libntlm (1.5-1+deb10u1) buster; urgency=medium * Non-maintainer upload * Fix buffer overflow. CVE-2019-17455: Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Closes: #942145 * Add regression test for CVE-2019-17455 -- Anton Gladky Sat, 23 May 2020 21:18:56 +0200 libntlm (1.5-1) unstable; urgency=low * New upstream version. * Bump debhelper/compat from 9 to 11. - Drop --parallel and --with autoreconf. - Drop Build-Depends on dh-autoreconf. * Update Standards-Version from 3.9.8 to 4.2.0. * Reflect move to salsa in Vcs-* URLs. * Change maintainer to pkg-auth-maintainers instead of pkg-xmpp-devel. * Update copyright file (no license changes). * Use https watch URI. * Make libntlm0-dev Multi-Arch: same. -- Simon Josefsson Fri, 24 Aug 2018 22:03:11 +0200 libntlm (1.4-8) unstable; urgency=low * Use https URLs in Vcs-Browser and Vcs-Git. * Update Standards-Version from 3.9.6 to 3.9.8. * Build with hardening=+all. -- Simon Josefsson Mon, 18 Jul 2016 14:59:25 +0200 libntlm (1.4-7) unstable; urgency=low * Move to collab-maint. Closes: #781202. * Add debian/gbp.conf and update debian/README.source. * Silence description-contains-invalid-control-statement. -- Simon Josefsson Tue, 21 Apr 2015 09:10:45 +0200 libntlm (1.4-6) unstable; urgency=low * Bump Standards-Version from 3.9.5 to 3.9.6. -- Simon Josefsson Sat, 03 Jan 2015 00:02:40 +0100 libntlm (1.4-5) unstable; urgency=low * Clarify gnulib files in copyright. Mention ntlm.h* too. -- Simon Josefsson Thu, 13 Nov 2014 12:51:10 +0100 libntlm (1.4-4) unstable; urgency=low * Don't use autotools-dev since we use dh-autoreconf. -- Simon Josefsson Mon, 15 Sep 2014 23:12:47 +0200 libntlm (1.4-3) unstable; urgency=low * Fix License: header in copyright to silence lintian. -- Simon Josefsson Fri, 12 Sep 2014 16:00:52 +0200 libntlm (1.4-2) unstable; urgency=low * Add debian/upstream-signing-key.pgp. * Improve watch file (pgp). * Bump Standards-Version from 3.9.4 to 3.9.5. * Use dh --parallel. -- Simon Josefsson Tue, 22 Apr 2014 20:20:18 +0200 libntlm (1.4-1) unstable; urgency=low * New upstream version. - Calls AM_PROG_AR. Closes: #713321 - Tarball contains all files. Dropping the dh_auto_clean workaround. -- Simon Josefsson Mon, 08 Jul 2013 11:23:20 +0200 libntlm (1.2-3) unstable; urgency=low * Moved from experimental to unstable. -- Simon Josefsson Tue, 14 May 2013 11:18:36 +0200 libntlm (1.2-2) experimental; urgency=low * Add README.source. * Bump compat from 5 to 9. * Build-Depend on autotools-dev and dh-autoreconf. * Bump Standards-Version from 3.8.4 to 3.9.4. * Update Homepage field with current URL. * Add Vcs-Git and Vcs-Browser fields. * Make multiarch friendly. * Use machine readable copyright file. * Drop *.dirs files. * Add libntlm0.symbols file. * Rewrite rules file, now uses "dh". * Added source/format as 3.0 (quilt). * Update watch file. -- Simon Josefsson Sat, 11 May 2013 23:37:28 +0200 libntlm (1.2-1) unstable; urgency=low * New Upstream Version. Closes: #554722 * Add ${misc:Depends} to binaries' Depends since we use debhelper. This makes lintian happier. * Update Standards-Version to 3.8.4. We still use GNU style variables for architecture specification, but that's because we use them with upstream build system, as allowed by policy. * Change Maintainer to XMPP team and add Simon Josefsson as uploader. -- Thadeu Lima de Souza Cascardo Tue, 30 Mar 2010 12:26:30 -0300 libntlm (1.1-1) unstable; urgency=low * New Upstream Version * Remove test.txt from debian docs, thanks Ted Percival. Closes: #471587 * Backup and restore autogenerated files. * There's no /usr/share/pkgconfig/ any more. * Remove autotools-dev build-dependency. * Complies with Standards Version 3.8.2. -- Thadeu Lima de Souza Cascardo Sat, 11 Jul 2009 22:49:39 -0300 libntlm (1.0-1) UNRELEASED; urgency=low * New upstream release. * Updates debhelper compat level to 5. * Uses Homepage header field instead of pseudo-header in description. * Package complies with policy 3.7.3 since last version. * Package complies with policy 3.8.1 (only required change was homepage). * Backup and restore autoconf files in configure and clean rules. -- Thadeu Lima de Souza Cascardo Wed, 01 Apr 2009 13:57:00 -0300 libntlm (0.3.13-1) unstable; urgency=low * New upstream release (Closes: #432220) * New maintainer (Closes: #443445) * Uses substvar binary:Version instead of Source-Version for binary NMUs * Complies with policy 3.7.2.2 * Does not ignore make clean errors -- Thadeu Lima de Souza Cascardo Fri, 21 Sep 2007 10:14:45 -0300 libntlm (0.3.10-1) unstable; urgency=low * Initial release (Closes: #364073). -- Yvan Bassuel Fri, 21 Apr 2006 15:34:54 +0200