-------------------------------------------------------------------
Mon Feb 1 12:06:17 UTC 2010 - jengelh@medozas.de
- package baselibs.conf
-------------------------------------------------------------------
Thu Sep 10 17:07:03 CEST 2009 - prusnak@suse.cz
- fixed CVE-2009-2473 and CVE-2009-2474 [bnc#528370]
-------------------------------------------------------------------
Thu May 7 13:47:31 CEST 2009 - prusnak@suse.cz
- updated to 0.28.4
* GnuTLS support fixes:
- fix handling of PKCS#12 client certs with multiple certs or keys
- fix crash with OpenPGP certificate
- use pkg-config data in configure, in preference to libgnutls-config
* Add PKCS#11 support for OpenSSL builds (where pakchois is available)
* Fix small memory leak in PKCS#11 code
- enabled kerberos support (by adding krb5-devel to BuildRequires)
-------------------------------------------------------------------
Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Thu Aug 21 10:50:11 CEST 2008 - prusnak@suse.cz
- updated to 0.28.3
* SECURITY (CVE-2008-3746): Fix potential NULL pointer dereference in
Digest domain parameter support; could allow a DoS by a malicious server
* Fix parsing of *-Authenticate response header with LWS after quoted value
* Fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash)
* Fix to disable Nagle on Win32 with newer toolchain (thanks to Stefan Küng)
* Fix build on Netware (Guenter Knauf)
* Document existing ne_uri_parse() API postcondition and ne_uri_resolve()
pre/postconditions regarding the ->path field in ne_uri structures
* Mark ne_{,buffer_}concat with sentinel attribute for GCC >= 4.
* Distinguish the error message for an SSL handshake which fails after a
client cert was requested.
* Compile with PIC flags by default even for static library builds
-------------------------------------------------------------------
Tue Jun 3 13:31:44 CEST 2008 - coolo@suse.de
- require COPYING package
-------------------------------------------------------------------
Sun May 18 10:42:07 CEST 2008 - coolo@suse.de
- fix rename of xxbit packages
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Thu Apr 3 17:54:47 CEST 2008 - prusnak@suse.cz
- updated to 0.28.2
* Support "Proxy-Connection: Keep-Alive" for compatibility with HTTP/1.0
proxies which require persistent connections for NTLM authentication
* Fix an fd leak in ne_ssl_{,cli}cert_read (GnuTLS only)
* Enable fast initialization in GnuTLS.
(changes from 0.28.1)
* Fix build on SCO OpenServer 5.0.x (thanks to Nico Kadel-Garcia)
* Fix handling of Digest domain parameter values without a trailing slash
* Fix build against apr-util's bundled libexpat.la in Subversion
* Add --without-pakchois to configure (Arfrever Frehtes Taifersar Arahesis)
* zh message catalog renamed to zh_CN, translation updated (Dongsheng Song)
- disable make check, does not build on all archs
- dropped patch:
* digest.patch (included in update)
-------------------------------------------------------------------
Mon Mar 3 11:26:50 CET 2008 - olh@suse.de
- fix bug in digest domain parameter handling to fix svn commit
-------------------------------------------------------------------
Thu Feb 28 22:06:13 CET 2008 - crrodriguez@suse.de
- run the test suite to detect any possible regression
-------------------------------------------------------------------
Fri Feb 15 01:47:53 CET 2008 - crrodriguez@suse.de
- version 0.28.0
- Interface changes:
* none, API and ABI backwards-compatible with 0.27.x
- New interfaces:
* ne_pkcs11.h: added basic PKCS#11 support (requires GnuTLS and pakchois)
* ne_auth.h: added NE_AUTH_ALL and NE_AUTH_DEFAULT constants
* ne_socket.h: added ne_sock_peer(), ne_sock_prebind(), ne_sock_cipher()
* ne_session.h: NE_SESSFLAG_TLSSNI flag added; TLS SNI support is enabled by default, where supported; ne_set_localaddr() added
* ne_request.h: added close_conn hooks (Robert J. van der Boon)
* ne_basic.h: added ne_options2()
- Other changes:
* add Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
* add support for the 'domain' parameter in Digest authentication
* fix fd leak in ne_sock_connect() error path (Andrew Teirney)
* the FD_CLOEXEC flag is set on socket fds
* fix timezone handling in ne_dates for more platforms (Alessandro Vesely)
* fix ne_simple_propfind() to print XML namespaces in flat property values
* fix ne_get_range() for unspecified end-range case (Henrik Holst)
* fix ne_strclean() to be locale-independent and avoid possible Win32 crash
* fix ne_get_error() to not "clean" localized error strings
* fix ne_ssl_clicert_read() to fail for client certs missing cert or key
-------------------------------------------------------------------
Mon Nov 26 15:52:13 CET 2007 - crrodriguez@suse.de
- version 0.27.2
* Fix crash in GSSAPI Negotiate response header verification.
- Cleanup excessive dependencies on -devel package.
-------------------------------------------------------------------
Fri Oct 12 00:34:55 CEST 2007 - ro@suse.de
- add provides/obsoletes for neon-devel in libneon-devel
after package rename
-------------------------------------------------------------------
Tue Sep 25 11:52:53 CEST 2007 - prusnak@suse.cz
- update do 0.27.1
* New interfaces:
- ne_session.h: ne_fill_proxy_uri() retrieves configured proxy,
ne_hook_post_headers() adds a hook after response headers are read,
ne_set_connect_timeout() sets session connection timeout,
NE_SESSFLAG_RFC4918, NE_SESSFLAG_CONNAUTH flags added
- ne_socket.h: ne_sock_connect_timeout() sets connection timeout,
ne_iaddr_reverse() performs reverse DNS lookup
- ne_string.h: ne_buffer_snprintf() prints to a buffer object
- ne_xml.h: ne_xml_resolve_nspace() resolves namespace prefixes
* Interface changes:
- ne_set_notifier() replaces ne_set_status(); finer-grained and type-safe
connection status information now provided; obsoletes ne_set_progress()
- ne_xml_dispatch_request() now only invokes the XML parser for
response entities with an XML content-type, following RFC 3023 rules
- ne_acl_set() now takes a "const" entries array
- LFS compatibility functions *64 removed: all functions taking an
off_t now take an ne_off_t which is off64_t for LFS builds
* GnuTLS support now mostly feature-complete with OpenSSL support:
- greatly improved SSL distinguished name handling with GnuTLS >= 1.7.8
* Other changes:
- descriptive error messages for authentication failures
- SSPI support uses canonical DNS server name (Yves Martin)
- fixes for handling of "stale" parameter in Digest authentication
- added support for URIs in SSL server certificate subjectAltName field
- fix compiler warnings with expat 2.x
- fix handling of "Transfer-Encoding: identity" responses from privoxy
* Fix regression in response progress counter for notifier/progress callbacks
* Fix interface description for ne_set_notifier() callback; sr.total
is set to -1 not 0 for an indeterminate response length
-------------------------------------------------------------------
Tue Jul 17 10:43:17 CEST 2007 - prusnak@suse.cz
- update to 0.26.4
* Fix Negotiate Authentication-Info response header verification with GSSAPI
* Fix multiple handlers with ne_add_{server,proxy}_auth (Werner Baumann)
* Fix SSPI build with some versions of MinGW (Gisle Vanem)
* Fix for SSPI segfault in response header verification (Mike DiCuccio)
* Fix error strings for CONNECT SSL proxy tunnel request failure
* Fix install-nls for VPATH builds (Hans Meine)
* Fix use of unencrypted client certs with GnuTLS
* Fix ne_lock* If: header insertion to use CRLF-terminated headers
* Fix test suite failures on QNX by working around send() length limit
* Fix handling of POSIX strerror_r failure case in ne_strerror
* Fix alignment issues in test suite MD5 code
-------------------------------------------------------------------
Fri Apr 27 23:14:39 CEST 2007 - dmueller@suse.de
- fix buildrequires
-------------------------------------------------------------------
Tue Apr 17 19:00:40 CEST 2007 - prusnak@suse.cz
- updated spec file to reflect expat package split
-------------------------------------------------------------------
Sat Mar 31 18:41:15 CEST 2007 - rguenther@suse.de
- add zlib-devel BuildRequires
-------------------------------------------------------------------
Wed Jan 24 13:56:36 CET 2007 - prusnak@suse.cz
- update to 0.26.3
* build fix for platforms without libintl.h
* use Libs.private in neon.pc for newer versions of pkg-config
* fix error reported for LOCK responses lacking a Lock-Token header
* security fix CVE-2007-0157: fix buffer under-read in URI parser
* fix handling of "nextnonce" parameter in Digest authentication
- drop obsoleted patch from Jan 15 (included in update)
-------------------------------------------------------------------
Mon Jan 15 14:53:06 CET 2007 - olh@suse.de
- do not cast char pointers into int pointers (CVE-2007-0157 / #235083)
-------------------------------------------------------------------
Thu Jul 20 20:30:40 CEST 2006 - olh@suse.de
- update to 0.26.1
new API
- neon-devel requires openssl-devel zlib-devel expat
-------------------------------------------------------------------
Wed Jan 25 21:38:35 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Jun 29 21:27:13 CEST 2005 - olh@suse.de
- build with expat instead of libxml2, should speed up svn checkout
of large files (#94606)
-------------------------------------------------------------------
Wed Feb 2 16:32:10 CET 2005 - meissner@suse.de
- fix build with gcc4, added 2 sentinel mark ups.
-------------------------------------------------------------------
Sun Oct 17 11:50:41 CEST 2004 - olh@suse.de
- remove .so link from main package, its already in -devel
-------------------------------------------------------------------
Sat Sep 25 11:35:07 CEST 2004 - olh@suse.de
- update for gcc4, -Wimplicit-prototypes and inline
-------------------------------------------------------------------
Tue Jul 6 08:20:45 CEST 2004 - olh@suse.de
- update to 0.24.7
-------------------------------------------------------------------
Sun May 9 17:39:21 CEST 2004 - olh@suse.de
- add neon-CAN-2004-0398.patch (#39774)
-------------------------------------------------------------------
Thu Apr 1 13:18:41 CEST 2004 - olh@suse.de
- add CAN-2004-0179.diff (#37716)
-------------------------------------------------------------------
Thu Jan 22 18:41:36 CET 2004 - olh@suse.de
- update for gcc3.4, -Wimplicit-prototypes and inline
-------------------------------------------------------------------
Sat Jan 10 19:16:34 CET 2004 - adrian@suse.de
- add %defattr and %run_ldconfig
-------------------------------------------------------------------
Fri Nov 28 13:12:25 CET 2003 - mcihar@suse.cz
- updated to 0.24.4, some highlights:
* Major changes to XML interface
* Major changes to SSL interface
* Add a pkg-config file
* Tons of fixes
-------------------------------------------------------------------
Wed Apr 23 23:37:16 CEST 2003 - olh@suse.de
- update to 0.23.9
Changes in release 0.23.9:
* neon-config exports includes needed for OpenSSL given by
pkg-config.
* ne_redirect_location will return NULL if redirect hooks have
not been registered for the session (Ralf Mattes <rm@fabula.de>).
Changes in release 0.23.8:
* On Linux, skip slow lookup for IPv6 addresses when IPv6 support
is not loaded in kernel (thanks to Daniel Stenberg for this
technique).
* Update to autoconf 2.57 and libtool 1.4.3.
-------------------------------------------------------------------
Sat Mar 1 09:37:43 CET 2003 - olh@suse.de
- apply security fix from 0.23.8
* SECURITY: Prevent control characters from being included in the
reason_phrase field filled in by ne_parse_statusline(), and in
the session error string.
* Fix digest auth response verification for >9 responses in session
(bug manifests as "Server was not authenticated correctly" error).
-------------------------------------------------------------------
Tue Jan 28 10:20:13 CET 2003 - olh@suse.de
- update to 0.23.7
Changes in release 0.23.7:
* Fix for handling EINTR during write() call (Sergey N Ushakov).
* When available, use pkg-config to determine compiler flags
needed to use OpenSSL headers and libraries.
-------------------------------------------------------------------
Tue Jan 21 12:55:54 CET 2003 - olh@suse.de
- update to 0.23.6
-------------------------------------------------------------------
Sat Oct 12 13:18:20 CEST 2002 - olh@suse.de
- update to 0.23.5
move interface documentation to -devel
-------------------------------------------------------------------
Thu Sep 19 13:47:05 CEST 2002 - olh@suse.de
- update to 0.23.4, enable build with -g
-------------------------------------------------------------------
Sat Aug 31 13:01:58 CEST 2002 - poeml@suse.de
- update to 0.22.0, needed by subversion
-------------------------------------------------------------------
Fri Aug 9 19:27:15 CEST 2002 - olh@suse.de
- devel requires base package
-------------------------------------------------------------------
Fri Jul 26 23:18:22 CEST 2002 - adrian@suse.de
- fix neededforbuild
-------------------------------------------------------------------
Sun Jun 23 16:15:37 CEST 2002 - olh@suse.de
- update to 0.21.3
-------------------------------------------------------------------
Sat May 4 12:57:56 CEST 2002 - olh@suse.de
- initial SuSE package, version 0.20.0