head	1.3;
access;
symbols
	OPENPKG_E1_MP_HEAD:1.3
	OPENPKG_E1_MP:1.3
	OPENPKG_E1_MP_2_STABLE:1.3
	OPENPKG_E1_FP:1.3
	OPENPKG_2_STABLE_20061018:1.3
	OPENPKG_2_STABLE:1.3.0.10
	OPENPKG_2_STABLE_BP:1.3
	OPENPKG_2_5_SOLID:1.3.0.8
	OPENPKG_2_5_SOLID_BP:1.3
	OPENPKG_2_4_RELEASE:1.3
	OPENPKG_2_4_SOLID:1.3.0.6
	OPENPKG_2_4_SOLID_BP:1.3
	OPENPKG_2_3_RELEASE:1.3
	OPENPKG_2_3_SOLID:1.3.0.4
	OPENPKG_2_3_SOLID_BP:1.3
	OPENPKG_2_2_RELEASE:1.3
	OPENPKG_2_2_SOLID:1.3.0.2
	OPENPKG_2_2_SOLID_BP:1.3
	OPENPKG_2_1_RELEASE:1.2
	OPENPKG_2_1_SOLID:1.2.0.2
	OPENPKG_2_1_SOLID_BP:1.2
	OPENPKG_1_3_SOLID:1.1.0.4
	OPENPKG_2_0_SOLID:1.1.0.2;
locks; strict;
comment	@# @;


1.3
date	2004.09.12.18.11.11;	author rse;	state dead;
branches;
next	1.2;

1.2
date	2004.05.19.19.58.24;	author rse;	state Exp;
branches;
next	1.1;

1.1
date	2004.04.16.16.27.16;	author rse;	state Exp;
branches
	1.1.2.1
	1.1.4.1;
next	;

1.1.2.1
date	2004.04.16.16.31.07;	author rse;	state Exp;
branches;
next	1.1.2.2;

1.1.2.2
date	2004.05.19.20.05.24;	author rse;	state Exp;
branches;
next	;

1.1.4.1
date	2004.04.16.16.34.36;	author rse;	state Exp;
branches;
next	1.1.4.2;

1.1.4.2
date	2004.05.19.20.06.05;	author rse;	state Exp;
branches;
next	;


desc
@@


1.3
log
@upgrading package: sitecopy 0.13.4 -> 0.14.1
@
text
@Security Fix

Index: libneon/ne_207.c
--- libneon/ne_207.c.orig	2003-07-23 23:48:21.000000000 +0200
+++ libneon/ne_207.c	2004-04-16 18:26:08.000000000 +0200
@@@@ -320,12 +320,12 @@@@
 	if (ne_get_status(req)->code == 207) {
 	    if (!ne_xml_valid(p)) { 
 		/* The parse was invalid */
-		ne_set_error(sess, ne_xml_get_error(p));
+		ne_set_error(sess, "%s", ne_xml_get_error(p));
 		ret = NE_ERROR;
 	    } else if (ctx.is_error) {
 		/* If we've actually got any error information
 		 * from the 207, then set that as the error */
-		ne_set_error(sess, ctx.buf->data);
+		ne_set_error(sess, "%s", ctx.buf->data);
 		ret = NE_ERROR;
 	    }
 	} else if (ne_get_status(req)->klass != 2) {
Index: libneon/ne_auth.c
--- libneon/ne_auth.c.orig	2003-07-24 00:16:18.000000000 +0200
+++ libneon/ne_auth.c	2004-04-16 18:26:08.000000000 +0200
@@@@ -1062,7 +1062,7 @@@@
     if (areq->auth_info_hdr != NULL && 
 	verify_response(areq, sess, areq->auth_info_hdr)) {
 	NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n");
-	ne_set_error(sess->sess, _(sess->spec->fail_msg));
+	ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg));
 	ret = NE_ERROR;
     } else if (status->code == sess->spec->status_code && 
 	       areq->auth_hdr != NULL) {
Index: libneon/ne_locks.c
--- libneon/ne_locks.c.orig	2003-06-19 00:10:58.000000000 +0200
+++ libneon/ne_locks.c	2004-04-16 18:26:08.000000000 +0200
@@@@ -734,7 +734,7 @@@@
 	}
 	else if (parse_failed) {
 	    ret = NE_ERROR;
-	    ne_set_error(sess, ne_xml_get_error(parser));
+	    ne_set_error(sess, "%s", ne_xml_get_error(parser));
 	}
 	else if (ne_get_status(req)->code == 207) {
 	    ret = NE_ERROR;
@@@@ -802,7 +802,7 @@@@
     if (ret == NE_OK && ne_get_status(req)->klass == 2) {
 	if (parse_failed) {
 	    ret = NE_ERROR;
-	    ne_set_error(sess, ne_xml_get_error(parser));
+	    ne_set_error(sess, "%s", ne_xml_get_error(parser));
 	}
 	else if (ne_get_status(req)->code == 207) {
 	    ret = NE_ERROR;
Index: libneon/ne_props.c
--- libneon/ne_props.c.orig	2003-06-19 00:10:58.000000000 +0200
+++ libneon/ne_props.c	2004-04-16 18:26:08.000000000 +0200
@@@@ -142,7 +142,7 @@@@
     if (ret == NE_OK && ne_get_status(req)->klass != 2) {
 	ret = NE_ERROR;
     } else if (!ne_xml_valid(handler->parser)) {
-	ne_set_error(handler->sess, ne_xml_get_error(handler->parser));
+	ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser));
 	ret = NE_ERROR;
     }
 
Index: libneon/ne_xml.c
--- libneon/ne_xml.c.orig	2003-05-10 18:05:59.000000000 +0200
+++ libneon/ne_xml.c	2004-04-16 18:26:08.000000000 +0200
@@@@ -538,7 +538,7 @@@@
 
 void ne_xml_set_error(ne_xml_parser *p, const char *msg)
 {
-    ne_snprintf(p->error, ERR_SIZE, msg);
+    ne_snprintf(p->error, ERR_SIZE, "%s", msg);
 }
 
 #ifdef HAVE_LIBXML

-----------------------------------------------------------------------------

Security Fix
OpenPKG-SA-2004.024-neon, CAN-2004-0398

Index: libneon/ne_dates.c
--- libneon/ne_dates.c.orig	2003-04-07 21:01:46.000000000 +0200
+++ libneon/ne_dates.c	2004-05-19 21:55:14.000000000 +0200
@@@@ -47,7 +47,7 @@@@
 /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */
 #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT"
 /* RFC850:  Sunday, 06-Nov-94 08:49:37 GMT */
-#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT"
+#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT"
 /* asctime: Wed Jun 30 21:49:08 1993 */
 #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d"
 
@@@@ -133,7 +133,7 @@@@
 time_t ne_rfc1123_parse(const char *date) 
 {
     struct tm gmt = {0};
-    static char wkday[4], mon[4];
+    char wkday[4], mon[4];
     int n;
 /*  it goes: Sun, 06 Nov 1994 08:49:37 GMT */
     n = sscanf(date, RFC1123_FORMAT,
@@@@ -156,7 +156,7 @@@@
 {
     struct tm gmt = {0};
     int n;
-    static char wkday[10], mon[4];
+    char wkday[11], mon[4];
     /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */
     n = sscanf(date, RFC1036_FORMAT,
 		wkday, &gmt.tm_mday, mon, &gmt.tm_year,
@@@@ -189,7 +189,7 @@@@
 {
     struct tm gmt = {0};
     int n;
-    static char wkday[4], mon[4];
+    char wkday[4], mon[4];
     n = sscanf(date, ASCTIME_FORMAT,
 		wkday, mon, &gmt.tm_mday, 
 		&gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,
@


1.2
log
@apply security fix (OpenPKG-SA-2004.024-neon, CAN-2004-0398)
@
text
@@


1.1
log
@apply security fix (OpenPKG-SA-2004.016-neon; CAN-2004-0179)
@
text
@d1 2
d78 45
@


1.1.4.1
log
@apply security fix (OpenPKG-SA-2004.016-neon; CAN-2004-0179)
@
text
@@


1.1.4.2
log
@apply security fix (OpenPKG-SA-2004.024-neon, CAN-2004-0398)
@
text
@a75 45

-----------------------------------------------------------------------------

Security Fix
OpenPKG-SA-2004.024-neon, CAN-2004-0398

Index: libneon/ne_dates.c
--- libneon/ne_dates.c.orig	2003-04-07 21:01:46.000000000 +0200
+++ libneon/ne_dates.c	2004-05-19 21:55:14.000000000 +0200
@@@@ -47,7 +47,7 @@@@
 /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */
 #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT"
 /* RFC850:  Sunday, 06-Nov-94 08:49:37 GMT */
-#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT"
+#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT"
 /* asctime: Wed Jun 30 21:49:08 1993 */
 #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d"
 
@@@@ -133,7 +133,7 @@@@
 time_t ne_rfc1123_parse(const char *date) 
 {
     struct tm gmt = {0};
-    static char wkday[4], mon[4];
+    char wkday[4], mon[4];
     int n;
 /*  it goes: Sun, 06 Nov 1994 08:49:37 GMT */
     n = sscanf(date, RFC1123_FORMAT,
@@@@ -156,7 +156,7 @@@@
 {
     struct tm gmt = {0};
     int n;
-    static char wkday[10], mon[4];
+    char wkday[11], mon[4];
     /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */
     n = sscanf(date, RFC1036_FORMAT,
 		wkday, &gmt.tm_mday, mon, &gmt.tm_year,
@@@@ -189,7 +189,7 @@@@
 {
     struct tm gmt = {0};
     int n;
-    static char wkday[4], mon[4];
+    char wkday[4], mon[4];
     n = sscanf(date, ASCTIME_FORMAT,
 		wkday, mon, &gmt.tm_mday, 
 		&gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,
@


1.1.2.1
log
@apply security fix (OpenPKG-SA-2004.016-neon; CAN-2004-0179)
@
text
@@


1.1.2.2
log
@apply security fix (OpenPKG-SA-2004.024-neon, CAN-2004-0398)
@
text
@a75 45

-----------------------------------------------------------------------------

Security Fix
OpenPKG-SA-2004.024-neon, CAN-2004-0398

Index: libneon/ne_dates.c
--- libneon/ne_dates.c.orig	2003-04-07 21:01:46.000000000 +0200
+++ libneon/ne_dates.c	2004-05-19 21:55:14.000000000 +0200
@@@@ -47,7 +47,7 @@@@
 /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */
 #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT"
 /* RFC850:  Sunday, 06-Nov-94 08:49:37 GMT */
-#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT"
+#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT"
 /* asctime: Wed Jun 30 21:49:08 1993 */
 #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d"
 
@@@@ -133,7 +133,7 @@@@
 time_t ne_rfc1123_parse(const char *date) 
 {
     struct tm gmt = {0};
-    static char wkday[4], mon[4];
+    char wkday[4], mon[4];
     int n;
 /*  it goes: Sun, 06 Nov 1994 08:49:37 GMT */
     n = sscanf(date, RFC1123_FORMAT,
@@@@ -156,7 +156,7 @@@@
 {
     struct tm gmt = {0};
     int n;
-    static char wkday[10], mon[4];
+    char wkday[11], mon[4];
     /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */
     n = sscanf(date, RFC1036_FORMAT,
 		wkday, &gmt.tm_mday, mon, &gmt.tm_year,
@@@@ -189,7 +189,7 @@@@
 {
     struct tm gmt = {0};
     int n;
-    static char wkday[4], mon[4];
+    char wkday[4], mon[4];
     n = sscanf(date, ASCTIME_FORMAT,
 		wkday, mon, &gmt.tm_mday, 
 		&gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,
@