neon: release 0.28.3 (SECURITY)

Joe Orton joe at
Wed Aug 20 15:49:59 EDT 2008

 MD5: 47599a328862ce64ac3c52726d6daa12  neon-0.28.3.tar.gz
SHA1: 544a92dbfba144ec600506cadbda92ae0b0eb9b0  neon-0.28.3.tar.gz

Changes in release 0.28.3:
* SECURITY (CVE-2008-3746): Fix potential NULL pointer dereference in
  Digest domain parameter support; could allow a DoS by a malicious server
* Fix parsing of *-Authenticate response header with LWS after quoted value
* Fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash)
* Fix to disable Nagle on Win32 with newer toolchain (thanks to Stefan Küng)
* Fix build on Netware (Guenter Knauf)
* Document existing ne_uri_parse() API postcondition and ne_uri_resolve()
  pre/postconditions regarding the ->path field in ne_uri structures 
* Mark ne_{,buffer_}concat with sentinel attribute for GCC >= 4.
* Distinguish the error message for an SSL handshake which fails after a 
 client cert was requested.
* Compile with PIC flags by default even for static library builds

More information about the neon mailing list