OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Michael van Elst
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 04-Mar-2003 10:46:03
Branch: OPENPKG_1_STABLE Handle: 2003030409460100
Added files: (Branch: OPENPKG_1_STABLE)
openpkg-src/neon neon.patch
Modified files: (Branch: OPENPKG_1_STABLE)
openpkg-src/neon neon.spec
Log:
backport security-fix from neon-0.23.8
Summary:
Revision Changes Path
1.1.2.1 +62 -0 openpkg-src/neon/neon.patch
1.27.2.2 +3 -1 openpkg-src/neon/neon.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/neon/neon.patch
============================================================================
$ cvs diff -u -r0 -r1.1.2.1 neon.patch
--- /dev/null 2003-03-04 10:46:03.000000000 +0100
+++ neon.patch 2003-03-04 10:46:03.000000000 +0100
@@ -0,0 +1,62 @@
+--- src/ne_utils.c.dist Thu Jul 18 00:19:46 2002
++++ src/ne_utils.c Wed Feb 26 00:15:33 2003
+@@ -129,6 +129,17 @@
+ #endif
+ }
+
++/* Cleanse 'str' of non-printable characters. Duplicated in
++ * ne_session.c for the duration of neon 0.23.x to prevent ABI
++ * change. */
++static char *cleanse(char *str)
++{
++ char *pnt;
++ for (pnt = str; *pnt; pnt++)
++ if (iscntrl(*pnt) || !isprint(*pnt)) *pnt = ' ';
++ return str;
++}
++
+ int ne_parse_statusline(const char *status_line, ne_status *st)
+ {
+ const char *part;
+@@ -177,7 +188,7 @@
+ /* Fill in the results */
+ st->major_version = major;
+ st->minor_version = minor;
+- st->reason_phrase = ne_strdup(part);
++ st->reason_phrase = cleanse(ne_strdup(part));
+ st->code = status_code;
+ st->klass = klass;
+ return 0;
+--- src/ne_session.c.dist Tue Sep 17 22:08:01 2002
++++ src/ne_session.c Wed Feb 26 00:15:33 2003
+@@ -33,6 +33,8 @@
+ #include <errno.h>
+ #endif
+
++#include <ctype.h> /* for cleanse() */
++
+ #ifdef NEON_SSL
+ #include <openssl/ssl.h>
+ #include <openssl/err.h>
+@@ -242,9 +244,20 @@
+ uri->scheme = ne_strdup(sess->scheme);
+ }
+
++/* Cleanse 'str' of non-printable characters. Duplicated in
++ * ne_utils.c for the duration of neon 0.23.x to prevent ABI
++ * change. */
++static char *cleanse(char *str)
++{
++ char *pnt;
++ for (pnt = str; *pnt; pnt++)
++ if (iscntrl(*pnt) || !isprint(*pnt)) *pnt = ' ';
++ return str;
++}
++
+ const char *ne_get_error(ne_session *sess)
+ {
+- return sess->error;
++ return cleanse(sess->error);
+ }
+
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/neon/neon.spec
============================================================================
$ cvs diff -u -r1.27.2.1 -r1.27.2.2 neon.spec
--- openpkg-src/neon/neon.spec 18 Jan 2003 14:13:18 -0000 1.27.2.1
+++ openpkg-src/neon/neon.spec 4 Mar 2003 09:46:01 -0000 1.27.2.2
@@ -33,10 +33,11 @@
Group: Web
License: LGPL
Version: 0.23.6
-Release: 1.20030118
+Release: 1.20030304
# list of sources
Source0: http://www.webdav.org/neon/neon-%{version}.tar.gz
+Patch0: neon.patch
# build information
Prefix: %{l_prefix}
@@ -54,6 +55,7 @@
%prep
%setup -q
+ %patch -p0
%build
CC="%{l_cc}" \
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
