Commit 71a2a57
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1 (#707)
Bumps [github.com/Azure/go-ntlmssp](https://github.com/Azure/go-ntlmssp)
from 0.0.0-20221128193559-754e69321358 to 0.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Azure/go-ntlmssp/releases">github.com/Azure/go-ntlmssp's
releases</a>.</em></p>
<blockquote>
<h2>v0.1.1</h2>
<p>Fix CVE-2026-32952: A malicious NTLM challenge message can causes an
slice out of bounds panic, which can crash any Go process using
ntlmssp.Negotiator as an HTTP transport.</p>
<h2>v0.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump minimum required version to Go 1.24 by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/53">Azure/go-ntlmssp#53</a></li>
<li>Fix OOM in NTLM negotiator by avoiding buffering of seekable request
bodies by <a
href="https://github.com/Copilot"><code>@Copilot</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/54">Azure/go-ntlmssp#54</a></li>
<li>Don't modify the rountripped request by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/57">Azure/go-ntlmssp#57</a></li>
<li>Fix a race occurring when the wrapped Rountripper closes the request
body in another goroutine by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/58">Azure/go-ntlmssp#58</a></li>
<li>Fix a race occurring when the wrapped Rountripper reads request
fields in another goroutine by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/59">Azure/go-ntlmssp#59</a></li>
<li>Only perform basic auth if requested by the server by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/60">Azure/go-ntlmssp#60</a></li>
<li>Don't pass the original body in the client handshake request by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/61">Azure/go-ntlmssp#61</a></li>
<li>Return latest server response in case there is an error processing
the handshake by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/63">Azure/go-ntlmssp#63</a></li>
<li>Send body on client NTLM handshake by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/64">Azure/go-ntlmssp#64</a></li>
<li>Support user accounts not living in server's domain by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/65">Azure/go-ntlmssp#65</a></li>
<li>Implement NewAuthenticateMessage and deprecate ProcessChallenge by
<a href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/67">Azure/go-ntlmssp#67</a></li>
<li>Make basic authentication support opt-in by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/66">Azure/go-ntlmssp#66</a></li>
<li>Allow passing custom client domain and workstation name by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/68">Azure/go-ntlmssp#68</a></li>
<li>set NEGOTIATE_NTLM and NEGOTIATE_ALWAYS_SIGN capabilities by <a
href="https://github.com/qmuntal"><code>@qmuntal</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/69">Azure/go-ntlmssp#69</a></li>
<li>testing: add e2e tests by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/56">Azure/go-ntlmssp#56</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/qmuntal"><code>@qmuntal</code></a> made
their first contribution in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/53">Azure/go-ntlmssp#53</a></li>
<li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made
their first contribution in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/54">Azure/go-ntlmssp#54</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Azure/go-ntlmssp/compare/v0.0.1...v0.1.0">https://github.com/Azure/go-ntlmssp/compare/v0.0.1...v0.1.0</a></p>
<h2>v0.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Commit to Go 1.6 by <a
href="https://github.com/boumenot"><code>@boumenot</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/5">Azure/go-ntlmssp#5</a></li>
<li>Handle http redirect by <a
href="https://github.com/nqv"><code>@nqv</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/4">Azure/go-ntlmssp#4</a></li>
<li>drain request body for connection reuse by <a
href="https://github.com/paulmey"><code>@paulmey</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/6">Azure/go-ntlmssp#6</a></li>
<li>Add CoC notice by <a
href="https://github.com/paulmey"><code>@paulmey</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/7">Azure/go-ntlmssp#7</a></li>
<li>Support for auth when server responds with Www-Authenticate: NTLM by
<a href="https://github.com/lafriks"><code>@lafriks</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/8">Azure/go-ntlmssp#8</a></li>
<li>update README with example by <a
href="https://github.com/PaluMacil"><code>@PaluMacil</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/11">Azure/go-ntlmssp#11</a></li>
<li>add version, domain and workstation fields by <a
href="https://github.com/justdan96"><code>@justdan96</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/13">Azure/go-ntlmssp#13</a></li>
<li>move to a current version of Go by <a
href="https://github.com/boumenot"><code>@boumenot</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/19">Azure/go-ntlmssp#19</a></li>
<li>(BUG) Negotiation fails for servers where 'NTLMv2 session security'
i… by <a
href="https://github.com/davejohnston"><code>@davejohnston</code></a>
in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/18">Azure/go-ntlmssp#18</a></li>
<li>Update negotiator.go by <a
href="https://github.com/mszuyev"><code>@mszuyev</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/24">Azure/go-ntlmssp#24</a></li>
<li>Fix golint import path by <a
href="https://github.com/paulmey"><code>@paulmey</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/25">Azure/go-ntlmssp#25</a></li>
<li>add ProcessChallengeWithHash function by <a
href="https://github.com/ropnop"><code>@ropnop</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/27">Azure/go-ntlmssp#27</a></li>
<li>Set workstation to empty string in authenticate_message.go by <a
href="https://github.com/Catbuttes"><code>@Catbuttes</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/30">Azure/go-ntlmssp#30</a></li>
<li>Change of the negociator working, to handle several identical header
by <a href="https://github.com/Resousse"><code>@Resousse</code></a> in
<a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/31">Azure/go-ntlmssp#31</a></li>
<li>Support for UPN by <a
href="https://github.com/tirupatibg"><code>@tirupatibg</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/32">Azure/go-ntlmssp#32</a></li>
<li>Adding Microsoft SECURITY.MD by <a
href="https://github.com/microsoft-github-policy-service"><code>@microsoft-github-policy-service</code></a>[bot]
in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/39">Azure/go-ntlmssp#39</a></li>
<li>Handle 3rd return value from GetDomain by <a
href="https://github.com/opoplawski"><code>@opoplawski</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/41">Azure/go-ntlmssp#41</a></li>
<li>initial refactor by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/48">Azure/go-ntlmssp#48</a></li>
<li>fix linter errors by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/49">Azure/go-ntlmssp#49</a></li>
<li>add dependabot/codeowners + installation instructions by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/Azure/go-ntlmssp/pull/50">Azure/go-ntlmssp#50</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Azure/go-ntlmssp/commits/v0.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/microsoft/azure-linux-image-tools/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vince Perri <5596945+vinceaperri@users.noreply.github.com>1 parent d05a0cb commit 71a2a57
2 files changed
Lines changed: 3 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
27 | 27 | | |
28 | 28 | | |
29 | 29 | | |
30 | | - | |
| 30 | + | |
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
2 | 1 | | |
| 2 | + | |
| 3 | + | |
3 | 4 | | |
4 | 5 | | |
5 | 6 | | |
| |||
0 commit comments