OBS User unknown 2007-01-24 13:40:46 +00:00 committed by Git OBS Bridge
parent 59486d5449
commit 0cc66eb626
5 changed files with 25 additions and 30 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6ab0f5f2cf04e663a7df872edc34e2419e3a12d8edbd58d4785159e381c6f51e
size 566067

3
neon-0.26.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9894b2a442c4bd600eceeb2b1918293b1d8271c1a09f0f4bf63fb2515fcca10e
size 576215

View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Wed Jan 24 13:56:36 CET 2007 - prusnak@suse.cz
- update to 0.26.3
* build fix for platforms without libintl.h
* use Libs.private in neon.pc for newer versions of pkg-config
* fix error reported for LOCK responses lacking a Lock-Token header
* security fix CVE-2007-0157: fix buffer under-read in URI parser
* fix handling of "nextnonce" parameter in Digest authentication
- drop obsoleted patch from Jan 15 (included in update)
-------------------------------------------------------------------
Mon Jan 15 14:53:06 CET 2007 - olh@suse.de

View File

@ -1,5 +1,5 @@
#
# spec file for package neon (Version 0.26.1)
# spec file for package neon (Version 0.26.3)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -13,14 +13,13 @@
Name: neon
BuildRequires: expat openssl-devel
Summary: An HTTP and WebDAV Client Library
Version: 0.26.1
Release: 26
Version: 0.26.3
Release: 1
License: GNU General Public License (GPL)
Group: Development/Libraries/Other
URL: http://www.webdav.org/neon
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source: http://www.webdav.org/neon/neon-%{version}.tar.bz2
Patch1: neon.uri_lookup.patch
%description
neon is an HTTP and WebDAV client library with a C interface.
@ -71,7 +70,6 @@ Authors:
%prep
%setup -q
%patch1 -p1
%build
rm -f aclocal.m4 ltmain.sh
@ -120,6 +118,14 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/pkgconfig/neon.pc
%changelog -n neon
* Wed Jan 24 2007 - prusnak@suse.cz
- update to 0.26.3
* build fix for platforms without libintl.h
* use Libs.private in neon.pc for newer versions of pkg-config
* fix error reported for LOCK responses lacking a Lock-Token header
* security fix CVE-2007-0157: fix buffer under-read in URI parser
* fix handling of "nextnonce" parameter in Digest authentication
- drop obsoleted patch from Jan 15 (included in update)
* Mon Jan 15 2007 - olh@suse.de
- do not cast char pointers into int pointers (CVE-2007-0157 / #235083)
* Thu Jul 20 2006 - olh@suse.de

View File

@ -1,22 +0,0 @@
CVE-2007-0157
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723
do not cast char pointers to int pointers
---
src/ne_uri.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: neon-0.26.1/src/ne_uri.c
===================================================================
--- neon-0.26.1.orig/src/ne_uri.c
+++ neon-0.26.1/src/ne_uri.c
@@ -110,7 +110,7 @@ static const unsigned int uri_chars[256]
/* Fx */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT
};
-#define uri_lookup(ch) (uri_chars[(unsigned)ch])
+#define uri_lookup(ch) (uri_chars[(unsigned char)ch])
char *ne_path_parent(const char *uri)
{