diff --git a/neon-0.28.4-CVE-2009-2473,2474.patch b/neon-0.28.4-CVE-2009-2473,2474.patch new file mode 100644 index 0000000..b8e765a --- /dev/null +++ b/neon-0.28.4-CVE-2009-2473,2474.patch @@ -0,0 +1,375 @@ +--- src/ne_gnutls.c ++++ src/ne_gnutls.c +@@ -350,7 +350,7 @@ + case GNUTLS_SAN_DNSNAME: + name[len] = '\0'; + if (identity && !found) *identity = ne_strdup(name); +- match = ne__ssl_match_hostname(name, hostname); ++ match = ne__ssl_match_hostname(name, len, hostname); + found = 1; + break; + case GNUTLS_SAN_IPADDRESS: { +@@ -419,7 +419,7 @@ + seq, 0, name, &len); + if (ret == 0) { + if (identity) *identity = ne_strdup(name); +- match = ne__ssl_match_hostname(name, hostname); ++ match = ne__ssl_match_hostname(name, len, hostname); + } + } else { + return -1; +--- src/ne_openssl.c ++++ src/ne_openssl.c +@@ -92,10 +92,16 @@ + int len; + + switch (str->type) { +- case V_ASN1_UTF8STRING: + case V_ASN1_IA5STRING: /* definitely ASCII */ + case V_ASN1_VISIBLESTRING: /* probably ASCII */ + case V_ASN1_PRINTABLESTRING: /* subset of ASCII */ ++ ne__buffer_qappend(buf, str->data, str->length); ++ break; ++ case V_ASN1_UTF8STRING: ++ /* Fail for embedded NUL bytes. */ ++ if (strlen((char *)str->data) != (size_t)str->length) { ++ return -1; ++ } + ne_buffer_append(buf, (char *)str->data, str->length); + break; + case V_ASN1_UNIVERSALSTRING: +@@ -103,8 +109,15 @@ + case V_ASN1_BMPSTRING: + len = ASN1_STRING_to_UTF8(&tmp, str); + if (len > 0) { +- ne_buffer_append(buf, (char *)tmp, len); +- OPENSSL_free(tmp); ++ /* Fail if there were embedded NUL bytes. */ ++ if (strlen((char *)tmp) != (size_t)len) { ++ OPENSSL_free(tmp); ++ return -1; ++ } ++ else { ++ ne_buffer_append(buf, (char *)tmp, len); ++ OPENSSL_free(tmp); ++ } + break; + } else { + ERR_clear_error(); +@@ -119,13 +132,11 @@ + return 0; + } + +-/* Returns a malloc-allocate version of IA5 string AS. Really only +- * here to prevent char * vs unsigned char * type mismatches without +- * losing all hope at type-safety. */ ++/* Returns a malloc-allocated version of IA5 string AS, escaped for ++ * safety. */ + static char *dup_ia5string(const ASN1_IA5STRING *as) + { +- unsigned char *data = as->data; +- return ne_strndup((char *)data, as->length); ++ return ne__strnqdup(as->data, as->length); + } + + char *ne_ssl_readable_dname(const ne_ssl_dname *name) +@@ -236,7 +247,7 @@ + if (nm->type == GEN_DNS) { + char *name = dup_ia5string(nm->d.ia5); + if (identity && !found) *identity = ne_strdup(name); +- match = ne__ssl_match_hostname(name, hostname); ++ match = ne__ssl_match_hostname(name, strlen(name), hostname); + ne_free(name); + found = 1; + } +@@ -320,7 +331,7 @@ + return -1; + } + if (identity) *identity = ne_strdup(cname->data); +- match = ne__ssl_match_hostname(cname->data, hostname); ++ match = ne__ssl_match_hostname(cname->data, cname->used - 1, hostname); + ne_buffer_destroy(cname); + } + +--- src/ne_private.h ++++ src/ne_private.h +@@ -128,8 +128,17 @@ + void ne__ssl_set_verify_err(ne_session *sess, int failures); + + /* Return non-zero if hostname from certificate (cn) matches hostname +- * used for session (hostname); follows RFC2818 logic. cn is modified +- * in-place. */ +-int ne__ssl_match_hostname(char *cn, const char *hostname); ++ * used for session (hostname); follows RFC2818 logic. */ ++int ne__ssl_match_hostname(const char *cn, size_t cnlen, const char *hostname); ++ ++/* Return a malloc-allocated copy of 'data', of length 'len', with all ++ * non-ASCII bytes, and ASCII control characters escaped. (Note that ++ * the escaping includes the NUL byte). */ ++char *ne__strnqdup(const unsigned char *data, size_t len); ++ ++/* Append 'len' bytes of 'data' to buf. All non-ASCII bytes, and ++ * ASCII control characters, are escaped. (Note that this includes ++ * the NUL byte). */ ++void ne__buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len); + + #endif /* HTTP_PRIVATE_H */ +--- src/ne_session.c ++++ src/ne_session.c +@@ -403,24 +403,21 @@ + + /* This doesn't actually implement complete RFC 2818 logic; omits + * "f*.example.com" support for simplicity. */ +-int ne__ssl_match_hostname(char *cn, const char *hostname) ++int ne__ssl_match_hostname(const char *cn, size_t cnlen, const char *hostname) + { + const char *dot; + +- dot = strchr(hostname, '.'); +- if (dot == NULL) { +- char *pnt = strchr(cn, '.'); +- /* hostname is not fully-qualified; unqualify the cn. */ +- if (pnt != NULL) { +- *pnt = '\0'; +- } +- } +- else if (strncmp(cn, "*.", 2) == 0) { ++ NE_DEBUG(NE_DBG_SSL, "ssl: Match common name '%s' against '%s'\n", ++ cn, hostname); ++ ++ if (strncmp(cn, "*.", 2) == 0 && cnlen > 2 ++ && (dot = strchr(hostname, '.')) != NULL) { + hostname = dot + 1; + cn += 2; ++ cnlen -= 2; + } + +- return !ne_strcasecmp(cn, hostname); ++ return cnlen == strlen(hostname) && !ne_strcasecmp(cn, hostname); + } + + #endif /* NE_HAVE_SSL */ +--- src/ne_socket.c ++++ src/ne_socket.c +@@ -1261,6 +1261,7 @@ + ne_inet_addr *ne_sock_peer(ne_socket *sock, unsigned int *port) + { + union saun { ++ struct sockaddr sa; + struct sockaddr_in sin; + #if defined(USE_GETADDRINFO) && defined(AF_INET6) + struct sockaddr_in6 sin6; +@@ -1287,13 +1288,13 @@ + ia->ai_addr = ne_malloc(sizeof *ia); + ia->ai_addrlen = len; + memcpy(ia->ai_addr, sad, len); +- ia->ai_family = sad->sa_family; ++ ia->ai_family = saun.sa.sa_family; + #else + memcpy(ia, &saun.sin.sin_addr.s_addr, sizeof *ia); + #endif + + #if defined(USE_GETADDRINFO) && defined(AF_INET6) +- *port = ntohs(sad->sa_family == AF_INET ? ++ *port = ntohs(saun.sa.sa_family == AF_INET ? + saun.sin.sin_port : saun.sin6.sin6_port); + #else + *port = ntohs(saun.sin.sin_port); +--- src/ne_string.c ++++ src/ne_string.c +@@ -38,6 +38,8 @@ + + #include "ne_alloc.h" + #include "ne_string.h" ++/* hack for 0.28.x backport of ne_strnqdup, ne_buffer_qappend */ ++#include "ne_private.h" + + char *ne_token(char **str, char separator) + { +@@ -252,6 +254,98 @@ + buf->used = strlen(buf->data) + 1; + } + ++ ++/* ascii_quote[n] gives the number of bytes needed by ++ * ne_buffer_qappend() to append character 'n'. */ ++static const unsigned char ascii_quote[256] = { ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4 ++}; ++ ++static const char hex_chars[16] = "0123456789ABCDEF"; ++ ++/* Return the expected number of bytes needed to append the string ++ * beginning at byte 's', where 'send' points to the last byte after ++ * 's'. */ ++static size_t qappend_count(const unsigned char *s, const unsigned char *send) ++{ ++ const unsigned char *p; ++ size_t ret; ++ ++ for (p = s, ret = 0; p < send; p++) { ++ ret += ascii_quote[*p]; ++ } ++ ++ return ret; ++} ++ ++/* Append the string 's', up to but not including 'send', to string ++ * 'dest', quoting along the way. Returns pointer to NUL. */ ++static char *quoted_append(char *dest, const unsigned char *s, ++ const unsigned char *send) ++{ ++ const unsigned char *p; ++ char *q = dest; ++ ++ for (p = s; p < send; p++) { ++ if (ascii_quote[*p] == 1) { ++ *q++ = *p; ++ } ++ else { ++ *q++ = '\\'; ++ *q++ = 'x'; ++ *q++ = hex_chars[(*p >> 4) & 0x0f]; ++ *q++ = hex_chars[*p & 0x0f]; ++ } ++ } ++ ++ /* NUL terminate after the last character */ ++ *q = '\0'; ++ ++ return q; ++} ++ ++void ne__buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len) ++{ ++ const unsigned char *dend = data + len; ++ char *q, *qs; ++ ++ ne_buffer_grow(buf, buf->used + qappend_count(data, dend)); ++ ++ /* buf->used >= 1, so this is safe. */ ++ qs = buf->data + buf->used - 1; ++ ++ q = quoted_append(qs, data, dend); ++ ++ /* used already accounts for a NUL, so increment by number of ++ * characters appended, *before* the NUL. */ ++ buf->used += q - qs; ++} ++ ++char *ne__strnqdup(const unsigned char *data, size_t len) ++{ ++ const unsigned char *dend = data + len; ++ char *dest = malloc(qappend_count(data, dend) + 1); ++ ++ quoted_append(dest, data, dend); ++ ++ return dest; ++} ++ + static const char b64_alphabet[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" +@@ -345,9 +439,9 @@ + return outp - *out; + } + +-/* Character map array; array[n] = isprint(n) ? 0x20 : n. Used by +- * ne_strclean as a locale-independent isprint(). */ +-static const unsigned char ascii_printable[256] = { ++/* Character map array; ascii_clean[n] = isprint(n) ? n : 0x20. Used ++ * by ne_strclean as a locale-independent isprint(). */ ++static const unsigned char ascii_clean[256] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +@@ -387,7 +481,7 @@ + unsigned char *pnt; + + for (pnt = (unsigned char *)str; *pnt; pnt++) +- *pnt = (char)ascii_printable[*pnt]; ++ *pnt = (char)ascii_clean[*pnt]; + + return str; + } +--- src/ne_xml.c ++++ src/ne_xml.c +@@ -405,6 +405,28 @@ + destroy_element(elm); + } + ++#if defined(HAVE_EXPAT) && XML_MAJOR_VERSION > 1 ++/* Stop the parser if an entity declaration is hit. */ ++static void entity_declaration(void *userData, const XML_Char *entityName, ++ int is_parameter_entity, const XML_Char *value, ++ int value_length, const XML_Char *base, ++ const XML_Char *systemId, const XML_Char *publicId, ++ const XML_Char *notationName) ++{ ++ ne_xml_parser *parser = userData; ++ ++ NE_DEBUG(NE_DBG_XMLPARSE, "XML: entity declaration [%s]. Failing.\n", ++ entityName); ++ ++ XML_StopParser(parser->parser, XML_FALSE); ++} ++#elif defined(HAVE_EXPAT) ++/* A noop default_handler. */ ++static void default_handler(void *userData, const XML_Char *s, int len) ++{ ++} ++#endif ++ + /* Find a namespace definition for 'prefix' in given element, where + * length of prefix is 'pfxlen'. Returns the URI or NULL. */ + static const char *resolve_nspace(const struct element *elm, +@@ -459,14 +481,34 @@ + XML_SetCharacterDataHandler(p->parser, char_data); + XML_SetUserData(p->parser, (void *) p); + XML_SetXmlDeclHandler(p->parser, decl_handler); ++ ++ /* Prevent the "billion laughs" attack against expat by disabling ++ * internal entity expansion. With 2.x, forcibly stop the parser ++ * if an entity is declared - this is safer and a more obvious ++ * failure mode. With older versions, installing a noop ++ * DefaultHandler means that internal entities will be expanded as ++ * the empty string, which is also sufficient to prevent the ++ * attack. */ ++#if XML_MAJOR_VERSION > 1 ++ XML_SetEntityDeclHandler(p->parser, entity_declaration); + #else ++ XML_SetDefaultHandler(p->parser, default_handler); ++#endif ++ ++#else /* HAVE_LIBXML */ + p->parser = xmlCreatePushParserCtxt(&sax_handler, + (void *)p, NULL, 0, NULL); + if (p->parser == NULL) { + abort(); + } ++#if LIBXML_VERSION < 20602 + p->parser->replaceEntities = 1; ++#else ++ /* Enable expansion of entities, and disable network access. */ ++ xmlCtxtUseOptions(p->parser, XML_PARSE_NOENT | XML_PARSE_NONET); + #endif ++ ++#endif /* HAVE_LIBXML || HAVE_EXPAT */ + return p; + } + diff --git a/neon.changes b/neon.changes index d71c613..a18b504 100644 --- a/neon.changes +++ b/neon.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Sep 10 17:07:03 CEST 2009 - prusnak@suse.cz + +- fixed CVE-2009-2473 and CVE-2009-2474 [bnc#528370] + ------------------------------------------------------------------- Thu May 7 13:47:31 CEST 2009 - prusnak@suse.cz diff --git a/neon.spec b/neon.spec index 27f400c..ac61f55 100644 --- a/neon.spec +++ b/neon.spec @@ -22,7 +22,7 @@ Name: neon BuildRequires: krb5-devel libexpat-devel libopenssl-devel zlib-devel Summary: An HTTP and WebDAV Client Library Version: 0.28.4 -Release: 1 +Release: 2 License: LGPL v2.1 or later # bug437293 %ifarch ppc64 @@ -33,7 +33,8 @@ Group: Development/Libraries/Other Url: http://www.webdav.org/neon BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: http://www.webdav.org/neon/neon-%{version}.tar.bz2 -Patch0: neon-%{version}-bloat.patch +Patch0: %{name}-0.28.4-bloat.patch +Patch1: %{name}-0.28.4-CVE-2009-2473,2474.patch %description neon is an HTTP and WebDAV client library with a C interface. @@ -159,6 +160,7 @@ Authors: %prep %setup -q %patch0 +%patch1 %build rm -f aclocal.m4 ltmain.sh @@ -205,216 +207,3 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/neon.pc %changelog -* Thu May 07 2009 prusnak@suse.cz -- updated to 0.28.4 - * GnuTLS support fixes: - - fix handling of PKCS#12 client certs with multiple certs or keys - - fix crash with OpenPGP certificate - - use pkg-config data in configure, in preference to libgnutls-config - * Add PKCS#11 support for OpenSSL builds (where pakchois is available) - * Fix small memory leak in PKCS#11 code -- enabled kerberos support (by adding krb5-devel to BuildRequires) -* Wed Jan 07 2009 olh@suse.de -- obsolete old -XXbit packages (bnc#437293) -* Thu Aug 21 2008 prusnak@suse.cz -- updated to 0.28.3 - * SECURITY (CVE-2008-3746): Fix potential NULL pointer dereference in - Digest domain parameter support; could allow a DoS by a malicious server - * Fix parsing of *-Authenticate response header with LWS after quoted value - * Fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash) - * Fix to disable Nagle on Win32 with newer toolchain (thanks to Stefan Küng) - * Fix build on Netware (Guenter Knauf) - * Document existing ne_uri_parse() API postcondition and ne_uri_resolve() - pre/postconditions regarding the ->path field in ne_uri structures - * Mark ne_{,buffer_}concat with sentinel attribute for GCC >= 4. - * Distinguish the error message for an SSL handshake which fails after a - client cert was requested. - * Compile with PIC flags by default even for static library builds -* Tue Jun 03 2008 coolo@suse.de -- require COPYING package -* Sun May 18 2008 coolo@suse.de -- fix rename of xxbit packages -* Thu Apr 10 2008 ro@suse.de -- added baselibs.conf file to build xxbit packages - for multilib support -* Thu Apr 03 2008 prusnak@suse.cz -- updated to 0.28.2 - * Support "Proxy-Connection: Keep-Alive" for compatibility with HTTP/1.0 - proxies which require persistent connections for NTLM authentication - * Fix an fd leak in ne_ssl_{,cli}cert_read (GnuTLS only) - * Enable fast initialization in GnuTLS. - (changes from 0.28.1) - * Fix build on SCO OpenServer 5.0.x (thanks to Nico Kadel-Garcia) - * Fix handling of Digest domain parameter values without a trailing slash - * Fix build against apr-util's bundled libexpat.la in Subversion - * Add --without-pakchois to configure (Arfrever Frehtes Taifersar Arahesis) - * zh message catalog renamed to zh_CN, translation updated (Dongsheng Song) -- disable make check, does not build on all archs -- dropped patch: - * digest.patch (included in update) -* Mon Mar 03 2008 olh@suse.de -- fix bug in digest domain parameter handling to fix svn commit -* Thu Feb 28 2008 crrodriguez@suse.de -- run the test suite to detect any possible regression -* Fri Feb 15 2008 crrodriguez@suse.de -- version 0.28.0 -- Interface changes: - * none, API and ABI backwards-compatible with 0.27.x -- New interfaces: - * ne_pkcs11.h: added basic PKCS#11 support (requires GnuTLS and pakchois) - * ne_auth.h: added NE_AUTH_ALL and NE_AUTH_DEFAULT constants - * ne_socket.h: added ne_sock_peer(), ne_sock_prebind(), ne_sock_cipher() - * ne_session.h: NE_SESSFLAG_TLSSNI flag added; TLS SNI support is enabled by default, where supported; ne_set_localaddr() added - * ne_request.h: added close_conn hooks (Robert J. van der Boon) - * ne_basic.h: added ne_options2() -- Other changes: - * add Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis) - * add support for the 'domain' parameter in Digest authentication - * fix fd leak in ne_sock_connect() error path (Andrew Teirney) - * the FD_CLOEXEC flag is set on socket fds - * fix timezone handling in ne_dates for more platforms (Alessandro Vesely) - * fix ne_simple_propfind() to print XML namespaces in flat property values - * fix ne_get_range() for unspecified end-range case (Henrik Holst) - * fix ne_strclean() to be locale-independent and avoid possible Win32 crash - * fix ne_get_error() to not "clean" localized error strings - * fix ne_ssl_clicert_read() to fail for client certs missing cert or key -* Mon Nov 26 2007 crrodriguez@suse.de -- version 0.27.2 - * Fix crash in GSSAPI Negotiate response header verification. -- Cleanup excessive dependencies on -devel package. -* Fri Oct 12 2007 ro@suse.de -- add provides/obsoletes for neon-devel in libneon-devel - after package rename -* Tue Sep 25 2007 prusnak@suse.cz -- update do 0.27.1 - * New interfaces: - - ne_session.h: ne_fill_proxy_uri() retrieves configured proxy, - ne_hook_post_headers() adds a hook after response headers are read, - ne_set_connect_timeout() sets session connection timeout, - NE_SESSFLAG_RFC4918, NE_SESSFLAG_CONNAUTH flags added - - ne_socket.h: ne_sock_connect_timeout() sets connection timeout, - ne_iaddr_reverse() performs reverse DNS lookup - - ne_string.h: ne_buffer_snprintf() prints to a buffer object - - ne_xml.h: ne_xml_resolve_nspace() resolves namespace prefixes - * Interface changes: - - ne_set_notifier() replaces ne_set_status(); finer-grained and type-safe - connection status information now provided; obsoletes ne_set_progress() - - ne_xml_dispatch_request() now only invokes the XML parser for - response entities with an XML content-type, following RFC 3023 rules - - ne_acl_set() now takes a "const" entries array - - LFS compatibility functions *64 removed: all functions taking an - off_t now take an ne_off_t which is off64_t for LFS builds - * GnuTLS support now mostly feature-complete with OpenSSL support: - - greatly improved SSL distinguished name handling with GnuTLS >= 1.7.8 - * Other changes: - - descriptive error messages for authentication failures - - SSPI support uses canonical DNS server name (Yves Martin) - - fixes for handling of "stale" parameter in Digest authentication - - added support for URIs in SSL server certificate subjectAltName field - - fix compiler warnings with expat 2.x - - fix handling of "Transfer-Encoding: identity" responses from privoxy - * Fix regression in response progress counter for notifier/progress callbacks - * Fix interface description for ne_set_notifier() callback; sr.total - is set to -1 not 0 for an indeterminate response length -* Tue Jul 17 2007 prusnak@suse.cz -- update to 0.26.4 - * Fix Negotiate Authentication-Info response header verification with GSSAPI - * Fix multiple handlers with ne_add_{server,proxy}_auth (Werner Baumann) - * Fix SSPI build with some versions of MinGW (Gisle Vanem) - * Fix for SSPI segfault in response header verification (Mike DiCuccio) - * Fix error strings for CONNECT SSL proxy tunnel request failure - * Fix install-nls for VPATH builds (Hans Meine) - * Fix use of unencrypted client certs with GnuTLS - * Fix ne_lock* If: header insertion to use CRLF-terminated headers - * Fix test suite failures on QNX by working around send() length limit - * Fix handling of POSIX strerror_r failure case in ne_strerror - * Fix alignment issues in test suite MD5 code -* Fri Apr 27 2007 dmueller@suse.de -- fix buildrequires -* Tue Apr 17 2007 prusnak@suse.cz -- updated spec file to reflect expat package split -* Sat Mar 31 2007 rguenther@suse.de -- add zlib-devel BuildRequires -* Wed Jan 24 2007 prusnak@suse.cz -- update to 0.26.3 - * build fix for platforms without libintl.h - * use Libs.private in neon.pc for newer versions of pkg-config - * fix error reported for LOCK responses lacking a Lock-Token header - * security fix CVE-2007-0157: fix buffer under-read in URI parser - * fix handling of "nextnonce" parameter in Digest authentication -- drop obsoleted patch from Jan 15 (included in update) -* Mon Jan 15 2007 olh@suse.de -- do not cast char pointers into int pointers (CVE-2007-0157 / #235083) -* Thu Jul 20 2006 olh@suse.de -- update to 0.26.1 - new API -- neon-devel requires openssl-devel zlib-devel expat -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Wed Jun 29 2005 olh@suse.de -- build with expat instead of libxml2, should speed up svn checkout - of large files (#94606) -* Wed Feb 02 2005 meissner@suse.de -- fix build with gcc4, added 2 sentinel mark ups. -* Sun Oct 17 2004 olh@suse.de -- remove .so link from main package, its already in -devel -* Sat Sep 25 2004 olh@suse.de -- update for gcc4, -Wimplicit-prototypes and inline -* Tue Jul 06 2004 olh@suse.de -- update to 0.24.7 -* Sun May 09 2004 olh@suse.de -- add neon-CAN-2004-0398.patch (#39774) -* Thu Apr 01 2004 olh@suse.de -- add CAN-2004-0179.diff (#37716) -* Thu Jan 22 2004 olh@suse.de -- update for gcc3.4, -Wimplicit-prototypes and inline -* Sat Jan 10 2004 adrian@suse.de -- add %%defattr and %%run_ldconfig -* Fri Nov 28 2003 mcihar@suse.cz -- updated to 0.24.4, some highlights: - * Major changes to XML interface - * Major changes to SSL interface - * Add a pkg-config file - * Tons of fixes -* Wed Apr 23 2003 olh@suse.de -- update to 0.23.9 - Changes in release 0.23.9: - * neon-config exports includes needed for OpenSSL given by - pkg-config. - * ne_redirect_location will return NULL if redirect hooks have - not been registered for the session (Ralf Mattes ). - Changes in release 0.23.8: - * On Linux, skip slow lookup for IPv6 addresses when IPv6 support - is not loaded in kernel (thanks to Daniel Stenberg for this - technique). - * Update to autoconf 2.57 and libtool 1.4.3. -* Sat Mar 01 2003 olh@suse.de -- apply security fix from 0.23.8 - * SECURITY: Prevent control characters from being included in the - reason_phrase field filled in by ne_parse_statusline(), and in - the session error string. - * Fix digest auth response verification for >9 responses in session - (bug manifests as "Server was not authenticated correctly" error). -* Tue Jan 28 2003 olh@suse.de -- update to 0.23.7 - Changes in release 0.23.7: - * Fix for handling EINTR during write() call (Sergey N Ushakov). - * When available, use pkg-config to determine compiler flags - needed to use OpenSSL headers and libraries. -* Tue Jan 21 2003 olh@suse.de -- update to 0.23.6 -* Sat Oct 12 2002 olh@suse.de -- update to 0.23.5 - move interface documentation to -devel -* Thu Sep 19 2002 olh@suse.de -- update to 0.23.4, enable build with -g -* Sat Aug 31 2002 poeml@suse.de -- update to 0.22.0, needed by subversion -* Fri Aug 09 2002 olh@suse.de -- devel requires base package -* Fri Jul 26 2002 adrian@suse.de -- fix neededforbuild -* Sun Jun 23 2002 olh@suse.de -- update to 0.21.3 -* Sat May 04 2002 olh@suse.de -- initial SuSE package, version 0.20.0