apply security fix (OpenPKG-SA-2004.024-neon, CAN-2004-0398)

sitecopy/sitecopy.patch

@@ -1,3 +1,5 @@
+Security Fix
+
 Index: libneon/ne_207.c
 --- libneon/ne_207.c.orig	2003-07-23 23:48:21.000000000 +0200
 +++ libneon/ne_207.c	2004-04-16 18:26:08.000000000 +0200
@@ -73,3 +75,48 @@ Index: libneon/ne_xml.c
  }
  
  #ifdef HAVE_LIBXML
+
+-----------------------------------------------------------------------------
+
+Security Fix
+OpenPKG-SA-2004.024-neon, CAN-2004-0398
+
+Index: libneon/ne_dates.c
+--- libneon/ne_dates.c.orig	2003-04-07 21:01:46.000000000 +0200
++++ libneon/ne_dates.c	2004-05-19 21:55:14.000000000 +0200
+@@ -47,7 +47,7 @@
+ /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */
+ #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT"
+ /* RFC850:  Sunday, 06-Nov-94 08:49:37 GMT */
+-#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT"
++#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT"
+ /* asctime: Wed Jun 30 21:49:08 1993 */
+ #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d"
+ 
+@@ -133,7 +133,7 @@
+ time_t ne_rfc1123_parse(const char *date) 
+ {
+     struct tm gmt = {0};
+-    static char wkday[4], mon[4];
++    char wkday[4], mon[4];
+     int n;
+ /*  it goes: Sun, 06 Nov 1994 08:49:37 GMT */
+     n = sscanf(date, RFC1123_FORMAT,
+@@ -156,7 +156,7 @@
+ {
+     struct tm gmt = {0};
+     int n;
+-    static char wkday[10], mon[4];
++    char wkday[11], mon[4];
+     /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */
+     n = sscanf(date, RFC1036_FORMAT,
+ 		wkday, &gmt.tm_mday, mon, &gmt.tm_year,
+@@ -189,7 +189,7 @@
+ {
+     struct tm gmt = {0};
+     int n;
+-    static char wkday[4], mon[4];
++    char wkday[4], mon[4];
+     n = sscanf(date, ASCTIME_FORMAT,
+ 		wkday, mon, &gmt.tm_mday, 
+ 		&gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,

sitecopy/sitecopy.spec

@@ -34,7 +34,7 @@ Class:        BASE
 Group:        Web
 License:      GPL
 Version:      0.13.4
-Release:      20040416
+Release:      20040519
 
 #   list of sources
 Source0:      http://www.lyra.org/sitecopy/sitecopy-%{version}.tar.gz

tla/tla.patch

@@ -1,3 +1,5 @@
+Security Fix
+
 Index: src/tla/libneon/ne_207.c
 --- src/tla/libneon/ne_207.c.orig	2003-12-06 20:35:28.000000000 +0100
 +++ src/tla/libneon/ne_207.c	2004-04-16 18:38:39.000000000 +0200
@@ -73,3 +75,48 @@ Index: src/tla/libneon/ne_xml.c
  }
  
  #ifdef HAVE_LIBXML
+
+-----------------------------------------------------------------------------
+
+Security Fix
+OpenPKG-SA-2004.024-neon, CAN-2004-0398
+
+Index: src/tla/libneon/ne_dates.c
+--- src/tla/libneon/ne_dates.c	2 May 2004 16:00:35 -0000	1.28.2.1
++++ src/tla/libneon/ne_dates.c	2 May 2004 18:21:53 -0000
+@@ -47,7 +47,7 @@
+ /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */
+ #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT"
+ /* RFC850:  Sunday, 06-Nov-94 08:49:37 GMT */
+-#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT"
++#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT"
+ /* asctime: Wed Jun 30 21:49:08 1993 */
+ #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d"
+ 
+@@ -133,7 +133,7 @@
+ time_t ne_rfc1123_parse(const char *date) 
+ {
+     struct tm gmt = {0};
+-    static char wkday[4], mon[4];
++    char wkday[4], mon[4];
+     int n;
+ /*  it goes: Sun, 06 Nov 1994 08:49:37 GMT */
+     n = sscanf(date, RFC1123_FORMAT,
+@@ -156,7 +156,7 @@
+ {
+     struct tm gmt = {0};
+     int n;
+-    static char wkday[10], mon[4];
++    char wkday[11], mon[4];
+     /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */
+     n = sscanf(date, RFC1036_FORMAT,
+ 		wkday, &gmt.tm_mday, mon, &gmt.tm_year,
+@@ -189,7 +189,7 @@
+ {
+     struct tm gmt = {0};
+     int n;
+-    static char wkday[4], mon[4];
++    char wkday[4], mon[4];
+     n = sscanf(date, ASCTIME_FORMAT,
+ 		wkday, mon, &gmt.tm_mday, 
+ 		&gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,

tla/tla.spec

@@ -34,7 +34,7 @@ Class:        EVAL
 Group:        SCM
 License:      GPL
 Version:      1.2
-Release:      20040416
+Release:      20040519
 
 #   list of sources
 Source0:      ftp://ftp.gnu.org/gnu/gnu-arch/tla-%{version}.tar.gz