This commit is contained in:
parent
59486d5449
commit
0cc66eb626
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:6ab0f5f2cf04e663a7df872edc34e2419e3a12d8edbd58d4785159e381c6f51e
|
||||
size 566067
|
3
neon-0.26.3.tar.bz2
Normal file
3
neon-0.26.3.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9894b2a442c4bd600eceeb2b1918293b1d8271c1a09f0f4bf63fb2515fcca10e
|
||||
size 576215
|
11
neon.changes
11
neon.changes
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 24 13:56:36 CET 2007 - prusnak@suse.cz
|
||||
|
||||
- update to 0.26.3
|
||||
* build fix for platforms without libintl.h
|
||||
* use Libs.private in neon.pc for newer versions of pkg-config
|
||||
* fix error reported for LOCK responses lacking a Lock-Token header
|
||||
* security fix CVE-2007-0157: fix buffer under-read in URI parser
|
||||
* fix handling of "nextnonce" parameter in Digest authentication
|
||||
- drop obsoleted patch from Jan 15 (included in update)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 15 14:53:06 CET 2007 - olh@suse.de
|
||||
|
||||
|
16
neon.spec
16
neon.spec
@ -1,5 +1,5 @@
|
||||
#
|
||||
# spec file for package neon (Version 0.26.1)
|
||||
# spec file for package neon (Version 0.26.3)
|
||||
#
|
||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
@ -13,14 +13,13 @@
|
||||
Name: neon
|
||||
BuildRequires: expat openssl-devel
|
||||
Summary: An HTTP and WebDAV Client Library
|
||||
Version: 0.26.1
|
||||
Release: 26
|
||||
Version: 0.26.3
|
||||
Release: 1
|
||||
License: GNU General Public License (GPL)
|
||||
Group: Development/Libraries/Other
|
||||
URL: http://www.webdav.org/neon
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Source: http://www.webdav.org/neon/neon-%{version}.tar.bz2
|
||||
Patch1: neon.uri_lookup.patch
|
||||
|
||||
%description
|
||||
neon is an HTTP and WebDAV client library with a C interface.
|
||||
@ -71,7 +70,6 @@ Authors:
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
rm -f aclocal.m4 ltmain.sh
|
||||
@ -120,6 +118,14 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/pkgconfig/neon.pc
|
||||
|
||||
%changelog -n neon
|
||||
* Wed Jan 24 2007 - prusnak@suse.cz
|
||||
- update to 0.26.3
|
||||
* build fix for platforms without libintl.h
|
||||
* use Libs.private in neon.pc for newer versions of pkg-config
|
||||
* fix error reported for LOCK responses lacking a Lock-Token header
|
||||
* security fix CVE-2007-0157: fix buffer under-read in URI parser
|
||||
* fix handling of "nextnonce" parameter in Digest authentication
|
||||
- drop obsoleted patch from Jan 15 (included in update)
|
||||
* Mon Jan 15 2007 - olh@suse.de
|
||||
- do not cast char pointers into int pointers (CVE-2007-0157 / #235083)
|
||||
* Thu Jul 20 2006 - olh@suse.de
|
||||
|
@ -1,22 +0,0 @@
|
||||
CVE-2007-0157
|
||||
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723
|
||||
|
||||
do not cast char pointers to int pointers
|
||||
|
||||
---
|
||||
src/ne_uri.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: neon-0.26.1/src/ne_uri.c
|
||||
===================================================================
|
||||
--- neon-0.26.1.orig/src/ne_uri.c
|
||||
+++ neon-0.26.1/src/ne_uri.c
|
||||
@@ -110,7 +110,7 @@ static const unsigned int uri_chars[256]
|
||||
/* Fx */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT
|
||||
};
|
||||
|
||||
-#define uri_lookup(ch) (uri_chars[(unsigned)ch])
|
||||
+#define uri_lookup(ch) (uri_chars[(unsigned char)ch])
|
||||
|
||||
char *ne_path_parent(const char *uri)
|
||||
{
|
Loading…
Reference in New Issue
Block a user