commit 59486d5449fe92093446c4cc33b6b382497fbfcfe0410f5f27e4af5283848e51 Author: OBS User unknown <null@suse.de> Date: Mon Jan 15 14:26:08 2007 +0000 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/neon?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/neon-0.26.1.tar.bz2 b/neon-0.26.1.tar.bz2 new file mode 100644 index 0000000..72a1a9c --- /dev/null +++ b/neon-0.26.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6ab0f5f2cf04e663a7df872edc34e2419e3a12d8edbd58d4785159e381c6f51e +size 566067 diff --git a/neon.changes b/neon.changes new file mode 100644 index 0000000..9a6b4bb --- /dev/null +++ b/neon.changes @@ -0,0 +1,147 @@ +------------------------------------------------------------------- +Mon Jan 15 14:53:06 CET 2007 - olh@suse.de + +- do not cast char pointers into int pointers (CVE-2007-0157 / #235083) + +------------------------------------------------------------------- +Thu Jul 20 20:30:40 CEST 2006 - olh@suse.de + +- update to 0.26.1 + new API +- neon-devel requires openssl-devel zlib-devel expat + +------------------------------------------------------------------- +Wed Jan 25 21:38:35 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jun 29 21:27:13 CEST 2005 - olh@suse.de + +- build with expat instead of libxml2, should speed up svn checkout + of large files (#94606) + +------------------------------------------------------------------- +Wed Feb 2 16:32:10 CET 2005 - meissner@suse.de + +- fix build with gcc4, added 2 sentinel mark ups. + +------------------------------------------------------------------- +Sun Oct 17 11:50:41 CEST 2004 - olh@suse.de + +- remove .so link from main package, its already in -devel + +------------------------------------------------------------------- +Sat Sep 25 11:35:07 CEST 2004 - olh@suse.de + +- update for gcc4, -Wimplicit-prototypes and inline + +------------------------------------------------------------------- +Tue Jul 6 08:20:45 CEST 2004 - olh@suse.de + +- update to 0.24.7 + +------------------------------------------------------------------- +Sun May 9 17:39:21 CEST 2004 - olh@suse.de + +- add neon-CAN-2004-0398.patch (#39774) + +------------------------------------------------------------------- +Thu Apr 1 13:18:41 CEST 2004 - olh@suse.de + +- add CAN-2004-0179.diff (#37716) + +------------------------------------------------------------------- +Thu Jan 22 18:41:36 CET 2004 - olh@suse.de + +- update for gcc3.4, -Wimplicit-prototypes and inline + +------------------------------------------------------------------- +Sat Jan 10 19:16:34 CET 2004 - adrian@suse.de + +- add %defattr and %run_ldconfig + +------------------------------------------------------------------- +Fri Nov 28 13:12:25 CET 2003 - mcihar@suse.cz + +- updated to 0.24.4, some highlights: + * Major changes to XML interface + * Major changes to SSL interface + * Add a pkg-config file + * Tons of fixes + +------------------------------------------------------------------- +Wed Apr 23 23:37:16 CEST 2003 - olh@suse.de + +- update to 0.23.9 + Changes in release 0.23.9: + * neon-config exports includes needed for OpenSSL given by + pkg-config. + * ne_redirect_location will return NULL if redirect hooks have + not been registered for the session (Ralf Mattes <rm@fabula.de>). + Changes in release 0.23.8: + * On Linux, skip slow lookup for IPv6 addresses when IPv6 support + is not loaded in kernel (thanks to Daniel Stenberg for this + technique). + * Update to autoconf 2.57 and libtool 1.4.3. + +------------------------------------------------------------------- +Sat Mar 1 09:37:43 CET 2003 - olh@suse.de + +- apply security fix from 0.23.8 + * SECURITY: Prevent control characters from being included in the + reason_phrase field filled in by ne_parse_statusline(), and in + the session error string. + * Fix digest auth response verification for >9 responses in session + (bug manifests as "Server was not authenticated correctly" error). + +------------------------------------------------------------------- +Tue Jan 28 10:20:13 CET 2003 - olh@suse.de + +- update to 0.23.7 + Changes in release 0.23.7: + * Fix for handling EINTR during write() call (Sergey N Ushakov). + * When available, use pkg-config to determine compiler flags + needed to use OpenSSL headers and libraries. + +------------------------------------------------------------------- +Tue Jan 21 12:55:54 CET 2003 - olh@suse.de + +- update to 0.23.6 + +------------------------------------------------------------------- +Sat Oct 12 13:18:20 CEST 2002 - olh@suse.de + +- update to 0.23.5 + move interface documentation to -devel + +------------------------------------------------------------------- +Thu Sep 19 13:47:05 CEST 2002 - olh@suse.de + +- update to 0.23.4, enable build with -g + +------------------------------------------------------------------- +Sat Aug 31 13:01:58 CEST 2002 - poeml@suse.de + +- update to 0.22.0, needed by subversion + +------------------------------------------------------------------- +Fri Aug 9 19:27:15 CEST 2002 - olh@suse.de + +- devel requires base package + +------------------------------------------------------------------- +Fri Jul 26 23:18:22 CEST 2002 - adrian@suse.de + +- fix neededforbuild + +------------------------------------------------------------------- +Sun Jun 23 16:15:37 CEST 2002 - olh@suse.de + +- update to 0.21.3 + +------------------------------------------------------------------- +Sat May 4 12:57:56 CEST 2002 - olh@suse.de + +- initial SuSE package, version 0.20.0 + diff --git a/neon.spec b/neon.spec new file mode 100644 index 0000000..62872cf --- /dev/null +++ b/neon.spec @@ -0,0 +1,197 @@ +# +# spec file for package neon (Version 0.26.1) +# +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: neon +BuildRequires: expat openssl-devel +Summary: An HTTP and WebDAV Client Library +Version: 0.26.1 +Release: 26 +License: GNU General Public License (GPL) +Group: Development/Libraries/Other +URL: http://www.webdav.org/neon +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Source: http://www.webdav.org/neon/neon-%{version}.tar.bz2 +Patch1: neon.uri_lookup.patch + +%description +neon is an HTTP and WebDAV client library with a C interface. + Featuring: * High-level interface to HTTP and WebDAV methods + (PUT, GET, HEAD, etc.) + +* Low-level interface to HTTP request handling to allow implementing + new methods easily + +* HTTP/1.1 and HTTP/1.0 persistent connections + +* RFC2617 basic and digest authentication (including auth-int, + md5-sess) + +* Proxy support (including basic/digest authentication) + +* Generic WebDAV 207 XML response handling mechanism + +* XML parsing using the expat or libxml parsers + +* Easy generation of error messages from 207 error responses + +* WebDAV resource manipulation: MOVE, COPY, DELETE, MKCOL + +* WebDAV metadata support: set and remove properties, query any set of +properties (PROPPATCH/PROPFIND) + + + +Authors: +-------- + Joe Orton <joe@manyfish.co.uk> + +%package devel +Summary: Static Libraries and header files for neon +Group: Development/Libraries/Other +Requires: %{name} = %{version} +Requires: openssl-devel zlib-devel expat + +%description devel +Static libraries and C header files for the neon library. + + + +Authors: +-------- + Joe Orton <joe@manyfish.co.uk> + +%prep +%setup -q +%patch1 -p1 + +%build +rm -f aclocal.m4 ltmain.sh +sh autogen.sh +CFLAGS="$RPM_OPT_FLAGS -g -Wall" \ +./configure --prefix=/usr \ + --sysconfdir=/etc \ + --libdir=%{_libdir} \ + --mandir=%{_mandir} \ + --infodir=%{_infodir} \ + --with-ssl \ + --disable-nls \ + --enable-shared \ + --enable-warnings +make %{?jobs:-j%jobs} + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/usr +make DESTDIR=$RPM_BUILD_ROOT docdir=%{_defaultdocdir}/neon install install-man install-html + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +%run_ldconfig + +%postun +%run_ldconfig + +%files +%defattr(-,root,root) +%doc AUTHORS BUGS ChangeLog NEWS README THANKS TODO +%{_libdir}/*.so.* + +%files devel +%defattr(-,root,root) +%doc doc/*.txt doc/html +%defattr(-,root,root) +/usr/bin/neon-config +/usr/include/neon +%{_mandir}/*/* +%{_libdir}/*.a +%{_libdir}/*.la +%{_libdir}/*.so +%{_libdir}/pkgconfig/neon.pc + +%changelog -n neon +* Mon Jan 15 2007 - olh@suse.de +- do not cast char pointers into int pointers (CVE-2007-0157 / #235083) +* Thu Jul 20 2006 - olh@suse.de +- update to 0.26.1 + new API +- neon-devel requires openssl-devel zlib-devel expat +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Wed Jun 29 2005 - olh@suse.de +- build with expat instead of libxml2, should speed up svn checkout + of large files (#94606) +* Wed Feb 02 2005 - meissner@suse.de +- fix build with gcc4, added 2 sentinel mark ups. +* Sun Oct 17 2004 - olh@suse.de +- remove .so link from main package, its already in -devel +* Sat Sep 25 2004 - olh@suse.de +- update for gcc4, -Wimplicit-prototypes and inline +* Tue Jul 06 2004 - olh@suse.de +- update to 0.24.7 +* Sun May 09 2004 - olh@suse.de +- add neon-CAN-2004-0398.patch (#39774) +* Thu Apr 01 2004 - olh@suse.de +- add CAN-2004-0179.diff (#37716) +* Thu Jan 22 2004 - olh@suse.de +- update for gcc3.4, -Wimplicit-prototypes and inline +* Sat Jan 10 2004 - adrian@suse.de +- add %%defattr and %%run_ldconfig +* Fri Nov 28 2003 - mcihar@suse.cz +- updated to 0.24.4, some highlights: + * Major changes to XML interface + * Major changes to SSL interface + * Add a pkg-config file + * Tons of fixes +* Wed Apr 23 2003 - olh@suse.de +- update to 0.23.9 + Changes in release 0.23.9: + * neon-config exports includes needed for OpenSSL given by + pkg-config. + * ne_redirect_location will return NULL if redirect hooks have + not been registered for the session (Ralf Mattes <rm@fabula.de>). + Changes in release 0.23.8: + * On Linux, skip slow lookup for IPv6 addresses when IPv6 support + is not loaded in kernel (thanks to Daniel Stenberg for this + technique). + * Update to autoconf 2.57 and libtool 1.4.3. +* Sat Mar 01 2003 - olh@suse.de +- apply security fix from 0.23.8 + * SECURITY: Prevent control characters from being included in the + reason_phrase field filled in by ne_parse_statusline(), and in + the session error string. + * Fix digest auth response verification for >9 responses in session + (bug manifests as "Server was not authenticated correctly" error). +* Tue Jan 28 2003 - olh@suse.de +- update to 0.23.7 + Changes in release 0.23.7: + * Fix for handling EINTR during write() call (Sergey N Ushakov). + * When available, use pkg-config to determine compiler flags + needed to use OpenSSL headers and libraries. +* Tue Jan 21 2003 - olh@suse.de +- update to 0.23.6 +* Sat Oct 12 2002 - olh@suse.de +- update to 0.23.5 + move interface documentation to -devel +* Thu Sep 19 2002 - olh@suse.de +- update to 0.23.4, enable build with -g +* Sat Aug 31 2002 - poeml@suse.de +- update to 0.22.0, needed by subversion +* Fri Aug 09 2002 - olh@suse.de +- devel requires base package +* Fri Jul 26 2002 - adrian@suse.de +- fix neededforbuild +* Sun Jun 23 2002 - olh@suse.de +- update to 0.21.3 +* Sat May 04 2002 - olh@suse.de +- initial SuSE package, version 0.20.0 diff --git a/neon.uri_lookup.patch b/neon.uri_lookup.patch new file mode 100644 index 0000000..34789fd --- /dev/null +++ b/neon.uri_lookup.patch @@ -0,0 +1,22 @@ +CVE-2007-0157 +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723 + +do not cast char pointers to int pointers + +--- + src/ne_uri.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: neon-0.26.1/src/ne_uri.c +=================================================================== +--- neon-0.26.1.orig/src/ne_uri.c ++++ neon-0.26.1/src/ne_uri.c +@@ -110,7 +110,7 @@ static const unsigned int uri_chars[256] + /* Fx */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT + }; + +-#define uri_lookup(ch) (uri_chars[(unsigned)ch]) ++#define uri_lookup(ch) (uri_chars[(unsigned char)ch]) + + char *ne_path_parent(const char *uri) + { diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4