From b8cc7c7166728c7ccc0fa9ebd4d52be6bfc723db Mon Sep 17 00:00:00 2001 From: Nathan Owens Date: Tue, 3 Nov 2020 16:08:55 -0600 Subject: [PATCH] ettercap: update to 0.8.3.1 --- srcpkgs/ettercap/patches/CVE-2017-6430.patch | 57 ------ srcpkgs/ettercap/patches/CVE-2017-8366.patch | 201 ------------------- srcpkgs/ettercap/patches/libressl.patch | 31 +++ srcpkgs/ettercap/template | 9 +- 4 files changed, 36 insertions(+), 262 deletions(-) delete mode 100644 srcpkgs/ettercap/patches/CVE-2017-6430.patch delete mode 100644 srcpkgs/ettercap/patches/CVE-2017-8366.patch create mode 100644 srcpkgs/ettercap/patches/libressl.patch diff --git a/srcpkgs/ettercap/patches/CVE-2017-6430.patch b/srcpkgs/ettercap/patches/CVE-2017-6430.patch deleted file mode 100644 index bc090f594eac71..00000000000000 --- a/srcpkgs/ettercap/patches/CVE-2017-6430.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff --git a/utils/etterfilter/ef_compiler.c b/utils/etterfilter/ef_compiler.c -index db876636..ddb73bd3 100644 ---- utils/etterfilter/ef_compiler.c -+++ utils/etterfilter/ef_compiler.c -@@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop) - struct filter_op *array = NULL; - struct unfold_elm *ue; - -- BUG_IF(tree_root == NULL); -+ // invalid file -+ if (tree_root == NULL) -+ return 0; - - fprintf(stdout, " Unfolding the meta-tree "); - fflush(stdout); -diff --git a/utils/etterfilter/ef_main.c b/utils/etterfilter/ef_main.c -index ae459134..431084b9 100644 ---- utils/etterfilter/ef_main.c -+++ utils/etterfilter/ef_main.c -@@ -39,7 +39,7 @@ struct globals *gbls; - - int main(int argc, char *argv[]) - { -- -+ int ret_value = 0; - globals_alloc(); - /* etterfilter copyright */ - fprintf(stdout, "\n" EC_COLOR_BOLD "%s %s" EC_COLOR_END " copyright %s %s\n\n", -@@ -84,8 +84,12 @@ int main(int argc, char *argv[]) - fprintf(stdout, "\n\nThe script contains errors...\n\n"); - - /* write to file */ -- if (write_output() != E_SUCCESS) -- FATAL_ERROR("Cannot write output file (%s)", GBL_OPTIONS->output_file); -+ ret_value = write_output(); -+ if (ret_value == -E_NOTHANDLED) -+ FATAL_ERROR("Cannot write output file (%s): the filter is not correctly handled.", GBL_OPTIONS->output_file); -+ else if (ret_value == -E_INVALID) -+ FATAL_ERROR("Cannot write output file (%s): the filter format is not correct. ", GBL_OPTIONS->output_file); -+ - globals_free(); - return 0; - } -diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c -index 5ae59190..fcf19f01 100644 ---- utils/etterfilter/ef_output.c -+++ utils/etterfilter/ef_output.c -@@ -51,6 +51,9 @@ int write_output(void) - if (fop == NULL) - return -E_NOTHANDLED; - -+ if (ninst == 0) -+ return -E_INVALID; -+ - /* create the file */ - fd = open(GBL_OPTIONS->output_file, O_CREAT | O_RDWR | O_TRUNC | O_BINARY, 0644); - ON_ERROR(fd, -1, "Can't create file %s", GBL_OPTIONS->output_file); diff --git a/srcpkgs/ettercap/patches/CVE-2017-8366.patch b/srcpkgs/ettercap/patches/CVE-2017-8366.patch deleted file mode 100644 index 4ffa09bc76863e..00000000000000 --- a/srcpkgs/ettercap/patches/CVE-2017-8366.patch +++ /dev/null @@ -1,201 +0,0 @@ -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 90050590..8f7c7c36 100644 ---- CMakeLists.txt -+++ CMakeLists.txt -@@ -126,7 +126,27 @@ if(NOT DISABLE_RPATH) - set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) - set(CMAKE_MACOSX_RPATH 1) - endif(NOT DISABLE_RPATH) -+ -+# set general build flags for debug build-type - set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE) -+# append ASAN build flags if compiler version has support -+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") -+ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) -+ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) -+ message("Building with ASAN support (GNU compiler)") -+ else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) -+ message("Building without ASAN support (GNU compiler)") -+ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) -+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang") -+ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) -+ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) -+ message("Building with ASAN support (Clang compiler)") -+ elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) -+ message("Building without ASAN support (Clang compiler)") -+ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) -+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") -+ -+# set build flags for release build-type - set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE) - - if(OS_DARWIN) -diff --git a/include/ec_strings.h b/include/ec_strings.h -index f791739d..9ad245ef 100644 ---- include/ec_strings.h -+++ include/ec_strings.h -@@ -43,7 +43,7 @@ - - EC_API_EXTERN int match_pattern(const char *s, const char *pattern); - EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded); --EC_API_EXTERN int strescape(char *dst, char *src); -+EC_API_EXTERN int strescape(char *dst, char *src, size_t len); - EC_API_EXTERN int str_replace(char **text, const char *s, const char *d); - EC_API_EXTERN size_t strlen_utf8(const char *s); - EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr); -diff --git a/src/ec_encryption.c b/src/ec_encryption.c -index 6c02529c..3d505603 100644 ---- src/ec_encryption.c -+++ src/ec_encryption.c -@@ -218,7 +218,7 @@ int set_wep_key(char *string) - - if (type == 's') { - /* escape the string and check its length */ -- if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len) -+ if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len) - SEMIFATAL_ERROR("Specified WEP key length does not match the given string"); - } else if (type == 'p') { - /* create the key from the passphrase */ -diff --git a/src/ec_strings.c b/src/ec_strings.c -index 53583851..21b71926 100644 ---- src/ec_strings.c -+++ src/ec_strings.c -@@ -167,13 +167,14 @@ static int hextoint(int c) - /* - * convert the escaped string into a binary one - */ --int strescape(char *dst, char *src) -+int strescape(char *dst, char *src, size_t len) - { - char *olddst = dst; -+ char *oldsrc = src; - int c; - int val; - -- while ((c = *src++) != '\0') { -+ while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) { - if (c == '\\') { - switch ((c = *src++)) { - case '\0': -@@ -218,9 +219,11 @@ int strescape(char *dst, char *src) - if (c >= '0' && c <= '7') - val = (val << 3) | (c - '0'); - else -- --src; -+ if (src > oldsrc) /* protect against buffer underflow */ -+ --src; - } else -- --src; -+ if (src > oldsrc) /* protect against buffer underflow */ -+ --src; - *dst++ = (char) val; - break; - -@@ -232,15 +235,17 @@ int strescape(char *dst, char *src) - c = hextoint(*src++); - if (c >= 0) - val = (val << 4) + c; -- else -- --src; -- } else -- --src; -+ else if (src > oldsrc) /* protect against buffer underflow */ -+ --src; -+ } else if (src > oldsrc) /* protect against buffer underflow */ -+ --src; - *dst++ = (char) val; - break; - } -- } else if (c == 8 || c == 263) /* the backspace */ -- dst--; -+ } else if (c == 8 || c == 263) { /* the backspace */ -+ if (dst > oldsrc) /* protect against buffer underflow */ -+ dst--; -+ } - else - *dst++ = (char) c; - } -diff --git a/src/interfaces/curses/ec_curses_view_connections.c b/src/interfaces/curses/ec_curses_view_connections.c -index fb52331c..011c0edf 100644 ---- src/interfaces/curses/ec_curses_view_connections.c -+++ src/interfaces/curses/ec_curses_view_connections.c -@@ -614,7 +614,7 @@ static void inject_user(void) - size_t len; - - /* escape the sequnces in the buffer */ -- len = strescape((char*)injectbuf, (char*)injectbuf); -+ len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1); - - /* check where to inject */ - if (wdg_c1->flags & WDG_OBJ_FOCUSED) { -diff --git a/src/interfaces/gtk/ec_gtk_view_connections.c b/src/interfaces/gtk/ec_gtk_view_connections.c -index fa7dfdc5..b55e1755 100644 ---- src/interfaces/gtk/ec_gtk_view_connections.c -+++ src/interfaces/gtk/ec_gtk_view_connections.c -@@ -1627,7 +1627,7 @@ static void gtkui_inject_user(int side) - size_t len; - - /* escape the sequnces in the buffer */ -- len = strescape(injectbuf, injectbuf); -+ len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1); - - /* check where to inject */ - if (side == 1 || side == 2) { -diff --git a/utils/etterfilter/ef_encode.c b/utils/etterfilter/ef_encode.c -index d4b9110c..7e359e06 100644 ---- utils/etterfilter/ef_encode.c -+++ utils/etterfilter/ef_encode.c -@@ -136,7 +136,8 @@ int encode_const(char *string, struct filter_op *fop) - fop->op.test.string = (u_char*)strdup(string + 1); - - /* escape it in the structure */ -- fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string); -+ fop->op.test.slen = strescape((char*)fop->op.test.string, -+ (char*)fop->op.test.string, strlen(fop->op.test.string)+1); - - return E_SUCCESS; - -@@ -184,7 +185,8 @@ int encode_function(char *string, struct filter_op *fop) - fop->opcode = FOP_FUNC; - fop->op.func.op = FFUNC_SEARCH; - fop->op.func.string = (u_char*)strdup(dec_args[1]); -- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); -+ fop->op.func.slen = strescape((char*)fop->op.func.string, -+ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); - ret = E_SUCCESS; - } else - SCRIPT_ERROR("Unknown offset %s ", dec_args[0]); -@@ -202,7 +204,8 @@ int encode_function(char *string, struct filter_op *fop) - fop->opcode = FOP_FUNC; - fop->op.func.op = FFUNC_REGEX; - fop->op.func.string = (u_char*)strdup(dec_args[1]); -- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); -+ fop->op.func.slen = strescape((char*)fop->op.func.string, -+ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); - ret = E_SUCCESS; - } else - SCRIPT_ERROR("Unknown offset %s ", dec_args[0]); -@@ -272,9 +275,11 @@ int encode_function(char *string, struct filter_op *fop) - /* replace always operate at DATA level */ - fop->op.func.level = 5; - fop->op.func.string = (u_char*)strdup(dec_args[0]); -- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); -+ fop->op.func.slen = strescape((char*)fop->op.func.string, -+ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); - fop->op.func.replace = (u_char*)strdup(dec_args[1]); -- fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace); -+ fop->op.func.rlen = strescape((char*)fop->op.func.replace, -+ (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1); - ret = E_SUCCESS; - } else - SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name); -@@ -328,7 +333,8 @@ int encode_function(char *string, struct filter_op *fop) - if (nargs == 1) { - fop->op.func.op = FFUNC_MSG; - fop->op.func.string = (u_char*)strdup(dec_args[0]); -- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); -+ fop->op.func.slen = strescape((char*)fop->op.func.string, -+ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); - ret = E_SUCCESS; - } else - SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name); diff --git a/srcpkgs/ettercap/patches/libressl.patch b/srcpkgs/ettercap/patches/libressl.patch new file mode 100644 index 00000000000000..15e0d3c1c9e737 --- /dev/null +++ b/srcpkgs/ettercap/patches/libressl.patch @@ -0,0 +1,31 @@ +From b2f7634c9dbc0ef68640f0571787d92300e9f9f9 Mon Sep 17 00:00:00 2001 +From: Stefan Strogin +Date: Sat, 15 Aug 2020 07:18:31 +0300 +Subject: [PATCH] ec_sslwrap: fix compilation with LibreSSL + +Disable taking over SNI extension from ClientHello and SSL configuration +operations until LibreSSL supports the required API. + +Fixes: https://github.com/Ettercap/ettercap/issues/1068 +--- + src/ec_sslwrap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git src/ec_sslwrap.c src/ec_sslwrap.c +index b9f26a142..1e4c24fc1 100644 +--- src/ec_sslwrap.c ++++ src/ec_sslwrap.c +@@ -71,11 +71,11 @@ + #define TLS_server_method SSLv23_server_method + #endif + +-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) + #define HAVE_OPENSSL_1_1_0 + #endif + +-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) ++#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) + #define HAVE_OPENSSL_1_1_1 + #endif + diff --git a/srcpkgs/ettercap/template b/srcpkgs/ettercap/template index 772c073b6d267f..0a096f4ad57790 100644 --- a/srcpkgs/ettercap/template +++ b/srcpkgs/ettercap/template @@ -1,18 +1,19 @@ # Template file for 'ettercap' pkgname=ettercap -version=0.8.2 -revision=14 +version=0.8.3.1 +revision=1 build_style=cmake configure_args="-DENABLE_GTK=OFF" hostmakedepends="flex" -makedepends="ncurses-devel libressl-devel libcurl-devel libltdl-devel libnet-devel libpcap-devel pcre-devel" +makedepends="geoip-devel ncurses-devel libressl-devel libcurl-devel + libltdl-devel libnet-devel libpcap-devel pcre-devel" conf_files="/etc/${pkgname}/etter.conf" short_desc="Network sniffer/interceptor/logger for ethernet LANs" maintainer="Orphaned " license="GPL-2.0-only" homepage="http://ettercap.github.com/ettercap/" distfiles="https://github.com/Ettercap/ettercap/archive/v${version}.tar.gz" -checksum=f38514f35bea58bfe6ef1902bfd4761de0379942a9aa3e175fc9348f4eef2c81 +checksum=d0c3ef88dfc284b61d3d5b64d946c1160fd04276b448519c1ae4438a9cdffaf3 lib32disabled=yes CFLAGS="-fcommon"