Accepting request 20321 from devel:libraries:c_c++
Copy from devel:libraries:c_c++/neon based on submit request 20321 from user prusnak OBS-URL: https://build.opensuse.org/request/show/20321 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/neon?expand=0&rev=20
This commit is contained in:
parent
8589d1e212
commit
95ae26b495
375
neon-0.28.4-CVE-2009-2473,2474.patch
Normal file
375
neon-0.28.4-CVE-2009-2473,2474.patch
Normal file
@ -0,0 +1,375 @@
|
||||
--- src/ne_gnutls.c
|
||||
+++ src/ne_gnutls.c
|
||||
@@ -350,7 +350,7 @@
|
||||
case GNUTLS_SAN_DNSNAME:
|
||||
name[len] = '\0';
|
||||
if (identity && !found) *identity = ne_strdup(name);
|
||||
- match = ne__ssl_match_hostname(name, hostname);
|
||||
+ match = ne__ssl_match_hostname(name, len, hostname);
|
||||
found = 1;
|
||||
break;
|
||||
case GNUTLS_SAN_IPADDRESS: {
|
||||
@@ -419,7 +419,7 @@
|
||||
seq, 0, name, &len);
|
||||
if (ret == 0) {
|
||||
if (identity) *identity = ne_strdup(name);
|
||||
- match = ne__ssl_match_hostname(name, hostname);
|
||||
+ match = ne__ssl_match_hostname(name, len, hostname);
|
||||
}
|
||||
} else {
|
||||
return -1;
|
||||
--- src/ne_openssl.c
|
||||
+++ src/ne_openssl.c
|
||||
@@ -92,10 +92,16 @@
|
||||
int len;
|
||||
|
||||
switch (str->type) {
|
||||
- case V_ASN1_UTF8STRING:
|
||||
case V_ASN1_IA5STRING: /* definitely ASCII */
|
||||
case V_ASN1_VISIBLESTRING: /* probably ASCII */
|
||||
case V_ASN1_PRINTABLESTRING: /* subset of ASCII */
|
||||
+ ne__buffer_qappend(buf, str->data, str->length);
|
||||
+ break;
|
||||
+ case V_ASN1_UTF8STRING:
|
||||
+ /* Fail for embedded NUL bytes. */
|
||||
+ if (strlen((char *)str->data) != (size_t)str->length) {
|
||||
+ return -1;
|
||||
+ }
|
||||
ne_buffer_append(buf, (char *)str->data, str->length);
|
||||
break;
|
||||
case V_ASN1_UNIVERSALSTRING:
|
||||
@@ -103,8 +109,15 @@
|
||||
case V_ASN1_BMPSTRING:
|
||||
len = ASN1_STRING_to_UTF8(&tmp, str);
|
||||
if (len > 0) {
|
||||
- ne_buffer_append(buf, (char *)tmp, len);
|
||||
- OPENSSL_free(tmp);
|
||||
+ /* Fail if there were embedded NUL bytes. */
|
||||
+ if (strlen((char *)tmp) != (size_t)len) {
|
||||
+ OPENSSL_free(tmp);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ else {
|
||||
+ ne_buffer_append(buf, (char *)tmp, len);
|
||||
+ OPENSSL_free(tmp);
|
||||
+ }
|
||||
break;
|
||||
} else {
|
||||
ERR_clear_error();
|
||||
@@ -119,13 +132,11 @@
|
||||
return 0;
|
||||
}
|
||||
|
||||
-/* Returns a malloc-allocate version of IA5 string AS. Really only
|
||||
- * here to prevent char * vs unsigned char * type mismatches without
|
||||
- * losing all hope at type-safety. */
|
||||
+/* Returns a malloc-allocated version of IA5 string AS, escaped for
|
||||
+ * safety. */
|
||||
static char *dup_ia5string(const ASN1_IA5STRING *as)
|
||||
{
|
||||
- unsigned char *data = as->data;
|
||||
- return ne_strndup((char *)data, as->length);
|
||||
+ return ne__strnqdup(as->data, as->length);
|
||||
}
|
||||
|
||||
char *ne_ssl_readable_dname(const ne_ssl_dname *name)
|
||||
@@ -236,7 +247,7 @@
|
||||
if (nm->type == GEN_DNS) {
|
||||
char *name = dup_ia5string(nm->d.ia5);
|
||||
if (identity && !found) *identity = ne_strdup(name);
|
||||
- match = ne__ssl_match_hostname(name, hostname);
|
||||
+ match = ne__ssl_match_hostname(name, strlen(name), hostname);
|
||||
ne_free(name);
|
||||
found = 1;
|
||||
}
|
||||
@@ -320,7 +331,7 @@
|
||||
return -1;
|
||||
}
|
||||
if (identity) *identity = ne_strdup(cname->data);
|
||||
- match = ne__ssl_match_hostname(cname->data, hostname);
|
||||
+ match = ne__ssl_match_hostname(cname->data, cname->used - 1, hostname);
|
||||
ne_buffer_destroy(cname);
|
||||
}
|
||||
|
||||
--- src/ne_private.h
|
||||
+++ src/ne_private.h
|
||||
@@ -128,8 +128,17 @@
|
||||
void ne__ssl_set_verify_err(ne_session *sess, int failures);
|
||||
|
||||
/* Return non-zero if hostname from certificate (cn) matches hostname
|
||||
- * used for session (hostname); follows RFC2818 logic. cn is modified
|
||||
- * in-place. */
|
||||
-int ne__ssl_match_hostname(char *cn, const char *hostname);
|
||||
+ * used for session (hostname); follows RFC2818 logic. */
|
||||
+int ne__ssl_match_hostname(const char *cn, size_t cnlen, const char *hostname);
|
||||
+
|
||||
+/* Return a malloc-allocated copy of 'data', of length 'len', with all
|
||||
+ * non-ASCII bytes, and ASCII control characters escaped. (Note that
|
||||
+ * the escaping includes the NUL byte). */
|
||||
+char *ne__strnqdup(const unsigned char *data, size_t len);
|
||||
+
|
||||
+/* Append 'len' bytes of 'data' to buf. All non-ASCII bytes, and
|
||||
+ * ASCII control characters, are escaped. (Note that this includes
|
||||
+ * the NUL byte). */
|
||||
+void ne__buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len);
|
||||
|
||||
#endif /* HTTP_PRIVATE_H */
|
||||
--- src/ne_session.c
|
||||
+++ src/ne_session.c
|
||||
@@ -403,24 +403,21 @@
|
||||
|
||||
/* This doesn't actually implement complete RFC 2818 logic; omits
|
||||
* "f*.example.com" support for simplicity. */
|
||||
-int ne__ssl_match_hostname(char *cn, const char *hostname)
|
||||
+int ne__ssl_match_hostname(const char *cn, size_t cnlen, const char *hostname)
|
||||
{
|
||||
const char *dot;
|
||||
|
||||
- dot = strchr(hostname, '.');
|
||||
- if (dot == NULL) {
|
||||
- char *pnt = strchr(cn, '.');
|
||||
- /* hostname is not fully-qualified; unqualify the cn. */
|
||||
- if (pnt != NULL) {
|
||||
- *pnt = '\0';
|
||||
- }
|
||||
- }
|
||||
- else if (strncmp(cn, "*.", 2) == 0) {
|
||||
+ NE_DEBUG(NE_DBG_SSL, "ssl: Match common name '%s' against '%s'\n",
|
||||
+ cn, hostname);
|
||||
+
|
||||
+ if (strncmp(cn, "*.", 2) == 0 && cnlen > 2
|
||||
+ && (dot = strchr(hostname, '.')) != NULL) {
|
||||
hostname = dot + 1;
|
||||
cn += 2;
|
||||
+ cnlen -= 2;
|
||||
}
|
||||
|
||||
- return !ne_strcasecmp(cn, hostname);
|
||||
+ return cnlen == strlen(hostname) && !ne_strcasecmp(cn, hostname);
|
||||
}
|
||||
|
||||
#endif /* NE_HAVE_SSL */
|
||||
--- src/ne_socket.c
|
||||
+++ src/ne_socket.c
|
||||
@@ -1261,6 +1261,7 @@
|
||||
ne_inet_addr *ne_sock_peer(ne_socket *sock, unsigned int *port)
|
||||
{
|
||||
union saun {
|
||||
+ struct sockaddr sa;
|
||||
struct sockaddr_in sin;
|
||||
#if defined(USE_GETADDRINFO) && defined(AF_INET6)
|
||||
struct sockaddr_in6 sin6;
|
||||
@@ -1287,13 +1288,13 @@
|
||||
ia->ai_addr = ne_malloc(sizeof *ia);
|
||||
ia->ai_addrlen = len;
|
||||
memcpy(ia->ai_addr, sad, len);
|
||||
- ia->ai_family = sad->sa_family;
|
||||
+ ia->ai_family = saun.sa.sa_family;
|
||||
#else
|
||||
memcpy(ia, &saun.sin.sin_addr.s_addr, sizeof *ia);
|
||||
#endif
|
||||
|
||||
#if defined(USE_GETADDRINFO) && defined(AF_INET6)
|
||||
- *port = ntohs(sad->sa_family == AF_INET ?
|
||||
+ *port = ntohs(saun.sa.sa_family == AF_INET ?
|
||||
saun.sin.sin_port : saun.sin6.sin6_port);
|
||||
#else
|
||||
*port = ntohs(saun.sin.sin_port);
|
||||
--- src/ne_string.c
|
||||
+++ src/ne_string.c
|
||||
@@ -38,6 +38,8 @@
|
||||
|
||||
#include "ne_alloc.h"
|
||||
#include "ne_string.h"
|
||||
+/* hack for 0.28.x backport of ne_strnqdup, ne_buffer_qappend */
|
||||
+#include "ne_private.h"
|
||||
|
||||
char *ne_token(char **str, char separator)
|
||||
{
|
||||
@@ -252,6 +254,98 @@
|
||||
buf->used = strlen(buf->data) + 1;
|
||||
}
|
||||
|
||||
+
|
||||
+/* ascii_quote[n] gives the number of bytes needed by
|
||||
+ * ne_buffer_qappend() to append character 'n'. */
|
||||
+static const unsigned char ascii_quote[256] = {
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
|
||||
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 4,
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
|
||||
+ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4
|
||||
+};
|
||||
+
|
||||
+static const char hex_chars[16] = "0123456789ABCDEF";
|
||||
+
|
||||
+/* Return the expected number of bytes needed to append the string
|
||||
+ * beginning at byte 's', where 'send' points to the last byte after
|
||||
+ * 's'. */
|
||||
+static size_t qappend_count(const unsigned char *s, const unsigned char *send)
|
||||
+{
|
||||
+ const unsigned char *p;
|
||||
+ size_t ret;
|
||||
+
|
||||
+ for (p = s, ret = 0; p < send; p++) {
|
||||
+ ret += ascii_quote[*p];
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+/* Append the string 's', up to but not including 'send', to string
|
||||
+ * 'dest', quoting along the way. Returns pointer to NUL. */
|
||||
+static char *quoted_append(char *dest, const unsigned char *s,
|
||||
+ const unsigned char *send)
|
||||
+{
|
||||
+ const unsigned char *p;
|
||||
+ char *q = dest;
|
||||
+
|
||||
+ for (p = s; p < send; p++) {
|
||||
+ if (ascii_quote[*p] == 1) {
|
||||
+ *q++ = *p;
|
||||
+ }
|
||||
+ else {
|
||||
+ *q++ = '\\';
|
||||
+ *q++ = 'x';
|
||||
+ *q++ = hex_chars[(*p >> 4) & 0x0f];
|
||||
+ *q++ = hex_chars[*p & 0x0f];
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* NUL terminate after the last character */
|
||||
+ *q = '\0';
|
||||
+
|
||||
+ return q;
|
||||
+}
|
||||
+
|
||||
+void ne__buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len)
|
||||
+{
|
||||
+ const unsigned char *dend = data + len;
|
||||
+ char *q, *qs;
|
||||
+
|
||||
+ ne_buffer_grow(buf, buf->used + qappend_count(data, dend));
|
||||
+
|
||||
+ /* buf->used >= 1, so this is safe. */
|
||||
+ qs = buf->data + buf->used - 1;
|
||||
+
|
||||
+ q = quoted_append(qs, data, dend);
|
||||
+
|
||||
+ /* used already accounts for a NUL, so increment by number of
|
||||
+ * characters appended, *before* the NUL. */
|
||||
+ buf->used += q - qs;
|
||||
+}
|
||||
+
|
||||
+char *ne__strnqdup(const unsigned char *data, size_t len)
|
||||
+{
|
||||
+ const unsigned char *dend = data + len;
|
||||
+ char *dest = malloc(qappend_count(data, dend) + 1);
|
||||
+
|
||||
+ quoted_append(dest, data, dend);
|
||||
+
|
||||
+ return dest;
|
||||
+}
|
||||
+
|
||||
static const char b64_alphabet[] =
|
||||
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||
"abcdefghijklmnopqrstuvwxyz"
|
||||
@@ -345,9 +439,9 @@
|
||||
return outp - *out;
|
||||
}
|
||||
|
||||
-/* Character map array; array[n] = isprint(n) ? 0x20 : n. Used by
|
||||
- * ne_strclean as a locale-independent isprint(). */
|
||||
-static const unsigned char ascii_printable[256] = {
|
||||
+/* Character map array; ascii_clean[n] = isprint(n) ? n : 0x20. Used
|
||||
+ * by ne_strclean as a locale-independent isprint(). */
|
||||
+static const unsigned char ascii_clean[256] = {
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
@@ -387,7 +481,7 @@
|
||||
unsigned char *pnt;
|
||||
|
||||
for (pnt = (unsigned char *)str; *pnt; pnt++)
|
||||
- *pnt = (char)ascii_printable[*pnt];
|
||||
+ *pnt = (char)ascii_clean[*pnt];
|
||||
|
||||
return str;
|
||||
}
|
||||
--- src/ne_xml.c
|
||||
+++ src/ne_xml.c
|
||||
@@ -405,6 +405,28 @@
|
||||
destroy_element(elm);
|
||||
}
|
||||
|
||||
+#if defined(HAVE_EXPAT) && XML_MAJOR_VERSION > 1
|
||||
+/* Stop the parser if an entity declaration is hit. */
|
||||
+static void entity_declaration(void *userData, const XML_Char *entityName,
|
||||
+ int is_parameter_entity, const XML_Char *value,
|
||||
+ int value_length, const XML_Char *base,
|
||||
+ const XML_Char *systemId, const XML_Char *publicId,
|
||||
+ const XML_Char *notationName)
|
||||
+{
|
||||
+ ne_xml_parser *parser = userData;
|
||||
+
|
||||
+ NE_DEBUG(NE_DBG_XMLPARSE, "XML: entity declaration [%s]. Failing.\n",
|
||||
+ entityName);
|
||||
+
|
||||
+ XML_StopParser(parser->parser, XML_FALSE);
|
||||
+}
|
||||
+#elif defined(HAVE_EXPAT)
|
||||
+/* A noop default_handler. */
|
||||
+static void default_handler(void *userData, const XML_Char *s, int len)
|
||||
+{
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/* Find a namespace definition for 'prefix' in given element, where
|
||||
* length of prefix is 'pfxlen'. Returns the URI or NULL. */
|
||||
static const char *resolve_nspace(const struct element *elm,
|
||||
@@ -459,14 +481,34 @@
|
||||
XML_SetCharacterDataHandler(p->parser, char_data);
|
||||
XML_SetUserData(p->parser, (void *) p);
|
||||
XML_SetXmlDeclHandler(p->parser, decl_handler);
|
||||
+
|
||||
+ /* Prevent the "billion laughs" attack against expat by disabling
|
||||
+ * internal entity expansion. With 2.x, forcibly stop the parser
|
||||
+ * if an entity is declared - this is safer and a more obvious
|
||||
+ * failure mode. With older versions, installing a noop
|
||||
+ * DefaultHandler means that internal entities will be expanded as
|
||||
+ * the empty string, which is also sufficient to prevent the
|
||||
+ * attack. */
|
||||
+#if XML_MAJOR_VERSION > 1
|
||||
+ XML_SetEntityDeclHandler(p->parser, entity_declaration);
|
||||
#else
|
||||
+ XML_SetDefaultHandler(p->parser, default_handler);
|
||||
+#endif
|
||||
+
|
||||
+#else /* HAVE_LIBXML */
|
||||
p->parser = xmlCreatePushParserCtxt(&sax_handler,
|
||||
(void *)p, NULL, 0, NULL);
|
||||
if (p->parser == NULL) {
|
||||
abort();
|
||||
}
|
||||
+#if LIBXML_VERSION < 20602
|
||||
p->parser->replaceEntities = 1;
|
||||
+#else
|
||||
+ /* Enable expansion of entities, and disable network access. */
|
||||
+ xmlCtxtUseOptions(p->parser, XML_PARSE_NOENT | XML_PARSE_NONET);
|
||||
#endif
|
||||
+
|
||||
+#endif /* HAVE_LIBXML || HAVE_EXPAT */
|
||||
return p;
|
||||
}
|
||||
|
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 10 17:07:03 CEST 2009 - prusnak@suse.cz
|
||||
|
||||
- fixed CVE-2009-2473 and CVE-2009-2474 [bnc#528370]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 7 13:47:31 CEST 2009 - prusnak@suse.cz
|
||||
|
||||
|
219
neon.spec
219
neon.spec
@ -22,7 +22,7 @@ Name: neon
|
||||
BuildRequires: krb5-devel libexpat-devel libopenssl-devel zlib-devel
|
||||
Summary: An HTTP and WebDAV Client Library
|
||||
Version: 0.28.4
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: LGPL v2.1 or later
|
||||
# bug437293
|
||||
%ifarch ppc64
|
||||
@ -33,7 +33,8 @@ Group: Development/Libraries/Other
|
||||
Url: http://www.webdav.org/neon
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Source: http://www.webdav.org/neon/neon-%{version}.tar.bz2
|
||||
Patch0: neon-%{version}-bloat.patch
|
||||
Patch0: %{name}-0.28.4-bloat.patch
|
||||
Patch1: %{name}-0.28.4-CVE-2009-2473,2474.patch
|
||||
|
||||
%description
|
||||
neon is an HTTP and WebDAV client library with a C interface.
|
||||
@ -159,6 +160,7 @@ Authors:
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0
|
||||
%patch1
|
||||
|
||||
%build
|
||||
rm -f aclocal.m4 ltmain.sh
|
||||
@ -205,216 +207,3 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/pkgconfig/neon.pc
|
||||
|
||||
%changelog
|
||||
* Thu May 07 2009 prusnak@suse.cz
|
||||
- updated to 0.28.4
|
||||
* GnuTLS support fixes:
|
||||
- fix handling of PKCS#12 client certs with multiple certs or keys
|
||||
- fix crash with OpenPGP certificate
|
||||
- use pkg-config data in configure, in preference to libgnutls-config
|
||||
* Add PKCS#11 support for OpenSSL builds (where pakchois is available)
|
||||
* Fix small memory leak in PKCS#11 code
|
||||
- enabled kerberos support (by adding krb5-devel to BuildRequires)
|
||||
* Wed Jan 07 2009 olh@suse.de
|
||||
- obsolete old -XXbit packages (bnc#437293)
|
||||
* Thu Aug 21 2008 prusnak@suse.cz
|
||||
- updated to 0.28.3
|
||||
* SECURITY (CVE-2008-3746): Fix potential NULL pointer dereference in
|
||||
Digest domain parameter support; could allow a DoS by a malicious server
|
||||
* Fix parsing of *-Authenticate response header with LWS after quoted value
|
||||
* Fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash)
|
||||
* Fix to disable Nagle on Win32 with newer toolchain (thanks to Stefan Küng)
|
||||
* Fix build on Netware (Guenter Knauf)
|
||||
* Document existing ne_uri_parse() API postcondition and ne_uri_resolve()
|
||||
pre/postconditions regarding the ->path field in ne_uri structures
|
||||
* Mark ne_{,buffer_}concat with sentinel attribute for GCC >= 4.
|
||||
* Distinguish the error message for an SSL handshake which fails after a
|
||||
client cert was requested.
|
||||
* Compile with PIC flags by default even for static library builds
|
||||
* Tue Jun 03 2008 coolo@suse.de
|
||||
- require COPYING package
|
||||
* Sun May 18 2008 coolo@suse.de
|
||||
- fix rename of xxbit packages
|
||||
* Thu Apr 10 2008 ro@suse.de
|
||||
- added baselibs.conf file to build xxbit packages
|
||||
for multilib support
|
||||
* Thu Apr 03 2008 prusnak@suse.cz
|
||||
- updated to 0.28.2
|
||||
* Support "Proxy-Connection: Keep-Alive" for compatibility with HTTP/1.0
|
||||
proxies which require persistent connections for NTLM authentication
|
||||
* Fix an fd leak in ne_ssl_{,cli}cert_read (GnuTLS only)
|
||||
* Enable fast initialization in GnuTLS.
|
||||
(changes from 0.28.1)
|
||||
* Fix build on SCO OpenServer 5.0.x (thanks to Nico Kadel-Garcia)
|
||||
* Fix handling of Digest domain parameter values without a trailing slash
|
||||
* Fix build against apr-util's bundled libexpat.la in Subversion
|
||||
* Add --without-pakchois to configure (Arfrever Frehtes Taifersar Arahesis)
|
||||
* zh message catalog renamed to zh_CN, translation updated (Dongsheng Song)
|
||||
- disable make check, does not build on all archs
|
||||
- dropped patch:
|
||||
* digest.patch (included in update)
|
||||
* Mon Mar 03 2008 olh@suse.de
|
||||
- fix bug in digest domain parameter handling to fix svn commit
|
||||
* Thu Feb 28 2008 crrodriguez@suse.de
|
||||
- run the test suite to detect any possible regression
|
||||
* Fri Feb 15 2008 crrodriguez@suse.de
|
||||
- version 0.28.0
|
||||
- Interface changes:
|
||||
* none, API and ABI backwards-compatible with 0.27.x
|
||||
- New interfaces:
|
||||
* ne_pkcs11.h: added basic PKCS#11 support (requires GnuTLS and pakchois)
|
||||
* ne_auth.h: added NE_AUTH_ALL and NE_AUTH_DEFAULT constants
|
||||
* ne_socket.h: added ne_sock_peer(), ne_sock_prebind(), ne_sock_cipher()
|
||||
* ne_session.h: NE_SESSFLAG_TLSSNI flag added; TLS SNI support is enabled by default, where supported; ne_set_localaddr() added
|
||||
* ne_request.h: added close_conn hooks (Robert J. van der Boon)
|
||||
* ne_basic.h: added ne_options2()
|
||||
- Other changes:
|
||||
* add Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
|
||||
* add support for the 'domain' parameter in Digest authentication
|
||||
* fix fd leak in ne_sock_connect() error path (Andrew Teirney)
|
||||
* the FD_CLOEXEC flag is set on socket fds
|
||||
* fix timezone handling in ne_dates for more platforms (Alessandro Vesely)
|
||||
* fix ne_simple_propfind() to print XML namespaces in flat property values
|
||||
* fix ne_get_range() for unspecified end-range case (Henrik Holst)
|
||||
* fix ne_strclean() to be locale-independent and avoid possible Win32 crash
|
||||
* fix ne_get_error() to not "clean" localized error strings
|
||||
* fix ne_ssl_clicert_read() to fail for client certs missing cert or key
|
||||
* Mon Nov 26 2007 crrodriguez@suse.de
|
||||
- version 0.27.2
|
||||
* Fix crash in GSSAPI Negotiate response header verification.
|
||||
- Cleanup excessive dependencies on -devel package.
|
||||
* Fri Oct 12 2007 ro@suse.de
|
||||
- add provides/obsoletes for neon-devel in libneon-devel
|
||||
after package rename
|
||||
* Tue Sep 25 2007 prusnak@suse.cz
|
||||
- update do 0.27.1
|
||||
* New interfaces:
|
||||
- ne_session.h: ne_fill_proxy_uri() retrieves configured proxy,
|
||||
ne_hook_post_headers() adds a hook after response headers are read,
|
||||
ne_set_connect_timeout() sets session connection timeout,
|
||||
NE_SESSFLAG_RFC4918, NE_SESSFLAG_CONNAUTH flags added
|
||||
- ne_socket.h: ne_sock_connect_timeout() sets connection timeout,
|
||||
ne_iaddr_reverse() performs reverse DNS lookup
|
||||
- ne_string.h: ne_buffer_snprintf() prints to a buffer object
|
||||
- ne_xml.h: ne_xml_resolve_nspace() resolves namespace prefixes
|
||||
* Interface changes:
|
||||
- ne_set_notifier() replaces ne_set_status(); finer-grained and type-safe
|
||||
connection status information now provided; obsoletes ne_set_progress()
|
||||
- ne_xml_dispatch_request() now only invokes the XML parser for
|
||||
response entities with an XML content-type, following RFC 3023 rules
|
||||
- ne_acl_set() now takes a "const" entries array
|
||||
- LFS compatibility functions *64 removed: all functions taking an
|
||||
off_t now take an ne_off_t which is off64_t for LFS builds
|
||||
* GnuTLS support now mostly feature-complete with OpenSSL support:
|
||||
- greatly improved SSL distinguished name handling with GnuTLS >= 1.7.8
|
||||
* Other changes:
|
||||
- descriptive error messages for authentication failures
|
||||
- SSPI support uses canonical DNS server name (Yves Martin)
|
||||
- fixes for handling of "stale" parameter in Digest authentication
|
||||
- added support for URIs in SSL server certificate subjectAltName field
|
||||
- fix compiler warnings with expat 2.x
|
||||
- fix handling of "Transfer-Encoding: identity" responses from privoxy
|
||||
* Fix regression in response progress counter for notifier/progress callbacks
|
||||
* Fix interface description for ne_set_notifier() callback; sr.total
|
||||
is set to -1 not 0 for an indeterminate response length
|
||||
* Tue Jul 17 2007 prusnak@suse.cz
|
||||
- update to 0.26.4
|
||||
* Fix Negotiate Authentication-Info response header verification with GSSAPI
|
||||
* Fix multiple handlers with ne_add_{server,proxy}_auth (Werner Baumann)
|
||||
* Fix SSPI build with some versions of MinGW (Gisle Vanem)
|
||||
* Fix for SSPI segfault in response header verification (Mike DiCuccio)
|
||||
* Fix error strings for CONNECT SSL proxy tunnel request failure
|
||||
* Fix install-nls for VPATH builds (Hans Meine)
|
||||
* Fix use of unencrypted client certs with GnuTLS
|
||||
* Fix ne_lock* If: header insertion to use CRLF-terminated headers
|
||||
* Fix test suite failures on QNX by working around send() length limit
|
||||
* Fix handling of POSIX strerror_r failure case in ne_strerror
|
||||
* Fix alignment issues in test suite MD5 code
|
||||
* Fri Apr 27 2007 dmueller@suse.de
|
||||
- fix buildrequires
|
||||
* Tue Apr 17 2007 prusnak@suse.cz
|
||||
- updated spec file to reflect expat package split
|
||||
* Sat Mar 31 2007 rguenther@suse.de
|
||||
- add zlib-devel BuildRequires
|
||||
* Wed Jan 24 2007 prusnak@suse.cz
|
||||
- update to 0.26.3
|
||||
* build fix for platforms without libintl.h
|
||||
* use Libs.private in neon.pc for newer versions of pkg-config
|
||||
* fix error reported for LOCK responses lacking a Lock-Token header
|
||||
* security fix CVE-2007-0157: fix buffer under-read in URI parser
|
||||
* fix handling of "nextnonce" parameter in Digest authentication
|
||||
- drop obsoleted patch from Jan 15 (included in update)
|
||||
* Mon Jan 15 2007 olh@suse.de
|
||||
- do not cast char pointers into int pointers (CVE-2007-0157 / #235083)
|
||||
* Thu Jul 20 2006 olh@suse.de
|
||||
- update to 0.26.1
|
||||
new API
|
||||
- neon-devel requires openssl-devel zlib-devel expat
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Wed Jun 29 2005 olh@suse.de
|
||||
- build with expat instead of libxml2, should speed up svn checkout
|
||||
of large files (#94606)
|
||||
* Wed Feb 02 2005 meissner@suse.de
|
||||
- fix build with gcc4, added 2 sentinel mark ups.
|
||||
* Sun Oct 17 2004 olh@suse.de
|
||||
- remove .so link from main package, its already in -devel
|
||||
* Sat Sep 25 2004 olh@suse.de
|
||||
- update for gcc4, -Wimplicit-prototypes and inline
|
||||
* Tue Jul 06 2004 olh@suse.de
|
||||
- update to 0.24.7
|
||||
* Sun May 09 2004 olh@suse.de
|
||||
- add neon-CAN-2004-0398.patch (#39774)
|
||||
* Thu Apr 01 2004 olh@suse.de
|
||||
- add CAN-2004-0179.diff (#37716)
|
||||
* Thu Jan 22 2004 olh@suse.de
|
||||
- update for gcc3.4, -Wimplicit-prototypes and inline
|
||||
* Sat Jan 10 2004 adrian@suse.de
|
||||
- add %%defattr and %%run_ldconfig
|
||||
* Fri Nov 28 2003 mcihar@suse.cz
|
||||
- updated to 0.24.4, some highlights:
|
||||
* Major changes to XML interface
|
||||
* Major changes to SSL interface
|
||||
* Add a pkg-config file
|
||||
* Tons of fixes
|
||||
* Wed Apr 23 2003 olh@suse.de
|
||||
- update to 0.23.9
|
||||
Changes in release 0.23.9:
|
||||
* neon-config exports includes needed for OpenSSL given by
|
||||
pkg-config.
|
||||
* ne_redirect_location will return NULL if redirect hooks have
|
||||
not been registered for the session (Ralf Mattes <rm@fabula.de>).
|
||||
Changes in release 0.23.8:
|
||||
* On Linux, skip slow lookup for IPv6 addresses when IPv6 support
|
||||
is not loaded in kernel (thanks to Daniel Stenberg for this
|
||||
technique).
|
||||
* Update to autoconf 2.57 and libtool 1.4.3.
|
||||
* Sat Mar 01 2003 olh@suse.de
|
||||
- apply security fix from 0.23.8
|
||||
* SECURITY: Prevent control characters from being included in the
|
||||
reason_phrase field filled in by ne_parse_statusline(), and in
|
||||
the session error string.
|
||||
* Fix digest auth response verification for >9 responses in session
|
||||
(bug manifests as "Server was not authenticated correctly" error).
|
||||
* Tue Jan 28 2003 olh@suse.de
|
||||
- update to 0.23.7
|
||||
Changes in release 0.23.7:
|
||||
* Fix for handling EINTR during write() call (Sergey N Ushakov).
|
||||
* When available, use pkg-config to determine compiler flags
|
||||
needed to use OpenSSL headers and libraries.
|
||||
* Tue Jan 21 2003 olh@suse.de
|
||||
- update to 0.23.6
|
||||
* Sat Oct 12 2002 olh@suse.de
|
||||
- update to 0.23.5
|
||||
move interface documentation to -devel
|
||||
* Thu Sep 19 2002 olh@suse.de
|
||||
- update to 0.23.4, enable build with -g
|
||||
* Sat Aug 31 2002 poeml@suse.de
|
||||
- update to 0.22.0, needed by subversion
|
||||
* Fri Aug 09 2002 olh@suse.de
|
||||
- devel requires base package
|
||||
* Fri Jul 26 2002 adrian@suse.de
|
||||
- fix neededforbuild
|
||||
* Sun Jun 23 2002 olh@suse.de
|
||||
- update to 0.21.3
|
||||
* Sat May 04 2002 olh@suse.de
|
||||
- initial SuSE package, version 0.20.0
|
||||
|
Loading…
Reference in New Issue
Block a user