* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/ettercap/, net-analyzer/ettercap/files/
@ 2018-02-24 5:06 Richard Farina
0 siblings, 0 replies; 4+ messages in thread
From: Richard Farina @ 2018-02-24 5:06 UTC (permalink / raw
To: gentoo-commits
commit: 30594418a8d35519a5a055157ea8be27d8c49e9f
Author: Zero_Chaos <zerochaos <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 24 05:06:02 2018 +0000
Commit: Richard Farina <zerochaos <AT> gentoo <DOT> org>
CommitDate: Sat Feb 24 05:06:02 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30594418
net-analyzer/ettercap: bug #612226
Package-Manager: Portage-2.3.24, Repoman-2.3.6
net-analyzer/ettercap/ettercap-0.8.2-r1.ebuild | 62 ++++++++++++++++++++++
net-analyzer/ettercap/files/cve-2017-6430.patch | 68 +++++++++++++++++++++++++
2 files changed, 130 insertions(+)
diff --git a/net-analyzer/ettercap/ettercap-0.8.2-r1.ebuild b/net-analyzer/ettercap/ettercap-0.8.2-r1.ebuild
new file mode 100644
index 00000000000..71fe6afb63c
--- /dev/null
+++ b/net-analyzer/ettercap/ettercap-0.8.2-r1.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit cmake-utils
+
+DESCRIPTION="A suite for man in the middle attacks"
+HOMEPAGE="https://github.com/Ettercap/ettercap"
+SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="gtk ipv6 ncurses +plugins"
+
+RDEPEND="dev-libs/libbsd
+ dev-libs/libpcre
+ dev-libs/openssl:0=
+ net-libs/libnet:1.1
+ >=net-libs/libpcap-0.8.1
+ sys-libs/zlib
+ gtk? (
+ >=dev-libs/atk-1.2.4
+ >=dev-libs/glib-2.2.2:2
+ media-libs/freetype
+ x11-libs/cairo
+ x11-libs/gdk-pixbuf:2
+ >=x11-libs/gtk+-2.2.2:2
+ >=x11-libs/pango-1.2.3
+ )
+ ncurses? ( >=sys-libs/ncurses-5.3:= )
+ plugins? ( >=net-misc/curl-7.26.0 )"
+DEPEND="${RDEPEND}
+ sys-devel/flex
+ virtual/yacc"
+
+src_prepare() {
+ sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die
+ epatch "${FILESDIR}"/cve-2017-6430.patch
+ cmake-utils_src_prepare
+}
+
+src_configure() {
+ local mycmakeargs=(
+ $(cmake-utils_use_enable ncurses CURSES)
+ $(cmake-utils_use_enable gtk)
+ $(cmake-utils_use_enable plugins)
+ $(cmake-utils_use_enable ipv6)
+ -DBUNDLED_LIBS=OFF
+ -DSYSTEM_LIBS=ON
+ -DINSTALL_SYSCONFDIR="${EROOT}"etc
+ )
+ #right now we only support gtk2, but ettercap also supports gtk3
+ #do we care? do we want to support both?
+
+ #we want to enable testing but it fails right now
+ #we want to disable the bundled crap, but we are missing at least "libcheck"
+ #if we want to enable tests, we need to fix it, and either package libcheck or allow bundled version
+ #$(cmake-utils_use_enable test TESTS)
+ cmake-utils_src_configure
+}
diff --git a/net-analyzer/ettercap/files/cve-2017-6430.patch b/net-analyzer/ettercap/files/cve-2017-6430.patch
new file mode 100644
index 00000000000..67483dcc024
--- /dev/null
+++ b/net-analyzer/ettercap/files/cve-2017-6430.patch
@@ -0,0 +1,68 @@
+From 4ad7f85dc01202e363659aa473c99470b3f4e1f4 Mon Sep 17 00:00:00 2001
+From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
+Date: Tue, 7 Mar 2017 22:05:31 +0100
+Subject: [PATCH] Fix issue #782
+
+---
+ utils/etterfilter/ef_compiler.c | 4 +++-
+ utils/etterfilter/ef_main.c | 10 +++++++---
+ utils/etterfilter/ef_output.c | 3 +++
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/utils/etterfilter/ef_compiler.c b/utils/etterfilter/ef_compiler.c
+index db876636e..ddb73bd30 100644
+--- a/utils/etterfilter/ef_compiler.c
++++ b/utils/etterfilter/ef_compiler.c
+@@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop)
+ struct filter_op *array = NULL;
+ struct unfold_elm *ue;
+
+- BUG_IF(tree_root == NULL);
++ // invalid file
++ if (tree_root == NULL)
++ return 0;
+
+ fprintf(stdout, " Unfolding the meta-tree ");
+ fflush(stdout);
+diff --git a/utils/etterfilter/ef_main.c b/utils/etterfilter/ef_main.c
+index ae4591344..431084b91 100644
+--- a/utils/etterfilter/ef_main.c
++++ b/utils/etterfilter/ef_main.c
+@@ -39,7 +39,7 @@ struct globals *gbls;
+
+ int main(int argc, char *argv[])
+ {
+-
++ int ret_value = 0;
+ globals_alloc();
+ /* etterfilter copyright */
+ fprintf(stdout, "\n" EC_COLOR_BOLD "%s %s" EC_COLOR_END " copyright %s %s\n\n",
+@@ -84,8 +84,12 @@ int main(int argc, char *argv[])
+ fprintf(stdout, "\n\nThe script contains errors...\n\n");
+
+ /* write to file */
+- if (write_output() != E_SUCCESS)
+- FATAL_ERROR("Cannot write output file (%s)", GBL_OPTIONS->output_file);
++ ret_value = write_output();
++ if (ret_value == -E_NOTHANDLED)
++ FATAL_ERROR("Cannot write output file (%s): the filter is not correctly handled.", GBL_OPTIONS->output_file);
++ else if (ret_value == -E_INVALID)
++ FATAL_ERROR("Cannot write output file (%s): the filter format is not correct. ", GBL_OPTIONS->output_file);
++
+ globals_free();
+ return 0;
+ }
+diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c
+index 5ae591904..fcf19f010 100644
+--- a/utils/etterfilter/ef_output.c
++++ b/utils/etterfilter/ef_output.c
+@@ -51,6 +51,9 @@ int write_output(void)
+ if (fop == NULL)
+ return -E_NOTHANDLED;
+
++ if (ninst == 0)
++ return -E_INVALID;
++
+ /* create the file */
+ fd = open(GBL_OPTIONS->output_file, O_CREAT | O_RDWR | O_TRUNC | O_BINARY, 0644);
+ ON_ERROR(fd, -1, "Can't create file %s", GBL_OPTIONS->output_file);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/ettercap/, net-analyzer/ettercap/files/
@ 2019-01-02 0:32 Craig Andrews
0 siblings, 0 replies; 4+ messages in thread
From: Craig Andrews @ 2019-01-02 0:32 UTC (permalink / raw
To: gentoo-commits
commit: fe87ccdf589165221731be9d02fa9a1a576356ed
Author: Craig Andrews <candrews <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 29 01:41:03 2018 +0000
Commit: Craig Andrews <candrews <AT> gentoo <DOT> org>
CommitDate: Wed Jan 2 00:31:53 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe87ccdf
net-analyzer/ettercap: openssl 1.1 compatiblity, EAPI=6, fix tests
Closes: https://bugs.gentoo.org/673222
Package-Manager: Portage-2.3.53, Repoman-2.3.12
Signed-off-by: Craig Andrews <candrews <AT> gentoo.org>
...tercap-9999.ebuild => ettercap-0.8.2-r2.ebuild} | 33 +--
net-analyzer/ettercap/ettercap-9999.ebuild | 29 ++-
.../files/ettercap-0.8.2-openssl-1.1.patch | 254 +++++++++++++++++++++
3 files changed, 284 insertions(+), 32 deletions(-)
diff --git a/net-analyzer/ettercap/ettercap-9999.ebuild b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild
similarity index 65%
copy from net-analyzer/ettercap/ettercap-9999.ebuild
copy to net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild
index c8f2e6e8f41..6fa10f902c2 100644
--- a/net-analyzer/ettercap/ettercap-9999.ebuild
+++ b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=5
+EAPI=6
inherit cmake-utils
@@ -16,10 +16,10 @@ if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git"
else
SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work
- KEYWORDS="~alpha ~amd64 ~arm ~sparc ~x86 ~x86-fbsd"
+ KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
fi
-#IUSE="doc gtk ipv6 ncurses +plugins test"
-IUSE="doc gtk ipv6 libressl ncurses +plugins"
+
+IUSE="doc gtk ipv6 libressl ncurses +plugins test"
RDEPEND="dev-libs/libbsd
dev-libs/libpcre
@@ -37,13 +37,18 @@ RDEPEND="dev-libs/libbsd
>=x11-libs/gtk+-2.2.2:2
>=x11-libs/pango-1.2.3
)
- ncurses? ( sys-libs/ncurses:0= )
+ ncurses? ( >=sys-libs/ncurses-5.3:= )
plugins? ( >=net-misc/curl-7.26.0 )"
DEPEND="${RDEPEND}
doc? ( app-text/ghostscript-gpl
sys-apps/groff )
+ test? ( dev-libs/check )
sys-devel/flex
virtual/yacc"
+PATCHES=(
+ "${FILESDIR}"/cve-2017-6430.patch
+ "${FILESDIR}"/${P}-openssl-1.1.patch
+)
src_prepare() {
sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die
@@ -52,21 +57,17 @@ src_prepare() {
src_configure() {
local mycmakeargs=(
- $(cmake-utils_use_enable ncurses CURSES)
- $(cmake-utils_use_enable gtk)
- $(cmake-utils_use_enable plugins)
- $(cmake-utils_use_enable ipv6)
- $(cmake-utils_use_enable doc PDF_DOCS)
+ -DENABLE_CURSES="$(usex ncurses)"
+ -DENABLE_GTK="$(usex gtk)"
+ -DENABLE_PLUGINS="$(usex plugins)"
+ -DENABLE_IPV6="$(usex ipv6)"
+ -DENABLE_TESTS="$(usex test)"
+ -DENABLE_PDF_DOCS="$(usex doc)"
-DBUNDLED_LIBS=OFF
-DSYSTEM_LIBS=ON
-DINSTALL_SYSCONFDIR="${EROOT}"etc
)
#right now we only support gtk2, but ettercap also supports gtk3
#do we care? do we want to support both?
-
- #we want to enable testing but it fails right now
- #we want to disable the bundled crap, but we are missing at least "libcheck"
- #if we want to enable tests, we need to fix it, and either package libcheck or allow bundled version
- #$(cmake-utils_use_enable test TESTS)
cmake-utils_src_configure
}
diff --git a/net-analyzer/ettercap/ettercap-9999.ebuild b/net-analyzer/ettercap/ettercap-9999.ebuild
index c8f2e6e8f41..b83933eda5d 100644
--- a/net-analyzer/ettercap/ettercap-9999.ebuild
+++ b/net-analyzer/ettercap/ettercap-9999.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=5
+EAPI=6
inherit cmake-utils
@@ -16,10 +16,10 @@ if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git"
else
SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work
- KEYWORDS="~alpha ~amd64 ~arm ~sparc ~x86 ~x86-fbsd"
+ KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
fi
-#IUSE="doc gtk ipv6 ncurses +plugins test"
-IUSE="doc gtk ipv6 libressl ncurses +plugins"
+
+IUSE="doc gtk ipv6 libressl ncurses +plugins test"
RDEPEND="dev-libs/libbsd
dev-libs/libpcre
@@ -37,11 +37,12 @@ RDEPEND="dev-libs/libbsd
>=x11-libs/gtk+-2.2.2:2
>=x11-libs/pango-1.2.3
)
- ncurses? ( sys-libs/ncurses:0= )
+ ncurses? ( >=sys-libs/ncurses-5.3:= )
plugins? ( >=net-misc/curl-7.26.0 )"
DEPEND="${RDEPEND}
doc? ( app-text/ghostscript-gpl
sys-apps/groff )
+ test? ( dev-libs/check )
sys-devel/flex
virtual/yacc"
@@ -52,21 +53,17 @@ src_prepare() {
src_configure() {
local mycmakeargs=(
- $(cmake-utils_use_enable ncurses CURSES)
- $(cmake-utils_use_enable gtk)
- $(cmake-utils_use_enable plugins)
- $(cmake-utils_use_enable ipv6)
- $(cmake-utils_use_enable doc PDF_DOCS)
+ -DENABLE_CURSES="$(usex ncurses)"
+ -DENABLE_GTK="$(usex gtk)"
+ -DENABLE_PLUGINS="$(usex plugins)"
+ -DENABLE_IPV6="$(usex ipv6)"
+ -DENABLE_TESTS="$(usex test)"
+ -DENABLE_PDF_DOCS="$(usex doc)"
-DBUNDLED_LIBS=OFF
-DSYSTEM_LIBS=ON
-DINSTALL_SYSCONFDIR="${EROOT}"etc
)
#right now we only support gtk2, but ettercap also supports gtk3
#do we care? do we want to support both?
-
- #we want to enable testing but it fails right now
- #we want to disable the bundled crap, but we are missing at least "libcheck"
- #if we want to enable tests, we need to fix it, and either package libcheck or allow bundled version
- #$(cmake-utils_use_enable test TESTS)
cmake-utils_src_configure
}
diff --git a/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch b/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch
new file mode 100644
index 00000000000..b7703d3ef5c
--- /dev/null
+++ b/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch
@@ -0,0 +1,254 @@
+From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001
+From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
+Date: Mon, 27 Jun 2016 12:41:33 +0200
+Subject: [PATCH 1/2] First draft of openssl 1.1 compatibility layer (from
+ https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc)
+ Closes: #739
+
+---
+ src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ src/ec_sslwrap.c | 14 ++++++++
+ 2 files changed, 106 insertions(+), 1 deletion(-)
+
+Index: ettercap-0.8.2/src/dissectors/ec_ssh.c
+===================================================================
+--- ettercap-0.8.2.orig/src/dissectors/ec_ssh.c
++++ ettercap-0.8.2/src/dissectors/ec_ssh.c
+@@ -36,6 +36,10 @@
+ #include <openssl/md5.h>
+ #include <zlib.h>
+
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define SMSG_PUBLIC_KEY 2
+ #define CMSG_SESSION_KEY 3
+ #define CMSG_USER 4
+@@ -138,6 +142,11 @@
+ char tmp[MAX_ASCII_ADDR_LEN];
+ u_int32 ssh_len, ssh_mod;
+ u_char ssh_packet_type, *ptr, *key_to_put;
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *h_n, *s_n, *m_h_n, *m_s_n;
++ BIGNUM *h_e, *s_e, *m_h_e, *m_s_e;
++ BIGNUM *h_d, *s_d, *m_h_d, *m_s_d;
++#endif
+
+ /* don't complain about unused var */
+ (void) DECODE_DATA;
+@@ -383,12 +392,25 @@
+ if (session_data->ptrkey == NULL) {
+ /* Initialize RSA key structures (other fileds are set to 0) */
+ session_data->serverkey = RSA_new();
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ s_n = BN_new();
++ s_e = BN_new();
++ RSA_set0_key(session_data->serverkey, s_n, s_e, s_d);
++#else
+ session_data->serverkey->n = BN_new();
+ session_data->serverkey->e = BN_new();
++#endif
+
+ session_data->hostkey = RSA_new();
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ h_n = BN_new();
++ h_e = BN_new();
++ RSA_set0_key(session_data->hostkey, h_n, h_e, h_d);
++#else
+ session_data->hostkey->n = BN_new();
+ session_data->hostkey->e = BN_new();
++#endif
+
+ /* Get the RSA Key from the packet */
+ NS_GET32(server_mod,ptr);
+@@ -396,19 +418,37 @@
+ DEBUG_MSG("Dissector_ssh Bougs Server_Mod");
+ return NULL;
+ }
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d);
++ get_bn(s_e, &ptr);
++ get_bn(s_n, &ptr);
++#else
+ get_bn(session_data->serverkey->e, &ptr);
+ get_bn(session_data->serverkey->n, &ptr);
++#endif
+
+ NS_GET32(host_mod,ptr);
+ if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) {
+ DEBUG_MSG("Dissector_ssh Bougs Host_Mod");
+ return NULL;
+ }
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d);
++ get_bn(h_e, &ptr);
++ get_bn(h_n, &ptr);
++#else
+ get_bn(session_data->hostkey->e, &ptr);
+ get_bn(session_data->hostkey->n, &ptr);
++#endif
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ server_exp = BN_get_word(s_e);
++ host_exp = BN_get_word(h_e);
++#else
+ server_exp = *(session_data->serverkey->e->d);
+ host_exp = *(session_data->hostkey->e->d);
++#endif
+
+ /* Check if we already have a suitable RSA key to substitute */
+ index_ssl = &ssh_conn_key;
+@@ -424,7 +464,7 @@
+ SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key));
+
+ /* Generate the new key */
+- (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL);
++ (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL);
+ (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL);
+ (*index_ssl)->server_mod = server_mod;
+ (*index_ssl)->host_mod = host_mod;
+@@ -443,11 +483,25 @@
+
+ /* Put our RSA key in the packet */
+ key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d);
++ put_bn(m_s_e, &key_to_put);
++ put_bn(m_s_n, &key_to_put);
++#else
+ put_bn(session_data->ptrkey->myserverkey->e, &key_to_put);
+ put_bn(session_data->ptrkey->myserverkey->n, &key_to_put);
++#endif
+ key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d);
++ put_bn(m_h_e, &key_to_put);
++ put_bn(m_h_n, &key_to_put);
++#else
+ put_bn(session_data->ptrkey->myhostkey->e, &key_to_put);
+ put_bn(session_data->ptrkey->myhostkey->n, &key_to_put);
++#endif
+
+ /* Recalculate SSH crc */
+ *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO));
+@@ -482,19 +536,34 @@
+ key_to_put = ptr;
+
+ /* Calculate real session id and our fake session id */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ temp_session_id = ssh_session_id(cookie, h_n, s_n);
++#else
+ temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n);
++#endif
+ if (temp_session_id)
+ memcpy(session_id1, temp_session_id, 16);
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n);
++#else
+ temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n);
++#endif
++
+ if (temp_session_id)
+ memcpy(session_id2, temp_session_id, 16);
+
+ /* Get the session key */
+ enckey = BN_new();
++
+ get_bn(enckey, &ptr);
+
+ /* Decrypt session key */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ if (BN_cmp(m_s_n, m_h_n) > 0) {
++#else
+ if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) {
++#endif
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey);
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey);
+ } else {
+@@ -534,7 +603,11 @@
+ BN_add_word(bn, sesskey[i]);
+ }
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ if (BN_cmp(s_n, h_n) < 0) {
++#else
+ if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) {
++#endif
+ rsa_public_encrypt(bn, bn, session_data->serverkey);
+ rsa_public_encrypt(bn, bn, session_data->hostkey);
+ } else {
+@@ -716,7 +789,16 @@
+ u_char *inbuf, *outbuf;
+ int32 len, ilen, olen;
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ RSA_get0_key(key, &n, &e, &d);
++ olen = BN_num_bytes(n);
++#else
+ olen = BN_num_bytes(key->n);
++#endif
++
+ outbuf = malloc(olen);
+ if (outbuf == NULL) /* oops, couldn't allocate memory */
+ return;
+@@ -744,7 +826,16 @@
+ u_char *inbuf, *outbuf;
+ int32 len, ilen, olen;
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ RSA_get0_key(key, &n, &e, &d);
++ olen = BN_num_bytes(n);
++#else
+ olen = BN_num_bytes(key->n);
++#endif
++
+ outbuf = malloc(olen);
+ if (outbuf == NULL) /* oops, couldn't allocate memory */
+ return;
+Index: ettercap-0.8.2/src/ec_sslwrap.c
+===================================================================
+--- ettercap-0.8.2.orig/src/ec_sslwrap.c
++++ ettercap-0.8.2/src/ec_sslwrap.c
+@@ -53,6 +53,10 @@
+ #define OPENSSL_NO_KRB5 1
+ #include <openssl/ssl.h>
+
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define BREAK_ON_ERROR(x,y,z) do { \
+ if (x == -E_INVALID) { \
+ SAFE_FREE(z.DATA.disp_data); \
+@@ -974,9 +978,19 @@
+ index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1);
+ if (index >=0) {
+ ext = X509_get_ext(server_cert, index);
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ ASN1_OCTET_STRING* os;
++ os = X509_EXTENSION_get_data (ext);
++#endif
+ if (ext) {
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ os->data[7] = 0xe7;
++ os->data[8] = 0x7e;
++ X509_EXTENSION_set_data (ext, os);
++#else
+ ext->value->data[7] = 0xe7;
+ ext->value->data[8] = 0x7e;
++#endif
+ X509_add_ext(out_cert, ext, -1);
+ }
+ }
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/ettercap/, net-analyzer/ettercap/files/
@ 2021-05-01 18:07 Sam James
0 siblings, 0 replies; 4+ messages in thread
From: Sam James @ 2021-05-01 18:07 UTC (permalink / raw
To: gentoo-commits
commit: 03f6ff8bebd9895d930e8beabdbf5700a80e8090
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 1 17:29:20 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 1 18:06:22 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03f6ff8b
net-analyzer/ettercap: drop obsolete LibreSSL patch
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-analyzer/ettercap/ettercap-0.8.3.1.ebuild | 2 --
.../ettercap/files/ettercap-0.8.3.1-libressl.patch | 37 ----------------------
2 files changed, 39 deletions(-)
diff --git a/net-analyzer/ettercap/ettercap-0.8.3.1.ebuild b/net-analyzer/ettercap/ettercap-0.8.3.1.ebuild
index 069c391c021..05db91778f2 100644
--- a/net-analyzer/ettercap/ettercap-0.8.3.1.ebuild
+++ b/net-analyzer/ettercap/ettercap-0.8.3.1.ebuild
@@ -47,8 +47,6 @@ DEPEND="${RDEPEND}
sys-devel/flex
virtual/yacc"
-PATCHES=( "${FILESDIR}"/${P}-libressl.patch )
-
src_prepare() {
sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die
cmake_src_prepare
diff --git a/net-analyzer/ettercap/files/ettercap-0.8.3.1-libressl.patch b/net-analyzer/ettercap/files/ettercap-0.8.3.1-libressl.patch
deleted file mode 100644
index ed5a49ce436..00000000000
--- a/net-analyzer/ettercap/files/ettercap-0.8.3.1-libressl.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b2f7634c9dbc0ef68640f0571787d92300e9f9f9 Mon Sep 17 00:00:00 2001
-From: Stefan Strogin <stefan@steils.org>
-Date: Sat, 15 Aug 2020 07:18:31 +0300
-Subject: [PATCH] ec_sslwrap: fix compilation with LibreSSL
-
-Disable taking over SNI extension from ClientHello and SSL configuration
-operations until LibreSSL supports the required API.
-
-Fixes: https://github.com/Ettercap/ettercap/issues/1068
-Upstream-Status: Submitted
-[https://github.com/Ettercap/ettercap/pull/1069]
-Signed-off-by: Stefan Strogin <steils@gentoo.org>
----
- src/ec_sslwrap.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/ec_sslwrap.c b/src/ec_sslwrap.c
-index b9f26a14..1e4c24fc 100644
---- a/src/ec_sslwrap.c
-+++ b/src/ec_sslwrap.c
-@@ -71,11 +71,11 @@
- #define TLS_server_method SSLv23_server_method
- #endif
-
--#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
- #define HAVE_OPENSSL_1_1_0
- #endif
-
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
- #define HAVE_OPENSSL_1_1_1
- #endif
-
---
-2.28.0
-
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/ettercap/, net-analyzer/ettercap/files/
@ 2023-03-25 5:52 Sam James
0 siblings, 0 replies; 4+ messages in thread
From: Sam James @ 2023-03-25 5:52 UTC (permalink / raw
To: gentoo-commits
commit: db26ce81811d5556c2c3afc877fe42854835be7e
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 25 05:48:56 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Mar 25 05:51:54 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db26ce81
net-analyzer/ettercap: fix build w/ curl 8
Closes: https://bugs.gentoo.org/902987
Signed-off-by: Sam James <sam <AT> gentoo.org>
...p-0.8.3.1.ebuild => ettercap-0.8.3.1-r1.ebuild} | 40 ++++++++++++++--------
net-analyzer/ettercap/ettercap-9999.ebuild | 38 ++++++++++++--------
.../ettercap/files/ettercap-0.8.3.1-curl-8.patch | 32 +++++++++++++++++
3 files changed, 81 insertions(+), 29 deletions(-)
diff --git a/net-analyzer/ettercap/ettercap-0.8.3.1.ebuild b/net-analyzer/ettercap/ettercap-0.8.3.1-r1.ebuild
similarity index 74%
rename from net-analyzer/ettercap/ettercap-0.8.3.1.ebuild
rename to net-analyzer/ettercap/ettercap-0.8.3.1-r1.ebuild
index 9cda1724861c..5e686a896922 100644
--- a/net-analyzer/ettercap/ettercap-0.8.3.1.ebuild
+++ b/net-analyzer/ettercap/ettercap-0.8.3.1-r1.ebuild
@@ -1,17 +1,17 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
inherit cmake
-DESCRIPTION="A suite for man in the middle attacks"
+DESCRIPTION="Suite for man in the middle attacks"
HOMEPAGE="https://github.com/Ettercap/ettercap"
LICENSE="GPL-2+"
SLOT="0"
-if [[ ${PV} == "9999" ]] ; then
+if [[ ${PV} == 9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git"
else
@@ -22,9 +22,10 @@ fi
IUSE="doc geoip gtk ipv6 ncurses +plugins test"
RESTRICT="!test? ( test )"
-RDEPEND="dev-libs/libbsd
+RDEPEND="
+ dev-libs/libbsd
dev-libs/libpcre
- dev-libs/openssl:0=
+ dev-libs/openssl:=
net-libs/libnet:1.1
>=net-libs/libpcap-0.8.1
sys-libs/zlib
@@ -39,13 +40,23 @@ RDEPEND="dev-libs/libbsd
>=x11-libs/pango-1.2.3
)
ncurses? ( >=sys-libs/ncurses-5.3:= )
- plugins? ( >=net-misc/curl-7.26.0 )"
-DEPEND="${RDEPEND}
- doc? ( app-text/ghostscript-gpl
- sys-apps/groff )
- test? ( dev-libs/check )
+ plugins? ( >=net-misc/curl-7.26.0 )
+"
+DEPEND="
+ app-alternatives/yacc
sys-devel/flex
- app-alternatives/yacc"
+"
+BDEPEND="
+ doc? (
+ app-text/ghostscript-gpl
+ sys-apps/groff
+ )
+ test? ( dev-libs/check )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-curl-8.patch
+)
src_prepare() {
sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die
@@ -66,8 +77,9 @@ src_configure() {
-DINSTALL_SYSCONFDIR="${EPREFIX}"/etc
)
+ # right now we only support gtk2, but ettercap also supports gtk3
+ # do we care? do we want to support both?
! use gtk && mycmakeargs+=(-DINSTALL_DESKTOP=OFF)
- #right now we only support gtk2, but ettercap also supports gtk3
- #do we care? do we want to support both?
+
cmake_src_configure
}
diff --git a/net-analyzer/ettercap/ettercap-9999.ebuild b/net-analyzer/ettercap/ettercap-9999.ebuild
index b050ccc4f5d7..c56915d82186 100644
--- a/net-analyzer/ettercap/ettercap-9999.ebuild
+++ b/net-analyzer/ettercap/ettercap-9999.ebuild
@@ -1,30 +1,31 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
inherit cmake
-DESCRIPTION="A suite for man in the middle attacks"
+DESCRIPTION="Suite for man in the middle attacks"
HOMEPAGE="https://github.com/Ettercap/ettercap"
LICENSE="GPL-2+"
SLOT="0"
-if [[ ${PV} == "9999" ]] ; then
+if [[ ${PV} == 9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git"
else
SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86"
+ KEYWORDS="~alpha amd64 arm ppc ppc64 sparc x86"
fi
IUSE="doc geoip gtk ipv6 ncurses +plugins test"
RESTRICT="!test? ( test )"
-RDEPEND="dev-libs/libbsd
+RDEPEND="
+ dev-libs/libbsd
dev-libs/libpcre
- dev-libs/openssl:0=
+ dev-libs/openssl:=
net-libs/libnet:1.1
>=net-libs/libpcap-0.8.1
sys-libs/zlib
@@ -39,13 +40,19 @@ RDEPEND="dev-libs/libbsd
>=x11-libs/pango-1.2.3
)
ncurses? ( >=sys-libs/ncurses-5.3:= )
- plugins? ( >=net-misc/curl-7.26.0 )"
-DEPEND="${RDEPEND}
- doc? ( app-text/ghostscript-gpl
- sys-apps/groff )
- test? ( dev-libs/check )
+ plugins? ( >=net-misc/curl-7.26.0 )
+"
+DEPEND="
+ app-alternatives/yacc
sys-devel/flex
- app-alternatives/yacc"
+"
+BDEPEND="
+ doc? (
+ app-text/ghostscript-gpl
+ sys-apps/groff
+ )
+ test? ( dev-libs/check )
+"
src_prepare() {
sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die
@@ -66,8 +73,9 @@ src_configure() {
-DINSTALL_SYSCONFDIR="${EPREFIX}"/etc
)
+ # right now we only support gtk2, but ettercap also supports gtk3
+ # do we care? do we want to support both?
! use gtk && mycmakeargs+=(-DINSTALL_DESKTOP=OFF)
- #right now we only support gtk2, but ettercap also supports gtk3
- #do we care? do we want to support both?
+
cmake_src_configure
}
diff --git a/net-analyzer/ettercap/files/ettercap-0.8.3.1-curl-8.patch b/net-analyzer/ettercap/files/ettercap-0.8.3.1-curl-8.patch
new file mode 100644
index 000000000000..e1c2259733c2
--- /dev/null
+++ b/net-analyzer/ettercap/files/ettercap-0.8.3.1-curl-8.patch
@@ -0,0 +1,32 @@
+https://bugs.gentoo.org/902987
+https://github.com/Ettercap/ettercap/commit/40534662043b7d831d1f6c70448afa9d374a9b63
+
+From 40534662043b7d831d1f6c70448afa9d374a9b63 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 23 Mar 2023 10:23:14 -0700
+Subject: [PATCH] sslstrip: Enhance the libcurl version check to consider
+ version 8+
+
+Lately curl has released version 8 and hence LIBCURL_VERSION_MAJOR is
+reset to 0, current check assumes major version to be 7 at max and hence
+on systems with libcurl 8+ this check breaks and build fails
+
+Fixes
+
+TOPDIR/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/ettercap/0.8.3.1-r0/git/plug-ins/sslstrip/sslstrip.c:57:2: error: libcurl 7.26.0 or up is needed
+ ^
+1 error generated.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+--- a/plug-ins/sslstrip/sslstrip.c
++++ b/plug-ins/sslstrip/sslstrip.c
+@@ -51,7 +51,7 @@
+
+ #include <curl/curl.h>
+
+-#if (LIBCURL_VERSION_MAJOR < 7) || (LIBCURL_VERSION_MINOR < 26)
++#if (LIBCURL_VERSION_MAJOR < 7) || (LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR < 26)
+ #error libcurl 7.26.0 or up is needed
+ #endif
+
+
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-03-25 5:52 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-24 5:06 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/ettercap/, net-analyzer/ettercap/files/ Richard Farina
-- strict thread matches above, loose matches on Subject: below --
2019-01-02 0:32 Craig Andrews
2021-05-01 18:07 Sam James
2023-03-25 5:52 Sam James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox