Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2009-09-15 15:32:04 by S.P.Zeidler | Files touched by this commit (4) | |
Log message:
Pullup ticket 2894 - requested by tron
security update
Revisions pulled up:
- pkgsrc/www/neon/Makefile by patch
- pkgsrc/www/neon/PLIST by patch
- pkgsrc/www/neon/distinfo by patch
Files added:
pkgsrc/www/neon/patches/patch-ab by patch
Module Name: pkgsrc
Committed By: tron
Date: Mon Sep 14 16:48:44 UTC 2009
Modified Files:
pkgsrc/www/neon: Makefile PLIST distinfo
pkgsrc/www/neon/patches: patch-ab
Removed Files:
pkgsrc/www/neon/patches: patch-aa
Log message:
Update "neon" package to version 0.29. Changes since version 0.28.5:
* Interface changes:
o none, API and ABI backwards-compatible with 0.28.x and 0.27.x
* New interfaces and features:
o added NTLM auth support for Unix builds (Kai Sommerfeld,
Daniel Stenberg)
o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes
o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst)
o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(),
and ne_session.h:ne_session_socks_proxy()
o added support for system-default proxies: ne_session_system_proxy(),
implemented using libproxy where available
o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag,
SSL verification failure bits extended by NE_SSL_BADCHAIN and
NE_SSL_REVOKED, better handling of failures within the cert chain
(thanks to Ludwig Nussel)
o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(),
ne_iaddr_raw(), ne_iaddr_parse()
o ne_string.h: ne_buffer_qappend(), ne_strnqdup()
* Deprecated interfaces:
o ne_acl.h is obsoleted by ne_acl3744.h (but is still present)
o obsolete feature "NE_FEATURE_SOCKS" now never marked present
* Other changes:
o fix handling of "stale" flag in RFC2069-style Digest auth challenge
o ne_free() implemented as a function on Win32 (thanks to Helge Hess)
o symbol versioning used for new symbols, where supported
o ensure SSL connections are closed cleanly with OpenSSL
o fix build with OpenSSL 1.0 beta
o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a
certificate subject name; could allow an undetected MITM attack against
an SSL server if a trusted CA issues such a cert.
Tested by Daniel Horecki with SVN client.
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 pkgsrc/www/neon/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/neon/PLIST
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/neon/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/www/neon/patches/patch-aa
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/neon/patches/patch-ab
|
Next | Query returned 1 messages, browsing 1 to 10 | previous