diff --git a/neon-0.26.1.tar.bz2 b/neon-0.26.1.tar.bz2 deleted file mode 100644 index 72a1a9c..0000000 --- a/neon-0.26.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6ab0f5f2cf04e663a7df872edc34e2419e3a12d8edbd58d4785159e381c6f51e -size 566067 diff --git a/neon-0.26.3.tar.bz2 b/neon-0.26.3.tar.bz2 new file mode 100644 index 0000000..fbe0a4b --- /dev/null +++ b/neon-0.26.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9894b2a442c4bd600eceeb2b1918293b1d8271c1a09f0f4bf63fb2515fcca10e +size 576215 diff --git a/neon.changes b/neon.changes index 9a6b4bb..d304edf 100644 --- a/neon.changes +++ b/neon.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Jan 24 13:56:36 CET 2007 - prusnak@suse.cz + +- update to 0.26.3 + * build fix for platforms without libintl.h + * use Libs.private in neon.pc for newer versions of pkg-config + * fix error reported for LOCK responses lacking a Lock-Token header + * security fix CVE-2007-0157: fix buffer under-read in URI parser + * fix handling of "nextnonce" parameter in Digest authentication +- drop obsoleted patch from Jan 15 (included in update) + ------------------------------------------------------------------- Mon Jan 15 14:53:06 CET 2007 - olh@suse.de diff --git a/neon.spec b/neon.spec index 62872cf..5464567 100644 --- a/neon.spec +++ b/neon.spec @@ -1,5 +1,5 @@ # -# spec file for package neon (Version 0.26.1) +# spec file for package neon (Version 0.26.3) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -13,14 +13,13 @@ Name: neon BuildRequires: expat openssl-devel Summary: An HTTP and WebDAV Client Library -Version: 0.26.1 -Release: 26 +Version: 0.26.3 +Release: 1 License: GNU General Public License (GPL) Group: Development/Libraries/Other URL: http://www.webdav.org/neon BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: http://www.webdav.org/neon/neon-%{version}.tar.bz2 -Patch1: neon.uri_lookup.patch %description neon is an HTTP and WebDAV client library with a C interface. @@ -71,7 +70,6 @@ Authors: %prep %setup -q -%patch1 -p1 %build rm -f aclocal.m4 ltmain.sh @@ -120,6 +118,14 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/neon.pc %changelog -n neon +* Wed Jan 24 2007 - prusnak@suse.cz +- update to 0.26.3 + * build fix for platforms without libintl.h + * use Libs.private in neon.pc for newer versions of pkg-config + * fix error reported for LOCK responses lacking a Lock-Token header + * security fix CVE-2007-0157: fix buffer under-read in URI parser + * fix handling of "nextnonce" parameter in Digest authentication +- drop obsoleted patch from Jan 15 (included in update) * Mon Jan 15 2007 - olh@suse.de - do not cast char pointers into int pointers (CVE-2007-0157 / #235083) * Thu Jul 20 2006 - olh@suse.de diff --git a/neon.uri_lookup.patch b/neon.uri_lookup.patch deleted file mode 100644 index 34789fd..0000000 --- a/neon.uri_lookup.patch +++ /dev/null @@ -1,22 +0,0 @@ -CVE-2007-0157 -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723 - -do not cast char pointers to int pointers - ---- - src/ne_uri.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: neon-0.26.1/src/ne_uri.c -=================================================================== ---- neon-0.26.1.orig/src/ne_uri.c -+++ neon-0.26.1/src/ne_uri.c -@@ -110,7 +110,7 @@ static const unsigned int uri_chars[256] - /* Fx */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT - }; - --#define uri_lookup(ch) (uri_chars[(unsigned)ch]) -+#define uri_lookup(ch) (uri_chars[(unsigned char)ch]) - - char *ne_path_parent(const char *uri) - {