- Update to release 1.6

* Fix buffer overflow in buildSmbNtlmAuth* function. CVE-2019-17455. [boo#1153669] OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libntlm?expand=0&rev=12
2020-06-09 19:27:48 +00:00 · 2020-06-09 19:27:48 +00:00 · d2f737b3f1
commit d2f737b3f1
parent 27e4278784
7 changed files with 35 additions and 102 deletions
--- a/libntlm-1.5.tar.gz
+++ b/libntlm-1.5.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:53d799f696a93b01fe877ccdef2326ed990c0b9f66e380bceaf7bd9cdcd99bbd
-size 658935
--- a/libntlm-1.5.tar.gz.sig
+++ b/libntlm-1.5.tar.gz.sig
--- a/libntlm-1.6.tar.gz
+++ b/libntlm-1.6.tar.gz
--- a/libntlm-1.6.tar.gz.sig
+++ b/libntlm-1.6.tar.gz.sig
--- a/libntlm.changes
+++ b/libntlm.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jun  9 19:25:34 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 1.6
+  * Fix buffer overflow in buildSmbNtlmAuth* function.
+    CVE-2019-17455. [boo#1153669]
+
 -------------------------------------------------------------------
 Thu Aug 22 06:31:19 UTC 2019 - Jan Engelhardt <jengelh@inai.de>

--- a/libntlm.keyring
+++ b/libntlm.keyring
@ -1,95 +1,23 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----

-mQHhBFOnKoEBDqCoGZ7KIeZI1cbNFHIVxywetihLsA24nv3bJa/kd7kgkjfxdlcl
-JNlJZPbQIttl4HE7M+mxPUVtvlJeIggI2xd6uyv/XrM9Wdy48hskNHX5umZ55yIP
-C+T1VYXIJYhFFJgTaahtfCrf6/gQKnC0TNhYiWw4GP33S1UgVTz5IBEr85W/QmN/
-iUtM75wyq12ntRR+LSxSEmnEF5pzoP5SgVUXdAZAJQVvLcu8L9opAdHj4C3IcvvS
-HKvp4h2zvnOwRwjjiObKxRTtNaxHO8Sfofxw5aiifL39bxAKuJl6Rrhd09xKIvqb
-qu/m8GqWiSyO6N8tTDgxBKGfgba3D1AQ+J+VkFj31Obm3R3GEpFRo1i1mQLgKqbq
-Gs0aoZqVMkP3fItzkw+pOuldgL4P94IoXJsWjt0x7F0ojX0CWYbQ9rYHrBCe01Mn
-Rgn6j8glZj6hQs7sSMW5eGA0HNew6g0WEYGC2IsDQV2rGpsLnbx7r9P/qIA+q42o
-VjxxNMaa6WXfQf6eBiOSYa/9HsophhdK4+eJOoD/n85Vb4qvT0yEjQQurfBnbGte
-bIsakyX+eLpfwD6RpDAe7irZaBSOBKWdKOlbCdIezblK8JuSJS/LLMAfPVsasgMA
-EQEAAbQiU2ltb24gSm9zZWZzc29uIDxzaW1vbkB5dWJpY28uY29tPokCJQQTAQoA
-OwIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgBYhBJqpvbEbsbmaIShaMwZkp2lUJl6M
-BQJcgNQ/BQkJ9m27AAoJEAZkp2lUJl6Mvv8Onj0cPSFZiKLC4t5bZjvhzzQ/1oCe
-J0MUFEpXj3VWK5qYdCF7mJV4jH/JAEY0E4hDfoGNj9hhecXkywHxtMXHvUxypblE
-IW8Zn12OYwCn6+9uxPQyFP+Kl4u104V6XwyKR3FG3i3MQVIVxrrpKpnVMpIQkWrJ
-6kfmGxOsfagwNpU4JmoT+rXq+y26hcxbwDu6JK3ZvYNOuUuoqPtui1ktSksChjdH
-s+WybCRvA/5yPuioDytnPmURIiq2L01T27+Oa/jpYRJepcfaoNw4CWA2HD/uZrZR
-NfFEkCACZxfwLdoeFYOn+nCx68YH8UVB8fMPlMUkI5vO+jVKENbOFThfG/i/QuK7
-Fc+pPmW3Doh23mE/7z/05IDB+zH/NJxqKvgmKgZ3/CREvJvGJA6uqMdIZ0OpXu14
-SfCx3aicHQFMFoz1chGKoc6fmHbSxTE9N6cwYbNay+tGrX3Q3YbhntHlpxps8bLr
-cfI4jWB6eAPLi6gwODO1x+iGBsr/5zUgd5KA8dCOSEqFVg9sEDgGVkvbU5dnqcb4
-F4WxP9BXOh6x/D9oItFmmG2vxT+X5s/RGEBsDYJHUBc3dEnOsj6icyGNcfCB3Izu
-xEuXPDGXqSi5dG5CTzgMhrQlU2ltb24gSm9zZWZzc29uIDxzaW1vbkBqb3NlZnNz
-b24ub3JnPokCKAQTAQoAPgIbAwgLCQgHDQwLCgUVCgkICwIeAQIXgAIZARYhBJqp
-vbEbsbmaIShaMwZkp2lUJl6MBQJcgNQ8BQkJ9m27AAoJEAZkp2lUJl6MBzwOoItH
-/QA684++gGXJzcmwdvocTx9hjtwVtEH/YuJCMUOEIdf8Jgps4UaUjSBiclP4SOPE
-fEbcRk5EJEE3+zzGHxXQ1xQVrnSJ9chFxYo4dXxdiColzpvo7+MN6bLuuop2fN4Y
-SJlkdrUZw2ds3CLJEgXuRpoPGF2fxH3bUvirDpJSdgUI/Dlg1lRSIHepd1Ce4Qdc
-VndKX5us0r6xFDgX1kg6wBOs9GfjR78PF8hSS5F5dtapQtZBCJtzi8UoBs9OmP/s
-Olnsf1QvO5C0gGz0CsM8AAZChGSRu4vsGCCPoJrCAEwnd9rqpfjQHIYme+nBmVjB
-+MfLhS+oZ4wIlzYiGUIIFWkZurMpXQFKC99JQp0lg42uqjSBWELhZJ4rldkWod5Y
-TzyDzvRtLf38vagk/glm2uWpSGmgqC9ENohL/ori31dQOV+08FXsAXvZIZBKOXoK
-xDCc/G4O4nAiH/ElnAo3y3MaOQLQS9HnMoXhqV+EJXng9P7WCy9gai9CY3gvk5J0
-FLry2i5Ju9ahPP0iwl0oGqseHQ2jgMyACGUENzb4SgjWzy4r7jyXrG87swKLJ8DD
-PE52clwQdTsJ2qnlpkvUZXZqTn/MnIY6Kdr2NkAo16zNd7kBDQRTpywoAQgAuXfb
-7fU/BvEJYrdGt6z75045hHILkH4r09D920I7jUbj28+7fCAG9Xqb57spkUjQ0tCF
-CNbIfcL1KXOiDQ2ubRPqeENO1MpWhgw9s2ld7RQyQna8gS2pHfTNGEg+5em+x1St
-CAmcSEOUp1cITB7+0FjBK8kLkF1tb/PX6dJz8Z7e62BZZCZ4/W+zxxQBqYp08XNr
-4pnVEy39qb6mYO7EofhNfsD1PN8mGj0Qp8jIVhwWazH7bKM8O5I5bM2Av4UvCw4c
-YNN8ajQWLItzHVypBZFxm920sQxGw6vDO3xFXIBEeedhZa2MGj+dYMZDWACIedG/
-ebkAS6LIN54jVdcIUwARAQABiQMvBBgBCgAmAhsCFiEEmqm9sRuxuZohKFozBmSn
-aVQmXowFAlyA1EYFCQn2bB4BKcBdIAQZAQoABgUCU6csKAAKCRCGC3+7MvgRnZbb
-B/9OnkUj3x1OYZ7UX3DxwJFqRWtkW80qJ37Y51YnF2LnF3Atdrbb6zaz4UCvhxln
-YZnXoir4UJL43qa4swd27KfSKoFH87wbFiCQTaQrvGN6xnrz/ac6aeSGZ7nhWOhx
-PANe7qrxNvprDRxVnOXO9fiAJv0v4Z7GEGO3JKHyTEfTNd+mi9LvDWkb3yPW5yh6
-ftEFdzv1o29BxcIzBgzvK5c6IiCTx71W548/xIcY9m3IaWgQV4dR25wR/Y95I5K5
-7F5LKwSbT2ZWDkwoDLgKMK+ypwftIwEmOQlFzuveSWSV07CCXBn+/S35Lv5GozfM
-kYJW+7raCNL+Wyc3JpYRjhrECRAGZKdpVCZejBM3Dp9iItiQHkSDZWCB7QjD2OM7
-+iFy0jIA2hsNMk/SUNLuOooKvMX5S0Hji9AwS2B+Q9EOXEGR5yrXa7ynFLOmvB+d
-i0y7WmBk0m/T8XUzOWKmE3ChalV6i93L9MJb2+oGLQA/smKQySiKFnbHIeHW5bXl
-uRQ6BXmqISOZ0ekkaP2DdmGNv2BmfGBIzRMJ8K17nueB2CKP4TMwlTOlALE0iiX/
-SFXs3GUu2gGRVBnqD6WB54rldOwhDS/cudoPraDQGgvHB4HS0DlBRDldmIjwgTUe
-DPPqKUtNjRPWGisW7uzASDKZfxctxGeGndwY0qMA+5cMfC4I2MEjuN/I8qoUXbai
-sP8Mxkbq+hSIYP12olU7Y77my31gPi8YnkdoZhMfalzQelRu9BPqJ96JGBg75DAD
-3+C1IC1fmSFltiAl3hN3jMRSkJajVtN3VLU7PvCcTBmpmpY7qRb3HltZkaArg1jw
-PNWeUxPHFB1mXMunk/y/9hQ2YcLz7f6PexvM+BsKB5eueXZfvklmCtXfR1BhelUF
-BoCjGrmuGQBAA7e00TZPVJU33HQgWLUhEDjgwXMDddUGJng9t1/ld0+sxjoXab/S
-+g9Nfmp+We1knZzBa3duPuZw2Aa5AQ0EU6csOAEIANSQ8a36jYicdSY0uq3WJUOe
-aIoatrI6a/wOmzMdA9hGb/DX59LLG+EUiwgENEQMValvoK0n3dJ4s4ZdVnL/F8OU
-8gvTA9hoSI074PuTZoyd+f01+UoGho3z3aAUALOFVoopaWu/svP6ZcdakA76I31W
-cV9Ws7Zg8iQUBUaxLpUHB/GiWNObxP+joqslOhqctU94YR723TppWUxOpE+r7C/1
-K/3Zd2TBPhDuCgWlxaaizyJx3vxyxsy6FvZSAoTUFkNMzfzHCG4W9eNzYREdnpLT
-+w13o3SrYAvl4LQ2v2vkm2VS9rJtMSVCWP7BBPgMtcq0+gxEchAArQoGg9W6Ci8A
-EQEAAYkCEAQYAQoAJgIbDBYhBJqpvbEbsbmaIShaMwZkp2lUJl6MBQJcgNRRBQkJ
-9mwZAAoJEAZkp2lUJl6MMYQOni3htJjzPvfW3i2yywrOjRhGP7p/qNL4Oa093RJ4
-8j5M19hSNn3Dr8DA/BAj1YMomzA44uaSz8kgo8pEUbuAAG7UKR9EpTgkOYUFqoWv
-e0MNBW6vuvrCx94vkyYp6fYn5GYtNWhPsI02l9G6mpydkuYk1yoSH3TTTKlWrPSt
-GlpAOzI79/vaz68OjTZpPa18cwjIUQmKDHyZNwcegbryj5E7RH7p6t3npdUTpeDE
-3muu6+i5m3SlTF8bkLGesYWLcQTUKt4rd48uvzzH0TAHrOHPXj6MPwWB7hI/dFEW
-7VUYkqC8IOITDCFLunQLtrNCchOmHvjJJdG+mf7d3eHF3oUMkizQG01Soi+3WxBH
-kNidT8ohMRTBplb2jDX53smRi3GlTk9Vt3LDQ51fxL0J0huRIn8Vs5jmLbruK+fN
-qavUZ8TNWwNX9AFSytKgzneirTjdyJqaN2SmlGir8kxOHU3ulMO2g3QdzI3szn/D
-uEBxPAspllU5wSsR3jRgtaBSOcQ85YZI5BGCzcKBFr/HL5ca0Yky3M66YnHm8Gj1
-x1ridrgmFImarReGOzqNYsobsQ9sfxKYcztOtJH0/mm2XrovAoKHRn6Aa/hptAbk
-+jT4UCfgOrkBDQRTpyxNAQgAxT/lDk2Sfjl8naZmypnRjlaCSc/LHu5TLNd/U/kz
-S68pNxBFhfhqmweFYM8c6xo8ADEo3kJADG+0m5/laWyX9SQzxQR6GCUJoOgl+JBU
-WhmU+gx22I4ImufVpHZBGE7Qeyj5GxVpXqP0WU9rt3/Hk3naz+3YUl9GszdJQ7rv
-8Aa8Hnc0lfgIj69dK0Ggk6dVfLCm4c+a8jlx0FtBnKbOia2kczFvqKChV95T6tKW
-Wu6i/RerBOLAxb7TnW0SaGUtW/PGmaxDRsfCkq3DMwEavVAZ9aZbBBuP9wUb/wYB
-x2hfnfe28udkdFVciF6S5ZHadVJOA/XEKbYGh+FAMiNb6wARAQABiQIQBBgBCgAm
-AhsgFiEEmqm9sRuxuZohKFozBmSnaVQmXowFAlyA1FYFCQn2bAkACgkQBmSnaVQm
-XoxM2w6gi18l4/+wovFoYdBJQUeGjkwbiesQuZbqWypl292Pt3PMcfiCENjl4+72
-8/t5jMuT5lUyjJqaIJ1tisMR4tq33rtqYkP9OQWKHp878pPpgci5bEhcijVOMr2U
-6duuieL4vqSgqPrgYriwzR9qaScLImgKOLgrpKLxkYAr6C5Qra1V5yUOMPxATm7/
-RzfcbQOfRISIVW7eL4jeC0/ov7pnfsMp/1axOecaF1oIoMD8No/sbtCG+gNKuP3W
-iM55PD5DVgW7MrkbpQQR9h4rLxzdtFBmeo5Uqtr9B/p57BNoUVdKkrrdjIaPfCGj
-W4eMqrucPNV2WTJPPD+OKvGSldxo6ZfgJfgAM2Gazc0BQ89QJ94lTgPE692pKIz6
-mQLnlh4VDnMygx9cKsHbj072XAJingHzrO0ILcvA0HoqUiE0vm9n/m8moYMiIgLW
-/lY1h+cGdw4c7V5Es7ZAsvMHE98BmGZz+HTiK3xexzaPetqTpC8OKsuQBO7zXOVb
-ZeHz97xkHdYbi0IDa6K4SQHs3HfvuWPoHUvsqX74vW4mB5/xeH5bXgaJuteTeSfi
-uQJkvYLSu3NEbWmzhJFmrOb2ctJRPdox9UvuVD1dXXofz9vd8K383DbX
-=C1PX
+mDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9fV+QlTmXxo2naObDuGtw5
+8YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9zZWZzc29uLm9yZz6IlgQT
+FggAPhYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJcks60AhsDBQkBHMQABQsJCAcC
+BhUICQoLAgQWAgMBAh4BAheAAAoJENc89jjFPAa+mrABAM8bSSGjIEtriABJteUo
+A/GAWJ+VnLoR44kc5QmQxhKsAQCNdRzLXCvDvYIAOIblRRetsGdFI0zdXA/Ey/NA
+0B9yALgzBFySz3UWCSsGAQQB2kcPAQEHQLzCFcHHrKzVSPDDarZPYqn89H5TPaxw
+cORgRg+4DagEiH4EGBYIACYWIQSx0r0Tdb7LeEz0+MTXPPY4xTwGvgUCXJLPdQIb
+IAUJARzEAAAKCRDXPPY4xTwGvuSSAP9+QE0ODSVcRYsmSMXzEEOaCwlthh22A1Cm
+XoV5s1yumwD/aVUqVN1Q0mSE6iab47Q2EklsCBTl8cSq/A1DcewQKQi4MwRcks+B
+FgkrBgEEAdpHDwEBB0DsUwiDmnlwMSNoSF+ByvW0E6TVXou9PKDa9SpZvKghioj1
+BBgWCAAmFiEEsdK9E3W+y3hM9PjE1zz2OMU8Br4FAlySz4ECGwIFCQEcxAAAgQkQ
+1zz2OMU8Br52IAQZFggAHRYhBKPMnIcLnTEKutTPL1FyKwj+R0WiBQJcks+BAAoJ
+EFFyKwj+R0Wip0wBAKAfjlqx5mAivAo69Q4D1B+yZ4TwZkdg24UeYz0URBLoAPoD
+jHlpi+hjqWj3ymC3DYc8OGZwJcUi2NcKtXgDQaYkDgouAQC5P99kv6H+PL9Bb3J9
+KLgFPno8ZTuf8yhTOM7Abx+WPgEA4Kb5+ouGszRJDPOMDSp0KuxMr/usFJn3Ty1s
+1g5rCA64OARcks9qEgorBgEEAZdVAQUBAQdAMZUbpg1up2WOwPlQn3pPVaRMejyZ
+nScmD7d5TRzHehwDAQgHiH4EGBYIACYWIQSx0r0Tdb7LeEz0+MTXPPY4xTwGvgUC
+XJLPagIbDAUJARzEAAAKCRDXPPY4xTwGvuJDAQCCxva8K4XD0gL2suFw4CfEqgx5
+vALCgNxO84q8VauV/QEAjZVwfkVoe8l+tbrZCa84gakLYv497xyl+nN8lOBSzQs=
+=Db1B
 -----END PGP PUBLIC KEY BLOCK-----
--- a/libntlm.spec
+++ b/libntlm.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libntlm
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,19 +18,19 @@

 Name:           libntlm
 %define lname	libntlm0
-Version:        1.5
+Version:        1.6
 Release:        0
 Summary:        Implementation of Microsoft's NTLMv1 authentication
 License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
-Url:            http://www.nongnu.org/libntlm/
+URL:            http://www.nongnu.org/libntlm/

-#Git-Clone:	git://git.savannah.nongnu.org/libntlm
+#Git-Clone:	https://gitlab.com/jas/libntlm.git/
 #DL-URL:	http://www.nongnu.org/libntlm/releases/
 Source:         http://www.nongnu.org/libntlm/releases/%name-%version.tar.gz
 Source2:        http://www.nongnu.org/libntlm/releases/%name-%version.tar.gz.sig
 Source3:        %name.keyring
-BuildRequires:  pkgconfig
+BuildRequires:  pkg-config

 %description
 Libntlm provides routines to manipulate the structures used for the
@ -74,12 +74,10 @@ make check
 %postun -n %lname -p /sbin/ldconfig

 %files -n %lname
-%defattr(-,root,root)
 %license COPYING
 %_libdir/libntlm.so.0*

 %files devel
-%defattr(-,root,root)
 %doc ChangeLog NEWS README
 %_includedir/ntlm.h
 %_libdir/libntlm.so