SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libneon27-0.32.5-slfo.1.1.5.x86_64.rpm :

* Sat Jan 28 2023 dmuellerAATTsuse.com- update to 0.32.5:
* NOTE: Since 0.32.0 the \"$KRB5_CONFIG\" environment variable is ignored when running configure. Use KRB5_CONF_TOOL instead to specify an alternative to /usr/bin/krb5-config.
* Fail for configure --with-gssapi if GSSAPI can\'t be enabled
* Add Georgian translation
* Fixes for Windows MSYS2/MinGW build, including cross-build
* Tue Sep 13 2022 dmuellerAATTsuse.com- update to 0.32.4:
* Fix Digest regression in allowing implicit algorithm= (issue #88)
* Fix Digest to safely allow spaces in usernames (without userhash)
* ne_ssl_trust_default_ca() now uses the system\'s trusted CAs with GnuTLS where supported (matching behaviour of OpenSSL)
* Improvements and fixes to Windows build (Chun-wei Fan)
* Fix finding pkg-config when cross-compiling (Hugh McMaster)
* Fix Digest cnonce entropy sources in non-SSL builds
* Fix cases where Digest usernames were rejected as non-ASCII
* Fix build failures with OpenSSL 1.1 on some platforms
* Sun Jan 23 2022 andreas.stiegerAATTgmx.de- update to 0.32.2:
* Fix auth handling for request-target of \"
*\"
* Sat Dec 11 2021 andreas.stiegerAATTgmx.de- update to 0.32.1:
* Fix configure CFLAGS handling in Kerberos detection.- includes changes from 0.32.0:
* NE_AUTH_DIGEST now only enables RFC 2617/7616 auth by default; to enable weaker RFC 2069 Digest, use NE_AUTH_LEGACY_DIGEST (treated as a security enhancement, not an API/ABI break)
* Interface additions and bug fixes- drop patches:
* neon-0.31.2-sha1-tests.patch
* neon-0.31.2-CA-tests.patch
* Thu Oct 08 2020 pmonrealAATTsuse.com- Disable tests fail_ca_
* that fail since OpenSSL update to 1.1.1h.
* Upstream report: https://github.com/notroj/neon/issues/38- Add neon-0.31.2-CA-tests.patch
* Thu Oct 08 2020 pmonrealAATTsuse.com- Disable fail_nul_
* tests broken with OpenSSL configured to reject certificates created with a SHA1.- Add neon-0.31.2-sha1-tests.patch
* Fri Aug 21 2020 dmuellerAATTsuse.com- update to 0.31.2:
* Fix ne_md5_read_ctx() with OpenSSL on big-endian architectures.
* Fix GCC 10 warning in PKCS#11 build.
* Fix OpenSSL build w/o deprecated APIs (Rosen Penev).
* Fix unnecessary MD5 test for non-Digest auth (Sebastian Reschke).
* Fix hang on SSL connection close with IIS (issue #11).
* Fix ar, ranlib detection when cross-compiling (Sergei Trofimovich).
* Mon Jun 01 2020 vcizekAATTsuse.com- Update to 0.31.1 ADMIN: The neon website has moved to https://notroj.github.io/neon/ Restore ne_md5_read_ctx() in OpenSSL build. Fix gcc warnings on Ubuntu (Jan-Marek Glogowski). Fix various spelling mistakes in docs and headers (thanks to FOSSIES). Fix ne_asctime_parse() (Eugenij-W). Fix build with LibreSSL (Juan RP). Interface changes: none, API and ABI backwards-compatible with 0.27.x and later New interfaces and features: add more gcc “nonnull” attributes to ne_request_
* functions. for OpenSSL builds, ne_md5 code uses the OpenSSL implementation add NE_SESSFLAG_SHAREPOINT session flag which enables workarounds for RFC non-compliance issues in Sharepoint ne_uri.h: add ne_path_escapef() in support of above ne_207.h: add ne_207_set_flags() likewise in support of above API clarification: ne_version_match() behaviour now matches actual 0.27+ ABI history Bug fixes: fixes for OpenSSL 1.1.1 and TLSv1.3 support fix crash with GnuTLS in client cert support (Henrik Holst) fix possible crash in ne_set_request_flag() fix build with libxml2 2.9.10 and later fix handling lock timeouts >LONG_MAX (Giuseppe Castagno)- Upstream has moved to https://notroj.github.io/neon/
* tarball checksums are no longer provided- Drop upstreamed patches:
* neon-0.30.2-nulcert.patch
* neon-0.30.2_ssl-fix_timeout_retvals.patch
* Thu Sep 12 2019 vcizekAATTsuse.com- Drop unnecessary requirement for OpenSSL 1.1.1- Apply neon-0.30.2_ssl-fix_timeout_retvals.patch only when building with OpenSSL 1.1.1 (bsc#1149792)
* Mon Aug 19 2019 lnusselAATTsuse.de- fix testsuite fail due to expired nulcerts (neon-0.30.2-nulcert.patch)
* Fri Oct 19 2018 idonmezAATTsuse.com- BuildRequires libopenssl-1_1-devel >= 1.1.1 becase build fails with 1.1.0
* Fri Oct 19 2018 jengelhAATTinai.de- Remove pointless --with-pic (because of --disable-static)
* Thu Oct 18 2018 jsikesAATTsuse.de- Disabled some tests due to behavior change in underlying OpenSSL.- Replaced error message string to match new message from OpenSSL.- Add neon-0.30.2_ssl-fix_timeout_retvals.patch implementing these two changes.
* Mon Oct 01 2018 jsikesAATTsuse.de- replaced libopenssl-devel with libopenssl-1_1-devel
* Tue Mar 20 2018 adam.majerAATTsuse.de- Install license- replace_manpage_with_links.sh: replace named links with symlinks and stop using fdupes as it just linked linked manpages
* Mon Mar 19 2018 marco.striglAATTsuse.com- fixed flaky timeout tests for ppc64le (bsc#1085850)
* fix_timeout_tests_for_ppc64le.patch
* Wed Aug 23 2017 vcizekAATTsuse.com- Update to 0.30.2 Add support for OpenSSL 1.1.x (Kurt Roeckx). Fix PKCS#11 support under GnuTLS 3.x. PKCS#11 API no longer supported with GnuTLS 2.x- cleaned the .spec
* Wed Mar 04 2015 mpluskalAATTsuse.com- Cleanup spec file with spec-cleaner- Add gpg signature- Enable tests- Use fdupes to remove duplicates- Update to 0.30.1
* small changes, for details see included ChangeLog
* Wed Aug 21 2013 crrodriguezAATTopensuse.org- version 0.30.0
* drop neon-openssl-version.patch
* API and ABI backwards-compatible with 0.27.x and later
* ne_path_escape: fix excessive memory allocation
* added ne_ssl_clicert_import, ne_ssl_context_get_flag, ne_set_addrlist2, added ne_addr_canonical..
* support chunked bodies with negative length passed to ne_set_request_body_provider
* Wed Aug 21 2013 crrodriguezAATTopensuse.org- permanently drop neon-aes-ni.patch which is not applied and obsolete, bug in openSSL already fixed and the ENGINE loading issue addressed in a different fashion.
* Wed Jun 06 2012 meissnerAATTsuse.de- disable explicit openssl version check. openssl 1.0 is stable api wise. [bnc#764906]
* Fri May 04 2012 lnusselAATTsuse.de- don\'t use ca-bundle.pem. neon correctly uses openssl\'s default instead (ie the /etc/ssl/certs directory)
* Mon Jan 30 2012 dmacvicarAATTsuse.de- build with libproxy- make expat explicit in configure- pass ca-bundle.pem to configure
* Mon Jan 30 2012 dmacvicarAATTsuse.de- build with NE_FEATURE_TS_SSL (thread-safe SSL)
* Mon Nov 21 2011 jengelhAATTmedozas.de- Remove redundant/unwanted tags/section (cf. specfile guidelines)
* Sun Nov 20 2011 cooloAATTsuse.com- add libtool as buildrequire to avoid implicit dependency
* Tue Oct 18 2011 dmuellerAATTsuse.de- remove neon-aes-ni.patch temporarily (bnc#720601)
* Mon Sep 05 2011 crrodriguezAATTopensuse.org- test suite hangs or fails in the OBS, but works locally disable it.
* Mon Sep 05 2011 crrodriguezAATTopensuse.org- Load openssl engines as well, needed to support AES-NI, fast/hardware provided hash functions and Ivy bridge\'s RDRAND instruction.
* Thu Jul 21 2011 dmuellerAATTsuse.de- update to 0.29.6:
* Don\'t abort SSL handshake with GnuTLS if a client cert is requested but none is configured/available
* Fix GnuTLS build with Nettle
* Fix the method string passed to create_request hooks to have the same lifetime as the request object
* Docs updates.
* Fix GnuTLS handshakes failures with \'TLS warning alert\'
* Fix SNI support
* Fix possible Solaris linker errors if building static library
* Fix error handling when pulling a request body from an file
* Fix ne_request_dispatch() return value for SOCKS proxy failure cases
* Tighten SSL cert ID checks to deny a wildcard match against an IP address
* Thu May 12 2011 lnusselAATTsuse.de- Obsoletes: neon must be in the lib package. Otherwise libneon-devel gets installed as replacement for neon on distro upgrade, drawing in lots of other devel stuff.
* Sun Aug 22 2010 dimstarAATTopensuse.org- Update to version 0.29.3 + Change ne_sock_close() to no longer wait for SSL closure alert + Fix memory leak with GnuTLS + API clarification in ne_sock_close()- Changes from version 0.29.2: + Fix spurious \'certificate verify failed\' errors with OpenSSL + Fix unnecessary re-authentication with SSPI- Changes from version 0.29.1: + Fixes for (Unix) NTLM implementation: - fix handling of session timeout - fix possible crash + Build fixes for Win32: + Fix build with versions of GnuTLS older than 2.8.0.- Changes from version 0.29.0: + New interfaces and features: - added NTLM auth support for Unix builds - ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes - added ne_acl3744.h, updated WebDAV ACL support - added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(), and ne_session.h:ne_session_socks_proxy() - added support for system-default proxies: ne_session_system_proxy(), implemented using libproxy - ne_session.h: added NE_SESSFLAG_EXPECT100 session flag, SSL verification failure bits extended by NE_SSL_BADCHAIN and NE_SSL_REVOKED, better handling of failures within the cert chain - ne_utils.h: added feature code NE_FEATURE_SYSPROXY - ne_socket.h: ne_sock_writev(), ne_sock_set_error(), ne_iaddr_raw(), ne_iaddr_parse() - ne_string.h: ne_buffer_qappend(), ne_strnqdup()- Changes from version 0.28.6: + SECURITY (CVE-2009-2473): Fix \"billion laughs\" attack against expat; + SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a certificate subject name with OpenSSL; + Changes from version 0.28.5: + Enable support for X.509v1 CA certificates in GnuTLS. + Fix handling of EINTR in connect() calls. + Fix use of builds with SOCK_CLOEXEC support on older Linux kernels.- Add libproxy-devel BuildRequires- Clean spec file using spec-cleaner.- Drop upstream included patches: + neon-0.28.4-CVE-2009-2473,2474.patch + neon-openssl.patch- Drop the main package. It avoids the lib from being installed in different versions and generally only contained coders doc. => provide / obsolete neon by libneon-devel.
* Sun Apr 18 2010 cooloAATTnovell.com- take patch from upstream to fix openssl linkage
* Mon Feb 01 2010 jengelhAATTmedozas.de- package baselibs.conf
* Thu Sep 10 2009 prusnakAATTsuse.cz- fixed CVE-2009-2473 and CVE-2009-2474 [bnc#528370]
* Thu May 07 2009 prusnakAATTsuse.cz- updated to 0.28.4
* GnuTLS support fixes: - fix handling of PKCS#12 client certs with multiple certs or keys - fix crash with OpenPGP certificate - use pkg-config data in configure, in preference to libgnutls-config
* Add PKCS#11 support for OpenSSL builds (where pakchois is available)
* Fix small memory leak in PKCS#11 code- enabled kerberos support (by adding krb5-devel to BuildRequires)
* Wed Jan 07 2009 olhAATTsuse.de- obsolete old -XXbit packages (bnc#437293)
* Thu Aug 21 2008 prusnakAATTsuse.cz- updated to 0.28.3
* SECURITY (CVE-2008-3746): Fix potential NULL pointer dereference in Digest domain parameter support; could allow a DoS by a malicious server
* Fix parsing of
*-Authenticate response header with LWS after quoted value
* Fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash)
* Fix to disable Nagle on Win32 with newer toolchain (thanks to Stefan Küng)
* Fix build on Netware (Guenter Knauf)
* Document existing ne_uri_parse() API postcondition and ne_uri_resolve() pre/postconditions regarding the ->path field in ne_uri structures
* Mark ne_{,buffer_}concat with sentinel attribute for GCC >= 4.
* Distinguish the error message for an SSL handshake which fails after a client cert was requested.
* Compile with PIC flags by default even for static library builds
* Tue Jun 03 2008 cooloAATTsuse.de- require COPYING package
* Sun May 18 2008 cooloAATTsuse.de- fix rename of xxbit packages
* Thu Apr 10 2008 roAATTsuse.de- added baselibs.conf file to build xxbit packages for multilib support
* Thu Apr 03 2008 prusnakAATTsuse.cz- updated to 0.28.2
* Support \"Proxy-Connection: Keep-Alive\" for compatibility with HTTP/1.0 proxies which require persistent connections for NTLM authentication
* Fix an fd leak in ne_ssl_{,cli}cert_read (GnuTLS only)
* Enable fast initialization in GnuTLS. (changes from 0.28.1)
* Fix build on SCO OpenServer 5.0.x (thanks to Nico Kadel-Garcia)
* Fix handling of Digest domain parameter values without a trailing slash
* Fix build against apr-util\'s bundled libexpat.la in Subversion
* Add --without-pakchois to configure (Arfrever Frehtes Taifersar Arahesis)
* zh message catalog renamed to zh_CN, translation updated (Dongsheng Song)- disable make check, does not build on all archs- dropped patch:
* digest.patch (included in update)
* Mon Mar 03 2008 olhAATTsuse.de- fix bug in digest domain parameter handling to fix svn commit
* Thu Feb 28 2008 crrodriguezAATTsuse.de- run the test suite to detect any possible regression
* Fri Feb 15 2008 crrodriguezAATTsuse.de- version 0.28.0- Interface changes:
* none, API and ABI backwards-compatible with 0.27.x- New interfaces:
* ne_pkcs11.h: added basic PKCS#11 support (requires GnuTLS and pakchois)
* ne_auth.h: added NE_AUTH_ALL and NE_AUTH_DEFAULT constants
* ne_socket.h: added ne_sock_peer(), ne_sock_prebind(), ne_sock_cipher()
* ne_session.h: NE_SESSFLAG_TLSSNI flag added; TLS SNI support is enabled by default, where supported; ne_set_localaddr() added
* ne_request.h: added close_conn hooks (Robert J. van der Boon)
* ne_basic.h: added ne_options2()- Other changes:
* add Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
* add support for the \'domain\' parameter in Digest authentication
* fix fd leak in ne_sock_connect() error path (Andrew Teirney)
* the FD_CLOEXEC flag is set on socket fds
* fix timezone handling in ne_dates for more platforms (Alessandro Vesely)
* fix ne_simple_propfind() to print XML namespaces in flat property values
* fix ne_get_range() for unspecified end-range case (Henrik Holst)
* fix ne_strclean() to be locale-independent and avoid possible Win32 crash
* fix ne_get_error() to not \"clean\" localized error strings
* fix ne_ssl_clicert_read() to fail for client certs missing cert or key
* Mon Nov 26 2007 crrodriguezAATTsuse.de- version 0.27.2
* Fix crash in GSSAPI Negotiate response header verification.- Cleanup excessive dependencies on -devel package.
* Thu Oct 11 2007 roAATTsuse.de- add provides/obsoletes for neon-devel in libneon-devel after package rename
* Tue Sep 25 2007 prusnakAATTsuse.cz- update do 0.27.1
* New interfaces: - ne_session.h: ne_fill_proxy_uri() retrieves configured proxy, ne_hook_post_headers() adds a hook after response headers are read, ne_set_connect_timeout() sets session connection timeout, NE_SESSFLAG_RFC4918, NE_SESSFLAG_CONNAUTH flags added - ne_socket.h: ne_sock_connect_timeout() sets connection timeout, ne_iaddr_reverse() performs reverse DNS lookup - ne_string.h: ne_buffer_snprintf() prints to a buffer object - ne_xml.h: ne_xml_resolve_nspace() resolves namespace prefixes
* Interface changes: - ne_set_notifier() replaces ne_set_status(); finer-grained and type-safe connection status information now provided; obsoletes ne_set_progress() - ne_xml_dispatch_request() now only invokes the XML parser for response entities with an XML content-type, following RFC 3023 rules - ne_acl_set() now takes a \"const\" entries array - LFS compatibility functions
*64 removed: all functions taking an off_t now take an ne_off_t which is off64_t for LFS builds
* GnuTLS support now mostly feature-complete with OpenSSL support: - greatly improved SSL distinguished name handling with GnuTLS >= 1.7.8
* Other changes: - descriptive error messages for authentication failures - SSPI support uses canonical DNS server name (Yves Martin) - fixes for handling of \"stale\" parameter in Digest authentication - added support for URIs in SSL server certificate subjectAltName field - fix compiler warnings with expat 2.x - fix handling of \"Transfer-Encoding: identity\" responses from privoxy
* Fix regression in response progress counter for notifier/progress callbacks
* Fix interface description for ne_set_notifier() callback; sr.total is set to -1 not 0 for an indeterminate response length
* Tue Jul 17 2007 prusnakAATTsuse.cz- update to 0.26.4
* Fix Negotiate Authentication-Info response header verification with GSSAPI
* Fix multiple handlers with ne_add_{server,proxy}_auth (Werner Baumann)
* Fix SSPI build with some versions of MinGW (Gisle Vanem)
* Fix for SSPI segfault in response header verification (Mike DiCuccio)
* Fix error strings for CONNECT SSL proxy tunnel request failure
* Fix install-nls for VPATH builds (Hans Meine)
* Fix use of unencrypted client certs with GnuTLS
* Fix ne_lock
* If: header insertion to use CRLF-terminated headers
* Fix test suite failures on QNX by working around send() length limit
* Fix handling of POSIX strerror_r failure case in ne_strerror
* Fix alignment issues in test suite MD5 code
* Fri Apr 27 2007 dmuellerAATTsuse.de- fix buildrequires
* Tue Apr 17 2007 prusnakAATTsuse.cz- updated spec file to reflect expat package split
* Sat Mar 31 2007 rguentherAATTsuse.de- add zlib-devel BuildRequires
* Wed Jan 24 2007 prusnakAATTsuse.cz- update to 0.26.3
* build fix for platforms without libintl.h
* use Libs.private in neon.pc for newer versions of pkg-config
* fix error reported for LOCK responses lacking a Lock-Token header
* security fix CVE-2007-0157: fix buffer under-read in URI parser
* fix handling of \"nextnonce\" parameter in Digest authentication- drop obsoleted patch from Jan 15 (included in update)
* Mon Jan 15 2007 olhAATTsuse.de- do not cast char pointers into int pointers (CVE-2007-0157 / #235083)
* Thu Jul 20 2006 olhAATTsuse.de- update to 0.26.1 new API- neon-devel requires openssl-devel zlib-devel expat
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Wed Jun 29 2005 olhAATTsuse.de- build with expat instead of libxml2, should speed up svn checkout of large files (#94606)
* Wed Feb 02 2005 meissnerAATTsuse.de- fix build with gcc4, added 2 sentinel mark ups.
* Sun Oct 17 2004 olhAATTsuse.de- remove .so link from main package, its already in -devel
* Sat Sep 25 2004 olhAATTsuse.de- update for gcc4, -Wimplicit-prototypes and inline
* Tue Jul 06 2004 olhAATTsuse.de- update to 0.24.7
* Sun May 09 2004 olhAATTsuse.de- add neon-CAN-2004-0398.patch (#39774)
* Thu Apr 01 2004 olhAATTsuse.de- add CAN-2004-0179.diff (#37716)
* Thu Jan 22 2004 olhAATTsuse.de- update for gcc3.4, -Wimplicit-prototypes and inline
* Sat Jan 10 2004 adrianAATTsuse.de- add %defattr and %run_ldconfig
* Fri Nov 28 2003 mciharAATTsuse.cz- updated to 0.24.4, some highlights:
* Major changes to XML interface
* Major changes to SSL interface
* Add a pkg-config file
* Tons of fixes
* Wed Apr 23 2003 olhAATTsuse.de- update to 0.23.9 Changes in release 0.23.9:
* neon-config exports includes needed for OpenSSL given by pkg-config.
* ne_redirect_location will return NULL if redirect hooks have not been registered for the session (Ralf Mattes ). Changes in release 0.23.8:
* On Linux, skip slow lookup for IPv6 addresses when IPv6 support is not loaded in kernel (thanks to Daniel Stenberg for this technique).
* Update to autoconf 2.57 and libtool 1.4.3.
* Sat Mar 01 2003 olhAATTsuse.de- apply security fix from 0.23.8
* SECURITY: Prevent control characters from being included in the reason_phrase field filled in by ne_parse_statusline(), and in the session error string.
* Fix digest auth response verification for >9 responses in session (bug manifests as \"Server was not authenticated correctly\" error).
* Tue Jan 28 2003 olhAATTsuse.de- update to 0.23.7 Changes in release 0.23.7:
* Fix for handling EINTR during write() call (Sergey N Ushakov).
* When available, use pkg-config to determine compiler flags needed to use OpenSSL headers and libraries.
* Tue Jan 21 2003 olhAATTsuse.de- update to 0.23.6
* Sat Oct 12 2002 olhAATTsuse.de- update to 0.23.5 move interface documentation to -devel
* Thu Sep 19 2002 olhAATTsuse.de- update to 0.23.4, enable build with -g
* Sat Aug 31 2002 poemlAATTsuse.de- update to 0.22.0, needed by subversion
* Fri Aug 09 2002 olhAATTsuse.de- devel requires base package
* Fri Jul 26 2002 adrianAATTsuse.de- fix neededforbuild
* Sun Jun 23 2002 olhAATTsuse.de- update to 0.21.3
* Sat May 04 2002 olhAATTsuse.de- initial SuSE package, version 0.20.0
  
ICM