From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id HhQAL16Vql6LWAAA0tVLHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 30 Apr 2020 09:07:42 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id 6HPDDWeVql7cLgAAB5/wlQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 30 Apr 2020 09:07:51 +0000
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:470:142::17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 45D7C941238
	for <larch@yhetil.org>; Thu, 30 Apr 2020 09:07:50 +0000 (UTC)
Received: from localhost ([::1]:43264 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1jU5Ac-0006Oa-A2
	for larch@yhetil.org; Thu, 30 Apr 2020 05:07:50 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:45424)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jU5AQ-0006DJ-Nw
 for guix-patches@gnu.org; Thu, 30 Apr 2020 05:07:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jU59r-00052J-6x
 for guix-patches@gnu.org; Thu, 30 Apr 2020 05:07:38 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:33804)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jU59q-00052E-QX
 for guix-patches@gnu.org; Thu, 30 Apr 2020 05:07:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jU59q-00081s-LJ
 for guix-patches@gnu.org; Thu, 30 Apr 2020 05:07:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#40979] [PATCH] gnu: libntlm: Update to 1.6 [fixes
 CVE-2019-17455].
Resent-From: Simon Josefsson <simon@josefsson.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 30 Apr 2020 09:07:02 +0000
Resent-Message-ID: <handler.40979.B.158823758130812@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 40979
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 40979@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.158823758130812
 (code B ref -1); Thu, 30 Apr 2020 09:07:02 +0000
Received: (at submit) by debbugs.gnu.org; 30 Apr 2020 09:06:21 +0000
Received: from localhost ([127.0.0.1]:45350 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1jU58x-00080g-Bl
 for submit@debbugs.gnu.org; Thu, 30 Apr 2020 05:06:21 -0400
Received: from lists.gnu.org ([209.51.188.17]:48294)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@josefsson.org>) id 1jU58s-00080V-Hg
 for submit@debbugs.gnu.org; Thu, 30 Apr 2020 05:06:06 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:45264)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <simon@josefsson.org>) id 1jU58q-0005SO-5r
 for guix-patches@gnu.org; Thu, 30 Apr 2020 05:06:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1)
 (envelope-from <simon@josefsson.org>) id 1jU58f-0003nn-0p
 for guix-patches@gnu.org; Thu, 30 Apr 2020 05:05:59 -0400
Received: from duva.sjd.se ([2001:9b1:8633::105]:46894)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <simon@josefsson.org>)
 id 1jU58e-0003nF-8J
 for guix-patches@gnu.org; Thu, 30 Apr 2020 05:05:48 -0400
Received: from latte (31-208-42-58.cust.bredband2.com [31.208.42.58])
 (authenticated bits=0)
 by duva.sjd.se (8.15.2/8.15.2/Debian-8) with ESMTPSA id 03U95YGd021076
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <guix-patches@gnu.org>; Thu, 30 Apr 2020 09:05:36 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=josefsson.org;
 s=default; t=1588237536;
 bh=vDZLBNxsPrZFO49RMflPlf8IHZuXZzomxM3ed9T9awY=;
 h=From:To:Subject:Date:From;
 b=AsPaQBpvs0VzHdsnGERR/Au+wZFAHnEyrY2RR0mdSNMx7NLa5uj3u9rQ5Kv4Z4yk8
 3cs9jhjGCbsi4u79xa128g0fTZLbxTF/pJdDsqEUWtakN10GdB6184cGm7zRXANBPQ
 WvHzJwzrm7wdUjHPrpQVLBrkG09anRRqBOWOiFzVjzmEMnPGKFRYv5YmsPg+3oYyxQ
 wlqcBM/FBjBhbz9j8n0lYcISb1HBAZd21VjkCDU5IN/I2cMonBfJAYqZfrqumHT3u1
 8n99R/+kqeS68U7vbjEz+jF0uKZtB3FccJHTYur5rV7Alkc0/aAPy7KUqBSZoD4HIm
 tOAghFF5iKpfw==
X-Hashcash: 1:22:200430:guix-patches@gnu.org::f3/8lHsaWp7ii5BM:rWL
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE;
 url=https://josefsson.org/key-20190320.txt
Date: Thu, 30 Apr 2020 11:05:34 +0200
Message-ID: <874kt1fin5.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.102.2 at duva.sjd.se
X-Virus-Status: Clean
Received-SPF: pass client-ip=2001:9b1:8633::105;
 envelope-from=simon@josefsson.org; helo=duva.sjd.se
X-detected-operating-system: by eggs.gnu.org: Error: [-] PROGRAM ABORT :
 Malformed IPv6 address (bad octet value).
 Location : parse_addr6(), p0f-client.c:67
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Received-From: 209.51.188.43
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
Reply-to: Simon Josefsson <simon@josefsson.org>, Simon Josefsson via Guix-patches <guix-patches@gnu.org>
From: Simon Josefsson via Guix-patches via <guix-patches@gnu.org>
X-Scanner: scn0
X-Spam-Score: -2.11
Authentication-Results: aspmx1.migadu.com;
	dkim=fail (rsa verify failed) header.d=josefsson.org header.s=default header.b=AsPaQBpv;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Scan-Result: default: False [-2.11 / 13.00];
	 HAS_REPLYTO(0.00)[simon@josefsson.org];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 GENERIC_REPUTATION(0.00)[-0.49420392119721];
	 DWL_DNSWL_FAIL(0.00)[2001:470:142::17:server fail];
	 R_SPF_ALLOW(-0.20)[+ip6:2001:470:142::/48:c];
	 IP_REPUTATION_HAM(0.00)[asn: 22989(0.17), country: US(-0.00), ip: 2001:470:142::17(-0.49)];
	 RCVD_COUNT_TWELVE(0.00)[12];
	 TO_DN_NONE(0.00)[];
	 R_DKIM_REJECT(1.00)[josefsson.org:s=default];
	 MX_GOOD(-0.50)[cached: eggs.gnu.org];
	 DKIM_TRACE(0.00)[josefsson.org:-];
	 MAILLIST(-0.20)[mailman];
	 SIGNED_PGP(-2.00)[];
	 FORGED_RECIPIENTS_MAILLIST(0.00)[];
	 RECEIVED_SPAMHAUS_PBL(0.00)[31.208.42.58:received];
	 RCVD_IN_DNSWL_FAIL(0.00)[2001:470:142::17:server fail];
	 MIME_TRACE(0.00)[0:+,1:+,2:+,3:+,4:~];
	 ASN(0.00)[asn:22989, ipnet:2001:470:142::/48, country:US];
	 RCVD_TLS_LAST(0.00)[];
	 TAGGED_FROM(0.00)[larch=yhetil.org];
	 FROM_NEQ_ENVFROM(0.00)[guix-patches@gnu.org,guix-patches-bounces@gnu.org];
	 ARC_NA(0.00)[];
	 URIBL_BLOCKED(0.00)[nongnu.org:url,josefsson.org:email];
	 FROM_HAS_DN(0.00)[];
	 MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain,text/x-diff];
	 REPLYTO_DOM_NEQ_FROM_DOM(0.00)[];
	 DMARC_NA(0.00)[gnu.org];
	 HAS_LIST_UNSUB(-0.01)[];
	 RCPT_COUNT_ONE(0.00)[1];
	 FORGED_SENDER_MAILLIST(0.00)[]
X-TUID: Fu+u3hR4BzjP

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=
Content-Type: text/plain

Hi!  See attached patch.

/Simon

--=-=-=
Content-Type: text/x-diff
Content-Disposition: inline;
 filename=0001-gnu-libntlm-Update-to-1.6-fixes-CVE-2019-17455.patch
Content-Transfer-Encoding: quoted-printable

From=20ecab0779f6a4dbac5de1f8a587af3c40a93cf294 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Thu, 30 Apr 2020 11:02:08 +0200
Subject: [PATCH] gnu: libntlm: Update to 1.6 [fixes CVE-2019-17455].

* gnu/packages/gsasl.scm (libntlm): Update to 1.8.1.
=2D--
 gnu/packages/gsasl.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/gsasl.scm b/gnu/packages/gsasl.scm
index a796f9aa82..98acc3c756 100644
=2D-- a/gnu/packages/gsasl.scm
+++ b/gnu/packages/gsasl.scm
@@ -35,14 +35,14 @@
 (define-public libntlm
   (package
     (name "libntlm")
=2D    (version "1.5")
+    (version "1.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.nongnu.org/libntlm/releases=
/"
                                   "libntlm-" version ".tar.gz"))
               (sha256
                (base32
=2D                "1gcvv7f9rggpxay81qv6kw5hr6gd4qiyzkbwhzz02fx9jvv9kmsk"))=
))
+                "08b83nss16jsn213j326yhn1vnrz10k15fwq6jm5b1vdn23nndzj"))))
     (build-system gnu-build-system)
     (synopsis "Library that implements NTLM authentication")
     (description
=2D-=20
2.20.1


--=-=-=--

--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSjzJyHC50xCrrUzy9RcisI/kdFogUCXqqU3gAKCRBRcisI/kdF
ojxEAQCFuld1sWEXWew3+PjUNpyPR6ep454pChli2G9YMD8ezQEAq3Ns8JnF9/2+
5JjkuaF1NF0TKxTf8lVpb+SfPVjARAE=
=ampC
-----END PGP SIGNATURE-----
--==-=-=--