From d2f737b3f10f328ac921ae38e7eddf440d7cac56d919487578d114e137acbfce Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 9 Jun 2020 19:27:48 +0000 Subject: [PATCH] - Update to release 1.6 * Fix buffer overflow in buildSmbNtlmAuth* function. CVE-2019-17455. [boo#1153669] OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libntlm?expand=0&rev=12 --- libntlm-1.5.tar.gz | 3 -- libntlm-1.5.tar.gz.sig | Bin 310 -> 0 bytes libntlm-1.6.tar.gz | 3 ++ libntlm-1.6.tar.gz.sig | Bin 0 -> 119 bytes libntlm.changes | 7 +++ libntlm.keyring | 112 ++++++++--------------------------------- libntlm.spec | 12 ++--- 7 files changed, 35 insertions(+), 102 deletions(-) delete mode 100644 libntlm-1.5.tar.gz delete mode 100644 libntlm-1.5.tar.gz.sig create mode 100644 libntlm-1.6.tar.gz create mode 100644 libntlm-1.6.tar.gz.sig diff --git a/libntlm-1.5.tar.gz b/libntlm-1.5.tar.gz deleted file mode 100644 index 508dd87..0000000 --- a/libntlm-1.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:53d799f696a93b01fe877ccdef2326ed990c0b9f66e380bceaf7bd9cdcd99bbd -size 658935 diff --git a/libntlm-1.5.tar.gz.sig b/libntlm-1.5.tar.gz.sig deleted file mode 100644 index 8da89bd5a81187543369d9ce406bf5a69fe2ec0cef1b1c6e33a5eb68c77e2959..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j+gL0sXGT@F>L_<$yc3xB&Z_z|520$YG!YXAxf5QYnX zyE6C@o%w|a|3;sAh6_X86$P-@I>xxlOle#`Cj5 zjy{tHo5yVTkf){WuOo9K&M*APCNHpL#|y{&g%yjX> + +- Update to release 1.6 + * Fix buffer overflow in buildSmbNtlmAuth* function. + CVE-2019-17455. [boo#1153669] + ------------------------------------------------------------------- Thu Aug 22 06:31:19 UTC 2019 - Jan Engelhardt diff --git a/libntlm.keyring b/libntlm.keyring index 794d778..7eb2c4c 100644 --- a/libntlm.keyring +++ b/libntlm.keyring @@ -1,95 +1,23 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQHhBFOnKoEBDqCoGZ7KIeZI1cbNFHIVxywetihLsA24nv3bJa/kd7kgkjfxdlcl -JNlJZPbQIttl4HE7M+mxPUVtvlJeIggI2xd6uyv/XrM9Wdy48hskNHX5umZ55yIP -C+T1VYXIJYhFFJgTaahtfCrf6/gQKnC0TNhYiWw4GP33S1UgVTz5IBEr85W/QmN/ -iUtM75wyq12ntRR+LSxSEmnEF5pzoP5SgVUXdAZAJQVvLcu8L9opAdHj4C3IcvvS -HKvp4h2zvnOwRwjjiObKxRTtNaxHO8Sfofxw5aiifL39bxAKuJl6Rrhd09xKIvqb -qu/m8GqWiSyO6N8tTDgxBKGfgba3D1AQ+J+VkFj31Obm3R3GEpFRo1i1mQLgKqbq -Gs0aoZqVMkP3fItzkw+pOuldgL4P94IoXJsWjt0x7F0ojX0CWYbQ9rYHrBCe01Mn -Rgn6j8glZj6hQs7sSMW5eGA0HNew6g0WEYGC2IsDQV2rGpsLnbx7r9P/qIA+q42o -VjxxNMaa6WXfQf6eBiOSYa/9HsophhdK4+eJOoD/n85Vb4qvT0yEjQQurfBnbGte -bIsakyX+eLpfwD6RpDAe7irZaBSOBKWdKOlbCdIezblK8JuSJS/LLMAfPVsasgMA -EQEAAbQiU2ltb24gSm9zZWZzc29uIDxzaW1vbkB5dWJpY28uY29tPokCJQQTAQoA -OwIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBJqpvbEbsbmaIShaMwZkp2lUJl6M -BQJcgNQ/BQkJ9m27AAoJEAZkp2lUJl6Mvv8Onj0cPSFZiKLC4t5bZjvhzzQ/1oCe -J0MUFEpXj3VWK5qYdCF7mJV4jH/JAEY0E4hDfoGNj9hhecXkywHxtMXHvUxypblE -IW8Zn12OYwCn6+9uxPQyFP+Kl4u104V6XwyKR3FG3i3MQVIVxrrpKpnVMpIQkWrJ -6kfmGxOsfagwNpU4JmoT+rXq+y26hcxbwDu6JK3ZvYNOuUuoqPtui1ktSksChjdH -s+WybCRvA/5yPuioDytnPmURIiq2L01T27+Oa/jpYRJepcfaoNw4CWA2HD/uZrZR -NfFEkCACZxfwLdoeFYOn+nCx68YH8UVB8fMPlMUkI5vO+jVKENbOFThfG/i/QuK7 -Fc+pPmW3Doh23mE/7z/05IDB+zH/NJxqKvgmKgZ3/CREvJvGJA6uqMdIZ0OpXu14 -SfCx3aicHQFMFoz1chGKoc6fmHbSxTE9N6cwYbNay+tGrX3Q3YbhntHlpxps8bLr -cfI4jWB6eAPLi6gwODO1x+iGBsr/5zUgd5KA8dCOSEqFVg9sEDgGVkvbU5dnqcb4 -F4WxP9BXOh6x/D9oItFmmG2vxT+X5s/RGEBsDYJHUBc3dEnOsj6icyGNcfCB3Izu -xEuXPDGXqSi5dG5CTzgMhrQlU2ltb24gSm9zZWZzc29uIDxzaW1vbkBqb3NlZnNz -b24ub3JnPokCKAQTAQoAPgIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgAIZARYhBJqp -vbEbsbmaIShaMwZkp2lUJl6MBQJcgNQ8BQkJ9m27AAoJEAZkp2lUJl6MBzwOoItH -/QA684++gGXJzcmwdvocTx9hjtwVtEH/YuJCMUOEIdf8Jgps4UaUjSBiclP4SOPE -fEbcRk5EJEE3+zzGHxXQ1xQVrnSJ9chFxYo4dXxdiColzpvo7+MN6bLuuop2fN4Y -SJlkdrUZw2ds3CLJEgXuRpoPGF2fxH3bUvirDpJSdgUI/Dlg1lRSIHepd1Ce4Qdc -VndKX5us0r6xFDgX1kg6wBOs9GfjR78PF8hSS5F5dtapQtZBCJtzi8UoBs9OmP/s -Olnsf1QvO5C0gGz0CsM8AAZChGSRu4vsGCCPoJrCAEwnd9rqpfjQHIYme+nBmVjB -+MfLhS+oZ4wIlzYiGUIIFWkZurMpXQFKC99JQp0lg42uqjSBWELhZJ4rldkWod5Y -TzyDzvRtLf38vagk/glm2uWpSGmgqC9ENohL/ori31dQOV+08FXsAXvZIZBKOXoK -xDCc/G4O4nAiH/ElnAo3y3MaOQLQS9HnMoXhqV+EJXng9P7WCy9gai9CY3gvk5J0 -FLry2i5Ju9ahPP0iwl0oGqseHQ2jgMyACGUENzb4SgjWzy4r7jyXrG87swKLJ8DD -PE52clwQdTsJ2qnlpkvUZXZqTn/MnIY6Kdr2NkAo16zNd7kBDQRTpywoAQgAuXfb -7fU/BvEJYrdGt6z75045hHILkH4r09D920I7jUbj28+7fCAG9Xqb57spkUjQ0tCF -CNbIfcL1KXOiDQ2ubRPqeENO1MpWhgw9s2ld7RQyQna8gS2pHfTNGEg+5em+x1St -CAmcSEOUp1cITB7+0FjBK8kLkF1tb/PX6dJz8Z7e62BZZCZ4/W+zxxQBqYp08XNr -4pnVEy39qb6mYO7EofhNfsD1PN8mGj0Qp8jIVhwWazH7bKM8O5I5bM2Av4UvCw4c -YNN8ajQWLItzHVypBZFxm920sQxGw6vDO3xFXIBEeedhZa2MGj+dYMZDWACIedG/ -ebkAS6LIN54jVdcIUwARAQABiQMvBBgBCgAmAhsCFiEEmqm9sRuxuZohKFozBmSn -aVQmXowFAlyA1EYFCQn2bB4BKcBdIAQZAQoABgUCU6csKAAKCRCGC3+7MvgRnZbb -B/9OnkUj3x1OYZ7UX3DxwJFqRWtkW80qJ37Y51YnF2LnF3Atdrbb6zaz4UCvhxln -YZnXoir4UJL43qa4swd27KfSKoFH87wbFiCQTaQrvGN6xnrz/ac6aeSGZ7nhWOhx -PANe7qrxNvprDRxVnOXO9fiAJv0v4Z7GEGO3JKHyTEfTNd+mi9LvDWkb3yPW5yh6 -ftEFdzv1o29BxcIzBgzvK5c6IiCTx71W548/xIcY9m3IaWgQV4dR25wR/Y95I5K5 -7F5LKwSbT2ZWDkwoDLgKMK+ypwftIwEmOQlFzuveSWSV07CCXBn+/S35Lv5GozfM -kYJW+7raCNL+Wyc3JpYRjhrECRAGZKdpVCZejBM3Dp9iItiQHkSDZWCB7QjD2OM7 -+iFy0jIA2hsNMk/SUNLuOooKvMX5S0Hji9AwS2B+Q9EOXEGR5yrXa7ynFLOmvB+d -i0y7WmBk0m/T8XUzOWKmE3ChalV6i93L9MJb2+oGLQA/smKQySiKFnbHIeHW5bXl -uRQ6BXmqISOZ0ekkaP2DdmGNv2BmfGBIzRMJ8K17nueB2CKP4TMwlTOlALE0iiX/ -SFXs3GUu2gGRVBnqD6WB54rldOwhDS/cudoPraDQGgvHB4HS0DlBRDldmIjwgTUe -DPPqKUtNjRPWGisW7uzASDKZfxctxGeGndwY0qMA+5cMfC4I2MEjuN/I8qoUXbai -sP8Mxkbq+hSIYP12olU7Y77my31gPi8YnkdoZhMfalzQelRu9BPqJ96JGBg75DAD -3+C1IC1fmSFltiAl3hN3jMRSkJajVtN3VLU7PvCcTBmpmpY7qRb3HltZkaArg1jw -PNWeUxPHFB1mXMunk/y/9hQ2YcLz7f6PexvM+BsKB5eueXZfvklmCtXfR1BhelUF -BoCjGrmuGQBAA7e00TZPVJU33HQgWLUhEDjgwXMDddUGJng9t1/ld0+sxjoXab/S -+g9Nfmp+We1knZzBa3duPuZw2Aa5AQ0EU6csOAEIANSQ8a36jYicdSY0uq3WJUOe -aIoatrI6a/wOmzMdA9hGb/DX59LLG+EUiwgENEQMValvoK0n3dJ4s4ZdVnL/F8OU -8gvTA9hoSI074PuTZoyd+f01+UoGho3z3aAUALOFVoopaWu/svP6ZcdakA76I31W -cV9Ws7Zg8iQUBUaxLpUHB/GiWNObxP+joqslOhqctU94YR723TppWUxOpE+r7C/1 -K/3Zd2TBPhDuCgWlxaaizyJx3vxyxsy6FvZSAoTUFkNMzfzHCG4W9eNzYREdnpLT -+w13o3SrYAvl4LQ2v2vkm2VS9rJtMSVCWP7BBPgMtcq0+gxEchAArQoGg9W6Ci8A -EQEAAYkCEAQYAQoAJgIbDBYhBJqpvbEbsbmaIShaMwZkp2lUJl6MBQJcgNRRBQkJ -9mwZAAoJEAZkp2lUJl6MMYQOni3htJjzPvfW3i2yywrOjRhGP7p/qNL4Oa093RJ4 -8j5M19hSNn3Dr8DA/BAj1YMomzA44uaSz8kgo8pEUbuAAG7UKR9EpTgkOYUFqoWv -e0MNBW6vuvrCx94vkyYp6fYn5GYtNWhPsI02l9G6mpydkuYk1yoSH3TTTKlWrPSt -GlpAOzI79/vaz68OjTZpPa18cwjIUQmKDHyZNwcegbryj5E7RH7p6t3npdUTpeDE -3muu6+i5m3SlTF8bkLGesYWLcQTUKt4rd48uvzzH0TAHrOHPXj6MPwWB7hI/dFEW -7VUYkqC8IOITDCFLunQLtrNCchOmHvjJJdG+mf7d3eHF3oUMkizQG01Soi+3WxBH -kNidT8ohMRTBplb2jDX53smRi3GlTk9Vt3LDQ51fxL0J0huRIn8Vs5jmLbruK+fN -qavUZ8TNWwNX9AFSytKgzneirTjdyJqaN2SmlGir8kxOHU3ulMO2g3QdzI3szn/D -uEBxPAspllU5wSsR3jRgtaBSOcQ85YZI5BGCzcKBFr/HL5ca0Yky3M66YnHm8Gj1 -x1ridrgmFImarReGOzqNYsobsQ9sfxKYcztOtJH0/mm2XrovAoKHRn6Aa/hptAbk -+jT4UCfgOrkBDQRTpyxNAQgAxT/lDk2Sfjl8naZmypnRjlaCSc/LHu5TLNd/U/kz -S68pNxBFhfhqmweFYM8c6xo8ADEo3kJADG+0m5/laWyX9SQzxQR6GCUJoOgl+JBU -WhmU+gx22I4ImufVpHZBGE7Qeyj5GxVpXqP0WU9rt3/Hk3naz+3YUl9GszdJQ7rv -8Aa8Hnc0lfgIj69dK0Ggk6dVfLCm4c+a8jlx0FtBnKbOia2kczFvqKChV95T6tKW -Wu6i/RerBOLAxb7TnW0SaGUtW/PGmaxDRsfCkq3DMwEavVAZ9aZbBBuP9wUb/wYB -x2hfnfe28udkdFVciF6S5ZHadVJOA/XEKbYGh+FAMiNb6wARAQABiQIQBBgBCgAm -AhsgFiEEmqm9sRuxuZohKFozBmSnaVQmXowFAlyA1FYFCQn2bAkACgkQBmSnaVQm -XoxM2w6gi18l4/+wovFoYdBJQUeGjkwbiesQuZbqWypl292Pt3PMcfiCENjl4+72 -8/t5jMuT5lUyjJqaIJ1tisMR4tq33rtqYkP9OQWKHp878pPpgci5bEhcijVOMr2U -6duuieL4vqSgqPrgYriwzR9qaScLImgKOLgrpKLxkYAr6C5Qra1V5yUOMPxATm7/ -RzfcbQOfRISIVW7eL4jeC0/ov7pnfsMp/1axOecaF1oIoMD8No/sbtCG+gNKuP3W -iM55PD5DVgW7MrkbpQQR9h4rLxzdtFBmeo5Uqtr9B/p57BNoUVdKkrrdjIaPfCGj -W4eMqrucPNV2WTJPPD+OKvGSldxo6ZfgJfgAM2Gazc0BQ89QJ94lTgPE692pKIz6 -mQLnlh4VDnMygx9cKsHbj072XAJingHzrO0ILcvA0HoqUiE0vm9n/m8moYMiIgLW -/lY1h+cGdw4c7V5Es7ZAsvMHE98BmGZz+HTiK3xexzaPetqTpC8OKsuQBO7zXOVb -ZeHz97xkHdYbi0IDa6K4SQHs3HfvuWPoHUvsqX74vW4mB5/xeH5bXgaJuteTeSfi -uQJkvYLSu3NEbWmzhJFmrOb2ctJRPdox9UvuVD1dXXofz9vd8K383DbX -=C1PX +mDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9fV+QlTmXxo2naObDuGtw5 +8YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9zZWZzc29uLm9yZz6IlgQT +FggAPhYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJcks60AhsDBQkBHMQABQsJCAcC +BhUICQoLAgQWAgMBAh4BAheAAAoJENc89jjFPAa+mrABAM8bSSGjIEtriABJteUo +A/GAWJ+VnLoR44kc5QmQxhKsAQCNdRzLXCvDvYIAOIblRRetsGdFI0zdXA/Ey/NA +0B9yALgzBFySz3UWCSsGAQQB2kcPAQEHQLzCFcHHrKzVSPDDarZPYqn89H5TPaxw +cORgRg+4DagEiH4EGBYIACYWIQSx0r0Tdb7LeEz0+MTXPPY4xTwGvgUCXJLPdQIb +IAUJARzEAAAKCRDXPPY4xTwGvuSSAP9+QE0ODSVcRYsmSMXzEEOaCwlthh22A1Cm +XoV5s1yumwD/aVUqVN1Q0mSE6iab47Q2EklsCBTl8cSq/A1DcewQKQi4MwRcks+B +FgkrBgEEAdpHDwEBB0DsUwiDmnlwMSNoSF+ByvW0E6TVXou9PKDa9SpZvKghioj1 +BBgWCAAmFiEEsdK9E3W+y3hM9PjE1zz2OMU8Br4FAlySz4ECGwIFCQEcxAAAgQkQ +1zz2OMU8Br52IAQZFggAHRYhBKPMnIcLnTEKutTPL1FyKwj+R0WiBQJcks+BAAoJ +EFFyKwj+R0Wip0wBAKAfjlqx5mAivAo69Q4D1B+yZ4TwZkdg24UeYz0URBLoAPoD +jHlpi+hjqWj3ymC3DYc8OGZwJcUi2NcKtXgDQaYkDgouAQC5P99kv6H+PL9Bb3J9 +KLgFPno8ZTuf8yhTOM7Abx+WPgEA4Kb5+ouGszRJDPOMDSp0KuxMr/usFJn3Ty1s +1g5rCA64OARcks9qEgorBgEEAZdVAQUBAQdAMZUbpg1up2WOwPlQn3pPVaRMejyZ +nScmD7d5TRzHehwDAQgHiH4EGBYIACYWIQSx0r0Tdb7LeEz0+MTXPPY4xTwGvgUC +XJLPagIbDAUJARzEAAAKCRDXPPY4xTwGvuJDAQCCxva8K4XD0gL2suFw4CfEqgx5 +vALCgNxO84q8VauV/QEAjZVwfkVoe8l+tbrZCa84gakLYv497xyl+nN8lOBSzQs= +=Db1B -----END PGP PUBLIC KEY BLOCK----- diff --git a/libntlm.spec b/libntlm.spec index 9545f44..2739146 100644 --- a/libntlm.spec +++ b/libntlm.spec @@ -1,7 +1,7 @@ # # spec file for package libntlm # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,19 +18,19 @@ Name: libntlm %define lname libntlm0 -Version: 1.5 +Version: 1.6 Release: 0 Summary: Implementation of Microsoft's NTLMv1 authentication License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ -Url: http://www.nongnu.org/libntlm/ +URL: http://www.nongnu.org/libntlm/ -#Git-Clone: git://git.savannah.nongnu.org/libntlm +#Git-Clone: https://gitlab.com/jas/libntlm.git/ #DL-URL: http://www.nongnu.org/libntlm/releases/ Source: http://www.nongnu.org/libntlm/releases/%name-%version.tar.gz Source2: http://www.nongnu.org/libntlm/releases/%name-%version.tar.gz.sig Source3: %name.keyring -BuildRequires: pkgconfig +BuildRequires: pkg-config %description Libntlm provides routines to manipulate the structures used for the @@ -74,12 +74,10 @@ make check %postun -n %lname -p /sbin/ldconfig %files -n %lname -%defattr(-,root,root) %license COPYING %_libdir/libntlm.so.0* %files devel -%defattr(-,root,root) %doc ChangeLog NEWS README %_includedir/ntlm.h %_libdir/libntlm.so