changelog

linux subdivision ying gai ke yi le ba

Mon Jul  5 10:56:19 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_compress.c (struct ne_decompress_s): Add acceptor field.
	(gz_acceptor): New function.
	(ne_decompress_reader): Fix to pass the user-supplied userdata
	pointer to the user-supplied acceptor callback, via gz_acceptor.

Mon Jul  5 10:52:40 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_compress.c (do_inflate): Don't invoke the reader callback if
	no bytes where produced by inflate().
	(process_footer): Call the reader callback with size=0 to indicate
	end-of-response for a good checksum match.

Mon Jul  5 10:42:14 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_compress.c (gz_destroy, gz_pre_send): New functions.
	(ne_decompress_reader): Register pre-send and destroy hooks,
	to initialize the compression context before each request attempt.
	(Justin Erenkrantz).

	* ne_private.h, ne_request.c (ne_kill_pre_send): New function.

Sat Jul  3 14:33:56 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_auth.c (auth_challenge): Fix to set got_qop in challenge
	correctly (Hideaki Takahashi).

Sun May  2 21:14:14 2004  Joe Orton  <joe@manyfish.co.uk>

	Fix buffer overflow in RFC1036 date parser, CVE CAN-2004-0389.
	
	* ne_dates.c (RFC1036_FORMAT): Specify maximum field with for day
	name.
	(ne_rfc1123_parse, ne_rfc1036_parse, ne_asctime_parse): Make
	thread-safe; remove static buffers.

Thu Mar 11 23:38:01 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (provide_client_cert): Avoid malloc(0) when server
	sends no CA names in CertificateRequest.
	(ne_ssl_cert_write): Be paranoid and clear the OpenSSL error stack
	on write failures.

Sun May  2 16:59:39 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_dates.c [RFC1123_TEST] (main): Remove embedded test cases.

Fri Apr 16 11:44:34 2004  Joe Orton  <joe@manyfish.co.uk>

	* Makefile.in (LIBS): Include NEON_LTLIBS.

Wed Apr 14 10:39:53 2004  Joe Orton  <joe@manyfish.co.uk>

	Fix format string vulnerabilities, CVE CAN-2004-0179:
	
	* ne_207.c (ne_simple_request): Avoid format string
	vulnerabilities.

	* ne_xml.c (ne_xml_set_error): Likewise.

	* ne_props.c (propfind): Likewise.

	* ne_locks.c (ne_lock, ne_lock_refresh): Likewise.

Wed Apr 14 10:33:46 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_auth.c (ah_post_send): Avoid false positives from gcc
	-Wformat-security.

Tue Apr 13 20:51:41 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_auth.c: Conditionally include gssapi_generic.h.

Thu Apr  8 13:40:03 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_props.h: Don't use an anonymous enum for the proppatch
	operation type, as some C++ compilers don't like it.

Sun Mar 28 02:59:58 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_auth.c (get_cnonce): Only use RAND_pseudo_bytes() if the PRNG
	is seeded.

Fri Mar 26 12:16:15 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_socket.c (init_ssl): Just initialize the SSL library; delay
	seeding PRNG until really necessary (performance fix).
	(seed_ssl_prng): Split from init_ssl.
	(ne_sock_connect_ssl): Call seed_ssl_prng().
	(ne_sock_init): Adjust since init_ssl() can't fail.

Fri Mar 26 12:01:38 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_utils.c: Include zlib.h before ne_*.h to fix issues
	on platforms where zconf.h does "#define const".

Fri Mar 26 11:55:06 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_auth.c (get_gss_name, request_gssapi, gssapi_challenge,
	auth_challenge): Implement the Negotiate auth scheme rather than
	the obsolete GSS-Negotiate, and fix memory leaks.  Only accept
	Negotiate challenges over SSL.

Sun Feb 15 13:37:03 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_ssl.h: Define that ne_ssl_readable_dname returns UTF-8
	encoded strings.

	* ne_openssl.c (ne_ssl_readable_dname): Convert dname strings to
	UTF-8, or use "???".

Sat Jan 24 16:49:30 2004  Joe Orton  <joe@manyfish.co.uk>

	* ne_auth.c (basic_challenge): Cast first parameter to ne_base64
	to unsigned char * to fix warnings with some compilers.

Thu Nov 13 20:38:28 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_request.c (ne_begin_request): Presume a 205 response has no
	message-body too; RFC2616 compliance fix.

Thu Nov 13 20:31:07 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_auth.c (ah_post_send): Treat a 401 response to a CONNECT
	request as a valid proxy auth challenge, to work around buggy
	proxies.

Wed Oct 22 22:19:19 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_request.c (read_response_block): Treat an EOF without clean
	SSL closure as a valid request body delimiter in any case.

Wed Oct 22 21:44:48 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_defs.h (ne_attribute): New macro.

	* ne_request.h, ne_session.h, ne_utils.h: Use ne_attribute instead
	of littering #ifdef __GNUC__ and __attribute__ everywhere.

Tue Oct 21 20:03:47 2003  Joe Orton  <joe@manyfish.co.uk>

	Fix various strict signedness bugs:
	
	* ne_auth.c (auth_session): Make nonce_count argument unsigned.
	(get_cnonce): Use unsigned data buffer.
	(get_gss_name, gssapi_challenge): Use unsigned integers for status
	variables.
	(request_digest): Print nonce count as unsigned.
	(verify_response): Make nonce_count unsigned.

Tue Oct  7 20:52:06 2003  Joe Orton  <joe@manyfish.co.uk>

	When using SSL via a proxy, don't leak server auth credentials to
	the proxy, and vice versa.
	
	* ne_auth.c (auth_session): Add context field.
	(ah_create): Ignore challenges in a bad context.
	(ah_pre_send, ah_destroy): Check that the request-private cookie
	is not NULL.
	(auth_register): Take an isproxy flag; set context field
	appropriately in session structure.
	(ne_set_server_auth, ne_set_proxy_auth): Adjust accordingly.

Tue Oct  7 19:58:52 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (ne_negotiate_ssl): If the returned cert chain was
	NULL, try and create one from the peer certificate alone (fix for
	use of SSLv2 connections).

Mon Sep 29 21:57:40 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_auth.c [WIN32]: Include windows.h to fix non-SSL build.

Thu Sep 25 20:05:18 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_xml.c (ne_xml_create): Specify an initial error string.

Sun Sep 21 23:00:10 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_cookies.c (set_cookie_hdl): Strip whitespace around cookie
	name and value.

Sun Sep 14 10:50:01 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_socket.c (ne_addr_resolve): Use result of autoconf test for
	working AI_ADDRCONFIG support.

Sat Sep  6 12:05:00 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (check_identity): Take an optional server address
	argument; check identity against IPaddress extension too if given.
	(check_certificate): Optionally pass server address to
	check_identity.
	(populate_cert): Adjust accordingly.

Thu Sep  4 21:41:38 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_socket.c (ne_sock_init): Succeed even if PRNG was not seeded.

Thu Sep  4 21:33:34 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_session.c (ne_set_useragent): Build and store the entire
	User-Agent header field in sess->user_agent.

	* ne_request.c (add_fixed_headers): Adjust accordingly; avoid
	unnecessary calls to ne_buffer_*.	

Thu Sep  4 21:27:34 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_socket.c: Include netinet/tcp.h.
	(ne_sock_connect): Disable the Nagle algorithm; thanks to Jim
	Whitehead and Teng Xu for the analysis.

Thu Sep  4 11:24:04 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_defs.h: Define ssize_t here for Win32.

	* ne_socket.h: Don't define ssize_t here.

Tue Sep  2 20:20:16 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_auth.c (auth_challenge): Update to use ne_token not
	split_string, patch by Tom Lee <i_am_gnomey@hotmail.com>.

Wed Jul 30 21:54:38 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_cookies.c (set_cookie_hdl): Fix NULL pointer dereference;
	thanks to Markus Mueller <markus-m.mueller@ubs.com>.

Fri Jul 25 11:05:52 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_request.c (do_connect): On failure to connect, set error
	string and call ne_sock_close directly rather than using
	aborted(); fix leak of socket structure.

Wed Jul 23 23:20:42 2003  Joe Orton  <joe@manyfish.co.uk>

	Fix SEGV if inflateInit2 fails with Z_MEM_ERROR etc.	
	
	* ne_compress.c (set_zlib_error): New function.
	(do_inflate, gz_reader): Use it.

Wed Jul 23 22:50:50 2003  Joe Orton  <joe@manyfish.co.uk>

	Add support for GSS-Negotiate; patch from Risko Gergely and Burjan
	Gabor:

	* ne_auth.c [HAVE_GSSAPI]: Include gssapi.h.
	(auth_scheme): Add auth_scheme_gssapi.
	(auth_session): Add gssapi_token.
	(clean_session): Free gssapi_token.
	(request_gssapi, get_gss_name, gssapi_challenge): New functions.
	(tokenize): Handle challenge with single token.
	(auth_challenge): Accept and process a GSS-Negotiate challenge.
	(ah_pre_send): Send GSS-Negotiate handshake.

Wed Jul 23 22:46:28 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_207.c (ne_207_set_response_handlers,
	ne_207_set_propstat_handlers): Fix to match declarations (thanks
	to Diego T醨tara).

Fri Jun 27 20:30:45 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c [OPENSSL_VERSION_NUMBER < 0x0090700fL]:
	Fix build against OpenSSL < 0.9.7.

Sun Jun 22 23:07:45 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_session.c (ne_session_destroy): Replace unnecessary use of
	NE_FREE with ne_free.
	(set_hostinfo): Don't free hostport/hostinfo here.
	(ne_session_proxy): Free existing proxy hostname here if
	necessary.

Sat Jun 21 12:58:25 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_request.c (ne_begin_request): Set or clear is_http11 flag
	for each request.

Wed Jun 18 20:54:44 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_socket.c: Add AI_ADDRCONFIG support;
	[USE_CHECK_IPV6]: Define only if __linux__.
	(init_ipv6) [USE_CHECK_IPV6]: New conditional.
	(ne_addr_resolve) [USE_ADDRCONFIG]: Use AI_ADDRCONFIG.

Wed Jun 18 20:03:13 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_socket.c (ne_sock_create): New function (renamed from
	create_sock).
	(ne_sock_connect): Take an ne_socket *, return int.
	(ne_sock_accept): Likewise.
	(ne_sock_close): Only call ne_close if fd is non-negative.

	* ne_request.c (aborted): Handle NE_SOCK_* errors specially.
	(do_connect): Adapt for ne_sock_create/connect interface.  Set
	sess->connected here on success.
	(open_connection): Don't set sess->connected here.

Sun Jun 15 12:14:22 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_ssl.h (ne_ssl_cert_digest): Pass digest as a pointer rather
	than an array.

Sun Jun 15 11:00:09 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_stubssl.c (ne_ssl_cert_cmp): Add stub.

Wed May 28 21:37:27 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (ne_ssl_context_create): Enable workarounds in
	OpenSSL for better interop with buggy SSL servers.

Fri May 23 23:13:30 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_stubssl.c (ne_ssl_set_clicert): Add stub.

Sat May 10 17:05:26 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_xml.c: Rename struct ne_xml_handler to struct handler.

Thu May  8 20:55:46 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (ne_ssl_clicert_read): Pass "b" to fopen.

Tue May  6 22:08:08 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (check_certificate): Re-order verify failure
	handling to allow caller to set a custom session error string.

Tue May  6 20:21:27 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_md5.c (md5_stream): Restore.

Sat Apr 26 19:21:03 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_request.c (te_hdr_handler): Treat presence of any T-E
	response header as implying the response is chunked, regardless of
	value.

Sat Apr 26 18:11:24 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_xml.c: Rename struct ne_xml_nspace to struct namespace.

Wed Apr 23 22:19:29 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (ne_ssl_cert_export): Don't bother checking for
	i2d_X509() failure; no OpenSSL code ever checks, so everyone's
	doomed if it really can fail.

Wed Apr 23 22:01:23 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (ne_ssl_cert_import, ne_ssl_cert_export,
	ne_ssl_cert_write): Clear OpenSSL error stack on errors.

Wed Apr 23 18:23:53 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_stubssl.c (ne_ssl_cert_write, ne_ssl_cert_import,
	ne_ssl_cert_export): Add stubs.

Wed Apr 23 14:05:32 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (ne_ssl_cert_write): New function.

Tue Apr 22 23:21:22 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_string.c (ne_unbase64): Optimise out some redundant branches.

Tue Apr 22 20:24:44 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_openssl.c (ne_ssl_cert_export, ne_ssl_cert_import,
	ne_ssl_cert_cmp): New functions.

Tue Apr 22 18:31:55 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_string.c (ne_unbase64): New function.

Tue Apr 22 15:53:41 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_string.c (ne_base64): Fix encoding binary data; take unsigned
	argument.

Tue Apr 22 13:07:48 2003  Joe Orton  <joe@manyfish.co.uk>

	* ne_stubssl.c (ne_ssl_cert_validity): Add stub.

Tue Apr 22 09:22:26 2003  Joe Orton  <joe@manyfish.co.uk>