head 1.39; access; symbols pkgsrc-2023Q4:1.38.0.8 pkgsrc-2023Q4-base:1.38 pkgsrc-2023Q3:1.38.0.6 pkgsrc-2023Q3-base:1.38 pkgsrc-2023Q2:1.38.0.4 pkgsrc-2023Q2-base:1.38 pkgsrc-2023Q1:1.38.0.2 pkgsrc-2023Q1-base:1.38 pkgsrc-2022Q4:1.37.0.4 pkgsrc-2022Q4-base:1.37 pkgsrc-2022Q3:1.37.0.2 pkgsrc-2022Q3-base:1.37 pkgsrc-2022Q2:1.35.0.4 pkgsrc-2022Q2-base:1.35 pkgsrc-2022Q1:1.35.0.2 pkgsrc-2022Q1-base:1.35 pkgsrc-2021Q4:1.34.0.2 pkgsrc-2021Q4-base:1.34 pkgsrc-2021Q3:1.30.0.6 pkgsrc-2021Q3-base:1.30 pkgsrc-2021Q2:1.30.0.4 pkgsrc-2021Q2-base:1.30 pkgsrc-2021Q1:1.30.0.2 pkgsrc-2021Q1-base:1.30 pkgsrc-2020Q4:1.28.0.34 pkgsrc-2020Q4-base:1.28 pkgsrc-2020Q3:1.28.0.32 pkgsrc-2020Q3-base:1.28 pkgsrc-2020Q2:1.28.0.28 pkgsrc-2020Q2-base:1.28 pkgsrc-2020Q1:1.28.0.8 pkgsrc-2020Q1-base:1.28 pkgsrc-2019Q4:1.28.0.30 pkgsrc-2019Q4-base:1.28 pkgsrc-2019Q3:1.28.0.26 pkgsrc-2019Q3-base:1.28 pkgsrc-2019Q2:1.28.0.24 pkgsrc-2019Q2-base:1.28 pkgsrc-2019Q1:1.28.0.22 pkgsrc-2019Q1-base:1.28 pkgsrc-2018Q4:1.28.0.20 pkgsrc-2018Q4-base:1.28 pkgsrc-2018Q3:1.28.0.18 pkgsrc-2018Q3-base:1.28 pkgsrc-2018Q2:1.28.0.16 pkgsrc-2018Q2-base:1.28 pkgsrc-2018Q1:1.28.0.14 pkgsrc-2018Q1-base:1.28 pkgsrc-2017Q4:1.28.0.12 pkgsrc-2017Q4-base:1.28 pkgsrc-2017Q3:1.28.0.10 pkgsrc-2017Q3-base:1.28 pkgsrc-2017Q2:1.28.0.6 pkgsrc-2017Q2-base:1.28 pkgsrc-2017Q1:1.28.0.4 pkgsrc-2017Q1-base:1.28 pkgsrc-2016Q4:1.28.0.2 pkgsrc-2016Q4-base:1.28 pkgsrc-2016Q3:1.27.0.8 pkgsrc-2016Q3-base:1.27 pkgsrc-2016Q2:1.27.0.6 pkgsrc-2016Q2-base:1.27 pkgsrc-2016Q1:1.27.0.4 pkgsrc-2016Q1-base:1.27 pkgsrc-2015Q4:1.27.0.2 pkgsrc-2015Q4-base:1.27 pkgsrc-2015Q3:1.26.0.8 pkgsrc-2015Q3-base:1.26 pkgsrc-2015Q2:1.26.0.6 pkgsrc-2015Q2-base:1.26 pkgsrc-2015Q1:1.26.0.4 pkgsrc-2015Q1-base:1.26 pkgsrc-2014Q4:1.26.0.2 pkgsrc-2014Q4-base:1.26 pkgsrc-2014Q3:1.25.0.8 pkgsrc-2014Q3-base:1.25 pkgsrc-2014Q2:1.25.0.6 pkgsrc-2014Q2-base:1.25 pkgsrc-2014Q1:1.25.0.4 pkgsrc-2014Q1-base:1.25 pkgsrc-2013Q4:1.25.0.2 pkgsrc-2013Q4-base:1.25 pkgsrc-2013Q3:1.24.0.16 pkgsrc-2013Q3-base:1.24 pkgsrc-2013Q2:1.24.0.14 pkgsrc-2013Q2-base:1.24 pkgsrc-2013Q1:1.24.0.12 pkgsrc-2013Q1-base:1.24 pkgsrc-2012Q4:1.24.0.10 pkgsrc-2012Q4-base:1.24 pkgsrc-2012Q3:1.24.0.8 pkgsrc-2012Q3-base:1.24 pkgsrc-2012Q2:1.24.0.6 pkgsrc-2012Q2-base:1.24 pkgsrc-2012Q1:1.24.0.4 pkgsrc-2012Q1-base:1.24 pkgsrc-2011Q4:1.24.0.2 pkgsrc-2011Q4-base:1.24 pkgsrc-2011Q3:1.23.0.14 pkgsrc-2011Q3-base:1.23 pkgsrc-2011Q2:1.23.0.12 pkgsrc-2011Q2-base:1.23 pkgsrc-2011Q1:1.23.0.10 pkgsrc-2011Q1-base:1.23 pkgsrc-2010Q4:1.23.0.8 pkgsrc-2010Q4-base:1.23 pkgsrc-2010Q3:1.23.0.6 pkgsrc-2010Q3-base:1.23 pkgsrc-2010Q2:1.23.0.4 pkgsrc-2010Q2-base:1.23 pkgsrc-2010Q1:1.23.0.2 pkgsrc-2010Q1-base:1.23 pkgsrc-2009Q4:1.21.0.4 pkgsrc-2009Q4-base:1.21 pkgsrc-2009Q3:1.21.0.2 pkgsrc-2009Q3-base:1.21 pkgsrc-2009Q2:1.18.0.2 pkgsrc-2009Q2-base:1.18 pkgsrc-2009Q1:1.17.0.22 pkgsrc-2009Q1-base:1.17 pkgsrc-2008Q4:1.17.0.20 pkgsrc-2008Q4-base:1.17 pkgsrc-2008Q3:1.17.0.18 pkgsrc-2008Q3-base:1.17 cube-native-xorg:1.17.0.16 cube-native-xorg-base:1.17 pkgsrc-2008Q2:1.17.0.14 pkgsrc-2008Q2-base:1.17 cwrapper:1.17.0.12 pkgsrc-2008Q1:1.17.0.10 pkgsrc-2008Q1-base:1.17 pkgsrc-2007Q4:1.17.0.8 pkgsrc-2007Q4-base:1.17 pkgsrc-2007Q3:1.17.0.6 pkgsrc-2007Q3-base:1.17 pkgsrc-2007Q2:1.17.0.4 pkgsrc-2007Q2-base:1.17 pkgsrc-2007Q1:1.17.0.2 pkgsrc-2007Q1-base:1.17 pkgsrc-2006Q4:1.16.0.8 pkgsrc-2006Q4-base:1.16 pkgsrc-2006Q3:1.16.0.6 pkgsrc-2006Q3-base:1.16 pkgsrc-2006Q2:1.16.0.4 pkgsrc-2006Q2-base:1.16 pkgsrc-2006Q1:1.16.0.2 pkgsrc-2006Q1-base:1.16 pkgsrc-2005Q4:1.14.0.8 pkgsrc-2005Q4-base:1.14 pkgsrc-2005Q3:1.14.0.6 pkgsrc-2005Q3-base:1.14 pkgsrc-2005Q2:1.14.0.4 pkgsrc-2005Q2-base:1.14 pkgsrc-2005Q1:1.14.0.2 pkgsrc-2005Q1-base:1.14 pkgsrc-2004Q4:1.13.0.4 pkgsrc-2004Q4-base:1.13 pkgsrc-2004Q3:1.13.0.2 pkgsrc-2004Q3-base:1.13 pkgsrc-2004Q2:1.12.0.2 pkgsrc-2004Q2-base:1.12 pkgsrc-2004Q1:1.10.0.2 pkgsrc-2004Q1-base:1.10 pkgsrc-2003Q4:1.9.0.2 pkgsrc-2003Q4-base:1.9 netbsd-1-6-1:1.7.0.2 netbsd-1-6-1-base:1.7 netbsd-1-6:1.3.0.4 netbsd-1-6-RELEASE-base:1.3 pkgviews:1.2.0.4 pkgviews-base:1.2 buildlink2:1.2.0.2 buildlink2-base:1.3 netbsd-1-5-PATCH003:1.2 pkgsrc-base:1.1.1.2 TNF:1.1.1; locks; strict; comment @# @; 1.39 date 2024.02.14.08.22.39; author wiz; state Exp; branches; next 1.38; commitid cOMIgSWzAkOLonYE; 1.38 date 2023.01.22.13.17.19; author wiz; state Exp; branches; next 1.37; commitid gXHzXK7WJrO4vxaE; 1.37 date 2022.09.18.11.47.54; author wiz; state Exp; branches; next 1.36; commitid DOvor0donXHv3lUD; 1.36 date 2022.09.11.13.47.25; author wiz; state Exp; branches; next 1.35; commitid 8HCfmexMwHOtWrTD; 1.35 date 2022.01.16.23.11.03; author wiz; state Exp; branches; next 1.34; commitid 5MpfBThjsK58IUoD; 1.34 date 2021.10.26.11.29.41; author nia; state Exp; branches; next 1.33; commitid Gv0TNLbuylhFsjeD; 1.33 date 2021.10.09.10.59.21; author wiz; state Exp; branches; next 1.32; commitid WFrcqW8qZsKpQ7cD; 1.32 date 2021.10.09.10.54.12; author wiz; state Exp; branches; next 1.31; commitid fNbOH96J1bKAO7cD; 1.31 date 2021.10.07.15.07.24; author nia; state Exp; branches; next 1.30; commitid kEwAbZZbki9jhTbD; 1.30 date 2021.02.06.06.33.11; author ryoon; state Exp; branches; next 1.29; commitid 0mUWiVnnzzlnfCGC; 1.29 date 2021.01.13.09.26.42; author nia; state Exp; branches; next 1.28; commitid 80FxfsB9VQTKYxDC; 1.28 date 2016.10.03.12.26.22; author wiz; state Exp; branches; next 1.27; commitid cO2amP7QaQShdHoz; 1.27 date 2015.11.04.02.46.58; author agc; state Exp; branches; next 1.26; commitid iQwY7gbw5lDHJIHy; 1.26 date 2014.10.01.16.10.53; author wiz; state Exp; branches; next 1.25; commitid KyWzocmUewW61wSx; 1.25 date 2013.10.22.11.44.39; author wiz; state Exp; branches; next 1.24; commitid aNtV6YeRZxnkBhax; 1.24 date 2011.12.15.15.19.35; author drochner; state Exp; branches; next 1.23; 1.23 date 2010.03.11.12.24.58; author gdt; state Exp; branches; next 1.22; 1.22 date 2010.03.11.00.05.19; author gdt; state Exp; branches; next 1.21; 1.21 date 2009.09.14.16.48.43; author tron; state Exp; branches; next 1.20; 1.20 date 2009.07.24.18.06.04; author drochner; state Exp; branches; next 1.19; 1.19 date 2009.07.24.15.18.24; author tnn; state Exp; branches; next 1.18; 1.18 date 2009.04.06.12.54.06; author markd; state Exp; branches 1.18.2.1; next 1.17; 1.17 date 2007.03.11.21.01.31; author adam; state Exp; branches; next 1.16; 1.16 date 2006.01.23.03.19.42; author epg; state Exp; branches; next 1.15; 1.15 date 2006.01.02.21.01.59; author epg; state Exp; branches; next 1.14; 1.14 date 2005.02.24.14.08.34; author wiz; state Exp; branches; next 1.13; 1.13 date 2004.07.14.16.20.30; author epg; state Exp; branches; next 1.12; 1.12 date 2004.05.19.11.03.29; author drochner; state Exp; branches; next 1.11; 1.11 date 2004.04.16.12.34.54; author xtraeme; state Exp; branches; next 1.10; 1.10 date 2003.12.04.17.00.58; author recht; state Exp; branches 1.10.2.1; next 1.9; 1.9 date 2003.09.10.04.34.09; author epg; state Exp; branches; next 1.8; 1.8 date 2003.05.09.15.44.10; author drochner; state Exp; branches; next 1.7; 1.7 date 2003.01.30.10.52.55; author drochner; state Exp; branches; next 1.6; 1.6 date 2003.01.22.16.23.40; author jmmv; state Exp; branches; next 1.5; 1.5 date 2002.11.25.20.01.43; author wiz; state Exp; branches; next 1.4; 1.4 date 2002.08.25.18.40.24; author jlam; state Exp; branches; next 1.3; 1.3 date 2002.08.03.01.24.53; author hubertf; state Exp; branches; next 1.2; 1.2 date 2002.04.01.01.28.04; author uebayasi; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2002.01.13.19.29.02; author agc; state Exp; branches 1.1.1.1; next ; 1.18.2.1 date 2009.09.15.13.32.04; author spz; state Exp; branches; next ; 1.10.2.1 date 2004.04.27.08.50.25; author agc; state Exp; branches; next ; 1.2.2.1 date 2002.08.22.11.13.01; author jlam; state Exp; branches; next ; 1.1.1.1 date 2002.01.13.19.29.02; author agc; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2002.08.03.01.20.10; author hubertf; state Exp; branches; next ; desc @@ 1.39 log @neon: update to 0.33.0. Changes in release 0.33.0: * Interface changes: - API and ABI backwards-compatible with 0.27.x and later * Interface clarifications: - ne_locks.h: note that returned lock may have a different URI than the path passed to ne_lock_discover() due to added support for RFC 4918 "lockroot" in lock discovery - ne_request.h: ne_request_create() takes a "target" rather than a path and this can also be an absolute-URI - ne_request.h: never-used ne_free_hooks typedef removed - ne_dates.h: clarified error cases (behaviour unchanged) - ne_session.h: ne_session_create() 'host' must match RFC 3986 syntax; IPv6 literal addresses must use [] brackets * New interfaces and features: - added new configure flag --enable-auto-libproxy which enables libproxy by default for new sessions (Jan-Michael Brummer) - ne_locks.h: added DAV:lockroot support per RFC 4918 - ne_ssl.h: ne_ssl_trust_default_ca() now a no-op for non-SSL sessions - ne_request.h: add ne_add_interim_handler() to handle interim (1xx) responses; headers in interim responses are now accessible - ne_basic.h: add ne_putbuf() - ne_strhash: SHA-512/256 now supported for LibreSSL 3.8+ (orbea) - response handling no longer applies a maximum limit on 1xx interim responses; an overall timeout equal to the read timeout is now applied if a read timeout is configured and 1XXTIMEOUT is enabled - ne_request.h: add NE_REQFLAG_1XXTIMEOUT * Bug fixes: - test suite now works correctly on IPv6-only hosts (Jeremy Sowden) - fixes for building against LibreSSL (orbea) - ne_uri_parse() fixes for handling URI with no path and catch some invalid URIs which were allowed (fasticc) - retry requests after a 408 response on a persisted connection - 207 error strings are cleaned and compressed to a single line - fixed thread-safety in ne_rfc1123_date where gmtime_r is available - ne_lock_refresh() fixed to use a non-idempotent request - TLS name verification updated to match RFC 9110/6125, added strict handling of IP literals vs DNS names @ text @$NetBSD: distinfo,v 1.38 2023/01/22 13:17:19 wiz Exp $ BLAKE2s (neon-0.33.0.tar.gz) = ac7570c702ff3e53a92254ca9423e030fa3e94c4932d56c00f3e70f9db516c9b SHA512 (neon-0.33.0.tar.gz) = b214ed34cd832dfaf3af08d4bdbe459c3e791f691548a6d44ee0cdc9811856185522bcbd6c2aca9a536fc021a2ed6329bd093cb3435cc40e3cfd9f5af8b92644 Size (neon-0.33.0.tar.gz) = 912146 bytes @ 1.38 log @neon: update to 0.32.5. Changes in release 0.32.5: * NOTE: Since 0.32.0 the "$KRB5_CONFIG" environment variable is ignored when running configure. Use KRB5_CONF_TOOL instead to specify an alternative to /usr/bin/krb5-config. * Fail for configure --with-gssapi if GSSAPI can't be enabled (issue #102) * Add Georgian translation (NorwayFun) * Fixes for Windows MSYS2/MinGW build, including cross-build (Jim Klimov) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.37 2022/09/18 11:47:54 wiz Exp $ d3 3 a5 3 BLAKE2s (neon-0.32.5.tar.gz) = 4c016329424433f41b3d06f9ef1efeb965957d55e18db66ac5d1b4734786322f SHA512 (neon-0.32.5.tar.gz) = 97a067fcea6156e2d5cf981e8d8fc9b0a709b8175bc8061a1f254bff7b11a27fdafc5e8425665523e917133084ea3a11e11de7c1210a8d2eb3f6b1cca26ea844 Size (neon-0.32.5.tar.gz) = 896177 bytes @ 1.37 log @neon: update to 0.32.4. Changes in release 0.32.4: * Fix Digest regression in allowing implicit algorithm= (issue #88) * Fix Digest to safely allow spaces in usernames (without userhash) * ne_ssl_trust_default_ca() now uses the system's trusted CAs with GnuTLS where supported (matching behaviour of OpenSSL) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.36 2022/09/11 13:47:25 wiz Exp $ d3 3 a5 3 BLAKE2s (neon-0.32.4.tar.gz) = fc775e2b9d705dcc9cecc670d1d7b5812877ee983c0486a5cac9019d976a5526 SHA512 (neon-0.32.4.tar.gz) = 82bcd1555f047d26cc5ccd67d2fef8dea4eb5a4cc45ca8030d2f3c356eee03fd78efd7ef45f516948e89f1089686731046b3fe48e73b3d84c65848ef6d86bd7a Size (neon-0.32.4.tar.gz) = 895482 bytes @ 1.36 log @neon: update to 0.32.3. Changes in release 0.32.3: * Improvements and fixes to Windows build (Chun-wei Fan) * Fix finding pkg-config when cross-compiling (Hugh McMaster) * Fix Digest cnonce entropy sources in non-SSL builds * Fix cases where Digest usernames were rejected as non-ASCII * Fix build failures with OpenSSL 1.1 on some platforms @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.35 2022/01/16 23:11:03 wiz Exp $ d3 3 a5 3 BLAKE2s (neon-0.32.3.tar.gz) = c0ccd4c4e1efe41b6f31022757d5e91198b7bd8bfe8fd5ec6d0646f228fb6503 SHA512 (neon-0.32.3.tar.gz) = 8dec5cbc823e38506725529c9e8fad95c93145d9e5d54131f8ceca6bbfe1b64f7f0eb1ce117072ea2f28edc67fa2f5a7f53bcc08ee644010fea76403ab6bbaad Size (neon-0.32.3.tar.gz) = 884939 bytes @ 1.35 log @neon: update to 0.32.2. Changes in release 0.32.2: * Fix auth handling for request-target of "*" (regressed since 0.31.x) * Fix bindtextdomain() detection on OS X (Daniel Macks) * Fix regeneration of docs in "make install" (Lonnie Abelbeck) * Fixes for NetBSD build (Thomas Klausner) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.34 2021/10/26 11:29:41 nia Exp $ d3 3 a5 3 BLAKE2s (neon-0.32.2.tar.gz) = c3df6460e7eb378b2739910d90b3d360ba96f2489760ab9e836751e08d9d62ae SHA512 (neon-0.32.2.tar.gz) = 2580a3c8c3cf4aff2d399f72a721ccfb4e68434ef92da4af8103c126812d779b9fbe5cafbab512c79f4365bbb3d3eac61568748136470e86f7aa7b98b27053c8 Size (neon-0.32.2.tar.gz) = 880651 bytes @ 1.34 log @www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.33 2021/10/09 10:59:21 wiz Exp $ d3 3 a5 5 BLAKE2s (neon-0.32.1.tar.gz) = ec6188edda16560f52d07274192d5b9e0e57c6f3900d8161e1a80b4490ee9082 SHA512 (neon-0.32.1.tar.gz) = a231865c3aad3668f6effded97a58eb981655f64c71b0954fcb2e667bdec50895d11bf296f4f454bd63e6ce9b02c2fd13cbb17cb82631e16f100000ecd7e1977 Size (neon-0.32.1.tar.gz) = 880434 bytes SHA1 (patch-ab) = e86a602e5a1fc14942c0b29774ea702b4107018d SHA1 (patch-src_Makefile.in) = 0b4f9caf124983b8489614f48ab23ace10d99d79 @ 1.33 log @neon: add upstream pull request link to patches @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.32 2021/10/09 10:54:12 wiz Exp $ d3 1 a3 1 RMD160 (neon-0.32.1.tar.gz) = 03eb01828e9e15980e717f662b2fcea9df1f3c8f @ 1.32 log @neon: update to 0.32.1. Changes in release 0.32.1: * Fix configure CFLAGS handling in Kerberos detection. * Various spelling fixes. Changes in release 0.32.0: * Interface changes: - API and ABI backwards-compatible with 0.27.x and later - NE_AUTH_DIGEST now only enables RFC 2617/7616 auth by default; to enable weaker RFC 2069 Digest, use NE_AUTH_LEGACY_DIGEST (treated as a security enhancement, not an API/ABI break) * Interface clarifications: - ne_auth.h: use of non-ASCII usernames with the ne_auth_creds callback type is now rejected for Digest auth since the encoding is not specified. ne_add_auth() can be used instead. - ne_request.h: the ne_create_request_fn callback is passed the request-target using RFC 7230 terminology * New interfaces and features: - ne_string.h: added ne_strhash(), ne_vstrhash(), ne_strparam() - ne_auth.h: added RFC 7616 (Digest authentication) support, including userhash=, username*= and SHA-2 algorithms (SHA-2 requires GnuTLS/OpenSSL). added NE_AUTH_LEGACY_DIGEST - ne_auth.h: added ne_add_auth() unified auth callback interface, accepts (only) UTF-8 usernames, uses a larger password buffer, and has different/improved attempt counter semantics. - RFC 7617 scoping rules are now applied for Basic authentication. - ne_ssl.h: added ne_ssl_cert_hdigest() - ne_socket.h: added ne_sock_shutdown() - sendmsg()/send() are used with the MSG_NOSIGNAL flag to write to sockets on Unix, rather than write()/writev(), avoiding SIGPIPE - explicit_bzero() is used where available to clear credentials * Bug fixes: - fixed TLS connection shutdown handling for OpenSSL 3 - fix various Coverity and cppcheck warnings (Sebastian Reschke) - Kerberos library detection uses pkg-config where possible. - fix some configure checks on Win32 (Christopher Degawa) - fix some configure errors on MacOS (Ryan Schmidt) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.31 2021/10/07 15:07:24 nia Exp $ d6 2 a7 2 SHA1 (patch-ab) = da95144b8c4ebc7cdd5ae0dfdb86d457c43ec58d SHA1 (patch-src_Makefile.in) = 333f63497639fed5b3acc73ddaa480fa8fbf97e8 @ 1.31 log @www: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.30 2021/02/06 06:33:11 ryoon Exp $ d3 3 a5 3 RMD160 (neon-0.31.2.tar.gz) = 24d8dfc8e8d3babbb6fb9dd5cfe662e18b02cd91 SHA512 (neon-0.31.2.tar.gz) = 1e402b40a0445f68ed24d2697ee60d21636f61ebc98edcde37ff9e26c54430acabf3969ac22a942d1dd51bddee0f312c04073b423b0af3a3e7c9bf60cd53e48c Size (neon-0.31.2.tar.gz) = 867914 bytes @ 1.30 log @neon: Update to 0.31.2 * Set new HOMEPAGE and MASTER_SITES. Changelog: Changes in release neon 0.31.2, 20th June 2020 Fix ne_md5_read_ctx() with OpenSSL on big-endian architectures. Fix GCC 10 warning in PKCS#11 build. Fix OpenSSL build w/o deprecated APIs (Rosen Penev). Fix unnecessary MD5 test for non-Digest auth (Sebastian Reschke). Fix hang on SSL connection close with IIS (issue #11). Fix ar, ranlib detection when cross-compiling (Sergei Trofimovich). Changes in release neon 0.31.1, 17th April 2020 ADMIN: The neon website has moved to https://notroj.github.io/neon/ Restore ne_md5_read_ctx() in OpenSSL build. Fix gcc warnings on Ubuntu (Jan-Marek Glogowski). Fix various spelling mistakes in docs and headers (thanks to FOSSIES). Fix ne_asctime_parse() (Eugenij-W). Fix build with LibreSSL (Juan RP). Changes in release neon 0.31.0, 24th March 2020 Interface changes: none, API and ABI backwards-compatible with 0.27.x and later New interfaces and features: add more gcc “nonnull” attributes to ne_request_* functions. for OpenSSL builds, ne_md5 code uses the OpenSSL implementation add NE_SESSFLAG_SHAREPOINT session flag which enables workarounds< for RFC non-compliance issues in Sharepoint (thanks to Jan-Marek Glogowski and Giuseppe Castagno) ne_uri.h: add ne_path_escapef() in support of above ne_207.h: add ne_207_set_flags() likewise in support of above API clarification: ne_version_match() behaviour now matches actual 0.27+ ABI history Bug fixes: fixes for OpenSSL 1.1.1 and TLSv1.3 support fix crash with GnuTLS in client cert support (Henrik Holst) fix possible crash in ne_set_request_flag() fix build with libxml2 2.9.10 and later fix handling lock timeouts >LONG_MAX (Giuseppe Castagno) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.29 2021/01/13 09:26:42 nia Exp $ a2 1 SHA1 (neon-0.31.2.tar.gz) = ca4df4d726d7adef70dff1a32766ca54519a0958 @ 1.29 log @neon: add explicit libtool tag. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.28 2016/10/03 12:26:22 wiz Exp $ d3 4 a6 4 SHA1 (neon-0.30.2.tar.gz) = d1c020f96731135263476ebaa72b2da07c4727cd RMD160 (neon-0.30.2.tar.gz) = f3add71c324640198b2d82afcbc8af91c1dd3959 SHA512 (neon-0.30.2.tar.gz) = 634caf87522e0bd2695c6fba39cae2465e403f9fbd8007eb10e4e035c765d24cb8da932c67bfa35c34aa51b90c7bc7037ebebaa1ec43259366d5d07233efc631 Size (neon-0.30.2.tar.gz) = 932779 bytes @ 1.28 log @Updated neon to 0.30.2. Changes in release 0.30.2: * Add support for OpenSSL 1.1.x (Kurt Roeckx). * Fix PKCS#11 support under GnuTLS 3.x. - PKCS#11 API no longer supported with GnuTLS 2.x @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.27 2015/11/04 02:46:58 agc Exp $ d8 1 @ 1.27 log @Add SHA512 digests for distfiles for www category Problems found locating distfiles: Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2 Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.26 2014/10/01 16:10:53 wiz Exp $ d3 4 a6 4 SHA1 (neon-0.30.1.tar.gz) = efec2a6f17d9bd2323345320e3067349ddc9cf79 RMD160 (neon-0.30.1.tar.gz) = db4645f8204870e4e11c4a3ee9c50412bbf00dae SHA512 (neon-0.30.1.tar.gz) = 4a9e45c886e04c5e1a1c781f7c2544b73724e09745097b1e8dc9adf9acd79af1762d668d4f18c295d7b4148d57af797834dd3c1203f2529089f7d1972ca71e63 Size (neon-0.30.1.tar.gz) = 911414 bytes @ 1.26 log @Update to 0.30.1: Changes in release 0.30.1: * Fix memory leak with GnuTLS (Werner Baumann, Patrick Ohly). * Fix possible crash after DNS lookup errors on Windows (Olivier Goffart). * Don't fail if the SSL cert changes between connections with OpenSSL, behaviour now matches that with GnuTLS. * Fix PKCS#11 support under OpenSSL with TLS 1.2. * Fix static linking with pkg-config file (Alan H). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2013/10/22 11:44:39 wiz Exp $ d5 1 @ 1.25 log @Update to 0.30.0: Changes in release 0.30.0: * Interface changes: - none, API and ABI backwards-compatible with 0.27.x and later * New interfaces and features: - ne_ssl.h: added ne_ssl_clicert_import, ne_ssl_context_get_flag - ne_session.h: added ne_set_addrlist2 - ne_socket.h: added ne_addr_canonical - ne_auth.h: added NE_AUTH_GSSAPI_ONLY, NE_AUTH_SSPI (Nathanael Rensen) - ne_basic.h: added NE_CAP_EXT_MKCOL options test - ne_request.h: support chunked bodies with negative length passed to ne_set_request_body_provider (Julien Reichel) * Bug fixes: - ne_path_escape: fix excessive memory allocation (Pierre Crokaert) - SSPI auth: use canonical server hostname, clear SSPI context after successful auth (Nathanael Rensen) - build fixes for Open Watcom compiler (NormW) - fix Win32 error code handling for local ne_sock_prebind bind failure - Win32: support LFS, thread-safe OpenSSL (Diego Santa Cruz) - GnuTLS: fix GnuTLS 3.x support (Matthias Petschick, Bartosz Brachaczek) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2011/12/15 15:19:35 drochner Exp $ d3 3 a5 3 SHA1 (neon-0.30.0.tar.gz) = 9e6297945226f90d66258b7ee05f757ff5cea10a RMD160 (neon-0.30.0.tar.gz) = 59054ca749fa40308138c44b710990f637fb7c6d Size (neon-0.30.0.tar.gz) = 909989 bytes @ 1.24 log @update to 0.29.6 changes: -bugfixes (mostly SSL releated) -docs updates @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2010/03/11 12:24:58 gdt Exp $ d3 3 a5 3 SHA1 (neon-0.29.6.tar.gz) = ae1109923303f67ed3421157927bc4bc29c58961 RMD160 (neon-0.29.6.tar.gz) = f2cd96ed659675812a97b99d1b54e3d8eb66e4ed Size (neon-0.29.6.tar.gz) = 882267 bytes @ 1.23 log @Update to 0.29.3. * Change ne_sock_close() to no longer wait for SSL closure alert: o fixes possible hang with IIS servers when closing SSL connection o this reverts the behaviour with OpenSSL to match 0.28.x, and changes the behaviour with GnuTLS to match that with OpenSSL * Fix memory leak with GnuTLS * API clarification in ne_sock_close(): o SSL closure handling now documented o return value semantics fixed to describe the implementation @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2010/03/11 00:05:19 gdt Exp $ d3 3 a5 3 SHA1 (neon-0.29.3.tar.gz) = f84152dd08fc7d3bffadea0bc45ea738d3a873c3 RMD160 (neon-0.29.3.tar.gz) = 6825afe3e6a0cda1b6702b2a5876e9c2b4f5e935 Size (neon-0.29.3.tar.gz) = 881627 bytes @ 1.22 log @Update to 0.29.2. Changes in release neon 0.29.2, 30 December 2009 (PGP signature) * Fix spurious 'certificate verify failed' errors with OpenSSL (Tom C) * Fix unnecessary re-authentication with SSPI (Danil Shopyrin) o Note that this change was previously listed in the 0.29.1 changes, however the patch had not been merged. Changes in release neon 0.29.1, 15 December 2009 (PGP signature) * Fixes for (Unix) NTLM implementation: o fix handling of session timeout (Kai Sommerfeld) o fix possible crash (basic@@mozdev.org) * Build fixes for Win32: o fix use of socklen_t with recent SDKs (Stefan Kung) o fix USE_GETADDRINFO on Win2K (Kai Sommerfeld) * Fix build with versions of GnuTLS older than 2.8.0. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2009/09/14 16:48:43 tron Exp $ d3 3 a5 3 SHA1 (neon-0.29.2.tar.gz) = b78a9d1356d9816fafbb5ef6b24347baaf4c0677 RMD160 (neon-0.29.2.tar.gz) = 7c8999cab454e61b332a13e58f73064c0cff2448 Size (neon-0.29.2.tar.gz) = 881339 bytes @ 1.21 log @Update "neon" package to version 0.29. Changes since version 0.28.5: * Interface changes: o none, API and ABI backwards-compatible with 0.28.x and 0.27.x * New interfaces and features: o added NTLM auth support for Unix builds (Kai Sommerfeld, Daniel Stenberg) o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst) o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(), and ne_session.h:ne_session_socks_proxy() o added support for system-default proxies: ne_session_system_proxy(), implemented using libproxy where available o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag, SSL verification failure bits extended by NE_SSL_BADCHAIN and NE_SSL_REVOKED, better handling of failures within the cert chain (thanks to Ludwig Nussel) o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(), ne_iaddr_raw(), ne_iaddr_parse() o ne_string.h: ne_buffer_qappend(), ne_strnqdup() * Deprecated interfaces: o ne_acl.h is obsoleted by ne_acl3744.h (but is still present) o obsolete feature "NE_FEATURE_SOCKS" now never marked present * Other changes: o fix handling of "stale" flag in RFC2069-style Digest auth challenge o ne_free() implemented as a function on Win32 (thanks to Helge Hess) o symbol versioning used for new symbols, where supported o ensure SSL connections are closed cleanly with OpenSSL o fix build with OpenSSL 1.0 beta o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis) * SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat; could allow a Denial of Service attack by a malicious server. * SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a certificate subject name; could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Tested by Daniel Horecki with SVN client. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2009/07/24 18:06:04 drochner Exp $ d3 3 a5 3 SHA1 (neon-0.29.0.tar.gz) = 8d2e1609b2a3b13a6e68e58c26b1d708302e05ef RMD160 (neon-0.29.0.tar.gz) = 338f6ff1589a01dee66cd31a72c45f3a57914ab8 Size (neon-0.29.0.tar.gz) = 879186 bytes @ 1.20 log @-on NetBSD, set the sa_len sockaddr field, makes at least the "reverse lookup" selftest succeed -fix a memory allocation in case a sockaddr is larger than "struct addrinfo" -- likely with IPv6 ride on update @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2009/07/24 15:18:24 tnn Exp $ d3 4 a6 5 SHA1 (neon-0.28.5.tar.gz) = cc07c9d2967cf9b290514ad2fc756abe1f854eba RMD160 (neon-0.28.5.tar.gz) = 21abcf12dd813bc464f6579995ff8912a9e1996e Size (neon-0.28.5.tar.gz) = 777079 bytes SHA1 (patch-aa) = e6284e486fa5789a65827a4d6c1b4d0911523774 SHA1 (patch-ab) = 0a507c119c703f11de9ed6728e9de43a61fac5a9 @ 1.19 log @patch-aa: add a local copy of SSL_SESSION_cmp which is missing in openssl 1.0.0 betas. based on hack found at: http://trac.macports.org/ticket/19124 This fixes subversion-base build on NetBSD-current. While here update to neon-0.28.5. Changes in release neon 0.28.5, 3 July 2009 (PGP signature) * Enable support for X.509v1 CA certificates in GnuTLS. * Fix handling of EINTR in connect() calls. * Fix use of builds with SOCK_CLOEXEC support on older Linux kernels. Changes in release neon 0.28.4, 3 March 2009 (PGP signature) * Fix ne_forget_auth (Kai Sommerfeld) * GnuTLS support fixes: o fix handling of PKCS#12 client certs with multiple certs or keys o fix crash with OpenPGP certificate o use pkg-config data in configure, in preference to libgnutls-config * Add PKCS#11 support for OpenSSL builds (where pakchois is available) * Fix small memory leak in PKCS#11 code. * Fix build on Haiku (scott mc) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2009/04/06 12:54:06 markd Exp $ d7 1 @ 1.18 log @Update neon to 0.28.3 Remove comment about checking subversion for neon > 0.27 as 0.28.3 is in fact the prefered version for the current subversion. Several years of bug fixes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2007/03/11 21:01:31 adam Exp $ d3 4 a6 3 SHA1 (neon-0.28.3.tar.gz) = 544a92dbfba144ec600506cadbda92ae0b0eb9b0 RMD160 (neon-0.28.3.tar.gz) = de6666a3f0e006e208b38a8133b43f647e35ddf8 Size (neon-0.28.3.tar.gz) = 799681 bytes @ 1.18.2.1 log @Pullup ticket 2894 - requested by tron security update Revisions pulled up: - pkgsrc/www/neon/Makefile by patch - pkgsrc/www/neon/PLIST by patch - pkgsrc/www/neon/distinfo by patch Files added: pkgsrc/www/neon/patches/patch-ab by patch Module Name: pkgsrc Committed By: tron Date: Mon Sep 14 16:48:44 UTC 2009 Modified Files: pkgsrc/www/neon: Makefile PLIST distinfo pkgsrc/www/neon/patches: patch-ab Removed Files: pkgsrc/www/neon/patches: patch-aa Log Message: Update "neon" package to version 0.29. Changes since version 0.28.5: * Interface changes: o none, API and ABI backwards-compatible with 0.28.x and 0.27.x * New interfaces and features: o added NTLM auth support for Unix builds (Kai Sommerfeld, Daniel Stenberg) o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst) o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(), and ne_session.h:ne_session_socks_proxy() o added support for system-default proxies: ne_session_system_proxy(), implemented using libproxy where available o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag, SSL verification failure bits extended by NE_SSL_BADCHAIN and NE_SSL_REVOKED, better handling of failures within the cert chain (thanks to Ludwig Nussel) o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(), ne_iaddr_raw(), ne_iaddr_parse() o ne_string.h: ne_buffer_qappend(), ne_strnqdup() * Deprecated interfaces: o ne_acl.h is obsoleted by ne_acl3744.h (but is still present) o obsolete feature "NE_FEATURE_SOCKS" now never marked present * Other changes: o fix handling of "stale" flag in RFC2069-style Digest auth challenge o ne_free() implemented as a function on Win32 (thanks to Helge Hess) o symbol versioning used for new symbols, where supported o ensure SSL connections are closed cleanly with OpenSSL o fix build with OpenSSL 1.0 beta o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis) * SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat; could allow a Denial of Service attack by a malicious server. * SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a certificate subject name; could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Tested by Daniel Horecki with SVN client. To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 pkgsrc/www/neon/Makefile cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/neon/PLIST cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/neon/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/www/neon/patches/patch-aa cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/neon/patches/patch-ab @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2009/09/14 16:48:43 tron Exp $ d3 3 a5 4 SHA1 (neon-0.29.0.tar.gz) = 8d2e1609b2a3b13a6e68e58c26b1d708302e05ef RMD160 (neon-0.29.0.tar.gz) = 338f6ff1589a01dee66cd31a72c45f3a57914ab8 Size (neon-0.29.0.tar.gz) = 879186 bytes SHA1 (patch-ab) = da95144b8c4ebc7cdd5ae0dfdb86d457c43ec58d @ 1.17 log @Changes 0.26.3: * Fix buffer under-read in URI parser (Laszlo Boszormenyi, CVE-2007-0157) * Fix regression in handling of "attempt" argument passed to auth callbacks; ensure the value only increments for each invocation of the callback * Fix handling of "nextnonce" parameter in Digest authentication Changes 0.26.2: * Fix error reported for LOCK responses lacking a Lock-Token header. * Use Libs.private in neon.pc for newer versions of pkg-config. * Build fix for platforms without libintl.h. * Build fixes for MinGW. * Build fix for h_errno detection on HP-UX 10. * Win32: enable debugging; build fixes with some SDKs. Changes 0.26.1: * Build fixes for Win32 (D.J. Heap) and OS X. * Add Simplified Chinese translation Changes in release 0.26.0: * Added internationalization support: * Added support for GnuTLS * Changes and additions to URI support: * Changed results callbacks for ne_lock_discover, PROPFIND interfaces: * Added functions which give control over authentication protocol use: * Added ne_unhook_* functions to remove hooks * Added ne_set_session_flags()/ne_get_session_flags() functions: * Added ne_set_request_flags()/ne_get_request_flags() functions: * Change ne_md5.h interface to make struct ne_md5_ctx opaque: * Fixed ne_get_range(), added ne_get_range64() * Removed NE_FREE() macro from ne_alloc.h * Added ne_strcasecmp(), ne_strncasecmp(), ne_tolower() functions * Changed ne_sock_init()/ne_sock_exit() such that ne_sock_exit() * Added "--enable-threadsafe-ssl=posix" configure flag, to enable * The manual is now licensed under the GPL rather than the GFDL @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2006/01/23 03:19:42 epg Exp $ d3 3 a5 3 SHA1 (neon-0.26.3.tar.gz) = 8f3191cc6fe0aee5323dac58b03362cddc5d80d0 RMD160 (neon-0.26.3.tar.gz) = df2410c898341587ca43f52cc0874a18820e72d1 Size (neon-0.26.3.tar.gz) = 789289 bytes @ 1.16 log @Update provided by wiz. Changes in release 0.25.5: * ne_ssl_clicert_decrypt(): catch and fail to load a client cert with mismatched key/cert pair. * Fix build issue on AIX 5.1. * Fix warnings if built against OpenSSL >= 0.9.8. * Win32: fix issues in SSPI implementation (Stefan Küng). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2006/01/02 21:01:59 epg Exp $ d3 3 a5 3 SHA1 (neon-0.25.5.tar.gz) = cc1f1483231811035166a524f0ae1d73517771ec RMD160 (neon-0.25.5.tar.gz) = 88dce64e6e81b275502b073388d25244b3608600 Size (neon-0.25.5.tar.gz) = 736201 bytes @ 1.15 log @Update to 0.25.4: Changes in release 0.25.4: * GSSAPI fixes for non-MIT implementations (Mikhail Teterin). * Fix ne_print_request_header() et al to use 8K buffer size on all platforms (fixes issue with long Destination: URLs on Win32). * Win32 build fix for !USE_GETADDRINFO configuration. * Documentation updates. Changes in release 0.25.3: * ne_lock() and ne_unlock(): fix cases where NE_ERROR would be returned instead of e.g. NE_AUTH on auth failure. * Prevent use of poll() on Darwin. * Fix gethostbyname-based resolver on LP64 platforms (Matthew Sanderson). Changes in release 0.25.2: * Really fix the Win32 build. Changes in release 0.25.1: * ne_get_content_type(): fix cases where the charset field was not set to NULL after successful return (Johannes Schneider) * Compressed response handling fixes: - fix double invocation of reader callback with len=0 - fix cases where the reader callback return value was ignored * Cache the new SSL session if the old one was expired (Robert Eiglmaier) * Win32: fix build issues. Changes in release 0.25.0: * New interfaces: - ne_get_response_header() replaces ne_add_response_header_handler - ne_read_response_to_fd() and ne_discard_response() for use with ne_begin_request/ne_end_request style response handling - ne_xmlreq.h: ne_xml_parse_response() and ne_xml_dispatch_request() - ne_has_support() for feature detection, replaces ne_support_ssl() - ne_set_addrlist() can be used to bypass normal DNS hostname resolver - ne_buffer_czappend(), convenience wrapper for ne_buffer_append. - ne_iaddr_typeof() returns type of a socket object - ne_get_content_type() replaces ne_content_type_handler() - ne_set_request_expect100() replaces ne_set_expect100() * New interfaces on LFS systems for large file support: - ne_set_request_body_fd64() call for using an fd opened using O_LARGEFILE - ne_set_request_body_provider64(), takes an off64_t length argument * Interface changes: - ne_set_request_body_fd takes offset and length arguments and returns void - ne_set_request_body_provider takes length as off_t rather than size_t; provider callbacks now MUST set session error string if returning an error - response body reader callback returns an integer and can abort the response - ne_decompress_destroy() returns void; errors are caught earlier - ne_xml_failed() replaces ne_xml_valid(), with different return value logic - ne_xml_parse() can return an error; ne_xml_parse_v() aborts the response if the parse either fails or is aborted by a handler returning NE_XML_ABORT - ne_path_escape() now escapes all but unreserved characters - ne_ssl_clicert_name() and ne_ssl_cert_identity() clarified to return UTF-8 - ne_ssl_clicert_name() clicert object argument is now const - ne_uri_parse()/ne_uri_free() memory handling clarified - removed the buffer length requirement for ne_read_response_block() * Bug fixes: - properly handle multiple Authentication challenges per request - fixes and improvements to the Negotiate auth implementation - handle proxies which send a 401 auth challenge to a CONNECT request - XML: handle the UTF-8 BOM even if the underlying parser does not - Win32: Fix timezone handling (Jiang Lei) - ne_lock_refresh() works and will update timeout of passed-in lock - persistent connection timeout handling fixes for CygWin et al - impose hard limit of 1024 props per resource in ne_props.h response parsing * New platform-specific features: - Win32: Negotiate/NTLM support using SSPI (Vladimir Berezniker) - Win32: Add IPv6 support using ENABLE_IPV6 neon.mak flag (Kai Sommerfeld) * Removed features: - the cookies interface has been removed - removed functions: ne_service_lookup(), ne_put_if_unmodified() - "qop=auth-int" support removed from Digest auth implementation * Default XML parser search changed to check for expat before libxml2. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2005/02/24 14:08:34 wiz Exp $ d3 3 a5 3 SHA1 (neon-0.25.4.tar.gz) = 53e60b7f0c2934c59da5e52b93e5673a93eb1791 RMD160 (neon-0.25.4.tar.gz) = 33b674bfa0747da6142441f5405890d4fa00a397 Size (neon-0.25.4.tar.gz) = 734424 bytes @ 1.14 log @Add RMD160 checksums. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2004/07/14 16:20:30 epg Exp $ d3 3 a5 3 SHA1 (neon-0.24.7.tar.gz) = 51e556790c79eed99ba8328e79eb7fe996cc34ea RMD160 (neon-0.24.7.tar.gz) = 5977515bf3bfb098d9996a62cc94c13d2229e835 Size (neon-0.24.7.tar.gz) = 603592 bytes @ 1.13 log @Update neon to 0.24.7 Changes in release 0.24.7: * Compression interface fixes: - fix issues handling content decoding and request retries from authentication challenges (Justin Erenkrantz) - fix places where reader callback would receive spurious size=0 calls - fix to pass user-supplied userdata to user-supplied acceptance callback * Fix for RFC2617-style digest authentication (Hideaki Takahashi). * Fix to pick up gethostbyname() on QNX 6.2. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2004/05/19 11:03:29 drochner Exp $ d4 1 @ 1.12 log @update to 0.24.6 Security fix release @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2004/04/16 12:34:54 xtraeme Exp $ d3 2 a4 2 SHA1 (neon-0.24.6.tar.gz) = f7648f3f5551b0413bc7db5fc8e24f3586bb2114 Size (neon-0.24.6.tar.gz) = 600129 bytes @ 1.11 log @Update neon to 0.24.5 Changes in release 0.24.5: * SECURITY (CVE CAN-2004-0179): Fix format string vulnerabilities in XML/207 response handling, reported by greuff@@void.at. * Performance fix: avoid seeding the SSL PRNG if not creating an SSL socket. * ne_ssl_readable_dname() is now defined to return UTF-8 strings. * Fix case where gssapi/gssapi_generic.h was included but not present. * Fix ne_utils.c build on platforms where zlib does "#define const". * Fix use of ne_proppatch_operation with some C++ compilers. * Update libtool for fix to --enable-shared on Darwin. * BeOS: check for gethostbyname in -lbind (David Reid). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2003/12/04 17:00:58 recht Exp $ d3 2 a4 2 SHA1 (neon-0.24.5.tar.gz) = faa586b137c28f20a6b9970dd0e8fd1776221a7f Size (neon-0.24.5.tar.gz) = 599383 bytes @ 1.10 log @update to 0.24.4 * Ignore unclean SSL closure when response body is delimited by EOF ("Could not read response body: Secure connection truncated" errors with some buggy SSL servers). * Fix test/ssl.c syntax errors with C89 compilers (Radu Greab). * Respect configure's --datadir argument (Max Bowsher). * Fix build on Windows when OpenSSL is not used. * Fix use of SSLv2 (spurious "Server did not present certificate" error). * When using SSL via a proxy, prevent leaking server auth credentials to the proxy, or proxy auth credentials to the server. * Fix name resolver with some old versions of glibc. * Fix problems with configure's "time_t format string" detection. * Fix problems when a broken Kerberos installation is found. * When verifying SSL certificates, check iPaddress names in the subjectAltName extension. Update BUILDLINK_DEPENDS to 0.24.4 since there was an XML API change in 0.24.0. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2003/09/10 04:34:09 epg Exp $ d3 2 a4 2 SHA1 (neon-0.24.4.tar.gz) = 10fe82708fd0295bce4f4893e5879722b4dbe95b Size (neon-0.24.4.tar.gz) = 651315 bytes @ 1.10.2.1 log @Pull up a security fix to the pkgsrc-2004Q1 branch. Requested by xtraeme in ticket pkgsrc-24. "Update neon to 0.24.5 Changes in release 0.24.5: * SECURITY (CVE CAN-2004-0179): Fix format string vulnerabilities in XML/207 response handling, reported by greuff@@void.at. * Performance fix: avoid seeding the SSL PRNG if not creating an SSL socket. * ne_ssl_readable_dname() is now defined to return UTF-8 strings. * Fix case where gssapi/gssapi_generic.h was included but not present. * Fix ne_utils.c build on platforms where zlib does "#define const". * Fix use of ne_proppatch_operation with some C++ compilers. * Update libtool for fix to --enable-shared on Darwin. * BeOS: check for gethostbyname in -lbind (David Reid)." @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2004/04/16 12:34:54 xtraeme Exp $ d3 2 a4 2 SHA1 (neon-0.24.5.tar.gz) = faa586b137c28f20a6b9970dd0e8fd1776221a7f Size (neon-0.24.5.tar.gz) = 599383 bytes @ 1.9 log @Update to 0.24.1. Changes in release 0.24.1: * Add support for "GSS-Negotiate" Kerberos authentication scheme (from Risko Gergely and Burjan Gabor). * Disable Nagle to improve performance of small requests (thanks to Jim Whitehead and Teng Xu). * Fix compatibility with OpenSSL 0.9.6 (broken in 0.24.0). * Fix prototype mismatch in ne_207.c. * Define ssize_t from ne_request.h for Win32. * Prevent segfault on zlib initialization failures. * ne_sock_init does not fail if PRNG could not be seeded. * Fix segfault in cookies code (Markus Mueller). * Documentation updates. Changes in release 0.24.0: * Major changes to XML interface: - have the start-element callback either accept, decline, abort, or return a state integer. - remove 'struct ne_xml_elm'; callbacks are passed {nspace, name} strings along with a state integer. - dropped "collect", "strip-leading-whitespace" modes - push responsibility for accumulating cdata onto caller; drop 'cdata' argument from end-element callback. - don't abort if no handler accepts a particular element, just ignore that branch of the tree. - dropped support for libxml 1.x and expat < 1.95.0. - guarantee that start_element callback is not passed attrs=NULL - add ne_xml_doc_encoding() to retrieve encoding of parsed XML document. * Major changes to SSL interface: - rewrite of interfaces for handling server and client certificates; ne_ssl.h: many new functions available. - only PKCS#12-encoded client certs are supported. - changes to most names of SSL-related functions operating on an ne_session, e.g. ne_ssl_load_cert->ne_ssl_trust_cert. - client cert provider callback is passed the set of acceptable CA names sent by the server - the entire chain of certs presented by server is now accessible * Remove unused ne_register_progress() from socket layer. * Changes to resolver interface: ne_addr_first and _next return const; ne_addr_print renamed to ne_iaddr_print; ne_iaddr_make and ne_iaddr_free have been added. * ne_request_create() now duplicates the method string passed in. * ne_redirect_location() will now return NULL in some cases. * Split socket creation to ne_sock_create() from ne_sock_connect: - should report connect() error messages properly on Win32. * Fix several memory leaks in error handling paths. * Add a pkg-config file, neon.pc.in. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2003/05/09 15:44:10 drochner Exp $ d3 2 a4 2 SHA1 (neon-0.24.1.tar.gz) = a4aa326ad31d2d3d2a76136efd58ccdfba97bf40 Size (neon-0.24.1.tar.gz) = 564907 bytes @ 1.8 log @update to 0.23.9, provided by Marc Recht per PR pkg/20987 Changes are basically fixes, among them a security fix. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2003/01/30 10:52:55 drochner Exp $ d3 2 a4 2 SHA1 (neon-0.23.9.tar.gz) = d9d84e79fa0776c8fa9f1768c3ddc2f021d23449 Size (neon-0.23.9.tar.gz) = 518216 bytes @ 1.7 log @update to 0.23.7 changes: -Fix for handling EINTR during write() call (Sergey N Ushakov). -When available, use pkg-config to determine compiler flags needed to use OpenSSL headers and libraries. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2003/01/22 16:23:40 jmmv Exp $ d3 2 a4 2 SHA1 (neon-0.23.7.tar.gz) = bbb3c1e17167a96841f3d77d88e873a1665ff201 Size (neon-0.23.7.tar.gz) = 508767 bytes @ 1.6 log @Update neon to 0.23.6, with patch provided in PR pkg/19998 by Marc Recht. Changes since 0.23.5: * Fixes for error handling in socket layer on Win32 from Johan Lindh and Sergey N Ushakov: * meaningful error messages rather than "No error" * handle persistent connection timeouts properly * Fix to use RFC2617-style digest auth when possible (had reverted to only using RFC2068-style in 0.16.1). * Fix NULL pointer dereference on certain ill-formed PROPFIND responses. * Allow ne_sock_init to re-initialize after ne_sock_finish has been called (Sergey N Ushakov). Changes in the package: * Switch to libxml2. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2002/11/25 20:01:43 wiz Exp $ d3 2 a4 2 SHA1 (neon-0.23.6.tar.gz) = c4e16727fb6889ace5151042ac1ddf595be76c20 Size (neon-0.23.6.tar.gz) = 507680 bytes @ 1.5 log @Update to 0.23.5, needed by to-be-committed subversion update. Excerpt of changes (+portability and bug fixes): * Add support for `--la-file' argument to neon-config, which prints the full path of the installed libneon.la file. * Improved address resolver (ne_addr_*) replacing ne_name_lookup(): - use getaddrinfo() if found; include support for IPv6 (based on work by Noriaki Takamiya) * For a hostname with multiple addresses, each address is tried in turn until a connection is made. * RFC2818 compliance for certificate identity checks in SSL: - use `dNSname' values in subjectAltName extension if present - hostname comparison fixed to not be case-sensitive * Added NE_DBG_SSL debug channel. * ne_strerror changed to return the passed-in buffer. * Added ne_strnzcpy macro to ne_string.h. * Added reference documentation: - ne_sock_init, ne_addr_*. * Remove the const qualifier from the reason_phrase field in ne_status. - ne_parse_statusline() now strdup's the reason_phrase * Remove the status_line argument from ne_207_end_propstat and _end_response * Change ne_session_create, ne_session_proxy, ne_sock_connect, and the 'port' field of the ne_uri structure to use an unsigned int for port numbers * ne_uri_defaultport returns unsigned and '0' on an unknown port (not -1). * Changes to hooks interface: - pass an ne_request pointer to per-request hooks - replace "accessor" hooks with ne_{get,set}_{request,session}_private * Authentication changes: - the hooks changes fix a segfault if auth is enabled for an SSL session through a proxy server - fix ne_forget_auth segfault if either proxy or server auth are not used * Improvements to persistent connection retry logic and error handling in request code; fixing some cases where some errors where incorrectly treated as a persistent connection timeout - a TCP RST at the appropriate time is now treated as a persistent connection timeout. - handle persistent connection timeouts on SSL connections * Changes to SSL support: - improved error handling - fix for proxy CONNECT tunnelling with some proxies (e.g. Traffic-Server) - fix potential segfault if client cert. provider callback is used - fix to use supplied password callback for PEM-encoded client certificates (Daniel Berlin) * Remove ne_read_file(). * ne_version_match replaces ne_version_minimum (semantics changed slightly). * XML request bodies use a content-type of "application/xml" now; applications can use NE_XML_MEDIA_TYPE from ne_xml.h @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2002/08/25 18:40:24 jlam Exp $ d3 2 a4 2 SHA1 (neon-0.23.5.tar.gz) = c58c2174c5340618e6479efff1a5bcb2b16294c2 Size (neon-0.23.5.tar.gz) = 505880 bytes @ 1.4 log @Merge changes in packages from the buildlink2 branch that have buildlink2.mk files back into the main trunk. This provides sufficient buildlink2 infrastructure to start merging other packages from the buildlink2 branch that have already been converted to use the buildlink2 framework. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2.2.1 2002/08/22 11:13:01 jlam Exp $ d3 2 a4 2 SHA1 (neon-0.21.3.tar.gz) = 42f72fc2ebb29d9b687d5549bdd81742689f4846 Size (neon-0.21.3.tar.gz) = 476601 bytes @ 1.3 log @Update neon to 0.21.3. Changes in release 0.21.3: * Fix segfault if using proxy server with SSL session and server certificate verification fails. * Fix leak of proxy hostname once per session (if a proxy is used). * Add --with-libs configure argument; e.g. --with-libs=/usr/local picks up any support libraries in /usr/local/{lib,include} Changes in release 0.21.2: * Fix 'make install' for VPATH builds. * Use $(mandir) for installing man pages (Rodney Dawes). * Follow some simple (yet illegal) relativeURI redirects. * Always build ne_compress.obj in Win32 build (Branko Èibej). * Fix decompression logic bug (Justin Erenkrantz ) (could give a decompress failure for particular responses) * Fix ne_proppatch() to submit lock tokens for available locks. * More optimisation of ne_sock_readline. Changes in release 0.21.1: * Don't include default SSL port in Host request header, which can help interoperability with misbehaving servers (thanks to Rodney Dawes ). * Don't give a "truncated response" error from ne_decompress_destroy if the acceptance function returns non-zero. * Fix for Win32 build (Sander Striker ). * Fix for cookie name/value being free()d (thanks to Dan Mullen). * Optimisation of ne_sock_readline. Changes in release 0.21.0: * Socket layer implements read buffering; efficiency and performance improvement. Based on work by Jeff Johnson * Cleanup of socket interface: - renamed everything, s/sock_/ne_sock_/, s/SOCK_/NE_SOCK_/ - removed unused and inappropriate interfaces. - renaming done by Olof Oberg - see src/ChangeLog for the gory details. * Fix typoed 'ne_destroy_fn' typedef (Olof Oberg). * Support OpenSSL/ENGINE branch. * Bogus ne_utf8_encode/decode functions removed. * ne_base64() moved to ne_string.[ch]. * ne_token drops 'quotes' parameter; ne_qtoken added. * ne_buffer_create_sized renamed to ne_buffer_ncreate. * ne_xml_get_attr takes extra arguments and can resolve namespaces. * ne_accept_response function type takes const ne_status pointer. * Drop support for automatically following redirects: - ne_redirect_register just takes a session pointer - ne_redirect_location returns an ne_uri pointer * configure changes: --with-ssl and --with-socks no longer take a directory argument. To use SOCKS or SSL libraries/headers in non-system locations, use ./configure CPPFLAGS=-I/... LDFLAGS=-L/... * Reference documentation included for most of ne_alloc.h and ne_string.h, and parts of ne_session.h and ne_request.h. - see installed man pages, HTML documentation. Changes in release 0.20.0: * Major changes to DAV lock handling interface (ne_locks.h): - struct ne_lock uses a full URI structure to identify locked resource - ne_lock() requires that owner/token fields are malloc-allocated (or NULL) on entry - introduce a "lock store" type, ne_lock_store, to replace the lock session; accessor functions all renamed to ne_lockstore_*. - ne_lock_iterate replaced with a first/next "cursor"-style interface - If: headers use an absoluteURI (RFC2518 compliance fix). - fix for handling shared locks on DAV servers which return many active locks in the LOCK response (thanks to Keith Wannamaker) * Moved URI/path manipulation functions under ne_* namespace (ne_uri.h): - path handling functions renamed to ne_path_* - URI structure handling to ne_uri_*; struct uri becomes ne_uri. - ne_uri_parse doesn't take a 'defaults' parameter any more - if URI port is unspecified, ne_uri_parse sets port to 0 not -1. - added ne_uri_unparse and ne_uri_defaultport functions. * New 'ne_fill_server_uri' function to initialize a URI structure with the server details for a given session (useful with locks interface). * ne_decompress_{reader,destroy} are defined as passthrough-functions if zlib support is not enabled. * API change: ne_ssl_provide_fn returns void not int. * Added NE_SSL_FAILMASK for verify failure sanity check. * Removed return codes NE_SERVERAUTH and and NE_AUTHPROXY; correct documentation, NE_PROXYAUTH is given for proxy auth failure. * Require zlib >= 1.1.4 to avoid possible vulnerability in earlier versions. See http://www.gzip.org/zlib/advisory-2002-03-11.txt for more details. (version check can be skipped by passing --with-force-zlib to configure) * New 'ne_ssl_readable_dname' function to create a human-readable string from an X509 distinguished name. * Fix support for newer versions of libxml2 (thanks to Jon Trowbridge ). * Fix corruption of reason_phrase in status object returned by ne_propset_status. * More lenient handling of whitespace in response headers. * ne_content_type_handler will give a charset of "ISO-8859-1" if no charset parameter is specified for a text/* media type (as per RFC2616). * Miscellaneous cleanups and fixes (Jeff Johnson ). Changes in release 0.19.4: * Support bundled build of expat 1.95.x (Branko Èibej). Update submitted by Joel Wilsson in PR 17812. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2002/04/01 01:28:04 uebayasi Exp $ @ 1.2 log @Update to 19.3. Supplied by Alex Newman in pkg/16078, and reviewed by the maintainer, Eric Gillespie . Major version changed so that BUILDLINK_DEPENDS.neon bumped. Part of changes from NEWS: Changes in release 0.19.1-0.19.3: * For platforms lacking snprintf or vsnprintf in libc, require trio. * Add NE_FMT_OFF_T to fix Win32 build (Dan Berlin, Branko Èibej). * Fix non-SSL build broken in 0.19.1. * Working SOCKSv5 support (thanks to Torsten Kalix ) * Add missing stubs for ne_ssl_* functions for non-SSL build. * Fix some error messages in new SSL code. Changes in release 0.19.0: * Major API change: ne_session_create now takes (scheme, hostname, port) arguments: a session is clarified to be "a group of requests to a certain server". - removal of ne_session_server, ne_set_secure, and ne_set_proxy_decider - ne_session_proxy returns void. - DNS lookups are delayed until request dispatch time. * Significant improvements to TLS/SSL support: - SSL is enabled if scheme passed to ne_session_create is "https" - new interfaces to load CA certs and to load SSL library's bundled CA certs - add server cert verification callback. An SSL connection to a server with an unknown CA will now fail unless a verification callback is used. - enable SSL session caching (performance improvement) - support for wildcard server certs where commonName is "*.example.com". - thanks to Tommi Komulainen for the contribution of code from mutt's IMAP/SSL implementation under the LGPL, from which bits of this were derived. Changes in release 0.18.4-0.18.5: * Removed old neon.dsp, neon.dsw. * Update Win32 build to add OpenSSL and zlib support (Branko Èibej). * Fixes for Content-Type parsing using ne_content_type_handler (Greg Stein) - also now parses the charset parameter from header value. * Removed ne_concat() function, which didn't work and wasn't used. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1.1.1 2002/01/13 19:29:02 agc Exp $ d3 2 a4 2 SHA1 (neon-0.19.3.tar.gz) = 057a276a779f28fabf2d84550d4292369ee076a9 Size (neon-0.19.3.tar.gz) = 499574 bytes @ 1.2.2.1 log @Merge changes from pkgsrc-current into the buildlink2 branch for the packages that have buildlink2.mk files. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2002/08/03 01:24:53 hubertf Exp $ d3 2 a4 2 SHA1 (neon-0.21.3.tar.gz) = 42f72fc2ebb29d9b687d5549bdd81742689f4846 Size (neon-0.21.3.tar.gz) = 476601 bytes @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1.1.1 2001/05/16 04:40:48 jlam Exp $ d3 2 a4 2 SHA1 (neon-0.18.3.tar.gz) = 4adf268e22dc615ada6ed55d5a0135716a693760 Size (neon-0.18.3.tar.gz) = 475268 bytes @ 1.1.1.1 log @Initial import of neon-0.18.3 into the NetBSD Packages Collection. neon is an HTTP and WebDAV client library. It provides lower-level interfaces which directly implement new HTTP methods, and higher-level interfaces so that you don't have to worry about the lower-level stuff. Provided in PR 15222 by "Eric Gillespie, Jr." . The only modification was to use pkgsrc's libtool. @ text @@ 1.1.1.2 log @Add neon-0.21.3: HTTP and WebDAV client library neon is an HTTP and WebDAV client library. It provides lower-level interfaces which directly implement new HTTP methods, and higher-level interfaces so that you don't have to worry about the lower-level stuff. Submitted by Joel Wilsson in PR 17812 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2002/04/01 01:28:04 uebayasi Exp $ d3 2 a4 2 SHA1 (neon-0.21.3.tar.gz) = 42f72fc2ebb29d9b687d5549bdd81742689f4846 Size (neon-0.21.3.tar.gz) = 476601 bytes @