-AUX cve-2017-6430.patch 2437 BLAKE2B 4267c1028467734e45f0a2b730498b6b1de86d9aca95377d7afe76d872ae05c0c9c5e600e8c35f7e0f74d00a125cbffce7f372d543e1728a83121c234ef65366 SHA512 fd3477e7ab087d2b0fdfff6ef331ca8ae4aa838ece54a84d4e597d57cf45425a4dc4be60b9caadf0af25ebe8072eea542092e400e6fe219696b0dc13ca4e205b

-AUX ettercap-0.8.2-openssl-1.1.patch 8769 BLAKE2B 6c9d7e8c60264b6ac0724891f9cbc9b2436bb943680d3e8612aee152bd360ea9f38a778175906787039041e654b49f91353f4cdc678f36753e289270c4b148b3 SHA512 0ba60719cde9648aae37499c1caa6f3e0630e31f1e819945648d778aa6359f0b3771d7673f16a81c4e7ea8efdcf84bf3fb55979d952cb767cb5334f5d154ca9d

-DIST ettercap-0.8.2.tar.gz 8082561 BLAKE2B 851df0a8700de45ce0e3427f7fdbdcd13feb2f75c0d1136563449db634b1f02276bade0d82a1a51bf8de726d6faddf05ff537e397c2e56cfc3e3181d25566fe9 SHA512 18137b1cc518c9db3c9650157a5cbf09dbb665b79876a24875d6c5125e8923ebde543464adb61cf1d1244101242f4d66b80d94ef3b36aa265cefca7646aa6415

-EBUILD ettercap-0.8.2-r2.ebuild 1779 BLAKE2B 502382e406d3c0611b6ba9387ff389ca73852f521e72b09a1ad1753413f873107ccaf2ad81dfa65d5ed56cc47d45e904d84112be03246ffd6680a509cf171946 SHA512 ed30bc84ec63f0019453195457c1ec99e196330f3d5ed57920b5cee0d1285ea681aa1742e2ca7a90d9113c048309444e756f604ca4f0f48a18816ef6cbb375e1

-# Copyright 1999-2019 Gentoo Authors

-# Distributed under the terms of the GNU General Public License v2

-

-EAPI=6

-

-inherit cmake-utils

-

-DESCRIPTION="A suite for man in the middle attacks"

-HOMEPAGE="https://github.com/Ettercap/ettercap"

-

-LICENSE="GPL-2+"

-SLOT="0"

-

-if [[ ${PV} == "9999" ]] ; then

- inherit git-r3

- EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git"

-else

- SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work

- KEYWORDS="alpha amd64 arm ppc ppc64 sparc x86"

-fi

-

-IUSE="doc gtk ipv6 libressl ncurses +plugins test"

-

-RDEPEND="dev-libs/libbsd

- dev-libs/libpcre

- !libressl? ( dev-libs/openssl:0= )

- libressl? ( dev-libs/libressl:0= )

- net-libs/libnet:1.1

- >=net-libs/libpcap-0.8.1

- sys-libs/zlib

- gtk? (

- >=dev-libs/atk-1.2.4

- >=dev-libs/glib-2.2.2:2

- media-libs/freetype

- x11-libs/cairo

- x11-libs/gdk-pixbuf:2

- >=x11-libs/gtk+-2.2.2:2

- >=x11-libs/pango-1.2.3

- )

- ncurses? ( >=sys-libs/ncurses-5.3:= )

- plugins? ( >=net-misc/curl-7.26.0 )"

-DEPEND="${RDEPEND}

- doc? ( app-text/ghostscript-gpl

- sys-apps/groff )

- test? ( dev-libs/check )

- sys-devel/flex

- virtual/yacc"

-PATCHES=(

- "${FILESDIR}"/cve-2017-6430.patch

- "${FILESDIR}"/${P}-openssl-1.1.patch

-)

-

-src_prepare() {

- sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die

- cmake-utils_src_prepare

-}

-

-src_configure() {

- local mycmakeargs=(

- -DENABLE_CURSES="$(usex ncurses)"

- -DENABLE_GTK="$(usex gtk)"

- -DENABLE_PLUGINS="$(usex plugins)"

- -DENABLE_IPV6="$(usex ipv6)"

- -DENABLE_TESTS="$(usex test)"

- -DENABLE_PDF_DOCS="$(usex doc)"

- -DBUNDLED_LIBS=OFF

- -DSYSTEM_LIBS=ON

- -DINSTALL_SYSCONFDIR="${EROOT}"etc

- )

- #right now we only support gtk2, but ettercap also supports gtk3

- #do we care? do we want to support both?

- cmake-utils_src_configure

-}

-From 4ad7f85dc01202e363659aa473c99470b3f4e1f4 Mon Sep 17 00:00:00 2001

-From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

-Date: Tue, 7 Mar 2017 22:05:31 +0100

-Subject: [PATCH] Fix issue #782

-

----

- utils/etterfilter/ef_compiler.c | 4 +++-

- utils/etterfilter/ef_main.c | 10 +++++++---

- utils/etterfilter/ef_output.c | 3 +++

- 3 files changed, 13 insertions(+), 4 deletions(-)

-

-diff --git a/utils/etterfilter/ef_compiler.c b/utils/etterfilter/ef_compiler.c

-index db876636e..ddb73bd30 100644

---- a/utils/etterfilter/ef_compiler.c

-+++ b/utils/etterfilter/ef_compiler.c

-@@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop)

- struct filter_op *array = NULL;

- struct unfold_elm *ue;

-

-- BUG_IF(tree_root == NULL);

-+ // invalid file

-+ if (tree_root == NULL)

-+ return 0;

-

- fprintf(stdout, " Unfolding the meta-tree ");

- fflush(stdout);

-diff --git a/utils/etterfilter/ef_main.c b/utils/etterfilter/ef_main.c

-index ae4591344..431084b91 100644

---- a/utils/etterfilter/ef_main.c

-+++ b/utils/etterfilter/ef_main.c

-@@ -39,7 +39,7 @@ struct globals *gbls;

-

- int main(int argc, char *argv[])

- {

--

-+ int ret_value = 0;

- globals_alloc();

- /* etterfilter copyright */

- fprintf(stdout, "\n" EC_COLOR_BOLD "%s %s" EC_COLOR_END " copyright %s %s\n\n",

-@@ -84,8 +84,12 @@ int main(int argc, char *argv[])

- fprintf(stdout, "\n\nThe script contains errors...\n\n");

-

- /* write to file */

-- if (write_output() != E_SUCCESS)

-- FATAL_ERROR("Cannot write output file (%s)", GBL_OPTIONS->output_file);

-+ ret_value = write_output();

-+ if (ret_value == -E_NOTHANDLED)

-+ FATAL_ERROR("Cannot write output file (%s): the filter is not correctly handled.", GBL_OPTIONS->output_file);

-+ else if (ret_value == -E_INVALID)

-+ FATAL_ERROR("Cannot write output file (%s): the filter format is not correct. ", GBL_OPTIONS->output_file);

-+

- globals_free();

- return 0;

- }

-diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c

-index 5ae591904..fcf19f010 100644

---- a/utils/etterfilter/ef_output.c

-+++ b/utils/etterfilter/ef_output.c

-@@ -51,6 +51,9 @@ int write_output(void)

- if (fop == NULL)

- return -E_NOTHANDLED;

-

-+ if (ninst == 0)

-+ return -E_INVALID;

-+

- /* create the file */

- fd = open(GBL_OPTIONS->output_file, O_CREAT | O_RDWR | O_TRUNC | O_BINARY, 0644);

- ON_ERROR(fd, -1, "Can't create file %s", GBL_OPTIONS->output_file);

-From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001

-From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

-Date: Mon, 27 Jun 2016 12:41:33 +0200

-Subject: [PATCH 1/2] First draft of openssl 1.1 compatibility layer (from

- https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc)

- Closes: #739

-

----

- src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++-

- src/ec_sslwrap.c | 14 ++++++++

- 2 files changed, 106 insertions(+), 1 deletion(-)

-

-Index: ettercap-0.8.2/src/dissectors/ec_ssh.c

-===================================================================

---- ettercap-0.8.2.orig/src/dissectors/ec_ssh.c

-+++ ettercap-0.8.2/src/dissectors/ec_ssh.c

-@@ -36,6 +36,10 @@

- #include <openssl/md5.h>

- #include <zlib.h>

-

-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)

-+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */

-+#endif

-+

- #define SMSG_PUBLIC_KEY 2

- #define CMSG_SESSION_KEY 3

- #define CMSG_USER 4

-@@ -138,6 +142,11 @@

- char tmp[MAX_ASCII_ADDR_LEN];

- u_int32 ssh_len, ssh_mod;

- u_char ssh_packet_type, *ptr, *key_to_put;

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ BIGNUM *h_n, *s_n, *m_h_n, *m_s_n;

-+ BIGNUM *h_e, *s_e, *m_h_e, *m_s_e;

-+ BIGNUM *h_d, *s_d, *m_h_d, *m_s_d;

-+#endif

-

- /* don't complain about unused var */

- (void) DECODE_DATA;

-@@ -383,12 +392,25 @@

- if (session_data->ptrkey == NULL) {

- /* Initialize RSA key structures (other fileds are set to 0) */

- session_data->serverkey = RSA_new();

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ s_n = BN_new();

-+ s_e = BN_new();

-+ RSA_set0_key(session_data->serverkey, s_n, s_e, s_d);

-+#else

- session_data->serverkey->n = BN_new();

- session_data->serverkey->e = BN_new();

-+#endif

-

- session_data->hostkey = RSA_new();

-+

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ h_n = BN_new();

-+ h_e = BN_new();

-+ RSA_set0_key(session_data->hostkey, h_n, h_e, h_d);

-+#else

- session_data->hostkey->n = BN_new();

- session_data->hostkey->e = BN_new();

-+#endif

-

- /* Get the RSA Key from the packet */

- NS_GET32(server_mod,ptr);

-@@ -396,19 +418,37 @@

- DEBUG_MSG("Dissector_ssh Bougs Server_Mod");

- return NULL;

- }

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d);

-+ get_bn(s_e, &ptr);

-+ get_bn(s_n, &ptr);

-+#else

- get_bn(session_data->serverkey->e, &ptr);

- get_bn(session_data->serverkey->n, &ptr);

-+#endif

-

- NS_GET32(host_mod,ptr);

- if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) {

- DEBUG_MSG("Dissector_ssh Bougs Host_Mod");

- return NULL;

- }

-+

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d);

-+ get_bn(h_e, &ptr);

-+ get_bn(h_n, &ptr);

-+#else

- get_bn(session_data->hostkey->e, &ptr);

- get_bn(session_data->hostkey->n, &ptr);

-+#endif

-

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ server_exp = BN_get_word(s_e);

-+ host_exp = BN_get_word(h_e);

-+#else

- server_exp = *(session_data->serverkey->e->d);

- host_exp = *(session_data->hostkey->e->d);

-+#endif

-

- /* Check if we already have a suitable RSA key to substitute */

- index_ssl = &ssh_conn_key;

-@@ -424,7 +464,7 @@

- SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key));

-

- /* Generate the new key */

-- (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL);

-+ (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL);

- (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL);

- (*index_ssl)->server_mod = server_mod;

- (*index_ssl)->host_mod = host_mod;

-@@ -443,11 +483,25 @@

-

- /* Put our RSA key in the packet */

- key_to_put+=4;

-+

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d);

-+ put_bn(m_s_e, &key_to_put);

-+ put_bn(m_s_n, &key_to_put);

-+#else

- put_bn(session_data->ptrkey->myserverkey->e, &key_to_put);

- put_bn(session_data->ptrkey->myserverkey->n, &key_to_put);

-+#endif

- key_to_put+=4;

-+

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d);

-+ put_bn(m_h_e, &key_to_put);

-+ put_bn(m_h_n, &key_to_put);

-+#else

- put_bn(session_data->ptrkey->myhostkey->e, &key_to_put);

- put_bn(session_data->ptrkey->myhostkey->n, &key_to_put);

-+#endif

-

- /* Recalculate SSH crc */

- *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO));

-@@ -482,19 +536,34 @@

- key_to_put = ptr;

-

- /* Calculate real session id and our fake session id */

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ temp_session_id = ssh_session_id(cookie, h_n, s_n);

-+#else

- temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n);

-+#endif

- if (temp_session_id)

- memcpy(session_id1, temp_session_id, 16);

-+

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n);

-+#else

- temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n);

-+#endif

-+

- if (temp_session_id)

- memcpy(session_id2, temp_session_id, 16);

-

- /* Get the session key */

- enckey = BN_new();

-+

- get_bn(enckey, &ptr);

-

- /* Decrypt session key */

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ if (BN_cmp(m_s_n, m_h_n) > 0) {

-+#else

- if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) {

-+#endif

- rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey);

- rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey);

- } else {

-@@ -534,7 +603,11 @@

- BN_add_word(bn, sesskey[i]);

- }

-

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ if (BN_cmp(s_n, h_n) < 0) {

-+#else

- if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) {

-+#endif

- rsa_public_encrypt(bn, bn, session_data->serverkey);

- rsa_public_encrypt(bn, bn, session_data->hostkey);

- } else {

-@@ -716,7 +789,16 @@

- u_char *inbuf, *outbuf;

- int32 len, ilen, olen;

-

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ BIGNUM *n;

-+ BIGNUM *e;

-+ BIGNUM *d;

-+ RSA_get0_key(key, &n, &e, &d);

-+ olen = BN_num_bytes(n);

-+#else

- olen = BN_num_bytes(key->n);

-+#endif

-+

- outbuf = malloc(olen);

- if (outbuf == NULL) /* oops, couldn't allocate memory */

- return;

-@@ -744,7 +826,16 @@

- u_char *inbuf, *outbuf;

- int32 len, ilen, olen;

-

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ BIGNUM *n;

-+ BIGNUM *e;

-+ BIGNUM *d;

-+ RSA_get0_key(key, &n, &e, &d);

-+ olen = BN_num_bytes(n);

-+#else

- olen = BN_num_bytes(key->n);

-+#endif

-+

- outbuf = malloc(olen);

- if (outbuf == NULL) /* oops, couldn't allocate memory */

- return;

-Index: ettercap-0.8.2/src/ec_sslwrap.c

-===================================================================

---- ettercap-0.8.2.orig/src/ec_sslwrap.c

-+++ ettercap-0.8.2/src/ec_sslwrap.c

-@@ -53,6 +53,10 @@

- #define OPENSSL_NO_KRB5 1

- #include <openssl/ssl.h>

-

-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)

-+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */

-+#endif

-+

- #define BREAK_ON_ERROR(x,y,z) do { \

- if (x == -E_INVALID) { \

- SAFE_FREE(z.DATA.disp_data); \

-@@ -974,9 +978,19 @@

- index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1);

- if (index >=0) {

- ext = X509_get_ext(server_cert, index);

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ ASN1_OCTET_STRING* os;

-+ os = X509_EXTENSION_get_data (ext);

-+#endif

- if (ext) {

-+#ifdef HAVE_OPAQUE_RSA_DSA_DH

-+ os->data[7] = 0xe7;

-+ os->data[8] = 0x7e;

-+ X509_EXTENSION_set_data (ext, os);

-+#else

- ext->value->data[7] = 0xe7;

- ext->value->data[8] = 0x7e;

-+#endif

- X509_add_ext(out_cert, ext, -1);

- }

- }