head	1.4;
access;
symbols
	OPENPKG_E1_MP_HEAD:1.4
	OPENPKG_E1_MP:1.4;
locks; strict;
comment	@# @;


1.4
date	2005.03.23.08.31.49;	author rse;	state dead;
branches;
next	1.3;

1.3
date	2004.08.21.18.10.51;	author rse;	state Exp;
branches;
next	1.2;

1.2
date	2004.05.19.20.01.22;	author rse;	state Exp;
branches;
next	1.1;

1.1
date	2004.04.16.16.40.52;	author rse;	state Exp;
branches;
next	;


desc
@@


1.4
log
@upgrading package: tla 1.3 -> 1.3.1
@
text
@Security Fixes.

Index: src/tla/libneon/ne_dates.c
--- src/tla/libneon/ne_dates.c.orig	2003-12-06 20:35:28 +0100
+++ src/tla/libneon/ne_dates.c	2004-08-21 19:59:05 +0200
@@@@ -47,7 +47,7 @@@@
 /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */
 #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT"
 /* RFC850:  Sunday, 06-Nov-94 08:49:37 GMT */
-#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT"
+#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT"
 /* asctime: Wed Jun 30 21:49:08 1993 */
 #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d"
 
@@@@ -133,7 +133,7 @@@@
 time_t ne_rfc1123_parse(const char *date) 
 {
     struct tm gmt = {0};
-    static char wkday[4], mon[4];
+    char wkday[4], mon[4];
     int n;
 /*  it goes: Sun, 06 Nov 1994 08:49:37 GMT */
     n = sscanf(date, RFC1123_FORMAT,
@@@@ -156,7 +156,7 @@@@
 {
     struct tm gmt = {0};
     int n;
-    static char wkday[10], mon[4];
+    char wkday[11], mon[4];
     /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */
     n = sscanf(date, RFC1036_FORMAT,
 		wkday, &gmt.tm_mday, mon, &gmt.tm_year,
@@@@ -189,7 +189,7 @@@@
 {
     struct tm gmt = {0};
     int n;
-    static char wkday[4], mon[4];
+    char wkday[4], mon[4];
     n = sscanf(date, ASCTIME_FORMAT,
 		wkday, mon, &gmt.tm_mday, 
 		&gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,
@


1.3
log
@upgrading package: tla 1.2 -> 1.2.1
@
text
@@


1.2
log
@apply security fix (OpenPKG-SA-2004.024-neon, CAN-2004-0398)
@
text
@d1 1
a1 82
Security Fix

Index: src/tla/libneon/ne_207.c
--- src/tla/libneon/ne_207.c.orig	2003-12-06 20:35:28.000000000 +0100
+++ src/tla/libneon/ne_207.c	2004-04-16 18:38:39.000000000 +0200
@@@@ -320,12 +320,12 @@@@
 	if (ne_get_status(req)->code == 207) {
 	    if (!ne_xml_valid(p)) { 
 		/* The parse was invalid */
-		ne_set_error(sess, ne_xml_get_error(p));
+		ne_set_error(sess, "%s", ne_xml_get_error(p));
 		ret = NE_ERROR;
 	    } else if (ctx.is_error) {
 		/* If we've actually got any error information
 		 * from the 207, then set that as the error */
-		ne_set_error(sess, ctx.buf->data);
+		ne_set_error(sess, "%s", ctx.buf->data);
 		ret = NE_ERROR;
 	    }
 	} else if (ne_get_status(req)->klass != 2) {
Index: src/tla/libneon/ne_auth.c
--- src/tla/libneon/ne_auth.c.orig	2003-12-06 20:35:28.000000000 +0100
+++ src/tla/libneon/ne_auth.c	2004-04-16 18:38:39.000000000 +0200
@@@@ -950,7 +950,7 @@@@
     if (areq->auth_info_hdr != NULL && 
 	verify_response(areq, sess, areq->auth_info_hdr)) {
 	NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n");
-	ne_set_error(sess->sess, _(sess->spec->fail_msg));
+	ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg));
 	ret = NE_ERROR;
     } else if (status->code == sess->spec->status_code && 
 	       areq->auth_hdr != NULL) {
Index: src/tla/libneon/ne_locks.c
--- src/tla/libneon/ne_locks.c.orig	2003-12-06 20:35:28.000000000 +0100
+++ src/tla/libneon/ne_locks.c	2004-04-16 18:38:39.000000000 +0200
@@@@ -734,7 +734,7 @@@@
 	}
 	else if (parse_failed) {
 	    ret = NE_ERROR;
-	    ne_set_error(sess, ne_xml_get_error(parser));
+	    ne_set_error(sess, "%s", ne_xml_get_error(parser));
 	}
 	else if (ne_get_status(req)->code == 207) {
 	    ret = NE_ERROR;
@@@@ -802,7 +802,7 @@@@
     if (ret == NE_OK && ne_get_status(req)->klass == 2) {
 	if (parse_failed) {
 	    ret = NE_ERROR;
-	    ne_set_error(sess, ne_xml_get_error(parser));
+	    ne_set_error(sess, "%s", ne_xml_get_error(parser));
 	}
 	else if (ne_get_status(req)->code == 207) {
 	    ret = NE_ERROR;
Index: src/tla/libneon/ne_props.c
--- src/tla/libneon/ne_props.c.orig	2003-12-06 20:35:28.000000000 +0100
+++ src/tla/libneon/ne_props.c	2004-04-16 18:38:39.000000000 +0200
@@@@ -142,7 +142,7 @@@@
     if (ret == NE_OK && ne_get_status(req)->klass != 2) {
 	ret = NE_ERROR;
     } else if (!ne_xml_valid(handler->parser)) {
-	ne_set_error(handler->sess, ne_xml_get_error(handler->parser));
+	ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser));
 	ret = NE_ERROR;
     }
 
Index: src/tla/libneon/ne_xml.c
--- src/tla/libneon/ne_xml.c.orig	2003-12-06 20:35:29.000000000 +0100
+++ src/tla/libneon/ne_xml.c	2004-04-16 18:38:39.000000000 +0200
@@@@ -538,7 +538,7 @@@@
 
 void ne_xml_set_error(ne_xml_parser *p, const char *msg)
 {
-    ne_snprintf(p->error, ERR_SIZE, msg);
+    ne_snprintf(p->error, ERR_SIZE, "%s", msg);
 }
 
 #ifdef HAVE_LIBXML

-----------------------------------------------------------------------------

Security Fix
OpenPKG-SA-2004.024-neon, CAN-2004-0398
d4 2
a5 2
--- src/tla/libneon/ne_dates.c	2 May 2004 16:00:35 -0000	1.28.2.1
+++ src/tla/libneon/ne_dates.c	2 May 2004 18:21:53 -0000
@


1.1
log
@apply security fix (OpenPKG-SA-2004.016-neon; CAN-2004-0179)
@
text
@d1 2
d78 45
@