pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/www/neon



Module Name:    pkgsrc
Committed By:   tron
Date:           Mon Sep 14 16:48:44 UTC 2009

Modified Files:
        pkgsrc/www/neon: Makefile PLIST distinfo
        pkgsrc/www/neon/patches: patch-ab
Removed Files:
        pkgsrc/www/neon/patches: patch-aa

Log Message:
Update "neon" package to version 0.29. Changes since version 0.28.5:
* Interface changes:
  o none, API and ABI backwards-compatible with 0.28.x and 0.27.x
* New interfaces and features:
  o added NTLM auth support for Unix builds (Kai Sommerfeld,
    Daniel Stenberg)
  o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes
  o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst)
  o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(),
    and ne_session.h:ne_session_socks_proxy()
  o added support for system-default proxies: ne_session_system_proxy(),
    implemented using libproxy where available
  o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag,
    SSL verification failure bits extended by NE_SSL_BADCHAIN and
    NE_SSL_REVOKED, better handling of failures within the cert chain
    (thanks to Ludwig Nussel)
  o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(),
    ne_iaddr_raw(), ne_iaddr_parse()
  o ne_string.h: ne_buffer_qappend(), ne_strnqdup()
* Deprecated interfaces:
  o ne_acl.h is obsoleted by ne_acl3744.h (but is still present)
  o obsolete feature "NE_FEATURE_SOCKS" now never marked present
* Other changes:
  o fix handling of "stale" flag in RFC2069-style Digest auth challenge
  o ne_free() implemented as a function on Win32 (thanks to Helge Hess)
  o symbol versioning used for new symbols, where supported
  o ensure SSL connections are closed cleanly with OpenSSL
  o fix build with OpenSSL 1.0 beta
  o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
  could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a
  certificate subject name; could allow an undetected MITM attack against
  an SSL server if a trusted CA issues such a cert.

Tested by Daniel Horecki with SVN client.


To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 pkgsrc/www/neon/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/neon/PLIST
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/neon/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/www/neon/patches/patch-aa
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/neon/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



Home | Main Index | Thread Index | Old Index