diff options
Diffstat (limited to 'net-analyzer')
-rw-r--r-- | net-analyzer/ettercap/Manifest | 1 | ||||
-rw-r--r-- | net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild | 73 | ||||
-rw-r--r-- | net-analyzer/ettercap/files/cve-2017-6430.patch | 68 | ||||
-rw-r--r-- | net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch | 254 |
4 files changed, 0 insertions, 396 deletions
diff --git a/net-analyzer/ettercap/Manifest b/net-analyzer/ettercap/Manifest index dccca758f865..fb40201464a6 100644 --- a/net-analyzer/ettercap/Manifest +++ b/net-analyzer/ettercap/Manifest @@ -1,2 +1 @@ -DIST ettercap-0.8.2.tar.gz 8082561 BLAKE2B 851df0a8700de45ce0e3427f7fdbdcd13feb2f75c0d1136563449db634b1f02276bade0d82a1a51bf8de726d6faddf05ff537e397c2e56cfc3e3181d25566fe9 SHA512 18137b1cc518c9db3c9650157a5cbf09dbb665b79876a24875d6c5125e8923ebde543464adb61cf1d1244101242f4d66b80d94ef3b36aa265cefca7646aa6415 DIST ettercap-0.8.3.tar.gz 8381943 BLAKE2B f49098d61f60877d3f979d7861f36dad6ec3fbfca7ed89d8f9826867145ea36daec65a1076c893f81391218688448515ef020a9cdf9a16ffddc830bacec8eb1c SHA512 1929c986d3a17ebc693ffe8531e01c66379c0ee6ea71305ea49b6a9eece84b6da1923135311db458bdb6035feb593e525786e6cf4c465ced5a7683384d4a4ae7 diff --git a/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild deleted file mode 100644 index ae48afb1a7e9..000000000000 --- a/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit cmake-utils - -DESCRIPTION="A suite for man in the middle attacks" -HOMEPAGE="https://github.com/Ettercap/ettercap" - -LICENSE="GPL-2+" -SLOT="0" - -if [[ ${PV} == "9999" ]] ; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git" -else - SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work - KEYWORDS="~alpha amd64 arm ppc ppc64 sparc x86" -fi - -IUSE="doc gtk ipv6 libressl ncurses +plugins test" - -RDEPEND="dev-libs/libbsd - dev-libs/libpcre - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - net-libs/libnet:1.1 - >=net-libs/libpcap-0.8.1 - sys-libs/zlib - gtk? ( - >=dev-libs/atk-1.2.4 - >=dev-libs/glib-2.2.2:2 - media-libs/freetype - x11-libs/cairo - x11-libs/gdk-pixbuf:2 - >=x11-libs/gtk+-2.2.2:2 - >=x11-libs/pango-1.2.3 - ) - ncurses? ( >=sys-libs/ncurses-5.3:= ) - plugins? ( >=net-misc/curl-7.26.0 )" -DEPEND="${RDEPEND} - doc? ( app-text/ghostscript-gpl - sys-apps/groff ) - test? ( dev-libs/check ) - sys-devel/flex - virtual/yacc" -PATCHES=( - "${FILESDIR}"/cve-2017-6430.patch - "${FILESDIR}"/${P}-openssl-1.1.patch -) - -src_prepare() { - sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die - cmake-utils_src_prepare -} - -src_configure() { - local mycmakeargs=( - -DENABLE_CURSES="$(usex ncurses)" - -DENABLE_GTK="$(usex gtk)" - -DENABLE_PLUGINS="$(usex plugins)" - -DENABLE_IPV6="$(usex ipv6)" - -DENABLE_TESTS="$(usex test)" - -DENABLE_PDF_DOCS="$(usex doc)" - -DBUNDLED_LIBS=OFF - -DSYSTEM_LIBS=ON - -DINSTALL_SYSCONFDIR="${EROOT}"etc - ) - #right now we only support gtk2, but ettercap also supports gtk3 - #do we care? do we want to support both? - cmake-utils_src_configure -} diff --git a/net-analyzer/ettercap/files/cve-2017-6430.patch b/net-analyzer/ettercap/files/cve-2017-6430.patch deleted file mode 100644 index 67483dcc0249..000000000000 --- a/net-analyzer/ettercap/files/cve-2017-6430.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 4ad7f85dc01202e363659aa473c99470b3f4e1f4 Mon Sep 17 00:00:00 2001 -From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> -Date: Tue, 7 Mar 2017 22:05:31 +0100 -Subject: [PATCH] Fix issue #782 - ---- - utils/etterfilter/ef_compiler.c | 4 +++- - utils/etterfilter/ef_main.c | 10 +++++++--- - utils/etterfilter/ef_output.c | 3 +++ - 3 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/utils/etterfilter/ef_compiler.c b/utils/etterfilter/ef_compiler.c -index db876636e..ddb73bd30 100644 ---- a/utils/etterfilter/ef_compiler.c -+++ b/utils/etterfilter/ef_compiler.c -@@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop) - struct filter_op *array = NULL; - struct unfold_elm *ue; - -- BUG_IF(tree_root == NULL); -+ // invalid file -+ if (tree_root == NULL) -+ return 0; - - fprintf(stdout, " Unfolding the meta-tree "); - fflush(stdout); -diff --git a/utils/etterfilter/ef_main.c b/utils/etterfilter/ef_main.c -index ae4591344..431084b91 100644 ---- a/utils/etterfilter/ef_main.c -+++ b/utils/etterfilter/ef_main.c -@@ -39,7 +39,7 @@ struct globals *gbls; - - int main(int argc, char *argv[]) - { -- -+ int ret_value = 0; - globals_alloc(); - /* etterfilter copyright */ - fprintf(stdout, "\n" EC_COLOR_BOLD "%s %s" EC_COLOR_END " copyright %s %s\n\n", -@@ -84,8 +84,12 @@ int main(int argc, char *argv[]) - fprintf(stdout, "\n\nThe script contains errors...\n\n"); - - /* write to file */ -- if (write_output() != E_SUCCESS) -- FATAL_ERROR("Cannot write output file (%s)", GBL_OPTIONS->output_file); -+ ret_value = write_output(); -+ if (ret_value == -E_NOTHANDLED) -+ FATAL_ERROR("Cannot write output file (%s): the filter is not correctly handled.", GBL_OPTIONS->output_file); -+ else if (ret_value == -E_INVALID) -+ FATAL_ERROR("Cannot write output file (%s): the filter format is not correct. ", GBL_OPTIONS->output_file); -+ - globals_free(); - return 0; - } -diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c -index 5ae591904..fcf19f010 100644 ---- a/utils/etterfilter/ef_output.c -+++ b/utils/etterfilter/ef_output.c -@@ -51,6 +51,9 @@ int write_output(void) - if (fop == NULL) - return -E_NOTHANDLED; - -+ if (ninst == 0) -+ return -E_INVALID; -+ - /* create the file */ - fd = open(GBL_OPTIONS->output_file, O_CREAT | O_RDWR | O_TRUNC | O_BINARY, 0644); - ON_ERROR(fd, -1, "Can't create file %s", GBL_OPTIONS->output_file); diff --git a/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch b/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch deleted file mode 100644 index b7703d3ef5ca..000000000000 --- a/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch +++ /dev/null @@ -1,254 +0,0 @@ -From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001 -From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it> -Date: Mon, 27 Jun 2016 12:41:33 +0200 -Subject: [PATCH 1/2] First draft of openssl 1.1 compatibility layer (from - https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc) - Closes: #739 - ---- - src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++- - src/ec_sslwrap.c | 14 ++++++++ - 2 files changed, 106 insertions(+), 1 deletion(-) - -Index: ettercap-0.8.2/src/dissectors/ec_ssh.c -=================================================================== ---- ettercap-0.8.2.orig/src/dissectors/ec_ssh.c -+++ ettercap-0.8.2/src/dissectors/ec_ssh.c -@@ -36,6 +36,10 @@ - #include <openssl/md5.h> - #include <zlib.h> - -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) -+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ -+#endif -+ - #define SMSG_PUBLIC_KEY 2 - #define CMSG_SESSION_KEY 3 - #define CMSG_USER 4 -@@ -138,6 +142,11 @@ - char tmp[MAX_ASCII_ADDR_LEN]; - u_int32 ssh_len, ssh_mod; - u_char ssh_packet_type, *ptr, *key_to_put; -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ BIGNUM *h_n, *s_n, *m_h_n, *m_s_n; -+ BIGNUM *h_e, *s_e, *m_h_e, *m_s_e; -+ BIGNUM *h_d, *s_d, *m_h_d, *m_s_d; -+#endif - - /* don't complain about unused var */ - (void) DECODE_DATA; -@@ -383,12 +392,25 @@ - if (session_data->ptrkey == NULL) { - /* Initialize RSA key structures (other fileds are set to 0) */ - session_data->serverkey = RSA_new(); -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ s_n = BN_new(); -+ s_e = BN_new(); -+ RSA_set0_key(session_data->serverkey, s_n, s_e, s_d); -+#else - session_data->serverkey->n = BN_new(); - session_data->serverkey->e = BN_new(); -+#endif - - session_data->hostkey = RSA_new(); -+ -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ h_n = BN_new(); -+ h_e = BN_new(); -+ RSA_set0_key(session_data->hostkey, h_n, h_e, h_d); -+#else - session_data->hostkey->n = BN_new(); - session_data->hostkey->e = BN_new(); -+#endif - - /* Get the RSA Key from the packet */ - NS_GET32(server_mod,ptr); -@@ -396,19 +418,37 @@ - DEBUG_MSG("Dissector_ssh Bougs Server_Mod"); - return NULL; - } -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d); -+ get_bn(s_e, &ptr); -+ get_bn(s_n, &ptr); -+#else - get_bn(session_data->serverkey->e, &ptr); - get_bn(session_data->serverkey->n, &ptr); -+#endif - - NS_GET32(host_mod,ptr); - if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) { - DEBUG_MSG("Dissector_ssh Bougs Host_Mod"); - return NULL; - } -+ -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d); -+ get_bn(h_e, &ptr); -+ get_bn(h_n, &ptr); -+#else - get_bn(session_data->hostkey->e, &ptr); - get_bn(session_data->hostkey->n, &ptr); -+#endif - -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ server_exp = BN_get_word(s_e); -+ host_exp = BN_get_word(h_e); -+#else - server_exp = *(session_data->serverkey->e->d); - host_exp = *(session_data->hostkey->e->d); -+#endif - - /* Check if we already have a suitable RSA key to substitute */ - index_ssl = &ssh_conn_key; -@@ -424,7 +464,7 @@ - SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key)); - - /* Generate the new key */ -- (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL); -+ (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL); - (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL); - (*index_ssl)->server_mod = server_mod; - (*index_ssl)->host_mod = host_mod; -@@ -443,11 +483,25 @@ - - /* Put our RSA key in the packet */ - key_to_put+=4; -+ -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d); -+ put_bn(m_s_e, &key_to_put); -+ put_bn(m_s_n, &key_to_put); -+#else - put_bn(session_data->ptrkey->myserverkey->e, &key_to_put); - put_bn(session_data->ptrkey->myserverkey->n, &key_to_put); -+#endif - key_to_put+=4; -+ -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d); -+ put_bn(m_h_e, &key_to_put); -+ put_bn(m_h_n, &key_to_put); -+#else - put_bn(session_data->ptrkey->myhostkey->e, &key_to_put); - put_bn(session_data->ptrkey->myhostkey->n, &key_to_put); -+#endif - - /* Recalculate SSH crc */ - *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO)); -@@ -482,19 +536,34 @@ - key_to_put = ptr; - - /* Calculate real session id and our fake session id */ -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ temp_session_id = ssh_session_id(cookie, h_n, s_n); -+#else - temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n); -+#endif - if (temp_session_id) - memcpy(session_id1, temp_session_id, 16); -+ -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n); -+#else - temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n); -+#endif -+ - if (temp_session_id) - memcpy(session_id2, temp_session_id, 16); - - /* Get the session key */ - enckey = BN_new(); -+ - get_bn(enckey, &ptr); - - /* Decrypt session key */ -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ if (BN_cmp(m_s_n, m_h_n) > 0) { -+#else - if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) { -+#endif - rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey); - rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey); - } else { -@@ -534,7 +603,11 @@ - BN_add_word(bn, sesskey[i]); - } - -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ if (BN_cmp(s_n, h_n) < 0) { -+#else - if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) { -+#endif - rsa_public_encrypt(bn, bn, session_data->serverkey); - rsa_public_encrypt(bn, bn, session_data->hostkey); - } else { -@@ -716,7 +789,16 @@ - u_char *inbuf, *outbuf; - int32 len, ilen, olen; - -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ BIGNUM *n; -+ BIGNUM *e; -+ BIGNUM *d; -+ RSA_get0_key(key, &n, &e, &d); -+ olen = BN_num_bytes(n); -+#else - olen = BN_num_bytes(key->n); -+#endif -+ - outbuf = malloc(olen); - if (outbuf == NULL) /* oops, couldn't allocate memory */ - return; -@@ -744,7 +826,16 @@ - u_char *inbuf, *outbuf; - int32 len, ilen, olen; - -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ BIGNUM *n; -+ BIGNUM *e; -+ BIGNUM *d; -+ RSA_get0_key(key, &n, &e, &d); -+ olen = BN_num_bytes(n); -+#else - olen = BN_num_bytes(key->n); -+#endif -+ - outbuf = malloc(olen); - if (outbuf == NULL) /* oops, couldn't allocate memory */ - return; -Index: ettercap-0.8.2/src/ec_sslwrap.c -=================================================================== ---- ettercap-0.8.2.orig/src/ec_sslwrap.c -+++ ettercap-0.8.2/src/ec_sslwrap.c -@@ -53,6 +53,10 @@ - #define OPENSSL_NO_KRB5 1 - #include <openssl/ssl.h> - -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) -+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ -+#endif -+ - #define BREAK_ON_ERROR(x,y,z) do { \ - if (x == -E_INVALID) { \ - SAFE_FREE(z.DATA.disp_data); \ -@@ -974,9 +978,19 @@ - index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1); - if (index >=0) { - ext = X509_get_ext(server_cert, index); -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ ASN1_OCTET_STRING* os; -+ os = X509_EXTENSION_get_data (ext); -+#endif - if (ext) { -+#ifdef HAVE_OPAQUE_RSA_DSA_DH -+ os->data[7] = 0xe7; -+ os->data[8] = 0x7e; -+ X509_EXTENSION_set_data (ext, os); -+#else - ext->value->data[7] = 0xe7; - ext->value->data[8] = 0x7e; -+#endif - X509_add_ext(out_cert, ext, -1); - } - } |