-vcards-buffer-overflow.diff +field-names-comply-with-vCard2.1diff +manpage-Lb-definition.diff +accept-line-folding.diff --- libvc-003.dfsg.1.orig/debian/patches/count-vcards-buffer-overflow.diff +++ libvc-003.dfsg.1/debian/patches/count-vcards-buffer-overflow.diff @@ -0,0 +1,40 @@ +Fix buffer overflow problem, as reported in +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1356 + + -- Rafael Laboissiere Tue, 01 Jul 2008 17:10:33 +0200 + +Index: libvc-003.dfsg.1/src/vc.c +=================================================================== +--- libvc-003.dfsg.1.orig/src/vc.c 2008-07-01 17:19:22.000000000 +0200 ++++ libvc-003.dfsg.1/src/vc.c 2008-07-01 17:19:24.000000000 +0200 +@@ -25,6 +25,7 @@ + #include "vc.h" + #include + #include ++#define __USE_GNU + #include + + #define BUF_LEN 80 +@@ -832,14 +833,16 @@ + int + count_vcards (FILE * fp) + { +- char buf[256]; ++ char* line = NULL; ++ size_t len = 0; + int counter = 0; + +- while (EOF != fscanf (fp, "%s\n", buf)) +- { +- if (0 == strcasecmp (buf, "BEGIN:VCARD")) +- counter++; +- } ++ while (getline (&line, &len, fp) != EOF) ++ if (0 == strncasecmp (line, "BEGIN:VCARD", 11)) ++ counter++; ++ ++ if (line) ++ free (line); + + return counter; + }