Update "neon" package to version 0.29. Changes since version 0.28.5:

* Interface changes:
  o none, API and ABI backwards-compatible with 0.28.x and 0.27.x
* New interfaces and features:
  o added NTLM auth support for Unix builds (Kai Sommerfeld,
    Daniel Stenberg)
  o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes
  o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst)
  o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(),
    and ne_session.h:ne_session_socks_proxy()
  o added support for system-default proxies: ne_session_system_proxy(),
    implemented using libproxy where available
  o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag,
    SSL verification failure bits extended by NE_SSL_BADCHAIN and
    NE_SSL_REVOKED, better handling of failures within the cert chain
    (thanks to Ludwig Nussel)
  o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(),
    ne_iaddr_raw(), ne_iaddr_parse()
  o ne_string.h: ne_buffer_qappend(), ne_strnqdup()
* Deprecated interfaces:
  o ne_acl.h is obsoleted by ne_acl3744.h (but is still present)
  o obsolete feature "NE_FEATURE_SOCKS" now never marked present
* Other changes:
  o fix handling of "stale" flag in RFC2069-style Digest auth challenge
  o ne_free() implemented as a function on Win32 (thanks to Helge Hess)
  o symbol versioning used for new symbols, where supported
  o ensure SSL connections are closed cleanly with OpenSSL
  o fix build with OpenSSL 1.0 beta
  o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
  could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a
  certificate subject name; could allow an undetected MITM attack against
  an SSL server if a trusted CA issues such a cert.

Tested by Daniel Horecki with SVN client.

5 files changed, 20 insertions, 50 deletions

diff --git a/www/neon/Makefile b/www/neon/Makefile
index c31d2655937..d9a4a89fa47 100644
--- a/www/neon/Makefile
+++ b/www/neon/Makefile
@@ -1,12 +1,13 @@
-# $NetBSD: Makefile,v 1.48 2009/07/24 18:09:27 drochner Exp $
+# $NetBSD: Makefile,v 1.49 2009/09/14 16:48:43 tron Exp $
 
-DISTNAME=	neon-0.28.5
+DISTNAME=	neon-0.29.0
 CATEGORIES=	www
 MASTER_SITES=	http://www.webdav.org/neon/
 
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.webdav.org/neon/
 COMMENT=	HTTP and WebDAV client library
+LICENSE=	gnu-gpl-v2 AND gnu-lgpl-v2
 
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
 PKG_DESTDIR_SUPPORT=	user-destdir
diff --git a/www/neon/PLIST b/www/neon/PLIST
index 0501b03817c..a212687a7df 100644
--- a/www/neon/PLIST
+++ b/www/neon/PLIST
@@ -1,7 +1,8 @@
-@comment $NetBSD: PLIST,v 1.18 2009/06/14 22:00:29 joerg Exp $
+@comment $NetBSD: PLIST,v 1.19 2009/09/14 16:48:43 tron Exp $
 bin/neon-config
 include/neon/ne_207.h
 include/neon/ne_acl.h
+include/neon/ne_acl3744.h
 include/neon/ne_alloc.h
 include/neon/ne_auth.h
 include/neon/ne_basic.h
@@ -160,6 +161,7 @@ share/doc/${PKGNAME}/html/refstatus.html
 share/doc/${PKGNAME}/html/reftok.html
 share/doc/${PKGNAME}/html/refvers.html
 share/doc/${PKGNAME}/html/refxml.html
+share/doc/${PKGNAME}/html/security.html
 share/doc/${PKGNAME}/html/using.html
 share/doc/${PKGNAME}/html/xml.html
 share/locale/cs/LC_MESSAGES/neon.mo
diff --git a/www/neon/distinfo b/www/neon/distinfo
index 0b2406c4455..f8011ea4e6e 100644
--- a/www/neon/distinfo
+++ b/www/neon/distinfo
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.20 2009/07/24 18:06:04 drochner Exp $
+$NetBSD: distinfo,v 1.21 2009/09/14 16:48:43 tron Exp $
 
-SHA1 (neon-0.28.5.tar.gz) = cc07c9d2967cf9b290514ad2fc756abe1f854eba
-RMD160 (neon-0.28.5.tar.gz) = 21abcf12dd813bc464f6579995ff8912a9e1996e
-Size (neon-0.28.5.tar.gz) = 777079 bytes
-SHA1 (patch-aa) = e6284e486fa5789a65827a4d6c1b4d0911523774
-SHA1 (patch-ab) = 0a507c119c703f11de9ed6728e9de43a61fac5a9
+SHA1 (neon-0.29.0.tar.gz) = 8d2e1609b2a3b13a6e68e58c26b1d708302e05ef
+RMD160 (neon-0.29.0.tar.gz) = 338f6ff1589a01dee66cd31a72c45f3a57914ab8
+Size (neon-0.29.0.tar.gz) = 879186 bytes
+SHA1 (patch-ab) = da95144b8c4ebc7cdd5ae0dfdb86d457c43ec58d
diff --git a/www/neon/patches/patch-aa b/www/neon/patches/patch-aa
deleted file mode 100644
index 17312ecf714..00000000000
--- a/www/neon/patches/patch-aa
+++ /dev/null
@@ -1,32 +0,0 @@
-$NetBSD: patch-aa,v 1.1 2009/07/24 15:18:24 tnn Exp $
-
-add a local copy of SSL_SESSION_cmp which is missing in openssl 1.0.0 betas.
-based on hack found at: http://trac.macports.org/ticket/19124
-
---- src/ne_openssl.c.orig	2008-10-30 21:23:54.000000000 +0100
-+++ src/ne_openssl.c
-@@ -593,6 +593,15 @@ void ne_ssl_context_destroy(ne_ssl_conte
-     ne_free(ctx);
- }
- 
-+static int static_SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
-+{
-+    if (a->ssl_version != b->ssl_version)
-+        return(1);
-+    if (a->session_id_length != b->session_id_length)
-+        return(1);
-+    return(memcmp(a->session_id, b->session_id, a->session_id_length));
-+}
-+
- /* For internal use only. */
- int ne__negotiate_ssl(ne_session *sess)
- {
-@@ -675,7 +684,7 @@ int ne__negotiate_ssl(ne_session *sess)
-     if (ctx->sess) {
-         SSL_SESSION *newsess = SSL_get0_session(ssl);
-         /* Replace the session if it has changed. */ 
--        if (newsess != ctx->sess || SSL_SESSION_cmp(ctx->sess, newsess)) {
-+        if (newsess != ctx->sess || static_SSL_SESSION_cmp(ctx->sess, newsess)) {
-             SSL_SESSION_free(ctx->sess);
-             ctx->sess = SSL_get1_session(ssl); /* bumping the refcount */
-         }
diff --git a/www/neon/patches/patch-ab b/www/neon/patches/patch-ab
index 5523f63bf71..aadebb90c4d 100644
--- a/www/neon/patches/patch-ab
+++ b/www/neon/patches/patch-ab
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.1 2009/07/24 18:06:04 drochner Exp $
+$NetBSD: patch-ab,v 1.2 2009/09/14 16:48:44 tron Exp $
 
---- src/ne_socket.c.orig	2009-06-09 15:34:34.000000000 +0200
-+++ src/ne_socket.c
-@@ -1192,6 +1192,9 @@ static int do_bind(int fd, int peer_fami
+--- src/ne_socket.c.orig	2009-08-18 14:16:07.000000000 +0100
++++ src/ne_socket.c	2009-09-14 13:40:37.000000000 +0100
+@@ -1192,6 +1192,9 @@
          in6.sin6_port = htons(port);
          /* fill in the _family field for AIX 4.3, which forgets to do so. */
          in6.sin6_family = AF_INET6;
@@ -12,7 +12,7 @@ $NetBSD: patch-ab,v 1.1 2009/07/24 18:06:04 drochner Exp $
  
          return bind(fd, (struct sockaddr *)&in6, sizeof in6);
      } else
-@@ -1210,6 +1213,9 @@ static int do_bind(int fd, int peer_fami
+@@ -1210,6 +1213,9 @@
          }
          in.sin_port = htons(port);
          in.sin_family = AF_INET;
@@ -22,7 +22,7 @@ $NetBSD: patch-ab,v 1.1 2009/07/24 18:06:04 drochner Exp $
  
          return bind(fd, (struct sockaddr *)&in, sizeof in);
      }
-@@ -1328,7 +1334,7 @@ ne_inet_addr *ne_sock_peer(ne_socket *so
+@@ -1329,7 +1335,7 @@
  
      ia = ne_calloc(sizeof *ia);
  #ifdef USE_GETADDRINFO
@@ -30,8 +30,8 @@ $NetBSD: patch-ab,v 1.1 2009/07/24 18:06:04 drochner Exp $
 +    ia->ai_addr = ne_malloc(len);
      ia->ai_addrlen = len;
      memcpy(ia->ai_addr, sad, len);
-     ia->ai_family = sad->sa_family;
-@@ -1364,6 +1370,9 @@ ne_inet_addr *ne_iaddr_make(ne_iaddr_typ
+     ia->ai_family = saun.sa.sa_family;
+@@ -1365,6 +1371,9 @@
  	ia->ai_addr = (struct sockaddr *)in4;
  	ia->ai_addrlen = sizeof *in4;
  	in4->sin_family = AF_INET;
@@ -41,7 +41,7 @@ $NetBSD: patch-ab,v 1.1 2009/07/24 18:06:04 drochner Exp $
  	memcpy(&in4->sin_addr.s_addr, raw, sizeof in4->sin_addr.s_addr);
      }
  #ifdef AF_INET6
-@@ -1373,6 +1382,9 @@ ne_inet_addr *ne_iaddr_make(ne_iaddr_typ
+@@ -1374,6 +1383,9 @@
  	ia->ai_addr = (struct sockaddr *)in6;
  	ia->ai_addrlen = sizeof *in6;
  	in6->sin6_family = AF_INET6;