debian/0000755000000000000000000000000011526561307007174 5ustar debian/libphp-magpierss.install0000644000000000000000000000030211450653260014021 0ustar rss_fetch.inc /usr/share/php/magpierss/ rss_utils.inc /usr/share/php/magpierss/ rss_cache.inc /usr/share/php/magpierss/ rss_parse.inc /usr/share/php/magpierss/ scripts /usr/share/php/magpierss/ debian/README.Debian0000644000000000000000000000053411266147517011243 0ustar magpierss for Debian -------------------- * Renamed functions debug() to magpierss_debug() and error() to magpierss_error() because "debug" and "error" are generic names. Since it's included in other packages, it's better to use a specific name. -- Marcelo Jorge Vieira (metal) , Mon, 1 May 2006 12:21:50 -0300. debian/control0000644000000000000000000000204311450506102010562 0ustar Source: magpierss Section: php Priority: optional Maintainer: Marcelo Jorge Vieira (metal) Build-Depends: debhelper (>= 7.0.50~) Standards-Version: 3.9.1 Homepage: http://magpierss.sourceforge.net/ Vcs-Git: git://git.debian.org/git/users/metal/magpierss.git Vcs-Browser: http://git.debian.org/?p=users/metal/magpierss.git;a=summary Package: libphp-magpierss Architecture: all Depends: ${misc:Depends}, php5 | php5-cli, libphp-snoopy Description: provides an XML-based RSS parser in PHP MagpieRSS is an XML-based RSS parser in PHP. It attempts to be "PHP-like", and simple to use. . Some features include: . * supports RSS 0.9 - 1.0, with limited RSS 2.0 support * supports namespaces, and modules, including mod_content and mod_event * open minded * simple, functional interface, to object oriented backend parser * automatic caching of parsed RSS objects makes its easy to integrate * supports conditional GET with Last-Modified, and ETag * uses constants for easy override of default behaviour * heavily commented debian/source/0000755000000000000000000000000011526554723010500 5ustar debian/source/format0000644000000000000000000000001411450506102011666 0ustar 3.0 (quilt) debian/docs0000644000000000000000000000007511450653260010045 0ustar NEWS README CHANGES AUTHORS htdocs cookbook TROUBLESHOOTING debian/changelog0000644000000000000000000000667611526561201011056 0ustar magpierss (0.72-10) unstable; urgency=high * Fixing CVE-2011-0740 (Closes: #611940) Cross-site scripting (XSS) vulnerability in scripts/magpie_slashbox.php -- Marcelo Jorge Vieira (metal) Tue, 15 Feb 2011 17:51:14 -0200 magpierss (0.72-9) unstable; urgency=low * Changing my email for Debian address * Removed DM-Upload-Allowed field * Removed transitional dummy package * Minimizing rules file * Switch to dpkg-source 3.0 (quilt) format * Changed VCS information to my new Alioth account * Updated Standards-Version to 3.9.1 (no changes) * Moved docs files from .install to .doc -- Marcelo Jorge Vieira (metal) Tue, 28 Sep 2010 21:22:26 -0300 magpierss (0.72-8) unstable; urgency=low * Removed rss_cache.inc.diff file + It's an unnecessary patch * Updated Standards-Version to 3.8.2 * Splitting rss_fetch.inc.diff file + Created include_libphp-snoopy.patch and rename_debug_function.patch files * Created rename_error_function.patch file + Renamed function error() to magpierss_error() because "error" is a generic name. Since it's included in other packages, it's better to use a specific name. -- Marcelo Jorge Vieira (metal) Thu, 13 Aug 2009 01:17:53 -0300 magpierss (0.72-7) unstable; urgency=low * Updated Standards-Version to 3.8.1 * Changed section from 'web' to 'php' * Added 'php5-cli or php5' as dependency * Fixes debian/rules debian/rules did not provide a build-arch or build-indep neither it built the same binary package by only running the binary target. -- Marcelo Jorge Vieira (metal) Mon, 15 Jun 2009 17:19:24 -0300 magpierss (0.72-6) unstable; urgency=low * Removing cdbs references and bumping package to debhelper 7 * Updated Standards-Version to 3.8.0.1 * Changed VCS information from upstream VCS to my account in Alioth * Added DM-Upload-Allowed control field * Added quilt support * Fixed patches headers * Fixed debian-watch-file-should-use-sf-redirector * Rewriting copyright in machine-interpretable format * Newlines in headers break caching (Closes: #504802) * Added libphp-magpierss binary package -- Marcelo Jorge Vieira (metal) Thu, 05 Mar 2009 13:06:12 -0300 magpierss (0.72-5) unstable; urgency=low * Added watch file * Updated Standards-Version to 3.7.3 * Added Homepage, Vcs-Cvs and Vcs-Browser fields in debian/control * Fixed copyright-without-copyright-notice -- Marcelo Jorge Vieira (metal) Tue, 23 Oct 2007 21:50:18 -0200 magpierss (0.72-4) unstable; urgency=low * Fixed libphp-snoopy depends -- Marcelo Jorge Vieira (metal) Mon, 01 Oct 2007 22:30:12 -0300 magpierss (0.72-3) unstable; urgency=low * Use the Snoopy Class as provided by libphp-snoopy rather than shipping our own copy of it (Closes: #431089) * Removed php4 from control depends -- Marcelo Jorge Vieira (metal) Sun, 30 Sep 2007 18:27:47 -0300 magpierss (0.72-2) unstable; urgency=low * Description contains duplicated sentence Closes: #375416 * And use patches instead of, modifying the code directly -- Marcelo Jorge Vieira (metal) Sun, 22 Jun 2006 20:29:33 -0300 magpierss (0.72-1) unstable; urgency=low * Initial release Closes: #365627 -- Marcelo Jorge Vieira (metal) Mon, 1 May 2006 12:21:50 -0300 debian/compat0000644000000000000000000000000211154020607010360 0ustar 7 debian/README.source0000644000000000000000000000350711154020607011346 0ustar This package uses quilt to manage all modifications to the upstream source. Changes are stored in the source package as diffs in debian/patches and applied during the build. To configure quilt to use debian/patches instead of patches, you want either to export QUILT_PATCHES=debian/patches in your environment or use this snippet in your ~/.quiltrc: for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then export QUILT_PATCHES=debian/patches fi done To get the fully patched source after unpacking the source package, cd to the root level of the source package and run: quilt push -a The last patch listed in debian/patches/series will become the current patch. To add a new set of changes, first run quilt push -a, and then run: quilt new where is a descriptive name for the patch, used as the filename in debian/patches. Then, for every file that will be modified by this patch, run: quilt add before editing those files. You must tell quilt with quilt add what files will be part of the patch before making changes or quilt will not work properly. After editing the files, run: quilt refresh to save the results as a patch. Alternately, if you already have an external patch and you just want to add it to the build system, run quilt push -a and then: quilt import -P /path/to/patch quilt push -a (add -p 0 to quilt import if needed). as above is the filename to use in debian/patches. The last quilt push -a will apply the patch to make sure it works properly. To remove an existing patch from the list of patches that will be applied, run: quilt delete You may need to run quilt pop -a to unapply patches first before running this command. debian/watch0000644000000000000000000000007211154020607010212 0ustar version=3 http://sf.net/magpierss/magpierss-(.+)\.tar\.gz debian/copyright0000644000000000000000000000146211154020607011120 0ustar Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=143 Upstream-Name: Magpie RSS Upstream-Source: http://sf.net/magpierss/magpierss-0.72.tar.gz Files: * Copyright: Copyright (c) 2005, Kellan Elliott-McCrea License: GPL-2 Files: extlib/Snoopy.class.inc Copyright: Copyright (c) 1999-2000 ispi, all rights reserved License: LGPL-2.1 Files: debian/* Copyright: Copyright 2006-2009, Marcelo Jorge Vieira (metal) License: GPL-2 License: LGPL-2.1 On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/LGPL-2.1'. License: GPL-2 On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. debian/rules0000755000000000000000000000106411450506102010241 0ustar #!/usr/bin/make -f %: dh $@ override_dh_install: dh_install #This file starts with the #! sequence that marks interpreted scripts, but it is not executable chmod 644 debian/libphp-magpierss/usr/share/php/magpierss/scripts/simple_smarty.php chmod 644 debian/libphp-magpierss/usr/share/php/magpierss/scripts/magpie_slashbox.php chmod 644 debian/libphp-magpierss/usr/share/php/magpierss/scripts/magpie_simple.php chmod 644 debian/libphp-magpierss/usr/share/php/magpierss/scripts/magpie_debug.php override_dh_installchangelogs: dh_installchangelogs ChangeLog debian/patches/0000755000000000000000000000000011526560553010625 5ustar debian/patches/rename_debug_function.patch0000644000000000000000000000403211266147517016171 0ustar --- magpierss.orig/rss_fetch.inc 2009-08-11 17:16:45.000000000 -0300 +++ magpierss/rss_fetch.inc 2009-08-12 10:12:59.000000000 -0300 @@ -117,7 +117,7 @@ $cache = new RSSCache( MAGPIE_CACHE_DIR, MAGPIE_CACHE_AGE ); if (MAGPIE_DEBUG and $cache->ERROR) { - debug($cache->ERROR, E_USER_WARNING); + magpierss_debug($cache->ERROR, E_USER_WARNING); } @@ -142,7 +142,7 @@ // should be cache age $rss->from_cache = 1; if ( MAGPIE_DEBUG > 1) { - debug("MagpieRSS: Cache HIT", E_USER_NOTICE); + magpierss_debug("MagpieRSS: Cache HIT", E_USER_NOTICE); } return $rss; } @@ -165,7 +165,7 @@ if ($resp->status == '304' ) { // we have the most current copy if ( MAGPIE_DEBUG > 1) { - debug("Got 304 for $url"); + magpierss_debug("Got 304 for $url"); } // reset cache on 304 (at minutillo insistent prodding) $cache->set($cache_key, $rss); @@ -175,7 +175,7 @@ $rss = _response_to_rss( $resp ); if ( $rss ) { if (MAGPIE_DEBUG > 1) { - debug("Fetch successful"); + magpierss_debug("Fetch successful"); } // add object to cache $cache->set( $cache_key, $rss ); @@ -207,7 +207,7 @@ // attempt to return cached object if ($rss) { if ( MAGPIE_DEBUG ) { - debug("Returning STALE object for $url"); + magpierss_debug("Returning STALE object for $url"); } return $rss; } @@ -239,7 +239,7 @@ } } -function debug ($debugmsg, $lvl=E_USER_NOTICE) { +function magpierss_debug ($debugmsg, $lvl=E_USER_NOTICE) { trigger_error("MagpieRSS [debug] $debugmsg", $lvl); } debian/patches/series0000644000000000000000000000022011526560553012034 0ustar include_libphp-snoopy.patch rename_debug_function.patch rename_error_function.patch newlines_in_headers_break_caching.patch CVE-2011-0740.patch debian/patches/CVE-2011-0740.patch0000644000000000000000000000124011526560553013231 0ustar --- magpierss-0.72.orig/scripts/magpie_slashbox.php 2011-02-15 18:06:22.000000000 -0200 +++ magpierss-0.72/scripts/magpie_slashbox.php 2011-02-15 18:10:32.000000000 -0200 @@ -3,7 +3,7 @@ define('MAGPIE_DIR', '../'); require_once(MAGPIE_DIR.'rss_fetch.inc'); -$url = $_GET['rss_url']; +$url = htmlspecialchars($_GET['rss_url']); ?> --- magpierss-0.72.orig/scripts/simple_smarty.php 2011-02-15 18:23:35.000000000 -0200 +++ magpierss-0.72/scripts/simple_smarty.php 2011-02-15 18:23:07.000000000 -0200 @@ -31,7 +31,7 @@ $smarty->compile_check = true; // url of an rss file -$url = $_GET['rss_url']; +$url = htmlspecialchars($_GET['rss_url']); if ( $url ) { debian/patches/newlines_in_headers_break_caching.patch0000644000000000000000000000301711154020607020460 0ustar Index: magpierss/rss_fetch.inc =================================================================== --- magpierss.orig/rss_fetch.inc 2009-03-04 22:21:43.000000000 -0300 +++ magpierss/rss_fetch.inc 2009-03-04 22:22:24.000000000 -0300 @@ -153,7 +153,7 @@ // setup headers if ( $cache_status == 'STALE' ) { $rss = $cache->get( $cache_key ); - if ( $rss and $rss->etag and $rss->last_modified ) { + if ( $rss and !empty($rss->etag) and !empty($rss->last_modified) ) { // moodle fixes $request_headers['If-None-Match'] = $rss->etag; $request_headers['If-Last-Modified'] = $rss->last_modified; } @@ -301,14 +301,15 @@ $field = $h; $val = ""; } - - if ( $field == 'ETag' ) { - $rss->etag = $val; +// start of moodle modification + if ( strtolower($field) == 'etag' ) { // field names are case insensitive - sites are sending Etag, ETag, etc. + $rss->etag = rtrim($val); // trailing newline problem discovered by Matthew Bockol } - if ( $field == 'Last-Modified' ) { - $rss->last_modified = $val; + if ( strtolower($field) == 'last-modified' ) { // field names are case insensitive + $rss->last_modified = rtrim($val); // we do not want any whitespace after it } +// end of moodle modification } return $rss; debian/patches/include_libphp-snoopy.patch0000644000000000000000000000074211266147517016161 0ustar --- magpierss.orig/rss_fetch.inc 2009-08-11 17:16:45.000000000 -0300 +++ magpierss/rss_fetch.inc 2009-08-11 21:52:16.000000000 -0300 @@ -31,9 +31,7 @@ require_once( MAGPIE_DIR . 'rss_cache.inc' ); // for including 3rd party libraries -define('MAGPIE_EXTLIB', MAGPIE_DIR . 'extlib' . DIR_SEP); -require_once( MAGPIE_EXTLIB . 'Snoopy.class.inc'); - +require_once('/usr/share/php/libphp-snoopy/Snoopy.class.php'); /* * CONSTANTS - redefine these in your script to change the debian/patches/rename_error_function.patch0000644000000000000000000000260511266147517016240 0ustar --- magpierss.orig/rss_fetch.inc 2009-08-11 17:16:45.000000000 -0300 +++ magpierss/rss_fetch.inc 2009-08-12 09:53:49.000000000 -0300 @@ -90,7 +90,7 @@ init(); if ( !isset($url) ) { - error("fetch_rss called without a url"); + magpierss_error("fetch_rss called without a url"); return false; } @@ -102,7 +102,7 @@ return _response_to_rss( $resp ); } else { - error("Failed to fetch $url and cache is off"); + magpierss_error("Failed to fetch $url and cache is off"); return false; } } @@ -213,7 +213,7 @@ } // else we totally failed - error( $errormsg ); + magpierss_error( $errormsg ); return false; @@ -225,7 +225,7 @@ Purpose: set MAGPIE_ERROR, and trigger error \*=======================================================================*/ -function error ($errormsg, $lvl=E_USER_WARNING) { +function magpierss_error ($errormsg, $lvl=E_USER_WARNING) { global $MAGPIE_ERROR; // append PHP's error message if track_errors enabled @@ -319,7 +319,7 @@ if ($rss) { $errormsg .= " (" . $rss->ERROR . ")"; } - error($errormsg); + magpierss_error($errormsg); return false; } // end if ($rss and !$rss->error)