diff --git a/neon-0.28.4-CVE-2009-2473,2474.patch b/neon-0.28.4-CVE-2009-2473,2474.patch new file mode 100644 index 0000000..b8e765a --- /dev/null +++ b/neon-0.28.4-CVE-2009-2473,2474.patch @@ -0,0 +1,375 @@ +--- src/ne_gnutls.c ++++ src/ne_gnutls.c +@@ -350,7 +350,7 @@ + case GNUTLS_SAN_DNSNAME: + name[len] = '\0'; + if (identity && !found) *identity = ne_strdup(name); +- match = ne__ssl_match_hostname(name, hostname); ++ match = ne__ssl_match_hostname(name, len, hostname); + found = 1; + break; + case GNUTLS_SAN_IPADDRESS: { +@@ -419,7 +419,7 @@ + seq, 0, name, &len); + if (ret == 0) { + if (identity) *identity = ne_strdup(name); +- match = ne__ssl_match_hostname(name, hostname); ++ match = ne__ssl_match_hostname(name, len, hostname); + } + } else { + return -1; +--- src/ne_openssl.c ++++ src/ne_openssl.c +@@ -92,10 +92,16 @@ + int len; + + switch (str->type) { +- case V_ASN1_UTF8STRING: + case V_ASN1_IA5STRING: /* definitely ASCII */ + case V_ASN1_VISIBLESTRING: /* probably ASCII */ + case V_ASN1_PRINTABLESTRING: /* subset of ASCII */ ++ ne__buffer_qappend(buf, str->data, str->length); ++ break; ++ case V_ASN1_UTF8STRING: ++ /* Fail for embedded NUL bytes. */ ++ if (strlen((char *)str->data) != (size_t)str->length) { ++ return -1; ++ } + ne_buffer_append(buf, (char *)str->data, str->length); + break; + case V_ASN1_UNIVERSALSTRING: +@@ -103,8 +109,15 @@ + case V_ASN1_BMPSTRING: + len = ASN1_STRING_to_UTF8(&tmp, str); + if (len > 0) { +- ne_buffer_append(buf, (char *)tmp, len); +- OPENSSL_free(tmp); ++ /* Fail if there were embedded NUL bytes. */ ++ if (strlen((char *)tmp) != (size_t)len) { ++ OPENSSL_free(tmp); ++ return -1; ++ } ++ else { ++ ne_buffer_append(buf, (char *)tmp, len); ++ OPENSSL_free(tmp); ++ } + break; + } else { + ERR_clear_error(); +@@ -119,13 +132,11 @@ + return 0; + } + +-/* Returns a malloc-allocate version of IA5 string AS. Really only +- * here to prevent char * vs unsigned char * type mismatches without +- * losing all hope at type-safety. */ ++/* Returns a malloc-allocated version of IA5 string AS, escaped for ++ * safety. */ + static char *dup_ia5string(const ASN1_IA5STRING *as) + { +- unsigned char *data = as->data; +- return ne_strndup((char *)data, as->length); ++ return ne__strnqdup(as->data, as->length); + } + + char *ne_ssl_readable_dname(const ne_ssl_dname *name) +@@ -236,7 +247,7 @@ + if (nm->type == GEN_DNS) { + char *name = dup_ia5string(nm->d.ia5); + if (identity && !found) *identity = ne_strdup(name); +- match = ne__ssl_match_hostname(name, hostname); ++ match = ne__ssl_match_hostname(name, strlen(name), hostname); + ne_free(name); + found = 1; + } +@@ -320,7 +331,7 @@ + return -1; + } + if (identity) *identity = ne_strdup(cname->data); +- match = ne__ssl_match_hostname(cname->data, hostname); ++ match = ne__ssl_match_hostname(cname->data, cname->used - 1, hostname); + ne_buffer_destroy(cname); + } + +--- src/ne_private.h ++++ src/ne_private.h +@@ -128,8 +128,17 @@ + void ne__ssl_set_verify_err(ne_session *sess, int failures); + + /* Return non-zero if hostname from certificate (cn) matches hostname +- * used for session (hostname); follows RFC2818 logic. cn is modified +- * in-place. */ +-int ne__ssl_match_hostname(char *cn, const char *hostname); ++ * used for session (hostname); follows RFC2818 logic. */ ++int ne__ssl_match_hostname(const char *cn, size_t cnlen, const char *hostname); ++ ++/* Return a malloc-allocated copy of 'data', of length 'len', with all ++ * non-ASCII bytes, and ASCII control characters escaped. (Note that ++ * the escaping includes the NUL byte). */ ++char *ne__strnqdup(const unsigned char *data, size_t len); ++ ++/* Append 'len' bytes of 'data' to buf. All non-ASCII bytes, and ++ * ASCII control characters, are escaped. (Note that this includes ++ * the NUL byte). */ ++void ne__buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len); + + #endif /* HTTP_PRIVATE_H */ +--- src/ne_session.c ++++ src/ne_session.c +@@ -403,24 +403,21 @@ + + /* This doesn't actually implement complete RFC 2818 logic; omits + * "f*.example.com" support for simplicity. */ +-int ne__ssl_match_hostname(char *cn, const char *hostname) ++int ne__ssl_match_hostname(const char *cn, size_t cnlen, const char *hostname) + { + const char *dot; + +- dot = strchr(hostname, '.'); +- if (dot == NULL) { +- char *pnt = strchr(cn, '.'); +- /* hostname is not fully-qualified; unqualify the cn. */ +- if (pnt != NULL) { +- *pnt = '\0'; +- } +- } +- else if (strncmp(cn, "*.", 2) == 0) { ++ NE_DEBUG(NE_DBG_SSL, "ssl: Match common name '%s' against '%s'\n", ++ cn, hostname); ++ ++ if (strncmp(cn, "*.", 2) == 0 && cnlen > 2 ++ && (dot = strchr(hostname, '.')) != NULL) { + hostname = dot + 1; + cn += 2; ++ cnlen -= 2; + } + +- return !ne_strcasecmp(cn, hostname); ++ return cnlen == strlen(hostname) && !ne_strcasecmp(cn, hostname); + } + + #endif /* NE_HAVE_SSL */ +--- src/ne_socket.c ++++ src/ne_socket.c +@@ -1261,6 +1261,7 @@ + ne_inet_addr *ne_sock_peer(ne_socket *sock, unsigned int *port) + { + union saun { ++ struct sockaddr sa; + struct sockaddr_in sin; + #if defined(USE_GETADDRINFO) && defined(AF_INET6) + struct sockaddr_in6 sin6; +@@ -1287,13 +1288,13 @@ + ia->ai_addr = ne_malloc(sizeof *ia); + ia->ai_addrlen = len; + memcpy(ia->ai_addr, sad, len); +- ia->ai_family = sad->sa_family; ++ ia->ai_family = saun.sa.sa_family; + #else + memcpy(ia, &saun.sin.sin_addr.s_addr, sizeof *ia); + #endif + + #if defined(USE_GETADDRINFO) && defined(AF_INET6) +- *port = ntohs(sad->sa_family == AF_INET ? ++ *port = ntohs(saun.sa.sa_family == AF_INET ? + saun.sin.sin_port : saun.sin6.sin6_port); + #else + *port = ntohs(saun.sin.sin_port); +--- src/ne_string.c ++++ src/ne_string.c +@@ -38,6 +38,8 @@ + + #include "ne_alloc.h" + #include "ne_string.h" ++/* hack for 0.28.x backport of ne_strnqdup, ne_buffer_qappend */ ++#include "ne_private.h" + + char *ne_token(char **str, char separator) + { +@@ -252,6 +254,98 @@ + buf->used = strlen(buf->data) + 1; + } + ++ ++/* ascii_quote[n] gives the number of bytes needed by ++ * ne_buffer_qappend() to append character 'n'. */ ++static const unsigned char ascii_quote[256] = { ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, ++ 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4 ++}; ++ ++static const char hex_chars[16] = "0123456789ABCDEF"; ++ ++/* Return the expected number of bytes needed to append the string ++ * beginning at byte 's', where 'send' points to the last byte after ++ * 's'. */ ++static size_t qappend_count(const unsigned char *s, const unsigned char *send) ++{ ++ const unsigned char *p; ++ size_t ret; ++ ++ for (p = s, ret = 0; p < send; p++) { ++ ret += ascii_quote[*p]; ++ } ++ ++ return ret; ++} ++ ++/* Append the string 's', up to but not including 'send', to string ++ * 'dest', quoting along the way. Returns pointer to NUL. */ ++static char *quoted_append(char *dest, const unsigned char *s, ++ const unsigned char *send) ++{ ++ const unsigned char *p; ++ char *q = dest; ++ ++ for (p = s; p < send; p++) { ++ if (ascii_quote[*p] == 1) { ++ *q++ = *p; ++ } ++ else { ++ *q++ = '\\'; ++ *q++ = 'x'; ++ *q++ = hex_chars[(*p >> 4) & 0x0f]; ++ *q++ = hex_chars[*p & 0x0f]; ++ } ++ } ++ ++ /* NUL terminate after the last character */ ++ *q = '\0'; ++ ++ return q; ++} ++ ++void ne__buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len) ++{ ++ const unsigned char *dend = data + len; ++ char *q, *qs; ++ ++ ne_buffer_grow(buf, buf->used + qappend_count(data, dend)); ++ ++ /* buf->used >= 1, so this is safe. */ ++ qs = buf->data + buf->used - 1; ++ ++ q = quoted_append(qs, data, dend); ++ ++ /* used already accounts for a NUL, so increment by number of ++ * characters appended, *before* the NUL. */ ++ buf->used += q - qs; ++} ++ ++char *ne__strnqdup(const unsigned char *data, size_t len) ++{ ++ const unsigned char *dend = data + len; ++ char *dest = malloc(qappend_count(data, dend) + 1); ++ ++ quoted_append(dest, data, dend); ++ ++ return dest; ++} ++ + static const char b64_alphabet[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" +@@ -345,9 +439,9 @@ + return outp - *out; + } + +-/* Character map array; array[n] = isprint(n) ? 0x20 : n. Used by +- * ne_strclean as a locale-independent isprint(). */ +-static const unsigned char ascii_printable[256] = { ++/* Character map array; ascii_clean[n] = isprint(n) ? n : 0x20. Used ++ * by ne_strclean as a locale-independent isprint(). */ ++static const unsigned char ascii_clean[256] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +@@ -387,7 +481,7 @@ + unsigned char *pnt; + + for (pnt = (unsigned char *)str; *pnt; pnt++) +- *pnt = (char)ascii_printable[*pnt]; ++ *pnt = (char)ascii_clean[*pnt]; + + return str; + } +--- src/ne_xml.c ++++ src/ne_xml.c +@@ -405,6 +405,28 @@ + destroy_element(elm); + } + ++#if defined(HAVE_EXPAT) && XML_MAJOR_VERSION > 1 ++/* Stop the parser if an entity declaration is hit. */ ++static void entity_declaration(void *userData, const XML_Char *entityName, ++ int is_parameter_entity, const XML_Char *value, ++ int value_length, const XML_Char *base, ++ const XML_Char *systemId, const XML_Char *publicId, ++ const XML_Char *notationName) ++{ ++ ne_xml_parser *parser = userData; ++ ++ NE_DEBUG(NE_DBG_XMLPARSE, "XML: entity declaration [%s]. Failing.\n", ++ entityName); ++ ++ XML_StopParser(parser->parser, XML_FALSE); ++} ++#elif defined(HAVE_EXPAT) ++/* A noop default_handler. */ ++static void default_handler(void *userData, const XML_Char *s, int len) ++{ ++} ++#endif ++ + /* Find a namespace definition for 'prefix' in given element, where + * length of prefix is 'pfxlen'. Returns the URI or NULL. */ + static const char *resolve_nspace(const struct element *elm, +@@ -459,14 +481,34 @@ + XML_SetCharacterDataHandler(p->parser, char_data); + XML_SetUserData(p->parser, (void *) p); + XML_SetXmlDeclHandler(p->parser, decl_handler); ++ ++ /* Prevent the "billion laughs" attack against expat by disabling ++ * internal entity expansion. With 2.x, forcibly stop the parser ++ * if an entity is declared - this is safer and a more obvious ++ * failure mode. With older versions, installing a noop ++ * DefaultHandler means that internal entities will be expanded as ++ * the empty string, which is also sufficient to prevent the ++ * attack. */ ++#if XML_MAJOR_VERSION > 1 ++ XML_SetEntityDeclHandler(p->parser, entity_declaration); + #else ++ XML_SetDefaultHandler(p->parser, default_handler); ++#endif ++ ++#else /* HAVE_LIBXML */ + p->parser = xmlCreatePushParserCtxt(&sax_handler, + (void *)p, NULL, 0, NULL); + if (p->parser == NULL) { + abort(); + } ++#if LIBXML_VERSION < 20602 + p->parser->replaceEntities = 1; ++#else ++ /* Enable expansion of entities, and disable network access. */ ++ xmlCtxtUseOptions(p->parser, XML_PARSE_NOENT | XML_PARSE_NONET); + #endif ++ ++#endif /* HAVE_LIBXML || HAVE_EXPAT */ + return p; + } + diff --git a/neon-0.28.4.tar.bz2 b/neon-0.28.4.tar.bz2 new file mode 100644 index 0000000..4375411 --- /dev/null +++ b/neon-0.28.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3af8a792fd42b15317e2fe49dd916f4173b41f0144eac22db044ac83ace77f1b +size 607942 diff --git a/neon-0.29.3.tar.bz2 b/neon-0.29.3.tar.bz2 deleted file mode 100644 index f07d41a..0000000 --- a/neon-0.29.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:088ab21e45ea91455ec7d8db598600660031381a8bd233c3fd0719c9296b1f3f -size 678914 diff --git a/neon-openssl.patch b/neon-openssl.patch new file mode 100644 index 0000000..bd90ebd --- /dev/null +++ b/neon-openssl.patch @@ -0,0 +1,83 @@ +Author: joe +Date: Sat Sep 12 13:03:49 2009 +New Revision: 1724 + +Modified: + neon/trunk/macros/neon.m4 + neon/trunk/src/ne_openssl.c + neon/trunk/src/ne_socket.c + +Log: +* macros/neon.m4 (LIBNEON_SOURCE_CHECKS): Require inet_pton for + getaddrinfo support. + +* src/ne_socket.c (ne_sock_accept_ssl): Add debug log output if + session is resumed. + +* macros/neon.m4 (NEON_SSL): Check for SSL_SESSION_cmp. + + +Modified: neon/trunk/macros/neon.m4 +============================================================================== +--- neon/trunk/macros/neon.m4 (original) ++++ neon/trunk/macros/neon.m4 Sat Sep 12 13:03:49 2009 +@@ -923,7 +923,7 @@ + if test "$ne_cv_lib_ssl097" = "yes"; then + AC_MSG_NOTICE([OpenSSL >= 0.9.7; EGD support not needed in neon]) + NE_ENABLE_SUPPORT(SSL, [SSL support enabled, using OpenSSL (0.9.7 or later)]) +- NE_CHECK_FUNCS(CRYPTO_set_idptr_callback) ++ NE_CHECK_FUNCS(CRYPTO_set_idptr_callback SSL_SESSION_cmp) + else + # Fail if OpenSSL is older than 0.9.6 + NE_CHECK_OPENSSLVER(ne_cv_lib_ssl096, 0.9.6, 0x00906000L) + +Modified: neon/trunk/src/ne_openssl.c +============================================================================== +--- neon/trunk/src/ne_openssl.c (original) ++++ neon/trunk/src/ne_openssl.c Sat Sep 12 13:03:49 2009 +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #ifdef NE_HAVE_TS_SSL + #include /* for abort() */ +@@ -632,6 +633,19 @@ + ne_free(ctx); + } + ++#if !defined(HAVE_SSL_SESSION_CMP) && !defined(SSL_SESSION_cmp) \ ++ && defined(OPENSSL_VERSION_NUMBER) \ ++ && OPENSSL_VERSION_NUMBER > 0x10000000L ++/* OpenSSL 1.0 removed SSL_SESSION_cmp for no apparent reason - hoping ++ * it is reasonable to assume that comparing the session IDs is ++ * sufficient. */ ++static int SSL_SESSION_cmp(SSL_SESSION *a, SSL_SESSION *b) ++{ ++ return a->session_id_length == b->session_id_length ++ && memcmp(a->session_id, b->session_id, a->session_id_length) == 0; ++} ++#endif ++ + /* For internal use only. */ + int ne__negotiate_ssl(ne_session *sess) + { + +Modified: neon/trunk/src/ne_socket.c +============================================================================== +--- neon/trunk/src/ne_socket.c (original) ++++ neon/trunk/src/ne_socket.c Sat Sep 12 13:03:49 2009 +@@ -1639,6 +1639,10 @@ + if (ret != 1) { + return error_ossl(sock, ret); + } ++ ++ if (SSL_session_reused(ssl)) { ++ NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); ++ } + #elif defined(HAVE_GNUTLS) + gnutls_init(&ssl, GNUTLS_SERVER); + gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); + + diff --git a/neon.changes b/neon.changes index c793f87..f222add 100644 --- a/neon.changes +++ b/neon.changes @@ -1,57 +1,3 @@ -------------------------------------------------------------------- -Sun Aug 22 13:34:21 UTC 2010 - dimstar@opensuse.org - -- Update to version 0.29.3 - + Change ne_sock_close() to no longer wait for SSL closure alert - + Fix memory leak with GnuTLS - + API clarification in ne_sock_close() -- Changes from version 0.29.2: - + Fix spurious 'certificate verify failed' errors with OpenSSL - + Fix unnecessary re-authentication with SSPI -- Changes from version 0.29.1: - + Fixes for (Unix) NTLM implementation: - - fix handling of session timeout - - fix possible crash - + Build fixes for Win32: - + Fix build with versions of GnuTLS older than 2.8.0. -- Changes from version 0.29.0: - + New interfaces and features: - - added NTLM auth support for Unix builds - - ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol - codes - - added ne_acl3744.h, updated WebDAV ACL support - - added built-in SOCKS v4/v4a/v5 support: - ne_socket.h:ne_sock_proxy(), and - ne_session.h:ne_session_socks_proxy() - - added support for system-default proxies: - ne_session_system_proxy(), implemented using libproxy - - ne_session.h: added NE_SESSFLAG_EXPECT100 session flag, SSL - verification failure bits extended by NE_SSL_BADCHAIN and - NE_SSL_REVOKED, better handling of failures within the cert - chain - - ne_utils.h: added feature code NE_FEATURE_SYSPROXY - - ne_socket.h: ne_sock_writev(), ne_sock_set_error(), - ne_iaddr_raw(), ne_iaddr_parse() - - ne_string.h: ne_buffer_qappend(), ne_strnqdup() -- Changes from version 0.28.6: - + SECURITY (CVE-2009-2473): Fix "billion laughs" attack against - expat; - + SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte - in a certificate subject name with OpenSSL; -+ Changes from version 0.28.5: - + Enable support for X.509v1 CA certificates in GnuTLS. - + Fix handling of EINTR in connect() calls. - + Fix use of builds with SOCK_CLOEXEC support on older Linux - kernels. -- Add libproxy-devel BuildRequires -- Clean spec file using spec-cleaner. -- Drop upstream included patches: - + neon-0.28.4-CVE-2009-2473,2474.patch - + neon-openssl.patch -- Drop the main package. It avoids the lib from being installed in - different versions and generally only contained coders doc. - => provide / obsolete neon by libneon-devel. - ------------------------------------------------------------------- Sun Apr 18 19:23:22 UTC 2010 - coolo@novell.com diff --git a/neon.spec b/neon.spec index 89b4271..8eb2f4a 100644 --- a/neon.spec +++ b/neon.spec @@ -1,5 +1,5 @@ # -# spec file for package neon (Version 0.29.3) +# spec file for package neon (Version 0.28.4) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -15,31 +15,29 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# norootforbuild Name: neon -Version: 0.29.3 +BuildRequires: krb5-devel libexpat-devel libopenssl-devel zlib-devel +Summary: An HTTP and WebDAV Client Library +Version: 0.28.4 Release: 4 License: GPLv2+ -Summary: An HTTP and WebDAV Client Library -BuildRequires: krb5-devel -BuildRequires: libexpat-devel -BuildRequires: libopenssl-devel -BuildRequires: libproxy-devel -BuildRequires: pkg-config -BuildRequires: zlib-devel # bug437293 %ifarch ppc64 Obsoletes: neon-64bit %endif -Url: http://www.webdav.org/neon # Group: Development/Libraries/Other +Url: http://www.webdav.org/neon +BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: http://www.webdav.org/neon/neon-%{version}.tar.bz2 Source2: baselibs.conf -# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/Packaging/Patches Patch0: %{name}-0.28.4-bloat.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch1: %{name}-0.28.4-CVE-2009-2473,2474.patch +# http://lists.manyfish.co.uk/pipermail/neon-commits/2009-September/000827.html +Patch2: %{name}-openssl.patch %description neon is an HTTP and WebDAV client library with a C interface. @@ -71,6 +69,7 @@ properties (PROPPATCH/PROPFIND) License: GPLv2+ Summary: An HTTP and WebDAV Client Library Group: Development/Libraries/Other +Requires: %{name} = %{version} # bug437293 %ifarch ppc64 Obsoletes: neon-64bit @@ -107,12 +106,7 @@ properties (PROPPATCH/PROPFIND) License: GPLv2+ Summary: An HTTP and WebDAV Client Library Group: Development/Libraries/Other -Requires: glibc-devel -Requires: libneon27 = %{version} -# Drop the main package. It avoids the lib from being installed in different versions -# and generally only contained coders doc anyhow. -Provides: neon = %{version} -Obsoletes: neon < %{version} +Requires: libneon27 = %{version} glibc-devel # renamed after openSUSE 10.3 Provides: neon-devel = 0.27 Obsoletes: neon-devel < 0.27 @@ -151,6 +145,8 @@ properties (PROPPATCH/PROPFIND) %prep %setup -q %patch0 +%patch1 +%patch2 -p2 %build rm -f aclocal.m4 ltmain.sh @@ -162,30 +158,33 @@ sh autogen.sh --disable-static \ --enable-warnings \ --with-pic -%{__make} %{?_smp_mflags} +%{__make} %{?jobs:-j%jobs} %install -make DESTDIR=%{buildroot} docdir=%{_defaultdocdir}/%{name} install install-man install-html -rm -f %{buildroot}%{_libdir}/*.la +make DESTDIR=$RPM_BUILD_ROOT docdir=%{_defaultdocdir}/%{name} install install-man install-html +rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %check # make check %clean -rm -rf %{buildroot} +rm -rf $RPM_BUILD_ROOT %post -n libneon27 -p /sbin/ldconfig %postun -n libneon27 -p /sbin/ldconfig +%files +%defattr(-,root,root) +%doc doc/*.txt doc/html +%doc AUTHORS BUGS ChangeLog NEWS README THANKS TODO + %files -n libneon27 %defattr(-,root,root) -%doc AUTHORS BUGS ChangeLog NEWS README THANKS TODO %{_libdir}/*.so.27* %files -n libneon-devel %defattr(-,root,root) -%doc %{_defaultdocdir}/%{name} %{_bindir}/neon-config %dir %{_includedir}/neon %{_includedir}/neon/*.h