debian/0000755000000000000000000000000012247324714007174 5ustar debian/maven.cleanIgnoreRules0000644000000000000000000000000112247322574013456 0ustar debian/changelog0000664000000000000000000002347612247324641011063 0ustar libcommons-fileupload-java (1.3-3) unstable; urgency=low * Set the project.build.sourceEncoding property to fix a test failure (Closes: #730970) * Removed the Servlet and the Portlet APIs from the runtime dependencies since they are provided by the Servlet container. * Install the upstream changelog * debian/control: - Standards-Version updated to 3.9.5 (no changes) - Use canonical URLs for the Vcs-* fields * Switch to debhelper level 9 -- Emmanuel Bourg Tue, 03 Dec 2013 08:35:15 +0100 libcommons-fileupload-java (1.3-2.1) unstable; urgency=low * Non-maintainer upload. * Add CVE-2013-2186.patch patch. CVE-2013-2186: Arbitrary file upload via deserialization. Properly validate repository in org.apache.commons.fileupload.disk.DiskFileItem. Thanks to Marc Deslauriers for providing the debdiff. (Closes: #726601) -- Salvatore Bonaccorso Fri, 15 Nov 2013 15:04:17 +0100 libcommons-fileupload-java (1.3-2) unstable; urgency=low * Team upload. * Upload to unstable. -- tony mancill Thu, 23 May 2013 21:15:43 -0700 libcommons-fileupload-java (1.3-1) experimental; urgency=low * Team upload * New upstream release. * Upgraded the dependency on the Servlet API (2.5 -> 3.0) * Enabled the unit tests * Removed Michael Koch from the uploaders list (Closes: #654055) * Bump Standards-Version to 3.9.4 (no changes) * Machine-readable debian/copyright file (DEP5) -- Emmanuel Bourg Tue, 23 Apr 2013 18:10:12 +0200 libcommons-fileupload-java (1.2.2-1) unstable; urgency=low * New upstream release. * New libcommons-fileupload-java-doc package for Javadoc. * Bump Standards-Version to 3.9.1: - Add recommended get-orig-source target in d/rules. * d/dirs: Remove, uneeded. * Switch to maven-debian-helper for build: - Drop all patches on old Ant build. - Add maven-debian-helper to B-D. - Drop ant from B-D. * Don't Depends on a JRE (not requested anymore by Java Policy for libraries packages). -- Damien Raude-Morvan Wed, 04 Aug 2010 13:57:04 +0200 libcommons-fileupload-java (1.2.1-5) unstable; urgency=low * (Build-)Depend on libservlet2.5-java instead of libservlet2.4-java -- Thierry Carrez Fri, 11 Jun 2010 15:19:56 +0200 libcommons-fileupload-java (1.2.1-4) unstable; urgency=low [ Thierry Carrez ] * Minimal dependency on default-jre-headless | java2-runtime-headless * debian/ant.properties: Force Java2 code to match dependency [ Damien Raude-Morvan ] * Remove Arnaud from Uploaders. * Add myself to Uploaders. * Bump Standards-Version to 3.8.4: no changes needed * Bump debhelper to >= 7 * Remove version criteria from cdbs B-D (even stable match version) * Enable portlet support: - Remove debian/patches/04_disable-portlet.patch - Add B-D-I on libportlet-api-2.0-spec-java - Remove debian/README.Debian (Closes: #577474) * Convert to source format 3.0 (quilt) - Refresh all patches - Add DEP3 headers to patches * Register in maven repository: - B-D-I on maven-repo-helper - Use mh_installpoms and mh_installjar -- Damien Raude-Morvan Mon, 12 Apr 2010 12:42:16 +0200 libcommons-fileupload-java (1.2.1-3) unstable; urgency=low * (Build-)Depends on default-jdk. * (Build-)Depends on libservlet2.4-java. -- Michael Koch Wed, 16 Sep 2009 22:15:26 +0200 libcommons-fileupload-java (1.2.1-2) unstable; urgency=low [ Emmanuel Bourg ] * Update of the URLs * Rename Jakarta Commons to Apache Commons. * debian/copyright: Switch to Apache License 2.0. Closes: #532889. [ Michael Koch ] * Add '${misc:Depends}' to Depends of libcommons-fileupload-java. * Converted debian/copyright to UTF-8. * Move package to section 'java'. * Update debhelper to >= 5. * Update Standards-Version 3.8.3. -- Michael Koch Sun, 06 Sep 2009 21:39:24 +0200 libcommons-fileupload-java (1.2.1-1) unstable; urgency=low [ Michael Koch ] * New upstream release * Updated Standards-Version to 3.7.3. [ Kumar Appaiah ] * Update watch file. * debian/control: + Add Vcs-{Svn,Browser}. + Add Homepage field. -- Michael Koch Thu, 14 Feb 2008 17:41:57 +0100 libcommons-fileupload-java (1.2-2) unstable; urgency=low * Added Depends on libcommons-io-java. Closes: #439860. -- Michael Koch Sat, 01 Sep 2007 22:19:03 +0200 libcommons-fileupload-java (1.2-1) unstable; urgency=low * New upstream release. Closes: #429638. - added README.Debian with info about disabled portlet support - updated patches/01-build-jar-without-test-fix.patch * Use java-gcj-compat instead of kaffe. * Renamed debian/patches/02_jikes_1.3.patch to debian/patches/02_java13.patch and to make sure to have compatibility with Java 1.3. * Moved cdbs and debhelper from Build-Depends-Indep to Build-Depends. * Fixed usage of Homepage: tag in package description. * Removed Wolfgang and added myself to Uploads * Updated Standards-Version. * Removed ant-launcher.jar from explicit list of jars. * Removed debian/libcommons-fileupload-java.links, debian/install and debian/links and do the needed stuff in debian/rules. -- Michael Koch Sat, 21 Jul 2007 13:08:32 +0200 libcommons-fileupload-java (1.0-14) unstable; urgency=low * kaffe compiler transition * Bump debhelper version to fix linda error * Removed version constraints already fulfilled by stable * Formatted description * Removed unused and wrong README.Debian * Standards-Version 3.6.2 (no changes) * Added myself to uploaders -- Wolfgang Baer Wed, 1 Feb 2006 22:44:18 +0100 libcommons-fileupload-java (1.0-13) unstable; urgency=low * libant1.6-java to ant transition -- Arnaud Vandyck Sat, 20 Aug 2005 19:52:56 +0200 libcommons-fileupload-java (1.0-12) unstable; urgency=low * debian/control (Build-Depends-Indep, Depends): changed the kaffe version (closes: #302015) * Standards-Version: 3.6.1, nothing to change -- Arnaud Vandyck Tue, 5 Apr 2005 16:38:16 +0200 libcommons-fileupload-java (1.0-11) unstable; urgency=low * build with kaffe * generate the javadoc -- Arnaud Vandyck Wed, 2 Mar 2005 23:10:46 +0100 libcommons-fileupload-java (1.0-10) unstable; urgency=low * added a build-dep on libgnujaxp-java because sablevm does not embed gnujaxp at the moment! (closes: #272387). -- Arnaud Vandyck Tue, 28 Sep 2004 11:34:15 +0200 libcommons-fileupload-java (1.0-9) unstable; urgency=low * added a patch to force jikes to build against 1.3 (closes: #269254) * sablevm is used to launch ant and jikes. * no javadoc at the moment -- Arnaud Vandyck Tue, 14 Sep 2004 13:25:23 +0200 libcommons-fileupload-java (1.0-8) unstable; urgency=low * debian/watch: added. -- Arnaud Vandyck Sun, 15 Aug 2004 01:54:04 +0200 libcommons-fileupload-java (1.0-7) unstable; urgency=low * Now really move to main! -- Arnaud Vandyck Sun, 25 Jul 2004 18:36:30 +0200 libcommons-fileupload-java (1.0-6) unstable; urgency=low * Move to main! Now that libservlet2.3-java is in main, this lib can move to main -- Arnaud Vandyck Sun, 25 Jul 2004 17:56:26 +0200 libcommons-fileupload-java (1.0-5) unstable; urgency=low * Removed the dependency to dpatch, update kaffe dependency to 1.1.3, removed the junit dependency. I now use the cdbs simple-patchsys. * debian/rules: clean up. -- Arnaud Vandyck Sat, 24 Jan 2004 01:12:16 +0100 libcommons-fileupload-java (1.0-4) unstable; urgency=low * debian/links: changed the symlink. Thanks to Giuseppe Sacco (closes: #226928). -- Arnaud Vandyck Sat, 10 Jan 2004 01:05:23 +0100 libcommons-fileupload-java (1.0-3) unstable; urgency=low * debian/control (Maintainer) (Uploaders): Debian Java Maintainers is now the maintainer and I added my debian email address to the Uploaders field. * debian/README.Debian: Added an explanation why in contrib. -- Arnaud Vandyck Wed, 7 Jan 2004 17:33:53 +0100 libcommons-fileupload-java (1.0-2) unstable; urgency=low * Build system is now cdbs! the junit test is no more perform at the moment, a patch has been applyied to suppress it from the build file * junit is not needed when running (only for test at build time), kaffe maybe used to run the library, libant-1.5-java is used to build * I patched build.xml to remove entities because of a bug in kaffe-1.1.1 (gnujaxp) so now it builds with kaffe... * Waiting for libservlet2.3-java in main to be in main -- Arnaud Vandyck Sun, 5 Oct 2003 01:58:49 +0200 libcommons-fileupload-java (1.0-1) unstable; urgency=low * New upstream release * I do not need to patch build.xml anymore because upstream changed it. I just have to override the libdir property in debian/rules. Thanks to Martin Cooper. * There is no more a libcommons-fileupload-java-doc package because it's to small, so I merged it with the library (dist/doc/*). * The jar is now in dist directory. -- Arnaud Vandyck Mon, 30 Jun 2003 15:10:36 +0200 libcommons-fileupload-java (0.99beta1-2) unstable; urgency=low * Library compiled by jikes. Does not need JAVA_HOME anymore * Typo in description * Correct version dependency (beanutils) * Correct the CLASSPATH (do not use version number of the jars) -- Arnaud Vandyck Fri, 30 May 2003 10:18:57 +0200 libcommons-fileupload-java (0.99beta1-1) unstable; urgency=low * Initial Release. -- Arnaud Vandyck Sun, 13 Apr 2003 18:45:44 +0200 debian/maven.publishedRules0000644000000000000000000000000112247322574013207 0ustar debian/maven.ignoreRules0000644000000000000000000000054512247322574012530 0ustar junit junit maven-plugin * * * org.apache.maven.plugins maven-assembly-plugin maven-plugin * * * org.apache.maven.plugins maven-changes-plugin maven-plugin * * * org.apache.maven.plugins maven-checkstyle-plugin maven-plugin * * * org.apache.maven.plugins maven-pmd-plugin maven-plugin * * * org.apache.maven.plugins maven-release-plugin maven-plugin * * * debian/source/0000755000000000000000000000000012241423770010470 5ustar debian/source/format0000644000000000000000000000001412241423770011676 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000264012247321560011125 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Apache Commons FileUpload Upstream-Contact: Apache Commons Developers Source: http://www.apache.org/dist/commons/fileupload/ Files: * Copyright: 2002-2013, The Apache Software Foundation. License: Apache-2.0 Comment: Upstream authors: Martin Cooper dIon Gillard , John McNally , Daniel Rall , Jason van Zyl , Robert Burrell Donkin , Sean C. Sullivan , Jochen Wiedmann , Aaron Freeman , Gary Gregory , Michael Macaluso , Amichai Rothman , Alexander Sova , Thomas Vandahl , Henry Yandell Files: debian/* Copyright: 2003, Arnaud Vandyck License: Apache-2.0 License: Apache-2.0 On Debian systems, the full text of the Apache License can be found in the file `/usr/share/common-licenses/Apache-2.0'. debian/libcommons-fileupload-java-doc.doc-base0000644000000000000000000000053512241423770016540 0ustar Document: libcommons-fileupload-javadoc Title: API Javadoc for commons-fileupload Author: commons-fileupload developers Abstract: This is the API Javadoc provided by the commons-upload library. Section: Programming Format: HTML Index: /usr/share/doc/libcommons-fileupload-java/api/index.html Files: /usr/share/doc/libcommons-fileupload-java/api/* debian/watch0000644000000000000000000000017212241423770010221 0ustar version=3 http://archive.apache.org/dist/commons/fileupload/source/commons-fileupload-([\.\d]+)-src.tar.gz debian uupdate debian/maven.rules0000664000000000000000000000021112247322704011347 0ustar javax.servlet servlet-api jar s/.*/3.0/ * * junit junit jar s/4\..*/4.x/ * * s/portlet-api/javax.portlet/ portlet-api jar s/.*/2.0/ * * debian/maven.properties0000664000000000000000000000017212247317531012421 0ustar maven.test.skip = false maven.compiler.source = 1.5 maven.compiler.target = 1.5 project.build.sourceEncoding = ISO-8859-1 debian/rules0000775000000000000000000000046312247321057010256 0ustar #!/usr/bin/make -f # debian/rules for Commons Fileupload (uses CDBS) include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/maven.mk JAVA_HOME_DIRS := /usr/lib/jvm/default-java DEB_INSTALL_CHANGELOGS_ALL := RELEASE-NOTES.txt get-orig-source: uscan --force-download --rename debian/libcommons-fileupload-java.poms0000644000000000000000000000316012247322574015301 0ustar # List of POM files for the package # Format of this file is: # [option]* # where option can be: # --ignore: ignore this POM and its artifact if any # --ignore-pom: don't install the POM. To use on POM files that are created # temporarily for certain artifacts such as Javadoc jars. [mh_install, mh_installpoms] # --no-parent: remove the tag from the POM # --package=: an alternative package to use when installing this POM # and its artifact # --has-package-version: to indicate that the original version of the POM is the same as the upstream part # of the version for the package. # --keep-elements=: a list of XML elements to keep in the POM # during a clean operation with mh_cleanpom or mh_installpom # --artifact=: path to the build artifact associated with this POM, # it will be installed when using the command mh_install. [mh_install] # --java-lib: install the jar into /usr/share/java to comply with Debian # packaging guidelines # --usj-name=: name to use when installing the library in /usr/share/java # --usj-version=: version to use when installing the library in /usr/share/java # --no-usj-versionless: don't install the versionless link in /usr/share/java # --dest-jar=: the destination for the real jar. # It will be installed with mh_install. [mh_install] # --classifier=: Optional, the classifier for the jar. Empty by default. # --site-xml=: Optional, the location for site.xml if it needs to be installed. # Empty by default. [mh_install] # pom.xml --no-parent debian/compat0000664000000000000000000000000212247305102010362 0ustar 9 debian/control0000664000000000000000000000404112247322370010574 0ustar Source: libcommons-fileupload-java Section: java Priority: optional Maintainer: Debian Java Maintainers Uploaders: Damien Raude-Morvan , Emmanuel Bourg Build-Depends: cdbs, debhelper (>= 9), default-jdk, maven-debian-helper Build-Depends-Indep: libcommons-io-java, libmaven-javadoc-plugin-java, libportlet-api-2.0-spec-java, libservlet3.0-java, maven-repo-helper Standards-Version: 3.9.5 Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/libcommons-fileupload-java/ Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/libcommons-fileupload-java/ Homepage: http://commons.apache.org/fileupload/ Package: libcommons-fileupload-java Architecture: all Depends: ${misc:Depends}, libcommons-io-java Description: File upload capability to your servlets and web applications The Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to your servlets and web applications. . FileUpload parses HTTP requests which conform to RFC 1867, "Form-based File Upload in HTML". That is, if an HTTP request is submitted using the POST method, and with a content type of "multipart/form-data", then FileUpload can parse that request, and make the results available in a manner easily used by the caller. Package: libcommons-fileupload-java-doc Architecture: all Section: doc Depends: ${maven:DocDepends}, ${misc:Depends} Recommends: ${maven:DocOptionalDepends} Suggests: libcommons-fileupload-java Description: Javadoc API documentation for Commons FileUploads FileUpload parses HTTP requests which conform to RFC 1867, "Form-based File Upload in HTML". That is, if an HTTP request is submitted using the POST method, and with a content type of "multipart/form-data", then FileUpload can parse that request, and make the results available in a manner easily used by the caller. . This package contains Javadoc API documentation for Commons FileUpload. debian/patches/0000755000000000000000000000000012247323453010622 5ustar debian/patches/series0000664000000000000000000000010012247317516012033 0ustar 001_update-tests-for-servlet3-api.patch 002_CVE-2013-2186.patch debian/patches/001_update-tests-for-servlet3-api.patch0000644000000000000000000004041312241423770017744 0ustar Description: Updates the test to compile with the Servlet 3.0 API and removes the unused portlet mocks that fail to compile Author: Emmanuel Bourg Forwarded: not-needed --- a/src/test/java/org/apache/commons/fileupload/MockHttpServletRequest.java +++ b/src/test/java/org/apache/commons/fileupload/MockHttpServletRequest.java @@ -22,15 +22,24 @@ import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.security.Principal; +import java.util.Collection; import java.util.Enumeration; import java.util.Locale; import java.util.Map; +import javax.servlet.AsyncContext; +import javax.servlet.DispatcherType; import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; import javax.servlet.ServletInputStream; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import javax.servlet.http.Part; /** * @version $Id: MockHttpServletRequest.java 1455729 2013-03-12 22:01:02Z tn $ @@ -481,6 +490,52 @@ return null; } + public boolean authenticate(HttpServletResponse httpServletResponse) throws IOException, ServletException { + return false; + } + + public void login(String s, String s2) throws ServletException { + } + + public void logout() throws ServletException { + } + + public Collection getParts() throws IOException, ServletException { + return null; + } + + public Part getPart(String s) throws IOException, ServletException { + return null; + } + + public ServletContext getServletContext() { + return null; + } + + public AsyncContext startAsync() throws IllegalStateException { + return null; + } + + public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse) throws IllegalStateException { + return null; + } + + public boolean isAsyncStarted() { + return false; + } + + public boolean isAsyncSupported() { + return false; + } + + public AsyncContext getAsyncContext() { + return null; + } + + public DispatcherType getDispatcherType() { + return null; + } + private static class MyServletInputStream extends javax.servlet.ServletInputStream { @@ -509,7 +564,7 @@ return in.read(b, off, len); } } - } } + --- a/src/test/java/org/apache/commons/fileupload/MockPortletSession.java +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.commons.fileupload; - -import java.util.Enumeration; -import java.util.Hashtable; -import javax.portlet.PortletContext; -import javax.portlet.PortletSession; - -/** - * A mock portlet session, useful for unit testing and offline utilities - * Note: currently doesn't support scoping - * - * @version $Id: MockPortletSession.java 1454693 2013-03-09 12:30:27Z simonetripodi $ - */ -public class MockPortletSession implements PortletSession { - - // Hashtable (not HashMap) makes enumerations easier to work with - Hashtable attributes = new Hashtable(); - - public MockPortletSession() { - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#getAttribute(java.lang.String) - */ - public Object getAttribute(String name) { - return attributes.get(name); - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#getAttribute(java.lang.String, int) - */ - public Object getAttribute(String name, int scope) { - return attributes.get(name); - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#getAttributeNames(int) - */ - public Enumeration getAttributeNames(int scope) { - return attributes.keys(); - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#getCreationTime() - */ - public long getCreationTime() { - // TODO Auto-generated method stub - return 0; - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#getId() - */ - public String getId() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#getLastAccessedTime() - */ - public long getLastAccessedTime() { - // TODO Auto-generated method stub - return 0; - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#getMaxInactiveInterval() - */ - public int getMaxInactiveInterval() { - // TODO Auto-generated method stub - return 0; - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#invalidate() - */ - public void invalidate() { - // TODO Auto-generated method stub - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#isNew() - */ - public boolean isNew() { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#removeAttribute(java.lang.String) - */ - public void removeAttribute(String name) { - attributes.remove(name); - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#removeAttribute(java.lang.String, int) - */ - public void removeAttribute(String name, int scope) { - attributes.remove(name); - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#setAttribute(java.lang.String, java.lang.Object) - */ - public void setAttribute(String name, Object value) { - attributes.put(name, value); - } - - public Enumeration getAttributeNames() { - return this.getAttributeNames(PortletSession.PORTLET_SCOPE); - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#setAttribute(java.lang.String, java.lang.Object, int) - */ - public void setAttribute(String name, Object value, int scope) { - attributes.put(name, value); - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#setMaxInactiveInterval(int) - */ - public void setMaxInactiveInterval(int interval) { - // TODO Auto-generated method stub - } - - /* (non-Javadoc) - * @see javax.portlet.PortletSession#getPortletContext() - */ - public PortletContext getPortletContext() { - // TODO Auto-generated method stub - return null; - } - -} --- a/src/test/java/org/apache/commons/fileupload/MockPortletRequest.java +++ /dev/null @@ -1,343 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.commons.fileupload; - -import java.security.Principal; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Map; - -import javax.portlet.PortalContext; -import javax.portlet.PortletMode; -import javax.portlet.PortletPreferences; -import javax.portlet.PortletRequest; -import javax.portlet.PortletSession; -import javax.portlet.WindowState; - -/** - * A mock portlet request, useful for unit testing and offline utilities - * - * @version $Id: MockPortletRequest.java 1454693 2013-03-09 12:30:27Z simonetripodi $ - */ -public class MockPortletRequest implements PortletRequest { - - MockPortletSession session = null; - - public MockPortletRequest() { - session = new MockPortletSession(); - } - - /* (non-Javadoc) - * @see javax.portlet.PortletRequest#isWindowStateAllowed(javax.portlet.WindowState) - */ - public boolean isWindowStateAllowed(WindowState state) { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see javax.portlet.PortletRequest#isPortletModeAllowed(javax.portlet.PortletMode) - */ - public boolean isPortletModeAllowed(PortletMode mode) { - // TODO Auto-generated method stub - return false; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getPortletMode() - */ - public PortletMode getPortletMode() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getWindowState() - */ - public WindowState getWindowState() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getPreferences() - */ - public PortletPreferences getPreferences() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getPortletSession() - */ - public PortletSession getPortletSession() { - return session; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getPortletSession(boolean) - */ - public PortletSession getPortletSession( boolean create ) { - if ( session == null ) - { - session = new MockPortletSession(); - } - return session; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getProperty(java.lang.String) - */ - public String getProperty( String name ) { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getProperties(java.lang.String) - */ - public Enumeration getProperties( String name ) { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getPropertyNames() - */ - public Enumeration getPropertyNames() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getPortalContext() - */ - public PortalContext getPortalContext() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getAuthType() - */ - public String getAuthType() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getContextPath() - */ - public String getContextPath() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getRemoteUser() - */ - public String getRemoteUser() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getUserPrincipal() - */ - public Principal getUserPrincipal() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#isUserInRole(java.lang.String) - */ - public boolean isUserInRole( String role ) { - // TODO Auto-generated method stub - return false; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getAttribute(java.lang.String) - */ - public Object getAttribute( String name ) { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getAttributeNames() - */ - public Enumeration getAttributeNames() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getParameter(java.lang.String) - */ - public String getParameter( String name ) { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getParameterNames() - */ - public Enumeration getParameterNames() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getParameterValues(java.lang.String) - */ - public String[] getParameterValues( String name ) { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getParameterMap() - */ - public Map getParameterMap() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#isSecure() - */ - public boolean isSecure() { - // TODO Auto-generated method stub - return false; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#setAttribute(java.lang.String, java.lang.Object) - */ - public void setAttribute( String name, Object o ) { - // TODO Auto-generated method stub - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#removeAttribute(java.lang.String) - */ - public void removeAttribute( String name ) { - // TODO Auto-generated method stub - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getRequestedSessionId() - */ - public String getRequestedSessionId() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#isRequestedSessionIdValid() - */ - public boolean isRequestedSessionIdValid() { - // TODO Auto-generated method stub - return false; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getResponseContentType() - */ - public String getResponseContentType() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getResponseContentTypes() - */ - public Enumeration getResponseContentTypes() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getLocale() - */ - public Locale getLocale() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getScheme() - */ - public String getScheme() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getServerName() - */ - public String getServerName() { - // TODO Auto-generated method stub - return null; - } - - /* - * (non-Javadoc) - * @see javax.portlet.PortletRequest#getServerPort() - */ - public int getServerPort() { - // TODO Auto-generated method stub - return 0; - } - - public Enumeration getLocales() { - return null; - } - -} debian/patches/002_CVE-2013-2186.patch0000664000000000000000000000367412247305300013625 0ustar Description: fix arbitrary file overwrite via poison null byte Origin: upstream, http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java?r1=1460343&r2=1507048 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601 Bug-Novell: https://bugzilla.novell.com/show_bug.cgi?id=846174 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=974814 Index: libcommons-fileupload-java-1.3/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java =================================================================== --- libcommons-fileupload-java-1.3.orig/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java 2013-03-24 08:36:44.000000000 -0400 +++ libcommons-fileupload-java-1.3/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java 2013-11-07 09:32:20.042865874 -0500 @@ -656,6 +656,26 @@ // read values in.defaultReadObject(); + /* One expected use of serialization is to migrate HTTP sessions + * containing a DiskFileItem between JVMs. Particularly if the JVMs are + * on different machines It is possible that the repository location is + * not valid so validate it. + */ + if (repository != null) { + if (repository.isDirectory()) { + // Check path for nulls + if (repository.getPath().contains("\0")) { + throw new IOException(format( + "The repository [%s] contains a null character", + repository.getPath())); + } + } else { + throw new IOException(format( + "The repository [%s] is not a directory", + repository.getAbsolutePath())); + } + } + OutputStream output = getOutputStream(); if (cachedContent != null) { output.write(cachedContent); debian/libcommons-fileupload-java-doc.install0000644000000000000000000000010012247321560016515 0ustar target/apidocs/* /usr/share/doc/libcommons-fileupload-java/api/