Subject: CVS commit: [pkgsrc-2009Q2] pkgsrc/www/neon
From: S.P.Zeidler
Date: 2009-09-15 15:32:04
Message id: 20090915133204.AA2D7175DA@cvs.netbsd.org

Log Message:
Pullup ticket 2894 - requested by tron
security update

Revisions pulled up:
- pkgsrc/www/neon/Makefile		by patch
- pkgsrc/www/neon/PLIST			by patch
- pkgsrc/www/neon/distinfo		by patch

Files added:
pkgsrc/www/neon/patches/patch-ab	by patch

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Mon Sep 14 16:48:44 UTC 2009

   Modified Files:
           pkgsrc/www/neon: Makefile PLIST distinfo
           pkgsrc/www/neon/patches: patch-ab
   Removed Files:
           pkgsrc/www/neon/patches: patch-aa

   Log Message:
   Update "neon" package to version 0.29. Changes since version 0.28.5:
   * Interface changes:
     o none, API and ABI backwards-compatible with 0.28.x and 0.27.x
   * New interfaces and features:
     o added NTLM auth support for Unix builds (Kai Sommerfeld,
       Daniel Stenberg)
     o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes
     o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst)
     o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(),
       and ne_session.h:ne_session_socks_proxy()
     o added support for system-default proxies: ne_session_system_proxy(),
       implemented using libproxy where available
     o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag,
       SSL verification failure bits extended by NE_SSL_BADCHAIN and
       NE_SSL_REVOKED, better handling of failures within the cert chain
       (thanks to Ludwig Nussel)
     o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(),
       ne_iaddr_raw(), ne_iaddr_parse()
     o ne_string.h: ne_buffer_qappend(), ne_strnqdup()
   * Deprecated interfaces:
     o ne_acl.h is obsoleted by ne_acl3744.h (but is still present)
     o obsolete feature "NE_FEATURE_SOCKS" now never marked present
   * Other changes:
     o fix handling of "stale" flag in RFC2069-style Digest auth challenge
     o ne_free() implemented as a function on Win32 (thanks to Helge Hess)
     o symbol versioning used for new symbols, where supported
     o ensure SSL connections are closed cleanly with OpenSSL
     o fix build with OpenSSL 1.0 beta
     o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
   * SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
     could allow a Denial of Service attack by a malicious server.
   * SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a
     certificate subject name; could allow an undetected MITM attack against
     an SSL server if a trusted CA issues such a cert.

   Tested by Daniel Horecki with SVN client.

   To generate a diff of this commit:
   cvs rdiff -u -r1.48 -r1.49 pkgsrc/www/neon/Makefile
   cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/neon/PLIST
   cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/neon/distinfo
   cvs rdiff -u -r1.1 -r0 pkgsrc/www/neon/patches/patch-aa
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/neon/patches/patch-ab

Files:
RevisionActionfile
1.45.2.1modifypkgsrc/www/neon/Makefile
1.18.2.1modifypkgsrc/www/neon/PLIST
1.18.2.1modifypkgsrc/www/neon/distinfo
1.2.2.2addpkgsrc/www/neon/patches/patch-ab