From nobody@FreeBSD.org  Thu Sep  4 10:03:19 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 14B43106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  4 Sep 2008 10:03:19 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 019158FC19
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  4 Sep 2008 10:03:19 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m84A3IZO007165
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 4 Sep 2008 10:03:18 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m84A3Iab007164;
	Thu, 4 Sep 2008 10:03:18 GMT
	(envelope-from nobody)
Message-Id: <200809041003.m84A3Iab007164@www.freebsd.org>
Date: Thu, 4 Sep 2008 10:03:18 GMT
From: bf <bf2006a@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH]www/neon28: update to 0.28.3
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         127085
>Category:       ports
>Synopsis:       [PATCH]www/neon28: update to 0.28.3
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lev
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 04 10:10:01 UTC 2008
>Closed-Date:    Sat Sep 13 22:42:16 UTC 2008
>Last-Modified:  Sat Sep 13 22:50:02 UTC 2008
>Originator:     bf
>Release:        7-STABLE i386
>Organization:
-
>Environment:
>Description:
Fix two small problems when PREFIX is distinct from LOCALBASE; upgrade to a new version containing an important security fix:

"Changes in release neon 0.28.3, 20 August 2008 ...

SECURITY (CVE-2008-3746): Fix potential NULL pointer dereference in Digest domain parameter support; could allow a DoS by a malicious server 

Fix parsing of *-Authenticate response header with LWS after quoted value 

Fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash) 

Document existing ne_uri_parse() API postcondition and ne_uri_resolve() pre/postconditions regarding the ->path field in ne_uri structures 

Mark ne_{,buffer_}concat with sentinel attribute for GCC >= 4. 

Distinguish the error message for an SSL handshake which fails after a client cert was requested. 

Compile with PIC flags by default even for static library builds"

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN neon28.orig/Makefile neon28/Makefile
--- neon28.orig/Makefile	2008-09-04 03:53:26.916445773 -0400
+++ neon28/Makefile	2008-09-04 04:43:16.662388344 -0400
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	neon28
-PORTVERSION=	0.28.2
-PORTREVISION=	1
+PORTVERSION=	0.28.3
 CATEGORIES=	www
 MASTER_SITES=	http://www.webdav.org/neon/ \
 		http://keyserver.kjsl.com/~jharris/distfiles/
@@ -41,7 +40,7 @@
 		--enable-xml \
 		--enable-shared \
 		--with-expat \
-		--with-libs=${PREFIX}
+		--with-libs=${LOCALBASE}:${PREFIX}
 
 MAN1=	neon-config.1
 MAN3=	ne_add_request_header.3 ne_addr_resolve.3 ne_buffer.3 \
@@ -112,17 +111,15 @@
 	ne_xml_create.3 ne_xml_destroy.3
 
 PLIST_SUB+=	PORTVERSION=${PORTVERSION}
+DOCSDIR=	${PREFIX}/share/doc/neon
 
 .include <bsd.port.pre.mk>
 
-DOCSDIR:=	${DOCSDIR:S/28//}
-
 post-install:
 	${INSTALL_MAN} ${WRKSRC}/doc/man/*.1 ${MANPREFIX}/man/man1
 	${INSTALL_MAN} ${WRKSRC}/doc/man/*.3 ${MANPREFIX}/man/man3
 .ifndef NOPORTDOCS
 	(cd ${WRKSRC} ; ${MAKE} install-html)
-	${INSTALL_DATA} ${WRKSRC}/doc/using-neon.txt ${DOCSDIR}
 .endif
 
 .include <bsd.port.post.mk>
diff -ruN neon28.orig/distinfo neon28/distinfo
--- neon28.orig/distinfo	2008-09-04 03:53:26.946445396 -0400
+++ neon28/distinfo	2008-09-04 04:43:16.662388344 -0400
@@ -1,3 +1,3 @@
-MD5 (neon-0.28.2.tar.gz) = b99b3f44e8507ae2d17362f1b34aaf02
-SHA256 (neon-0.28.2.tar.gz) = d9cd601613db6affb25655e0908b0bf8c266669cef31999b6b4121d585ff9094
-SIZE (neon-0.28.2.tar.gz) = 797944
+MD5 (neon-0.28.3.tar.gz) = 47599a328862ce64ac3c52726d6daa12
+SHA256 (neon-0.28.3.tar.gz) = 90dee51b4c70bc50ce2fa106ca945349b81cd86c90aa9d4dbff73abb284fcdc2
+SIZE (neon-0.28.3.tar.gz) = 799681
diff -ruN neon28.orig/pkg-plist neon28/pkg-plist
--- neon28.orig/pkg-plist	2008-09-04 03:53:27.026443273 -0400
+++ neon28/pkg-plist	2008-09-04 04:43:16.662388344 -0400
@@ -81,7 +81,6 @@
 %%PORTDOCS%%%%DOCSDIR%%/html/refxml.html
 %%PORTDOCS%%%%DOCSDIR%%/html/using.html
 %%PORTDOCS%%%%DOCSDIR%%/html/xml.html
-%%PORTDOCS%%%%DOCSDIR%%/using-neon.txt
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/html
 %%PORTDOCS%%@dirrm %%DOCSDIR%%
 @dirrm include/neon


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->lev 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Sep 4 10:10:10 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127085 

From: bf <bf2006a@yahoo.com>
To: bug-followup@FreeBSD.org, lev@FreeBSD.org
Cc:  
Subject: Re: ports/127085:[PATCH]www/neon28: update to 0.28.3
Date: Thu, 4 Sep 2008 03:14:20 -0700 (PDT)

 --0-944737773-1220523260=:85565
 Content-Type: text/plain; charset=us-ascii
 
 As usual, dependent ports may need changes.  See for example the attached patch for devel/subversion.  CVE 2008-3746 should be documented by adding an entry to vuxml.
 
 Regards, 
 
           b.
 
 
       
 --0-944737773-1220523260=:85565
 Content-Type: text/plain; name="subversion.txt"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename="subversion.txt"
 
 ZGlmZiAtcnVOIHN1YnZlcnNpb24ub3JpZy9maWxlcy9wYXRjaC1jb25maWd1
 cmUgc3VidmVyc2lvbi9maWxlcy9wYXRjaC1jb25maWd1cmUKLS0tIHN1YnZl
 cnNpb24ub3JpZy9maWxlcy9wYXRjaC1jb25maWd1cmUJMjAwOC0wOS0wNCAw
 NToxNzowNi4wMDM1ODg2OTIgLTA0MDAKKysrIHN1YnZlcnNpb24vZmlsZXMv
 cGF0Y2gtY29uZmlndXJlCTIwMDgtMDktMDQgMDU6MjA6MDQuNDI2MzMxMjQ3
 IC0wNDAwCkBAIC0xLDYgKzEsMTUgQEAKLS0tLSBjb25maWd1cmUub3JpZwky
 MDA3LTEyLTE3IDIzOjAxOjMxLjAwMDAwMDAwMCArMDEwMAotKysrIGNvbmZp
 Z3VyZQkyMDA3LTEyLTMwIDExOjEyOjEwLjAwMDAwMDAwMCArMDEwMAotQEAg
 LTQwMDQsNyArNDAwNCw3IEBACistLS0gY29uZmlndXJlLm9yaWcJMjAwOC0w
 Ny0yNCAwMTozOTo1OS4wMDAwMDAwMDAgLTA0MDAKKysrKyBjb25maWd1cmUJ
 MjAwOC0wOS0wNCAwNTowODo0Ny4zMDU5MTUxMDUgLTA0MDAKK0BAIC00Nzg2
 LDcgKzQ3ODYsNyBAQAorIAorICMgRWl0aGVyIGEgc3BhY2Utc2VwYXJhdGVk
 IGxpc3Qgb2YgYWxsb3dhYmxlIE5lb24gdmVyc2lvbnMsIG9yICJhbnkiIHRv
 CisgIyBtZWFuIGFsbG93IGFueXRoaW5nLgorLU5FT05fQUxMT1dFRF9MSVNU
 PSIwLjI1LjAgMC4yNS4xIDAuMjUuMiAwLjI1LjMgMC4yNS40IDAuMjUuNSAw
 LjI2LjAgMC4yNi4xIDAuMjYuMiAwLjI2LjMgMC4yNi40IDAuMjcuMiAwLjI4
 LjAgMC4yOC4xIDAuMjguMiIKKytORU9OX0FMTE9XRURfTElTVD0iMC4yNS4w
 IDAuMjUuMSAwLjI1LjIgMC4yNS4zIDAuMjUuNCAwLjI1LjUgMC4yNi4wIDAu
 MjYuMSAwLjI2LjIgMC4yNi4zIDAuMjYuNCAwLjI3LjIgMC4yOC4wIDAuMjgu
 MSAwLjI4LjIgMC4yOC4zIgorIE5FT05fUkVDT01NRU5ERURfVkVSPTAuMjgu
 MQorIE5FT05fVVJMPSJodHRwOi8vd3d3LndlYmRhdi5vcmcvbmVvbi9uZW9u
 LSR7TkVPTl9SRUNPTU1FTkRFRF9WRVJ9LnRhci5neiIKKyAjIENoZWNrIHdo
 ZXRoZXIgLS1lbmFibGUtbmVvbi12ZXJzaW9uLWNoZWNrIHdhcyBnaXZlbi4K
 K0BAIC00ODU2LDcgKzQ4NTYsNyBAQAogICAgICAgICAgICAgdGVzdCAiJHN2
 bl9hbGxvd2VkX25lb24iID0gImFueSI7IHRoZW4KICAgICAgICAgICAgICBz
 dm5fYWxsb3dlZF9uZW9uX29uX3N5c3RlbT0ieWVzIgogICAgICAgICAgICAg
 IFNWTl9ORU9OX0lOQ0xVREVTPWAkbmVvbl9jb25maWcgLS1jZmxhZ3MgfCBz
 ZWQgLWUgJ3MvLURbXiBdKi8vZydgCkBAIC05LDcgKzE4LDcgQEAKICAgICAg
 ICAgICAgICBDRkxBR1M9IiRDRkxBR1MgYCRuZW9uX2NvbmZpZyAtLWNmbGFn
 cyB8IHNlZCAtZSAncy8tSVteIF0qLy9nJ2AiCiAgICAgICAgICAgICAgc3Zu
 X2xpYl9uZW9uPSJ5ZXMiCiAgICAgICAgICAgICAgYnJlYWsKLUBAIC00MzQ1
 LDcgKzQzNDUsNyBAQAorQEAgLTUyMzYsNyArNTIzNiw3IEBACiAgICAgICAg
 ICAgICB0ZXN0ICIkc3ZuX2FsbG93ZWRfbmVvbiIgPSAiYW55IjsgdGhlbgog
 ICAgICAgICAgICAgIHN2bl9hbGxvd2VkX25lb25fb25fc3lzdGVtPSJ5ZXMi
 CiAgICAgICAgICAgICAgU1ZOX05FT05fSU5DTFVERVM9YCRuZW9uX2NvbmZp
 ZyAtLWNmbGFncyB8IHNlZCAtZSAncy8tRFteIF0qLy9nJ2AK
 
 --0-944737773-1220523260=:85565--
State-Changed-From-To: open->closed 
State-Changed-By: miwi 
State-Changed-When: Sat Sep 13 22:42:15 UTC 2008 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127085 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/127085: commit references a PR
Date: Sat, 13 Sep 2008 22:41:59 +0000 (UTC)

 miwi        2008-09-13 22:41:50 UTC
 
   FreeBSD ports repository
 
   Modified files:
     www/neon28           Makefile distinfo pkg-plist 
   Log:
   - Update to 0.28.3
   
   * SECURITY (CVE-2008-3746): Fix potential NULL pointer dereference
     in Digest domain parameter support; could allow a DoS by a
     malicious server
   
   PR:             127085
   Submitted by:   bf <bf2006a@yahoo.com>
   Approved by:    portmgr (linimon)
   Security:       http://www.vuxml.org/freebsd/755fa519-80a9-11dd-8de5-0030843d3802.html
   
   Revision  Changes    Path
   1.42      +4 -7      ports/www/neon28/Makefile
   1.29      +3 -3      ports/www/neon28/distinfo
   1.22      +0 -1      ports/www/neon28/pkg-plist
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
