Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gssntlmssp for openSUSE:Factory checked in at 2023-02-16 16:55:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gssntlmssp (Old) and /work/SRC/openSUSE:Factory/.gssntlmssp.new.22824 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gssntlmssp" Thu Feb 16 16:55:34 2023 rev:2 rq:1065941 version:1.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gssntlmssp/gssntlmssp.changes 2020-02-28 15:21:35.213923124 +0100 +++ /work/SRC/openSUSE:Factory/.gssntlmssp.new.22824/gssntlmssp.changes 2023-02-16 16:55:48.498689811 +0100 @@ -1,0 +2,64 @@ +Wed Feb 15 10:48:14 UTC 2023 - Martin Hauke <mar...@gmx.de> + +- Adapt license changes from upstream + * LGPL-3.0-or-later -> ISC +- Upstream moved to github +- Update to version 1.2.0 + * Implement gss_set_cred_option. + * Allow to gss_wrap even if NEGOTIATE_SEAL is not negotiated. + * Move HMAC code to OpenSSL EVP API. + * Fix crash bug when acceptor credentials are NULL. + * Translations update from Fedora Weblate. + Fix CVE: + * CVE-2023-25563 (boo#1208278): multiple out-of-bounds read + when decoding NTLM fields. + * CVE-2023-25564 (boo#1208279): memory corruption when decoding + UTF16 strings. + * CVE-2023-25565 (boo#1208280): incorrect free when decoding + target information. + * CVE-2023-25566 (boo#1208281): memory leak when parsing + usernames. + * CVE-2023-25567 (boo#1208282): out-of-bounds read when + decoding target information. +- Update to version 1.1 + * various build fixes and better compatibility when a MIC is + requested. +- Update to version 1.0 + * Fix test_gssapi_rfc5587. + * Actually run tests with make check. + * Add two tests around NTLMSSP_NEGOTIATE_LMKEY. + * Refine LM compatibility level logic. + * Refactor the gssntlm_required_security function. + * Implement reading LM/NT hashes. + * Add test for smpasswd-like user files. + * Return confidentiality status. + * Fix segfault in sign/seal functions. + * Fix dummy signature generation. + * Use UCS16LE instead of UCS-2LE. + * Provide a zero lm key if the password is too long. + * Completely omit CBs AV pairs when no CB provided. + * Change license to the more permissive ISC. + * Do not require cached users with winbind. + * Add ability to pass keyfile via cred store. + * Remove unused parts of Makefile.am. + * Move attribute names to allocated strings. + * Adjust serialization for name attributes. + * Fix crash in acquiring credentials. + * Fix fallback to external_creds interface. + * Introduce parse_user_name() function. + * Add test for parse_user_name. + * Change how we assemble user names in ASC. + * Use thread local storage for winbind context. + * Make per thread winbind context optional. + * Fixed memleak of usr_cred. + * Support get_sids request via name attributes. + * Fixed memory leaks found by valgrind. +- Update to version 0.9 + * add support for getting session key. + * Add gss_inquire_attrs_for_mech(). + * Return actual data for RFC5587 API. + * Add new Windows version flags. + * Add Key exchange also when wanting integrity only. + * Drop support for GSS_C_MA_NOT_DFLT_MECH. + +------------------------------------------------------------------- Old: ---- gssntlmssp-v0.8.0.tar.gz New: ---- gssntlmssp-1.2.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gssntlmssp.spec ++++++ --- /var/tmp/diff_new_pack.vlmG4k/_old 2023-02-16 16:55:52.470705865 +0100 +++ /var/tmp/diff_new_pack.vlmG4k/_new 2023-02-16 16:55:52.474705881 +0100 @@ -1,7 +1,7 @@ # # spec file for package gssntlmssp # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: gssntlmssp -Version: 0.8.0 +Version: 1.2.0 Release: 0 Summary: GSSAPI NTLMSSP Mechanism -License: LGPL-3.0-or-later +License: ISC Group: Development/Languages/C and C++ -URL: https://pagure.io/gssntlmssp -Source: https://pagure.io/gssntlmssp/archive/v%{version}/%{name}-v%{version}.tar.gz +URL: https://github.com/gssapi/gss-ntlmssp +Source: https://github.com/gssapi/gss-ntlmssp/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: autoconf BuildRequires: automake BuildRequires: docbook-xsl-stylesheets @@ -53,7 +53,7 @@ A header file with definitions for custom GSSAPI extensions for NTLMSSP. %prep -%setup -q -n %{name}-v%{version} +%setup -q -n gss-ntlmssp-%{version} %build autoreconf -fiv @@ -66,8 +66,7 @@ %install %make_install -rm -f %{buildroot}%{_libdir}/gssntlmssp/gssntlmssp.la -rm -rf %{buildroot}%{_datadir}/doc/gssntlmssp/ +rm %{buildroot}%{_libdir}/gssntlmssp/gssntlmssp.la install -D -p -m0644 examples/mech.ntlmssp %{buildroot}%{_sysconfdir}/gss/mech.d/ntlmssp.conf %find_lang %{name} ++++++ gssntlmssp-v0.8.0.tar.gz -> gssntlmssp-1.2.0.tar.gz ++++++ ++++ 7509 lines of diff (skipped)