news

linux subdivision ying gai ke yi le ba

Changes in release 0.24.7:
* Compression interface fixes:
 - fix issues handling content decoding and request retries from
 authentication challenges (Justin Erenkrantz)
 - fix places where reader callback would receive spurious size=0 calls
 - fix to pass user-supplied userdata to user-supplied acceptance callback
* Fix for RFC2617-style digest authentication (Hideaki Takahashi).
* Fix to pick up gethostbyname() on QNX 6.2.

Changes in release 0.24.6:
* SECURITY (CVE CAN-2004-0398): Fix sscanf overflow in ne_rfc1036_parse,
 thanks to Stefan Esser.
* Link libneon against libexpat during Subversion build using bundled neon.
* Win32 build script update (Jon Foster).

Changes in release 0.24.5:
* SECURITY (CVE CAN-2004-0179): Fix format string vulnerabilities in
 XML/207 response handling, reported by greuff@void.at.
* Performance fix: avoid seeding the SSL PRNG if not creating an SSL socket.
* ne_ssl_readable_dname() is now defined to return UTF-8 strings.
* Fix case where gssapi/gssapi_generic.h was included but not present.
* Fix ne_utils.c build on platforms where zlib does "#define const".
* Fix use of ne_proppatch_operation with some C++ compilers.
* Update libtool for fix to --enable-shared on Darwin.
* BeOS: check for gethostbyname in -lbind (David Reid).

Changes in release 0.24.4:
* Ignore unclean SSL closure when response body is delimited by EOF
 ("Could not read response body: Secure connection truncated" errors
 with some buggy SSL servers).
* Fix test/ssl.c syntax errors with C89 compilers (Radu Greab).

Changes in release 0.24.3:
* Respect configure's --datadir argument (Max Bowsher).
* Fix build on Windows when OpenSSL is not used.
* Fix use of SSLv2 (spurious "Server did not present certificate" error).
* When using SSL via a proxy, prevent leaking server auth credentials
 to the proxy, or proxy auth credentials to the server.

Changes in release 0.24.2:
* Fix name resolver with some old versions of glibc.
* Fix problems with configure's "time_t format string" detection.
* Fix problems when a broken Kerberos installation is found.
* When verifying SSL certificates, check iPaddress names in the
 subjectAltName extension.

Changes in release 0.24.1:
* Add support for "GSS-Negotiate" Kerberos authentication scheme (from
 Risko Gergely and Burjan Gabor).
* Disable Nagle to improve performance of small requests (thanks to
 Jim Whitehead and Teng Xu).
* Fix compatibility with OpenSSL 0.9.6 (broken in 0.24.0).
* Fix prototype mismatch in ne_207.c.
* Define ssize_t from ne_request.h for Win32.
* Prevent segfault on zlib initialization failures.
* ne_sock_init does not fail if PRNG could not be seeded.
* Fix segfault in cookies code (Markus Mueller).
* Documentation updates.

Changes in release 0.24.0:
* Major changes to XML interface:
 - have the start-element callback either accept, decline, abort, 
 or return a state integer.
 - remove 'struct ne_xml_elm'; callbacks are passed {nspace, name}
 strings along with a state integer.
 - dropped "collect", "strip-leading-whitespace" modes
 - push responsibility for accumulating cdata onto caller; drop 'cdata'
 argument from end-element callback.
 - don't abort if no handler accepts a particular element, just ignore
 that branch of the tree.
 - dropped support for libxml 1.x and expat < 1.95.0.
 - guarantee that start_element callback is not passed attrs=NULL
 - add ne_xml_doc_encoding() to retrieve encoding of parsed XML document.
* Major changes to SSL interface:
 - rewrite of interfaces for handling server and client certificates;
 ne_ssl.h: many new functions available.
 - only PKCS#12-encoded client certs are supported.
 - changes to most names of SSL-related functions operating on an
 ne_session, e.g. ne_ssl_load_cert->ne_ssl_trust_cert.
 - client cert provider callback is passed the set of acceptable CA
 names sent by the server
 - the entire chain of certs presented by server is now accessible
* Remove unused ne_register_progress() from socket layer.
* Changes to resolver interface: ne_addr_first and _next return const;
 ne_addr_print renamed to ne_iaddr_print; ne_iaddr_make and ne_iaddr_free
 have been added.
* ne_request_create() now duplicates the method string passed in.
* ne_redirect_location() will now return NULL in some cases.
* Split socket creation to ne_sock_create() from ne_sock_connect:
 - should report connect() error messages properly on Win32.
* Fix several memory leaks in error handling paths.
* Add a pkg-config file, neon.pc.in.

Changes in release 0.23.9:
* Fix inability to connect on AIX 4.3.
* neon-config exports includes needed for OpenSSL given by pkg-config.
* ne_redirect_location will return NULL if redirect hooks have not
 been registered for the session (Ralf Mattes <rm@fabula.de>).

Changes in release 0.23.8:
* SECURITY: Prevent control characters from being included in the
 reason_phrase field filled in by ne_parse_statusline(), and in
 the session error string.
* Disable getaddrinfo() support on HP-UX; fix resolver for HP-UX 11.11.
* Fix digest auth response verification for >9 responses in session
 (bug manifests as "Server was not authenticated correctly" error).
* On Linux, skip slow lookup for IPv6 addresses when IPv6 support is
 not loaded in kernel (thanks to Daniel Stenberg for this technique).
* Update to autoconf 2.57 and libtool 1.4.3.

Changes in release 0.23.7:
* Fix for handling EINTR during write() call (Sergey N Ushakov).
* When available, use pkg-config to determine compiler flags needed to 
 use OpenSSL headers and libraries.

Changes in release 0.23.6:
* Fixes for error handling in socket layer on Win32 from Johan Lindh
 and Sergey N Ushakov <ushakov@int.com.ru>:
 - meaningful error messages rather than "No error"
 - handle persistent connection timeouts properly
* Fix to use RFC2617-style digest auth when possible (had reverted to 
 only using RFC2068-style in 0.16.1).
* Fix NULL pointer dereference on certain ill-formed PROPFIND responses.
* Allow ne_sock_init to re-initialize after ne_sock_finish has been called
 (Sergey N Ushakov).

Changes in release 0.23.5:
* Fix rejection of SSL server certificates which had commonName as
 the least specific attribute in the subject name.
* Fix to dereference entities (e.g. "&amp;") in attribute values with libxml.
* Fix ne_socket.c build on HP-UX 10.20 (thanks to Branko 萯bej)
* Remove misguided insistence on "secure" versions of zlib/OpenSSL;
 no checks for zlib version are now performed, only OpenSSL 0.9.6 is
 required.  --with-force-ssl, --with-force-zlib option removed.
* Add --with-egd[=PATH] option, conditionally enable EGD support; either 
 using EGD socket at PATH, or fall back on system defaults.  $EGDSOCKET 
 and $HOME/.entropy are no longer used.
* Add support for `--la-file' argument to neon-config, which prints the
 full path of the installed libneon.la file.

Changes in release 0.23.4:
* Ignore an unclean SSL shutdown on persistent connection timeout
 (fixing spurious "Secure connection truncated" errors).
* Fix a segfault on second and subsequent requests using a given
 session, when the first fails with NE_LOOKUP.
* Fix configure for gcc installations which produce warnings by default
 (such as gcc on hppa2.0n-hp-hpux11.00 using native as)

Changes in release 0.23.3:
* Further build fixes for Win32 (Blair Zajac).
* Another fix for use of SSL against Tomcat 3.2.

Changes in release 0.23.2:
* Build fix for Win32 (Blair Zajac).

Changes in release 0.23.1:
* Identify as correct version, not 0.22.

Changes in release 0.23.0:
* Improved address resolver (ne_addr_*) replacing ne_name_lookup():
 - use getaddrinfo() if found; include support for IPv6 (based on work
 by Noriaki Takamiya <takamiya@po.ntts.co.jp>)
* For a hostname with multiple addresses, each address is tried in turn
 until a connection is made.
* Support for seeding OpenSSL's PRNG via $EGDSOCKET or $HOME/.entropy,
 to enable SSL on platforms which lack a /dev/random device.
* RFC2818 compliance for certificate identity checks in SSL:
 - use `dNSname' values in subjectAltName extension if present
 - hostname comparison fixed to not be case-sensitive
* Fix interop with buggy SSL implementation in Tomcat 3.2.
* Added NE_DBG_SSL debug channel.
* ne_strerror changed to return the passed-in buffer.
* Added ne_strnzcpy macro to ne_string.h.
* Win32 build fixes, improvements, and documentation updates, from 
 Blair Zajac <blair@orcaware.com>.
* Fix ne_sock_init so SIGPIPE signals are ignored even if SSL library
 initialization fails (e.g. platforms without /dev/random).
* Added reference documentation:
 - ne_sock_init, ne_addr_*.

Changes in release 0.22.0:
* Remove the const qualifier from the reason_phrase field in ne_status.
 - ne_parse_statusline() now strdup's the reason_phrase
* Remove the status_line argument from ne_207_end_propstat and _end_response
* Change ne_session_create, ne_session_proxy, ne_sock_connect, and the 
 'port' field of the ne_uri structure to use an unsigned int for port numbers
* ne_uri_defaultport returns unsigned and '0' on an unknown port (not -1).
* Changes to hooks interface:
 - pass an ne_request pointer to per-request hooks
 - replace "accessor" hooks with ne_{get,set}_{request,session}_private
* Authentication changes:
 - the hooks changes fix a segfault if auth is enabled for an SSL session
 through a proxy server
 - fix ne_forget_auth segfault if either proxy or server auth are not used
* Improvements to persistent connection retry logic and error handling 
 in request code; fixing some cases where some errors where incorrectly
 treated as a persistent connection timeout
 - a TCP RST at the appropriate time is now treated as a persistent 
 connection timeout.
 - handle persistent connection timeouts on SSL connections
* Changes to SSL support:
 - improved error handling
 - OpenSSL 0.9.6f or later is required for security fixes and functional
 correctness; 0.9.6 or later required for functional correctness
 - use --with-force-ssl to override OpenSSL version check
 - fix for proxy CONNECT tunnelling with some proxies (e.g. Traffic-Server)
 - fix potential segfault if client cert. provider callback is used
 - fix to use supplied password callback for PEM-encoded client certificates
 (Daniel Berlin <dberlin@dberlin.org>)
* strerror_r is used if available for thread-safe error handling.
* Remove ne_read_file().
* ne_version_match replaces ne_version_minimum (semantics changed slightly).
* XML request bodies use a content-type of "application/xml" now; 
 applications can use NE_XML_MEDIA_TYPE from ne_xml.h
* Fix decompress code on big-endian or 64-bit platforms.
* Fix to build on Darwin 6 (aka Mac OS X 10.2) (Wilfredo S醤chez,
 <wsanchez@mit.edu>)
* Win32 changes:
 - remove conflict between OpenSSL's X509_NAME and recent versions of
 the Platform SDK (Branko 萯bej)
 - fix inverted debug/non-debug build logic (Branko 萯bej)
 - add NODAV and OPENSSL_STATIC flags to neon.mak (Gerald Richter)

Changes in release 0.21.3:
* Fix segfault if using proxy server with SSL session and server
 certificate verification fails.
* Fix leak of proxy hostname once per session (if a proxy is used).
* Add --with-libs configure argument; e.g. --with-libs=/usr/local picks
 up any support libraries in /usr/local/{lib,include}

Changes in release 0.21.2:
* Fix 'make install' for VPATH builds.
* Use $(mandir) for installing man pages (Rodney Dawes).
* Follow some simple (yet illegal) relativeURI redirects.
* Always build ne_compress.obj in Win32 build (Branko 萯bej).
* Fix decompression logic bug (Justin Erenkrantz <jerenkrantz@apache.org>)
 (could give a decompress failure for particular responses)
* Fix ne_proppatch() to submit lock tokens for available locks.
* More optimisation of ne_sock_readline.

Changes in release 0.21.1:
* Don't include default SSL port in Host request header, which can
 help interoperability with misbehaving servers (thanks to Rodney Dawes
 <dobey@ximian.com>).
* Don't give a "truncated response" error from ne_decompress_destroy if
 the acceptance function returns non-zero.
* Fix for Win32 build (Sander Striker <striker@apache.org>).
* Fix for cookie name/value being free()d (thanks to Dan Mullen).
* Optimisation of ne_sock_readline.

Changes in release 0.21.0:
* Socket layer implements read buffering; efficiency and performance 
 improvement. Based on work by Jeff Johnson <jbj@redhat.com>
* Cleanup of socket interface:
 - renamed everything, s/sock_/ne_sock_/, s/SOCK_/NE_SOCK_/
 - removed unused and inappropriate interfaces.
 - renaming done by Olof Oberg <mill@pedgr571.sn.umu.se>
 - see src/ChangeLog for the gory details.
* Fix typoed 'ne_destroy_fn' typedef (Olof Oberg).
* Support OpenSSL/ENGINE branch.
* Bogus ne_utf8_encode/decode functions removed.
* ne_base64() moved to ne_string.[ch].
* ne_token drops 'quotes' parameter; ne_qtoken added.
* ne_buffer_create_sized renamed to ne_buffer_ncreate.
* ne_xml_get_attr takes extra arguments and can resolve namespaces.
* ne_accept_response function type takes const ne_status pointer.
* Drop support for automatically following redirects:
 - ne_redirect_register just takes a session pointer
 - ne_redirect_location returns an ne_uri pointer
* configure changes: --with-ssl and --with-socks no longer take a directory
 argument.  To use SOCKS or SSL libraries/headers in non-system locations, 
 use ./configure CPPFLAGS=-I/... LDFLAGS=-L/... 
* Reference documentation included for most of ne_alloc.h and ne_string.h,
 and parts of ne_session.h and ne_request.h.
 - see installed man pages, HTML documentation.

Changes in release 0.20.0:
* Major changes to DAV lock handling interface (ne_locks.h):
 - struct ne_lock uses a full URI structure to identify locked resource
 - ne_lock() requires that owner/token fields are malloc-allocated (or NULL)
 on entry
 - introduce a "lock store" type, ne_lock_store, to replace the lock session;
 accessor functions all renamed to ne_lockstore_*.
 - ne_lock_iterate replaced with a first/next "cursor"-style interface
 - If: headers use an absoluteURI (RFC2518 compliance fix).
 - fix for handling shared locks on DAV servers which return many active locks
 in the LOCK response (thanks to Keith Wannamaker)
* Moved URI/path manipulation functions under ne_* namespace (ne_uri.h):
 - path handling functions renamed to ne_path_*
 - URI structure handling to ne_uri_*; struct uri becomes ne_uri.
 - ne_uri_parse doesn't take a 'defaults' parameter any more
 - if URI port is unspecified, ne_uri_parse sets port to 0 not -1.
 - added ne_uri_unparse and ne_uri_defaultport functions.
* New 'ne_fill_server_uri' function to initialize a URI structure with
 the server details for a given session (useful with locks interface).
* ne_decompress_{reader,destroy} are defined as passthrough-functions
 if zlib support is not enabled.
* API change: ne_ssl_provide_fn returns void not int.
* Added NE_SSL_FAILMASK for verify failure sanity check.